Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(iam): policies added to immutably imported role #6090

Merged
merged 3 commits into from Feb 5, 2020
Merged

fix(iam): policies added to immutably imported role #6090

merged 3 commits into from Feb 5, 2020

Conversation

rix0rrr
Copy link
Contributor

@rix0rrr rix0rrr commented Feb 4, 2020

In the refactoring done in #5569, we introduced a bug. The
ImmutableRole class correctly ignored policies directly added to it,
but did not ignore policies added via Grant.addToPrincipal().

That's because its IGrantable#grantPrincipal field was being used
as the principal to grant to, which was pointing to the wrapped
role instead of the ImmutableRole itself.

Fix this oversight and add a test to cement it in.

Fixes #5943.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

@rix0rrr
fix(iam): policies added to immutably imported role
6273383 
In the refactoring done in #5569, we introduced a bug. The
`ImmutableRole` class correctly ignored policies directly added to it,
but did not ignore policies added via `Grant.addToPrincipal()`.

That's because its `IGrantable#grantPrincipal` field was being used
as the principal to grant to, which was pointing to the wrapped
role instead of the `ImmutableRole` itself.

Fix this oversight and add a test to cement it in.

Fixes #5943.
@rix0rrr rix0rrr self-assigned this Feb 4, 2020
@mergify mergify bot added the contribution/core This is a PR that came from AWS. label Feb 4, 2020
@aws-cdk-automation
Copy link
Collaborator

AWS CodeBuild CI Report

  • Result: FAILED
  • Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

@NetaNir
Copy link
Contributor

NetaNir commented Feb 4, 2020

nice catch!

@mergify
Copy link
Contributor

mergify bot commented Feb 4, 2020

Thank you for contributing! Your pull request is now being automatically merged.

@aws-cdk-automation
Copy link
Collaborator

AWS CodeBuild CI Report

  • Result: FAILED
  • Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

@aws-cdk-automation
Copy link
Collaborator

AWS CodeBuild CI Report

  • Result: SUCCEEDED
  • Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

@mergify
Copy link
Contributor

mergify bot commented Feb 5, 2020

Thank you for contributing! Your pull request is now being automatically merged.

@mergify mergify bot merged commit f1f5319 into master Feb 5, 2020
@mergify mergify bot deleted the huijbers/fix-immutable-grant branch February 5, 2020 09:41
@brentryan brentryan mentioned this pull request May 13, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@NetaNir NetaNir NetaNir approved these changes

@skinny85 skinny85 Awaiting requested review from skinny85

@iliapolo iliapolo Awaiting requested review from iliapolo

@nija-at nija-at Awaiting requested review from nija-at

Assignees

@rix0rrr rix0rrr

Labels
contribution/core This is a PR that came from AWS.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

roleFromArn with "mutable: false" adds role policies
3 participants
@rix0rrr @aws-cdk-automation @NetaNir