From a951aa1ed39a8a0205d240abad437e6920299dca Mon Sep 17 00:00:00 2001
From: Adam Ruka <adamruka85@gmail.com>
Date: Tue, 6 Nov 2018 10:11:35 -0800
Subject: [PATCH] feat(aws-codedeploy): CodeDeploy Pipeline Action using the L2
 DeploymentGroup Construct. (#1085)

BREAKING CHANGE: this changes the API of the CodeDeploy Pipeline Action
to take the DeploymentGroup AWS Construct as an argument instead of the names
of the Application and Deployment Group.
---
 .../aws-codedeploy/lib/pipeline-action.ts     | 49 +++++--------------
 .../integ.pipeline-code-deploy.expected.json  | 27 ++++++++--
 .../test/integ.pipeline-code-deploy.ts        |  5 +-
 3 files changed, 37 insertions(+), 44 deletions(-)

diff --git a/packages/@aws-cdk/aws-codedeploy/lib/pipeline-action.ts b/packages/@aws-cdk/aws-codedeploy/lib/pipeline-action.ts
index 656909c9cd0ef..0d1a9635f80ba 100644
--- a/packages/@aws-cdk/aws-codedeploy/lib/pipeline-action.ts
+++ b/packages/@aws-cdk/aws-codedeploy/lib/pipeline-action.ts
@@ -1,6 +1,7 @@
 import codepipeline = require('@aws-cdk/aws-codepipeline-api');
 import iam = require('@aws-cdk/aws-iam');
 import cdk = require('@aws-cdk/cdk');
+import { ServerDeploymentGroupRef } from './deployment-group';
 
 /**
  * Construction properties of the {@link PipelineDeployAction CodeDeploy deploy CodePipeline Action}.
@@ -8,20 +9,9 @@ import cdk = require('@aws-cdk/cdk');
 export interface PipelineDeployActionProps extends codepipeline.CommonActionProps,
     codepipeline.CommonActionConstructProps {
   /**
-   * The name of the CodeDeploy application to deploy to.
-   *
-   * @note this will most likely be changed to a proper CodeDeploy AWS Construct reference
-   *   once that functionality has been implemented for CodeDeploy
-   */
-  applicationName: string;
-
-  /**
-   * The name of the CodeDeploy deployment group to deploy to.
-   *
-   * @note this will most likely be changed to a proper CodeDeploy AWS Construct reference
-   *   once that functionality has been implemented for CodeDeploy
+   * The CodeDeploy Deployment Group to deploy to.
    */
-  deploymentGroupName: string;
+  deploymentGroup: ServerDeploymentGroupRef;
 
   /**
    * The source to use as input for deployment.
@@ -40,50 +30,37 @@ export class PipelineDeployAction extends codepipeline.DeployAction {
       provider: 'CodeDeploy',
       inputArtifact: props.inputArtifact,
       configuration: {
-        ApplicationName: props.applicationName,
-        DeploymentGroupName: props.deploymentGroupName,
+        ApplicationName: props.deploymentGroup.application.applicationName,
+        DeploymentGroupName: props.deploymentGroup.deploymentGroupName,
       },
     });
 
     // permissions, based on:
     // https://docs.aws.amazon.com/codedeploy/latest/userguide/auth-and-access-control-permissions-reference.html
 
-    const applicationArn = cdk.ArnUtils.fromComponents({
-      service: 'codedeploy',
-      resource: 'application',
-      resourceName: props.applicationName,
-      sep: ':',
-    });
     props.stage.pipeline.role.addToPolicy(new iam.PolicyStatement()
-      .addResource(applicationArn)
+      .addResource(props.deploymentGroup.application.applicationArn)
       .addActions(
         'codedeploy:GetApplicationRevision',
         'codedeploy:RegisterApplicationRevision',
       ));
 
-    const deploymentGroupArn = cdk.ArnUtils.fromComponents({
-      service: 'codedeploy',
-      resource: 'deploymentgroup',
-      resourceName: `${props.applicationName}/${props.deploymentGroupName}`,
-      sep: ':',
-    });
     props.stage.pipeline.role.addToPolicy(new iam.PolicyStatement()
-      .addResource(deploymentGroupArn)
+      .addResource(props.deploymentGroup.deploymentGroupArn)
       .addActions(
         'codedeploy:CreateDeployment',
         'codedeploy:GetDeployment',
       ));
 
-    const deployConfigArn = cdk.ArnUtils.fromComponents({
-      service: 'codedeploy',
-      resource: 'deploymentconfig',
-      resourceName: '*',
-      sep: ':',
-    });
     props.stage.pipeline.role.addToPolicy(new iam.PolicyStatement()
-      .addResource(deployConfigArn)
+      .addResource(props.deploymentGroup.deploymentConfig.deploymentConfigArn)
       .addActions(
         'codedeploy:GetDeploymentConfig',
       ));
+
+    // grant the ASG Role permissions to read from the Pipeline Bucket
+    for (const asg of props.deploymentGroup.autoScalingGroups || []) {
+      props.stage.pipeline.grantBucketRead(asg.role);
+    }
   }
 }
diff --git a/packages/@aws-cdk/aws-codepipeline/test/integ.pipeline-code-deploy.expected.json b/packages/@aws-cdk/aws-codepipeline/test/integ.pipeline-code-deploy.expected.json
index 85cde39cd5645..af9cc411c88b1 100644
--- a/packages/@aws-cdk/aws-codepipeline/test/integ.pipeline-code-deploy.expected.json
+++ b/packages/@aws-cdk/aws-codepipeline/test/integ.pipeline-code-deploy.expected.json
@@ -175,7 +175,10 @@
                     {
                       "Ref": "AWS::AccountId"
                     },
-                    ":application:IntegTestDeployApp"
+                    ":application:",
+                    {
+                      "Ref": "CodeDeployApplicationE587C27C"
+                    }
                   ]
                 ]
               }
@@ -202,7 +205,14 @@
                     {
                       "Ref": "AWS::AccountId"
                     },
-                    ":deploymentgroup:IntegTestDeployApp/IntegTestDeploymentGroup"
+                    ":deploymentgroup:",
+                    {
+                      "Ref": "CodeDeployApplicationE587C27C"
+                    },
+                    "/",
+                    {
+                      "Ref": "CodeDeployGroup58220FC8"
+                    }
                   ]
                 ]
               }
@@ -226,7 +236,10 @@
                     {
                       "Ref": "AWS::AccountId"
                     },
-                    ":deploymentconfig:*"
+                    ":deploymentconfig:",
+                    {
+                      "Ref": "CustomDeployConfig52EEBC13"
+                    }
                   ]
                 ]
               }
@@ -296,8 +309,12 @@
                   "Version": "1"
                 },
                 "Configuration": {
-                  "ApplicationName": "IntegTestDeployApp",
-                  "DeploymentGroupName": "IntegTestDeploymentGroup"
+                  "ApplicationName": {
+                    "Ref": "CodeDeployApplicationE587C27C"
+                  },
+                  "DeploymentGroupName": {
+                    "Ref": "CodeDeployGroup58220FC8"
+                  }
                 },
                 "InputArtifacts": [
                   {
diff --git a/packages/@aws-cdk/aws-codepipeline/test/integ.pipeline-code-deploy.ts b/packages/@aws-cdk/aws-codepipeline/test/integ.pipeline-code-deploy.ts
index 954d49eb1652c..b6f71cf5e3679 100644
--- a/packages/@aws-cdk/aws-codepipeline/test/integ.pipeline-code-deploy.ts
+++ b/packages/@aws-cdk/aws-codepipeline/test/integ.pipeline-code-deploy.ts
@@ -15,7 +15,7 @@ const deploymentConfig = new codedeploy.ServerDeploymentConfig(stack, 'CustomDep
   minHealthyHostCount: 0,
 });
 
-new codedeploy.ServerDeploymentGroup(stack, 'CodeDeployGroup', {
+const deploymentGroup = new codedeploy.ServerDeploymentGroup(stack, 'CodeDeployGroup', {
   application,
   deploymentGroupName: 'IntegTestDeploymentGroup',
   deploymentConfig,
@@ -38,8 +38,7 @@ bucket.addToPipeline(sourceStage, 'S3Source', {
 const deployStage = new codepipeline.Stage(stack, 'Deploy', { pipeline });
 new codedeploy.PipelineDeployAction(stack, 'CodeDeploy', {
   stage: deployStage,
-  applicationName: 'IntegTestDeployApp',
-  deploymentGroupName: 'IntegTestDeploymentGroup',
+  deploymentGroup,
 });
 
 app.run();