From e2768e8a3eeda8b85f62aa1c77be73f9c96da1af Mon Sep 17 00:00:00 2001 From: Joshua Weber <57131123+daschaa@users.noreply.github.com> Date: Thu, 2 Jun 2022 17:47:09 +0200 Subject: [PATCH] feat(pipelines): pass role to s3 source action (#20576) Fixes #20556 Implements the role property for the `S3Source`, which is being passed down to the underlying `S3SourceAction`. ---- ### All Submissions: * [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [x] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/master/INTEGRATION_TESTS.md)? * [x] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- .../lib/codepipeline/codepipeline-source.ts | 9 +++++ .../codepipeline/codepipeline-sources.test.ts | 33 +++++++++++++++++++ 2 files changed, 42 insertions(+) diff --git a/packages/@aws-cdk/pipelines/lib/codepipeline/codepipeline-source.ts b/packages/@aws-cdk/pipelines/lib/codepipeline/codepipeline-source.ts index 0fe05412d297a..d92adc8225782 100644 --- a/packages/@aws-cdk/pipelines/lib/codepipeline/codepipeline-source.ts +++ b/packages/@aws-cdk/pipelines/lib/codepipeline/codepipeline-source.ts @@ -291,6 +291,14 @@ export interface S3SourceOptions { * @default - The bucket name */ readonly actionName?: string; + + /** + * The role that will be assumed by the pipeline prior to executing + * the `S3Source` action. + * + * @default - a new role will be generated + */ + readonly role?: iam.IRole; } class S3Source extends CodePipelineSource { @@ -309,6 +317,7 @@ class S3Source extends CodePipelineSource { bucketKey: this.objectKey, trigger: this.props.trigger, bucket: this.bucket, + role: this.props.role, variablesNamespace, }); } diff --git a/packages/@aws-cdk/pipelines/test/codepipeline/codepipeline-sources.test.ts b/packages/@aws-cdk/pipelines/test/codepipeline/codepipeline-sources.test.ts index 6b419bd417c3f..9295f104a25bf 100644 --- a/packages/@aws-cdk/pipelines/test/codepipeline/codepipeline-sources.test.ts +++ b/packages/@aws-cdk/pipelines/test/codepipeline/codepipeline-sources.test.ts @@ -255,3 +255,36 @@ test('can use source attributes in pipeline', () => { ], }); }); + +test('pass role to s3 codepipeline source', () => { + const bucket = new s3.Bucket(pipelineStack, 'Bucket'); + const role = new Role(pipelineStack, 'TestRole', { + assumedBy: new AnyPrincipal(), + }); + new ModernTestGitHubNpmPipeline(pipelineStack, 'Pipeline', { + input: cdkp.CodePipelineSource.s3(bucket, 'thefile.zip', { + role, + }), + }); + + Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { + Stages: Match.arrayWith([{ + Name: 'Source', + Actions: [ + Match.objectLike({ + Configuration: Match.objectLike({ + S3Bucket: { Ref: Match.anyValue() }, + S3ObjectKey: 'thefile.zip', + }), + Name: { Ref: Match.anyValue() }, + RoleArn: { + 'Fn::GetAtt': [ + Match.stringLikeRegexp('TestRole.*'), + 'Arn', + ], + }, + }), + ], + }]), + }); +});