fix integ tests

aws · Dec 9, 2024 · e5a6c7b · e5a6c7b
1 parent 3fae58e
commit e5a6c7b
Show file tree

Hide file tree

Showing 108 changed files with 11,771 additions and 4,301 deletions.
diff --git a/...asset.6f50ad1670be7195f01a64eddc86541c357b2087e992904bdcb9f5ae67c82ecb.handler/handler.js b/...asset.6f50ad1670be7195f01a64eddc86541c357b2087e992904bdcb9f5ae67c82ecb.handler/handler.js
diff --git a/packages/@aws-cdk/aws-redshift-alpha/lib/private/database-query-provider/privileges.ts b/packages/@aws-cdk/aws-redshift-alpha/lib/private/database-query-provider/privileges.ts
@@ -35,15 +35,15 @@ async function revokePrivileges(username: string, tablePrivileges: TablePrivileg
   // Limited by human input
   // eslint-disable-next-line @cdklabs/promiseall-no-unbounded-parallelism
   await Promise.all(tablePrivileges.map(({ tableName, actions }) => {
-    return executeStatement(`REVOKE ${actions.join(', ')} ON ${tableName} FROM ${username}`, clusterProps);
+    return executeStatement(`REVOKE ${actions.join(', ')} ON "${tableName}" FROM ${username}`, clusterProps);
   }));
 }
 
 async function grantPrivileges(username: string, tablePrivileges: TablePrivilege[], clusterProps: ClusterProps) {
   // Limited by human input
   // eslint-disable-next-line @cdklabs/promiseall-no-unbounded-parallelism
   await Promise.all(tablePrivileges.map(({ tableName, actions }) => {
-    return executeStatement(`GRANT ${actions.join(', ')} ON ${tableName} TO ${username}`, clusterProps);
+    return executeStatement(`GRANT ${actions.join(', ')} ON "${tableName}" TO ${username}`, clusterProps);
   }));
 }
 

diff --git a/packages/@aws-cdk/aws-redshift-alpha/lib/private/database-query.ts b/packages/@aws-cdk/aws-redshift-alpha/lib/private/database-query.ts
@@ -6,7 +6,7 @@ import * as cdk from 'aws-cdk-lib/core';
 import * as customresources from 'aws-cdk-lib/custom-resources';
 import { Construct } from 'constructs';
 import { DatabaseQueryHandlerProps } from './handler-props';
-import { Cluster } from '../cluster';
+import { Cluster, ICluster } from '../cluster';
 import { DatabaseOptions } from '../database-options';
 import { Stack } from 'aws-cdk-lib/core';
 
@@ -29,6 +29,9 @@ export interface DatabaseQueryProps<HandlerProps> extends DatabaseOptions {
 }
 
 export class DatabaseQuery<HandlerProps> extends Construct implements iam.IGrantable {
+  /**
+   * A mapping of singleton functions in the cluster to the assumable IAM roles of their respective invokers.
+   * */
   private static handlerToRole: Record<string, iam.IRole> = {}
 
   readonly grantPrincipal: iam.IPrincipal;
@@ -67,7 +70,7 @@ export class DatabaseQuery<HandlerProps> extends Construct implements iam.IGrant
 
     const provider = new customresources.Provider(this, 'Provider', {
       onEventHandler: handler,
-      role: this.roleForHandler(handler),
+      role: this.roleForHandler(handler, props.cluster),
     });
 
     const queryHandlerProps: DatabaseQueryHandlerProps & HandlerProps = {
@@ -121,16 +124,17 @@ export class DatabaseQuery<HandlerProps> extends Construct implements iam.IGrant
     return adminUser;
   }
 
-  private roleForHandler(handler: lambda.SingletonFunction): iam.IRole {
-    if (!DatabaseQuery.handlerToRole[handler.constructName]) {
-      DatabaseQuery.handlerToRole[handler.constructName] = new iam.Role(Stack.of(this), `Role${handler.constructName}`, {
+  private roleForHandler(handler: lambda.SingletonFunction, cluster: ICluster): iam.IRole {
+    const key = cluster.clusterName + handler.constructName;
+    if (!DatabaseQuery.handlerToRole[key]) {
+      DatabaseQuery.handlerToRole[key] = new iam.Role(Stack.of(this), `Role${handler.constructName}`, {
         assumedBy: new iam.ServicePrincipal('lambda.amazonaws.com'),
         managedPolicies: [
           iam.ManagedPolicy.fromAwsManagedPolicyName('service-role/AWSLambdaBasicExecutionRole'),
         ],
       });
     }
 
-    return DatabaseQuery.handlerToRole[handler.constructName];
+    return DatabaseQuery.handlerToRole[key];
   }
 }
diff --git a/packages/@aws-cdk/aws-redshift-alpha/lib/private/privileges.ts b/packages/@aws-cdk/aws-redshift-alpha/lib/private/privileges.ts
@@ -5,7 +5,7 @@ import { ITable, TableAction } from '../table';
 import { IUser } from '../user';
 import { DatabaseQuery } from './database-query';
 import { HandlerName } from './database-query-provider/handler-name';
-import { TablePrivilege as SerializedTablePrivilege, UserTablePrivilegesHandlerProps } from './handler-props';
+import { UserTablePrivilegesHandlerProps } from './handler-props';
 
 /**
  * The Redshift table and action that make up a privilege that can be granted to a Redshift user.
@@ -39,6 +39,18 @@ export interface UserTablePrivilegesProps extends DatabaseOptions {
   readonly privileges?: TablePrivilege[];
 }
 
+const unifyTableActions = (tableActions: TableAction[]): TableAction[] => {
+  const set = new Set<TableAction>(tableActions);
+  if (set.has(TableAction.UPDATE) || set.has(TableAction.DELETE)) {
+    set.add(TableAction.SELECT);
+  }
+
+  if (set.has(TableAction.ALL)) {
+    return [TableAction.ALL];
+  }
+  return [...set];
+};
+
 /**
  * Privileges granted to a Redshift user on Redshift tables.
  *
@@ -62,33 +74,24 @@ export class UserTablePrivileges extends Construct {
         username: props.user.username,
         tablePrivileges: cdk.Lazy.any({
           produce: () => {
-            const reducedPrivileges = this.privileges.reduce((privileges, { table, actions }) => {
-              const tableId = table.node.id;
-              if (!(tableId in privileges)) {
-                privileges[tableId] = {
+            const groupedPrivileges = this.privileges.reduce(
+              (privileges, { table, actions }) => ({
+                ...privileges,
+                [table.node.id]: {
+                  actions: [
+                    ...(privileges[table.node.id]?.actions ?? []),
+                    ...actions,
+                  ],
                   tableName: table.tableName,
-                  actions: [],
-                };
-              }
-              actions = actions.concat(privileges[tableId].actions);
-              if (actions.includes(TableAction.ALL)) {
-                actions = [TableAction.ALL];
-              }
-              if (actions.includes(TableAction.UPDATE) || actions.includes(TableAction.DELETE)) {
-                actions.push(TableAction.SELECT);
-              }
-              privileges[tableId] = {
-                tableName: table.tableName,
-                actions: Array.from(new Set(actions)),
-              };
-              return privileges;
-            }, {} as { [key: string]: { tableName: string; actions: TableAction[] } });
-            const serializedPrivileges: SerializedTablePrivilege[] = Object.entries(reducedPrivileges).map(([tableId, config]) => ({
+                },
+              }), {} as Record<string, { tableName: string; actions: TableAction[]}>,
+            );
+
+            return Object.entries(groupedPrivileges).map(([tableId, config]) => ({
               tableId,
               tableName: config.tableName,
-              actions: config.actions.map(action => TableAction[action]),
+              actions: unifyTableActions(config.actions).map(action => TableAction[action]),
             }));
-            return serializedPrivileges;
           },
         }) as any,
       },

diff --git a/packages/@aws-cdk/aws-redshift-alpha/lib/table.ts b/packages/@aws-cdk/aws-redshift-alpha/lib/table.ts
@@ -282,7 +282,7 @@ export class Table extends TableBase {
       },
     });
 
-    this.tableName = this.resource.ref;
+    this.tableName = props.tableName ?? this.resource.ref;
   }
 
   /**
-Original file line number
+Diff line change
@@ Expand Up / @@ -282,7 +282,7 @@ export class Table extends TableBase { @@
           },
         });
-        this.tableName = this.resource.ref;
+        this.tableName = props.tableName ?? this.resource.ref;
       }
       /**
@@ Expand Down @@