diff --git a/packages/@aws-cdk/aws-codedeploy/lib/pipeline-action.ts b/packages/@aws-cdk/aws-codedeploy/lib/pipeline-action.ts index 0d1a9635f80ba..656909c9cd0ef 100644 --- a/packages/@aws-cdk/aws-codedeploy/lib/pipeline-action.ts +++ b/packages/@aws-cdk/aws-codedeploy/lib/pipeline-action.ts @@ -1,7 +1,6 @@ import codepipeline = require('@aws-cdk/aws-codepipeline-api'); import iam = require('@aws-cdk/aws-iam'); import cdk = require('@aws-cdk/cdk'); -import { ServerDeploymentGroupRef } from './deployment-group'; /** * Construction properties of the {@link PipelineDeployAction CodeDeploy deploy CodePipeline Action}. @@ -9,9 +8,20 @@ import { ServerDeploymentGroupRef } from './deployment-group'; export interface PipelineDeployActionProps extends codepipeline.CommonActionProps, codepipeline.CommonActionConstructProps { /** - * The CodeDeploy Deployment Group to deploy to. + * The name of the CodeDeploy application to deploy to. + * + * @note this will most likely be changed to a proper CodeDeploy AWS Construct reference + * once that functionality has been implemented for CodeDeploy + */ + applicationName: string; + + /** + * The name of the CodeDeploy deployment group to deploy to. + * + * @note this will most likely be changed to a proper CodeDeploy AWS Construct reference + * once that functionality has been implemented for CodeDeploy */ - deploymentGroup: ServerDeploymentGroupRef; + deploymentGroupName: string; /** * The source to use as input for deployment. @@ -30,37 +40,50 @@ export class PipelineDeployAction extends codepipeline.DeployAction { provider: 'CodeDeploy', inputArtifact: props.inputArtifact, configuration: { - ApplicationName: props.deploymentGroup.application.applicationName, - DeploymentGroupName: props.deploymentGroup.deploymentGroupName, + ApplicationName: props.applicationName, + DeploymentGroupName: props.deploymentGroupName, }, }); // permissions, based on: // https://docs.aws.amazon.com/codedeploy/latest/userguide/auth-and-access-control-permissions-reference.html + const applicationArn = cdk.ArnUtils.fromComponents({ + service: 'codedeploy', + resource: 'application', + resourceName: props.applicationName, + sep: ':', + }); props.stage.pipeline.role.addToPolicy(new iam.PolicyStatement() - .addResource(props.deploymentGroup.application.applicationArn) + .addResource(applicationArn) .addActions( 'codedeploy:GetApplicationRevision', 'codedeploy:RegisterApplicationRevision', )); + const deploymentGroupArn = cdk.ArnUtils.fromComponents({ + service: 'codedeploy', + resource: 'deploymentgroup', + resourceName: `${props.applicationName}/${props.deploymentGroupName}`, + sep: ':', + }); props.stage.pipeline.role.addToPolicy(new iam.PolicyStatement() - .addResource(props.deploymentGroup.deploymentGroupArn) + .addResource(deploymentGroupArn) .addActions( 'codedeploy:CreateDeployment', 'codedeploy:GetDeployment', )); + const deployConfigArn = cdk.ArnUtils.fromComponents({ + service: 'codedeploy', + resource: 'deploymentconfig', + resourceName: '*', + sep: ':', + }); props.stage.pipeline.role.addToPolicy(new iam.PolicyStatement() - .addResource(props.deploymentGroup.deploymentConfig.deploymentConfigArn) + .addResource(deployConfigArn) .addActions( 'codedeploy:GetDeploymentConfig', )); - - // grant the ASG Role permissions to read from the Pipeline Bucket - for (const asg of props.deploymentGroup.autoScalingGroups || []) { - props.stage.pipeline.grantBucketRead(asg.role); - } } } diff --git a/packages/@aws-cdk/aws-codepipeline/test/integ.pipeline-code-deploy.expected.json b/packages/@aws-cdk/aws-codepipeline/test/integ.pipeline-code-deploy.expected.json index af9cc411c88b1..85cde39cd5645 100644 --- a/packages/@aws-cdk/aws-codepipeline/test/integ.pipeline-code-deploy.expected.json +++ b/packages/@aws-cdk/aws-codepipeline/test/integ.pipeline-code-deploy.expected.json @@ -175,10 +175,7 @@ { "Ref": "AWS::AccountId" }, - ":application:", - { - "Ref": "CodeDeployApplicationE587C27C" - } + ":application:IntegTestDeployApp" ] ] } @@ -205,14 +202,7 @@ { "Ref": "AWS::AccountId" }, - ":deploymentgroup:", - { - "Ref": "CodeDeployApplicationE587C27C" - }, - "/", - { - "Ref": "CodeDeployGroup58220FC8" - } + ":deploymentgroup:IntegTestDeployApp/IntegTestDeploymentGroup" ] ] } @@ -236,10 +226,7 @@ { "Ref": "AWS::AccountId" }, - ":deploymentconfig:", - { - "Ref": "CustomDeployConfig52EEBC13" - } + ":deploymentconfig:*" ] ] } @@ -309,12 +296,8 @@ "Version": "1" }, "Configuration": { - "ApplicationName": { - "Ref": "CodeDeployApplicationE587C27C" - }, - "DeploymentGroupName": { - "Ref": "CodeDeployGroup58220FC8" - } + "ApplicationName": "IntegTestDeployApp", + "DeploymentGroupName": "IntegTestDeploymentGroup" }, "InputArtifacts": [ { diff --git a/packages/@aws-cdk/aws-codepipeline/test/integ.pipeline-code-deploy.ts b/packages/@aws-cdk/aws-codepipeline/test/integ.pipeline-code-deploy.ts index b6f71cf5e3679..954d49eb1652c 100644 --- a/packages/@aws-cdk/aws-codepipeline/test/integ.pipeline-code-deploy.ts +++ b/packages/@aws-cdk/aws-codepipeline/test/integ.pipeline-code-deploy.ts @@ -15,7 +15,7 @@ const deploymentConfig = new codedeploy.ServerDeploymentConfig(stack, 'CustomDep minHealthyHostCount: 0, }); -const deploymentGroup = new codedeploy.ServerDeploymentGroup(stack, 'CodeDeployGroup', { +new codedeploy.ServerDeploymentGroup(stack, 'CodeDeployGroup', { application, deploymentGroupName: 'IntegTestDeploymentGroup', deploymentConfig, @@ -38,7 +38,8 @@ bucket.addToPipeline(sourceStage, 'S3Source', { const deployStage = new codepipeline.Stage(stack, 'Deploy', { pipeline }); new codedeploy.PipelineDeployAction(stack, 'CodeDeploy', { stage: deployStage, - deploymentGroup, + applicationName: 'IntegTestDeployApp', + deploymentGroupName: 'IntegTestDeploymentGroup', }); app.run();