From 00f8d1aeb2efb61f93a7e09979cde154d45130a0 Mon Sep 17 00:00:00 2001 From: shellscape Date: Wed, 8 Jan 2025 11:24:50 -0400 Subject: [PATCH] fix(cdk): allow buckets to enable ACLs --- packages/cdk/src/methods/kinesis.ts | 33 +++++++++++++++++------------ packages/cdk/src/methods/s3.ts | 6 +++++- 2 files changed, 24 insertions(+), 15 deletions(-) diff --git a/packages/cdk/src/methods/kinesis.ts b/packages/cdk/src/methods/kinesis.ts index d4520d2..00cc468 100644 --- a/packages/cdk/src/methods/kinesis.ts +++ b/packages/cdk/src/methods/kinesis.ts @@ -30,9 +30,8 @@ interface AddStreamResult { } interface AddFirehoseOptions { + destination?: IDestination; destinationBucket?: Bucket | Omit; - // conversion?: DataFormatConversion; - destinations?: IDestination[]; name: string; scope: DotStack; source: Stream | Omit; @@ -52,21 +51,20 @@ interface GrantRemoteStreamOptions { } export const addFirehose = (options: AddFirehoseOptions): AddFirehoseResult => { - const { /* conversion,*/ destinations, destinationBucket, name, scope, source } = options; + const { /* conversion,*/ destination, destinationBucket, name, scope, source } = options; + + if (!destination && !destinationBucket) + throw new RangeError('Must provide either desitination or destinationBucket'); + const baseName = DotStack.baseName(name, 'firehose'); const firehoseName = scope.resourceName(baseName); const sourceStream = source instanceof Stream ? source : addStream({ name: `${name}-stream`, scope, ...source }).stream; - const deliveryProps: DeliveryStreamProps = { - deliveryStreamName: firehoseName, - destinations: [], - sourceStream - }; let bucket: Bucket | undefined; + let deliveryProps: DeliveryStreamProps; - if (destinations) deliveryProps.destinations.push(...destinations); if (destinationBucket) { bucket = destinationBucket instanceof Bucket @@ -113,11 +111,18 @@ export const addFirehose = (options: AddFirehoseOptions): AddFirehoseResult => { }) ); - const s3Destintation = new S3Bucket(bucket, { /* conversion,*/ role }); - // (s3Destintation as any).errorOutputPrefix = errorOutputPrefix; - // (s3Destintation as any).prefix = prefix; - deliveryProps.destinations.push(s3Destintation); - (deliveryProps as any).role = role; + deliveryProps = { + deliveryStreamName: firehoseName, + destination: new S3Bucket(bucket, { /* conversion,*/ role }), + role, + source: sourceStream as any + }; + } else { + deliveryProps = { + deliveryStreamName: firehoseName, + destination: destination!, + source: sourceStream as any + }; } const deliveryStream = new DeliveryStream(scope, firehoseName, deliveryProps); diff --git a/packages/cdk/src/methods/s3.ts b/packages/cdk/src/methods/s3.ts index 4febae2..e6114d3 100644 --- a/packages/cdk/src/methods/s3.ts +++ b/packages/cdk/src/methods/s3.ts @@ -9,7 +9,8 @@ import { EventType, HttpMethods, LifecycleRule, - NotificationKeyFilter + NotificationKeyFilter, + ObjectOwnership } from 'aws-cdk-lib/aws-s3'; import { BucketDeployment, Source } from 'aws-cdk-lib/aws-s3-deployment'; import { IGrantable } from 'aws-cdk-lib/aws-iam'; @@ -52,6 +53,7 @@ export interface AddBucketDeploymentResult { export interface AddBucketOptions { autoDeleteObjects?: boolean; cors?: boolean; + enableACLs?: boolean; expireAfterDays?: number; handlers?: BucketEventHandlerOptions[]; name: string; @@ -93,6 +95,7 @@ export const addBucket = (options: AddBucketOptions): AddBucketResult => { */ autoDeleteObjects = true, cors = false, + enableACLs = false, expireAfterDays, handlers, name, @@ -154,6 +157,7 @@ export const addBucket = (options: AddBucketOptions): AddBucketResult => { bucketName, cors: corsProps, lifecycleRules, + objectOwnership: enableACLs ? ObjectOwnership.BUCKET_OWNER_PREFERRED : void 0, publicReadAccess, removalPolicy, // Note: If this is ever used with a bucket that accepts overwriting existing objects,