From d59c84dce8c32549324aebe877cc30526b31e106 Mon Sep 17 00:00:00 2001 From: Arihant Jain Date: Fri, 23 Oct 2020 02:25:11 +0530 Subject: [PATCH 1/5] iam.User.fromUserName addToPolicy and addToPrincipalPolicy fixed... --- packages/@aws-cdk/aws-iam/lib/user.ts | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/packages/@aws-cdk/aws-iam/lib/user.ts b/packages/@aws-cdk/aws-iam/lib/user.ts index aec5bf735c0ad..df0b50c4902cd 100644 --- a/packages/@aws-cdk/aws-iam/lib/user.ts +++ b/packages/@aws-cdk/aws-iam/lib/user.ts @@ -148,16 +148,11 @@ export class User extends Resource implements IIdentity, IUser { private defaultPolicy?: Policy; public addToPolicy(statement: PolicyStatement): boolean { - return this.addToPrincipalPolicy(statement).statementAdded; + throw new Error('Cannot add policy to imported User'); } public addToPrincipalPolicy(statement: PolicyStatement): AddToPrincipalPolicyResult { - if (!this.defaultPolicy) { - this.defaultPolicy = new Policy(this, 'Policy'); - this.defaultPolicy.attachToUser(this); - } - this.defaultPolicy.addStatements(statement); - return { statementAdded: true, policyDependable: this.defaultPolicy }; + throw new Error('Cannot add policy to imported User'); } public addToGroup(_group: IGroup): void { From b313489f37e369d35672173cb3d7cc35c0c3942b Mon Sep 17 00:00:00 2001 From: Arihant Jain Date: Fri, 23 Oct 2020 15:15:14 +0530 Subject: [PATCH 2/5] fix(iam): test cases for fromUserName added --- packages/@aws-cdk/aws-iam/lib/user.ts | 9 ++--- packages/@aws-cdk/aws-iam/test/user.test.ts | 45 ++++++++++++++++++++- 2 files changed, 48 insertions(+), 6 deletions(-) diff --git a/packages/@aws-cdk/aws-iam/lib/user.ts b/packages/@aws-cdk/aws-iam/lib/user.ts index df0b50c4902cd..76db1be3864e5 100644 --- a/packages/@aws-cdk/aws-iam/lib/user.ts +++ b/packages/@aws-cdk/aws-iam/lib/user.ts @@ -145,14 +145,13 @@ export class User extends Resource implements IIdentity, IUser { public readonly userArn: string = arn; public readonly assumeRoleAction: string = 'sts:AssumeRole'; public readonly policyFragment: PrincipalPolicyFragment = new ArnPrincipal(arn).policyFragment; - private defaultPolicy?: Policy; - public addToPolicy(statement: PolicyStatement): boolean { - throw new Error('Cannot add policy to imported User'); + public addToPolicy(_statement: PolicyStatement): boolean { + throw new Error('Cannot add imported User to policy'); } - public addToPrincipalPolicy(statement: PolicyStatement): AddToPrincipalPolicyResult { - throw new Error('Cannot add policy to imported User'); + public addToPrincipalPolicy(_statement: PolicyStatement): AddToPrincipalPolicyResult { + throw new Error('Cannot add imported User to principal policy'); } public addToGroup(_group: IGroup): void { diff --git a/packages/@aws-cdk/aws-iam/test/user.test.ts b/packages/@aws-cdk/aws-iam/test/user.test.ts index f83a4be5751df..0365d23af6e22 100644 --- a/packages/@aws-cdk/aws-iam/test/user.test.ts +++ b/packages/@aws-cdk/aws-iam/test/user.test.ts @@ -1,6 +1,6 @@ import '@aws-cdk/assert/jest'; import { App, SecretValue, Stack } from '@aws-cdk/core'; -import { ManagedPolicy, User } from '../lib'; +import { ManagedPolicy, Policy, PolicyStatement, User } from '../lib'; describe('IAM user', () => { test('default user', () => { @@ -93,4 +93,47 @@ describe('IAM user', () => { 'Fn::Join': ['', ['arn:', { Ref: 'AWS::Partition' }, ':iam::', { Ref: 'AWS::AccountId' }, ':user/MyUserName']], }); }); + + test("ploicy cannot be added to an imported user ", () => { + // GIVEN + const stack = new Stack(); + + // WHEN + const user = User.fromUserName(stack, 'import', 'MyUserName'); + + // THEN + expect(stack.resolve(user.addToPolicy(new PolicyStatement()))).toThrowError( + new Error('Cannot add imported User to policy') + ); + }) + + test("ploicy cannot be added to an imported user ", () => { + // GIVEN + const stack = new Stack(); + + // WHEN + const user = User.fromUserName(stack, 'import', 'MyUserName'); + + // THEN + expect(stack.resolve(user.addToPrincipalPolicy( + new PolicyStatement() + ))).toThrowError( + new Error('Cannot add imported User to principal policy') + ); + }) + + test("inline ploicy cannot be added to an imported user ", () => { + // GIVEN + const stack = new Stack(); + + // WHEN + const user = User.fromUserName(stack, 'import', 'MyUserName'); + + // THEN + expect(stack.resolve(user.attachInlinePolicy( + new Policy(stack, 'testPolicyxs') + ))).toThrowError( + new Error('Cannot add inline policy to imported User') + ); + }) }); From 051aba05a8fcffa31c3306ade4eb9dd0d106e4ae Mon Sep 17 00:00:00 2001 From: Arihant Jain Date: Fri, 23 Oct 2020 15:17:26 +0530 Subject: [PATCH 3/5] fix(iam): test cases updated --- packages/@aws-cdk/aws-iam/test/user.test.ts | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/@aws-cdk/aws-iam/test/user.test.ts b/packages/@aws-cdk/aws-iam/test/user.test.ts index 0365d23af6e22..144e863369b23 100644 --- a/packages/@aws-cdk/aws-iam/test/user.test.ts +++ b/packages/@aws-cdk/aws-iam/test/user.test.ts @@ -94,7 +94,7 @@ describe('IAM user', () => { }); }); - test("ploicy cannot be added to an imported user ", () => { + test("imported user cannot be added to policy", () => { // GIVEN const stack = new Stack(); @@ -107,7 +107,7 @@ describe('IAM user', () => { ); }) - test("ploicy cannot be added to an imported user ", () => { + test("imported user cannot be added to principal policy ", () => { // GIVEN const stack = new Stack(); From d824bc3b7fbbfc3f37204276121763b81782aeeb Mon Sep 17 00:00:00 2001 From: Arihant Jain Date: Fri, 23 Oct 2020 15:31:04 +0530 Subject: [PATCH 4/5] eslint fix in user.test.ts --- packages/@aws-cdk/aws-iam/test/user.test.ts | 22 ++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/packages/@aws-cdk/aws-iam/test/user.test.ts b/packages/@aws-cdk/aws-iam/test/user.test.ts index 144e863369b23..c42723783a4c6 100644 --- a/packages/@aws-cdk/aws-iam/test/user.test.ts +++ b/packages/@aws-cdk/aws-iam/test/user.test.ts @@ -94,7 +94,7 @@ describe('IAM user', () => { }); }); - test("imported user cannot be added to policy", () => { + test('imported user cannot be added to policy', () => { // GIVEN const stack = new Stack(); @@ -103,11 +103,11 @@ describe('IAM user', () => { // THEN expect(stack.resolve(user.addToPolicy(new PolicyStatement()))).toThrowError( - new Error('Cannot add imported User to policy') + new Error('Cannot add imported User to policy'), ); - }) + }); - test("imported user cannot be added to principal policy ", () => { + test('imported user cannot be added to principal policy ', () => { // GIVEN const stack = new Stack(); @@ -116,13 +116,13 @@ describe('IAM user', () => { // THEN expect(stack.resolve(user.addToPrincipalPolicy( - new PolicyStatement() + new PolicyStatement(), ))).toThrowError( - new Error('Cannot add imported User to principal policy') + new Error('Cannot add imported User to principal policy'), ); - }) + }); - test("inline ploicy cannot be added to an imported user ", () => { + test('inline ploicy cannot be added to an imported user ', () => { // GIVEN const stack = new Stack(); @@ -131,9 +131,9 @@ describe('IAM user', () => { // THEN expect(stack.resolve(user.attachInlinePolicy( - new Policy(stack, 'testPolicyxs') + new Policy(stack, 'testPolicy'), ))).toThrowError( - new Error('Cannot add inline policy to imported User') + new Error('Cannot add inline policy to imported User'), ); - }) + }); }); From 4b66e95b17135f06e55f4d2e462add8a7c52ab9e Mon Sep 17 00:00:00 2001 From: Arihant Jain Date: Fri, 23 Oct 2020 16:13:20 +0530 Subject: [PATCH 5/5] test cases in user.test.ts modified --- packages/@aws-cdk/aws-iam/test/user.test.ts | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/packages/@aws-cdk/aws-iam/test/user.test.ts b/packages/@aws-cdk/aws-iam/test/user.test.ts index c42723783a4c6..8823caffbf996 100644 --- a/packages/@aws-cdk/aws-iam/test/user.test.ts +++ b/packages/@aws-cdk/aws-iam/test/user.test.ts @@ -102,12 +102,12 @@ describe('IAM user', () => { const user = User.fromUserName(stack, 'import', 'MyUserName'); // THEN - expect(stack.resolve(user.addToPolicy(new PolicyStatement()))).toThrowError( + expect(() => stack.resolve(user.addToPolicy(new PolicyStatement()))).toThrowError( new Error('Cannot add imported User to policy'), ); }); - test('imported user cannot be added to principal policy ', () => { + test('imported user cannot be added to principal policy', () => { // GIVEN const stack = new Stack(); @@ -115,14 +115,14 @@ describe('IAM user', () => { const user = User.fromUserName(stack, 'import', 'MyUserName'); // THEN - expect(stack.resolve(user.addToPrincipalPolicy( + expect(() => stack.resolve(user.addToPrincipalPolicy( new PolicyStatement(), ))).toThrowError( new Error('Cannot add imported User to principal policy'), ); }); - test('inline ploicy cannot be added to an imported user ', () => { + test('inline ploicy cannot be added to an imported user', () => { // GIVEN const stack = new Stack(); @@ -130,7 +130,7 @@ describe('IAM user', () => { const user = User.fromUserName(stack, 'import', 'MyUserName'); // THEN - expect(stack.resolve(user.attachInlinePolicy( + expect(() => stack.resolve(user.attachInlinePolicy( new Policy(stack, 'testPolicy'), ))).toThrowError( new Error('Cannot add inline policy to imported User'),