-
Notifications
You must be signed in to change notification settings - Fork 3.7k
/
code-signing-config.test.ts
102 lines (91 loc) · 3.66 KB
/
code-signing-config.test.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
import '@aws-cdk/assert/jest';
import * as signer from '@aws-cdk/aws-signer';
import * as cdk from '@aws-cdk/core';
import * as lambda from '../lib';
let app: cdk.App;
let stack: cdk.Stack;
beforeEach( () => {
app = new cdk.App( {} );
stack = new cdk.Stack( app );
} );
describe('code signing config', () => {
test('default', () => {
const platform = signer.Platform.AWS_LAMBDA_SHA384_ECDSA;
const signingProfile = new signer.SigningProfile(stack, 'SigningProfile', { platform });
new lambda.CodeSigningConfig(stack, 'CodeSigningConfig', {
signingProfiles: [signingProfile],
});
expect(stack).toHaveResource('AWS::Lambda::CodeSigningConfig', {
AllowedPublishers: {
SigningProfileVersionArns: [{
'Fn::GetAtt': [
'SigningProfile2139A0F9',
'ProfileVersionArn',
],
}],
},
CodeSigningPolicies: {
UntrustedArtifactOnDeployment: 'Warn',
},
});
});
test('with multiple signing profiles', () => {
const signingProfile1 = new signer.SigningProfile(stack, 'SigningProfile1', { platform: signer.Platform.AWS_LAMBDA_SHA384_ECDSA });
const signingProfile2 = new signer.SigningProfile(stack, 'SigningProfile2', { platform: signer.Platform.AMAZON_FREE_RTOS_DEFAULT });
const signingProfile3 = new signer.SigningProfile(stack, 'SigningProfile3', { platform: signer.Platform.AWS_IOT_DEVICE_MANAGEMENT_SHA256_ECDSA });
new lambda.CodeSigningConfig(stack, 'CodeSigningConfig', {
signingProfiles: [signingProfile1, signingProfile2, signingProfile3],
});
expect(stack).toHaveResource('AWS::Lambda::CodeSigningConfig', {
AllowedPublishers: {
SigningProfileVersionArns: [
{
'Fn::GetAtt': [
'SigningProfile1D4191686',
'ProfileVersionArn',
],
},
{
'Fn::GetAtt': [
'SigningProfile2E013C934',
'ProfileVersionArn',
],
},
{
'Fn::GetAtt': [
'SigningProfile3A38DE231',
'ProfileVersionArn',
],
},
],
},
});
});
test('with description and with untrustedArtifactOnDeployment of "ENFORCE"', () => {
const platform = signer.Platform.AWS_LAMBDA_SHA384_ECDSA;
const signingProfile = new signer.SigningProfile(stack, 'SigningProfile', { platform });
new lambda.CodeSigningConfig(stack, 'CodeSigningConfig', {
signingProfiles: [signingProfile],
untrustedArtifactOnDeployment: lambda.UntrustedArtifactOnDeployment.ENFORCE,
description: 'test description',
});
expect(stack).toHaveResource('AWS::Lambda::CodeSigningConfig', {
CodeSigningPolicies: {
UntrustedArtifactOnDeployment: 'Enforce',
},
Description: 'test description',
});
});
test('import does not create any resources', () => {
const codeSigningConfigId = 'aaa-xxxxxxxxxx';
const codeSigningConfigArn = `arn:aws:lambda:::code-signing-config:${codeSigningConfigId}`;
const codeSigningConfig = lambda.CodeSigningConfig.fromCodeSigningConfigArn(stack, 'Imported', codeSigningConfigArn );
expect(codeSigningConfig.codeSigningConfigArn).toBe(codeSigningConfigArn);
expect(codeSigningConfig.codeSigningConfigId).toBe(codeSigningConfigId);
expect(stack).toCountResources('AWS::Lambda::CodeSigningConfig', 0);
});
test('fail import with malformed code signing config arn', () => {
const codeSigningConfigArn = 'arn:aws:lambda:::code-signing-config';
expect(() => lambda.CodeSigningConfig.fromCodeSigningConfigArn(stack, 'Imported', codeSigningConfigArn ) ).toThrow(/ARN must be in the format/);
});
});