From b7ac6a303a85a306d375b4ef55a375e4aac45ab6 Mon Sep 17 00:00:00 2001 From: Roshane Pascual Date: Fri, 27 Sep 2024 09:32:51 -0700 Subject: [PATCH] update e2e test for storage access outputs (#2063) * update backend output test for storage access outputs * move assertion to post deployment --- .changeset/healthy-planes-live.md | 2 ++ .../src/test-e2e/backend_output.test.ts | 6 ++++- .../data_storage_auth_with_triggers.ts | 26 +++++++++++++++++++ .../amplify/auth/resource.ts | 1 + .../amplify/storage/resource.ts | 8 ++++++ 5 files changed, 42 insertions(+), 1 deletion(-) create mode 100644 .changeset/healthy-planes-live.md diff --git a/.changeset/healthy-planes-live.md b/.changeset/healthy-planes-live.md new file mode 100644 index 0000000000..a845151cc8 --- /dev/null +++ b/.changeset/healthy-planes-live.md @@ -0,0 +1,2 @@ +--- +--- diff --git a/packages/integration-tests/src/test-e2e/backend_output.test.ts b/packages/integration-tests/src/test-e2e/backend_output.test.ts index 88397deba4..50c4715686 100644 --- a/packages/integration-tests/src/test-e2e/backend_output.test.ts +++ b/packages/integration-tests/src/test-e2e/backend_output.test.ts @@ -24,6 +24,11 @@ import { DataStorageAuthWithTriggerTestProjectCreator } from '../test-project-se import { SQSClient } from '@aws-sdk/client-sqs'; import { setupDeployedBackendClient } from '../test-project-setup/setup_deployed_backend_client.js'; +/** + * This E2E test is to check whether current (aka latest) repository content introduces breaking changes + * for our deployed backend client to read outputs. + */ + // Different root test dir to avoid race conditions with e2e deployment tests const rootTestDir = fileURLToPath( new URL('../e2e-outputs-tests', import.meta.url) @@ -83,7 +88,6 @@ void describe( await testProject.deploy(branchBackendIdentifier, sharedSecretsEnv); await testProject.assertPostDeployment(branchBackendIdentifier); - await testProject.assertDeployedClientOutputs(branchBackendIdentifier); }); } diff --git a/packages/integration-tests/src/test-project-setup/data_storage_auth_with_triggers.ts b/packages/integration-tests/src/test-project-setup/data_storage_auth_with_triggers.ts index 813e528468..09520c2a4e 100644 --- a/packages/integration-tests/src/test-project-setup/data_storage_auth_with_triggers.ts +++ b/packages/integration-tests/src/test-project-setup/data_storage_auth_with_triggers.ts @@ -23,6 +23,7 @@ import { SQSClient, } from '@aws-sdk/client-sqs'; import { e2eToolingClientConfig } from '../e2e_tooling_client_config.js'; +import isMatch from 'lodash.ismatch'; /** * Creates test projects with data, storage, and auth categories. @@ -298,6 +299,31 @@ class DataStorageAuthWithTriggerTestProject extends TestProjectBase { ); assert.ok(fileContent.includes('newKey: string;')); // Env var added via addEnvironment assert.ok(fileContent.includes('TEST_SECRET: string;')); // Env var added via defineFunction + + // assert storage access paths are correct in stack outputs + const outputsObject = JSON.parse( + await fs.readFile( + path.join(this.projectDirPath, 'amplify_outputs.json'), + 'utf-8' + ) + ); + assert.ok( + isMatch(outputsObject.storage.buckets[0].paths, { + 'public/*': { + guest: ['get', 'list'], + authenticated: ['get', 'list', 'write'], + groupsAdmins: ['get', 'list', 'write', 'delete'], + }, + 'protected/*': { + authenticated: ['get', 'list'], + groupsAdmins: ['get', 'list', 'write', 'delete'], + }, + 'protected/${cognito-identity.amazonaws.com:sub}/*': { + // eslint-disable-next-line spellcheck/spell-checker + entityidentity: ['get', 'list', 'write', 'delete'], + }, + }) + ); } private getUpdateReplacementDefinition = (suffix: string) => ({ diff --git a/packages/integration-tests/src/test-projects/data-storage-auth-with-triggers-ts/amplify/auth/resource.ts b/packages/integration-tests/src/test-projects/data-storage-auth-with-triggers-ts/amplify/auth/resource.ts index e5ff3baa41..097a822ddb 100644 --- a/packages/integration-tests/src/test-projects/data-storage-auth-with-triggers-ts/amplify/auth/resource.ts +++ b/packages/integration-tests/src/test-projects/data-storage-auth-with-triggers-ts/amplify/auth/resource.ts @@ -24,4 +24,5 @@ export const auth = defineAuth({ triggers: { postConfirmation: defaultNodeFunc, }, + groups: ['Admins'], }); diff --git a/packages/integration-tests/src/test-projects/data-storage-auth-with-triggers-ts/amplify/storage/resource.ts b/packages/integration-tests/src/test-projects/data-storage-auth-with-triggers-ts/amplify/storage/resource.ts index cfd30953e2..3af6c5fecf 100644 --- a/packages/integration-tests/src/test-projects/data-storage-auth-with-triggers-ts/amplify/storage/resource.ts +++ b/packages/integration-tests/src/test-projects/data-storage-auth-with-triggers-ts/amplify/storage/resource.ts @@ -16,6 +16,14 @@ export const storage = defineStorage({ 'public/*': [ allow.resource(defaultNodeFunc).to(['read', 'write']), allow.resource(node16Func).to(['read', 'write']), + allow.guest.to(['read']), + allow.authenticated.to(['read', 'write']), + allow.groups(['Admins']).to(['read', 'write', 'delete']), + ], + 'protected/{entity_id}/*': [ + allow.authenticated.to(['read']), + allow.entity('identity').to(['read', 'write', 'delete']), + allow.groups(['Admins']).to(['read', 'write', 'delete']), ], }), });