Skip to content

Commit

Permalink
Support iamAction for CFN handler permissions
Browse files Browse the repository at this point in the history
  • Loading branch information
@kstich
kstich committed Jan 5, 2024
1 parent e4af043 commit 757c75c
Show file tree
Hide file tree
Showing 4 changed files with 11 additions and 4 deletions.
1 change: 1 addition & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@

### Bug Fixes

* Fixed an issue where `@iamAction` wasn't reflected in CFN resource schema creation. ([#2091](https://github.com/smithy-lang/smithy/pull/2091))
* Fixed tree node start and end locations. ([#2084](https://github.com/smithy-lang/smithy/pull/2084))
* Fixed several minor build warnings. ([2089](https://github.com/smithy-lang/smithy/pull/2089))
* Fixed protocol test service signing name for `awsJson1_1` protocol. ([#2089](https://github.com/smithy-lang/smithy/pull/2089))
Expand Down
10 changes: 7 additions & 3 deletions ...e/amazon/smithy/aws/cloudformation/schema/fromsmithy/mappers/HandlerPermissionMapper.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@
import software.amazon.smithy.aws.cloudformation.schema.fromsmithy.Context;
import software.amazon.smithy.aws.cloudformation.schema.model.Handler;
import software.amazon.smithy.aws.cloudformation.schema.model.ResourceSchema;
import software.amazon.smithy.aws.iam.traits.IamActionTrait;
import software.amazon.smithy.aws.iam.traits.RequiredActionsTrait;
import software.amazon.smithy.aws.traits.ServiceTrait;
import software.amazon.smithy.model.Model;
Expand All @@ -30,6 +31,7 @@
import software.amazon.smithy.model.shapes.ServiceShape;
import software.amazon.smithy.model.shapes.ShapeId;
import software.amazon.smithy.model.traits.NoReplaceTrait;
import software.amazon.smithy.utils.ListUtils;
import software.amazon.smithy.utils.SetUtils;
import software.amazon.smithy.utils.SmithyInternalApi;

Expand Down Expand Up @@ -112,9 +114,11 @@ private Set<String> getPermissionsEntriesForOperation(Model model, ServiceShape
permissionsEntries.add(operationActionName);

// Add all the other required actions for the operation.
operation.getTrait(RequiredActionsTrait.class)
.map(RequiredActionsTrait::getValues)
.map(permissionsEntries::addAll);
permissionsEntries.addAll(operation.getTrait(IamActionTrait.class)
.map(IamActionTrait::getRequiredActions)
.orElseGet(() -> operation.getTrait(RequiredActionsTrait.class)
.map(RequiredActionsTrait::getValues)
.orElse(ListUtils.of())));
return permissionsEntries;
}
}
2 changes: 1 addition & 1 deletion ...azon/smithy/aws/cloudformation/schema/fromsmithy/mappers/HandlerPermissionMapperTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -58,7 +58,7 @@ public void addsHandlerPermissionsByDefault() {
containsInAnyOrder("testservice:CreateFooOperation", "otherservice:DescribeDependencyComponent"));
assertThat(handlersDefined.get("read").expectObjectNode()
.expectArrayMember("permissions").getElementsAs(StringNode::getValue),
contains("testservice:GetFooOperation"));
containsInAnyOrder("testservice:GetFooOperation", "otherservice:DescribeThing"));
assertThat(handlersDefined.get("update").expectObjectNode()
.expectArrayMember("permissions").getElementsAs(StringNode::getValue),
contains("testservice:UpdateFooOperation"));
Expand Down
2 changes: 2 additions & 0 deletions ...sources/software/amazon/smithy/aws/cloudformation/schema/fromsmithy/mappers/simple.smithy
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ $version: "2.0"
namespace smithy.example

use aws.cloudformation#cfnResource
use aws.iam#iamAction

service TestService {
version: "2020-07-02",
Expand Down Expand Up @@ -56,6 +57,7 @@ structure CreateFooResponse {
}

@readonly
@iamAction(requiredActions: ["otherservice:DescribeThing"])
operation GetFooOperation {
input: GetFooRequest,
output: GetFooResponse,
Expand Down

0 comments on commit 757c75c

Please sign in to comment.