@aws-cdk-testing/cli-integ
Version:
Integration tests for the AWS CDK CLI
88 lines (84 loc) • 10.3 kB
JavaScript
;
Object.defineProperty(exports, "__esModule", { value: true });
const fs = require("fs");
const path = require("path");
// import { CreateSecretCommand, DeleteSecretCommand } from '@aws-sdk/client-secrets-manager';
const client_sts_1 = require("@aws-sdk/client-sts");
const lib_1 = require("../../../lib");
(0, lib_1.integTest)('docker-credential-cdk-assets can assume role and fetch ECR credentials', (0, lib_1.withRetry)((0, lib_1.withDefaultFixture)(async (fixture) => {
const caller = await fixture.aws.sts.send(new client_sts_1.GetCallerIdentityCommand({}));
const roleArn = await fixture.aws.temporaryRole('ecr-repo-role', [
{
Action: 'sts:AssumeRole',
Effect: 'Allow',
Principal: { AWS: caller.Account },
},
], [
{
Effect: 'Allow',
Resource: '*',
Action: ['ecr:GetAuthorizationToken'],
},
]);
await fixture.aws.waitForAssumeRole(roleArn);
await testDockerCredential(fixture, {
ecrRepository: true,
// This role must have permissions to call `ecr:GetAuthorizationToken`
assumeRoleArn: roleArn,
});
})));
/*
// SKIPPED FOR NOW
// Requires SecretsManager permissions on the role that's executing this, and that's
// too much to set up right now.
integTest(
'docker-credential-cdk-assets read from SecretsManager',
withDefaultFixture(async (fixture) => {
const secret = await fixture.aws.secretsManager.send(new CreateSecretCommand({
Name: `our-secret-${fixture.randomString}`,
SecretString: JSON.stringify({
username: 'test-user',
password: 'test-password',
}),
}));
fixture.aws.addCleanup(() => fixture.aws.secretsManager.send(new DeleteSecretCommand({
SecretId: secret.ARN,
})));
await testDockerCredential(fixture, {
secretsManagerSecretId: secret.ARN,
secretsUsernameField: 'username',
secretsPasswordField: 'password',
});
}),
);
*/
async function testDockerCredential(fixture, credSource) {
const domain = 'integ.test.domain';
const credsFilePath = path.join(fixture.integTestDir, 'cdk-docker-creds.json');
fs.writeFileSync(credsFilePath, JSON.stringify({
version: '1.0',
domainCredentials: {
[domain]: credSource,
},
}));
const input = path.join(fixture.integTestDir, 'input.txt');
fs.writeFileSync(input, `${domain}\n`);
await fixture.cdkAssets.makeCliAvailable();
let output = '';
await (0, lib_1.retry)(process.stdout, 'Getting docker credentials', lib_1.retry.forSeconds(60), async () => {
output = await fixture.shell(['docker-credential-cdk-assets', 'get'], {
modEnv: {
...fixture.cdkShellEnv(),
CDK_DOCKER_CREDS_FILE: credsFilePath,
},
stdio: [fs.openSync(input, 'r')],
captureStderr: false,
});
});
const response = JSON.parse(output);
expect(response).toMatchObject({
Username: expect.anything(),
Secret: expect.anything(),
});
}
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiY2RrLWFzc2V0cy1kb2NrZXItY3JlZGVudGlhbC5pbnRlZ3Rlc3QuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyJjZGstYXNzZXRzLWRvY2tlci1jcmVkZW50aWFsLmludGVndGVzdC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOztBQUFBLHlCQUF5QjtBQUN6Qiw2QkFBNkI7QUFDN0IsOEZBQThGO0FBQzlGLG9EQUErRDtBQUkvRCxzQ0FBK0U7QUFFL0UsSUFBQSxlQUFTLEVBQ1Asd0VBQXdFLEVBQ3hFLElBQUEsZUFBUyxFQUFDLElBQUEsd0JBQWtCLEVBQUMsS0FBSyxFQUFFLE9BQU8sRUFBRSxFQUFFO0lBQzdDLE1BQU0sTUFBTSxHQUFHLE1BQU0sT0FBTyxDQUFDLEdBQUcsQ0FBQyxHQUFHLENBQUMsSUFBSSxDQUFDLElBQUkscUNBQXdCLENBQUMsRUFBRSxDQUFDLENBQUMsQ0FBQztJQUU1RSxNQUFNLE9BQU8sR0FBRyxNQUFNLE9BQU8sQ0FBQyxHQUFHLENBQUMsYUFBYSxDQUFDLGVBQWUsRUFBRTtRQUMvRDtZQUNFLE1BQU0sRUFBRSxnQkFBZ0I7WUFDeEIsTUFBTSxFQUFFLE9BQU87WUFDZixTQUFTLEVBQUUsRUFBRSxHQUFHLEVBQUUsTUFBTSxDQUFDLE9BQU8sRUFBRTtTQUNuQztLQUNGLEVBQUU7UUFDRDtZQUNFLE1BQU0sRUFBRSxPQUFPO1lBQ2YsUUFBUSxFQUFFLEdBQUc7WUFDYixNQUFNLEVBQUUsQ0FBQywyQkFBMkIsQ0FBQztTQUN0QztLQUNGLENBQUMsQ0FBQztJQUVILE1BQU0sT0FBTyxDQUFDLEdBQUcsQ0FBQyxpQkFBaUIsQ0FBQyxPQUFPLENBQUMsQ0FBQztJQUU3QyxNQUFNLG9CQUFvQixDQUFDLE9BQU8sRUFBRTtRQUNsQyxhQUFhLEVBQUUsSUFBSTtRQUNuQixzRUFBc0U7UUFDdEUsYUFBYSxFQUFFLE9BQU87S0FDdkIsQ0FBQyxDQUFDO0FBQ0wsQ0FBQyxDQUFDLENBQUMsQ0FDSixDQUFDO0FBRUY7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7RUE0QkU7QUFFRixLQUFLLFVBQVUsb0JBQW9CLENBQUMsT0FBb0IsRUFBRSxVQUF3QztJQUNoRyxNQUFNLE1BQU0sR0FBRyxtQkFBbUIsQ0FBQztJQUNuQyxNQUFNLGFBQWEsR0FBRyxJQUFJLENBQUMsSUFBSSxDQUFDLE9BQU8sQ0FBQyxZQUFZLEVBQUUsdUJBQXVCLENBQUMsQ0FBQztJQUUvRSxFQUFFLENBQUMsYUFBYSxDQUFDLGFBQWEsRUFBRSxJQUFJLENBQUMsU0FBUyxDQUFDO1FBQzdDLE9BQU8sRUFBRSxLQUFLO1FBQ2QsaUJBQWlCLEVBQUU7WUFDakIsQ0FBQyxNQUFNLENBQUMsRUFBRSxVQUFVO1NBQ3JCO0tBQ0YsQ0FBQyxDQUFDLENBQUM7SUFFSixNQUFNLEtBQUssR0FBRyxJQUFJLENBQUMsSUFBSSxDQUFDLE9BQU8sQ0FBQyxZQUFZLEVBQUUsV0FBVyxDQUFDLENBQUM7SUFDM0QsRUFBRSxDQUFDLGFBQWEsQ0FBQyxLQUFLLEVBQUUsR0FBRyxNQUFNLElBQUksQ0FBQyxDQUFDO0lBRXZDLE1BQU0sT0FBTyxDQUFDLFNBQVMsQ0FBQyxnQkFBZ0IsRUFBRSxDQUFDO0lBQzNDLElBQUksTUFBTSxHQUFXLEVBQUUsQ0FBQztJQUV4QixNQUFNLElBQUEsV0FBSyxFQUFDLE9BQU8sQ0FBQyxNQUFNLEVBQUUsNEJBQTRCLEVBQUUsV0FBSyxDQUFDLFVBQVUsQ0FBQyxFQUFFLENBQUMsRUFBRSxLQUFLLElBQUksRUFBRTtRQUN6RixNQUFNLEdBQUcsTUFBTSxPQUFPLENBQUMsS0FBSyxDQUFDLENBQUMsOEJBQThCLEVBQUUsS0FBSyxDQUFDLEVBQUU7WUFDcEUsTUFBTSxFQUFFO2dCQUNOLEdBQUcsT0FBTyxDQUFDLFdBQVcsRUFBRTtnQkFDeEIscUJBQXFCLEVBQUUsYUFBYTthQUNyQztZQUNELEtBQUssRUFBRSxDQUFDLEVBQUUsQ0FBQyxRQUFRLENBQUMsS0FBSyxFQUFFLEdBQUcsQ0FBQyxDQUFDO1lBQ2hDLGFBQWEsRUFBRSxLQUFLO1NBQ3JCLENBQUMsQ0FBQztJQUNMLENBQUMsQ0FBQyxDQUFDO0lBRUgsTUFBTSxRQUFRLEdBQUcsSUFBSSxDQUFDLEtBQUssQ0FBQyxNQUFNLENBQUMsQ0FBQztJQUNwQyxNQUFNLENBQUMsUUFBUSxDQUFDLENBQUMsYUFBYSxDQUFDO1FBQzdCLFFBQVEsRUFBRSxNQUFNLENBQUMsUUFBUSxFQUFFO1FBQzNCLE1BQU0sRUFBRSxNQUFNLENBQUMsUUFBUSxFQUFFO0tBQzFCLENBQUMsQ0FBQztBQUNMLENBQUMiLCJzb3VyY2VzQ29udGVudCI6WyJpbXBvcnQgKiBhcyBmcyBmcm9tICdmcyc7XG5pbXBvcnQgKiBhcyBwYXRoIGZyb20gJ3BhdGgnO1xuLy8gaW1wb3J0IHsgQ3JlYXRlU2VjcmV0Q29tbWFuZCwgRGVsZXRlU2VjcmV0Q29tbWFuZCB9IGZyb20gJ0Bhd3Mtc2RrL2NsaWVudC1zZWNyZXRzLW1hbmFnZXInO1xuaW1wb3J0IHsgR2V0Q2FsbGVySWRlbnRpdHlDb21tYW5kIH0gZnJvbSAnQGF3cy1zZGsvY2xpZW50LXN0cyc7XG4vLyBlc2xpbnQtZGlzYWJsZS1uZXh0LWxpbmUgaW1wb3J0L25vLXJlbGF0aXZlLXBhY2thZ2VzXG5pbXBvcnQgdHlwZSB7IERvY2tlckRvbWFpbkNyZWRlbnRpYWxTb3VyY2UgfSBmcm9tICcuLi8uLi8uLi8uLi8uLi9AYXdzLWNkay9jZGstYXNzZXRzLWxpYi9saWIvcHJpdmF0ZS9kb2NrZXItY3JlZGVudGlhbHMnO1xuaW1wb3J0IHR5cGUgeyBUZXN0Rml4dHVyZSB9IGZyb20gJy4uLy4uLy4uL2xpYic7XG5pbXBvcnQgeyBpbnRlZ1Rlc3QsIHdpdGhEZWZhdWx0Rml4dHVyZSwgd2l0aFJldHJ5LCByZXRyeSB9IGZyb20gJy4uLy4uLy4uL2xpYic7XG5cbmludGVnVGVzdChcbiAgJ2RvY2tlci1jcmVkZW50aWFsLWNkay1hc3NldHMgY2FuIGFzc3VtZSByb2xlIGFuZCBmZXRjaCBFQ1IgY3JlZGVudGlhbHMnLFxuICB3aXRoUmV0cnkod2l0aERlZmF1bHRGaXh0dXJlKGFzeW5jIChmaXh0dXJlKSA9PiB7XG4gICAgY29uc3QgY2FsbGVyID0gYXdhaXQgZml4dHVyZS5hd3Muc3RzLnNlbmQobmV3IEdldENhbGxlcklkZW50aXR5Q29tbWFuZCh7fSkpO1xuXG4gICAgY29uc3Qgcm9sZUFybiA9IGF3YWl0IGZpeHR1cmUuYXdzLnRlbXBvcmFyeVJvbGUoJ2Vjci1yZXBvLXJvbGUnLCBbXG4gICAgICB7XG4gICAgICAgIEFjdGlvbjogJ3N0czpBc3N1bWVSb2xlJyxcbiAgICAgICAgRWZmZWN0OiAnQWxsb3cnLFxuICAgICAgICBQcmluY2lwYWw6IHsgQVdTOiBjYWxsZXIuQWNjb3VudCB9LFxuICAgICAgfSxcbiAgICBdLCBbXG4gICAgICB7XG4gICAgICAgIEVmZmVjdDogJ0FsbG93JyxcbiAgICAgICAgUmVzb3VyY2U6ICcqJyxcbiAgICAgICAgQWN0aW9uOiBbJ2VjcjpHZXRBdXRob3JpemF0aW9uVG9rZW4nXSxcbiAgICAgIH0sXG4gICAgXSk7XG5cbiAgICBhd2FpdCBmaXh0dXJlLmF3cy53YWl0Rm9yQXNzdW1lUm9sZShyb2xlQXJuKTtcblxuICAgIGF3YWl0IHRlc3REb2NrZXJDcmVkZW50aWFsKGZpeHR1cmUsIHtcbiAgICAgIGVjclJlcG9zaXRvcnk6IHRydWUsXG4gICAgICAvLyBUaGlzIHJvbGUgbXVzdCBoYXZlIHBlcm1pc3Npb25zIHRvIGNhbGwgYGVjcjpHZXRBdXRob3JpemF0aW9uVG9rZW5gXG4gICAgICBhc3N1bWVSb2xlQXJuOiByb2xlQXJuLFxuICAgIH0pO1xuICB9KSksXG4pO1xuXG4vKlxuXG4vLyBTS0lQUEVEIEZPUiBOT1dcbi8vIFJlcXVpcmVzIFNlY3JldHNNYW5hZ2VyIHBlcm1pc3Npb25zIG9uIHRoZSByb2xlIHRoYXQncyBleGVjdXRpbmcgdGhpcywgYW5kIHRoYXQnc1xuLy8gdG9vIG11Y2ggdG8gc2V0IHVwIHJpZ2h0IG5vdy5cblxuaW50ZWdUZXN0KFxuICAnZG9ja2VyLWNyZWRlbnRpYWwtY2RrLWFzc2V0cyByZWFkIGZyb20gU2VjcmV0c01hbmFnZXInLFxuICB3aXRoRGVmYXVsdEZpeHR1cmUoYXN5bmMgKGZpeHR1cmUpID0+IHtcbiAgICBjb25zdCBzZWNyZXQgPSBhd2FpdCBmaXh0dXJlLmF3cy5zZWNyZXRzTWFuYWdlci5zZW5kKG5ldyBDcmVhdGVTZWNyZXRDb21tYW5kKHtcbiAgICAgIE5hbWU6IGBvdXItc2VjcmV0LSR7Zml4dHVyZS5yYW5kb21TdHJpbmd9YCxcbiAgICAgIFNlY3JldFN0cmluZzogSlNPTi5zdHJpbmdpZnkoe1xuICAgICAgICB1c2VybmFtZTogJ3Rlc3QtdXNlcicsXG4gICAgICAgIHBhc3N3b3JkOiAndGVzdC1wYXNzd29yZCcsXG4gICAgICB9KSxcbiAgICB9KSk7XG4gICAgZml4dHVyZS5hd3MuYWRkQ2xlYW51cCgoKSA9PiBmaXh0dXJlLmF3cy5zZWNyZXRzTWFuYWdlci5zZW5kKG5ldyBEZWxldGVTZWNyZXRDb21tYW5kKHtcbiAgICAgIFNlY3JldElkOiBzZWNyZXQuQVJOLFxuICAgIH0pKSk7XG5cbiAgICBhd2FpdCB0ZXN0RG9ja2VyQ3JlZGVudGlhbChmaXh0dXJlLCB7XG4gICAgICBzZWNyZXRzTWFuYWdlclNlY3JldElkOiBzZWNyZXQuQVJOLFxuICAgICAgc2VjcmV0c1VzZXJuYW1lRmllbGQ6ICd1c2VybmFtZScsXG4gICAgICBzZWNyZXRzUGFzc3dvcmRGaWVsZDogJ3Bhc3N3b3JkJyxcbiAgICB9KTtcbiAgfSksXG4pO1xuXG4qL1xuXG5hc3luYyBmdW5jdGlvbiB0ZXN0RG9ja2VyQ3JlZGVudGlhbChmaXh0dXJlOiBUZXN0Rml4dHVyZSwgY3JlZFNvdXJjZTogRG9ja2VyRG9tYWluQ3JlZGVudGlhbFNvdXJjZSkge1xuICBjb25zdCBkb21haW4gPSAnaW50ZWcudGVzdC5kb21haW4nO1xuICBjb25zdCBjcmVkc0ZpbGVQYXRoID0gcGF0aC5qb2luKGZpeHR1cmUuaW50ZWdUZXN0RGlyLCAnY2RrLWRvY2tlci1jcmVkcy5qc29uJyk7XG5cbiAgZnMud3JpdGVGaWxlU3luYyhjcmVkc0ZpbGVQYXRoLCBKU09OLnN0cmluZ2lmeSh7XG4gICAgdmVyc2lvbjogJzEuMCcsXG4gICAgZG9tYWluQ3JlZGVudGlhbHM6IHtcbiAgICAgIFtkb21haW5dOiBjcmVkU291cmNlLFxuICAgIH0sXG4gIH0pKTtcblxuICBjb25zdCBpbnB1dCA9IHBhdGguam9pbihmaXh0dXJlLmludGVnVGVzdERpciwgJ2lucHV0LnR4dCcpO1xuICBmcy53cml0ZUZpbGVTeW5jKGlucHV0LCBgJHtkb21haW59XFxuYCk7XG5cbiAgYXdhaXQgZml4dHVyZS5jZGtBc3NldHMubWFrZUNsaUF2YWlsYWJsZSgpO1xuICBsZXQgb3V0cHV0OiBzdHJpbmcgPSAnJztcblxuICBhd2FpdCByZXRyeShwcm9jZXNzLnN0ZG91dCwgJ0dldHRpbmcgZG9ja2VyIGNyZWRlbnRpYWxzJywgcmV0cnkuZm9yU2Vjb25kcyg2MCksIGFzeW5jICgpID0+IHtcbiAgICBvdXRwdXQgPSBhd2FpdCBmaXh0dXJlLnNoZWxsKFsnZG9ja2VyLWNyZWRlbnRpYWwtY2RrLWFzc2V0cycsICdnZXQnXSwge1xuICAgICAgbW9kRW52OiB7XG4gICAgICAgIC4uLmZpeHR1cmUuY2RrU2hlbGxFbnYoKSxcbiAgICAgICAgQ0RLX0RPQ0tFUl9DUkVEU19GSUxFOiBjcmVkc0ZpbGVQYXRoLFxuICAgICAgfSxcbiAgICAgIHN0ZGlvOiBbZnMub3BlblN5bmMoaW5wdXQsICdyJyldLFxuICAgICAgY2FwdHVyZVN0ZGVycjogZmFsc2UsXG4gICAgfSk7XG4gIH0pO1xuXG4gIGNvbnN0IHJlc3BvbnNlID0gSlNPTi5wYXJzZShvdXRwdXQpO1xuICBleHBlY3QocmVzcG9uc2UpLnRvTWF0Y2hPYmplY3Qoe1xuICAgIFVzZXJuYW1lOiBleHBlY3QuYW55dGhpbmcoKSxcbiAgICBTZWNyZXQ6IGV4cGVjdC5hbnl0aGluZygpLFxuICB9KTtcbn1cbiJdfQ==