feat(aws-chatbot): Support L2 construct for SlackChannelConfiguration of chatbot. (#9702)

I am ready for the first run.

Support L2 construct for SlackChannelConfiguration of chatbot.
1. add L2 construct
2. add unit tests
3. add integration test
4. update package.json


Resolves: #9679 

cc @skinny85 

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

Author: luckily

packages/@aws-cdk/aws-chatbot/README.md

@@ -9,8 +9,29 @@
 ---
 <!--END STABILITY BANNER-->
 
+AWS Chatbot is an AWS service that enables DevOps and software development teams to use Slack chat rooms to monitor and respond to operational events in their AWS Cloud. AWS Chatbot processes AWS service notifications from Amazon Simple Notification Service (Amazon SNS), and forwards them to Slack chat rooms so teams can analyze and act on them immediately, regardless of location.
+
 This module is part of the [AWS Cloud Development Kit](https://github.com/aws/aws-cdk) project.
 
 ```ts
 import * as chatbot from '@aws-cdk/aws-chatbot';
+
+const slackChannel = new chatbot.SlackChannelConfiguration(this, 'MySlackChannel', {
+  slackChannelConfigurationName: 'YOUR_CHANNEL_NAME',
+  slackWorkspaceId: 'YOUR_SLACK_WORKSPACE_ID',
+  slackChannelId: 'YOUR_SLACK_CHANNEL_ID',
+});
+
+slackChannel.addLambdaInvokeCommandPermissions();
+slackChannel.addNotificationPermissions();
+slackChannel.addSupportCommandPermissions();
+slackChannel.addReadOnlyCommandPermissions();
+
+slackChannel.addToPrincipalPolicy(new iam.PolicyStatement({
+  effect: iam.Effect.ALLOW,
+  actions: [
+    's3:GetObject',
+  ],
+  resources: ['arn:aws:s3:::abc/xyz/123.txt'],
+}));
 ```

packages/@aws-cdk/aws-chatbot/lib/index.ts

@@ -1,2 +1,3 @@
 // AWS::Chatbot CloudFormation Resources:
 export * from './chatbot.generated';
+export * from './slack-channel-configuration';

packages/@aws-cdk/aws-chatbot/lib/slack-channel-configuration.ts

@@ -0,0 +1,215 @@
+import * as iam from '@aws-cdk/aws-iam';
+import * as sns from '@aws-cdk/aws-sns';
+import * as cdk from '@aws-cdk/core';
+import { CfnSlackChannelConfiguration } from './chatbot.generated';
+
+/**
+ * Properties for a new Slack channel configuration
+ */
+export interface SlackChannelConfigurationProps {
+
+  /**
+   * The name of Slack channel configuration
+   */
+  readonly slackChannelConfigurationName: string;
+
+  /**
+   * The permission role of Slack channel configuration
+   *
+   * @default - A role will be created.
+   */
+  readonly role?: iam.IRole;
+
+  /**
+   * The ID of the Slack workspace authorized with AWS Chatbot.
+   *
+   * To get the workspace ID, you must perform the initial authorization flow with Slack in the AWS Chatbot console.
+   * Then you can copy and paste the workspace ID from the console.
+   * For more details, see steps 1-4 in Setting Up AWS Chatbot with Slack in the AWS Chatbot User Guide.
+   * @see https://docs.aws.amazon.com/chatbot/latest/adminguide/setting-up.html#Setup_intro
+   */
+  readonly slackWorkspaceId: string;
+
+  /**
+   * The ID of the Slack channel.
+   *
+   * To get the ID, open Slack, right click on the channel name in the left pane, then choose Copy Link.
+   * The channel ID is the 9-character string at the end of the URL. For example, ABCBBLZZZ.
+   */
+  readonly slackChannelId: string;
+
+  /**
+   * The SNS topics that deliver notifications to AWS Chatbot.
+   *
+   * @default None
+   */
+  readonly notificationTopics?: sns.ITopic[];
+
+  /**
+   * Specifies the logging level for this configuration.
+   * This property affects the log entries pushed to Amazon CloudWatch Logs.
+   *
+   * @default LoggingLevel.NONE
+   */
+  readonly loggingLevel?: LoggingLevel;
+}
+
+/**
+ * Logging levels include ERROR, INFO, or NONE.
+ */
+export enum LoggingLevel {
+  /**
+   * ERROR
+   */
+  ERROR = 'ERROR',
+
+  /**
+   * INFO
+   */
+  INFO = 'INFO',
+
+  /**
+   * NONE
+   */
+  NONE = 'NONE',
+}
+
+/**
+ * Represents a Slack channel configuration
+ */
+export interface ISlackChannelConfiguration extends cdk.IResource, iam.IGrantable {
+
+  /**
+   * The ARN of the Slack channel configuration
+   * In the form of arn:aws:chatbot:{region}:{account}:chat-configuration/slack-channel/{slackChannelName}
+   * @attribute
+   */
+  readonly slackChannelConfigurationArn: string;
+
+  /**
+   * The name of Slack channel configuration
+   * @attribute
+   */
+  readonly slackChannelConfigurationName: string;
+
+  /**
+   * The permission role of Slack channel configuration
+   * @attribute
+   *
+   * @default - A role will be created.
+   */
+  readonly role?: iam.IRole;
+
+  /**
+   * Adds a statement to the IAM role.
+   */
+  addToRolePolicy(statement: iam.PolicyStatement): void;
+}
+
+/**
+ * Either a new or imported Slack channel configuration
+ */
+abstract class SlackChannelConfigurationBase extends cdk.Resource implements ISlackChannelConfiguration {
+  abstract readonly slackChannelConfigurationArn: string;
+
+  abstract readonly slackChannelConfigurationName: string;
+
+  abstract readonly grantPrincipal: iam.IPrincipal;
+
+  abstract readonly role?: iam.IRole;
+
+  /**
+   * Adds extra permission to iam-role of Slack channel configuration
+   * @param statement
+   */
+  public addToRolePolicy(statement: iam.PolicyStatement): void {
+    if (!this.role) {
+      return;
+    }
+
+    this.role.addToPrincipalPolicy(statement);
+  }
+}
+
+/**
+ * A new Slack channel configuration
+ */
+export class SlackChannelConfiguration extends SlackChannelConfigurationBase {
+
+  /**
+   * Import an existing Slack channel configuration provided an ARN
+   * @param scope The parent creating construct
+   * @param id The construct's name
+   * @param slackChannelConfigurationArn configuration ARN (i.e. arn:aws:chatbot::1234567890:chat-configuration/slack-channel/my-slack)
+   *
+   * @returns a reference to the existing Slack channel configuration
+   */
+  public static fromSlackChannelConfigurationArn(scope: cdk.Construct, id: string, slackChannelConfigurationArn: string): ISlackChannelConfiguration {
+    const re = /^slack-channel\//;
+    const resourceName = cdk.Stack.of(scope).parseArn(slackChannelConfigurationArn).resourceName as string;
+
+    if (!re.test(resourceName)) {
+      throw new Error('The ARN of a Slack integration must be in the form: arn:aws:chatbot:{region}:{account}:chat-configuration/slack-channel/{slackChannelName}');
+    }
+
+    class Import extends SlackChannelConfigurationBase {
+
+      /**
+       * @attribute
+       */
+      readonly slackChannelConfigurationArn = slackChannelConfigurationArn;
+      readonly role?: iam.IRole = undefined;
+      readonly grantPrincipal: iam.IPrincipal;
+
+      /**
+       * Returns a name of Slack channel configuration
+       *
+       * NOTE:
+       * For example: arn:aws:chatbot::1234567890:chat-configuration/slack-channel/my-slack
+       * The ArnComponents API will return `slack-channel/my-slack`
+       * It need to handle that to gets a correct name.`my-slack`
+       */
+      readonly slackChannelConfigurationName = resourceName.substring('slack-channel/'.length);
+
+      constructor(s: cdk.Construct, i: string) {
+        super(s, i);
+        this.grantPrincipal = new iam.UnknownPrincipal({ resource: this });
+      }
+    }
+
+    return new Import(scope, id);
+  }
+
+  readonly slackChannelConfigurationArn: string;
+
+  readonly slackChannelConfigurationName: string;
+
+  readonly role?: iam.IRole;
+
+  readonly grantPrincipal: iam.IPrincipal;
+
+  constructor(scope: cdk.Construct, id: string, props: SlackChannelConfigurationProps) {
+    super(scope, id, {
+      physicalName: props.slackChannelConfigurationName,
+    });
+
+    this.role = props.role || new iam.Role(this, 'ConfigurationRole', {
+      assumedBy: new iam.ServicePrincipal('chatbot.amazonaws.com'),
+    });
+
+    this.grantPrincipal = this.role;
+
+    const configuration = new CfnSlackChannelConfiguration(this, 'Resource', {
+      configurationName: props.slackChannelConfigurationName,
+      iamRoleArn: this.role.roleArn,
+      slackWorkspaceId: props.slackWorkspaceId,
+      slackChannelId: props.slackChannelId,
+      snsTopicArns: props.notificationTopics?.map(topic => topic.topicArn),
+      loggingLevel: props.loggingLevel?.toString(),
+    });
+
+    this.slackChannelConfigurationArn = configuration.ref;
+    this.slackChannelConfigurationName = props.slackChannelConfigurationName;
+  }
+}
+

packages/@aws-cdk/aws-chatbot/package.json

@@ -68,14 +68,21 @@
   "devDependencies": {
     "@aws-cdk/assert": "0.0.0",
     "cdk-build-tools": "0.0.0",
+    "cdk-integ-tools": "0.0.0",
     "cfn2ts": "0.0.0",
     "pkglint": "0.0.0"
   },
   "dependencies": {
-    "@aws-cdk/core": "0.0.0"
+    "@aws-cdk/aws-iam": "0.0.0",
+    "@aws-cdk/aws-sns": "0.0.0",
+    "@aws-cdk/core": "0.0.0",
+    "constructs": "^3.0.4"
   },
   "peerDependencies": {
-    "@aws-cdk/core": "0.0.0"
+    "@aws-cdk/aws-iam": "0.0.0",
+    "@aws-cdk/aws-sns": "0.0.0",
+    "@aws-cdk/core": "0.0.0",
+    "constructs": "^3.0.4"
   },
   "engines": {
     "node": ">= 10.13.0 <13 || >=13.7.0"

packages/@aws-cdk/aws-chatbot/test/chatbot.test.ts

@@ -0,0 +1,57 @@
+{
+  "Resources": {
+    "MySlackChannelConfigurationRole1D3F23AE": {
+      "Type": "AWS::IAM::Role",
+      "Properties": {
+        "AssumeRolePolicyDocument": {
+          "Statement": [
+            {
+              "Action": "sts:AssumeRole",
+              "Effect": "Allow",
+              "Principal": {
+                "Service": "chatbot.amazonaws.com"
+              }
+            }
+          ],
+          "Version": "2012-10-17"
+        }
+      }
+    },
+    "MySlackChannelConfigurationRoleDefaultPolicyE4C1FA62": {
+      "Type": "AWS::IAM::Policy",
+      "Properties": {
+        "PolicyDocument": {
+          "Statement": [
+            {
+              "Action": "s3:GetObject",
+              "Effect": "Allow",
+              "Resource": "arn:aws:s3:::abc/xyz/123.txt"
+            }
+          ],
+          "Version": "2012-10-17"
+        },
+        "PolicyName": "MySlackChannelConfigurationRoleDefaultPolicyE4C1FA62",
+        "Roles": [
+          {
+            "Ref": "MySlackChannelConfigurationRole1D3F23AE"
+          }
+        ]
+      }
+    },
+    "MySlackChannelA8E0B56C": {
+      "Type": "AWS::Chatbot::SlackChannelConfiguration",
+      "Properties": {
+        "ConfigurationName": "test-channel",
+        "IamRoleArn": {
+          "Fn::GetAtt": [
+            "MySlackChannelConfigurationRole1D3F23AE",
+            "Arn"
+          ]
+        },
+        "SlackChannelId": "C0187JABUE9",
+        "SlackWorkspaceId": "T49239U4W",
+        "LoggingLevel": "NONE"
+      }
+    }
+  }
+}

packages/@aws-cdk/aws-chatbot/test/integ.chatbot.expected.json

@@ -0,0 +1,31 @@
+import * as iam from '@aws-cdk/aws-iam';
+import * as cdk from '@aws-cdk/core';
+import * as chatbot from '../lib';
+
+class ChatbotInteg extends cdk.Stack {
+  constructor(scope: cdk.App, id: string, props?: cdk.StackProps) {
+    super(scope, id, props);
+
+    const slackChannel = new chatbot.SlackChannelConfiguration(this, 'MySlackChannel', {
+      slackChannelConfigurationName: 'test-channel',
+      slackWorkspaceId: 'T49239U4W', // modify to your slack workspace id
+      slackChannelId: 'C0187JABUE9', // modify to your slack channel id
+      loggingLevel: chatbot.LoggingLevel.NONE,
+    });
+
+    slackChannel.addToRolePolicy(new iam.PolicyStatement({
+      effect: iam.Effect.ALLOW,
+      actions: [
+        's3:GetObject',
+      ],
+      resources: ['arn:aws:s3:::abc/xyz/123.txt'],
+    }));
+  }
+}
+
+const app = new cdk.App();
+
+new ChatbotInteg(app, 'ChatbotInteg');
+
+app.synth();
+