Skip to content

Commit d51f70a

Browse files
gracelu0gracelu0
authoredMar 2, 2025
feat(inspector): add minimal L2 interface for Inspector assessment template and fromCfnAssessmentTemplate() (#33614)
### Issue # (if applicable) Closes #<issue number here>. ### Reason for this change As part of effort to stabilize `scheduler-targets-alpha` module, the Inspector start assessment run target currently uses the L1 `CfnAssessmentTemplate` as the target. Using the L1 as a target goes against our general design guidelines for CDK L2s so we need an intermediary solution. Separate PR to follow to update the scheduler target API. ### Description of changes - L2 interface `IAssessmentTemplate` which contains the ARN attribute - New class containing a static method to allow users to pass in L1 but returns L2 interface for usage with functions that expect L2 ### Describe any new or updated permissions being added n/a ### Description of how you validated changes Added unit tests. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
1 parent 1df1a78 commit d51f70a

File tree

4 files changed

+103
-1
lines changed

4 files changed

+103
-1
lines changed
 

‎packages/aws-cdk-lib/aws-inspector/lib/assessment-template.ts

+45
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,45 @@
1+
import { Construct } from 'constructs';
2+
import { CfnAssessmentTemplate } from './inspector.generated';
3+
import { IResource, Resource } from '../../core';
4+
5+
/**
6+
* Interface for an Inspector Assessment Template
7+
*/
8+
export interface IAssessmentTemplate extends IResource {
9+
/**
10+
* The Amazon Resource Name (ARN) of the assessment template.
11+
* @attribute
12+
*/
13+
readonly assessmentTemplateArn: string;
14+
}
15+
16+
/**
17+
* Properties for creating an Inspector Assessment Template
18+
* TODO: Add properties and remove "props-physical-name:aws-cdk-lib.aws_inspector.AssessmentTemplateProps" from `awslint.json`
19+
* when implementing the L2 construct
20+
*/
21+
export interface AssessmentTemplateProps { }
22+
23+
/**
24+
* An Amazon Inspector assessment template.
25+
* TODO: This class should implement IAssessmentTemplate and "construct-ctor-props-type:aws-cdk-lib.aws_inspector.AssessmentTemplate" should be
26+
* removed from `awslint.json` when implementing the L2 construct
27+
*/
28+
export class AssessmentTemplate extends Resource {
29+
/**
30+
* Creates an AssessmentTemplate from an existing CfnAssessmentTemplate.
31+
*
32+
* This method is provided to bridge the gap with L2 constructs since no L2 constructs
33+
* exist for Inspector resources yet. It allows working with CfnAssessmentTemplate (L1)
34+
* resources through the IAssessmentTemplate interface.
35+
*/
36+
public static fromCfnAssessmentTemplate(scope: Construct, id: string, template: CfnAssessmentTemplate): IAssessmentTemplate {
37+
return new class extends Resource implements IAssessmentTemplate {
38+
public readonly assessmentTemplateArn: string;
39+
constructor() {
40+
super(scope, id);
41+
this.assessmentTemplateArn = template.attrArn;
42+
}
43+
}();
44+
}
45+
}

‎packages/aws-cdk-lib/aws-inspector/lib/index.ts

+1
Original file line numberDiff line numberDiff line change
@@ -1 +1,2 @@
11
export * from './inspector.generated';
2+
export * from './assessment-template';

‎packages/aws-cdk-lib/aws-inspector/test/assessment-template.test.ts

+54
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,54 @@
1+
import { App, Stack } from '../../core';
2+
import { AssessmentTemplate, CfnAssessmentTarget, CfnAssessmentTemplate, IAssessmentTemplate } from '../lib';
3+
4+
describe('AssessmentTemplate', () => {
5+
let app: App;
6+
let stack: Stack;
7+
let assessmentTarget: CfnAssessmentTarget;
8+
9+
beforeEach(() => {
10+
app = new App();
11+
stack = new Stack(app, 'Stack');
12+
assessmentTarget = new CfnAssessmentTarget(stack, 'AssessmentTarget', {
13+
assessmentTargetName: 'MyAssessmentTarget',
14+
});
15+
});
16+
17+
describe('fromCfnAssessmentTemplate', () => {
18+
test('creates an IAssessmentTemplate from a CfnAssessmentTemplate', () => {
19+
// GIVEN
20+
const cfnAssessmentTemplate = new CfnAssessmentTemplate(stack, 'MyCfnAssessmentTemplate', {
21+
assessmentTargetArn: assessmentTarget.attrArn,
22+
durationInSeconds: 3600,
23+
// https://docs.aws.amazon.com/inspector/v1/userguide/inspector_rules-arns.html#us-east-1
24+
rulesPackageArns: ['arn:aws:inspector:us-east-1:316112463485:rulespackage/0-gEjTy7T7'],
25+
});
26+
27+
// WHEN
28+
const assessmentTemplate = AssessmentTemplate.fromCfnAssessmentTemplate(stack, 'MyAssessmentTemplate', cfnAssessmentTemplate);
29+
30+
// THEN
31+
expect(assessmentTemplate.assessmentTemplateArn).toBe(cfnAssessmentTemplate.attrArn);
32+
});
33+
34+
test('can be used where IAssessmentTemplate is expected', () => {
35+
// GIVEN
36+
const cfnAssessmentTemplate = new CfnAssessmentTemplate(stack, 'MyCfnAssessmentTemplate', {
37+
assessmentTargetArn: 'arn:aws:inspector:us-west-2:123456789012:target/0-nvgVhaxX',
38+
assessmentTemplateName: 'MyTemplate',
39+
durationInSeconds: 3600,
40+
rulesPackageArns: ['arn:aws:inspector:us-east-1:316112463485:rulespackage/0-gEjTy7T7'],
41+
});
42+
43+
// WHEN
44+
const assessmentTemplate = AssessmentTemplate.fromCfnAssessmentTemplate(stack, 'ImportedTemplate', cfnAssessmentTemplate);
45+
46+
// THEN - this function accepts an IAssessmentTemplate
47+
function acceptsIAssessmentTemplate(template: IAssessmentTemplate) {
48+
return template.assessmentTemplateArn;
49+
}
50+
51+
expect(acceptsIAssessmentTemplate(assessmentTemplate)).toBe(cfnAssessmentTemplate.attrArn);
52+
});
53+
});
54+
});

‎packages/aws-cdk-lib/awslint.json

+3-1
Original file line numberDiff line numberDiff line change
@@ -998,6 +998,8 @@
998998
"events-generic:aws-cdk-lib.aws_appconfig.Application",
999999
"events-generic:aws-cdk-lib.aws_appconfig.Environment",
10001000
"events-generic:aws-cdk-lib.aws_appconfig.HostedConfiguration",
1001-
"events-generic:aws-cdk-lib.aws_appconfig.SourcedConfiguration"
1001+
"events-generic:aws-cdk-lib.aws_appconfig.SourcedConfiguration",
1002+
"construct-ctor-props-type:aws-cdk-lib.aws_inspector.AssessmentTemplate",
1003+
"props-physical-name:aws-cdk-lib.aws_inspector.AssessmentTemplateProps"
10021004
]
10031005
}

0 commit comments

Comments
 (0)
Failed to load comments.