Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: bug fixes in resource policies #1395

Merged
merged 6 commits into from
Feb 4, 2020
Merged

fix: bug fixes in resource policies #1395

merged 6 commits into from
Feb 4, 2020

Conversation

praneetap
Copy link
Contributor

Added support for intrinsics Ref for api auth
Added support for fn::if in CustomStatements
Fixed the policy getting created for vpc whitelist to be 'OR' instead of 'AND'

Issue #, if available:
#1249 #1372 #1218
Description of changes:

Description of how you validated changes:

Checklist:

  • Write/update tests
  • make pr passes
  • Update documentation
  • Verify transformed template deploys and application functions as expected
  • Add/update example to examples/2016-10-31

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@codecov-io
Copy link

codecov-io commented Jan 18, 2020
edited
Loading

Codecov Report

Merging #1395 into develop will decrease coverage by 0.07%.
The diff coverage is 95.45%.

Impacted file tree graph

@@             Coverage Diff             @@
##           develop    #1395      +/-   ##
===========================================
- Coverage    94.44%   94.37%   -0.08%     
===========================================
  Files           78       78              
  Lines         4557     4584      +27     
  Branches       911      917       +6     
===========================================
+ Hits          4304     4326      +22     
  Misses         119      119              
- Partials       134      139       +5
Impacted Files Coverage Δ
samtranslator/model/eventsources/push.py 90.71% <100%> (+0.03%) ⬆️
samtranslator/model/api/api_generator.py 95.16% <100%> (+0.02%) ⬆️
samtranslator/model/sam_resources.py 94.02% <100%> (+0.01%) ⬆️
samtranslator/swagger/swagger.py 92.26% <94.44%> (-0.64%) ⬇️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update faac69b...9c92a81. Read the comment docs.

keetonian
keetonian reviewed Jan 20, 2020
View reviewed changes
samtranslator/swagger/swagger.py Outdated
Comment on lines 836 to 851
if is_intrinsic_if(custom_statements):
if_list = custom_statements.get("Fn::If")
## copy the statement created so far
original = self.resource_policy.copy()
if_true = if_list[1]
if_false = if_list[2]
if not is_intrinsic_no_value(if_list[1]):
self._add_custom_statement(if_list[1])
if_true = self.resource_policy
self.resource_policy = original
if not is_intrinsic_no_value(if_list[2]):
self._add_custom_statement(if_list[2])
if_false = self.resource_policy
self.resource_policy = make_conditional(if_list[0], if_true, if_false)
else:
self._add_custom_statement(custom_statements)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why do we need to do this? Does it not work to just pass it straight through and let CFN resolve the if statement?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The merge between global custom statements and local with if won't be handled.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you add a test case then that tests this flow? I don't see a test case that has both local and global custom statements.

jlhood
jlhood suggested changes Jan 23, 2020
View reviewed changes
Copy link
Contributor

@jlhood jlhood left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The core change and tests look good! Fixing the example is the only blocker right now.

examples/2016-10-31/api_resource_policy/template.yaml Outdated Show resolved Hide resolved
examples/2016-10-31/api_resource_policy/template.yaml Outdated Show resolved Hide resolved
@praneetap praneetap requested review from jlhood and keetonian January 27, 2020 22:05
@praneetap
fix: bug fixes in resource policies
56a8032 
Added support for intrinsics Ref for api auth
Added support for fn::if in CustomStatements
Fixed the policy getting created for vpc whitelist to be 'OR' instead of 'AND'
@praneetap
cr comments addressed
1d4bfc0
@praneetap
black upgrade
6e1cfda
@praneetap
cr comments
565f347
@praneetap
cr comments addressed
c41856d
@keetonian keetonian merged commit 7b47b87 into aws:develop Feb 4, 2020
This was referenced Feb 4, 2020
Closed
Merged
@ncanibano ncanibano mentioned this pull request Apr 15, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@keetonian keetonian keetonian approved these changes

@jlhood jlhood jlhood approved these changes

@ShreyaGangishetty ShreyaGangishetty Awaiting requested review from ShreyaGangishetty

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@praneetap @codecov-io @jlhood @ShreyaGangishetty @keetonian