diff --git a/.projen/deps.json b/.projen/deps.json
index 9831129..7e66dca 100644
--- a/.projen/deps.json
+++ b/.projen/deps.json
@@ -99,7 +99,7 @@
},
{
"name": "aws-cdk-lib",
- "version": "^2.92.0",
+ "version": "^2.134.0",
"type": "peer"
},
{
diff --git a/.projenrc.ts b/.projenrc.ts
index 5ac2fa4..18b279d 100644
--- a/.projenrc.ts
+++ b/.projenrc.ts
@@ -4,7 +4,7 @@ const project = new CdklabsConstructLibrary({
authorAddress: 'aws-avp-cdk-dev@amazon.com',
description: 'L2 AWS CDK Constructs for Amazon Verified Permissions',
keywords: ['cdk', 'aws-cdk', 'awscdk', 'aws', 'verified-permissions', 'authorization'],
- cdkVersion: '2.92.0',
+ cdkVersion: '2.134.0',
defaultReleaseBranch: 'main',
devDeps: ['cdklabs-projen-project-types'],
name: '@cdklabs/cdk-verified-permissions',
diff --git a/API.md b/API.md
index ede3c6e..745ec6a 100644
--- a/API.md
+++ b/API.md
@@ -273,8 +273,8 @@ The Identity Source identifier.
| identitySourceArn | string | Identity Source ARN. |
| identitySourceId | string | Identity Source identifier. |
| openIdIssuer | string | *No description.* |
-| userPoolArn | string | *No description.* |
| policyStore | IPolicyStore | *No description.* |
+| userPoolArn | string | *No description.* |
---
@@ -375,23 +375,23 @@ public readonly openIdIssuer: string;
---
-##### `userPoolArn`Required
+##### `policyStore`Required
```typescript
-public readonly userPoolArn: string;
+public readonly policyStore: IPolicyStore;
```
-- *Type:* string
+- *Type:* IPolicyStore
---
-##### `policyStore`Optional
+##### `userPoolArn`Required
```typescript
-public readonly policyStore: IPolicyStore;
+public readonly userPoolArn: string;
```
-- *Type:* IPolicyStore
+- *Type:* string
---
@@ -1043,6 +1043,7 @@ The PolicyStore's id.
| policyStoreId | string | ID of the Policy Store. |
| policyStoreName | string | Name of the Policy Store. |
| validationSettings | IValidationSettings | Validation Settings of the Policy Store. |
+| description | string | Description of the Policy Store. |
| schema | ISchema | Schema definition of the Policy Store. |
---
@@ -1138,6 +1139,18 @@ Validation Settings of the Policy Store.
---
+##### `description`Optional
+
+```typescript
+public readonly description: string;
+```
+
+- *Type:* string
+
+Description of the Policy Store.
+
+---
+
##### `schema`Optional
```typescript
@@ -1702,14 +1715,13 @@ Identity Source configuration.
---
-##### `policyStore`Optional
+##### `policyStore`Required
```typescript
public readonly policyStore: IPolicyStore;
```
- *Type:* IPolicyStore
-- *Default:* No policy store is set for the identity source.
Policy Store in which you want to store this identity source.
@@ -1928,6 +1940,7 @@ const policyStoreProps: PolicyStoreProps = { ... }
| **Name** | **Type** | **Description** |
| --- | --- | --- |
| validationSettings | IValidationSettings | The policy store's validation settings. |
+| description | string | The policy store's description. |
| schema | ISchema | This attribute is not required from an API point of view. |
---
@@ -1945,6 +1958,19 @@ The policy store's validation settings.
---
+##### `description`Optional
+
+```typescript
+public readonly description: string;
+```
+
+- *Type:* string
+- *Default:* No description.
+
+The policy store's description.
+
+---
+
##### `schema`Optional
```typescript
@@ -1952,7 +1978,7 @@ public readonly schema: ISchema;
```
- *Type:* ISchema
-- *Default:* The schema (in Cedar) to be applied to the PolicyStore.
+- *Default:* No schema.
This attribute is not required from an API point of view.
diff --git a/README.md b/README.md
index 2ac2041..8dee35a 100644
--- a/README.md
+++ b/README.md
@@ -10,7 +10,7 @@ This construct is still versioned with alpha/v0 major version and we could intro
## Policy Store
-Define a Policy Store with defaults (No schema & Validation Settings Mode set to OFF):
+Define a Policy Store with defaults (No description, No schema & Validation Settings Mode set to OFF):
```ts
const test = new PolicyStore(scope, "PolicyStore");
@@ -27,7 +27,7 @@ const test = new PolicyStore(scope, "PolicyStore", {
});
```
-Define a Policy Store with Schema definition (a STRICT Validation Settings Mode is strongly suggested for Policy Stores with schemas):
+Define a Policy Store with Description and Schema definition (a STRICT Validation Settings Mode is strongly suggested for Policy Stores with schemas):
```ts
const validationSettingsStrict = {
@@ -55,6 +55,7 @@ const cedarSchema = {
const policyStore = new PolicyStore(scope, "PolicyStore", {
schema: cedarSchema,
validationSettings: validationSettingsStrict,
+ description: "PolicyStore description"
});
```
@@ -79,12 +80,39 @@ Define Identity Source with required properties:
```ts
const userPool = new UserPool(scope, "UserPool"); // Creating a new Cognito UserPool
+const validationSettingsStrict = {
+ mode: ValidationSettingsMode.STRICT,
+};
+const cedarJsonSchema = {
+ PhotoApp: {
+ entityTypes: {
+ User: {},
+ Photo: {},
+ },
+ actions: {
+ viewPhoto: {
+ appliesTo: {
+ principalTypes: ["User"],
+ resourceTypes: ["Photo"],
+ },
+ },
+ },
+ },
+};
+const cedarSchema = {
+ cedarJson: JSON.stringify(cedarJsonSchema),
+};
+const policyStore = new PolicyStore(scope, "PolicyStore", {
+ schema: cedarSchema,
+ validationSettings: validationSettingsStrict,
+});
new IdentitySource(scope, "IdentitySource", {
configuration: {
cognitoUserPoolConfiguration: {
userPool: userPool,
},
},
+ policyStore: policyStore
});
```
diff --git a/package.json b/package.json
index 66d94d3..6ed7c35 100644
--- a/package.json
+++ b/package.json
@@ -49,7 +49,7 @@
"@types/node": "^18",
"@typescript-eslint/eslint-plugin": "^6",
"@typescript-eslint/parser": "^6",
- "aws-cdk-lib": "2.92.0",
+ "aws-cdk-lib": "2.134.0",
"cdklabs-projen-project-types": "^0.1.190",
"constructs": "10.0.5",
"eslint": "^8",
@@ -69,7 +69,7 @@
"typescript": "^5.4.3"
},
"peerDependencies": {
- "aws-cdk-lib": "^2.92.0",
+ "aws-cdk-lib": "^2.134.0",
"constructs": "^10.0.5"
},
"keywords": [
diff --git a/src/identity-source.ts b/src/identity-source.ts
index f33912c..47f78fc 100644
--- a/src/identity-source.ts
+++ b/src/identity-source.ts
@@ -75,9 +75,8 @@ export interface IdentitySourceProps {
/**
* Policy Store in which you want to store this identity source
*
- * @default - No policy store is set for the identity source.
*/
- readonly policyStore?: IPolicyStore;
+ readonly policyStore: IPolicyStore;
/**
* Principal entity type
@@ -195,7 +194,7 @@ export class IdentitySource extends IdentitySourceBase {
readonly identitySourceId: string;
readonly openIdIssuer: string;
readonly userPoolArn: string;
- readonly policyStore?: IPolicyStore;
+ readonly policyStore: IPolicyStore;
constructor(scope: Construct, id: string, props: IdentitySourceProps) {
super(scope, id);
@@ -211,7 +210,7 @@ export class IdentitySource extends IdentitySourceBase {
userPoolArn: this.userPoolArn,
},
},
- policyStoreId: props.policyStore?.policyStoreId,
+ policyStoreId: props.policyStore.policyStoreId,
principalEntityType: props.principalEntityType,
});
this.discoveryUrl = this.identitySource.attrDetailsDiscoveryUrl;
diff --git a/src/policy-store.ts b/src/policy-store.ts
index 038d8a6..c0099f1 100644
--- a/src/policy-store.ts
+++ b/src/policy-store.ts
@@ -81,7 +81,7 @@ export interface PolicyStoreProps {
* This attribute is not required from an API point of view.
* It represents the schema (in Cedar) to be applied to the PolicyStore.
*
- * @default - The schema (in Cedar) to be applied to the PolicyStore.
+ * @default - No schema.
*/
readonly schema?: ISchema;
@@ -91,6 +91,13 @@ export interface PolicyStoreProps {
* @default - If not provided, the Policy store will be created with ValidationSettingsMode = "OFF"
*/
readonly validationSettings: IValidationSettings;
+
+ /**
+ * The policy store's description
+ *
+ * @default - No description.
+ */
+ readonly description?: string;
}
export interface AddPolicyOptions {
@@ -273,6 +280,11 @@ export class PolicyStore extends PolicyStoreBase {
*/
readonly validationSettings: IValidationSettings;
+ /**
+ * Description of the Policy Store
+ */
+ readonly description?: string;
+
constructor(
scope: Construct,
id: string,
@@ -291,6 +303,7 @@ export class PolicyStore extends PolicyStoreBase {
}
: undefined,
validationSettings: props.validationSettings,
+ description: props.description,
});
this.policyStoreArn = this.getResourceArnAttribute(
this.policyStore.attrArn,
@@ -304,6 +317,7 @@ export class PolicyStore extends PolicyStoreBase {
this.policyStoreId = this.policyStore.attrPolicyStoreId;
this.schema = props.schema;
this.validationSettings = props.validationSettings;
+ this.description = props.description;
}
/**
diff --git a/test/identity-source.test.ts b/test/identity-source.test.ts
index 844d275..e211294 100644
--- a/test/identity-source.test.ts
+++ b/test/identity-source.test.ts
@@ -15,12 +15,19 @@ describe('Identity Source creation', () => {
// WHEN
const userPool = new UserPool(stack, 'UserPool');
+ const policyStore = new PolicyStore(stack, 'PolicyStore', {
+ validationSettings: {
+ mode: ValidationSettingsMode.OFF,
+ },
+ });
+ const policyStoreLogicalId = getResourceLogicalId(policyStore, CfnPolicyStore);
new IdentitySource(stack, 'IdentitySource', {
configuration: {
cognitoUserPoolConfiguration: {
userPool: userPool,
},
},
+ policyStore: policyStore,
});
// THEN
@@ -35,6 +42,9 @@ describe('Identity Source creation', () => {
},
},
},
+ PolicyStoreId: {
+ 'Fn::GetAtt': [policyStoreLogicalId, 'PolicyStoreId'],
+ },
});
});
diff --git a/test/policy-store.test.ts b/test/policy-store.test.ts
index 6827b9f..cdf7eca 100644
--- a/test/policy-store.test.ts
+++ b/test/policy-store.test.ts
@@ -75,12 +75,13 @@ describe('Policy Store creation', () => {
);
});
- test('Creating Policy Store with validation settings and schema (mode = STRICT)', () => {
+ test('Creating Policy Store with validation settings, description and schema (mode = STRICT)', () => {
// GIVEN
const cedarJsonSchema = cedarJsonSchemaExample;
const stack = new Stack(undefined, 'Stack');
// WHEN
+ const description = 'Policy Store Description';
new PolicyStore(stack, 'PolicyStore', {
validationSettings: {
mode: ValidationSettingsMode.STRICT,
@@ -88,6 +89,7 @@ describe('Policy Store creation', () => {
schema: {
cedarJson: JSON.stringify(cedarJsonSchema),
},
+ description: description,
});
// THEN
@@ -100,6 +102,7 @@ describe('Policy Store creation', () => {
Schema: {
CedarJson: JSON.stringify(cedarJsonSchema),
},
+ Description: description,
},
);
});
diff --git a/yarn.lock b/yarn.lock
index 6543b90..4f6ce9d 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -15,7 +15,7 @@
"@jridgewell/gen-mapping" "^0.3.5"
"@jridgewell/trace-mapping" "^0.3.24"
-"@aws-cdk/asset-awscli-v1@^2.2.200":
+"@aws-cdk/asset-awscli-v1@^2.2.202":
version "2.2.202"
resolved "https://registry.yarnpkg.com/@aws-cdk/asset-awscli-v1/-/asset-awscli-v1-2.2.202.tgz#4627201d71f6a5c60db36385ce09cb81005f4b32"
integrity sha512-JqlF0D4+EVugnG5dAsNZMqhu3HW7ehOXm5SDMxMbXNDMdsF0pxtQKNHRl52z1U9igsHmaFpUgSGjbhAJ+0JONg==
@@ -1220,22 +1220,23 @@ available-typed-arrays@^1.0.7:
dependencies:
possible-typed-array-names "^1.0.0"
-aws-cdk-lib@2.92.0:
- version "2.92.0"
- resolved "https://registry.yarnpkg.com/aws-cdk-lib/-/aws-cdk-lib-2.92.0.tgz#6f036e8fb73dc7196aac71e4b22658d8226b8ce5"
- integrity sha512-J+SUFSnOt9u2GbY5QIABgjGNiw8bL/v0S3zsPhhO1dVwK+G7oE+bhLcAi3iILrw2sIpirNWH9K3W0by9K+cyMw==
+aws-cdk-lib@2.134.0:
+ version "2.134.0"
+ resolved "https://registry.yarnpkg.com/aws-cdk-lib/-/aws-cdk-lib-2.134.0.tgz#92b53afed0d2bc4378211638d8ab056577b36840"
+ integrity sha512-fjJLsZ7L+HLVSOGfYxMcAbUYBb1I/UWLH9STkPiytT+hWQNN6lmZYLDHlqCqcS8gFyyCqu4i3KOOt/ZDHDVo2Q==
dependencies:
- "@aws-cdk/asset-awscli-v1" "^2.2.200"
+ "@aws-cdk/asset-awscli-v1" "^2.2.202"
"@aws-cdk/asset-kubectl-v20" "^2.1.2"
"@aws-cdk/asset-node-proxy-agent-v6" "^2.0.1"
"@balena/dockerignore" "^1.0.2"
case "1.6.3"
- fs-extra "^11.1.1"
- ignore "^5.2.4"
+ fs-extra "^11.2.0"
+ ignore "^5.3.1"
jsonschema "^1.4.1"
+ mime-types "^2.1.35"
minimatch "^3.1.2"
- punycode "^2.3.0"
- semver "^7.5.4"
+ punycode "^2.3.1"
+ semver "^7.6.0"
table "^6.8.1"
yaml "1.10.2"
@@ -2418,7 +2419,7 @@ fs-extra@^10.1.0:
jsonfile "^6.0.1"
universalify "^2.0.0"
-fs-extra@^11.1.1:
+fs-extra@^11.2.0:
version "11.2.0"
resolved "https://registry.yarnpkg.com/fs-extra/-/fs-extra-11.2.0.tgz#e70e17dfad64232287d01929399e0ea7c86b0e5b"
integrity sha512-PmDi3uwK5nFuXh7XDTlVnS17xJS7vW36is2+w3xcv8SVxiB4NyATf4ctkVY5bkSjX0Y4nbvZCq1/EjtEyr9ktw==
@@ -2744,7 +2745,7 @@ human-signals@^2.1.0:
resolved "https://registry.yarnpkg.com/human-signals/-/human-signals-2.1.0.tgz#dc91fcba42e4d06e4abaed33b3e7a3c02f514ea0"
integrity sha512-B4FFZ6q/T2jhhksgkbEW3HBvWIfDW85snkQgawt07S7J5QXTk6BkNV+0yAeZrM5QpMAdYlocGoljn0sJ/WQkFw==
-ignore@^5.2.0, ignore@^5.2.4:
+ignore@^5.2.0, ignore@^5.2.4, ignore@^5.3.1:
version "5.3.1"
resolved "https://registry.yarnpkg.com/ignore/-/ignore-5.3.1.tgz#5073e554cd42c5b33b394375f538b8593e34d4ef"
integrity sha512-5Fytz/IraMjqpwfd34ke28PTVMjZjJG2MPn5t7OE4eUCUNf8BAa7b5WUS9/Qvr6mwOQS7Mk6vdsMno5he+T8Xw==
@@ -3854,6 +3855,18 @@ micromatch@^4.0.4:
braces "^3.0.2"
picomatch "^2.3.1"
+mime-db@1.52.0:
+ version "1.52.0"
+ resolved "https://registry.yarnpkg.com/mime-db/-/mime-db-1.52.0.tgz#bbabcdc02859f4987301c856e3387ce5ec43bf70"
+ integrity sha512-sPU4uV7dYlvtWJxwwxHD0PuihVNiE7TyAbQ5SWxDCB9mUYvOgroQOwYQQOKPJ8CIbE+1ETVlOoK1UC2nU3gYvg==
+
+mime-types@^2.1.35:
+ version "2.1.35"
+ resolved "https://registry.yarnpkg.com/mime-types/-/mime-types-2.1.35.tgz#381a871b62a734450660ae3deee44813f70d959a"
+ integrity sha512-ZDY+bPm5zTTF+YpCrAU9nK0UgICYPT0QtT1NZWFv4s++TNkcgVaT0g6+4R2uI4MjQjzysHB1zxuWL50hzaeXiw==
+ dependencies:
+ mime-db "1.52.0"
+
mimic-fn@^2.1.0:
version "2.1.0"
resolved "https://registry.yarnpkg.com/mimic-fn/-/mimic-fn-2.1.0.tgz#7ed2c2ccccaf84d3ffcb7a69b57711fc2083401b"
@@ -4255,7 +4268,7 @@ prompts@^2.0.1:
kleur "^3.0.3"
sisteransi "^1.0.5"
-punycode@^2.1.0, punycode@^2.3.0:
+punycode@^2.1.0, punycode@^2.3.1:
version "2.3.1"
resolved "https://registry.yarnpkg.com/punycode/-/punycode-2.3.1.tgz#027422e2faec0b25e1549c3e1bd8309b9133b6e5"
integrity sha512-vYt7UD1U9Wg6138shLtLOvdAu+8DsC/ilFtEVHcH+wydcSpNE20AfSOduf6MkRFahL5FY7X1oU7nKVZFtfq8Fg==