forked from aws/aws-cdk
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat(servicecatalogappregistry): add sharing of applications and attr…
…ibute groups (aws#20850) This PR adds sharing capability to the Application and Attribute Group constructs for Service Catalog AppRegistry. Users who have enabled AWS Organizations in their AWS account can now share their AppRegistry Application and Attribute Groups with accounts in their organization, organizational units (OUs), IAM roles, and IAM users. This provides CDK parity with the support of cross-account sharing of Applications and Attribute Groups which was [released as an AppRegistry feature](https://aws.amazon.com/about-aws/whats-new/2022/06/aws-service-catalogs-application-registry-cross-account-applications/). ---- ### All Submissions: * [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [x] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)? * [x] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- Co-authored by: Aidan Crank
- Loading branch information
1 parent
820ebd6
commit ef695a4
Showing
20 changed files
with
901 additions
and
24 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
87 changes: 87 additions & 0 deletions
87
packages/@aws-cdk/aws-servicecatalogappregistry/lib/common.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,87 @@ | ||
import * as crypto from 'crypto'; | ||
import * as iam from '@aws-cdk/aws-iam'; | ||
|
||
/** | ||
* Supported permissions for sharing applications or attribute groups with principals using AWS RAM. | ||
*/ | ||
export enum SharePermission { | ||
/** | ||
* Allows principals in the share to only view the application or attribute group. | ||
*/ | ||
READ_ONLY, | ||
|
||
/** | ||
* Allows principals in the share to associate resources and attribute groups with applications. | ||
*/ | ||
ALLOW_ACCESS, | ||
}; | ||
|
||
/** | ||
* The options that are passed into a share of an Application or Attribute Group. | ||
*/ | ||
export interface ShareOptions { | ||
/** | ||
* A list of AWS accounts that the application will be shared with. | ||
* | ||
* @default - No accounts specified for share | ||
*/ | ||
readonly accounts?: string[]; | ||
|
||
/** | ||
* A list of AWS Organization or Organizational Units (OUs) ARNs that the application will be shared with. | ||
* | ||
* @default - No AWS Organizations or OUs specified for share | ||
*/ | ||
readonly organizationArns?: string[]; | ||
|
||
/** | ||
* A list of AWS IAM roles that the application will be shared with. | ||
* | ||
* @default - No IAM roles specified for share | ||
*/ | ||
readonly roles?: iam.IRole[]; | ||
|
||
/** | ||
* An option to manage access to the application or attribute group. | ||
* | ||
* @default - Principals will be assigned read only permissions on the application or attribute group. | ||
*/ | ||
readonly sharePermission?: SharePermission | string; | ||
|
||
/** | ||
* A list of AWS IAM users that the application will be shared with. | ||
* | ||
* @default - No IAM Users specified for share | ||
*/ | ||
readonly users?: iam.IUser[]; | ||
} | ||
|
||
/** | ||
* Generates a unique hash identfifer using SHA256 encryption algorithm. | ||
*/ | ||
export function hashValues(...values: string[]): string { | ||
const sha256 = crypto.createHash('sha256'); | ||
values.forEach(val => sha256.update(val)); | ||
return sha256.digest('hex').slice(0, 12); | ||
} | ||
|
||
/** | ||
* Reformats share targets into a collapsed list necessary for handler. | ||
* | ||
* @param options The share target options | ||
* @returns flat list of target ARNs | ||
*/ | ||
export function getPrincipalsforSharing(options: ShareOptions): string[] { | ||
const principals = [ | ||
...options.accounts ?? [], | ||
...options.organizationArns ?? [], | ||
...options.users ? options.users.map(user => user.userArn) : [], | ||
...options.roles ? options.roles.map(role => role.roleArn) : [], | ||
]; | ||
|
||
if (principals.length == 0) { | ||
throw new Error('An entity must be provided for the share'); | ||
} | ||
|
||
return principals; | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,5 +1,6 @@ | ||
export * from './application'; | ||
export * from './attribute-group'; | ||
export * from './common'; | ||
|
||
// AWS::ServiceCatalogAppRegistry CloudFormation Resources: | ||
export * from './servicecatalogappregistry.generated'; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
2 changes: 1 addition & 1 deletion
2
packages/@aws-cdk/aws-servicecatalogappregistry/test/application.integ.snapshot/cdk.out
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1 +1 @@ | ||
{"version":"17.0.0"} | ||
{"version":"20.0.0"} |
6 changes: 3 additions & 3 deletions
6
...y/test/application.integ.snapshot/integ-servicecatalogappregistry-application.assets.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.