Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(iam): User.fromUserName not implementing IUSER functions #10527

Closed
wants to merge 1 commit into from
Closed
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
17 changes: 11 additions & 6 deletions packages/@aws-cdk/aws-iam/lib/user.ts
Original file line number Diff line number Diff line change
Expand Up @@ -145,6 +145,9 @@ export class User extends Resource implements IIdentity, IUser {
public readonly assumeRoleAction: string = 'sts:AssumeRole';
public readonly policyFragment: PrincipalPolicyFragment = new ArnPrincipal(arn).policyFragment;
private defaultPolicy?: Policy;
private readonly groups = new Array<any>();
private readonly managedPolicies = new Array<IManagedPolicy>();
private readonly attachedPolicies = new AttachedPolicies();

public addToPolicy(statement: PolicyStatement): boolean {
return this.addToPrincipalPolicy(statement).statementAdded;
Expand All @@ -159,16 +162,18 @@ export class User extends Resource implements IIdentity, IUser {
return { statementAdded: true, policyDependable: this.defaultPolicy };
}

public addToGroup(_group: IGroup): void {
throw new Error('Cannot add imported User to Group');
public addToGroup(group: IGroup): void {
this.groups.push(group.groupName);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think this is sufficient. If the User is being created you can add it to a group in this way, but fairly sure that's not how you do it if the User already exists.

}

public attachInlinePolicy(_policy: Policy): void {
throw new Error('Cannot add inline policy to imported User');
public attachInlinePolicy(policy: Policy): void {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Will this actually add an inline policy to an already-existing User object? I don't think so.

this.attachedPolicies.attach(policy);
policy.attachToUser(this);
}

public addManagedPolicy(_policy: IManagedPolicy): void {
throw new Error('Cannot add managed policy to imported User');
public addManagedPolicy(policy: IManagedPolicy): void {
if (this.managedPolicies.find(mp => mp === policy)) { return; }
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same comment here.

this.managedPolicies.push(policy);
}
}

Expand Down