fix(servicecatalogappregistry): allow disabling automatic CfnOutput (#…

…24483) When an application is created using `Application` construct, an output is automatically created in the customer defined stack without customer's intention to show related Application Manager URL for the application created. This can increase customer's CFN output usage without customer acknowledge and control. This commit: - emits the CFN Output in the AppRegistry managed stack where the application is created to allow all the stacks deployed in the cdk project to be associated to the application. Customers can control whether to emit the URL as CFN output by setting `emitApplicationManagerUrlAsOutput`. - changes `applicationManagerUrl` to a string type. Customers can create further create CFN output from this property. Closes #23779 BREAKING CHANGE: This commit contains destructive changes to the RAM Share. Since the application RAM share name is calculated by the application construct, where one property is removed. Integration test detects a breaking change where RAM share will be created. Integration test snapshot is updated to cater this destructive change. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
aws · Mar 7, 2023 · 3db1a0d · 3db1a0d
1 parent 9251610
commit 3db1a0d
Show file tree

Hide file tree

Showing 22 changed files with 944 additions and 56 deletions.
diff --git a/packages/@aws-cdk/aws-servicecatalogappregistry/README.md b/packages/@aws-cdk/aws-servicecatalogappregistry/README.md
@@ -84,7 +84,27 @@ const associatedApp = new appreg.ApplicationAssociator(app, 'AssociatedApplicati
 });
 ```
 
-This will create an application `MyAssociatedApplication` with the `TagKey` as `managedBy` and `TagValue` as `CDK_Application_Associator`.
+This will create a stack `MyAssociatedApplicationStack` containing an application `MyAssociatedApplication` 
+with the `TagKey` as `managedBy` and `TagValue` as `CDK_Application_Associator`.
+
+By default, the stack will have System Managed Application Manager console URL as its output for the application created. 
+If you want to remove the output, then use as shown in the example below:
+
+```ts
+const app = new App();
+const associatedApp = new appreg.ApplicationAssociator(app, 'AssociatedApplication', {
+  applications: [appreg.TargetApplication.createApplicationStack({
+    applicationName: 'MyAssociatedApplication',
+    // 'Application containing stacks deployed via CDK.' is the default
+    applicationDescription: 'Associated Application description',
+    stackName: 'MyAssociatedApplicationStack',
+    // Disables emitting Application Manager url as output
+    emitApplicationManagerUrlAsOutput: false,
+    // AWS Account and Region that are implied by the current CLI configuration is the default
+    env: { account: '123456789012', region: 'us-east-1' },
+  })],
+});
+```
 
 If you want to re-use an existing Application with ARN: `arn:aws:servicecatalog:us-east-1:123456789012:/applications/applicationId`
 and want to associate all stacks in the `App` scope to your imported application, then use as shown in the example below:

diff --git a/packages/@aws-cdk/aws-servicecatalogappregistry/lib/application.ts b/packages/@aws-cdk/aws-servicecatalogappregistry/lib/application.ts
@@ -256,7 +256,7 @@ export class Application extends ApplicationBase {
    * Application manager URL for the Application.
    * @attribute
    */
-  public readonly applicationManagerUrl?: cdk.CfnOutput;
+  public readonly applicationManagerUrl?: string;
   public readonly applicationArn: string;
   public readonly applicationId: string;
   public readonly applicationName?: string;
@@ -277,10 +277,8 @@ export class Application extends ApplicationBase {
     this.applicationName = props.applicationName;
     this.nodeAddress = cdk.Names.nodeUniqueId(application.node);
 
-    this.applicationManagerUrl = new cdk.CfnOutput(this, 'ApplicationManagerUrl', {
-      value: `https://${this.env.region}.console.aws.amazon.com/systems-manager/appmanager/application/AWS_AppRegistry_Application-${this.applicationName}`,
-      description: 'Application manager url for the application created.',
-    });
+    this.applicationManagerUrl =
+        `https://${this.env.region}.console.aws.amazon.com/systems-manager/appmanager/application/AWS_AppRegistry_Application-${this.applicationName}`;
   }
 
   protected generateUniqueHash(resourceAddress: string): string {

diff --git a/packages/@aws-cdk/aws-servicecatalogappregistry/lib/target-application.ts b/packages/@aws-cdk/aws-servicecatalogappregistry/lib/target-application.ts
@@ -33,6 +33,13 @@ export interface CreateTargetApplicationOptions extends TargetApplicationCommonO
     * @default - Application containing stacks deployed via CDK.
     */
   readonly applicationDescription?: string;
+
+  /**
+   * Whether create cloudFormation Output for application manager URL.
+   *
+   * @default - Application containing stacks deployed via CDK.
+   */
+  readonly emitApplicationManagerUrlAsOutput?: boolean;
 }
 
 /**
@@ -99,13 +106,22 @@ class CreateTargetApplication extends TargetApplication {
             this.applicationOptions.description || 'Stack to create AppRegistry application';
     (this.applicationOptions.env as cdk.Environment) =
             this.applicationOptions.env || { account: process.env.CDK_DEFAULT_ACCOUNT, region: process.env.CDK_DEFAULT_REGION };
+    (this.applicationOptions.emitApplicationManagerUrlAsOutput as boolean) = this.applicationOptions.emitApplicationManagerUrlAsOutput ?? true;
+
     const applicationStack = new cdk.Stack(scope, stackId, this.applicationOptions);
     const appRegApplication = new Application(applicationStack, 'DefaultCdkApplication', {
       applicationName: this.applicationOptions.applicationName,
       description: this.applicationOptions.applicationDescription || 'Application containing stacks deployed via CDK.',
     });
     cdk.Tags.of(appRegApplication).add('managedBy', 'CDK_Application_Associator');
 
+    if (this.applicationOptions.emitApplicationManagerUrlAsOutput) {
+      new cdk.CfnOutput(appRegApplication, 'ApplicationManagerUrl', {
+        value: `https://${appRegApplication.env.region}.console.aws.amazon.com/systems-manager/appmanager/application/AWS_AppRegistry_Application-${appRegApplication.applicationName}`,
+        description: 'System Manager Application Manager URL for the application created.',
+      });
+    }
+
     return {
       application: appRegApplication,
     };

diff --git a/packages/@aws-cdk/aws-servicecatalogappregistry/test/application-associator.test.ts b/packages/@aws-cdk/aws-servicecatalogappregistry/test/application-associator.test.ts
@@ -28,6 +28,34 @@ describe('Scope based Associations with Application within Same Account', () =>
       Name: 'MyAssociatedApplication',
       Tags: { managedBy: 'CDK_Application_Associator' },
     });
+    Template.fromStack(appAssociator.appRegistryApplication().stack).hasOutput('DefaultCdkApplicationApplicationManagerUrl27C138EF', {});
+    Template.fromStack(anotherStack).resourceCountIs('AWS::ServiceCatalogAppRegistry::ResourceAssociation', 1);
+    Template.fromStack(anotherStack).hasResourceProperties('AWS::ServiceCatalogAppRegistry::ResourceAssociation', {
+      Application: 'MyAssociatedApplication',
+      Resource: { Ref: 'AWS::StackId' },
+    });
+  });
+
+  test('ApplicationAssociator with url disabled will not create cfn output', () => {
+    const appAssociator = new appreg.ApplicationAssociator(app, 'MyApplication', {
+      applications: [appreg.TargetApplication.createApplicationStack({
+        applicationName: 'MyAssociatedApplication',
+        stackName: 'MyAssociatedApplicationStack',
+        emitApplicationManagerUrlAsOutput: false,
+      })],
+    });
+
+    const anotherStack = new AppRegistrySampleStack(app, 'SampleStack');
+    Template.fromStack(appAssociator.appRegistryApplication().stack).resourceCountIs('AWS::ServiceCatalogAppRegistry::Application', 1);
+    Template.fromStack(appAssociator.appRegistryApplication().stack).hasResourceProperties('AWS::ServiceCatalogAppRegistry::Application', {
+      Name: 'MyAssociatedApplication',
+      Tags: { managedBy: 'CDK_Application_Associator' },
+    });
+
+    expect(
+      Template.fromStack(appAssociator.appRegistryApplication().stack)
+        .findOutputs('*', {}),
+    ).toEqual({});
     Template.fromStack(anotherStack).resourceCountIs('AWS::ServiceCatalogAppRegistry::ResourceAssociation', 1);
     Template.fromStack(anotherStack).hasResourceProperties('AWS::ServiceCatalogAppRegistry::ResourceAssociation', {
       Application: 'MyAssociatedApplication',
@@ -93,6 +121,28 @@ describe('Scope based Associations with Application with Cross Region/Account',
     Template.fromStack(nestedStack).resourceCountIs('AWS::ServiceCatalogAppRegistry::ResourceAssociation', 1);
   });
 
+  test('ApplicationAssociator disables cfn output', () => {
+    const appAssociator = new appreg.ApplicationAssociator(app, 'MyApplication', {
+      applications: [appreg.TargetApplication.createApplicationStack({
+        applicationName: 'MyAssociatedApplication',
+        stackName: 'MyAssociatedApplicationStack',
+        emitApplicationManagerUrlAsOutput: false,
+      })],
+    });
+    const firstStack = new cdk.Stack(app, 'testStack', {
+      env: { account: 'account2', region: 'region' },
+    });
+    const nestedStack = new cdk.Stack(firstStack, 'MyFirstStack', {
+      env: { account: 'account2', region: 'region' },
+    });
+
+    expect(
+      Template.fromStack(appAssociator.appRegistryApplication().stack).findOutputs('*', {}),
+    ).toEqual({});
+    Template.fromStack(firstStack).resourceCountIs('AWS::ServiceCatalogAppRegistry::ResourceAssociation', 1);
+    Template.fromStack(nestedStack).resourceCountIs('AWS::ServiceCatalogAppRegistry::ResourceAssociation', 1);
+  });
+
   test('ApplicationAssociator creation failed when neither Application name nor ARN is provided', () => {
     expect(() => {
       new appreg.ApplicationAssociator(app, 'MyApplication', {
@@ -187,6 +237,7 @@ describe('Scope based Associations with Application with Cross Region/Account',
       associateStage: true,
     });
     app.synth();
+    Template.fromStack(application.appRegistryApplication().stack).hasOutput('DefaultCdkApplicationApplicationManagerUrl27C138EF', {});
     Template.fromStack(pipelineStack).resourceCountIs('AWS::ServiceCatalogAppRegistry::ResourceAssociation', 1);
   });
 });

diff --git a/packages/@aws-cdk/aws-servicecatalogappregistry/test/application.test.ts b/packages/@aws-cdk/aws-servicecatalogappregistry/test/application.test.ts
@@ -39,8 +39,7 @@ describe('Application', () => {
       description: description,
     });
 
-    Template.fromStack(stack).hasOutput('MyApplicationApplicationManagerUrlB79EF34D', {});
-    expect(application.applicationManagerUrl?.value).toContain('AWS_AppRegistry_Application-testApplication');
+    expect(application.applicationManagerUrl).toContain('AWS_AppRegistry_Application-testApplication');
     Template.fromStack(stack).hasResourceProperties('AWS::ServiceCatalogAppRegistry::Application', {
       Description: description,
     });
@@ -256,7 +255,7 @@ describe('Application', () => {
 
       Template.fromStack(stack).hasResourceProperties('AWS::RAM::ResourceShare', {
         AllowExternalPrincipals: false,
-        Name: 'RAMShare5bb637032063',
+        Name: 'RAMSharee6e0e560e6f8',
         Principals: ['arn:aws:organizations::123456789012:organization/o-70oi5564q1'],
         ResourceArns: [{ 'Fn::GetAtt': ['MyApplication5C63EC1D', 'Arn'] }],
         PermissionArns: ['arn:aws:ram::aws:permission/AWSRAMPermissionServiceCatalogAppRegistryApplicationReadOnly'],
@@ -270,7 +269,7 @@ describe('Application', () => {
 
       Template.fromStack(stack).hasResourceProperties('AWS::RAM::ResourceShare', {
         AllowExternalPrincipals: false,
-        Name: 'RAMShare5bb637032063',
+        Name: 'RAMSharee6e0e560e6f8',
         Principals: ['123456789012'],
         ResourceArns: [{ 'Fn::GetAtt': ['MyApplication5C63EC1D', 'Arn'] }],
         PermissionArns: ['arn:aws:ram::aws:permission/AWSRAMPermissionServiceCatalogAppRegistryApplicationReadOnly'],
@@ -286,7 +285,7 @@ describe('Application', () => {
 
       Template.fromStack(stack).hasResourceProperties('AWS::RAM::ResourceShare', {
         AllowExternalPrincipals: false,
-        Name: 'RAMShare5bb637032063',
+        Name: 'RAMSharee6e0e560e6f8',
         Principals: ['arn:aws:iam::123456789012:role/myRole'],
         ResourceArns: [{ 'Fn::GetAtt': ['MyApplication5C63EC1D', 'Arn'] }],
         PermissionArns: ['arn:aws:ram::aws:permission/AWSRAMPermissionServiceCatalogAppRegistryApplicationReadOnly'],
@@ -302,7 +301,7 @@ describe('Application', () => {
 
       Template.fromStack(stack).hasResourceProperties('AWS::RAM::ResourceShare', {
         AllowExternalPrincipals: false,
-        Name: 'RAMShare5bb637032063',
+        Name: 'RAMSharee6e0e560e6f8',
         Principals: ['arn:aws:iam::123456789012:user/myUser'],
         ResourceArns: [{ 'Fn::GetAtt': ['MyApplication5C63EC1D', 'Arn'] }],
         PermissionArns: ['arn:aws:ram::aws:permission/AWSRAMPermissionServiceCatalogAppRegistryApplicationReadOnly'],
@@ -317,7 +316,7 @@ describe('Application', () => {
 
       Template.fromStack(stack).hasResourceProperties('AWS::RAM::ResourceShare', {
         AllowExternalPrincipals: false,
-        Name: 'RAMShare5bb637032063',
+        Name: 'RAMSharee6e0e560e6f8',
         Principals: ['arn:aws:organizations::123456789012:organization/o-70oi5564q1'],
         ResourceArns: [{ 'Fn::GetAtt': ['MyApplication5C63EC1D', 'Arn'] }],
         PermissionArns: ['arn:aws:ram::aws:permission/AWSRAMPermissionServiceCatalogAppRegistryApplicationReadOnly'],
@@ -332,7 +331,7 @@ describe('Application', () => {
 
       Template.fromStack(stack).hasResourceProperties('AWS::RAM::ResourceShare', {
         AllowExternalPrincipals: false,
-        Name: 'RAMShare5bb637032063',
+        Name: 'RAMSharee6e0e560e6f8',
         Principals: ['arn:aws:organizations::123456789012:organization/o-70oi5564q1'],
         ResourceArns: [{ 'Fn::GetAtt': ['MyApplication5C63EC1D', 'Arn'] }],
         PermissionArns: ['arn:aws:ram::aws:permission/AWSRAMPermissionServiceCatalogAppRegistryApplicationAllowAssociation'],

diff --git a/...n-associator.disable-url.js.snapshot/ApplicationAssociator-d50dd3259875-Stack.assets.json b/...n-associator.disable-url.js.snapshot/ApplicationAssociator-d50dd3259875-Stack.assets.json
@@ -0,0 +1,20 @@
+{
+  "version": "30.1.0",
+  "files": {
+    "2669d20378c55153134983ffc6c70d7d39f75ab888356d2fbf04e21c11531590": {
+      "source": {
+        "path": "ApplicationAssociator-d50dd3259875-Stack.template.json",
+        "packaging": "file"
+      },
+      "destinations": {
+        "828800149827-us-east-2": {
+          "bucketName": "cdk-hnb659fds-assets-828800149827-us-east-2",
+          "objectKey": "2669d20378c55153134983ffc6c70d7d39f75ab888356d2fbf04e21c11531590.json",
+          "region": "us-east-2",
+          "assumeRoleArn": "arn:${AWS::Partition}:iam::828800149827:role/cdk-hnb659fds-file-publishing-role-828800149827-us-east-2"
+        }
+      }
+    }
+  },
+  "dockerImages": {}
+}
diff --git a/...associator.disable-url.js.snapshot/ApplicationAssociator-d50dd3259875-Stack.template.json b/...associator.disable-url.js.snapshot/ApplicationAssociator-d50dd3259875-Stack.template.json
@@ -0,0 +1,64 @@
+{
+ "Description": "Stack to create AppRegistry application",
+ "Resources": {
+  "DefaultCdkApplication4573D5A3": {
+   "Type": "AWS::ServiceCatalogAppRegistry::Application",
+   "Properties": {
+    "Name": "AppRegistryAssociatedApplication",
+    "Description": "Application containing stacks deployed via CDK.",
+    "Tags": {
+     "managedBy": "CDK_Application_Associator"
+    }
+   }
+  },
+  "AppRegistryAssociation": {
+   "Type": "AWS::ServiceCatalogAppRegistry::ResourceAssociation",
+   "Properties": {
+    "Application": {
+     "Fn::GetAtt": [
+      "DefaultCdkApplication4573D5A3",
+      "Id"
+     ]
+    },
+    "Resource": {
+     "Ref": "AWS::StackId"
+    },
+    "ResourceType": "CFN_STACK"
+   }
+  }
+ },
+ "Parameters": {
+  "BootstrapVersion": {
+   "Type": "AWS::SSM::Parameter::Value<String>",
+   "Default": "/cdk-bootstrap/hnb659fds/version",
+   "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]"
+  }
+ },
+ "Rules": {
+  "CheckBootstrapVersion": {
+   "Assertions": [
+    {
+     "Assert": {
+      "Fn::Not": [
+       {
+        "Fn::Contains": [
+         [
+          "1",
+          "2",
+          "3",
+          "4",
+          "5"
+         ],
+         {
+          "Ref": "BootstrapVersion"
+         }
+        ]
+       }
+      ]
+     },
+     "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI."
+    }
+   ]
+  }
+ }
+}
diff --git a/...able-url.js.snapshot/ApplicationAssociatorTestDefaultTestDeployAssert2A5F2DB9.assets.json b/...able-url.js.snapshot/ApplicationAssociatorTestDefaultTestDeployAssert2A5F2DB9.assets.json
@@ -0,0 +1,19 @@
+{
+  "version": "30.1.0",
+  "files": {
+    "19dd33f3c17e59cafd22b9459b0a8d9bedbd42252737fedb06b2bcdbcf7809cc": {
+      "source": {
+        "path": "ApplicationAssociatorTestDefaultTestDeployAssert2A5F2DB9.template.json",
+        "packaging": "file"
+      },
+      "destinations": {
+        "current_account-current_region": {
+          "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}",
+          "objectKey": "19dd33f3c17e59cafd22b9459b0a8d9bedbd42252737fedb06b2bcdbcf7809cc.json",
+          "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}"
+        }
+      }
+    }
+  },
+  "dockerImages": {}
+}
diff --git a/...le-url.js.snapshot/ApplicationAssociatorTestDefaultTestDeployAssert2A5F2DB9.template.json b/...le-url.js.snapshot/ApplicationAssociatorTestDefaultTestDeployAssert2A5F2DB9.template.json
@@ -0,0 +1,48 @@
+{
+ "Resources": {
+  "AppRegistryAssociation": {
+   "Type": "AWS::ServiceCatalogAppRegistry::ResourceAssociation",
+   "Properties": {
+    "Application": "AppRegistryAssociatedApplication",
+    "Resource": {
+     "Ref": "AWS::StackId"
+    },
+    "ResourceType": "CFN_STACK"
+   }
+  }
+ },
+ "Parameters": {
+  "BootstrapVersion": {
+   "Type": "AWS::SSM::Parameter::Value<String>",
+   "Default": "/cdk-bootstrap/hnb659fds/version",
+   "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]"
+  }
+ },
+ "Rules": {
+  "CheckBootstrapVersion": {
+   "Assertions": [
+    {
+     "Assert": {
+      "Fn::Not": [
+       {
+        "Fn::Contains": [
+         [
+          "1",
+          "2",
+          "3",
+          "4",
+          "5"
+         ],
+         {
+          "Ref": "BootstrapVersion"
+         }
+        ]
+       }
+      ]
+     },
+     "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI."
+    }
+   ]
+  }
+ }
+}
diff --git a/...rvicecatalogappregistry/test/integ.application-associator.disable-url.js.snapshot/cdk.out b/...rvicecatalogappregistry/test/integ.application-associator.disable-url.js.snapshot/cdk.out
@@ -0,0 +1 @@
+{"version":"30.1.0"}