Fix: [AEA-0000] - handle conversation for pull request - part 2 (#60)

## Summary

- Routine Change

### Details

- grant execute on pull request

Author: anthony-nhs

packages/cdk/resources/Functions.ts

@@ -1,6 +1,6 @@
 import {Construct} from "constructs"
 import {LambdaFunction} from "../constructs/LambdaFunction"
-import {ManagedPolicy} from "aws-cdk-lib/aws-iam"
+import {ManagedPolicy, PolicyStatement, Role} from "aws-cdk-lib/aws-iam"
 import {StringParameter} from "aws-cdk-lib/aws-ssm"
 import {Secret} from "aws-cdk-lib/aws-secretsmanager"
 import {TableV2} from "aws-cdk-lib/aws-dynamodb"
@@ -35,6 +35,8 @@ export interface FunctionsProps {
   readonly slackBotSigningSecret: Secret
   readonly slackBotStateTable: TableV2
   readonly promptName: string
+  readonly isPullRequest: boolean
+  readonly mainSlackBotLambdaExecutionRoleArn : string
 }
 
 export class Functions extends Construct {
@@ -74,6 +76,30 @@ export class Functions extends Construct {
     props.slackBotTokenSecret.grantRead(slackBotLambda.function)
     props.slackBotSigningSecret.grantRead(slackBotLambda.function)
 
+    if (props.isPullRequest) {
+      const mainSlackBotLambdaExecutionRole = Role.fromRoleArn(
+        this,
+        "mainRoleArn",
+        props.mainSlackBotLambdaExecutionRoleArn, {
+          mutable: true
+        })
+
+      const executeSlackBotPolicy = new ManagedPolicy(this, "ExecuteSlackBotPolicy", {
+        description: "foo",
+        statements: [
+          new PolicyStatement({
+            actions: [
+              "lambda:invokeFunction"
+            ],
+            resources: [
+              slackBotLambda.function.functionArn
+            ]
+          })
+        ]
+      })
+      mainSlackBotLambdaExecutionRole.addManagedPolicy(executeSlackBotPolicy)
+    }
+
     // Lambda function to sync knowledge base on S3 events
     const syncKnowledgeBaseFunction = new LambdaFunction(this, "SyncKnowledgeBaseFunction", {
       stackName: props.stackName,

packages/cdk/stacks/EpsAssistMeStack.ts

@@ -2,7 +2,8 @@ import {
   App,
   Stack,
   StackProps,
-  CfnOutput
+  CfnOutput,
+  Fn
 } from "aws-cdk-lib"
 import {nagSuppressions} from "../nagSuppressions"
 import {Apis} from "../resources/Apis"
@@ -30,6 +31,9 @@ export class EpsAssistMeStack extends Stack {
   public constructor(scope: App, id: string, props: EpsAssistMeStackProps) {
     super(scope, id, props)
 
+    // imports
+    const mainSlackBotLambdaExecutionRoleArn = Fn.importValue("epsam:lambda:SlackBot:ExecutionRole:Arn")
+
     // Get variables from context
     const region = Stack.of(this).region
     const account = Stack.of(this).account
@@ -131,7 +135,9 @@ export class EpsAssistMeStack extends Stack {
       slackBotTokenSecret: secrets.slackBotTokenSecret,
       slackBotSigningSecret: secrets.slackBotSigningSecret,
       slackBotStateTable: tables.slackBotStateTable.table,
-      promptName: bedrockPromptResources.queryReformulationPrompt.promptName
+      promptName: bedrockPromptResources.queryReformulationPrompt.promptName,
+      isPullRequest: isPullRequest,
+      mainSlackBotLambdaExecutionRoleArn: mainSlackBotLambdaExecutionRoleArn
     })
 
     // Create vector index after Functions are created