feat: PolicyStore description & IdentitySource's policyStore field mandatory

.projenrc.ts

@@ -4,7 +4,7 @@ const project = new CdklabsConstructLibrary({
   authorAddress: '[email protected]',
   description: 'L2 AWS CDK Constructs for Amazon Verified Permissions',
   keywords: ['cdk', 'aws-cdk', 'awscdk', 'aws', 'verified-permissions', 'authorization'],
-  cdkVersion: '2.92.0',
+  cdkVersion: '2.134.0',
   defaultReleaseBranch: 'main',
   devDeps: ['cdklabs-projen-project-types'],
   name: '@cdklabs/cdk-verified-permissions',

README.md

@@ -10,7 +10,7 @@ This construct is still versioned with alpha/v0 major version and we could intro
 
 ## Policy Store
 
-Define a Policy Store with defaults (No schema & Validation Settings Mode set to OFF):
+Define a Policy Store with defaults (No description, No schema & Validation Settings Mode set to OFF):
 
 ```ts
 const test = new PolicyStore(scope, "PolicyStore");
@@ -27,7 +27,7 @@ const test = new PolicyStore(scope, "PolicyStore", {
 });
 ```
 
-Define a Policy Store with Schema definition (a STRICT Validation Settings Mode is strongly suggested for Policy Stores with schemas):
+Define a Policy Store with Description and Schema definition (a STRICT Validation Settings Mode is strongly suggested for Policy Stores with schemas):
 
 ```ts
 const validationSettingsStrict = {
@@ -55,6 +55,7 @@ const cedarSchema = {
 const policyStore = new PolicyStore(scope, "PolicyStore", {
   schema: cedarSchema,
   validationSettings: validationSettingsStrict,
+  description: "PolicyStore description"
 });
 ```
 
@@ -79,12 +80,39 @@ Define Identity Source with required properties:
 
 ```ts
 const userPool = new UserPool(scope, "UserPool"); // Creating a new Cognito UserPool
+const validationSettingsStrict = {
+  mode: ValidationSettingsMode.STRICT,
+};
+const cedarJsonSchema = {
+  PhotoApp: {
+    entityTypes: {
+      User: {},
+      Photo: {},
+    },
+    actions: {
+      viewPhoto: {
+        appliesTo: {
+          principalTypes: ["User"],
+          resourceTypes: ["Photo"],
+        },
+      },
+    },
+  },
+};
+const cedarSchema = {
+  cedarJson: JSON.stringify(cedarJsonSchema),
+};
+const policyStore = new PolicyStore(scope, "PolicyStore", {
+  schema: cedarSchema,
+  validationSettings: validationSettingsStrict,
+});
 new IdentitySource(scope, "IdentitySource", {
   configuration: {
     cognitoUserPoolConfiguration: {
       userPool: userPool,
     },
   },
+  policyStore: policyStore
 });
 ```
 

src/identity-source.ts

@@ -75,9 +75,8 @@ export interface IdentitySourceProps {
   /**
    * Policy Store in which you want to store this identity source
    *
-   * @default - No policy store is set for the identity source.
    */
-  readonly policyStore?: IPolicyStore;
+  readonly policyStore: IPolicyStore;
 
   /**
    * Principal entity type
@@ -195,7 +194,7 @@ export class IdentitySource extends IdentitySourceBase {
   readonly identitySourceId: string;
   readonly openIdIssuer: string;
   readonly userPoolArn: string;
-  readonly policyStore?: IPolicyStore;
+  readonly policyStore: IPolicyStore;
 
   constructor(scope: Construct, id: string, props: IdentitySourceProps) {
     super(scope, id);
@@ -211,7 +210,7 @@ export class IdentitySource extends IdentitySourceBase {
           userPoolArn: this.userPoolArn,
         },
       },
-      policyStoreId: props.policyStore?.policyStoreId,
+      policyStoreId: props.policyStore.policyStoreId,
       principalEntityType: props.principalEntityType,
     });
     this.discoveryUrl = this.identitySource.attrDetailsDiscoveryUrl;

src/policy-store.ts

@@ -81,7 +81,7 @@ export interface PolicyStoreProps {
    * This attribute is not required from an API point of view.
    * It represents the schema (in Cedar) to be applied to the PolicyStore.
    *
-   * @default - The schema (in Cedar) to be applied to the PolicyStore.
+   * @default - No schema.
    */
   readonly schema?: ISchema;
 
@@ -91,6 +91,13 @@ export interface PolicyStoreProps {
    * @default - If not provided, the Policy store will be created with ValidationSettingsMode = "OFF"
    */
   readonly validationSettings: IValidationSettings;
+
+  /**
+   * The policy store's description
+   *
+   * @default - No description.
+   */
+  readonly description?: string;
 }
 
 export interface AddPolicyOptions {
@@ -273,6 +280,11 @@ export class PolicyStore extends PolicyStoreBase {
    */
   readonly validationSettings: IValidationSettings;
 
+  /**
+   * Description of the Policy Store
+   */
+  readonly description?: string;
+
   constructor(
     scope: Construct,
     id: string,
@@ -291,6 +303,7 @@ export class PolicyStore extends PolicyStoreBase {
         }
         : undefined,
       validationSettings: props.validationSettings,
+      description: props.description,
     });
     this.policyStoreArn = this.getResourceArnAttribute(
       this.policyStore.attrArn,
@@ -304,6 +317,7 @@ export class PolicyStore extends PolicyStoreBase {
     this.policyStoreId = this.policyStore.attrPolicyStoreId;
     this.schema = props.schema;
     this.validationSettings = props.validationSettings;
+    this.description = props.description;
   }
 
   /**

test/identity-source.test.ts

@@ -15,12 +15,19 @@ describe('Identity Source creation', () => {
 
     // WHEN
     const userPool = new UserPool(stack, 'UserPool');
+    const policyStore = new PolicyStore(stack, 'PolicyStore', {
+      validationSettings: {
+        mode: ValidationSettingsMode.OFF,
+      },
+    });
+    const policyStoreLogicalId = getResourceLogicalId(policyStore, CfnPolicyStore);
     new IdentitySource(stack, 'IdentitySource', {
       configuration: {
         cognitoUserPoolConfiguration: {
           userPool: userPool,
         },
       },
+      policyStore: policyStore,
     });
 
     // THEN
@@ -35,6 +42,9 @@ describe('Identity Source creation', () => {
           },
         },
       },
+      PolicyStoreId: {
+        'Fn::GetAtt': [policyStoreLogicalId, 'PolicyStoreId'],
+      },
     });
   });
 

test/policy-store.test.ts

@@ -75,19 +75,21 @@ describe('Policy Store creation', () => {
     );
   });
 
-  test('Creating Policy Store with validation settings and schema (mode = STRICT)', () => {
+  test('Creating Policy Store with validation settings, description and schema (mode = STRICT)', () => {
     // GIVEN
     const cedarJsonSchema = cedarJsonSchemaExample;
     const stack = new Stack(undefined, 'Stack');
 
     // WHEN
+    const description = 'Policy Store Description';
     new PolicyStore(stack, 'PolicyStore', {
       validationSettings: {
         mode: ValidationSettingsMode.STRICT,
       },
       schema: {
         cedarJson: JSON.stringify(cedarJsonSchema),
       },
+      description: description,
     });
 
     // THEN
@@ -100,6 +102,7 @@ describe('Policy Store creation', () => {
         Schema: {
           CedarJson: JSON.stringify(cedarJsonSchema),
         },
+        Description: description,
       },
     );
   });