feat(neptune): add engine version 1.2.0.0

- add engine version 1.2.0.0 - introduce a new enum for parameter group family - update parameter groups to support specifiying parameter group family - introduce grant method for use with more specific data access actions closes aws#21877
humanzz · Sep 7, 2022 · be4edbe · be4edbe
1 parent b0ba52e
commit be4edbe
Show file tree

Hide file tree

Showing 11 changed files with 612 additions and 81 deletions.
diff --git a/packages/@aws-cdk/aws-neptune/lib/cluster.ts b/packages/@aws-cdk/aws-neptune/lib/cluster.ts
@@ -58,6 +58,10 @@ export class EngineVersion {
    * Neptune engine version 1.1.1.0
    */
   public static readonly V1_1_1_0 = new EngineVersion('1.1.1.0');
+  /**
+   * Neptune engine version 1.2.0.0
+   */
+  public static readonly V1_2_0_0 = new EngineVersion('1.2.0.0');
 
   /**
    * Constructor for specifying a custom engine version
@@ -267,6 +271,15 @@ export interface IDatabaseCluster extends IResource, ec2.IConnectable {
    */
   readonly clusterReadEndpoint: Endpoint;
 
+  /**
+   * Grant the given identity the specified actions
+   * @param grantee the identity to be granted the actions
+   * @param actions the data-access actions
+   *
+   * @see https://docs.aws.amazon.com/neptune/latest/userguide/iam-dp-actions.html
+   */
+  grant(grantee: iam.IGrantable, ...actions: string[]): iam.Grant;
+
   /**
    * Grant the given identity connection access to the database.
    */
@@ -360,15 +373,15 @@ export abstract class DatabaseClusterBase extends Resource implements IDatabaseC
 
   protected abstract enableIamAuthentication?: boolean;
 
-  public grantConnect(grantee: iam.IGrantable): iam.Grant {
+  public grant(grantee: iam.IGrantable, ...actions: string[]): iam.Grant {
     if (this.enableIamAuthentication === false) {
-      throw new Error('Cannot grant connect when IAM authentication is disabled');
+      throw new Error('Cannot grant when IAM authentication is disabled');
     }
 
     this.enableIamAuthentication = true;
     return iam.Grant.addToPrincipal({
       grantee,
-      actions: ['neptune-db:*'],
+      actions,
       resourceArns: [
         [
           'arn',
@@ -381,6 +394,10 @@ export abstract class DatabaseClusterBase extends Resource implements IDatabaseC
       ],
     });
   }
+
+  public grantConnect(grantee: iam.IGrantable): iam.Grant {
+    return this.grant(grantee, 'neptune-db:*');
+  }
 }
 
 /**

diff --git a/packages/@aws-cdk/aws-neptune/lib/parameter-group.ts b/packages/@aws-cdk/aws-neptune/lib/parameter-group.ts
@@ -2,6 +2,27 @@ import { IResource, Resource } from '@aws-cdk/core';
 import { Construct } from 'constructs';
 import { CfnDBClusterParameterGroup, CfnDBParameterGroup } from './neptune.generated';
 
+/**
+ * The DB parameter group family that a DB parameter group is compatible with
+ */
+export class ParameterGroupFamily {
+
+  /**
+   * Family used by Neptune engine versions before 1.2.0.0
+   */
+  public static readonly NEPTUNE_1 = new ParameterGroupFamily('neptune1');
+  /**
+   * Family used by Neptune engine versions 1.2.0.0 and later
+   */
+  public static readonly NEPTUNE_1_2 = new ParameterGroupFamily('neptune1.2');
+
+  /**
+   * Constructor for specifying a custom parameter group famil
+   * @param family the family of the parameter group Neptune
+   */
+  public constructor(public readonly family: string) {}
+}
+
 /**
  * Properties for a parameter group
  */
@@ -17,6 +38,13 @@ interface ParameterGroupPropsBase {
    * The parameters in this parameter group
    */
   readonly parameters: { [key: string]: string };
+
+  /**
+   * Parameter group family
+   *
+   * @default - NEPTUNE_1
+   */
+  readonly family?: ParameterGroupFamily;
 }
 
 /**
@@ -81,7 +109,7 @@ export class ClusterParameterGroup extends Resource implements IClusterParameter
     const resource = new CfnDBClusterParameterGroup(this, 'Resource', {
       name: props.clusterParameterGroupName,
       description: props.description || 'Cluster parameter group for neptune db cluster',
-      family: 'neptune1',
+      family: (props.family ?? ParameterGroupFamily.NEPTUNE_1).family,
       parameters: props.parameters,
     });
 
@@ -126,7 +154,7 @@ export class ParameterGroup extends Resource implements IParameterGroup {
     const resource = new CfnDBParameterGroup(this, 'Resource', {
       name: props.parameterGroupName,
       description: props.description || 'Instance parameter group for neptune db instances',
-      family: 'neptune1',
+      family: (props.family ?? ParameterGroupFamily.NEPTUNE_1).family,
       parameters: props.parameters,
     });
 

diff --git a/packages/@aws-cdk/aws-neptune/test/cluster.integ.snapshot/aws-cdk-neptune-integ.assets.json b/packages/@aws-cdk/aws-neptune/test/cluster.integ.snapshot/aws-cdk-neptune-integ.assets.json
@@ -1,15 +1,15 @@
 {
-  "version": "20.0.0",
+  "version": "21.0.0",
   "files": {
-    "17a5a69a211ef8dbec63fd5adb29382dfaac5da65c78d9ec193450eb3933fd98": {
+    "a6ddb6c342f7148aab988924c35145ebf650527ca462ceb456d4128d0d009dcf": {
       "source": {
         "path": "aws-cdk-neptune-integ.template.json",
         "packaging": "file"
       },
       "destinations": {
         "current_account-current_region": {
           "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}",
-          "objectKey": "17a5a69a211ef8dbec63fd5adb29382dfaac5da65c78d9ec193450eb3933fd98.json",
+          "objectKey": "a6ddb6c342f7148aab988924c35145ebf650527ca462ceb456d4128d0d009dcf.json",
           "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}"
         }
       }

diff --git a/...ages/@aws-cdk/aws-neptune/test/cluster.integ.snapshot/aws-cdk-neptune-integ.template.json b/...ages/@aws-cdk/aws-neptune/test/cluster.integ.snapshot/aws-cdk-neptune-integ.template.json
@@ -391,17 +391,6 @@
     }
    }
   },
-  "ParamsA8366201": {
-   "Type": "AWS::Neptune::DBClusterParameterGroup",
-   "Properties": {
-    "Description": "A nice parameter group",
-    "Family": "neptune1",
-    "Parameters": {
-     "neptune_enable_audit_log": "1",
-     "neptune_query_timeout": "100000"
-    }
-   }
-  },
   "DbSecurity381C2C15": {
    "Type": "AWS::KMS::Key",
    "Properties": {
@@ -437,6 +426,17 @@
    "UpdateReplacePolicy": "Delete",
    "DeletionPolicy": "Delete"
   },
+  "ParamsA8366201": {
+   "Type": "AWS::Neptune::DBClusterParameterGroup",
+   "Properties": {
+    "Description": "A nice parameter group",
+    "Family": "neptune1",
+    "Parameters": {
+     "neptune_enable_audit_log": "1",
+     "neptune_query_timeout": "100000"
+    }
+   }
+  },
   "DatabaseSubnets3C9252C9": {
    "Type": "AWS::Neptune::DBSubnetGroup",
    "Properties": {
@@ -538,6 +538,120 @@
    ],
    "UpdateReplacePolicy": "Delete",
    "DeletionPolicy": "Delete"
+  },
+  "Params1200F93288": {
+   "Type": "AWS::Neptune::DBClusterParameterGroup",
+   "Properties": {
+    "Description": "A nice parameter group",
+    "Family": "neptune1.2",
+    "Parameters": {
+     "neptune_enable_audit_log": "1",
+     "neptune_query_timeout": "100000"
+    }
+   }
+  },
+  "Database12Subnets4179194B": {
+   "Type": "AWS::Neptune::DBSubnetGroup",
+   "Properties": {
+    "DBSubnetGroupDescription": "Subnets for Database12 database",
+    "SubnetIds": [
+     {
+      "Ref": "VPCPrivateSubnet1Subnet8BCA10E0"
+     },
+     {
+      "Ref": "VPCPrivateSubnet2SubnetCFCDAA7A"
+     }
+    ]
+   }
+  },
+  "Database12SecurityGroup4F4302E8": {
+   "Type": "AWS::EC2::SecurityGroup",
+   "Properties": {
+    "GroupDescription": "Neptune security group",
+    "SecurityGroupEgress": [
+     {
+      "CidrIp": "0.0.0.0/0",
+      "Description": "Allow all outbound traffic by default",
+      "IpProtocol": "-1"
+     }
+    ],
+    "VpcId": {
+     "Ref": "VPCB9E5F0B4"
+    }
+   }
+  },
+  "Database12SecurityGroupfrom00000IndirectPort3A40EE2B": {
+   "Type": "AWS::EC2::SecurityGroupIngress",
+   "Properties": {
+    "IpProtocol": "tcp",
+    "CidrIp": "0.0.0.0/0",
+    "Description": "Open to the world",
+    "FromPort": {
+     "Fn::GetAtt": [
+      "Database12D6A36FB9",
+      "Port"
+     ]
+    },
+    "GroupId": {
+     "Fn::GetAtt": [
+      "Database12SecurityGroup4F4302E8",
+      "GroupId"
+     ]
+    },
+    "ToPort": {
+     "Fn::GetAtt": [
+      "Database12D6A36FB9",
+      "Port"
+     ]
+    }
+   }
+  },
+  "Database12D6A36FB9": {
+   "Type": "AWS::Neptune::DBCluster",
+   "Properties": {
+    "DBClusterParameterGroupName": {
+     "Ref": "Params1200F93288"
+    },
+    "DBSubnetGroupName": {
+     "Ref": "Database12Subnets4179194B"
+    },
+    "EngineVersion": "1.2.0.0",
+    "KmsKeyId": {
+     "Fn::GetAtt": [
+      "DbSecurity381C2C15",
+      "Arn"
+     ]
+    },
+    "StorageEncrypted": true,
+    "VpcSecurityGroupIds": [
+     {
+      "Fn::GetAtt": [
+       "Database12SecurityGroup4F4302E8",
+       "GroupId"
+      ]
+     }
+    ]
+   },
+   "UpdateReplacePolicy": "Delete",
+   "DeletionPolicy": "Delete"
+  },
+  "Database12Instance10D9E6224": {
+   "Type": "AWS::Neptune::DBInstance",
+   "Properties": {
+    "DBInstanceClass": "db.r5.large",
+    "AutoMinorVersionUpgrade": true,
+    "DBClusterIdentifier": {
+     "Ref": "Database12D6A36FB9"
+    }
+   },
+   "DependsOn": [
+    "VPCPrivateSubnet1DefaultRouteAE1D6490",
+    "VPCPrivateSubnet1RouteTableAssociation347902D1",
+    "VPCPrivateSubnet2DefaultRouteF4F5CFD2",
+    "VPCPrivateSubnet2RouteTableAssociation0C73D413"
+   ],
+   "UpdateReplacePolicy": "Delete",
+   "DeletionPolicy": "Delete"
   }
  },
  "Parameters": {

diff --git a/packages/@aws-cdk/aws-neptune/test/cluster.integ.snapshot/cdk.out b/packages/@aws-cdk/aws-neptune/test/cluster.integ.snapshot/cdk.out
@@ -1 +1 @@
-{"version":"20.0.0"}
+{"version":"21.0.0"}
diff --git a/packages/@aws-cdk/aws-neptune/test/cluster.integ.snapshot/integ.json b/packages/@aws-cdk/aws-neptune/test/cluster.integ.snapshot/integ.json
@@ -1,5 +1,5 @@
 {
-  "version": "20.0.0",
+  "version": "21.0.0",
   "testCases": {
     "integ.cluster": {
       "stacks": [

diff --git a/packages/@aws-cdk/aws-neptune/test/cluster.integ.snapshot/manifest.json b/packages/@aws-cdk/aws-neptune/test/cluster.integ.snapshot/manifest.json
@@ -1,5 +1,5 @@
 {
-  "version": "20.0.0",
+  "version": "21.0.0",
   "artifacts": {
     "Tree": {
       "type": "cdk:tree",
@@ -23,7 +23,7 @@
         "validateOnSynth": false,
         "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}",
         "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}",
-        "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/17a5a69a211ef8dbec63fd5adb29382dfaac5da65c78d9ec193450eb3933fd98.json",
+        "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/a6ddb6c342f7148aab988924c35145ebf650527ca462ceb456d4128d0d009dcf.json",
         "requiresBootstrapStackVersion": 6,
         "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version",
         "additionalDependencies": [
@@ -177,16 +177,16 @@
             "data": "VPCVPCGW99B986DC"
           }
         ],
-        "/aws-cdk-neptune-integ/Params/Resource": [
+        "/aws-cdk-neptune-integ/DbSecurity/Resource": [
           {
             "type": "aws:cdk:logicalId",
-            "data": "ParamsA8366201"
+            "data": "DbSecurity381C2C15"
           }
         ],
-        "/aws-cdk-neptune-integ/DbSecurity/Resource": [
+        "/aws-cdk-neptune-integ/Params/Resource": [
           {
             "type": "aws:cdk:logicalId",
-            "data": "DbSecurity381C2C15"
+            "data": "ParamsA8366201"
           }
         ],
         "/aws-cdk-neptune-integ/Database/Subnets/Resource": [
@@ -219,6 +219,42 @@
             "data": "DatabaseInstance1844F58FD"
           }
         ],
+        "/aws-cdk-neptune-integ/Params12/Resource": [
+          {
+            "type": "aws:cdk:logicalId",
+            "data": "Params1200F93288"
+          }
+        ],
+        "/aws-cdk-neptune-integ/Database12/Subnets/Resource": [
+          {
+            "type": "aws:cdk:logicalId",
+            "data": "Database12Subnets4179194B"
+          }
+        ],
+        "/aws-cdk-neptune-integ/Database12/SecurityGroup/Resource": [
+          {
+            "type": "aws:cdk:logicalId",
+            "data": "Database12SecurityGroup4F4302E8"
+          }
+        ],
+        "/aws-cdk-neptune-integ/Database12/SecurityGroup/from 0.0.0.0_0:{IndirectPort}": [
+          {
+            "type": "aws:cdk:logicalId",
+            "data": "Database12SecurityGroupfrom00000IndirectPort3A40EE2B"
+          }
+        ],
+        "/aws-cdk-neptune-integ/Database12/Resource": [
+          {
+            "type": "aws:cdk:logicalId",
+            "data": "Database12D6A36FB9"
+          }
+        ],
+        "/aws-cdk-neptune-integ/Database12/Instance1": [
+          {
+            "type": "aws:cdk:logicalId",
+            "data": "Database12Instance10D9E6224"
+          }
+        ],
         "/aws-cdk-neptune-integ/BootstrapVersion": [
           {
             "type": "aws:cdk:logicalId",