From 98ccdb0827fb4bcbfa0a27eecd4c0ff432606264 Mon Sep 17 00:00:00 2001 From: reste85 Date: Fri, 29 Mar 2024 09:15:29 +0100 Subject: [PATCH 1/2] feat: adding support for description in PolicyStore & making policyStore field mandatory for IdentitySource --- .projen/deps.json | 2 +- .projenrc.ts | 2 +- API.md | 46 ++++++++++++++++++++++++++++-------- README.md | 33 ++++++++++++++++++++++++-- package.json | 4 ++-- src/identity-source.ts | 7 +++--- src/policy-store.ts | 16 ++++++++++++- test/identity-source.test.ts | 10 ++++++++ test/policy-store.test.ts | 5 +++- yarn.lock | 39 ++++++++++++++++++++---------- 10 files changed, 129 insertions(+), 35 deletions(-) diff --git a/.projen/deps.json b/.projen/deps.json index 9831129..7e66dca 100644 --- a/.projen/deps.json +++ b/.projen/deps.json @@ -99,7 +99,7 @@ }, { "name": "aws-cdk-lib", - "version": "^2.92.0", + "version": "^2.134.0", "type": "peer" }, { diff --git a/.projenrc.ts b/.projenrc.ts index 5ac2fa4..18b279d 100644 --- a/.projenrc.ts +++ b/.projenrc.ts @@ -4,7 +4,7 @@ const project = new CdklabsConstructLibrary({ authorAddress: 'aws-avp-cdk-dev@amazon.com', description: 'L2 AWS CDK Constructs for Amazon Verified Permissions', keywords: ['cdk', 'aws-cdk', 'awscdk', 'aws', 'verified-permissions', 'authorization'], - cdkVersion: '2.92.0', + cdkVersion: '2.134.0', defaultReleaseBranch: 'main', devDeps: ['cdklabs-projen-project-types'], name: '@cdklabs/cdk-verified-permissions', diff --git a/API.md b/API.md index ede3c6e..745ec6a 100644 --- a/API.md +++ b/API.md @@ -273,8 +273,8 @@ The Identity Source identifier. | identitySourceArn | string | Identity Source ARN. | | identitySourceId | string | Identity Source identifier. | | openIdIssuer | string | *No description.* | -| userPoolArn | string | *No description.* | | policyStore | IPolicyStore | *No description.* | +| userPoolArn | string | *No description.* | --- @@ -375,23 +375,23 @@ public readonly openIdIssuer: string; --- -##### `userPoolArn`Required +##### `policyStore`Required ```typescript -public readonly userPoolArn: string; +public readonly policyStore: IPolicyStore; ``` -- *Type:* string +- *Type:* IPolicyStore --- -##### `policyStore`Optional +##### `userPoolArn`Required ```typescript -public readonly policyStore: IPolicyStore; +public readonly userPoolArn: string; ``` -- *Type:* IPolicyStore +- *Type:* string --- @@ -1043,6 +1043,7 @@ The PolicyStore's id. | policyStoreId | string | ID of the Policy Store. | | policyStoreName | string | Name of the Policy Store. | | validationSettings | IValidationSettings | Validation Settings of the Policy Store. | +| description | string | Description of the Policy Store. | | schema | ISchema | Schema definition of the Policy Store. | --- @@ -1138,6 +1139,18 @@ Validation Settings of the Policy Store. --- +##### `description`Optional + +```typescript +public readonly description: string; +``` + +- *Type:* string + +Description of the Policy Store. + +--- + ##### `schema`Optional ```typescript @@ -1702,14 +1715,13 @@ Identity Source configuration. --- -##### `policyStore`Optional +##### `policyStore`Required ```typescript public readonly policyStore: IPolicyStore; ``` - *Type:* IPolicyStore -- *Default:* No policy store is set for the identity source. Policy Store in which you want to store this identity source. @@ -1928,6 +1940,7 @@ const policyStoreProps: PolicyStoreProps = { ... } | **Name** | **Type** | **Description** | | --- | --- | --- | | validationSettings | IValidationSettings | The policy store's validation settings. | +| description | string | The policy store's description. | | schema | ISchema | This attribute is not required from an API point of view. | --- @@ -1945,6 +1958,19 @@ The policy store's validation settings. --- +##### `description`Optional + +```typescript +public readonly description: string; +``` + +- *Type:* string +- *Default:* No description. + +The policy store's description. + +--- + ##### `schema`Optional ```typescript @@ -1952,7 +1978,7 @@ public readonly schema: ISchema; ``` - *Type:* ISchema -- *Default:* The schema (in Cedar) to be applied to the PolicyStore. +- *Default:* No schema. This attribute is not required from an API point of view. diff --git a/README.md b/README.md index 2ac2041..8965040 100644 --- a/README.md +++ b/README.md @@ -10,7 +10,7 @@ This construct is still versioned with alpha/v0 major version and we could intro ## Policy Store -Define a Policy Store with defaults (No schema & Validation Settings Mode set to OFF): +Define a Policy Store with defaults (No description, No schema & Validation Settings Mode set to OFF): ```ts const test = new PolicyStore(scope, "PolicyStore"); @@ -27,9 +27,10 @@ const test = new PolicyStore(scope, "PolicyStore", { }); ``` -Define a Policy Store with Schema definition (a STRICT Validation Settings Mode is strongly suggested for Policy Stores with schemas): +Define a Policy Store with Description and Schema definition (a STRICT Validation Settings Mode is strongly suggested for Policy Stores with schemas): ```ts +const description = "PolicyStore description"; const validationSettingsStrict = { mode: ValidationSettingsMode.STRICT, }; @@ -55,6 +56,7 @@ const cedarSchema = { const policyStore = new PolicyStore(scope, "PolicyStore", { schema: cedarSchema, validationSettings: validationSettingsStrict, + description: description }); ``` @@ -79,12 +81,39 @@ Define Identity Source with required properties: ```ts const userPool = new UserPool(scope, "UserPool"); // Creating a new Cognito UserPool +const validationSettingsStrict = { + mode: ValidationSettingsMode.STRICT, +}; +const cedarJsonSchema = { + PhotoApp: { + entityTypes: { + User: {}, + Photo: {}, + }, + actions: { + viewPhoto: { + appliesTo: { + principalTypes: ["User"], + resourceTypes: ["Photo"], + }, + }, + }, + }, +}; +const cedarSchema = { + cedarJson: JSON.stringify(cedarJsonSchema), +}; +const policyStore = new PolicyStore(scope, "PolicyStore", { + schema: cedarSchema, + validationSettings: validationSettingsStrict, +}); new IdentitySource(scope, "IdentitySource", { configuration: { cognitoUserPoolConfiguration: { userPool: userPool, }, }, + policyStore: policyStore }); ``` diff --git a/package.json b/package.json index e997cdf..d517b6f 100644 --- a/package.json +++ b/package.json @@ -49,7 +49,7 @@ "@types/node": "^18", "@typescript-eslint/eslint-plugin": "^6", "@typescript-eslint/parser": "^6", - "aws-cdk-lib": "2.92.0", + "aws-cdk-lib": "2.134.0", "cdklabs-projen-project-types": "^0.1.190", "constructs": "10.0.5", "eslint": "^8", @@ -69,7 +69,7 @@ "typescript": "^5.4.3" }, "peerDependencies": { - "aws-cdk-lib": "^2.92.0", + "aws-cdk-lib": "^2.134.0", "constructs": "^10.0.5" }, "keywords": [ diff --git a/src/identity-source.ts b/src/identity-source.ts index f33912c..47f78fc 100644 --- a/src/identity-source.ts +++ b/src/identity-source.ts @@ -75,9 +75,8 @@ export interface IdentitySourceProps { /** * Policy Store in which you want to store this identity source * - * @default - No policy store is set for the identity source. */ - readonly policyStore?: IPolicyStore; + readonly policyStore: IPolicyStore; /** * Principal entity type @@ -195,7 +194,7 @@ export class IdentitySource extends IdentitySourceBase { readonly identitySourceId: string; readonly openIdIssuer: string; readonly userPoolArn: string; - readonly policyStore?: IPolicyStore; + readonly policyStore: IPolicyStore; constructor(scope: Construct, id: string, props: IdentitySourceProps) { super(scope, id); @@ -211,7 +210,7 @@ export class IdentitySource extends IdentitySourceBase { userPoolArn: this.userPoolArn, }, }, - policyStoreId: props.policyStore?.policyStoreId, + policyStoreId: props.policyStore.policyStoreId, principalEntityType: props.principalEntityType, }); this.discoveryUrl = this.identitySource.attrDetailsDiscoveryUrl; diff --git a/src/policy-store.ts b/src/policy-store.ts index 038d8a6..c0099f1 100644 --- a/src/policy-store.ts +++ b/src/policy-store.ts @@ -81,7 +81,7 @@ export interface PolicyStoreProps { * This attribute is not required from an API point of view. * It represents the schema (in Cedar) to be applied to the PolicyStore. * - * @default - The schema (in Cedar) to be applied to the PolicyStore. + * @default - No schema. */ readonly schema?: ISchema; @@ -91,6 +91,13 @@ export interface PolicyStoreProps { * @default - If not provided, the Policy store will be created with ValidationSettingsMode = "OFF" */ readonly validationSettings: IValidationSettings; + + /** + * The policy store's description + * + * @default - No description. + */ + readonly description?: string; } export interface AddPolicyOptions { @@ -273,6 +280,11 @@ export class PolicyStore extends PolicyStoreBase { */ readonly validationSettings: IValidationSettings; + /** + * Description of the Policy Store + */ + readonly description?: string; + constructor( scope: Construct, id: string, @@ -291,6 +303,7 @@ export class PolicyStore extends PolicyStoreBase { } : undefined, validationSettings: props.validationSettings, + description: props.description, }); this.policyStoreArn = this.getResourceArnAttribute( this.policyStore.attrArn, @@ -304,6 +317,7 @@ export class PolicyStore extends PolicyStoreBase { this.policyStoreId = this.policyStore.attrPolicyStoreId; this.schema = props.schema; this.validationSettings = props.validationSettings; + this.description = props.description; } /** diff --git a/test/identity-source.test.ts b/test/identity-source.test.ts index 844d275..e211294 100644 --- a/test/identity-source.test.ts +++ b/test/identity-source.test.ts @@ -15,12 +15,19 @@ describe('Identity Source creation', () => { // WHEN const userPool = new UserPool(stack, 'UserPool'); + const policyStore = new PolicyStore(stack, 'PolicyStore', { + validationSettings: { + mode: ValidationSettingsMode.OFF, + }, + }); + const policyStoreLogicalId = getResourceLogicalId(policyStore, CfnPolicyStore); new IdentitySource(stack, 'IdentitySource', { configuration: { cognitoUserPoolConfiguration: { userPool: userPool, }, }, + policyStore: policyStore, }); // THEN @@ -35,6 +42,9 @@ describe('Identity Source creation', () => { }, }, }, + PolicyStoreId: { + 'Fn::GetAtt': [policyStoreLogicalId, 'PolicyStoreId'], + }, }); }); diff --git a/test/policy-store.test.ts b/test/policy-store.test.ts index 6827b9f..cdf7eca 100644 --- a/test/policy-store.test.ts +++ b/test/policy-store.test.ts @@ -75,12 +75,13 @@ describe('Policy Store creation', () => { ); }); - test('Creating Policy Store with validation settings and schema (mode = STRICT)', () => { + test('Creating Policy Store with validation settings, description and schema (mode = STRICT)', () => { // GIVEN const cedarJsonSchema = cedarJsonSchemaExample; const stack = new Stack(undefined, 'Stack'); // WHEN + const description = 'Policy Store Description'; new PolicyStore(stack, 'PolicyStore', { validationSettings: { mode: ValidationSettingsMode.STRICT, @@ -88,6 +89,7 @@ describe('Policy Store creation', () => { schema: { cedarJson: JSON.stringify(cedarJsonSchema), }, + description: description, }); // THEN @@ -100,6 +102,7 @@ describe('Policy Store creation', () => { Schema: { CedarJson: JSON.stringify(cedarJsonSchema), }, + Description: description, }, ); }); diff --git a/yarn.lock b/yarn.lock index 2e5197b..cc4f287 100644 --- a/yarn.lock +++ b/yarn.lock @@ -15,7 +15,7 @@ "@jridgewell/gen-mapping" "^0.3.5" "@jridgewell/trace-mapping" "^0.3.24" -"@aws-cdk/asset-awscli-v1@^2.2.200": +"@aws-cdk/asset-awscli-v1@^2.2.202": version "2.2.202" resolved "https://registry.yarnpkg.com/@aws-cdk/asset-awscli-v1/-/asset-awscli-v1-2.2.202.tgz#4627201d71f6a5c60db36385ce09cb81005f4b32" integrity sha512-JqlF0D4+EVugnG5dAsNZMqhu3HW7ehOXm5SDMxMbXNDMdsF0pxtQKNHRl52z1U9igsHmaFpUgSGjbhAJ+0JONg== @@ -1228,22 +1228,23 @@ available-typed-arrays@^1.0.7: dependencies: possible-typed-array-names "^1.0.0" -aws-cdk-lib@2.92.0: - version "2.92.0" - resolved "https://registry.yarnpkg.com/aws-cdk-lib/-/aws-cdk-lib-2.92.0.tgz#6f036e8fb73dc7196aac71e4b22658d8226b8ce5" - integrity sha512-J+SUFSnOt9u2GbY5QIABgjGNiw8bL/v0S3zsPhhO1dVwK+G7oE+bhLcAi3iILrw2sIpirNWH9K3W0by9K+cyMw== +aws-cdk-lib@2.134.0: + version "2.134.0" + resolved "https://registry.yarnpkg.com/aws-cdk-lib/-/aws-cdk-lib-2.134.0.tgz#92b53afed0d2bc4378211638d8ab056577b36840" + integrity sha512-fjJLsZ7L+HLVSOGfYxMcAbUYBb1I/UWLH9STkPiytT+hWQNN6lmZYLDHlqCqcS8gFyyCqu4i3KOOt/ZDHDVo2Q== dependencies: - "@aws-cdk/asset-awscli-v1" "^2.2.200" + "@aws-cdk/asset-awscli-v1" "^2.2.202" "@aws-cdk/asset-kubectl-v20" "^2.1.2" "@aws-cdk/asset-node-proxy-agent-v6" "^2.0.1" "@balena/dockerignore" "^1.0.2" case "1.6.3" - fs-extra "^11.1.1" - ignore "^5.2.4" + fs-extra "^11.2.0" + ignore "^5.3.1" jsonschema "^1.4.1" + mime-types "^2.1.35" minimatch "^3.1.2" - punycode "^2.3.0" - semver "^7.5.4" + punycode "^2.3.1" + semver "^7.6.0" table "^6.8.1" yaml "1.10.2" @@ -2426,7 +2427,7 @@ fs-extra@^10.1.0: jsonfile "^6.0.1" universalify "^2.0.0" -fs-extra@^11.1.1: +fs-extra@^11.2.0: version "11.2.0" resolved "https://registry.yarnpkg.com/fs-extra/-/fs-extra-11.2.0.tgz#e70e17dfad64232287d01929399e0ea7c86b0e5b" integrity sha512-PmDi3uwK5nFuXh7XDTlVnS17xJS7vW36is2+w3xcv8SVxiB4NyATf4ctkVY5bkSjX0Y4nbvZCq1/EjtEyr9ktw== @@ -2752,7 +2753,7 @@ human-signals@^2.1.0: resolved "https://registry.yarnpkg.com/human-signals/-/human-signals-2.1.0.tgz#dc91fcba42e4d06e4abaed33b3e7a3c02f514ea0" integrity sha512-B4FFZ6q/T2jhhksgkbEW3HBvWIfDW85snkQgawt07S7J5QXTk6BkNV+0yAeZrM5QpMAdYlocGoljn0sJ/WQkFw== -ignore@^5.2.0, ignore@^5.2.4: +ignore@^5.2.0, ignore@^5.2.4, ignore@^5.3.1: version "5.3.1" resolved "https://registry.yarnpkg.com/ignore/-/ignore-5.3.1.tgz#5073e554cd42c5b33b394375f538b8593e34d4ef" integrity sha512-5Fytz/IraMjqpwfd34ke28PTVMjZjJG2MPn5t7OE4eUCUNf8BAa7b5WUS9/Qvr6mwOQS7Mk6vdsMno5he+T8Xw== @@ -3862,6 +3863,18 @@ micromatch@^4.0.4: braces "^3.0.2" picomatch "^2.3.1" +mime-db@1.52.0: + version "1.52.0" + resolved "https://registry.yarnpkg.com/mime-db/-/mime-db-1.52.0.tgz#bbabcdc02859f4987301c856e3387ce5ec43bf70" + integrity sha512-sPU4uV7dYlvtWJxwwxHD0PuihVNiE7TyAbQ5SWxDCB9mUYvOgroQOwYQQOKPJ8CIbE+1ETVlOoK1UC2nU3gYvg== + +mime-types@^2.1.35: + version "2.1.35" + resolved "https://registry.yarnpkg.com/mime-types/-/mime-types-2.1.35.tgz#381a871b62a734450660ae3deee44813f70d959a" + integrity sha512-ZDY+bPm5zTTF+YpCrAU9nK0UgICYPT0QtT1NZWFv4s++TNkcgVaT0g6+4R2uI4MjQjzysHB1zxuWL50hzaeXiw== + dependencies: + mime-db "1.52.0" + mimic-fn@^2.1.0: version "2.1.0" resolved "https://registry.yarnpkg.com/mimic-fn/-/mimic-fn-2.1.0.tgz#7ed2c2ccccaf84d3ffcb7a69b57711fc2083401b" @@ -4263,7 +4276,7 @@ prompts@^2.0.1: kleur "^3.0.3" sisteransi "^1.0.5" -punycode@^2.1.0, punycode@^2.3.0: +punycode@^2.1.0, punycode@^2.3.1: version "2.3.1" resolved "https://registry.yarnpkg.com/punycode/-/punycode-2.3.1.tgz#027422e2faec0b25e1549c3e1bd8309b9133b6e5" integrity sha512-vYt7UD1U9Wg6138shLtLOvdAu+8DsC/ilFtEVHcH+wydcSpNE20AfSOduf6MkRFahL5FY7X1oU7nKVZFtfq8Fg== From b1972bfb98f9163723c99822e740b6e2fec5b5c5 Mon Sep 17 00:00:00 2001 From: reste85 Date: Fri, 29 Mar 2024 10:25:39 +0100 Subject: [PATCH 2/2] Fixing policy store example with description in README.md --- README.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/README.md b/README.md index 8965040..8dee35a 100644 --- a/README.md +++ b/README.md @@ -30,7 +30,6 @@ const test = new PolicyStore(scope, "PolicyStore", { Define a Policy Store with Description and Schema definition (a STRICT Validation Settings Mode is strongly suggested for Policy Stores with schemas): ```ts -const description = "PolicyStore description"; const validationSettingsStrict = { mode: ValidationSettingsMode.STRICT, }; @@ -56,7 +55,7 @@ const cedarSchema = { const policyStore = new PolicyStore(scope, "PolicyStore", { schema: cedarSchema, validationSettings: validationSettingsStrict, - description: description + description: "PolicyStore description" }); ```