Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: first implementation #3

Merged
merged 11 commits into from
Feb 5, 2024
Prev Previous commit
Next Next commit
feat: changing default fixture and fixing readme
  • Loading branch information
reste85 committed Jan 30, 2024
commit 62d5cca6846f312661be04fe0be129d04849d1e6
86 changes: 68 additions & 18 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -9,23 +9,39 @@ This construct is still versioned with alpha/v0 major version and we could intro
## Policy Store
Define a Policy Store with defaults (No schema & Validation Settings Mode set to OFF)
```ts
const test = new PolicyStore(stack, 'PolicyStore')
const test = new PolicyStore(scope, 'PolicyStore')
```

Define a Policy Store without Schema definition (Validation Settings Mode must be set to OFF)
```ts
const test = new PolicyStore(stack, 'PolicyStore', {
const test = new PolicyStore(scope, 'PolicyStore', {
validationSettings: {
mode: ValidationSettingsMode.OFF
}
mode: ValidationSettingsMode.OFF,
},
})
```

Define a Policy Store with Schema definition (a STRICT Validation Settings Mode is strongly suggested for Policy Stores with schemas):
```ts
const policyStore = new PolicyStore(stack, 'PolicyStore', {
const cedarJsonSchema = {
PhotoApp: {
entityTypes: {
User: {},
Photo: {},
},
actions: {
viewPhoto: {
appliesTo: {
principalTypes: ['User'],
resourceTypes: ['Photo'],
},
},
},
},
};
const policyStore = new PolicyStore(scope, 'PolicyStore', {
schema: {
cedarJson: readFileSync(join(__dirname, 'assets/store-schema.json'), 'utf-8'),
cedarJson: JSON.stringify(cedarJsonSchema),
},
validationSettings: {
mode: ValidationSettingsMode.STRICT,
Expand All @@ -36,8 +52,8 @@ const policyStore = new PolicyStore(stack, 'PolicyStore', {
## Identity Source
Define Identity Source with required properties
```ts
const userPool = new UserPool(stack, 'UserPool'); // Creating a new Cognito UserPool
new IdentitySource(stack, 'IdentitySource', {
const userPool = new UserPool(scope, 'UserPool'); // Creating a new Cognito UserPool
new IdentitySource(scope, 'IdentitySource', {
configuration: {
cognitoUserPoolConfiguration: {
userPool: userPool,
Expand All @@ -48,8 +64,32 @@ new IdentitySource(stack, 'IdentitySource', {

Define Identity Source with all the properties
```ts
const userPool = new UserPool(stack, 'UserPool'); // Creating a new Cognito UserPool
new IdentitySource(stack, 'IdentitySource', {
const cedarJsonSchema = {
PhotoApp: {
entityTypes: {
User: {},
Photo: {},
},
actions: {
viewPhoto: {
appliesTo: {
principalTypes: ['User'],
resourceTypes: ['Photo'],
},
},
},
},
};
const policyStore = new PolicyStore(scope, 'PolicyStore', {
schema: {
cedarJson: JSON.stringify(cedarJsonSchema),
},
validationSettings: {
mode: ValidationSettingsMode.STRICT,
},
});
const userPool = new UserPool(scope, 'UserPool'); // Creating a new Cognito UserPool
new IdentitySource(scope, 'IdentitySource', {
configuration: {
cognitoUserPoolConfiguration: {
clientIds: [
Expand All @@ -76,14 +116,14 @@ const statement = `permit(

const description = 'Test policy assigned to the test store';

const policyStore = new PolicyStore(stack, 'PolicyStore', {
const policyStore = new PolicyStore(scope, 'PolicyStore', {
validationSettings: {
mode: ValidationSettingsMode.OFF,
mode: ValidationSettingsMode.OFF,
},
});

// Create a policy and add it to the policy store
const policy = new Policy(stack, 'MyTestPolicy', {
const policy = new Policy(scope, 'MyTestPolicy', {
definition: {
static: {
statement,
Expand All @@ -97,17 +137,22 @@ const policy = new Policy(stack, 'MyTestPolicy', {
Define a policy with a template linked definition
```ts

const policyStore = new PolicyStore(stack, 'PolicyStore', {
const policyStore = new PolicyStore(scope, 'PolicyStore', {
validationSettings: {
mode: ValidationSettingsMode.OFF,
},
});

const template = new PolicyTemplate(stack, 'PolicyTemplate', {
const policyTemplateStatement = `
permit (
principal == ?principal,
action in [TinyTodo::Action::"ReadList", TinyTodo::Action::"ListTasks"],
resource == ?resource
);`;
const template = new PolicyTemplate(scope, 'PolicyTemplate', {
statement: policyTemplateStatement,
});

const policy = new Policy(stack, 'MyTestPolicy', {
const policy = new Policy(scope, 'MyTestPolicy', {
definition: {
templateLinked: {
policyTemplate: template,
Expand All @@ -129,7 +174,12 @@ const policy = new Policy(stack, 'MyTestPolicy', {
## Policy Template
Define a Policy Template referring to a Cedar Statement in local file
```ts
new PolicyTemplate(stack, 'PolicyTemplate', {
const policyStore = new PolicyStore(scope, 'PolicyStore', {
validationSettings: {
mode: ValidationSettingsMode.OFF,
},
});
new PolicyTemplate(scope, 'PolicyTemplate', {
description: 'Allows sharing photos in full access mode',
policyStore: policyStore,
statement: Statement.fromFile('assets/template-statement.cedar'),
Expand Down
6 changes: 3 additions & 3 deletions rosetta/default.ts-fixture
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
// Fixture with packages imported, but nothing else
import { IdentitySource, Policy, PolicyType, PolicyTemplate, AddPolicyOptions, PolicyStore, ValidationSettingsMode, Statement } from 'cdk-verified-permissions';
import { UserPool } from 'aws-cdk-lib/aws-cognito';
import { Stack } from 'aws-cdk-lib';
import { Construct } from 'constructs';
import {
Stack,
} from 'aws-cdk-lib';

class Fixture extends Stack {
constructor(scope: Construct, id: string) {
Expand Down
Loading