Skip to content

Commit 7b9652e

Browse files
ndejaco2ndejaco2
authored
feat(appsync): Standalone L2 construct for SourceApiAssociation (#27121)
As part of supporting AppSync Merged APIs, this change introduces a standalone SourceApiAssociation construct for declaring a source api association between a source API and a Merged API. Why do we need a standalone construct? * There are two potential deployment models when dealing with separate stacks/pipelines between the source API and Merged API: 1. Push model where the source API owners manage the association in their stack 2. Pull model where the associations are managed in the Merged API stack. * Having a standalone construct gives developers more flexibility while still handling all the IAM permission handling in a single place. * Developers can continue to use the GraphQLApi construct and declare the source api configuration all within a single construct as before. But, if they want to have the source api association as a standalone object this change gives them flexibility I also fixed two issues related to IAM: 1. The resource for appsync:SourceGraphQL needs both the source api arn and the source api arn + "/*" to get all top level fields. 2. The merged api execution role also needs appsync:StartSchemaMerge if the association is using AUTO_MERGE. The fix here is preferred over existing PR: #27025 Closes #26986 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
1 parent 1e67f9d commit 7b9652e

36 files changed

+3461
-169
lines changed

allowed-breaking-changes.txt

+3
Original file line numberDiff line numberDiff line change
@@ -188,3 +188,6 @@ removed:aws-cdk-lib.aws_cloudwatch.CfnAlarm.attrId
188188
removed:aws-cdk-lib.aws_ec2.CfnNetworkInterface.enablePrimaryIpv6
189189
removed:aws-cdk-lib.aws_ec2.CfnNetworkInterfaceAttachment.attrId
190190
removed:aws-cdk-lib.aws_ec2.CfnNetworkInterfaceProps.enablePrimaryIpv6
191+
192+
# Changed type from GraphqlApi to IGraphqlApi to support import from a different stack, should not matter.
193+
weakened:aws-cdk-lib.aws_appsync.SourceApi

packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/appsync.merged-api-3.graphql

+9
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,9 @@
1+
type thirdTest {
2+
version: String!
3+
}
4+
type Query {
5+
getThirdTests: [thirdTest]!
6+
}
7+
type Mutation {
8+
addThirdTest(version: String!): thirdTest
9+
}

packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.appsync-merged-api-arn-flag-enabled.js.snapshot/apiDefaultTestDeployAssert018781F2.assets.json

+19
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,19 @@
1+
{
2+
"version": "34.0.0",
3+
"files": {
4+
"21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": {
5+
"source": {
6+
"path": "apiDefaultTestDeployAssert018781F2.template.json",
7+
"packaging": "file"
8+
},
9+
"destinations": {
10+
"current_account-current_region": {
11+
"bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}",
12+
"objectKey": "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json",
13+
"assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}"
14+
}
15+
}
16+
}
17+
},
18+
"dockerImages": {}
19+
}

packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.appsync-merged-api-arn-flag-enabled.js.snapshot/apiDefaultTestDeployAssert018781F2.template.json

+36
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,36 @@
1+
{
2+
"Parameters": {
3+
"BootstrapVersion": {
4+
"Type": "AWS::SSM::Parameter::Value<String>",
5+
"Default": "/cdk-bootstrap/hnb659fds/version",
6+
"Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]"
7+
}
8+
},
9+
"Rules": {
10+
"CheckBootstrapVersion": {
11+
"Assertions": [
12+
{
13+
"Assert": {
14+
"Fn::Not": [
15+
{
16+
"Fn::Contains": [
17+
[
18+
"1",
19+
"2",
20+
"3",
21+
"4",
22+
"5"
23+
],
24+
{
25+
"Ref": "BootstrapVersion"
26+
}
27+
]
28+
}
29+
]
30+
},
31+
"AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI."
32+
}
33+
]
34+
}
35+
}
36+
}

packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.appsync-merged-api-arn-flag-enabled.js.snapshot/cdk.out

+1
Original file line numberDiff line numberDiff line change
@@ -0,0 +1 @@
1+
{"version":"34.0.0"}

packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.appsync-merged-api-arn-flag-enabled.js.snapshot/integ.json

+12
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,12 @@
1+
{
2+
"version": "34.0.0",
3+
"testCases": {
4+
"api/DefaultTest": {
5+
"stacks": [
6+
"stack"
7+
],
8+
"assertionStack": "api/DefaultTest/DeployAssert",
9+
"assertionStackName": "apiDefaultTestDeployAssert018781F2"
10+
}
11+
}
12+
}

packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.appsync-merged-api-arn-flag-enabled.js.snapshot/manifest.json

+189
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,189 @@
1+
{
2+
"version": "34.0.0",
3+
"artifacts": {
4+
"stack.assets": {
5+
"type": "cdk:asset-manifest",
6+
"properties": {
7+
"file": "stack.assets.json",
8+
"requiresBootstrapStackVersion": 6,
9+
"bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version"
10+
}
11+
},
12+
"stack": {
13+
"type": "aws:cloudformation:stack",
14+
"environment": "aws://unknown-account/unknown-region",
15+
"properties": {
16+
"templateFile": "stack.template.json",
17+
"validateOnSynth": false,
18+
"assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}",
19+
"cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}",
20+
"stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/56930136ed109a6e2bbab108d97daf7201ee4fd652cff93f20eb31cd855e4e47.json",
21+
"requiresBootstrapStackVersion": 6,
22+
"bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version",
23+
"additionalDependencies": [
24+
"stack.assets"
25+
],
26+
"lookupRole": {
27+
"arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}",
28+
"requiresBootstrapStackVersion": 8,
29+
"bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version"
30+
}
31+
},
32+
"dependencies": [
33+
"stack.assets"
34+
],
35+
"metadata": {
36+
"/stack/FirstSourceAPI/Resource": [
37+
{
38+
"type": "aws:cdk:logicalId",
39+
"data": "FirstSourceAPIB0DE8D5A"
40+
}
41+
],
42+
"/stack/FirstSourceAPI/Schema": [
43+
{
44+
"type": "aws:cdk:logicalId",
45+
"data": "FirstSourceAPISchemaF2FDB692"
46+
}
47+
],
48+
"/stack/FirstSourceAPI/DefaultApiKey": [
49+
{
50+
"type": "aws:cdk:logicalId",
51+
"data": "FirstSourceAPIDefaultApiKey9D9AE06D"
52+
}
53+
],
54+
"/stack/FirstSourceAPI/FirstSourceDS/Resource": [
55+
{
56+
"type": "aws:cdk:logicalId",
57+
"data": "FirstSourceAPIFirstSourceDS6AD299B7"
58+
}
59+
],
60+
"/stack/SecondSourceAPI/Resource": [
61+
{
62+
"type": "aws:cdk:logicalId",
63+
"data": "SecondSourceAPIE903371D"
64+
}
65+
],
66+
"/stack/SecondSourceAPI/Schema": [
67+
{
68+
"type": "aws:cdk:logicalId",
69+
"data": "SecondSourceAPISchema65B7401E"
70+
}
71+
],
72+
"/stack/SecondSourceAPI/DefaultApiKey": [
73+
{
74+
"type": "aws:cdk:logicalId",
75+
"data": "SecondSourceAPIDefaultApiKeyCE5A0A64"
76+
}
77+
],
78+
"/stack/SecondSourceAPI/SecondSourceDS/Resource": [
79+
{
80+
"type": "aws:cdk:logicalId",
81+
"data": "SecondSourceAPISecondSourceDSEA46EBA7"
82+
}
83+
],
84+
"/stack/MergedAPI/MergedApiExecutionRole/Resource": [
85+
{
86+
"type": "aws:cdk:logicalId",
87+
"data": "MergedAPIMergedApiExecutionRole5F2BCCAD"
88+
}
89+
],
90+
"/stack/MergedAPI/MergedApiExecutionRole/DefaultPolicy/Resource": [
91+
{
92+
"type": "aws:cdk:logicalId",
93+
"data": "MergedAPIMergedApiExecutionRoleDefaultPolicy31A96DBC"
94+
}
95+
],
96+
"/stack/MergedAPI/Resource": [
97+
{
98+
"type": "aws:cdk:logicalId",
99+
"data": "MergedAPI08D3EAD1"
100+
}
101+
],
102+
"/stack/MergedAPI/FirstSourceAPIAssociation": [
103+
{
104+
"type": "aws:cdk:logicalId",
105+
"data": "MergedAPIFirstSourceAPIAssociationEC781BA9"
106+
}
107+
],
108+
"/stack/MergedAPI/SecondSourceAPIAssociation": [
109+
{
110+
"type": "aws:cdk:logicalId",
111+
"data": "MergedAPISecondSourceAPIAssociationBD1A08F4"
112+
}
113+
],
114+
"/stack/MergedAPI/DefaultApiKey": [
115+
{
116+
"type": "aws:cdk:logicalId",
117+
"data": "MergedAPIDefaultApiKeyAF5EA13C"
118+
}
119+
],
120+
"/stack/BootstrapVersion": [
121+
{
122+
"type": "aws:cdk:logicalId",
123+
"data": "BootstrapVersion"
124+
}
125+
],
126+
"/stack/CheckBootstrapVersion": [
127+
{
128+
"type": "aws:cdk:logicalId",
129+
"data": "CheckBootstrapVersion"
130+
}
131+
]
132+
},
133+
"displayName": "stack"
134+
},
135+
"apiDefaultTestDeployAssert018781F2.assets": {
136+
"type": "cdk:asset-manifest",
137+
"properties": {
138+
"file": "apiDefaultTestDeployAssert018781F2.assets.json",
139+
"requiresBootstrapStackVersion": 6,
140+
"bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version"
141+
}
142+
},
143+
"apiDefaultTestDeployAssert018781F2": {
144+
"type": "aws:cloudformation:stack",
145+
"environment": "aws://unknown-account/unknown-region",
146+
"properties": {
147+
"templateFile": "apiDefaultTestDeployAssert018781F2.template.json",
148+
"validateOnSynth": false,
149+
"assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}",
150+
"cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}",
151+
"stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json",
152+
"requiresBootstrapStackVersion": 6,
153+
"bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version",
154+
"additionalDependencies": [
155+
"apiDefaultTestDeployAssert018781F2.assets"
156+
],
157+
"lookupRole": {
158+
"arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}",
159+
"requiresBootstrapStackVersion": 8,
160+
"bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version"
161+
}
162+
},
163+
"dependencies": [
164+
"apiDefaultTestDeployAssert018781F2.assets"
165+
],
166+
"metadata": {
167+
"/api/DefaultTest/DeployAssert/BootstrapVersion": [
168+
{
169+
"type": "aws:cdk:logicalId",
170+
"data": "BootstrapVersion"
171+
}
172+
],
173+
"/api/DefaultTest/DeployAssert/CheckBootstrapVersion": [
174+
{
175+
"type": "aws:cdk:logicalId",
176+
"data": "CheckBootstrapVersion"
177+
}
178+
]
179+
},
180+
"displayName": "api/DefaultTest/DeployAssert"
181+
},
182+
"Tree": {
183+
"type": "cdk:tree",
184+
"properties": {
185+
"file": "tree.json"
186+
}
187+
}
188+
}
189+
}

packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.appsync-merged-api-arn-flag-enabled.js.snapshot/stack.assets.json

+19
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,19 @@
1+
{
2+
"version": "34.0.0",
3+
"files": {
4+
"56930136ed109a6e2bbab108d97daf7201ee4fd652cff93f20eb31cd855e4e47": {
5+
"source": {
6+
"path": "stack.template.json",
7+
"packaging": "file"
8+
},
9+
"destinations": {
10+
"current_account-current_region": {
11+
"bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}",
12+
"objectKey": "56930136ed109a6e2bbab108d97daf7201ee4fd652cff93f20eb31cd855e4e47.json",
13+
"assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}"
14+
}
15+
}
16+
}
17+
},
18+
"dockerImages": {}
19+
}

0 commit comments

Comments
 (0)