From 20238ec211e0d32b5b26fdbe821af4343c9319a5 Mon Sep 17 00:00:00 2001 From: Andrea Amorosi Date: Tue, 21 Feb 2023 16:34:47 +0100 Subject: [PATCH 1/2] refactor: moved ssm resource creation to AwsCustomResource --- .../tests/e2e/ssmProvider.class.test.ts | 14 +--- .../tests/helpers/parametersUtils.ts | 80 ++++++------------- 2 files changed, 25 insertions(+), 69 deletions(-) diff --git a/packages/parameters/tests/e2e/ssmProvider.class.test.ts b/packages/parameters/tests/e2e/ssmProvider.class.test.ts index 51701649e5..fb7f3e56f4 100644 --- a/packages/parameters/tests/e2e/ssmProvider.class.test.ts +++ b/packages/parameters/tests/e2e/ssmProvider.class.test.ts @@ -22,10 +22,7 @@ import { TEARDOWN_TIMEOUT, TEST_CASE_TIMEOUT } from './constants'; -import { - createSecureStringProvider, - createSSMSecureString -} from '../helpers/parametersUtils'; +import { createSSMSecureString } from '../helpers/parametersUtils'; const runtime: string = process.env.RUNTIME || 'nodejs18x'; @@ -127,13 +124,6 @@ describe(`parameters E2E tests (ssmProvider) for runtime: ${runtime}`, () => { runtime, }); - // Create Custom Resource provider: - // will be used to create some SSM parameters not supported by CDK - const provider = createSecureStringProvider({ - stack, - parametersPrefix: `${RESOURCE_NAME_PREFIX}-${runtime}-${uuid.substring(0,5)}` - }); - // Create SSM parameters const parameterGetA = new StringParameter(stack, 'Param-a', { parameterName: paramA, @@ -146,7 +136,6 @@ describe(`parameters E2E tests (ssmProvider) for runtime: ${runtime}`, () => { const parameterEncryptedA = createSSMSecureString({ stack, - provider, id: 'Param-encrypted-a', name: paramEncryptedA, value: paramEncryptedAValue, @@ -154,7 +143,6 @@ describe(`parameters E2E tests (ssmProvider) for runtime: ${runtime}`, () => { const parameterEncryptedB = createSSMSecureString({ stack, - provider, id: 'Param-encrypted-b', name: paramEncryptedB, value: paramEncryptedBValue, diff --git a/packages/parameters/tests/helpers/parametersUtils.ts b/packages/parameters/tests/helpers/parametersUtils.ts index 3e769f9d3e..89a8c52efc 100644 --- a/packages/parameters/tests/helpers/parametersUtils.ts +++ b/packages/parameters/tests/helpers/parametersUtils.ts @@ -1,9 +1,5 @@ -import { Stack, RemovalPolicy, CustomResource, Duration } from 'aws-cdk-lib'; -import { PhysicalResourceId, Provider } from 'aws-cdk-lib/custom-resources'; -import { RetentionDays } from 'aws-cdk-lib/aws-logs'; -import { NodejsFunction } from 'aws-cdk-lib/aws-lambda-nodejs'; -import { Runtime } from 'aws-cdk-lib/aws-lambda'; -import { PolicyStatement } from 'aws-cdk-lib/aws-iam'; +import { Stack, RemovalPolicy } from 'aws-cdk-lib'; +import { PhysicalResourceId } from 'aws-cdk-lib/custom-resources'; import { StringParameter, IStringParameter } from 'aws-cdk-lib/aws-ssm'; import { Table, TableProps, BillingMode } from 'aws-cdk-lib/aws-dynamodb'; import { @@ -138,70 +134,43 @@ const createAppConfigConfigurationProfile = (options: CreateAppConfigConfigurati }); }; -export type CreateSecureStringProviderOptions = { - stack: Stack - parametersPrefix: string -}; - -const createSecureStringProvider = (options: CreateSecureStringProviderOptions): Provider => { - const { stack, parametersPrefix } = options; - - const ssmSecureStringHandlerFn = new NodejsFunction( - stack, - 'ssm-securestring-handler', - { - entry: 'tests/helpers/ssmSecureStringCdk.ts', - handler: 'handler', - bundling: { - minify: true, - sourceMap: true, - target: 'es2020', - externalModules: [], - }, - runtime: Runtime.NODEJS_18_X, - timeout: Duration.seconds(15), - }); - ssmSecureStringHandlerFn.addToRolePolicy( - new PolicyStatement({ - actions: [ - 'ssm:PutParameter', - 'ssm:DeleteParameter', - ], - resources: [ - `arn:aws:ssm:${stack.region}:${stack.account}:parameter/${parametersPrefix}*`, - ], - }), - ); - - return new Provider(stack, 'ssm-secure-string-provider', { - onEventHandler: ssmSecureStringHandlerFn, - logRetention: RetentionDays.ONE_DAY, - }); -}; - export type CreateSSMSecureStringOptions = { stack: Stack - provider: Provider id: string name: string value: string }; const createSSMSecureString = (options: CreateSSMSecureStringOptions): IStringParameter => { - const { stack, provider, id, name, value } = options; + const { stack, id, name, value } = options; - new CustomResource(stack, `custom-${id}`, { - serviceToken: provider.serviceToken, - properties: { - Name: name, - Value: value, + const paramCreator = new AwsCustomResource(stack, `create-${id}`, { + onCreate: { + service: 'SSM', + action: 'putParameter', + parameters: { + Name: name, + Value: value, + Type: 'SecureString', + }, + physicalResourceId: PhysicalResourceId.of(id), }, + onDelete: { + service: 'SSM', + action: 'deleteParameter', + parameters: { + Name: name, + }, + }, + policy: AwsCustomResourcePolicy.fromSdkCalls({ + resources: AwsCustomResourcePolicy.ANY_RESOURCE, + }), }); const param = StringParameter.fromSecureStringParameterAttributes(stack, id, { parameterName: name, }); - param.node.addDependency(provider); + param.node.addDependency(paramCreator); return param; }; @@ -237,6 +206,5 @@ export { createBaseAppConfigResources, createAppConfigConfigurationProfile, createSSMSecureString, - createSecureStringProvider, putDynamoDBItem, }; From 0cb6a7f4d30f015e856058a5640678f998f39c4a Mon Sep 17 00:00:00 2001 From: Andrea Amorosi Date: Tue, 21 Feb 2023 16:39:29 +0100 Subject: [PATCH 2/2] chore: removed unused function --- .../tests/helpers/ssmSecureStringCdk.ts | 54 ------------------- 1 file changed, 54 deletions(-) delete mode 100644 packages/parameters/tests/helpers/ssmSecureStringCdk.ts diff --git a/packages/parameters/tests/helpers/ssmSecureStringCdk.ts b/packages/parameters/tests/helpers/ssmSecureStringCdk.ts deleted file mode 100644 index 2076c25c47..0000000000 --- a/packages/parameters/tests/helpers/ssmSecureStringCdk.ts +++ /dev/null @@ -1,54 +0,0 @@ -import { - Context, - CloudFormationCustomResourceEvent -} from 'aws-lambda'; -import { - SSMClient, - PutParameterCommand, - DeleteParameterCommand -} from '@aws-sdk/client-ssm'; - -const client = new SSMClient({}); - -/** - * Create a new SSM SecureString parameter. - */ -const createResource = async (event: CloudFormationCustomResourceEvent): Promise => { - const { ResourceProperties } = event; - const { Name, Value } = ResourceProperties; - - await client.send(new PutParameterCommand({ - Name, - Value, - Type: 'SecureString', - })); -}; - -/** - * Delete an existing SSM parameter. - */ -const deleteResource = async (event: CloudFormationCustomResourceEvent): Promise => { - const { ResourceProperties } = event; - const { Name } = ResourceProperties; - - await client.send(new DeleteParameterCommand({ - Name, - })); -}; - -/** - * Custom resource handler for creating and deleting SSM SecureString parameters. This is used by - * CDK to create and delete the SSM SecureString parameters that are used to test the SSMProvider. - * - * We need a custom resource because CDK does not support creating SSM SecureString parameters. - */ -export const handler = async (event: CloudFormationCustomResourceEvent, _context: Context): Promise => { - if (event.RequestType === 'Create') { - await createResource(event); - } else if (event.RequestType === 'Delete') { - await deleteResource(event); - } else { - console.error('Unknown or unsupported request type', event); - throw new Error('Unknown or unsupported request type'); - } -}; \ No newline at end of file