Skip to content

fix(iam): policies added to immutably imported role#6090

Merged
mergify[bot] merged 3 commits intomasterfrom
huijbers/fix-immutable-grant
Feb 5, 2020
Merged

fix(iam): policies added to immutably imported role#6090
mergify[bot] merged 3 commits intomasterfrom
huijbers/fix-immutable-grant

Conversation

@rix0rrr
Copy link
Copy Markdown
Contributor

@rix0rrr rix0rrr commented Feb 4, 2020

In the refactoring done in #5569, we introduced a bug. The
ImmutableRole class correctly ignored policies directly added to it,
but did not ignore policies added via Grant.addToPrincipal().

That's because its IGrantable#grantPrincipal field was being used
as the principal to grant to, which was pointing to the wrapped
role instead of the ImmutableRole itself.

Fix this oversight and add a test to cement it in.

Fixes #5943.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

@rix0rrr
fix(iam): policies added to immutably imported role
6273383 
In the refactoring done in #5569, we introduced a bug. The
`ImmutableRole` class correctly ignored policies directly added to it,
but did not ignore policies added via `Grant.addToPrincipal()`.

That's because its `IGrantable#grantPrincipal` field was being used
as the principal to grant to, which was pointing to the wrapped
role instead of the `ImmutableRole` itself.

Fix this oversight and add a test to cement it in.

Fixes #5943.
@rix0rrr rix0rrr self-assigned this Feb 4, 2020
@mergify mergify bot added the contribution/core This is a PR that came from AWS. label Feb 4, 2020
@aws-cdk-automation
Copy link
Copy Markdown
Collaborator

aws-cdk-automation commented Feb 4, 2020

AWS CodeBuild CI Report

  • Result: FAILED
  • Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

@NetaNir
Copy link
Copy Markdown
Contributor

NetaNir commented Feb 4, 2020

nice catch!

@mergify
Copy link
Copy Markdown
Contributor

mergify bot commented Feb 4, 2020

Thank you for contributing! Your pull request is now being automatically merged.

@aws-cdk-automation
Copy link
Copy Markdown
Collaborator

aws-cdk-automation commented Feb 4, 2020

AWS CodeBuild CI Report

  • Result: FAILED
  • Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

@aws-cdk-automation
Copy link
Copy Markdown
Collaborator

aws-cdk-automation commented Feb 5, 2020

AWS CodeBuild CI Report

  • Result: SUCCEEDED
  • Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

@mergify
Copy link
Copy Markdown
Contributor

mergify bot commented Feb 5, 2020

Thank you for contributing! Your pull request is now being automatically merged.

@mergify mergify bot merged commit f1f5319 into master Feb 5, 2020
@mergify mergify bot deleted the huijbers/fix-immutable-grant branch February 5, 2020 09:41
@brentryan brentryan mentioned this pull request May 13, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@skinny85 skinny85 Awaiting requested review from skinny85

@iliapolo iliapolo Awaiting requested review from iliapolo

@nija-at nija-at Awaiting requested review from nija-at

1 more reviewer

@NetaNir NetaNir NetaNir approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@rix0rrr rix0rrr

Labels

contribution/core This is a PR that came from AWS.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

roleFromArn with "mutable: false" adds role policies

3 participants

@rix0rrr @aws-cdk-automation @NetaNir