-
Notifications
You must be signed in to change notification settings - Fork 4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(s3-deployment): control object access #15730
Changes from all commits
c3b5d0e
c72c6d3
411597f
a671778
01921a9
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,2 +1,32 @@ | ||
AWS Cloud Development Kit (AWS CDK) | ||
Copyright 2018-2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. | ||
|
||
------------------------------------------------------------------------------- | ||
|
||
The AWS CDK includes the following third-party software/licensing: | ||
|
||
** case - https://www.npmjs.com/package/case | ||
Copyright (c) 2013 Nathan Bubna | ||
|
||
Permission is hereby granted, free of charge, to any person | ||
obtaining a copy of this software and associated documentation | ||
files (the "Software"), to deal in the Software without | ||
restriction, including without limitation the rights to use, | ||
copy, modify, merge, publish, distribute, sublicense, and/or sell | ||
copies of the Software, and to permit persons to whom the | ||
Software is furnished to do so, subject to the following | ||
conditions: | ||
|
||
The above copyright notice and this permission notice shall be | ||
included in all copies or substantial portions of the Software. | ||
|
||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, | ||
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES | ||
OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND | ||
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT | ||
HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, | ||
WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING | ||
FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR | ||
OTHER DEALINGS IN THE SOFTWARE. | ||
|
||
---------------- |
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -325,6 +325,7 @@ test('system metadata is correctly transformed', () => { | |
websiteRedirectLocation: 'example', | ||
cacheControl: [s3deploy.CacheControl.setPublic(), s3deploy.CacheControl.maxAge(cdk.Duration.hours(1))], | ||
expires: expiration, | ||
accessControl: s3.BucketAccessControl.BUCKET_OWNER_FULL_CONTROL, | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. can you add a separate test case for each type of There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I have added the test. |
||
}); | ||
|
||
// THEN | ||
|
@@ -340,10 +341,47 @@ test('system metadata is correctly transformed', () => { | |
'expires': expiration.date.toUTCString(), | ||
'sse-c-copy-source': 'rot13', | ||
'website-redirect': 'example', | ||
'acl': 'bucket-owner-full-control', | ||
}, | ||
}); | ||
}); | ||
|
||
// type checking structure that forces to update it if BucketAccessControl changes | ||
// see `--acl` here: https://docs.aws.amazon.com/cli/latest/reference/s3/sync.html | ||
const accessControlMap: Record<s3.BucketAccessControl, string> = { | ||
[s3.BucketAccessControl.PRIVATE]: 'private', | ||
[s3.BucketAccessControl.PUBLIC_READ]: 'public-read', | ||
[s3.BucketAccessControl.PUBLIC_READ_WRITE]: 'public-read-write', | ||
[s3.BucketAccessControl.AUTHENTICATED_READ]: 'authenticated-read', | ||
[s3.BucketAccessControl.AWS_EXEC_READ]: 'aws-exec-read', | ||
[s3.BucketAccessControl.BUCKET_OWNER_READ]: 'bucket-owner-read', | ||
[s3.BucketAccessControl.BUCKET_OWNER_FULL_CONTROL]: 'bucket-owner-full-control', | ||
[s3.BucketAccessControl.LOG_DELIVERY_WRITE]: 'log-delivery-write', | ||
}; | ||
|
||
test.each(Object.entries(accessControlMap) as [s3.BucketAccessControl, string][])( | ||
'system metadata acl %s is correctly transformed', | ||
(accessControl, systemMetadataKeyword) => { | ||
// GIVEN | ||
const stack = new cdk.Stack(); | ||
const bucket = new s3.Bucket(stack, 'Dest'); | ||
|
||
// WHEN | ||
new s3deploy.BucketDeployment(stack, 'Deploy', { | ||
sources: [s3deploy.Source.asset(path.join(__dirname, 'my-website.zip'))], | ||
destinationBucket: bucket, | ||
accessControl: accessControl, | ||
}); | ||
|
||
// THEN | ||
expect(stack).toHaveResource('Custom::CDKBucketDeployment', { | ||
SystemMetadata: { | ||
acl: systemMetadataKeyword, | ||
}, | ||
}); | ||
}, | ||
); | ||
|
||
test('expires type has correct values', () => { | ||
expect(cdk.Expiration.atDate(new Date('Sun, 26 Jan 2020 00:53:20 GMT')).date.toUTCString()).toEqual('Sun, 26 Jan 2020 00:53:20 GMT'); | ||
expect(cdk.Expiration.atTimestamp(1580000000000).date.toUTCString()).toEqual('Sun, 26 Jan 2020 00:53:20 GMT'); | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We usually like to add a couple of sentences on what this feature, when it should be used and any caveats.
Some require a separate section but most just a couple of sentences.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
So
accessControl
is one of system metadata properties likeserverSideEncryption
and etc. It seems like there is no additional information provided for other system metadata properties here. I have added a note about how system metadata maps toaws s3 sync
arguments and where additional information can be obtained.