fix: pass through additional roleprops (#12)

blimmer · Apr 10, 2024 · c8bd3f6 · c8bd3f6
1 parent 7182c77
commit c8bd3f6
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 9 deletions.
diff --git a/src/CircleCiOidcRole.ts b/src/CircleCiOidcRole.ts
@@ -35,28 +35,26 @@ export interface CircleCiOidcRoleProps extends CircleCiConfiguration, RoleProps
 /** Define an IAM Role that can be assumed by a CircleCI Job via the CircleCI OpenID Connect Identity Provider. */
 export class CircleCiOidcRole extends Role {
   constructor(scope: Construct, id: string, props: CircleCiOidcRoleProps) {
+    const { provider, projectIds, ...roleProps } = props;
     super(scope, id, {
       assumedBy: new OpenIdConnectPrincipal(
         // We use the CfnOIDCProvider instead of the OpenIdConnectProvider since it's overly complex
         // See https://github.com/aws/aws-cdk/issues/21197
         // However, the OpenIdConnectPrincipal still expects the L2 OpenIdConnectProvider, so we "import" it here to
         // make TypeScript happy with the types.
-        OpenIdConnectProvider.fromOpenIdConnectProviderArn(
-          scope,
-          `CircleCiOidcProviderImport${id}`,
-          props.provider.arn,
-        ),
+        OpenIdConnectProvider.fromOpenIdConnectProviderArn(scope, `CircleCiOidcProviderImport${id}`, provider.arn),
         {
           StringEquals: {
-            [`oidc.circleci.com/org/${props.provider.organizationId}:aud`]: props.provider.organizationId,
+            [`oidc.circleci.com/org/${provider.organizationId}:aud`]: provider.organizationId,
           },
           ...generateProjectCondition(
-            `oidc.circleci.com/org/${props.provider.organizationId}`,
-            props.provider.organizationId,
-            props.projectIds,
+            `oidc.circleci.com/org/${provider.organizationId}`,
+            provider.organizationId,
+            projectIds,
           ),
         },
       ),
+      ...roleProps,
     });
   }
 }

diff --git a/test/CircleCiOidcRole.test.ts b/test/CircleCiOidcRole.test.ts
@@ -105,6 +105,24 @@ describe("CircleCiOidcRole", () => {
     });
   });
 
+  it("passes through other RoleProps", () => {
+    const app = new App();
+    const stack = new Stack(app, "TestStack");
+    const provider = new CircleCiOidcProvider(stack, "CircleCiOidcProvider", {
+      organizationId: "1234",
+    });
+    new CircleCiOidcRole(stack, "CircleCiOidcRole", {
+      provider,
+      roleName: "MyRole",
+      description: "My Role",
+    });
+
+    Template.fromStack(stack).hasResourceProperties("AWS::IAM::Role", {
+      RoleName: "MyRole",
+      Description: "My Role",
+    });
+  });
+
   it("allows adding to the role", () => {
     const app = new App();
     const stack = new Stack(app, "TestStack");