feat(cdk): option to set cdk-diff WF assumed role validity[CLK-462684] (

#240) * feat: option to set cdk-diff WF assumed role validity[CLK-462684] * chore: updating docs & adding UT
time-loop · Jan 26, 2024 · d1de930 · d1de930
1 parent 03ffb31
commit d1de930
Show file tree

Hide file tree

Showing 5 changed files with 171 additions and 1 deletion.
diff --git a/API.md b/API.md
diff --git a/docs/cdk-diff/README.md b/docs/cdk-diff/README.md
@@ -28,18 +28,21 @@ Details follow.
 +        oidcRoleArn: `arn:aws:iam::${core.Environment.usQa.account}:role/${name}-github-actions-role`,
 +        labelToApplyWhenNoDiffPresent: 'no-changes-qa',
 +        stackSearchString: 'Qa',
+         roleDuration: 1800, // Set this value to a desired value only if the diff workflow is expected to take longer than 900 seconds. 
 +      },
 +      {
 +        name: 'staging',
 +        oidcRoleArn: `arn:aws:iam::${core.Environment.globalStaging.account}:role/${name}-github-actions-role`,
 +        labelToApplyWhenNoDiffPresent: 'no-changes-staging',
 +        stackSearchString: 'Staging',
+         roleDuration: 1800, // Set this value to a desired value only if the diff workflow is expected to take longer than 900 seconds. 
 +      },
 +      {
 +        name: 'prod',
 +        oidcRoleArn: `arn:aws:iam::${core.Environment.globalProd.account}:role/${name}-github-actions-role`,
 +        labelToApplyWhenNoDiffPresent: 'no-changes-prod',
 +        stackSearchString: 'Prod',
+         roleDuration: 1800, // Set this value to a desired value only if the diff workflow is expected to take longer than 900 seconds.
 +      },
 +    ],
 +    createOidcRoleStack: true,

diff --git a/src/cdk-diff-workflow.ts b/src/cdk-diff-workflow.ts
@@ -136,7 +136,7 @@ export module cdkDiffWorkflow {
           uses: 'aws-actions/configure-aws-credentials@v1',
           with: {
             'role-to-assume': env.oidcRoleArn,
-            'role-duration-seconds': 900,
+            'role-duration-seconds': env.roleDuration ?? 900,
             'aws-region': 'us-west-2',
           },
         },
@@ -249,6 +249,12 @@ export module cdkDiffWorkflow {
      * Example: `no-qa-changes`
      */
     readonly labelToApplyWhenNoDiffPresent: string;
+
+    /**
+     * Duration in seconds for the assumed role to be valid
+     * Defaut value: `900`
+     */
+    readonly roleDuration?: number;
   }
 
   export interface EnvToDiff extends BaseEnvToDiff {

diff --git a/test/__snapshots__/cdk-diff-workflow.test.ts.snap b/test/__snapshots__/cdk-diff-workflow.test.ts.snap
diff --git a/test/cdk-diff-workflow.test.ts b/test/cdk-diff-workflow.test.ts
@@ -25,6 +25,27 @@ describe('addCdkDiffWorkflowYml - cdk diff.yml file added', () => {
     expect(synth['.github/workflows/cdk-diff.yml']).toMatchSnapshot();
   });
 
+  test('diff with roleDuration value set', () => {
+    const project = new clickupCdk.ClickUpCdkTypeScriptApp({
+      cdkVersion: '2.91.0',
+      defaultReleaseBranch: 'main',
+      name: 'test',
+    });
+    cdkDiffWorkflow.addCdkDiffWorkflowYml(project, {
+      envsToDiff: [
+        {
+          name: 'qa',
+          oidcRoleArn: 'arn:aws:iam::123456789012:role/squad-github-actions-oidc-role-name-qa',
+          labelToApplyWhenNoDiffPresent: 'qa-no-changes',
+          stackSearchString: 'Qa',
+          roleDuration: 1800,
+        },
+      ],
+    });
+    const synth = Testing.synth(project);
+    expect(synth['.github/workflows/cdk-diff.yml']).toMatchSnapshot();
+  });
+
   test('node20', () => {
     const project = new clickupCdk.ClickUpCdkTypeScriptApp({
       cdkVersion: '2.91.0',