From 597ed0d64548e0f86cebe4bdd567a98453252626 Mon Sep 17 00:00:00 2001 From: Joshua Weber Date: Tue, 16 Aug 2022 22:12:03 +0200 Subject: [PATCH 1/2] :bug: fix(codebuild): wrong policy when report group type CODE_COVERAGE set --- .../aws-codebuild/lib/report-group.ts | 9 ++-- .../aws-codebuild/test/report-group.test.ts | 41 +++++++++++++++++++ 2 files changed, 47 insertions(+), 3 deletions(-) diff --git a/packages/@aws-cdk/aws-codebuild/lib/report-group.ts b/packages/@aws-cdk/aws-codebuild/lib/report-group.ts index 1cf148cc0c133..2ec4a6100eb20 100644 --- a/packages/@aws-cdk/aws-codebuild/lib/report-group.ts +++ b/packages/@aws-cdk/aws-codebuild/lib/report-group.ts @@ -38,6 +38,7 @@ abstract class ReportGroupBase extends cdk.Resource implements IReportGroup { public abstract readonly reportGroupArn: string; public abstract readonly reportGroupName: string; protected abstract readonly exportBucket?: s3.IBucket; + protected abstract readonly type?: ReportGroupType; public grantWrite(identity: iam.IGrantable): iam.Grant { const ret = iam.Grant.addToPrincipal({ @@ -45,7 +46,7 @@ abstract class ReportGroupBase extends cdk.Resource implements IReportGroup { actions: [ 'codebuild:CreateReport', 'codebuild:UpdateReport', - 'codebuild:BatchPutTestCases', + `${this.type === ReportGroupType.CODE_COVERAGE ? 'codebuild:BatchPutCodeCoverages' : 'codebuild:BatchPutTestCases'}`, ], resourceArns: [this.reportGroupArn], }); @@ -134,6 +135,7 @@ export class ReportGroup extends ReportGroupBase { public readonly reportGroupName = reportGroupName; public readonly reportGroupArn = renderReportGroupArn(scope, reportGroupName); protected readonly exportBucket = undefined; + protected readonly type = undefined; } return new Import(scope, id); @@ -142,14 +144,15 @@ export class ReportGroup extends ReportGroupBase { public readonly reportGroupArn: string; public readonly reportGroupName: string; protected readonly exportBucket?: s3.IBucket; + protected readonly type?: ReportGroupType; constructor(scope: Construct, id: string, props: ReportGroupProps = {}) { super(scope, id, { physicalName: props.reportGroupName, }); - + this.type = props.type ? props.type : ReportGroupType.TEST; const resource = new CfnReportGroup(this, 'Resource', { - type: props.type ? props.type : ReportGroupType.TEST, + type: this.type, exportConfig: { exportConfigType: props.exportBucket ? 'S3' : 'NO_EXPORT', s3Destination: props.exportBucket diff --git a/packages/@aws-cdk/aws-codebuild/test/report-group.test.ts b/packages/@aws-cdk/aws-codebuild/test/report-group.test.ts index 387b5d5b65fa4..5431c921cc762 100644 --- a/packages/@aws-cdk/aws-codebuild/test/report-group.test.ts +++ b/packages/@aws-cdk/aws-codebuild/test/report-group.test.ts @@ -165,4 +165,45 @@ describe('Test Reports Groups', () => { "Type": "TEST", }); }); + + test.each([ + [ReportGroupType.CODE_COVERAGE, 'codebuild:BatchPutCodeCoverages'], + [ReportGroupType.TEST, 'codebuild:BatchPutTestCases'], + ])('has correct policy when type is %s', (type: ReportGroupType, policyStatement: string) => { + const stack = new cdk.Stack(); + + const reportGroup = new codebuild.ReportGroup(stack, 'ReportGroup', { + type, + }); + + const project = new codebuild.Project(stack, 'TestProject', { + buildSpec: { + toBuildSpec: () => '', + isImmediate: true, + }, + }); + reportGroup.grantWrite(project); + + Template.fromStack(stack).hasResourceProperties('AWS::IAM::Policy', { + PolicyDocument: { + Statement: Match.arrayWith([ + { + Action: [ + "codebuild:CreateReport", + "codebuild:UpdateReport", + policyStatement, + ], + Effect: "Allow", + Resource: { + "Fn::GetAtt": [ + "ReportGroup8A84C76D", + "Arn", + ], + }, + }, + ]), + Version: "2012-10-17", + }, + }); + }); }); From 5010dedfea45d4c6849a84b5a5c5a3db16053b77 Mon Sep 17 00:00:00 2001 From: daschaa Date: Thu, 18 Aug 2022 08:46:23 +0200 Subject: [PATCH 2/2] =?UTF-8?q?=E2=99=BB=EF=B8=8F=20Adds=20integration=20t?= =?UTF-8?q?est=20for=20the=20fix?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- packages/@aws-cdk/aws-codebuild/README.md | 2 + .../aws-codebuild/lib/report-group.ts | 3 +- packages/@aws-cdk/aws-codebuild/package.json | 1 + .../aws-codebuild/test/integ.report-group.ts | 49 +++ ...aultTestDeployAssert57960C5A.template.json | 1 + .../aws-cdk-report-group.template.json | 194 ++++++++++ .../test/report-group.integ.snapshot/cdk.out | 1 + .../report-group.integ.snapshot/integ.json | 11 + .../report-group.integ.snapshot/manifest.json | 64 ++++ .../report-group.integ.snapshot/tree.json | 343 ++++++++++++++++++ .../aws-codebuild/test/report-group.test.ts | 36 ++ 11 files changed, 704 insertions(+), 1 deletion(-) create mode 100644 packages/@aws-cdk/aws-codebuild/test/integ.report-group.ts create mode 100644 packages/@aws-cdk/aws-codebuild/test/report-group.integ.snapshot/ReportGroupIntegTestDefaultTestDeployAssert57960C5A.template.json create mode 100644 packages/@aws-cdk/aws-codebuild/test/report-group.integ.snapshot/aws-cdk-report-group.template.json create mode 100644 packages/@aws-cdk/aws-codebuild/test/report-group.integ.snapshot/cdk.out create mode 100644 packages/@aws-cdk/aws-codebuild/test/report-group.integ.snapshot/integ.json create mode 100644 packages/@aws-cdk/aws-codebuild/test/report-group.integ.snapshot/manifest.json create mode 100644 packages/@aws-cdk/aws-codebuild/test/report-group.integ.snapshot/tree.json diff --git a/packages/@aws-cdk/aws-codebuild/README.md b/packages/@aws-cdk/aws-codebuild/README.md index 15fcb2b1d6321..5722c3ec35b9c 100644 --- a/packages/@aws-cdk/aws-codebuild/README.md +++ b/packages/@aws-cdk/aws-codebuild/README.md @@ -509,6 +509,8 @@ declare const reportGroup: codebuild.ReportGroup; reportGroup.grantWrite(project); ``` +The created policy will adjust to the report group type. If no type is specified when creating the report group the created policy will contain the action for the test report group type. + For more information on the test reports feature, see the [AWS CodeBuild documentation](https://docs.aws.amazon.com/codebuild/latest/userguide/test-reporting.html). diff --git a/packages/@aws-cdk/aws-codebuild/lib/report-group.ts b/packages/@aws-cdk/aws-codebuild/lib/report-group.ts index 2ec4a6100eb20..f951cebbe08ca 100644 --- a/packages/@aws-cdk/aws-codebuild/lib/report-group.ts +++ b/packages/@aws-cdk/aws-codebuild/lib/report-group.ts @@ -41,12 +41,13 @@ abstract class ReportGroupBase extends cdk.Resource implements IReportGroup { protected abstract readonly type?: ReportGroupType; public grantWrite(identity: iam.IGrantable): iam.Grant { + const typeAction = this.type === ReportGroupType.CODE_COVERAGE ? 'codebuild:BatchPutCodeCoverages' : 'codebuild:BatchPutTestCases'; const ret = iam.Grant.addToPrincipal({ grantee: identity, actions: [ 'codebuild:CreateReport', 'codebuild:UpdateReport', - `${this.type === ReportGroupType.CODE_COVERAGE ? 'codebuild:BatchPutCodeCoverages' : 'codebuild:BatchPutTestCases'}`, + typeAction, ], resourceArns: [this.reportGroupArn], }); diff --git a/packages/@aws-cdk/aws-codebuild/package.json b/packages/@aws-cdk/aws-codebuild/package.json index 50e52f654e5bb..b9c15e0b82297 100644 --- a/packages/@aws-cdk/aws-codebuild/package.json +++ b/packages/@aws-cdk/aws-codebuild/package.json @@ -89,6 +89,7 @@ "@aws-cdk/aws-sqs": "0.0.0", "@aws-cdk/cdk-build-tools": "0.0.0", "@aws-cdk/integ-runner": "0.0.0", + "@aws-cdk/integ-tests": "0.0.0", "@aws-cdk/cfn2ts": "0.0.0", "@aws-cdk/pkglint": "0.0.0", "@types/jest": "^27.5.2", diff --git a/packages/@aws-cdk/aws-codebuild/test/integ.report-group.ts b/packages/@aws-cdk/aws-codebuild/test/integ.report-group.ts new file mode 100644 index 0000000000000..740d220c40ee0 --- /dev/null +++ b/packages/@aws-cdk/aws-codebuild/test/integ.report-group.ts @@ -0,0 +1,49 @@ +import * as cdk from '@aws-cdk/core'; +import * as integ from '@aws-cdk/integ-tests'; +import * as codebuild from '../lib'; + +const app = new cdk.App(); + +const stack = new cdk.Stack(app, 'aws-cdk-report-group'); + +const reportGroupCodeCoverage = new codebuild.ReportGroup(stack, 'CoverageReportGroup', { + type: codebuild.ReportGroupType.CODE_COVERAGE, +}); + +const reportGroupTest = new codebuild.ReportGroup(stack, 'TestReportGroup', { + type: codebuild.ReportGroupType.TEST, +}); + +const project = new codebuild.Project(stack, 'MyProject', { + buildSpec: codebuild.BuildSpec.fromObject({ + version: '0.2', + phases: { + build: { + commands: ['echo "Nothing to do!"'], + }, + }, + reports: { + [reportGroupTest.reportGroupArn]: { + 'base-directory': 'test-reports', + 'file-format': 'JUNITXML', + 'files': [ + '**/*', + ], + }, + [reportGroupCodeCoverage.reportGroupArn]: { + 'base-directory': 'coverage', + 'file-format': 'CLOVERXML', + 'files': ['clover.xml'], + }, + }, + }), + grantReportGroupPermissions: false, +}); +reportGroupCodeCoverage.grantWrite(project); +reportGroupTest.grantWrite(project); + +new integ.IntegTest(app, 'ReportGroupIntegTest', { + testCases: [stack], +}); + +app.synth(); diff --git a/packages/@aws-cdk/aws-codebuild/test/report-group.integ.snapshot/ReportGroupIntegTestDefaultTestDeployAssert57960C5A.template.json b/packages/@aws-cdk/aws-codebuild/test/report-group.integ.snapshot/ReportGroupIntegTestDefaultTestDeployAssert57960C5A.template.json new file mode 100644 index 0000000000000..9e26dfeeb6e64 --- /dev/null +++ b/packages/@aws-cdk/aws-codebuild/test/report-group.integ.snapshot/ReportGroupIntegTestDefaultTestDeployAssert57960C5A.template.json @@ -0,0 +1 @@ +{} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-codebuild/test/report-group.integ.snapshot/aws-cdk-report-group.template.json b/packages/@aws-cdk/aws-codebuild/test/report-group.integ.snapshot/aws-cdk-report-group.template.json new file mode 100644 index 0000000000000..1188be27cb4af --- /dev/null +++ b/packages/@aws-cdk/aws-codebuild/test/report-group.integ.snapshot/aws-cdk-report-group.template.json @@ -0,0 +1,194 @@ +{ + "Resources": { + "CoverageReportGroupE23151CF": { + "Type": "AWS::CodeBuild::ReportGroup", + "Properties": { + "ExportConfig": { + "ExportConfigType": "NO_EXPORT" + }, + "Type": "CODE_COVERAGE" + }, + "UpdateReplacePolicy": "Retain", + "DeletionPolicy": "Retain" + }, + "TestReportGroup1F49A500": { + "Type": "AWS::CodeBuild::ReportGroup", + "Properties": { + "ExportConfig": { + "ExportConfigType": "NO_EXPORT" + }, + "Type": "TEST" + }, + "UpdateReplacePolicy": "Retain", + "DeletionPolicy": "Retain" + }, + "MyProjectRole9BBE5233": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "codebuild.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "MyProjectRoleDefaultPolicyB19B7C29": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "logs:CreateLogGroup", + "logs:CreateLogStream", + "logs:PutLogEvents" + ], + "Effect": "Allow", + "Resource": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":log-group:/aws/codebuild/", + { + "Ref": "MyProject39F7B0AE" + }, + ":*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":log-group:/aws/codebuild/", + { + "Ref": "MyProject39F7B0AE" + } + ] + ] + } + ] + }, + { + "Action": [ + "codebuild:BatchPutCodeCoverages", + "codebuild:CreateReport", + "codebuild:UpdateReport" + ], + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "CoverageReportGroupE23151CF", + "Arn" + ] + } + }, + { + "Action": [ + "codebuild:BatchPutTestCases", + "codebuild:CreateReport", + "codebuild:UpdateReport" + ], + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "TestReportGroup1F49A500", + "Arn" + ] + } + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "MyProjectRoleDefaultPolicyB19B7C29", + "Roles": [ + { + "Ref": "MyProjectRole9BBE5233" + } + ] + } + }, + "MyProject39F7B0AE": { + "Type": "AWS::CodeBuild::Project", + "Properties": { + "Artifacts": { + "Type": "NO_ARTIFACTS" + }, + "Environment": { + "ComputeType": "BUILD_GENERAL1_SMALL", + "Image": "aws/codebuild/standard:1.0", + "ImagePullCredentialsType": "CODEBUILD", + "PrivilegedMode": false, + "Type": "LINUX_CONTAINER" + }, + "ServiceRole": { + "Fn::GetAtt": [ + "MyProjectRole9BBE5233", + "Arn" + ] + }, + "Source": { + "BuildSpec": { + "Fn::Join": [ + "", + [ + "{\n \"version\": \"0.2\",\n \"phases\": {\n \"build\": {\n \"commands\": [\n \"echo \\\"Nothing to do!\\\"\"\n ]\n }\n },\n \"reports\": {\n \"", + { + "Fn::GetAtt": [ + "TestReportGroup1F49A500", + "Arn" + ] + }, + "\": {\n \"base-directory\": \"test-reports\",\n \"file-format\": \"JUNITXML\",\n \"files\": [\n \"**/*\"\n ]\n },\n \"", + { + "Fn::GetAtt": [ + "CoverageReportGroupE23151CF", + "Arn" + ] + }, + "\": {\n \"base-directory\": \"coverage\",\n \"file-format\": \"CLOVERXML\",\n \"files\": [\n \"clover.xml\"\n ]\n }\n }\n}" + ] + ] + }, + "Type": "NO_SOURCE" + }, + "Cache": { + "Type": "NO_CACHE" + }, + "EncryptionKey": "alias/aws/s3" + } + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-codebuild/test/report-group.integ.snapshot/cdk.out b/packages/@aws-cdk/aws-codebuild/test/report-group.integ.snapshot/cdk.out new file mode 100644 index 0000000000000..588d7b269d34f --- /dev/null +++ b/packages/@aws-cdk/aws-codebuild/test/report-group.integ.snapshot/cdk.out @@ -0,0 +1 @@ +{"version":"20.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-codebuild/test/report-group.integ.snapshot/integ.json b/packages/@aws-cdk/aws-codebuild/test/report-group.integ.snapshot/integ.json new file mode 100644 index 0000000000000..e54db9584709d --- /dev/null +++ b/packages/@aws-cdk/aws-codebuild/test/report-group.integ.snapshot/integ.json @@ -0,0 +1,11 @@ +{ + "version": "20.0.0", + "testCases": { + "ReportGroupIntegTest/DefaultTest": { + "stacks": [ + "aws-cdk-report-group" + ], + "assertionStack": "ReportGroupIntegTestDefaultTestDeployAssert57960C5A" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-codebuild/test/report-group.integ.snapshot/manifest.json b/packages/@aws-cdk/aws-codebuild/test/report-group.integ.snapshot/manifest.json new file mode 100644 index 0000000000000..4c731d0cd7073 --- /dev/null +++ b/packages/@aws-cdk/aws-codebuild/test/report-group.integ.snapshot/manifest.json @@ -0,0 +1,64 @@ +{ + "version": "20.0.0", + "artifacts": { + "Tree": { + "type": "cdk:tree", + "properties": { + "file": "tree.json" + } + }, + "aws-cdk-report-group": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "aws-cdk-report-group.template.json", + "validateOnSynth": false + }, + "metadata": { + "/aws-cdk-report-group/CoverageReportGroup/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "CoverageReportGroupE23151CF" + } + ], + "/aws-cdk-report-group/TestReportGroup/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "TestReportGroup1F49A500", + "trace": [ + "!!DESTRUCTIVE_CHANGES: WILL_REPLACE" + ] + } + ], + "/aws-cdk-report-group/MyProject/Role/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "MyProjectRole9BBE5233" + } + ], + "/aws-cdk-report-group/MyProject/Role/DefaultPolicy/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "MyProjectRoleDefaultPolicyB19B7C29" + } + ], + "/aws-cdk-report-group/MyProject/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "MyProject39F7B0AE" + } + ] + }, + "displayName": "aws-cdk-report-group" + }, + "ReportGroupIntegTestDefaultTestDeployAssert57960C5A": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "ReportGroupIntegTestDefaultTestDeployAssert57960C5A.template.json", + "validateOnSynth": false + }, + "displayName": "ReportGroupIntegTest/DefaultTest/DeployAssert" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-codebuild/test/report-group.integ.snapshot/tree.json b/packages/@aws-cdk/aws-codebuild/test/report-group.integ.snapshot/tree.json new file mode 100644 index 0000000000000..cc252f27f1b98 --- /dev/null +++ b/packages/@aws-cdk/aws-codebuild/test/report-group.integ.snapshot/tree.json @@ -0,0 +1,343 @@ +{ + "version": "tree-0.1", + "tree": { + "id": "App", + "path": "", + "children": { + "Tree": { + "id": "Tree", + "path": "Tree", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.1.71" + } + }, + "aws-cdk-report-group": { + "id": "aws-cdk-report-group", + "path": "aws-cdk-report-group", + "children": { + "CoverageReportGroup": { + "id": "CoverageReportGroup", + "path": "aws-cdk-report-group/CoverageReportGroup", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-report-group/CoverageReportGroup/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::CodeBuild::ReportGroup", + "aws:cdk:cloudformation:props": { + "exportConfig": { + "exportConfigType": "NO_EXPORT" + }, + "type": "CODE_COVERAGE" + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-codebuild.CfnReportGroup", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-codebuild.ReportGroup", + "version": "0.0.0" + } + }, + "TestReportGroup": { + "id": "TestReportGroup", + "path": "aws-cdk-report-group/TestReportGroup", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-report-group/TestReportGroup/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::CodeBuild::ReportGroup", + "aws:cdk:cloudformation:props": { + "exportConfig": { + "exportConfigType": "NO_EXPORT" + }, + "type": "TEST" + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-codebuild.CfnReportGroup", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-codebuild.ReportGroup", + "version": "0.0.0" + } + }, + "MyProject": { + "id": "MyProject", + "path": "aws-cdk-report-group/MyProject", + "children": { + "Role": { + "id": "Role", + "path": "aws-cdk-report-group/MyProject/Role", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-report-group/MyProject/Role/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "codebuild.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-iam.CfnRole", + "version": "0.0.0" + } + }, + "DefaultPolicy": { + "id": "DefaultPolicy", + "path": "aws-cdk-report-group/MyProject/Role/DefaultPolicy", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-report-group/MyProject/Role/DefaultPolicy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Policy", + "aws:cdk:cloudformation:props": { + "policyDocument": { + "Statement": [ + { + "Action": [ + "logs:CreateLogGroup", + "logs:CreateLogStream", + "logs:PutLogEvents" + ], + "Effect": "Allow", + "Resource": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":log-group:/aws/codebuild/", + { + "Ref": "MyProject39F7B0AE" + }, + ":*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":log-group:/aws/codebuild/", + { + "Ref": "MyProject39F7B0AE" + } + ] + ] + } + ] + }, + { + "Action": [ + "codebuild:BatchPutCodeCoverages", + "codebuild:CreateReport", + "codebuild:UpdateReport" + ], + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "CoverageReportGroupE23151CF", + "Arn" + ] + } + }, + { + "Action": [ + "codebuild:BatchPutTestCases", + "codebuild:CreateReport", + "codebuild:UpdateReport" + ], + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "TestReportGroup1F49A500", + "Arn" + ] + } + } + ], + "Version": "2012-10-17" + }, + "policyName": "MyProjectRoleDefaultPolicyB19B7C29", + "roles": [ + { + "Ref": "MyProjectRole9BBE5233" + } + ] + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-iam.CfnPolicy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-iam.Policy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-iam.Role", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "aws-cdk-report-group/MyProject/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::CodeBuild::Project", + "aws:cdk:cloudformation:props": { + "artifacts": { + "type": "NO_ARTIFACTS" + }, + "environment": { + "type": "LINUX_CONTAINER", + "image": "aws/codebuild/standard:1.0", + "imagePullCredentialsType": "CODEBUILD", + "privilegedMode": false, + "computeType": "BUILD_GENERAL1_SMALL" + }, + "serviceRole": { + "Fn::GetAtt": [ + "MyProjectRole9BBE5233", + "Arn" + ] + }, + "source": { + "type": "NO_SOURCE", + "buildSpec": { + "Fn::Join": [ + "", + [ + "{\n \"version\": \"0.2\",\n \"phases\": {\n \"build\": {\n \"commands\": [\n \"echo \\\"Nothing to do!\\\"\"\n ]\n }\n },\n \"reports\": {\n \"", + { + "Fn::GetAtt": [ + "TestReportGroup1F49A500", + "Arn" + ] + }, + "\": {\n \"base-directory\": \"test-reports\",\n \"file-format\": \"JUNITXML\",\n \"files\": [\n \"**/*\"\n ]\n },\n \"", + { + "Fn::GetAtt": [ + "CoverageReportGroupE23151CF", + "Arn" + ] + }, + "\": {\n \"base-directory\": \"coverage\",\n \"file-format\": \"CLOVERXML\",\n \"files\": [\n \"clover.xml\"\n ]\n }\n }\n}" + ] + ] + } + }, + "cache": { + "type": "NO_CACHE" + }, + "encryptionKey": "alias/aws/s3" + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-codebuild.CfnProject", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-codebuild.Project", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/core.Stack", + "version": "0.0.0" + } + }, + "ReportGroupIntegTest": { + "id": "ReportGroupIntegTest", + "path": "ReportGroupIntegTest", + "children": { + "DefaultTest": { + "id": "DefaultTest", + "path": "ReportGroupIntegTest/DefaultTest", + "children": { + "Default": { + "id": "Default", + "path": "ReportGroupIntegTest/DefaultTest/Default", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.1.71" + } + }, + "DeployAssert": { + "id": "DeployAssert", + "path": "ReportGroupIntegTest/DefaultTest/DeployAssert", + "constructInfo": { + "fqn": "@aws-cdk/core.Stack", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests.IntegTestCase", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests.IntegTest", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/core.App", + "version": "0.0.0" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-codebuild/test/report-group.test.ts b/packages/@aws-cdk/aws-codebuild/test/report-group.test.ts index 5431c921cc762..24d8005af64a4 100644 --- a/packages/@aws-cdk/aws-codebuild/test/report-group.test.ts +++ b/packages/@aws-cdk/aws-codebuild/test/report-group.test.ts @@ -206,4 +206,40 @@ describe('Test Reports Groups', () => { }, }); }); + + test('has policy for type test when type is not defined', () => { + const stack = new cdk.Stack(); + + const reportGroup = new codebuild.ReportGroup(stack, 'ReportGroup'); + + const project = new codebuild.Project(stack, 'TestProject', { + buildSpec: { + toBuildSpec: () => '', + isImmediate: true, + }, + }); + reportGroup.grantWrite(project); + + Template.fromStack(stack).hasResourceProperties('AWS::IAM::Policy', { + PolicyDocument: { + Statement: Match.arrayWith([ + { + Action: [ + "codebuild:CreateReport", + "codebuild:UpdateReport", + "codebuild:BatchPutTestCases", + ], + Effect: "Allow", + Resource: { + "Fn::GetAtt": [ + "ReportGroup8A84C76D", + "Arn", + ], + }, + }, + ]), + Version: "2012-10-17", + }, + }); + }); });