From 65c661b75e1aaee6da2bc78bc16c6b7fcd46b64d Mon Sep 17 00:00:00 2001 From: Roshane Pascual Date: Thu, 26 Sep 2024 15:04:02 -0700 Subject: [PATCH 1/2] update backend output test for storage access outputs --- .changeset/healthy-planes-live.md | 2 ++ .../src/test-e2e/backend_output.test.ts | 29 +++++++++++++++++++ .../amplify/auth/resource.ts | 1 + .../amplify/storage/resource.ts | 8 +++++ 4 files changed, 40 insertions(+) create mode 100644 .changeset/healthy-planes-live.md diff --git a/.changeset/healthy-planes-live.md b/.changeset/healthy-planes-live.md new file mode 100644 index 0000000000..a845151cc8 --- /dev/null +++ b/.changeset/healthy-planes-live.md @@ -0,0 +1,2 @@ +--- +--- diff --git a/packages/integration-tests/src/test-e2e/backend_output.test.ts b/packages/integration-tests/src/test-e2e/backend_output.test.ts index 88397deba4..a1f20b88c3 100644 --- a/packages/integration-tests/src/test-e2e/backend_output.test.ts +++ b/packages/integration-tests/src/test-e2e/backend_output.test.ts @@ -23,6 +23,10 @@ import { DeployedResourcesFinder } from '../find_deployed_resource.js'; import { DataStorageAuthWithTriggerTestProjectCreator } from '../test-project-setup/data_storage_auth_with_triggers.js'; import { SQSClient } from '@aws-sdk/client-sqs'; import { setupDeployedBackendClient } from '../test-project-setup/setup_deployed_backend_client.js'; +import fsp from 'fs/promises'; +import path from 'path'; +import assert from 'node:assert'; +import isMatch from 'lodash.ismatch'; // Different root test dir to avoid race conditions with e2e deployment tests const rootTestDir = fileURLToPath( @@ -84,6 +88,31 @@ void describe( await testProject.deploy(branchBackendIdentifier, sharedSecretsEnv); await testProject.assertPostDeployment(branchBackendIdentifier); + // assert storage access paths are correct in stack outputs + const outputsObject = JSON.parse( + await fsp.readFile( + path.join(testProject.projectDirPath, 'amplify_outputs.json'), + 'utf-8' + ) + ); + assert.ok( + isMatch(outputsObject.storage.buckets[0].paths, { + 'public/*': { + guest: ['get', 'list'], + authenticated: ['get', 'list', 'write'], + groupsAdmins: ['get', 'list', 'write', 'delete'], + }, + 'protected/*': { + authenticated: ['get', 'list'], + groupsAdmins: ['get', 'list', 'write', 'delete'], + }, + 'protected/${cognito-identity.amazonaws.com:sub}/*': { + // eslint-disable-next-line spellcheck/spell-checker + entityidentity: ['get', 'list', 'write', 'delete'], + }, + }) + ); + await testProject.assertDeployedClientOutputs(branchBackendIdentifier); }); } diff --git a/packages/integration-tests/src/test-projects/data-storage-auth-with-triggers-ts/amplify/auth/resource.ts b/packages/integration-tests/src/test-projects/data-storage-auth-with-triggers-ts/amplify/auth/resource.ts index e5ff3baa41..097a822ddb 100644 --- a/packages/integration-tests/src/test-projects/data-storage-auth-with-triggers-ts/amplify/auth/resource.ts +++ b/packages/integration-tests/src/test-projects/data-storage-auth-with-triggers-ts/amplify/auth/resource.ts @@ -24,4 +24,5 @@ export const auth = defineAuth({ triggers: { postConfirmation: defaultNodeFunc, }, + groups: ['Admins'], }); diff --git a/packages/integration-tests/src/test-projects/data-storage-auth-with-triggers-ts/amplify/storage/resource.ts b/packages/integration-tests/src/test-projects/data-storage-auth-with-triggers-ts/amplify/storage/resource.ts index cfd30953e2..3af6c5fecf 100644 --- a/packages/integration-tests/src/test-projects/data-storage-auth-with-triggers-ts/amplify/storage/resource.ts +++ b/packages/integration-tests/src/test-projects/data-storage-auth-with-triggers-ts/amplify/storage/resource.ts @@ -16,6 +16,14 @@ export const storage = defineStorage({ 'public/*': [ allow.resource(defaultNodeFunc).to(['read', 'write']), allow.resource(node16Func).to(['read', 'write']), + allow.guest.to(['read']), + allow.authenticated.to(['read', 'write']), + allow.groups(['Admins']).to(['read', 'write', 'delete']), + ], + 'protected/{entity_id}/*': [ + allow.authenticated.to(['read']), + allow.entity('identity').to(['read', 'write', 'delete']), + allow.groups(['Admins']).to(['read', 'write', 'delete']), ], }), }); From 891a1af28ee75c7f3e457062921160a14a2a335e Mon Sep 17 00:00:00 2001 From: Roshane Pascual Date: Thu, 26 Sep 2024 16:51:35 -0700 Subject: [PATCH 2/2] move assertion to post deployment --- .../src/test-e2e/backend_output.test.ts | 35 +++---------------- .../data_storage_auth_with_triggers.ts | 26 ++++++++++++++ 2 files changed, 31 insertions(+), 30 deletions(-) diff --git a/packages/integration-tests/src/test-e2e/backend_output.test.ts b/packages/integration-tests/src/test-e2e/backend_output.test.ts index a1f20b88c3..50c4715686 100644 --- a/packages/integration-tests/src/test-e2e/backend_output.test.ts +++ b/packages/integration-tests/src/test-e2e/backend_output.test.ts @@ -23,10 +23,11 @@ import { DeployedResourcesFinder } from '../find_deployed_resource.js'; import { DataStorageAuthWithTriggerTestProjectCreator } from '../test-project-setup/data_storage_auth_with_triggers.js'; import { SQSClient } from '@aws-sdk/client-sqs'; import { setupDeployedBackendClient } from '../test-project-setup/setup_deployed_backend_client.js'; -import fsp from 'fs/promises'; -import path from 'path'; -import assert from 'node:assert'; -import isMatch from 'lodash.ismatch'; + +/** + * This E2E test is to check whether current (aka latest) repository content introduces breaking changes + * for our deployed backend client to read outputs. + */ // Different root test dir to avoid race conditions with e2e deployment tests const rootTestDir = fileURLToPath( @@ -87,32 +88,6 @@ void describe( await testProject.deploy(branchBackendIdentifier, sharedSecretsEnv); await testProject.assertPostDeployment(branchBackendIdentifier); - - // assert storage access paths are correct in stack outputs - const outputsObject = JSON.parse( - await fsp.readFile( - path.join(testProject.projectDirPath, 'amplify_outputs.json'), - 'utf-8' - ) - ); - assert.ok( - isMatch(outputsObject.storage.buckets[0].paths, { - 'public/*': { - guest: ['get', 'list'], - authenticated: ['get', 'list', 'write'], - groupsAdmins: ['get', 'list', 'write', 'delete'], - }, - 'protected/*': { - authenticated: ['get', 'list'], - groupsAdmins: ['get', 'list', 'write', 'delete'], - }, - 'protected/${cognito-identity.amazonaws.com:sub}/*': { - // eslint-disable-next-line spellcheck/spell-checker - entityidentity: ['get', 'list', 'write', 'delete'], - }, - }) - ); - await testProject.assertDeployedClientOutputs(branchBackendIdentifier); }); } diff --git a/packages/integration-tests/src/test-project-setup/data_storage_auth_with_triggers.ts b/packages/integration-tests/src/test-project-setup/data_storage_auth_with_triggers.ts index 588f5c7f56..54f0cce6f9 100644 --- a/packages/integration-tests/src/test-project-setup/data_storage_auth_with_triggers.ts +++ b/packages/integration-tests/src/test-project-setup/data_storage_auth_with_triggers.ts @@ -23,6 +23,7 @@ import { SQSClient, } from '@aws-sdk/client-sqs'; import { e2eToolingClientConfig } from '../e2e_tooling_client_config.js'; +import isMatch from 'lodash.ismatch'; /** * Creates test projects with data, storage, and auth categories. @@ -298,6 +299,31 @@ class DataStorageAuthWithTriggerTestProject extends TestProjectBase { ); assert.ok(fileContent.includes('newKey: string;')); // Env var added via addEnvironment assert.ok(fileContent.includes('TEST_SECRET: string;')); // Env var added via defineFunction + + // assert storage access paths are correct in stack outputs + const outputsObject = JSON.parse( + await fs.readFile( + path.join(this.projectDirPath, 'amplify_outputs.json'), + 'utf-8' + ) + ); + assert.ok( + isMatch(outputsObject.storage.buckets[0].paths, { + 'public/*': { + guest: ['get', 'list'], + authenticated: ['get', 'list', 'write'], + groupsAdmins: ['get', 'list', 'write', 'delete'], + }, + 'protected/*': { + authenticated: ['get', 'list'], + groupsAdmins: ['get', 'list', 'write', 'delete'], + }, + 'protected/${cognito-identity.amazonaws.com:sub}/*': { + // eslint-disable-next-line spellcheck/spell-checker + entityidentity: ['get', 'list', 'write', 'delete'], + }, + }) + ); } private getUpdateReplacementDefinition = (suffix: string) => ({