Skip to content

(integ-tests-alpha): Incorrect IAM policy statement generated when actions has a hyphen in the name #26952

Closed
#26962
Closed
(integ-tests-alpha): Incorrect IAM policy statement generated when actions has a hyphen in the name#26952
#26962
Labels
@aws-cdk/aws-iamRelated to AWS Identity and Access ManagementbugThis issue is a bug.effort/smallSmall work item – less than a day of effortp2
@dontirun

Description

@dontirun
dontirun
opened on Aug 30, 2023

Describe the bug

The generated IAM policy does not take into account if the service has a - in it's name for the IAM Policy Action

Expected Behavior

The generated IAM policy has the correct permissions

Current Behavior

The generated IAM policy does not has the correct permissions

Reproduction Steps

Given the following integ test

import * as integ from '@aws-cdk/integ-tests-alpha';
import * as cdk from 'aws-cdk-lib';

const app = new cdk.App();
const stack = new cdk.Stack();
const test = new integ.IntegTest(app, 'integ', {
  testCases: [stack],
});

const describeUsageLimit = test.assertions.awsApiCall('RedshiftServerless', 'getUsageLimit', {
  UsageLimitId: 'foo',
});

describeUsageLimit.expect(
  integ.ExpectedResult.objectLike({
    amount: 100,
    breachAction: 'deactivate',
    period: 'monthly',
  }),
);

app.synth();

An IAM Role with the following policy is generated with an incorrect action

    "Policies": [
     {
      "PolicyName": "Inline",
      "PolicyDocument": {
       "Version": "2012-10-17",
       "Statement": [
        {
         "Action": [
          "redshiftserverless:GetUsageLimit"
         ],
         "Effect": "Allow",
         "Resource": [
          "*"
         ]
        }
       ]

The action needs to be redshift-serverless:GetUsageLimit instead of redshiftserverless:GetUsageLimit

Possible Solution

No response

Additional Information/Context

No response

CDK CLI Version

2.89.0-alpha.0

Framework Version

No response

Node.js Version

v20.5.0

OS

Osx Ventura

Language

Typescript

Language Version

No response

Other information

No response

Metadata

Metadata

Assignees

No one assigned

    Labels

    @aws-cdk/aws-iamRelated to AWS Identity and Access ManagementbugThis issue is a bug.effort/smallSmall work item – less than a day of effortp2

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions