From f371db4237d3b02a77d24c27d8c5c5796d6ab869 Mon Sep 17 00:00:00 2001 From: Ivan Barlog Date: Tue, 5 Nov 2024 06:49:40 +0100 Subject: [PATCH 1/3] propagate `originAccessControlId` CloudFront Origin property to CloudFormation templates fixes #32018 --- packages/aws-cdk-lib/aws-cloudfront/lib/origin.ts | 3 +++ 1 file changed, 3 insertions(+) diff --git a/packages/aws-cdk-lib/aws-cloudfront/lib/origin.ts b/packages/aws-cdk-lib/aws-cloudfront/lib/origin.ts index 12b97e5274cbe..041f296d20fef 100644 --- a/packages/aws-cdk-lib/aws-cloudfront/lib/origin.ts +++ b/packages/aws-cdk-lib/aws-cloudfront/lib/origin.ts @@ -149,6 +149,7 @@ export abstract class OriginBase implements IOrigin { private readonly originShieldRegion?: string; private readonly originShieldEnabled: boolean; private readonly originId?: string; + private readonly originAccessControlId?: string; protected constructor(domainName: string, props: OriginProps = {}) { validateIntInRangeOrUndefined('connectionTimeout', 1, 10, props.connectionTimeout?.toSeconds()); @@ -163,6 +164,7 @@ export abstract class OriginBase implements IOrigin { this.originShieldRegion = props.originShieldRegion; this.originId = props.originId; this.originShieldEnabled = props.originShieldEnabled ?? true; + this.originAccessControlId = props.originAccessControlId; } /** @@ -187,6 +189,7 @@ export abstract class OriginBase implements IOrigin { s3OriginConfig, customOriginConfig, originShield: this.renderOriginShield(this.originShieldEnabled, this.originShieldRegion), + originAccessControlId: this.originAccessControlId, }, }; } From 708934fe2323c6cd92d8b3a313ec2c42909a2e76 Mon Sep 17 00:00:00 2001 From: Ivan Barlog Date: Thu, 21 Nov 2024 09:49:29 +0100 Subject: [PATCH 2/3] add unit tests --- .../aws-cloudfront/test/distribution.test.ts | 32 ++++++++++++++- .../aws-cloudfront/test/test-origin.ts | 41 +++++++++++++++---- 2 files changed, 65 insertions(+), 8 deletions(-) diff --git a/packages/aws-cdk-lib/aws-cloudfront/test/distribution.test.ts b/packages/aws-cdk-lib/aws-cloudfront/test/distribution.test.ts index a6dc892975c0d..e2445b7641ef7 100644 --- a/packages/aws-cdk-lib/aws-cloudfront/test/distribution.test.ts +++ b/packages/aws-cdk-lib/aws-cloudfront/test/distribution.test.ts @@ -1,4 +1,4 @@ -import { defaultOrigin, defaultOriginGroup } from './test-origin'; +import { defaultOrigin, defaultOriginGroup, defaultOriginWithOriginAccessControl } from './test-origin'; import { Annotations, Match, Template } from '../../assertions'; import * as acm from '../../aws-certificatemanager'; import * as cloudwatch from '../../aws-cloudwatch'; @@ -1282,6 +1282,36 @@ test('with publish additional metrics', () => { }); }); +test('with origin access control id', () => { + const origin = defaultOriginWithOriginAccessControl(); + new Distribution(stack, 'MyDist', { + defaultBehavior: { origin }, + publishAdditionalMetrics: true, + }); + + Template.fromStack(stack).hasResourceProperties('AWS::CloudFront::Distribution', { + DistributionConfig: { + DefaultCacheBehavior: { + CachePolicyId: '658327ea-f89d-4fab-a63d-7e88639e58f6', + Compress: true, + TargetOriginId: 'StackMyDistOrigin1D6D5E535', + ViewerProtocolPolicy: 'allow-all', + }, + Enabled: true, + HttpVersion: 'http2', + IPV6Enabled: true, + Origins: [{ + DomainName: 'www.example.com', + Id: 'StackMyDistOrigin1D6D5E535', + CustomOriginConfig: { + OriginProtocolPolicy: 'https-only', + }, + OriginAccessControlId: "test-origin-access-control-id" + }], + }, + }); +}); + describe('Distribution metrics tests', () => { const additionalMetrics = [ { name: 'OriginLatency', method: 'metricOriginLatency', statistic: 'Average', additionalMetricsRequired: true, errorMetricName: 'Origin latency' }, diff --git a/packages/aws-cdk-lib/aws-cloudfront/test/test-origin.ts b/packages/aws-cdk-lib/aws-cloudfront/test/test-origin.ts index 8763187e09c9a..77472b2c906bb 100644 --- a/packages/aws-cdk-lib/aws-cloudfront/test/test-origin.ts +++ b/packages/aws-cdk-lib/aws-cloudfront/test/test-origin.ts @@ -1,16 +1,31 @@ -import { Construct } from 'constructs'; -import { CfnDistribution, IOrigin, OriginBase, OriginBindConfig, OriginBindOptions, OriginProps, OriginProtocolPolicy } from '../lib'; +import { Construct } from "constructs"; +import { + CfnDistribution, + IOrigin, + OriginBase, + OriginBindConfig, + OriginBindOptions, + OriginProps, + OriginProtocolPolicy, +} from "../lib"; /** Used for testing common Origin functionality */ export class TestOrigin extends OriginBase { - constructor(domainName: string, props: OriginProps = {}) { super(domainName, props); } - protected renderCustomOriginConfig(): CfnDistribution.CustomOriginConfigProperty | undefined { + constructor(domainName: string, props: OriginProps = {}) { + super(domainName, props); + } + protected renderCustomOriginConfig(): + | CfnDistribution.CustomOriginConfigProperty + | undefined { return { originProtocolPolicy: OriginProtocolPolicy.HTTPS_ONLY }; } } export class TestOriginGroup implements IOrigin { - constructor(private readonly primaryDomainName: string, private readonly secondaryDomainName: string) { } + constructor( + private readonly primaryDomainName: string, + private readonly secondaryDomainName: string + ) {} /* eslint-disable @cdklabs/no-core-construct */ public bind(scope: Construct, options: OriginBindOptions): OriginBindConfig { const primaryOrigin = new TestOrigin(this.primaryDomainName); @@ -27,11 +42,23 @@ export class TestOriginGroup implements IOrigin { } export function defaultOrigin(domainName?: string, originId?: string): IOrigin { - return new TestOrigin(domainName ?? 'www.example.com', { + return new TestOrigin(domainName ?? "www.example.com", { originId, }); } export function defaultOriginGroup(): IOrigin { - return new TestOriginGroup('www.example.com', 'foo.example.com'); + return new TestOriginGroup("www.example.com", "foo.example.com"); +} + +export function defaultOriginWithOriginAccessControl( + domainName?: string, + originId?: string, + originAccessControlId?: string +): IOrigin { + return new TestOrigin(domainName ?? "www.example.com", { + originId, + originAccessControlId: + originAccessControlId ?? "test-origin-access-control-id", + }); } From 06034102750469eb6591567d6ca3185ac90d1ec7 Mon Sep 17 00:00:00 2001 From: Ivan Barlog Date: Fri, 22 Nov 2024 16:38:46 +0100 Subject: [PATCH 3/3] lint files --- .../aws-cloudfront/test/distribution.test.ts | 2 +- .../aws-cloudfront/test/test-origin.ts | 20 +++++++++---------- 2 files changed, 11 insertions(+), 11 deletions(-) diff --git a/packages/aws-cdk-lib/aws-cloudfront/test/distribution.test.ts b/packages/aws-cdk-lib/aws-cloudfront/test/distribution.test.ts index e2445b7641ef7..ec8c36adf721b 100644 --- a/packages/aws-cdk-lib/aws-cloudfront/test/distribution.test.ts +++ b/packages/aws-cdk-lib/aws-cloudfront/test/distribution.test.ts @@ -1306,7 +1306,7 @@ test('with origin access control id', () => { CustomOriginConfig: { OriginProtocolPolicy: 'https-only', }, - OriginAccessControlId: "test-origin-access-control-id" + OriginAccessControlId: 'test-origin-access-control-id', }], }, }); diff --git a/packages/aws-cdk-lib/aws-cloudfront/test/test-origin.ts b/packages/aws-cdk-lib/aws-cloudfront/test/test-origin.ts index 77472b2c906bb..89136213a3928 100644 --- a/packages/aws-cdk-lib/aws-cloudfront/test/test-origin.ts +++ b/packages/aws-cdk-lib/aws-cloudfront/test/test-origin.ts @@ -1,4 +1,4 @@ -import { Construct } from "constructs"; +import { Construct } from 'constructs'; import { CfnDistribution, IOrigin, @@ -7,7 +7,7 @@ import { OriginBindOptions, OriginProps, OriginProtocolPolicy, -} from "../lib"; +} from '../lib'; /** Used for testing common Origin functionality */ export class TestOrigin extends OriginBase { @@ -15,8 +15,8 @@ export class TestOrigin extends OriginBase { super(domainName, props); } protected renderCustomOriginConfig(): - | CfnDistribution.CustomOriginConfigProperty - | undefined { + | CfnDistribution.CustomOriginConfigProperty + | undefined { return { originProtocolPolicy: OriginProtocolPolicy.HTTPS_ONLY }; } } @@ -24,7 +24,7 @@ export class TestOrigin extends OriginBase { export class TestOriginGroup implements IOrigin { constructor( private readonly primaryDomainName: string, - private readonly secondaryDomainName: string + private readonly secondaryDomainName: string, ) {} /* eslint-disable @cdklabs/no-core-construct */ public bind(scope: Construct, options: OriginBindOptions): OriginBindConfig { @@ -42,23 +42,23 @@ export class TestOriginGroup implements IOrigin { } export function defaultOrigin(domainName?: string, originId?: string): IOrigin { - return new TestOrigin(domainName ?? "www.example.com", { + return new TestOrigin(domainName ?? 'www.example.com', { originId, }); } export function defaultOriginGroup(): IOrigin { - return new TestOriginGroup("www.example.com", "foo.example.com"); + return new TestOriginGroup('www.example.com', 'foo.example.com'); } export function defaultOriginWithOriginAccessControl( domainName?: string, originId?: string, - originAccessControlId?: string + originAccessControlId?: string, ): IOrigin { - return new TestOrigin(domainName ?? "www.example.com", { + return new TestOrigin(domainName ?? 'www.example.com', { originId, originAccessControlId: - originAccessControlId ?? "test-origin-access-control-id", + originAccessControlId ?? 'test-origin-access-control-id', }); }