Skip to content

Commit

Permalink
feat: adding support for description in PolicyStore & making policySt…
Browse files Browse the repository at this point in the history
…ore field mandatory for IdentitySource
  • Loading branch information
reste85 committed Mar 29, 2024
1 parent 3476016 commit 98ccdb0
Show file tree
Hide file tree
Showing 10 changed files with 129 additions and 35 deletions.
2 changes: 1 addition & 1 deletion .projen/deps.json

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion .projenrc.ts
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ const project = new CdklabsConstructLibrary({
authorAddress: '[email protected]',
description: 'L2 AWS CDK Constructs for Amazon Verified Permissions',
keywords: ['cdk', 'aws-cdk', 'awscdk', 'aws', 'verified-permissions', 'authorization'],
cdkVersion: '2.92.0',
cdkVersion: '2.134.0',
defaultReleaseBranch: 'main',
devDeps: ['cdklabs-projen-project-types'],
name: '@cdklabs/cdk-verified-permissions',
Expand Down
46 changes: 36 additions & 10 deletions API.md

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

33 changes: 31 additions & 2 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ This construct is still versioned with alpha/v0 major version and we could intro

## Policy Store

Define a Policy Store with defaults (No schema & Validation Settings Mode set to OFF):
Define a Policy Store with defaults (No description, No schema & Validation Settings Mode set to OFF):

```ts
const test = new PolicyStore(scope, "PolicyStore");
Expand All @@ -27,9 +27,10 @@ const test = new PolicyStore(scope, "PolicyStore", {
});
```

Define a Policy Store with Schema definition (a STRICT Validation Settings Mode is strongly suggested for Policy Stores with schemas):
Define a Policy Store with Description and Schema definition (a STRICT Validation Settings Mode is strongly suggested for Policy Stores with schemas):

```ts
const description = "PolicyStore description";
const validationSettingsStrict = {
mode: ValidationSettingsMode.STRICT,
};
Expand All @@ -55,6 +56,7 @@ const cedarSchema = {
const policyStore = new PolicyStore(scope, "PolicyStore", {
schema: cedarSchema,
validationSettings: validationSettingsStrict,
description: description
});
```

Expand All @@ -79,12 +81,39 @@ Define Identity Source with required properties:

```ts
const userPool = new UserPool(scope, "UserPool"); // Creating a new Cognito UserPool
const validationSettingsStrict = {
mode: ValidationSettingsMode.STRICT,
};
const cedarJsonSchema = {
PhotoApp: {
entityTypes: {
User: {},
Photo: {},
},
actions: {
viewPhoto: {
appliesTo: {
principalTypes: ["User"],
resourceTypes: ["Photo"],
},
},
},
},
};
const cedarSchema = {
cedarJson: JSON.stringify(cedarJsonSchema),
};
const policyStore = new PolicyStore(scope, "PolicyStore", {
schema: cedarSchema,
validationSettings: validationSettingsStrict,
});
new IdentitySource(scope, "IdentitySource", {
configuration: {
cognitoUserPoolConfiguration: {
userPool: userPool,
},
},
policyStore: policyStore
});
```

Expand Down
4 changes: 2 additions & 2 deletions package.json

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

7 changes: 3 additions & 4 deletions src/identity-source.ts
Original file line number Diff line number Diff line change
Expand Up @@ -75,9 +75,8 @@ export interface IdentitySourceProps {
/**
* Policy Store in which you want to store this identity source
*
* @default - No policy store is set for the identity source.
*/
readonly policyStore?: IPolicyStore;
readonly policyStore: IPolicyStore;

/**
* Principal entity type
Expand Down Expand Up @@ -195,7 +194,7 @@ export class IdentitySource extends IdentitySourceBase {
readonly identitySourceId: string;
readonly openIdIssuer: string;
readonly userPoolArn: string;
readonly policyStore?: IPolicyStore;
readonly policyStore: IPolicyStore;

constructor(scope: Construct, id: string, props: IdentitySourceProps) {
super(scope, id);
Expand All @@ -211,7 +210,7 @@ export class IdentitySource extends IdentitySourceBase {
userPoolArn: this.userPoolArn,
},
},
policyStoreId: props.policyStore?.policyStoreId,
policyStoreId: props.policyStore.policyStoreId,
principalEntityType: props.principalEntityType,
});
this.discoveryUrl = this.identitySource.attrDetailsDiscoveryUrl;
Expand Down
16 changes: 15 additions & 1 deletion src/policy-store.ts
Original file line number Diff line number Diff line change
Expand Up @@ -81,7 +81,7 @@ export interface PolicyStoreProps {
* This attribute is not required from an API point of view.
* It represents the schema (in Cedar) to be applied to the PolicyStore.
*
* @default - The schema (in Cedar) to be applied to the PolicyStore.
* @default - No schema.
*/
readonly schema?: ISchema;

Expand All @@ -91,6 +91,13 @@ export interface PolicyStoreProps {
* @default - If not provided, the Policy store will be created with ValidationSettingsMode = "OFF"
*/
readonly validationSettings: IValidationSettings;

/**
* The policy store's description
*
* @default - No description.
*/
readonly description?: string;
}

export interface AddPolicyOptions {
Expand Down Expand Up @@ -273,6 +280,11 @@ export class PolicyStore extends PolicyStoreBase {
*/
readonly validationSettings: IValidationSettings;

/**
* Description of the Policy Store
*/
readonly description?: string;

constructor(
scope: Construct,
id: string,
Expand All @@ -291,6 +303,7 @@ export class PolicyStore extends PolicyStoreBase {
}
: undefined,
validationSettings: props.validationSettings,
description: props.description,
});
this.policyStoreArn = this.getResourceArnAttribute(
this.policyStore.attrArn,
Expand All @@ -304,6 +317,7 @@ export class PolicyStore extends PolicyStoreBase {
this.policyStoreId = this.policyStore.attrPolicyStoreId;
this.schema = props.schema;
this.validationSettings = props.validationSettings;
this.description = props.description;
}

/**
Expand Down
10 changes: 10 additions & 0 deletions test/identity-source.test.ts
Original file line number Diff line number Diff line change
Expand Up @@ -15,12 +15,19 @@ describe('Identity Source creation', () => {

// WHEN
const userPool = new UserPool(stack, 'UserPool');
const policyStore = new PolicyStore(stack, 'PolicyStore', {
validationSettings: {
mode: ValidationSettingsMode.OFF,
},
});
const policyStoreLogicalId = getResourceLogicalId(policyStore, CfnPolicyStore);
new IdentitySource(stack, 'IdentitySource', {
configuration: {
cognitoUserPoolConfiguration: {
userPool: userPool,
},
},
policyStore: policyStore,
});

// THEN
Expand All @@ -35,6 +42,9 @@ describe('Identity Source creation', () => {
},
},
},
PolicyStoreId: {
'Fn::GetAtt': [policyStoreLogicalId, 'PolicyStoreId'],
},
});
});

Expand Down
5 changes: 4 additions & 1 deletion test/policy-store.test.ts
Original file line number Diff line number Diff line change
Expand Up @@ -75,19 +75,21 @@ describe('Policy Store creation', () => {
);
});

test('Creating Policy Store with validation settings and schema (mode = STRICT)', () => {
test('Creating Policy Store with validation settings, description and schema (mode = STRICT)', () => {
// GIVEN
const cedarJsonSchema = cedarJsonSchemaExample;
const stack = new Stack(undefined, 'Stack');

// WHEN
const description = 'Policy Store Description';
new PolicyStore(stack, 'PolicyStore', {
validationSettings: {
mode: ValidationSettingsMode.STRICT,
},
schema: {
cedarJson: JSON.stringify(cedarJsonSchema),
},
description: description,
});

// THEN
Expand All @@ -100,6 +102,7 @@ describe('Policy Store creation', () => {
Schema: {
CedarJson: JSON.stringify(cedarJsonSchema),
},
Description: description,
},
);
});
Expand Down
Loading

0 comments on commit 98ccdb0

Please sign in to comment.