Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(iam): IAM Policies are too large to deploy #19114

Merged
merged 37 commits into from Mar 18, 2022
Merged

fix(iam): IAM Policies are too large to deploy #19114

Show file tree
Hide file tree
Changes from 31 commits
Commits
Show all changes
37 commits
Select commit Hold shift + click to select a range
f8208e9
fix(iam): IAM Policies are too large to deploy
rix0rrr Feb 23, 2022
777c24d
Add unit tests
rix0rrr Feb 24, 2022
e9b6cdc
Only merge objects for principals
rix0rrr Feb 25, 2022
68d3940
Add test for condition
rix0rrr Feb 25, 2022
243f9c0
Update snapshots
rix0rrr Feb 25, 2022
1f40baa
Also merge Deny statements, add Alloy model
rix0rrr Feb 26, 2022
ef260c2
Revert "Update snapshots"
rix0rrr Feb 26, 2022
8b896d5
Add reference to Alloy model in source
rix0rrr Feb 26, 2022
281df8b
Correct docstring
rix0rrr Feb 26, 2022
a00582a
Don't unnecessarily update expectations
rix0rrr Feb 26, 2022
aeb902f
Update packages/@aws-cdk/aws-iam/lib/policy-document.ts
rix0rrr Feb 26, 2022
adf50cb
Add review comments
rix0rrr Feb 26, 2022
ccb192b
Redid merging logic
rix0rrr Feb 27, 2022
79f17d1
Update Alloy comment
rix0rrr Feb 27, 2022
09cdce1
Not subsets, equal sets!
rix0rrr Feb 27, 2022
02274c3
Update snapshots
rix0rrr Mar 2, 2022
ef354b4
Update model some more
rix0rrr Mar 4, 2022
00d0266
Merge branch 'huijbers/minimize-policies' of github.com:aws/aws-cdk i…
rix0rrr Mar 4, 2022
cc54755
Review comments
rix0rrr Mar 8, 2022
e4c3a2a
Update packages/@aws-cdk/aws-iam/lib/private/postprocess-policy-docum…
rix0rrr Mar 9, 2022
8fbee24
Remove unused helpers
rix0rrr Mar 9, 2022
625b2a7
Merge remote-tracking branch 'origin/master' into huijbers/minimize-p…
rix0rrr Mar 9, 2022
8875096
Update packages/@aws-cdk/aws-iam/lib/private/postprocess-policy-docum…
rix0rrr Mar 9, 2022
3e570f0
Do better comparisons
rix0rrr Mar 10, 2022
fe4be84
Merge branch 'huijbers/minimize-policies' of github.com:aws/aws-cdk i…
rix0rrr Mar 10, 2022
812d4fb
Some implementation details
rix0rrr Mar 10, 2022
fac4952
Update snapshots
rix0rrr Mar 10, 2022
bdb113f
More snapshot updates
rix0rrr Mar 10, 2022
1f0b3c4
Merge branch 'master' into huijbers/minimize-policies
rix0rrr Mar 10, 2022
4988a90
Silly copy/paste bug 😓
rix0rrr Mar 14, 2022
2d2f16b
Reformat, find another weakening
rix0rrr Mar 14, 2022
e1f701c
Merge remote-tracking branch 'origin/master' into huijbers/minimize-p…
rix0rrr Mar 14, 2022
8eb3cfa
Also handle untyped principals, review comments
rix0rrr Mar 17, 2022
80d7a07
Merge branch 'huijbers/minimize-policies' of github.com:aws/aws-cdk i…
rix0rrr Mar 17, 2022
793da77
Merge branch 'master' into huijbers/minimize-policies
rix0rrr Mar 17, 2022
4fb02ef
Update new integ
rix0rrr Mar 18, 2022
37eaa56
Merge branch 'master' into huijbers/minimize-policies
mergify[bot] Mar 18, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
258 changes: 93 additions & 165 deletions ...es/@aws-cdk-containers/ecs-service-extensions/test/integ.all-service-addons.expected.json
View file
Open in desktop
Expand Up @@ -941,8 +941,8 @@
{
"Action": [
"ecr:BatchCheckLayerAvailability",
"ecr:GetDownloadUrlForLayer",
"ecr:BatchGetImage"
"ecr:BatchGetImage",
"ecr:GetDownloadUrlForLayer"
],
"Effect": "Allow",
"Resource": {
Expand Down Expand Up @@ -972,30 +972,12 @@
]
}
},
{
"Action": "ecr:GetAuthorizationToken",
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"logs:CreateLogStream",
"logs:PutLogEvents"
],
"Effect": "Allow",
"Resource": {
"Fn::GetAtt": [
"nametaskdefinitionenvoyLogGroup258B673B",
"Arn"
]
}
},
{
"Action": [
"ecr:GetAuthorizationToken",
"ecr:BatchCheckLayerAvailability",
"ecr:GetDownloadUrlForLayer",
"ecr:BatchGetImage"
"ecr:BatchGetImage",
"ecr:GetAuthorizationToken",
"ecr:GetDownloadUrlForLayer"
],
"Effect": "Allow",
"Resource": "*"
Expand All @@ -1006,38 +988,32 @@
"logs:PutLogEvents"
],
"Effect": "Allow",
"Resource": {
"Fn::GetAtt": [
"nametaskdefinitionfirelensLogGroup80DDA60F",
"Arn"
]
}
},
{
"Action": [
"logs:CreateLogStream",
"logs:PutLogEvents"
],
"Effect": "Allow",
"Resource": {
"Fn::GetAtt": [
"nametaskdefinitionxrayLogGroup4AF4CA37",
"Arn"
]
}
},
{
"Action": [
"logs:CreateLogStream",
"logs:PutLogEvents"
],
"Effect": "Allow",
"Resource": {
"Fn::GetAtt": [
"nametaskdefinitioncloudwatchagentLogGroup78DDC685",
"Arn"
]
}
"Resource": [
{
"Fn::GetAtt": [
"nametaskdefinitioncloudwatchagentLogGroup78DDC685",
"Arn"
]
},
{
"Fn::GetAtt": [
"nametaskdefinitionenvoyLogGroup258B673B",
"Arn"
]
},
{
"Fn::GetAtt": [
"nametaskdefinitionfirelensLogGroup80DDA60F",
"Arn"
]
},
{
"Fn::GetAtt": [
"nametaskdefinitionxrayLogGroup4AF4CA37",
"Arn"
]
}
]
}
],
"Version": "2012-10-17"
Expand Down Expand Up @@ -1814,8 +1790,8 @@
{
"Action": [
"ecr:BatchCheckLayerAvailability",
"ecr:GetDownloadUrlForLayer",
"ecr:BatchGetImage"
"ecr:BatchGetImage",
"ecr:GetDownloadUrlForLayer"
],
"Effect": "Allow",
"Resource": {
Expand Down Expand Up @@ -1845,30 +1821,12 @@
]
}
},
{
"Action": "ecr:GetAuthorizationToken",
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"logs:CreateLogStream",
"logs:PutLogEvents"
],
"Effect": "Allow",
"Resource": {
"Fn::GetAtt": [
"greetingtaskdefinitionenvoyLogGroup6556AC35",
"Arn"
]
}
},
{
"Action": [
"ecr:GetAuthorizationToken",
"ecr:BatchCheckLayerAvailability",
"ecr:GetDownloadUrlForLayer",
"ecr:BatchGetImage"
"ecr:BatchGetImage",
"ecr:GetAuthorizationToken",
"ecr:GetDownloadUrlForLayer"
],
"Effect": "Allow",
"Resource": "*"
Expand All @@ -1879,38 +1837,32 @@
"logs:PutLogEvents"
],
"Effect": "Allow",
"Resource": {
"Fn::GetAtt": [
"greetingtaskdefinitionfirelensLogGroupD7A398A7",
"Arn"
]
}
},
{
"Action": [
"logs:CreateLogStream",
"logs:PutLogEvents"
],
"Effect": "Allow",
"Resource": {
"Fn::GetAtt": [
"greetingtaskdefinitionxrayLogGroupD25C072D",
"Arn"
]
}
},
{
"Action": [
"logs:CreateLogStream",
"logs:PutLogEvents"
],
"Effect": "Allow",
"Resource": {
"Fn::GetAtt": [
"greetingtaskdefinitioncloudwatchagentLogGroupCEF72742",
"Arn"
]
}
"Resource": [
{
"Fn::GetAtt": [
"greetingtaskdefinitioncloudwatchagentLogGroupCEF72742",
"Arn"
]
},
{
"Fn::GetAtt": [
"greetingtaskdefinitionenvoyLogGroup6556AC35",
"Arn"
]
},
{
"Fn::GetAtt": [
"greetingtaskdefinitionfirelensLogGroupD7A398A7",
"Arn"
]
},
{
"Fn::GetAtt": [
"greetingtaskdefinitionxrayLogGroupD25C072D",
"Arn"
]
}
]
}
],
"Version": "2012-10-17"
Expand Down Expand Up @@ -2810,8 +2762,8 @@
{
"Action": [
"ecr:BatchCheckLayerAvailability",
"ecr:GetDownloadUrlForLayer",
"ecr:BatchGetImage"
"ecr:BatchGetImage",
"ecr:GetDownloadUrlForLayer"
],
"Effect": "Allow",
"Resource": {
Expand Down Expand Up @@ -2841,30 +2793,12 @@
]
}
},
{
"Action": "ecr:GetAuthorizationToken",
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"logs:CreateLogStream",
"logs:PutLogEvents"
],
"Effect": "Allow",
"Resource": {
"Fn::GetAtt": [
"greetertaskdefinitionenvoyLogGroup6E10B93E",
"Arn"
]
}
},
{
"Action": [
"ecr:GetAuthorizationToken",
"ecr:BatchCheckLayerAvailability",
"ecr:GetDownloadUrlForLayer",
"ecr:BatchGetImage"
"ecr:BatchGetImage",
"ecr:GetAuthorizationToken",
"ecr:GetDownloadUrlForLayer"
],
"Effect": "Allow",
"Resource": "*"
Expand All @@ -2875,38 +2809,32 @@
"logs:PutLogEvents"
],
"Effect": "Allow",
"Resource": {
"Fn::GetAtt": [
"greetertaskdefinitionfirelensLogGroupD5BAAC35",
"Arn"
]
}
},
{
"Action": [
"logs:CreateLogStream",
"logs:PutLogEvents"
],
"Effect": "Allow",
"Resource": {
"Fn::GetAtt": [
"greetertaskdefinitionxrayLogGroupBC1558B6",
"Arn"
]
}
},
{
"Action": [
"logs:CreateLogStream",
"logs:PutLogEvents"
],
"Effect": "Allow",
"Resource": {
"Fn::GetAtt": [
"greetertaskdefinitioncloudwatchagentLogGroupE7EAF327",
"Arn"
]
}
"Resource": [
{
"Fn::GetAtt": [
"greetertaskdefinitioncloudwatchagentLogGroupE7EAF327",
"Arn"
]
},
{
"Fn::GetAtt": [
"greetertaskdefinitionenvoyLogGroup6E10B93E",
"Arn"
]
},
{
"Fn::GetAtt": [
"greetertaskdefinitionfirelensLogGroupD5BAAC35",
"Arn"
]
},
{
"Fn::GetAtt": [
"greetertaskdefinitionxrayLogGroupBC1558B6",
"Arn"
]
}
]
}
],
"Version": "2012-10-17"
Expand Down