Adding conditionKeyValue and conditionKeysResolvedByService traits #1677
Adding conditionKeyValue and conditionKeysResolvedByService traits #1677kstich merged 2 commits intosmithy-lang:mainfrom
Conversation
docs/source-2.0/aws/aws-iam.rst
Outdated
| Value type | ||
| ``string`` | ||
|
|
||
| Specifies the list of IAM condition keys which must be resolved by the |
There was a problem hiding this comment.
Redundant with the Summary, can remove.
There was a problem hiding this comment.
removed redundant text
docs/source-2.0/aws/aws-iam.rst
Outdated
| Specifies the list of IAM condition keys which must be resolved by the | ||
| service, as opposed to being pulled from the request. | ||
|
|
||
| The following example defines two operations: |
There was a problem hiding this comment.
How does this interact with derived condition keys?
There was a problem hiding this comment.
added
Derived resource condition keys MUST NOT be included
with the conditionKeysResolvedByService trait.
docs/source-2.0/aws/aws-iam.rst
Outdated
| Trait selector | ||
| ``service`` | ||
| Value type | ||
| ``string`` |
There was a problem hiding this comment.
updated to be a list
docs/source-2.0/aws/aws-iam.rst
Outdated
| Value type | ||
| ``string`` | ||
|
|
||
| Uses the associated member’s value as this condition key’s value. Needed when |
There was a problem hiding this comment.
Should mimic the language for actionName.
There was a problem hiding this comment.
updated, also added that MUST also be defined via the :ref:aws.iam#defineConditionKeys-trait trait.
docs/source-2.0/aws/aws-iam.rst
Outdated
|
|
||
| The following example defines two operations: | ||
|
|
||
| ``myservice:ActionContextKey1`` is an service-specific IAM action |
...s-iam-traits/src/main/java/software/amazon/smithy/aws/iam/traits/ConditionKeysValidator.java
Outdated
Show resolved
Hide resolved
...s-iam-traits/src/main/java/software/amazon/smithy/aws/iam/traits/ConditionKeysValidator.java
Outdated
Show resolved
Hide resolved
...s-iam-traits/src/main/java/software/amazon/smithy/aws/iam/traits/ConditionKeysValidator.java
Outdated
Show resolved
Hide resolved
| String conditionKey = trait.getValue(); | ||
| if (!knownKeys.contains(conditionKey)) { | ||
| results.add(error(operation, String.format( | ||
| "This operation scoped within the `%s` service refers to an undefined " |
There was a problem hiding this comment.
This error message doesn't correctly map to the trait being validated.
There was a problem hiding this comment.
Should also pass the trait in as the second parameter to error() for source location clarity.
There was a problem hiding this comment.
- added operation id and member id to the error message details
- ah cool, didn't realize there was sourcelocation on the trait. Added.
There was a problem hiding this comment.
added errorfiles test case
There was a problem hiding this comment.
A lot of content changed in this file that wasn't actually the specific test additions.
There was a problem hiding this comment.
updated this file and applied only the new tests.
|
I've updated the pull request based on feedback. |
| } | ||
|
|
||
|
|
||
| @aws.iam#actionName("overridingActionName") |
There was a problem hiding this comment.
minor: the Echo operation isn't needed to express the test here, can remove
There was a problem hiding this comment.
Shapes and traits cleaned up.
| "smithy:ActionContextKey3": { type: "String" }, | ||
| "smithy:requesterId": { type: "String" } | ||
| ) | ||
| @aws.iam#conditionKeysResolvedByService(["smithy:requesterId"]) |
There was a problem hiding this comment.
minor: the conditionKeysResolvedByService trait isn't needed to express the test here, can remove
| $version: "2.0" | ||
| namespace smithy.example | ||
|
|
||
| use aws.iam#conditionKeyValue |
There was a problem hiding this comment.
The trait is applied with the namespace, meaning this use statement is unused
| ConditionKeyValueTrait trait = memberShape.expectTrait(ConditionKeyValueTrait.class); | ||
| String conditionKey = trait.getValue(); | ||
| if (!knownKeys.contains(conditionKey)) { | ||
| results.add(error(memberShape, trait.getSourceLocation(), String.format( |
There was a problem hiding this comment.
trait doesn't need the getSourceLocation() call applied, it's handled by error.
| } | ||
| } | ||
| if (!invalidNames.isEmpty()) { | ||
| results.add(error(service, trait.getSourceLocation(), String.format( |
There was a problem hiding this comment.
trait doesn't need the getSourceLocation() call applied, it's handled by error.
...s-iam-traits/src/main/java/software/amazon/smithy/aws/iam/traits/ConditionKeysValidator.java
Outdated
Show resolved
Hide resolved
...s-iam-traits/src/main/java/software/amazon/smithy/aws/iam/traits/ConditionKeysValidator.java
Outdated
Show resolved
Hide resolved
docs/source-2.0/aws/aws-iam.rst
Outdated
| .. _aws.iam#conditionKeysResolvedByService-trait: | ||
|
|
||
| ------------------------------------------------ | ||
| ``aws.iam#conditionKeysResolvedByService`` trait |
There was a problem hiding this comment.
What about serviceResolvedConditionKeys for the name of this trait? It's a clearer read to me and aligns more with the other IAM traits. Would need updating in several places (docs, code (ID, class names, etc.), test files.)
0xjjoyy
left a comment
0xjjoyy
left a comment
There was a problem hiding this comment.
addressed feedback
adding validation to check condition key value doesn't intersect with service resolved keys
kstich
left a comment
kstich
left a comment
There was a problem hiding this comment.
A lot/all of the test case files could also use empty lines at EOF.
...src/main/java/software/amazon/smithy/aws/iam/traits/ConditionKeysResolvedByServiceTrait.java
Outdated
Show resolved
Hide resolved
...test/java/software/amazon/smithy/aws/iam/traits/ConditionKeysResolvedByServiceTraitTest.java
Outdated
Show resolved
Hide resolved
| @aws.iam#defineConditionKeys( | ||
| "smithy:ServiceResolveContextKey": { type: "String" } | ||
| ) | ||
| @aws.iam#conditionKeysResolvedByService(["smithy:ServiceResolveContextKey"]) |
There was a problem hiding this comment.
Will need to be updated with the trait rename.
| @@ -0,0 +1,23 @@ | |||
| $version: "2.0" | |||
| namespace smithy.example | |||
There was a problem hiding this comment.
nit: should have a new line between $version and `namespace
...s-iam-traits/src/main/java/software/amazon/smithy/aws/iam/traits/ConditionKeysValidator.java
Outdated
Show resolved
Hide resolved
...s-iam-traits/src/main/java/software/amazon/smithy/aws/iam/traits/ConditionKeysValidator.java
Outdated
Show resolved
Hide resolved
|
Updated based on feedback. Updated trait and class names to match new name. Added EOF to *.smithy and *.errors |
docs/source-2.0/aws/aws-iam.rst
Outdated
| "myservice:ActionContextKey1": { type: "String" }, | ||
| "myservice:ActionContextKey2": { type: "String" } | ||
| ) | ||
| @conditionKeyResolvers(["myservice:ActionContextKey1"]) |
There was a problem hiding this comment.
| @conditionKeyResolvers(["myservice:ActionContextKey1"]) | |
| @serviceResolvedConditionKeys(["myservice:ActionContextKey1"]) |
|
Appears to need a rebase before merging, but content looks good. |
2 participants
Issue #, if available:
Description of changes:
Adding conditionKeyValue and conditionKeysResolvedByService traits
conditionKeyValue
Uses the associated member’s value as this condition key’s value. Needed when the member name doesn't match the condition key name.
conditionKeysResolvedByService
Specifies the list of IAM condition keys which must be resolved by the service, as opposed to being pulled from the request.
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.