From d562871824350483e80bf6a28868280381e9e83e Mon Sep 17 00:00:00 2001 From: Naumel <104374999+Naumel@users.noreply.github.com> Date: Wed, 22 Feb 2023 20:43:45 +0100 Subject: [PATCH 1/3] fix: Correct SamlConsolePrincipal for non-China (#24277) Closes #24243. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- packages/@aws-cdk/aws-iam/lib/principals.ts | 2 +- .../cdk-saml-provider.assets.json | 6 +++--- .../cdk-saml-provider.template.json | 16 ++-------------- .../test/integ.saml-provider.js.snapshot/cdk.out | 2 +- .../integ.saml-provider.js.snapshot/integ.json | 2 +- .../manifest.json | 4 ++-- ...stDefaultTestDeployAssert29A1AF64.assets.json | 2 +- .../integ.saml-provider.js.snapshot/tree.json | 16 ++-------------- .../@aws-cdk/aws-iam/test/integ.saml-provider.ts | 1 - .../@aws-cdk/aws-iam/test/principals.test.ts | 4 +--- 10 files changed, 14 insertions(+), 41 deletions(-) diff --git a/packages/@aws-cdk/aws-iam/lib/principals.ts b/packages/@aws-cdk/aws-iam/lib/principals.ts index db6b404cfc6e1..72c7ec400714d 100644 --- a/packages/@aws-cdk/aws-iam/lib/principals.ts +++ b/packages/@aws-cdk/aws-iam/lib/principals.ts @@ -737,7 +737,7 @@ export class SamlConsolePrincipal extends SamlPrincipal { super(samlProvider, { ...conditions, StringEquals: { - 'SAML:aud': cdk.Aws.PARTITION==='aws-cn'? 'https://signin.amazonaws.cn/saml': `https://signin.${cdk.Aws.URL_SUFFIX}/saml`, + 'SAML:aud': cdk.Aws.PARTITION==='aws-cn'? 'https://signin.amazonaws.cn/saml': 'https://signin.aws.amazon.com/saml', }, }); } diff --git a/packages/@aws-cdk/aws-iam/test/integ.saml-provider.js.snapshot/cdk-saml-provider.assets.json b/packages/@aws-cdk/aws-iam/test/integ.saml-provider.js.snapshot/cdk-saml-provider.assets.json index 44e4011015dfe..80d435eda0cd6 100644 --- a/packages/@aws-cdk/aws-iam/test/integ.saml-provider.js.snapshot/cdk-saml-provider.assets.json +++ b/packages/@aws-cdk/aws-iam/test/integ.saml-provider.js.snapshot/cdk-saml-provider.assets.json @@ -1,7 +1,7 @@ { - "version": "30.0.0", + "version": "30.1.0", "files": { - "adc0eedec883653ef9cbd8c66ae68791bf952df8f678cf586e78e02997e2674c": { + "3b60cda5eb73f658ff1ab1a242bd0e399cc5307d4d6493cea0171e543c6f1cc8": { "source": { "path": "cdk-saml-provider.template.json", "packaging": "file" @@ -9,7 +9,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "adc0eedec883653ef9cbd8c66ae68791bf952df8f678cf586e78e02997e2674c.json", + "objectKey": "3b60cda5eb73f658ff1ab1a242bd0e399cc5307d4d6493cea0171e543c6f1cc8.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/packages/@aws-cdk/aws-iam/test/integ.saml-provider.js.snapshot/cdk-saml-provider.template.json b/packages/@aws-cdk/aws-iam/test/integ.saml-provider.js.snapshot/cdk-saml-provider.template.json index 7ec8d4d2699c0..ed4f4af28415f 100644 --- a/packages/@aws-cdk/aws-iam/test/integ.saml-provider.js.snapshot/cdk-saml-provider.template.json +++ b/packages/@aws-cdk/aws-iam/test/integ.saml-provider.js.snapshot/cdk-saml-provider.template.json @@ -15,18 +15,7 @@ "Action": "sts:AssumeRoleWithSAML", "Condition": { "StringEquals": { - "SAML:aud": { - "Fn::Join": [ - "", - [ - "https://signin.", - { - "Ref": "AWS::URLSuffix" - }, - "/saml" - ] - ] - } + "SAML:aud": "https://signin.aws.amazon.com/saml" } }, "Effect": "Allow", @@ -38,8 +27,7 @@ } ], "Version": "2012-10-17" - }, - "Description": "fix the partition issue" + } } } }, diff --git a/packages/@aws-cdk/aws-iam/test/integ.saml-provider.js.snapshot/cdk.out b/packages/@aws-cdk/aws-iam/test/integ.saml-provider.js.snapshot/cdk.out index ae4b03c54e770..b72fef144f05c 100644 --- a/packages/@aws-cdk/aws-iam/test/integ.saml-provider.js.snapshot/cdk.out +++ b/packages/@aws-cdk/aws-iam/test/integ.saml-provider.js.snapshot/cdk.out @@ -1 +1 @@ -{"version":"30.0.0"} \ No newline at end of file +{"version":"30.1.0"} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-iam/test/integ.saml-provider.js.snapshot/integ.json b/packages/@aws-cdk/aws-iam/test/integ.saml-provider.js.snapshot/integ.json index dccacdf14329b..f32815f8dd836 100644 --- a/packages/@aws-cdk/aws-iam/test/integ.saml-provider.js.snapshot/integ.json +++ b/packages/@aws-cdk/aws-iam/test/integ.saml-provider.js.snapshot/integ.json @@ -1,5 +1,5 @@ { - "version": "30.0.0", + "version": "30.1.0", "testCases": { "saml-provider-test/DefaultTest": { "stacks": [ diff --git a/packages/@aws-cdk/aws-iam/test/integ.saml-provider.js.snapshot/manifest.json b/packages/@aws-cdk/aws-iam/test/integ.saml-provider.js.snapshot/manifest.json index 4e8a9d11b6371..222a89e020c12 100644 --- a/packages/@aws-cdk/aws-iam/test/integ.saml-provider.js.snapshot/manifest.json +++ b/packages/@aws-cdk/aws-iam/test/integ.saml-provider.js.snapshot/manifest.json @@ -1,5 +1,5 @@ { - "version": "30.0.0", + "version": "30.1.0", "artifacts": { "cdk-saml-provider.assets": { "type": "cdk:asset-manifest", @@ -17,7 +17,7 @@ "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/adc0eedec883653ef9cbd8c66ae68791bf952df8f678cf586e78e02997e2674c.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/3b60cda5eb73f658ff1ab1a242bd0e399cc5307d4d6493cea0171e543c6f1cc8.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ diff --git a/packages/@aws-cdk/aws-iam/test/integ.saml-provider.js.snapshot/samlprovidertestDefaultTestDeployAssert29A1AF64.assets.json b/packages/@aws-cdk/aws-iam/test/integ.saml-provider.js.snapshot/samlprovidertestDefaultTestDeployAssert29A1AF64.assets.json index ce9c5f512bafd..4c340e118f1d5 100644 --- a/packages/@aws-cdk/aws-iam/test/integ.saml-provider.js.snapshot/samlprovidertestDefaultTestDeployAssert29A1AF64.assets.json +++ b/packages/@aws-cdk/aws-iam/test/integ.saml-provider.js.snapshot/samlprovidertestDefaultTestDeployAssert29A1AF64.assets.json @@ -1,5 +1,5 @@ { - "version": "30.0.0", + "version": "30.1.0", "files": { "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { "source": { diff --git a/packages/@aws-cdk/aws-iam/test/integ.saml-provider.js.snapshot/tree.json b/packages/@aws-cdk/aws-iam/test/integ.saml-provider.js.snapshot/tree.json index e6fcd91ade7c9..da6df90bfebae 100644 --- a/packages/@aws-cdk/aws-iam/test/integ.saml-provider.js.snapshot/tree.json +++ b/packages/@aws-cdk/aws-iam/test/integ.saml-provider.js.snapshot/tree.json @@ -56,18 +56,7 @@ "Action": "sts:AssumeRoleWithSAML", "Condition": { "StringEquals": { - "SAML:aud": { - "Fn::Join": [ - "", - [ - "https://signin.", - { - "Ref": "AWS::URLSuffix" - }, - "/saml" - ] - ] - } + "SAML:aud": "https://signin.aws.amazon.com/saml" } }, "Effect": "Allow", @@ -79,8 +68,7 @@ } ], "Version": "2012-10-17" - }, - "description": "fix the partition issue" + } } }, "constructInfo": { diff --git a/packages/@aws-cdk/aws-iam/test/integ.saml-provider.ts b/packages/@aws-cdk/aws-iam/test/integ.saml-provider.ts index efaadeffe9e1f..2866e4d3e8e09 100644 --- a/packages/@aws-cdk/aws-iam/test/integ.saml-provider.ts +++ b/packages/@aws-cdk/aws-iam/test/integ.saml-provider.ts @@ -14,7 +14,6 @@ class TestStack extends Stack { new iam.Role(this, 'Role', { assumedBy: new iam.SamlConsolePrincipal(provider), - description: 'fix the partition issue', }); } } diff --git a/packages/@aws-cdk/aws-iam/test/principals.test.ts b/packages/@aws-cdk/aws-iam/test/principals.test.ts index 5114a55bf16ac..80e9efe10d5fb 100644 --- a/packages/@aws-cdk/aws-iam/test/principals.test.ts +++ b/packages/@aws-cdk/aws-iam/test/principals.test.ts @@ -166,9 +166,7 @@ test('SAML principal', () => { Action: 'sts:AssumeRoleWithSAML', Condition: { StringEquals: { - 'SAML:aud': { - 'Fn::Join': ['', ['https://signin.', { Ref: 'AWS::URLSuffix' }, '/saml']], - }, + 'SAML:aud': 'https://signin.aws.amazon.com/saml', }, }, Effect: 'Allow', From 841846ebf2a95eb7a30065a385263e8b3cdefd2c Mon Sep 17 00:00:00 2001 From: El Naum Date: Thu, 23 Feb 2023 11:45:13 +0100 Subject: [PATCH 2/3] chore(release): 2.66.1 --- CHANGELOG.v2.alpha.md | 2 ++ CHANGELOG.v2.md | 7 +++++++ version.v2.json | 4 ++-- 3 files changed, 11 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.v2.alpha.md b/CHANGELOG.v2.alpha.md index be6685a57655e..b273fa1d1a2aa 100644 --- a/CHANGELOG.v2.alpha.md +++ b/CHANGELOG.v2.alpha.md @@ -2,6 +2,8 @@ All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines. +## [2.66.1-alpha.0](https://github.com/aws/aws-cdk/compare/v2.66.0-alpha.0...v2.66.1-alpha.0) (2023-02-23) + ## [2.66.0-alpha.0](https://github.com/aws/aws-cdk/compare/v2.65.0-alpha.0...v2.66.0-alpha.0) (2023-02-21) diff --git a/CHANGELOG.v2.md b/CHANGELOG.v2.md index a8548976c3d97..b517ec1dfa68c 100644 --- a/CHANGELOG.v2.md +++ b/CHANGELOG.v2.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines. +## [2.66.1](https://github.com/aws/aws-cdk/compare/v2.66.0...v2.66.1) (2023-02-23) + + +### Bug Fixes + +* Correct SamlConsolePrincipal for non-China ([#24277](https://github.com/aws/aws-cdk/issues/24277)) ([d562871](https://github.com/aws/aws-cdk/commit/d562871824350483e80bf6a28868280381e9e83e)), closes [#24243](https://github.com/aws/aws-cdk/issues/24243) + ## [2.66.0](https://github.com/aws/aws-cdk/compare/v2.65.0...v2.66.0) (2023-02-21) diff --git a/version.v2.json b/version.v2.json index 95ce8e353b069..069c913a7cd3e 100644 --- a/version.v2.json +++ b/version.v2.json @@ -1,4 +1,4 @@ { - "version": "2.66.0", - "alphaVersion": "2.66.0-alpha.0" + "version": "2.66.1", + "alphaVersion": "2.66.1-alpha.0" } \ No newline at end of file From 2cd45828a9f4b31b7f1898a3b46508c4ed57c286 Mon Sep 17 00:00:00 2001 From: El Naum Date: Thu, 23 Feb 2023 16:41:43 +0100 Subject: [PATCH 3/3] By-passing the cloud assembly version diff from main and branch. --- .../cdk-saml-provider.assets.json | 2 +- .../aws-iam/test/integ.saml-provider.js.snapshot/cdk.out | 2 +- .../aws-iam/test/integ.saml-provider.js.snapshot/integ.json | 2 +- .../test/integ.saml-provider.js.snapshot/manifest.json | 2 +- ...amlprovidertestDefaultTestDeployAssert29A1AF64.assets.json | 2 +- .../aws-iam/test/integ.saml-provider.js.snapshot/tree.json | 4 ++-- packages/@aws-cdk/aws-iam/test/integ.saml-provider.ts | 1 + 7 files changed, 8 insertions(+), 7 deletions(-) diff --git a/packages/@aws-cdk/aws-iam/test/integ.saml-provider.js.snapshot/cdk-saml-provider.assets.json b/packages/@aws-cdk/aws-iam/test/integ.saml-provider.js.snapshot/cdk-saml-provider.assets.json index 80d435eda0cd6..f3a4aaf5f1862 100644 --- a/packages/@aws-cdk/aws-iam/test/integ.saml-provider.js.snapshot/cdk-saml-provider.assets.json +++ b/packages/@aws-cdk/aws-iam/test/integ.saml-provider.js.snapshot/cdk-saml-provider.assets.json @@ -1,5 +1,5 @@ { - "version": "30.1.0", + "version": "30.0.0", "files": { "3b60cda5eb73f658ff1ab1a242bd0e399cc5307d4d6493cea0171e543c6f1cc8": { "source": { diff --git a/packages/@aws-cdk/aws-iam/test/integ.saml-provider.js.snapshot/cdk.out b/packages/@aws-cdk/aws-iam/test/integ.saml-provider.js.snapshot/cdk.out index b72fef144f05c..ae4b03c54e770 100644 --- a/packages/@aws-cdk/aws-iam/test/integ.saml-provider.js.snapshot/cdk.out +++ b/packages/@aws-cdk/aws-iam/test/integ.saml-provider.js.snapshot/cdk.out @@ -1 +1 @@ -{"version":"30.1.0"} \ No newline at end of file +{"version":"30.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-iam/test/integ.saml-provider.js.snapshot/integ.json b/packages/@aws-cdk/aws-iam/test/integ.saml-provider.js.snapshot/integ.json index f32815f8dd836..dccacdf14329b 100644 --- a/packages/@aws-cdk/aws-iam/test/integ.saml-provider.js.snapshot/integ.json +++ b/packages/@aws-cdk/aws-iam/test/integ.saml-provider.js.snapshot/integ.json @@ -1,5 +1,5 @@ { - "version": "30.1.0", + "version": "30.0.0", "testCases": { "saml-provider-test/DefaultTest": { "stacks": [ diff --git a/packages/@aws-cdk/aws-iam/test/integ.saml-provider.js.snapshot/manifest.json b/packages/@aws-cdk/aws-iam/test/integ.saml-provider.js.snapshot/manifest.json index 222a89e020c12..ab1469b792e90 100644 --- a/packages/@aws-cdk/aws-iam/test/integ.saml-provider.js.snapshot/manifest.json +++ b/packages/@aws-cdk/aws-iam/test/integ.saml-provider.js.snapshot/manifest.json @@ -1,5 +1,5 @@ { - "version": "30.1.0", + "version": "30.0.0", "artifacts": { "cdk-saml-provider.assets": { "type": "cdk:asset-manifest", diff --git a/packages/@aws-cdk/aws-iam/test/integ.saml-provider.js.snapshot/samlprovidertestDefaultTestDeployAssert29A1AF64.assets.json b/packages/@aws-cdk/aws-iam/test/integ.saml-provider.js.snapshot/samlprovidertestDefaultTestDeployAssert29A1AF64.assets.json index 4c340e118f1d5..ce9c5f512bafd 100644 --- a/packages/@aws-cdk/aws-iam/test/integ.saml-provider.js.snapshot/samlprovidertestDefaultTestDeployAssert29A1AF64.assets.json +++ b/packages/@aws-cdk/aws-iam/test/integ.saml-provider.js.snapshot/samlprovidertestDefaultTestDeployAssert29A1AF64.assets.json @@ -1,5 +1,5 @@ { - "version": "30.1.0", + "version": "30.0.0", "files": { "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { "source": { diff --git a/packages/@aws-cdk/aws-iam/test/integ.saml-provider.js.snapshot/tree.json b/packages/@aws-cdk/aws-iam/test/integ.saml-provider.js.snapshot/tree.json index da6df90bfebae..dbd98dca5b2a3 100644 --- a/packages/@aws-cdk/aws-iam/test/integ.saml-provider.js.snapshot/tree.json +++ b/packages/@aws-cdk/aws-iam/test/integ.saml-provider.js.snapshot/tree.json @@ -117,7 +117,7 @@ "path": "saml-provider-test/DefaultTest/Default", "constructInfo": { "fqn": "constructs.Construct", - "version": "10.1.249" + "version": "10.1.252" } }, "DeployAssert": { @@ -163,7 +163,7 @@ "path": "Tree", "constructInfo": { "fqn": "constructs.Construct", - "version": "10.1.249" + "version": "10.1.252" } } }, diff --git a/packages/@aws-cdk/aws-iam/test/integ.saml-provider.ts b/packages/@aws-cdk/aws-iam/test/integ.saml-provider.ts index 2866e4d3e8e09..57f35b21d1afd 100644 --- a/packages/@aws-cdk/aws-iam/test/integ.saml-provider.ts +++ b/packages/@aws-cdk/aws-iam/test/integ.saml-provider.ts @@ -1,3 +1,4 @@ +/// !cdk-integ saml* import * as path from 'path'; import { App, Stack, StackProps } from '@aws-cdk/core'; import { IntegTest } from '@aws-cdk/integ-tests';