Implement IConnectable in Project.

aws · Jun 16, 2019 · 18f5262 · 18f5262
1 parent 25983df
commit 18f5262
Show file tree

Hide file tree

Showing 2 changed files with 40 additions and 10 deletions.
diff --git a/packages/@aws-cdk/aws-codebuild/lib/project.ts b/packages/@aws-cdk/aws-codebuild/lib/project.ts
@@ -21,7 +21,7 @@ const CODEPIPELINE_TYPE = 'CODEPIPELINE';
 const S3_BUCKET_ENV = 'SCRIPT_S3_BUCKET';
 const S3_KEY_ENV = 'SCRIPT_S3_KEY';
 
-export interface IProject extends IResource, iam.IGrantable {
+export interface IProject extends IResource, iam.IGrantable, ec2.IConnectable {
   /**
    * The ARN of this Project.
    * @attribute
@@ -169,6 +169,24 @@ abstract class ProjectBase extends Resource implements IProject {
   /** The IAM service Role of this Project. */
   public abstract readonly role?: iam.IRole;
 
+  /**
+   * Actual connections object for this Project.
+   * May be unset, in which case this Project is not configured to use a VPC.
+   * @internal
+   */
+  protected _connections: ec2.Connections;
+
+  /**
+   * Access the Connections object.
+   * Will fail if this Project does not have a VPC set.
+   */
+  public get connections(): ec2.Connections {
+    if (!this._connections) {
+      throw new Error('Only VPC-associated Projects have security groups to manage. Supply the "vpc" parameter when creating the Project');
+    }
+    return this._connections;
+  }
+
   /**
    * Defines a CloudWatch event rule triggered when something happens with this project.
    *
@@ -618,7 +636,6 @@ export class Project extends ProjectBase {
   private readonly buildImage: IBuildImage;
   private readonly _secondarySources: Source[];
   private readonly _secondaryArtifacts: Artifacts[];
-  private _securityGroups: ec2.ISecurityGroup[] = [];
 
   constructor(scope: Construct, id: string, props: ProjectProps) {
     super(scope, id, {
@@ -728,10 +745,6 @@ export class Project extends ProjectBase {
     }
   }
 
-  public get securityGroups(): ec2.ISecurityGroup[] {
-    return this._securityGroups.slice();
-  }
-
   /**
    * Add a permission only if there's a policy attached.
    * @param statement The permissions statement to add
@@ -887,16 +900,19 @@ export class Project extends ProjectBase {
       throw new Error(`Configure 'allowAllOutbound' directly on the supplied SecurityGroup.`);
     }
 
+    let securityGroups: ec2.ISecurityGroup[];
     if (props.securityGroups && props.securityGroups.length > 0) {
-      this._securityGroups = props.securityGroups.slice();
+      securityGroups = props.securityGroups;
     } else {
       const securityGroup = new ec2.SecurityGroup(this, 'SecurityGroup', {
         vpc: props.vpc,
         description: 'Automatic generated security group for CodeBuild ' + this.node.uniqueId,
         allowAllOutbound: props.allowAllOutbound
       });
-      this._securityGroups = [securityGroup];
+      securityGroups = [securityGroup];
     }
+    this._connections = new ec2.Connections({ securityGroups });
+
     this.addToRoleInlinePolicy(new iam.PolicyStatement()
       .addAllResources()
       .addActions(
@@ -920,7 +936,7 @@ export class Project extends ProjectBase {
     return {
       vpcId: props.vpc.vpcId,
       subnets: props.vpc.selectSubnets(props.subnetSelection).subnetIds,
-      securityGroupIds: this._securityGroups.map(s => s.securityGroupId)
+      securityGroupIds: this.connections.securityGroups.map(s => s.securityGroupId)
     };
   }
 

diff --git a/packages/@aws-cdk/aws-codebuild/test/test.codebuild.ts b/packages/@aws-cdk/aws-codebuild/test/test.codebuild.ts
@@ -633,7 +633,7 @@ export = {
           allowAllOutbound: true,
           description: 'Example',
       });
-      new codebuild.Project(stack, 'MyProject', {
+      const project = new codebuild.Project(stack, 'MyProject', {
         source: new codebuild.S3Source({
           bucket,
           path: 'path/to/source.zip',
@@ -667,6 +667,9 @@ export = {
           }
         }
       }));
+
+      test.notEqual(project.connections, undefined);
+
       test.done();
     },
     'without VPC configuration but security group identified'(test: Test) {
@@ -716,6 +719,17 @@ export = {
       test.done();
     },
 
+    'without passing a VPC cannot access the connections property'(test: Test) {
+      const stack = new cdk.Stack();
+
+      const project = new codebuild.PipelineProject(stack, 'MyProject');
+
+      test.throws(() => project.connections,
+        /Only VPC-associated Projects have security groups to manage. Supply the "vpc" parameter when creating the Project/);
+
+      test.done();
+    },
+
     'with a KMS Key adds decrypt permissions to the CodeBuild Role'(test: Test) {
       const stack = new cdk.Stack();