fix: CFN spec should have had missing required properties.

aws · Nov 1, 2020 · 4489488 · 4489488
1 parent 91648bf
commit 4489488
Show file tree

Hide file tree

Showing 6 changed files with 96 additions and 9 deletions.
diff --git a/packages/@aws-cdk/aws-codeartifact/lib/domain.ts b/packages/@aws-cdk/aws-codeartifact/lib/domain.ts
@@ -107,13 +107,12 @@ export class Domain extends Resource implements IDomain {
     });
 
     if (props.domainEncryptionKey) {
-      this.cfnDomain.addPropertyOverride('EncryptionKey', this.domainEncryptionKey?.keyId);
+      this.cfnDomain.encryptionKey = this.domainEncryptionKey?.keyId;
     }
 
     this.domainName = this.cfnDomain.domainName;
     this.domainArn = this.cfnDomain.attrArn;
     this.domainOwner = this.cfnDomain.attrOwner;
-
   }
 
   /**

diff --git a/packages/@aws-cdk/aws-codeartifact/lib/repository.ts b/packages/@aws-cdk/aws-codeartifact/lib/repository.ts
@@ -161,6 +161,7 @@ export class Repository extends Resource implements IRepository {
     this.validateProps();
 
     this.cfnRepository = new CfnRepository(this, id, {
+      domainName: props.domain?.domainName || '',
       repositoryName: props.repositoryName,
       description: props.description,
       upstreams: props.upstreams ? props.upstreams.map(u => u.repositoryName) : [] as string[],
@@ -194,7 +195,7 @@ export class Repository extends Resource implements IRepository {
   public assignDomain(domain: IDomain): void {
     // This should be added to the L1 props soon, but until then this is required to create a Repository
     this.cfnRepository.node.addDependency(domain);
-    this.cfnRepository.addPropertyOverride('DomainName', domain.domainName);
+    this.cfnRepository.domainName = domain.domainName || '';
   }
 
   /**

diff --git a/packages/@aws-cdk/aws-codeartifact/test/domain.test.ts b/packages/@aws-cdk/aws-codeartifact/test/domain.test.ts
@@ -29,12 +29,13 @@ test('Domain from ARN w/ out domain name nor account id', () => {
 
 test('Create Domain w/ encryption', () => {
   const stack = new Stack();
-  const key = new kms.Key(stack, 'key');
+  const key = kms.Key.fromKeyArn(stack, 'key', 'arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab');
 
   new Domain(stack, 'domain', { domainName: 'ExampleDomain', domainEncryptionKey: key });
 
   cdkassert.expect(stack).to(cdkassert.haveResource('AWS::CodeArtifact::Domain', {
     DomainName: 'ExampleDomain',
+    EncryptionKey: key.keyId,
   }));
 });
 

diff --git a/packages/@aws-cdk/aws-codeartifact/test/integ.repository.expected.json b/packages/@aws-cdk/aws-codeartifact/test/integ.repository.expected.json
@@ -1,9 +1,69 @@
 {
   "Resources": {
+    "keyFEDD6EC0": {
+      "Type": "AWS::KMS::Key",
+      "Properties": {
+        "KeyPolicy": {
+          "Statement": [
+            {
+              "Action": [
+                "kms:Create*",
+                "kms:Describe*",
+                "kms:Enable*",
+                "kms:List*",
+                "kms:Put*",
+                "kms:Update*",
+                "kms:Revoke*",
+                "kms:Disable*",
+                "kms:Get*",
+                "kms:Delete*",
+                "kms:ScheduleKeyDeletion",
+                "kms:CancelKeyDeletion",
+                "kms:GenerateDataKey",
+                "kms:TagResource",
+                "kms:UntagResource"
+              ],
+              "Effect": "Allow",
+              "Principal": {
+                "AWS": {
+                  "Fn::Join": [
+                    "",
+                    [
+                      "arn:",
+                      {
+                        "Ref": "AWS::Partition"
+                      },
+                      ":iam::",
+                      {
+                        "Ref": "AWS::AccountId"
+                      },
+                      ":root"
+                    ]
+                  ]
+                }
+              },
+              "Resource": "*"
+            }
+          ],
+          "Version": "2012-10-17"
+        },
+        "Tags": [
+          {
+            "Key": "app:example",
+            "Value": "integ-test-tag"
+          }
+        ]
+      },
+      "UpdateReplacePolicy": "Retain",
+      "DeletionPolicy": "Retain"
+    },
     "domainFBFFA2F6": {
       "Type": "AWS::CodeArtifact::Domain",
       "Properties": {
         "DomainName": "example-domain",
+        "EncryptionKey": {
+          "Ref": "keyFEDD6EC0"
+        },
         "PermissionsPolicyDocument": {
           "Statement": [
             {
@@ -35,6 +95,7 @@
     "repository5D02F86B": {
       "Type": "AWS::CodeArtifact::Repository",
       "Properties": {
+        "DomainName": "example-domain",
         "RepositoryName": "repository",
         "ExternalConnections": [
           "public:npmjs"
@@ -103,8 +164,7 @@
           ],
           "Version": "2012-10-17"
         },
-        "Upstreams": [],
-        "DomainName": "example-domain"
+        "Upstreams": []
       },
       "DependsOn": [
         "domainFBFFA2F6"
@@ -113,6 +173,7 @@
     "subrepository65E28DB9": {
       "Type": "AWS::CodeArtifact::Repository",
       "Properties": {
+        "DomainName": "example-domain",
         "RepositoryName": "sub-repository",
         "PermissionsPolicyDocument": {
           "Statement": [
@@ -180,8 +241,7 @@
         },
         "Upstreams": [
           "repository"
-        ],
-        "DomainName": "example-domain"
+        ]
       },
       "DependsOn": [
         "domainFBFFA2F6",

diff --git a/packages/@aws-cdk/aws-codeartifact/test/integ.repository.ts b/packages/@aws-cdk/aws-codeartifact/test/integ.repository.ts
@@ -1,5 +1,6 @@
 #!/usr/bin/env node
 import * as iam from '@aws-cdk/aws-iam';
+import * as kms from '@aws-cdk/aws-kms';
 import * as cdk from '@aws-cdk/core';
 import * as codeartifact from '../lib';
 
@@ -27,7 +28,13 @@ p.addStatements(new iam.PolicyStatement({
   },
 }));
 
-const domain = new codeartifact.Domain(stack, 'domain', { domainName: 'example-domain', policyDocument: p });
+
+cdk.Tag.add(stack, 'app:example', 'integ-test-tag');
+
+// Custom KMS key
+const key = new kms.Key(stack, 'key');
+
+const domain = new codeartifact.Domain(stack, 'domain', { domainName: 'example-domain', policyDocument: p, domainEncryptionKey: key });
 const upstream = new codeartifact.Repository(stack, 'repository', {
   repositoryName: 'repository',
   domain: domain,
@@ -42,4 +49,5 @@ const subRepo = new codeartifact.Repository(stack, 'sub-repository', {
 
 subRepo.allowReadFromRepository(new iam.AccountRootPrincipal());
 
+
 app.synth();
diff --git a/packages/@aws-cdk/cfnspec/spec-source/000_CloudFormationResourceSpecification.json b/packages/@aws-cdk/cfnspec/spec-source/000_CloudFormationResourceSpecification.json
@@ -47447,6 +47447,12 @@
           "Required": true,
           "UpdateType": "Immutable"
         },
+        "EncryptionKey": {
+          "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-codeartifact-domain.html#cfn-codeartifact-domain-encryptionkey",
+          "PrimitiveType": "String",
+          "Required": false,
+          "UpdateType": "Immutable"
+        },
         "PermissionsPolicyDocument": {
           "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-codeartifact-domain.html#cfn-codeartifact-domain-permissionspolicydocument",
           "PrimitiveType": "Json",
@@ -47472,12 +47478,24 @@
       },
       "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-codeartifact-repository.html",
       "Properties": {
+        "DomainName": {
+          "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-codeartifact-repository.html#cfn-codeartifact-repository-domainname",
+          "PrimitiveType": "String",
+          "Required": true,
+          "UpdateType": "Immutable"
+        },
         "Description": {
           "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-codeartifact-repository.html#cfn-codeartifact-repository-description",
           "PrimitiveType": "String",
           "Required": false,
           "UpdateType": "Mutable"
         },
+        "DomainOwner": {
+          "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-codeartifact-repository.html#cfn-codeartifact-repository-domainowner",
+          "PrimitiveType": "String",
+          "Required": false,
+          "UpdateType": "Immutable"
+        },
         "ExternalConnections": {
           "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-codeartifact-repository.html#cfn-codeartifact-repository-externalconnections",
           "PrimitiveItemType": "String",