Skip to content

Commit

Permalink
chore(aws-cloudtrail): fix broken integration tests (#19658)
Browse files Browse the repository at this point in the history 
Upgrades lambda runtime from NODEJS_10 (deprecated) to NODEJS_14. Also
enables autoDeleteObjects on the S3 buckets so that all the resources
are cleaned up.


----

### All Submissions:

* [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md)

### Adding new Unconventional Dependencies:

* [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md/#adding-new-unconventional-dependencies)

### New Features

* [x] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/master/INTEGRATION_TESTS.md)?
	* [x] Did you use `cdk-integ` to deploy the infrastructure and generate the snapshot (i.e. `cdk-integ` without `--dry-run`)?

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
  • Loading branch information
@corymhall
corymhall authored Apr 1, 2022
1 parent 9c1c09e commit 66eae6e
Show file tree
Hide file tree
Showing 4 changed files with 449 additions and 10 deletions.
253 changes: 250 additions & 3 deletions packages/@aws-cdk/aws-cloudtrail/test/integ.cloudtrail-supplied-bucket.lit.expected.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,9 +2,177 @@
"Resources": {
"Bucket83908E77": {
"Type": "AWS::S3::Bucket",
"Properties": {
"Tags": [
{
"Key": "aws-cdk:auto-delete-objects",
"Value": "true"
}
]
},
"UpdateReplacePolicy": "Delete",
"DeletionPolicy": "Delete"
},
"BucketPolicyE9A3008A": {
"Type": "AWS::S3::BucketPolicy",
"Properties": {
"Bucket": {
"Ref": "Bucket83908E77"
},
"PolicyDocument": {
"Statement": [
{
"Action": [
"s3:DeleteObject*",
"s3:GetBucket*",
"s3:List*"
],
"Effect": "Allow",
"Principal": {
"AWS": {
"Fn::GetAtt": [
"CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092",
"Arn"
]
}
},
"Resource": [
{
"Fn::GetAtt": [
"Bucket83908E77",
"Arn"
]
},
{
"Fn::Join": [
"",
[
{
"Fn::GetAtt": [
"Bucket83908E77",
"Arn"
]
},
"/*"
]
]
}
]
}
],
"Version": "2012-10-17"
}
}
},
"BucketAutoDeleteObjectsCustomResourceBAFD23C2": {
"Type": "Custom::S3AutoDeleteObjects",
"Properties": {
"ServiceToken": {
"Fn::GetAtt": [
"CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F",
"Arn"
]
},
"BucketName": {
"Ref": "Bucket83908E77"
}
},
"DependsOn": [
"BucketPolicyE9A3008A"
],
"UpdateReplacePolicy": "Delete",
"DeletionPolicy": "Delete"
},
"CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092": {
"Type": "AWS::IAM::Role",
"Properties": {
"AssumeRolePolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Principal": {
"Service": "lambda.amazonaws.com"
}
}
]
},
"ManagedPolicyArns": [
{
"Fn::Sub": "arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
}
]
}
},
"CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F": {
"Type": "AWS::Lambda::Function",
"Properties": {
"Code": {
"S3Bucket": {
"Ref": "AssetParametersbe270bbdebe0851c887569796e3997437cca54ce86893ed94788500448e92824S3Bucket09A62232"
},
"S3Key": {
"Fn::Join": [
"",
[
{
"Fn::Select": [
0,
{
"Fn::Split": [
"||",
{
"Ref": "AssetParametersbe270bbdebe0851c887569796e3997437cca54ce86893ed94788500448e92824S3VersionKeyA28118BE"
}
]
}
]
},
{
"Fn::Select": [
1,
{
"Fn::Split": [
"||",
{
"Ref": "AssetParametersbe270bbdebe0851c887569796e3997437cca54ce86893ed94788500448e92824S3VersionKeyA28118BE"
}
]
}
]
}
]
]
}
},
"Timeout": 900,
"MemorySize": 128,
"Handler": "__entrypoint__.handler",
"Role": {
"Fn::GetAtt": [
"CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092",
"Arn"
]
},
"Runtime": "nodejs12.x",
"Description": {
"Fn::Join": [
"",
[
"Lambda function for auto-deleting objects in ",
{
"Ref": "Bucket83908E77"
},
" S3 bucket."
]
]
}
},
"DependsOn": [
"CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092"
]
},
"LambdaFunctionServiceRoleC555A460": {
"Type": "AWS::IAM::Role",
"Properties": {
Expand Down Expand Up @@ -49,16 +217,24 @@
]
},
"Handler": "hello.handler",
"Runtime": "nodejs10.x"
"Runtime": "nodejs14.x"
},
"DependsOn": [
"LambdaFunctionServiceRoleC555A460"
]
},
"S3486F821D": {
"Type": "AWS::S3::Bucket",
"UpdateReplacePolicy": "Retain",
"DeletionPolicy": "Retain"
"Properties": {
"Tags": [
{
"Key": "aws-cdk:auto-delete-objects",
"Value": "true"
}
]
},
"UpdateReplacePolicy": "Delete",
"DeletionPolicy": "Delete"
},
"S3Policy2E4AA1D6": {
"Type": "AWS::S3::BucketPolicy",
Expand All @@ -68,6 +244,44 @@
},
"PolicyDocument": {
"Statement": [
{
"Action": [
"s3:DeleteObject*",
"s3:GetBucket*",
"s3:List*"
],
"Effect": "Allow",
"Principal": {
"AWS": {
"Fn::GetAtt": [
"CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092",
"Arn"
]
}
},
"Resource": [
{
"Fn::GetAtt": [
"S3486F821D",
"Arn"
]
},
{
"Fn::Join": [
"",
[
{
"Fn::GetAtt": [
"S3486F821D",
"Arn"
]
},
"/*"
]
]
}
]
},
{
"Action": "s3:GetBucketAcl",
"Effect": "Allow",
Expand Down Expand Up @@ -116,6 +330,25 @@
}
}
},
"S3AutoDeleteObjectsCustomResource5A4102C9": {
"Type": "Custom::S3AutoDeleteObjects",
"Properties": {
"ServiceToken": {
"Fn::GetAtt": [
"CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F",
"Arn"
]
},
"BucketName": {
"Ref": "S3486F821D"
}
},
"DependsOn": [
"S3Policy2E4AA1D6"
],
"UpdateReplacePolicy": "Delete",
"DeletionPolicy": "Delete"
},
"Trail022F0CF2": {
"Type": "AWS::CloudTrail::Trail",
"Properties": {
Expand Down Expand Up @@ -171,5 +404,19 @@
"S3Policy2E4AA1D6"
]
}
},
"Parameters": {
"AssetParametersbe270bbdebe0851c887569796e3997437cca54ce86893ed94788500448e92824S3Bucket09A62232": {
"Type": "String",
"Description": "S3 bucket for asset \"be270bbdebe0851c887569796e3997437cca54ce86893ed94788500448e92824\""
},
"AssetParametersbe270bbdebe0851c887569796e3997437cca54ce86893ed94788500448e92824S3VersionKeyA28118BE": {
"Type": "String",
"Description": "S3 key for asset version \"be270bbdebe0851c887569796e3997437cca54ce86893ed94788500448e92824\""
},
"AssetParametersbe270bbdebe0851c887569796e3997437cca54ce86893ed94788500448e92824ArtifactHash76F8FCF2": {
"Type": "String",
"Description": "Artifact hash for asset \"be270bbdebe0851c887569796e3997437cca54ce86893ed94788500448e92824\""
}
}
}
13 changes: 10 additions & 3 deletions packages/@aws-cdk/aws-cloudtrail/test/integ.cloudtrail-supplied-bucket.lit.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,17 +8,24 @@ import * as cloudtrail from '../lib';
const app = new cdk.App();
const stack = new cdk.Stack(app, 'integ-cloudtrail');

const bucket = new s3.Bucket(stack, 'Bucket', { removalPolicy: cdk.RemovalPolicy.DESTROY });
const bucket = new s3.Bucket(stack, 'Bucket', {
removalPolicy: cdk.RemovalPolicy.DESTROY,
autoDeleteObjects: true,
});
const lambdaFunction = new lambda.Function(stack, 'LambdaFunction', {
runtime: lambda.Runtime.NODEJS_10_X,
runtime: lambda.Runtime.NODEJS_14_X,
handler: 'hello.handler',
code: lambda.Code.fromInline('exports.handler = {}'),
});

// using exctecy the same code as inside the cloudtrail class to produce the supplied bucket and policy
const cloudTrailPrincipal = new iam.ServicePrincipal('cloudtrail.amazonaws.com');

const Trailbucket = new s3.Bucket(stack, 'S3', { encryption: s3.BucketEncryption.UNENCRYPTED });
const Trailbucket = new s3.Bucket(stack, 'S3', {
encryption: s3.BucketEncryption.UNENCRYPTED,
removalPolicy: cdk.RemovalPolicy.DESTROY,
autoDeleteObjects: true,
});

Trailbucket.addToResourcePolicy(new iam.PolicyStatement({
resources: [Trailbucket.bucketArn],
Expand Down
Loading

0 comments on commit 66eae6e

Please sign in to comment.