feat: extend permissions for admin and user policies to include root access

satyatulasijalandharch · satyatulasijalandharch · commit bde8f2387bc3 · 2025-10-17T07:51:52.000Z
diff --git a/python/amazon-verified-permissions-rest-api/stack/verified_permissions/policy/admin.py b/python/amazon-verified-permissions-rest-api/stack/verified_permissions/policy/admin.py
@@ -19,7 +19,12 @@ def create_admin_policy(construct, policy_store, user_pool_id):
             static=StaticPolicyDefinitionProperty(
                 statement=f"""permit (
                 principal in amazonverified::UserGroup::"{user_pool_id}|admin",
-                action in [amazonverified::Action::"get /admin", amazonverified::Action::"get /user"],
+                action in 
+                [
+                    amazonverified::Action::"get /admin",
+                    amazonverified::Action::"get /user",
+                    amazonverified::Action::"get /"
+                ],
                 resource
                 );""",
                 description="Policy defining permissions for admin group",
diff --git a/python/amazon-verified-permissions-rest-api/stack/verified_permissions/policy/user.py b/python/amazon-verified-permissions-rest-api/stack/verified_permissions/policy/user.py
@@ -20,7 +20,10 @@ def create_user_policy(construct, policy_store, user_pool_id):
                 statement=f"""permit (
                     principal in amazonverified::UserGroup::"{user_pool_id}|user",
                     action in
-                        [amazonverified::Action::"get /user"],
+                    [
+                        amazonverified::Action::"get /user",
+                        amazonverified::Action::"get /"
+                    ],
                     resource
                 );""",
                 description="Policy defining permissions for user group",
diff --git a/python/amazon-verified-permissions-rest-api/stack/verified_permissions/schema.py b/python/amazon-verified-permissions-rest-api/stack/verified_permissions/schema.py
@@ -25,6 +25,13 @@
                     "resourceTypes": ["Application"],
                 }
             },
+            "get /": {
+                "appliesTo": {
+                    "context": {"type": "Record", "attributes": {}},
+                    "principalTypes": ["User"],
+                    "resourceTypes": ["Application"],
+                }
+            },
         },
     }
 }

Original file line number	Diff line number	Diff line change
`@@ -25,6 +25,13 @@`
`25`	`25`	`"resourceTypes": ["Application"],`
`26`	`26`	`}`
`27`	`27`	`},`
	`28`	`+ "get /": {`
	`29`	`+ "appliesTo": {`
	`30`	`+ "context": {"type": "Record", "attributes": {}},`
	`31`	`+ "principalTypes": ["User"],`
	`32`	`+ "resourceTypes": ["Application"],`
	`33`	`+ }`
	`34`	`+ },`
`28`	`35`	`},`
`29`	`36`	`}`
`30`	`37`	`}`