From 196cfb8ec2b0ef5b122e968fa4554549f723d18a Mon Sep 17 00:00:00 2001 From: root Date: Tue, 24 Aug 2021 21:09:43 +0000 Subject: [PATCH] convert SQS fifo: false to fifo: undefined automatically --- .../integ.deployStandardQueue.expected.json | 371 ++++++++++++++++++ .../test/integ.deployStandardQueue.ts | 62 +++ .../aws-sns-sqs/test/sns-sqs.test.ts | 42 ++ .../core/lib/sqs-helper.ts | 3 +- 4 files changed, 477 insertions(+), 1 deletion(-) create mode 100644 source/patterns/@aws-solutions-constructs/aws-sns-sqs/test/integ.deployStandardQueue.expected.json create mode 100644 source/patterns/@aws-solutions-constructs/aws-sns-sqs/test/integ.deployStandardQueue.ts diff --git a/source/patterns/@aws-solutions-constructs/aws-sns-sqs/test/integ.deployStandardQueue.expected.json b/source/patterns/@aws-solutions-constructs/aws-sns-sqs/test/integ.deployStandardQueue.expected.json new file mode 100644 index 000000000..9f08da025 --- /dev/null +++ b/source/patterns/@aws-solutions-constructs/aws-sns-sqs/test/integ.deployStandardQueue.expected.json @@ -0,0 +1,371 @@ +{ + "Description": "Integration Test for aws-sns-sqs Standard Queue", + "Resources": { + "TestTopic339EC197": { + "Type": "AWS::SNS::Topic", + "Properties": { + "DisplayName": "Customer subscription topic", + "FifoTopic": false, + "KmsMasterKeyId": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":kms:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":alias/aws/sns" + ] + ] + }, + "TopicName": "testTopic" + } + }, + "ImportedEncryptionKeyBE10B2FC": { + "Type": "AWS::KMS::Key", + "Properties": { + "KeyPolicy": { + "Statement": [ + { + "Action": [ + "kms:Create*", + "kms:Describe*", + "kms:Enable*", + "kms:List*", + "kms:Put*", + "kms:Update*", + "kms:Revoke*", + "kms:Disable*", + "kms:Get*", + "kms:Delete*", + "kms:ScheduleKeyDeletion", + "kms:CancelKeyDeletion", + "kms:GenerateDataKey", + "kms:TagResource", + "kms:UntagResource" + ], + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" + ] + ] + } + }, + "Resource": "*" + }, + { + "Action": [ + "kms:Decrypt", + "kms:GenerateDataKey" + ], + "Effect": "Allow", + "Principal": { + "Service": "sns.amazonaws.com" + }, + "Resource": "*" + }, + { + "Action": [ + "kms:Decrypt", + "kms:GenerateDataKey*" + ], + "Effect": "Allow", + "Principal": { + "Service": "sns.amazonaws.com" + }, + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "EnableKeyRotation": true + }, + "UpdateReplacePolicy": "Retain", + "DeletionPolicy": "Retain" + }, + "ImportedDLQEncryptionKeyDE178CD5": { + "Type": "AWS::KMS::Key", + "Properties": { + "KeyPolicy": { + "Statement": [ + { + "Action": [ + "kms:Create*", + "kms:Describe*", + "kms:Enable*", + "kms:List*", + "kms:Put*", + "kms:Update*", + "kms:Revoke*", + "kms:Disable*", + "kms:Get*", + "kms:Delete*", + "kms:ScheduleKeyDeletion", + "kms:CancelKeyDeletion", + "kms:GenerateDataKey", + "kms:TagResource", + "kms:UntagResource" + ], + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" + ] + ] + } + }, + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "EnableKeyRotation": true + }, + "UpdateReplacePolicy": "Retain", + "DeletionPolicy": "Retain" + }, + "testsnssqsdeadLetterQueue8DACC0A1": { + "Type": "AWS::SQS::Queue", + "Properties": { + "KmsMasterKeyId": { + "Fn::GetAtt": [ + "ImportedDLQEncryptionKeyDE178CD5", + "Arn" + ] + } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "testsnssqsdeadLetterQueuePolicyAB8A9883": { + "Type": "AWS::SQS::QueuePolicy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "sqs:DeleteMessage", + "sqs:ReceiveMessage", + "sqs:SendMessage", + "sqs:GetQueueAttributes", + "sqs:RemovePermission", + "sqs:AddPermission", + "sqs:SetQueueAttributes" + ], + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" + ] + ] + } + }, + "Resource": { + "Fn::GetAtt": [ + "testsnssqsdeadLetterQueue8DACC0A1", + "Arn" + ] + }, + "Sid": "QueueOwnerOnlyAccess" + }, + { + "Action": "SQS:*", + "Condition": { + "Bool": { + "aws:SecureTransport": "false" + } + }, + "Effect": "Deny", + "Principal": { + "AWS": "*" + }, + "Resource": { + "Fn::GetAtt": [ + "testsnssqsdeadLetterQueue8DACC0A1", + "Arn" + ] + }, + "Sid": "HttpsOnly" + } + ], + "Version": "2012-10-17" + }, + "Queues": [ + { + "Ref": "testsnssqsdeadLetterQueue8DACC0A1" + } + ] + } + }, + "testsnssqsqueueB02504BF": { + "Type": "AWS::SQS::Queue", + "Properties": { + "KmsMasterKeyId": { + "Fn::GetAtt": [ + "ImportedEncryptionKeyBE10B2FC", + "Arn" + ] + }, + "RedrivePolicy": { + "deadLetterTargetArn": { + "Fn::GetAtt": [ + "testsnssqsdeadLetterQueue8DACC0A1", + "Arn" + ] + }, + "maxReceiveCount": 15 + } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "testsnssqsqueuePolicyE64464B6": { + "Type": "AWS::SQS::QueuePolicy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "sqs:DeleteMessage", + "sqs:ReceiveMessage", + "sqs:SendMessage", + "sqs:GetQueueAttributes", + "sqs:RemovePermission", + "sqs:AddPermission", + "sqs:SetQueueAttributes" + ], + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" + ] + ] + } + }, + "Resource": { + "Fn::GetAtt": [ + "testsnssqsqueueB02504BF", + "Arn" + ] + }, + "Sid": "QueueOwnerOnlyAccess" + }, + { + "Action": "SQS:*", + "Condition": { + "Bool": { + "aws:SecureTransport": "false" + } + }, + "Effect": "Deny", + "Principal": { + "AWS": "*" + }, + "Resource": { + "Fn::GetAtt": [ + "testsnssqsqueueB02504BF", + "Arn" + ] + }, + "Sid": "HttpsOnly" + }, + { + "Action": "sqs:SendMessage", + "Condition": { + "ArnEquals": { + "aws:SourceArn": { + "Ref": "TestTopic339EC197" + } + } + }, + "Effect": "Allow", + "Principal": { + "Service": "sns.amazonaws.com" + }, + "Resource": { + "Fn::GetAtt": [ + "testsnssqsqueueB02504BF", + "Arn" + ] + } + } + ], + "Version": "2012-10-17" + }, + "Queues": [ + { + "Ref": "testsnssqsqueueB02504BF" + } + ] + } + }, + "testsnssqsqueuedeployStandardQueueTestTopic883C28A0E3343345": { + "Type": "AWS::SNS::Subscription", + "Properties": { + "Protocol": "sqs", + "TopicArn": { + "Ref": "TestTopic339EC197" + }, + "Endpoint": { + "Fn::GetAtt": [ + "testsnssqsqueueB02504BF", + "Arn" + ] + } + } + } + } +} \ No newline at end of file diff --git a/source/patterns/@aws-solutions-constructs/aws-sns-sqs/test/integ.deployStandardQueue.ts b/source/patterns/@aws-solutions-constructs/aws-sns-sqs/test/integ.deployStandardQueue.ts new file mode 100644 index 000000000..2f53c2957 --- /dev/null +++ b/source/patterns/@aws-solutions-constructs/aws-sns-sqs/test/integ.deployStandardQueue.ts @@ -0,0 +1,62 @@ +/** + * Copyright 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance + * with the License. A copy of the License is located at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * or in the 'license' file accompanying this file. This file is distributed on an 'AS IS' BASIS, WITHOUT WARRANTIES + * OR CONDITIONS OF ANY KIND, express or implied. See the License for the specific language governing permissions + * and limitations under the License. + */ + +// Imports +import { App, Stack } from "@aws-cdk/core"; +import { SnsToSqs, SnsToSqsProps } from "../lib"; +import * as sqs from "@aws-cdk/aws-sqs"; +import * as sns from "@aws-cdk/aws-sns"; +import * as kms from '@aws-cdk/aws-kms'; +import { generateIntegStackName } from '@aws-solutions-constructs/core'; + +// Setup +const app = new App(); +const stack = new Stack(app, generateIntegStackName(__filename)); +stack.templateOptions.description = 'Integration Test for aws-sns-sqs Standard Queue'; + +// Definitions +const snsManagedKey = kms.Alias.fromAliasName(stack, 'sns-managed-key', 'alias/aws/sns'); + +const topic = new sns.Topic(stack, 'TestTopic', { + displayName: 'Customer subscription topic', + fifo: false, + topicName: 'testTopic', + masterKey: snsManagedKey +}); + +const encryptionKeyProps: kms.KeyProps = { + enableKeyRotation: true +}; + +const key = new kms.Key(stack, 'ImportedEncryptionKey', encryptionKeyProps); + +const deadLetterQueueKey = new kms.Key(stack, 'ImportedDLQEncryptionKey', encryptionKeyProps); + +const props: SnsToSqsProps = { + enableEncryptionWithCustomerManagedKey: true, + existingTopicObj: topic, + queueProps: { + fifo: false, + }, + deadLetterQueueProps: { + encryption: sqs.QueueEncryption.KMS, + fifo: false, + encryptionMasterKey: deadLetterQueueKey + }, + encryptionKey: key +}; + +new SnsToSqs(stack, 'test-sns-sqs', props); + +// Synth +app.synth(); diff --git a/source/patterns/@aws-solutions-constructs/aws-sns-sqs/test/sns-sqs.test.ts b/source/patterns/@aws-solutions-constructs/aws-sns-sqs/test/sns-sqs.test.ts index 23de15eec..af96b63cc 100644 --- a/source/patterns/@aws-solutions-constructs/aws-sns-sqs/test/sns-sqs.test.ts +++ b/source/patterns/@aws-solutions-constructs/aws-sns-sqs/test/sns-sqs.test.ts @@ -287,4 +287,46 @@ test('Pattern deployment w/ existing topic and FIFO queue', () => { maxReceiveCount: 15 } }); +}); + +// -------------------------------------------------------------- +// Pattern deployment with existing Topic and Standard queues +// -------------------------------------------------------------- +test('Pattern deployment w/ existing topic and Standard queue', () => { + // Initial Setup + const stack = new Stack(); + + const topic = new sns.Topic(stack, 'TestTopic', { + displayName: 'Customer subscription topic', + fifo: false, + topicName: 'customerTopic', + }); + + const props: SnsToSqsProps = { + enableEncryptionWithCustomerManagedKey: false, + existingTopicObj: topic, + queueProps: { + encryption: sqs.QueueEncryption.UNENCRYPTED, + fifo: false, + }, + deadLetterQueueProps: { + encryption: sqs.QueueEncryption.UNENCRYPTED, + fifo: false, + } + }; + + new SnsToSqs(stack, 'test-sns-sqs', props); + + // Assertion 1 + expect(stack).toHaveResource("AWS::SQS::Queue", { + RedrivePolicy: { + deadLetterTargetArn: { + "Fn::GetAtt": [ + "testsnssqsdeadLetterQueue8DACC0A1", + "Arn" + ] + }, + maxReceiveCount: 15 + } + }); }); \ No newline at end of file diff --git a/source/patterns/@aws-solutions-constructs/core/lib/sqs-helper.ts b/source/patterns/@aws-solutions-constructs/core/lib/sqs-helper.ts index 4e137b529..118ed7294 100644 --- a/source/patterns/@aws-solutions-constructs/core/lib/sqs-helper.ts +++ b/source/patterns/@aws-solutions-constructs/core/lib/sqs-helper.ts @@ -68,7 +68,8 @@ export function buildQueue(scope: cdk.Construct, id: string, props: BuildQueuePr let queueProps; if (props.queueProps) { // If property overrides have been provided, incorporate them and deploy - queueProps = overrideProps(defaults.DefaultQueueProps(), props.queueProps); + const checkFifo = props.queueProps.fifo ? true : undefined; + queueProps = overrideProps(defaults.DefaultQueueProps(), { ...props.queueProps, fifo: checkFifo }); } else { // If no property overrides, deploy using the default configuration queueProps = defaults.DefaultQueueProps();