From d05b24bb1f1d17f511112b4bd1066bff2a7f527d Mon Sep 17 00:00:00 2001 From: watany <76135106+watany-dev@users.noreply.github.com> Date: Sun, 28 Aug 2022 11:44:43 +0000 Subject: [PATCH 1/2] #21441 add Custom Policy Rule Constructs --- packages/@aws-cdk/aws-config/README.md | 56 ++++++- packages/@aws-cdk/aws-config/lib/rule.ts | 154 +++++++++++++++++- packages/@aws-cdk/aws-config/package.json | 1 + .../aws-cdk-config-custompolicy.template.json | 66 ++++++++ ...aultTestDeployAssert4EE21D3A.template.json | 1 + .../test/custompolicy.integ.snapshot/cdk.out | 1 + .../custompolicy.integ.snapshot/integ.json | 11 ++ .../custompolicy.integ.snapshot/manifest.json | 37 +++++ .../custompolicy.integ.snapshot/tree.json | 113 +++++++++++++ .../aws-config/test/integ.custompolicy.ts | 42 +++++ .../@aws-cdk/aws-config/test/rule.test.ts | 64 ++++++++ 11 files changed, 536 insertions(+), 10 deletions(-) create mode 100644 packages/@aws-cdk/aws-config/test/custompolicy.integ.snapshot/aws-cdk-config-custompolicy.template.json create mode 100644 packages/@aws-cdk/aws-config/test/custompolicy.integ.snapshot/awscdkconfigcustompolicyintegDefaultTestDeployAssert4EE21D3A.template.json create mode 100644 packages/@aws-cdk/aws-config/test/custompolicy.integ.snapshot/cdk.out create mode 100644 packages/@aws-cdk/aws-config/test/custompolicy.integ.snapshot/integ.json create mode 100644 packages/@aws-cdk/aws-config/test/custompolicy.integ.snapshot/manifest.json create mode 100644 packages/@aws-cdk/aws-config/test/custompolicy.integ.snapshot/tree.json create mode 100644 packages/@aws-cdk/aws-config/test/integ.custompolicy.ts diff --git a/packages/@aws-cdk/aws-config/README.md b/packages/@aws-cdk/aws-config/README.md index 62800220da594..81959aa8c7bf1 100644 --- a/packages/@aws-cdk/aws-config/README.md +++ b/packages/@aws-cdk/aws-config/README.md @@ -116,8 +116,60 @@ new config.CloudFormationStackNotificationCheck(this, 'NotificationCheck', { ### Custom rules You can develop custom rules and add them to AWS Config. You associate each custom rule with an -AWS Lambda function, which contains the logic that evaluates whether your AWS resources comply -with the rule. +AWS Lambda function and Guard. + +#### Custom Lambda Rules + +Lambda function which contains the logic that evaluates whether your AWS resources comply with the rule. + +```ts +// Lambda function containing logic that evaluates compliance with the rule. +const evalComplianceFn = new lambda.Function(this, "CustomFunction", { + code: lambda.AssetCode.fromInline( + "exports.handler = (event) => console.log(event);" + ), + handler: "index.handler", + runtime: lambda.Runtime.NODEJS_14_X, +}); + +// A custom rule that runs on configuration changes of EC2 instances +const customRule = new config.CustomRule(this, "Custom", { + configurationChanges: true, + lambdaFunction: evalComplianceFn, + ruleScope: config.RuleScope.fromResource(config.ResourceType.EC2_INSTANCE), +}); +``` + +#### Custom Policy Rules + +Guard which contains the logic that evaluates whether your AWS resources comply with the rule. + +```ts +const samplePolicyText = ` +# This rule checks if point in time recovery (PITR) is enabled on active Amazon DynamoDB tables +let status = ['ACTIVE'] + +rule tableisactive when + resourceType == "AWS::DynamoDB::Table" { + configuration.tableStatus == %status +} + +rule checkcompliance when + resourceType == "AWS::DynamoDB::Table" + tableisactive { + let pitr = supplementaryConfiguration.ContinuousBackupsDescription.pointInTimeRecoveryDescription.pointInTimeRecoveryStatus + %pitr == "ENABLED" +} +`; + +new config.CustomPolicy(stack, "Custom", { + policyText: samplePolicyText, + enableDebugLog: true, + ruleScope: config.RuleScope.fromResources([ + config.ResourceType.DYNAMODB_TABLE, + ]), +}); +``` ### Triggers diff --git a/packages/@aws-cdk/aws-config/lib/rule.ts b/packages/@aws-cdk/aws-config/lib/rule.ts index c4c6e14a2377c..788c3cb59be43 100644 --- a/packages/@aws-cdk/aws-config/lib/rule.ts +++ b/packages/@aws-cdk/aws-config/lib/rule.ts @@ -281,6 +281,63 @@ export class ManagedRule extends RuleNew { } } +/** + * The source of the event, such as an AWS service, + * that triggers AWS Config to evaluate your AWS resources. + */ +enum EventSource { + + /* from aws.config */ + AWS_CONFIG = 'aws.config', + +} + +/** + * The type of notification that triggers AWS Config to run an evaluation for a rule. + */ +enum MessageType { + + /** + * Triggers an evaluation when AWS Config delivers a configuration item as a result of a resource change. + */ + CONFIGURATION_ITEM_CHANGE_NOTIFICATION = 'ConfigurationItemChangeNotification', + + /** + * Triggers an evaluation when AWS Config delivers an oversized configuration item. + */ + OVERSIZED_CONFIGURATION_ITEM_CHANGE_NOTIFICATION = 'OversizedConfigurationItemChangeNotification', + + /** + * Triggers a periodic evaluation at the frequency specified for MaximumExecutionFrequency. + */ + SCHEDULED_NOTIFICATION = 'ScheduledNotification', + + /** + * Triggers a periodic evaluation when AWS Config delivers a configuration snapshot. + */ + CONFIGURATION_SNAPSHOT_DELIVERY_COMPLETED = 'ConfigurationSnapshotDeliveryCompleted', +} + +/** + * Construction properties for a CustomRule. + */ +interface SourceDetail { + /** + * The source of the event, such as an AWS service, + * that triggers AWS Config to evaluate your AWS resources. + * + */ + readonly eventSource: EventSource; + /** + * The frequency at which you want AWS Config to run evaluations for a custom rule with a periodic trigger. + */ + readonly maximumExecutionFrequency?: MaximumExecutionFrequency; + /** + * The type of notification that triggers AWS Config to run an evaluation for a rule. + */ + readonly messageType: MessageType; +} + /** * Construction properties for a CustomRule. */ @@ -331,25 +388,24 @@ export class CustomRule extends RuleNew { throw new Error('At least one of `configurationChanges` or `periodic` must be set to true.'); } - const sourceDetails: any[] = []; + const sourceDetails: SourceDetail[] = []; this.ruleScope = props.ruleScope; - if (props.configurationChanges) { sourceDetails.push({ - eventSource: 'aws.config', - messageType: 'ConfigurationItemChangeNotification', + eventSource: EventSource.AWS_CONFIG, + messageType: MessageType.CONFIGURATION_ITEM_CHANGE_NOTIFICATION, }); sourceDetails.push({ - eventSource: 'aws.config', - messageType: 'OversizedConfigurationItemChangeNotification', + eventSource: EventSource.AWS_CONFIG, + messageType: MessageType.OVERSIZED_CONFIGURATION_ITEM_CHANGE_NOTIFICATION, }); } if (props.periodic) { sourceDetails.push({ - eventSource: 'aws.config', + eventSource: EventSource.AWS_CONFIG, maximumExecutionFrequency: props.maximumExecutionFrequency, - messageType: 'ScheduledNotification', + messageType: MessageType.SCHEDULED_NOTIFICATION, }); } @@ -391,6 +447,88 @@ export class CustomRule extends RuleNew { } } +/** + * Construction properties for a CustomPolicy. + */ +export interface CustomPolicyProps extends RuleProps { + /** + * The policy definition containing the logic for your AWS Config Custom Policy rule. + */ + readonly policyText: string; + + /** + * The boolean expression for enabling debug logging for your AWS Config Custom Policy rule. + * + * @default false + */ + readonly enableDebugLog?: boolean; +} + +/** + * A new custom policy. + * + * @resource AWS::Config::ConfigRule + */ +export class CustomPolicy extends RuleNew { + /** @attribute */ + public readonly configRuleName: string; + + /** @attribute */ + public readonly configRuleArn: string; + + /** @attribute */ + public readonly configRuleId: string; + + /** @attribute */ + public readonly configRuleComplianceType: string; + + constructor(scope: Construct, id: string, props: CustomPolicyProps) { + super(scope, id, { + physicalName: props.configRuleName, + }); + + if (!props.policyText || [...props.policyText].length === 0) { + throw new Error('Policy Text cannot be empty.'); + } + if ( [...props.policyText].length > 10000 ) { + throw new Error('Policy Text is limited to 10,000 characters or less.'); + } + + const sourceDetails: SourceDetail[] = []; + this.ruleScope = props.ruleScope; + + sourceDetails.push({ + eventSource: EventSource.AWS_CONFIG, + messageType: MessageType.CONFIGURATION_ITEM_CHANGE_NOTIFICATION, + }); + sourceDetails.push({ + eventSource: EventSource.AWS_CONFIG, + messageType: MessageType.OVERSIZED_CONFIGURATION_ITEM_CHANGE_NOTIFICATION, + }); + const rule = new CfnConfigRule(this, 'Resource', { + configRuleName: this.physicalName, + description: props.description, + inputParameters: props.inputParameters, + scope: Lazy.any({ produce: () => renderScope(this.ruleScope) }), // scope can use values such as stack id (see CloudFormationStackDriftDetectionCheck) + source: { + owner: 'CUSTOM_POLICY', + sourceDetails, + customPolicyDetails: { + enableDebugLogDelivery: props.enableDebugLog, + policyRuntime: 'guard-2.x.x', + policyText: props.policyText, + }, + }, + }); + + this.configRuleName = rule.ref; + this.configRuleArn = rule.attrArn; + this.configRuleId = rule.attrConfigRuleId; + this.configRuleComplianceType = rule.attrComplianceType; + this.isCustomWithChanges = true; + } +} + /** * Managed rules that are supported by AWS Config. * @see https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html diff --git a/packages/@aws-cdk/aws-config/package.json b/packages/@aws-cdk/aws-config/package.json index 5e7a4ce801ee7..6cb36fa4c3ada 100644 --- a/packages/@aws-cdk/aws-config/package.json +++ b/packages/@aws-cdk/aws-config/package.json @@ -84,6 +84,7 @@ "@aws-cdk/aws-events-targets": "0.0.0", "@aws-cdk/cdk-build-tools": "0.0.0", "@aws-cdk/integ-runner": "0.0.0", + "@aws-cdk/integ-tests": "0.0.0", "@aws-cdk/cfn2ts": "0.0.0", "@aws-cdk/pkglint": "0.0.0", "@types/jest": "^27.5.2", diff --git a/packages/@aws-cdk/aws-config/test/custompolicy.integ.snapshot/aws-cdk-config-custompolicy.template.json b/packages/@aws-cdk/aws-config/test/custompolicy.integ.snapshot/aws-cdk-config-custompolicy.template.json new file mode 100644 index 0000000000000..1c4a831948cad --- /dev/null +++ b/packages/@aws-cdk/aws-config/test/custompolicy.integ.snapshot/aws-cdk-config-custompolicy.template.json @@ -0,0 +1,66 @@ +{ + "Resources": { + "Custom8166710A": { + "Type": "AWS::Config::ConfigRule", + "Properties": { + "Source": { + "CustomPolicyDetails": { + "EnableDebugLogDelivery": true, + "PolicyRuntime": "guard-2.x.x", + "PolicyText": "\n# This rule checks if point in time recovery (PITR) is enabled on active Amazon DynamoDB tables\nlet status = ['ACTIVE']\n\nrule tableisactive when\n resourceType == \"AWS::DynamoDB::Table\" {\n configuration.tableStatus == %status\n}\n\nrule checkcompliance when\n resourceType == \"AWS::DynamoDB::Table\"\n tableisactive {\n let pitr = supplementaryConfiguration.ContinuousBackupsDescription.pointInTimeRecoveryDescription.pointInTimeRecoveryStatus\n %pitr == \"ENABLED\"\n}\n" + }, + "Owner": "CUSTOM_POLICY", + "SourceDetails": [ + { + "EventSource": "aws.config", + "MessageType": "ConfigurationItemChangeNotification" + }, + { + "EventSource": "aws.config", + "MessageType": "OversizedConfigurationItemChangeNotification" + } + ] + }, + "Scope": { + "ComplianceResourceTypes": [ + "AWS::DynamoDB::Table" + ] + } + } + }, + "sampleuser2D3A0B43": { + "Type": "AWS::IAM::User" + }, + "Customlazy5E6C8AE4": { + "Type": "AWS::Config::ConfigRule", + "Properties": { + "Source": { + "CustomPolicyDetails": { + "EnableDebugLogDelivery": true, + "PolicyRuntime": "guard-2.x.x", + "PolicyText": "lazy-create-test" + }, + "Owner": "CUSTOM_POLICY", + "SourceDetails": [ + { + "EventSource": "aws.config", + "MessageType": "ConfigurationItemChangeNotification" + }, + { + "EventSource": "aws.config", + "MessageType": "OversizedConfigurationItemChangeNotification" + } + ] + }, + "Scope": { + "ComplianceResourceId": { + "Ref": "sampleuser2D3A0B43" + }, + "ComplianceResourceTypes": [ + "AWS::IAM::User" + ] + } + } + } + } + } \ No newline at end of file diff --git a/packages/@aws-cdk/aws-config/test/custompolicy.integ.snapshot/awscdkconfigcustompolicyintegDefaultTestDeployAssert4EE21D3A.template.json b/packages/@aws-cdk/aws-config/test/custompolicy.integ.snapshot/awscdkconfigcustompolicyintegDefaultTestDeployAssert4EE21D3A.template.json new file mode 100644 index 0000000000000..9e26dfeeb6e64 --- /dev/null +++ b/packages/@aws-cdk/aws-config/test/custompolicy.integ.snapshot/awscdkconfigcustompolicyintegDefaultTestDeployAssert4EE21D3A.template.json @@ -0,0 +1 @@ +{} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-config/test/custompolicy.integ.snapshot/cdk.out b/packages/@aws-cdk/aws-config/test/custompolicy.integ.snapshot/cdk.out new file mode 100644 index 0000000000000..588d7b269d34f --- /dev/null +++ b/packages/@aws-cdk/aws-config/test/custompolicy.integ.snapshot/cdk.out @@ -0,0 +1 @@ +{"version":"20.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-config/test/custompolicy.integ.snapshot/integ.json b/packages/@aws-cdk/aws-config/test/custompolicy.integ.snapshot/integ.json new file mode 100644 index 0000000000000..459df53ff3c44 --- /dev/null +++ b/packages/@aws-cdk/aws-config/test/custompolicy.integ.snapshot/integ.json @@ -0,0 +1,11 @@ +{ + "version": "20.0.0", + "testCases": { + "aws-cdk-config-custompolicy-integ/DefaultTest": { + "stacks": [ + "aws-cdk-config-custompolicy" + ], + "assertionStack": "aws-cdk-config-custompolicy-integ/DefaultTest/DeployAssert" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-config/test/custompolicy.integ.snapshot/manifest.json b/packages/@aws-cdk/aws-config/test/custompolicy.integ.snapshot/manifest.json new file mode 100644 index 0000000000000..bddeb4922cbee --- /dev/null +++ b/packages/@aws-cdk/aws-config/test/custompolicy.integ.snapshot/manifest.json @@ -0,0 +1,37 @@ +{ + "version": "20.0.0", + "artifacts": { + "Tree": { + "type": "cdk:tree", + "properties": { + "file": "tree.json" + } + }, + "aws-cdk-config-custompolicy": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "aws-cdk-config-custompolicy.template.json", + "validateOnSynth": false + }, + "metadata": { + "/aws-cdk-config-custompolicy/Custom/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "Custom8166710A" + } + ] + }, + "displayName": "aws-cdk-config-custompolicy" + }, + "awscdkconfigcustompolicyintegDefaultTestDeployAssert4EE21D3A": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "awscdkconfigcustompolicyintegDefaultTestDeployAssert4EE21D3A.template.json", + "validateOnSynth": false + }, + "displayName": "aws-cdk-config-custompolicy-integ/DefaultTest/DeployAssert" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-config/test/custompolicy.integ.snapshot/tree.json b/packages/@aws-cdk/aws-config/test/custompolicy.integ.snapshot/tree.json new file mode 100644 index 0000000000000..67665e6141595 --- /dev/null +++ b/packages/@aws-cdk/aws-config/test/custompolicy.integ.snapshot/tree.json @@ -0,0 +1,113 @@ +{ + "version": "tree-0.1", + "tree": { + "id": "App", + "path": "", + "children": { + "Tree": { + "id": "Tree", + "path": "Tree", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.1.78" + } + }, + "aws-cdk-config-custompolicy": { + "id": "aws-cdk-config-custompolicy", + "path": "aws-cdk-config-custompolicy", + "children": { + "Custom": { + "id": "Custom", + "path": "aws-cdk-config-custompolicy/Custom", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-config-custompolicy/Custom/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Config::ConfigRule", + "aws:cdk:cloudformation:props": { + "source": { + "owner": "CUSTOM_POLICY", + "sourceDetails": [ + { + "eventSource": "aws.config", + "messageType": "ConfigurationItemChangeNotification" + }, + { + "eventSource": "aws.config", + "messageType": "OversizedConfigurationItemChangeNotification" + } + ], + "customPolicyDetails": { + "enableDebugLogDelivery": true, + "policyRuntime": "guard-2.x.x", + "policyText": "\n# This rule checks if point in time recovery (PITR) is enabled on active Amazon DynamoDB tables\nlet status = ['ACTIVE']\n\nrule tableisactive when\n resourceType == \"AWS::DynamoDB::Table\" {\n configuration.tableStatus == %status\n}\n\nrule checkcompliance when\n resourceType == \"AWS::DynamoDB::Table\"\n tableisactive {\n let pitr = supplementaryConfiguration.ContinuousBackupsDescription.pointInTimeRecoveryDescription.pointInTimeRecoveryStatus\n %pitr == \"ENABLED\"\n}\n" + } + }, + "scope": { + "complianceResourceTypes": [ + "AWS::EC2::Instance" + ] + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-config.CfnConfigRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-config.CustomPolicy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/core.Stack", + "version": "0.0.0" + } + }, + "aws-cdk-config-custompolicy-integ": { + "id": "aws-cdk-config-custompolicy-integ", + "path": "aws-cdk-config-custompolicy-integ", + "children": { + "DefaultTest": { + "id": "DefaultTest", + "path": "aws-cdk-config-custompolicy-integ/DefaultTest", + "children": { + "Default": { + "id": "Default", + "path": "aws-cdk-config-custompolicy-integ/DefaultTest/Default", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.1.78" + } + }, + "DeployAssert": { + "id": "DeployAssert", + "path": "aws-cdk-config-custompolicy-integ/DefaultTest/DeployAssert", + "constructInfo": { + "fqn": "@aws-cdk/core.Stack", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests.IntegTestCase", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests.IntegTest", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/core.App", + "version": "0.0.0" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-config/test/integ.custompolicy.ts b/packages/@aws-cdk/aws-config/test/integ.custompolicy.ts new file mode 100644 index 0000000000000..83af445a1aca1 --- /dev/null +++ b/packages/@aws-cdk/aws-config/test/integ.custompolicy.ts @@ -0,0 +1,42 @@ +import * as iam from '@aws-cdk/aws-iam'; +import * as cdk from '@aws-cdk/core'; +import * as integ from '@aws-cdk/integ-tests'; +import * as config from '../lib'; + +const app = new cdk.App(); +const stack = new cdk.Stack(app, 'aws-cdk-config-custompolicy'); + +const samplePolicyText = ` +# This rule checks if point in time recovery (PITR) is enabled on active Amazon DynamoDB tables +let status = ['ACTIVE'] + +rule tableisactive when + resourceType == "AWS::DynamoDB::Table" { + configuration.tableStatus == %status +} + +rule checkcompliance when + resourceType == "AWS::DynamoDB::Table" + tableisactive { + let pitr = supplementaryConfiguration.ContinuousBackupsDescription.pointInTimeRecoveryDescription.pointInTimeRecoveryStatus + %pitr == "ENABLED" +} +`; + +new config.CustomPolicy(stack, 'Custom', { + policyText: samplePolicyText, + enableDebugLog: true, + ruleScope: config.RuleScope.fromResources([config.ResourceType.DYNAMODB_TABLE]), +}); + +const user = new iam.User(stack, 'sample-user'); +new config.CustomPolicy(stack, 'Custom-lazy', { + policyText: 'lazy-create-test', + enableDebugLog: true, + ruleScope: config.RuleScope.fromResource(config.ResourceType.IAM_USER, user.userName), +}); + +new integ.IntegTest(app, 'aws-cdk-config-custompolicy-integ', { + testCases: [stack], +}); +app.synth(); diff --git a/packages/@aws-cdk/aws-config/test/rule.test.ts b/packages/@aws-cdk/aws-config/test/rule.test.ts index 284354d302f9d..740ebf9220264 100644 --- a/packages/@aws-cdk/aws-config/test/rule.test.ts +++ b/packages/@aws-cdk/aws-config/test/rule.test.ts @@ -416,5 +416,69 @@ describe('rule', () => { }, }); }); + test('create a custom policy', () => { + // GIVEN + const stack = new cdk.Stack(); + + // WHEN + new config.CustomPolicy(stack, 'Rule', { + policyText: ` + let status = ['ACTIVE'] + + rule tableisactive when + resourceType == "AWS::DynamoDB::Table" { + configuration.tableStatus == %status + } + + rule checkcompliance when + resourceType == "AWS::DynamoDB::Table" + tableisactive { + let pitr = supplementaryConfiguration.ContinuousBackupsDescription.pointInTimeRecoveryDescription.pointInTimeRecoveryStatus + %pitr == "ENABLED" + }`, + description: 'really cool rule', + configRuleName: 'cool rule', + }); + // THEN + Template.fromStack(stack).hasResourceProperties('AWS::Config::ConfigRule', { + Source: { + Owner: 'CUSTOM_POLICY', + SourceDetails: [ + { + EventSource: 'aws.config', + MessageType: 'ConfigurationItemChangeNotification', + }, + { + EventSource: 'aws.config', + MessageType: 'OversizedConfigurationItemChangeNotification', + }, + ], + }, + ConfigRuleName: 'cool rule', + Description: 'really cool rule', + }); + }); + + test('create a 0 charactor policy', () => { + // GIVEN + const stack = new cdk.Stack(); + + // WHEN + // THEN + expect(() => new config.CustomPolicy(stack, 'Rule', { + policyText: '', + })).toThrow('Policy Text cannot be empty.'); + }); + + test('create over 10000 charactor policy', () => { + // GIVEN + const stack = new cdk.Stack(); + const stringLen10001 = '0123456789'.repeat(1000) + 'a'; + // WHEN + // THEN + expect(() => new config.CustomPolicy(stack, 'Rule', { + policyText: stringLen10001, + })).toThrow('Policy Text is limited to 10,000 characters or less.'); + }); }); From 12ce62a0c17b5aebd2fd8b2d7c5f1b1b3eb04a2e Mon Sep 17 00:00:00 2001 From: watany <76135106+watany-dev@users.noreply.github.com> Date: Mon, 12 Sep 2022 23:23:13 +0000 Subject: [PATCH 2/2] chore(config): updated integ-tests --- .../aws-cdk-config-custompolicy.assets.json | 19 +++ .../aws-cdk-config-custompolicy.template.json | 148 +++++++++++------- ...efaultTestDeployAssert4EE21D3A.assets.json | 19 +++ ...aultTestDeployAssert4EE21D3A.template.json | 37 ++++- .../test/custompolicy.integ.snapshot/cdk.out | 2 +- .../custompolicy.integ.snapshot/integ.json | 5 +- .../custompolicy.integ.snapshot/manifest.json | 92 ++++++++++- .../custompolicy.integ.snapshot/tree.json | 77 ++++++++- .../aws-cdk-config-rule-integ.assets.json | 2 +- .../test/rule.lit.integ.snapshot/cdk.out | 2 +- .../test/rule.lit.integ.snapshot/integ.json | 2 +- .../rule.lit.integ.snapshot/manifest.json | 2 +- .../test/rule.lit.integ.snapshot/tree.json | 10 +- ...s-cdk-config-rule-scoped-integ.assets.json | 2 +- .../test/scoped-rule.integ.snapshot/cdk.out | 2 +- .../scoped-rule.integ.snapshot/integ.json | 2 +- .../scoped-rule.integ.snapshot/manifest.json | 2 +- .../test/scoped-rule.integ.snapshot/tree.json | 10 +- 18 files changed, 350 insertions(+), 85 deletions(-) create mode 100644 packages/@aws-cdk/aws-config/test/custompolicy.integ.snapshot/aws-cdk-config-custompolicy.assets.json create mode 100644 packages/@aws-cdk/aws-config/test/custompolicy.integ.snapshot/awscdkconfigcustompolicyintegDefaultTestDeployAssert4EE21D3A.assets.json diff --git a/packages/@aws-cdk/aws-config/test/custompolicy.integ.snapshot/aws-cdk-config-custompolicy.assets.json b/packages/@aws-cdk/aws-config/test/custompolicy.integ.snapshot/aws-cdk-config-custompolicy.assets.json new file mode 100644 index 0000000000000..fef11e6b41fd3 --- /dev/null +++ b/packages/@aws-cdk/aws-config/test/custompolicy.integ.snapshot/aws-cdk-config-custompolicy.assets.json @@ -0,0 +1,19 @@ +{ + "version": "21.0.0", + "files": { + "51dce3b1479f4a685a2f5a815b141fdf3e07e49181ce9da06750e820f5b92859": { + "source": { + "path": "aws-cdk-config-custompolicy.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "51dce3b1479f4a685a2f5a815b141fdf3e07e49181ce9da06750e820f5b92859.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-config/test/custompolicy.integ.snapshot/aws-cdk-config-custompolicy.template.json b/packages/@aws-cdk/aws-config/test/custompolicy.integ.snapshot/aws-cdk-config-custompolicy.template.json index 1c4a831948cad..5aa8a1b0062a4 100644 --- a/packages/@aws-cdk/aws-config/test/custompolicy.integ.snapshot/aws-cdk-config-custompolicy.template.json +++ b/packages/@aws-cdk/aws-config/test/custompolicy.integ.snapshot/aws-cdk-config-custompolicy.template.json @@ -1,66 +1,100 @@ { - "Resources": { - "Custom8166710A": { - "Type": "AWS::Config::ConfigRule", - "Properties": { - "Source": { - "CustomPolicyDetails": { - "EnableDebugLogDelivery": true, - "PolicyRuntime": "guard-2.x.x", - "PolicyText": "\n# This rule checks if point in time recovery (PITR) is enabled on active Amazon DynamoDB tables\nlet status = ['ACTIVE']\n\nrule tableisactive when\n resourceType == \"AWS::DynamoDB::Table\" {\n configuration.tableStatus == %status\n}\n\nrule checkcompliance when\n resourceType == \"AWS::DynamoDB::Table\"\n tableisactive {\n let pitr = supplementaryConfiguration.ContinuousBackupsDescription.pointInTimeRecoveryDescription.pointInTimeRecoveryStatus\n %pitr == \"ENABLED\"\n}\n" - }, - "Owner": "CUSTOM_POLICY", - "SourceDetails": [ - { - "EventSource": "aws.config", - "MessageType": "ConfigurationItemChangeNotification" - }, - { - "EventSource": "aws.config", - "MessageType": "OversizedConfigurationItemChangeNotification" - } - ] - }, - "Scope": { - "ComplianceResourceTypes": [ - "AWS::DynamoDB::Table" - ] - } + "Resources": { + "Custom8166710A": { + "Type": "AWS::Config::ConfigRule", + "Properties": { + "Source": { + "CustomPolicyDetails": { + "EnableDebugLogDelivery": true, + "PolicyRuntime": "guard-2.x.x", + "PolicyText": "\n# This rule checks if point in time recovery (PITR) is enabled on active Amazon DynamoDB tables\nlet status = ['ACTIVE']\n\nrule tableisactive when\n resourceType == \"AWS::DynamoDB::Table\" {\n configuration.tableStatus == %status\n}\n\nrule checkcompliance when\n resourceType == \"AWS::DynamoDB::Table\"\n tableisactive {\n let pitr = supplementaryConfiguration.ContinuousBackupsDescription.pointInTimeRecoveryDescription.pointInTimeRecoveryStatus\n %pitr == \"ENABLED\"\n}\n" + }, + "Owner": "CUSTOM_POLICY", + "SourceDetails": [ + { + "EventSource": "aws.config", + "MessageType": "ConfigurationItemChangeNotification" + }, + { + "EventSource": "aws.config", + "MessageType": "OversizedConfigurationItemChangeNotification" } + ] + }, + "Scope": { + "ComplianceResourceTypes": [ + "AWS::DynamoDB::Table" + ] + } + } + }, + "sampleuser2D3A0B43": { + "Type": "AWS::IAM::User" + }, + "Customlazy5E6C8AE4": { + "Type": "AWS::Config::ConfigRule", + "Properties": { + "Source": { + "CustomPolicyDetails": { + "EnableDebugLogDelivery": true, + "PolicyRuntime": "guard-2.x.x", + "PolicyText": "lazy-create-test" }, - "sampleuser2D3A0B43": { - "Type": "AWS::IAM::User" + "Owner": "CUSTOM_POLICY", + "SourceDetails": [ + { + "EventSource": "aws.config", + "MessageType": "ConfigurationItemChangeNotification" + }, + { + "EventSource": "aws.config", + "MessageType": "OversizedConfigurationItemChangeNotification" + } + ] + }, + "Scope": { + "ComplianceResourceId": { + "Ref": "sampleuser2D3A0B43" }, - "Customlazy5E6C8AE4": { - "Type": "AWS::Config::ConfigRule", - "Properties": { - "Source": { - "CustomPolicyDetails": { - "EnableDebugLogDelivery": true, - "PolicyRuntime": "guard-2.x.x", - "PolicyText": "lazy-create-test" - }, - "Owner": "CUSTOM_POLICY", - "SourceDetails": [ - { - "EventSource": "aws.config", - "MessageType": "ConfigurationItemChangeNotification" - }, + "ComplianceResourceTypes": [ + "AWS::IAM::User" + ] + } + } + } + }, + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], { - "EventSource": "aws.config", - "MessageType": "OversizedConfigurationItemChangeNotification" + "Ref": "BootstrapVersion" } ] - }, - "Scope": { - "ComplianceResourceId": { - "Ref": "sampleuser2D3A0B43" - }, - "ComplianceResourceTypes": [ - "AWS::IAM::User" - ] } - } - } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." } - } \ No newline at end of file + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-config/test/custompolicy.integ.snapshot/awscdkconfigcustompolicyintegDefaultTestDeployAssert4EE21D3A.assets.json b/packages/@aws-cdk/aws-config/test/custompolicy.integ.snapshot/awscdkconfigcustompolicyintegDefaultTestDeployAssert4EE21D3A.assets.json new file mode 100644 index 0000000000000..022fed34ec956 --- /dev/null +++ b/packages/@aws-cdk/aws-config/test/custompolicy.integ.snapshot/awscdkconfigcustompolicyintegDefaultTestDeployAssert4EE21D3A.assets.json @@ -0,0 +1,19 @@ +{ + "version": "21.0.0", + "files": { + "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { + "source": { + "path": "awscdkconfigcustompolicyintegDefaultTestDeployAssert4EE21D3A.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-config/test/custompolicy.integ.snapshot/awscdkconfigcustompolicyintegDefaultTestDeployAssert4EE21D3A.template.json b/packages/@aws-cdk/aws-config/test/custompolicy.integ.snapshot/awscdkconfigcustompolicyintegDefaultTestDeployAssert4EE21D3A.template.json index 9e26dfeeb6e64..ad9d0fb73d1dd 100644 --- a/packages/@aws-cdk/aws-config/test/custompolicy.integ.snapshot/awscdkconfigcustompolicyintegDefaultTestDeployAssert4EE21D3A.template.json +++ b/packages/@aws-cdk/aws-config/test/custompolicy.integ.snapshot/awscdkconfigcustompolicyintegDefaultTestDeployAssert4EE21D3A.template.json @@ -1 +1,36 @@ -{} \ No newline at end of file +{ + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-config/test/custompolicy.integ.snapshot/cdk.out b/packages/@aws-cdk/aws-config/test/custompolicy.integ.snapshot/cdk.out index 588d7b269d34f..8ecc185e9dbee 100644 --- a/packages/@aws-cdk/aws-config/test/custompolicy.integ.snapshot/cdk.out +++ b/packages/@aws-cdk/aws-config/test/custompolicy.integ.snapshot/cdk.out @@ -1 +1 @@ -{"version":"20.0.0"} \ No newline at end of file +{"version":"21.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-config/test/custompolicy.integ.snapshot/integ.json b/packages/@aws-cdk/aws-config/test/custompolicy.integ.snapshot/integ.json index 459df53ff3c44..fc3d6b873387b 100644 --- a/packages/@aws-cdk/aws-config/test/custompolicy.integ.snapshot/integ.json +++ b/packages/@aws-cdk/aws-config/test/custompolicy.integ.snapshot/integ.json @@ -1,11 +1,12 @@ { - "version": "20.0.0", + "version": "21.0.0", "testCases": { "aws-cdk-config-custompolicy-integ/DefaultTest": { "stacks": [ "aws-cdk-config-custompolicy" ], - "assertionStack": "aws-cdk-config-custompolicy-integ/DefaultTest/DeployAssert" + "assertionStack": "aws-cdk-config-custompolicy-integ/DefaultTest/DeployAssert", + "assertionStackName": "awscdkconfigcustompolicyintegDefaultTestDeployAssert4EE21D3A" } } } \ No newline at end of file diff --git a/packages/@aws-cdk/aws-config/test/custompolicy.integ.snapshot/manifest.json b/packages/@aws-cdk/aws-config/test/custompolicy.integ.snapshot/manifest.json index bddeb4922cbee..423341f5f6648 100644 --- a/packages/@aws-cdk/aws-config/test/custompolicy.integ.snapshot/manifest.json +++ b/packages/@aws-cdk/aws-config/test/custompolicy.integ.snapshot/manifest.json @@ -1,5 +1,5 @@ { - "version": "20.0.0", + "version": "21.0.0", "artifacts": { "Tree": { "type": "cdk:tree", @@ -7,29 +7,115 @@ "file": "tree.json" } }, + "aws-cdk-config-custompolicy.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "aws-cdk-config-custompolicy.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, "aws-cdk-config-custompolicy": { "type": "aws:cloudformation:stack", "environment": "aws://unknown-account/unknown-region", "properties": { "templateFile": "aws-cdk-config-custompolicy.template.json", - "validateOnSynth": false + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/51dce3b1479f4a685a2f5a815b141fdf3e07e49181ce9da06750e820f5b92859.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "aws-cdk-config-custompolicy.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } }, + "dependencies": [ + "aws-cdk-config-custompolicy.assets" + ], "metadata": { "/aws-cdk-config-custompolicy/Custom/Resource": [ { "type": "aws:cdk:logicalId", "data": "Custom8166710A" } + ], + "/aws-cdk-config-custompolicy/sample-user/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "sampleuser2D3A0B43" + } + ], + "/aws-cdk-config-custompolicy/Custom-lazy/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "Customlazy5E6C8AE4" + } + ], + "/aws-cdk-config-custompolicy/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/aws-cdk-config-custompolicy/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } ] }, "displayName": "aws-cdk-config-custompolicy" }, + "awscdkconfigcustompolicyintegDefaultTestDeployAssert4EE21D3A.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "awscdkconfigcustompolicyintegDefaultTestDeployAssert4EE21D3A.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, "awscdkconfigcustompolicyintegDefaultTestDeployAssert4EE21D3A": { "type": "aws:cloudformation:stack", "environment": "aws://unknown-account/unknown-region", "properties": { "templateFile": "awscdkconfigcustompolicyintegDefaultTestDeployAssert4EE21D3A.template.json", - "validateOnSynth": false + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "awscdkconfigcustompolicyintegDefaultTestDeployAssert4EE21D3A.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "awscdkconfigcustompolicyintegDefaultTestDeployAssert4EE21D3A.assets" + ], + "metadata": { + "/aws-cdk-config-custompolicy-integ/DefaultTest/DeployAssert/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/aws-cdk-config-custompolicy-integ/DefaultTest/DeployAssert/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] }, "displayName": "aws-cdk-config-custompolicy-integ/DefaultTest/DeployAssert" } diff --git a/packages/@aws-cdk/aws-config/test/custompolicy.integ.snapshot/tree.json b/packages/@aws-cdk/aws-config/test/custompolicy.integ.snapshot/tree.json index 67665e6141595..a642b0fbefb40 100644 --- a/packages/@aws-cdk/aws-config/test/custompolicy.integ.snapshot/tree.json +++ b/packages/@aws-cdk/aws-config/test/custompolicy.integ.snapshot/tree.json @@ -9,7 +9,7 @@ "path": "Tree", "constructInfo": { "fqn": "constructs.Construct", - "version": "10.1.78" + "version": "10.1.95" } }, "aws-cdk-config-custompolicy": { @@ -46,7 +46,78 @@ }, "scope": { "complianceResourceTypes": [ - "AWS::EC2::Instance" + "AWS::DynamoDB::Table" + ] + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-config.CfnConfigRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-config.CustomPolicy", + "version": "0.0.0" + } + }, + "sample-user": { + "id": "sample-user", + "path": "aws-cdk-config-custompolicy/sample-user", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-config-custompolicy/sample-user/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::User", + "aws:cdk:cloudformation:props": {} + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-iam.CfnUser", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-iam.User", + "version": "0.0.0" + } + }, + "Custom-lazy": { + "id": "Custom-lazy", + "path": "aws-cdk-config-custompolicy/Custom-lazy", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-config-custompolicy/Custom-lazy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Config::ConfigRule", + "aws:cdk:cloudformation:props": { + "source": { + "owner": "CUSTOM_POLICY", + "sourceDetails": [ + { + "eventSource": "aws.config", + "messageType": "ConfigurationItemChangeNotification" + }, + { + "eventSource": "aws.config", + "messageType": "OversizedConfigurationItemChangeNotification" + } + ], + "customPolicyDetails": { + "enableDebugLogDelivery": true, + "policyRuntime": "guard-2.x.x", + "policyText": "lazy-create-test" + } + }, + "scope": { + "complianceResourceId": { + "Ref": "sampleuser2D3A0B43" + }, + "complianceResourceTypes": [ + "AWS::IAM::User" ] } } @@ -81,7 +152,7 @@ "path": "aws-cdk-config-custompolicy-integ/DefaultTest/Default", "constructInfo": { "fqn": "constructs.Construct", - "version": "10.1.78" + "version": "10.1.95" } }, "DeployAssert": { diff --git a/packages/@aws-cdk/aws-config/test/rule.lit.integ.snapshot/aws-cdk-config-rule-integ.assets.json b/packages/@aws-cdk/aws-config/test/rule.lit.integ.snapshot/aws-cdk-config-rule-integ.assets.json index 98d6502e2b075..7f96ffaf0785c 100644 --- a/packages/@aws-cdk/aws-config/test/rule.lit.integ.snapshot/aws-cdk-config-rule-integ.assets.json +++ b/packages/@aws-cdk/aws-config/test/rule.lit.integ.snapshot/aws-cdk-config-rule-integ.assets.json @@ -1,5 +1,5 @@ { - "version": "20.0.0", + "version": "21.0.0", "files": { "9c0ec14ff7954b877625fb363a75213d58cb40e40acfcb23727388ddf0c52fec": { "source": { diff --git a/packages/@aws-cdk/aws-config/test/rule.lit.integ.snapshot/cdk.out b/packages/@aws-cdk/aws-config/test/rule.lit.integ.snapshot/cdk.out index 588d7b269d34f..8ecc185e9dbee 100644 --- a/packages/@aws-cdk/aws-config/test/rule.lit.integ.snapshot/cdk.out +++ b/packages/@aws-cdk/aws-config/test/rule.lit.integ.snapshot/cdk.out @@ -1 +1 @@ -{"version":"20.0.0"} \ No newline at end of file +{"version":"21.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-config/test/rule.lit.integ.snapshot/integ.json b/packages/@aws-cdk/aws-config/test/rule.lit.integ.snapshot/integ.json index 96031500206b9..c03beb72aa3bc 100644 --- a/packages/@aws-cdk/aws-config/test/rule.lit.integ.snapshot/integ.json +++ b/packages/@aws-cdk/aws-config/test/rule.lit.integ.snapshot/integ.json @@ -1,5 +1,5 @@ { - "version": "20.0.0", + "version": "21.0.0", "testCases": { "integ.rule.lit": { "stacks": [ diff --git a/packages/@aws-cdk/aws-config/test/rule.lit.integ.snapshot/manifest.json b/packages/@aws-cdk/aws-config/test/rule.lit.integ.snapshot/manifest.json index d349f058fc6d5..231c02b46bba8 100644 --- a/packages/@aws-cdk/aws-config/test/rule.lit.integ.snapshot/manifest.json +++ b/packages/@aws-cdk/aws-config/test/rule.lit.integ.snapshot/manifest.json @@ -1,5 +1,5 @@ { - "version": "20.0.0", + "version": "21.0.0", "artifacts": { "Tree": { "type": "cdk:tree", diff --git a/packages/@aws-cdk/aws-config/test/rule.lit.integ.snapshot/tree.json b/packages/@aws-cdk/aws-config/test/rule.lit.integ.snapshot/tree.json index d0be3f20b62e3..302082fb96f44 100644 --- a/packages/@aws-cdk/aws-config/test/rule.lit.integ.snapshot/tree.json +++ b/packages/@aws-cdk/aws-config/test/rule.lit.integ.snapshot/tree.json @@ -9,7 +9,7 @@ "path": "Tree", "constructInfo": { "fqn": "constructs.Construct", - "version": "10.1.85" + "version": "10.1.95" } }, "aws-cdk-config-rule-integ": { @@ -386,14 +386,14 @@ } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.1.85" + "fqn": "@aws-cdk/core.Stack", + "version": "0.0.0" } } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.1.85" + "fqn": "@aws-cdk/core.App", + "version": "0.0.0" } } } \ No newline at end of file diff --git a/packages/@aws-cdk/aws-config/test/scoped-rule.integ.snapshot/aws-cdk-config-rule-scoped-integ.assets.json b/packages/@aws-cdk/aws-config/test/scoped-rule.integ.snapshot/aws-cdk-config-rule-scoped-integ.assets.json index 01b82be1e6b07..fef322c5aba81 100644 --- a/packages/@aws-cdk/aws-config/test/scoped-rule.integ.snapshot/aws-cdk-config-rule-scoped-integ.assets.json +++ b/packages/@aws-cdk/aws-config/test/scoped-rule.integ.snapshot/aws-cdk-config-rule-scoped-integ.assets.json @@ -1,5 +1,5 @@ { - "version": "20.0.0", + "version": "21.0.0", "files": { "334d65f391737c79c5dd4a7f1fd9b8b58c86d362835cfcfd1a3873245cb214e0": { "source": { diff --git a/packages/@aws-cdk/aws-config/test/scoped-rule.integ.snapshot/cdk.out b/packages/@aws-cdk/aws-config/test/scoped-rule.integ.snapshot/cdk.out index 588d7b269d34f..8ecc185e9dbee 100644 --- a/packages/@aws-cdk/aws-config/test/scoped-rule.integ.snapshot/cdk.out +++ b/packages/@aws-cdk/aws-config/test/scoped-rule.integ.snapshot/cdk.out @@ -1 +1 @@ -{"version":"20.0.0"} \ No newline at end of file +{"version":"21.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-config/test/scoped-rule.integ.snapshot/integ.json b/packages/@aws-cdk/aws-config/test/scoped-rule.integ.snapshot/integ.json index bdf206b38dbb7..fb113b3bb37da 100644 --- a/packages/@aws-cdk/aws-config/test/scoped-rule.integ.snapshot/integ.json +++ b/packages/@aws-cdk/aws-config/test/scoped-rule.integ.snapshot/integ.json @@ -1,5 +1,5 @@ { - "version": "20.0.0", + "version": "21.0.0", "testCases": { "integ.scoped-rule": { "stacks": [ diff --git a/packages/@aws-cdk/aws-config/test/scoped-rule.integ.snapshot/manifest.json b/packages/@aws-cdk/aws-config/test/scoped-rule.integ.snapshot/manifest.json index 74027dc4c645b..5df879d5b8fd0 100644 --- a/packages/@aws-cdk/aws-config/test/scoped-rule.integ.snapshot/manifest.json +++ b/packages/@aws-cdk/aws-config/test/scoped-rule.integ.snapshot/manifest.json @@ -1,5 +1,5 @@ { - "version": "20.0.0", + "version": "21.0.0", "artifacts": { "Tree": { "type": "cdk:tree", diff --git a/packages/@aws-cdk/aws-config/test/scoped-rule.integ.snapshot/tree.json b/packages/@aws-cdk/aws-config/test/scoped-rule.integ.snapshot/tree.json index 6221a9faa5a2d..f1136029cb247 100644 --- a/packages/@aws-cdk/aws-config/test/scoped-rule.integ.snapshot/tree.json +++ b/packages/@aws-cdk/aws-config/test/scoped-rule.integ.snapshot/tree.json @@ -9,7 +9,7 @@ "path": "Tree", "constructInfo": { "fqn": "constructs.Construct", - "version": "10.1.85" + "version": "10.1.95" } }, "aws-cdk-config-rule-scoped-integ": { @@ -180,14 +180,14 @@ } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.1.85" + "fqn": "@aws-cdk/core.Stack", + "version": "0.0.0" } } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.1.85" + "fqn": "@aws-cdk/core.App", + "version": "0.0.0" } } } \ No newline at end of file