feat(resource-binding): Create a file with a security group ID when i…

…t is defined as AccessSecurityGroupId in the resource manifest
awslabs · Feb 14, 2025 · af19df8 · af19df8
1 parent fd3d3e2
commit af19df8
Show file tree

Hide file tree

Showing 6 changed files with 27 additions and 3 deletions.
diff --git a/backstage-plugins/plugins/aws-apps-backend/src/api/aws-platform.ts b/backstage-plugins/plugins/aws-apps-backend/src/api/aws-platform.ts
@@ -301,6 +301,12 @@ export class AwsAppsPlatformApi {
       content: resourceBindContent,
     });
 
+    input.securityGroupIds.forEach((securityGroupId) => actions.push({
+      action: 'create',
+      file_path: `.iac/security-groups/${input.envName}/${input.providerName}/${securityGroupId}`,
+      content: ''
+    }))
+
     const change:ICommitChange = {
       commitMessage: `Bind Resource`,
       branch: 'main',
@@ -352,6 +358,12 @@ export class AwsAppsPlatformApi {
       content: resourceBindContent,
     });
 
+    input.securityGroupIds.forEach((securityGroupId) => actions.push({
+      action: 'delete',
+      file_path: `.iac/security-groups/${input.envName}/${input.providerName}/${securityGroupId}`,
+      content: ''
+    }))
+
     const change:ICommitChange = {
       commitMessage: `UnBind Resource`,
       branch: 'main',

diff --git a/backstage-plugins/plugins/aws-apps-backend/src/service/router.ts b/backstage-plugins/plugins/aws-apps-backend/src/service/router.ts
@@ -309,13 +309,15 @@ export async function createRouter(options: RouterOptions): Promise<express.Rout
     const resourceName = req.body.resourceName?.toString();
     const resourceEntityRef = req.body.resourceEntityRef?.toString();
     const policies = req.body.policies;
+    const securityGroupIds = req.body.securityGroupIds || [];
     const params: BindResourceParams = {
       envName,
       appName,
       providerName,
       resourceName,
       resourceEntityRef,
-      policies
+      policies,
+      securityGroupIds
     };
     // console.log(params)
     const results = await apiPlatformClient.bindResource(repoInfo,params, secretName);
@@ -337,12 +339,14 @@ export async function createRouter(options: RouterOptions): Promise<express.Rout
     const resourceName = req.body.resourceName?.toString();
     const resourceEntityRef = req.body.resourceEntityRef?.toString();
     const policies = req.body.policies;
+    const securityGroupIds = req.body.securityGroupIds || [];
     const params: BindResourceParams = {
       envName,
       appName,
       providerName,
       resourceName,
       resourceEntityRef,
+      securityGroupIds,
       policies
     };
     // console.log(params)

diff --git a/backstage-plugins/plugins/aws-apps-common/src/types/AWSResource.ts b/backstage-plugins/plugins/aws-apps-common/src/types/AWSResource.ts
@@ -39,6 +39,7 @@ export interface ResourceBinding {
   provider: string;
   resourceArn: string;
   associatedResources?: AssociatedResources[]
+  securityGroupIds?: string[]
   entityRef?:string;
 }
 
@@ -55,6 +56,7 @@ export interface BindResourceParams {
   resourceName:string;
   resourceEntityRef:string;
   policies: ResourcePolicy[];
+  securityGroupIds: string[];
   appName: string;
 }
 

diff --git a/backstage-plugins/plugins/aws-apps/src/api/OPAApiClient.ts b/backstage-plugins/plugins/aws-apps/src/api/OPAApiClient.ts
@@ -229,7 +229,8 @@ export class OPAApiClient implements OPAApi {
       envName: params.envName,
       policies: params.policies,
       resourceName: params.resourceName,
-      resourceEntityRef: params.resourceEntityRef
+      resourceEntityRef: params.resourceEntityRef,
+      securityGroupIds: params.securityGroupIds
     }
 
     const bindResponse = this.fetch<any>('/platform/bind-resource', HTTP.POST, postBody);
@@ -259,7 +260,8 @@ export class OPAApiClient implements OPAApi {
       envName: params.envName,
       policies: params.policies,
       resourceName: params.resourceName,
-      resourceEntityRef: params.resourceEntityRef
+      resourceEntityRef: params.resourceEntityRef,
+      securityGroupIds: params.securityGroupIds
     }
 
     const unBindResponse = this.fetch<any>('/platform/unbind-resource', HTTP.POST, postBody);

diff --git a/backstage-plugins/plugins/aws-apps/src/components/ResourceBindingCard/ResourceBinding.tsx b/backstage-plugins/plugins/aws-apps/src/components/ResourceBindingCard/ResourceBinding.tsx
@@ -98,6 +98,7 @@ const ResourceBindingCard = ({
               resourceArn: providerAppData['Arn'],
               id: providerAppData['Arn'],
               entityRef: "resource:default/" + et!.metadata.name,
+              securityGroupIds: providerAppData['AccessSecurityGroupId'] ? [providerAppData['AccessSecurityGroupId']] : [],
               associatedResources: [associatedRDSResources]
             })
         }
@@ -173,6 +174,7 @@ const ResourceBindingCard = ({
       appName: entity.metadata.name,
       resourceName: item.resourceName,
       resourceEntityRef: item.id,
+      securityGroupIds: item.securityGroupIds || [],
       policies
     };
 
@@ -214,6 +216,7 @@ const ResourceBindingCard = ({
       appName: entity.metadata.name,
       resourceName: item.resourceName,
       resourceEntityRef: item.entityRef!,
+      securityGroupIds: item.securityGroupIds || [],
       policies
     };
 

diff --git a/...ge-plugins/plugins/aws-apps/src/components/ResourceBindingCard/ResourceSelectorDialog.tsx b/...ge-plugins/plugins/aws-apps/src/components/ResourceBindingCard/ResourceSelectorDialog.tsx
@@ -183,6 +183,7 @@ export const ResourceSelectorDialog = ({
               provider: p,
               resourceArn: providerAppData['Arn'],
               id,
+              securityGroupIds: providerAppData['AccessSecurityGroupId'] ? [providerAppData['AccessSecurityGroupId']] : [],
               associatedResources: [associatedRDSResources]
             })
         }