fix(iam): throw error when statement id is invalid (#34819) #34827
Conversation
Resolves aws#34819 by throwing error when PolicyStatement Statement id contains characters not allowed by the API. See docs in https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_sid.html
github-actions
bot
added
bug
|
Your pull request must be based off of a branch in a personal account (not an organization owned account, and not the main branch). You must also have the setting enabled that allows the CDK team to push changes to your branch (this setting is enabled by default for personal accounts, and cannot be enabled for organization owned accounts). The reason for this is that our automation needs to synchronize your branch with our main after it has been approved, and we cannot do that if we cannot push to your branch. |
There was a problem hiding this comment.
The pull request linter fails with the following errors:
❌ Fixes must contain a change to an integration test file and the resulting snapshot.
❌ Pull requests from `main` branch of a fork cannot be accepted. Please reopen this contribution from another branch on your fork. For more information, see https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md#step-4-pull-request.
If you believe this pull request should receive an exemption, please comment and provide a justification. A comment requesting an exemption should contain the text Exemption Request. Additionally, if clarification is needed, add Clarification Request to a comment.
|
Comments on closed issues and PRs are hard for our team to see. |
2 participants
Resolves #34819 by throwing error when PolicyStatement Statement id contains characters not allowed by the API.
See docs in https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_sid.html
Issue # (if applicable)
Closes #34819
Reason for this change
CDK build allowed me to write invalid statement ids containing dashes when building policy statements, then failed on deployment. I'd like the CDK to throw an exception on build/synth time to make that feedback cycle faster.
Description of changes
Validate that statement id matches requirements specified in https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_sid.html in the constructor.
Add tests that verify only valid statement ids are set in constructor.
Describe any new or updated permissions being added
n/a
Description of how you validated changes
yes, added unit tests
Checklist
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license