Skip to content

Commit 5d6a037

Browse files
raykrishardiraykrishardi
authored
feat: multiple providers for redshift federated iam role (#7)
* feat: multiple providers for redshift federated iam role * fix: generic test name
1 parent ff502a9 commit 5d6a037

3 files changed

Lines changed: 10 additions & 4 deletions

File tree

redshift.cfndsl.rb

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -74,15 +74,15 @@
7474

7575
redshift_federation_iam_role = external_parameters.fetch(:redshift_federation_iam_role, {})
7676
if !redshift_federation_iam_role.empty? && redshift_federation_iam_role["enable"]
77-
samlProviderName = redshift_federation_iam_role["assume_role_policy"]["principal"]["providerName"]
77+
samlProviders = redshift_federation_iam_role["assume_role_policy"]["principal"]["providers"]
7878
samlAud = redshift_federation_iam_role["assume_role_policy"]["condition"]["samlAud"]
7979
assumeRolePolicy = {
8080
"Version": "2012-10-17",
8181
"Statement": [
8282
{
8383
"Effect": "Allow",
8484
"Principal": {
85-
"Federated": FnSub("arn:aws:iam::${AWS::AccountId}:saml-provider/#{samlProviderName}")
85+
"Federated": samlProviders
8686
},
8787
"Action": [
8888
"sts:AssumeRoleWithSAML",

spec/redshift_federation_iam_role_spec.rb

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -79,8 +79,12 @@
7979
expect(resource["Type"]).to eq("AWS::IAM::Role")
8080
end
8181

82+
it "to have property RoleName" do
83+
expect(resource["Properties"]["RoleName"]).to eq("redshift-federation-role")
84+
end
85+
8286
it "to have property AssumeRolePolicyDocument" do
83-
expect(resource["Properties"]["AssumeRolePolicyDocument"]).to eq({"Version"=>"2012-10-17", "Statement"=>[{"Effect"=>"Allow", "Principal"=>{"Federated"=>{"Fn::Sub"=>"arn:aws:iam::${AWS::AccountId}:saml-provider/redshift-federation-saml-provider"}}, "Action"=>["sts:AssumeRoleWithSAML", "sts:TagSession"], "Condition"=>{"StringEquals"=>{"SAML:aud"=>"http://localhost:7890/redshift/"}}}]})
87+
expect(resource["Properties"]["AssumeRolePolicyDocument"]).to eq({"Version"=>"2012-10-17", "Statement"=>[{"Effect"=>"Allow", "Principal"=>{"Federated"=>[{"Fn::Sub"=>"arn:aws:iam::${AWS::AccountId}:saml-provider/${EnvironmentName}_example_redshift-federation-saml-provider"}, {"Fn::Sub"=>"arn:aws:iam::${AWS::AccountId}:saml-provider/${EnvironmentName}_hello_redshift-federation-saml-provider"}]}, "Action"=>["sts:AssumeRoleWithSAML", "sts:TagSession"], "Condition"=>{"StringEquals"=>{"SAML:aud"=>"http://localhost:7890/redshift/"}}}]})
8488
end
8589

8690
it "to have property Policies" do

tests/redshift_federation_iam_role.test.yaml

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -34,6 +34,8 @@ redshift_federation_iam_role:
3434
enable: true
3535
assume_role_policy:
3636
principal:
37-
providerName: redshift-federation-saml-provider
37+
providers:
38+
- Fn::Sub: 'arn:aws:iam::${AWS::AccountId}:saml-provider/${EnvironmentName}_example_redshift-federation-saml-provider'
39+
- Fn::Sub: 'arn:aws:iam::${AWS::AccountId}:saml-provider/${EnvironmentName}_hello_redshift-federation-saml-provider'
3840
condition:
3941
samlAud: "http://localhost:7890/redshift/"

0 commit comments

Comments
 (0)