search

aws-cloudformation / aws-cloudformation-resource-providers-codeartifact

The CloudFormation Resource Provider Package for the AWS CodeArtifact service
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/AWS_CodeArtifact.html
Apache License 2.0
27 stars 7 forks source link

Multiple types for PolicyDocument? #9

Open richardhboyd opened 3 years ago

richardhboyd commented 3 years ago 
      "type": [
        "object",
        "string"
      ],

This seems a bit clunky. It would be hard for tools like CDK to help provide a better developer experience because many static typed languages don't support this type of input. Personally I would go with just an Object or (better yet) convince the IAM team to create an official PolicyDocument type that can be re-used. Also, calling it an "object" means it is arbitrary json and I DO NOT LIKE that. What are valid keys? what are valid values? what is even real anymore?

https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-codeartifact/blob/master/aws-codeartifact-domain/aws-codeartifact-domain.json#L41-L44

jonjara commented 3 years ago

We have since changed this to object. What is the value of adding validation of permissions policies if the the service will handle misformed policies?

richardhboyd commented 3 years ago

If you were reading the docs for CodeArtifact and saw this, would you know what that json was supposed to look like?

detam-amazon commented 3 years ago

We have some examples available here that demonstrate how to add the policy doc: https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-codeartifact/tree/main/sample-templates/json

jonjara commented 3 years ago

if I were reading this then it would definitely be clear, maybe we can add this to the "description" text?