-
Notifications
You must be signed in to change notification settings - Fork 3.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(iam): support NotPrincipal in policy statements #4077
Conversation
Thanks so much for taking the time to contribute to the AWS CDK ❤️ We will shortly assign someone to review this pull request and help get it
|
Added support for NotPrincipal IAM Policy statement elements.
65e32ee
to
18ff433
Compare
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
@@ -70,6 +72,17 @@ export class PolicyStatement { | |||
} | |||
} | |||
|
|||
public addNotPrincipals(...notPrincipals: IPrincipal[]) { | |||
if (Object.keys(notPrincipals).length > 0 && Object.keys(this.principal).length > 0) { | |||
throw new Error(`Cannot add 'NotPrincipals' to policy statement if 'Principals' have been added`); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Probably worth putting this check when we render (toStatementJson) so it applies both ways.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks, good point. I added the reverse check to AddPrincipals
and refactored the test to check for both errors.
This follows convention with the other elements with a Not*. toStatementJson will then pull out the empty values if these exclusivity checks work. Thoughts?
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
…th exclusive errors
814b4fd
to
77b7c70
Compare
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
* feat(iam): add support for notprincipal policy statement element Added support for NotPrincipal IAM Policy statement elements. * add exclusivity check to addPrincipal, refactor tests to check for both exclusive errors
Added support for NotPrincipal IAM Policy statement elements.
Closes #4075
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license