Skip to content

Commit

Permalink
fix integ tests
Browse files Browse the repository at this point in the history
  • Loading branch information
5d committed Dec 10, 2024
1 parent 3fae58e commit e9a9b6b
Show file tree
Hide file tree
Showing 107 changed files with 11,769 additions and 4,299 deletions.

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

16 changes: 10 additions & 6 deletions packages/@aws-cdk/aws-redshift-alpha/lib/private/database-query.ts
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ import * as cdk from 'aws-cdk-lib/core';
import * as customresources from 'aws-cdk-lib/custom-resources';
import { Construct } from 'constructs';
import { DatabaseQueryHandlerProps } from './handler-props';
import { Cluster } from '../cluster';
import { Cluster, ICluster } from '../cluster';
import { DatabaseOptions } from '../database-options';
import { Stack } from 'aws-cdk-lib/core';

Expand All @@ -29,6 +29,9 @@ export interface DatabaseQueryProps<HandlerProps> extends DatabaseOptions {
}

export class DatabaseQuery<HandlerProps> extends Construct implements iam.IGrantable {
/**
* A mapping of singleton functions in the cluster to the assumable IAM roles of their respective invokers.
* */
private static handlerToRole: Record<string, iam.IRole> = {}

readonly grantPrincipal: iam.IPrincipal;
Expand Down Expand Up @@ -67,7 +70,7 @@ export class DatabaseQuery<HandlerProps> extends Construct implements iam.IGrant

const provider = new customresources.Provider(this, 'Provider', {
onEventHandler: handler,
role: this.roleForHandler(handler),
role: this.roleForHandler(handler, props.cluster),
});

const queryHandlerProps: DatabaseQueryHandlerProps & HandlerProps = {
Expand Down Expand Up @@ -121,16 +124,17 @@ export class DatabaseQuery<HandlerProps> extends Construct implements iam.IGrant
return adminUser;
}

private roleForHandler(handler: lambda.SingletonFunction): iam.IRole {
if (!DatabaseQuery.handlerToRole[handler.constructName]) {
DatabaseQuery.handlerToRole[handler.constructName] = new iam.Role(Stack.of(this), `Role${handler.constructName}`, {
private roleForHandler(handler: lambda.SingletonFunction, cluster: ICluster): iam.IRole {
const key = cluster.clusterName + handler.constructName;
if (!DatabaseQuery.handlerToRole[key]) {
DatabaseQuery.handlerToRole[key] = new iam.Role(Stack.of(this), `Role${handler.constructName}`, {
assumedBy: new iam.ServicePrincipal('lambda.amazonaws.com'),
managedPolicies: [
iam.ManagedPolicy.fromAwsManagedPolicyName('service-role/AWSLambdaBasicExecutionRole'),
],
});
}

return DatabaseQuery.handlerToRole[handler.constructName];
return DatabaseQuery.handlerToRole[key];
}
}
51 changes: 27 additions & 24 deletions packages/@aws-cdk/aws-redshift-alpha/lib/private/privileges.ts
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ import { ITable, TableAction } from '../table';
import { IUser } from '../user';
import { DatabaseQuery } from './database-query';
import { HandlerName } from './database-query-provider/handler-name';
import { TablePrivilege as SerializedTablePrivilege, UserTablePrivilegesHandlerProps } from './handler-props';
import { UserTablePrivilegesHandlerProps } from './handler-props';

/**
* The Redshift table and action that make up a privilege that can be granted to a Redshift user.
Expand Down Expand Up @@ -39,6 +39,18 @@ export interface UserTablePrivilegesProps extends DatabaseOptions {
readonly privileges?: TablePrivilege[];
}

const unifyTableActions = (tableActions: TableAction[]): TableAction[] => {
const set = new Set<TableAction>(tableActions);
if (set.has(TableAction.UPDATE) || set.has(TableAction.DELETE)) {
set.add(TableAction.SELECT);
}

if (set.has(TableAction.ALL)) {
return [TableAction.ALL];
}
return [...set];
};

/**
* Privileges granted to a Redshift user on Redshift tables.
*
Expand All @@ -62,33 +74,24 @@ export class UserTablePrivileges extends Construct {
username: props.user.username,
tablePrivileges: cdk.Lazy.any({
produce: () => {
const reducedPrivileges = this.privileges.reduce((privileges, { table, actions }) => {
const tableId = table.node.id;
if (!(tableId in privileges)) {
privileges[tableId] = {
const groupedPrivileges = this.privileges.reduce(
(privileges, { table, actions }) => ({
...privileges,
[table.node.id]: {
actions: [
...(privileges[table.node.id]?.actions ?? []),
...actions,
],
tableName: table.tableName,
actions: [],
};
}
actions = actions.concat(privileges[tableId].actions);
if (actions.includes(TableAction.ALL)) {
actions = [TableAction.ALL];
}
if (actions.includes(TableAction.UPDATE) || actions.includes(TableAction.DELETE)) {
actions.push(TableAction.SELECT);
}
privileges[tableId] = {
tableName: table.tableName,
actions: Array.from(new Set(actions)),
};
return privileges;
}, {} as { [key: string]: { tableName: string; actions: TableAction[] } });
const serializedPrivileges: SerializedTablePrivilege[] = Object.entries(reducedPrivileges).map(([tableId, config]) => ({
},
}), {} as Record<string, { tableName: string; actions: TableAction[]}>,
);

return Object.entries(groupedPrivileges).map(([tableId, config]) => ({
tableId,
tableName: config.tableName,
actions: config.actions.map(action => TableAction[action]),
actions: unifyTableActions(config.actions).map(action => TableAction[action]),
}));
return serializedPrivileges;
},
}) as any,
},
Expand Down
2 changes: 1 addition & 1 deletion packages/@aws-cdk/aws-redshift-alpha/lib/table.ts
Original file line number Diff line number Diff line change
Expand Up @@ -282,7 +282,7 @@ export class Table extends TableBase {
},
});

this.tableName = this.resource.ref;
this.tableName = props.tableName ?? this.resource.ref;
}

/**
Expand Down
Loading

0 comments on commit e9a9b6b

Please sign in to comment.