Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: fix api lambda migration test #1821

Merged
merged 1 commit into from
Aug 24, 2023
Merged

chore: fix api lambda migration test #1821

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
164 changes: 56 additions & 108 deletions ...ts/src/__tests__/migration_tests_v10/__snapshots__/api-rest-lambda.migration.test.ts.snap
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,127 +1,75 @@
// Jest Snapshot v1, https://goo.gl/fbAQLP

exports[`api lambda migration tests ...adds lambda with multiple rest APIs with v10 and pulls without drift in latest version 1`] = `
"Resources
[~] AWS::Lambda::Function UserPoolClientLambda
├─ [~] Code
│ └─ [~] .ZipFile:
│ ├─ [-] const response = require('cfn-response');
const aws = require('aws-sdk');
const identity = new aws.CognitoIdentityServiceProvider();
exports.handler = (event, context, callback) => {
if (event.RequestType == 'Delete') {
response.send(event, context, response.SUCCESS, {});
}
if (event.RequestType == 'Update' || event.RequestType == 'Create') {
const params = {
ClientId: event.ResourceProperties.clientId,
UserPoolId: event.ResourceProperties.userpoolId,
};
identity
.describeUserPoolClient(params)
.promise()
.then(res => {
response.send(event, context, response.SUCCESS, { appSecret: res.UserPoolClient.ClientSecret });
})
.catch(err => {
response.send(event, context, response.FAILED, { err });
});
}
};
"IAM Statement Changes
┌───┬─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┬────────┬────────────────────────────────────┬───────────────────────────┬───────────┐
│ │ Resource │ Effect │ Action │ Principal │ Condition │
├───┼─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┼────────┼────────────────────────────────────┼───────────────────────────┼───────────┤
│ - │ \${UserPool.Arn} │ Allow │ cognito-idp:DescribeUserPoolClient │ AWS:\${UserPoolClientRole} │ │
├───┼─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┼────────┼────────────────────────────────────┼───────────────────────────┼───────────┤
│ - │ {"Fn::Sub":["arn:aws:logs:\${region}:\${account}:log-group:/aws/lambda/\${lambda}:log-stream:*",{"region":"\${AWS::Region}","account":"\${AWS::AccountId}","lambda":"\${UserPoolClientLambda}"}]} │ Allow │ logs:CreateLogGroup │ AWS:\${UserPoolClientRole} │ │
│ │ │ │ logs:CreateLogStream │ │ │
│ │ │ │ logs:PutLogEvents │ │ │
└───┴─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┴────────┴────────────────────────────────────┴───────────────────────────┴───────────┘
(NOTE: There may be security-related changes not in this list. See https://github.com/aws/aws-cdk/issues/1299)

│ └─ [+] const response = require('cfn-response');
const aws = require('aws-sdk');
const identity = new aws.CognitoIdentityServiceProvider();
exports.handler = (event, context, callback) => {
if (event.RequestType == 'Delete') {
response.send(event, context, response.SUCCESS, {});
}
if (event.RequestType == 'Update' || event.RequestType == 'Create') {
const params = {
ClientId: event.ResourceProperties.clientId,
UserPoolId: event.ResourceProperties.userpoolId,
};
identity
.describeUserPoolClient(params)
.promise()
.then((res) => {
response.send(event, context, response.SUCCESS, { appSecret: res.UserPoolClient.ClientSecret });
})
.catch((err) => {
response.send(event, context, response.FAILED, { err });
});
}
};
Conditions
[-] Condition ShouldOutputAppClientSecrets: {"Fn::Equals":[{"Ref":"userpoolClientGenerateSecret"},true]}

└─ [~] Runtime
├─ [-] nodejs14.x
└─ [+] nodejs16.x
Resources
[-] AWS::Lambda::Function UserPoolClientLambda destroy
[-] AWS::IAM::Policy UserPoolClientLambdaPolicy destroy
[-] AWS::IAM::Policy UserPoolClientLogPolicy destroy
[-] Custom::LambdaCallout UserPoolClientInputs destroy
[~] AWS::IAM::Role UserPoolClientRole
└─ [-] DependsOn
└─ ["UserPoolClient"]
[~] AWS::Cognito::IdentityPool IdentityPool
└─ [-] DependsOn
└─ ["UserPoolClientInputs"]

Outputs
[-] Output AppClientSecret: {"Value":{"Fn::GetAtt":["UserPoolClientInputs","appSecret"]},"Condition":"ShouldOutputAppClientSecrets"}

"
`;

exports[`api lambda migration tests ...adds lambda with multiple rest APIs with v10 and pulls without drift in latest version 2`] = `
"Outputs
[+] Output LambdaExecutionRoleArn: {\\"Value\\":{\\"Fn::GetAtt\\":[\\"LambdaExecutionRole\\",\\"Arn\\"]}}
[+] Output LambdaExecutionRoleArn: {"Value":{"Fn::GetAtt":["LambdaExecutionRole","Arn"]}}

Outputs
[+] Output LambdaExecutionRoleArn: {\\"Value\\":{\\"Fn::GetAtt\\":[\\"LambdaExecutionRole\\",\\"Arn\\"]}}
[+] Output LambdaExecutionRoleArn: {"Value":{"Fn::GetAtt":["LambdaExecutionRole","Arn"]}}

Resources
[~] AWS::Lambda::Function UserPoolClientLambda
├─ [~] Code
│ └─ [~] .ZipFile:
│ ├─ [-] const response = require('cfn-response');
const aws = require('aws-sdk');
const identity = new aws.CognitoIdentityServiceProvider();
exports.handler = (event, context, callback) => {
if (event.RequestType == 'Delete') {
response.send(event, context, response.SUCCESS, {});
}
if (event.RequestType == 'Update' || event.RequestType == 'Create') {
const params = {
ClientId: event.ResourceProperties.clientId,
UserPoolId: event.ResourceProperties.userpoolId,
};
identity
.describeUserPoolClient(params)
.promise()
.then(res => {
response.send(event, context, response.SUCCESS, { appSecret: res.UserPoolClient.ClientSecret });
})
.catch(err => {
response.send(event, context, response.FAILED, { err });
});
}
};
IAM Statement Changes
┌───┬─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┬────────┬────────────────────────────────────┬───────────────────────────┬───────────┐
│ │ Resource │ Effect │ Action │ Principal │ Condition │
├───┼─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┼────────┼────────────────────────────────────┼───────────────────────────┼───────────┤
│ - │ \${UserPool.Arn} │ Allow │ cognito-idp:DescribeUserPoolClient │ AWS:\${UserPoolClientRole} │ │
├───┼─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┼────────┼────────────────────────────────────┼───────────────────────────┼───────────┤
│ - │ {"Fn::Sub":["arn:aws:logs:\${region}:\${account}:log-group:/aws/lambda/\${lambda}:log-stream:*",{"region":"\${AWS::Region}","account":"\${AWS::AccountId}","lambda":"\${UserPoolClientLambda}"}]} │ Allow │ logs:CreateLogGroup │ AWS:\${UserPoolClientRole} │ │
│ │ │ │ logs:CreateLogStream │ │ │
│ │ │ │ logs:PutLogEvents │ │ │
└───┴─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┴────────┴────────────────────────────────────┴───────────────────────────┴───────────┘
(NOTE: There may be security-related changes not in this list. See https://github.com/aws/aws-cdk/issues/1299)

│ └─ [+] const response = require('cfn-response');
const aws = require('aws-sdk');
const identity = new aws.CognitoIdentityServiceProvider();
exports.handler = (event, context, callback) => {
if (event.RequestType == 'Delete') {
response.send(event, context, response.SUCCESS, {});
}
if (event.RequestType == 'Update' || event.RequestType == 'Create') {
const params = {
ClientId: event.ResourceProperties.clientId,
UserPoolId: event.ResourceProperties.userpoolId,
};
identity
.describeUserPoolClient(params)
.promise()
.then((res) => {
response.send(event, context, response.SUCCESS, { appSecret: res.UserPoolClient.ClientSecret });
})
.catch((err) => {
response.send(event, context, response.FAILED, { err });
});
}
};
Conditions
[-] Condition ShouldOutputAppClientSecrets: {"Fn::Equals":[{"Ref":"userpoolClientGenerateSecret"},true]}

└─ [~] Runtime
├─ [-] nodejs14.x
└─ [+] nodejs16.x
Resources
[-] AWS::Lambda::Function UserPoolClientLambda destroy
[-] AWS::IAM::Policy UserPoolClientLambdaPolicy destroy
[-] AWS::IAM::Policy UserPoolClientLogPolicy destroy
[-] Custom::LambdaCallout UserPoolClientInputs destroy
[~] AWS::IAM::Role UserPoolClientRole
└─ [-] DependsOn
└─ ["UserPoolClient"]
[~] AWS::Cognito::IdentityPool IdentityPool
└─ [-] DependsOn
└─ ["UserPoolClientInputs"]

Outputs
[-] Output AppClientSecret: {"Value":{"Fn::GetAtt":["UserPoolClientInputs","appSecret"]},"Condition":"ShouldOutputAppClientSecrets"}

"
`;