feat(cloudfront): OAC + cache, origin request, response headers, continuous deployment policies#779
Merged
vieiralucas merged 3 commits intomainfrom Apr 26, 2026
Merged
Conversation
…inuous deployment policies - Origin Access Control: full CRUD + List with ETag/If-Match concurrency - Cache Policy: full CRUD + List with ?Type=managed|custom filter - Origin Request Policy: full CRUD + List - Response Headers Policy: full CRUD + List - Continuous Deployment Policy: full CRUD + List - AWS-managed cache, origin-request, response-headers policies pre-seeded by their well-known IDs and rejected for Update/Delete - 30 new operations (cloudfront 29 -> 59, total 2,077 -> 2,107) - 6 E2E tests + 30 conformance tests with Smithy checksums - README + website docs synced
Codecov Report❌ Patch coverage is 📢 Thoughts on this report? Let us know! |
![cubic-dev-ai[bot]](https://avatars.githubusercontent.com/in/1082092?s=60&v=4){kind=small}
There was a problem hiding this comment.
2 issues found across 10 files
Prompt for AI agents (unresolved issues)
Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.
<file name="crates/fakecloud-cloudfront/src/policies.rs">
<violation number="1" location="crates/fakecloud-cloudfront/src/policies.rs:603">
P2: Duplicate managed response-headers policy ID causes one seeded policy to overwrite another.</violation>
</file>
<file name="crates/fakecloud-cloudfront/src/policies_service.rs">
<violation number="1" location="crates/fakecloud-cloudfront/src/policies_service.rs:315">
P2: Update handlers miss the non-empty `Name` validation used by create handlers, so invalid policy names can be persisted via update.</violation>
</file>
Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.
- Managed-SimpleCORS had duplicate ID (5cc3b908) overwriting Managed-CORS-with-preflight in seeded map. Use AWS-correct ID 60669652-455b-4ae9-85a4-c4c02393f86c for SimpleCORS and e61eb60c-9c35-4d20-a928-2b84e02af89c for CORS-and-SecurityHeadersPolicy. - Add Name validation to all four policy Update handlers (OAC, Cache, OriginRequest, ResponseHeaders) so empty Name is rejected on update, matching Create handler behavior. - Add unit tests asserting managed policy IDs are unique + seeded count equals declared length, plus E2E regression test for empty-Name update rejection.
…ings Audit was already failing on PR #778 (16 missing tests across AssociateDistributionWebACL, CopyDistribution, CreateDistributionWithTags, DisassociateDistributionWebACL, and 12 ListDistributionsBy* variants). Pre-existing red CI surfaces here — not new with batch 2 — but per 'never merge red CI' policy, fix on the spot. - Add 16 conformance tests with Smithy checksums covering all the by-X listings + WebACL/Copy/WithTags ops. - Fix list_distributions_by response root mapping per AWS spec: cache/origin-request/response-headers/key-group/vpc-origin policy IDs return DistributionIdList; owned-resource returns DistributionIdOwnerList; trust-store/web-acl/anycast/connection-mode/ connection-function/realtime-log return DistributionList.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
?Type=managed|customfilterManaged-CachingOptimizedetc.) and rejectUpdate/DeletewithIllegalUpdate/IllegalDeleteTest plan
cargo test -p fakecloud-cloudfront— 16 unit tests passcargo test -p fakecloud-e2e --test cloudfront_policies— 6 E2E tests passFAKECLOUD_RUN_CONFORMANCE=1 cargo test -p fakecloud-conformance --test cloudfront_policies— 30 conformance tests passcargo clippy --workspace --all-targets -- -D warningscleancargo fmt --allcleanSummary by cubic
Adds CloudFront OAC and Cache/Origin Request/Response Headers/Continuous Deployment policies with full CRUD + List. Seeds AWS‑managed policies, enforces ETag/If-Match, fixes managed Response Headers policy IDs and by‑X ListDistributions response roots, validates Name on Update, and bumps CloudFront ops 29→59 (total 2,107).
Get*andGet*Configendpoints.Update/DeletereturnIllegalUpdate/IllegalDelete;ListCachePoliciessupports?Type=managed|custom.Written for commit b29585b. Summary will update on new commits.