Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(apprunner): make Service implement IGrantable #26130

Merged
merged 9 commits into from
Jul 24, 2023
Merged

feat(apprunner): make Service implement IGrantable #26130

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
7e4292c
feat(apprunner): expose instanceRole from Service instance
lpizzinidev Jun 27, 2023
64b2611
Merge branch 'main' into gh-26089
lpizzinidev Jun 28, 2023
b784781
made Service implement IGrantable
lpizzinidev Jun 28, 2023
1c0bdcd
added automatic instance role creation and addToRolePolicy method
lpizzinidev Jun 30, 2023
0c62347
Merge branch 'main' into gh-26089
lpizzinidev Jun 30, 2023
e66a4b9
Merge branch 'main' into gh-26089
lpizzinidev Jul 15, 2023
b550db3
updated README
lpizzinidev Jul 15, 2023
69ecdcc
Merge branch 'main' into gh-26089
lpizzinidev Jul 21, 2023
dfbe8d5
Merge branch 'main' into gh-26089
mergify[bot] Jul 24, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 11 additions & 0 deletions packages/@aws-cdk/aws-apprunner-alpha/lib/service.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1140,6 +1140,17 @@ export class Service extends cdk.Resource {
this.secrets.push({ name: name, value: secret.arn });
}

/**
* This method exposes the Instance Role after creating it if not set.
* @returns iam.IRole
*/
public obtainInstanceRole(): iam.IRole {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What if we instead made Service implement IGrantable? Then we could just do
things like

bucket.grantRead(service);

if (!this.instanceRole) {
this.instanceRole = this.createInstanceRole();
}
return this.instanceRole;
}

/**
* This method generates an Instance Role. Needed if using secrets and props.instanceRole is undefined
* @returns iam.IRole
Expand Down
21 changes: 20 additions & 1 deletion packages/@aws-cdk/aws-apprunner-alpha/test/service.test.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1252,4 +1252,23 @@ testDeprecated('Using both environmentVariables and environment should throw an
}),
});
}).toThrow(/You cannot set both \'environmentVariables\' and \'environment\' properties./);
});
});

test('Service exposes instanceRole via obtainInstanceRole()', () => {
// GIVEN
const app = new cdk.App();
const stack = new cdk.Stack(app, 'demo-stack');
// WHEN
const service = new apprunner.Service(stack, 'DemoService', {
source: apprunner.Source.fromEcrPublic({
imageIdentifier: 'public.ecr.aws/aws-containers/hello-app-runner:latest',
}),
instanceRole: new iam.Role(stack, 'InstanceRole', {
assumedBy: new iam.ServicePrincipal('tasks.apprunner.amazonaws.com'),
}),
});
// THEN
expect(stack.resolve(service.obtainInstanceRole().roleArn)).toEqual({
'Fn::GetAtt': ['InstanceRole3CCE2F1D', 'Arn'],
});
});