search

vibe-io / cdk-extensions

Opinionated CDK constructs
Apache License 2.0
5 stars 1 forks source link

Resolution error: Supplied properties not correct for "CfnPermissionSetProps" #103

Open moltar opened 5 months ago

moltar commented 5 months ago 
    new sso.PermissionSet(this, "AdministratorAccess", {
      instance,
      name: "AdministratorAccess",
      managedPolicies: [
        ManagedPolicy.fromAwsManagedPolicyName("AdministratorAccess"),
      ],
    });

Results in:

CfnSynthesisError: Resolution error: Supplied properties not correct for "CfnPermissionSetProps"
  customerManagedPolicyReferences: "[]" should be a list.
moltar commented 5 months ago

In addition, adding a CMP still errors out:

    administratorAccessPermissionSet.addCustomerManagedPolicy({
      name: "test",
    });
CfnSynthesisError: Resolution error: Supplied properties not correct for "CfnPermissionSetProps"
  customerManagedPolicyReferences: "[{\"name\":\"test\"}]" should be a list.

Looks like a JSON-ification is happening here.

moltar commented 5 months ago

https://github.com/vibe-io/cdk-extensions/blob/fa3124f7c157c6e50e8df82e7f21fbea810b4ed0/src/sso/permission-set.ts#L206

Maybe this does not need toJsonString?

moltar commented 5 months ago

For posterity, if anyone else stumbles on this, the workaround is:

    Aspects.of(this).add({
      visit(node) {
        if (node instanceof CfnPermissionSet) {
          node.customerManagedPolicyReferences = [];
        }
      },
    });

Add this below all instances.

This, of course, will also break customer-managed policies, so if you need those, then that will not work. Will need to use escape hatches.

moltar commented 4 months ago

Also, the same issue for inline policy:

Resolution error: Supplied properties not correct for "CfnPermissionSetProps"
      inlinePolicy: "[{\"PolicyDocument\":{\"Statement\":[{\"Action\":\"sts:AssumeRole\",\"Effect\":\"Allow\",\"Resource\":\"*\"}],\"Version\":\"2012-10-17\"},\"PolicyName\":\"AssumeRole\"}]" should be an 'object'.