fixed failing test

allen-moheimani-aws · allen-moheimani-aws · commit 8e66733182a4 · 2021-04-26T10:28:57.000-07:00
diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-secretsmanager/lib/index.ts b/source/patterns/@aws-solutions-constructs/aws-lambda-secretsmanager/lib/index.ts
@@ -144,7 +144,7 @@ export class LambdaToSecretsmanager extends Construct {
       // Enable read permissions for the Lambda function by default
       this.secret.grantRead(this.lambdaFunction);
 
-      if (props.grantWriteAccess) {
+      if (props.grantWriteAccess === 'ReadWrite') {
         this.secret.grantWrite(this.lambdaFunction);
       }
     }
diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-secretsmanager/test/__snapshots__/lambda-secretsmanager.test.js.snap b/source/patterns/@aws-solutions-constructs/aws-lambda-secretsmanager/test/__snapshots__/lambda-secretsmanager.test.js.snap
@@ -81,7 +81,6 @@ Object {
         },
         "Environment": Object {
           "Variables": Object {
-            "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1",
             "SECRET_NAME": Object {
               "Fn::Select": Array [
                 6,
@@ -301,7 +300,6 @@ Object {
         },
         "Environment": Object {
           "Variables": Object {
-            "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1",
             "SECRET_NAME": Object {
               "Fn::Select": Array [
                 6,
@@ -432,6 +430,16 @@ Object {
     },
     "lambdatosecretsmanagerstacksecretBA684E34": Object {
       "DeletionPolicy": "Retain",
+      "Metadata": Object {
+        "cfn_nag": Object {
+          "rules_to_suppress": Array [
+            Object {
+              "id": "W77",
+              "reason": "Secrets Manager Secret should explicitly specify KmsKeyId. Besides control of the key this will allow the secret to be shared cross-account",
+            },
+          ],
+        },
+      },
       "Properties": Object {
         "GenerateSecretString": Object {},
       },
diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-secretsmanager/test/lambda-secretsmanager.test.ts b/source/patterns/@aws-solutions-constructs/aws-lambda-secretsmanager/test/lambda-secretsmanager.test.ts
@@ -301,6 +301,9 @@ test('Test lambda function custom environment variable', () => {
       runtime: lambda.Runtime.NODEJS_14_X,
       handler: 'index.handler',
       code: lambda.Code.fromAsset(`${__dirname}/lambda`),
+      environment: {
+        AWS_NODEJS_CONNECTION_REUSE_ENABLED: '1',
+      }
     },
     secretEnvironmentVariableName: 'CUSTOM_SECRET_NAME'
   });

Original file line number	Diff line number	Diff line change
`@@ -144,7 +144,7 @@ export class LambdaToSecretsmanager extends Construct {`
`144`	`144`	`// Enable read permissions for the Lambda function by default`
`145`	`145`	`this.secret.grantRead(this.lambdaFunction);`
`146`	`146`
`147`		`- if (props.grantWriteAccess) {`
	`147`	`+ if (props.grantWriteAccess === 'ReadWrite') {`
`148`	`148`	`this.secret.grantWrite(this.lambdaFunction);`
`149`	`149`	`}`
`150`	`150`	`}`