refactor(iam): cleanup of IAM library #2823

rix0rrr · 2019-06-11T14:45:38Z

Various changes.

Move PolicyStatement to its own file.
Remove postProcess from Token interface, move opting into it into IResolvable.resolve(), so it can be hidden from the PolicyDocument public interface.
Introduce PolicyStatement.fromAttributes({ ... }) as an alternative to the fluent interface chaining of old PolicyStatement.

Plus all the breaking changes below:

BREAKING CHANGE:

iam: PolicyStatement no longer has a fluid API, and accepts a
props object to be able to set the important fields.
iam: rename ImportedResourcePrincipal to UnknownPrincipal.
iam: managedPolicyArns renamed to managedPolicies, takes
return value from ManagedPolicy.fromAwsManagedPolicyName().
iam: PolicyDocument.postProcess() is now removed.
iam: PolicyDocument.addStatement() renamed to addStatements.
iam: PolicyStatement is no longer IResolvable
iam: AwsPrincipal has been removed, use ArnPrincipal instead.

Pull Request Checklist

Testing
- Unit test added (prefer not to modify an existing test, otherwise, it's probably a breaking change)
- CLI change?: coordinate update of integration tests with team
- cdk-init template change?: coordinated update of integration tests with team
Docs
- jsdocs: All public APIs documented
- README: README and/or documentation topic updated
- Design: For significant features, design document added to design folder
Title and Description
- Change type: title prefixed with fix, feat and module name in parens, which will appear in changelog
- Title: use lower-case and doesn't end with a period
- Breaking?: last paragraph: "BREAKING CHANGE: <describe what changed + link for details>"
- Issues: Indicate issues fixed via: "Fixes #xxx" or "Closes #xxx"
Sensitive Modules (requires 2 PR approvers)
- IAM Policy Document (in @aws-cdk/aws-iam)
- EC2 Security Groups and ACLs (in @aws-cdk/aws-ec2)
- Grant APIs (only if not based on official documentation with a reference)

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license.

Various changes. BREAKING CHANGE: * **iam**: rename `ImportedResourcePrincipal` to `UnknownPrincipal`. * **iam**: `managedPolicyArns` renamed to `managedPolicies`, takes return value from `ManagedPolicy.fromAwsManagedPolicyName()`.

Remove `postProcess` from Token interface, move opting into it into `IResolvable.resolve()`, so it can be hidden from the `PolicyDocument` public interface. Make addStatements() variadic.

PolicyStatement is no longer IResolvable (doesn't need to be) Remove AwsPrincipal, which was always an alias for ArnPrincipal which is much clearer. Introduce `PolicyStatement.fromAttributes({ ... })` as an alternative to the fluent interface chaining of old `PolicyStatement`.

eladb · 2019-06-11T14:51:16Z

packages/@aws-cdk/aws-iam/lib/policy-statement.ts

+/**
+ * Represents a statement in an IAM policy document.
+ */
+export class PolicyStatement implements IPolicyStatement {


Should we make a linter rule to enforce the usage of IPolicyStatement everywhere?

eladb · 2019-06-11T14:53:01Z

packages/@aws-cdk/aws-iam/lib/policy.ts

    }
  }

  /**
   * Adds a statement to the policy document.
   */
-  public addStatement(statement: PolicyStatement) {
-    this.document.addStatement(statement);


IPolicyStatement?

RomainMuller · 2019-06-12T07:26:59Z

packages/@aws-cdk/cdk/lib/private/resolve.ts

@@ -36,12 +36,18 @@ export function resolve(obj: any, options: IResolveOptions): any {
  /**
   * Make a new resolution context
   */
-  function makeContext(appendPath?: string): IResolveContext {
+  function makeContext(appendPath?: string): [IResolveContext, IPostProcessor] {


Can we avoid returning a tuple, and instead return some interface? The proliferation of [0] pains me...

It's private though.

I still have to read all those [0] :)

rix0rrr added 3 commits June 11, 2019 15:49

refactor(iam): cleanup of IAM library

4e43f05

Various changes. BREAKING CHANGE: * **iam**: rename `ImportedResourcePrincipal` to `UnknownPrincipal`. * **iam**: `managedPolicyArns` renamed to `managedPolicies`, takes return value from `ManagedPolicy.fromAwsManagedPolicyName()`.

Move PolicyStatement to its own file.

9e21e6e

Remove `postProcess` from Token interface, move opting into it into `IResolvable.resolve()`, so it can be hidden from the `PolicyDocument` public interface. Make addStatements() variadic.

rix0rrr requested review from RomainMuller, skinny85 and a team as code owners June 11, 2019 14:45

eladb approved these changes Jun 11, 2019

View reviewed changes

RomainMuller reviewed Jun 12, 2019

View reviewed changes

Updating all the call sites

5d9ba0f

rix0rrr force-pushed the huijbers/iam-cleanups branch from 0036e3f to 5d9ba0f Compare June 13, 2019 17:39

rix0rrr requested a review from SoManyHs as a code owner June 13, 2019 17:39

rix0rrr added 11 commits June 13, 2019 20:19

Merge remote-tracking branch 'origin/master' into huijbers/iam-cleanups

6c25140

Test fixx0r4g3

83b7493

Fixes

f1fa730

yaya

d7c0ae1

Merge remote-tracking branch 'origin/master' into huijbers/iam-cleanups

d62fc2e

Reduce coverage requirements

c3bbf12

Update tests

604909a

Update sagemaker

213ceea

More tests

703a98c

Merge remote-tracking branch 'origin/master' into huijbers/iam-cleanups

7d870cc

Fixup new changes on master

bf9acf0

rix0rrr merged commit b735d1c into master Jun 17, 2019

rix0rrr deleted the huijbers/iam-cleanups branch June 17, 2019 12:27

NGL321 added the contribution/core This is a PR that came from AWS. label Sep 27, 2019

This was referenced Jan 20, 2020

[Snyk] Upgrade @aws-cdk/aws-route53 from 0.22.0 to 0.39.0 MechanicalRock/tech-radar#20

Closed

[Snyk] Upgrade @aws-cdk/aws-s3 from 0.22.0 to 0.39.0 MechanicalRock/tech-radar#21

Closed

NOUIY mentioned this pull request Oct 2, 2024

[Snyk] Upgrade @aws-cdk/aws-apigateway from 0.0.0 to 0.39.0 NOUIY/aws-solutions-constructs#132

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

refactor(iam): cleanup of IAM library #2823

refactor(iam): cleanup of IAM library #2823

rix0rrr commented Jun 11, 2019 •

edited

Loading

eladb Jun 11, 2019

eladb Jun 11, 2019

RomainMuller Jun 12, 2019

rix0rrr Jun 12, 2019

RomainMuller Jun 20, 2019

refactor(iam): cleanup of IAM library #2823

refactor(iam): cleanup of IAM library #2823

Conversation

rix0rrr commented Jun 11, 2019 • edited Loading

Pull Request Checklist

eladb Jun 11, 2019

Choose a reason for hiding this comment

eladb Jun 11, 2019

Choose a reason for hiding this comment

RomainMuller Jun 12, 2019

Choose a reason for hiding this comment

rix0rrr Jun 12, 2019

Choose a reason for hiding this comment

RomainMuller Jun 20, 2019

Choose a reason for hiding this comment

rix0rrr commented Jun 11, 2019 •

edited

Loading