Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(iam): cannot grant lambda:InvokeFunction on ManagedPolicy or Policy via grantInvoke() method #32984

Open
wants to merge 11 commits into
base: main
Choose a base branch
from
Open

fix(iam): cannot grant lambda:InvokeFunction on ManagedPolicy or Policy via grantInvoke() method #32984

wants to merge 11 commits into from

Conversation

Tietew
Copy link
Contributor

@Tietew Tietew commented Jan 17, 2025

Issue # (if applicable)

Closes #32980.

Reason for this change

lambda.Function.grantInvoke() throws an error when a ManagedPolicy or a Policy is passed.
It should add a policy statement to grant lambda:InvokeFunction on the policy document.

Description of changes

Implement IPrincipal directly on ManagedPolicy and Policy like Group.
policyFragment returns a dummy policy fragment and
PolicyStatment throws an error when a ManagedPolicy or a Policy is specified as principal or notPrincipal.

Describe any new or updated permissions being added

N/A

Description of how you validated changes

Updated unit tests and integ tests to confirm grantInvoke() works.

Checklist

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

@aws-cdk-automation aws-cdk-automation requested a review from a team January 17, 2025 08:51
@github-actions github-actions bot added admired-contributor [Pilot] contributed between 13-24 PRs to the CDK bug This issue is a bug. p2 labels Jan 17, 2025
@codecov Codecov
Copy link

codecov bot commented Jan 17, 2025
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 82.20%. Comparing base (5eeee75) to head (cee08ae).

Additional details and impacted files 
@@           Coverage Diff           @@
##             main   #32984   +/-   ##
=======================================
  Coverage   82.20%   82.20%           
=======================================
  Files         119      119           
  Lines        6862     6862           
  Branches     1158     1158           
=======================================
  Hits         5641     5641           
  Misses       1118     1118           
  Partials      103      103
Flag Coverage Δ
suite.unit 82.20% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

Components Coverage Δ
packages/aws-cdk ∅ <ø> (∅)
packages/aws-cdk-lib/core 82.20% <ø> (ø)

@aws-cdk-automation aws-cdk-automation added the pr/needs-community-review This PR needs a review from a Trusted Community Member or Core Team Member. label Jan 17, 2025
@github-actions github-actions bot mentioned this pull request Feb 1, 2025
Closed
@aws-cdk-automation
Copy link
Collaborator

This PR cannot be merged because it has conflicts. Please resolve them. The PR will be considered stale and closed if it remains in an unmergeable state.

1 similar comment
@aws-cdk-automation
Copy link
Collaborator

This PR cannot be merged because it has conflicts. Please resolve them. The PR will be considered stale and closed if it remains in an unmergeable state.

@aws-cdk-automation
Copy link
Collaborator

AWS CodeBuild CI Report

  • CodeBuild project: AutoBuildv2Project1C6BFA3F-wQm2hXv2jqQv
  • Commit ID: cee08ae
  • Result: SUCCEEDED
  • Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
admired-contributor [Pilot] contributed between 13-24 PRs to the CDK bug This issue is a bug. p2 pr/needs-community-review This PR needs a review from a Trusted Community Member or Core Team Member.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

iam: cannot pass iam.ManagedPolicy or iam.Policy to lambda.Function.grantInvoke
2 participants
@Tietew @aws-cdk-automation