Github Automation App Access Role (#81)

Signed-off-by: Prudhvi Godithi <[email protected]>

infrastructure/lib/infrastructure-stack.ts

@@ -54,7 +54,8 @@ export class InfrastructureStack extends Stack {
           new ArnPrincipal(Project.JENKINS_MASTER_ROLE),
           new ArnPrincipal(Project.JENKINS_AGENT_ROLE)
         ]
-      }
+      },
+      githubAutomationAppAccess: gitHubAutomationApp.githubAppRole.roleArn
     });
 
     // Create OpenSearch Metrics Lambda setup

infrastructure/lib/stacks/opensearch.ts

@@ -23,6 +23,7 @@ export interface OpenSearchStackProps {
     readonly vpcStack: VpcStack;
     readonly enableNginxCognito: boolean;
     readonly jenkinsAccess?: jenkinsAccess;
+    readonly githubAutomationAppAccess?: string;
 }
 
 
@@ -130,6 +131,9 @@ export class OpenSearchDomainStack extends Stack {
             });
             clusterAccessPolicy.addPrincipals(new ArnPrincipal(jenkinsAccessRole.roleArn))
         }
+        if (props.githubAutomationAppAccess) {
+            clusterAccessPolicy.addPrincipals(new ArnPrincipal(props.githubAutomationAppAccess))
+        }
 
         this.domain = new Domain(this, 'OpenSearchHealthDomain', {
             version: EngineVersion.OPENSEARCH_2_13,

infrastructure/test/opensearch-stack.test.ts

@@ -25,7 +25,8 @@ test('OpenSearchDomain Stack Test', () => {
                 new ArnPrincipal(Project.JENKINS_MASTER_ROLE),
                 new ArnPrincipal(Project.JENKINS_AGENT_ROLE)
             ]
-        }
+        },
+        githubAutomationAppAccess: "sample-role-arn"
     });
     const openSearchDomainStackTemplate = Template.fromStack(openSearchDomainStack);
     openSearchDomainStackTemplate.resourceCountIs('AWS::IAM::Role', 8);