From 7446b1d11f419b61ecfbaa4b7650166147b809a0 Mon Sep 17 00:00:00 2001 From: yuanhaoz Date: Mon, 13 May 2024 15:05:05 -0700 Subject: [PATCH 1/3] fix(events_targets): KinesisFirehoseStream not accepting IDeliveryStream for imported DeliveryStream --- .../aws-kinesisfirehose-alpha/package.json | 1 + ...s-cdk-firehose-delivery-stream.assets.json | 19 + ...cdk-firehose-delivery-stream.template.json | 322 +++++++++++++ .../cdk.out | 1 + .../integ.json | 12 + ...efaultTestDeployAssert44C8D370.assets.json | 19 + ...aultTestDeployAssert44C8D370.template.json | 36 ++ .../manifest.json | 155 ++++++ .../tree.json | 441 ++++++++++++++++++ .../integ.kinesis-stream-events-target.ts | 56 +++ .../lib/kinesis-firehose-stream.ts | 50 ++ 11 files changed, 1112 insertions(+) create mode 100644 packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.kinesis-stream-events-target.js.snapshot/aws-cdk-firehose-delivery-stream.assets.json create mode 100644 packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.kinesis-stream-events-target.js.snapshot/aws-cdk-firehose-delivery-stream.template.json create mode 100644 packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.kinesis-stream-events-target.js.snapshot/cdk.out create mode 100644 packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.kinesis-stream-events-target.js.snapshot/integ.json create mode 100644 packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.kinesis-stream-events-target.js.snapshot/integtestsDefaultTestDeployAssert44C8D370.assets.json create mode 100644 packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.kinesis-stream-events-target.js.snapshot/integtestsDefaultTestDeployAssert44C8D370.template.json create mode 100644 packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.kinesis-stream-events-target.js.snapshot/manifest.json create mode 100644 packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.kinesis-stream-events-target.js.snapshot/tree.json create mode 100644 packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.kinesis-stream-events-target.ts diff --git a/packages/@aws-cdk/aws-kinesisfirehose-alpha/package.json b/packages/@aws-cdk/aws-kinesisfirehose-alpha/package.json index 8bdbf96dc8440..afbae35da3b7f 100644 --- a/packages/@aws-cdk/aws-kinesisfirehose-alpha/package.json +++ b/packages/@aws-cdk/aws-kinesisfirehose-alpha/package.json @@ -83,6 +83,7 @@ "devDependencies": { "@aws-cdk/cdk-build-tools": "0.0.0", "@aws-cdk/integ-runner": "0.0.0", + "@aws-cdk/integ-tests-alpha": "0.0.0", "@aws-cdk/pkglint": "0.0.0", "@types/jest": "^29.5.12", "aws-cdk-lib": "0.0.0", diff --git a/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.kinesis-stream-events-target.js.snapshot/aws-cdk-firehose-delivery-stream.assets.json b/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.kinesis-stream-events-target.js.snapshot/aws-cdk-firehose-delivery-stream.assets.json new file mode 100644 index 0000000000000..ba10ce4695c86 --- /dev/null +++ b/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.kinesis-stream-events-target.js.snapshot/aws-cdk-firehose-delivery-stream.assets.json @@ -0,0 +1,19 @@ +{ + "version": "36.0.0", + "files": { + "77eb9b4f2e1d64050e1517617f17cfb3d50f16bfbad9719cdf33bd19c0725e79": { + "source": { + "path": "aws-cdk-firehose-delivery-stream.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "77eb9b4f2e1d64050e1517617f17cfb3d50f16bfbad9719cdf33bd19c0725e79.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.kinesis-stream-events-target.js.snapshot/aws-cdk-firehose-delivery-stream.template.json b/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.kinesis-stream-events-target.js.snapshot/aws-cdk-firehose-delivery-stream.template.json new file mode 100644 index 0000000000000..0d91efc28cae1 --- /dev/null +++ b/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.kinesis-stream-events-target.js.snapshot/aws-cdk-firehose-delivery-stream.template.json @@ -0,0 +1,322 @@ +{ + "Resources": { + "Bucket83908E77": { + "Type": "AWS::S3::Bucket", + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "Role1ABCC5F0": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "firehose.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "RoleDefaultPolicy5FFB7DAB": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "s3:Abort*", + "s3:DeleteObject*", + "s3:GetBucket*", + "s3:GetObject*", + "s3:List*", + "s3:PutObject", + "s3:PutObjectLegalHold", + "s3:PutObjectRetention", + "s3:PutObjectTagging", + "s3:PutObjectVersionTagging" + ], + "Effect": "Allow", + "Resource": [ + { + "Fn::GetAtt": [ + "Bucket83908E77", + "Arn" + ] + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "Bucket83908E77", + "Arn" + ] + }, + "/*" + ] + ] + } + ] + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "RoleDefaultPolicy5FFB7DAB", + "Roles": [ + { + "Ref": "Role1ABCC5F0" + } + ] + } + }, + "DeliveryStreamNoSourceOrEncryptionKey0E4AAB82": { + "Type": "AWS::KinesisFirehose::DeliveryStream", + "Properties": { + "DeliveryStreamType": "DirectPut", + "ExtendedS3DestinationConfiguration": { + "BucketARN": { + "Fn::GetAtt": [ + "Bucket83908E77", + "Arn" + ] + }, + "RoleARN": { + "Fn::GetAtt": [ + "Role1ABCC5F0", + "Arn" + ] + } + } + }, + "DependsOn": [ + "RoleDefaultPolicy5FFB7DAB" + ] + }, + "ruleF2C1DCDC": { + "Type": "AWS::Events::Rule", + "Properties": { + "EventPattern": { + "source": [ + "aws.s3" + ], + "detail": { + "eventName": [ + "PutObject" + ], + "requestParameters": { + "bucketName": [ + { + "Ref": "Bucket83908E77" + } + ] + } + } + }, + "State": "ENABLED", + "Targets": [ + { + "Arn": { + "Fn::GetAtt": [ + "DeliveryStreamNoSourceOrEncryptionKey0E4AAB82", + "Arn" + ] + }, + "Id": "Target0", + "RoleArn": { + "Fn::GetAtt": [ + "firehoseEventsRole71BC7157", + "Arn" + ] + } + } + ] + } + }, + "firehoseEventsRole71BC7157": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "events.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "firehoseEventsRoleDefaultPolicy90598A65": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "firehose:PutRecord", + "firehose:PutRecordBatch" + ], + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "DeliveryStreamNoSourceOrEncryptionKey0E4AAB82", + "Arn" + ] + } + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "firehoseEventsRoleDefaultPolicy90598A65", + "Roles": [ + { + "Ref": "firehoseEventsRole71BC7157" + } + ] + } + } + }, + "Mappings": { + "awscdkawskinesisfirehoseCidrBlocks": { + "af-south-1": { + "FirehoseCidrBlock": "13.244.121.224/27" + }, + "ap-east-1": { + "FirehoseCidrBlock": "18.162.221.32/27" + }, + "ap-northeast-1": { + "FirehoseCidrBlock": "13.113.196.224/27" + }, + "ap-northeast-2": { + "FirehoseCidrBlock": "13.209.1.64/27" + }, + "ap-northeast-3": { + "FirehoseCidrBlock": "13.208.177.192/27" + }, + "ap-south-1": { + "FirehoseCidrBlock": "13.232.67.32/27" + }, + "ap-south-2": { + "FirehoseCidrBlock": "18.60.192.128/27" + }, + "ap-southeast-1": { + "FirehoseCidrBlock": "13.228.64.192/27" + }, + "ap-southeast-2": { + "FirehoseCidrBlock": "13.210.67.224/27" + }, + "ap-southeast-3": { + "FirehoseCidrBlock": "108.136.221.64/27" + }, + "ap-southeast-4": { + "FirehoseCidrBlock": "16.50.161.128/27" + }, + "ca-central-1": { + "FirehoseCidrBlock": "35.183.92.128/27" + }, + "cn-north-1": { + "FirehoseCidrBlock": "52.81.151.32/27" + }, + "cn-northwest-1": { + "FirehoseCidrBlock": "161.189.23.64/27" + }, + "eu-central-1": { + "FirehoseCidrBlock": "35.158.127.160/27" + }, + "eu-central-2": { + "FirehoseCidrBlock": "16.62.183.32/27" + }, + "eu-north-1": { + "FirehoseCidrBlock": "13.53.63.224/27" + }, + "eu-south-1": { + "FirehoseCidrBlock": "15.161.135.128/27" + }, + "eu-south-2": { + "FirehoseCidrBlock": "18.100.71.96/27" + }, + "eu-west-1": { + "FirehoseCidrBlock": "52.19.239.192/27" + }, + "eu-west-2": { + "FirehoseCidrBlock": "18.130.1.96/27" + }, + "eu-west-3": { + "FirehoseCidrBlock": "35.180.1.96/27" + }, + "il-central-1": { + "FirehoseCidrBlock": "51.16.102.0/27" + }, + "me-central-1": { + "FirehoseCidrBlock": "3.28.159.32/27" + }, + "me-south-1": { + "FirehoseCidrBlock": "15.185.91.0/27" + }, + "sa-east-1": { + "FirehoseCidrBlock": "18.228.1.128/27" + }, + "us-east-1": { + "FirehoseCidrBlock": "52.70.63.192/27" + }, + "us-east-2": { + "FirehoseCidrBlock": "13.58.135.96/27" + }, + "us-gov-east-1": { + "FirehoseCidrBlock": "18.253.138.96/27" + }, + "us-gov-west-1": { + "FirehoseCidrBlock": "52.61.204.160/27" + }, + "us-west-1": { + "FirehoseCidrBlock": "13.57.135.192/27" + }, + "us-west-2": { + "FirehoseCidrBlock": "52.89.255.224/27" + } + } + }, + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.kinesis-stream-events-target.js.snapshot/cdk.out b/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.kinesis-stream-events-target.js.snapshot/cdk.out new file mode 100644 index 0000000000000..1f0068d32659a --- /dev/null +++ b/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.kinesis-stream-events-target.js.snapshot/cdk.out @@ -0,0 +1 @@ +{"version":"36.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.kinesis-stream-events-target.js.snapshot/integ.json b/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.kinesis-stream-events-target.js.snapshot/integ.json new file mode 100644 index 0000000000000..34d73154d3a4c --- /dev/null +++ b/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.kinesis-stream-events-target.js.snapshot/integ.json @@ -0,0 +1,12 @@ +{ + "version": "36.0.0", + "testCases": { + "integ-tests/DefaultTest": { + "stacks": [ + "aws-cdk-firehose-delivery-stream" + ], + "assertionStack": "integ-tests/DefaultTest/DeployAssert", + "assertionStackName": "integtestsDefaultTestDeployAssert44C8D370" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.kinesis-stream-events-target.js.snapshot/integtestsDefaultTestDeployAssert44C8D370.assets.json b/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.kinesis-stream-events-target.js.snapshot/integtestsDefaultTestDeployAssert44C8D370.assets.json new file mode 100644 index 0000000000000..50121024f8d99 --- /dev/null +++ b/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.kinesis-stream-events-target.js.snapshot/integtestsDefaultTestDeployAssert44C8D370.assets.json @@ -0,0 +1,19 @@ +{ + "version": "36.0.0", + "files": { + "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { + "source": { + "path": "integtestsDefaultTestDeployAssert44C8D370.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.kinesis-stream-events-target.js.snapshot/integtestsDefaultTestDeployAssert44C8D370.template.json b/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.kinesis-stream-events-target.js.snapshot/integtestsDefaultTestDeployAssert44C8D370.template.json new file mode 100644 index 0000000000000..ad9d0fb73d1dd --- /dev/null +++ b/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.kinesis-stream-events-target.js.snapshot/integtestsDefaultTestDeployAssert44C8D370.template.json @@ -0,0 +1,36 @@ +{ + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.kinesis-stream-events-target.js.snapshot/manifest.json b/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.kinesis-stream-events-target.js.snapshot/manifest.json new file mode 100644 index 0000000000000..67554d3ff3ee5 --- /dev/null +++ b/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.kinesis-stream-events-target.js.snapshot/manifest.json @@ -0,0 +1,155 @@ +{ + "version": "36.0.0", + "artifacts": { + "aws-cdk-firehose-delivery-stream.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "aws-cdk-firehose-delivery-stream.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "aws-cdk-firehose-delivery-stream": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "aws-cdk-firehose-delivery-stream.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/77eb9b4f2e1d64050e1517617f17cfb3d50f16bfbad9719cdf33bd19c0725e79.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "aws-cdk-firehose-delivery-stream.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "aws-cdk-firehose-delivery-stream.assets" + ], + "metadata": { + "/aws-cdk-firehose-delivery-stream/Bucket/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "Bucket83908E77" + } + ], + "/aws-cdk-firehose-delivery-stream/Role/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "Role1ABCC5F0" + } + ], + "/aws-cdk-firehose-delivery-stream/Role/DefaultPolicy/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "RoleDefaultPolicy5FFB7DAB" + } + ], + "/aws-cdk-firehose-delivery-stream/Delivery Stream No Source Or Encryption Key/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "DeliveryStreamNoSourceOrEncryptionKey0E4AAB82" + } + ], + "/aws-cdk-firehose-delivery-stream/@aws-cdk--aws-kinesisfirehose.CidrBlocks": [ + { + "type": "aws:cdk:logicalId", + "data": "awscdkawskinesisfirehoseCidrBlocks" + } + ], + "/aws-cdk-firehose-delivery-stream/rule/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "ruleF2C1DCDC" + } + ], + "/aws-cdk-firehose-delivery-stream/firehose/EventsRole/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "firehoseEventsRole71BC7157" + } + ], + "/aws-cdk-firehose-delivery-stream/firehose/EventsRole/DefaultPolicy/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "firehoseEventsRoleDefaultPolicy90598A65" + } + ], + "/aws-cdk-firehose-delivery-stream/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/aws-cdk-firehose-delivery-stream/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "aws-cdk-firehose-delivery-stream" + }, + "integtestsDefaultTestDeployAssert44C8D370.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "integtestsDefaultTestDeployAssert44C8D370.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "integtestsDefaultTestDeployAssert44C8D370": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "integtestsDefaultTestDeployAssert44C8D370.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "integtestsDefaultTestDeployAssert44C8D370.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "integtestsDefaultTestDeployAssert44C8D370.assets" + ], + "metadata": { + "/integ-tests/DefaultTest/DeployAssert/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/integ-tests/DefaultTest/DeployAssert/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "integ-tests/DefaultTest/DeployAssert" + }, + "Tree": { + "type": "cdk:tree", + "properties": { + "file": "tree.json" + } + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.kinesis-stream-events-target.js.snapshot/tree.json b/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.kinesis-stream-events-target.js.snapshot/tree.json new file mode 100644 index 0000000000000..575c5a7ff0c87 --- /dev/null +++ b/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.kinesis-stream-events-target.js.snapshot/tree.json @@ -0,0 +1,441 @@ +{ + "version": "tree-0.1", + "tree": { + "id": "App", + "path": "", + "children": { + "aws-cdk-firehose-delivery-stream": { + "id": "aws-cdk-firehose-delivery-stream", + "path": "aws-cdk-firehose-delivery-stream", + "children": { + "Bucket": { + "id": "Bucket", + "path": "aws-cdk-firehose-delivery-stream/Bucket", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-firehose-delivery-stream/Bucket/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::S3::Bucket", + "aws:cdk:cloudformation:props": {} + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3.CfnBucket", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3.Bucket", + "version": "0.0.0" + } + }, + "Role": { + "id": "Role", + "path": "aws-cdk-firehose-delivery-stream/Role", + "children": { + "ImportRole": { + "id": "ImportRole", + "path": "aws-cdk-firehose-delivery-stream/Role/ImportRole", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "aws-cdk-firehose-delivery-stream/Role/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "firehose.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "0.0.0" + } + }, + "DefaultPolicy": { + "id": "DefaultPolicy", + "path": "aws-cdk-firehose-delivery-stream/Role/DefaultPolicy", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-firehose-delivery-stream/Role/DefaultPolicy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Policy", + "aws:cdk:cloudformation:props": { + "policyDocument": { + "Statement": [ + { + "Action": [ + "s3:Abort*", + "s3:DeleteObject*", + "s3:GetBucket*", + "s3:GetObject*", + "s3:List*", + "s3:PutObject", + "s3:PutObjectLegalHold", + "s3:PutObjectRetention", + "s3:PutObjectTagging", + "s3:PutObjectVersionTagging" + ], + "Effect": "Allow", + "Resource": [ + { + "Fn::GetAtt": [ + "Bucket83908E77", + "Arn" + ] + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "Bucket83908E77", + "Arn" + ] + }, + "/*" + ] + ] + } + ] + } + ], + "Version": "2012-10-17" + }, + "policyName": "RoleDefaultPolicy5FFB7DAB", + "roles": [ + { + "Ref": "Role1ABCC5F0" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Policy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "0.0.0" + } + }, + "Delivery Stream No Source Or Encryption Key": { + "id": "Delivery Stream No Source Or Encryption Key", + "path": "aws-cdk-firehose-delivery-stream/Delivery Stream No Source Or Encryption Key", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-firehose-delivery-stream/Delivery Stream No Source Or Encryption Key/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::KinesisFirehose::DeliveryStream", + "aws:cdk:cloudformation:props": { + "deliveryStreamType": "DirectPut", + "extendedS3DestinationConfiguration": { + "bucketArn": { + "Fn::GetAtt": [ + "Bucket83908E77", + "Arn" + ] + }, + "roleArn": { + "Fn::GetAtt": [ + "Role1ABCC5F0", + "Arn" + ] + } + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_kinesisfirehose.CfnDeliveryStream", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-kinesisfirehose-alpha.DeliveryStream", + "version": "0.0.0" + } + }, + "@aws-cdk--aws-kinesisfirehose.CidrBlocks": { + "id": "@aws-cdk--aws-kinesisfirehose.CidrBlocks", + "path": "aws-cdk-firehose-delivery-stream/@aws-cdk--aws-kinesisfirehose.CidrBlocks", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnMapping", + "version": "0.0.0" + } + }, + "rule": { + "id": "rule", + "path": "aws-cdk-firehose-delivery-stream/rule", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-firehose-delivery-stream/rule/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Events::Rule", + "aws:cdk:cloudformation:props": { + "eventPattern": { + "source": [ + "aws.s3" + ], + "detail": { + "eventName": [ + "PutObject" + ], + "requestParameters": { + "bucketName": [ + { + "Ref": "Bucket83908E77" + } + ] + } + } + }, + "state": "ENABLED", + "targets": [ + { + "id": "Target0", + "arn": { + "Fn::GetAtt": [ + "DeliveryStreamNoSourceOrEncryptionKey0E4AAB82", + "Arn" + ] + }, + "roleArn": { + "Fn::GetAtt": [ + "firehoseEventsRole71BC7157", + "Arn" + ] + } + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_events.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_events.Rule", + "version": "0.0.0" + } + }, + "firehose": { + "id": "firehose", + "path": "aws-cdk-firehose-delivery-stream/firehose", + "children": { + "EventsRole": { + "id": "EventsRole", + "path": "aws-cdk-firehose-delivery-stream/firehose/EventsRole", + "children": { + "ImportEventsRole": { + "id": "ImportEventsRole", + "path": "aws-cdk-firehose-delivery-stream/firehose/EventsRole/ImportEventsRole", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "aws-cdk-firehose-delivery-stream/firehose/EventsRole/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "events.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "0.0.0" + } + }, + "DefaultPolicy": { + "id": "DefaultPolicy", + "path": "aws-cdk-firehose-delivery-stream/firehose/EventsRole/DefaultPolicy", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-firehose-delivery-stream/firehose/EventsRole/DefaultPolicy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Policy", + "aws:cdk:cloudformation:props": { + "policyDocument": { + "Statement": [ + { + "Action": [ + "firehose:PutRecord", + "firehose:PutRecordBatch" + ], + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "DeliveryStreamNoSourceOrEncryptionKey0E4AAB82", + "Arn" + ] + } + } + ], + "Version": "2012-10-17" + }, + "policyName": "firehoseEventsRoleDefaultPolicy90598A65", + "roles": [ + { + "Ref": "firehoseEventsRole71BC7157" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Policy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "aws-cdk-firehose-delivery-stream/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "aws-cdk-firehose-delivery-stream/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + }, + "integ-tests": { + "id": "integ-tests", + "path": "integ-tests", + "children": { + "DefaultTest": { + "id": "DefaultTest", + "path": "integ-tests/DefaultTest", + "children": { + "Default": { + "id": "Default", + "path": "integ-tests/DefaultTest/Default", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "DeployAssert": { + "id": "DeployAssert", + "path": "integ-tests/DefaultTest/DeployAssert", + "children": { + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "integ-tests/DefaultTest/DeployAssert/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "integ-tests/DefaultTest/DeployAssert/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTestCase", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTest", + "version": "0.0.0" + } + }, + "Tree": { + "id": "Tree", + "path": "Tree", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.App", + "version": "0.0.0" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.kinesis-stream-events-target.ts b/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.kinesis-stream-events-target.ts new file mode 100644 index 0000000000000..c3f39133b0b28 --- /dev/null +++ b/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.kinesis-stream-events-target.ts @@ -0,0 +1,56 @@ +#!/usr/bin/env node +import * as integ from '@aws-cdk/integ-tests-alpha'; +import * as iam from 'aws-cdk-lib/aws-iam'; +import * as events from 'aws-cdk-lib/aws-events'; +import * as targets from 'aws-cdk-lib/aws-events-targets'; +import * as s3 from 'aws-cdk-lib/aws-s3'; +import * as cdk from 'aws-cdk-lib'; +import * as constructs from 'constructs'; +import * as firehose from '../lib'; + +const app = new cdk.App(); + +const stack = new cdk.Stack(app, 'aws-cdk-firehose-delivery-stream'); + +const bucket = new s3.Bucket(stack, 'Bucket', { + removalPolicy: cdk.RemovalPolicy.DESTROY, +}); + +const role = new iam.Role(stack, 'Role', { + assumedBy: new iam.ServicePrincipal('firehose.amazonaws.com'), +}); + +const mockS3Destination: firehose.IDestination = { + bind(_scope: constructs.Construct, _options: firehose.DestinationBindOptions): firehose.DestinationConfig { + const bucketGrant = bucket.grantReadWrite(role); + return { + extendedS3DestinationConfiguration: { + bucketArn: bucket.bucketArn, + roleArn: role.roleArn, + }, + dependables: [bucketGrant], + }; + }, +}; + +const stream = new firehose.DeliveryStream(stack, 'Delivery Stream No Source Or Encryption Key', { + destinations: [mockS3Destination], +}); + +new events.Rule(stack, 'rule', { + eventPattern: { + source: ['aws.s3'], + detail: { + eventName: ['PutObject'], + requestParameters: { + bucketName: [bucket.bucketName], + }, + }, + }, +}).addTarget(new targets.KinesisFirehoseStreamV2(firehose.DeliveryStream.fromDeliveryStreamArn(stack, 'firehose', stream.deliveryStreamArn))); + +new integ.IntegTest(app, 'integ-tests', { + testCases: [stack], +}); + +app.synth(); diff --git a/packages/aws-cdk-lib/aws-events-targets/lib/kinesis-firehose-stream.ts b/packages/aws-cdk-lib/aws-events-targets/lib/kinesis-firehose-stream.ts index 182ad2b277943..20dbd0057f4dc 100644 --- a/packages/aws-cdk-lib/aws-events-targets/lib/kinesis-firehose-stream.ts +++ b/packages/aws-cdk-lib/aws-events-targets/lib/kinesis-firehose-stream.ts @@ -2,6 +2,7 @@ import { singletonEventRole } from './util'; import * as events from '../../aws-events'; import * as iam from '../../aws-iam'; import * as firehose from '../../aws-kinesisfirehose'; +import { IResource } from '../../core'; /** * Customize the Firehose Stream Event Target @@ -19,6 +20,8 @@ export interface KinesisFirehoseStreamProps { /** * Customize the Firehose Stream Event Target + * + * @deprecated Use KinesisFirehoseStreamV2 */ export class KinesisFirehoseStream implements events.IRuleTarget { @@ -43,4 +46,51 @@ export class KinesisFirehoseStream implements events.IRuleTarget { targetResource: this.stream, }; } +} + +/** + * Represents a Kinesis Data Firehose delivery stream. + */ +export interface IDeliveryStream extends IResource { + /** + * The ARN of the delivery stream. + * + * @attribute + */ + readonly deliveryStreamArn: string; + + /** + * The name of the delivery stream. + * + * @attribute + */ + readonly deliveryStreamName: string; +} + +/** + * Customize the Firehose Stream Event Target + */ +export class KinesisFirehoseStreamV2 implements events.IRuleTarget { + + constructor(private readonly stream: IDeliveryStream, private readonly props: KinesisFirehoseStreamProps = {}) { + } + + /** + * Returns a RuleTarget that can be used to trigger this Firehose Stream as a + * result from a Event Bridge event. + */ + public bind(_rule: events.IRule, _id?: string): events.RuleTargetConfig { + const role = singletonEventRole(this.stream); + role.addToPrincipalPolicy(new iam.PolicyStatement({ + actions: ['firehose:PutRecord', 'firehose:PutRecordBatch'], + resources: [this.stream.deliveryStreamArn], + })); + + return { + arn: this.stream.deliveryStreamArn, + role, + input: this.props.message, + targetResource: this.stream, + }; + } } \ No newline at end of file From 4e35d0cc042d308a094c0eea602378bb7c78520d Mon Sep 17 00:00:00 2001 From: yuanhaoz Date: Mon, 13 May 2024 15:16:26 -0700 Subject: [PATCH 2/3] Add unit tests --- .../test/delivery-stream.test.ts | 37 +++++++++++++++++++ 1 file changed, 37 insertions(+) diff --git a/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/delivery-stream.test.ts b/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/delivery-stream.test.ts index 95c46d6acf649..778590249c066 100644 --- a/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/delivery-stream.test.ts +++ b/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/delivery-stream.test.ts @@ -4,6 +4,8 @@ import * as ec2 from 'aws-cdk-lib/aws-ec2'; import * as iam from 'aws-cdk-lib/aws-iam'; import * as kinesis from 'aws-cdk-lib/aws-kinesis'; import * as kms from 'aws-cdk-lib/aws-kms'; +import * as events from 'aws-cdk-lib/aws-events'; +import * as targets from 'aws-cdk-lib/aws-events-targets'; import * as cdk from 'aws-cdk-lib'; import { Construct, Node } from 'constructs'; import * as firehose from '../lib'; @@ -58,6 +60,41 @@ describe('delivery stream', () => { }); }); + test('creates stream with events target V2 class', () => { + const stream = new firehose.DeliveryStream(stack, 'DeliveryStream', { + destinations: [mockS3Destination], + }); + + new events.Rule(stack, 'rule', { + eventPattern: { + source: ['aws.s3'], + detail: { + eventName: ['PutObject'], + }, + }, + }).addTarget(new targets.KinesisFirehoseStreamV2(firehose.DeliveryStream.fromDeliveryStreamArn(stack, 'firehose', stream.deliveryStreamArn))); + + Template.fromStack(stack).hasResourceProperties('AWS::Events::Rule', { + Targets: [ + { + Arn: { + 'Fn::GetAtt': [ + 'DeliveryStream58CF96DB', + 'Arn', + ], + }, + Id: 'Target0', + RoleArn: { + 'Fn::GetAtt': [ + 'firehoseEventsRole71BC7157', + 'Arn', + ], + }, + }, + ], + }); + }); + test('provided role is set as grant principal', () => { const role = new iam.Role(stack, 'Role', { assumedBy: new iam.ServicePrincipal('firehose.amazonaws.com'), From 8186f85884ccf5b1045c6844f4c6073245b2ffbe Mon Sep 17 00:00:00 2001 From: yuanhaoz Date: Mon, 13 May 2024 15:17:59 -0700 Subject: [PATCH 3/3] Update documentation --- .../aws-events-targets/lib/kinesis-firehose-stream.ts | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/packages/aws-cdk-lib/aws-events-targets/lib/kinesis-firehose-stream.ts b/packages/aws-cdk-lib/aws-events-targets/lib/kinesis-firehose-stream.ts index 20dbd0057f4dc..a82b492b464b1 100644 --- a/packages/aws-cdk-lib/aws-events-targets/lib/kinesis-firehose-stream.ts +++ b/packages/aws-cdk-lib/aws-events-targets/lib/kinesis-firehose-stream.ts @@ -68,7 +68,8 @@ export interface IDeliveryStream extends IResource { } /** - * Customize the Firehose Stream Event Target + * Customize the Firehose Stream Event Target V2 to support L2 Kinesis Delivery Stream + * instead of L1 Cfn Kinesis Delivery Stream. */ export class KinesisFirehoseStreamV2 implements events.IRuleTarget {