Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

refactor(iam): cleanup of IAM library #2823

Merged
merged 15 commits into from
Jun 17, 2019
Merged

refactor(iam): cleanup of IAM library #2823

merged 15 commits into from
Jun 17, 2019

Conversation

rix0rrr
Copy link
Contributor

@rix0rrr rix0rrr commented Jun 11, 2019

Various changes.

  • Move PolicyStatement to its own file.
  • Remove postProcess from Token interface, move opting into it into IResolvable.resolve(), so it can be hidden from the PolicyDocument public interface.
  • Introduce PolicyStatement.fromAttributes({ ... }) as an alternative to the fluent interface chaining of old PolicyStatement.

Plus all the breaking changes below:

BREAKING CHANGE:

  • iam: PolicyStatement no longer has a fluid API, and accepts a
    props object to be able to set the important fields.
  • iam: rename ImportedResourcePrincipal to UnknownPrincipal.
  • iam: managedPolicyArns renamed to managedPolicies, takes
    return value from ManagedPolicy.fromAwsManagedPolicyName().
  • iam: PolicyDocument.postProcess() is now removed.
  • iam: PolicyDocument.addStatement() renamed to addStatements.
  • iam: PolicyStatement is no longer IResolvable
  • iam: AwsPrincipal has been removed, use ArnPrincipal instead.

Pull Request Checklist

  • Testing
    • Unit test added (prefer not to modify an existing test, otherwise, it's probably a breaking change)
    • CLI change?: coordinate update of integration tests with team
    • cdk-init template change?: coordinated update of integration tests with team
  • Docs
    • jsdocs: All public APIs documented
    • README: README and/or documentation topic updated
    • Design: For significant features, design document added to design folder
  • Title and Description
    • Change type: title prefixed with fix, feat and module name in parens, which will appear in changelog
    • Title: use lower-case and doesn't end with a period
    • Breaking?: last paragraph: "BREAKING CHANGE: <describe what changed + link for details>"
    • Issues: Indicate issues fixed via: "Fixes #xxx" or "Closes #xxx"
  • Sensitive Modules (requires 2 PR approvers)
    • IAM Policy Document (in @aws-cdk/aws-iam)
    • EC2 Security Groups and ACLs (in @aws-cdk/aws-ec2)
    • Grant APIs (only if not based on official documentation with a reference)

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license.

rix0rrr added 3 commits June 11, 2019 15:49
Various changes.

BREAKING CHANGE:

* **iam**: rename `ImportedResourcePrincipal` to `UnknownPrincipal`.
* **iam**: `managedPolicyArns` renamed to `managedPolicies`, takes
  return value from `ManagedPolicy.fromAwsManagedPolicyName()`.
Remove `postProcess` from Token interface, move opting into it into
`IResolvable.resolve()`, so it can be hidden from the `PolicyDocument`
public interface.

Make addStatements() variadic.
PolicyStatement is no longer IResolvable (doesn't need to be)

Remove AwsPrincipal, which was always an alias for ArnPrincipal
which is much clearer.

Introduce `PolicyStatement.fromAttributes({ ... })` as an
alternative to the fluent interface chaining of old `PolicyStatement`.
@rix0rrr rix0rrr requested review from RomainMuller, skinny85 and a team as code owners June 11, 2019 14:45
/**
* Represents a statement in an IAM policy document.
*/
export class PolicyStatement implements IPolicyStatement {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we make a linter rule to enforce the usage of IPolicyStatement everywhere?

}
}

/**
* Adds a statement to the policy document.
*/
public addStatement(statement: PolicyStatement) {
this.document.addStatement(statement);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

IPolicyStatement?

@@ -36,12 +36,18 @@ export function resolve(obj: any, options: IResolveOptions): any {
/**
* Make a new resolution context
*/
function makeContext(appendPath?: string): IResolveContext {
function makeContext(appendPath?: string): [IResolveContext, IPostProcessor] {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we avoid returning a tuple, and instead return some interface? The proliferation of [0] pains me...

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's private though.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I still have to read all those [0] :)

@rix0rrr rix0rrr force-pushed the huijbers/iam-cleanups branch from 0036e3f to 5d9ba0f Compare June 13, 2019 17:39
@rix0rrr rix0rrr requested a review from SoManyHs as a code owner June 13, 2019 17:39
This was referenced Dec 12, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
contribution/core This is a PR that came from AWS.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants