diff --git a/packages/@aws-cdk/aws-codebuild/README.md b/packages/@aws-cdk/aws-codebuild/README.md index 15fcb2b1d6321..5722c3ec35b9c 100644 --- a/packages/@aws-cdk/aws-codebuild/README.md +++ b/packages/@aws-cdk/aws-codebuild/README.md @@ -509,6 +509,8 @@ declare const reportGroup: codebuild.ReportGroup; reportGroup.grantWrite(project); ``` +The created policy will adjust to the report group type. If no type is specified when creating the report group the created policy will contain the action for the test report group type. + For more information on the test reports feature, see the [AWS CodeBuild documentation](https://docs.aws.amazon.com/codebuild/latest/userguide/test-reporting.html). diff --git a/packages/@aws-cdk/aws-codebuild/lib/report-group.ts b/packages/@aws-cdk/aws-codebuild/lib/report-group.ts index 1cf148cc0c133..f951cebbe08ca 100644 --- a/packages/@aws-cdk/aws-codebuild/lib/report-group.ts +++ b/packages/@aws-cdk/aws-codebuild/lib/report-group.ts @@ -38,14 +38,16 @@ abstract class ReportGroupBase extends cdk.Resource implements IReportGroup { public abstract readonly reportGroupArn: string; public abstract readonly reportGroupName: string; protected abstract readonly exportBucket?: s3.IBucket; + protected abstract readonly type?: ReportGroupType; public grantWrite(identity: iam.IGrantable): iam.Grant { + const typeAction = this.type === ReportGroupType.CODE_COVERAGE ? 'codebuild:BatchPutCodeCoverages' : 'codebuild:BatchPutTestCases'; const ret = iam.Grant.addToPrincipal({ grantee: identity, actions: [ 'codebuild:CreateReport', 'codebuild:UpdateReport', - 'codebuild:BatchPutTestCases', + typeAction, ], resourceArns: [this.reportGroupArn], }); @@ -134,6 +136,7 @@ export class ReportGroup extends ReportGroupBase { public readonly reportGroupName = reportGroupName; public readonly reportGroupArn = renderReportGroupArn(scope, reportGroupName); protected readonly exportBucket = undefined; + protected readonly type = undefined; } return new Import(scope, id); @@ -142,14 +145,15 @@ export class ReportGroup extends ReportGroupBase { public readonly reportGroupArn: string; public readonly reportGroupName: string; protected readonly exportBucket?: s3.IBucket; + protected readonly type?: ReportGroupType; constructor(scope: Construct, id: string, props: ReportGroupProps = {}) { super(scope, id, { physicalName: props.reportGroupName, }); - + this.type = props.type ? props.type : ReportGroupType.TEST; const resource = new CfnReportGroup(this, 'Resource', { - type: props.type ? props.type : ReportGroupType.TEST, + type: this.type, exportConfig: { exportConfigType: props.exportBucket ? 'S3' : 'NO_EXPORT', s3Destination: props.exportBucket diff --git a/packages/@aws-cdk/aws-codebuild/package.json b/packages/@aws-cdk/aws-codebuild/package.json index 50e52f654e5bb..b9c15e0b82297 100644 --- a/packages/@aws-cdk/aws-codebuild/package.json +++ b/packages/@aws-cdk/aws-codebuild/package.json @@ -89,6 +89,7 @@ "@aws-cdk/aws-sqs": "0.0.0", "@aws-cdk/cdk-build-tools": "0.0.0", "@aws-cdk/integ-runner": "0.0.0", + "@aws-cdk/integ-tests": "0.0.0", "@aws-cdk/cfn2ts": "0.0.0", "@aws-cdk/pkglint": "0.0.0", "@types/jest": "^27.5.2", diff --git a/packages/@aws-cdk/aws-codebuild/test/integ.report-group.ts b/packages/@aws-cdk/aws-codebuild/test/integ.report-group.ts new file mode 100644 index 0000000000000..740d220c40ee0 --- /dev/null +++ b/packages/@aws-cdk/aws-codebuild/test/integ.report-group.ts @@ -0,0 +1,49 @@ +import * as cdk from '@aws-cdk/core'; +import * as integ from '@aws-cdk/integ-tests'; +import * as codebuild from '../lib'; + +const app = new cdk.App(); + +const stack = new cdk.Stack(app, 'aws-cdk-report-group'); + +const reportGroupCodeCoverage = new codebuild.ReportGroup(stack, 'CoverageReportGroup', { + type: codebuild.ReportGroupType.CODE_COVERAGE, +}); + +const reportGroupTest = new codebuild.ReportGroup(stack, 'TestReportGroup', { + type: codebuild.ReportGroupType.TEST, +}); + +const project = new codebuild.Project(stack, 'MyProject', { + buildSpec: codebuild.BuildSpec.fromObject({ + version: '0.2', + phases: { + build: { + commands: ['echo "Nothing to do!"'], + }, + }, + reports: { + [reportGroupTest.reportGroupArn]: { + 'base-directory': 'test-reports', + 'file-format': 'JUNITXML', + 'files': [ + '**/*', + ], + }, + [reportGroupCodeCoverage.reportGroupArn]: { + 'base-directory': 'coverage', + 'file-format': 'CLOVERXML', + 'files': ['clover.xml'], + }, + }, + }), + grantReportGroupPermissions: false, +}); +reportGroupCodeCoverage.grantWrite(project); +reportGroupTest.grantWrite(project); + +new integ.IntegTest(app, 'ReportGroupIntegTest', { + testCases: [stack], +}); + +app.synth(); diff --git a/packages/@aws-cdk/aws-codebuild/test/report-group.integ.snapshot/ReportGroupIntegTestDefaultTestDeployAssert57960C5A.template.json b/packages/@aws-cdk/aws-codebuild/test/report-group.integ.snapshot/ReportGroupIntegTestDefaultTestDeployAssert57960C5A.template.json new file mode 100644 index 0000000000000..9e26dfeeb6e64 --- /dev/null +++ b/packages/@aws-cdk/aws-codebuild/test/report-group.integ.snapshot/ReportGroupIntegTestDefaultTestDeployAssert57960C5A.template.json @@ -0,0 +1 @@ +{} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-codebuild/test/report-group.integ.snapshot/aws-cdk-report-group.template.json b/packages/@aws-cdk/aws-codebuild/test/report-group.integ.snapshot/aws-cdk-report-group.template.json new file mode 100644 index 0000000000000..1188be27cb4af --- /dev/null +++ b/packages/@aws-cdk/aws-codebuild/test/report-group.integ.snapshot/aws-cdk-report-group.template.json @@ -0,0 +1,194 @@ +{ + "Resources": { + "CoverageReportGroupE23151CF": { + "Type": "AWS::CodeBuild::ReportGroup", + "Properties": { + "ExportConfig": { + "ExportConfigType": "NO_EXPORT" + }, + "Type": "CODE_COVERAGE" + }, + "UpdateReplacePolicy": "Retain", + "DeletionPolicy": "Retain" + }, + "TestReportGroup1F49A500": { + "Type": "AWS::CodeBuild::ReportGroup", + "Properties": { + "ExportConfig": { + "ExportConfigType": "NO_EXPORT" + }, + "Type": "TEST" + }, + "UpdateReplacePolicy": "Retain", + "DeletionPolicy": "Retain" + }, + "MyProjectRole9BBE5233": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "codebuild.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "MyProjectRoleDefaultPolicyB19B7C29": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "logs:CreateLogGroup", + "logs:CreateLogStream", + "logs:PutLogEvents" + ], + "Effect": "Allow", + "Resource": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":log-group:/aws/codebuild/", + { + "Ref": "MyProject39F7B0AE" + }, + ":*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":log-group:/aws/codebuild/", + { + "Ref": "MyProject39F7B0AE" + } + ] + ] + } + ] + }, + { + "Action": [ + "codebuild:BatchPutCodeCoverages", + "codebuild:CreateReport", + "codebuild:UpdateReport" + ], + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "CoverageReportGroupE23151CF", + "Arn" + ] + } + }, + { + "Action": [ + "codebuild:BatchPutTestCases", + "codebuild:CreateReport", + "codebuild:UpdateReport" + ], + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "TestReportGroup1F49A500", + "Arn" + ] + } + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "MyProjectRoleDefaultPolicyB19B7C29", + "Roles": [ + { + "Ref": "MyProjectRole9BBE5233" + } + ] + } + }, + "MyProject39F7B0AE": { + "Type": "AWS::CodeBuild::Project", + "Properties": { + "Artifacts": { + "Type": "NO_ARTIFACTS" + }, + "Environment": { + "ComputeType": "BUILD_GENERAL1_SMALL", + "Image": "aws/codebuild/standard:1.0", + "ImagePullCredentialsType": "CODEBUILD", + "PrivilegedMode": false, + "Type": "LINUX_CONTAINER" + }, + "ServiceRole": { + "Fn::GetAtt": [ + "MyProjectRole9BBE5233", + "Arn" + ] + }, + "Source": { + "BuildSpec": { + "Fn::Join": [ + "", + [ + "{\n \"version\": \"0.2\",\n \"phases\": {\n \"build\": {\n \"commands\": [\n \"echo \\\"Nothing to do!\\\"\"\n ]\n }\n },\n \"reports\": {\n \"", + { + "Fn::GetAtt": [ + "TestReportGroup1F49A500", + "Arn" + ] + }, + "\": {\n \"base-directory\": \"test-reports\",\n \"file-format\": \"JUNITXML\",\n \"files\": [\n \"**/*\"\n ]\n },\n \"", + { + "Fn::GetAtt": [ + "CoverageReportGroupE23151CF", + "Arn" + ] + }, + "\": {\n \"base-directory\": \"coverage\",\n \"file-format\": \"CLOVERXML\",\n \"files\": [\n \"clover.xml\"\n ]\n }\n }\n}" + ] + ] + }, + "Type": "NO_SOURCE" + }, + "Cache": { + "Type": "NO_CACHE" + }, + "EncryptionKey": "alias/aws/s3" + } + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-codebuild/test/report-group.integ.snapshot/cdk.out b/packages/@aws-cdk/aws-codebuild/test/report-group.integ.snapshot/cdk.out new file mode 100644 index 0000000000000..588d7b269d34f --- /dev/null +++ b/packages/@aws-cdk/aws-codebuild/test/report-group.integ.snapshot/cdk.out @@ -0,0 +1 @@ +{"version":"20.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-codebuild/test/report-group.integ.snapshot/integ.json b/packages/@aws-cdk/aws-codebuild/test/report-group.integ.snapshot/integ.json new file mode 100644 index 0000000000000..e54db9584709d --- /dev/null +++ b/packages/@aws-cdk/aws-codebuild/test/report-group.integ.snapshot/integ.json @@ -0,0 +1,11 @@ +{ + "version": "20.0.0", + "testCases": { + "ReportGroupIntegTest/DefaultTest": { + "stacks": [ + "aws-cdk-report-group" + ], + "assertionStack": "ReportGroupIntegTestDefaultTestDeployAssert57960C5A" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-codebuild/test/report-group.integ.snapshot/manifest.json b/packages/@aws-cdk/aws-codebuild/test/report-group.integ.snapshot/manifest.json new file mode 100644 index 0000000000000..4c731d0cd7073 --- /dev/null +++ b/packages/@aws-cdk/aws-codebuild/test/report-group.integ.snapshot/manifest.json @@ -0,0 +1,64 @@ +{ + "version": "20.0.0", + "artifacts": { + "Tree": { + "type": "cdk:tree", + "properties": { + "file": "tree.json" + } + }, + "aws-cdk-report-group": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "aws-cdk-report-group.template.json", + "validateOnSynth": false + }, + "metadata": { + "/aws-cdk-report-group/CoverageReportGroup/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "CoverageReportGroupE23151CF" + } + ], + "/aws-cdk-report-group/TestReportGroup/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "TestReportGroup1F49A500", + "trace": [ + "!!DESTRUCTIVE_CHANGES: WILL_REPLACE" + ] + } + ], + "/aws-cdk-report-group/MyProject/Role/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "MyProjectRole9BBE5233" + } + ], + "/aws-cdk-report-group/MyProject/Role/DefaultPolicy/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "MyProjectRoleDefaultPolicyB19B7C29" + } + ], + "/aws-cdk-report-group/MyProject/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "MyProject39F7B0AE" + } + ] + }, + "displayName": "aws-cdk-report-group" + }, + "ReportGroupIntegTestDefaultTestDeployAssert57960C5A": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "ReportGroupIntegTestDefaultTestDeployAssert57960C5A.template.json", + "validateOnSynth": false + }, + "displayName": "ReportGroupIntegTest/DefaultTest/DeployAssert" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-codebuild/test/report-group.integ.snapshot/tree.json b/packages/@aws-cdk/aws-codebuild/test/report-group.integ.snapshot/tree.json new file mode 100644 index 0000000000000..cc252f27f1b98 --- /dev/null +++ b/packages/@aws-cdk/aws-codebuild/test/report-group.integ.snapshot/tree.json @@ -0,0 +1,343 @@ +{ + "version": "tree-0.1", + "tree": { + "id": "App", + "path": "", + "children": { + "Tree": { + "id": "Tree", + "path": "Tree", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.1.71" + } + }, + "aws-cdk-report-group": { + "id": "aws-cdk-report-group", + "path": "aws-cdk-report-group", + "children": { + "CoverageReportGroup": { + "id": "CoverageReportGroup", + "path": "aws-cdk-report-group/CoverageReportGroup", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-report-group/CoverageReportGroup/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::CodeBuild::ReportGroup", + "aws:cdk:cloudformation:props": { + "exportConfig": { + "exportConfigType": "NO_EXPORT" + }, + "type": "CODE_COVERAGE" + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-codebuild.CfnReportGroup", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-codebuild.ReportGroup", + "version": "0.0.0" + } + }, + "TestReportGroup": { + "id": "TestReportGroup", + "path": "aws-cdk-report-group/TestReportGroup", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-report-group/TestReportGroup/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::CodeBuild::ReportGroup", + "aws:cdk:cloudformation:props": { + "exportConfig": { + "exportConfigType": "NO_EXPORT" + }, + "type": "TEST" + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-codebuild.CfnReportGroup", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-codebuild.ReportGroup", + "version": "0.0.0" + } + }, + "MyProject": { + "id": "MyProject", + "path": "aws-cdk-report-group/MyProject", + "children": { + "Role": { + "id": "Role", + "path": "aws-cdk-report-group/MyProject/Role", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-report-group/MyProject/Role/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "codebuild.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-iam.CfnRole", + "version": "0.0.0" + } + }, + "DefaultPolicy": { + "id": "DefaultPolicy", + "path": "aws-cdk-report-group/MyProject/Role/DefaultPolicy", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-report-group/MyProject/Role/DefaultPolicy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Policy", + "aws:cdk:cloudformation:props": { + "policyDocument": { + "Statement": [ + { + "Action": [ + "logs:CreateLogGroup", + "logs:CreateLogStream", + "logs:PutLogEvents" + ], + "Effect": "Allow", + "Resource": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":log-group:/aws/codebuild/", + { + "Ref": "MyProject39F7B0AE" + }, + ":*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":log-group:/aws/codebuild/", + { + "Ref": "MyProject39F7B0AE" + } + ] + ] + } + ] + }, + { + "Action": [ + "codebuild:BatchPutCodeCoverages", + "codebuild:CreateReport", + "codebuild:UpdateReport" + ], + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "CoverageReportGroupE23151CF", + "Arn" + ] + } + }, + { + "Action": [ + "codebuild:BatchPutTestCases", + "codebuild:CreateReport", + "codebuild:UpdateReport" + ], + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "TestReportGroup1F49A500", + "Arn" + ] + } + } + ], + "Version": "2012-10-17" + }, + "policyName": "MyProjectRoleDefaultPolicyB19B7C29", + "roles": [ + { + "Ref": "MyProjectRole9BBE5233" + } + ] + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-iam.CfnPolicy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-iam.Policy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-iam.Role", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "aws-cdk-report-group/MyProject/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::CodeBuild::Project", + "aws:cdk:cloudformation:props": { + "artifacts": { + "type": "NO_ARTIFACTS" + }, + "environment": { + "type": "LINUX_CONTAINER", + "image": "aws/codebuild/standard:1.0", + "imagePullCredentialsType": "CODEBUILD", + "privilegedMode": false, + "computeType": "BUILD_GENERAL1_SMALL" + }, + "serviceRole": { + "Fn::GetAtt": [ + "MyProjectRole9BBE5233", + "Arn" + ] + }, + "source": { + "type": "NO_SOURCE", + "buildSpec": { + "Fn::Join": [ + "", + [ + "{\n \"version\": \"0.2\",\n \"phases\": {\n \"build\": {\n \"commands\": [\n \"echo \\\"Nothing to do!\\\"\"\n ]\n }\n },\n \"reports\": {\n \"", + { + "Fn::GetAtt": [ + "TestReportGroup1F49A500", + "Arn" + ] + }, + "\": {\n \"base-directory\": \"test-reports\",\n \"file-format\": \"JUNITXML\",\n \"files\": [\n \"**/*\"\n ]\n },\n \"", + { + "Fn::GetAtt": [ + "CoverageReportGroupE23151CF", + "Arn" + ] + }, + "\": {\n \"base-directory\": \"coverage\",\n \"file-format\": \"CLOVERXML\",\n \"files\": [\n \"clover.xml\"\n ]\n }\n }\n}" + ] + ] + } + }, + "cache": { + "type": "NO_CACHE" + }, + "encryptionKey": "alias/aws/s3" + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-codebuild.CfnProject", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-codebuild.Project", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/core.Stack", + "version": "0.0.0" + } + }, + "ReportGroupIntegTest": { + "id": "ReportGroupIntegTest", + "path": "ReportGroupIntegTest", + "children": { + "DefaultTest": { + "id": "DefaultTest", + "path": "ReportGroupIntegTest/DefaultTest", + "children": { + "Default": { + "id": "Default", + "path": "ReportGroupIntegTest/DefaultTest/Default", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.1.71" + } + }, + "DeployAssert": { + "id": "DeployAssert", + "path": "ReportGroupIntegTest/DefaultTest/DeployAssert", + "constructInfo": { + "fqn": "@aws-cdk/core.Stack", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests.IntegTestCase", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests.IntegTest", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/core.App", + "version": "0.0.0" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-codebuild/test/report-group.test.ts b/packages/@aws-cdk/aws-codebuild/test/report-group.test.ts index 387b5d5b65fa4..24d8005af64a4 100644 --- a/packages/@aws-cdk/aws-codebuild/test/report-group.test.ts +++ b/packages/@aws-cdk/aws-codebuild/test/report-group.test.ts @@ -165,4 +165,81 @@ describe('Test Reports Groups', () => { "Type": "TEST", }); }); + + test.each([ + [ReportGroupType.CODE_COVERAGE, 'codebuild:BatchPutCodeCoverages'], + [ReportGroupType.TEST, 'codebuild:BatchPutTestCases'], + ])('has correct policy when type is %s', (type: ReportGroupType, policyStatement: string) => { + const stack = new cdk.Stack(); + + const reportGroup = new codebuild.ReportGroup(stack, 'ReportGroup', { + type, + }); + + const project = new codebuild.Project(stack, 'TestProject', { + buildSpec: { + toBuildSpec: () => '', + isImmediate: true, + }, + }); + reportGroup.grantWrite(project); + + Template.fromStack(stack).hasResourceProperties('AWS::IAM::Policy', { + PolicyDocument: { + Statement: Match.arrayWith([ + { + Action: [ + "codebuild:CreateReport", + "codebuild:UpdateReport", + policyStatement, + ], + Effect: "Allow", + Resource: { + "Fn::GetAtt": [ + "ReportGroup8A84C76D", + "Arn", + ], + }, + }, + ]), + Version: "2012-10-17", + }, + }); + }); + + test('has policy for type test when type is not defined', () => { + const stack = new cdk.Stack(); + + const reportGroup = new codebuild.ReportGroup(stack, 'ReportGroup'); + + const project = new codebuild.Project(stack, 'TestProject', { + buildSpec: { + toBuildSpec: () => '', + isImmediate: true, + }, + }); + reportGroup.grantWrite(project); + + Template.fromStack(stack).hasResourceProperties('AWS::IAM::Policy', { + PolicyDocument: { + Statement: Match.arrayWith([ + { + Action: [ + "codebuild:CreateReport", + "codebuild:UpdateReport", + "codebuild:BatchPutTestCases", + ], + Effect: "Allow", + Resource: { + "Fn::GetAtt": [ + "ReportGroup8A84C76D", + "Arn", + ], + }, + }, + ]), + Version: "2012-10-17", + }, + }); + }); });