Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

(integ-tests-alpha): Incorrect IAM policy statement generated when actions has a hyphen in the name #26952

Closed
dontirun opened this issue Aug 30, 2023 · 5 comments · Fixed by #26962
Closed

(integ-tests-alpha): Incorrect IAM policy statement generated when actions has a hyphen in the name #26952

dontirun opened this issue Aug 30, 2023 · 5 comments · Fixed by #26962
Labels
@aws-cdk/aws-iam Related to AWS Identity and Access Management bug This issue is a bug. effort/small Small work item – less than a day of effort p2

Comments

@dontirun
Copy link
Contributor

dontirun commented Aug 30, 2023
edited
Loading

Describe the bug

The generated IAM policy does not take into account if the service has a - in it's name for the IAM Policy Action

Expected Behavior

The generated IAM policy has the correct permissions

Current Behavior

The generated IAM policy does not has the correct permissions

Reproduction Steps

Given the following integ test

import * as integ from '@aws-cdk/integ-tests-alpha';
import * as cdk from 'aws-cdk-lib';

const app = new cdk.App();
const stack = new cdk.Stack();
const test = new integ.IntegTest(app, 'integ', {
  testCases: [stack],
});

const describeUsageLimit = test.assertions.awsApiCall('RedshiftServerless', 'getUsageLimit', {
  UsageLimitId: 'foo',
});

describeUsageLimit.expect(
  integ.ExpectedResult.objectLike({
    amount: 100,
    breachAction: 'deactivate',
    period: 'monthly',
  }),
);

app.synth();

An IAM Role with the following policy is generated with an incorrect action

    "Policies": [
     {
      "PolicyName": "Inline",
      "PolicyDocument": {
       "Version": "2012-10-17",
       "Statement": [
        {
         "Action": [
          "redshiftserverless:GetUsageLimit"
         ],
         "Effect": "Allow",
         "Resource": [
          "*"
         ]
        }
       ]

The action needs to be redshift-serverless:GetUsageLimit instead of redshiftserverless:GetUsageLimit

Possible Solution

No response

Additional Information/Context

No response

CDK CLI Version

2.89.0-alpha.0

Framework Version

No response

Node.js Version

v20.5.0

OS

Osx Ventura

Language

Typescript

Language Version

No response

Other information

No response
@dontirun dontirun added bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels Aug 30, 2023
@github-actions github-actions bot added the @aws-cdk/aws-iam Related to AWS Identity and Access Management label Aug 30, 2023
@dontirun dontirun changed the title (integ-tests-alpha): Incorrect IAM policy statement generated (integ-tests-alpha): Incorrect IAM policy statement generated when actions has a hyphen in the name Aug 30, 2023
@msambol
Copy link
Contributor

msambol commented Aug 30, 2023

@peterwoodworth I can take this, after you triage and deem it needing to be fixed.

@khushail khushail added investigating This issue is being investigated and/or work is in progress to resolve the issue. and removed needs-triage This issue or PR still needs to be triaged. labels Aug 31, 2023
@khushail
Copy link
Contributor

khushail commented Aug 31, 2023
edited
Loading

Hi @dontirun , thanks for reaching out. I am able to reproduce the issue. Looks like redshiftServerless is missing from this file and this code should work.

@khushail khushail added effort/medium Medium work item – several days of effort p2 and removed investigating This issue is being investigated and/or work is in progress to resolve the issue. labels Aug 31, 2023
@msambol
Copy link
Contributor

msambol commented Aug 31, 2023

@khushail I'll take this, please assign me.

@khushail
Copy link
Contributor

@khushail I'll take this, please assign me.

Thanks for volunteering to work on this PR. Please feel fee to proceed.

@khushail khushail added effort/small Small work item – less than a day of effort and removed effort/medium Medium work item – several days of effort labels Aug 31, 2023
@msambol msambol mentioned this issue Sep 1, 2023
Merged
@github-actions github-actions bot mentioned this issue Sep 1, 2023
Closed
@mergify mergify bot closed this as completed in #26962 Sep 1, 2023
mergify bot pushed a commit that referenced this issue Sep 1, 2023
@msambol
chore(integ-tests-alpha): add redshift serverless to sdk api metadata (
078e26a 
…#26962)

Closes #26952.

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
@github-actions
Copy link

github-actions bot commented Sep 1, 2023

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.

mikewrighton pushed a commit that referenced this issue Sep 14, 2023
@msambol
chore(integ-tests-alpha): add redshift serverless to sdk api metadata (
e1d9c95 
…#26962)

Closes #26952.

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
@aws-cdk/aws-iam Related to AWS Identity and Access Management bug This issue is a bug. effort/small Small work item – less than a day of effort p2
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

chore(integ-tests-alpha): add redshift serverless to sdk api metadata msambol/aws-cdk
3 participants
@msambol @dontirun @khushail