feat(route53): add support for grantDelegation on imported PublicHostedZone #26333
Conversation
|
|
github-actions
bot
added
star-contributor
There was a problem hiding this comment.
The pull request linter has failed. See the aws-cdk-automation comment below for failure reasons. If you believe this pull request should receive an exemption, please comment and provide a justification.
A comment requesting an exemption should contain the text Exemption Request. Additionally, if clarification is needed add Clarification Request to a comment.
aws-cdk-automation
dismissed
their stale review
✅ Updated pull request passes all PRLinter validations. Dismissing previous PRLinter review.
| @@ -264,6 +269,9 @@ export class PublicHostedZone extends HostedZone implements IPublicHostedZone { | |||
| public get hostedZoneArn(): string { | |||
| return makeHostedZoneArn(this, this.hostedZoneId); | |||
| } | |||
| public grantDelegation(grantee: iam.IGrantable) { | |||
| makeGrantDelegation(grantee, this.hostedZoneArn); | |||
There was a problem hiding this comment.
Looks like you need to return makeGrantDelegation
| @@ -284,6 +292,9 @@ export class PublicHostedZone extends HostedZone implements IPublicHostedZone { | |||
| public get hostedZoneArn(): string { | |||
| return makeHostedZoneArn(this, this.hostedZoneId); | |||
| } | |||
| public grantDelegation(grantee: iam.IGrantable) { | |||
| makeGrantDelegation(grantee, this.hostedZoneArn); | |||
| }); | ||
|
|
||
| return g1.combine(g2); | ||
| makeGrantDelegation(grantee, this.hostedZoneArn); |
| @@ -69,3 +70,24 @@ export function makeHostedZoneArn(construct: Construct, hostedZoneId: string): s | |||
| resourceName: hostedZoneId, | |||
| }); | |||
| } | |||
|
|
|||
| export function makeGrantDelegation(grantee: iam.IGrantable, hostedZoneArn: string) { | |||
There was a problem hiding this comment.
Please specify the return type in the function definition (looks like iam.Grant or iam.IGrantable)
aws-cdk-automation
added
the
pr/needs-community-review
.../@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.route53-imported-delegation.ts
Outdated
Show resolved
Hide resolved
| const role = new iam.Role(stack, 'Role', { | ||
| assumedBy: new iam.AccountRootPrincipal(), | ||
| }); | ||
|
|
||
| const publicZone = PublicHostedZone.fromPublicHostedZoneId(stack, 'PublicZone', 'public-zone-id'); | ||
| publicZone.grantDelegation(role); |
There was a problem hiding this comment.
I think we can move these lines of code into the cross-account-zone-delegation integ test, unless you thought about this and had a reason for keeping it separate.
Maybe the name could to shift to const importedPublicZone = PublicHostedZone.from...
|
Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork). |
aws-cdk-automation
removed
the
pr/needs-community-review
|
Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork). |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
|
Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork). |
…dZone anymore (#26888) `Identity.publicHostedZone` takes an `IPublicHostedZone`, but because of TypeScript structural typing it would also accept an `IHostedZone`. When in [this PR](#26333) the `grantDelegation` method was added to the `IPublicHostedZone` interface, this passing was no longer allowed and code that used to work on accident, no longer works. For example: ``` const zone = HostedZone.fromHostedZoneId(stack, 'Zone', 'hosted-id'); const sesIdentity = ses.Identity.publicHostedZone(zone); ``` It raises an error because the imported `zone` does not implement the `grantDelegation` method. This fix moves the `grantDelegation` method declaration into the `IHostedZone` interface and makes it available to all imported zones. Closes #26872. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Imported
PublicHostedZonewithfromPublicHostedZoneIdandfromPublicHostedZoneAttributesdon't have support for thegrantDelegationmethod since they return an instance of typeIPublicHostedZone.This change adds support for
grantDelegationto those instances as well.Closes #26240.
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license