From eb358072a69598f425008d21a1188965a3559e78 Mon Sep 17 00:00:00 2001
From: Alex Chesters <AlexChesters@users.noreply.github.com>
Date: Tue, 21 May 2019 09:12:10 +0100
Subject: [PATCH] feat(aws-codepipeline): Pipeline now accepts existing IAM
 role (#2587)

Fixes #2572.
---
 .../@aws-cdk/aws-codepipeline/lib/pipeline.ts | 12 +++++--
 .../aws-codepipeline/test/test.pipeline.ts    | 32 +++++++++++++++++++
 2 files changed, 42 insertions(+), 2 deletions(-)
 create mode 100644 packages/@aws-cdk/aws-codepipeline/test/test.pipeline.ts

diff --git a/packages/@aws-cdk/aws-codepipeline/lib/pipeline.ts b/packages/@aws-cdk/aws-codepipeline/lib/pipeline.ts
index 82662424d94a5..80fc811e7ba20 100644
--- a/packages/@aws-cdk/aws-codepipeline/lib/pipeline.ts
+++ b/packages/@aws-cdk/aws-codepipeline/lib/pipeline.ts
@@ -68,6 +68,13 @@ export interface PipelineProps {
    */
   readonly artifactBucket?: s3.IBucket;
 
+  /**
+   * The IAM role to be assumed by this Pipeline.
+   *
+   * @default a new IAM role will be created.
+   */
+  readonly role?: iam.IRole;
+
   /**
    * Indicates whether to rerun the AWS CodePipeline pipeline after you update it.
    */
@@ -153,7 +160,7 @@ export class Pipeline extends PipelineBase {
    * The IAM role AWS CodePipeline will use to perform actions or assume roles for actions with
    * a more specific IAM role.
    */
-  public readonly role: iam.Role;
+  public readonly role: iam.IRole;
 
   /**
    * ARN of this pipeline
@@ -200,7 +207,8 @@ export class Pipeline extends PipelineBase {
     }
     this.artifactBucket = propsBucket;
 
-    this.role = new iam.Role(this, 'Role', {
+    // If a role has been provided, use it - otherwise, create a role.
+    this.role = props.role || new iam.Role(this, 'Role', {
       assumedBy: new iam.ServicePrincipal('codepipeline.amazonaws.com')
     });
 
diff --git a/packages/@aws-cdk/aws-codepipeline/test/test.pipeline.ts b/packages/@aws-cdk/aws-codepipeline/test/test.pipeline.ts
new file mode 100644
index 0000000000000..9e2b2d0404918
--- /dev/null
+++ b/packages/@aws-cdk/aws-codepipeline/test/test.pipeline.ts
@@ -0,0 +1,32 @@
+import { expect, haveResourceLike } from '@aws-cdk/assert';
+import iam = require('@aws-cdk/aws-iam');
+import cdk = require('@aws-cdk/cdk');
+import { Test } from 'nodeunit';
+import codepipeline = require('../lib');
+
+// tslint:disable:object-literal-key-quotes
+
+export = {
+  'Pipeline': {
+    'can be passed an IAM role during pipeline creation'(test: Test) {
+      const stack = new cdk.Stack();
+      const role = new iam.Role(stack, 'Role', {
+        assumedBy: new iam.ServicePrincipal('codepipeline.amazonaws.com')
+      });
+      new codepipeline.Pipeline(stack, 'Pipeline', {
+        role
+      });
+
+      expect(stack, true).to(haveResourceLike('AWS::CodePipeline::Pipeline', {
+        "RoleArn": {
+          "Fn::GetAtt": [
+            "Role1ABCC5F0",
+            "Arn",
+          ]
+        }
+      }));
+
+      test.done();
+    },
+  },
+};