feat(integ-tests): expose adding IAM policies to the assertion provider#20769
Merged
mergify[bot] merged 3 commits intoaws:mainfrom Jul 7, 2022
corymhall:corymhall/integ-runner/addToPolicy
Merged
feat(integ-tests): expose adding IAM policies to the assertion provider#20769mergify[bot] merged 3 commits intoaws:mainfrom corymhall:corymhall/integ-runner/addToPolicy
mergify[bot] merged 3 commits intoaws:mainfrom
corymhall:corymhall/integ-runner/addToPolicy
Conversation
Currently the `AwsApiCall` construct will try and automatically create the correct IAM policy based on the service and api call being used. The assumption was that in most cases this would work, but it turns out that in the first couple use cases we've seen this is not the case. This PR adds another method `addToRolePolicy` on the `AssertionsProvider` construct and then makes the provider a `public` attribute on `AwsApICall`. This allows you to add additional policies.
|
|
otaviomacedo
reviewed
Jul 7, 2022
Contributor
otaviomacedo
left a comment
There was a problem hiding this comment.
The ideal solution would be an internal map from operations to necessary policies, that we could generate automatically from some canonical source. But I'm not aware of any such thing :(
otaviomacedo
approved these changes
Jul 7, 2022
Contributor
|
Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork). |
Collaborator
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
Contributor
|
Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork). |
daschaa
pushed a commit
to daschaa/aws-cdk
that referenced
this pull request
Jul 9, 2022
…er (aws#20769) Currently the `AwsApiCall` construct will try and automatically create the correct IAM policy based on the service and api call being used. The assumption was that in most cases this would work, but it turns out that in the first couple use cases we've seen this is not the case. This PR adds another method `addToRolePolicy` on the `AssertionsProvider` construct and then makes the provider a `public` attribute on `AwsApICall`. This allows you to add additional policies. ---- ### All Submissions: * [ ] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)? * [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Currently the
AwsApiCallconstruct will try and automatically createthe correct IAM policy based on the service and api call being used. The
assumption was that in most cases this would work, but it turns out that
in the first couple use cases we've seen this is not the case.
This PR adds another method
addToRolePolicyon theAssertionsProviderconstruct and then makes the provider apublicattribute on
AwsApICall. This allows you to add additional policies.All Submissions:
Adding new Unconventional Dependencies:
New Features
yarn integto deploy the infrastructure and generate the snapshot (i.e.yarn integwithout--dry-run)?By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license