diff --git a/CHANGELOG.v2.alpha.md b/CHANGELOG.v2.alpha.md index b3ba8f491dbcb..683f3289ab380 100644 --- a/CHANGELOG.v2.alpha.md +++ b/CHANGELOG.v2.alpha.md @@ -2,6 +2,8 @@ All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines. +## [2.184.1-alpha.0](https://github.com/aws/aws-cdk/compare/v2.184.0-alpha.0...v2.184.1-alpha.0) (2025-03-14) + ## [2.184.0-alpha.0](https://github.com/aws/aws-cdk/compare/v2.183.0-alpha.0...v2.184.0-alpha.0) (2025-03-13) diff --git a/CHANGELOG.v2.md b/CHANGELOG.v2.md index 631a3b6a6daf9..2414dabb7c959 100644 --- a/CHANGELOG.v2.md +++ b/CHANGELOG.v2.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines. +## [2.184.1](https://github.com/aws/aws-cdk/compare/v2.184.0...v2.184.1) (2025-03-14) + + +### Reverts + +* **iam:** fix(iam): adding organization id pattern verification ([#33773](https://github.com/aws/aws-cdk/pull/33773)) ([f7ed316](https://github.com/aws/aws-cdk/commit/f7ed3165056c385249735ebb17a53d0fedd69c54)), closes [aws/aws-cdk#33768](https://github.com/aws/aws-cdk/issues/33768) + ## [2.184.0](https://github.com/aws/aws-cdk/compare/v2.183.0...v2.184.0) (2025-03-13) diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-iam/test/integ.role.js.snapshot/cdk.out b/packages/@aws-cdk-testing/framework-integ/test/aws-iam/test/integ.role.js.snapshot/cdk.out index 91e1a8b9901d5..ae4b03c54e770 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-iam/test/integ.role.js.snapshot/cdk.out +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-iam/test/integ.role.js.snapshot/cdk.out @@ -1 +1 @@ -{"version":"39.0.0"} \ No newline at end of file +{"version":"30.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-iam/test/integ.role.js.snapshot/integ-iam-role-1.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-iam/test/integ.role.js.snapshot/integ-iam-role-1.assets.json index 2dfb1c03164f9..8fcd0e362a9dd 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-iam/test/integ.role.js.snapshot/integ-iam-role-1.assets.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-iam/test/integ.role.js.snapshot/integ-iam-role-1.assets.json @@ -1,7 +1,7 @@ { - "version": "39.0.0", + "version": "30.0.0", "files": { - "c2c6194246bf85091584a53bc8375b8bbf23344aa5024c626b51ca6e3ce4fec2": { + "514f5ee3a1aa7cfaa68a26e8992753c2a8dfaa4e62da39ff85fba52545f07a2a": { "source": { "path": "integ-iam-role-1.template.json", "packaging": "file" @@ -9,7 +9,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "c2c6194246bf85091584a53bc8375b8bbf23344aa5024c626b51ca6e3ce4fec2.json", + "objectKey": "514f5ee3a1aa7cfaa68a26e8992753c2a8dfaa4e62da39ff85fba52545f07a2a.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-iam/test/integ.role.js.snapshot/integ-iam-role-1.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-iam/test/integ.role.js.snapshot/integ-iam-role-1.template.json index 8cbd61fab40c2..2a6784d4f7504 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-iam/test/integ.role.js.snapshot/integ-iam-role-1.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-iam/test/integ.role.js.snapshot/integ-iam-role-1.template.json @@ -105,7 +105,7 @@ "Action": "sts:AssumeRole", "Condition": { "StringEquals": { - "aws:PrincipalOrgID": "o-12345abcde" + "aws:PrincipalOrgID": "o-1234" } }, "Effect": "Allow", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-iam/test/integ.role.js.snapshot/integ.json b/packages/@aws-cdk-testing/framework-integ/test/aws-iam/test/integ.role.js.snapshot/integ.json index 286e5da87896c..fb19d898ca1a4 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-iam/test/integ.role.js.snapshot/integ.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-iam/test/integ.role.js.snapshot/integ.json @@ -1,5 +1,5 @@ { - "version": "39.0.0", + "version": "30.0.0", "testCases": { "integ-iam-role/DefaultTest": { "stacks": [ diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-iam/test/integ.role.js.snapshot/integiamroleDefaultTestDeployAssert48737E31.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-iam/test/integ.role.js.snapshot/integiamroleDefaultTestDeployAssert48737E31.assets.json index d73f764b004a2..bbcbe43c78388 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-iam/test/integ.role.js.snapshot/integiamroleDefaultTestDeployAssert48737E31.assets.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-iam/test/integ.role.js.snapshot/integiamroleDefaultTestDeployAssert48737E31.assets.json @@ -1,5 +1,5 @@ { - "version": "39.0.0", + "version": "30.0.0", "files": { "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { "source": { diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-iam/test/integ.role.js.snapshot/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/aws-iam/test/integ.role.js.snapshot/manifest.json index 8888333fb488d..1064dbf931db6 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-iam/test/integ.role.js.snapshot/manifest.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-iam/test/integ.role.js.snapshot/manifest.json @@ -1,5 +1,5 @@ { - "version": "39.0.0", + "version": "30.0.0", "artifacts": { "integ-iam-role-1.assets": { "type": "cdk:asset-manifest", @@ -14,11 +14,10 @@ "environment": "aws://unknown-account/unknown-region", "properties": { "templateFile": "integ-iam-role-1.template.json", - "terminationProtection": false, "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/c2c6194246bf85091584a53bc8375b8bbf23344aa5024c626b51ca6e3ce4fec2.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/514f5ee3a1aa7cfaa68a26e8992753c2a8dfaa4e62da39ff85fba52545f07a2a.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ @@ -34,198 +33,30 @@ "integ-iam-role-1.assets" ], "metadata": { - "/integ-iam-role-1/TestRole": [ - { - "type": "aws:cdk:analytics:construct", - "data": { - "assumedBy": { - "principalAccount": "*", - "assumeRoleAction": "*" - } - } - }, - { - "type": "aws:cdk:analytics:method", - "data": { - "addToPolicy": [ - {} - ] - } - }, - { - "type": "aws:cdk:analytics:method", - "data": { - "addToPrincipalPolicy": [ - {} - ] - } - }, - { - "type": "aws:cdk:analytics:method", - "data": { - "attachInlinePolicy": [ - "*" - ] - } - }, - { - "type": "aws:cdk:analytics:method", - "data": { - "attachInlinePolicy": [ - "*" - ] - } - }, - { - "type": "aws:cdk:analytics:method", - "data": { - "attachInlinePolicy": [ - "*" - ] - } - } - ], - "/integ-iam-role-1/TestRole/ImportTestRole": [ - { - "type": "aws:cdk:analytics:construct", - "data": "*" - } - ], "/integ-iam-role-1/TestRole/Resource": [ { "type": "aws:cdk:logicalId", "data": "TestRole6C9272DF" } ], - "/integ-iam-role-1/TestRole/DefaultPolicy": [ - { - "type": "aws:cdk:analytics:construct", - "data": "*" - }, - { - "type": "aws:cdk:analytics:method", - "data": { - "attachToRole": [ - "*" - ] - } - }, - { - "type": "aws:cdk:analytics:method", - "data": { - "attachToRole": [ - "*" - ] - } - }, - { - "type": "aws:cdk:analytics:method", - "data": { - "addStatements": [ - {} - ] - } - } - ], "/integ-iam-role-1/TestRole/DefaultPolicy/Resource": [ { "type": "aws:cdk:logicalId", "data": "TestRoleDefaultPolicyD1C92014" } ], - "/integ-iam-role-1/HelloPolicy": [ - { - "type": "aws:cdk:analytics:construct", - "data": { - "policyName": "*" - } - }, - { - "type": "aws:cdk:analytics:method", - "data": { - "addStatements": [ - {} - ] - } - }, - { - "type": "aws:cdk:analytics:method", - "data": { - "attachToRole": [ - "*" - ] - } - }, - { - "type": "aws:cdk:analytics:method", - "data": { - "attachToRole": [ - "*" - ] - } - }, - { - "type": "aws:cdk:analytics:method", - "data": { - "attachToRole": [ - "*" - ] - } - } - ], "/integ-iam-role-1/HelloPolicy/Resource": [ { "type": "aws:cdk:logicalId", "data": "HelloPolicyD59007DF" } ], - "/integ-iam-role-1/TestImportedRole": [ - { - "type": "aws:cdk:analytics:construct", - "data": "*" - } - ], - "/integ-iam-role-1/TestRole2": [ - { - "type": "aws:cdk:analytics:construct", - "data": { - "assumedBy": { - "principalAccount": "*", - "assumeRoleAction": "*" - }, - "externalIds": "*" - } - } - ], - "/integ-iam-role-1/TestRole2/ImportTestRole2": [ - { - "type": "aws:cdk:analytics:construct", - "data": "*" - } - ], "/integ-iam-role-1/TestRole2/Resource": [ { "type": "aws:cdk:logicalId", "data": "TestRole25D98AB21" } ], - "/integ-iam-role-1/TestRole3": [ - { - "type": "aws:cdk:analytics:construct", - "data": { - "assumedBy": { - "principalAccount": "*", - "assumeRoleAction": "*" - } - } - } - ], - "/integ-iam-role-1/TestRole3/ImportTestRole3": [ - { - "type": "aws:cdk:analytics:construct", - "data": "*" - } - ], "/integ-iam-role-1/TestRole3/Resource": [ { "type": "aws:cdk:logicalId", @@ -260,7 +91,6 @@ "environment": "aws://unknown-account/unknown-region", "properties": { "templateFile": "integiamroleDefaultTestDeployAssert48737E31.template.json", - "terminationProtection": false, "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-iam/test/integ.role.js.snapshot/tree.json b/packages/@aws-cdk-testing/framework-integ/test/aws-iam/test/integ.role.js.snapshot/tree.json index a2575aa5e44b1..507038fa79bba 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-iam/test/integ.role.js.snapshot/tree.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-iam/test/integ.role.js.snapshot/tree.json @@ -16,11 +16,8 @@ "id": "ImportTestRole", "path": "integ-iam-role-1/TestRole/ImportTestRole", "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0", - "metadata": [ - "*" - ] + "fqn": "@aws-cdk/core.Resource", + "version": "0.0.0" } }, "Resource": { @@ -44,7 +41,7 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "fqn": "@aws-cdk/aws-iam.CfnRole", "version": "0.0.0" } }, @@ -77,71 +74,20 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", + "fqn": "@aws-cdk/aws-iam.CfnPolicy", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.Policy", - "version": "0.0.0", - "metadata": [ - "*", - { - "attachToRole": [ - "*" - ] - }, - { - "attachToRole": [ - "*" - ] - }, - { - "addStatements": [ - {} - ] - } - ] + "fqn": "@aws-cdk/aws-iam.Policy", + "version": "0.0.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.Role", - "version": "0.0.0", - "metadata": [ - { - "assumedBy": { - "principalAccount": "*", - "assumeRoleAction": "*" - } - }, - { - "addToPolicy": [ - {} - ] - }, - { - "addToPrincipalPolicy": [ - {} - ] - }, - { - "attachInlinePolicy": [ - "*" - ] - }, - { - "attachInlinePolicy": [ - "*" - ] - }, - { - "attachInlinePolicy": [ - "*" - ] - } - ] + "fqn": "@aws-cdk/aws-iam.Role", + "version": "0.0.0" } }, "HelloPolicy": { @@ -173,50 +119,14 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", + "fqn": "@aws-cdk/aws-iam.CfnPolicy", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.Policy", - "version": "0.0.0", - "metadata": [ - { - "policyName": "*" - }, - { - "addStatements": [ - {} - ] - }, - { - "attachToRole": [ - "*" - ] - }, - { - "attachToRole": [ - "*" - ] - }, - { - "attachToRole": [ - "*" - ] - } - ] - } - }, - "TestImportedRole": { - "id": "TestImportedRole", - "path": "integ-iam-role-1/TestImportedRole", - "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0", - "metadata": [ - "*" - ] + "fqn": "@aws-cdk/aws-iam.Policy", + "version": "0.0.0" } }, "TestRole2": { @@ -227,11 +137,8 @@ "id": "ImportTestRole2", "path": "integ-iam-role-1/TestRole2/ImportTestRole2", "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0", - "metadata": [ - "*" - ] + "fqn": "@aws-cdk/core.Resource", + "version": "0.0.0" } }, "Resource": { @@ -275,23 +182,14 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "fqn": "@aws-cdk/aws-iam.CfnRole", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.Role", - "version": "0.0.0", - "metadata": [ - { - "assumedBy": { - "principalAccount": "*", - "assumeRoleAction": "*" - }, - "externalIds": "*" - } - ] + "fqn": "@aws-cdk/aws-iam.Role", + "version": "0.0.0" } }, "TestRole3": { @@ -302,11 +200,8 @@ "id": "ImportTestRole3", "path": "integ-iam-role-1/TestRole3/ImportTestRole3", "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0", - "metadata": [ - "*" - ] + "fqn": "@aws-cdk/core.Resource", + "version": "0.0.0" } }, "Resource": { @@ -321,7 +216,7 @@ "Action": "sts:AssumeRole", "Condition": { "StringEquals": { - "aws:PrincipalOrgID": "o-12345abcde" + "aws:PrincipalOrgID": "o-1234" } }, "Effect": "Allow", @@ -335,29 +230,21 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "fqn": "@aws-cdk/aws-iam.CfnRole", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.Role", - "version": "0.0.0", - "metadata": [ - { - "assumedBy": { - "principalAccount": "*", - "assumeRoleAction": "*" - } - } - ] + "fqn": "@aws-cdk/aws-iam.Role", + "version": "0.0.0" } }, "BootstrapVersion": { "id": "BootstrapVersion", "path": "integ-iam-role-1/BootstrapVersion", "constructInfo": { - "fqn": "aws-cdk-lib.CfnParameter", + "fqn": "@aws-cdk/core.CfnParameter", "version": "0.0.0" } }, @@ -365,13 +252,13 @@ "id": "CheckBootstrapVersion", "path": "integ-iam-role-1/CheckBootstrapVersion", "constructInfo": { - "fqn": "aws-cdk-lib.CfnRule", + "fqn": "@aws-cdk/core.CfnRule", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.Stack", + "fqn": "@aws-cdk/core.Stack", "version": "0.0.0" } }, @@ -388,7 +275,7 @@ "path": "integ-iam-role/DefaultTest/Default", "constructInfo": { "fqn": "constructs.Construct", - "version": "10.4.2" + "version": "10.1.249" } }, "DeployAssert": { @@ -399,7 +286,7 @@ "id": "BootstrapVersion", "path": "integ-iam-role/DefaultTest/DeployAssert/BootstrapVersion", "constructInfo": { - "fqn": "aws-cdk-lib.CfnParameter", + "fqn": "@aws-cdk/core.CfnParameter", "version": "0.0.0" } }, @@ -407,25 +294,25 @@ "id": "CheckBootstrapVersion", "path": "integ-iam-role/DefaultTest/DeployAssert/CheckBootstrapVersion", "constructInfo": { - "fqn": "aws-cdk-lib.CfnRule", + "fqn": "@aws-cdk/core.CfnRule", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.Stack", + "fqn": "@aws-cdk/core.Stack", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/integ-tests-alpha.IntegTestCase", + "fqn": "@aws-cdk/integ-tests.IntegTestCase", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/integ-tests-alpha.IntegTest", + "fqn": "@aws-cdk/integ-tests.IntegTest", "version": "0.0.0" } }, @@ -434,12 +321,12 @@ "path": "Tree", "constructInfo": { "fqn": "constructs.Construct", - "version": "10.4.2" + "version": "10.1.249" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.App", + "fqn": "@aws-cdk/core.App", "version": "0.0.0" } } diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-iam/test/integ.role.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-iam/test/integ.role.ts index 28b54ac51d47b..ca3a161594ac5 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-iam/test/integ.role.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-iam/test/integ.role.ts @@ -28,7 +28,7 @@ new Role(stack, 'TestRole2', { // Role with an org new Role(stack, 'TestRole3', { - assumedBy: new OrganizationPrincipal('o-12345abcde'), + assumedBy: new OrganizationPrincipal('o-1234'), }); new IntegTest(app, 'integ-iam-role', { diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/sagemaker/integ.create-training-job-image.js.snapshot/asset.f24ba5e516d9d80b64bc7b0f406eedd12c36b20e7461f3e7719b7ffbdad72410.zip b/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/sagemaker/integ.create-training-job-image.js.snapshot/asset.f24ba5e516d9d80b64bc7b0f406eedd12c36b20e7461f3e7719b7ffbdad72410.zip index bff4656ba5dcb..530ff84872e52 100644 Binary files a/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/sagemaker/integ.create-training-job-image.js.snapshot/asset.f24ba5e516d9d80b64bc7b0f406eedd12c36b20e7461f3e7719b7ffbdad72410.zip and b/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/sagemaker/integ.create-training-job-image.js.snapshot/asset.f24ba5e516d9d80b64bc7b0f406eedd12c36b20e7461f3e7719b7ffbdad72410.zip differ diff --git a/packages/aws-cdk-lib/aws-iam/lib/principals.ts b/packages/aws-cdk-lib/aws-iam/lib/principals.ts index 79e00d9e85cc5..f84848fb7c251 100644 --- a/packages/aws-cdk-lib/aws-iam/lib/principals.ts +++ b/packages/aws-cdk-lib/aws-iam/lib/principals.ts @@ -32,7 +32,7 @@ export interface IGrantable { * Notifications Service). * * A single logical Principal may also map to a set of physical principals. - * For example, `new OrganizationPrincipal('o-12345abcde')` represents all + * For example, `new OrganizationPrincipal('o-1234')` represents all * identities that are part of the given AWS Organization. */ export interface IPrincipal extends IGrantable { @@ -603,9 +603,6 @@ export class ServicePrincipal extends PrincipalBase { /** * A principal that represents an AWS Organization - * - * Property organizationId must match regex pattern ^o-[a-z0-9]{10,32}$ - * @see https://docs.aws.amazon.com/organizations/latest/APIReference/API_Organization.html */ export class OrganizationPrincipal extends PrincipalBase { /** @@ -614,9 +611,6 @@ export class OrganizationPrincipal extends PrincipalBase { */ constructor(public readonly organizationId: string) { super(); - if (!organizationId.match(/^o-[a-z0-9]{10,32}$/)) { - throw new Error(`Expected Organization ID must match regex pattern ^o-[a-z0-9]{10,32}$, received ${organizationId}`); - } } public get policyFragment(): PrincipalPolicyFragment { diff --git a/packages/aws-cdk-lib/aws-iam/test/principals.test.ts b/packages/aws-cdk-lib/aws-iam/test/principals.test.ts index 2f85ac153d9e6..1b67bc843c64f 100644 --- a/packages/aws-cdk-lib/aws-iam/test/principals.test.ts +++ b/packages/aws-cdk-lib/aws-iam/test/principals.test.ts @@ -518,15 +518,3 @@ test('ServicePrinciple construct by default reset the principle name to the defa }, }); }); - -test('throw error when Organization ID does not match regex pattern', () => { - // GIVEN - const shortOrgId = 'o-shortname'; - const noOOrgName = 'no-o-name'; - const longOrgName = 'o-thisnameistoooooooooooooooooolong'; - - // THEN - expect(() => new iam.OrganizationPrincipal(shortOrgId)).toThrow(`Expected Organization ID must match regex pattern ^o-[a-z0-9]{10,32}$, received ${shortOrgId}`); - expect(() => new iam.OrganizationPrincipal(noOOrgName)).toThrow(`Expected Organization ID must match regex pattern ^o-[a-z0-9]{10,32}$, received ${noOOrgName}`); - expect(() => new iam.OrganizationPrincipal(longOrgName)).toThrow(`Expected Organization ID must match regex pattern ^o-[a-z0-9]{10,32}$, received ${longOrgName}`); -}); diff --git a/packages/aws-cdk-lib/aws-kms/test/via-service-principal.test.ts b/packages/aws-cdk-lib/aws-kms/test/via-service-principal.test.ts index 86367e249eff3..4c86986e8b4a6 100644 --- a/packages/aws-cdk-lib/aws-kms/test/via-service-principal.test.ts +++ b/packages/aws-cdk-lib/aws-kms/test/via-service-principal.test.ts @@ -23,7 +23,7 @@ test('Via service, principal with conditions', () => { // WHEN const statement = new iam.PolicyStatement({ actions: ['abc:call'], - principals: [new kms.ViaServicePrincipal('bla.amazonaws.com', new iam.OrganizationPrincipal('o-12345abcde'))], + principals: [new kms.ViaServicePrincipal('bla.amazonaws.com', new iam.OrganizationPrincipal('o-1234'))], resources: ['*'], }); @@ -33,7 +33,7 @@ test('Via service, principal with conditions', () => { Condition: { StringEquals: { 'kms:ViaService': 'bla.amazonaws.com', - 'aws:PrincipalOrgID': 'o-12345abcde', + 'aws:PrincipalOrgID': 'o-1234', }, }, Effect: 'Allow', diff --git a/packages/aws-cdk-lib/aws-lambda/test/function.test.ts b/packages/aws-cdk-lib/aws-lambda/test/function.test.ts index 2f03c696b6ae7..e1d9bda088f97 100644 --- a/packages/aws-cdk-lib/aws-lambda/test/function.test.ts +++ b/packages/aws-cdk-lib/aws-lambda/test/function.test.ts @@ -191,7 +191,7 @@ describe('function', () => { test('can supply principalOrgID via permission property', () => { const stack = new cdk.Stack(); const fn = newTestLambda(stack); - const org = new iam.OrganizationPrincipal('o-12345abcde'); + const org = new iam.OrganizationPrincipal('o-xxxxxxxxxx'); const account = new iam.AccountPrincipal('123456789012'); fn.addPermission('S3Permission', { @@ -223,7 +223,7 @@ describe('function', () => { fn.addPermission('S1', { principal: new iam.ServicePrincipal('my-service') }); fn.addPermission('S2', { principal: new iam.AccountPrincipal('account') }); fn.addPermission('S3', { principal: new iam.ArnPrincipal('my:arn') }); - fn.addPermission('S4', { principal: new iam.OrganizationPrincipal('o-12345abcde') }); + fn.addPermission('S4', { principal: new iam.OrganizationPrincipal('my:org') }); }); test('does not show warning if skipPermissions is set', () => { @@ -1730,7 +1730,7 @@ describe('function', () => { handler: 'index.handler', runtime: lambda.Runtime.NODEJS_LATEST, }); - const org = new iam.OrganizationPrincipal('o-12345abcde'); + const org = new iam.OrganizationPrincipal('my-org-id'); // WHEN fn.grantInvoke(org); @@ -1745,7 +1745,7 @@ describe('function', () => { ], }, Principal: '*', - PrincipalOrgID: 'o-12345abcde', + PrincipalOrgID: 'my-org-id', }); }); @@ -1959,7 +1959,7 @@ describe('function', () => { new iam.AccountPrincipal('1234'), new iam.ServicePrincipal('apigateway.amazonaws.com'), new iam.ArnPrincipal('arn:aws:iam::123456789012:role/someRole'), - new iam.OrganizationPrincipal('o-12345abcde'), + new iam.OrganizationPrincipal('my-org-id'), ); const fn = new lambda.Function(stack, 'Function', { @@ -2011,7 +2011,7 @@ describe('function', () => { ], }, Principal: '*', - PrincipalOrgID: 'o-12345abcde', + PrincipalOrgID: 'my-org-id', }); }); }); diff --git a/packages/aws-cdk-lib/aws-s3/test/bucket.test.ts b/packages/aws-cdk-lib/aws-s3/test/bucket.test.ts index f7e7bfc893e5e..352ba91750042 100644 --- a/packages/aws-cdk-lib/aws-s3/test/bucket.test.ts +++ b/packages/aws-cdk-lib/aws-s3/test/bucket.test.ts @@ -1776,7 +1776,7 @@ describe('bucket', () => { const bucket = new s3.Bucket(stack, 'MyBucket', { encryption: s3.BucketEncryption.KMS }); // WHEN - bucket.grantRead(new iam.OrganizationPrincipal('o-12345abcde')); + bucket.grantRead(new iam.OrganizationPrincipal('o-1234')); // THEN Template.fromStack(stack).hasResourceProperties('AWS::S3::BucketPolicy', { @@ -1785,7 +1785,7 @@ describe('bucket', () => { 'Statement': [ { Action: ['s3:GetObject*', 's3:GetBucket*', 's3:List*'], - 'Condition': { 'StringEquals': { 'aws:PrincipalOrgID': 'o-12345abcde' } }, + 'Condition': { 'StringEquals': { 'aws:PrincipalOrgID': 'o-1234' } }, 'Effect': 'Allow', 'Principal': { AWS: '*' }, 'Resource': [ @@ -1806,7 +1806,7 @@ describe('bucket', () => { 'Effect': 'Allow', 'Resource': '*', 'Principal': { AWS: '*' }, - 'Condition': { 'StringEquals': { 'aws:PrincipalOrgID': 'o-12345abcde' } }, + 'Condition': { 'StringEquals': { 'aws:PrincipalOrgID': 'o-1234' } }, }, ]), 'Version': '2012-10-17', diff --git a/version.v2.json b/version.v2.json index 96bf658e1a7a9..7e2067edb6fb2 100644 --- a/version.v2.json +++ b/version.v2.json @@ -1,4 +1,4 @@ { - "version": "2.184.0", - "alphaVersion": "2.184.0-alpha.0" + "version": "2.184.1", + "alphaVersion": "2.184.1-alpha.0" } \ No newline at end of file