@@ -139,3 +139,238 @@ To out-out, use one of the following methods:
139139 " versionReporting" false
140140 }
141141
142+ Plugins
143+ =======
144+
145+ The | cdk| toolkit provides extension points that enable users to augment the features provided by
146+ the toolkit. There is currently only one extension point, allowing users to define custom AWS
147+ credential providers, but other extension points may be added in the future as the needs arise.
148+
149+ Loading Plugins
150+ ---------------
151+
152+ Plugins can be loaded by providing the Node module name (or path) to the CDK toolkit:
153+
154+ 1. Using the ` ` ` ` command line option (which can be specified multiple times):
155+
156+ .. code-block:: console
157+
158+ $ cdk list --plugin=module
159+ $ cdk deploy --plugin=module_1 --plugin=module_2
160+
161+ 2. Adding entries to the ` ` ` ` ` ` ` `
162+
163+ .. code-block:: js
164+
165+ {
166+ // ...
167+ " plugin"
168+ " module_1"
169+ " module_2"
170+ ],
171+ // ...
172+ }
173+
174+ Authoring Plugins
175+ -----------------
176+
177+ Plugins must be authored in TypeScript or Javascript, and are defined by implementing a Node module
178+ that implements the following protocol, and using :js:class:` ~aws-cdk.PluginHost`
179+
180+ .. tabs::
181+ .. code-tab:: typescript
182+
183+ import cdk = require(' aws-cdk' ;
184+
185+ export = {
186+ version: ' 1' ' 1'
187+ init(host: cdk.PluginHost): void {
188+ // Your plugin initialization hook.
189+ // Use methods of ` ` ` `
190+ }
191+ };
192+
193+ .. code-tab:: javascript
194+
195+ export = {
196+ version: ' 1' ' 1'
197+ init(host) {
198+ // Your plugin initialization hook.
199+ // Use methods of ` ` ` `
200+ }
201+ };
202+
203+ Credential Provider Plugins
204+ ^^^^^^^^^^^^^^^^^^^^^^^^^^^
205+
206+ Custom credential providers are classes implementing the
207+ :js:class:` ~aws-cdk.CredentialProviderSource`
208+ the :js:func:` ~aws-cdk.PluginHost.registerCredentialProviderSource`
209+
210+ .. tabs::
211+ .. code-tab:: typescript
212+
213+ import cdk = require(' aws-cdk' ;
214+ import aws = require(' aws-sdk' ;
215+
216+ class CustomCredentialProviderSource implements cdk.CredentialProviderSource {
217+ public async isAvailable (): Promise< boolean> {
218+ // Return ` ` ` ` if the plugin could determine it cannot be used (for example,
219+ // if it depends on files that are not present on this host).
220+ return true ;
221+ }
222+
223+ public async canProvideCredentials(accountId: string): Promise< boolean> {
224+ // Return ` ` ` ` if the plugin is unable to provide credentials for the
225+ // requested account (for example if it' s not managed by the credentials
226+ // system that this plugin adds support for).
227+ return true;
228+ }
229+
230+ public async getProvider(accountId: string, mode: cdk.Mode): Promise<aws.Credentials> {
231+ let credentials: aws.Credentials;
232+ // Somehow obtain credentials in ``credentials``, and return those.
233+ return credentials;
234+ }
235+ }
236+
237+ export = {
238+ version = ' 1' ,
239+ init(host: cdk.PluginHost): void {
240+ // Register the credential provider to the PluginHost.
241+ host.registerCredentialProviderSource(new CustomCredentialProviderSource());
242+ }
243+ };
244+
245+ .. code-tab:: javascript
246+
247+ class CustomCredentialProviderSource {
248+ async isAvailable() {
249+ // Return ``false`` if the plugin could determine it cannot be used (for example,
250+ // if it depends on files that are not present on this host).
251+ return true;
252+ }
253+
254+ async canProvideCredentials(accountId) {
255+ // Return ``false`` if the plugin is unable to provide credentials for the
256+ // requested account (for example if it' s not managed by the credentials
257+ // system that this plugin adds support for).
258+ return true ;
259+ }
260+
261+ async getProvider(accountId, mode) {
262+ let credentials;
263+ // Somehow obtain credentials in ` ` ` ` return those.
264+ return credentials;
265+ }
266+ }
267+
268+ export = {
269+ version = ' 1'
270+ init(host) {
271+ // Register the credential provider to the PluginHost.
272+ host.registerCredentialProviderSource(new CustomCredentialProviderSource ());
273+ }
274+ };
275+
276+ Note that the credentials obtained from the providers for a given account and mode will be cached,
277+ and as a consequence it is strongly advised that the credentials objects returned are self-refreshing,
278+ as descibed in the ` AWS SDK for Javascript documentation < https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/Credentials.html> `
279+
280+ Reference
281+ ---------
282+
283+ .. js:module:: aws-cdk
284+
285+ CredentialProviderSource * (interface)*
286+ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
287+
288+ .. js:class:: CredentialProviderSource
289+
290+ .. js:attribute:: name
291+
292+ A friendly name for the provider, which will be used in error messages, for example.
293+
294+ :type: ` ` ` `
295+
296+ .. js:method:: isAvailable ()
297+
298+ Whether the credential provider is even online. Guaranteed to be called before any of the other functions are called.
299+
300+ :returns: ` ` < boolean> ` `
301+
302+ .. js:method:: canProvideCredentials(accountId)
303+
304+ Whether the credential provider can provide credentials for the given account.
305+
306+ :param string accountId: the account ID for which credentials are needed.
307+ :returns: ` ` < boolean> ` `
308+
309+ .. js:method:: getProvider(accountId, mode)
310+
311+ Construct a credential provider for the given account and the given access mode.
312+ Guaranteed to be called only if canProvideCredentails () returned true at some point.
313+
314+ :param string accountId: the account ID for which credentials are needed.
315+ :param aws-cdk.Mode mode: the kind of operations the credentials are intended to perform.
316+ :returns: ` ` < aws.Credentials> ` `
317+
318+ Mode * (enum)*
319+ ^^^^^^^^^^^^^
320+
321+ .. js:class:: Mode
322+
323+ .. js:data:: ForReading
324+
325+ Credentials are inteded to be used for read-only scenarios.
326+
327+ .. js:data:: ForWriting
328+
329+ Credentials are intended to be used for read-write scenarios.
330+
331+ Plugin * (interface)*
332+ ^^^^^^^^^^^^^^^^^^^^
333+
334+ .. js:class:: Plugin ()
335+
336+ .. js:attribute:: version
337+
338+ The version of the plug-in interface used by the plug-in. This will be used by
339+ the plug-in host to handle version changes. Currently, the only valid value for
340+ this attribute is ` ` ' 1' ` `
341+
342+ :type: ` ` ` `
343+
344+ .. js:method:: init(host)
345+
346+ When defined, this function is invoked right after the plug-in has been loaded,
347+ so that the plug-in is able to initialize itself. It may call methods of the
348+ :js:class:` ~aws-cdk.PluginHost`
349+ :js:class:` ~aws-cdk.CredentialProviderSource`
350+
351+ :param aws-cdk.PluginHost host: The | cdk| plugin host
352+ :returns: ` ` ` `
353+
354+ PluginHost
355+ ^^^^^^^^^^
356+
357+ .. js:class:: PluginHost ()
358+
359+ .. js:data:: instance
360+
361+ :type: :js:class:` ~aws-cdk.PluginHost`
362+
363+ .. js:method:: load(moduleSpec)
364+
365+ Loads a plug-in into this PluginHost.
366+
367+ :param string moduleSpec: the specification (path or name) of the plug-in module to be loaded.
368+ :throws Error: if the provided ` ` ` ` ` ~aws-cdk.Plugin`
369+ :returns: ` ` ` `
370+
371+ .. js:method:: registerCredentialProviderSource(source)
372+
373+ Allows plug-ins to register new :js:class:` ~aws-cdk.CredentialProviderSources`
374+
375+ :param aws-cdk.CredentialProviderSources source: a new CredentialProviderSource to register.
376+ :returns: ` ` ` `
0 commit comments