From d8b5963cdddc3d584a455ec38aac6d928de2f65c Mon Sep 17 00:00:00 2001
From: Alex Chesters <alex.chesters@bbc.co.uk>
Date: Mon, 20 May 2019 10:55:51 +0100
Subject: [PATCH 1/4] feat(aws-codepipeline): #2572 allow IAM Role to be passed
 to Pipeline

---
 packages/@aws-cdk/aws-codepipeline/lib/pipeline.ts | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/packages/@aws-cdk/aws-codepipeline/lib/pipeline.ts b/packages/@aws-cdk/aws-codepipeline/lib/pipeline.ts
index 151088aa2c747..fdcd07b18856a 100644
--- a/packages/@aws-cdk/aws-codepipeline/lib/pipeline.ts
+++ b/packages/@aws-cdk/aws-codepipeline/lib/pipeline.ts
@@ -68,6 +68,12 @@ export interface PipelineProps {
    */
   readonly artifactBucket?: s3.IBucket;
 
+  /**
+   * The IAM role to be assumed by this Pipeline.
+   * If not specified, a new IAM role will be created.
+   */
+  readonly role?: iam.Role;
+
   /**
    * Indicates whether to rerun the AWS CodePipeline pipeline after you update it.
    */
@@ -233,7 +239,8 @@ export class Pipeline extends PipelineBase {
     }
     this.artifactBucket = propsBucket;
 
-    this.role = new iam.Role(this, 'Role', {
+    // If a role has been provided, use it - otherwise, create a role.
+    this.role = props.role || new iam.Role(this, 'Role', {
       assumedBy: new iam.ServicePrincipal('codepipeline.amazonaws.com')
     });
 

From 37b5a8cdf4753ab0e2b875359a651abb9429c34e Mon Sep 17 00:00:00 2001
From: Alex Chesters <alex.chesters@bbc.co.uk>
Date: Mon, 20 May 2019 13:54:26 +0100
Subject: [PATCH 2/4] use interface over concerete class

---
 packages/@aws-cdk/aws-codepipeline/lib/pipeline.ts | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/packages/@aws-cdk/aws-codepipeline/lib/pipeline.ts b/packages/@aws-cdk/aws-codepipeline/lib/pipeline.ts
index fdcd07b18856a..aed253e8e8c6e 100644
--- a/packages/@aws-cdk/aws-codepipeline/lib/pipeline.ts
+++ b/packages/@aws-cdk/aws-codepipeline/lib/pipeline.ts
@@ -72,7 +72,7 @@ export interface PipelineProps {
    * The IAM role to be assumed by this Pipeline.
    * If not specified, a new IAM role will be created.
    */
-  readonly role?: iam.Role;
+  readonly role?: iam.IRole;
 
   /**
    * Indicates whether to rerun the AWS CodePipeline pipeline after you update it.
@@ -191,7 +191,7 @@ export class Pipeline extends PipelineBase {
    * The IAM role AWS CodePipeline will use to perform actions or assume roles for actions with
    * a more specific IAM role.
    */
-  public readonly role: iam.Role;
+  public readonly role: iam.IRole;
 
   /**
    * ARN of this pipeline

From 63939c9e8443a53520c1b33a71accd2ee3eb909a Mon Sep 17 00:00:00 2001
From: Alex Chesters <alex.chesters@bbc.co.uk>
Date: Mon, 20 May 2019 14:23:53 +0100
Subject: [PATCH 3/4] docs(aws-codepipeline): add default declaration

---
 packages/@aws-cdk/aws-codepipeline/lib/pipeline.ts | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/packages/@aws-cdk/aws-codepipeline/lib/pipeline.ts b/packages/@aws-cdk/aws-codepipeline/lib/pipeline.ts
index aed253e8e8c6e..f4dbdfd0a8e80 100644
--- a/packages/@aws-cdk/aws-codepipeline/lib/pipeline.ts
+++ b/packages/@aws-cdk/aws-codepipeline/lib/pipeline.ts
@@ -70,7 +70,8 @@ export interface PipelineProps {
 
   /**
    * The IAM role to be assumed by this Pipeline.
-   * If not specified, a new IAM role will be created.
+   *
+   * @default a new IAM role will be created.
    */
   readonly role?: iam.IRole;
 

From 5ba879aa2c18feb355b8f3a9e66853c9d872dd30 Mon Sep 17 00:00:00 2001
From: Alex Chesters <alex.chesters@bbc.co.uk>
Date: Mon, 20 May 2019 14:32:48 +0100
Subject: [PATCH 4/4] add test

---
 .../aws-codepipeline/test/test.pipeline.ts    | 32 +++++++++++++++++++
 1 file changed, 32 insertions(+)
 create mode 100644 packages/@aws-cdk/aws-codepipeline/test/test.pipeline.ts

diff --git a/packages/@aws-cdk/aws-codepipeline/test/test.pipeline.ts b/packages/@aws-cdk/aws-codepipeline/test/test.pipeline.ts
new file mode 100644
index 0000000000000..9e2b2d0404918
--- /dev/null
+++ b/packages/@aws-cdk/aws-codepipeline/test/test.pipeline.ts
@@ -0,0 +1,32 @@
+import { expect, haveResourceLike } from '@aws-cdk/assert';
+import iam = require('@aws-cdk/aws-iam');
+import cdk = require('@aws-cdk/cdk');
+import { Test } from 'nodeunit';
+import codepipeline = require('../lib');
+
+// tslint:disable:object-literal-key-quotes
+
+export = {
+  'Pipeline': {
+    'can be passed an IAM role during pipeline creation'(test: Test) {
+      const stack = new cdk.Stack();
+      const role = new iam.Role(stack, 'Role', {
+        assumedBy: new iam.ServicePrincipal('codepipeline.amazonaws.com')
+      });
+      new codepipeline.Pipeline(stack, 'Pipeline', {
+        role
+      });
+
+      expect(stack, true).to(haveResourceLike('AWS::CodePipeline::Pipeline', {
+        "RoleArn": {
+          "Fn::GetAtt": [
+            "Role1ABCC5F0",
+            "Arn",
+          ]
+        }
+      }));
+
+      test.done();
+    },
+  },
+};