Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(iam): AWS Managed Policy ARNs are not deduped #17623

Merged
merged 3 commits into from
Dec 10, 2021
Merged

fix(iam): AWS Managed Policy ARNs are not deduped #17623

merged 3 commits into from
Dec 10, 2021

Conversation

rix0rrr
Copy link
Contributor

@rix0rrr rix0rrr commented Nov 22, 2021

Managed Policy ARNs should be deduped when added to a Role,
otherwise the deployment is going to fail.

Remove the unnecessary use of Lazy.uncachedString to make sure that
the ARNs of two ManagedPolicy.fromAwsManagedPolicyName() policies
are consistent.

Fixes #17552.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

@rix0rrr
fix(iam): AWS Managed Policy ARNs are not deduped
500b9c9 
Managed Policy ARNs should be deduped when added to a Role,
otherwise the deployment is going to fail.

Remove the unnecessary use of `Lazy.uncachedString` to make sure that
the ARNs of two `ManagedPolicy.fromAwsManagedPolicyName()` policies
are consistent.

Fixes #17552.
@rix0rrr rix0rrr requested a review from a team November 22, 2021 10:33
@rix0rrr rix0rrr self-assigned this Nov 22, 2021
@mergify mergify bot added the contribution/core This is a PR that came from AWS. label Nov 22, 2021
@github-actions github-actions bot added the @aws-cdk/aws-iam Related to AWS Identity and Access Management label Nov 22, 2021
eladb
eladb previously requested changes Nov 22, 2021
View reviewed changes
packages/@aws-cdk/core/lib/arn.ts Outdated
const region = components.region ?? stack?.region;
const account = components.account ?? stack?.account;

if (partition === undefined || region === undefined || account === undefined) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Test for this?

Also, what about null or empty strings?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ack.

Empty string is fine, I'll catch null as well.

@gitpod-io
Copy link

gitpod-io bot commented Nov 24, 2021

@rix0rrr rix0rrr requested review from eladb and a team November 24, 2021 12:36
@humanzz
Copy link
Contributor

humanzz commented Nov 30, 2021

Hi folks,
Really appreciate the quick fix. Would be great if we manage to have this merged soon so it can catch the release train so we can take advantage of that fix once the release is done.

@humanzz
Copy link
Contributor

humanzz commented Dec 8, 2021

Hi @eladb @rix0rrr, any chance this would be progressed soon?

@mergify
Copy link
Contributor

mergify bot commented Dec 10, 2021

Thank you for contributing! Your pull request will be updated from master and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

@aws-cdk-automation
Copy link
Collaborator

AWS CodeBuild CI Report

  • CodeBuild project: AutoBuildProject89A8053A-LhjRyN9kxr8o
  • Commit ID: 13769ba
  • Result: SUCCEEDED
  • Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

@mergify mergify bot merged commit ed4a4b4 into master Dec 10, 2021
@mergify mergify bot deleted the huijbers/inconsistent-arns branch December 10, 2021 10:51
@mergify
Copy link
Contributor

mergify bot commented Dec 10, 2021

Thank you for contributing! Your pull request will be updated from master and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

TikiTDO pushed a commit to TikiTDO/aws-cdk that referenced this pull request Feb 21, 2022
@rix0rrr @TikiTDO
fix(iam): AWS Managed Policy ARNs are not deduped (aws#17623)
9615f62 
Managed Policy ARNs should be deduped when added to a Role,
otherwise the deployment is going to fail.

Remove the unnecessary use of `Lazy.uncachedString` to make sure that
the ARNs of two `ManagedPolicy.fromAwsManagedPolicyName()` policies
are consistent.

Fixes aws#17552.


----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@otaviomacedo otaviomacedo otaviomacedo approved these changes

@eladb eladb Awaiting requested review from eladb

Assignees

@rix0rrr rix0rrr

Labels
@aws-cdk/aws-iam Related to AWS Identity and Access Management contribution/core This is a PR that came from AWS.
Projects
None yet
Milestone
No milestone
5 participants
@rix0rrr @humanzz @aws-cdk-automation @otaviomacedo @eladb