From a1bf82304fb43beda5e8ab56320803893e40e43e Mon Sep 17 00:00:00 2001 From: kazuho cryer-shinozuka Date: Tue, 4 Jun 2024 06:11:05 +0900 Subject: [PATCH] feat(chatbot): configure `userRoleRequired` for the `SlackChannelConfiguration` (#30420) ### Issue # (if applicable) Closes #30403. ### Reason for this change `chatbot.SlackChannelConfiguration` does not support for configuring `userRoleRequired` prop. ### Description of changes Add `userRoleRequired` to `SlackChannelConfigurationProps` ### Description of how you validated changes Add both unit and integ tests ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- .../ChatbotInteg.assets.json | 19 ++ .../ChatbotInteg.template.json | 70 +++++++ .../cdk.out | 1 + .../integ.json | 12 ++ ...efaultTestDeployAssert995C2DD6.assets.json | 19 ++ ...aultTestDeployAssert995C2DD6.template.json | 36 ++++ .../manifest.json | 119 ++++++++++++ .../tree.json | 177 ++++++++++++++++++ .../test/integ.chatbot-user-role-required.ts | 16 ++ packages/aws-cdk-lib/aws-chatbot/README.md | 17 ++ .../lib/slack-channel-configuration.ts | 8 + .../test/slack-channel-configuration.test.ts | 13 ++ 12 files changed, 507 insertions(+) create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-chatbot/test/integ.chatbot-user-role-required.js.snapshot/ChatbotInteg.assets.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-chatbot/test/integ.chatbot-user-role-required.js.snapshot/ChatbotInteg.template.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-chatbot/test/integ.chatbot-user-role-required.js.snapshot/cdk.out create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-chatbot/test/integ.chatbot-user-role-required.js.snapshot/integ.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-chatbot/test/integ.chatbot-user-role-required.js.snapshot/integchatbotuserrolerequiredDefaultTestDeployAssert995C2DD6.assets.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-chatbot/test/integ.chatbot-user-role-required.js.snapshot/integchatbotuserrolerequiredDefaultTestDeployAssert995C2DD6.template.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-chatbot/test/integ.chatbot-user-role-required.js.snapshot/manifest.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-chatbot/test/integ.chatbot-user-role-required.js.snapshot/tree.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-chatbot/test/integ.chatbot-user-role-required.ts diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-chatbot/test/integ.chatbot-user-role-required.js.snapshot/ChatbotInteg.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-chatbot/test/integ.chatbot-user-role-required.js.snapshot/ChatbotInteg.assets.json new file mode 100644 index 0000000000000..df15e50748b93 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-chatbot/test/integ.chatbot-user-role-required.js.snapshot/ChatbotInteg.assets.json @@ -0,0 +1,19 @@ +{ + "version": "36.0.0", + "files": { + "fab2d1b84ca3a56733f8cdf46ed2ca79b240b8663982bb6ff00b438be185bc41": { + "source": { + "path": "ChatbotInteg.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "fab2d1b84ca3a56733f8cdf46ed2ca79b240b8663982bb6ff00b438be185bc41.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-chatbot/test/integ.chatbot-user-role-required.js.snapshot/ChatbotInteg.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-chatbot/test/integ.chatbot-user-role-required.js.snapshot/ChatbotInteg.template.json new file mode 100644 index 0000000000000..10b9aac81637a --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-chatbot/test/integ.chatbot-user-role-required.js.snapshot/ChatbotInteg.template.json @@ -0,0 +1,70 @@ +{ + "Resources": { + "MySlackChannelConfigurationRole1D3F23AE": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "chatbot.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "MySlackChannelA8E0B56C": { + "Type": "AWS::Chatbot::SlackChannelConfiguration", + "Properties": { + "ConfigurationName": "test-channel", + "IamRoleArn": { + "Fn::GetAtt": [ + "MySlackChannelConfigurationRole1D3F23AE", + "Arn" + ] + }, + "SlackChannelId": "C07639U21PW", + "SlackWorkspaceId": "T075XU2GKBP", + "UserRoleRequired": true + } + } + }, + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-chatbot/test/integ.chatbot-user-role-required.js.snapshot/cdk.out b/packages/@aws-cdk-testing/framework-integ/test/aws-chatbot/test/integ.chatbot-user-role-required.js.snapshot/cdk.out new file mode 100644 index 0000000000000..1f0068d32659a --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-chatbot/test/integ.chatbot-user-role-required.js.snapshot/cdk.out @@ -0,0 +1 @@ +{"version":"36.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-chatbot/test/integ.chatbot-user-role-required.js.snapshot/integ.json b/packages/@aws-cdk-testing/framework-integ/test/aws-chatbot/test/integ.chatbot-user-role-required.js.snapshot/integ.json new file mode 100644 index 0000000000000..73834df9fbbfb --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-chatbot/test/integ.chatbot-user-role-required.js.snapshot/integ.json @@ -0,0 +1,12 @@ +{ + "version": "36.0.0", + "testCases": { + "integ-chatbot-user-role-required/DefaultTest": { + "stacks": [ + "ChatbotInteg" + ], + "assertionStack": "integ-chatbot-user-role-required/DefaultTest/DeployAssert", + "assertionStackName": "integchatbotuserrolerequiredDefaultTestDeployAssert995C2DD6" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-chatbot/test/integ.chatbot-user-role-required.js.snapshot/integchatbotuserrolerequiredDefaultTestDeployAssert995C2DD6.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-chatbot/test/integ.chatbot-user-role-required.js.snapshot/integchatbotuserrolerequiredDefaultTestDeployAssert995C2DD6.assets.json new file mode 100644 index 0000000000000..59d309f47578c --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-chatbot/test/integ.chatbot-user-role-required.js.snapshot/integchatbotuserrolerequiredDefaultTestDeployAssert995C2DD6.assets.json @@ -0,0 +1,19 @@ +{ + "version": "36.0.0", + "files": { + "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { + "source": { + "path": "integchatbotuserrolerequiredDefaultTestDeployAssert995C2DD6.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-chatbot/test/integ.chatbot-user-role-required.js.snapshot/integchatbotuserrolerequiredDefaultTestDeployAssert995C2DD6.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-chatbot/test/integ.chatbot-user-role-required.js.snapshot/integchatbotuserrolerequiredDefaultTestDeployAssert995C2DD6.template.json new file mode 100644 index 0000000000000..ad9d0fb73d1dd --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-chatbot/test/integ.chatbot-user-role-required.js.snapshot/integchatbotuserrolerequiredDefaultTestDeployAssert995C2DD6.template.json @@ -0,0 +1,36 @@ +{ + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-chatbot/test/integ.chatbot-user-role-required.js.snapshot/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/aws-chatbot/test/integ.chatbot-user-role-required.js.snapshot/manifest.json new file mode 100644 index 0000000000000..b3079815b81c5 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-chatbot/test/integ.chatbot-user-role-required.js.snapshot/manifest.json @@ -0,0 +1,119 @@ +{ + "version": "36.0.0", + "artifacts": { + "ChatbotInteg.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "ChatbotInteg.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "ChatbotInteg": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "ChatbotInteg.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/fab2d1b84ca3a56733f8cdf46ed2ca79b240b8663982bb6ff00b438be185bc41.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "ChatbotInteg.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "ChatbotInteg.assets" + ], + "metadata": { + "/ChatbotInteg/MySlackChannel/ConfigurationRole/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "MySlackChannelConfigurationRole1D3F23AE" + } + ], + "/ChatbotInteg/MySlackChannel/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "MySlackChannelA8E0B56C" + } + ], + "/ChatbotInteg/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/ChatbotInteg/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "ChatbotInteg" + }, + "integchatbotuserrolerequiredDefaultTestDeployAssert995C2DD6.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "integchatbotuserrolerequiredDefaultTestDeployAssert995C2DD6.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "integchatbotuserrolerequiredDefaultTestDeployAssert995C2DD6": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "integchatbotuserrolerequiredDefaultTestDeployAssert995C2DD6.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "integchatbotuserrolerequiredDefaultTestDeployAssert995C2DD6.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "integchatbotuserrolerequiredDefaultTestDeployAssert995C2DD6.assets" + ], + "metadata": { + "/integ-chatbot-user-role-required/DefaultTest/DeployAssert/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/integ-chatbot-user-role-required/DefaultTest/DeployAssert/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "integ-chatbot-user-role-required/DefaultTest/DeployAssert" + }, + "Tree": { + "type": "cdk:tree", + "properties": { + "file": "tree.json" + } + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-chatbot/test/integ.chatbot-user-role-required.js.snapshot/tree.json b/packages/@aws-cdk-testing/framework-integ/test/aws-chatbot/test/integ.chatbot-user-role-required.js.snapshot/tree.json new file mode 100644 index 0000000000000..b3f13b56e6fa4 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-chatbot/test/integ.chatbot-user-role-required.js.snapshot/tree.json @@ -0,0 +1,177 @@ +{ + "version": "tree-0.1", + "tree": { + "id": "App", + "path": "", + "children": { + "ChatbotInteg": { + "id": "ChatbotInteg", + "path": "ChatbotInteg", + "children": { + "MySlackChannel": { + "id": "MySlackChannel", + "path": "ChatbotInteg/MySlackChannel", + "children": { + "ConfigurationRole": { + "id": "ConfigurationRole", + "path": "ChatbotInteg/MySlackChannel/ConfigurationRole", + "children": { + "ImportConfigurationRole": { + "id": "ImportConfigurationRole", + "path": "ChatbotInteg/MySlackChannel/ConfigurationRole/ImportConfigurationRole", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "ChatbotInteg/MySlackChannel/ConfigurationRole/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "chatbot.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "ChatbotInteg/MySlackChannel/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Chatbot::SlackChannelConfiguration", + "aws:cdk:cloudformation:props": { + "configurationName": "test-channel", + "iamRoleArn": { + "Fn::GetAtt": [ + "MySlackChannelConfigurationRole1D3F23AE", + "Arn" + ] + }, + "slackChannelId": "C07639U21PW", + "slackWorkspaceId": "T075XU2GKBP", + "userRoleRequired": true + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_chatbot.CfnSlackChannelConfiguration", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_chatbot.SlackChannelConfiguration", + "version": "0.0.0" + } + }, + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "ChatbotInteg/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "ChatbotInteg/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + }, + "integ-chatbot-user-role-required": { + "id": "integ-chatbot-user-role-required", + "path": "integ-chatbot-user-role-required", + "children": { + "DefaultTest": { + "id": "DefaultTest", + "path": "integ-chatbot-user-role-required/DefaultTest", + "children": { + "Default": { + "id": "Default", + "path": "integ-chatbot-user-role-required/DefaultTest/Default", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "DeployAssert": { + "id": "DeployAssert", + "path": "integ-chatbot-user-role-required/DefaultTest/DeployAssert", + "children": { + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "integ-chatbot-user-role-required/DefaultTest/DeployAssert/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "integ-chatbot-user-role-required/DefaultTest/DeployAssert/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTestCase", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTest", + "version": "0.0.0" + } + }, + "Tree": { + "id": "Tree", + "path": "Tree", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.App", + "version": "0.0.0" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-chatbot/test/integ.chatbot-user-role-required.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-chatbot/test/integ.chatbot-user-role-required.ts new file mode 100644 index 0000000000000..b04c6d4eeb73b --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-chatbot/test/integ.chatbot-user-role-required.ts @@ -0,0 +1,16 @@ +import * as cdk from 'aws-cdk-lib'; +import * as chatbot from 'aws-cdk-lib/aws-chatbot'; +import { IntegTest } from '@aws-cdk/integ-tests-alpha'; + +const app = new cdk.App(); +const testStack = new cdk.Stack(app, 'ChatbotInteg'); +new chatbot.SlackChannelConfiguration(testStack, 'MySlackChannel', { + slackChannelConfigurationName: 'test-channel', + slackWorkspaceId: 'T075XU2GKBP', + slackChannelId: 'C07639U21PW', + userRoleRequired: true, +}); + +new IntegTest(app, 'integ-chatbot-user-role-required', { + testCases: [testStack], +}); diff --git a/packages/aws-cdk-lib/aws-chatbot/README.md b/packages/aws-cdk-lib/aws-chatbot/README.md index 0bb650ac21693..3a0e05ffb138f 100644 --- a/packages/aws-cdk-lib/aws-chatbot/README.md +++ b/packages/aws-cdk-lib/aws-chatbot/README.md @@ -47,3 +47,20 @@ correct log retention period (never expire, by default). By default slack channel will use `AdministratorAccess` managed policy as guardrail policy. The `guardrailPolicies` property can be used to set a different set of managed policies. + +## User Role Requirement + +Administrators can [require user roles](https://docs.aws.amazon.com/chatbot/latest/adminguide/understanding-permissions.html#user-role-requirement) for all current channel members and channels and all channels created in the future by enabling a user role requirement. + +You can configure this feature by setting the `userRoleRequired` property. + +```ts +import * as chatbot from 'aws-cdk-lib/aws-chatbot'; + +const slackChannel = new chatbot.SlackChannelConfiguration(this, 'MySlackChannel', { + slackChannelConfigurationName: 'YOUR_CHANNEL_NAME', + slackWorkspaceId: 'YOUR_SLACK_WORKSPACE_ID', + slackChannelId: 'YOUR_SLACK_CHANNEL_ID', + userRoleRequired: true, +}); +``` diff --git a/packages/aws-cdk-lib/aws-chatbot/lib/slack-channel-configuration.ts b/packages/aws-cdk-lib/aws-chatbot/lib/slack-channel-configuration.ts index 530975ab3a1d2..dadf4600cda45 100644 --- a/packages/aws-cdk-lib/aws-chatbot/lib/slack-channel-configuration.ts +++ b/packages/aws-cdk-lib/aws-chatbot/lib/slack-channel-configuration.ts @@ -87,6 +87,13 @@ export interface SlackChannelConfigurationProps { * @default - The AWS managed 'AdministratorAccess' policy is applied as a default if this is not set. */ readonly guardrailPolicies?: iam.IManagedPolicy[]; + + /** + * Enables use of a user role requirement in your chat configuration. + * + * @default false + */ + readonly userRoleRequired?: boolean; } /** @@ -300,6 +307,7 @@ export class SlackChannelConfiguration extends SlackChannelConfigurationBase { snsTopicArns: cdk.Lazy.list({ produce: () => this.notificationTopics.map(topic => topic.topicArn) }, { omitEmpty: true } ), loggingLevel: props.loggingLevel?.toString(), guardrailPolicies: cdk.Lazy.list({ produce: () => props.guardrailPolicies?.map(policy => policy.managedPolicyArn) }, { omitEmpty: true } ), + userRoleRequired: props.userRoleRequired, }); // Log retention diff --git a/packages/aws-cdk-lib/aws-chatbot/test/slack-channel-configuration.test.ts b/packages/aws-cdk-lib/aws-chatbot/test/slack-channel-configuration.test.ts index 5d1ff3e94ccb2..3b6d145ba0029 100644 --- a/packages/aws-cdk-lib/aws-chatbot/test/slack-channel-configuration.test.ts +++ b/packages/aws-cdk-lib/aws-chatbot/test/slack-channel-configuration.test.ts @@ -175,6 +175,19 @@ describe('SlackChannelConfiguration', () => { }); }); + test('specifying user role required', () => { + new chatbot.SlackChannelConfiguration(stack, 'MySlackChannel', { + slackWorkspaceId: 'ABC123', + slackChannelId: 'DEF456', + slackChannelConfigurationName: 'ConfigurationName', + userRoleRequired: true, + }); + + Template.fromStack(stack).hasResourceProperties('AWS::Chatbot::SlackChannelConfiguration', { + UserRoleRequired: true, + }); + }); + test('getting configuration metric', () => { const slackChannel = new chatbot.SlackChannelConfiguration(stack, 'MySlackChannel', { slackWorkspaceId: 'ABC123',