Skip to content

Commit

Permalink
update test script to match policy changes
Browse files Browse the repository at this point in the history
  • Loading branch information
Chris Park committed Apr 19, 2024
1 parent fcc53f9 commit cffa02f
Show file tree
Hide file tree
Showing 2 changed files with 10 additions and 35 deletions.
6 changes: 3 additions & 3 deletions packages/serverless-deploy-iam/bin/app.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -101,7 +101,7 @@ export class ServiceDeployIAM extends cdk.Stack {
actions: ["s3:ListAllMyBuckets"],
},
{
name: "CLOUD_WATCH",
name: "CLOUD_WATCH_LOGS",
prefix: `arn:aws:logs:${region}:${accountId}:log-group:`,
qualifiers: [
`/aws/lambda/${serviceName}*`,
Expand All @@ -114,7 +114,7 @@ export class ServiceDeployIAM extends cdk.Stack {
actions: ["logs:*"],
},
{
name: "CLOUD_WATCH",
name: "CLOUD_WATCH_LOGS",
resources: ["*"],
actions: ["logs:DeleteDataProtectionPolicy"],
},
Expand Down Expand Up @@ -611,7 +611,7 @@ export class ServiceDeployIAM extends cdk.Stack {
let delimiter = "/";
switch (serviceName) {
case "COGNITO":
case "CLOUD_WATCH":
case "CLOUD_WATCH_LOGS":
case "CLOUD_WATCH_ALARMS":
case "LAMBDA":
case "S3":
Expand Down
39 changes: 7 additions & 32 deletions packages/serverless-deploy-iam/test/deploy-role.test.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -55,18 +55,14 @@ describe("Deploy user policy", () => {
objectLike({
Action: [
"cloudformation:CreateStack",
"cloudformation:DescribeStacks",
"cloudformation:Describe*",
"cloudformation:List*",
"cloudformation:Get*",
"cloudformation:DeleteStack",
"cloudformation:DescribeStackEvents",
"cloudformation:UpdateStack",
"cloudformation:ExecuteChangeSet",
"cloudformation:CreateChangeSet",
"cloudformation:DeleteChangeSet",
"cloudformation:DescribeChangeSet",
"cloudformation:ListStackResources",
"cloudformation:DescribeStackResource",
"cloudformation:DescribeStackResources",
"cloudformation:GetTemplate",
],
Effect: "Allow",
Resource: [
Expand Down Expand Up @@ -148,7 +144,7 @@ describe("Deploy user policy", () => {
);
});

test("has correct CloudWatch permissions", () => {
test("has correct CloudWatch logs permissions", () => {
const app = new cdk.App();
const stack = new ServiceDeployIAM(app, "jest-deploy-iam");
expectCDK(stack).to(
Expand All @@ -157,22 +153,7 @@ describe("Deploy user policy", () => {
PolicyDocument: {
Statement: arrayWith(
objectLike({
Action: [
"logs:CreateLogGroup",
"logs:DescribeLogGroups",
"logs:DeleteLogGroup",
"logs:CreateLogStream",
"logs:DescribeLogStreams",
"logs:DeleteLogStream",
"logs:FilterLogEvents",
"logs:TagResource",
"logs:UntagResource",
"logs:DescribeMetricFilters",
"logs:PutMetricFilter",
"logs:ListTagsForResource",
"logs:PutDataProtectionPolicy",
"logs:UpdateDataProtectionPolicy",
],
Action: ["logs:*"],
Effect: "Allow",
Resource: [
{
Expand Down Expand Up @@ -278,17 +259,11 @@ describe("Deploy user policy", () => {
Statement: arrayWith(
objectLike({
Action: [
"cloudwatch:ListMetrics",
"cloudwatch:ListMetricStreams",
"cloudwatch:ListTagsForResource",
"cloudwatch:ListDashboards",
"cloudwatch:List*",
"cloudwatch:DescribeAlarms",
"cloudwatch:DeleteAlarms",
"cloudwatch:EnableAlarmActions",
"cloudwatch:PutMetricAlarm",
"cloudwatch:PutDashboard",
"cloudwatch:PutMetricData",
"cloudwatch:PutMetricStream",
"cloudwatch:Put*",
"cloudwatch:SetAlarmState",
"cloudwatch:TagResource",
"cloudwatch:StartMetricStreams",
Expand Down

0 comments on commit cffa02f

Please sign in to comment.