From a39146840a10472c8afee71bf1a1cfc3cacb5f72 Mon Sep 17 00:00:00 2001 From: Ryan Parker Date: Tue, 9 Nov 2021 12:30:07 -0800 Subject: [PATCH] fix(aws-logs): include new `policy.ts` exports in `index.ts` exports (#17403) ## Summary This PR modifies the aws-logs `index.ts` file to also forward the exports from `policy.ts` ([a newly created file](https://github.com/aws/aws-cdk/pull/17015) that implements the `ResourcePolicy` class). Fixes: https://github.com/aws/aws-cdk/issues/17402 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- packages/@aws-cdk/aws-logs/lib/index.ts | 1 + packages/@aws-cdk/aws-logs/lib/policy.ts | 12 +++-- .../@aws-cdk/aws-logs/test/policy.test.ts | 52 +++++++++++++++++++ 3 files changed, 61 insertions(+), 4 deletions(-) create mode 100644 packages/@aws-cdk/aws-logs/test/policy.test.ts diff --git a/packages/@aws-cdk/aws-logs/lib/index.ts b/packages/@aws-cdk/aws-logs/lib/index.ts index 5054715ffe52b..416a9c9a9b257 100644 --- a/packages/@aws-cdk/aws-logs/lib/index.ts +++ b/packages/@aws-cdk/aws-logs/lib/index.ts @@ -5,6 +5,7 @@ export * from './metric-filter'; export * from './pattern'; export * from './subscription-filter'; export * from './log-retention'; +export * from './policy'; // AWS::Logs CloudFormation Resources: export * from './logs.generated'; diff --git a/packages/@aws-cdk/aws-logs/lib/policy.ts b/packages/@aws-cdk/aws-logs/lib/policy.ts index 974f517d48b25..de3af44f1ae2f 100644 --- a/packages/@aws-cdk/aws-logs/lib/policy.ts +++ b/packages/@aws-cdk/aws-logs/lib/policy.ts @@ -11,7 +11,7 @@ export interface ResourcePolicyProps { * Name of the log group resource policy * @default - Uses a unique id based on the construct path */ - readonly policyName?: string; + readonly resourcePolicyName?: string; /** * Initial statements to add to the resource policy @@ -31,15 +31,19 @@ export class ResourcePolicy extends Resource { public readonly document = new PolicyDocument(); constructor(scope: Construct, id: string, props?: ResourcePolicyProps) { - super(scope, id); - new CfnResourcePolicy(this, 'Resource', { + super(scope, id, { + physicalName: props?.resourcePolicyName, + }); + + new CfnResourcePolicy(this, 'ResourcePolicy', { policyName: Lazy.string({ - produce: () => props?.policyName ?? Names.uniqueId(this), + produce: () => props?.resourcePolicyName ?? Names.uniqueId(this), }), policyDocument: Lazy.string({ produce: () => JSON.stringify(this.document), }), }); + if (props?.policyStatements) { this.document.addStatements(...props.policyStatements); } diff --git a/packages/@aws-cdk/aws-logs/test/policy.test.ts b/packages/@aws-cdk/aws-logs/test/policy.test.ts new file mode 100644 index 0000000000000..4b2684a9957b1 --- /dev/null +++ b/packages/@aws-cdk/aws-logs/test/policy.test.ts @@ -0,0 +1,52 @@ +import '@aws-cdk/assert-internal/jest'; +import { PolicyStatement, ServicePrincipal } from '@aws-cdk/aws-iam'; +import { Stack } from '@aws-cdk/core'; +import { LogGroup, ResourcePolicy } from '../lib'; + +describe('resource policy', () => { + test('ResourcePolicy is added to stack, when .addToResourcePolicy() is provided a valid Statement', () => { + // GIVEN + const stack = new Stack(); + const logGroup = new LogGroup(stack, 'LogGroup'); + + // WHEN + logGroup.addToResourcePolicy(new PolicyStatement({ + actions: ['logs:CreateLogStream'], + resources: ['*'], + })); + + // THEN + expect(stack).toHaveResource('AWS::Logs::ResourcePolicy', { + PolicyName: 'LogGroupPolicy643B329C', + PolicyDocument: JSON.stringify({ + Statement: [ + { + Action: 'logs:CreateLogStream', + Effect: 'Allow', + Resource: '*', + }, + ], + Version: '2012-10-17', + }), + }); + }); + + test('ResourcePolicy is added to stack, when created manually/directly', () => { + // GIVEN + const stack = new Stack(); + const logGroup = new LogGroup(stack, 'LogGroup'); + + // WHEN + const resourcePolicy = new ResourcePolicy(stack, 'ResourcePolicy'); + resourcePolicy.document.addStatements(new PolicyStatement({ + actions: ['logs:CreateLogStream', 'logs:PutLogEvents'], + principals: [new ServicePrincipal('es.amazonaws.com')], + resources: [logGroup.logGroupArn], + })); + + // THEN + expect(stack).toHaveResource('AWS::Logs::ResourcePolicy', { + PolicyName: 'ResourcePolicy', + }); + }); +});