Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(aws-chatbot): Support L2 construct for SlackChannelConfiguration of chatbot. #9702

Merged
merged 18 commits into from
Sep 1, 2020
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
21 changes: 21 additions & 0 deletions packages/@aws-cdk/aws-chatbot/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -9,8 +9,29 @@
---
<!--END STABILITY BANNER-->

AWS Chatbot is an AWS service that enables DevOps and software development teams to use Slack chat rooms to monitor and respond to operational events in their AWS Cloud. AWS Chatbot processes AWS service notifications from Amazon Simple Notification Service (Amazon SNS), and forwards them to Slack chat rooms so teams can analyze and act on them immediately, regardless of location.

This module is part of the [AWS Cloud Development Kit](https://github.com/aws/aws-cdk) project.

```ts
import * as chatbot from '@aws-cdk/aws-chatbot';

const slackChannel = new chatbot.SlackChannelConfiguration(this, 'MySlackChannel', {
slackChannelConfigurationName: 'YOUR_CHANNEL_NAME',
slackWorkspaceId: 'YOUR_SLACK_WORKSPACE_ID',
slackChannelId: 'YOUR_SLACK_CHANNEL_ID',
});

slackChannel.addLambdaInvokeCommandPermissions();
slackChannel.addNotificationPermissions();
slackChannel.addSupportCommandPermissions();
slackChannel.addReadOnlyCommandPermissions();

slackChannel.addToPrincipalPolicy(new iam.PolicyStatement({
effect: iam.Effect.ALLOW,
actions: [
's3:GetObject',
],
resources: ['arn:aws:s3:::abc/xyz/123.txt'],
}));
```
1 change: 1 addition & 0 deletions packages/@aws-cdk/aws-chatbot/lib/index.ts
Original file line number Diff line number Diff line change
@@ -1,2 +1,3 @@
// AWS::Chatbot CloudFormation Resources:
export * from './chatbot.generated';
export * from './slack-channel-configuration';
215 changes: 215 additions & 0 deletions packages/@aws-cdk/aws-chatbot/lib/slack-channel-configuration.ts
Original file line number Diff line number Diff line change
@@ -0,0 +1,215 @@
import * as iam from '@aws-cdk/aws-iam';
import * as sns from '@aws-cdk/aws-sns';
import * as cdk from '@aws-cdk/core';
import { CfnSlackChannelConfiguration } from './chatbot.generated';

/**
* Properties for a new Slack channel configuration
*/
export interface SlackChannelConfigurationProps {

/**
* The name of Slack channel configuration
*/
readonly slackChannelConfigurationName: string;

/**
* The permission role of Slack channel configuration
*
* @default - A role will be created.
*/
readonly role?: iam.IRole;

/**
* The ID of the Slack workspace authorized with AWS Chatbot.
*
* To get the workspace ID, you must perform the initial authorization flow with Slack in the AWS Chatbot console.
* Then you can copy and paste the workspace ID from the console.
* For more details, see steps 1-4 in Setting Up AWS Chatbot with Slack in the AWS Chatbot User Guide.
* @see https://docs.aws.amazon.com/chatbot/latest/adminguide/setting-up.html#Setup_intro
*/
readonly slackWorkspaceId: string;

/**
* The ID of the Slack channel.
*
* To get the ID, open Slack, right click on the channel name in the left pane, then choose Copy Link.
* The channel ID is the 9-character string at the end of the URL. For example, ABCBBLZZZ.
*/
readonly slackChannelId: string;

/**
* The SNS topics that deliver notifications to AWS Chatbot.
*
* @default None
*/
readonly notificationTopics?: sns.ITopic[];

/**
* Specifies the logging level for this configuration.
* This property affects the log entries pushed to Amazon CloudWatch Logs.
*
* @default LoggingLevel.NONE
*/
readonly loggingLevel?: LoggingLevel;
}

/**
* Logging levels include ERROR, INFO, or NONE.
*/
export enum LoggingLevel {
/**
* ERROR
*/
ERROR = 'ERROR',

/**
* INFO
*/
INFO = 'INFO',

/**
* NONE
*/
NONE = 'NONE',
}

/**
* Represents a Slack channel configuration
*/
export interface ISlackChannelConfiguration extends cdk.IResource, iam.IGrantable {

/**
* The ARN of the Slack channel configuration
* In the form of arn:aws:chatbot:{region}:{account}:chat-configuration/slack-channel/{slackChannelName}
* @attribute
*/
readonly slackChannelConfigurationArn: string;

/**
* The name of Slack channel configuration
* @attribute
*/
readonly slackChannelConfigurationName: string;

/**
* The permission role of Slack channel configuration
* @attribute
*
* @default - A role will be created.
*/
readonly role?: iam.IRole;

/**
* Adds a statement to the IAM role.
*/
addToRolePolicy(statement: iam.PolicyStatement): void;
}

/**
* Either a new or imported Slack channel configuration
*/
abstract class SlackChannelConfigurationBase extends cdk.Resource implements ISlackChannelConfiguration {
abstract readonly slackChannelConfigurationArn: string;

abstract readonly slackChannelConfigurationName: string;

abstract readonly grantPrincipal: iam.IPrincipal;

abstract readonly role?: iam.IRole;

/**
* Adds extra permission to iam-role of Slack channel configuration
* @param statement
*/
public addToRolePolicy(statement: iam.PolicyStatement): void {
if (!this.role) {
return;
}

this.role.addToPrincipalPolicy(statement);
}
}

/**
* A new Slack channel configuration
*/
export class SlackChannelConfiguration extends SlackChannelConfigurationBase {

/**
* Import an existing Slack channel configuration provided an ARN
* @param scope The parent creating construct
* @param id The construct's name
* @param slackChannelConfigurationArn configuration ARN (i.e. arn:aws:chatbot::1234567890:chat-configuration/slack-channel/my-slack)
*
* @returns a reference to the existing Slack channel configuration
*/
public static fromSlackChannelConfigurationArn(scope: cdk.Construct, id: string, slackChannelConfigurationArn: string): ISlackChannelConfiguration {
const re = /^slack-channel\//;
const resourceName = cdk.Stack.of(scope).parseArn(slackChannelConfigurationArn).resourceName as string;

if (!re.test(resourceName)) {
throw new Error('The ARN of a Slack integration must be in the form: arn:aws:chatbot:{region}:{account}:chat-configuration/slack-channel/{slackChannelName}');
}

class Import extends SlackChannelConfigurationBase {

/**
* @attribute
*/
readonly slackChannelConfigurationArn = slackChannelConfigurationArn;
readonly role?: iam.IRole = undefined;
readonly grantPrincipal: iam.IPrincipal;

/**
* Returns a name of Slack channel configuration
*
* NOTE:
* For example: arn:aws:chatbot::1234567890:chat-configuration/slack-channel/my-slack
* The ArnComponents API will return `slack-channel/my-slack`
* It need to handle that to gets a correct name.`my-slack`
*/
readonly slackChannelConfigurationName = resourceName.substring('slack-channel/'.length);

constructor(s: cdk.Construct, i: string) {
super(s, i);
this.grantPrincipal = new iam.UnknownPrincipal({ resource: this });
}
}

return new Import(scope, id);
}

readonly slackChannelConfigurationArn: string;

readonly slackChannelConfigurationName: string;

readonly role?: iam.IRole;

readonly grantPrincipal: iam.IPrincipal;

constructor(scope: cdk.Construct, id: string, props: SlackChannelConfigurationProps) {
super(scope, id, {
physicalName: props.slackChannelConfigurationName,
});

this.role = props.role || new iam.Role(this, 'ConfigurationRole', {
assumedBy: new iam.ServicePrincipal('chatbot.amazonaws.com'),
});

this.grantPrincipal = this.role;

const configuration = new CfnSlackChannelConfiguration(this, 'Resource', {
configurationName: props.slackChannelConfigurationName,
iamRoleArn: this.role.roleArn,
slackWorkspaceId: props.slackWorkspaceId,
slackChannelId: props.slackChannelId,
snsTopicArns: props.notificationTopics?.map(topic => topic.topicArn),
loggingLevel: props.loggingLevel?.toString(),
});

this.slackChannelConfigurationArn = configuration.ref;
this.slackChannelConfigurationName = props.slackChannelConfigurationName;
}
}

11 changes: 9 additions & 2 deletions packages/@aws-cdk/aws-chatbot/package.json
Original file line number Diff line number Diff line change
Expand Up @@ -68,14 +68,21 @@
"devDependencies": {
"@aws-cdk/assert": "0.0.0",
"cdk-build-tools": "0.0.0",
"cdk-integ-tools": "0.0.0",
"cfn2ts": "0.0.0",
"pkglint": "0.0.0"
},
"dependencies": {
"@aws-cdk/core": "0.0.0"
"@aws-cdk/aws-iam": "0.0.0",
"@aws-cdk/aws-sns": "0.0.0",
"@aws-cdk/core": "0.0.0",
"constructs": "^3.0.4"
},
"peerDependencies": {
"@aws-cdk/core": "0.0.0"
"@aws-cdk/aws-iam": "0.0.0",
"@aws-cdk/aws-sns": "0.0.0",
"@aws-cdk/core": "0.0.0",
"constructs": "^3.0.4"
},
"engines": {
"node": ">= 10.13.0 <13 || >=13.7.0"
Expand Down
6 changes: 0 additions & 6 deletions packages/@aws-cdk/aws-chatbot/test/chatbot.test.ts

This file was deleted.

57 changes: 57 additions & 0 deletions packages/@aws-cdk/aws-chatbot/test/integ.chatbot.expected.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,57 @@
{
"Resources": {
"MySlackChannelConfigurationRole1D3F23AE": {
"Type": "AWS::IAM::Role",
"Properties": {
"AssumeRolePolicyDocument": {
"Statement": [
{
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Principal": {
"Service": "chatbot.amazonaws.com"
}
}
],
"Version": "2012-10-17"
}
}
},
"MySlackChannelConfigurationRoleDefaultPolicyE4C1FA62": {
"Type": "AWS::IAM::Policy",
"Properties": {
"PolicyDocument": {
"Statement": [
{
"Action": "s3:GetObject",
"Effect": "Allow",
"Resource": "arn:aws:s3:::abc/xyz/123.txt"
}
],
"Version": "2012-10-17"
},
"PolicyName": "MySlackChannelConfigurationRoleDefaultPolicyE4C1FA62",
"Roles": [
{
"Ref": "MySlackChannelConfigurationRole1D3F23AE"
}
]
}
},
"MySlackChannelA8E0B56C": {
"Type": "AWS::Chatbot::SlackChannelConfiguration",
"Properties": {
"ConfigurationName": "test-channel",
"IamRoleArn": {
"Fn::GetAtt": [
"MySlackChannelConfigurationRole1D3F23AE",
"Arn"
]
},
"SlackChannelId": "C0187JABUE9",
"SlackWorkspaceId": "T49239U4W",
"LoggingLevel": "NONE"
}
}
}
}
31 changes: 31 additions & 0 deletions packages/@aws-cdk/aws-chatbot/test/integ.chatbot.ts
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
import * as iam from '@aws-cdk/aws-iam';
import * as cdk from '@aws-cdk/core';
import * as chatbot from '../lib';

class ChatbotInteg extends cdk.Stack {
constructor(scope: cdk.App, id: string, props?: cdk.StackProps) {
super(scope, id, props);

const slackChannel = new chatbot.SlackChannelConfiguration(this, 'MySlackChannel', {
slackChannelConfigurationName: 'test-channel',
slackWorkspaceId: 'T49239U4W', // modify to your slack workspace id
slackChannelId: 'C0187JABUE9', // modify to your slack channel id
loggingLevel: chatbot.LoggingLevel.NONE,
});

slackChannel.addToRolePolicy(new iam.PolicyStatement({
effect: iam.Effect.ALLOW,
actions: [
's3:GetObject',
],
resources: ['arn:aws:s3:::abc/xyz/123.txt'],
}));
}
}

const app = new cdk.App();

new ChatbotInteg(app, 'ChatbotInteg');

app.synth();

Loading