-
Notifications
You must be signed in to change notification settings - Fork 4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
refactor(iam): cleanup of IAM library #2823
Conversation
Various changes. BREAKING CHANGE: * **iam**: rename `ImportedResourcePrincipal` to `UnknownPrincipal`. * **iam**: `managedPolicyArns` renamed to `managedPolicies`, takes return value from `ManagedPolicy.fromAwsManagedPolicyName()`.
Remove `postProcess` from Token interface, move opting into it into `IResolvable.resolve()`, so it can be hidden from the `PolicyDocument` public interface. Make addStatements() variadic.
PolicyStatement is no longer IResolvable (doesn't need to be) Remove AwsPrincipal, which was always an alias for ArnPrincipal which is much clearer. Introduce `PolicyStatement.fromAttributes({ ... })` as an alternative to the fluent interface chaining of old `PolicyStatement`.
/** | ||
* Represents a statement in an IAM policy document. | ||
*/ | ||
export class PolicyStatement implements IPolicyStatement { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should we make a linter rule to enforce the usage of IPolicyStatement everywhere?
} | ||
} | ||
|
||
/** | ||
* Adds a statement to the policy document. | ||
*/ | ||
public addStatement(statement: PolicyStatement) { | ||
this.document.addStatement(statement); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
IPolicyStatement?
@@ -36,12 +36,18 @@ export function resolve(obj: any, options: IResolveOptions): any { | |||
/** | |||
* Make a new resolution context | |||
*/ | |||
function makeContext(appendPath?: string): IResolveContext { | |||
function makeContext(appendPath?: string): [IResolveContext, IPostProcessor] { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we avoid returning a tuple, and instead return some interface? The proliferation of [0]
pains me...
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It's private though.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I still have to read all those [0]
:)
0036e3f
to
5d9ba0f
Compare
Various changes.
postProcess
from Token interface, move opting into it intoIResolvable.resolve()
, so it can be hidden from thePolicyDocument
public interface.PolicyStatement.fromAttributes({ ... })
as an alternative to the fluent interface chaining of oldPolicyStatement
.Plus all the breaking changes below:
BREAKING CHANGE:
PolicyStatement
no longer has a fluid API, and accepts aprops object to be able to set the important fields.
ImportedResourcePrincipal
toUnknownPrincipal
.managedPolicyArns
renamed tomanagedPolicies
, takesreturn value from
ManagedPolicy.fromAwsManagedPolicyName()
.PolicyDocument.postProcess()
is now removed.PolicyDocument.addStatement()
renamed toaddStatements
.PolicyStatement
is no longerIResolvable
AwsPrincipal
has been removed, useArnPrincipal
instead.Pull Request Checklist
design
folderBy submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license.