Open greg5123334 opened 2 weeks ago
Hey @greg5123334 , thanks for sharing the detailed repro code. I can confirm that the mentioned method addToResourcePolicy() does not add the required policy.
On checking this method, it looks like the method should return the object updated with policy statements but its returning assertions. Also the inherent object being created is PolicyDocument which adds statement. Here is the PR link that introduced this change. Marking it as P3 since it has a workaround.
I'm encountering issues with using grantRead against a dynamodb table (v1) construct where no resource policy is being added. Looking at the addToResourcePolicy for table.ts, it seems the logic is identical to the table-v2-base.ts, so I believe this affects both table constructs.
Describe the bug
DynamoDB's TableV2 addToResourcePolicy method is not taking effect.
Expected Behavior
statements should be added to existing policy document. and in the absence of an existing policy document, one should be created on first call of
addToResourcePolicy
as documented:Current Behavior
addToResourcePolicy
has no effect on changesets.Reproduction Steps
1. Initial deploy WITHOUT policy nor statement
2. Include addToResourcePolicy WITHOUT policy
Diff
cdk diff
Deploy first addToResourcePolicy
NO POLICY ADDED!!
3. Add policy via resourcePolicy prop
deploy
4. add second statement via addToResourcePolicy method
diff
cdk diff
deploy
second statement NOT included in diff nor in deployment
Possible Solution
No response
Additional Information/Context
No response
CDK CLI Version
2.148.0 (build e5740c0)
Framework Version
No response
Node.js Version
v20.12.2
OS
Ubuntu 22.04.4 LTS
Language
TypeScript
Language Version
5.4.5
Other information
No response