fix(cdk): allow buckets to enable ACLs

shellscape · Jan 8, 2025 · 00f8d1a · 00f8d1a
1 parent 832fb45
commit 00f8d1a
Show file tree

Hide file tree

Showing 2 changed files with 24 additions and 15 deletions.
diff --git a/packages/cdk/src/methods/kinesis.ts b/packages/cdk/src/methods/kinesis.ts
@@ -30,9 +30,8 @@ interface AddStreamResult {
 }
 
 interface AddFirehoseOptions {
+  destination?: IDestination;
   destinationBucket?: Bucket | Omit<AddBucketOptions, 'name' | 'scope'>;
-  // conversion?: DataFormatConversion;
-  destinations?: IDestination[];
   name: string;
   scope: DotStack;
   source: Stream | Omit<AddStreamOptions, 'name' | 'scope'>;
@@ -52,21 +51,20 @@ interface GrantRemoteStreamOptions {
 }
 
 export const addFirehose = (options: AddFirehoseOptions): AddFirehoseResult => {
-  const { /* conversion,*/ destinations, destinationBucket, name, scope, source } = options;
+  const { /* conversion,*/ destination, destinationBucket, name, scope, source } = options;
+
+  if (!destination && !destinationBucket)
+    throw new RangeError('Must provide either desitination or destinationBucket');
+
   const baseName = DotStack.baseName(name, 'firehose');
   const firehoseName = scope.resourceName(baseName);
   const sourceStream =
     source instanceof Stream
       ? source
       : addStream({ name: `${name}-stream`, scope, ...source }).stream;
-  const deliveryProps: DeliveryStreamProps = {
-    deliveryStreamName: firehoseName,
-    destinations: [],
-    sourceStream
-  };
   let bucket: Bucket | undefined;
+  let deliveryProps: DeliveryStreamProps;
 
-  if (destinations) deliveryProps.destinations.push(...destinations);
   if (destinationBucket) {
     bucket =
       destinationBucket instanceof Bucket
@@ -113,11 +111,18 @@ export const addFirehose = (options: AddFirehoseOptions): AddFirehoseResult => {
       })
     );
 
-    const s3Destintation = new S3Bucket(bucket, { /* conversion,*/ role });
-    // (s3Destintation as any).errorOutputPrefix = errorOutputPrefix;
-    // (s3Destintation as any).prefix = prefix;
-    deliveryProps.destinations.push(s3Destintation);
-    (deliveryProps as any).role = role;
+    deliveryProps = {
+      deliveryStreamName: firehoseName,
+      destination: new S3Bucket(bucket, { /* conversion,*/ role }),
+      role,
+      source: sourceStream as any
+    };
+  } else {
+    deliveryProps = {
+      deliveryStreamName: firehoseName,
+      destination: destination!,
+      source: sourceStream as any
+    };
   }
 
   const deliveryStream = new DeliveryStream(scope, firehoseName, deliveryProps);

diff --git a/packages/cdk/src/methods/s3.ts b/packages/cdk/src/methods/s3.ts
@@ -9,7 +9,8 @@ import {
   EventType,
   HttpMethods,
   LifecycleRule,
-  NotificationKeyFilter
+  NotificationKeyFilter,
+  ObjectOwnership
 } from 'aws-cdk-lib/aws-s3';
 import { BucketDeployment, Source } from 'aws-cdk-lib/aws-s3-deployment';
 import { IGrantable } from 'aws-cdk-lib/aws-iam';
@@ -52,6 +53,7 @@ export interface AddBucketDeploymentResult {
 export interface AddBucketOptions {
   autoDeleteObjects?: boolean;
   cors?: boolean;
+  enableACLs?: boolean;
   expireAfterDays?: number;
   handlers?: BucketEventHandlerOptions[];
   name: string;
@@ -93,6 +95,7 @@ export const addBucket = (options: AddBucketOptions): AddBucketResult => {
      */
     autoDeleteObjects = true,
     cors = false,
+    enableACLs = false,
     expireAfterDays,
     handlers,
     name,
@@ -154,6 +157,7 @@ export const addBucket = (options: AddBucketOptions): AddBucketResult => {
     bucketName,
     cors: corsProps,
     lifecycleRules,
+    objectOwnership: enableACLs ? ObjectOwnership.BUCKET_OWNER_PREFERRED : void 0,
     publicReadAccess,
     removalPolicy,
     // Note: If this is ever used with a bucket that accepts overwriting existing objects,