fix typo and added unit tests

aws · Jan 15, 2025 · ded8610 · ded8610
1 parent e2c7163
commit ded8610
Show file tree

Hide file tree

Showing 4 changed files with 26 additions and 3 deletions.
diff --git a/packages/aws-cdk-lib/aws-iam/lib/oidc-provider.ts b/packages/aws-cdk-lib/aws-iam/lib/oidc-provider.ts
@@ -150,7 +150,7 @@ export class OpenIdConnectProvider extends Resource implements IOpenIdConnectPro
         ClientIDList: props.clientIds,
         ThumbprintList: props.thumbprints,
         Url: props.url,
-        RejectUnauthoried: rejectUnauthorized,
+        RejectUnauthorized: rejectUnauthorized,
 
         // code changes can cause thumbprint changes in case they weren't explicitly provided.
         // add the code hash as a property so that CFN invokes the UPDATE handler in these cases,

diff --git a/packages/aws-cdk-lib/aws-iam/test/oidc-provider.test.ts b/packages/aws-cdk-lib/aws-iam/test/oidc-provider.test.ts
@@ -34,6 +34,29 @@ describe('OpenIdConnectProvider resource', () => {
     expect(stack.resolve(provider.openIdConnectProviderArn)).toStrictEqual({ Ref: 'MyProvider730BA1C8' });
   });
 
+  it.each(
+    [true, false, undefined]
+  )('Check the status of RejectUnauthorized when IAM_OIDC_REJECT_UNAUTHORIZED_CONNECTIONS is set to different values', (flag) => {
+    // GIVEN
+    const app = new App({
+      context: {
+        '@aws-cdk/aws-iam:oidcRejectUnauthorizedConnections': flag,
+      },
+    });
+    const stack = new Stack(app);
+
+    // WHEN
+    new iam.OpenIdConnectProvider(stack, 'MyProvider', {
+      url: 'https://my-issuer',
+    });
+
+    // THEN
+    Template.fromStack(stack).hasResourceProperties('Custom::AWSCDKOpenIdConnectProvider', {
+      Url: 'https://my-issuer',
+      RejectUnauthorized: flag ?? false,
+    });
+  });
+
   test('static fromOpenIdConnectProviderArn can be used to import a provider', () => {
     // GIVEN
     const stack = new Stack();

diff --git a/packages/aws-cdk-lib/cx-api/FEATURE_FLAGS.md b/packages/aws-cdk-lib/cx-api/FEATURE_FLAGS.md
@@ -1659,7 +1659,7 @@ When this feature flag is enabled, the default behaviour of OIDC Provider's cust
 default to reject unauthorized connections when downloading CA Certificates.
 
 When this feature flag is disabled, the behaviour will be the same as current and will allow downloading
-thumbprints from unsecure connnections.
+thumbprints from unsecure connections.
 
 
 | Since | Default | Recommended |

diff --git a/packages/aws-cdk-lib/cx-api/lib/features.ts b/packages/aws-cdk-lib/cx-api/lib/features.ts
@@ -1366,7 +1366,7 @@ export const FLAGS: Record<string, FlagInfo> = {
       default to reject unauthorized connections when downloading CA Certificates.
       
       When this feature flag is disabled, the behaviour will be the same as current and will allow downloading
-      thumbprints from unsecure connnections.`,
+      thumbprints from unsecure connections.`,
     introducedIn: { v2: 'V2NEXT' },
     recommendedValue: true,
     compatibilityWithOldBehaviorMd: 'Disable the feature flag to allow unsecure OIDC connection.',