Skip to content

Commit

Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
fix integ tests
Browse files Browse the repository at this point in the history
5d committed Dec 9, 2024
1 parent 3fae58e commit e5a6c7b
Showing 108 changed files with 11,771 additions and 4,301 deletions.

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Original file line number Diff line number Diff line change
@@ -35,15 +35,15 @@ async function revokePrivileges(username: string, tablePrivileges: TablePrivileg
// Limited by human input
// eslint-disable-next-line @cdklabs/promiseall-no-unbounded-parallelism
await Promise.all(tablePrivileges.map(({ tableName, actions }) => {
return executeStatement(`REVOKE ${actions.join(', ')} ON ${tableName} FROM ${username}`, clusterProps);
return executeStatement(`REVOKE ${actions.join(', ')} ON "${tableName}" FROM ${username}`, clusterProps);
}));
}

async function grantPrivileges(username: string, tablePrivileges: TablePrivilege[], clusterProps: ClusterProps) {
// Limited by human input
// eslint-disable-next-line @cdklabs/promiseall-no-unbounded-parallelism
await Promise.all(tablePrivileges.map(({ tableName, actions }) => {
return executeStatement(`GRANT ${actions.join(', ')} ON ${tableName} TO ${username}`, clusterProps);
return executeStatement(`GRANT ${actions.join(', ')} ON "${tableName}" TO ${username}`, clusterProps);
}));
}

16 changes: 10 additions & 6 deletions packages/@aws-cdk/aws-redshift-alpha/lib/private/database-query.ts
Original file line number Diff line number Diff line change
@@ -6,7 +6,7 @@ import * as cdk from 'aws-cdk-lib/core';
import * as customresources from 'aws-cdk-lib/custom-resources';
import { Construct } from 'constructs';
import { DatabaseQueryHandlerProps } from './handler-props';
import { Cluster } from '../cluster';
import { Cluster, ICluster } from '../cluster';
import { DatabaseOptions } from '../database-options';
import { Stack } from 'aws-cdk-lib/core';

@@ -29,6 +29,9 @@ export interface DatabaseQueryProps<HandlerProps> extends DatabaseOptions {
}

export class DatabaseQuery<HandlerProps> extends Construct implements iam.IGrantable {
/**
* A mapping of singleton functions in the cluster to the assumable IAM roles of their respective invokers.
* */
private static handlerToRole: Record<string, iam.IRole> = {}

readonly grantPrincipal: iam.IPrincipal;
@@ -67,7 +70,7 @@ export class DatabaseQuery<HandlerProps> extends Construct implements iam.IGrant

const provider = new customresources.Provider(this, 'Provider', {
onEventHandler: handler,
role: this.roleForHandler(handler),
role: this.roleForHandler(handler, props.cluster),
});

const queryHandlerProps: DatabaseQueryHandlerProps & HandlerProps = {
@@ -121,16 +124,17 @@ export class DatabaseQuery<HandlerProps> extends Construct implements iam.IGrant
return adminUser;
}

private roleForHandler(handler: lambda.SingletonFunction): iam.IRole {
if (!DatabaseQuery.handlerToRole[handler.constructName]) {
DatabaseQuery.handlerToRole[handler.constructName] = new iam.Role(Stack.of(this), `Role${handler.constructName}`, {
private roleForHandler(handler: lambda.SingletonFunction, cluster: ICluster): iam.IRole {
const key = cluster.clusterName + handler.constructName;
if (!DatabaseQuery.handlerToRole[key]) {
DatabaseQuery.handlerToRole[key] = new iam.Role(Stack.of(this), `Role${handler.constructName}`, {
assumedBy: new iam.ServicePrincipal('lambda.amazonaws.com'),
managedPolicies: [
iam.ManagedPolicy.fromAwsManagedPolicyName('service-role/AWSLambdaBasicExecutionRole'),
],
});
}

return DatabaseQuery.handlerToRole[handler.constructName];
return DatabaseQuery.handlerToRole[key];
}
}
51 changes: 27 additions & 24 deletions packages/@aws-cdk/aws-redshift-alpha/lib/private/privileges.ts
Original file line number Diff line number Diff line change
@@ -5,7 +5,7 @@ import { ITable, TableAction } from '../table';
import { IUser } from '../user';
import { DatabaseQuery } from './database-query';
import { HandlerName } from './database-query-provider/handler-name';
import { TablePrivilege as SerializedTablePrivilege, UserTablePrivilegesHandlerProps } from './handler-props';
import { UserTablePrivilegesHandlerProps } from './handler-props';

/**
* The Redshift table and action that make up a privilege that can be granted to a Redshift user.
@@ -39,6 +39,18 @@ export interface UserTablePrivilegesProps extends DatabaseOptions {
readonly privileges?: TablePrivilege[];
}

const unifyTableActions = (tableActions: TableAction[]): TableAction[] => {
const set = new Set<TableAction>(tableActions);
if (set.has(TableAction.UPDATE) || set.has(TableAction.DELETE)) {
set.add(TableAction.SELECT);
}

if (set.has(TableAction.ALL)) {
return [TableAction.ALL];
}
return [...set];
};

/**
* Privileges granted to a Redshift user on Redshift tables.
*
@@ -62,33 +74,24 @@ export class UserTablePrivileges extends Construct {
username: props.user.username,
tablePrivileges: cdk.Lazy.any({
produce: () => {
const reducedPrivileges = this.privileges.reduce((privileges, { table, actions }) => {
const tableId = table.node.id;
if (!(tableId in privileges)) {
privileges[tableId] = {
const groupedPrivileges = this.privileges.reduce(
(privileges, { table, actions }) => ({
...privileges,
[table.node.id]: {
actions: [
...(privileges[table.node.id]?.actions ?? []),
...actions,
],
tableName: table.tableName,
actions: [],
};
}
actions = actions.concat(privileges[tableId].actions);
if (actions.includes(TableAction.ALL)) {
actions = [TableAction.ALL];
}
if (actions.includes(TableAction.UPDATE) || actions.includes(TableAction.DELETE)) {
actions.push(TableAction.SELECT);
}
privileges[tableId] = {
tableName: table.tableName,
actions: Array.from(new Set(actions)),
};
return privileges;
}, {} as { [key: string]: { tableName: string; actions: TableAction[] } });
const serializedPrivileges: SerializedTablePrivilege[] = Object.entries(reducedPrivileges).map(([tableId, config]) => ({
},
}), {} as Record<string, { tableName: string; actions: TableAction[]}>,
);

return Object.entries(groupedPrivileges).map(([tableId, config]) => ({
tableId,
tableName: config.tableName,
actions: config.actions.map(action => TableAction[action]),
actions: unifyTableActions(config.actions).map(action => TableAction[action]),
}));
return serializedPrivileges;
},
}) as any,
},
2 changes: 1 addition & 1 deletion packages/@aws-cdk/aws-redshift-alpha/lib/table.ts
Original file line number Diff line number Diff line change
@@ -282,7 +282,7 @@ export class Table extends TableBase {
},
});

this.tableName = this.resource.ref;
this.tableName = props.tableName ?? this.resource.ref;
}

/**

This file was deleted.

This file was deleted.

This file was deleted.

This file was deleted.

This file was deleted.

This file was deleted.

This file was deleted.

Large diffs are not rendered by default.

Loading

0 comments on commit e5a6c7b

Please sign in to comment.