Skip to content

Commit

Permalink
fix: Update GuPolicy with revised logicalId logic
Browse files Browse the repository at this point in the history
In #364 we placed the logic of overriding a construct's logicalId into a single place.

In this change, we're updating the `GuPolicy` construct to adopt the new logic. As of #418 it's as simple as using the `GuMigratableConstruct` mixin!
  • Loading branch information
akash1810 committed Apr 12, 2021
1 parent f7455a4 commit db5bdc0
Show file tree
Hide file tree
Showing 2 changed files with 59 additions and 10 deletions.
54 changes: 54 additions & 0 deletions src/constructs/iam/policies/base-policy.test.ts
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,33 @@ describe("GuAllowPolicy", () => {
},
});
});

test("auto-generates the logicalId by default", () => {
const stack = simpleGuStackForTesting();
attachPolicyToTestRole(
stack,
new GuAllowPolicy(stack, "AllowS3GetObject", {
actions: ["s3:GetObject"],
resources: ["*"],
})
);

expect(stack).toHaveResourceOfTypeAndLogicalId("AWS::IAM::Policy", /^AllowS3GetObject.+/);
});

test("overrides the logicalId when existingLogicalId is set in a migrating stack", () => {
const stack = simpleGuStackForTesting({ migratedFromCloudFormation: true });
attachPolicyToTestRole(
stack,
new GuAllowPolicy(stack, "AllowS3GetObject", {
actions: ["s3:GetObject"],
resources: ["*"],
existingLogicalId: "MyAwesomeAllowPolicy",
})
);

expect(stack).toHaveResourceOfTypeAndLogicalId("AWS::IAM::Policy", "MyAwesomeAllowPolicy");
});
});

describe("GuDenyPolicy", () => {
Expand Down Expand Up @@ -101,4 +128,31 @@ describe("GuDenyPolicy", () => {
},
});
});

test("auto-generates the logicalId by default", () => {
const stack = simpleGuStackForTesting();
attachPolicyToTestRole(
stack,
new GuDenyPolicy(stack, "DenyS3GetObject", {
actions: ["s3:GetObject"],
resources: ["*"],
})
);

expect(stack).toHaveResourceOfTypeAndLogicalId("AWS::IAM::Policy", /^DenyS3GetObject.+/);
});

test("overrides the logicalId when existingLogicalId is set in a migrating stack", () => {
const stack = simpleGuStackForTesting({ migratedFromCloudFormation: true });
attachPolicyToTestRole(
stack,
new GuDenyPolicy(stack, "DenyS3GetObject", {
actions: ["s3:GetObject"],
resources: ["*"],
existingLogicalId: "MyAwesomeDenyPolicy",
})
);

expect(stack).toHaveResourceOfTypeAndLogicalId("AWS::IAM::Policy", "MyAwesomeDenyPolicy");
});
});
15 changes: 5 additions & 10 deletions src/constructs/iam/policies/base-policy.ts
Original file line number Diff line number Diff line change
@@ -1,21 +1,16 @@
import type { CfnPolicy, PolicyProps } from "@aws-cdk/aws-iam";
import type { PolicyProps } from "@aws-cdk/aws-iam";
import { Effect, Policy, PolicyStatement } from "@aws-cdk/aws-iam";
import { GuMigratableConstruct } from "../../../utils/mixin";
import type { GuStack } from "../../core";
import type { GuMigratingResource } from "../../core/migrating";

export interface GuPolicyProps extends PolicyProps {
overrideId?: boolean;
}
export interface GuPolicyProps extends PolicyProps, GuMigratingResource {}

export type GuNoStatementsPolicyProps = Omit<GuPolicyProps, "statements">;

export abstract class GuPolicy extends Policy {
export abstract class GuPolicy extends GuMigratableConstruct(Policy) {
protected constructor(scope: GuStack, id: string, props: GuPolicyProps) {
super(scope, id, props);

if (props.overrideId) {
const child = this.node.defaultChild as CfnPolicy;
child.overrideLogicalId(id);
}
}
}

Expand Down

0 comments on commit db5bdc0

Please sign in to comment.