From 84045fd74b7c0373f0af43e26ad1b557868c9bf8 Mon Sep 17 00:00:00 2001 From: Ben Chaimberg Date: Thu, 13 May 2021 11:39:28 -0700 Subject: [PATCH] expose underlying principal from PrincipalWithConditions --- packages/@aws-cdk/aws-iam/lib/principals.ts | 5 ++++- packages/@aws-cdk/aws-lambda/lib/function-base.ts | 2 +- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/packages/@aws-cdk/aws-iam/lib/principals.ts b/packages/@aws-cdk/aws-iam/lib/principals.ts index 02bde4cfb4cd2..83f1c666f0ab3 100644 --- a/packages/@aws-cdk/aws-iam/lib/principals.ts +++ b/packages/@aws-cdk/aws-iam/lib/principals.ts @@ -154,8 +154,11 @@ export class PrincipalWithConditions implements IPrincipal { public readonly assumeRoleAction: string = this.principal.assumeRoleAction; private additionalConditions: Conditions; + /** + * @param principal The underlying principal to which conditions will be attached. + */ constructor( - private readonly principal: IPrincipal, + public readonly principal: IPrincipal, conditions: Conditions, ) { this.additionalConditions = conditions; diff --git a/packages/@aws-cdk/aws-lambda/lib/function-base.ts b/packages/@aws-cdk/aws-lambda/lib/function-base.ts index 4912360f59e0b..780fcfa22ed2a 100644 --- a/packages/@aws-cdk/aws-lambda/lib/function-base.ts +++ b/packages/@aws-cdk/aws-lambda/lib/function-base.ts @@ -424,7 +424,7 @@ export abstract class FunctionBase extends Resource implements IFunction, ec2.IC if (conditionOperatorsAreSupported && conditionKeysAreSupported) { sourceAccount = conditions.ArnEquals['aws:SourceAccount']; sourceArn = conditions.ArnEquals['aws:SourceArn']; - principal = principal.principal; + principal = (principal as iam.PrincipalWithConditions).principal; } else { throw new Error(`PrincipalWithConditions had unsupported conditions for Lambda permission statement: ${conditions}. ` + 'Supported operators: [ArnEquals]; supported conditions: [aws:SourceArn, aws:SourceAccount]');