Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adding a condition to a policy statement removes all conditions with the same operator #6630

Closed
benbryant0 opened this issue Mar 9, 2020 · 0 comments · Fixed by #6631
Closed

Adding a condition to a policy statement removes all conditions with the same operator #6630

benbryant0 opened this issue Mar 9, 2020 · 0 comments · Fixed by #6631
Assignees
@rix0rrr
Labels
@aws-cdk/aws-iam Related to AWS Identity and Access Management bug This issue is a bug. in-progress This issue is being actively worked on. needs-triage This issue or PR still needs to be triaged.

Comments

@benbryant0
Copy link
Contributor

benbryant0 commented Mar 9, 2020
edited
Loading

I believe this is related to #3227, but this might be a simpler (and maybe easier to solve) case.

When a condition is added to a policy statement it will delete any policies using the same operator that already exist. This is caused by this line:

aws-cdk/packages/@aws-cdk/aws-iam/lib/policy-statement.ts

Line 170 in 6021408

this.condition[key] = value;

Reproduction Steps

C# example:

var policyStatement = new PolicyStatement(new PolicyStatementProps{
    Effect = Effect.ALLOW,
    Actions = new[] {
        "kms:*",
    },
    Principals = new[] {
            new ViaServicePrincipal($"secretsmanager.{Region}.amazonaws.com"),
        },
    Resources = new [] {
            "*",
        },
});

policyStatement.AddAccountCondition(Account);

The condition that should be generated by the ViaServicePrincipal is entirely missing from the output, but the account condition will be present.

Environment

  • CLI Version : 1.27.0

This is 🐛 Bug Report
@benbryant0 benbryant0 added bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels Mar 9, 2020
@benbryant0 benbryant0 mentioned this issue Mar 9, 2020
Merged
@SomayaB SomayaB added in-progress This issue is being actively worked on. @aws-cdk/aws-iam Related to AWS Identity and Access Management labels Mar 9, 2020
@mergify mergify bot closed this as completed in #6631 Mar 10, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@rix0rrr rix0rrr

Labels
@aws-cdk/aws-iam Related to AWS Identity and Access Management bug This issue is a bug. in-progress This issue is being actively worked on. needs-triage This issue or PR still needs to be triaged.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix(iam): cannot add multiple conditions using same operator
3 participants
@rix0rrr @SomayaB @benbryant0