From 0e8be82b3e61ea64a39f0211d928590078c457e8 Mon Sep 17 00:00:00 2001 From: Thomas Roos Date: Tue, 23 Jan 2024 10:04:04 +0100 Subject: [PATCH] add parameters to embedded-linux-pipeline: accessLoggingBucket, artifactBucket, outputBucket --- lib/build-image-pipeline.ts | 53 ++++++--- lib/embedded-linux-pipeline.ts | 105 ++++++++++++------ .../embedded-linux-pipeline.test.ts.snap | 2 +- test/__snapshots__/source-repo.test.ts.snap | 2 +- 4 files changed, 108 insertions(+), 54 deletions(-) diff --git a/lib/build-image-pipeline.ts b/lib/build-image-pipeline.ts index b6cf6de..11a6c73 100644 --- a/lib/build-image-pipeline.ts +++ b/lib/build-image-pipeline.ts @@ -29,6 +29,10 @@ export interface BuildImagePipelineProps extends cdk.StackProps { readonly dataBucket: s3.IBucket; /** The ECR Repository to push to. */ readonly repository: IRepository; + /** Access logging bucket to use */ + accessLoggingBucket?: s3.Bucket; + /** Artifact bucket to use */ + artifactBucket?: s3.Bucket; } /** @@ -98,24 +102,37 @@ export class BuildImagePipelineStack extends cdk.Stack { input: sourceOutput, }); - const accessLoggingBucket = new s3.Bucket(this, 'ArtifactAccessLogging', { - versioned: true, - enforceSSL: true, - }); - const encryptionKey = new kms.Key(this, 'PipelineArtifactKey', { - removalPolicy: RemovalPolicy.DESTROY, - enableKeyRotation: true, - }); - const artifactBucket = new s3.Bucket(this, 'PipelineArtifacts', { - versioned: true, - enforceSSL: true, - serverAccessLogsBucket: accessLoggingBucket, - encryptionKey, - encryption: s3.BucketEncryption.KMS, - blockPublicAccess: new s3.BlockPublicAccess( - s3.BlockPublicAccess.BLOCK_ALL - ), - }); + let accessLoggingBucket: s3.IBucket; + + if (props.accessLoggingBucket){ + accessLoggingBucket = props.accessLoggingBucket; + } else { + accessLoggingBucket = new s3.Bucket(this, 'ArtifactAccessLogging', { + versioned: true, + enforceSSL: true, + }); + } + + let artifactBucket: s3.IBucket; + + if (props.artifactBucket){ + artifactBucket = props.artifactBucket; + } else { + const encryptionKey = new kms.Key(this, 'PipelineArtifactKey', { + removalPolicy: RemovalPolicy.DESTROY, + enableKeyRotation: true, + }); + artifactBucket = new s3.Bucket(this, 'PipelineArtifacts', { + versioned: true, + enforceSSL: true, + serverAccessLogsBucket: accessLoggingBucket, + encryptionKey, + encryption: s3.BucketEncryption.KMS, + blockPublicAccess: new s3.BlockPublicAccess( + s3.BlockPublicAccess.BLOCK_ALL + ), + }); + } const pipeline = new codepipeline.Pipeline(this, 'BuildImagePipeline', { artifactBucket, diff --git a/lib/embedded-linux-pipeline.ts b/lib/embedded-linux-pipeline.ts index e01f932..5961673 100644 --- a/lib/embedded-linux-pipeline.ts +++ b/lib/embedded-linux-pipeline.ts @@ -50,7 +50,15 @@ export interface EmbeddedLinuxPipelineProps extends cdk.StackProps { readonly layerRepoName?: string; /** Additional policy statements to add to the build project. */ readonly buildPolicyAdditions?: iam.PolicyStatement[]; -} + /** Access logging bucket to use */ + readonly accessLoggingBucket?: s3.Bucket; + /** Artifact bucket to use */ + readonly artifactBucket?: s3.Bucket; + /** Output bucket to use */ + readonly outputBucket?: s3.Bucket | VMImportBucket; + /** Prefix for S3 object within bucket */ + readonly subDirectoryName?: string; + } /** * The stack for creating a build pipeline. @@ -80,11 +88,16 @@ export class EmbeddedLinuxPipelineStack extends cdk.Stack { let outputBucket: s3.IBucket | VMImportBucket; let environmentVariables = {}; let scriptAsset!: Asset; + let accessLoggingBucket: s3.IBucket; - const accessLoggingBucket = new s3.Bucket(this, 'ArtifactAccessLogging', { - versioned: true, - enforceSSL: true, - }); + if (props.accessLoggingBucket){ + accessLoggingBucket = props.accessLoggingBucket; + } else { + accessLoggingBucket = new s3.Bucket(this, 'ArtifactAccessLogging', { + versioned: true, + enforceSSL: true, + }); + } if (props.projectKind && props.projectKind == ProjectKind.PokyAmi) { scriptAsset = new Asset(this, 'CreateAMIScript', { @@ -99,14 +112,17 @@ export class EmbeddedLinuxPipelineStack extends cdk.Stack { enableKeyRotation: true, } ); - - outputBucket = new VMImportBucket(this, 'PipelineOutput', { - versioned: true, - enforceSSL: true, - encryptionKey: outputBucketEncryptionKey, - encryptionKeyArn: outputBucketEncryptionKey.keyArn, - serverAccessLogsBucket: accessLoggingBucket, - }); + if (props.outputBucket){ + outputBucket = props.outputBucket; + } else { + outputBucket = new VMImportBucket(this, 'PipelineOutput', { + versioned: true, + enforceSSL: true, + encryptionKey: outputBucketEncryptionKey, + encryptionKeyArn: outputBucketEncryptionKey.keyArn, + serverAccessLogsBucket: accessLoggingBucket, + }); + } environmentVariables = { IMPORT_BUCKET: { type: BuildEnvironmentVariableType.PLAINTEXT, @@ -122,28 +138,38 @@ export class EmbeddedLinuxPipelineStack extends cdk.Stack { }, }; } else { - outputBucket = new s3.Bucket(this, 'PipelineOutput', { + if (props.outputBucket){ + outputBucket = props.outputBucket; + } else { + outputBucket = new s3.Bucket(this, 'PipelineOutput', { + versioned: true, + enforceSSL: true, + serverAccessLogsBucket: accessLoggingBucket, + }); + } + } + + let artifactBucket: s3.IBucket; + + if (props.artifactBucket){ + artifactBucket = props.artifactBucket; + } else { + const encryptionKey = new kms.Key(this, 'PipelineArtifactKey', { + removalPolicy: RemovalPolicy.DESTROY, + enableKeyRotation: true, + }); + artifactBucket = new s3.Bucket(this, 'PipelineArtifacts', { versioned: true, enforceSSL: true, serverAccessLogsBucket: accessLoggingBucket, + encryptionKey, + encryption: s3.BucketEncryption.KMS, + blockPublicAccess: new s3.BlockPublicAccess( + s3.BlockPublicAccess.BLOCK_ALL + ), }); } - const encryptionKey = new kms.Key(this, 'PipelineArtifactKey', { - removalPolicy: RemovalPolicy.DESTROY, - enableKeyRotation: true, - }); - const artifactBucket = new s3.Bucket(this, 'PipelineArtifacts', { - versioned: true, - enforceSSL: true, - serverAccessLogsBucket: accessLoggingBucket, - encryptionKey, - encryption: s3.BucketEncryption.KMS, - blockPublicAccess: new s3.BlockPublicAccess( - s3.BlockPublicAccess.BLOCK_ALL - ), - }); - /** Create our CodePipeline Actions. */ const sourceRepo = new SourceRepo(this, 'SourceRepo', { ...props, @@ -236,11 +262,22 @@ export class EmbeddedLinuxPipelineStack extends cdk.Stack { project, }); - const artifactAction = new codepipeline_actions.S3DeployAction({ - actionName: 'Artifact', - input: buildOutput, - bucket: outputBucket, - }); + let artifactAction: codepipeline_actions.S3DeployAction; + + if (props.subDirectoryName){ + artifactAction = new codepipeline_actions.S3DeployAction({ + actionName: 'Artifact', + input: buildOutput, + bucket: outputBucket, + objectKey: props.subDirectoryName + }); + } else { + artifactAction = new codepipeline_actions.S3DeployAction({ + actionName: 'Artifact', + input: buildOutput, + bucket: outputBucket, + }); + } /** Here we create the logic to check for presence of ECR image on the CodePipeline automatic triggering upon resource creation, * and stop the execution if the image does not exist. */ diff --git a/test/__snapshots__/embedded-linux-pipeline.test.ts.snap b/test/__snapshots__/embedded-linux-pipeline.test.ts.snap index 8cc9ecf..890a93b 100644 --- a/test/__snapshots__/embedded-linux-pipeline.test.ts.snap +++ b/test/__snapshots__/embedded-linux-pipeline.test.ts.snap @@ -6959,7 +6959,7 @@ def handler(event, context): "BranchName": "main", "S3": { "Bucket": "cdk-hnb659fds-assets-12341234-eu-central-1", - "Key": "03d16bf861cb657df931bd33404567ac7f02ff927d18a45f5cc7f7cc981bb7ce.zip", + "Key": "316e4fb930478b572a8e5613ed06ba36db1d12f7b8489823b64e770d8121596d.zip", }, }, "RepositoryName": "layer-repo-MyTestStack", diff --git a/test/__snapshots__/source-repo.test.ts.snap b/test/__snapshots__/source-repo.test.ts.snap index d9190e0..25906f6 100644 --- a/test/__snapshots__/source-repo.test.ts.snap +++ b/test/__snapshots__/source-repo.test.ts.snap @@ -16,7 +16,7 @@ exports[`Pipeline Source Repository Snapshot 1`] = ` "BranchName": "main", "S3": { "Bucket": "cdk-hnb659fds-assets-12341234-eu-central-1", - "Key": "03d16bf861cb657df931bd33404567ac7f02ff927d18a45f5cc7f7cc981bb7ce.zip", + "Key": "316e4fb930478b572a8e5613ed06ba36db1d12f7b8489823b64e770d8121596d.zip", }, }, "RepositoryName": "charlie",