Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(sqs): remove 'Batch' permissions #2806

Merged
merged 1 commit into from
Jun 11, 2019
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,6 @@
{
"Action": [
"sqs:SendMessage",
"sqs:SendMessageBatch",
"sqs:GetQueueAttributes",
"sqs:GetQueueUrl"
],
Expand Down Expand Up @@ -75,4 +74,4 @@
}
}
}
}
}
3 changes: 0 additions & 3 deletions packages/@aws-cdk/aws-events-targets/test/sqs/sqs.test.ts
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,6 @@ test('sns topic as an event rule target', () => {
{
Action: [
"sqs:SendMessage",
"sqs:SendMessageBatch",
"sqs:GetQueueAttributes",
"sqs:GetQueueUrl"
],
Expand Down Expand Up @@ -86,7 +85,6 @@ test('multiple uses of a queue as a target results in multi policy statement bec
{
Action: [
"sqs:SendMessage",
"sqs:SendMessageBatch",
"sqs:GetQueueAttributes",
"sqs:GetQueueUrl"
],
Expand All @@ -112,7 +110,6 @@ test('multiple uses of a queue as a target results in multi policy statement bec
{
Action: [
"sqs:SendMessage",
"sqs:SendMessageBatch",
"sqs:GetQueueAttributes",
"sqs:GetQueueUrl"
],
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -50,10 +50,8 @@
"Action": [
"sqs:ReceiveMessage",
"sqs:ChangeMessageVisibility",
"sqs:ChangeMessageVisibilityBatch",
"sqs:GetQueueUrl",
"sqs:DeleteMessage",
"sqs:DeleteMessageBatch",
"sqs:GetQueueAttributes"
],
"Effect": "Allow",
Expand Down
2 changes: 0 additions & 2 deletions packages/@aws-cdk/aws-lambda-event-sources/test/test.sqs.ts
Original file line number Diff line number Diff line change
Expand Up @@ -25,10 +25,8 @@ export = {
"Action": [
"sqs:ReceiveMessage",
"sqs:ChangeMessageVisibility",
"sqs:ChangeMessageVisibilityBatch",
"sqs:GetQueueUrl",
"sqs:DeleteMessage",
"sqs:DeleteMessageBatch",
"sqs:GetQueueAttributes"
],
"Effect": "Allow",
Expand Down
1 change: 0 additions & 1 deletion packages/@aws-cdk/aws-s3-notifications/test/queue.test.ts
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,6 @@ test('queues can be used as destinations', () => {
{
Action: [
"sqs:SendMessage",
"sqs:SendMessageBatch",
"sqs:GetQueueAttributes",
"sqs:GetQueueUrl"
],
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -61,7 +61,6 @@
{
"Action": [
"sqs:SendMessage",
"sqs:SendMessageBatch",
"sqs:GetQueueAttributes",
"sqs:GetQueueUrl"
],
Expand Down Expand Up @@ -99,7 +98,6 @@
{
"Action": [
"sqs:SendMessage",
"sqs:SendMessageBatch",
"sqs:GetQueueAttributes",
"sqs:GetQueueUrl"
],
Expand Down Expand Up @@ -390,7 +388,6 @@
{
"Action": [
"sqs:SendMessage",
"sqs:SendMessageBatch",
"sqs:GetQueueAttributes",
"sqs:GetQueueUrl"
],
Expand Down Expand Up @@ -436,4 +433,4 @@
}
}
}
}
}
9 changes: 0 additions & 9 deletions packages/@aws-cdk/aws-sqs/lib/queue-base.ts
Original file line number Diff line number Diff line change
Expand Up @@ -42,10 +42,8 @@ export interface IQueue extends IResource {
* This will grant the following permissions:
*
* - sqs:ChangeMessageVisibility
* - sqs:ChangeMessageVisibilityBatch
* - sqs:DeleteMessage
* - sqs:ReceiveMessage
* - sqs:DeleteMessageBatch
* - sqs:GetQueueAttributes
* - sqs:GetQueueUrl
*
Expand All @@ -59,7 +57,6 @@ export interface IQueue extends IResource {
* This will grant the following permissions:
*
* - sqs:SendMessage
* - sqs:SendMessageBatch
* - sqs:GetQueueAttributes
* - sqs:GetQueueUrl
*
Expand Down Expand Up @@ -147,10 +144,8 @@ export abstract class QueueBase extends Resource implements IQueue {
* This will grant the following permissions:
*
* - sqs:ChangeMessageVisibility
* - sqs:ChangeMessageVisibilityBatch
* - sqs:DeleteMessage
* - sqs:ReceiveMessage
* - sqs:DeleteMessageBatch
* - sqs:GetQueueAttributes
* - sqs:GetQueueUrl
*
Expand All @@ -160,10 +155,8 @@ export abstract class QueueBase extends Resource implements IQueue {
const ret = this.grant(grantee,
'sqs:ReceiveMessage',
'sqs:ChangeMessageVisibility',
'sqs:ChangeMessageVisibilityBatch',
'sqs:GetQueueUrl',
'sqs:DeleteMessage',
'sqs:DeleteMessageBatch',
'sqs:GetQueueAttributes');

if (this.encryptionMasterKey) {
Expand All @@ -179,7 +172,6 @@ export abstract class QueueBase extends Resource implements IQueue {
* This will grant the following permissions:
*
* - sqs:SendMessage
* - sqs:SendMessageBatch
* - sqs:GetQueueAttributes
* - sqs:GetQueueUrl
*
Expand All @@ -188,7 +180,6 @@ export abstract class QueueBase extends Resource implements IQueue {
public grantSendMessages(grantee: iam.IGrantable) {
const ret = this.grant(grantee,
'sqs:SendMessage',
'sqs:SendMessageBatch',
'sqs:GetQueueAttributes',
'sqs:GetQueueUrl');

Expand Down
4 changes: 0 additions & 4 deletions packages/@aws-cdk/aws-sqs/test/test.sqs.ts
Original file line number Diff line number Diff line change
Expand Up @@ -112,10 +112,8 @@ export = {
testGrant((q, p) => q.grantConsumeMessages(p),
'sqs:ReceiveMessage',
'sqs:ChangeMessageVisibility',
'sqs:ChangeMessageVisibilityBatch',
'sqs:GetQueueUrl',
'sqs:DeleteMessage',
'sqs:DeleteMessageBatch',
'sqs:GetQueueAttributes',
);
test.done();
Expand All @@ -124,7 +122,6 @@ export = {
'grantSendMessages'(test: Test) {
testGrant((q, p) => q.grantSendMessages(p),
'sqs:SendMessage',
'sqs:SendMessageBatch',
'sqs:GetQueueAttributes',
'sqs:GetQueueUrl',
);
Expand Down Expand Up @@ -250,7 +247,6 @@ export = {
{
"Action": [
"sqs:SendMessage",
"sqs:SendMessageBatch",
"sqs:GetQueueAttributes",
"sqs:GetQueueUrl"
],
Expand Down