-
Notifications
You must be signed in to change notification settings - Fork 3.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix(iam): policies added to immutably imported role #6090
Conversation
In the refactoring done in #5569, we introduced a bug. The `ImmutableRole` class correctly ignored policies directly added to it, but did not ignore policies added via `Grant.addToPrincipal()`. That's because its `IGrantable#grantPrincipal` field was being used as the principal to grant to, which was pointing to the wrapped role instead of the `ImmutableRole` itself. Fix this oversight and add a test to cement it in. Fixes #5943.
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
nice catch! |
Thank you for contributing! Your pull request is now being automatically merged. |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
Thank you for contributing! Your pull request is now being automatically merged. |
In the refactoring done in #5569, we introduced a bug. The
ImmutableRole
class correctly ignored policies directly added to it,but did not ignore policies added via
Grant.addToPrincipal()
.That's because its
IGrantable#grantPrincipal
field was being usedas the principal to grant to, which was pointing to the wrapped
role instead of the
ImmutableRole
itself.Fix this oversight and add a test to cement it in.
Fixes #5943.
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license