Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(iam): make User implement IUser #3738

Merged
merged 3 commits into from
Aug 22, 2019
Merged

fix(iam): make User implement IUser #3738

Changes from 2 commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
16f8bbb
fix(iam): make User implement IUser
rix0rrr Aug 21, 2019
526fac5
Fix linter errors
rix0rrr Aug 21, 2019
0876cb9
Merge branch 'master' into huijbers/iuser
mergify[bot] Aug 22, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
58 changes: 56 additions & 2 deletions packages/@aws-cdk/aws-iam/lib/user.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
import { Construct, Lazy, Resource, SecretValue } from '@aws-cdk/core';
import { Construct, Lazy, Resource, SecretValue, Stack } from '@aws-cdk/core';
import { IGroup } from './group';
import { CfnUser } from './iam.generated';
import { IIdentity } from './identity-base';
Expand All @@ -10,7 +10,15 @@ import { IPrincipal } from './principals';
import { AttachedPolicies, undefinedIfEmpty } from './util';

export interface IUser extends IIdentity {
/**
* The user's name
* @attribute
*/
readonly userName: string;

/**
* Adds this user to a group.
*/
addToGroup(group: IGroup): void;
}

Expand Down Expand Up @@ -97,7 +105,53 @@ export interface UserProps {
readonly passwordResetRequired?: boolean;
}

export class User extends Resource implements IIdentity {
/**
* Define a new IAM user
*/
export class User extends Resource implements IIdentity, IUser {
/**
* Import an existing user given a username
*/
public static fromUserName(scope: Construct, id: string, userName: string): IUser {
const arn = Stack.of(scope).formatArn({
service: 'iam',
region: '',
resource: 'user',
resourceName: userName
});

class Import extends Resource implements IUser {
public readonly grantPrincipal: IPrincipal = this;
public readonly userName: string = userName;
public readonly assumeRoleAction: string = 'sts:AssumeRole';
public readonly policyFragment: PrincipalPolicyFragment = new ArnPrincipal(arn).policyFragment;
private defaultPolicy?: Policy;

public addToPolicy(statement: PolicyStatement): boolean {
if (!this.defaultPolicy) {
this.defaultPolicy = new Policy(this, 'Policy');
this.defaultPolicy.attachToUser(this);
}
this.defaultPolicy.addStatements(statement);
return true;
}

public addToGroup(_group: IGroup): void {
throw new Error('Cannot add imported User to Group');
}

public attachInlinePolicy(_policy: Policy): void {
throw new Error('Cannot add inline policy to imported User');
}

public addManagedPolicy(_policy: IManagedPolicy): void {
throw new Error('Cannot add managed policy to imported User');
}
}

return new Import(scope, id);
}

public readonly grantPrincipal: IPrincipal = this;
public readonly assumeRoleAction: string = 'sts:AssumeRole';

Expand Down