Skip to content

Commit

Permalink
fix(iam): conditions in FederatedPrincipal should be optional (aws#20621
Browse files Browse the repository at this point in the history
)

Fixes aws#11139

This PR makes conditions in `FederatedPrincipal` optional.

### All Submissions:

* [X] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md)

### Adding new Unconventional Dependencies:

* [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies)

### New Features

* [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)?
	* [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)?

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
  • Loading branch information
cecheta authored and daschaa committed Jul 9, 2022
1 parent bc87e37 commit d79b58c
Show file tree
Hide file tree
Showing 2 changed files with 21 additions and 3 deletions.
11 changes: 8 additions & 3 deletions packages/@aws-cdk/aws-iam/lib/principals.ts
Original file line number Diff line number Diff line change
Expand Up @@ -604,19 +604,24 @@ export class CanonicalUserPrincipal extends PrincipalBase {
export class FederatedPrincipal extends PrincipalBase {
public readonly assumeRoleAction: string;

/**
* The conditions under which the policy is in effect.
* @see https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition.html
*/
public readonly conditions: Conditions;

/**
*
* @param federated federated identity provider (i.e. 'cognito-identity.amazonaws.com' for users authenticated through Cognito)
* @param conditions The conditions under which the policy is in effect.
* See [the IAM documentation](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition.html).
* @param sessionTags Whether to enable session tagging (see https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html)
*/
constructor(
public readonly federated: string,
public readonly conditions: Conditions,
conditions: Conditions = {},
assumeRoleAction: string = 'sts:AssumeRole') {
super();

this.conditions = conditions;
this.assumeRoleAction = assumeRoleAction;
}

Expand Down
13 changes: 13 additions & 0 deletions packages/@aws-cdk/aws-iam/test/principals.test.ts
Original file line number Diff line number Diff line change
Expand Up @@ -103,6 +103,19 @@ test('can have multiple principals the same conditions in the same statement', (
}));
});

test('use federated principal', () => {
// GIVEN
const stack = new Stack();

// WHEN
const principal = new iam.FederatedPrincipal('federated');

// THEN
expect(stack.resolve(principal.federated)).toStrictEqual('federated');
expect(stack.resolve(principal.assumeRoleAction)).toStrictEqual('sts:AssumeRole');
expect(stack.resolve(principal.conditions)).toStrictEqual({});
});

test('use Web Identity principal', () => {
// GIVEN
const stack = new Stack();
Expand Down

0 comments on commit d79b58c

Please sign in to comment.