feat(aws-lambda-secretsmanager): unit test code review fixes.

danielmatuki · danielmatuki · commit 658710d0b62f · 2021-04-30T14:24:45.000-07:00
diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-secretsmanager/test/__snapshots__/lambda-secretsmanager.test.js.snap b/source/patterns/@aws-solutions-constructs/aws-lambda-secretsmanager/test/__snapshots__/lambda-secretsmanager.test.js.snap
@@ -1,225 +1,5 @@
 // Jest Snapshot v1, https://goo.gl/fbAQLP
 
-exports[`Test deployment w/ existing secret 1`] = `
-Object {
-  "Parameters": Object {
-    "AssetParameters0c3255e93ffe7a906c7422e9f0e9cc4c7fd86ee996ee3bb302e2f134b38463c8ArtifactHash8D9AD644": Object {
-      "Description": "Artifact hash for asset \\"0c3255e93ffe7a906c7422e9f0e9cc4c7fd86ee996ee3bb302e2f134b38463c8\\"",
-      "Type": "String",
-    },
-    "AssetParameters0c3255e93ffe7a906c7422e9f0e9cc4c7fd86ee996ee3bb302e2f134b38463c8S3Bucket9E1964CB": Object {
-      "Description": "S3 bucket for asset \\"0c3255e93ffe7a906c7422e9f0e9cc4c7fd86ee996ee3bb302e2f134b38463c8\\"",
-      "Type": "String",
-    },
-    "AssetParameters0c3255e93ffe7a906c7422e9f0e9cc4c7fd86ee996ee3bb302e2f134b38463c8S3VersionKey7153CEE7": Object {
-      "Description": "S3 key for asset version \\"0c3255e93ffe7a906c7422e9f0e9cc4c7fd86ee996ee3bb302e2f134b38463c8\\"",
-      "Type": "String",
-    },
-  },
-  "Resources": Object {
-    "lambdatosecretsmanagerstackLambdaFunction2BCCE9C9": Object {
-      "DependsOn": Array [
-        "lambdatosecretsmanagerstackLambdaFunctionServiceRoleDefaultPolicy8E30EE71",
-        "lambdatosecretsmanagerstackLambdaFunctionServiceRole035B2C55",
-      ],
-      "Metadata": Object {
-        "cfn_nag": Object {
-          "rules_to_suppress": Array [
-            Object {
-              "id": "W58",
-              "reason": "Lambda functions has the required permission to write CloudWatch Logs. It uses custom policy instead of arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole with tighter permissions.",
-            },
-            Object {
-              "id": "W89",
-              "reason": "This is not a rule for the general case, just for specific use cases/industries",
-            },
-            Object {
-              "id": "W92",
-              "reason": "Impossible for us to define the correct concurrency for clients",
-            },
-          ],
-        },
-      },
-      "Properties": Object {
-        "Code": Object {
-          "S3Bucket": Object {
-            "Ref": "AssetParameters0c3255e93ffe7a906c7422e9f0e9cc4c7fd86ee996ee3bb302e2f134b38463c8S3Bucket9E1964CB",
-          },
-          "S3Key": Object {
-            "Fn::Join": Array [
-              "",
-              Array [
-                Object {
-                  "Fn::Select": Array [
-                    0,
-                    Object {
-                      "Fn::Split": Array [
-                        "||",
-                        Object {
-                          "Ref": "AssetParameters0c3255e93ffe7a906c7422e9f0e9cc4c7fd86ee996ee3bb302e2f134b38463c8S3VersionKey7153CEE7",
-                        },
-                      ],
-                    },
-                  ],
-                },
-                Object {
-                  "Fn::Select": Array [
-                    1,
-                    Object {
-                      "Fn::Split": Array [
-                        "||",
-                        Object {
-                          "Ref": "AssetParameters0c3255e93ffe7a906c7422e9f0e9cc4c7fd86ee996ee3bb302e2f134b38463c8S3VersionKey7153CEE7",
-                        },
-                      ],
-                    },
-                  ],
-                },
-              ],
-            ],
-          },
-        },
-        "Environment": Object {
-          "Variables": Object {
-            "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1",
-            "SECRET_NAME": Object {
-              "Fn::Select": Array [
-                6,
-                Object {
-                  "Fn::Split": Array [
-                    ":",
-                    Object {
-                      "Ref": "secret4DA88516",
-                    },
-                  ],
-                },
-              ],
-            },
-          },
-        },
-        "Handler": "index.handler",
-        "Role": Object {
-          "Fn::GetAtt": Array [
-            "lambdatosecretsmanagerstackLambdaFunctionServiceRole035B2C55",
-            "Arn",
-          ],
-        },
-        "Runtime": "nodejs10.x",
-        "TracingConfig": Object {
-          "Mode": "Active",
-        },
-      },
-      "Type": "AWS::Lambda::Function",
-    },
-    "lambdatosecretsmanagerstackLambdaFunctionServiceRole035B2C55": Object {
-      "Properties": Object {
-        "AssumeRolePolicyDocument": Object {
-          "Statement": Array [
-            Object {
-              "Action": "sts:AssumeRole",
-              "Effect": "Allow",
-              "Principal": Object {
-                "Service": "lambda.amazonaws.com",
-              },
-            },
-          ],
-          "Version": "2012-10-17",
-        },
-        "Policies": Array [
-          Object {
-            "PolicyDocument": Object {
-              "Statement": Array [
-                Object {
-                  "Action": Array [
-                    "logs:CreateLogGroup",
-                    "logs:CreateLogStream",
-                    "logs:PutLogEvents",
-                  ],
-                  "Effect": "Allow",
-                  "Resource": Object {
-                    "Fn::Join": Array [
-                      "",
-                      Array [
-                        "arn:",
-                        Object {
-                          "Ref": "AWS::Partition",
-                        },
-                        ":logs:",
-                        Object {
-                          "Ref": "AWS::Region",
-                        },
-                        ":",
-                        Object {
-                          "Ref": "AWS::AccountId",
-                        },
-                        ":log-group:/aws/lambda/*",
-                      ],
-                    ],
-                  },
-                },
-              ],
-              "Version": "2012-10-17",
-            },
-            "PolicyName": "LambdaFunctionServiceRolePolicy",
-          },
-        ],
-      },
-      "Type": "AWS::IAM::Role",
-    },
-    "lambdatosecretsmanagerstackLambdaFunctionServiceRoleDefaultPolicy8E30EE71": Object {
-      "Metadata": Object {
-        "cfn_nag": Object {
-          "rules_to_suppress": Array [
-            Object {
-              "id": "W12",
-              "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.",
-            },
-          ],
-        },
-      },
-      "Properties": Object {
-        "PolicyDocument": Object {
-          "Statement": Array [
-            Object {
-              "Action": Array [
-                "xray:PutTraceSegments",
-                "xray:PutTelemetryRecords",
-              ],
-              "Effect": "Allow",
-              "Resource": "*",
-            },
-            Object {
-              "Action": Array [
-                "secretsmanager:GetSecretValue",
-                "secretsmanager:DescribeSecret",
-              ],
-              "Effect": "Allow",
-              "Resource": Object {
-                "Ref": "secret4DA88516",
-              },
-            },
-          ],
-          "Version": "2012-10-17",
-        },
-        "PolicyName": "lambdatosecretsmanagerstackLambdaFunctionServiceRoleDefaultPolicy8E30EE71",
-        "Roles": Array [
-          Object {
-            "Ref": "lambdatosecretsmanagerstackLambdaFunctionServiceRole035B2C55",
-          },
-        ],
-      },
-      "Type": "AWS::IAM::Policy",
-    },
-    "secret4DA88516": Object {
-      "Properties": Object {
-        "GenerateSecretString": Object {},
-      },
-      "Type": "AWS::SecretsManager::Secret",
-    },
-  },
-}
-`;
-
 exports[`Test minimal deployment with new Lambda function 1`] = `
 Object {
   "Parameters": Object {
diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-secretsmanager/test/lambda-secretsmanager.test.ts b/source/patterns/@aws-solutions-constructs/aws-lambda-secretsmanager/test/lambda-secretsmanager.test.ts
@@ -19,6 +19,7 @@ import * as ec2 from "@aws-cdk/aws-ec2";
 import { LambdaToSecretsmanager } from '../lib';
 import { SynthUtils } from '@aws-cdk/assert';
 import '@aws-cdk/assert/jest';
+import * as defaults from "@aws-solutions-constructs/core";
 
 // --------------------------------------------------------------
 // Test minimal deployment with new Lambda function
@@ -67,17 +68,68 @@ test('Test deployment w/ existing secret', () => {
   // Stack
   const stack = new Stack();
   // Helper declaration
-  const secret = new Secret(stack, 'secret', {});
-  new LambdaToSecretsmanager(stack, 'lambda-to-secretsmanager-stack', {
+  const existingSecret = new Secret(stack, 'secret', {});
+  const pattern = new LambdaToSecretsmanager(stack, 'lambda-to-secretsmanager-stack', {
     lambdaFunctionProps: {
       runtime: lambda.Runtime.NODEJS_10_X,
       handler: 'index.handler',
       code: lambda.Code.fromAsset(`${__dirname}/lambda`)
     },
-    existingSecretObj: secret
+    existingSecretObj: existingSecret
   });
   // Assertion 1
-  expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot();
+  expect(stack).toHaveResource("AWS::SecretsManager::Secret", {
+    GenerateSecretString: {},
+  });
+  // Assertion 2
+  expect(pattern.secret).toBe(existingSecret);
+});
+
+// --------------------------------------------------------------
+// Test deployment w/ existing function
+// --------------------------------------------------------------
+test('Test deployment w/ existing function', () => {
+  // Stack
+  const stack = new Stack();
+  // Helper declaration
+  const lambdaFunctionProps = {
+    runtime: lambda.Runtime.NODEJS_10_X,
+    handler: 'index.handler',
+    code: lambda.Code.fromAsset(`${__dirname}/lambda`)
+  };
+  const existingFuntion = defaults.deployLambdaFunction(stack, lambdaFunctionProps);
+
+  const pattern = new LambdaToSecretsmanager(stack, 'lambda-to-secretsmanager-stack', {
+    existingLambdaObj: existingFuntion
+  });
+  // Assertion 1
+  expect(stack).toHaveResource("AWS::SecretsManager::Secret", {
+    GenerateSecretString: {},
+  });
+  // Assertion 2
+  expect(pattern.lambdaFunction).toBe(existingFuntion);
+});
+
+// --------------------------------------------------------------
+// Test minimal deployment with write access to Secret
+// --------------------------------------------------------------
+test('Test minimal deployment write access to Secret', () => {
+  // Stack
+  const stack = new Stack();
+  // Helper declaration
+  new LambdaToSecretsmanager(stack, 'lambda-to-secretsmanager-stack', {
+    lambdaFunctionProps: {
+      runtime: lambda.Runtime.NODEJS_10_X,
+      handler: 'index.handler',
+      code: lambda.Code.fromAsset(`${__dirname}/lambda`),
+    },
+    grantWriteAccess: 'ReadWrite'
+  });
+  // Assertion 1
+  expect(stack).toHaveResource("AWS::SecretsManager::Secret", {
+    GenerateSecretString: {},
+  });
+
 });
 
 // --------------------------------------------------------------
