-
Notifications
You must be signed in to change notification settings - Fork 3.7k
/
build-role-policy-statements.test.ts
54 lines (49 loc) · 1.53 KB
/
build-role-policy-statements.test.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
import { arrayWith, deepObjectLike } from '@aws-cdk/assert';
import '@aws-cdk/assert/jest';
import * as codepipeline from '@aws-cdk/aws-codepipeline';
import { PolicyStatement } from '@aws-cdk/aws-iam';
import { Stack } from '@aws-cdk/core';
import * as cdkp from '../lib';
import { PIPELINE_ENV, TestApp, TestGitHubNpmPipeline } from './testutil';
let app: TestApp;
let pipelineStack: Stack;
let sourceArtifact: codepipeline.Artifact;
let cloudAssemblyArtifact: codepipeline.Artifact;
beforeEach(() => {
app = new TestApp();
pipelineStack = new Stack(app, 'PipelineStackPolicy', { env: PIPELINE_ENV });
sourceArtifact = new codepipeline.Artifact();
cloudAssemblyArtifact = new codepipeline.Artifact('CloudAsm');
});
afterEach(() => {
app.cleanup();
});
test('Build project includes codeartifact policy statements for role', () => {
// WHEN
new TestGitHubNpmPipeline(pipelineStack, 'Cdk', {
sourceArtifact,
cloudAssemblyArtifact,
synthAction: cdkp.SimpleSynthAction.standardNpmSynth({
sourceArtifact,
cloudAssemblyArtifact,
rolePolicyStatements: [
new PolicyStatement({
actions: ['codeartifact:*', 'sts:GetServiceBearerToken'],
resources: ['arn:my:arn'],
}),
],
}),
});
// THEN
expect(pipelineStack).toHaveResourceLike('AWS::IAM::Policy', {
PolicyDocument: {
Statement: arrayWith(deepObjectLike({
Action: [
'codeartifact:*',
'sts:GetServiceBearerToken',
],
Resource: 'arn:my:arn',
})),
},
});
});