Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(iam): cannot grant lambda:InvokeFunction on ManagedPolicy or Policy via grantInvoke() method #32984

Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open

fix(iam): cannot grant lambda:InvokeFunction on ManagedPolicy or Policy via grantInvoke() method #32984

wants to merge 3 commits into from

Conversation

Tietew
Copy link
Contributor

@Tietew Tietew commented Jan 17, 2025

Issue # (if applicable)

Closes #32980.

Reason for this change

lambda.Function.grantInvoke() throws an error when a ManagedPolicy or a Policy is passed.
It should add a policy statement to grant lambda:InvokeFunction on the policy document.

Description of changes

Implement IPrincipal directly on ManagedPolicy and Policy like Group.
policyFragment returns a dummy policy fragment and
PolicyStatment throws an error when a ManagedPolicy or a Policy is specified as principal or notPrincipal.

Describe any new or updated permissions being added

N/A

Description of how you validated changes

Updated unit tests and integ tests to confirm grantInvoke() works.

Checklist

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

@aws-cdk-automation aws-cdk-automation requested a review from a team January 17, 2025 08:51
@github-actions github-actions bot added admired-contributor [Pilot] contributed between 13-24 PRs to the CDK bug This issue is a bug. p2 labels Jan 17, 2025
@codecov Codecov
Copy link

codecov bot commented Jan 17, 2025
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 81.48%. Comparing base (e8e058c) to head (ef5f8fb).
Report is 8 commits behind head on main.

Additional details and impacted files 
@@           Coverage Diff           @@
##             main   #32984   +/-   ##
=======================================
  Coverage   81.48%   81.48%           
=======================================
  Files         226      226           
  Lines       13768    13768           
  Branches     2416     2416           
=======================================
  Hits        11219    11219           
  Misses       2271     2271           
  Partials      278      278
Flag Coverage Δ
suite.unit 81.48% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

Components Coverage Δ
packages/aws-cdk 80.89% <ø> (ø)
packages/aws-cdk-lib/core 82.10% <ø> (ø)

@aws-cdk-automation
Copy link
Collaborator

AWS CodeBuild CI Report

  • CodeBuild project: AutoBuildv2Project1C6BFA3F-wQm2hXv2jqQv
  • Commit ID: ef5f8fb
  • Result: SUCCEEDED
  • Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

@aws-cdk-automation aws-cdk-automation added the pr/needs-community-review This PR needs a review from a Trusted Community Member or Core Team Member. label Jan 17, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
admired-contributor [Pilot] contributed between 13-24 PRs to the CDK bug This issue is a bug. p2 pr/needs-community-review This PR needs a review from a Trusted Community Member or Core Team Member.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

iam: cannot pass iam.ManagedPolicy or iam.Policy to lambda.Function.grantInvoke
2 participants
@Tietew @aws-cdk-automation