@aws-cdk-testing/cli-integ
Version:
Integration tests for the AWS CDK CLI
58 lines • 10.5 kB
JavaScript
;
Object.defineProperty(exports, "__esModule", { value: true });
const client_cloudformation_1 = require("@aws-sdk/client-cloudformation");
const client_iam_1 = require("@aws-sdk/client-iam");
const lib_1 = require("../../../lib");
const eventually_1 = require("../../../lib/eventually");
(0, lib_1.integTest)('can remove customPermissionsBoundary', (0, lib_1.withoutBootstrap)(async (fixture) => {
const bootstrapStackName = fixture.bootstrapStackName;
const policyName = `${bootstrapStackName}-pb`;
let policyArn;
try {
const policy = await fixture.aws.iam.send(new client_iam_1.CreatePolicyCommand({
PolicyName: policyName,
PolicyDocument: JSON.stringify({
Version: '2012-10-17',
Statement: {
Action: ['*'],
Resource: ['*'],
Effect: 'Allow',
},
}),
}));
policyArn = policy.Policy?.Arn;
// Policy creation and consistency across regions is "almost immediate"
// See: https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_eventual-consistency
// We will put this in an `eventually` block to retry stack creation with a reasonable timeout
const createStackWithPermissionBoundary = async () => {
await fixture.cdkBootstrapModern({
// toolkitStackName doesn't matter for this particular invocation
toolkitStackName: bootstrapStackName,
customPermissionsBoundary: policyName,
});
const response = await fixture.aws.cloudFormation.send(new client_cloudformation_1.DescribeStacksCommand({ StackName: bootstrapStackName }));
expect(response.Stacks?.[0].Parameters?.some(param => (param.ParameterKey === 'InputPermissionsBoundary' && param.ParameterValue === policyName))).toEqual(true);
};
await (0, eventually_1.default)(createStackWithPermissionBoundary, { maxAttempts: 3 });
await fixture.cdkBootstrapModern({
// toolkitStackName doesn't matter for this particular invocation
toolkitStackName: bootstrapStackName,
usePreviousParameters: false,
});
const response2 = await fixture.aws.cloudFormation.send(new client_cloudformation_1.DescribeStacksCommand({ StackName: bootstrapStackName }));
expect(response2.Stacks?.[0].Parameters?.some(param => (param.ParameterKey === 'InputPermissionsBoundary' && !param.ParameterValue))).toEqual(true);
const region = fixture.aws.region;
const account = await fixture.aws.account();
const role = await fixture.aws.iam.send(new client_iam_1.GetRoleCommand({ RoleName: `cdk-${fixture.qualifier}-cfn-exec-role-${account}-${region}` }));
if (!role.Role) {
throw new Error('Role not found');
}
expect(role.Role.PermissionsBoundary).toBeUndefined();
}
finally {
if (policyArn) {
await fixture.aws.iam.send(new client_iam_1.DeletePolicyCommand({ PolicyArn: policyArn }));
}
}
}));
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiY2RrLWJvb3RzdHJhcC1jYW4tcmVtb3ZlLWN1c3RvbXBlcm1pc3Npb25zYm91bmRhcnkuaW50ZWd0ZXN0LmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiY2RrLWJvb3RzdHJhcC1jYW4tcmVtb3ZlLWN1c3RvbXBlcm1pc3Npb25zYm91bmRhcnkuaW50ZWd0ZXN0LnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7O0FBQUEsMEVBQXVFO0FBQ3ZFLG9EQUErRjtBQUMvRixzQ0FBMkQ7QUFDM0Qsd0RBQWlEO0FBRWpELElBQUEsZUFBUyxFQUFDLHNDQUFzQyxFQUFFLElBQUEsc0JBQWdCLEVBQUMsS0FBSyxFQUFFLE9BQU8sRUFBRSxFQUFFO0lBQ25GLE1BQU0sa0JBQWtCLEdBQUcsT0FBTyxDQUFDLGtCQUFrQixDQUFDO0lBQ3RELE1BQU0sVUFBVSxHQUFHLEdBQUcsa0JBQWtCLEtBQUssQ0FBQztJQUM5QyxJQUFJLFNBQVMsQ0FBQztJQUNkLElBQUksQ0FBQztRQUNILE1BQU0sTUFBTSxHQUFHLE1BQU0sT0FBTyxDQUFDLEdBQUcsQ0FBQyxHQUFHLENBQUMsSUFBSSxDQUN2QyxJQUFJLGdDQUFtQixDQUFDO1lBQ3RCLFVBQVUsRUFBRSxVQUFVO1lBQ3RCLGNBQWMsRUFBRSxJQUFJLENBQUMsU0FBUyxDQUFDO2dCQUM3QixPQUFPLEVBQUUsWUFBWTtnQkFDckIsU0FBUyxFQUFFO29CQUNULE1BQU0sRUFBRSxDQUFDLEdBQUcsQ0FBQztvQkFDYixRQUFRLEVBQUUsQ0FBQyxHQUFHLENBQUM7b0JBQ2YsTUFBTSxFQUFFLE9BQU87aUJBQ2hCO2FBQ0YsQ0FBQztTQUNILENBQUMsQ0FDSCxDQUFDO1FBQ0YsU0FBUyxHQUFHLE1BQU0sQ0FBQyxNQUFNLEVBQUUsR0FBRyxDQUFDO1FBRS9CLHVFQUF1RTtRQUN2RSw0SEFBNEg7UUFDNUgsOEZBQThGO1FBQzlGLE1BQU0saUNBQWlDLEdBQUcsS0FBSyxJQUFtQixFQUFFO1lBQ2xFLE1BQU0sT0FBTyxDQUFDLGtCQUFrQixDQUFDO2dCQUMvQixpRUFBaUU7Z0JBQ2pFLGdCQUFnQixFQUFFLGtCQUFrQjtnQkFDcEMseUJBQXlCLEVBQUUsVUFBVTthQUN0QyxDQUFDLENBQUM7WUFFSCxNQUFNLFFBQVEsR0FBRyxNQUFNLE9BQU8sQ0FBQyxHQUFHLENBQUMsY0FBYyxDQUFDLElBQUksQ0FDcEQsSUFBSSw2Q0FBcUIsQ0FBQyxFQUFFLFNBQVMsRUFBRSxrQkFBa0IsRUFBRSxDQUFDLENBQzdELENBQUM7WUFDRixNQUFNLENBQ0osUUFBUSxDQUFDLE1BQU0sRUFBRSxDQUFDLENBQUMsQ0FBQyxDQUFDLFVBQVUsRUFBRSxJQUFJLENBQ25DLEtBQUssQ0FBQyxFQUFFLENBQUMsQ0FBQyxLQUFLLENBQUMsWUFBWSxLQUFLLDBCQUEwQixJQUFJLEtBQUssQ0FBQyxjQUFjLEtBQUssVUFBVSxDQUFDLENBQ3BHLENBQUMsQ0FBQyxPQUFPLENBQUMsSUFBSSxDQUFDLENBQUM7UUFDckIsQ0FBQyxDQUFDO1FBRUYsTUFBTSxJQUFBLG9CQUFVLEVBQUMsaUNBQWlDLEVBQUUsRUFBRSxXQUFXLEVBQUUsQ0FBQyxFQUFFLENBQUMsQ0FBQztRQUV4RSxNQUFNLE9BQU8sQ0FBQyxrQkFBa0IsQ0FBQztZQUMvQixpRUFBaUU7WUFDakUsZ0JBQWdCLEVBQUUsa0JBQWtCO1lBQ3BDLHFCQUFxQixFQUFFLEtBQUs7U0FDN0IsQ0FBQyxDQUFDO1FBQ0gsTUFBTSxTQUFTLEdBQUcsTUFBTSxPQUFPLENBQUMsR0FBRyxDQUFDLGNBQWMsQ0FBQyxJQUFJLENBQ3JELElBQUksNkNBQXFCLENBQUMsRUFBRSxTQUFTLEVBQUUsa0JBQWtCLEVBQUUsQ0FBQyxDQUM3RCxDQUFDO1FBQ0YsTUFBTSxDQUNKLFNBQVMsQ0FBQyxNQUFNLEVBQUUsQ0FBQyxDQUFDLENBQUMsQ0FBQyxVQUFVLEVBQUUsSUFBSSxDQUNwQyxLQUFLLENBQUMsRUFBRSxDQUFDLENBQUMsS0FBSyxDQUFDLFlBQVksS0FBSywwQkFBMEIsSUFBSSxDQUFDLEtBQUssQ0FBQyxjQUFjLENBQUMsQ0FDdEYsQ0FBQyxDQUFDLE9BQU8sQ0FBQyxJQUFJLENBQUMsQ0FBQztRQUVuQixNQUFNLE1BQU0sR0FBRyxPQUFPLENBQUMsR0FBRyxDQUFDLE1BQU0sQ0FBQztRQUNsQyxNQUFNLE9BQU8sR0FBRyxNQUFNLE9BQU8sQ0FBQyxHQUFHLENBQUMsT0FBTyxFQUFFLENBQUM7UUFDNUMsTUFBTSxJQUFJLEdBQUcsTUFBTSxPQUFPLENBQUMsR0FBRyxDQUFDLEdBQUcsQ0FBQyxJQUFJLENBQ3JDLElBQUksMkJBQWMsQ0FBQyxFQUFFLFFBQVEsRUFBRSxPQUFPLE9BQU8sQ0FBQyxTQUFTLGtCQUFrQixPQUFPLElBQUksTUFBTSxFQUFFLEVBQUUsQ0FBQyxDQUNoRyxDQUFDO1FBQ0YsSUFBSSxDQUFDLElBQUksQ0FBQyxJQUFJLEVBQUUsQ0FBQztZQUNmLE1BQU0sSUFBSSxLQUFLLENBQUMsZ0JBQWdCLENBQUMsQ0FBQztRQUNwQyxDQUFDO1FBQ0QsTUFBTSxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsbUJBQW1CLENBQUMsQ0FBQyxhQUFhLEVBQUUsQ0FBQztJQUN4RCxDQUFDO1lBQVMsQ0FBQztRQUNULElBQUksU0FBUyxFQUFFLENBQUM7WUFDZCxNQUFNLE9BQU8sQ0FBQyxHQUFHLENBQUMsR0FBRyxDQUFDLElBQUksQ0FBQyxJQUFJLGdDQUFtQixDQUFDLEVBQUUsU0FBUyxFQUFFLFNBQVMsRUFBRSxDQUFDLENBQUMsQ0FBQztRQUNoRixDQUFDO0lBQ0gsQ0FBQztBQUNILENBQUMsQ0FBQyxDQUFDLENBQUMiLCJzb3VyY2VzQ29udGVudCI6WyJpbXBvcnQgeyBEZXNjcmliZVN0YWNrc0NvbW1hbmQgfSBmcm9tICdAYXdzLXNkay9jbGllbnQtY2xvdWRmb3JtYXRpb24nO1xuaW1wb3J0IHsgQ3JlYXRlUG9saWN5Q29tbWFuZCwgRGVsZXRlUG9saWN5Q29tbWFuZCwgR2V0Um9sZUNvbW1hbmQgfSBmcm9tICdAYXdzLXNkay9jbGllbnQtaWFtJztcbmltcG9ydCB7IGludGVnVGVzdCwgd2l0aG91dEJvb3RzdHJhcCB9IGZyb20gJy4uLy4uLy4uL2xpYic7XG5pbXBvcnQgZXZlbnR1YWxseSBmcm9tICcuLi8uLi8uLi9saWIvZXZlbnR1YWxseSc7XG5cbmludGVnVGVzdCgnY2FuIHJlbW92ZSBjdXN0b21QZXJtaXNzaW9uc0JvdW5kYXJ5Jywgd2l0aG91dEJvb3RzdHJhcChhc3luYyAoZml4dHVyZSkgPT4ge1xuICBjb25zdCBib290c3RyYXBTdGFja05hbWUgPSBmaXh0dXJlLmJvb3RzdHJhcFN0YWNrTmFtZTtcbiAgY29uc3QgcG9saWN5TmFtZSA9IGAke2Jvb3RzdHJhcFN0YWNrTmFtZX0tcGJgO1xuICBsZXQgcG9saWN5QXJuO1xuICB0cnkge1xuICAgIGNvbnN0IHBvbGljeSA9IGF3YWl0IGZpeHR1cmUuYXdzLmlhbS5zZW5kKFxuICAgICAgbmV3IENyZWF0ZVBvbGljeUNvbW1hbmQoe1xuICAgICAgICBQb2xpY3lOYW1lOiBwb2xpY3lOYW1lLFxuICAgICAgICBQb2xpY3lEb2N1bWVudDogSlNPTi5zdHJpbmdpZnkoe1xuICAgICAgICAgIFZlcnNpb246ICcyMDEyLTEwLTE3JyxcbiAgICAgICAgICBTdGF0ZW1lbnQ6IHtcbiAgICAgICAgICAgIEFjdGlvbjogWycqJ10sXG4gICAgICAgICAgICBSZXNvdXJjZTogWycqJ10sXG4gICAgICAgICAgICBFZmZlY3Q6ICdBbGxvdycsXG4gICAgICAgICAgfSxcbiAgICAgICAgfSksXG4gICAgICB9KSxcbiAgICApO1xuICAgIHBvbGljeUFybiA9IHBvbGljeS5Qb2xpY3k/LkFybjtcblxuICAgIC8vIFBvbGljeSBjcmVhdGlvbiBhbmQgY29uc2lzdGVuY3kgYWNyb3NzIHJlZ2lvbnMgaXMgXCJhbG1vc3QgaW1tZWRpYXRlXCJcbiAgICAvLyBTZWU6IGh0dHBzOi8vZG9jcy5hd3MuYW1hem9uLmNvbS9JQU0vbGF0ZXN0L1VzZXJHdWlkZS90cm91Ymxlc2hvb3RfZ2VuZXJhbC5odG1sI3Ryb3VibGVzaG9vdF9nZW5lcmFsX2V2ZW50dWFsLWNvbnNpc3RlbmN5XG4gICAgLy8gV2Ugd2lsbCBwdXQgdGhpcyBpbiBhbiBgZXZlbnR1YWxseWAgYmxvY2sgdG8gcmV0cnkgc3RhY2sgY3JlYXRpb24gd2l0aCBhIHJlYXNvbmFibGUgdGltZW91dFxuICAgIGNvbnN0IGNyZWF0ZVN0YWNrV2l0aFBlcm1pc3Npb25Cb3VuZGFyeSA9IGFzeW5jICgpOiBQcm9taXNlPHZvaWQ+ID0+IHtcbiAgICAgIGF3YWl0IGZpeHR1cmUuY2RrQm9vdHN0cmFwTW9kZXJuKHtcbiAgICAgICAgLy8gdG9vbGtpdFN0YWNrTmFtZSBkb2Vzbid0IG1hdHRlciBmb3IgdGhpcyBwYXJ0aWN1bGFyIGludm9jYXRpb25cbiAgICAgICAgdG9vbGtpdFN0YWNrTmFtZTogYm9vdHN0cmFwU3RhY2tOYW1lLFxuICAgICAgICBjdXN0b21QZXJtaXNzaW9uc0JvdW5kYXJ5OiBwb2xpY3lOYW1lLFxuICAgICAgfSk7XG5cbiAgICAgIGNvbnN0IHJlc3BvbnNlID0gYXdhaXQgZml4dHVyZS5hd3MuY2xvdWRGb3JtYXRpb24uc2VuZChcbiAgICAgICAgbmV3IERlc2NyaWJlU3RhY2tzQ29tbWFuZCh7IFN0YWNrTmFtZTogYm9vdHN0cmFwU3RhY2tOYW1lIH0pLFxuICAgICAgKTtcbiAgICAgIGV4cGVjdChcbiAgICAgICAgcmVzcG9uc2UuU3RhY2tzPy5bMF0uUGFyYW1ldGVycz8uc29tZShcbiAgICAgICAgICBwYXJhbSA9PiAocGFyYW0uUGFyYW1ldGVyS2V5ID09PSAnSW5wdXRQZXJtaXNzaW9uc0JvdW5kYXJ5JyAmJiBwYXJhbS5QYXJhbWV0ZXJWYWx1ZSA9PT0gcG9saWN5TmFtZSksXG4gICAgICAgICkpLnRvRXF1YWwodHJ1ZSk7XG4gICAgfTtcblxuICAgIGF3YWl0IGV2ZW50dWFsbHkoY3JlYXRlU3RhY2tXaXRoUGVybWlzc2lvbkJvdW5kYXJ5LCB7IG1heEF0dGVtcHRzOiAzIH0pO1xuXG4gICAgYXdhaXQgZml4dHVyZS5jZGtCb290c3RyYXBNb2Rlcm4oe1xuICAgICAgLy8gdG9vbGtpdFN0YWNrTmFtZSBkb2Vzbid0IG1hdHRlciBmb3IgdGhpcyBwYXJ0aWN1bGFyIGludm9jYXRpb25cbiAgICAgIHRvb2xraXRTdGFja05hbWU6IGJvb3RzdHJhcFN0YWNrTmFtZSxcbiAgICAgIHVzZVByZXZpb3VzUGFyYW1ldGVyczogZmFsc2UsXG4gICAgfSk7XG4gICAgY29uc3QgcmVzcG9uc2UyID0gYXdhaXQgZml4dHVyZS5hd3MuY2xvdWRGb3JtYXRpb24uc2VuZChcbiAgICAgIG5ldyBEZXNjcmliZVN0YWNrc0NvbW1hbmQoeyBTdGFja05hbWU6IGJvb3RzdHJhcFN0YWNrTmFtZSB9KSxcbiAgICApO1xuICAgIGV4cGVjdChcbiAgICAgIHJlc3BvbnNlMi5TdGFja3M/LlswXS5QYXJhbWV0ZXJzPy5zb21lKFxuICAgICAgICBwYXJhbSA9PiAocGFyYW0uUGFyYW1ldGVyS2V5ID09PSAnSW5wdXRQZXJtaXNzaW9uc0JvdW5kYXJ5JyAmJiAhcGFyYW0uUGFyYW1ldGVyVmFsdWUpLFxuICAgICAgKSkudG9FcXVhbCh0cnVlKTtcblxuICAgIGNvbnN0IHJlZ2lvbiA9IGZpeHR1cmUuYXdzLnJlZ2lvbjtcbiAgICBjb25zdCBhY2NvdW50ID0gYXdhaXQgZml4dHVyZS5hd3MuYWNjb3VudCgpO1xuICAgIGNvbnN0IHJvbGUgPSBhd2FpdCBmaXh0dXJlLmF3cy5pYW0uc2VuZChcbiAgICAgIG5ldyBHZXRSb2xlQ29tbWFuZCh7IFJvbGVOYW1lOiBgY2RrLSR7Zml4dHVyZS5xdWFsaWZpZXJ9LWNmbi1leGVjLXJvbGUtJHthY2NvdW50fS0ke3JlZ2lvbn1gIH0pLFxuICAgICk7XG4gICAgaWYgKCFyb2xlLlJvbGUpIHtcbiAgICAgIHRocm93IG5ldyBFcnJvcignUm9sZSBub3QgZm91bmQnKTtcbiAgICB9XG4gICAgZXhwZWN0KHJvbGUuUm9sZS5QZXJtaXNzaW9uc0JvdW5kYXJ5KS50b0JlVW5kZWZpbmVkKCk7XG4gIH0gZmluYWxseSB7XG4gICAgaWYgKHBvbGljeUFybikge1xuICAgICAgYXdhaXQgZml4dHVyZS5hd3MuaWFtLnNlbmQobmV3IERlbGV0ZVBvbGljeUNvbW1hbmQoeyBQb2xpY3lBcm46IHBvbGljeUFybiB9KSk7XG4gICAgfVxuICB9XG59KSk7XG5cbiJdfQ==