From dc3b04710324fee2e0f2e455c0cffff885beccdd Mon Sep 17 00:00:00 2001 From: Spencer Post Date: Wed, 27 Sep 2023 16:52:23 -0600 Subject: [PATCH 1/6] support the addition of multiple event bus policies --- .../aws-cdk-lib/aws-events/lib/event-bus.ts | 17 ++++++++-------- .../aws-events/test/event-bus.test.ts | 20 +++++++++++++------ 2 files changed, 23 insertions(+), 14 deletions(-) diff --git a/packages/aws-cdk-lib/aws-events/lib/event-bus.ts b/packages/aws-cdk-lib/aws-events/lib/event-bus.ts index 0a4d2a7107b66..603b1bf5962d2 100644 --- a/packages/aws-cdk-lib/aws-events/lib/event-bus.ts +++ b/packages/aws-cdk-lib/aws-events/lib/event-bus.ts @@ -309,7 +309,10 @@ export class EventBus extends EventBusBase { */ public readonly eventSourceName?: string; - private policy?: EventBusPolicy; + /** + * The EventBusPolicies attached to this event bus + */ + public readonly policies: EventBusPolicy[]; constructor(scope: Construct, id: string, props?: EventBusProps) { const { eventBusName, eventSourceName } = EventBus.eventBusProps( @@ -319,6 +322,8 @@ export class EventBus extends EventBusBase { super(scope, id, { physicalName: eventBusName }); + this.policies = []; + const eventBus = new CfnEventBus(this, 'Resource', { name: this.physicalName, eventSourceName, @@ -343,18 +348,14 @@ export class EventBus extends EventBusBase { throw new Error('Event Bus policy statements must have a sid'); } - if (this.policy) { - // The policy can contain only one statement - return { statementAdded: false }; - } - - this.policy = new EventBusPolicy(this, 'Policy', { + const policy = new EventBusPolicy(this, statement.sid, { eventBus: this, statement: statement.toJSON(), statementId: statement.sid, }); + this.policies.push(policy); - return { statementAdded: true, policyDependable: this.policy }; + return { statementAdded: true, policyDependable: policy }; } } diff --git a/packages/aws-cdk-lib/aws-events/test/event-bus.test.ts b/packages/aws-cdk-lib/aws-events/test/event-bus.test.ts index 70ab0fa14e71d..98948316051c4 100644 --- a/packages/aws-cdk-lib/aws-events/test/event-bus.test.ts +++ b/packages/aws-cdk-lib/aws-events/test/event-bus.test.ts @@ -580,27 +580,35 @@ describe('event bus', () => { }); }); - test('cannot add more than one event bus policy', () => { + test('can add more than one event bus policy', () => { // GIVEN const app = new App(); const stack = new Stack(app, 'Stack'); const bus = new EventBus(stack, 'Bus'); - const statement = new iam.PolicyStatement({ + const statement1 = new iam.PolicyStatement({ effect: Effect.ALLOW, principals: [new iam.ArnPrincipal('arn')], actions: ['events:PutEvents'], - sid: '123', + sid: 'statement1', resources: [bus.eventBusArn], }); + const statement2 = new iam.PolicyStatement({ + effect: Effect.ALLOW, + principals: [new iam.ArnPrincipal('arn')], + actions: ['events:DeleteRule'], + sid: 'statement2', + resources: [`${bus.eventBusArn}/*`], + }); + // WHEN - const add1 = bus.addToResourcePolicy(statement); - const add2 = bus.addToResourcePolicy(statement); + const add1 = bus.addToResourcePolicy(statement1); + const add2 = bus.addToResourcePolicy(statement2); // THEN expect(add1.statementAdded).toBe(true); - expect(add2.statementAdded).toBe(false); + expect(add2.statementAdded).toBe(true); }); test('Event Bus policy statements must have a sid', () => { From 2f5693f62262d7535b9cb39b8000e1dded28909d Mon Sep 17 00:00:00 2001 From: Spencer Post Date: Thu, 28 Sep 2023 10:23:38 -0600 Subject: [PATCH 2/6] update integration tests --- ...faultTestDeployAssertE6DF8EA9.assets.json} | 4 +- ...ultTestDeployAssertE6DF8EA9.template.json} | 0 .../Stack.assets.json | 13 +- .../Stack.template.json | 52 +++++++- .../test/integ.eventbus.js.snapshot/cdk.out | 2 +- .../integ.eventbus.js.snapshot/integ.json | 8 +- .../integ.eventbus.js.snapshot/manifest.json | 42 +++--- .../test/integ.eventbus.js.snapshot/tree.json | 122 +++++++++++++----- .../test/aws-events/test/integ.eventbus.ts | 18 ++- 9 files changed, 187 insertions(+), 74 deletions(-) rename packages/@aws-cdk-testing/framework-integ/test/aws-events/test/integ.eventbus.js.snapshot/{IntegTestBatchDefaultEnvVarsStackDefaultTestDeployAssertC15EFFF2.assets.json => IntegTestEventBusStackDefaultTestDeployAssertE6DF8EA9.assets.json} (82%) rename packages/@aws-cdk-testing/framework-integ/test/aws-events/test/integ.eventbus.js.snapshot/{IntegTestBatchDefaultEnvVarsStackDefaultTestDeployAssertC15EFFF2.template.json => IntegTestEventBusStackDefaultTestDeployAssertE6DF8EA9.template.json} (100%) diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-events/test/integ.eventbus.js.snapshot/IntegTestBatchDefaultEnvVarsStackDefaultTestDeployAssertC15EFFF2.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-events/test/integ.eventbus.js.snapshot/IntegTestEventBusStackDefaultTestDeployAssertE6DF8EA9.assets.json similarity index 82% rename from packages/@aws-cdk-testing/framework-integ/test/aws-events/test/integ.eventbus.js.snapshot/IntegTestBatchDefaultEnvVarsStackDefaultTestDeployAssertC15EFFF2.assets.json rename to packages/@aws-cdk-testing/framework-integ/test/aws-events/test/integ.eventbus.js.snapshot/IntegTestEventBusStackDefaultTestDeployAssertE6DF8EA9.assets.json index 0558ec65bb4a1..4209c700d9bd4 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-events/test/integ.eventbus.js.snapshot/IntegTestBatchDefaultEnvVarsStackDefaultTestDeployAssertC15EFFF2.assets.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-events/test/integ.eventbus.js.snapshot/IntegTestEventBusStackDefaultTestDeployAssertE6DF8EA9.assets.json @@ -1,9 +1,9 @@ { - "version": "22.0.0", + "version": "34.0.0", "files": { "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { "source": { - "path": "IntegTestBatchDefaultEnvVarsStackDefaultTestDeployAssertC15EFFF2.template.json", + "path": "IntegTestEventBusStackDefaultTestDeployAssertE6DF8EA9.template.json", "packaging": "file" }, "destinations": { diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-events/test/integ.eventbus.js.snapshot/IntegTestBatchDefaultEnvVarsStackDefaultTestDeployAssertC15EFFF2.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-events/test/integ.eventbus.js.snapshot/IntegTestEventBusStackDefaultTestDeployAssertE6DF8EA9.template.json similarity index 100% rename from packages/@aws-cdk-testing/framework-integ/test/aws-events/test/integ.eventbus.js.snapshot/IntegTestBatchDefaultEnvVarsStackDefaultTestDeployAssertC15EFFF2.template.json rename to packages/@aws-cdk-testing/framework-integ/test/aws-events/test/integ.eventbus.js.snapshot/IntegTestEventBusStackDefaultTestDeployAssertE6DF8EA9.template.json diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-events/test/integ.eventbus.js.snapshot/Stack.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-events/test/integ.eventbus.js.snapshot/Stack.assets.json index 1227cf564778b..0f867605130fa 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-events/test/integ.eventbus.js.snapshot/Stack.assets.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-events/test/integ.eventbus.js.snapshot/Stack.assets.json @@ -1,17 +1,16 @@ { - "version": "22.0.0", + "version": "34.0.0", "files": { - "c71ed4ea3da796e03fa29834408d0b65d9093011ecfedfbb40bae050834974cc": { + "57e14b65d6e62634abcf2a64f00eb08e99ee92617490f92b45eff16399d6173a": { "source": { "path": "Stack.template.json", "packaging": "file" }, "destinations": { - "current_account-us-east-1": { - "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-us-east-1", - "objectKey": "c71ed4ea3da796e03fa29834408d0b65d9093011ecfedfbb40bae050834974cc.json", - "region": "us-east-1", - "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-us-east-1" + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "57e14b65d6e62634abcf2a64f00eb08e99ee92617490f92b45eff16399d6173a.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } } diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-events/test/integ.eventbus.js.snapshot/Stack.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-events/test/integ.eventbus.js.snapshot/Stack.template.json index 27cd68f2924c7..f13964b9866c7 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-events/test/integ.eventbus.js.snapshot/Stack.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-events/test/integ.eventbus.js.snapshot/Stack.template.json @@ -6,10 +6,9 @@ "Name": "StackBusAA0A1E4B" } }, - "BusPolicyCF00D793": { + "BusStatement1B4D0336C": { "Type": "AWS::Events::EventBusPolicy", "Properties": { - "StatementId": "123", "EventBusName": { "Ref": "BusEA82B648" }, @@ -21,7 +20,11 @@ "Fn::Join": [ "", [ - "arn:aws:iam::", + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::", { "Ref": "AWS::AccountId" }, @@ -36,8 +39,47 @@ "Arn" ] }, - "Sid": "123" - } + "Sid": "Statement1" + }, + "StatementId": "Statement1" + } + }, + "BusStatement2B5FB314B": { + "Type": "AWS::Events::EventBusPolicy", + "Properties": { + "EventBusName": { + "Ref": "BusEA82B648" + }, + "Statement": { + "Action": "events:PutRule", + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" + ] + ] + } + }, + "Resource": { + "Fn::GetAtt": [ + "BusEA82B648", + "Arn" + ] + }, + "Sid": "Statement2" + }, + "StatementId": "Statement2" } } }, diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-events/test/integ.eventbus.js.snapshot/cdk.out b/packages/@aws-cdk-testing/framework-integ/test/aws-events/test/integ.eventbus.js.snapshot/cdk.out index 145739f539580..2313ab5436501 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-events/test/integ.eventbus.js.snapshot/cdk.out +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-events/test/integ.eventbus.js.snapshot/cdk.out @@ -1 +1 @@ -{"version":"22.0.0"} \ No newline at end of file +{"version":"34.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-events/test/integ.eventbus.js.snapshot/integ.json b/packages/@aws-cdk-testing/framework-integ/test/aws-events/test/integ.eventbus.js.snapshot/integ.json index 4ccd06ac2c606..6fe4c5f82830c 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-events/test/integ.eventbus.js.snapshot/integ.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-events/test/integ.eventbus.js.snapshot/integ.json @@ -1,12 +1,12 @@ { - "version": "22.0.0", + "version": "34.0.0", "testCases": { - "IntegTest-BatchDefaultEnvVarsStack/DefaultTest": { + "IntegTest-EventBusStack/DefaultTest": { "stacks": [ "Stack" ], - "assertionStack": "IntegTest-BatchDefaultEnvVarsStack/DefaultTest/DeployAssert", - "assertionStackName": "IntegTestBatchDefaultEnvVarsStackDefaultTestDeployAssertC15EFFF2" + "assertionStack": "IntegTest-EventBusStack/DefaultTest/DeployAssert", + "assertionStackName": "IntegTestEventBusStackDefaultTestDeployAssertE6DF8EA9" } } } \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-events/test/integ.eventbus.js.snapshot/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/aws-events/test/integ.eventbus.js.snapshot/manifest.json index a447751618586..11bedb11869b1 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-events/test/integ.eventbus.js.snapshot/manifest.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-events/test/integ.eventbus.js.snapshot/manifest.json @@ -1,5 +1,5 @@ { - "version": "22.0.0", + "version": "34.0.0", "artifacts": { "Stack.assets": { "type": "cdk:asset-manifest", @@ -11,20 +11,21 @@ }, "Stack": { "type": "aws:cloudformation:stack", - "environment": "aws://unknown-account/us-east-1", + "environment": "aws://unknown-account/unknown-region", "properties": { "templateFile": "Stack.template.json", + "terminationProtection": false, "validateOnSynth": false, - "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-us-east-1", - "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-us-east-1", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-us-east-1/c71ed4ea3da796e03fa29834408d0b65d9093011ecfedfbb40bae050834974cc.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/57e14b65d6e62634abcf2a64f00eb08e99ee92617490f92b45eff16399d6173a.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ "Stack.assets" ], "lookupRole": { - "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-us-east-1", + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", "requiresBootstrapStackVersion": 8, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" } @@ -39,10 +40,16 @@ "data": "BusEA82B648" } ], - "/Stack/Bus/Policy/Resource": [ + "/Stack/Bus/Statement1/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "BusStatement1B4D0336C" + } + ], + "/Stack/Bus/Statement2/Resource": [ { "type": "aws:cdk:logicalId", - "data": "BusPolicyCF00D793" + "data": "BusStatement2B5FB314B" } ], "/Stack/BootstrapVersion": [ @@ -60,19 +67,20 @@ }, "displayName": "Stack" }, - "IntegTestBatchDefaultEnvVarsStackDefaultTestDeployAssertC15EFFF2.assets": { + "IntegTestEventBusStackDefaultTestDeployAssertE6DF8EA9.assets": { "type": "cdk:asset-manifest", "properties": { - "file": "IntegTestBatchDefaultEnvVarsStackDefaultTestDeployAssertC15EFFF2.assets.json", + "file": "IntegTestEventBusStackDefaultTestDeployAssertE6DF8EA9.assets.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" } }, - "IntegTestBatchDefaultEnvVarsStackDefaultTestDeployAssertC15EFFF2": { + "IntegTestEventBusStackDefaultTestDeployAssertE6DF8EA9": { "type": "aws:cloudformation:stack", "environment": "aws://unknown-account/unknown-region", "properties": { - "templateFile": "IntegTestBatchDefaultEnvVarsStackDefaultTestDeployAssertC15EFFF2.template.json", + "templateFile": "IntegTestEventBusStackDefaultTestDeployAssertE6DF8EA9.template.json", + "terminationProtection": false, "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", @@ -80,7 +88,7 @@ "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ - "IntegTestBatchDefaultEnvVarsStackDefaultTestDeployAssertC15EFFF2.assets" + "IntegTestEventBusStackDefaultTestDeployAssertE6DF8EA9.assets" ], "lookupRole": { "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", @@ -89,23 +97,23 @@ } }, "dependencies": [ - "IntegTestBatchDefaultEnvVarsStackDefaultTestDeployAssertC15EFFF2.assets" + "IntegTestEventBusStackDefaultTestDeployAssertE6DF8EA9.assets" ], "metadata": { - "/IntegTest-BatchDefaultEnvVarsStack/DefaultTest/DeployAssert/BootstrapVersion": [ + "/IntegTest-EventBusStack/DefaultTest/DeployAssert/BootstrapVersion": [ { "type": "aws:cdk:logicalId", "data": "BootstrapVersion" } ], - "/IntegTest-BatchDefaultEnvVarsStack/DefaultTest/DeployAssert/CheckBootstrapVersion": [ + "/IntegTest-EventBusStack/DefaultTest/DeployAssert/CheckBootstrapVersion": [ { "type": "aws:cdk:logicalId", "data": "CheckBootstrapVersion" } ] }, - "displayName": "IntegTest-BatchDefaultEnvVarsStack/DefaultTest/DeployAssert" + "displayName": "IntegTest-EventBusStack/DefaultTest/DeployAssert" }, "Tree": { "type": "cdk:tree", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-events/test/integ.eventbus.js.snapshot/tree.json b/packages/@aws-cdk-testing/framework-integ/test/aws-events/test/integ.eventbus.js.snapshot/tree.json index c75244482411a..d6fbe1678d677 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-events/test/integ.eventbus.js.snapshot/tree.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-events/test/integ.eventbus.js.snapshot/tree.json @@ -22,21 +22,20 @@ } }, "constructInfo": { - "fqn": "@aws-cdk/core.CfnResource", + "fqn": "aws-cdk-lib.aws_events.CfnEventBus", "version": "0.0.0" } }, - "Policy": { - "id": "Policy", - "path": "Stack/Bus/Policy", + "Statement1": { + "id": "Statement1", + "path": "Stack/Bus/Statement1", "children": { "Resource": { "id": "Resource", - "path": "Stack/Bus/Policy/Resource", + "path": "Stack/Bus/Statement1/Resource", "attributes": { "aws:cdk:cloudformation:type": "AWS::Events::EventBusPolicy", "aws:cdk:cloudformation:props": { - "statementId": "123", "eventBusName": { "Ref": "BusEA82B648" }, @@ -48,7 +47,11 @@ "Fn::Join": [ "", [ - "arn:aws:iam::", + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::", { "Ref": "AWS::AccountId" }, @@ -63,24 +66,81 @@ "Arn" ] }, - "Sid": "123" - } + "Sid": "Statement1" + }, + "statementId": "Statement1" + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_events.CfnEventBusPolicy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_events.EventBusPolicy", + "version": "0.0.0" + } + }, + "Statement2": { + "id": "Statement2", + "path": "Stack/Bus/Statement2", + "children": { + "Resource": { + "id": "Resource", + "path": "Stack/Bus/Statement2/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Events::EventBusPolicy", + "aws:cdk:cloudformation:props": { + "eventBusName": { + "Ref": "BusEA82B648" + }, + "statement": { + "Action": "events:PutRule", + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" + ] + ] + } + }, + "Resource": { + "Fn::GetAtt": [ + "BusEA82B648", + "Arn" + ] + }, + "Sid": "Statement2" + }, + "statementId": "Statement2" } }, "constructInfo": { - "fqn": "@aws-cdk/core.CfnResource", + "fqn": "aws-cdk-lib.aws_events.CfnEventBusPolicy", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/core.Resource", + "fqn": "aws-cdk-lib.aws_events.EventBusPolicy", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/core.Resource", + "fqn": "aws-cdk-lib.aws_events.EventBus", "version": "0.0.0" } }, @@ -88,7 +148,7 @@ "id": "BootstrapVersion", "path": "Stack/BootstrapVersion", "constructInfo": { - "fqn": "@aws-cdk/core.CfnParameter", + "fqn": "aws-cdk-lib.CfnParameter", "version": "0.0.0" } }, @@ -96,67 +156,67 @@ "id": "CheckBootstrapVersion", "path": "Stack/CheckBootstrapVersion", "constructInfo": { - "fqn": "@aws-cdk/core.CfnRule", + "fqn": "aws-cdk-lib.CfnRule", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/core.Stack", + "fqn": "aws-cdk-lib.Stack", "version": "0.0.0" } }, - "IntegTest-BatchDefaultEnvVarsStack": { - "id": "IntegTest-BatchDefaultEnvVarsStack", - "path": "IntegTest-BatchDefaultEnvVarsStack", + "IntegTest-EventBusStack": { + "id": "IntegTest-EventBusStack", + "path": "IntegTest-EventBusStack", "children": { "DefaultTest": { "id": "DefaultTest", - "path": "IntegTest-BatchDefaultEnvVarsStack/DefaultTest", + "path": "IntegTest-EventBusStack/DefaultTest", "children": { "Default": { "id": "Default", - "path": "IntegTest-BatchDefaultEnvVarsStack/DefaultTest/Default", + "path": "IntegTest-EventBusStack/DefaultTest/Default", "constructInfo": { "fqn": "constructs.Construct", - "version": "10.1.168" + "version": "10.2.70" } }, "DeployAssert": { "id": "DeployAssert", - "path": "IntegTest-BatchDefaultEnvVarsStack/DefaultTest/DeployAssert", + "path": "IntegTest-EventBusStack/DefaultTest/DeployAssert", "children": { "BootstrapVersion": { "id": "BootstrapVersion", - "path": "IntegTest-BatchDefaultEnvVarsStack/DefaultTest/DeployAssert/BootstrapVersion", + "path": "IntegTest-EventBusStack/DefaultTest/DeployAssert/BootstrapVersion", "constructInfo": { - "fqn": "@aws-cdk/core.CfnParameter", + "fqn": "aws-cdk-lib.CfnParameter", "version": "0.0.0" } }, "CheckBootstrapVersion": { "id": "CheckBootstrapVersion", - "path": "IntegTest-BatchDefaultEnvVarsStack/DefaultTest/DeployAssert/CheckBootstrapVersion", + "path": "IntegTest-EventBusStack/DefaultTest/DeployAssert/CheckBootstrapVersion", "constructInfo": { - "fqn": "@aws-cdk/core.CfnRule", + "fqn": "aws-cdk-lib.CfnRule", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/core.Stack", + "fqn": "aws-cdk-lib.Stack", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/integ-tests.IntegTestCase", + "fqn": "@aws-cdk/integ-tests-alpha.IntegTestCase", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/integ-tests.IntegTest", + "fqn": "@aws-cdk/integ-tests-alpha.IntegTest", "version": "0.0.0" } }, @@ -165,12 +225,12 @@ "path": "Tree", "constructInfo": { "fqn": "constructs.Construct", - "version": "10.1.168" + "version": "10.2.70" } } }, "constructInfo": { - "fqn": "@aws-cdk/core.App", + "fqn": "aws-cdk-lib.App", "version": "0.0.0" } } diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-events/test/integ.eventbus.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-events/test/integ.eventbus.ts index 2afeb6e23df3c..08b54b635dd1b 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-events/test/integ.eventbus.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-events/test/integ.eventbus.ts @@ -4,21 +4,25 @@ import { IntegTest } from '@aws-cdk/integ-tests-alpha'; import { EventBus } from 'aws-cdk-lib/aws-events'; const app = new App(); -const stack = new Stack(app, 'Stack', { - env: { - region: 'us-east-1', - }, -}); +const stack = new Stack(app, 'Stack'); const bus = new EventBus(stack, 'Bus'); bus.addToResourcePolicy(new iam.PolicyStatement({ effect: iam.Effect.ALLOW, principals: [new iam.AccountPrincipal(stack.account)], actions: ['events:PutEvents'], - sid: '123', + sid: 'Statement1', + resources: [bus.eventBusArn], +})); + +bus.addToResourcePolicy(new iam.PolicyStatement({ + effect: iam.Effect.ALLOW, + principals: [new iam.AccountPrincipal(stack.account)], + actions: ['events:PutRule'], + sid: 'Statement2', resources: [bus.eventBusArn], })); -new IntegTest(app, 'IntegTest-BatchDefaultEnvVarsStack', { +new IntegTest(app, 'IntegTest-EventBusStack', { testCases: [stack], }); From 824c62db6b96cf844fb1a473e489fcf16ab44fc4 Mon Sep 17 00:00:00 2001 From: Spencer Post Date: Thu, 28 Sep 2023 10:28:35 -0600 Subject: [PATCH 3/6] update arn in test --- packages/aws-cdk-lib/aws-events/test/event-bus.test.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/aws-cdk-lib/aws-events/test/event-bus.test.ts b/packages/aws-cdk-lib/aws-events/test/event-bus.test.ts index 98948316051c4..238533d25ecfc 100644 --- a/packages/aws-cdk-lib/aws-events/test/event-bus.test.ts +++ b/packages/aws-cdk-lib/aws-events/test/event-bus.test.ts @@ -599,7 +599,7 @@ describe('event bus', () => { principals: [new iam.ArnPrincipal('arn')], actions: ['events:DeleteRule'], sid: 'statement2', - resources: [`${bus.eventBusArn}/*`], + resources: [bus.eventBusArn], }); // WHEN From e88f74924d5b8c1115749c7944ceb1f3a4020b28 Mon Sep 17 00:00:00 2001 From: Spencer Post Date: Thu, 5 Oct 2023 09:51:47 -0600 Subject: [PATCH 4/6] assert on policy count --- packages/aws-cdk-lib/aws-events/test/event-bus.test.ts | 1 + 1 file changed, 1 insertion(+) diff --git a/packages/aws-cdk-lib/aws-events/test/event-bus.test.ts b/packages/aws-cdk-lib/aws-events/test/event-bus.test.ts index 238533d25ecfc..3d9b4de91994c 100644 --- a/packages/aws-cdk-lib/aws-events/test/event-bus.test.ts +++ b/packages/aws-cdk-lib/aws-events/test/event-bus.test.ts @@ -609,6 +609,7 @@ describe('event bus', () => { // THEN expect(add1.statementAdded).toBe(true); expect(add2.statementAdded).toBe(true); + Template.fromStack(stack).resourceCountIs('AWS::Events::EventBusPolicy', 2); }); test('Event Bus policy statements must have a sid', () => { From 8cb5b894f76069732d78b97528ea4abda173e92c Mon Sep 17 00:00:00 2001 From: Spencer Post Date: Fri, 6 Oct 2023 12:13:27 -0600 Subject: [PATCH 5/6] remove policies property --- packages/aws-cdk-lib/aws-events/lib/event-bus.ts | 10 +--------- 1 file changed, 1 insertion(+), 9 deletions(-) diff --git a/packages/aws-cdk-lib/aws-events/lib/event-bus.ts b/packages/aws-cdk-lib/aws-events/lib/event-bus.ts index 603b1bf5962d2..e7fac9f06c82e 100644 --- a/packages/aws-cdk-lib/aws-events/lib/event-bus.ts +++ b/packages/aws-cdk-lib/aws-events/lib/event-bus.ts @@ -309,11 +309,6 @@ export class EventBus extends EventBusBase { */ public readonly eventSourceName?: string; - /** - * The EventBusPolicies attached to this event bus - */ - public readonly policies: EventBusPolicy[]; - constructor(scope: Construct, id: string, props?: EventBusProps) { const { eventBusName, eventSourceName } = EventBus.eventBusProps( Lazy.string({ produce: () => Names.uniqueId(this) }), @@ -322,8 +317,6 @@ export class EventBus extends EventBusBase { super(scope, id, { physicalName: eventBusName }); - this.policies = []; - const eventBus = new CfnEventBus(this, 'Resource', { name: this.physicalName, eventSourceName, @@ -348,12 +341,11 @@ export class EventBus extends EventBusBase { throw new Error('Event Bus policy statements must have a sid'); } - const policy = new EventBusPolicy(this, statement.sid, { + new EventBusPolicy(this, statement.sid, { eventBus: this, statement: statement.toJSON(), statementId: statement.sid, }); - this.policies.push(policy); return { statementAdded: true, policyDependable: policy }; } From 12b88155da6aed2d963c08097feb9d0ff0ec0dd7 Mon Sep 17 00:00:00 2001 From: Spencer Post Date: Fri, 6 Oct 2023 12:32:54 -0600 Subject: [PATCH 6/6] fix --- packages/aws-cdk-lib/aws-events/lib/event-bus.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/aws-cdk-lib/aws-events/lib/event-bus.ts b/packages/aws-cdk-lib/aws-events/lib/event-bus.ts index e7fac9f06c82e..a59aa8c1b4cca 100644 --- a/packages/aws-cdk-lib/aws-events/lib/event-bus.ts +++ b/packages/aws-cdk-lib/aws-events/lib/event-bus.ts @@ -341,7 +341,7 @@ export class EventBus extends EventBusBase { throw new Error('Event Bus policy statements must have a sid'); } - new EventBusPolicy(this, statement.sid, { + const policy = new EventBusPolicy(this, statement.sid, { eventBus: this, statement: statement.toJSON(), statementId: statement.sid,