/
deploy-action-beta1.ts
89 lines (78 loc) · 3.02 KB
/
deploy-action-beta1.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
import { Construct } from 'constructs';
import * as codepipeline from '../../../aws-codepipeline';
import * as iam from '../../../aws-iam';
import { Action } from '../action';
/**
* Construction properties of the `ServiceCatalogDeployActionBeta1 ServiceCatalog deploy CodePipeline Action`.
*/
export interface ServiceCatalogDeployActionBeta1Props extends codepipeline.CommonAwsActionProps {
/**
* The path to the cloudformation artifact.
*/
readonly templatePath: codepipeline.ArtifactPath;
/**
* The name of the version of the Service Catalog product to be deployed.
*/
readonly productVersionName: string;
/**
* The optional description of this version of the Service Catalog product.
* @default ''
*/
readonly productVersionDescription?: string;
/**
* The identifier of the product in the Service Catalog. This product must already exist.
*/
readonly productId: string;
}
/**
* CodePipeline action to connect to an existing ServiceCatalog product.
*
* **Note**: this class is still experimental, and may have breaking changes in the future!
*/
export class ServiceCatalogDeployActionBeta1 extends Action {
private readonly templatePath: string;
private readonly productVersionName: string;
private readonly productVersionDescription?: string;
private readonly productId: string;
private readonly productType: string;
constructor(props: ServiceCatalogDeployActionBeta1Props) {
super({
...props,
provider: 'ServiceCatalog',
category: codepipeline.ActionCategory.DEPLOY,
artifactBounds: {
minInputs: 1,
maxInputs: 1,
minOutputs: 0,
maxOutputs: 0,
},
inputs: [props.templatePath.artifact],
});
this.templatePath = props.templatePath.fileName;
this.productVersionName = props.productVersionName;
this.productVersionDescription = props.productVersionDescription;
this.productId = props.productId;
this.productType = 'CLOUD_FORMATION_TEMPLATE';
}
protected bound(_scope: Construct, _stage: codepipeline.IStage, options: codepipeline.ActionBindOptions):
codepipeline.ActionConfig {
options.role.addManagedPolicy(iam.ManagedPolicy.fromAwsManagedPolicyName('AWSServiceCatalogAdminFullAccess'));
// Attempt at least privilege; using this alone fails with "invalid template".
// Should construct ARN: 'arn:aws:catalog:<region>:<accountID>:product/' + this.scProductId
// options.role.addToPolicy(new PolicyStatement({
// resources: ['*'],
// actions: ['servicecatalog:UpdateProduct', 'servicecatalog:ListProvisioningArtifacts', 'servicecatalog:CreateProvisioningArtifact'],
// }));
// the Action's Role needs to read from the Bucket to get artifacts
options.bucket.grantRead(options.role);
return {
configuration: {
TemplateFilePath: this.templatePath,
ProductVersionName: this.productVersionName,
ProductVersionDescription: this.productVersionDescription,
ProductType: this.productType,
ProductId: this.productId,
},
};
}
}