Fix permission and logging; sync index changes (#53)

* Add sso permissions

* Cherry-pick Index changes

* Do not log requests

aws-qbusiness-application/resource-role.yaml

@@ -42,6 +42,11 @@ Resources:
                 - "qbusiness:TagResource"
                 - "qbusiness:UntagResource"
                 - "qbusiness:UpdateApplication"
+                - "sso:CreateApplication"
+                - "sso:DeleteApplication"
+                - "sso:PutApplicationAccessScope"
+                - "sso:PutApplicationAuthenticationMethod"
+                - "sso:PutApplicationGrant"
                 Resource: "*"
 Outputs:
   ExecutionRoleArn:

aws-qbusiness-application/src/main/java/software/amazon/qbusiness/application/BaseHandlerStd.java

@@ -73,14 +73,14 @@ protected GetApplicationResponse getApplication(ResourceModel model, ProxyClient
   }
 
   protected ProgressEvent<ResourceModel, CallbackContext> handleError(
-      QBusinessRequest QBusinessRequest,
+      QBusinessRequest qBusinessRequest,
       ResourceModel resourceModel,
       Exception error,
       CallbackContext context,
       Logger logger,
       String apiName
   ) {
-    logger.log("[ERROR] Failed Request: %s to API: %s. Error Message: %s".formatted(QBusinessRequest, apiName, error.getMessage()));
+    logger.log("[ERROR] Failed Request: %s. Error Message: %s".formatted(apiName, error.getMessage()));
     BaseHandlerException cfnException;
 
     var primaryIdentifier = Optional.ofNullable(resourceModel)

aws-qbusiness-datasource/src/main/java/software/amazon/qbusiness/datasource/BaseHandlerStd.java

@@ -72,14 +72,14 @@ protected GetDataSourceResponse callGetDataSource(GetDataSourceRequest request,
   }
 
   protected ProgressEvent<ResourceModel, CallbackContext> handleError(
-      QBusinessRequest QBusinessRequest,
+      QBusinessRequest qBusinessRequest,
       ResourceModel resourceModel,
       Exception error,
       CallbackContext context,
       Logger logger,
       String apiName
   ) {
-    logger.log("[ERROR] Failed Request: %s to API: %s. Error Message: %s".formatted(QBusinessRequest, apiName, error.getMessage()));
+    logger.log("[ERROR] Failed Request: %s. Error Message: %s".formatted(apiName, error.getMessage()));
     BaseHandlerException cfnException;
 
     var primaryIdentifier = Optional.ofNullable(resourceModel)

aws-qbusiness-index/aws-qbusiness-index.json

@@ -203,7 +203,8 @@
         "qbusiness:CreateIndex",
         "qbusiness:GetIndex",
         "qbusiness:ListTagsForResource",
-        "qbusiness:TagResource"
+        "qbusiness:TagResource",
+        "qbusiness:UpdateIndex"
       ]
     },
     "read": {

aws-qbusiness-index/src/main/java/software/amazon/qbusiness/index/BaseHandlerStd.java

@@ -70,14 +70,14 @@ protected GetIndexResponse getIndex(ResourceModel model, ProxyClient<QBusinessCl
   }
 
   protected ProgressEvent<ResourceModel, CallbackContext> handleError(
-      final QBusinessRequest QBusinessRequest,
+      final QBusinessRequest qBusinessRequest,
       final ResourceModel resourceModel,
       final Exception error,
       final CallbackContext context,
       final Logger logger,
       final String apiName) {
 
-    logger.log("[ERROR] Failed Request: %s to API: %s. Error Message: %s".formatted(QBusinessRequest, apiName, error.getMessage()));
+    logger.log("[ERROR] Failed Request: %s. Error Message: %s".formatted(apiName, error.getMessage()));
     BaseHandlerException cfnException;
 
     var primaryIdentifier = Optional.ofNullable(resourceModel)

aws-qbusiness-index/src/main/java/software/amazon/qbusiness/index/CreateHandler.java

@@ -5,6 +5,8 @@
 import software.amazon.awssdk.services.qbusiness.model.CreateIndexResponse;
 import software.amazon.awssdk.services.qbusiness.model.GetIndexResponse;
 import software.amazon.awssdk.services.qbusiness.model.IndexStatus;
+import software.amazon.awssdk.services.qbusiness.model.UpdateIndexRequest;
+import software.amazon.awssdk.services.qbusiness.model.UpdateIndexResponse;
 import software.amazon.awssdk.utils.StringUtils;
 import software.amazon.cloudformation.exceptions.CfnNotStabilizedException;
 import software.amazon.cloudformation.proxy.AmazonWebServicesClientProxy;
@@ -18,6 +20,7 @@
 import java.util.Objects;
 
 import static software.amazon.qbusiness.index.Constants.API_CREATE_INDEX;
+import static software.amazon.qbusiness.index.Constants.API_UPDATE_INDEX;
 
 public class CreateHandler extends BaseHandlerStd {
 
@@ -59,7 +62,28 @@ protected ProgressEvent<ResourceModel, CallbackContext> handleRequest(
                 .handleError((createReq, error, client, model, context) ->
                     handleError(createReq, model, error, context, logger, API_CREATE_INDEX))
                 .progress()
-        ).then(progress ->
+        )
+        .then(progress -> {
+          var documentAttributionConfig = request.getDesiredResourceState().getDocumentAttributeConfigurations();
+          if (documentAttributionConfig == null || documentAttributionConfig.isEmpty()) {
+            return progress;
+          }
+          logger.log(
+              "[INFO] Document Attribute configuration is present. Will call Update Index for %s for Account: %s, ApplicationId: %s, and index: %s"
+                  .formatted(request.getStackId(), request.getAwsAccountId(), request.getDesiredResourceState().getApplicationId(),
+                      progress.getResourceModel().getIndexId())
+          );
+
+          return proxy.initiate("AWS-QBusiness-Index::PostCreateUpdate", proxyClient, progress.getResourceModel(), progress.getCallbackContext())
+              .translateToServiceRequest(Translator::translateToPostCreateUpdateRequest)
+              .makeServiceCall(this::callUpdateIndex)
+              .stabilize((updateIndexRequest, updateIndexResponse, clientProxyClient, model, context) ->
+                  isStabilized(clientProxyClient, model, logger))
+              .handleError((updateIndexRequest, error, client, model, context) ->
+                  handleError(updateIndexRequest, model, error, context, logger, API_UPDATE_INDEX))
+              .progress();
+        })
+        .then(progress ->
             new ReadHandler().handleRequest(proxy, request, callbackContext, proxyClient, logger)
         );
   }
@@ -95,10 +119,17 @@ private boolean isStabilized(
   }
 
   private CreateIndexResponse callCreateIndex(final CreateIndexRequest request,
-                                              final ProxyClient<QBusinessClient> proxyClient,
-                                              final ResourceModel model) {
+      final ProxyClient<QBusinessClient> proxyClient,
+      final ResourceModel model) {
     CreateIndexResponse response = proxyClient.injectCredentialsAndInvokeV2(request, proxyClient.client()::createIndex);
     model.setIndexId(response.indexId());
     return response;
   }
+
+  private UpdateIndexResponse callUpdateIndex(
+      final UpdateIndexRequest updateIndexRequest,
+      final ProxyClient<QBusinessClient> proxyClient
+  ) {
+    return proxyClient.injectCredentialsAndInvokeV2(updateIndexRequest, proxyClient.client()::updateIndex);
+  }
 }

aws-qbusiness-index/src/main/java/software/amazon/qbusiness/index/Translator.java

@@ -88,6 +88,7 @@ static ResourceModel translateFromReadResponse(final GetIndexResponse awsRespons
         .displayName(awsResponse.displayName())
         .applicationId(awsResponse.applicationId())
         .indexId(awsResponse.indexId())
+        .indexArn(awsResponse.indexArn())
         .indexStatistics(fromServiceIndexStatistics(awsResponse.indexStatistics()))
         .status(awsResponse.statusAsString())
         .description(awsResponse.description())
@@ -146,6 +147,14 @@ static UpdateIndexRequest translateToUpdateRequest(final ResourceModel model) {
         .build();
   }
 
+  static UpdateIndexRequest translateToPostCreateUpdateRequest(final ResourceModel model) {
+    return UpdateIndexRequest.builder()
+        .applicationId(model.getApplicationId())
+        .indexId(model.getIndexId())
+        .documentAttributeConfigurations(toServiceDocumentAttributeConfigurations(model.getDocumentAttributeConfigurations()))
+        .build();
+  }
+
 
   /**
    * Request to update properties of a previously created resource

aws-qbusiness-index/src/test/java/software/amazon/qbusiness/index/CreateHandlerTest.java

@@ -178,6 +178,8 @@ public void handleCreateRequestWithDocumentAttributeConfiguration() {
             .indexId(INDEX_ID)
             .build()
         );
+    when(QBusinessClient.updateIndex(any(UpdateIndexRequest.class)))
+        .thenReturn(UpdateIndexResponse.builder().build());
     when(QBusinessClient.listTagsForResource(any(ListTagsForResourceRequest.class))).thenReturn(ListTagsForResourceResponse.builder()
         .tags(List.of())
         .build());
@@ -218,8 +220,15 @@ proxy, testRequest, new CallbackContext(), proxyClient, logger
     assertThat(resultProgress).isNotNull();
     assertThat(resultProgress.isSuccess()).isTrue();
     verify(QBusinessClient).createIndex(any(CreateIndexRequest.class));
-    verify(QBusinessClient, times(2)).getIndex(any(GetIndexRequest.class));
+    verify(QBusinessClient, times(4)).getIndex(any(GetIndexRequest.class));
     verify(QBusinessClient).listTagsForResource(any(ListTagsForResourceRequest.class));
+    verify(QBusinessClient).updateIndex(
+        argThat(
+            (ArgumentMatcher<UpdateIndexRequest>) t -> t.applicationId().equals(APP_ID)
+                && t.indexId().equals(INDEX_ID)
+                && t.hasDocumentAttributeConfigurations()
+        )
+    );
   }
 
   @Test

aws-qbusiness-plugin/aws-qbusiness-plugin.json

@@ -314,7 +314,8 @@
         "qbusiness:CreatePlugin",
         "qbusiness:GetPlugin",
         "qbusiness:ListTagsForResource",
-        "qbusiness:TagResource"
+        "qbusiness:TagResource",
+        "qbusiness:UpdatePlugin"
       ]
     },
     "read": {

aws-qbusiness-plugin/src/main/java/software/amazon/qbusiness/plugin/BaseHandlerStd.java

@@ -66,7 +66,7 @@ protected ProgressEvent<ResourceModel, CallbackContext> handleError(
       Logger logger,
       String apiName
   ) {
-    logger.log("[ERROR] Failed Request: %s to API: %s. Error Message: %s".formatted(qBusinessRequest, apiName, error.getMessage()));
+    logger.log("[ERROR] Failed Request: %s. Error Message: %s".formatted(apiName, error.getMessage()));
     BaseHandlerException cfnException;
 
     var primaryIdentifier = Optional.ofNullable(resourceModel)

aws-qbusiness-retriever/src/main/java/software/amazon/qbusiness/retriever/BaseHandlerStd.java

@@ -63,7 +63,7 @@ protected ProgressEvent<ResourceModel, CallbackContext> handleError(
       Logger logger,
       String apiName
   ) {
-    logger.log("[ERROR] Failed Request: %s to API: %s. Error Message: %s".formatted(qBusinessRequest, apiName, error.getMessage()));
+    logger.log("[ERROR] Failed Request: %s. Error Message: %s".formatted(apiName, error.getMessage()));
     BaseHandlerException cfnException;
 
     var primaryIdentifier = Optional.ofNullable(resourceModel)

aws-qbusiness-webexperience/resource-role.yaml

@@ -39,6 +39,8 @@ Resources:
                 - "qbusiness:TagResource"
                 - "qbusiness:UntagResource"
                 - "qbusiness:UpdateWebExperience"
+                - "sso:PutApplicationGrant"
+                - "sso:UpdateApplication"
                 Resource: "*"
 Outputs:
   ExecutionRoleArn:

aws-qbusiness-webexperience/src/main/java/software/amazon/qbusiness/webexperience/BaseHandlerStd.java

@@ -77,7 +77,7 @@ protected ProgressEvent<ResourceModel, CallbackContext> handleError(
       final Logger logger,
       final String apiName) {
 
-    logger.log("[ERROR] Failed Request: %s to API: %s. Error Message: %s".formatted(qBusinessRequest, apiName, error.getMessage()));
+    logger.log("[ERROR] Failed Request: %s. Error Message: %s".formatted(apiName, error.getMessage()));
     BaseHandlerException cfnException;
 
     var primaryIdentifier = Optional.ofNullable(resourceModel)