fix unit test role ids

aws · Oct 28, 2024 · e8f20c4 · e8f20c4
1 parent 8e5659a
commit e8f20c4
Show file tree

Hide file tree

Showing 12 changed files with 74 additions and 60 deletions.
diff --git a/packages/@aws-cdk/aws-scheduler-targets-alpha/lib/target.ts b/packages/@aws-cdk/aws-scheduler-targets-alpha/lib/target.ts
@@ -126,6 +126,11 @@ export abstract class ScheduleTargetBase {
       },
     });
     if (existingRole) {
+      existingRole.assumeRolePolicy?.addStatements(new iam.PolicyStatement({
+        effect: iam.Effect.ALLOW,
+        principals: [principal],
+        actions: ['sts:AssumeRole'],
+      }));
       return existingRole;
     }
     const role = new iam.Role(stack, id, {

diff --git a/packages/@aws-cdk/aws-scheduler-targets-alpha/test/codebuild-start-build.test.ts b/packages/@aws-cdk/aws-scheduler-targets-alpha/test/codebuild-start-build.test.ts
@@ -14,6 +14,7 @@ describe('codebuild start build', () => {
   const codebuildArnRef = { 'Fn::GetAtt': ['ProjectC78D97AD', 'Arn'] };
   const codebuildAction = 'codebuild:StartBuild';
   const expr = ScheduleExpression.at(new Date(Date.UTC(1991, 2, 24, 0, 0, 0)));
+  const roleId = 'SchedulerRoleForTarget27bd47517CF0F8';
 
   beforeEach(() => {
     app = new App({ context: { '@aws-cdk/aws-iam:minimizePolicies': true } });
@@ -36,7 +37,7 @@ describe('codebuild start build', () => {
       Properties: {
         Target: {
           Arn: codebuildArnRef,
-          RoleArn: { 'Fn::GetAtt': ['SchedulerRoleForTarget1441a743A31888', 'Arn'] },
+          RoleArn: { 'Fn::GetAtt': [roleId, 'Arn'] },
           RetryPolicy: {},
         },
       },
@@ -52,7 +53,7 @@ describe('codebuild start build', () => {
           },
         ],
       },
-      Roles: [{ Ref: 'SchedulerRoleForTarget1441a743A31888' }],
+      Roles: [{ Ref: roleId }],
     });
 
     template.hasResourceProperties('AWS::IAM::Role', {
@@ -113,7 +114,7 @@ describe('codebuild start build', () => {
     });
   });
 
-  test('reuses IAM role and IAM policy for two schedules from the same account', () => {
+  test('reuses IAM role and IAM policy for two schedules with the same target from the same account', () => {
     const codeBuildTarget = new CodeBuildStartBuild(codebuildProject, {});
 
     new Schedule(stack, 'MyScheduleDummy1', {
@@ -154,7 +155,7 @@ describe('codebuild start build', () => {
           },
         ],
       },
-      Roles: [{ Ref: 'SchedulerRoleForTarget1441a743A31888' }],
+      Roles: [{ Ref: roleId }],
     }, 1);
   });
 
@@ -411,7 +412,7 @@ describe('codebuild start build', () => {
       Properties: {
         Target: {
           Arn: codebuildArnRef,
-          RoleArn: { 'Fn::GetAtt': ['SchedulerRoleForTarget1441a743A31888', 'Arn'] },
+          RoleArn: { 'Fn::GetAtt': [roleId, 'Arn'] },
           RetryPolicy: {
             MaximumEventAgeInSeconds: 10800,
             MaximumRetryAttempts: 5,

diff --git a/...s/@aws-cdk/aws-scheduler-targets-alpha/test/codepipeline-start-pipeline-execution.test.ts b/...s/@aws-cdk/aws-scheduler-targets-alpha/test/codepipeline-start-pipeline-execution.test.ts
@@ -28,6 +28,7 @@ describe('codepipeline start execution', () => {
     ],
   };
   const expr = ScheduleExpression.at(new Date(Date.UTC(1991, 2, 24, 0, 0, 0)));
+  const roleId = 'SchedulerRoleForTarget1b3000F5862F75';
 
   beforeEach(() => {
     app = new App({ context: { '@aws-cdk/aws-iam:minimizePolicies': true } });
@@ -48,7 +49,7 @@ describe('codepipeline start execution', () => {
       Properties: {
         Target: {
           Arn: pipelineArn,
-          RoleArn: { 'Fn::GetAtt': ['SchedulerRoleForTarget1441a743A31888', 'Arn'] },
+          RoleArn: { 'Fn::GetAtt': [roleId, 'Arn'] },
           RetryPolicy: {},
         },
       },
@@ -64,7 +65,7 @@ describe('codepipeline start execution', () => {
           },
         ],
       },
-      Roles: [{ Ref: 'SchedulerRoleForTarget1441a743A31888' }],
+      Roles: [{ Ref: roleId }],
     });
 
     template.hasResourceProperties('AWS::IAM::Role', {
@@ -123,7 +124,7 @@ describe('codepipeline start execution', () => {
     });
   });
 
-  test('reuses IAM role and IAM policy for two schedules from the same account', () => {
+  test('reuses IAM role and IAM policy for two schedules with the same target from the same account', () => {
     const codepipelineTarget = new CodePipelineStartPipelineExecution(codepipeline, {});
 
     new Schedule(stack, 'MyScheduleDummy1', {
@@ -164,7 +165,7 @@ describe('codepipeline start execution', () => {
           },
         ],
       },
-      Roles: [{ Ref: 'SchedulerRoleForTarget1441a743A31888' }],
+      Roles: [{ Ref: roleId }],
     }, 1);
   });
 
@@ -431,7 +432,7 @@ describe('codepipeline start execution', () => {
       Properties: {
         Target: {
           Arn: pipelineArn,
-          RoleArn: { 'Fn::GetAtt': ['SchedulerRoleForTarget1441a743A31888', 'Arn'] },
+          RoleArn: { 'Fn::GetAtt': [roleId, 'Arn'] },
           RetryPolicy: {
             MaximumEventAgeInSeconds: 10800,
             MaximumRetryAttempts: 5,

diff --git a/packages/@aws-cdk/aws-scheduler-targets-alpha/test/event-bridge-put-events.test.ts b/packages/@aws-cdk/aws-scheduler-targets-alpha/test/event-bridge-put-events.test.ts
@@ -12,6 +12,7 @@ describe('eventBridge put events', () => {
   let eventBus: events.EventBus;
   let eventBusEventEntry: EventBridgePutEventsEntry;
   const expr = ScheduleExpression.at(new Date(Date.UTC(1991, 2, 24, 0, 0, 0)));
+  const roleId = 'SchedulerRoleForTarget1e6d0e3BE2318C';
 
   beforeEach(() => {
     app = new App({ context: { '@aws-cdk/aws-iam:minimizePolicies': true } });
@@ -48,7 +49,7 @@ describe('eventBridge put events', () => {
             Source: 'service',
           },
           Input: JSON.stringify({ foo: 'bar' }),
-          RoleArn: { 'Fn::GetAtt': ['SchedulerRoleForTarget1441a743A31888', 'Arn'] },
+          RoleArn: { 'Fn::GetAtt': [roleId, 'Arn'] },
           RetryPolicy: {},
         },
       },
@@ -69,7 +70,7 @@ describe('eventBridge put events', () => {
           },
         ],
       },
-      Roles: [{ Ref: 'SchedulerRoleForTarget1441a743A31888' }],
+      Roles: [{ Ref: roleId }],
     });
 
     template.hasResourceProperties('AWS::IAM::Role', {
@@ -144,7 +145,7 @@ describe('eventBridge put events', () => {
     });
   });
 
-  test('reuses IAM role and IAM policy for two schedules from the same account', () => {
+  test('reuses IAM role and IAM policy for two schedules with the same target from the same account', () => {
     const eventBusTarget = new EventBridgePutEvents(eventBusEventEntry, {});
 
     new Schedule(stack, 'MyScheduleDummy1', {
@@ -190,7 +191,7 @@ describe('eventBridge put events', () => {
           },
         ],
       },
-      Roles: [{ Ref: 'SchedulerRoleForTarget1441a743A31888' }],
+      Roles: [{ Ref: roleId }],
     }, 1);
   });
 
@@ -513,7 +514,7 @@ describe('eventBridge put events', () => {
             Source: 'service',
           },
           Input: JSON.stringify({ foo: 'bar' }),
-          RoleArn: { 'Fn::GetAtt': ['SchedulerRoleForTarget1441a743A31888', 'Arn'] },
+          RoleArn: { 'Fn::GetAtt': [roleId, 'Arn'] },
           RetryPolicy: {
             MaximumEventAgeInSeconds: 10800,
             MaximumRetryAttempts: 5,

diff --git a/packages/@aws-cdk/aws-scheduler-targets-alpha/test/inspector-start-assessment-run.test.ts b/packages/@aws-cdk/aws-scheduler-targets-alpha/test/inspector-start-assessment-run.test.ts
@@ -11,6 +11,7 @@ describe('schedule target', () => {
   let stack: Stack;
   let template: CfnAssessmentTemplate;
   const expr = ScheduleExpression.at(new Date(Date.UTC(1969, 10, 20, 0, 0, 0)));
+  const roleId = 'SchedulerRoleForTarget78b2d848BF7444';
 
   beforeEach(() => {
     app = new App({ context: { '@aws-cdk/aws-iam:minimizePolicies': true } });
@@ -37,7 +38,7 @@ describe('schedule target', () => {
           Arn: {
             'Fn::GetAtt': ['MyTemplate', 'Arn'],
           },
-          RoleArn: { 'Fn::GetAtt': ['SchedulerRoleForTarget1441a743A31888', 'Arn'] },
+          RoleArn: { 'Fn::GetAtt': [roleId, 'Arn'] },
           RetryPolicy: {},
         },
       },
@@ -53,7 +54,7 @@ describe('schedule target', () => {
           },
         ],
       },
-      Roles: [{ Ref: 'SchedulerRoleForTarget1441a743A31888' }],
+      Roles: [{ Ref: roleId }],
     });
 
     Template.fromStack(stack).hasResourceProperties('AWS::IAM::Role', {
@@ -113,7 +114,7 @@ describe('schedule target', () => {
     });
   });
 
-  test('reuses IAM role and IAM policy for two schedules from the same account', () => {
+  test('reuses IAM role and IAM policy for two schedules with the same target from the same account', () => {
     const inspectorTarget = new InspectorStartAssessmentRun(template);
 
     new Schedule(stack, 'MyScheduleDummy1', {
@@ -152,7 +153,7 @@ describe('schedule target', () => {
           },
         ],
       },
-      Roles: [{ Ref: 'SchedulerRoleForTarget1441a743A31888' }],
+      Roles: [{ Ref: roleId }],
     }, 1);
   });
 
@@ -183,7 +184,7 @@ describe('schedule target', () => {
           Arn: {
             'Fn::ImportValue': 'Stack2:ExportsOutputFnGetAttAnotherTemplateArn9F673A62',
           },
-          RoleArn: { 'Fn::GetAtt': ['SchedulerRoleForTarget1441a743A31888', 'Arn'] },
+          RoleArn: { 'Fn::GetAtt': ['SchedulerRoleForTargetea46910831E154', 'Arn'] },
           RetryPolicy: {},
         },
       },
@@ -199,7 +200,7 @@ describe('schedule target', () => {
           },
         ],
       },
-      Roles: [{ Ref: 'SchedulerRoleForTarget1441a743A31888' }],
+      Roles: [{ Ref: 'SchedulerRoleForTargetea46910831E154' }],
     });
   });
 
@@ -461,7 +462,7 @@ describe('schedule target', () => {
           Arn: {
             'Fn::GetAtt': ['MyTemplate', 'Arn'],
           },
-          RoleArn: { 'Fn::GetAtt': ['SchedulerRoleForTarget1441a743A31888', 'Arn'] },
+          RoleArn: { 'Fn::GetAtt': [roleId, 'Arn'] },
           RetryPolicy: {
             MaximumEventAgeInSeconds: 10800,
             MaximumRetryAttempts: 5,

diff --git a/packages/@aws-cdk/aws-scheduler-targets-alpha/test/kinesis-data-firehose-put-record.test.ts b/packages/@aws-cdk/aws-scheduler-targets-alpha/test/kinesis-data-firehose-put-record.test.ts
@@ -11,6 +11,7 @@ describe('schedule target', () => {
   let stack: Stack;
   let firehose: CfnDeliveryStream;
   const expr = ScheduleExpression.at(new Date(Date.UTC(1969, 10, 20, 0, 0, 0)));
+  const roleId = 'SchedulerRoleForTarget380bba149146B2';
 
   beforeEach(() => {
     app = new App({ context: { '@aws-cdk/aws-iam:minimizePolicies': true } });
@@ -32,7 +33,7 @@ describe('schedule target', () => {
           Arn: {
             'Fn::GetAtt': ['MyFirehose', 'Arn'],
           },
-          RoleArn: { 'Fn::GetAtt': ['SchedulerRoleForTarget1441a743A31888', 'Arn'] },
+          RoleArn: { 'Fn::GetAtt': [roleId, 'Arn'] },
           RetryPolicy: {},
         },
       },
@@ -50,7 +51,7 @@ describe('schedule target', () => {
           },
         ],
       },
-      Roles: [{ Ref: 'SchedulerRoleForTarget1441a743A31888' }],
+      Roles: [{ Ref: roleId }],
     });
 
     Template.fromStack(stack).hasResourceProperties('AWS::IAM::Role', {
@@ -112,7 +113,7 @@ describe('schedule target', () => {
     });
   });
 
-  test('reuses IAM role and IAM policy for two schedules from the same account', () => {
+  test('reuses IAM role and IAM policy for two schedules with the same target from the same account', () => {
     const firehoseTarget = new KinesisDataFirehosePutRecord(firehose);
 
     new Schedule(stack, 'MyScheduleDummy1', {
@@ -153,7 +154,7 @@ describe('schedule target', () => {
           },
         ],
       },
-      Roles: [{ Ref: 'SchedulerRoleForTarget1441a743A31888' }],
+      Roles: [{ Ref: roleId }],
     }, 1);
   });
 
@@ -179,7 +180,7 @@ describe('schedule target', () => {
           Arn: {
             'Fn::ImportValue': 'Stack2:ExportsOutputFnGetAttAnotherFirehoseArn24CBF54A',
           },
-          RoleArn: { 'Fn::GetAtt': ['SchedulerRoleForTarget1441a743A31888', 'Arn'] },
+          RoleArn: { 'Fn::GetAtt': ['SchedulerRoleForTarget4b70ebDC2428DE', 'Arn'] },
           RetryPolicy: {},
         },
       },
@@ -197,7 +198,7 @@ describe('schedule target', () => {
           },
         ],
       },
-      Roles: [{ Ref: 'SchedulerRoleForTarget1441a743A31888' }],
+      Roles: [{ Ref: 'SchedulerRoleForTarget4b70ebDC2428DE' }],
     });
   });
 
@@ -447,7 +448,7 @@ describe('schedule target', () => {
           Arn: {
             'Fn::GetAtt': ['MyFirehose', 'Arn'],
           },
-          RoleArn: { 'Fn::GetAtt': ['SchedulerRoleForTarget1441a743A31888', 'Arn'] },
+          RoleArn: { 'Fn::GetAtt': [roleId, 'Arn'] },
           RetryPolicy: {
             MaximumEventAgeInSeconds: 10800,
             MaximumRetryAttempts: 5,

diff --git a/packages/@aws-cdk/aws-scheduler-targets-alpha/test/kinesis-stream-put-record.test.ts b/packages/@aws-cdk/aws-scheduler-targets-alpha/test/kinesis-stream-put-record.test.ts
@@ -11,6 +11,7 @@ describe('schedule target', () => {
   let stack: Stack;
   let stream: kinesis.Stream;
   const expr = ScheduleExpression.at(new Date(Date.UTC(1969, 10, 20, 0, 0, 0)));
+  const roleId = 'SchedulerRoleForTargetb38bb9039D30C1';
 
   beforeEach(() => {
     app = new App({ context: { '@aws-cdk/aws-iam:minimizePolicies': true } });
@@ -34,7 +35,7 @@ describe('schedule target', () => {
           Arn: {
             'Fn::GetAtt': ['MyStream5C050E93', 'Arn'],
           },
-          RoleArn: { 'Fn::GetAtt': ['SchedulerRoleForTarget1441a743A31888', 'Arn'] },
+          RoleArn: { 'Fn::GetAtt': [roleId, 'Arn'] },
           RetryPolicy: {},
           KinesisParameters: {
             PartitionKey: 'key',
@@ -55,7 +56,7 @@ describe('schedule target', () => {
           },
         ],
       },
-      Roles: [{ Ref: 'SchedulerRoleForTarget1441a743A31888' }],
+      Roles: [{ Ref: roleId }],
     });
 
     Template.fromStack(stack).hasResourceProperties('AWS::IAM::Role', {
@@ -121,7 +122,7 @@ describe('schedule target', () => {
     });
   });
 
-  test('reuses IAM role and IAM policy for two schedules from the same account', () => {
+  test('reuses IAM role and IAM policy for two schedules with the same target from the same account', () => {
     const streamTarget = new KinesisStreamPutRecord(stream, {
       partitionKey: 'key',
     });
@@ -164,7 +165,7 @@ describe('schedule target', () => {
           },
         ],
       },
-      Roles: [{ Ref: 'SchedulerRoleForTarget1441a743A31888' }],
+      Roles: [{ Ref: roleId }],
     }, 1);
   });
 
@@ -437,7 +438,7 @@ describe('schedule target', () => {
           Arn: {
             'Fn::GetAtt': ['MyStream5C050E93', 'Arn'],
           },
-          RoleArn: { 'Fn::GetAtt': ['SchedulerRoleForTarget1441a743A31888', 'Arn'] },
+          RoleArn: { 'Fn::GetAtt': [roleId, 'Arn'] },
           RetryPolicy: {
             MaximumEventAgeInSeconds: 10800,
             MaximumRetryAttempts: 5,