Resource Properties with JSON as primitive type still accept strings #29

scrthq · 2018-04-02T20:53:12Z

Getting this working requires conversion from JSON to PSObject via ConvertFrom-JSON or initial build of policy as a PSObject or Hashtable directly:

$assumeRolePolicyDoc_ddbRole = '{
    "Version":"2012-10-17",
    "Statement":[{
        "Effect": "Allow",
        "Principal": {
            "Service": "iot.amazonaws.com"
        },
        "Action": "sts:AssumeRole"
    }]
}' | ConvertFrom-JSON
$pol = Add-VSIAMRolePolicy -PolicyDocument $assumeRolePolicyDoc_ddbRole -PolicyName ddbRole

PS > $pol.PolicyDocument

Version    Statement
-------    ---------
2012-10-17 {@{Effect=Allow; Principal=; Action=sts:AssumeRole}}

Not working when passing a JSON string in as the policy document (which is accepted as the generated function's parameter allows String, Hashtable or PSObject):

$assumeRolePolicyDoc_ddbRole = '{
    "Version":"2012-10-17",
    "Statement":[{
        "Effect": "Allow",
        "Principal": {
            "Service": "iot.amazonaws.com"
        },
        "Action": "sts:AssumeRole"
    }]
}'
$pol = Add-VSIAMRolePolicy -PolicyDocument $assumeRolePolicyDoc_ddbRole -PolicyName ddbRole

PS > $pol.PolicyDocument
{
    "Version":"2012-10-17",
    "Statement":[{
        "Effect": "Allow",
        "Principal": {
            "Service": "iot.amazonaws.com"
        },
        "Action": "sts:AssumeRole"
    }]
}

Looking into adding in logic for CloudFormation resource properties where the primitive type is JSON like the PolicyDocument type expects here: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-policy.html

Issue stemmed from comments on issue #28

RegEM · 2018-04-02T21:10:36Z

Thanks Nate.

scrthq · 2018-07-22T02:30:20Z

@RegEM hey man! FYI, this is fixed as of v2.3.2! You should get the same behavior whether you pass a JSON string or a hashtable or a PSObject now. Deployment should be out shortly!

scrthq · 2018-07-22T02:41:31Z

In action:

[I ♥ Code]> $assumeRolePolicyDoc_ddbRole = '{
    "Version":"2012-10-17",
    "Statement":[{
        "Effect": "Allow",
        "Principal": {
            "Service": "iot.amazonaws.com"
        },
        "Action": "sts:AssumeRole"
    }]
}'
$pol = Add-VSIAMRolePolicy -PolicyDocument $assumeRolePolicyDoc_ddbRole -PolicyName ddbRole -Verbose
$pol.PolicyDocument

Version    Statement
-------    ---------
2012-10-17 {@{Effect=Allow; Principal=; Action=sts:AssumeRole}}

RegEM · 2018-07-22T05:22:35Z

Awesome. I figured you must have worked thru it.
Thanks sir.

scrthq added the bug label Apr 2, 2018

scrthq self-assigned this Apr 2, 2018

scrthq mentioned this issue Apr 2, 2018

Add function to reverse-engineer CloudFormation templates and output the VaporShell script that recreates them. #28

Open

scrthq added enhancement bug and removed bug labels Apr 2, 2018

scrthq added the in progress label Jun 9, 2018

scrthq closed this as completed in 31190ce Jul 22, 2018

ghost removed the in progress label Jul 22, 2018

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Resource Properties with JSON as primitive type still accept strings #29

Resource Properties with JSON as primitive type still accept strings #29

scrthq commented Apr 2, 2018

RegEM commented Apr 2, 2018

scrthq commented Jul 22, 2018

scrthq commented Jul 22, 2018

RegEM commented Jul 22, 2018

Resource Properties with JSON as primitive type still accept strings #29

Resource Properties with JSON as primitive type still accept strings #29

Comments

scrthq commented Apr 2, 2018

RegEM commented Apr 2, 2018

scrthq commented Jul 22, 2018

scrthq commented Jul 22, 2018

RegEM commented Jul 22, 2018