Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(core): addToRolePolicy() for custom resource provider #20449

Merged
merged 5 commits into from
Jun 2, 2022
Merged

feat(core): addToRolePolicy() for custom resource provider #20449

merged 5 commits into from
Jun 2, 2022

Conversation

jogold
Copy link
Contributor

@jogold jogold commented May 21, 2022

Since we only get a singleton we need a addToRolePolicy() method to
add statements when the singleton is used for multiple custom resources.

All Submissions:

Adding new Unconventional Dependencies:

  • This PR adds new unconventional dependencies following the process described here

New Features

  • Have you added the new feature to an integration test?
    • Did you use yarn integ to deploy the infrastructure and generate the snapshot (i.e. yarn integ without --dry-run)?

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

@jogold
feat(core): addToRolePolicy() for custom resource provider
ac3e60b 
Since we only get a singleton we need a `addToRolePolicy()` method to
add statements when the singleton is used for multiple custom resources.
@gitpod-io
Copy link

gitpod-io bot commented May 21, 2022

@github-actions github-actions bot added the p2 label May 21, 2022
@aws-cdk-automation aws-cdk-automation requested a review from a team May 21, 2022 08:13
@jogold
Copy link
Contributor Author

jogold commented May 21, 2022

Can be used to simplify/rewrite the following:

aws-cdk/packages/@aws-cdk/aws-cloudfront/lib/experimental/edge-function.ts

Lines 181 to 190 in 87dd2a6

private createCrossRegionArnReader(parameterNamePrefix: string, parameterName: string, version: lambda.Version): string {
// Prefix of the parameter ARN that applies to all EdgeFunctions.
// This is necessary because the `CustomResourceProvider` is a singleton, and the `policyStatement`
// must work for multiple EdgeFunctions.
const parameterArnPrefix = this.stack.formatArn({
service: 'ssm',
region: EdgeFunction.EDGE_REGION,
resource: 'parameter',
resourceName: parameterNamePrefix + '/*',
});

aws-cdk/packages/@aws-cdk/aws-route53/lib/record-set.ts

Lines 686 to 697 in 87dd2a6

const provider = CustomResourceProvider.getOrCreateProvider(this, CROSS_ACCOUNT_ZONE_DELEGATION_RESOURCE_TYPE, {
codeDirectory: path.join(__dirname, 'cross-account-zone-delegation-handler'),
runtime: CustomResourceProviderRuntime.NODEJS_12_X,
});
const role = iam.Role.fromRoleArn(this, 'cross-account-zone-delegation-handler-role', provider.roleArn);
const addToPrinciplePolicyResult = role.addToPrincipalPolicy(new iam.PolicyStatement({
effect: iam.Effect.ALLOW,
actions: ['sts:AssumeRole'],
resources: [props.delegationRole.roleArn],
}));

For this PR?

@jogold
Copy link
Contributor Author

jogold commented May 21, 2022

Needs pr-linter/exempt-integ-test

@jogold jogold changed the base branch from v1-main to main June 2, 2022 07:15
@corymhall corymhall added the pr-linter/exempt-integ-test The PR linter will not require integ test changes label Jun 2, 2022
@mergify
Copy link
Contributor

mergify bot commented Jun 2, 2022

Thank you for contributing! Your pull request will be updated from master and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

@mergify mergify bot merged commit 7f2fccc into aws:main Jun 2, 2022
@mergify
Copy link
Contributor

mergify bot commented Jun 2, 2022

Thank you for contributing! Your pull request will be updated from master and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

@aws-cdk-automation
Copy link
Collaborator

AWS CodeBuild CI Report

  • CodeBuild project: AutoBuildv2Project1C6BFA3F-wQm2hXv2jqQv
  • Commit ID: 1f17eb7
  • Result: SUCCEEDED
  • Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

@jogold jogold deleted the core-crp-add-to-role-policy branch June 2, 2022 15:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@corymhall corymhall corymhall approved these changes

Assignees
No one assigned
Labels
p2 pr-linter/exempt-integ-test The PR linter will not require integ test changes
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@jogold @aws-cdk-automation @corymhall