-
Notifications
You must be signed in to change notification settings - Fork 3.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix(iam): role/group/user's path not included in ARN #13258
Conversation
Title does not follow the guidelines of Conventional Commits. Please adjust title before merge. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You need to update tests, and I'm pretty sure the default /
would already be included (so now your ARN would look like arn:aws:...:role//rolename
@rix0rrr I have not had a chance to familiarize myself with the repo's testing structure. Do you have specific recommendations on what I should update and where? Also, I got rid of the 'resourceName' argument to avoid the default slash because as I understand it, just using the 'resource' argument shouldn't include any separator. Is this understanding inaccurate? |
There will be Now this specific case is somewhat tricky to test, as it only comes into play when objects are being used transparently in a cross-env scenario. So in your unit test, you will need to create an Then check that the value you're getting looks like what you expect. I think there's even 3 cases I'd be interested in:
I wonder if IAM does any path normalization, or whether it rejects values with additional |
As for what you did with the ARN components: I liked the original better, where |
@rix0rrr I can work on most of that. I just have one question (below). Based on the documentation, my understanding was that IAM rejects any path that does not both start and end with a slash, so my implementation expects both. If you want CDK to support all of the cases you mentioned, we probably need to add path normalization in CDK as I believe CloudFormation will still require both. It shouldn't be hard, but do you want me to add that as part of this pull request? I also did the pure resource implementation because it is slightly simpler when given both a beginning and ending slash, as I don't have to conditionally strip a leading slash from the path. But I can add the logic to allow us to use the resourceName argument if you think that'll be more readable. With all that being said, I may not be able to get to it immediately. But let me know if you would like me to include path normalization or just add better error handling, and I'll let you know when I have had a chance to make these updates. |
Pull request has been modified.
Good call. That is fine then. If we want to make that requirement more flexible, that PR would then be the moment to do that. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Needs tests
Thank you for contributing! Your pull request will be updated from master and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork). |
Thank you for contributing! Your pull request will be updated from master and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork). |
@saltman424 can you resolve the conflicts? The PR is still pending. |
924c117
to
ebfd5f2
Compare
Thank you for contributing! Your pull request will be updated from master and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork). |
Pull request has been modified.
@rix0rrr sorry for taking so long for this. I didn't realize it still wasn't merged. It should be ready for your review. |
Thank you for contributing! Your pull request will be updated from master and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork). |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
Thank you for contributing! Your pull request will be updated from master and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork). |
Solution to aws#13156 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Solution to #13156
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license