Validate Principal should accept Unresolved
Closed this issue · 2 comments
Describe the bug
A clear and concise description of what the bug is.
When using the construct, user should be able to create an assignment using the following structure
const group = new CfnGroup(this, `${groupName}`, {
displayName: groupName,
identityStoreId: SsoIdentityStoreId,
description: groupName,
});
accountIds?.forEach((accountId) => {
new Assignment(this, `${accountId}-${groupName}`, {
permissionSet: permissionSet,
principal: {
principalId: group.attrGroupId,
principalType: PrincipalTypes.GROUP,
},
targetId: accountId,
});
});To Reproduce
Steps to reproduce the behavior:
- Go to line 5 in principal-common.ts
- Currently only tests for
if (!principal.principalId.match(/^([0-9a-f]{10}-|)[A-Fa-f0-9]{8}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{12}$/)) {
throw new Error(PrincipalId must be a valid GUID: ${principal.principalId});
}
Expected behavior
A clear and concise description of what you expected to happen.
Should test for unresolved
if (!Token.isUnresolved(principal.principalId) && !principal.principalId.match(/^([0-9a-f]{10}-|)[A-Fa-f0-9]{8}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{12}$/)) {
throw new Error(PrincipalId must be a valid GUID: ${principal.principalId});
}
This will allow users to create their own UserGroups and pass in the unresolved token to the Assignment Object.
This should now be resolved in 0.1.150