Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(iam): fix managed policies for User #3221

Merged
merged 1 commit into from
Jul 6, 2019
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions allowed-breaking-changes.txt
Original file line number Diff line number Diff line change
Expand Up @@ -8,3 +8,5 @@ removed:@aws-cdk/aws-elasticloadbalancingv2.ApplicationLoadBalancer.metricIPv6Pr
removed:@aws-cdk/aws-elasticloadbalancingv2.ApplicationLoadBalancer.metricIPv6RequestCount
removed:@aws-cdk/aws-elasticloadbalancingv2.ApplicationTargetGroup.metricIPv6RequestCount
removed:@aws-cdk/core.Fn.getAZs
removed:@aws-cdk/aws-iam.UserProps.managedPolicyArns
removed:@aws-cdk/aws-iam.GroupProps.managedPolicyArns
8 changes: 5 additions & 3 deletions packages/@aws-cdk/aws-iam/lib/group.ts
Original file line number Diff line number Diff line change
Expand Up @@ -40,11 +40,13 @@ export interface GroupProps {
readonly groupName?: string;

/**
* A list of ARNs for managed policies associated with group.
* A list managed policies associated with this role.
*
* You can add managed policies later using `attachManagedPolicy(policy)`.
*
* @default - No managed policies.
*/
readonly managedPolicyArns?: any[];
readonly managedPolicies?: IManagedPolicy[];

/**
* The path to the group. For more information about paths, see [IAM
Expand Down Expand Up @@ -130,7 +132,7 @@ export class Group extends GroupBase {
physicalName: props.groupName,
});

this.managedPolicies.push(...props.managedPolicyArns || []);
this.managedPolicies.push(...props.managedPolicies || []);

const group = new CfnGroup(this, 'Resource', {
groupName: this.physicalName,
Expand Down
3 changes: 2 additions & 1 deletion packages/@aws-cdk/aws-iam/lib/role.ts
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,8 @@ export interface RoleProps {
readonly externalId?: string;

/**
* A list of ARNs for managed policies associated with this role.
* A list of managed policies associated with this role.
*
* You can add managed policies later using `attachManagedPolicy(arn)`.
*
* @default - No managed policies.
Expand Down
9 changes: 6 additions & 3 deletions packages/@aws-cdk/aws-iam/lib/user.ts
Original file line number Diff line number Diff line change
Expand Up @@ -24,12 +24,13 @@ export interface UserProps {
readonly groups?: IGroup[];

/**
* A list of ARNs for managed policies attacherd to this user.
* You can use `addManagedPolicy(arn)` to attach a managed policy to this user.
* A list managed policies associated with this role.
*
* You can add managed policies later using `attachManagedPolicy(policy)`.
*
* @default - No managed policies.
*/
readonly managedPolicyArns?: any[];
readonly managedPolicies?: IManagedPolicy[];

/**
* The path for the user name. For more information about paths, see IAM
Expand Down Expand Up @@ -108,6 +109,8 @@ export class User extends Resource implements IIdentity {
physicalName: props.userName,
});

this.managedPolicies.push(...props.managedPolicies || []);

const user = new CfnUser(this, 'Resource', {
userName: this.physicalName,
groups: undefinedIfEmpty(() => this.groups),
Expand Down
23 changes: 21 additions & 2 deletions packages/@aws-cdk/aws-iam/test/test.group.ts
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
import { expect } from '@aws-cdk/assert';
import { expect, haveResource } from '@aws-cdk/assert';
import { App, Stack } from '@aws-cdk/core';
import { Test } from 'nodeunit';
import { Group, User } from '../lib';
import { Group, ManagedPolicy, User } from '../lib';

export = {
'default group'(test: Test) {
Expand Down Expand Up @@ -35,4 +35,23 @@ export = {
Properties: { Groups: [ { Ref: 'MyGroupCBA54B1B' } ] } } } });
test.done();
},

'create with managed policy'(test: Test) {
// GIVEN
const stack = new Stack();

// WHEN
new Group(stack, 'MyGroup', {
managedPolicies: [ManagedPolicy.fromAwsManagedPolicyName('asdf')]
});

// THEN
expect(stack).to(haveResource('AWS::IAM::Group', {
ManagedPolicyArns: [
{ "Fn::Join": [ "", [ "arn:", { Ref: "AWS::Partition" }, ":iam::aws:policy/asdf" ] ] }
]
}));

test.done();
}
};
3 changes: 2 additions & 1 deletion packages/@aws-cdk/aws-iam/test/test.role.ts
Original file line number Diff line number Diff line change
Expand Up @@ -288,5 +288,6 @@ export = {
Roles: [ "MyRole" ]
}));
test.done();
}
},

};
24 changes: 22 additions & 2 deletions packages/@aws-cdk/aws-iam/test/test.user.ts
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
import { expect } from '@aws-cdk/assert';
import { expect, haveResource } from '@aws-cdk/assert';
import { App, SecretValue, Stack } from '@aws-cdk/core';
import { Test } from 'nodeunit';
import { User } from '../lib';
import { ManagedPolicy, User } from '../lib';

export = {
'default user'(test: Test) {
Expand Down Expand Up @@ -32,6 +32,26 @@ export = {
const app = new App();
const stack = new Stack(app, 'MyStack');
test.throws(() => new User(stack, 'MyUser', { passwordResetRequired: true }));
test.done();
},

'create with managed policy'(test: Test) {
// GIVEN
const app = new App();
const stack = new Stack(app, 'MyStack');

// WHEN
new User(stack, 'MyUser', {
managedPolicies: [ManagedPolicy.fromAwsManagedPolicyName('asdf')]
});

// THEN
expect(stack).to(haveResource('AWS::IAM::User', {
ManagedPolicyArns: [
{ "Fn::Join": [ "", [ "arn:", { Ref: "AWS::Partition" }, ":iam::aws:policy/asdf" ] ] }
]
}));

test.done();
}
};