Skip to content

feat(iam): PolicyStatements can be frozen#20911

Merged
mergify[bot] merged 2 commits intomainfrom
huijbers/freeze-statements
Jun 30, 2022
Merged

feat(iam): PolicyStatements can be frozen#20911
mergify[bot] merged 2 commits intomainfrom
huijbers/freeze-statements

Conversation

@rix0rrr
Copy link
Copy Markdown
Contributor

@rix0rrr rix0rrr commented Jun 29, 2022

PolicyStatements now have a freeze() method, which prevents further
modification. freeze() is called just prior to rendering and other
statement manipulation.

This has two benefits:

  • Construct authors can freeze() statements and be sure that consumer
    code holding a reference to the statement can no longer mutate it
    later.
  • Third-party library authors that generate IAM statements lazily
    (specifically, cdk-iam-floyd) can hook into the freeze() method
    to do their generation.

All Submissions:

Adding new Unconventional Dependencies:

  • This PR adds new unconventional dependencies following the process described here

New Features

  • Have you added the new feature to an integration test?
    • Did you use yarn integ to deploy the infrastructure and generate the snapshot (i.e. yarn integ without --dry-run)?

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

@rix0rrr
feat(iam): PolicyStatements can be frozen
4cb8b1d 
PolicyStatements now have a `freeze()` method, which prevents further
modification. `freeze()` is called just prior to rendering and other
statement manipulation.

This has two benefits:

- Construct authors can `freeze()` statements and be sure that consumer
  code holding a reference to the statement can no longer mutate it
  later.
- Third-party library authors that generate IAM statements lazily
  (specifically, `cdk-iam-floyd`) can hook into the `freeze()` method
  to do their generation.
@rix0rrr rix0rrr added the pr-linter/exempt-integ-test The PR linter will not require integ test changes label Jun 29, 2022
@rix0rrr rix0rrr requested a review from a team June 29, 2022 09:33
@rix0rrr rix0rrr self-assigned this Jun 29, 2022
@gitpod-io
Copy link
Copy Markdown

gitpod-io bot commented Jun 29, 2022

@github-actions github-actions bot added the p2 label Jun 29, 2022
@aws-cdk-automation aws-cdk-automation requested a review from a team June 29, 2022 09:34
@mergify mergify bot added the contribution/core This is a PR that came from AWS. label Jun 29, 2022
@rix0rrr rix0rrr added pr-linter/exempt-readme The PR linter will not require README changes pr-linter/exempt-test The PR linter will not require test changes labels Jun 30, 2022
@mergify
Copy link
Copy Markdown
Contributor

mergify bot commented Jun 30, 2022

Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

@aws-cdk-automation
Copy link
Copy Markdown
Collaborator

aws-cdk-automation commented Jun 30, 2022

AWS CodeBuild CI Report

  • CodeBuild project: AutoBuildv2Project1C6BFA3F-wQm2hXv2jqQv
  • Commit ID: f6527e8
  • Result: SUCCEEDED
  • Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

@mergify mergify bot merged commit 3bf737b into main Jun 30, 2022
@mergify mergify bot deleted the huijbers/freeze-statements branch June 30, 2022 11:08
@mergify
Copy link
Copy Markdown
Contributor

mergify bot commented Jun 30, 2022

Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

@udondan udondan mentioned this pull request Jul 1, 2022
Closed
4 tasks
daschaa pushed a commit to daschaa/aws-cdk that referenced this pull request Jul 9, 2022
@rix0rrr @daschaa
feat(iam): PolicyStatements can be frozen (aws#20911)
b7fd8b8 
PolicyStatements now have a `freeze()` method, which prevents further
modification. `freeze()` is called just prior to rendering and other
statement manipulation.

This has two benefits:

- Construct authors can `freeze()` statements and be sure that consumer
  code holding a reference to the statement can no longer mutate it
  later.
- Third-party library authors that generate IAM statements lazily
  (specifically, `cdk-iam-floyd`) can hook into the `freeze()` method
  to do their generation.


----

### All Submissions:

* [ ] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md)

### Adding new Unconventional Dependencies:

* [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies)

### New Features

* [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)?
	* [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)?

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@otaviomacedo otaviomacedo otaviomacedo approved these changes

Assignees

@rix0rrr rix0rrr

Labels

contribution/core This is a PR that came from AWS. p2 pr-linter/exempt-integ-test The PR linter will not require integ test changes pr-linter/exempt-readme The PR linter will not require README changes pr-linter/exempt-test The PR linter will not require test changes

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@rix0rrr @aws-cdk-automation @otaviomacedo