Update Role enum to be type safe

awslabs · Dec 6, 2024 · 6edd50b · 6edd50b
1 parent 208d6e7
commit 6edd50b
Show file tree

Hide file tree

Showing 2 changed files with 32 additions and 31 deletions.
diff --git a/lib/core/iam/roles.ts b/lib/core/iam/roles.ts
@@ -14,23 +14,23 @@
  limitations under the License.
  */
 
+export const ROLE = 'Role';
+
 /**
- * List of all roles used for overrides
+ * List of all roles used for overrides with their corresponding RoleId
  */
 export enum Roles {
     DOCKER_IMAGE_BUILDER_DEPLOYMENT_ROLE = 'DockerImageBuilderDeploymentRole',
     DOCKER_IMAGE_BUILDER_EC2_ROLE = 'DockerImageBuilderEC2Role',
     DOCKER_IMAGE_BUILDER_ROLE = 'DockerImageBuilderRole',
-    DOCS_ROLE = 'DocsRole',
     DOCS_DEPLOYER_ROLE = 'DocsDeployerRole',
+    DOCS_ROLE = 'DocsRole',
     ECS_MODEL_DEPLOYER_ROLE = 'ECSModelDeployerRole',
     ECS_MODEL_TASK_ROLE = 'ECSModelTaskRole',
-    // eslint-disable-next-line no-unused-vars
-    ECS_REST_API_ROLE = 'ECSRestApiRole',
-    // eslint-disable-next-line no-unused-vars
     ECS_REST_API_EX_ROLE = 'ECSRestApiExRole',
-    LAMBDA_EXECUTION_ROLE = 'LambdaExecutionRole',
+    ECS_REST_API_ROLE = 'ECSRestApiRole',
     LAMBDA_CONFIGURATION_API_EXECUTION_ROLE = 'LambdaConfigurationApiExecutionRole',
+    LAMBDA_EXECUTION_ROLE = 'LambdaExecutionRole',
     MODEL_API_ROLE = 'ModelApiRole',
     MODEL_SFN_LAMBDA_ROLE = 'ModelsSfnLambdaRole',
     MODEL_SFN_ROLE = 'ModelSfnRole',
@@ -40,34 +40,35 @@ export enum Roles {
     UI_DEPLOYMENT_ROLE = 'UIDeploymentRole',
 }
 
-export const RoleNames: Record<string, string> = {
-    'DockerImageBuilderDeploymentRole': 'DockerImageBuilderDeploymentRole',
-    'DockerImageBuilderEC2Role': 'DockerImageBuilderEC2Role',
-    'DockerImageBuilderRole': 'DockerImageBuilderRole',
-    'DocsRole': 'DocsRole',
-    'DocsDeployerRole': 'DocsDeployerRole',
-    'ECSModelDeployerRole': 'ECSModelDeployerRole',
-    'ECSModelTaskRole': 'ECSModelTaskRole',
-    'ECSRestApiRole': 'ECSRestApiRole',
-    'ECSRestApiExRole': 'ECSRestApiExRole',
-    'LambdaExecutionRole': 'LambdaExecutionRole',
-    'LambdaConfigurationApiExecutionRole': 'LambdaConfigurationApiExecutionRole',
-    'ModelApiRole': 'ModelApiRole',
-    'ModelsSfnLambdaRole': 'ModelsSfnLambdaRole',
-    'ModelSfnRole': 'ModelSfnRole',
-    'RagLambdaExecutionRole': 'RAGRole',
-    'RestApiAuthorizerRole': 'RestApiAuthorizerRole',
-    'S3ReaderRole': 'S3ReaderRole',
-    'UIDeploymentRole': 'UIDeploymentRole',
+/**
+ * This is the RoleName used with roles, which can differ from the RoleNameId. This represents the existing deployed names for backwards compatibility.
+ */
+export const RoleNames: Record<Roles, string> = {
+    [Roles.DOCKER_IMAGE_BUILDER_DEPLOYMENT_ROLE]: 'DockerImageBuilderDeploymentRole',
+    [Roles.DOCKER_IMAGE_BUILDER_EC2_ROLE]: 'DockerImageBuilderEC2Role',
+    [Roles.DOCKER_IMAGE_BUILDER_ROLE]: 'DockerImageBuilderRole',
+    [Roles.DOCS_DEPLOYER_ROLE]: 'DocsDeployerRole',
+    [Roles.DOCS_ROLE]: 'DocsRole',
+    [Roles.ECS_MODEL_DEPLOYER_ROLE]: 'ECSModelDeployerRole',
+    [Roles.ECS_MODEL_TASK_ROLE]: 'ECSModelTaskRole',
+    [Roles.ECS_REST_API_EX_ROLE]: 'ECSRestApiExRole',
+    [Roles.ECS_REST_API_ROLE]: 'ECSRestApiRole',
+    [Roles.LAMBDA_CONFIGURATION_API_EXECUTION_ROLE]: 'LambdaConfigurationApiExecutionRole',
+    [Roles.LAMBDA_EXECUTION_ROLE]: 'LambdaExecutionRole',
+    [Roles.MODEL_API_ROLE]: 'ModelApiRole',
+    [Roles.MODEL_SFN_LAMBDA_ROLE]: 'ModelsSfnLambdaRole',
+    [Roles.MODEL_SFN_ROLE]: 'ModelSfnRole',
+    [Roles.RAG_LAMBDA_EXECUTION_ROLE]: 'RAGRole',
+    [Roles.REST_API_AUTHORIZER_ROLE]: 'RestApiAuthorizerRole',
+    [Roles.S3_READER_ROLE]: 'S3ReaderRole',
+    [Roles.UI_DEPLOYMENT_ROLE]: 'UIDeploymentRole',
 };
 
-export function of (key: string): Roles {
+export function getRoleId (key: string): Roles {
     const keys = Object.keys(Roles).filter((x) => x === key);
     if (keys.length > 0)
         return Roles[keys[0] as keyof typeof Roles] as Roles;
     else {
         throw Error(`No Roles entry exists for ${key}`);
     }
 }
-
-export const ROLE = 'Role';
diff --git a/lib/iam_stack.ts b/lib/iam_stack.ts
@@ -21,7 +21,7 @@ import { Construct } from 'constructs';
 
 import { createCdkId, getIamPolicyStatements } from './core/utils';
 import { BaseProps, Config } from './schema';
-import { of, ROLE, Roles } from './core/iam/roles';
+import { getRoleId, ROLE, Roles } from './core/iam/roles';
 
 /**
  * Properties for the LisaServeIAMStack Construct.
@@ -86,7 +86,7 @@ export class LisaServeIAMStack extends Stack {
         ];
 
         ecsRoles.forEach((role) => {
-            const taskRoleOverride = of(`ECS_${role.id}_${role.type}_ROLE`.toUpperCase());
+            const taskRoleOverride = getRoleId(`ECS_${role.id}_${role.type}_ROLE`.toUpperCase());
             const taskRoleId = createCdkId([role.id, ROLE]);
             const taskRoleName = createCdkId([config.deploymentName, role.id, ROLE]);
             const taskRole = config.roles ?
@@ -101,7 +101,7 @@ export class LisaServeIAMStack extends Stack {
             });
 
             if (config.roles) {
-                const executionRoleOverride = of(`ECS_${role.id}_${role.type}_EX_ROLE`.toUpperCase());
+                const executionRoleOverride = getRoleId(`ECS_${role.id}_${role.type}_EX_ROLE`.toUpperCase());
                 // @ts-expect-error - dynamic key lookup of object
                 const executionRole = Role.fromRoleName(this, createCdkId([role.id, 'ExRole']), config.roles[executionRoleOverride]);