From 0a86d828cccb81d6a765443b40c5d0769d3222ac Mon Sep 17 00:00:00 2001 From: Robert Kenny Date: Fri, 15 Sep 2023 14:58:37 +0100 Subject: [PATCH] update snapshots and associated ddb tests --- .../ecs/__snapshots__/ecs-task.test.ts.snap | 6 -- .../ec2-app/__snapshots__/base.test.ts.snap | 6 -- src/patterns/ec2-app/base.test.ts | 64 ++++++++++++------- 3 files changed, 41 insertions(+), 35 deletions(-) diff --git a/src/constructs/ecs/__snapshots__/ecs-task.test.ts.snap b/src/constructs/ecs/__snapshots__/ecs-task.test.ts.snap index 6c6bdecc71..058b979031 100644 --- a/src/constructs/ecs/__snapshots__/ecs-task.test.ts.snap +++ b/src/constructs/ecs/__snapshots__/ecs-task.test.ts.snap @@ -34,9 +34,6 @@ exports[`The GuEcsTask pattern should create the correct resources with lots of "ap-southeast-3": { "states": "states.ap-southeast-3.amazonaws.com", }, - "ap-southeast-4": { - "states": "states.ap-southeast-4.amazonaws.com", - }, "ca-central-1": { "states": "states.ca-central-1.amazonaws.com", }, @@ -70,9 +67,6 @@ exports[`The GuEcsTask pattern should create the correct resources with lots of "eu-west-3": { "states": "states.eu-west-3.amazonaws.com", }, - "il-central-1": { - "states": "states.il-central-1.amazonaws.com", - }, "me-central-1": { "states": "states.me-central-1.amazonaws.com", }, diff --git a/src/patterns/ec2-app/__snapshots__/base.test.ts.snap b/src/patterns/ec2-app/__snapshots__/base.test.ts.snap index 1866c44070..36090fe911 100644 --- a/src/patterns/ec2-app/__snapshots__/base.test.ts.snap +++ b/src/patterns/ec2-app/__snapshots__/base.test.ts.snap @@ -830,9 +830,6 @@ exports[`the GuEC2App pattern can produce a restricted EC2 app locked to specifi "Type": "AWS::EC2::SecurityGroupIngress", }, "teststackTESTtestguec2appAA7F41BE": { - "DependsOn": [ - "InstanceRoleTestguec2appC325BE42", - ], "Properties": { "LaunchTemplateData": { "IamInstanceProfile": { @@ -1672,9 +1669,6 @@ exports[`the GuEC2App pattern should produce a functional EC2 app with minimal a "Type": "AWS::EC2::SecurityGroupIngress", }, "teststackTESTtestguec2appAA7F41BE": { - "DependsOn": [ - "InstanceRoleTestguec2appC325BE42", - ], "Properties": { "LaunchTemplateData": { "IamInstanceProfile": { diff --git a/src/patterns/ec2-app/base.test.ts b/src/patterns/ec2-app/base.test.ts index ff8a61f094..65d6d9f729 100644 --- a/src/patterns/ec2-app/base.test.ts +++ b/src/patterns/ec2-app/base.test.ts @@ -311,9 +311,9 @@ describe("the GuEC2App pattern", function () { }, monitoringConfiguration: { noMonitoring: true }, userData: "", - }), + }) ).toThrowError( - "Restricted apps cannot be globally accessible. Adjust CIDR ranges (0.0.0.0/0, 1.2.3.4/32) or use Public.", + "Restricted apps cannot be globally accessible. Adjust CIDR ranges (0.0.0.0/0, 1.2.3.4/32) or use Public." ); }); @@ -335,9 +335,9 @@ describe("the GuEC2App pattern", function () { }, monitoringConfiguration: { noMonitoring: true }, userData: "", - }), + }) ).toThrowError( - "Internal apps should only be accessible on 10. ranges. Adjust CIDR ranges (93.1.2.3/12) or use Restricted.", + "Internal apps should only be accessible on 10. ranges. Adjust CIDR ranges (93.1.2.3/12) or use Restricted." ); }); @@ -406,22 +406,40 @@ describe("the GuEC2App pattern", function () { { Action: ["dynamodb:BatchWriteItem", "dynamodb:PutItem", "dynamodb:DeleteItem", "dynamodb:UpdateItem"], Effect: "Allow", - Resource: { - "Fn::Join": [ - "", - [ - "arn:aws:dynamodb:", - { - Ref: "AWS::Region", - }, - ":", - { - Ref: "AWS::AccountId", - }, - ":table/my-dynamo-table", + Resource: [ + { + "Fn::Join": [ + "", + [ + "arn:aws:dynamodb:", + { + Ref: "AWS::Region", + }, + ":", + { + Ref: "AWS::AccountId", + }, + ":table/my-dynamo-table", + ], ], - ], - }, + }, + { + "Fn::Join": [ + "", + [ + "arn:aws:dynamodb:", + { + Ref: "AWS::Region", + }, + ":", + { + Ref: "AWS::AccountId", + }, + ":table/my-dynamo-table/index/*", + ], + ], + }, + ], }, ], }, @@ -729,7 +747,7 @@ describe("the GuEC2App pattern", function () { }); }).toThrowError( "Application logging has been enabled (via the `applicationLogging` prop) but your `roleConfiguration` sets " + - "`withoutLogShipping` to true. Please turn off application logging or remove `withoutLogShipping`", + "`withoutLogShipping` to true. Please turn off application logging or remove `withoutLogShipping`" ); }); @@ -824,7 +842,7 @@ describe("the GuEC2App pattern", function () { domain, allowedGroups: [], }, - }), + }) ).toThrowError("googleAuth.allowedGroups cannot be empty!"); }); @@ -854,7 +872,7 @@ describe("the GuEC2App pattern", function () { domain, sessionTimeoutInMinutes: 61, }, - }), + }) ).toThrowError("googleAuth.sessionTimeoutInMinutes must be <= 60!"); }); @@ -884,7 +902,7 @@ describe("the GuEC2App pattern", function () { domain, allowedGroups: ["apple@guardian.co.uk", "engineering@theguardian.com"], }, - }), + }) ).toThrowError("googleAuth.allowedGroups must use the @guardian.co.uk domain."); }); });