Skip to content

Commit

Permalink
fix(aws-logs): include new policy.ts exports in index.ts exports (#…
Browse files Browse the repository at this point in the history
…17403)

## Summary

This PR modifies the aws-logs `index.ts` file to also forward the exports from `policy.ts` ([a newly created file](#17015) that implements the `ResourcePolicy` class).

Fixes: #17402
----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
  • Loading branch information
ryparker authored Nov 9, 2021
1 parent 6937296 commit a391468
Show file tree
Hide file tree
Showing 3 changed files with 61 additions and 4 deletions.
1 change: 1 addition & 0 deletions packages/@aws-cdk/aws-logs/lib/index.ts
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ export * from './metric-filter';
export * from './pattern';
export * from './subscription-filter';
export * from './log-retention';
export * from './policy';

// AWS::Logs CloudFormation Resources:
export * from './logs.generated';
12 changes: 8 additions & 4 deletions packages/@aws-cdk/aws-logs/lib/policy.ts
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ export interface ResourcePolicyProps {
* Name of the log group resource policy
* @default - Uses a unique id based on the construct path
*/
readonly policyName?: string;
readonly resourcePolicyName?: string;

/**
* Initial statements to add to the resource policy
Expand All @@ -31,15 +31,19 @@ export class ResourcePolicy extends Resource {
public readonly document = new PolicyDocument();

constructor(scope: Construct, id: string, props?: ResourcePolicyProps) {
super(scope, id);
new CfnResourcePolicy(this, 'Resource', {
super(scope, id, {
physicalName: props?.resourcePolicyName,
});

new CfnResourcePolicy(this, 'ResourcePolicy', {
policyName: Lazy.string({
produce: () => props?.policyName ?? Names.uniqueId(this),
produce: () => props?.resourcePolicyName ?? Names.uniqueId(this),
}),
policyDocument: Lazy.string({
produce: () => JSON.stringify(this.document),
}),
});

if (props?.policyStatements) {
this.document.addStatements(...props.policyStatements);
}
Expand Down
52 changes: 52 additions & 0 deletions packages/@aws-cdk/aws-logs/test/policy.test.ts
Original file line number Diff line number Diff line change
@@ -0,0 +1,52 @@
import '@aws-cdk/assert-internal/jest';
import { PolicyStatement, ServicePrincipal } from '@aws-cdk/aws-iam';
import { Stack } from '@aws-cdk/core';
import { LogGroup, ResourcePolicy } from '../lib';

describe('resource policy', () => {
test('ResourcePolicy is added to stack, when .addToResourcePolicy() is provided a valid Statement', () => {
// GIVEN
const stack = new Stack();
const logGroup = new LogGroup(stack, 'LogGroup');

// WHEN
logGroup.addToResourcePolicy(new PolicyStatement({
actions: ['logs:CreateLogStream'],
resources: ['*'],
}));

// THEN
expect(stack).toHaveResource('AWS::Logs::ResourcePolicy', {
PolicyName: 'LogGroupPolicy643B329C',
PolicyDocument: JSON.stringify({
Statement: [
{
Action: 'logs:CreateLogStream',
Effect: 'Allow',
Resource: '*',
},
],
Version: '2012-10-17',
}),
});
});

test('ResourcePolicy is added to stack, when created manually/directly', () => {
// GIVEN
const stack = new Stack();
const logGroup = new LogGroup(stack, 'LogGroup');

// WHEN
const resourcePolicy = new ResourcePolicy(stack, 'ResourcePolicy');
resourcePolicy.document.addStatements(new PolicyStatement({
actions: ['logs:CreateLogStream', 'logs:PutLogEvents'],
principals: [new ServicePrincipal('es.amazonaws.com')],
resources: [logGroup.logGroupArn],
}));

// THEN
expect(stack).toHaveResource('AWS::Logs::ResourcePolicy', {
PolicyName: 'ResourcePolicy',
});
});
});

0 comments on commit a391468

Please sign in to comment.