From fe41b805a502164dc4c250da2dcfb6cdabe6d2c5 Mon Sep 17 00:00:00 2001 From: Berend de Boer Date: Tue, 12 Oct 2021 11:30:29 +1300 Subject: [PATCH 1/8] fix: enforce that fromBucketAttributes supplies a valid bucket name --- packages/@aws-cdk/aws-s3/lib/bucket.ts | 90 +++++++++++--------- packages/@aws-cdk/aws-s3/test/bucket.test.ts | 26 ++++-- 2 files changed, 65 insertions(+), 51 deletions(-) diff --git a/packages/@aws-cdk/aws-s3/lib/bucket.ts b/packages/@aws-cdk/aws-s3/lib/bucket.ts index d9065d0719c72..d5de1bbf93e51 100644 --- a/packages/@aws-cdk/aws-s3/lib/bucket.ts +++ b/packages/@aws-cdk/aws-s3/lib/bucket.ts @@ -1392,6 +1392,7 @@ export class Bucket extends BucketBase { if (!bucketName) { throw new Error('Bucket name is required'); } + Bucket.validateBucketName(bucketName); const newUrlFormat = attrs.bucketWebsiteNewUrlFormat === undefined ? false @@ -1430,6 +1431,52 @@ export class Bucket extends BucketBase { }); } + /** + * Thrown an exception if the given bucket name is not valid. + * + * @param physicalName name of the bucket. + */ + public static validateBucketName(physicalName: string): void { + const bucketName = physicalName; + if (!bucketName || Token.isUnresolved(bucketName)) { + // the name is a late-bound value, not a defined string, + // so skip validation + return; + } + + const errors: string[] = []; + + // Rules codified from https://docs.aws.amazon.com/AmazonS3/latest/dev/BucketRestrictions.html + if (bucketName.length < 3 || bucketName.length > 63) { + errors.push('Bucket name must be at least 3 and no more than 63 characters'); + } + const charsetMatch = bucketName.match(/[^a-z0-9.-]/); + if (charsetMatch) { + errors.push('Bucket name must only contain lowercase characters and the symbols, period (.) and dash (-) ' + + `(offset: ${charsetMatch.index})`); + } + if (!/[a-z0-9]/.test(bucketName.charAt(0))) { + errors.push('Bucket name must start and end with a lowercase character or number ' + + '(offset: 0)'); + } + if (!/[a-z0-9]/.test(bucketName.charAt(bucketName.length - 1))) { + errors.push('Bucket name must start and end with a lowercase character or number ' + + `(offset: ${bucketName.length - 1})`); + } + const consecSymbolMatch = bucketName.match(/\.-|-\.|\.\./); + if (consecSymbolMatch) { + errors.push('Bucket name must not have dash next to period, or period next to dash, or consecutive periods ' + + `(offset: ${consecSymbolMatch.index})`); + } + if (/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/.test(bucketName)) { + errors.push('Bucket name must not resemble an IP address'); + } + + if (errors.length > 0) { + throw new Error(`Invalid S3 bucket name (value: ${bucketName})${EOL}${errors.join(EOL)}`); + } + } + public readonly bucketArn: string; public readonly bucketName: string; public readonly bucketDomainName: string; @@ -1458,7 +1505,7 @@ export class Bucket extends BucketBase { const { bucketEncryption, encryptionKey } = this.parseEncryption(props); - this.validateBucketName(this.physicalName); + Bucket.validateBucketName(this.physicalName); const websiteConfiguration = this.renderWebsiteConfiguration(props); this.isWebsite = (websiteConfiguration !== undefined); @@ -1596,47 +1643,6 @@ export class Bucket extends BucketBase { this.addToResourcePolicy(statement); } - private validateBucketName(physicalName: string): void { - const bucketName = physicalName; - if (!bucketName || Token.isUnresolved(bucketName)) { - // the name is a late-bound value, not a defined string, - // so skip validation - return; - } - - const errors: string[] = []; - - // Rules codified from https://docs.aws.amazon.com/AmazonS3/latest/dev/BucketRestrictions.html - if (bucketName.length < 3 || bucketName.length > 63) { - errors.push('Bucket name must be at least 3 and no more than 63 characters'); - } - const charsetMatch = bucketName.match(/[^a-z0-9.-]/); - if (charsetMatch) { - errors.push('Bucket name must only contain lowercase characters and the symbols, period (.) and dash (-) ' - + `(offset: ${charsetMatch.index})`); - } - if (!/[a-z0-9]/.test(bucketName.charAt(0))) { - errors.push('Bucket name must start and end with a lowercase character or number ' - + '(offset: 0)'); - } - if (!/[a-z0-9]/.test(bucketName.charAt(bucketName.length - 1))) { - errors.push('Bucket name must start and end with a lowercase character or number ' - + `(offset: ${bucketName.length - 1})`); - } - const consecSymbolMatch = bucketName.match(/\.-|-\.|\.\./); - if (consecSymbolMatch) { - errors.push('Bucket name must not have dash next to period, or period next to dash, or consecutive periods ' - + `(offset: ${consecSymbolMatch.index})`); - } - if (/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/.test(bucketName)) { - errors.push('Bucket name must not resemble an IP address'); - } - - if (errors.length > 0) { - throw new Error(`Invalid S3 bucket name (value: ${bucketName})${EOL}${errors.join(EOL)}`); - } - } - /** * Set up key properties and return the Bucket encryption property from the * user's configuration. diff --git a/packages/@aws-cdk/aws-s3/test/bucket.test.ts b/packages/@aws-cdk/aws-s3/test/bucket.test.ts index 3ef166722c1b6..67d263aa60ea5 100644 --- a/packages/@aws-cdk/aws-s3/test/bucket.test.ts +++ b/packages/@aws-cdk/aws-s3/test/bucket.test.ts @@ -3,9 +3,9 @@ import { EOL } from 'os'; import { ResourcePart, SynthUtils, arrayWith, objectLike } from '@aws-cdk/assert-internal'; import * as iam from '@aws-cdk/aws-iam'; import * as kms from '@aws-cdk/aws-kms'; +import { testFutureBehavior, testLegacyBehavior } from '@aws-cdk/cdk-build-tools/lib/feature-flag'; import * as cdk from '@aws-cdk/core'; import * as cxapi from '@aws-cdk/cx-api'; -import { testFutureBehavior, testLegacyBehavior } from '@aws-cdk/cdk-build-tools/lib/feature-flag'; import * as s3 from '../lib'; // to make it easy to copy & paste from output: @@ -103,8 +103,6 @@ describe('bucket', () => { expect(() => new s3.Bucket(stack, 'MyBucket2', { bucketName: '124.pp--33', })).not.toThrow(); - - }); test('bucket validation skips tokenized values', () => { @@ -746,14 +744,24 @@ describe('bucket', () => { }); const bucket = s3.Bucket.fromBucketAttributes(stack, 'ImportedBucket', { - bucketName: 'myBucket', + bucketName: 'mybucket', region: 'eu-west-1', }); - expect(bucket.bucketRegionalDomainName).toEqual(`myBucket.s3.eu-west-1.${stack.urlSuffix}`); - expect(bucket.bucketWebsiteDomainName).toEqual(`myBucket.s3-website-eu-west-1.${stack.urlSuffix}`); + expect(bucket.bucketRegionalDomainName).toEqual(`mybucket.s3.eu-west-1.${stack.urlSuffix}`); + expect(bucket.bucketWebsiteDomainName).toEqual(`mybucket.s3-website-eu-west-1.${stack.urlSuffix}`); + + }); + + test('import needs to specify a valid bucket name', () => { + const stack = new cdk.Stack(undefined, undefined, { + env: { region: 'us-east-1' }, + }); + expect(() => s3.Bucket.fromBucketAttributes(stack, 'MyBucket3', { + bucketName: 'arn:aws:s3:::example-com', + })).toThrow(); }); }); @@ -2129,11 +2137,11 @@ describe('bucket', () => { const stack = new cdk.Stack(); // WHEN - const bucket = s3.Bucket.fromBucketArn(stack, 'my-bucket', 'arn:aws:s3:::my_corporate_bucket'); + const bucket = s3.Bucket.fromBucketArn(stack, 'my-bucket', 'arn:aws:s3:::my-corporate-bucket'); // THEN - expect(bucket.bucketName).toEqual('my_corporate_bucket'); - expect(bucket.bucketArn).toEqual('arn:aws:s3:::my_corporate_bucket'); + expect(bucket.bucketName).toEqual('my-corporate-bucket'); + expect(bucket.bucketArn).toEqual('arn:aws:s3:::my-corporate-bucket'); }); From 7f5e52d009550e3ddbc13a9ce87cd42e2b45ffd9 Mon Sep 17 00:00:00 2001 From: Berend de Boer Date: Fri, 15 Oct 2021 20:39:41 +1300 Subject: [PATCH 2/8] test: use valid bucket names --- packages/@aws-cdk/aws-ec2/test/cfn-init-element.test.ts | 4 ++-- packages/@aws-cdk/aws-ec2/test/cfn-init.test.ts | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/packages/@aws-cdk/aws-ec2/test/cfn-init-element.test.ts b/packages/@aws-cdk/aws-ec2/test/cfn-init-element.test.ts index 75896912f3661..8f1c4951d2bf3 100644 --- a/packages/@aws-cdk/aws-ec2/test/cfn-init-element.test.ts +++ b/packages/@aws-cdk/aws-ec2/test/cfn-init-element.test.ts @@ -664,7 +664,7 @@ describe('InitSource', () => { test('fromS3Object uses object URL', () => { // GIVEN - const bucket = s3.Bucket.fromBucketName(stack, 'bucket', 'MyBucket'); + const bucket = s3.Bucket.fromBucketName(stack, 'bucket', 'mybucket'); const source = ec2.InitSource.fromS3Object('/tmp/foo', bucket, 'myKey'); // WHEN @@ -672,7 +672,7 @@ describe('InitSource', () => { // THEN expect(rendered).toEqual({ - '/tmp/foo': expect.stringContaining('/MyBucket/myKey'), + '/tmp/foo': expect.stringContaining('/mybucket/myKey'), }); }); diff --git a/packages/@aws-cdk/aws-ec2/test/cfn-init.test.ts b/packages/@aws-cdk/aws-ec2/test/cfn-init.test.ts index 37d4fe2d72d28..2a9cce5e76719 100644 --- a/packages/@aws-cdk/aws-ec2/test/cfn-init.test.ts +++ b/packages/@aws-cdk/aws-ec2/test/cfn-init.test.ts @@ -667,7 +667,7 @@ class SingletonLocationSythesizer extends DefaultStackSynthesizer { public addFileAsset(_asset: FileAssetSource): FileAssetLocation { const httpUrl = 'https://MyBucket.s3.amazonaws.com/MyAsset'; return { - bucketName: 'MyAssetBucket', + bucketName: 'myassetbucket', objectKey: 'MyAssetFile', httpUrl, s3ObjectUrl: httpUrl, From 95493181937cd7d0596c3addb4010d9fa1ff3972 Mon Sep 17 00:00:00 2001 From: Berend de Boer Date: Sat, 16 Oct 2021 09:17:22 +1300 Subject: [PATCH 3/8] test: use valid bucket names --- packages/@aws-cdk/aws-glue/test/code.test.ts | 8 +++--- .../aws-glue/test/job-executable.test.ts | 2 +- packages/@aws-cdk/aws-glue/test/job.test.ts | 28 +++++++++---------- 3 files changed, 19 insertions(+), 19 deletions(-) diff --git a/packages/@aws-cdk/aws-glue/test/code.test.ts b/packages/@aws-cdk/aws-glue/test/code.test.ts index 061f6d26c351f..8049bc1b29c6a 100644 --- a/packages/@aws-cdk/aws-glue/test/code.test.ts +++ b/packages/@aws-cdk/aws-glue/test/code.test.ts @@ -17,7 +17,7 @@ describe('Code', () => { let bucket: s3.IBucket; test('with valid bucket name and key and bound by job sets the right path and grants the job permissions to read from it', () => { - bucket = s3.Bucket.fromBucketName(stack, 'Bucket', 'bucketName'); + bucket = s3.Bucket.fromBucketName(stack, 'Bucket', 'bucketname'); script = glue.Code.fromBucket(bucket, key); new glue.Job(stack, 'Job1', { executable: glue.JobExecutable.pythonShell({ @@ -29,7 +29,7 @@ describe('Code', () => { Template.fromStack(stack).hasResourceProperties('AWS::Glue::Job', { Command: { - ScriptLocation: 's3://bucketName/script', + ScriptLocation: 's3://bucketname/script', }, }); @@ -53,7 +53,7 @@ describe('Code', () => { { Ref: 'AWS::Partition', }, - ':s3:::bucketName', + ':s3:::bucketname', ], ], }, @@ -65,7 +65,7 @@ describe('Code', () => { { Ref: 'AWS::Partition', }, - ':s3:::bucketName/script', + ':s3:::bucketname/script', ], ], }, diff --git a/packages/@aws-cdk/aws-glue/test/job-executable.test.ts b/packages/@aws-cdk/aws-glue/test/job-executable.test.ts index 481bd16dc8944..5fcf3b1487764 100644 --- a/packages/@aws-cdk/aws-glue/test/job-executable.test.ts +++ b/packages/@aws-cdk/aws-glue/test/job-executable.test.ts @@ -31,7 +31,7 @@ describe('JobExecutable', () => { beforeEach(() => { stack = new cdk.Stack(); - bucket = s3.Bucket.fromBucketName(stack, 'Bucket', 'bucketName'); + bucket = s3.Bucket.fromBucketName(stack, 'Bucket', 'bucketname'); script = glue.Code.fromBucket(bucket, 'script.py'); }); diff --git a/packages/@aws-cdk/aws-glue/test/job.test.ts b/packages/@aws-cdk/aws-glue/test/job.test.ts index 625e4743570fd..c338b4d09cb42 100644 --- a/packages/@aws-cdk/aws-glue/test/job.test.ts +++ b/packages/@aws-cdk/aws-glue/test/job.test.ts @@ -55,7 +55,7 @@ describe('Job', () => { describe('new', () => { const className = 'com.amazon.test.ClassName'; - const codeBucketName = 'bucketName'; + const codeBucketName = 'bucketname'; const codeBucketAccessStatement = { Action: [ 's3:GetObject*', @@ -166,7 +166,7 @@ describe('Job', () => { Template.fromStack(stack).hasResourceProperties('AWS::Glue::Job', { Command: { Name: 'glueetl', - ScriptLocation: 's3://bucketName/script', + ScriptLocation: 's3://bucketname/script', }, Role: { 'Fn::GetAtt': [ @@ -383,7 +383,7 @@ describe('Job', () => { }); describe('with bucket provided', () => { - const sparkUIBucketName = 'sparkBucketName'; + const sparkUIBucketName = 'sparkbucketname'; let sparkUIBucket: s3.IBucket; beforeEach(() => { @@ -420,7 +420,7 @@ describe('Job', () => { { Ref: 'AWS::Partition', }, - ':s3:::sparkBucketName', + ':s3:::sparkbucketname', ], ], }, @@ -432,7 +432,7 @@ describe('Job', () => { { Ref: 'AWS::Partition', }, - ':s3:::sparkBucketName/*', + ':s3:::sparkbucketname/*', ], ], }, @@ -460,7 +460,7 @@ describe('Job', () => { }); describe('with bucket and path provided', () => { - const sparkUIBucketName = 'sparkBucketName'; + const sparkUIBucketName = 'sparkbucketname'; const prefix = 'some/path/'; let sparkUIBucket: s3.IBucket; @@ -516,7 +516,7 @@ describe('Job', () => { Template.fromStack(stack).hasResourceProperties('AWS::Glue::Job', { Command: { Name: 'glueetl', - ScriptLocation: 's3://bucketName/script', + ScriptLocation: 's3://bucketname/script', }, Role: { 'Fn::GetAtt': [ @@ -614,7 +614,7 @@ describe('Job', () => { GlueVersion: '2.0', Command: { Name: 'glueetl', - ScriptLocation: 's3://bucketName/script', + ScriptLocation: 's3://bucketname/script', PythonVersion: '3', }, Role: { @@ -625,9 +625,9 @@ describe('Job', () => { }, DefaultArguments: { '--job-language': 'python', - '--extra-jars': 's3://bucketName/file1.jar,s3://bucketName/file2.jar', - '--extra-py-files': 's3://bucketName/file1.py,s3://bucketName/file2.py', - '--extra-files': 's3://bucketName/file1.txt,s3://bucketName/file2.txt', + '--extra-jars': 's3://bucketname/file1.jar,s3://bucketname/file2.jar', + '--extra-py-files': 's3://bucketname/file1.py,s3://bucketname/file2.py', + '--extra-files': 's3://bucketname/file1.txt,s3://bucketname/file2.txt', '--user-jars-first': 'true', }, }); @@ -649,7 +649,7 @@ describe('Job', () => { GlueVersion: '2.0', Command: { Name: 'gluestreaming', - ScriptLocation: 's3://bucketName/script', + ScriptLocation: 's3://bucketname/script', }, Role: { 'Fn::GetAtt': [ @@ -660,8 +660,8 @@ describe('Job', () => { DefaultArguments: { '--job-language': 'scala', '--class': 'com.amazon.test.ClassName', - '--extra-jars': 's3://bucketName/file1.jar,s3://bucketName/file2.jar', - '--extra-files': 's3://bucketName/file1.txt,s3://bucketName/file2.txt', + '--extra-jars': 's3://bucketname/file1.jar,s3://bucketname/file2.jar', + '--extra-files': 's3://bucketname/file1.txt,s3://bucketname/file2.txt', '--user-jars-first': 'true', }, }); From 977e13437300707364639f4b689cf898c7fe1ea2 Mon Sep 17 00:00:00 2001 From: Berend de Boer Date: Sat, 16 Oct 2021 11:19:35 +1300 Subject: [PATCH 4/8] fix: use valid bucket names --- .../test/notifications.test.ts | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/packages/@aws-cdk/aws-s3-notifications/test/notifications.test.ts b/packages/@aws-cdk/aws-s3-notifications/test/notifications.test.ts index 43922fb54cc5d..2bfe968f99279 100644 --- a/packages/@aws-cdk/aws-s3-notifications/test/notifications.test.ts +++ b/packages/@aws-cdk/aws-s3-notifications/test/notifications.test.ts @@ -336,7 +336,7 @@ describe('CloudWatch Events', () => { test('onCloudTrailPutObject contains the Bucket ARN itself when path is undefined', () => { const stack = new cdk.Stack(); const bucket = s3.Bucket.fromBucketAttributes(stack, 'Bucket', { - bucketName: 'MyBucket', + bucketName: 'mybucket', }); bucket.onCloudTrailPutObject('PutRule', { target: { @@ -363,7 +363,7 @@ describe('CloudWatch Events', () => { { 'Ref': 'AWS::Partition', }, - ':s3:::MyBucket', + ':s3:::mybucket', ], ], }, @@ -378,7 +378,7 @@ describe('CloudWatch Events', () => { test("onCloudTrailPutObject contains the path when it's provided", () => { const stack = new cdk.Stack(); const bucket = s3.Bucket.fromBucketAttributes(stack, 'Bucket', { - bucketName: 'MyBucket', + bucketName: 'mybucket', }); bucket.onCloudTrailPutObject('PutRule', { target: { @@ -406,7 +406,7 @@ describe('CloudWatch Events', () => { { 'Ref': 'AWS::Partition', }, - ':s3:::MyBucket/my/path.zip', + ':s3:::mybucket/my/path.zip', ], ], }, @@ -421,7 +421,7 @@ describe('CloudWatch Events', () => { test('onCloudTrailWriteObject matches on events CompleteMultipartUpload, CopyObject, and PutObject', () => { const stack = new cdk.Stack(); const bucket = s3.Bucket.fromBucketAttributes(stack, 'Bucket', { - bucketName: 'MyBucket', + bucketName: 'mybucket', }); bucket.onCloudTrailWriteObject('OnCloudTrailWriteObjectRule', { target: { @@ -449,7 +449,7 @@ describe('CloudWatch Events', () => { test('onCloudTrailWriteObject matches on the requestParameter bucketName when the path is not provided', () => { const stack = new cdk.Stack(); const bucket = s3.Bucket.fromBucketAttributes(stack, 'Bucket', { - bucketName: 'MyBucket', + bucketName: 'mybucket', }); bucket.onCloudTrailWriteObject('OnCloudTrailWriteObjectRule', { target: { @@ -476,7 +476,7 @@ describe('CloudWatch Events', () => { test('onCloudTrailWriteObject matches on the requestParameters bucketName and key when the path is provided', () => { const stack = new cdk.Stack(); const bucket = s3.Bucket.fromBucketAttributes(stack, 'Bucket', { - bucketName: 'MyBucket', + bucketName: 'mybucket', }); bucket.onCloudTrailWriteObject('OnCloudTrailWriteObjectRule', { target: { From 361abb65cdd99c96af8ecf2415e18b14e72ca88d Mon Sep 17 00:00:00 2001 From: Berend de Boer Date: Wed, 3 Nov 2021 12:15:57 +1300 Subject: [PATCH 5/8] test: give cloudtrail test a valid bucket name --- packages/@aws-cdk/aws-cloudtrail/test/cloudtrail.test.ts | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/@aws-cdk/aws-cloudtrail/test/cloudtrail.test.ts b/packages/@aws-cdk/aws-cloudtrail/test/cloudtrail.test.ts index 9e17345368785..e3db2b36ba0fd 100644 --- a/packages/@aws-cdk/aws-cloudtrail/test/cloudtrail.test.ts +++ b/packages/@aws-cdk/aws-cloudtrail/test/cloudtrail.test.ts @@ -131,13 +131,13 @@ describe('cloudtrail', () => { test('with imported s3 bucket', () => { // GIVEN const stack = getTestStack(); - const bucket = s3.Bucket.fromBucketName(stack, 'S3', 'SomeBucket'); + const bucket = s3.Bucket.fromBucketName(stack, 'S3', 'somebucket'); // WHEN new Trail(stack, 'Trail', { bucket }); expect(stack).toHaveResource('AWS::CloudTrail::Trail', { - S3BucketName: 'SomeBucket', + S3BucketName: 'somebucket', }); }); From b054b32c31137af341729d3b9d4c914cfe786bd7 Mon Sep 17 00:00:00 2001 From: Berend de Boer Date: Wed, 3 Nov 2021 13:12:31 +1300 Subject: [PATCH 6/8] test(aws-codebuild): use a valid bucket name --- packages/@aws-cdk/aws-codebuild/test/project.test.ts | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/packages/@aws-cdk/aws-codebuild/test/project.test.ts b/packages/@aws-cdk/aws-codebuild/test/project.test.ts index 08fbe3e8f8768..0041d1651ec9d 100644 --- a/packages/@aws-cdk/aws-codebuild/test/project.test.ts +++ b/packages/@aws-cdk/aws-codebuild/test/project.test.ts @@ -673,7 +673,7 @@ describe('Environment', () => { test('logs config - s3', () => { // GIVEN const stack = new cdk.Stack(); - const bucket = s3.Bucket.fromBucketName(stack, 'LogBucket', 'MyBucketName'); + const bucket = s3.Bucket.fromBucketName(stack, 'LogBucket', 'mybucketname'); // WHEN new codebuild.Project(stack, 'Project', { @@ -693,7 +693,7 @@ describe('Environment', () => { expect(stack).toHaveResourceLike('AWS::CodeBuild::Project', { LogsConfig: objectLike({ S3Logs: { - Location: 'MyBucketName/my-logs', + Location: 'mybucketname/my-logs', Status: 'ENABLED', }, }), @@ -703,7 +703,7 @@ describe('Environment', () => { test('logs config - cloudWatch and s3', () => { // GIVEN const stack = new cdk.Stack(); - const bucket = s3.Bucket.fromBucketName(stack, 'LogBucket2', 'MyBucketName'); + const bucket = s3.Bucket.fromBucketName(stack, 'LogBucket2', 'mybucketname'); const logGroup = logs.LogGroup.fromLogGroupName(stack, 'LogGroup2', 'MyLogGroupName'); // WHEN @@ -730,7 +730,7 @@ describe('Environment', () => { Status: 'ENABLED', }, S3Logs: { - Location: 'MyBucketName', + Location: 'mybucketname', Status: 'ENABLED', }, }), From 3727e7d9bb163bd4a29b98cf602b5286a0a5c610 Mon Sep 17 00:00:00 2001 From: Berend de Boer Date: Thu, 4 Nov 2021 08:36:17 +1300 Subject: [PATCH 7/8] test: use valid bucket name --- packages/@aws-cdk/aws-apigateway/test/domains.test.ts | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/packages/@aws-cdk/aws-apigateway/test/domains.test.ts b/packages/@aws-cdk/aws-apigateway/test/domains.test.ts index 7ad0f4224d70b..7b8817df48853 100644 --- a/packages/@aws-cdk/aws-apigateway/test/domains.test.ts +++ b/packages/@aws-cdk/aws-apigateway/test/domains.test.ts @@ -388,7 +388,7 @@ describe('domains', () => { test('accepts a mutual TLS configuration', () => { const stack = new Stack(); - const bucket = Bucket.fromBucketName(stack, 'testBucket', 'exampleBucket'); + const bucket = Bucket.fromBucketName(stack, 'testBucket', 'example-bucket'); new apigw.DomainName(stack, 'another-domain', { domainName: 'example.com', mtls: { @@ -402,14 +402,14 @@ describe('domains', () => { 'DomainName': 'example.com', 'EndpointConfiguration': { 'Types': ['REGIONAL'] }, 'RegionalCertificateArn': 'arn:aws:acm:us-east-1:1111111:certificate/11-3336f1-44483d-adc7-9cd375c5169d', - 'MutualTlsAuthentication': { 'TruststoreUri': 's3://exampleBucket/someca.pem' }, + 'MutualTlsAuthentication': { 'TruststoreUri': 's3://example-bucket/someca.pem' }, }); }); test('mTLS should allow versions to be set on the s3 bucket', () => { const stack = new Stack(); - const bucket = Bucket.fromBucketName(stack, 'testBucket', 'exampleBucket'); + const bucket = Bucket.fromBucketName(stack, 'testBucket', 'example-bucket'); new apigw.DomainName(stack, 'another-domain', { domainName: 'example.com', certificate: acm.Certificate.fromCertificateArn(stack, 'cert2', 'arn:aws:acm:us-east-1:1111111:certificate/11-3336f1-44483d-adc7-9cd375c5169d'), @@ -423,7 +423,7 @@ describe('domains', () => { 'DomainName': 'example.com', 'EndpointConfiguration': { 'Types': ['REGIONAL'] }, 'RegionalCertificateArn': 'arn:aws:acm:us-east-1:1111111:certificate/11-3336f1-44483d-adc7-9cd375c5169d', - 'MutualTlsAuthentication': { 'TruststoreUri': 's3://exampleBucket/someca.pem', 'TruststoreVersion': 'version' }, + 'MutualTlsAuthentication': { 'TruststoreUri': 's3://example-bucket/someca.pem', 'TruststoreVersion': 'version' }, }); }); From a4287e71117e3901e1b67d8be34aaffeeb8ca775 Mon Sep 17 00:00:00 2001 From: Berend de Boer Date: Thu, 4 Nov 2021 09:19:24 +1300 Subject: [PATCH 8/8] test(pipelines): use valid bucket name in arn --- packages/@aws-cdk/pipelines/test/compliance/synths.test.ts | 4 ++-- .../@aws-cdk/pipelines/test/compliance/validations.test.ts | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/packages/@aws-cdk/pipelines/test/compliance/synths.test.ts b/packages/@aws-cdk/pipelines/test/compliance/synths.test.ts index f8e39a536309f..fb8e47a0f5fe4 100644 --- a/packages/@aws-cdk/pipelines/test/compliance/synths.test.ts +++ b/packages/@aws-cdk/pipelines/test/compliance/synths.test.ts @@ -748,7 +748,7 @@ behavior('Pipeline action contains a hash that changes as the buildspec changes' behavior('Synth CodeBuild project role can be granted permissions', (suite) => { let bucket: s3.IBucket; beforeEach(() => { - bucket = s3.Bucket.fromBucketArn(pipelineStack, 'Bucket', 'arn:aws:s3:::ThisParticularBucket'); + bucket = s3.Bucket.fromBucketArn(pipelineStack, 'Bucket', 'arn:aws:s3:::this-particular-bucket'); }); @@ -787,7 +787,7 @@ behavior('Synth CodeBuild project role can be granted permissions', (suite) => { PolicyDocument: { Statement: Match.arrayWith([Match.objectLike({ Action: ['s3:GetObject*', 's3:GetBucket*', 's3:List*'], - Resource: ['arn:aws:s3:::ThisParticularBucket', 'arn:aws:s3:::ThisParticularBucket/*'], + Resource: ['arn:aws:s3:::this-particular-bucket', 'arn:aws:s3:::this-particular-bucket/*'], })]), }, }); diff --git a/packages/@aws-cdk/pipelines/test/compliance/validations.test.ts b/packages/@aws-cdk/pipelines/test/compliance/validations.test.ts index 7a6a562a8707a..c61cd40474388 100644 --- a/packages/@aws-cdk/pipelines/test/compliance/validations.test.ts +++ b/packages/@aws-cdk/pipelines/test/compliance/validations.test.ts @@ -463,7 +463,7 @@ behavior('can add policy statements to shell script action', (suite) => { behavior('can grant permissions to shell script action', (suite) => { let bucket: s3.IBucket; beforeEach(() => { - bucket = s3.Bucket.fromBucketArn(pipelineStack, 'Bucket', 'arn:aws:s3:::ThisParticularBucket'); + bucket = s3.Bucket.fromBucketArn(pipelineStack, 'Bucket', 'arn:aws:s3:::this-particular-bucket'); }); suite.legacy(() => { @@ -505,7 +505,7 @@ behavior('can grant permissions to shell script action', (suite) => { PolicyDocument: { Statement: Match.arrayWith([Match.objectLike({ Action: ['s3:GetObject*', 's3:GetBucket*', 's3:List*'], - Resource: ['arn:aws:s3:::ThisParticularBucket', 'arn:aws:s3:::ThisParticularBucket/*'], + Resource: ['arn:aws:s3:::this-particular-bucket', 'arn:aws:s3:::this-particular-bucket/*'], })]), }, });