-
Notifications
You must be signed in to change notification settings - Fork 3.9k
/
vpc-endpoint-service.test.ts
127 lines (108 loc) · 4.43 KB
/
vpc-endpoint-service.test.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
import * as elbv2 from '../../../aws-cdk-lib/aws-elasticloadbalancingv2';
import { Template } from '../../assertions';
import { ArnPrincipal } from '../../aws-iam';
import { Stack } from '../../core';
// eslint-disable-next-line max-len
import { IVpcEndpointServiceLoadBalancer, Vpc, VpcEndpointService } from '../lib';
/**
* A load balancer that can host a VPC Endpoint Service
*/
class DummyEndpointLoadBalacer implements IVpcEndpointServiceLoadBalancer {
/**
* The ARN of the load balancer that hosts the VPC Endpoint Service
*/
public readonly loadBalancerArn: string;
constructor(arn: string) {
this.loadBalancerArn = arn;
}
}
describe('vpc endpoint service', () => {
describe('test vpc endpoint service', () => {
test('create endpoint service with no principals', () => {
// GIVEN
const stack = new Stack();
new Vpc(stack, 'MyVPC');
// WHEN
const lb = new DummyEndpointLoadBalacer('arn:aws:elasticloadbalancing:us-east-1:123456789012:loadbalancer/net/Test/9bn6qkf4e9jrw77a');
new VpcEndpointService(stack, 'EndpointService', {
vpcEndpointServiceLoadBalancers: [lb],
acceptanceRequired: false,
allowedPrincipals: [new ArnPrincipal('arn:aws:iam::123456789012:root')],
});
// THEN
Template.fromStack(stack).hasResourceProperties('AWS::EC2::VPCEndpointService', {
NetworkLoadBalancerArns: ['arn:aws:elasticloadbalancing:us-east-1:123456789012:loadbalancer/net/Test/9bn6qkf4e9jrw77a'],
AcceptanceRequired: false,
});
const servicePermissions = Template.fromStack(stack).findResources('AWS::EC2::VPCEndpointServicePermissions', {
ServiceId: {
Ref: 'EndpointServiceED36BE1F',
},
AllowedPrincipals: [],
});
expect(Object.keys(servicePermissions).length).toBe(0);
});
test('create endpoint service with a principal', () => {
// GIVEN
const stack = new Stack();
// WHEN
const lb = new DummyEndpointLoadBalacer('arn:aws:elasticloadbalancing:us-east-1:123456789012:loadbalancer/net/Test/9bn6qkf4e9jrw77a');
new VpcEndpointService(stack, 'EndpointService', {
vpcEndpointServiceLoadBalancers: [lb],
acceptanceRequired: false,
allowedPrincipals: [new ArnPrincipal('arn:aws:iam::123456789012:root')],
});
// THEN
Template.fromStack(stack).hasResourceProperties('AWS::EC2::VPCEndpointService', {
NetworkLoadBalancerArns: ['arn:aws:elasticloadbalancing:us-east-1:123456789012:loadbalancer/net/Test/9bn6qkf4e9jrw77a'],
AcceptanceRequired: false,
});
Template.fromStack(stack).hasResourceProperties('AWS::EC2::VPCEndpointServicePermissions', {
ServiceId: {
Ref: 'EndpointServiceED36BE1F',
},
AllowedPrincipals: ['arn:aws:iam::123456789012:root'],
});
});
test('with acceptance required', () => {
// GIVEN
const stack = new Stack();
// WHEN
const lb = new DummyEndpointLoadBalacer('arn:aws:elasticloadbalancing:us-east-1:123456789012:loadbalancer/net/Test/9bn6qkf4e9jrw77a');
new VpcEndpointService(stack, 'EndpointService', {
vpcEndpointServiceLoadBalancers: [lb],
acceptanceRequired: true,
allowedPrincipals: [new ArnPrincipal('arn:aws:iam::123456789012:root')],
});
// THEN
Template.fromStack(stack).hasResourceProperties('AWS::EC2::VPCEndpointService', {
NetworkLoadBalancerArns: ['arn:aws:elasticloadbalancing:us-east-1:123456789012:loadbalancer/net/Test/9bn6qkf4e9jrw77a'],
AcceptanceRequired: true,
});
Template.fromStack(stack).hasResourceProperties('AWS::EC2::VPCEndpointServicePermissions', {
ServiceId: {
Ref: 'EndpointServiceED36BE1F',
},
AllowedPrincipals: ['arn:aws:iam::123456789012:root'],
});
});
test('with contributor insights enabled', () => {
// GIVEN
const stack = new Stack();
const vpc = new Vpc(stack, 'MyVPC');
// WHEN
const lb = new elbv2.NetworkLoadBalancer(stack, 'NLB', { vpc });
new VpcEndpointService(stack, 'VpcEndpointService', {
vpcEndpointServiceLoadBalancers: [{
loadBalancerArn: lb.loadBalancerArn,
}],
acceptanceRequired: true,
contributorInsights: true,
});
// THEN
Template.fromStack(stack).hasResourceProperties('AWS::EC2::VPCEndpointService', {
ContributorInsightsEnabled: true,
});
});
});
});