feat: Include account alias in the human-readable label

.projenrc.js

@@ -5,17 +5,18 @@ const {
 const AWS_CDK_LATEST_RELEASE = '2.0.0-rc.19';
 
 const PROJECT_NAME = 'cdk-codepipeline-bitbucket-build-result-reporter';
-const PROJECT_DESCRIPTION = 'A JSII construct lib for reporting AWS CodePipeline build statuses to a Bitbucket server instance';
+const PROJECT_DESCRIPTION = 'A JSII construct lib for reporting AWS CodePipeline and build statuses to a Bitbucket server instance';
 
 const project = new AwsCdkConstructLibrary({
   name: PROJECT_NAME,
   description: PROJECT_DESCRIPTION,
-  authorName: 'Markus',
+  authorName: 'Markus Lindqvist',
   authorEmail: '[email protected]',
   stability: 'stable',
   repository: 'https://github.com/markusl/cdk-codepipeline-bitbucket-build-result-reporter.git',
   cdkVersion: AWS_CDK_LATEST_RELEASE,
   defaultReleaseBranch: 'master',
+  minNodeVersion: '14.15.0',
   tsconfig: {
     compilerOptions: {
       lib: ['ES2019'],
@@ -27,10 +28,12 @@ const project = new AwsCdkConstructLibrary({
   devDeps: [
     '@types/aws-lambda',
     '@types/node-fetch',
+    'aws-sdk-client-mock',
     'esbuild',
     '[email protected]',
   ],
   bundledDeps: [
+    '@aws-sdk/client-iam',
     '@aws-sdk/client-ssm',
     '@aws-sdk/client-codebuild',
     '@aws-sdk/client-codepipeline',
@@ -40,7 +43,6 @@ const project = new AwsCdkConstructLibrary({
 });
 
 const common_exclude = [
-  '.cdk.staging',
   'cdk.context.json',
   'cdk.out',
   'coverage',

src/bitbucket.ts

@@ -5,7 +5,7 @@ const ssm = new SSM.SSMClient({});
 
 export const getToken = async (Name: string) => {
   const result = await ssm.send(new SSM.GetParameterCommand({ Name, WithDecryption: true }));
-  if (result.Parameter && result.Parameter.Value) {
+  if (result?.Parameter?.Value) {
     return result.Parameter?.Value;
   }
   throw new Error('Cannot fetch token');

src/iam-helper.ts

@@ -0,0 +1,16 @@
+import * as IAM from '@aws-sdk/client-iam';
+
+const iam = new IAM.IAMClient({});
+
+export const getCurrentAccountAlias = async (accountId: string) => {
+  try {
+    const aliases = await iam.send(new IAM.ListAccountAliasesCommand({}));
+    if (aliases.AccountAliases && aliases.AccountAliases.length > 0) {
+      return aliases.AccountAliases[0];
+    }
+    return accountId;
+  } catch (err) {
+    console.error(err);
+    return accountId;
+  }
+};

src/index.CodeBuildStatusHandler.ts

@@ -1,12 +1,13 @@
 import * as CodeBuild from '@aws-sdk/client-codebuild';
 import type * as AwsLambda from 'aws-lambda';
 import { BitbucketBuildStatus, putCodePipelineResultToBitBucket } from './bitbucket';
+import { getCurrentAccountAlias } from './iam-helper';
 
 const codeBuild = new CodeBuild.CodeBuildClient({ });
 
-export const buildBitbucketBuildStatusBody = (
+export const buildBitbucketBuildStatusBody = async (
   event: AwsLambda.CodeBuildCloudWatchStateEvent,
-  actionStatus: AwsLambda.CodeBuildStateType): BitbucketBuildStatus => {
+  actionStatus: AwsLambda.CodeBuildStateType): Promise<BitbucketBuildStatus> => {
   const detail = event.detail;
   const state =
     actionStatus === 'IN_PROGRESS' ? 'INPROGRESS' :
@@ -19,7 +20,7 @@ export const buildBitbucketBuildStatusBody = (
   return {
     state,
     key: `${detail['project-name']}-${buildId}`,
-    name: `CodeBuild-${detail['project-name']}`,
+    name: `CodeBuild-${detail['project-name']} (${await getCurrentAccountAlias(event.account)})`,
     url: `https://${event.region}.console.aws.amazon.com/codesuite/codebuild/${event.account}/projects/${detail['project-name']}/build/${detail['project-name']}:${buildId}/?region=${event.region}`,
     description: `${detail['project-name']} build initiated by ${detail['additional-information'].initiator} at ${detail['additional-information']['build-start-time']}`,
   };
@@ -40,7 +41,7 @@ exports.handler = async (event: AwsLambda.CodeBuildCloudWatchStateEvent) => {
   // console.log(JSON.stringify(event, undefined, 2));
 
   try {
-    const status = buildBitbucketBuildStatusBody(event, event.detail['build-status']);
+    const status = await buildBitbucketBuildStatusBody(event, event.detail['build-status']);
     const commitId = await getCommitId(event.detail['build-id']);
 
     // Skip S3 events. See https://docs.aws.amazon.com/codebuild/latest/userguide/sample-source-version.html

src/index.CodePipelineStatusHandler.ts

@@ -1,12 +1,14 @@
 import * as CodePipeline from '@aws-sdk/client-codepipeline';
 import type * as AwsLambda from 'aws-lambda';
 import { BitbucketBuildStatus, putCodePipelineResultToBitBucket } from './bitbucket';
+import { getCurrentAccountAlias } from './iam-helper';
 
 const codePipeline = new CodePipeline.CodePipelineClient({});
 
-export const buildBitbucketBuildStatusBody = (
+
+export const buildBitbucketBuildStatusBody = async (
   event: AwsLambda.CodePipelineCloudWatchActionEvent,
-  actionStatus: CodePipeline.ActionExecutionStatus): BitbucketBuildStatus => {
+  actionStatus: CodePipeline.ActionExecutionStatus): Promise<BitbucketBuildStatus> => {
   const detail = event.detail;
   const state =
     actionStatus === 'InProgress' ? 'INPROGRESS' :
@@ -18,7 +20,7 @@ export const buildBitbucketBuildStatusBody = (
   return {
     state,
     key: `${detail.stage}-${detail.action}`,
-    name: `${detail.stage}-${detail.action}`,
+    name: `${detail.stage}-${detail.action} (${await getCurrentAccountAlias(event.account)})`,
     url: `https://${event.region}.console.aws.amazon.com/codesuite/codepipeline/pipelines/${detail.pipeline}/view`,
     description: `${detail.stage}-${detail.action}`,
   };
@@ -38,7 +40,7 @@ const fetchExecution = async (event: AwsLambda.CodePipelineCloudWatchActionEvent
   return execution.pipelineExecution;
 };
 
-const getPipelineActionLatestStatus = async (event: AwsLambda.CodePipelineCloudWatchActionEvent): Promise<CodePipeline.ActionExecutionStatus> => {
+export const getPipelineActionLatestStatus = async (event: AwsLambda.CodePipelineCloudWatchActionEvent) => {
   const pipelineState = await codePipeline.send(new CodePipeline.GetPipelineStateCommand({
     name: event.detail.pipeline,
   }));
@@ -57,7 +59,7 @@ exports.handler = async (event: AwsLambda.CodePipelineCloudWatchActionEvent) =>
 
   try {
     const actionStatus = await getPipelineActionLatestStatus(event);
-    const status = buildBitbucketBuildStatusBody(event, actionStatus);
+    const status = await buildBitbucketBuildStatusBody(event, actionStatus);
 
     const pipelineExecution = await fetchExecution(event);
     const revisions = pipelineExecution.artifactRevisions ?? [{ revisionChangeIdentifier: '' }];

src/index.ts

@@ -32,6 +32,11 @@ const addCodeBuildStateChangeEventRule = (scope: Construct, states: string[], ha
   });
 };
 
+const listAliasesPolicy = new iam.PolicyStatement({
+  actions: ['iam:ListAccountAliases'],
+  resources: ['*'],
+});
+
 /** Common properties */
 export interface CodePipelineBitbucketBuildResultReporterProps {
   /**
@@ -74,6 +79,7 @@ export class CodePipelineBitbucketBuildResultReporter extends Construct {
       logRetention: logs.RetentionDays.ONE_MONTH,
     });
     accessToken.grantRead(codePipelineStatusHandler);
+    codePipelineStatusHandler.role?.addToPrincipalPolicy(listAliasesPolicy);
     codePipelineStatusHandler.role?.addToPrincipalPolicy(new iam.PolicyStatement({
       actions: ['codepipeline:GetPipelineExecution', 'codepipeline:GetPipelineState'],
       resources: ['arn:aws:codepipeline:*:*:*'],
@@ -95,6 +101,7 @@ export class CodePipelineBitbucketBuildResultReporter extends Construct {
       logRetention: logs.RetentionDays.ONE_MONTH,
     });
     accessToken.grantRead(codeBuildStatusHandler);
+    codeBuildStatusHandler.role?.addToPrincipalPolicy(listAliasesPolicy);
     codeBuildStatusHandler.role?.addToPrincipalPolicy(new iam.PolicyStatement({
       actions: ['codebuild:BatchGetBuilds'],
       resources: ['*'],

test/bitbucket.test.ts

@@ -0,0 +1,33 @@
+import * as SSM from '@aws-sdk/client-ssm';
+import { mockClient } from 'aws-sdk-client-mock';
+import '@aws-cdk/assert/jest';
+import { getToken } from '../src/bitbucket';
+
+const ssmMock = mockClient(SSM.SSMClient);
+
+const paramName = 'EXAMPLE_TOKEN';
+const exampleToken = 'frhWbyXaEPprfZRZXiuCUfmwMr6a0SAchp1JINHW7tXN21RZjF5jTcKaRr9kbm2';
+
+test('getToken returns the token', async () => {
+  ssmMock.on(SSM.GetParameterCommand, {
+    Name: paramName,
+  }).resolves({
+    Parameter: {
+      Value: exampleToken,
+    },
+  });
+
+  expect(await getToken(paramName)).toBe(exampleToken);
+});
+
+test('getToken fails with incorrect token', async () => {
+  ssmMock.on(SSM.GetParameterCommand, {
+    Name: paramName,
+  }).resolves({
+    Parameter: {
+      Value: exampleToken,
+    },
+  });
+
+  await expect(getToken('invalid-token')).rejects.toThrow(/Cannot fetch token/);
+});

test/iam-helper.test.ts

@@ -0,0 +1,30 @@
+import * as IAM from '@aws-sdk/client-iam';
+import { mockClient } from 'aws-sdk-client-mock';
+import '@aws-cdk/assert/jest';
+import { getCurrentAccountAlias } from '../src/iam-helper';
+
+const iamMock = mockClient(IAM.IAMClient);
+
+test('getCurrentAccountAlias returns account alias', async () => {
+  iamMock.on(IAM.ListAccountAliasesCommand).resolves({
+    AccountAliases: [
+      'account-alias',
+    ],
+  });
+
+  expect(await getCurrentAccountAlias('0987654321')).toBe('account-alias');
+});
+
+test('getCurrentAccountAlias returns account id if no aliases found', async () => {
+  iamMock.on(IAM.ListAccountAliasesCommand).resolves({
+    AccountAliases: [],
+  });
+
+  expect(await getCurrentAccountAlias('0987654321')).toBe('0987654321');
+});
+
+test('getCurrentAccountAlias handles promise rejection', async () => {
+  iamMock.on(IAM.ListAccountAliasesCommand).rejects();
+
+  expect(await getCurrentAccountAlias('0987654321')).toBe('0987654321');
+});