Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(iam): CompositePrincipal and allow multiple principal types #1377

Merged
merged 6 commits into from
Dec 18, 2018
Merged

feat(iam): CompositePrincipal and allow multiple principal types #1377

merged 6 commits into from
Dec 18, 2018

Conversation

eladb
Copy link
Contributor

@eladb eladb commented Dec 17, 2018
edited

Relax constraint on IAM policy statement principals such
that multiple principal types can be used in a statement.

Also, the CompositePrincipal class can be use to construct
PolicyPrincipals that consist of multiple principal types
and conditions.

Backfill missing addXxxPrincipal methods.

Deprecate (soft) Anyone in favor of AnyPrincipal.

Fixes #1201

Pull Request Checklist

Please check all boxes, including N/A items:

Testing

  • Unit test and/or integration test added
  • Toolkit change?: integration tests manually executed (paste output to the PR description)
  • Init template change?: coordinated update of integration tests (currently maintained in a private repo).

Documentation

  • README: README and/or documentation topic updated
  • jsdocs: All public APIs documented

Title and description

  • Change type: Title is prefixed with change type:
    • fix(module): <title> bug fix (patch)
    • feat(module): <title> feature/capability (minor)
    • chore(module): <title> won't appear in changelog
    • build(module): <title> won't appear in changelog
  • Title format: Title uses lower case and doesn't end with a period
  • Breaking change?: Last paragraph of description is: BREAKING CHANGE: <describe exactly what changed and how to achieve similar behavior + link to documentation/gist/issue if more details are required>
  • References: Indicate issues fixed via: Fixes #xxx or Closes #xxx

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license.

fix(iam): allow multiple principal types
b1b1193 
Relax constraint on IAM policy statement principals such
that multiple principal types can be used in a statement.

Also, the `CompositePrincipal` class can be use to construct
`PolicyPrincipal`s that consist of multiple principal types
and conditions.

Backfill missing addXxxPrincipal methods.

Deprecate (soft) `Anyone` in favor of `AnyPrincipal`.
@eladb eladb requested a review from a team December 17, 2018 10:48
@eladb eladb changed the title fix(iam): allow multiple principal types feat(iam): CompositePrincipal and allow multiple principal types Dec 17, 2018
RomainMuller
RomainMuller previously approved these changes Dec 17, 2018
View reviewed changes
packages/@aws-cdk/aws-iam/lib/policy-document.ts Outdated Show resolved Hide resolved
packages/@aws-cdk/aws-iam/lib/policy-document.ts Outdated Show resolved Hide resolved
packages/@aws-cdk/aws-iam/lib/policy-document.ts Outdated Show resolved Hide resolved
@eladb
Copy link
Contributor Author

eladb commented Dec 17, 2018

@rix0rrr I need you to also take a look (IAM library...)

@eladb eladb requested a review from rix0rrr December 17, 2018 13:39
@RomainMuller RomainMuller dismissed their stale review December 17, 2018 13:59

Cannot merge Conditions

@eladb eladb merged commit b942ae5 into master Dec 18, 2018
@eladb eladb deleted the benisrae/multi-principal-iam branch December 18, 2018 07:39
@patrickdomnick patrickdomnick mentioned this pull request Jan 20, 2019
Closed
@NGL321 NGL321 added the contribution/core This is a PR that came from AWS. label Sep 23, 2019
@mergify
Copy link
Contributor

mergify bot commented Sep 23, 2019

Thanks so much for taking the time to contribute to the AWS CDK ❤️

We will shortly assign someone to review this pull request and help get it
merged. In the meantime, please take a minute to make sure you follow this
checklist:

  • PR title type(scope): text
    • type: fix, feat, refactor go into CHANGELOG, chore is hidden
    • scope: name of module without aws- or cdk- prefix or postfix (e.g. s3 instead of aws-s3-deployment)
    • text: use all lower-case, do not end with a period, do not include issue refs
  • PR Description
    • Rationale: describe rationale of change and approach taken
    • Issues: indicate issues fixed via: fixes #xxx or closes #xxx
    • Breaking?: last paragraph: BREAKING CHANGE: <describe what changed + link for details>
  • Testing
    • Unit test added. Prefer to add a new test rather than modify existing tests
    • CLI or init templates change? Re-run/add CLI integration tests
  • Documentation
    • README: update module README to describe new features
    • API docs: public APIs must be documented. Copy from official AWS docs when possible
    • Design: for significant features, follow design process

@alastairmccormack alastairmccormack mentioned this pull request Oct 9, 2019
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@RomainMuller RomainMuller RomainMuller approved these changes

@rix0rrr rix0rrr rix0rrr approved these changes

Assignees
No one assigned
Labels
contribution/core This is a PR that came from AWS.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Unable to build multi-principal Policy with Role
4 participants
@eladb @RomainMuller @rix0rrr @NGL321