From cd5673ae2c515adafa767c91f620e2c7850083a3 Mon Sep 17 00:00:00 2001 From: Ryan Parker Date: Mon, 8 Nov 2021 12:11:45 -0800 Subject: [PATCH 1/4] fix(aws-log/index):included `policy.ts` in exports --- packages/@aws-cdk/aws-logs/lib/index.ts | 1 + 1 file changed, 1 insertion(+) diff --git a/packages/@aws-cdk/aws-logs/lib/index.ts b/packages/@aws-cdk/aws-logs/lib/index.ts index 5054715ffe52b..416a9c9a9b257 100644 --- a/packages/@aws-cdk/aws-logs/lib/index.ts +++ b/packages/@aws-cdk/aws-logs/lib/index.ts @@ -5,6 +5,7 @@ export * from './metric-filter'; export * from './pattern'; export * from './subscription-filter'; export * from './log-retention'; +export * from './policy'; // AWS::Logs CloudFormation Resources: export * from './logs.generated'; From 8ef2c0a52229ec898085e10660e53c4104796bce Mon Sep 17 00:00:00 2001 From: Ryan Parker Date: Mon, 8 Nov 2021 13:05:44 -0800 Subject: [PATCH 2/4] fixed physicalName error and added a simple test --- packages/@aws-cdk/aws-logs/lib/policy.ts | 12 ++++--- .../@aws-cdk/aws-logs/test/policy.test.ts | 34 +++++++++++++++++++ 2 files changed, 42 insertions(+), 4 deletions(-) create mode 100644 packages/@aws-cdk/aws-logs/test/policy.test.ts diff --git a/packages/@aws-cdk/aws-logs/lib/policy.ts b/packages/@aws-cdk/aws-logs/lib/policy.ts index 974f517d48b25..de3af44f1ae2f 100644 --- a/packages/@aws-cdk/aws-logs/lib/policy.ts +++ b/packages/@aws-cdk/aws-logs/lib/policy.ts @@ -11,7 +11,7 @@ export interface ResourcePolicyProps { * Name of the log group resource policy * @default - Uses a unique id based on the construct path */ - readonly policyName?: string; + readonly resourcePolicyName?: string; /** * Initial statements to add to the resource policy @@ -31,15 +31,19 @@ export class ResourcePolicy extends Resource { public readonly document = new PolicyDocument(); constructor(scope: Construct, id: string, props?: ResourcePolicyProps) { - super(scope, id); - new CfnResourcePolicy(this, 'Resource', { + super(scope, id, { + physicalName: props?.resourcePolicyName, + }); + + new CfnResourcePolicy(this, 'ResourcePolicy', { policyName: Lazy.string({ - produce: () => props?.policyName ?? Names.uniqueId(this), + produce: () => props?.resourcePolicyName ?? Names.uniqueId(this), }), policyDocument: Lazy.string({ produce: () => JSON.stringify(this.document), }), }); + if (props?.policyStatements) { this.document.addStatements(...props.policyStatements); } diff --git a/packages/@aws-cdk/aws-logs/test/policy.test.ts b/packages/@aws-cdk/aws-logs/test/policy.test.ts new file mode 100644 index 0000000000000..4b16f2a3ce004 --- /dev/null +++ b/packages/@aws-cdk/aws-logs/test/policy.test.ts @@ -0,0 +1,34 @@ +import '@aws-cdk/assert-internal/jest'; +import { PolicyStatement } from '@aws-cdk/aws-iam'; +import { Stack } from '@aws-cdk/core'; +import { LogGroup } from '../lib'; + +describe('resource policy', () => { + test('simple instantiation', () => { + // GIVEN + const stack = new Stack(); + + // WHEN + const logGroup = new LogGroup(stack, 'LogGroup'); + + logGroup.addToResourcePolicy(new PolicyStatement({ + actions: ['logs:CreateLogStream'], + resources: ['*'], + })); + + // THEN + expect(stack).toHaveResource('AWS::Logs::ResourcePolicy', { + PolicyName: 'LogGroupPolicy643B329C', + PolicyDocument: JSON.stringify({ + Statement: [ + { + Action: 'logs:CreateLogStream', + Effect: 'Allow', + Resource: '*', + }, + ], + Version: '2012-10-17', + }), + }); + }); +}); From c8e25139edab097dfaf5b236f4eec7adf1fa01d9 Mon Sep 17 00:00:00 2001 From: Ryan Parker Date: Mon, 8 Nov 2021 13:07:21 -0800 Subject: [PATCH 3/4] clean: fixed spacing of test statements --- packages/@aws-cdk/aws-logs/test/policy.test.ts | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/packages/@aws-cdk/aws-logs/test/policy.test.ts b/packages/@aws-cdk/aws-logs/test/policy.test.ts index 4b16f2a3ce004..3acf9b53ca16c 100644 --- a/packages/@aws-cdk/aws-logs/test/policy.test.ts +++ b/packages/@aws-cdk/aws-logs/test/policy.test.ts @@ -7,10 +7,9 @@ describe('resource policy', () => { test('simple instantiation', () => { // GIVEN const stack = new Stack(); - - // WHEN const logGroup = new LogGroup(stack, 'LogGroup'); + // WHEN logGroup.addToResourcePolicy(new PolicyStatement({ actions: ['logs:CreateLogStream'], resources: ['*'], From 3a1398b6a116ad4dd60f371c5b55eab160053ea1 Mon Sep 17 00:00:00 2001 From: Ryan Parker Date: Mon, 8 Nov 2021 13:50:51 -0800 Subject: [PATCH 4/4] test: testing if ResourcePolicy can be created directly --- .../@aws-cdk/aws-logs/test/policy.test.ts | 25 ++++++++++++++++--- 1 file changed, 22 insertions(+), 3 deletions(-) diff --git a/packages/@aws-cdk/aws-logs/test/policy.test.ts b/packages/@aws-cdk/aws-logs/test/policy.test.ts index 3acf9b53ca16c..4b2684a9957b1 100644 --- a/packages/@aws-cdk/aws-logs/test/policy.test.ts +++ b/packages/@aws-cdk/aws-logs/test/policy.test.ts @@ -1,10 +1,10 @@ import '@aws-cdk/assert-internal/jest'; -import { PolicyStatement } from '@aws-cdk/aws-iam'; +import { PolicyStatement, ServicePrincipal } from '@aws-cdk/aws-iam'; import { Stack } from '@aws-cdk/core'; -import { LogGroup } from '../lib'; +import { LogGroup, ResourcePolicy } from '../lib'; describe('resource policy', () => { - test('simple instantiation', () => { + test('ResourcePolicy is added to stack, when .addToResourcePolicy() is provided a valid Statement', () => { // GIVEN const stack = new Stack(); const logGroup = new LogGroup(stack, 'LogGroup'); @@ -30,4 +30,23 @@ describe('resource policy', () => { }), }); }); + + test('ResourcePolicy is added to stack, when created manually/directly', () => { + // GIVEN + const stack = new Stack(); + const logGroup = new LogGroup(stack, 'LogGroup'); + + // WHEN + const resourcePolicy = new ResourcePolicy(stack, 'ResourcePolicy'); + resourcePolicy.document.addStatements(new PolicyStatement({ + actions: ['logs:CreateLogStream', 'logs:PutLogEvents'], + principals: [new ServicePrincipal('es.amazonaws.com')], + resources: [logGroup.logGroupArn], + })); + + // THEN + expect(stack).toHaveResource('AWS::Logs::ResourcePolicy', { + PolicyName: 'ResourcePolicy', + }); + }); });