From 1ce33efd1aef12f51ef1608ce8531f46b31f8e4c Mon Sep 17 00:00:00 2001 From: yuanhaoz Date: Wed, 9 Oct 2024 16:34:51 -0700 Subject: [PATCH] add more tests --- .../integ.customize-role.js.snapshot/cdk.out | 1 + .../iam-policy-report.json | 33 ++++ .../iam-policy-report.txt | 33 ++++ .../integ-customize-role.assets.json | 19 +++ .../integ-customize-role.template.json | 41 +++++ .../integ.json | 12 ++ ...efaultTestDeployAssert811D838D.assets.json | 19 +++ ...aultTestDeployAssert811D838D.template.json | 36 ++++ .../manifest.json | 115 +++++++++++++ .../tree.json | 157 ++++++++++++++++++ .../test/aws-iam/test/integ.customize-role.ts | 36 ++++ 11 files changed, 502 insertions(+) create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-iam/test/integ.customize-role.js.snapshot/cdk.out create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-iam/test/integ.customize-role.js.snapshot/iam-policy-report.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-iam/test/integ.customize-role.js.snapshot/iam-policy-report.txt create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-iam/test/integ.customize-role.js.snapshot/integ-customize-role.assets.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-iam/test/integ.customize-role.js.snapshot/integ-customize-role.template.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-iam/test/integ.customize-role.js.snapshot/integ.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-iam/test/integ.customize-role.js.snapshot/integiamcustomizeroleDefaultTestDeployAssert811D838D.assets.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-iam/test/integ.customize-role.js.snapshot/integiamcustomizeroleDefaultTestDeployAssert811D838D.template.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-iam/test/integ.customize-role.js.snapshot/manifest.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-iam/test/integ.customize-role.js.snapshot/tree.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-iam/test/integ.customize-role.ts diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-iam/test/integ.customize-role.js.snapshot/cdk.out b/packages/@aws-cdk-testing/framework-integ/test/aws-iam/test/integ.customize-role.js.snapshot/cdk.out new file mode 100644 index 0000000000000..c6e612584e352 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-iam/test/integ.customize-role.js.snapshot/cdk.out @@ -0,0 +1 @@ +{"version":"38.0.1"} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-iam/test/integ.customize-role.js.snapshot/iam-policy-report.json b/packages/@aws-cdk-testing/framework-integ/test/aws-iam/test/integ.customize-role.js.snapshot/iam-policy-report.json new file mode 100644 index 0000000000000..aab8578ff3f55 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-iam/test/integ.customize-role.js.snapshot/iam-policy-report.json @@ -0,0 +1,33 @@ +{ + "roles": [ + { + "roleConstructPath": "integ-customize-role/TestRole", + "roleName": "my-precreated-role", + "missing": false, + "assumeRolePolicy": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "sqs.amazonaws.com" + } + } + ], + "managedPolicyArns": [], + "managedPolicyStatements": [], + "identityPolicyStatements": [ + { + "Action": "sqs:SendMessage", + "Effect": "Allow", + "Resource": [ + "arn:aws:s3:::abc/xyz/123.txt", + "(NOVALUE)", + "arn:(PARTITION):iam::(ACCOUNT)/role/FakeRole'", + "(integ-customize-role/MyGroup/Resource.Arn)/*", + "(integ-customize-role/MyGroup/Resource.Arn)" + ] + } + ] + } + ] +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-iam/test/integ.customize-role.js.snapshot/iam-policy-report.txt b/packages/@aws-cdk-testing/framework-integ/test/aws-iam/test/integ.customize-role.js.snapshot/iam-policy-report.txt new file mode 100644 index 0000000000000..d0826b6d1eb9f --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-iam/test/integ.customize-role.js.snapshot/iam-policy-report.txt @@ -0,0 +1,33 @@ + (integ-customize-role/TestRole) + +AssumeRole Policy: +[ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "sqs.amazonaws.com" + } + } +] + +Managed Policy ARNs: +NONE + +Managed Policies Statements: +NONE + +Identity Policy Statements: +[ + { + "Action": "sqs:SendMessage", + "Effect": "Allow", + "Resource": [ + "arn:aws:s3:::abc/xyz/123.txt", + "(NOVALUE)", + "arn:(PARTITION):iam::(ACCOUNT)/role/FakeRole'", + "(integ-customize-role/MyGroup/Resource.Arn)/*", + "(integ-customize-role/MyGroup/Resource.Arn)" + ] + } +] \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-iam/test/integ.customize-role.js.snapshot/integ-customize-role.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-iam/test/integ.customize-role.js.snapshot/integ-customize-role.assets.json new file mode 100644 index 0000000000000..ced77f405ca79 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-iam/test/integ.customize-role.js.snapshot/integ-customize-role.assets.json @@ -0,0 +1,19 @@ +{ + "version": "38.0.1", + "files": { + "99b010bd74243a5c7fc3fe4f0861127e62239193f1706349d5e1cc8bede9b752": { + "source": { + "path": "integ-customize-role.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "99b010bd74243a5c7fc3fe4f0861127e62239193f1706349d5e1cc8bede9b752.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-iam/test/integ.customize-role.js.snapshot/integ-customize-role.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-iam/test/integ.customize-role.js.snapshot/integ-customize-role.template.json new file mode 100644 index 0000000000000..19256abf8289c --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-iam/test/integ.customize-role.js.snapshot/integ-customize-role.template.json @@ -0,0 +1,41 @@ +{ + "Resources": { + "MyGroupCBA54B1B": { + "Type": "AWS::IAM::Group" + } + }, + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-iam/test/integ.customize-role.js.snapshot/integ.json b/packages/@aws-cdk-testing/framework-integ/test/aws-iam/test/integ.customize-role.js.snapshot/integ.json new file mode 100644 index 0000000000000..9268abe090edd --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-iam/test/integ.customize-role.js.snapshot/integ.json @@ -0,0 +1,12 @@ +{ + "version": "38.0.1", + "testCases": { + "integ-iam-customize-role/DefaultTest": { + "stacks": [ + "integ-customize-role" + ], + "assertionStack": "integ-iam-customize-role/DefaultTest/DeployAssert", + "assertionStackName": "integiamcustomizeroleDefaultTestDeployAssert811D838D" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-iam/test/integ.customize-role.js.snapshot/integiamcustomizeroleDefaultTestDeployAssert811D838D.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-iam/test/integ.customize-role.js.snapshot/integiamcustomizeroleDefaultTestDeployAssert811D838D.assets.json new file mode 100644 index 0000000000000..f200334e177fb --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-iam/test/integ.customize-role.js.snapshot/integiamcustomizeroleDefaultTestDeployAssert811D838D.assets.json @@ -0,0 +1,19 @@ +{ + "version": "38.0.1", + "files": { + "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { + "source": { + "path": "integiamcustomizeroleDefaultTestDeployAssert811D838D.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-iam/test/integ.customize-role.js.snapshot/integiamcustomizeroleDefaultTestDeployAssert811D838D.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-iam/test/integ.customize-role.js.snapshot/integiamcustomizeroleDefaultTestDeployAssert811D838D.template.json new file mode 100644 index 0000000000000..ad9d0fb73d1dd --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-iam/test/integ.customize-role.js.snapshot/integiamcustomizeroleDefaultTestDeployAssert811D838D.template.json @@ -0,0 +1,36 @@ +{ + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-iam/test/integ.customize-role.js.snapshot/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/aws-iam/test/integ.customize-role.js.snapshot/manifest.json new file mode 100644 index 0000000000000..c68843a263202 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-iam/test/integ.customize-role.js.snapshot/manifest.json @@ -0,0 +1,115 @@ +{ + "version": "38.0.1", + "artifacts": { + "integ-customize-role.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "integ-customize-role.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "integ-customize-role": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "integ-customize-role.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "notificationArns": [], + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/99b010bd74243a5c7fc3fe4f0861127e62239193f1706349d5e1cc8bede9b752.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "integ-customize-role.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "integ-customize-role.assets" + ], + "metadata": { + "/integ-customize-role/MyGroup/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "MyGroupCBA54B1B" + } + ], + "/integ-customize-role/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/integ-customize-role/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "integ-customize-role" + }, + "integiamcustomizeroleDefaultTestDeployAssert811D838D.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "integiamcustomizeroleDefaultTestDeployAssert811D838D.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "integiamcustomizeroleDefaultTestDeployAssert811D838D": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "integiamcustomizeroleDefaultTestDeployAssert811D838D.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "notificationArns": [], + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "integiamcustomizeroleDefaultTestDeployAssert811D838D.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "integiamcustomizeroleDefaultTestDeployAssert811D838D.assets" + ], + "metadata": { + "/integ-iam-customize-role/DefaultTest/DeployAssert/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/integ-iam-customize-role/DefaultTest/DeployAssert/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "integ-iam-customize-role/DefaultTest/DeployAssert" + }, + "Tree": { + "type": "cdk:tree", + "properties": { + "file": "tree.json" + } + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-iam/test/integ.customize-role.js.snapshot/tree.json b/packages/@aws-cdk-testing/framework-integ/test/aws-iam/test/integ.customize-role.js.snapshot/tree.json new file mode 100644 index 0000000000000..8ea986612ca8b --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-iam/test/integ.customize-role.js.snapshot/tree.json @@ -0,0 +1,157 @@ +{ + "version": "tree-0.1", + "tree": { + "id": "App", + "path": "", + "children": { + "integ-customize-role": { + "id": "integ-customize-role", + "path": "integ-customize-role", + "children": { + "MyGroup": { + "id": "MyGroup", + "path": "integ-customize-role/MyGroup", + "children": { + "Resource": { + "id": "Resource", + "path": "integ-customize-role/MyGroup/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Group", + "aws:cdk:cloudformation:props": {} + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnGroup", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Group", + "version": "0.0.0" + } + }, + "TestRole": { + "id": "TestRole", + "path": "integ-customize-role/TestRole", + "children": { + "ImportTestRole": { + "id": "ImportTestRole", + "path": "integ-customize-role/TestRole/ImportTestRole", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "PrecreatedRoleTestRole": { + "id": "PrecreatedRoleTestRole", + "path": "integ-customize-role/TestRole/PrecreatedRoleTestRole", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "0.0.0" + } + }, + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "integ-customize-role/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "integ-customize-role/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + }, + "PolicySynthesizer": { + "id": "PolicySynthesizer", + "path": "PolicySynthesizer", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "integ-iam-customize-role": { + "id": "integ-iam-customize-role", + "path": "integ-iam-customize-role", + "children": { + "DefaultTest": { + "id": "DefaultTest", + "path": "integ-iam-customize-role/DefaultTest", + "children": { + "Default": { + "id": "Default", + "path": "integ-iam-customize-role/DefaultTest/Default", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "DeployAssert": { + "id": "DeployAssert", + "path": "integ-iam-customize-role/DefaultTest/DeployAssert", + "children": { + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "integ-iam-customize-role/DefaultTest/DeployAssert/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "integ-iam-customize-role/DefaultTest/DeployAssert/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTestCase", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTest", + "version": "0.0.0" + } + }, + "Tree": { + "id": "Tree", + "path": "Tree", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.App", + "version": "0.0.0" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-iam/test/integ.customize-role.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-iam/test/integ.customize-role.ts new file mode 100644 index 0000000000000..f4de8a2668069 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-iam/test/integ.customize-role.ts @@ -0,0 +1,36 @@ +import { App, Fn, Stack } from 'aws-cdk-lib'; +import { IntegTest } from '@aws-cdk/integ-tests-alpha'; +import { Group, PolicyStatement, Role, ServicePrincipal } from 'aws-cdk-lib/aws-iam'; + +const app = new App(); + +const stack = new Stack(app, 'integ-customize-role'); + +Role.customizeRoles(stack, { + usePrecreatedRoles: { + 'integ-customize-role/TestRole': 'my-precreated-role', + }, +}); + +const group = new Group(stack, 'MyGroup'); + +const role = new Role(stack, 'TestRole', { + assumedBy: new ServicePrincipal('sqs.amazonaws.com'), +}); + +role.addToPolicy(new PolicyStatement({ + resources: [ + 'arn:aws:s3:::abc/xyz/123.txt', + Fn.ref('AWS::NoValue'), + `arn:${Fn.ref('AWS::Partition')}:iam::${Fn.ref('AWS::AccountId')}/role/FakeRole'`, + `${group.groupArn}/*`, + group.groupArn, + ], + actions: ['sqs:SendMessage'], +})); + +new IntegTest(app, 'integ-iam-customize-role', { + testCases: [stack], +}); + +app.synth();