From 171a8ff8ab926b96da5a99e4b1ecff0b021e28ad Mon Sep 17 00:00:00 2001 From: yamatatsu Date: Sun, 23 Jan 2022 09:13:11 +0900 Subject: [PATCH 01/15] feat(iotevents): add grant method to Input class --- packages/@aws-cdk/aws-iotevents/README.md | 8 ++ packages/@aws-cdk/aws-iotevents/lib/input.ts | 77 +++++++++++++++- .../@aws-cdk/aws-iotevents/test/input.test.ts | 88 +++++++++++++++++-- 3 files changed, 160 insertions(+), 13 deletions(-) diff --git a/packages/@aws-cdk/aws-iotevents/README.md b/packages/@aws-cdk/aws-iotevents/README.md index fe071d7baecc6..fbfee9ae7a0f6 100644 --- a/packages/@aws-cdk/aws-iotevents/README.md +++ b/packages/@aws-cdk/aws-iotevents/README.md @@ -67,3 +67,11 @@ new iotevents.DetectorModel(this, 'MyDetectorModel', { initialState: onlineState, }); ``` + +For grant the permittion to put message to the input, you can use +`grantPutMessage()` as following; + +```ts +declare const principal: iam.AnyPrincipal; +input.grantPutMessage(principal); +``` diff --git a/packages/@aws-cdk/aws-iotevents/lib/input.ts b/packages/@aws-cdk/aws-iotevents/lib/input.ts index e4bba5684b7a4..33532e3df5f1b 100644 --- a/packages/@aws-cdk/aws-iotevents/lib/input.ts +++ b/packages/@aws-cdk/aws-iotevents/lib/input.ts @@ -1,3 +1,4 @@ +import * as iam from '@aws-cdk/aws-iam'; import { Resource, IResource } from '@aws-cdk/core'; import { Construct } from 'constructs'; import { CfnInput } from './iotevents.generated'; @@ -11,8 +12,66 @@ export interface IInput extends IResource { * @attribute */ readonly inputName: string; + + /** + * The ARN of the input + * @attribute + */ + readonly inputArn: string; + + /** + * Grant the indicated permissions on this input to the given IAM principal (Role/Group/User). + * + * @param grantee The principal (no-op if undefined) + * @param actions The set of actions to allow (i.e. "dynamodb:PutItem", "dynamodb:GetItem", ...) + */ + grant(grantee: iam.IGrantable, ...actions: string[]): iam.Grant + + /** + * Grant the putting message permission to the given IAM principal (Role/Group/User). + * + * @param grantee The principal (no-op if undefined) + */ + grantPutMessage(grantee: iam.IGrantable): iam.Grant } + +abstract class InputBase extends Resource implements IInput { + /** + * @attribute + */ + public abstract readonly inputName: string; + /** + * @attribute + */ + public abstract readonly inputArn: string; + + /** + * Grant the indicated permissions on this input to the given IAM principal (Role/Group/User). + * + * @param grantee The principal (no-op if undefined) + * @param actions The set of actions to allow (i.e. "dynamodb:PutItem", "dynamodb:GetItem", ...) + */ + public grant(grantee: iam.IGrantable, ...actions: string[]) { + return iam.Grant.addToPrincipal({ + grantee, + actions, + resourceArns: [this.inputArn], + scope: this, + }); + } + + /** + * Grant the putting message permission to the given IAM principal (Role/Group/User). + * + * @param grantee The principal (no-op if undefined) + */ + public grantPutMessage(grantee: iam.IGrantable) { + return this.grant(grantee, 'iotevents:BatchPutMessage'); + } +} + + /** * Properties for defining an AWS IoT Events input */ @@ -37,18 +96,23 @@ export interface InputProps { /** * Defines an AWS IoT Events input in this stack. */ -export class Input extends Resource implements IInput { +export class Input extends InputBase { /** * Import an existing input */ public static fromInputName(scope: Construct, id: string, inputName: string): IInput { - class Import extends Resource implements IInput { + return new class Import extends InputBase { public readonly inputName = inputName; - } - return new Import(scope, id); + public readonly inputArn = this.stack.formatArn({ + service: 'iotevents', + resource: 'input', + resourceName: inputName, + }); + }(scope, id); } public readonly inputName: string; + public readonly inputArn: string; constructor(scope: Construct, id: string, props: InputProps) { super(scope, id, { @@ -67,5 +131,10 @@ export class Input extends Resource implements IInput { }); this.inputName = this.getResourceNameAttribute(resource.ref); + this.inputArn = this.stack.formatArn({ + service: 'iotevents', + resource: 'input', + resourceName: this.inputName, + }); } } diff --git a/packages/@aws-cdk/aws-iotevents/test/input.test.ts b/packages/@aws-cdk/aws-iotevents/test/input.test.ts index 11b457bb0cf1b..d202695d5dd27 100644 --- a/packages/@aws-cdk/aws-iotevents/test/input.test.ts +++ b/packages/@aws-cdk/aws-iotevents/test/input.test.ts @@ -1,10 +1,14 @@ import { Template } from '@aws-cdk/assertions'; +import * as iam from '@aws-cdk/aws-iam'; import * as cdk from '@aws-cdk/core'; import * as iotevents from '../lib'; -test('Default property', () => { - const stack = new cdk.Stack(); +let stack: cdk.Stack; +beforeEach(() => { + stack = new cdk.Stack(); +}); +test('Default property', () => { // WHEN new iotevents.Input(stack, 'MyInput', { attributeJsonPaths: ['payload.temperature'], @@ -19,7 +23,6 @@ test('Default property', () => { }); test('can get input name', () => { - const stack = new cdk.Stack(); // GIVEN const input = new iotevents.Input(stack, 'MyInput', { attributeJsonPaths: ['payload.temperature'], @@ -39,9 +42,41 @@ test('can get input name', () => { }); }); -test('can set physical name', () => { - const stack = new cdk.Stack(); +test('can get input ARN', () => { + // GIVEN + const input = new iotevents.Input(stack, 'MyInput', { + attributeJsonPaths: ['payload.temperature'], + }); + // WHEN + new cdk.CfnResource(stack, 'Res', { + type: 'Test::Resource', + properties: { + InputArn: input.inputArn, + }, + }); + + // THEN + Template.fromStack(stack).hasResourceProperties('Test::Resource', { + InputArn: { + 'Fn::Join': [ + '', + [ + 'arn:', + { Ref: 'AWS::Partition' }, + ':iotevents:', + { Ref: 'AWS::Region' }, + ':', + { Ref: 'AWS::AccountId' }, + ':input/', + { Ref: 'MyInput08947B23' }, + ], + ], + }, + }); +}); + +test('can set physical name', () => { // WHEN new iotevents.Input(stack, 'MyInput', { inputName: 'test_input', @@ -55,8 +90,6 @@ test('can set physical name', () => { }); test('can import a Input by inputName', () => { - const stack = new cdk.Stack(); - // WHEN const inputName = 'test-input-name'; const topicRule = iotevents.Input.fromInputName(stack, 'InputFromInputName', inputName); @@ -68,11 +101,48 @@ test('can import a Input by inputName', () => { }); test('cannot be created with an empty array of attributeJsonPaths', () => { - const stack = new cdk.Stack(); - expect(() => { new iotevents.Input(stack, 'MyInput', { attributeJsonPaths: [], }); }).toThrow('attributeJsonPaths property cannot be empty'); }); + + +test('can grant the permission to put message', () => { + const role = iam.Role.fromRoleArn(stack, 'MyRole', 'arn:aws:iam::account-id:role/role-name'); + const input = new iotevents.Input(stack, 'MyInput', { + inputName: 'test_input', + attributeJsonPaths: ['payload.temperature'], + }); + + // WHEN + input.grantPutMessage(role); + + // THEN + Template.fromStack(stack).hasResourceProperties('AWS::IAM::Policy', { + PolicyDocument: { + Statement: [ + { + Action: 'iotevents:BatchPutMessage', + Effect: 'Allow', + Resource: { + 'Fn::Join': [ + '', + [ + 'arn:', + { Ref: 'AWS::Partition' }, + ':iotevents:', + { Ref: 'AWS::Region' }, + ':', + { Ref: 'AWS::AccountId' }, + ':input/', + { Ref: 'MyInput08947B23' }, + ], + ], + }, + }, + ], + }, + }); +}); From e6ca4256c424ab9f3de722edba3cf8a96a012200 Mon Sep 17 00:00:00 2001 From: yamatatsu Date: Sun, 23 Jan 2022 15:36:50 +0900 Subject: [PATCH 02/15] fix comments --- packages/@aws-cdk/aws-iotevents/lib/input.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/@aws-cdk/aws-iotevents/lib/input.ts b/packages/@aws-cdk/aws-iotevents/lib/input.ts index 33532e3df5f1b..5fdbb5131bce8 100644 --- a/packages/@aws-cdk/aws-iotevents/lib/input.ts +++ b/packages/@aws-cdk/aws-iotevents/lib/input.ts @@ -50,7 +50,7 @@ abstract class InputBase extends Resource implements IInput { * Grant the indicated permissions on this input to the given IAM principal (Role/Group/User). * * @param grantee The principal (no-op if undefined) - * @param actions The set of actions to allow (i.e. "dynamodb:PutItem", "dynamodb:GetItem", ...) + * @param actions The set of actions to allow (i.e. "iotevents:BatchPutMessage") */ public grant(grantee: iam.IGrantable, ...actions: string[]) { return iam.Grant.addToPrincipal({ From 89365266938fd5753cce4c2fa4805ca99c74d94d Mon Sep 17 00:00:00 2001 From: yamatatsu Date: Sun, 23 Jan 2022 15:37:28 +0900 Subject: [PATCH 03/15] fix comments --- packages/@aws-cdk/aws-iotevents/lib/input.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/@aws-cdk/aws-iotevents/lib/input.ts b/packages/@aws-cdk/aws-iotevents/lib/input.ts index 5fdbb5131bce8..4f78325459ede 100644 --- a/packages/@aws-cdk/aws-iotevents/lib/input.ts +++ b/packages/@aws-cdk/aws-iotevents/lib/input.ts @@ -23,7 +23,7 @@ export interface IInput extends IResource { * Grant the indicated permissions on this input to the given IAM principal (Role/Group/User). * * @param grantee The principal (no-op if undefined) - * @param actions The set of actions to allow (i.e. "dynamodb:PutItem", "dynamodb:GetItem", ...) + * @param actions The set of actions to allow (i.e. "iotevents:BatchPutMessage") */ grant(grantee: iam.IGrantable, ...actions: string[]): iam.Grant From 69e274bfa549ab84931ebfbf3a0c0c0e593c5f3a Mon Sep 17 00:00:00 2001 From: yamatatsu Date: Tue, 25 Jan 2022 21:23:54 +0900 Subject: [PATCH 04/15] address comments --- packages/@aws-cdk/aws-iotevents/README.md | 4 +- packages/@aws-cdk/aws-iotevents/lib/input.ts | 43 ++++------- .../@aws-cdk/aws-iotevents/test/input.test.ts | 75 +++++++++---------- 3 files changed, 52 insertions(+), 70 deletions(-) diff --git a/packages/@aws-cdk/aws-iotevents/README.md b/packages/@aws-cdk/aws-iotevents/README.md index fbfee9ae7a0f6..0d825683c7d11 100644 --- a/packages/@aws-cdk/aws-iotevents/README.md +++ b/packages/@aws-cdk/aws-iotevents/README.md @@ -68,8 +68,8 @@ new iotevents.DetectorModel(this, 'MyDetectorModel', { }); ``` -For grant the permittion to put message to the input, you can use -`grantPutMessage()` as following; +To grant permissions to put messages in the input, +you can use the `grantPutMessage()` method: ```ts declare const principal: iam.AnyPrincipal; diff --git a/packages/@aws-cdk/aws-iotevents/lib/input.ts b/packages/@aws-cdk/aws-iotevents/lib/input.ts index 4f78325459ede..3805406e3143b 100644 --- a/packages/@aws-cdk/aws-iotevents/lib/input.ts +++ b/packages/@aws-cdk/aws-iotevents/lib/input.ts @@ -9,49 +9,44 @@ import { CfnInput } from './iotevents.generated'; export interface IInput extends IResource { /** * The name of the input + * * @attribute */ readonly inputName: string; /** * The ARN of the input + * * @attribute */ readonly inputArn: string; /** - * Grant the indicated permissions on this input to the given IAM principal (Role/Group/User). + * Grant the putting message permission to the given IAM principal (Role/Group/User). * - * @param grantee The principal (no-op if undefined) - * @param actions The set of actions to allow (i.e. "iotevents:BatchPutMessage") + * @param grantee the principal */ - grant(grantee: iam.IGrantable, ...actions: string[]): iam.Grant + grantPutMessage(grantee: iam.IGrantable): iam.Grant /** - * Grant the putting message permission to the given IAM principal (Role/Group/User). + * Grant the indicated permissions on this input to the given IAM principal (Role/Group/User). * - * @param grantee The principal (no-op if undefined) + * @param grantee the principal + * @param actions the set of actions to allow (i.e. "iotevents:BatchPutMessage") */ - grantPutMessage(grantee: iam.IGrantable): iam.Grant + grant(grantee: iam.IGrantable, ...actions: string[]): iam.Grant } abstract class InputBase extends Resource implements IInput { - /** - * @attribute - */ public abstract readonly inputName: string; - /** - * @attribute - */ + public abstract readonly inputArn: string; - /** - * Grant the indicated permissions on this input to the given IAM principal (Role/Group/User). - * - * @param grantee The principal (no-op if undefined) - * @param actions The set of actions to allow (i.e. "iotevents:BatchPutMessage") - */ + public grantPutMessage(grantee: iam.IGrantable) { + return this.grant(grantee, 'iotevents:BatchPutMessage'); + } + public grant(grantee: iam.IGrantable, ...actions: string[]) { return iam.Grant.addToPrincipal({ grantee, @@ -60,15 +55,6 @@ abstract class InputBase extends Resource implements IInput { scope: this, }); } - - /** - * Grant the putting message permission to the given IAM principal (Role/Group/User). - * - * @param grantee The principal (no-op if undefined) - */ - public grantPutMessage(grantee: iam.IGrantable) { - return this.grant(grantee, 'iotevents:BatchPutMessage'); - } } @@ -112,6 +98,7 @@ export class Input extends InputBase { } public readonly inputName: string; + public readonly inputArn: string; constructor(scope: Construct, id: string, props: InputProps) { diff --git a/packages/@aws-cdk/aws-iotevents/test/input.test.ts b/packages/@aws-cdk/aws-iotevents/test/input.test.ts index d202695d5dd27..51ce637ebb005 100644 --- a/packages/@aws-cdk/aws-iotevents/test/input.test.ts +++ b/packages/@aws-cdk/aws-iotevents/test/input.test.ts @@ -42,6 +42,19 @@ test('can get input name', () => { }); }); +test('can set physical name', () => { + // WHEN + new iotevents.Input(stack, 'MyInput', { + inputName: 'test_input', + attributeJsonPaths: ['payload.temperature'], + }); + + // THEN + Template.fromStack(stack).hasResourceProperties('AWS::IoTEvents::Input', { + InputName: 'test_input', + }); +}); + test('can get input ARN', () => { // GIVEN const input = new iotevents.Input(stack, 'MyInput', { @@ -59,36 +72,20 @@ test('can get input ARN', () => { // THEN Template.fromStack(stack).hasResourceProperties('Test::Resource', { InputArn: { - 'Fn::Join': [ - '', - [ - 'arn:', - { Ref: 'AWS::Partition' }, - ':iotevents:', - { Ref: 'AWS::Region' }, - ':', - { Ref: 'AWS::AccountId' }, - ':input/', - { Ref: 'MyInput08947B23' }, - ], - ], + 'Fn::Join': ['', [ + 'arn:', + { Ref: 'AWS::Partition' }, + ':iotevents:', + { Ref: 'AWS::Region' }, + ':', + { Ref: 'AWS::AccountId' }, + ':input/', + { Ref: 'MyInput08947B23' }, + ]], }, }); }); -test('can set physical name', () => { - // WHEN - new iotevents.Input(stack, 'MyInput', { - inputName: 'test_input', - attributeJsonPaths: ['payload.temperature'], - }); - - // THEN - Template.fromStack(stack).hasResourceProperties('AWS::IoTEvents::Input', { - InputName: 'test_input', - }); -}); - test('can import a Input by inputName', () => { // WHEN const inputName = 'test-input-name'; @@ -112,7 +109,6 @@ test('cannot be created with an empty array of attributeJsonPaths', () => { test('can grant the permission to put message', () => { const role = iam.Role.fromRoleArn(stack, 'MyRole', 'arn:aws:iam::account-id:role/role-name'); const input = new iotevents.Input(stack, 'MyInput', { - inputName: 'test_input', attributeJsonPaths: ['payload.temperature'], }); @@ -127,22 +123,21 @@ test('can grant the permission to put message', () => { Action: 'iotevents:BatchPutMessage', Effect: 'Allow', Resource: { - 'Fn::Join': [ - '', - [ - 'arn:', - { Ref: 'AWS::Partition' }, - ':iotevents:', - { Ref: 'AWS::Region' }, - ':', - { Ref: 'AWS::AccountId' }, - ':input/', - { Ref: 'MyInput08947B23' }, - ], - ], + 'Fn::Join': ['', [ + 'arn:', + { Ref: 'AWS::Partition' }, + ':iotevents:', + { Ref: 'AWS::Region' }, + ':', + { Ref: 'AWS::AccountId' }, + ':input/', + { Ref: 'MyInput08947B23' }, + ]], }, }, ], }, + PolicyName: 'MyRolePolicy64AB00A5', + Roles: ['role-name'], }); }); From 39a15730a7222a91f85fd3c4987e7216a3f301d6 Mon Sep 17 00:00:00 2001 From: yamatatsu Date: Tue, 25 Jan 2022 22:07:50 +0900 Subject: [PATCH 05/15] change method to init inputArn --- packages/@aws-cdk/aws-iotevents/lib/input.ts | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/packages/@aws-cdk/aws-iotevents/lib/input.ts b/packages/@aws-cdk/aws-iotevents/lib/input.ts index 3805406e3143b..5c918be1c083f 100644 --- a/packages/@aws-cdk/aws-iotevents/lib/input.ts +++ b/packages/@aws-cdk/aws-iotevents/lib/input.ts @@ -1,5 +1,5 @@ import * as iam from '@aws-cdk/aws-iam'; -import { Resource, IResource } from '@aws-cdk/core'; +import { Resource, IResource, Aws } from '@aws-cdk/core'; import { Construct } from 'constructs'; import { CfnInput } from './iotevents.generated'; @@ -118,10 +118,14 @@ export class Input extends InputBase { }); this.inputName = this.getResourceNameAttribute(resource.ref); - this.inputArn = this.stack.formatArn({ + this.inputArn = this.getResourceArnAttribute(arnForInput(resource.ref), { service: 'iotevents', resource: 'input', - resourceName: this.inputName, + resourceName: this.physicalName, }); } } + +function arnForInput(inputName: string): string { + return `arn:${Aws.PARTITION}:iotevents:${Aws.REGION}:${Aws.ACCOUNT_ID}:input/${inputName}`; +} From 4764a23eece13a8e3590d7c374f7266069da3730 Mon Sep 17 00:00:00 2001 From: Tatsuya Yamamoto Date: Wed, 2 Feb 2022 11:59:17 +0900 Subject: [PATCH 06/15] Update packages/@aws-cdk/aws-iotevents/lib/input.ts Co-authored-by: Adam Ruka --- packages/@aws-cdk/aws-iotevents/lib/input.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/@aws-cdk/aws-iotevents/lib/input.ts b/packages/@aws-cdk/aws-iotevents/lib/input.ts index 5c918be1c083f..0e8f86c7b3ee0 100644 --- a/packages/@aws-cdk/aws-iotevents/lib/input.ts +++ b/packages/@aws-cdk/aws-iotevents/lib/input.ts @@ -15,7 +15,7 @@ export interface IInput extends IResource { readonly inputName: string; /** - * The ARN of the input + * The ARN of the input. * * @attribute */ From aa3e2b849762bf650a14bec48ecad6bf99f81706 Mon Sep 17 00:00:00 2001 From: Tatsuya Yamamoto Date: Wed, 2 Feb 2022 11:59:24 +0900 Subject: [PATCH 07/15] Update packages/@aws-cdk/aws-iotevents/lib/input.ts Co-authored-by: Adam Ruka --- packages/@aws-cdk/aws-iotevents/lib/input.ts | 1 - 1 file changed, 1 deletion(-) diff --git a/packages/@aws-cdk/aws-iotevents/lib/input.ts b/packages/@aws-cdk/aws-iotevents/lib/input.ts index 0e8f86c7b3ee0..04f06042c57f5 100644 --- a/packages/@aws-cdk/aws-iotevents/lib/input.ts +++ b/packages/@aws-cdk/aws-iotevents/lib/input.ts @@ -37,7 +37,6 @@ export interface IInput extends IResource { grant(grantee: iam.IGrantable, ...actions: string[]): iam.Grant } - abstract class InputBase extends Resource implements IInput { public abstract readonly inputName: string; From af4114e00ffd979af4f5b0c4204fcde343163126 Mon Sep 17 00:00:00 2001 From: Tatsuya Yamamoto Date: Wed, 2 Feb 2022 13:50:03 +0900 Subject: [PATCH 08/15] Update packages/@aws-cdk/aws-iotevents/README.md Co-authored-by: Adam Ruka --- packages/@aws-cdk/aws-iotevents/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/@aws-cdk/aws-iotevents/README.md b/packages/@aws-cdk/aws-iotevents/README.md index 0d825683c7d11..d6201be7ac857 100644 --- a/packages/@aws-cdk/aws-iotevents/README.md +++ b/packages/@aws-cdk/aws-iotevents/README.md @@ -72,6 +72,6 @@ To grant permissions to put messages in the input, you can use the `grantPutMessage()` method: ```ts -declare const principal: iam.AnyPrincipal; +declare const principal: iam.IGrantable; input.grantPutMessage(principal); ``` From a8fc43dbd6ebee60ab73cff6e6a1c096632172fe Mon Sep 17 00:00:00 2001 From: yamatatsu Date: Wed, 2 Feb 2022 18:40:57 +0900 Subject: [PATCH 09/15] address comments --- .../@aws-cdk/aws-iotevents/lib/detector-model.ts | 4 ++-- packages/@aws-cdk/aws-iotevents/lib/expression.ts | 10 +++++----- packages/@aws-cdk/aws-iotevents/lib/input.ts | 12 +++++------- packages/@aws-cdk/aws-iotevents/lib/state.ts | 10 +++++----- packages/@aws-cdk/aws-iotevents/test/input.test.ts | 1 - 5 files changed, 17 insertions(+), 20 deletions(-) diff --git a/packages/@aws-cdk/aws-iotevents/lib/detector-model.ts b/packages/@aws-cdk/aws-iotevents/lib/detector-model.ts index 2a5d270fb0cde..2cfa3ef87f635 100644 --- a/packages/@aws-cdk/aws-iotevents/lib/detector-model.ts +++ b/packages/@aws-cdk/aws-iotevents/lib/detector-model.ts @@ -5,7 +5,7 @@ import { CfnDetectorModel } from './iotevents.generated'; import { State } from './state'; /** - * Represents an AWS IoT Events detector model + * Represents an AWS IoT Events detector model. */ export interface IDetectorModel extends IResource { /** @@ -17,7 +17,7 @@ export interface IDetectorModel extends IResource { } /** - * Properties for defining an AWS IoT Events detector model + * Properties for defining an AWS IoT Events detector model. */ export interface DetectorModelProps { /** diff --git a/packages/@aws-cdk/aws-iotevents/lib/expression.ts b/packages/@aws-cdk/aws-iotevents/lib/expression.ts index 27fdf069c1b9f..fd686e9761802 100644 --- a/packages/@aws-cdk/aws-iotevents/lib/expression.ts +++ b/packages/@aws-cdk/aws-iotevents/lib/expression.ts @@ -1,12 +1,12 @@ import { IInput } from './input'; /** - * Expression for events in Detector Model state + * Expression for events in Detector Model state. * @see https://docs.aws.amazon.com/iotevents/latest/developerguide/iotevents-expressions.html */ export abstract class Expression { /** - * Create a expression from the given string + * Create a expression from the given string. */ public static fromString(value: string): Expression { return new StringExpression(value); @@ -28,14 +28,14 @@ export abstract class Expression { } /** - * Create a expression for the Equal operator + * Create a expression for the Equal operator. */ public static eq(left: Expression, right: Expression): Expression { return new BinaryOperationExpression(left, '==', right); } /** - * Create a expression for the AND operator + * Create a expression for the AND operator. */ public static and(left: Expression, right: Expression): Expression { return new BinaryOperationExpression(left, '&&', right); @@ -45,7 +45,7 @@ export abstract class Expression { } /** - * this is called to evaluate the expression + * This is called to evaluate the expression. */ public abstract evaluate(): string; } diff --git a/packages/@aws-cdk/aws-iotevents/lib/input.ts b/packages/@aws-cdk/aws-iotevents/lib/input.ts index 04f06042c57f5..00965962ecb17 100644 --- a/packages/@aws-cdk/aws-iotevents/lib/input.ts +++ b/packages/@aws-cdk/aws-iotevents/lib/input.ts @@ -4,11 +4,11 @@ import { Construct } from 'constructs'; import { CfnInput } from './iotevents.generated'; /** - * Represents an AWS IoT Events input + * Represents an AWS IoT Events input. */ export interface IInput extends IResource { /** - * The name of the input + * The name of the input. * * @attribute */ @@ -51,18 +51,16 @@ abstract class InputBase extends Resource implements IInput { grantee, actions, resourceArns: [this.inputArn], - scope: this, }); } } - /** - * Properties for defining an AWS IoT Events input + * Properties for defining an AWS IoT Events input. */ export interface InputProps { /** - * The name of the input + * The name of the input. * * @default - CloudFormation will generate a unique name of the input */ @@ -83,7 +81,7 @@ export interface InputProps { */ export class Input extends InputBase { /** - * Import an existing input + * Import an existing input. */ public static fromInputName(scope: Construct, id: string, inputName: string): IInput { return new class Import extends InputBase { diff --git a/packages/@aws-cdk/aws-iotevents/lib/state.ts b/packages/@aws-cdk/aws-iotevents/lib/state.ts index e16d911d60004..129d3395776ad 100644 --- a/packages/@aws-cdk/aws-iotevents/lib/state.ts +++ b/packages/@aws-cdk/aws-iotevents/lib/state.ts @@ -2,7 +2,7 @@ import { Event } from './event'; import { CfnDetectorModel } from './iotevents.generated'; /** - * Properties for defining a state of a detector + * Properties for defining a state of a detector. */ export interface StateProps { /** @@ -20,11 +20,11 @@ export interface StateProps { } /** - * Defines a state of a detector + * Defines a state of a detector. */ export class State { /** - * The name of the state + * The name of the state. */ public readonly stateName: string; @@ -33,7 +33,7 @@ export class State { } /** - * Return the state property JSON + * Return the state property JSON. * * @internal */ @@ -46,7 +46,7 @@ export class State { } /** - * returns true if this state has at least one condition via events + * Returns true if this state has at least one condition via events. * * @internal */ diff --git a/packages/@aws-cdk/aws-iotevents/test/input.test.ts b/packages/@aws-cdk/aws-iotevents/test/input.test.ts index 51ce637ebb005..97ba07ec4ca01 100644 --- a/packages/@aws-cdk/aws-iotevents/test/input.test.ts +++ b/packages/@aws-cdk/aws-iotevents/test/input.test.ts @@ -105,7 +105,6 @@ test('cannot be created with an empty array of attributeJsonPaths', () => { }).toThrow('attributeJsonPaths property cannot be empty'); }); - test('can grant the permission to put message', () => { const role = iam.Role.fromRoleArn(stack, 'MyRole', 'arn:aws:iam::account-id:role/role-name'); const input = new iotevents.Input(stack, 'MyInput', { From 0e16d84d30efa4837f200679822ecc091fd1bb25 Mon Sep 17 00:00:00 2001 From: yamatatsu Date: Wed, 2 Feb 2022 19:08:14 +0900 Subject: [PATCH 10/15] sort test case order --- .../@aws-cdk/aws-iotevents/test/input.test.ts | 26 +++++++++---------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/packages/@aws-cdk/aws-iotevents/test/input.test.ts b/packages/@aws-cdk/aws-iotevents/test/input.test.ts index 97ba07ec4ca01..936545b4e9f37 100644 --- a/packages/@aws-cdk/aws-iotevents/test/input.test.ts +++ b/packages/@aws-cdk/aws-iotevents/test/input.test.ts @@ -42,19 +42,6 @@ test('can get input name', () => { }); }); -test('can set physical name', () => { - // WHEN - new iotevents.Input(stack, 'MyInput', { - inputName: 'test_input', - attributeJsonPaths: ['payload.temperature'], - }); - - // THEN - Template.fromStack(stack).hasResourceProperties('AWS::IoTEvents::Input', { - InputName: 'test_input', - }); -}); - test('can get input ARN', () => { // GIVEN const input = new iotevents.Input(stack, 'MyInput', { @@ -86,6 +73,19 @@ test('can get input ARN', () => { }); }); +test('can set physical name', () => { + // WHEN + new iotevents.Input(stack, 'MyInput', { + inputName: 'test_input', + attributeJsonPaths: ['payload.temperature'], + }); + + // THEN + Template.fromStack(stack).hasResourceProperties('AWS::IoTEvents::Input', { + InputName: 'test_input', + }); +}); + test('can import a Input by inputName', () => { // WHEN const inputName = 'test-input-name'; From 84d94db801e4f4c79da066f4d720ef86abd41534 Mon Sep 17 00:00:00 2001 From: yamatatsu Date: Thu, 3 Feb 2022 10:26:28 +0900 Subject: [PATCH 11/15] rename grant method --- packages/@aws-cdk/aws-iotevents/lib/input.ts | 6 +++--- packages/@aws-cdk/aws-iotevents/test/input.test.ts | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/packages/@aws-cdk/aws-iotevents/lib/input.ts b/packages/@aws-cdk/aws-iotevents/lib/input.ts index 00965962ecb17..b656af2d4dff6 100644 --- a/packages/@aws-cdk/aws-iotevents/lib/input.ts +++ b/packages/@aws-cdk/aws-iotevents/lib/input.ts @@ -22,11 +22,11 @@ export interface IInput extends IResource { readonly inputArn: string; /** - * Grant the putting message permission to the given IAM principal (Role/Group/User). + * Grant write permissions on this input and its contents to an IAM principal (Role/Group/User). * * @param grantee the principal */ - grantPutMessage(grantee: iam.IGrantable): iam.Grant + grantWrite(grantee: iam.IGrantable): iam.Grant /** * Grant the indicated permissions on this input to the given IAM principal (Role/Group/User). @@ -42,7 +42,7 @@ abstract class InputBase extends Resource implements IInput { public abstract readonly inputArn: string; - public grantPutMessage(grantee: iam.IGrantable) { + public grantWrite(grantee: iam.IGrantable) { return this.grant(grantee, 'iotevents:BatchPutMessage'); } diff --git a/packages/@aws-cdk/aws-iotevents/test/input.test.ts b/packages/@aws-cdk/aws-iotevents/test/input.test.ts index 936545b4e9f37..8907489af928e 100644 --- a/packages/@aws-cdk/aws-iotevents/test/input.test.ts +++ b/packages/@aws-cdk/aws-iotevents/test/input.test.ts @@ -112,7 +112,7 @@ test('can grant the permission to put message', () => { }); // WHEN - input.grantPutMessage(role); + input.grantWrite(role); // THEN Template.fromStack(stack).hasResourceProperties('AWS::IAM::Policy', { From 3326c73ec5da327dcccd7d1988d382e645a22e37 Mon Sep 17 00:00:00 2001 From: yamatatsu Date: Thu, 3 Feb 2022 12:23:21 +0900 Subject: [PATCH 12/15] fix readme --- packages/@aws-cdk/aws-iotevents/README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/@aws-cdk/aws-iotevents/README.md b/packages/@aws-cdk/aws-iotevents/README.md index baf3c210817d5..0e336d0313395 100644 --- a/packages/@aws-cdk/aws-iotevents/README.md +++ b/packages/@aws-cdk/aws-iotevents/README.md @@ -75,6 +75,6 @@ To grant permissions to put messages in the input, you can use the `grantPutMessage()` method: ```ts -declare const principal: iam.IGrantable; -input.grantPutMessage(principal); +declare const lambdaFn: lambda.Function; +input.grantWrite(lambdaFn); ``` From 22e919d49f7de9964f5de1b720370326f859d694 Mon Sep 17 00:00:00 2001 From: yamatatsu Date: Thu, 3 Feb 2022 21:22:10 +0900 Subject: [PATCH 13/15] fix readme --- packages/@aws-cdk/aws-iotevents/README.md | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/packages/@aws-cdk/aws-iotevents/README.md b/packages/@aws-cdk/aws-iotevents/README.md index 0e336d0313395..fec41ea1fb342 100644 --- a/packages/@aws-cdk/aws-iotevents/README.md +++ b/packages/@aws-cdk/aws-iotevents/README.md @@ -72,9 +72,13 @@ new iotevents.DetectorModel(this, 'MyDetectorModel', { ``` To grant permissions to put messages in the input, -you can use the `grantPutMessage()` method: +you can use the `grantWrite()` method: ```ts -declare const lambdaFn: lambda.Function; +import * as iam from '@aws-cdk/aws-iam'; + +declare const principal: iam.IGrantable; +const input = new iotevents.Input.fromInputName(this, 'MyInput', 'my_input'); + input.grantWrite(lambdaFn); ``` From 38754588f7e32ea458fe53e12bdddc9585d6d646 Mon Sep 17 00:00:00 2001 From: yamatatsu Date: Fri, 4 Feb 2022 00:08:49 +0900 Subject: [PATCH 14/15] fix readme --- packages/@aws-cdk/aws-iotevents/README.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/packages/@aws-cdk/aws-iotevents/README.md b/packages/@aws-cdk/aws-iotevents/README.md index fec41ea1fb342..e5ad30205296e 100644 --- a/packages/@aws-cdk/aws-iotevents/README.md +++ b/packages/@aws-cdk/aws-iotevents/README.md @@ -76,9 +76,10 @@ you can use the `grantWrite()` method: ```ts import * as iam from '@aws-cdk/aws-iam'; +import * as iotevents from '@aws-cdk/aws-iotevents'; -declare const principal: iam.IGrantable; +declare const grantable: iam.IGrantable; const input = new iotevents.Input.fromInputName(this, 'MyInput', 'my_input'); -input.grantWrite(lambdaFn); +input.grantWrite(grantable); ``` From 6a4a79dc3e1005e6ddd0627229f76b9b1706f17c Mon Sep 17 00:00:00 2001 From: yamatatsu Date: Fri, 4 Feb 2022 01:15:17 +0900 Subject: [PATCH 15/15] fix readme --- packages/@aws-cdk/aws-iotevents/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/@aws-cdk/aws-iotevents/README.md b/packages/@aws-cdk/aws-iotevents/README.md index e5ad30205296e..864833049b402 100644 --- a/packages/@aws-cdk/aws-iotevents/README.md +++ b/packages/@aws-cdk/aws-iotevents/README.md @@ -79,7 +79,7 @@ import * as iam from '@aws-cdk/aws-iam'; import * as iotevents from '@aws-cdk/aws-iotevents'; declare const grantable: iam.IGrantable; -const input = new iotevents.Input.fromInputName(this, 'MyInput', 'my_input'); +const input = iotevents.Input.fromInputName(this, 'MyInput', 'my_input'); input.grantWrite(grantable); ```