Skip to content

Commit e18cc42

Browse files
refactor: Treat ID as constructor parameter
1 parent e373b76 commit e18cc42

3 files changed

Lines changed: 66 additions & 76 deletions

File tree

src/constructs/iam/__snapshots__/janus-provisioned-role.test.ts.snap

Lines changed: 58 additions & 58 deletions
Original file line numberDiff line numberDiff line change
@@ -66,13 +66,34 @@ exports[`The GuJanusProvisionedRole construct creates multiple roles in the same
6666
"PolicyName": "parameter-store-read-policy",
6767
"Roles": [
6868
{
69-
"Ref": "ProvisionedRole2D772416E",
69+
"Ref": "Role291939BC6",
7070
},
7171
],
7272
},
7373
"Type": "AWS::IAM::Policy",
7474
},
75-
"ProvisionedRole18FD52920": {
75+
"ReadS3FileAD380B27": {
76+
"Properties": {
77+
"PolicyDocument": {
78+
"Statement": [
79+
{
80+
"Action": "s3:GetObject",
81+
"Effect": "Allow",
82+
"Resource": "arn:aws:s3:::config-bucket/config",
83+
},
84+
],
85+
"Version": "2012-10-17",
86+
},
87+
"PolicyName": "ReadS3FileAD380B27",
88+
"Roles": [
89+
{
90+
"Ref": "Role13A5C70C1",
91+
},
92+
],
93+
},
94+
"Type": "AWS::IAM::Policy",
95+
},
96+
"Role13A5C70C1": {
7697
"Properties": {
7798
"AssumeRolePolicyDocument": {
7899
"Statement": [
@@ -115,7 +136,7 @@ exports[`The GuJanusProvisionedRole construct creates multiple roles in the same
115136
},
116137
"Type": "AWS::IAM::Role",
117138
},
118-
"ProvisionedRole2D772416E": {
139+
"Role291939BC6": {
119140
"Properties": {
120141
"AssumeRolePolicyDocument": {
121142
"Statement": [
@@ -158,6 +179,21 @@ exports[`The GuJanusProvisionedRole construct creates multiple roles in the same
158179
},
159180
"Type": "AWS::IAM::Role",
160181
},
182+
},
183+
}
184+
`;
185+
186+
exports[`The GuJanusProvisionedRole construct creates role with all Janus tags when all properties are provided 1`] = `
187+
{
188+
"Metadata": {
189+
"gu:cdk:constructs": [
190+
"GuStack",
191+
"GuJanusProvisionedRole",
192+
"GuGetS3ObjectsPolicy",
193+
],
194+
"gu:cdk:version": "TEST",
195+
},
196+
"Resources": {
161197
"ReadS3FileAD380B27": {
162198
"Properties": {
163199
"PolicyDocument": {
@@ -173,28 +209,13 @@ exports[`The GuJanusProvisionedRole construct creates multiple roles in the same
173209
"PolicyName": "ReadS3FileAD380B27",
174210
"Roles": [
175211
{
176-
"Ref": "ProvisionedRole18FD52920",
212+
"Ref": "Role1ABCC5F0",
177213
},
178214
],
179215
},
180216
"Type": "AWS::IAM::Policy",
181217
},
182-
},
183-
}
184-
`;
185-
186-
exports[`The GuJanusProvisionedRole construct creates role with all Janus tags when all properties are provided 1`] = `
187-
{
188-
"Metadata": {
189-
"gu:cdk:constructs": [
190-
"GuStack",
191-
"GuJanusProvisionedRole",
192-
"GuGetS3ObjectsPolicy",
193-
],
194-
"gu:cdk:version": "TEST",
195-
},
196-
"Resources": {
197-
"ProvisionedRole97EAFC50": {
218+
"Role1ABCC5F0": {
198219
"Properties": {
199220
"AssumeRolePolicyDocument": {
200221
"Statement": [
@@ -245,6 +266,21 @@ exports[`The GuJanusProvisionedRole construct creates role with all Janus tags w
245266
},
246267
"Type": "AWS::IAM::Role",
247268
},
269+
},
270+
}
271+
`;
272+
273+
exports[`The GuJanusProvisionedRole construct creates role with mandatory Janus tags when only mandatory properties are provided 1`] = `
274+
{
275+
"Metadata": {
276+
"gu:cdk:constructs": [
277+
"GuStack",
278+
"GuJanusProvisionedRole",
279+
"GuGetS3ObjectsPolicy",
280+
],
281+
"gu:cdk:version": "TEST",
282+
},
283+
"Resources": {
248284
"ReadS3FileAD380B27": {
249285
"Properties": {
250286
"PolicyDocument": {
@@ -260,28 +296,13 @@ exports[`The GuJanusProvisionedRole construct creates role with all Janus tags w
260296
"PolicyName": "ReadS3FileAD380B27",
261297
"Roles": [
262298
{
263-
"Ref": "ProvisionedRole97EAFC50",
299+
"Ref": "Role1ABCC5F0",
264300
},
265301
],
266302
},
267303
"Type": "AWS::IAM::Policy",
268304
},
269-
},
270-
}
271-
`;
272-
273-
exports[`The GuJanusProvisionedRole construct creates role with mandatory Janus tags when only mandatory properties are provided 1`] = `
274-
{
275-
"Metadata": {
276-
"gu:cdk:constructs": [
277-
"GuStack",
278-
"GuJanusProvisionedRole",
279-
"GuGetS3ObjectsPolicy",
280-
],
281-
"gu:cdk:version": "TEST",
282-
},
283-
"Resources": {
284-
"ProvisionedRole97EAFC50": {
305+
"Role1ABCC5F0": {
285306
"Properties": {
286307
"AssumeRolePolicyDocument": {
287308
"Statement": [
@@ -324,27 +345,6 @@ exports[`The GuJanusProvisionedRole construct creates role with mandatory Janus
324345
},
325346
"Type": "AWS::IAM::Role",
326347
},
327-
"ReadS3FileAD380B27": {
328-
"Properties": {
329-
"PolicyDocument": {
330-
"Statement": [
331-
{
332-
"Action": "s3:GetObject",
333-
"Effect": "Allow",
334-
"Resource": "arn:aws:s3:::config-bucket/config",
335-
},
336-
],
337-
"Version": "2012-10-17",
338-
},
339-
"PolicyName": "ReadS3FileAD380B27",
340-
"Roles": [
341-
{
342-
"Ref": "ProvisionedRole97EAFC50",
343-
},
344-
],
345-
},
346-
"Type": "AWS::IAM::Policy",
347-
},
348348
},
349349
}
350350
`;

src/constructs/iam/janus-provisioned-role.test.ts

Lines changed: 5 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -1,13 +1,12 @@
11
import { Template } from "aws-cdk-lib/assertions";
22
import { simpleGuStackForTesting } from "../../utils/test";
33
import { GuJanusProvisionedRole } from "./janus-provisioned-role";
4-
import { GuGetS3ObjectsPolicy, GuParameterStoreReadPolicy, ReadParametersByName } from "./policies";
4+
import { GuGetS3ObjectsPolicy, GuParameterStoreReadPolicy } from "./policies";
55

66
describe("The GuJanusProvisionedRole construct", () => {
77
it("creates role with all Janus tags when all properties are provided", () => {
88
const stack = simpleGuStackForTesting();
9-
const role = new GuJanusProvisionedRole(stack, {
10-
id: "ProvisionedRole",
9+
const role = new GuJanusProvisionedRole(stack, "Role", {
1110
janusPermission: "security-hq-dev",
1211
janusName: "Security HQ Developer",
1312
janusDescription: "Access to resources needed for basic day-to-day work on the Security HQ app.",
@@ -22,8 +21,7 @@ describe("The GuJanusProvisionedRole construct", () => {
2221

2322
it("creates role with mandatory Janus tags when only mandatory properties are provided", () => {
2423
const stack = simpleGuStackForTesting();
25-
const role = new GuJanusProvisionedRole(stack, {
26-
id: "ProvisionedRole",
24+
const role = new GuJanusProvisionedRole(stack, "Role", {
2725
janusPermission: "security-hq-dev",
2826
});
2927
const policy = new GuGetS3ObjectsPolicy(stack, "ReadS3File", {
@@ -36,17 +34,15 @@ describe("The GuJanusProvisionedRole construct", () => {
3634

3735
it("creates multiple roles in the same stack", () => {
3836
const stack = simpleGuStackForTesting();
39-
const role1 = new GuJanusProvisionedRole(stack, {
40-
id: "ProvisionedRole1",
37+
const role1 = new GuJanusProvisionedRole(stack, "Role1", {
4138
janusPermission: "security-hq-dev",
4239
});
4340
const policy1 = new GuGetS3ObjectsPolicy(stack, "ReadS3File", {
4441
bucketName: "config-bucket",
4542
paths: ["config"],
4643
});
4744
policy1.attachToRole(role1);
48-
const role2 = new GuJanusProvisionedRole(stack, {
49-
id: "ProvisionedRole2",
45+
const role2 = new GuJanusProvisionedRole(stack, "Role2", {
5046
janusPermission: "security-hq-dev-advanced",
5147
});
5248
const policy2 = new GuParameterStoreReadPolicy(stack, {

src/constructs/iam/janus-provisioned-role.ts

Lines changed: 3 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -4,11 +4,6 @@ import type { GuStack } from "../core";
44
import { GuRole } from "./roles";
55

66
export interface GuJanusProvisionedRoleProps {
7-
/**
8-
* Allows multiple roles to be defined in a stack.
9-
*/
10-
id: string;
11-
127
/**
138
* Tells Janus which ProvisionedRole this IAM role is part of.
149
*/
@@ -32,17 +27,16 @@ export interface GuJanusProvisionedRoleProps {
3227
* and its metadata.
3328
*
3429
* ```typescript
35-
* new GuJanusProvisionedRole(stack, {
36-
* id: "SomeAppDevProvisionedRole",
30+
* new GuJanusProvisionedRole(stack, "SomeAppDevProvisionedRole", {
3731
* janusPermission: "some-app-dev",
3832
* janusName: "Some App Developer",
3933
* janusDescription: "Description of role that will be shown in Janus.",
4034
* })
4135
* ```
4236
*/
4337
export class GuJanusProvisionedRole extends GuRole {
44-
constructor(scope: GuStack, props: GuJanusProvisionedRoleProps) {
45-
super(scope, props.id, {
38+
constructor(scope: GuStack, id: string, props: GuJanusProvisionedRoleProps) {
39+
super(scope, id, {
4640
// Will be assumed by a Janus user via STS service
4741
assumedBy: new ServicePrincipal("sts.amazonaws.com"),
4842
});

0 commit comments

Comments
 (0)