Skip to content

fix(s3tables): s3 table bucket read access role uses incorrect permission for s3tables:ListNamespaces#35420

Merged
mergify[bot] merged 3 commits intoaws:mainfrom
TobiasL:fix-s3tables-listnamespaces
Oct 6, 2025
Merged

fix(s3tables): s3 table bucket read access role uses incorrect permission for s3tables:ListNamespaces#35420
mergify[bot] merged 3 commits intoaws:mainfrom
TobiasL:fix-s3tables-listnamespaces

Conversation

@TobiasL
Copy link
Copy Markdown
Contributor

@TobiasL TobiasL commented Sep 5, 2025

…ead access.

Reason for this change

When setting up a S3 Table through AWS CDK @aws-cdk/aws-s3tables-alpha version 2.214.0-alpha.0 the granting of read access adds the action s3tables:ListNamespace. That action is invalid according to the AWS Console.

Description of changes

Switching the invalid action s3tables:ListNamespace to the correct one called s3tables:ListNamespaces. Documentation for the listing of namespaces: https://docs.aws.amazon.com/cli/latest/reference/s3tables/list-namespaces.html.

Describe any new or updated permissions being added

None.

Description of how you validated changes

Unit and integration tests passed.

Checklist

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

@github-actions github-actions bot added beginning-contributor [Pilot] contributed between 0-2 PRs to the CDK p2 labels Sep 5, 2025
@aws-cdk-automation aws-cdk-automation requested a review from a team September 5, 2025 07:02
aws-cdk-automation
aws-cdk-automation previously requested changes Sep 5, 2025
View reviewed changes
Copy link
Copy Markdown
Collaborator

@aws-cdk-automation aws-cdk-automation left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

(This review is outdated)

@TobiasL TobiasL changed the title fix(s3tables): Correct the list namespaces role for s3 table bucket r… fix(s3tables): correct the list namespaces role for s3 table bucket r… Sep 5, 2025
@TobiasL
Copy link
Copy Markdown
Contributor Author

TobiasL commented Sep 5, 2025

Exemption Request: The existing integration tests covers the granting of read access and asserts which actions should be allowed. I just needed to update the snapshots for the integration tests to the correct action s3tables:ListNamespaces.

@aws-cdk-automation aws-cdk-automation added the pr-linter/exemption-requested The contributor has requested an exemption to the PR Linter feedback. label Sep 5, 2025
@TheRealAmazonKendra TheRealAmazonKendra changed the title fix(s3tables): correct the list namespaces role for s3 table bucket r… fix(s3tables): correct the list namespaces role for s3 table bucket read access Sep 18, 2025
@TheRealAmazonKendra TheRealAmazonKendra added the pr-linter/exempt-integ-test The PR linter will not require integ test changes label Sep 18, 2025
@TheRealAmazonKendra TheRealAmazonKendra changed the title fix(s3tables): correct the list namespaces role for s3 table bucket read access fix(s3tables): s3 table bucket read access role uses incorrect permission for s3tables:ListNamespaces Sep 18, 2025
@aws-cdk-automation aws-cdk-automation dismissed their stale review September 18, 2025 23:11

✅ Updated pull request passes all PRLinter validations. Dismissing previous PRLinter review.

TheRealAmazonKendra
TheRealAmazonKendra previously approved these changes Sep 18, 2025
View reviewed changes
Copy link
Copy Markdown
Contributor

@TheRealAmazonKendra TheRealAmazonKendra left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for the fix! Looks good to me but just one note that when you make a fix the PR title should describe the problem, not the solution. I've updated the title to do so.

@mergify
Copy link
Copy Markdown
Contributor

mergify bot commented Sep 22, 2025

Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

@mergify
Copy link
Copy Markdown
Contributor

mergify bot commented Sep 22, 2025

This pull request has been removed from the queue for the following reason: pull request branch update failed.

The pull request can't be updated.

You should update or rebase your pull request manually. If you do, this pull request will automatically be requeued once the queue conditions match again.
If you think this was a flaky issue, you can requeue the pull request, without updating it, by posting a @mergifyio requeue comment.

@mergify mergify bot dismissed TheRealAmazonKendra’s stale review September 29, 2025 10:43

Pull request has been modified.

@github-actions github-actions bot mentioned this pull request Oct 1, 2025
Open
@TheRealAmazonKendra
Copy link
Copy Markdown
Contributor

TheRealAmazonKendra commented Oct 6, 2025

@Mergifyio update

@mergify
Copy link
Copy Markdown
Contributor

mergify bot commented Oct 6, 2025

update

❌ Mergify doesn't have permission to update

Details

For security reasons, Mergify can't update this pull request. Try updating locally.
GitHub response: refusing to allow a GitHub App to create or update workflow .github/workflows/codebuild-pr-build.yml without workflows permission

TheRealAmazonKendra
TheRealAmazonKendra approved these changes Oct 6, 2025
View reviewed changes
Copy link
Copy Markdown
Contributor

@TheRealAmazonKendra TheRealAmazonKendra left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's try this again!

@mergify
Copy link
Copy Markdown
Contributor

mergify bot commented Oct 6, 2025

Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

@mergify mergify bot added the queued label Oct 6, 2025
@mergify
Copy link
Copy Markdown
Contributor

mergify bot commented Oct 6, 2025

Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

@mergify mergify bot merged commit eb949bb into aws:main Oct 6, 2025
26 checks passed
@mergify mergify bot removed the queued label Oct 6, 2025
@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Oct 6, 2025

Comments on closed issues and PRs are hard for our team to see.
If you need help, please open a new issue that references this one.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Oct 6, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@TheRealAmazonKendra TheRealAmazonKendra TheRealAmazonKendra approved these changes

@aws-cdk-automation aws-cdk-automation aws-cdk-automation left review comments

Assignees

No one assigned

Labels

beginning-contributor [Pilot] contributed between 0-2 PRs to the CDK p2 pr-linter/exempt-integ-test The PR linter will not require integ test changes pr-linter/exemption-requested The contributor has requested an exemption to the PR Linter feedback.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@TobiasL @TheRealAmazonKendra @aws-cdk-automation