From a0c9d7f7f79ca025c7d2464fdb6b66ae53c1aa45 Mon Sep 17 00:00:00 2001
From: Yusuke Wada <wada.yusuke@classmethod.jp>
Date: Thu, 29 Oct 2020 11:24:39 +0900
Subject: [PATCH 1/2] fix(appsync): HttpDataSource extends BackedDataSource

---
 packages/@aws-cdk/aws-appsync/lib/data-source.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/packages/@aws-cdk/aws-appsync/lib/data-source.ts b/packages/@aws-cdk/aws-appsync/lib/data-source.ts
index babde4be0a3fb..e4a778199514a 100644
--- a/packages/@aws-cdk/aws-appsync/lib/data-source.ts
+++ b/packages/@aws-cdk/aws-appsync/lib/data-source.ts
@@ -244,7 +244,7 @@ export interface HttpDataSourceProps extends BaseDataSourceProps {
 /**
  * An AppSync datasource backed by a http endpoint
  */
-export class HttpDataSource extends BaseDataSource {
+export class HttpDataSource extends BackedDataSource {
   constructor(scope: Construct, id: string, props: HttpDataSourceProps) {
     const authorizationConfig = props.authorizationConfig ? {
       authorizationType: 'AWS_IAM',

From 8a2900db77416a231e28301ce4e37a3b85a26977 Mon Sep 17 00:00:00 2001
From: Yusuke Wada <wada.yusuke@classmethod.jp>
Date: Fri, 30 Oct 2020 11:17:39 +0900
Subject: [PATCH 2/2] add test

---
 packages/@aws-cdk/aws-appsync/package.json    |  3 +-
 .../aws-appsync/test/appsync-http.test.ts     | 73 ++++++++++++++++++-
 2 files changed, 74 insertions(+), 2 deletions(-)

diff --git a/packages/@aws-cdk/aws-appsync/package.json b/packages/@aws-cdk/aws-appsync/package.json
index ae98518dbd272..55cbb496ef95c 100644
--- a/packages/@aws-cdk/aws-appsync/package.json
+++ b/packages/@aws-cdk/aws-appsync/package.json
@@ -77,7 +77,8 @@
     "cdk-integ-tools": "0.0.0",
     "cfn2ts": "0.0.0",
     "jest": "^26.6.1",
-    "pkglint": "0.0.0"
+    "pkglint": "0.0.0",
+    "@aws-cdk/aws-stepfunctions": "0.0.0"
   },
   "dependencies": {
     "@aws-cdk/aws-cognito": "0.0.0",
diff --git a/packages/@aws-cdk/aws-appsync/test/appsync-http.test.ts b/packages/@aws-cdk/aws-appsync/test/appsync-http.test.ts
index fbc9b7bc85c33..6484da2013921 100644
--- a/packages/@aws-cdk/aws-appsync/test/appsync-http.test.ts
+++ b/packages/@aws-cdk/aws-appsync/test/appsync-http.test.ts
@@ -1,5 +1,6 @@
 import '@aws-cdk/assert/jest';
 import * as path from 'path';
+import * as sfn from '@aws-cdk/aws-stepfunctions';
 import * as cdk from '@aws-cdk/core';
 import * as appsync from '../lib';
 
@@ -86,6 +87,76 @@ describe('Http Data Source configuration', () => {
     });
   });
 
+  test('other aws resources can grant http data source', () => {
+    // WHEN
+    const machineArn = 'arn:aws:states:us-east-1::stateMachine:hello';
+    const machine = sfn.StateMachine.fromStateMachineArn(stack, 'importedMachine', machineArn);
+    const ds = api.addHttpDataSource('ds', endpoint, {
+      name: 'custom',
+      description: 'custom description',
+      authorizationConfig: {
+        signingRegion: 'us-east-1',
+        signingServiceName: 'states',
+      },
+    });
+    machine.grantRead(ds);
+
+
+    // THEN
+    expect(stack).toHaveResourceLike('AWS::IAM::Policy', {
+      PolicyDocument: {
+        Statement: [
+          {
+            Action: [
+              'states:ListExecutions',
+              'states:ListStateMachines',
+            ],
+            Effect: 'Allow',
+            Resource: machineArn,
+          },
+          {
+            Action: [
+              'states:DescribeExecution',
+              'states:DescribeStateMachineForExecution',
+              'states:GetExecutionHistory',
+            ],
+            Effect: 'Allow',
+            Resource: {
+              'Fn::Join': [
+                '',
+                [
+                  'arn:',
+                  {
+                    Ref: 'AWS::Partition',
+                  },
+                  ':states:',
+                  {
+                    Ref: 'AWS::Region',
+                  },
+                  ':',
+                  {
+                    Ref: 'AWS::AccountId',
+                  },
+                  ':execution:hello:*',
+                ],
+              ],
+            },
+          },
+          {
+            Action: [
+              'states:ListActivities',
+              'states:DescribeStateMachine',
+              'states:DescribeActivity',
+            ],
+            Effect: 'Allow',
+            Resource: '*',
+          },
+        ],
+        Version: '2012-10-17',
+      },
+    });
+  });
+
   test('appsync errors when creating multiple http data sources with no configuration', () => {
     // THEN
     expect(() => {
@@ -93,6 +164,7 @@ describe('Http Data Source configuration', () => {
       api.addHttpDataSource('ds', endpoint);
     }).toThrow("There is already a Construct with name 'ds' in GraphqlApi [baseApi]");
   });
+
 });
 
 describe('adding http data source from imported api', () => {
@@ -125,4 +197,3 @@ describe('adding http data source from imported api', () => {
     });
   });
 });
-