Skip to content

Commit

Permalink
fix(iam): AccountPrincipal accepts values which aren't account IDs (#…
Browse files Browse the repository at this point in the history
…20292)

Changed the type of accountId in AccountPrincipal constructor to string from any fixes #20288 


----

### All Submissions:

* [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md)

### Adding new Unconventional Dependencies:

* [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md/#adding-new-unconventional-dependencies)

### New Features

* [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/master/INTEGRATION_TESTS.md)?
	* [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)?

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
  • Loading branch information
tejasmr authored May 19, 2022
1 parent f7693e3 commit d0163f8
Show file tree
Hide file tree
Showing 2 changed files with 7 additions and 0 deletions.
3 changes: 3 additions & 0 deletions packages/@aws-cdk/aws-iam/lib/principals.ts
Original file line number Diff line number Diff line change
Expand Up @@ -394,6 +394,9 @@ export class AccountPrincipal extends ArnPrincipal {
*/
constructor(public readonly accountId: any) {
super(new StackDependentToken(stack => `arn:${stack.partition}:iam::${accountId}:root`).toString());
if (!cdk.Token.isUnresolved(accountId) && typeof accountId !== 'string') {
throw new Error('accountId should be of type string');
}
this.principalAccount = accountId;
}

Expand Down
4 changes: 4 additions & 0 deletions packages/@aws-cdk/aws-iam/test/principals.test.ts
Original file line number Diff line number Diff line change
Expand Up @@ -294,6 +294,10 @@ test('AccountPrincipal can specify an organization', () => {
});
});

test('Passing non-string as accountId parameter in AccountPrincipal constructor should throw error', () => {
expect(() => new iam.AccountPrincipal(1234)).toThrowError('accountId should be of type string');
});

test('ServicePrincipal in agnostic stack generates lookup table', () => {
// GIVEN
const stack = new Stack();
Expand Down

0 comments on commit d0163f8

Please sign in to comment.