Skip to content

Allow read only operations by default#772

Merged
rhernandez35 merged 2 commits into
mainfrom
allow-read-apis-by-default
Jun 11, 2025
Merged

Allow read only operations by default#772
rhernandez35 merged 2 commits into
mainfrom
allow-read-apis-by-default

Conversation

@shwdean

@shwdean shwdean commented Jun 11, 2025

Copy link
Copy Markdown
Contributor

Allows users to incrementally allow write APIs without re-specifying the entire list of read-only APIs

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

@rhernandez35
rhernandez35 merged commit 9f500ff into main Jun 11, 2025
2 checks passed
@rhernandez35
rhernandez35 deleted the allow-read-apis-by-default branch June 11, 2025 22:31
Comment on lines +40 to +49
protected boolean readOnlyApis;

@Override
protected CliBundle getNewToolConfig() {
var bundleBuilder = AwsServiceBundler.builder()
.serviceName(awsServiceName);
//If nothing is specified then default to only readOnlyOperations.
if (readOnlyApis) {
// Include read-only apis unless disabled
bundleBuilder.readOnlyOperations();
}

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this should be Boolean and we should still only respect the allowedApis if explicitly passed. Right now there is no way for a customer to only create a bundle for a single API without blockingListing every other one.

IMO what would be better is this,

  1. If nothing is passed default to read-only-apis.
  2. If an allow list is passed use only that. Users can optionally also pass read-only-apis and then they get the union of allowList and readOnlyApis.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants