From 333ebc82e17a35b9c7caa158aace4bb93792a2e2 Mon Sep 17 00:00:00 2001 From: Liwei Wang Date: Tue, 21 Mar 2023 21:28:09 +0000 Subject: [PATCH 1/4] Change Share ID generation Testing done ------------------------------------- * Related items ------------------------------------ * SIM/auto-cut ticket --- .../lib/application.ts | 12 +++---- .../lib/aspects/stack-associator.ts | 6 ++-- .../lib/attribute-group.ts | 11 +++--- .../lib/common.ts | 6 ++++ .../test/application.test.ts | 34 ++++++++++++------- .../test/attribute-group.test.ts | 34 ++++++++++++------- .../test/integ.application.ts | 3 +- .../integ.attribute-group.js.snapshot/cdk.out | 2 +- ...logappregistry-attribute-group.assets.json | 6 ++-- ...gappregistry-attribute-group.template.json | 4 +-- .../integ.json | 2 +- .../manifest.json | 17 +++++++--- .../tree.json | 10 +++--- .../test/integ.attribute-group.ts | 3 +- 14 files changed, 92 insertions(+), 58 deletions(-) diff --git a/packages/@aws-cdk/aws-servicecatalogappregistry/lib/application.ts b/packages/@aws-cdk/aws-servicecatalogappregistry/lib/application.ts index e5165676eb0da..eef57ebb7598f 100644 --- a/packages/@aws-cdk/aws-servicecatalogappregistry/lib/application.ts +++ b/packages/@aws-cdk/aws-servicecatalogappregistry/lib/application.ts @@ -1,6 +1,5 @@ import { CfnResourceShare } from '@aws-cdk/aws-ram'; import * as cdk from '@aws-cdk/core'; -import { Names } from '@aws-cdk/core'; import { Construct } from 'constructs'; import { StageStackAssociator } from './aspects/stack-associator'; import { AttributeGroup, IAttributeGroup } from './attribute-group'; @@ -90,9 +89,10 @@ export interface IApplication extends cdk.IResource { /** * Share this application with other IAM entities, accounts, or OUs. * + * @param id The construct name for the share. * @param shareOptions The options for the share. */ - shareApplication(shareOptions: ShareOptions): void; + shareApplication(id: string, shareOptions: ShareOptions): void; /** * Associate this application with all stacks under the construct node. @@ -205,13 +205,13 @@ abstract class ApplicationBase extends cdk.Resource implements IApplication { * Share an application with accounts, organizations and OUs, and IAM roles and users. * The application will become available to end users within those principals. * + * @param id The construct name for the share. * @param shareOptions The options for the share. */ - public shareApplication(shareOptions: ShareOptions): void { + public shareApplication(id: string, shareOptions: ShareOptions): void { const principals = getPrincipalsforSharing(shareOptions); - const shareName = `RAMShare${hashValues(Names.nodeUniqueId(this.node), this.node.children.length.toString())}`; - new CfnResourceShare(this, shareName, { - name: shareName, + new CfnResourceShare(this, id, { + name: shareOptions.name, allowExternalPrincipals: false, principals: principals, resourceArns: [this.applicationArn], diff --git a/packages/@aws-cdk/aws-servicecatalogappregistry/lib/aspects/stack-associator.ts b/packages/@aws-cdk/aws-servicecatalogappregistry/lib/aspects/stack-associator.ts index b6e81403d86ea..ba99f71367224 100644 --- a/packages/@aws-cdk/aws-servicecatalogappregistry/lib/aspects/stack-associator.ts +++ b/packages/@aws-cdk/aws-servicecatalogappregistry/lib/aspects/stack-associator.ts @@ -2,7 +2,7 @@ import { IAspect, Stack, Stage, Annotations } from '@aws-cdk/core'; import { IConstruct } from 'constructs'; import { IApplication } from '../application'; import { ApplicationAssociator } from '../application-associator'; -import { SharePermission } from '../common'; +import { hashValues, SharePermission } from '../common'; import { isRegionUnresolved, isAccountUnresolved } from '../private/utils'; export interface StackAssociatorBaseProps { @@ -112,7 +112,9 @@ abstract class StackAssociatorBase implements IAspect { if (node.account != this.application.env.account && !this.sharedAccounts.has(node.account)) { if (this.associateCrossAccountStacks) { - this.application.shareApplication({ + const shareId = `ApplicationShare${hashValues(this.application.node.addr, node.stackId)}`; + this.application.shareApplication(shareId, { + name: shareId, accounts: [node.account], sharePermission: SharePermission.ALLOW_ACCESS, }); diff --git a/packages/@aws-cdk/aws-servicecatalogappregistry/lib/attribute-group.ts b/packages/@aws-cdk/aws-servicecatalogappregistry/lib/attribute-group.ts index b7dbfc49d5efa..2ad1e51bd28fc 100644 --- a/packages/@aws-cdk/aws-servicecatalogappregistry/lib/attribute-group.ts +++ b/packages/@aws-cdk/aws-servicecatalogappregistry/lib/attribute-group.ts @@ -1,6 +1,5 @@ import { CfnResourceShare } from '@aws-cdk/aws-ram'; import * as cdk from '@aws-cdk/core'; -import { Names } from '@aws-cdk/core'; import { Construct } from 'constructs'; import { IApplication } from './application'; import { getPrincipalsforSharing, hashValues, ShareOptions, SharePermission } from './common'; @@ -29,9 +28,10 @@ export interface IAttributeGroup extends cdk.IResource { /** * Share the attribute group resource with other IAM entities, accounts, or OUs. * + * @param id The construct name for the share. * @param shareOptions The options for the share. */ - shareAttributeGroup(shareOptions: ShareOptions): void; + shareAttributeGroup(id: string, shareOptions: ShareOptions): void; } /** @@ -77,11 +77,10 @@ abstract class AttributeGroupBase extends cdk.Resource implements IAttributeGrou } } - public shareAttributeGroup(shareOptions: ShareOptions): void { + public shareAttributeGroup(id: string, shareOptions: ShareOptions): void { const principals = getPrincipalsforSharing(shareOptions); - const shareName = `RAMShare${hashValues(Names.nodeUniqueId(this.node), this.node.children.length.toString())}`; - new CfnResourceShare(this, shareName, { - name: shareName, + new CfnResourceShare(this, id, { + name: shareOptions.name, allowExternalPrincipals: false, principals: principals, resourceArns: [this.attributeGroupArn], diff --git a/packages/@aws-cdk/aws-servicecatalogappregistry/lib/common.ts b/packages/@aws-cdk/aws-servicecatalogappregistry/lib/common.ts index 148ddb1637c03..64e9d0d36bac8 100644 --- a/packages/@aws-cdk/aws-servicecatalogappregistry/lib/common.ts +++ b/packages/@aws-cdk/aws-servicecatalogappregistry/lib/common.ts @@ -20,6 +20,12 @@ export enum SharePermission { * The options that are passed into a share of an Application or Attribute Group. */ export interface ShareOptions { + /** + * Name of the share. + * + * @default - The value of `id` will be used + */ + readonly name: string; /** * A list of AWS accounts that the application will be shared with. * diff --git a/packages/@aws-cdk/aws-servicecatalogappregistry/test/application.test.ts b/packages/@aws-cdk/aws-servicecatalogappregistry/test/application.test.ts index 8bc60676081aa..f8b00be330841 100644 --- a/packages/@aws-cdk/aws-servicecatalogappregistry/test/application.test.ts +++ b/packages/@aws-cdk/aws-servicecatalogappregistry/test/application.test.ts @@ -269,18 +269,21 @@ describe('Application', () => { test('fails for sharing application without principals', () => { expect(() => { - application.shareApplication({}); + application.shareApplication('MyShare', { + name: 'MyShare', + }); }).toThrow(/An entity must be provided for the share/); }); test('share application with an organization', () => { - application.shareApplication({ + application.shareApplication('MyShare', { + name: 'MyShare', organizationArns: ['arn:aws:organizations::123456789012:organization/o-70oi5564q1'], }); Template.fromStack(stack).hasResourceProperties('AWS::RAM::ResourceShare', { AllowExternalPrincipals: false, - Name: 'RAMSharee6e0e560e6f8', + Name: 'MyShare', Principals: ['arn:aws:organizations::123456789012:organization/o-70oi5564q1'], ResourceArns: [{ 'Fn::GetAtt': ['MyApplication5C63EC1D', 'Arn'] }], PermissionArns: ['arn:aws:ram::aws:permission/AWSRAMPermissionServiceCatalogAppRegistryApplicationReadOnly'], @@ -288,13 +291,14 @@ describe('Application', () => { }); test('share application with an account', () => { - application.shareApplication({ + application.shareApplication('MyShare', { + name: 'MyShare', accounts: ['123456789012'], }); Template.fromStack(stack).hasResourceProperties('AWS::RAM::ResourceShare', { AllowExternalPrincipals: false, - Name: 'RAMSharee6e0e560e6f8', + Name: 'MyShare', Principals: ['123456789012'], ResourceArns: [{ 'Fn::GetAtt': ['MyApplication5C63EC1D', 'Arn'] }], PermissionArns: ['arn:aws:ram::aws:permission/AWSRAMPermissionServiceCatalogAppRegistryApplicationReadOnly'], @@ -304,13 +308,14 @@ describe('Application', () => { test('share application with an IAM role', () => { const myRole = iam.Role.fromRoleArn(stack, 'MyRole', 'arn:aws:iam::123456789012:role/myRole'); - application.shareApplication({ + application.shareApplication('MyShare', { + name: 'MyShare', roles: [myRole], }); Template.fromStack(stack).hasResourceProperties('AWS::RAM::ResourceShare', { AllowExternalPrincipals: false, - Name: 'RAMSharee6e0e560e6f8', + Name: 'MyShare', Principals: ['arn:aws:iam::123456789012:role/myRole'], ResourceArns: [{ 'Fn::GetAtt': ['MyApplication5C63EC1D', 'Arn'] }], PermissionArns: ['arn:aws:ram::aws:permission/AWSRAMPermissionServiceCatalogAppRegistryApplicationReadOnly'], @@ -320,13 +325,14 @@ describe('Application', () => { test('share application with an IAM user', () => { const myUser = iam.User.fromUserArn(stack, 'MyUser', 'arn:aws:iam::123456789012:user/myUser'); - application.shareApplication({ + application.shareApplication('MyShare', { + name: 'MyShare', users: [myUser], }); Template.fromStack(stack).hasResourceProperties('AWS::RAM::ResourceShare', { AllowExternalPrincipals: false, - Name: 'RAMSharee6e0e560e6f8', + Name: 'MyShare', Principals: ['arn:aws:iam::123456789012:user/myUser'], ResourceArns: [{ 'Fn::GetAtt': ['MyApplication5C63EC1D', 'Arn'] }], PermissionArns: ['arn:aws:ram::aws:permission/AWSRAMPermissionServiceCatalogAppRegistryApplicationReadOnly'], @@ -334,14 +340,15 @@ describe('Application', () => { }); test('share application with organization, give explicit read only access to an application', () => { - application.shareApplication({ + application.shareApplication('MyShare', { + name: 'MyShare', organizationArns: ['arn:aws:organizations::123456789012:organization/o-70oi5564q1'], sharePermission: appreg.SharePermission.READ_ONLY, }); Template.fromStack(stack).hasResourceProperties('AWS::RAM::ResourceShare', { AllowExternalPrincipals: false, - Name: 'RAMSharee6e0e560e6f8', + Name: 'MyShare', Principals: ['arn:aws:organizations::123456789012:organization/o-70oi5564q1'], ResourceArns: [{ 'Fn::GetAtt': ['MyApplication5C63EC1D', 'Arn'] }], PermissionArns: ['arn:aws:ram::aws:permission/AWSRAMPermissionServiceCatalogAppRegistryApplicationReadOnly'], @@ -349,14 +356,15 @@ describe('Application', () => { }); test('share application with organization, allow access to associate resources and attribute group with an application', () => { - application.shareApplication({ + application.shareApplication('MyShare', { + name: 'MyShare', organizationArns: ['arn:aws:organizations::123456789012:organization/o-70oi5564q1'], sharePermission: appreg.SharePermission.ALLOW_ACCESS, }); Template.fromStack(stack).hasResourceProperties('AWS::RAM::ResourceShare', { AllowExternalPrincipals: false, - Name: 'RAMSharee6e0e560e6f8', + Name: 'MyShare', Principals: ['arn:aws:organizations::123456789012:organization/o-70oi5564q1'], ResourceArns: [{ 'Fn::GetAtt': ['MyApplication5C63EC1D', 'Arn'] }], PermissionArns: ['arn:aws:ram::aws:permission/AWSRAMPermissionServiceCatalogAppRegistryApplicationAllowAssociation'], diff --git a/packages/@aws-cdk/aws-servicecatalogappregistry/test/attribute-group.test.ts b/packages/@aws-cdk/aws-servicecatalogappregistry/test/attribute-group.test.ts index 8d7a984cf48a9..2435060850a28 100644 --- a/packages/@aws-cdk/aws-servicecatalogappregistry/test/attribute-group.test.ts +++ b/packages/@aws-cdk/aws-servicecatalogappregistry/test/attribute-group.test.ts @@ -212,18 +212,21 @@ describe('Attribute Group', () => { test('fails for sharing attribute group without principals', () => { expect(() => { - attributeGroup.shareAttributeGroup({}); + attributeGroup.shareAttributeGroup('MyShareId', { + name: 'MyShare', + }); }).toThrow(/An entity must be provided for the share/); }); test('share attribute group with an organization', () => { - attributeGroup.shareAttributeGroup({ + attributeGroup.shareAttributeGroup('MyShareId', { + name: 'MyShare', organizationArns: ['arn:aws:organizations::123456789012:organization/o-70oi5564q1'], }); Template.fromStack(stack).hasResourceProperties('AWS::RAM::ResourceShare', { AllowExternalPrincipals: false, - Name: 'RAMShare76d2681489c0', + Name: 'MyShare', Principals: ['arn:aws:organizations::123456789012:organization/o-70oi5564q1'], ResourceArns: [{ 'Fn::GetAtt': ['MyAttributeGroup99099500', 'Arn'] }], PermissionArns: ['arn:aws:ram::aws:permission/AWSRAMPermissionServiceCatalogAppRegistryAttributeGroupReadOnly'], @@ -231,13 +234,14 @@ describe('Attribute Group', () => { }); test('share attribute group with an account', () => { - attributeGroup.shareAttributeGroup({ + attributeGroup.shareAttributeGroup('MyShareId', { + name: 'MyShare', accounts: ['123456789012'], }); Template.fromStack(stack).hasResourceProperties('AWS::RAM::ResourceShare', { AllowExternalPrincipals: false, - Name: 'RAMShare76d2681489c0', + Name: 'MyShare', Principals: ['123456789012'], ResourceArns: [{ 'Fn::GetAtt': ['MyAttributeGroup99099500', 'Arn'] }], PermissionArns: ['arn:aws:ram::aws:permission/AWSRAMPermissionServiceCatalogAppRegistryAttributeGroupReadOnly'], @@ -247,13 +251,14 @@ describe('Attribute Group', () => { test('share attribute group with an IAM role', () => { const myRole = iam.Role.fromRoleArn(stack, 'MyRole', 'arn:aws:iam::123456789012:role/myRole'); - attributeGroup.shareAttributeGroup({ + attributeGroup.shareAttributeGroup('MyShareId', { + name: 'MyShare', roles: [myRole], }); Template.fromStack(stack).hasResourceProperties('AWS::RAM::ResourceShare', { AllowExternalPrincipals: false, - Name: 'RAMShare76d2681489c0', + Name: 'MyShare', Principals: ['arn:aws:iam::123456789012:role/myRole'], ResourceArns: [{ 'Fn::GetAtt': ['MyAttributeGroup99099500', 'Arn'] }], PermissionArns: ['arn:aws:ram::aws:permission/AWSRAMPermissionServiceCatalogAppRegistryAttributeGroupReadOnly'], @@ -263,13 +268,14 @@ describe('Attribute Group', () => { test('share attribute group with an IAM user', () => { const myUser = iam.User.fromUserArn(stack, 'MyUser', 'arn:aws:iam::123456789012:user/myUser'); - attributeGroup.shareAttributeGroup({ + attributeGroup.shareAttributeGroup('MyShareId', { + name: 'MyShare', users: [myUser], }); Template.fromStack(stack).hasResourceProperties('AWS::RAM::ResourceShare', { AllowExternalPrincipals: false, - Name: 'RAMShare76d2681489c0', + Name: 'MyShare', Principals: ['arn:aws:iam::123456789012:user/myUser'], ResourceArns: [{ 'Fn::GetAtt': ['MyAttributeGroup99099500', 'Arn'] }], PermissionArns: ['arn:aws:ram::aws:permission/AWSRAMPermissionServiceCatalogAppRegistryAttributeGroupReadOnly'], @@ -277,14 +283,15 @@ describe('Attribute Group', () => { }); test('share attribute group with organization, give explicit read only access to the attribute group', () => { - attributeGroup.shareAttributeGroup({ + attributeGroup.shareAttributeGroup('MyShareId', { + name: 'MyShare', organizationArns: ['arn:aws:organizations::123456789012:organization/o-70oi5564q1'], sharePermission: appreg.SharePermission.READ_ONLY, }); Template.fromStack(stack).hasResourceProperties('AWS::RAM::ResourceShare', { AllowExternalPrincipals: false, - Name: 'RAMShare76d2681489c0', + Name: 'MyShare', Principals: ['arn:aws:organizations::123456789012:organization/o-70oi5564q1'], ResourceArns: [{ 'Fn::GetAtt': ['MyAttributeGroup99099500', 'Arn'] }], PermissionArns: ['arn:aws:ram::aws:permission/AWSRAMPermissionServiceCatalogAppRegistryAttributeGroupReadOnly'], @@ -292,14 +299,15 @@ describe('Attribute Group', () => { }); test('share attribute group with organization, give access to mutate attribute groups', () => { - attributeGroup.shareAttributeGroup({ + attributeGroup.shareAttributeGroup('MyShareId', { + name: 'MyShare', organizationArns: ['arn:aws:organizations::123456789012:organization/o-70oi5564q1'], sharePermission: appreg.SharePermission.ALLOW_ACCESS, }); Template.fromStack(stack).hasResourceProperties('AWS::RAM::ResourceShare', { AllowExternalPrincipals: false, - Name: 'RAMShare76d2681489c0', + Name: 'MyShare', Principals: ['arn:aws:organizations::123456789012:organization/o-70oi5564q1'], ResourceArns: [{ 'Fn::GetAtt': ['MyAttributeGroup99099500', 'Arn'] }], PermissionArns: ['arn:aws:ram::aws:permission/AWSRAMPermissionServiceCatalogAppRegistryAttributeGroupAllowAssociation'], diff --git a/packages/@aws-cdk/aws-servicecatalogappregistry/test/integ.application.ts b/packages/@aws-cdk/aws-servicecatalogappregistry/test/integ.application.ts index f44ba7f0a31d7..b09e80e9b7dc0 100644 --- a/packages/@aws-cdk/aws-servicecatalogappregistry/test/integ.application.ts +++ b/packages/@aws-cdk/aws-servicecatalogappregistry/test/integ.application.ts @@ -56,7 +56,8 @@ application.addAttributeGroup('myAnotherAttributeGroup', { const myRole = new iam.Role(stack, 'MyRole', { assumedBy: new iam.AccountPrincipal(stack.account), }); -application.shareApplication({ +application.shareApplication('MyShare', { + name: 'MyShare', roles: [myRole], }); diff --git a/packages/@aws-cdk/aws-servicecatalogappregistry/test/integ.attribute-group.js.snapshot/cdk.out b/packages/@aws-cdk/aws-servicecatalogappregistry/test/integ.attribute-group.js.snapshot/cdk.out index b72fef144f05c..7925065efbcc4 100644 --- a/packages/@aws-cdk/aws-servicecatalogappregistry/test/integ.attribute-group.js.snapshot/cdk.out +++ b/packages/@aws-cdk/aws-servicecatalogappregistry/test/integ.attribute-group.js.snapshot/cdk.out @@ -1 +1 @@ -{"version":"30.1.0"} \ No newline at end of file +{"version":"31.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-servicecatalogappregistry/test/integ.attribute-group.js.snapshot/integ-servicecatalogappregistry-attribute-group.assets.json b/packages/@aws-cdk/aws-servicecatalogappregistry/test/integ.attribute-group.js.snapshot/integ-servicecatalogappregistry-attribute-group.assets.json index 7f5d7d67860d6..9fa752fb4f3db 100644 --- a/packages/@aws-cdk/aws-servicecatalogappregistry/test/integ.attribute-group.js.snapshot/integ-servicecatalogappregistry-attribute-group.assets.json +++ b/packages/@aws-cdk/aws-servicecatalogappregistry/test/integ.attribute-group.js.snapshot/integ-servicecatalogappregistry-attribute-group.assets.json @@ -1,7 +1,7 @@ { - "version": "30.1.0", + "version": "31.0.0", "files": { - "9d37fdefa4311937f8f73f9556f1d9a03a2874545a0a262fd42bfde3823ab551": { + "82d95f02f48b1a318e263f9ed8a8bffdeb427088f26115168bac269d7c1d92fb": { "source": { "path": "integ-servicecatalogappregistry-attribute-group.template.json", "packaging": "file" @@ -9,7 +9,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "9d37fdefa4311937f8f73f9556f1d9a03a2874545a0a262fd42bfde3823ab551.json", + "objectKey": "82d95f02f48b1a318e263f9ed8a8bffdeb427088f26115168bac269d7c1d92fb.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/packages/@aws-cdk/aws-servicecatalogappregistry/test/integ.attribute-group.js.snapshot/integ-servicecatalogappregistry-attribute-group.template.json b/packages/@aws-cdk/aws-servicecatalogappregistry/test/integ.attribute-group.js.snapshot/integ-servicecatalogappregistry-attribute-group.template.json index 58e8215d70828..5c2c3820801b4 100644 --- a/packages/@aws-cdk/aws-servicecatalogappregistry/test/integ.attribute-group.js.snapshot/integ-servicecatalogappregistry-attribute-group.template.json +++ b/packages/@aws-cdk/aws-servicecatalogappregistry/test/integ.attribute-group.js.snapshot/integ-servicecatalogappregistry-attribute-group.template.json @@ -19,10 +19,10 @@ "Description": "test attribute group description" } }, - "TestAttributeGroupRAMSharec67f7d80e5baA10EFB4E": { + "TestAttributeGroupMyShareIdBAA9E628": { "Type": "AWS::RAM::ResourceShare", "Properties": { - "Name": "RAMSharec67f7d80e5ba", + "Name": "MyShare", "AllowExternalPrincipals": false, "PermissionArns": [ "arn:aws:ram::aws:permission/AWSRAMPermissionServiceCatalogAppRegistryAttributeGroupReadOnly" diff --git a/packages/@aws-cdk/aws-servicecatalogappregistry/test/integ.attribute-group.js.snapshot/integ.json b/packages/@aws-cdk/aws-servicecatalogappregistry/test/integ.attribute-group.js.snapshot/integ.json index 1c5f8dae6c42d..2ebab9f358dac 100644 --- a/packages/@aws-cdk/aws-servicecatalogappregistry/test/integ.attribute-group.js.snapshot/integ.json +++ b/packages/@aws-cdk/aws-servicecatalogappregistry/test/integ.attribute-group.js.snapshot/integ.json @@ -1,5 +1,5 @@ { - "version": "30.1.0", + "version": "31.0.0", "testCases": { "integ.attribute-group": { "stacks": [ diff --git a/packages/@aws-cdk/aws-servicecatalogappregistry/test/integ.attribute-group.js.snapshot/manifest.json b/packages/@aws-cdk/aws-servicecatalogappregistry/test/integ.attribute-group.js.snapshot/manifest.json index a894caeb670cf..1a9a3f87dffe4 100644 --- a/packages/@aws-cdk/aws-servicecatalogappregistry/test/integ.attribute-group.js.snapshot/manifest.json +++ b/packages/@aws-cdk/aws-servicecatalogappregistry/test/integ.attribute-group.js.snapshot/manifest.json @@ -1,5 +1,5 @@ { - "version": "30.1.0", + "version": "31.0.0", "artifacts": { "integ-servicecatalogappregistry-attribute-group.assets": { "type": "cdk:asset-manifest", @@ -17,7 +17,7 @@ "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/9d37fdefa4311937f8f73f9556f1d9a03a2874545a0a262fd42bfde3823ab551.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/82d95f02f48b1a318e263f9ed8a8bffdeb427088f26115168bac269d7c1d92fb.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ @@ -39,10 +39,10 @@ "data": "TestAttributeGroupB1CB284F" } ], - "/integ-servicecatalogappregistry-attribute-group/TestAttributeGroup/RAMSharec67f7d80e5ba": [ + "/integ-servicecatalogappregistry-attribute-group/TestAttributeGroup/MyShareId": [ { "type": "aws:cdk:logicalId", - "data": "TestAttributeGroupRAMSharec67f7d80e5baA10EFB4E" + "data": "TestAttributeGroupMyShareIdBAA9E628" } ], "/integ-servicecatalogappregistry-attribute-group/MyRole/Resource": [ @@ -68,6 +68,15 @@ "type": "aws:cdk:logicalId", "data": "CheckBootstrapVersion" } + ], + "TestAttributeGroupRAMSharec67f7d80e5baA10EFB4E": [ + { + "type": "aws:cdk:logicalId", + "data": "TestAttributeGroupRAMSharec67f7d80e5baA10EFB4E", + "trace": [ + "!!DESTRUCTIVE_CHANGES: WILL_DESTROY" + ] + } ] }, "displayName": "integ-servicecatalogappregistry-attribute-group" diff --git a/packages/@aws-cdk/aws-servicecatalogappregistry/test/integ.attribute-group.js.snapshot/tree.json b/packages/@aws-cdk/aws-servicecatalogappregistry/test/integ.attribute-group.js.snapshot/tree.json index 3f1adfd676bd6..d1527c3a7be67 100644 --- a/packages/@aws-cdk/aws-servicecatalogappregistry/test/integ.attribute-group.js.snapshot/tree.json +++ b/packages/@aws-cdk/aws-servicecatalogappregistry/test/integ.attribute-group.js.snapshot/tree.json @@ -39,13 +39,13 @@ "version": "0.0.0" } }, - "RAMSharec67f7d80e5ba": { - "id": "RAMSharec67f7d80e5ba", - "path": "integ-servicecatalogappregistry-attribute-group/TestAttributeGroup/RAMSharec67f7d80e5ba", + "MyShareId": { + "id": "MyShareId", + "path": "integ-servicecatalogappregistry-attribute-group/TestAttributeGroup/MyShareId", "attributes": { "aws:cdk:cloudformation:type": "AWS::RAM::ResourceShare", "aws:cdk:cloudformation:props": { - "name": "RAMSharec67f7d80e5ba", + "name": "MyShare", "allowExternalPrincipals": false, "permissionArns": [ "arn:aws:ram::aws:permission/AWSRAMPermissionServiceCatalogAppRegistryAttributeGroupReadOnly" @@ -228,7 +228,7 @@ "path": "Tree", "constructInfo": { "fqn": "constructs.Construct", - "version": "10.1.252" + "version": "10.1.270" } } }, diff --git a/packages/@aws-cdk/aws-servicecatalogappregistry/test/integ.attribute-group.ts b/packages/@aws-cdk/aws-servicecatalogappregistry/test/integ.attribute-group.ts index 10835b204bdfe..1963f85fb5ee8 100644 --- a/packages/@aws-cdk/aws-servicecatalogappregistry/test/integ.attribute-group.ts +++ b/packages/@aws-cdk/aws-servicecatalogappregistry/test/integ.attribute-group.ts @@ -27,7 +27,8 @@ const myRole = new iam.Role(stack, 'MyRole', { const mySecondRole = new iam.Role(stack, 'MySecondRole', { assumedBy: new iam.AccountPrincipal(stack.account), }); -attributeGroup.shareAttributeGroup({ +attributeGroup.shareAttributeGroup('MyShareId', { + name: 'MyShare', roles: [myRole, mySecondRole], }); From a3935ad177f90f712589ae32c395804dc04bb908 Mon Sep 17 00:00:00 2001 From: Liwei Wang Date: Tue, 21 Mar 2023 22:15:14 +0000 Subject: [PATCH 2/4] Minor fix on the doc and share id change on the test. Testing done ------------------------------------- * Related items ------------------------------------ * SIM/auto-cut ticket --- .../aws-servicecatalogappregistry/lib/common.ts | 1 - .../test/application.test.ts | 14 +++++++------- .../test/integ.application.ts | 2 +- 3 files changed, 8 insertions(+), 9 deletions(-) diff --git a/packages/@aws-cdk/aws-servicecatalogappregistry/lib/common.ts b/packages/@aws-cdk/aws-servicecatalogappregistry/lib/common.ts index 64e9d0d36bac8..6bbb2daabe801 100644 --- a/packages/@aws-cdk/aws-servicecatalogappregistry/lib/common.ts +++ b/packages/@aws-cdk/aws-servicecatalogappregistry/lib/common.ts @@ -23,7 +23,6 @@ export interface ShareOptions { /** * Name of the share. * - * @default - The value of `id` will be used */ readonly name: string; /** diff --git a/packages/@aws-cdk/aws-servicecatalogappregistry/test/application.test.ts b/packages/@aws-cdk/aws-servicecatalogappregistry/test/application.test.ts index f8b00be330841..a54d5ed2c2323 100644 --- a/packages/@aws-cdk/aws-servicecatalogappregistry/test/application.test.ts +++ b/packages/@aws-cdk/aws-servicecatalogappregistry/test/application.test.ts @@ -269,14 +269,14 @@ describe('Application', () => { test('fails for sharing application without principals', () => { expect(() => { - application.shareApplication('MyShare', { + application.shareApplication('MyShareId', { name: 'MyShare', }); }).toThrow(/An entity must be provided for the share/); }); test('share application with an organization', () => { - application.shareApplication('MyShare', { + application.shareApplication('MyShareId', { name: 'MyShare', organizationArns: ['arn:aws:organizations::123456789012:organization/o-70oi5564q1'], }); @@ -291,7 +291,7 @@ describe('Application', () => { }); test('share application with an account', () => { - application.shareApplication('MyShare', { + application.shareApplication('MyShareId', { name: 'MyShare', accounts: ['123456789012'], }); @@ -308,7 +308,7 @@ describe('Application', () => { test('share application with an IAM role', () => { const myRole = iam.Role.fromRoleArn(stack, 'MyRole', 'arn:aws:iam::123456789012:role/myRole'); - application.shareApplication('MyShare', { + application.shareApplication('MyShareId', { name: 'MyShare', roles: [myRole], }); @@ -325,7 +325,7 @@ describe('Application', () => { test('share application with an IAM user', () => { const myUser = iam.User.fromUserArn(stack, 'MyUser', 'arn:aws:iam::123456789012:user/myUser'); - application.shareApplication('MyShare', { + application.shareApplication('MyShareId', { name: 'MyShare', users: [myUser], }); @@ -340,7 +340,7 @@ describe('Application', () => { }); test('share application with organization, give explicit read only access to an application', () => { - application.shareApplication('MyShare', { + application.shareApplication('MyShareId', { name: 'MyShare', organizationArns: ['arn:aws:organizations::123456789012:organization/o-70oi5564q1'], sharePermission: appreg.SharePermission.READ_ONLY, @@ -356,7 +356,7 @@ describe('Application', () => { }); test('share application with organization, allow access to associate resources and attribute group with an application', () => { - application.shareApplication('MyShare', { + application.shareApplication('MyShareId', { name: 'MyShare', organizationArns: ['arn:aws:organizations::123456789012:organization/o-70oi5564q1'], sharePermission: appreg.SharePermission.ALLOW_ACCESS, diff --git a/packages/@aws-cdk/aws-servicecatalogappregistry/test/integ.application.ts b/packages/@aws-cdk/aws-servicecatalogappregistry/test/integ.application.ts index b09e80e9b7dc0..d657a320ee50d 100644 --- a/packages/@aws-cdk/aws-servicecatalogappregistry/test/integ.application.ts +++ b/packages/@aws-cdk/aws-servicecatalogappregistry/test/integ.application.ts @@ -56,7 +56,7 @@ application.addAttributeGroup('myAnotherAttributeGroup', { const myRole = new iam.Role(stack, 'MyRole', { assumedBy: new iam.AccountPrincipal(stack.account), }); -application.shareApplication('MyShare', { +application.shareApplication('MyShareId', { name: 'MyShare', roles: [myRole], }); From 20893a2f05de01b6df9272715fcfcfa41f418688 Mon Sep 17 00:00:00 2001 From: Liwei Wang Date: Tue, 21 Mar 2023 23:34:10 +0000 Subject: [PATCH 3/4] Fix README.md Testing done ------------------------------------- * Related items ------------------------------------ * SIM/auto-cut ticket --- .../@aws-cdk/aws-servicecatalogappregistry/README.md | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/packages/@aws-cdk/aws-servicecatalogappregistry/README.md b/packages/@aws-cdk/aws-servicecatalogappregistry/README.md index 20e0f416d17cc..5ee5c904bccce 100644 --- a/packages/@aws-cdk/aws-servicecatalogappregistry/README.md +++ b/packages/@aws-cdk/aws-servicecatalogappregistry/README.md @@ -289,7 +289,8 @@ import * as iam from '@aws-cdk/aws-iam'; declare const application: appreg.Application; declare const myRole: iam.IRole; declare const myUser: iam.IUser; -application.shareApplication({ +application.shareApplication('MyShareId', { + name:'MyShare', accounts: ['123456789012'], organizationArns: ['arn:aws:organizations::123456789012:organization/o-my-org-id'], roles: [myRole], @@ -302,7 +303,8 @@ E.g., sharing an application with multiple accounts and allowing the accounts to ```ts import * as iam from '@aws-cdk/aws-iam'; declare const application: appreg.Application; -application.shareApplication({ +application.shareApplication('MyShareId', { + name: 'MyShare', accounts: ['123456789012', '234567890123'], sharePermission: appreg.SharePermission.ALLOW_ACCESS, }); @@ -315,7 +317,8 @@ import * as iam from '@aws-cdk/aws-iam'; declare const attributeGroup: appreg.AttributeGroup; declare const myRole: iam.IRole; declare const myUser: iam.IUser; -attributeGroup.shareAttributeGroup({ +attributeGroup.shareAttributeGroup('MyShareId', { + name: 'MyShare', accounts: ['123456789012'], organizationArns: ['arn:aws:organizations::123456789012:organization/o-my-org-id'], roles: [myRole], @@ -328,7 +331,8 @@ E.g., sharing an application with multiple accounts and allowing the accounts to ```ts import * as iam from '@aws-cdk/aws-iam'; declare const attributeGroup: appreg.AttributeGroup; -attributeGroup.shareAttributeGroup({ +attributeGroup.shareAttributeGroup('MyShareId', { + name: 'MyShare' accounts: ['123456789012', '234567890123'], sharePermission: appreg.SharePermission.ALLOW_ACCESS, }); From e1b0772973773711dc4a5ca4c95375e2b4741555 Mon Sep 17 00:00:00 2001 From: Liwei Wang Date: Tue, 21 Mar 2023 23:35:08 +0000 Subject: [PATCH 4/4] Change id to make sure it is the same for each synth. Testing done ------------------------------------- * Related items ------------------------------------ * SIM/auto-cut ticket --- .../aws-servicecatalogappregistry/README.md | 2 +- .../lib/aspects/stack-associator.ts | 4 ++-- ...vicecatalogappregistry-application.assets.json | 4 ++-- ...cecatalogappregistry-application.template.json | 4 ++-- .../integ.application.js.snapshot/manifest.json | 15 +++------------ .../test/integ.application.js.snapshot/tree.json | 8 ++++---- 6 files changed, 14 insertions(+), 23 deletions(-) diff --git a/packages/@aws-cdk/aws-servicecatalogappregistry/README.md b/packages/@aws-cdk/aws-servicecatalogappregistry/README.md index 5ee5c904bccce..b0d8609b1f749 100644 --- a/packages/@aws-cdk/aws-servicecatalogappregistry/README.md +++ b/packages/@aws-cdk/aws-servicecatalogappregistry/README.md @@ -332,7 +332,7 @@ E.g., sharing an application with multiple accounts and allowing the accounts to import * as iam from '@aws-cdk/aws-iam'; declare const attributeGroup: appreg.AttributeGroup; attributeGroup.shareAttributeGroup('MyShareId', { - name: 'MyShare' + name: 'MyShare', accounts: ['123456789012', '234567890123'], sharePermission: appreg.SharePermission.ALLOW_ACCESS, }); diff --git a/packages/@aws-cdk/aws-servicecatalogappregistry/lib/aspects/stack-associator.ts b/packages/@aws-cdk/aws-servicecatalogappregistry/lib/aspects/stack-associator.ts index ba99f71367224..ad33664411791 100644 --- a/packages/@aws-cdk/aws-servicecatalogappregistry/lib/aspects/stack-associator.ts +++ b/packages/@aws-cdk/aws-servicecatalogappregistry/lib/aspects/stack-associator.ts @@ -1,4 +1,4 @@ -import { IAspect, Stack, Stage, Annotations } from '@aws-cdk/core'; +import { IAspect, Stack, Stage, Annotations, Names } from '@aws-cdk/core'; import { IConstruct } from 'constructs'; import { IApplication } from '../application'; import { ApplicationAssociator } from '../application-associator'; @@ -112,7 +112,7 @@ abstract class StackAssociatorBase implements IAspect { if (node.account != this.application.env.account && !this.sharedAccounts.has(node.account)) { if (this.associateCrossAccountStacks) { - const shareId = `ApplicationShare${hashValues(this.application.node.addr, node.stackId)}`; + const shareId = `ApplicationShare${hashValues(Names.nodeUniqueId(this.application.node), Names.nodeUniqueId(node.node))}`; this.application.shareApplication(shareId, { name: shareId, accounts: [node.account], diff --git a/packages/@aws-cdk/aws-servicecatalogappregistry/test/integ.application.js.snapshot/integ-servicecatalogappregistry-application.assets.json b/packages/@aws-cdk/aws-servicecatalogappregistry/test/integ.application.js.snapshot/integ-servicecatalogappregistry-application.assets.json index fd7204bdc34c2..4b0a52bc75b19 100644 --- a/packages/@aws-cdk/aws-servicecatalogappregistry/test/integ.application.js.snapshot/integ-servicecatalogappregistry-application.assets.json +++ b/packages/@aws-cdk/aws-servicecatalogappregistry/test/integ.application.js.snapshot/integ-servicecatalogappregistry-application.assets.json @@ -1,7 +1,7 @@ { "version": "31.0.0", "files": { - "5fbf2a286122f4bc412b1730f96351e289444b1122006f36e4ade8fae8442765": { + "461d235e9497deb16b9209be4a927c7d0dc7aa06d668e38bfb19a90db8e4a4b2": { "source": { "path": "integ-servicecatalogappregistry-application.template.json", "packaging": "file" @@ -9,7 +9,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "5fbf2a286122f4bc412b1730f96351e289444b1122006f36e4ade8fae8442765.json", + "objectKey": "461d235e9497deb16b9209be4a927c7d0dc7aa06d668e38bfb19a90db8e4a4b2.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/packages/@aws-cdk/aws-servicecatalogappregistry/test/integ.application.js.snapshot/integ-servicecatalogappregistry-application.template.json b/packages/@aws-cdk/aws-servicecatalogappregistry/test/integ.application.js.snapshot/integ-servicecatalogappregistry-application.template.json index db928079d96ac..12b3c8820e36b 100644 --- a/packages/@aws-cdk/aws-servicecatalogappregistry/test/integ.application.js.snapshot/integ-servicecatalogappregistry-application.template.json +++ b/packages/@aws-cdk/aws-servicecatalogappregistry/test/integ.application.js.snapshot/integ-servicecatalogappregistry-application.template.json @@ -79,10 +79,10 @@ } } }, - "TestApplicationRAMShare004736f08f8e57044D5D": { + "TestApplicationMyShareIdE1044482": { "Type": "AWS::RAM::ResourceShare", "Properties": { - "Name": "RAMShare004736f08f8e", + "Name": "MyShare", "AllowExternalPrincipals": false, "PermissionArns": [ "arn:aws:ram::aws:permission/AWSRAMPermissionServiceCatalogAppRegistryApplicationReadOnly" diff --git a/packages/@aws-cdk/aws-servicecatalogappregistry/test/integ.application.js.snapshot/manifest.json b/packages/@aws-cdk/aws-servicecatalogappregistry/test/integ.application.js.snapshot/manifest.json index 65f104d2322af..a78c955945945 100644 --- a/packages/@aws-cdk/aws-servicecatalogappregistry/test/integ.application.js.snapshot/manifest.json +++ b/packages/@aws-cdk/aws-servicecatalogappregistry/test/integ.application.js.snapshot/manifest.json @@ -17,7 +17,7 @@ "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/5fbf2a286122f4bc412b1730f96351e289444b1122006f36e4ade8fae8442765.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/461d235e9497deb16b9209be4a927c7d0dc7aa06d668e38bfb19a90db8e4a4b2.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ @@ -63,10 +63,10 @@ "data": "TestApplicationAttributeGroupAssociationb6f47e836a8c4FCAC29E" } ], - "/integ-servicecatalogappregistry-application/TestApplication/RAMShare004736f08f8e": [ + "/integ-servicecatalogappregistry-application/TestApplication/MyShareId": [ { "type": "aws:cdk:logicalId", - "data": "TestApplicationRAMShare004736f08f8e57044D5D" + "data": "TestApplicationMyShareIdE1044482" } ], "/integ-servicecatalogappregistry-application/TestAttributeGroup/Resource": [ @@ -92,15 +92,6 @@ "type": "aws:cdk:logicalId", "data": "CheckBootstrapVersion" } - ], - "TestApplicationRAMSharead8ba81b8cdd40199FD1": [ - { - "type": "aws:cdk:logicalId", - "data": "TestApplicationRAMSharead8ba81b8cdd40199FD1", - "trace": [ - "!!DESTRUCTIVE_CHANGES: WILL_DESTROY" - ] - } ] }, "displayName": "integ-servicecatalogappregistry-application" diff --git a/packages/@aws-cdk/aws-servicecatalogappregistry/test/integ.application.js.snapshot/tree.json b/packages/@aws-cdk/aws-servicecatalogappregistry/test/integ.application.js.snapshot/tree.json index f55cdb42b5a66..e37ff9f4ccae9 100644 --- a/packages/@aws-cdk/aws-servicecatalogappregistry/test/integ.application.js.snapshot/tree.json +++ b/packages/@aws-cdk/aws-servicecatalogappregistry/test/integ.application.js.snapshot/tree.json @@ -141,13 +141,13 @@ "version": "0.0.0" } }, - "RAMShare004736f08f8e": { - "id": "RAMShare004736f08f8e", - "path": "integ-servicecatalogappregistry-application/TestApplication/RAMShare004736f08f8e", + "MyShareId": { + "id": "MyShareId", + "path": "integ-servicecatalogappregistry-application/TestApplication/MyShareId", "attributes": { "aws:cdk:cloudformation:type": "AWS::RAM::ResourceShare", "aws:cdk:cloudformation:props": { - "name": "RAMShare004736f08f8e", + "name": "MyShare", "allowExternalPrincipals": false, "permissionArns": [ "arn:aws:ram::aws:permission/AWSRAMPermissionServiceCatalogAppRegistryApplicationReadOnly"