feat(appsync): Standalone L2 construct for SourceApiAssociation (#27121)

As part of supporting AppSync Merged APIs, this change introduces a standalone SourceApiAssociation construct for declaring a source api association between a source API and a Merged API. Why do we need a standalone construct? * There are two potential deployment models when dealing with separate stacks/pipelines between the source API and Merged API: 1. Push model where the source API owners manage the association in their stack 2. Pull model where the associations are managed in the Merged API stack. * Having a standalone construct gives developers more flexibility while still handling all the IAM permission handling in a single place. * Developers can continue to use the GraphQLApi construct and declare the source api configuration all within a single construct as before. But, if they want to have the source api association as a standalone object this change gives them flexibility I also fixed two issues related to IAM: 1. The resource for appsync:SourceGraphQL needs both the source api arn and the source api arn + "/*" to get all top level fields. 2. The merged api execution role also needs appsync:StartSchemaMerge if the association is using AUTO_MERGE. The fix here is preferred over existing PR: #27025 Closes #26986 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
aws · Sep 20, 2023 · 7b9652e · 7b9652e
1 parent 1e67f9d
commit 7b9652e
Show file tree

Hide file tree

Showing 36 changed files with 3,461 additions and 169 deletions.
diff --git a/allowed-breaking-changes.txt b/allowed-breaking-changes.txt
@@ -188,3 +188,6 @@ removed:aws-cdk-lib.aws_cloudwatch.CfnAlarm.attrId
 removed:aws-cdk-lib.aws_ec2.CfnNetworkInterface.enablePrimaryIpv6
 removed:aws-cdk-lib.aws_ec2.CfnNetworkInterfaceAttachment.attrId
 removed:aws-cdk-lib.aws_ec2.CfnNetworkInterfaceProps.enablePrimaryIpv6
+
+# Changed type from GraphqlApi to IGraphqlApi to support import from a different stack, should not matter. 
+weakened:aws-cdk-lib.aws_appsync.SourceApi
diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/appsync.merged-api-3.graphql b/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/appsync.merged-api-3.graphql
@@ -0,0 +1,9 @@
+type thirdTest {
+  version: String!
+}
+type Query {
+  getThirdTests: [thirdTest]!
+}
+type Mutation {
+  addThirdTest(version: String!): thirdTest
+}
diff --git a/...nc-merged-api-arn-flag-enabled.js.snapshot/apiDefaultTestDeployAssert018781F2.assets.json b/...nc-merged-api-arn-flag-enabled.js.snapshot/apiDefaultTestDeployAssert018781F2.assets.json
@@ -0,0 +1,19 @@
+{
+  "version": "34.0.0",
+  "files": {
+    "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": {
+      "source": {
+        "path": "apiDefaultTestDeployAssert018781F2.template.json",
+        "packaging": "file"
+      },
+      "destinations": {
+        "current_account-current_region": {
+          "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}",
+          "objectKey": "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json",
+          "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}"
+        }
+      }
+    }
+  },
+  "dockerImages": {}
+}
diff --git a/...-merged-api-arn-flag-enabled.js.snapshot/apiDefaultTestDeployAssert018781F2.template.json b/...-merged-api-arn-flag-enabled.js.snapshot/apiDefaultTestDeployAssert018781F2.template.json
@@ -0,0 +1,36 @@
+{
+ "Parameters": {
+  "BootstrapVersion": {
+   "Type": "AWS::SSM::Parameter::Value<String>",
+   "Default": "/cdk-bootstrap/hnb659fds/version",
+   "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]"
+  }
+ },
+ "Rules": {
+  "CheckBootstrapVersion": {
+   "Assertions": [
+    {
+     "Assert": {
+      "Fn::Not": [
+       {
+        "Fn::Contains": [
+         [
+          "1",
+          "2",
+          "3",
+          "4",
+          "5"
+         ],
+         {
+          "Ref": "BootstrapVersion"
+         }
+        ]
+       }
+      ]
+     },
+     "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI."
+    }
+   ]
+  }
+ }
+}
diff --git a/...integ/test/aws-appsync/test/integ.appsync-merged-api-arn-flag-enabled.js.snapshot/cdk.out b/...integ/test/aws-appsync/test/integ.appsync-merged-api-arn-flag-enabled.js.snapshot/cdk.out
@@ -0,0 +1 @@
+{"version":"34.0.0"}
diff --git a/...eg/test/aws-appsync/test/integ.appsync-merged-api-arn-flag-enabled.js.snapshot/integ.json b/...eg/test/aws-appsync/test/integ.appsync-merged-api-arn-flag-enabled.js.snapshot/integ.json
@@ -0,0 +1,12 @@
+{
+  "version": "34.0.0",
+  "testCases": {
+    "api/DefaultTest": {
+      "stacks": [
+        "stack"
+      ],
+      "assertionStack": "api/DefaultTest/DeployAssert",
+      "assertionStackName": "apiDefaultTestDeployAssert018781F2"
+    }
+  }
+}
diff --git a/...test/aws-appsync/test/integ.appsync-merged-api-arn-flag-enabled.js.snapshot/manifest.json b/...test/aws-appsync/test/integ.appsync-merged-api-arn-flag-enabled.js.snapshot/manifest.json
@@ -0,0 +1,189 @@
+{
+  "version": "34.0.0",
+  "artifacts": {
+    "stack.assets": {
+      "type": "cdk:asset-manifest",
+      "properties": {
+        "file": "stack.assets.json",
+        "requiresBootstrapStackVersion": 6,
+        "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version"
+      }
+    },
+    "stack": {
+      "type": "aws:cloudformation:stack",
+      "environment": "aws://unknown-account/unknown-region",
+      "properties": {
+        "templateFile": "stack.template.json",
+        "validateOnSynth": false,
+        "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}",
+        "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}",
+        "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/56930136ed109a6e2bbab108d97daf7201ee4fd652cff93f20eb31cd855e4e47.json",
+        "requiresBootstrapStackVersion": 6,
+        "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version",
+        "additionalDependencies": [
+          "stack.assets"
+        ],
+        "lookupRole": {
+          "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}",
+          "requiresBootstrapStackVersion": 8,
+          "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version"
+        }
+      },
+      "dependencies": [
+        "stack.assets"
+      ],
+      "metadata": {
+        "/stack/FirstSourceAPI/Resource": [
+          {
+            "type": "aws:cdk:logicalId",
+            "data": "FirstSourceAPIB0DE8D5A"
+          }
+        ],
+        "/stack/FirstSourceAPI/Schema": [
+          {
+            "type": "aws:cdk:logicalId",
+            "data": "FirstSourceAPISchemaF2FDB692"
+          }
+        ],
+        "/stack/FirstSourceAPI/DefaultApiKey": [
+          {
+            "type": "aws:cdk:logicalId",
+            "data": "FirstSourceAPIDefaultApiKey9D9AE06D"
+          }
+        ],
+        "/stack/FirstSourceAPI/FirstSourceDS/Resource": [
+          {
+            "type": "aws:cdk:logicalId",
+            "data": "FirstSourceAPIFirstSourceDS6AD299B7"
+          }
+        ],
+        "/stack/SecondSourceAPI/Resource": [
+          {
+            "type": "aws:cdk:logicalId",
+            "data": "SecondSourceAPIE903371D"
+          }
+        ],
+        "/stack/SecondSourceAPI/Schema": [
+          {
+            "type": "aws:cdk:logicalId",
+            "data": "SecondSourceAPISchema65B7401E"
+          }
+        ],
+        "/stack/SecondSourceAPI/DefaultApiKey": [
+          {
+            "type": "aws:cdk:logicalId",
+            "data": "SecondSourceAPIDefaultApiKeyCE5A0A64"
+          }
+        ],
+        "/stack/SecondSourceAPI/SecondSourceDS/Resource": [
+          {
+            "type": "aws:cdk:logicalId",
+            "data": "SecondSourceAPISecondSourceDSEA46EBA7"
+          }
+        ],
+        "/stack/MergedAPI/MergedApiExecutionRole/Resource": [
+          {
+            "type": "aws:cdk:logicalId",
+            "data": "MergedAPIMergedApiExecutionRole5F2BCCAD"
+          }
+        ],
+        "/stack/MergedAPI/MergedApiExecutionRole/DefaultPolicy/Resource": [
+          {
+            "type": "aws:cdk:logicalId",
+            "data": "MergedAPIMergedApiExecutionRoleDefaultPolicy31A96DBC"
+          }
+        ],
+        "/stack/MergedAPI/Resource": [
+          {
+            "type": "aws:cdk:logicalId",
+            "data": "MergedAPI08D3EAD1"
+          }
+        ],
+        "/stack/MergedAPI/FirstSourceAPIAssociation": [
+          {
+            "type": "aws:cdk:logicalId",
+            "data": "MergedAPIFirstSourceAPIAssociationEC781BA9"
+          }
+        ],
+        "/stack/MergedAPI/SecondSourceAPIAssociation": [
+          {
+            "type": "aws:cdk:logicalId",
+            "data": "MergedAPISecondSourceAPIAssociationBD1A08F4"
+          }
+        ],
+        "/stack/MergedAPI/DefaultApiKey": [
+          {
+            "type": "aws:cdk:logicalId",
+            "data": "MergedAPIDefaultApiKeyAF5EA13C"
+          }
+        ],
+        "/stack/BootstrapVersion": [
+          {
+            "type": "aws:cdk:logicalId",
+            "data": "BootstrapVersion"
+          }
+        ],
+        "/stack/CheckBootstrapVersion": [
+          {
+            "type": "aws:cdk:logicalId",
+            "data": "CheckBootstrapVersion"
+          }
+        ]
+      },
+      "displayName": "stack"
+    },
+    "apiDefaultTestDeployAssert018781F2.assets": {
+      "type": "cdk:asset-manifest",
+      "properties": {
+        "file": "apiDefaultTestDeployAssert018781F2.assets.json",
+        "requiresBootstrapStackVersion": 6,
+        "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version"
+      }
+    },
+    "apiDefaultTestDeployAssert018781F2": {
+      "type": "aws:cloudformation:stack",
+      "environment": "aws://unknown-account/unknown-region",
+      "properties": {
+        "templateFile": "apiDefaultTestDeployAssert018781F2.template.json",
+        "validateOnSynth": false,
+        "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}",
+        "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}",
+        "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json",
+        "requiresBootstrapStackVersion": 6,
+        "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version",
+        "additionalDependencies": [
+          "apiDefaultTestDeployAssert018781F2.assets"
+        ],
+        "lookupRole": {
+          "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}",
+          "requiresBootstrapStackVersion": 8,
+          "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version"
+        }
+      },
+      "dependencies": [
+        "apiDefaultTestDeployAssert018781F2.assets"
+      ],
+      "metadata": {
+        "/api/DefaultTest/DeployAssert/BootstrapVersion": [
+          {
+            "type": "aws:cdk:logicalId",
+            "data": "BootstrapVersion"
+          }
+        ],
+        "/api/DefaultTest/DeployAssert/CheckBootstrapVersion": [
+          {
+            "type": "aws:cdk:logicalId",
+            "data": "CheckBootstrapVersion"
+          }
+        ]
+      },
+      "displayName": "api/DefaultTest/DeployAssert"
+    },
+    "Tree": {
+      "type": "cdk:tree",
+      "properties": {
+        "file": "tree.json"
+      }
+    }
+  }
+}
diff --git a/.../aws-appsync/test/integ.appsync-merged-api-arn-flag-enabled.js.snapshot/stack.assets.json b/.../aws-appsync/test/integ.appsync-merged-api-arn-flag-enabled.js.snapshot/stack.assets.json
@@ -0,0 +1,19 @@
+{
+  "version": "34.0.0",
+  "files": {
+    "56930136ed109a6e2bbab108d97daf7201ee4fd652cff93f20eb31cd855e4e47": {
+      "source": {
+        "path": "stack.template.json",
+        "packaging": "file"
+      },
+      "destinations": {
+        "current_account-current_region": {
+          "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}",
+          "objectKey": "56930136ed109a6e2bbab108d97daf7201ee4fd652cff93f20eb31cd855e4e47.json",
+          "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}"
+        }
+      }
+    }
+  },
+  "dockerImages": {}
+}