forked from aws/aws-cdk
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat(aws-codepipeline): support for pipeline action’s service role
In realation to aws#49 The action’s service roles is a role which will be assumed by pipeline during execution of this action. The pipeline action’s service role can be used to perform more advanced configuration, when i.e. elevation of permissions is required, or when fine grained access control may be required. https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-codepipeline-pipeline-stages-actions.html This commit is motivated by enabling cross-account deployments, for which service role will be used as jump role to assume one used by Cloud Formation in target account.
- Loading branch information
Rado Smogura
committed
Jan 18, 2019
1 parent
4af7c0d
commit 58a297b
Showing
14 changed files
with
527 additions
and
14 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,4 +1,6 @@ | ||
.vscode | ||
# VSCode extension | ||
/.favorites.json | ||
.DS_Store | ||
node_modules | ||
lerna-debug.log | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
66 changes: 66 additions & 0 deletions
66
packages/@aws-cdk/aws-codedeploy/test/test.pipeline-action.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,66 @@ | ||
import { IPipeline } from '@aws-cdk/aws-codepipeline-api'; | ||
import * as iam from '@aws-cdk/aws-iam'; | ||
import { App, Stack } from '@aws-cdk/cdk'; | ||
import { Test } from 'nodeunit'; | ||
import { Bucket, PipelineSourceAction } from '../../aws-s3/lib'; | ||
import { PipelineDeployAction, ServerDeploymentGroup } from '../lib'; | ||
|
||
export = { | ||
'test passing properties to action'(test: Test) { | ||
const app = new TestApp(); | ||
|
||
const source = new PipelineSourceAction(app.stack, 'Src', { | ||
bucket: Bucket.import(app.stack, 'Bucket', {bucketName: 'someName'}), | ||
bucketKey: 'bkkey', | ||
stage: { | ||
node: app.stack.node, | ||
name: 'Source', | ||
pipeline: { | ||
role: iam.Role.import(app.stack, 'r1', { roleArn: 'arn:aws:iam::123456789012:role/superUser1'} ) | ||
} as IPipeline, | ||
_internal: { | ||
_attachAction: () => null, | ||
_findInputArtifact: () => { throw new Error('X'); }, | ||
_generateOutputArtifactName: () => 'SourceOut' | ||
} | ||
} | ||
}); | ||
|
||
const action = new PipelineDeployAction(app.stack, 'Id', { | ||
runOrder: 456, | ||
stage: { | ||
node: app.stack.node, | ||
name: 'Source', | ||
pipeline: { | ||
role: iam.Role.import(app.stack, 'r2', { roleArn: 'arn:aws:iam::123456789012:role/superUser2'} ) | ||
} as IPipeline, | ||
_internal: { | ||
_attachAction: () => null, | ||
_findInputArtifact: () => { throw new Error('X'); }, | ||
_generateOutputArtifactName: () => 'DeployOut' | ||
} | ||
}, | ||
actionRole: iam.Role.import(app.stack, 'Role', { | ||
roleArn: 'arn:aws:iam::123456789012:role/superUser' | ||
}), | ||
deploymentGroup: new ServerDeploymentGroup(app.stack, 'DeployGroup', { | ||
deploymentGroupName: 'DGName' | ||
}), | ||
inputArtifact: source.outputArtifact | ||
}); | ||
|
||
test.equals(action.runOrder, 456); | ||
test.equals(action.actionRole!.roleArn, 'arn:aws:iam::123456789012:role/superUser'); | ||
test.done(); | ||
} | ||
}; | ||
|
||
class TestApp { | ||
private readonly app = new App(); | ||
// tslint:disable-next-line:member-ordering | ||
public readonly stack: Stack = new Stack(this.app, 'MyStack'); | ||
|
||
public synthesizeTemplate() { | ||
return this.app.synthesizeStack(this.stack.name).template; | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.