Fixing contract tests for version 1.0.11 (#51)

* Fixing contract tests for version 1.0.11

* Changing ReadHandler so that it actually reads the live state of the resource.

Author: jonjara

aws-codeartifact-domain/inputs/inputs_1_create.json

@@ -1,4 +1,5 @@
 {
+  "DomainName": "create-contract-domain",
   "PermissionsPolicyDocument": {
     "Version": "2012-10-17",
     "Statement": [
@@ -9,11 +10,5 @@
         "Resource": "*"
       }
     ]
-  },
-  "Upstreams": null,
-  "ExternalConnections": [
-    "public:npmjs"
-  ],
-  "DomainName": "create-contract-domain",
-  "Description": "test description"
+  }
 }

aws-codeartifact-domain/inputs/inputs_1_update.json

@@ -10,8 +10,5 @@
       }
     ]
   },
-  "Upstreams": null,
-  "ExternalConnections": null,
-  "DomainName": "create-contract-domain",
-  "Description": "test description"
+  "DomainName": "create-contract-domain"
 }

aws-codeartifact-domain/pom.xml

@@ -23,7 +23,7 @@
         <dependency>
             <groupId>software.amazon.cloudformation</groupId>
             <artifactId>aws-cloudformation-rpdk-java-plugin</artifactId>
-            <version>2.0.0</version>
+            <version>2.0.2</version>
         </dependency>
         <!-- https://mvnrepository.com/artifact/org.projectlombok/lombok -->
         <dependency>

aws-codeartifact-domain/src/main/java/software/amazon/codeartifact/domain/Constants.java

@@ -6,6 +6,7 @@ public class Constants {
     public static final String LIST_DOMAINS = "codeartifact:ListDomains";
     public static final String PUT_DOMAIN_POLICY = "codeartifact:PutDomainPermissionsPolicy";
     public static final String DELETE_DOMAIN_PERMISSION_POLICY = "codeartifact:DeleteDomainPermissionsPolicy";
+    public static final String GET_DOMAIN_PERMISSION_POLICY = "codeartifact:GetDomainPermissionsPolicy";
     public static final String DELETE_DOMAIN = "codeartifact:DeleteDomain";
     public static final String DESCRIBE_DOMAIN = "codeartifact:DescribeDomain";
     public static final String ACTIVE_STATUS = "Active";

aws-codeartifact-domain/src/main/java/software/amazon/codeartifact/domain/ReadHandler.java

@@ -3,13 +3,16 @@
 import software.amazon.awssdk.awscore.exception.AwsServiceException;
 import software.amazon.awssdk.services.codeartifact.CodeartifactClient;
 import software.amazon.awssdk.services.codeartifact.model.DescribeDomainResponse;
+import software.amazon.awssdk.services.codeartifact.model.GetDomainPermissionsPolicyResponse;
+import software.amazon.awssdk.services.codeartifact.model.ResourceNotFoundException;
 import software.amazon.cloudformation.proxy.AmazonWebServicesClientProxy;
 import software.amazon.cloudformation.proxy.Logger;
 import software.amazon.cloudformation.proxy.ProgressEvent;
 import software.amazon.cloudformation.proxy.ProxyClient;
 import software.amazon.cloudformation.proxy.ResourceHandlerRequest;
 
 public class ReadHandler extends BaseHandlerStd {
+
     private Logger logger;
 
     protected ProgressEvent<ResourceModel, CallbackContext> handleRequest(
@@ -21,15 +24,58 @@ protected ProgressEvent<ResourceModel, CallbackContext> handleRequest(
 
         this.logger = logger;
 
-        // STEP 1 [initialize a proxy context]
-        return proxy.initiate("AWS-CodeArtifact-Domain::Read", proxyClient, request.getDesiredResourceState(), callbackContext)
+        logger.log(String.format("%s read handler is being invoked", ResourceModel.TYPE_NAME));
+        return ProgressEvent.progress(request.getDesiredResourceState(), callbackContext)
+            .then(progress -> describeDomain(proxy, progress, request, proxyClient))
+            .then(progress -> getDomainPolicy(proxy, progress, request, proxyClient))
+            .then(progress -> {
+                final ResourceModel model = progress.getResourceModel();
+                return ProgressEvent.defaultSuccessHandler(model);
+            });
+    }
 
-            // STEP 2 [construct a body of a request]
-            .translateToServiceRequest(Translator::translateToReadRequest)
-            // STEP 3 [make an api call]
+    private ProgressEvent<ResourceModel, CallbackContext> getDomainPolicy(
+        AmazonWebServicesClientProxy proxy,
+        ProgressEvent<ResourceModel, CallbackContext> progress,
+        ResourceHandlerRequest<ResourceModel> request,
+        ProxyClient<CodeartifactClient> proxyClient
+    ) {
+        return proxy.initiate("AWS-CodeArtifact-Domain::GetDomainPolicy", proxyClient, progress.getResourceModel(), progress.getCallbackContext())
+            .translateToServiceRequest(Translator::translateGetDomainPermissionsPolicyRequest)
             .makeServiceCall((awsRequest, client) -> {
-                logger.log(String.format("%s read handler is being invoked", ResourceModel.TYPE_NAME));
+                logger.log(String.format("%s getDomainPolicy is being invoked", ResourceModel.TYPE_NAME));
 
+                GetDomainPermissionsPolicyResponse getDomainPermissionsPolicyResponse = null;
+                try {
+                    getDomainPermissionsPolicyResponse = client.injectCredentialsAndInvokeV2(awsRequest, proxyClient.client()::getDomainPermissionsPolicy);
+                } catch (final ResourceNotFoundException e) {
+                    // Do nothing since there is no policy
+                } catch (final AwsServiceException e) {
+                    String domainName = request.getDesiredResourceState().getDomainName();
+                    Translator.throwCfnException(e, Constants.GET_DOMAIN_PERMISSION_POLICY, domainName);
+                }
+                logger.log(String.format("Domain policy of %s has successfully been read.", ResourceModel.TYPE_NAME));
+                return getDomainPermissionsPolicyResponse;
+            })
+            .done((getDomainPermissionsPolicyRequest, getDomainPermissionsPolicyResponse, proxyInvocation, resourceModel, context) -> {
+                    if (getDomainPermissionsPolicyResponse != null) {
+                        String domainPolicy = getDomainPermissionsPolicyResponse.policy().document();
+                        resourceModel.setPermissionsPolicyDocument(Translator.deserializePolicy(domainPolicy));
+                    }
+                    return ProgressEvent.progress(resourceModel, context);
+                });
+    }
+
+    private ProgressEvent<ResourceModel, CallbackContext> describeDomain(
+        AmazonWebServicesClientProxy proxy,
+        ProgressEvent<ResourceModel, CallbackContext> progress,
+        ResourceHandlerRequest<ResourceModel> request,
+        ProxyClient<CodeartifactClient> proxyClient
+    ) {
+        return proxy.initiate("AWS-CodeArtifact-Domain::Read", proxyClient, progress.getResourceModel(), progress.getCallbackContext())
+            .translateToServiceRequest(Translator::translateToReadRequest)
+            .makeServiceCall((awsRequest, client) -> {
+                logger.log(String.format("%s describeDomain is being invoked", ResourceModel.TYPE_NAME));
                 DescribeDomainResponse awsResponse = null;
                 try {
                     awsResponse = client.injectCredentialsAndInvokeV2(awsRequest, proxyClient.client()::describeDomain);
@@ -40,14 +86,7 @@ protected ProgressEvent<ResourceModel, CallbackContext> handleRequest(
                 logger.log(String.format("%s has successfully been read.", ResourceModel.TYPE_NAME));
                 return awsResponse;
             })
-            // STEP 4 [gather all properties of the resource]
-            .done(this::constructResourceModelFromResponse);
-    }
-
-    private ProgressEvent<ResourceModel, CallbackContext> constructResourceModelFromResponse(
-        final DescribeDomainResponse awsResponse
-    ) {
-        ResourceModel model = Translator.translateFromReadResponse(awsResponse);
-        return ProgressEvent.defaultSuccessHandler(model);
+            .done((describeDomainRequest, describeDomainResponse, proxyInvocation, resourceModel, context) ->
+                ProgressEvent.progress(Translator.translateFromReadResponse(describeDomainResponse), context));
     }
 }

aws-codeartifact-domain/src/main/java/software/amazon/codeartifact/domain/Translator.java

@@ -1,12 +1,17 @@
 package software.amazon.codeartifact.domain;
 
+import java.io.IOException;
 import java.util.Collection;
+import java.util.HashMap;
 import java.util.List;
+import java.util.Map;
 import java.util.Optional;
 import java.util.stream.Collectors;
 import java.util.stream.Stream;
 
+import com.amazonaws.util.StringUtils;
 import com.fasterxml.jackson.core.JsonProcessingException;
+import com.fasterxml.jackson.core.type.TypeReference;
 import com.fasterxml.jackson.databind.ObjectMapper;
 
 import software.amazon.awssdk.awscore.exception.AwsServiceException;
@@ -18,6 +23,7 @@
 import software.amazon.awssdk.services.codeartifact.model.DescribeDomainRequest;
 import software.amazon.awssdk.services.codeartifact.model.DescribeDomainResponse;
 import software.amazon.awssdk.services.codeartifact.model.DomainDescription;
+import software.amazon.awssdk.services.codeartifact.model.GetDomainPermissionsPolicyRequest;
 import software.amazon.awssdk.services.codeartifact.model.InternalServerException;
 import software.amazon.awssdk.services.codeartifact.model.ListDomainsRequest;
 import software.amazon.awssdk.services.codeartifact.model.ListDomainsResponse;
@@ -28,6 +34,7 @@
 import software.amazon.cloudformation.exceptions.CfnAccessDeniedException;
 import software.amazon.cloudformation.exceptions.CfnAlreadyExistsException;
 import software.amazon.cloudformation.exceptions.CfnGeneralServiceException;
+import software.amazon.cloudformation.exceptions.CfnInternalFailureException;
 import software.amazon.cloudformation.exceptions.CfnInvalidRequestException;
 import software.amazon.cloudformation.exceptions.CfnNotFoundException;
 import software.amazon.cloudformation.exceptions.CfnServiceLimitExceededException;
@@ -77,12 +84,49 @@ static DescribeDomainRequest translateToReadRequest(final ResourceModel model) {
         .build();
   }
 
+  /**
+   * Request to get permissionsPolicy of the domain resource
+   * @param model resource model
+   * @return awsRequest the aws service request to describe a resource
+   */
+  static GetDomainPermissionsPolicyRequest translateGetDomainPermissionsPolicyRequest(final ResourceModel model) {
+    String domainName = model.getDomainName();
+    String domainOwner = model.getOwner();
+
+    if (model.getArn() != null && domainName == null && domainOwner == null) {
+      // This is the case GetAtt or Ref is called on the resource
+      Arn domainArn = ArnUtils.fromArn(model.getArn());
+
+      domainName = domainArn.shortId();
+      domainOwner = domainArn.owner();
+    }
+    return GetDomainPermissionsPolicyRequest.builder()
+        .domain(domainName)
+        .domainOwner(domainOwner)
+        .build();
+  }
+
+  public static Map<String, Object> deserializePolicy(final String policy) {
+    if (StringUtils.isNullOrEmpty(policy)) {
+      return null;
+    }
+
+    try {
+      return MAPPER.readValue(policy, new TypeReference<HashMap<String,Object>>() {});
+    } catch (final IOException e) {
+      throw new CfnInternalFailureException(e);
+    }
+  }
+
   /**
    * Translates resource object from sdk into a resource model
    * @param awsResponse the aws service describe resource response
    * @return model resource model
    */
-  static ResourceModel translateFromReadResponse(final DescribeDomainResponse awsResponse) {
+  static ResourceModel translateFromReadResponse(
+      final DescribeDomainResponse awsResponse
+  ) {
+
     DomainDescription domain = awsResponse.domain();
     return ResourceModel.builder()
         .encryptionKey(domain.encryptionKey())

aws-codeartifact-domain/src/test/java/software/amazon/codeartifact/domain/CreateHandlerTest.java

@@ -30,9 +30,13 @@
 import software.amazon.awssdk.services.codeartifact.model.DescribeDomainRequest;
 import software.amazon.awssdk.services.codeartifact.model.DescribeDomainResponse;
 import software.amazon.awssdk.services.codeartifact.model.DomainDescription;
+import software.amazon.awssdk.services.codeartifact.model.GetDomainPermissionsPolicyRequest;
+import software.amazon.awssdk.services.codeartifact.model.GetDomainPermissionsPolicyResponse;
 import software.amazon.awssdk.services.codeartifact.model.InternalServerException;
 import software.amazon.awssdk.services.codeartifact.model.PutDomainPermissionsPolicyRequest;
 import software.amazon.awssdk.services.codeartifact.model.PutDomainPermissionsPolicyResponse;
+import software.amazon.awssdk.services.codeartifact.model.ResourceNotFoundException;
+import software.amazon.awssdk.services.codeartifact.model.ResourcePolicy;
 import software.amazon.awssdk.services.codeartifact.model.ServiceQuotaExceededException;
 import software.amazon.awssdk.services.codeartifact.model.ValidationException;
 import software.amazon.cloudformation.exceptions.CfnAccessDeniedException;
@@ -108,6 +112,7 @@ public void handleRequest_simpleSuccess() {
             .domain(domainDescription)
             .build();
 
+        when(proxyClient.client().getDomainPermissionsPolicy(any(GetDomainPermissionsPolicyRequest.class))).thenThrow(ResourceNotFoundException.class);
         when(proxyClient.client().describeDomain(any(DescribeDomainRequest.class))).thenReturn(describeDomainResponse);
 
         final ResourceHandlerRequest<ResourceModel> request = ResourceHandlerRequest.<ResourceModel>builder()
@@ -125,6 +130,7 @@ public void handleRequest_simpleSuccess() {
         assertThat(response.getErrorCode()).isNull();
 
         verify(codeartifactClient).createDomain(any(CreateDomainRequest.class));
+        verify(codeartifactClient).getDomainPermissionsPolicy(any(GetDomainPermissionsPolicyRequest.class));
         verify(codeartifactClient, times(2)).describeDomain(any(DescribeDomainRequest.class));
         verify(codeartifactClient, never()).putDomainPermissionsPolicy(any(PutDomainPermissionsPolicyRequest.class));
 
@@ -149,6 +155,7 @@ public void handleRequest_simpleSuccess_withEncryptionKey() {
             .domain(domainDescription)
             .build();
 
+        when(proxyClient.client().getDomainPermissionsPolicy(any(GetDomainPermissionsPolicyRequest.class))).thenThrow(ResourceNotFoundException.class);
         when(proxyClient.client().describeDomain(any(DescribeDomainRequest.class))).thenReturn(describeDomainResponse);
 
         final ResourceHandlerRequest<ResourceModel> request = ResourceHandlerRequest.<ResourceModel>builder()
@@ -170,6 +177,7 @@ public void handleRequest_simpleSuccess_withEncryptionKey() {
         verify(codeartifactClient).createDomain(createDomainRequestArgumentCaptor.capture());
         verify(codeartifactClient, times(2)).describeDomain(any(DescribeDomainRequest.class));
         verify(codeartifactClient, never()).putDomainPermissionsPolicy(any(PutDomainPermissionsPolicyRequest.class));
+        verify(codeartifactClient).getDomainPermissionsPolicy(any(GetDomainPermissionsPolicyRequest.class));
 
         CreateDomainRequest createDomainRequestValue = createDomainRequestArgumentCaptor.getValue();
 
@@ -199,6 +207,16 @@ public void handleRequest_withDomainPolicy() throws JsonProcessingException {
             .domain(domainDescription)
             .build();
 
+
+        GetDomainPermissionsPolicyResponse getDomainPermissionsPolicyResponse = GetDomainPermissionsPolicyResponse.builder()
+            .policy(
+                ResourcePolicy.builder()
+                    .document(MAPPER.writeValueAsString(TEST_POLICY_DOC))
+                    .build()
+            )
+            .build();
+
+        when(proxyClient.client().getDomainPermissionsPolicy(any(GetDomainPermissionsPolicyRequest.class))).thenReturn(getDomainPermissionsPolicyResponse);
         when(proxyClient.client().describeDomain(any(DescribeDomainRequest.class))).thenReturn(describeDomainResponse);
 
         final ResourceHandlerRequest<ResourceModel> request = ResourceHandlerRequest.<ResourceModel>builder()
@@ -210,6 +228,16 @@ public void handleRequest_withDomainPolicy() throws JsonProcessingException {
         assertThat(response).isNotNull();
         assertThat(response.getStatus()).isEqualTo(OperationStatus.SUCCESS);
         assertThat(response.getCallbackDelaySeconds()).isEqualTo(0);
+
+        final ResourceModel desiredOutputModel = ResourceModel.builder()
+            .domainName(DOMAIN_NAME)
+            .name(DOMAIN_NAME)
+            .owner(DOMAIN_OWNER)
+            .permissionsPolicyDocument(TEST_POLICY_DOC)
+            .arn(DOMAIN_ARN)
+            .encryptionKey(ENCRYPTION_KEY_ARN)
+            .build();
+
         assertThat(response.getResourceModel()).isEqualTo(desiredOutputModel);
         assertThat(response.getResourceModels()).isNull();
         assertThat(response.getMessage()).isNull();