Skip to content

Commit

Permalink
Fix PR based on feedback
Browse files Browse the repository at this point in the history
  • Loading branch information
sormy committed Jul 30, 2021
1 parent c3b5d0e commit c72c6d3
Show file tree
Hide file tree
Showing 3 changed files with 53 additions and 16 deletions.
29 changes: 16 additions & 13 deletions packages/@aws-cdk/aws-s3-deployment/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -147,18 +147,21 @@ User-defined metadata are not used by S3 and keys always begin with `x-amz-meta-

System defined metadata keys include the following:

- cache-control
- content-disposition
- content-encoding
- content-language
- content-type
- expires
- server-side-encryption
- storage-class
- website-redirect-location
- sse-kms-key-id
- sse-customer-algorithm
- acl
- cache-control (`--cache-control` in `aws s3 sync`)
- content-disposition (`--content-disposition` in `aws s3 sync`)
- content-encoding (`--content-encoding` in `aws s3 sync`)
- content-language (`--content-language` in `aws s3 sync`)
- content-type (`--content-type` in `aws s3 sync`)
- expires (`--expires` in `aws s3 sync`)
- server-side-encryption (`--sse` in `aws s3 sync`)
- storage-class (`--storage-class` in `aws s3 sync`)
- website-redirect-location (`--website-redirect` in `aws s3 sync`)
- sse-kms-key-id (`--sse-kms-key-id` in `aws s3 sync`)
- sse-customer-algorithm (`--sse-c-copy-source` in `aws s3 sync`)
- acl (`--acl` in `aws s3 sync`)

You can find more information about system defined metadata keys in [`aws s3 sync`
documentation](https://docs.aws.amazon.com/cli/latest/reference/s3/sync.html).

```ts
const websiteBucket = new s3.Bucket(this, 'WebsiteBucket', {
Expand Down Expand Up @@ -232,7 +235,7 @@ size of the AWS Lambda resource handler.
## Development

The custom resource is implemented in Python 3.6 in order to be able to leverage
the AWS CLI for "aws sync". The code is under [`lib/lambda`](https://github.com/aws/aws-cdk/tree/master/packages/%40aws-cdk/aws-s3-deployment/lib/lambda) and
the AWS CLI for "aws s3 sync". The code is under [`lib/lambda`](https://github.com/aws/aws-cdk/tree/master/packages/%40aws-cdk/aws-s3-deployment/lib/lambda) and
unit tests are under [`test/lambda`](https://github.com/aws/aws-cdk/tree/master/packages/%40aws-cdk/aws-s3-deployment/test/lambda).

This package requires Python 3.6 during build time in order to create the custom
Expand Down
4 changes: 1 addition & 3 deletions packages/@aws-cdk/aws-s3-deployment/lib/bucket-deployment.ts
Original file line number Diff line number Diff line change
Expand Up @@ -165,10 +165,8 @@ export interface BucketDeploymentProps {
* @see https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html#sse-c-how-to-programmatically-intro
*/
readonly serverSideEncryptionCustomerAlgorithm?: string;

/**
* Sets the ACL for the object when the command is performed.
* If you use this parameter you must have the "s3:PutObjectAcl" permission included in the list of actions for your IAM policy.
* System-defined x-amz-acl metadata to be set on all objects in the deployment.
* @default - Not set.
* @see https://docs.aws.amazon.com/AmazonS3/latest/userguide/acl-overview.html#canned-acl
*/
Expand Down
36 changes: 36 additions & 0 deletions packages/@aws-cdk/aws-s3-deployment/test/bucket-deployment.test.ts
Original file line number Diff line number Diff line change
Expand Up @@ -346,6 +346,42 @@ test('system metadata is correctly transformed', () => {
});
});

// type checking structure that forces to update it if BucketAccessControl changes
// see `--acl` here: https://docs.aws.amazon.com/cli/latest/reference/s3/sync.html
const accessControlMap: Record<s3.BucketAccessControl, string> = {
[s3.BucketAccessControl.PRIVATE]: "private",
[s3.BucketAccessControl.PUBLIC_READ]: "public-read",
[s3.BucketAccessControl.PUBLIC_READ_WRITE]: "public-read-write",
[s3.BucketAccessControl.AUTHENTICATED_READ]: "authenticated-read",
[s3.BucketAccessControl.AWS_EXEC_READ]: "aws-exec-read",
[s3.BucketAccessControl.BUCKET_OWNER_READ]: "bucket-owner-read",
[s3.BucketAccessControl.BUCKET_OWNER_FULL_CONTROL]: "bucket-owner-full-control",
[s3.BucketAccessControl.LOG_DELIVERY_WRITE]: "log-delivery-write"
};

test.each(Object.entries(accessControlMap) as [s3.BucketAccessControl, string][])(
'system metadata acl %s is correctly transformed',
(accessControl, systemMetadataKeyword) => {
// GIVEN
const stack = new cdk.Stack();
const bucket = new s3.Bucket(stack, 'Dest');

// WHEN
new s3deploy.BucketDeployment(stack, 'Deploy', {
sources: [s3deploy.Source.asset(path.join(__dirname, 'my-website.zip'))],
destinationBucket: bucket,
accessControl: accessControl,
});

// THEN
expect(stack).toHaveResource('Custom::CDKBucketDeployment', {
SystemMetadata: {
'acl': systemMetadataKeyword,
},
});
}
);

test('expires type has correct values', () => {
expect(cdk.Expiration.atDate(new Date('Sun, 26 Jan 2020 00:53:20 GMT')).date.toUTCString()).toEqual('Sun, 26 Jan 2020 00:53:20 GMT');
expect(cdk.Expiration.atTimestamp(1580000000000).date.toUTCString()).toEqual('Sun, 26 Jan 2020 00:53:20 GMT');
Expand Down

0 comments on commit c72c6d3

Please sign in to comment.