Skip to content

Commit

Permalink
fix(events): Batch target does not work (aws#7191)
Browse files Browse the repository at this point in the history 
The AWS Batch Event Rule target recently added actually did not emit
BatchParameters, and so did not work. Also, the permission set was
wrong.

Unclear why this passed integration test previously, maybe the service
has added validation in the mean time.

Fixes aws#7137.
  • Loading branch information
@rix0rrr
rix0rrr authored Apr 6, 2020
1 parent d30e0d1 commit 6f00783
Show file tree
Hide file tree
Showing 4 changed files with 189 additions and 198 deletions.
36 changes: 18 additions & 18 deletions packages/@aws-cdk/aws-events-targets/lib/batch.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,13 @@ export interface BatchJobProps {
* @default no retryStrategy is set
*/
readonly attempts?: number;

/**
* The name of the submitted job
*
* @default - Automatically generated
*/
readonly jobName?: string;
}

/**
Expand All @@ -49,33 +56,26 @@ export class BatchJob implements events.IRuleTarget {
* Returns a RuleTarget that can be used to trigger queue this batch job as a
* result from a CloudWatch event.
*/
public bind(_rule: events.IRule, _id?: string): events.RuleTargetConfig {
const baseBatchParameters: any = {
public bind(rule: events.IRule, _id?: string): events.RuleTargetConfig {
const batchParameters: events.CfnRule.BatchParametersProperty = {
jobDefinition: this.jobDefinition.jobDefinitionArn,
jobName: this.jobDefinition.jobDefinitionName
jobName: this.props.jobName ?? rule.node.uniqueId,
arrayProperties: this.props.size ? { size: this.props.size } : undefined,
retryStrategy: this.props.attempts ? { attempts: this.props.attempts } : undefined,
};

if (this.props.size) {
baseBatchParameters.arrayProperties = {
size: this.props.size
};
}

if (this.props.attempts) {
baseBatchParameters.retryStrategy = {
attempts: this.props.attempts
};
}

const batchParameters: events.CfnRule.BatchParametersProperty = baseBatchParameters;

return {
id: '',
arn: this.jobQueue.jobQueueArn,
// When scoping resource-level access for job submission, you must provide both job queue and job definition resource types.
// https://docs.aws.amazon.com/batch/latest/userguide/ExamplePolicies_BATCH.html#iam-example-restrict-job-def
role: singletonEventRole(this.jobDefinition, [
new iam.PolicyStatement({
actions: ['batch:SubmitJob'],
resources: [this.jobDefinition.jobDefinitionArn]
resources: [
this.jobDefinition.jobDefinitionArn,
this.jobQueue.jobQueueArn,
]
})
]),
input: this.props.event,
Expand Down
46 changes: 10 additions & 36 deletions packages/@aws-cdk/aws-events-targets/test/batch/batch.test.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -45,35 +45,11 @@ test('use aws batch job as an eventrule target', () => {
'MyJobEventsRoleCF43C336',
'Arn'
]
}
}
]
}));
expect(stack).to(haveResource('AWS::IAM::Role', {
AssumeRolePolicyDocument: {
Statement: [
{
Action: 'sts:AssumeRole',
Effect: 'Allow',
Principal: {
Service: 'batch.amazonaws.com'
}
}
],
Version: '2012-10-17'
},
ManagedPolicyArns: [
{
'Fn::Join': [
'',
[
'arn:',
{
Ref: 'AWS::Partition'
},
':iam::aws:policy/service-role/AWSBatchServiceRole'
]
]
},
BatchParameters: {
JobDefinition: { Ref: 'MyJob8719E923' },
JobName: 'Rule'
},
}
]
}));
Expand All @@ -84,18 +60,16 @@ test('use aws batch job as an eventrule target', () => {
{
Action: 'batch:SubmitJob',
Effect: 'Allow',
Resource: {
Ref: 'MyJob8719E923'
}
Resource: [
{ Ref: 'MyJob8719E923' },
{ Ref: 'MyQueueE6CA6235' }
],
}
],
Version: '2012-10-17'
},
PolicyName: 'MyJobEventsRoleDefaultPolicy7266D3A7',
Roles: [
{
Ref: 'MyJobEventsRoleCF43C336'
}
{ Ref: 'MyJobEventsRoleCF43C336' }
]
}));
});
Loading

0 comments on commit 6f00783

Please sign in to comment.