From 8ad0b7803aa9478ed419330375b7d9cf888548a5 Mon Sep 17 00:00:00 2001 From: Felipe Bessa Coelho Date: Mon, 17 Oct 2022 09:49:21 +0100 Subject: [PATCH 1/2] fix(cloudwatch): remove region from dashboard ARN Dashboard ARNs do not contain their region in the ARN, as shown in the Cloudwatch documentation [1]. Using ARNs with the region will cause operations like GetDashboard (used by, for example, the dashboard sharing mechanism) to fail with an AccessDenied. [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazoncloudwatch.html#amazoncloudwatch-dashboard --- .../@aws-cdk/aws-cloudwatch/lib/dashboard.ts | 1 + .../aws-cloudwatch/test/dashboard.test.ts | 16 ++++++++++++++++ 2 files changed, 17 insertions(+) diff --git a/packages/@aws-cdk/aws-cloudwatch/lib/dashboard.ts b/packages/@aws-cdk/aws-cloudwatch/lib/dashboard.ts index bab87457e94a3..f138d1f419ab6 100644 --- a/packages/@aws-cdk/aws-cloudwatch/lib/dashboard.ts +++ b/packages/@aws-cdk/aws-cloudwatch/lib/dashboard.ts @@ -132,6 +132,7 @@ export class Dashboard extends Resource { this.dashboardArn = Stack.of(this).formatArn({ service: 'cloudwatch', resource: 'dashboard', + region: '', resourceName: this.physicalName, }); } diff --git a/packages/@aws-cdk/aws-cloudwatch/test/dashboard.test.ts b/packages/@aws-cdk/aws-cloudwatch/test/dashboard.test.ts index 2d0943ceed962..4a805734655bd 100644 --- a/packages/@aws-cdk/aws-cloudwatch/test/dashboard.test.ts +++ b/packages/@aws-cdk/aws-cloudwatch/test/dashboard.test.ts @@ -177,6 +177,22 @@ describe('Dashboard', () => { expect(() => toThrow()).toThrow(/field dashboardName contains invalid characters/); }); + test('dashboardArn should not include a region', () => { + // GIVEN + const app = new App(); + const stack = new Stack(app, 'MyStack', { + env: { + region: 'invalid-region', + }, + }); + + // WHEN + const dashboard = new Dashboard(stack, 'MyStack'); + + // THEN + expect(dashboard.dashboardArn).not.toContain('invalid-region'); + }); + test('metric warnings are added to dashboard', () => { const app = new App(); const stack = new Stack(app, 'MyStack'); From e20c7040b9f53d42951d86bc3cdd67a083de9f4b Mon Sep 17 00:00:00 2001 From: Felipe Bessa Coelho Date: Mon, 17 Oct 2022 11:05:46 +0100 Subject: [PATCH 2/2] Add integration tests --- ...efaultTestDeployAssert5BE38902.assets.json | 19 +++ ...aultTestDeployAssert5BE38902.template.json | 36 ++++++ .../DashboardIntegrationTestStack.assets.json | 19 +++ ...ashboardIntegrationTestStack.template.json | 64 ++++++++++ .../test/dashboard.integ.snapshot/cdk.out | 1 + .../test/dashboard.integ.snapshot/integ.json | 12 ++ .../dashboard.integ.snapshot/manifest.json | 117 ++++++++++++++++++ .../test/dashboard.integ.snapshot/tree.json | 99 +++++++++++++++ .../aws-cloudwatch/test/integ.dashboard.ts | 19 +++ 9 files changed, 386 insertions(+) create mode 100644 packages/@aws-cdk/aws-cloudwatch/test/dashboard.integ.snapshot/DashboardIntegrationTestDefaultTestDeployAssert5BE38902.assets.json create mode 100644 packages/@aws-cdk/aws-cloudwatch/test/dashboard.integ.snapshot/DashboardIntegrationTestDefaultTestDeployAssert5BE38902.template.json create mode 100644 packages/@aws-cdk/aws-cloudwatch/test/dashboard.integ.snapshot/DashboardIntegrationTestStack.assets.json create mode 100644 packages/@aws-cdk/aws-cloudwatch/test/dashboard.integ.snapshot/DashboardIntegrationTestStack.template.json create mode 100644 packages/@aws-cdk/aws-cloudwatch/test/dashboard.integ.snapshot/cdk.out create mode 100644 packages/@aws-cdk/aws-cloudwatch/test/dashboard.integ.snapshot/integ.json create mode 100644 packages/@aws-cdk/aws-cloudwatch/test/dashboard.integ.snapshot/manifest.json create mode 100644 packages/@aws-cdk/aws-cloudwatch/test/dashboard.integ.snapshot/tree.json create mode 100644 packages/@aws-cdk/aws-cloudwatch/test/integ.dashboard.ts diff --git a/packages/@aws-cdk/aws-cloudwatch/test/dashboard.integ.snapshot/DashboardIntegrationTestDefaultTestDeployAssert5BE38902.assets.json b/packages/@aws-cdk/aws-cloudwatch/test/dashboard.integ.snapshot/DashboardIntegrationTestDefaultTestDeployAssert5BE38902.assets.json new file mode 100644 index 0000000000000..cedc2589fdf0a --- /dev/null +++ b/packages/@aws-cdk/aws-cloudwatch/test/dashboard.integ.snapshot/DashboardIntegrationTestDefaultTestDeployAssert5BE38902.assets.json @@ -0,0 +1,19 @@ +{ + "version": "21.0.0", + "files": { + "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { + "source": { + "path": "DashboardIntegrationTestDefaultTestDeployAssert5BE38902.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-cloudwatch/test/dashboard.integ.snapshot/DashboardIntegrationTestDefaultTestDeployAssert5BE38902.template.json b/packages/@aws-cdk/aws-cloudwatch/test/dashboard.integ.snapshot/DashboardIntegrationTestDefaultTestDeployAssert5BE38902.template.json new file mode 100644 index 0000000000000..ad9d0fb73d1dd --- /dev/null +++ b/packages/@aws-cdk/aws-cloudwatch/test/dashboard.integ.snapshot/DashboardIntegrationTestDefaultTestDeployAssert5BE38902.template.json @@ -0,0 +1,36 @@ +{ + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-cloudwatch/test/dashboard.integ.snapshot/DashboardIntegrationTestStack.assets.json b/packages/@aws-cdk/aws-cloudwatch/test/dashboard.integ.snapshot/DashboardIntegrationTestStack.assets.json new file mode 100644 index 0000000000000..d1b1a3ff661c0 --- /dev/null +++ b/packages/@aws-cdk/aws-cloudwatch/test/dashboard.integ.snapshot/DashboardIntegrationTestStack.assets.json @@ -0,0 +1,19 @@ +{ + "version": "21.0.0", + "files": { + "b452fe16df3d8f84e50f1907b5f1c4ba0b5fe8de850fbc95a0e752203d6573ae": { + "source": { + "path": "DashboardIntegrationTestStack.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "b452fe16df3d8f84e50f1907b5f1c4ba0b5fe8de850fbc95a0e752203d6573ae.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-cloudwatch/test/dashboard.integ.snapshot/DashboardIntegrationTestStack.template.json b/packages/@aws-cdk/aws-cloudwatch/test/dashboard.integ.snapshot/DashboardIntegrationTestStack.template.json new file mode 100644 index 0000000000000..843bd580f03ff --- /dev/null +++ b/packages/@aws-cdk/aws-cloudwatch/test/dashboard.integ.snapshot/DashboardIntegrationTestStack.template.json @@ -0,0 +1,64 @@ +{ + "Resources": { + "DashCCD7F836": { + "Type": "AWS::CloudWatch::Dashboard", + "Properties": { + "DashboardBody": "{\"widgets\":[]}" + } + } + }, + "Outputs": { + "DashboardArn": { + "Value": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":cloudwatch::", + { + "Ref": "AWS::AccountId" + }, + ":dashboard/" + ] + ] + } + } + }, + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-cloudwatch/test/dashboard.integ.snapshot/cdk.out b/packages/@aws-cdk/aws-cloudwatch/test/dashboard.integ.snapshot/cdk.out new file mode 100644 index 0000000000000..8ecc185e9dbee --- /dev/null +++ b/packages/@aws-cdk/aws-cloudwatch/test/dashboard.integ.snapshot/cdk.out @@ -0,0 +1 @@ +{"version":"21.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-cloudwatch/test/dashboard.integ.snapshot/integ.json b/packages/@aws-cdk/aws-cloudwatch/test/dashboard.integ.snapshot/integ.json new file mode 100644 index 0000000000000..45420c65b8942 --- /dev/null +++ b/packages/@aws-cdk/aws-cloudwatch/test/dashboard.integ.snapshot/integ.json @@ -0,0 +1,12 @@ +{ + "version": "21.0.0", + "testCases": { + "DashboardIntegrationTest/DefaultTest": { + "stacks": [ + "DashboardIntegrationTestStack" + ], + "assertionStack": "DashboardIntegrationTest/DefaultTest/DeployAssert", + "assertionStackName": "DashboardIntegrationTestDefaultTestDeployAssert5BE38902" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-cloudwatch/test/dashboard.integ.snapshot/manifest.json b/packages/@aws-cdk/aws-cloudwatch/test/dashboard.integ.snapshot/manifest.json new file mode 100644 index 0000000000000..4f71ead52e8aa --- /dev/null +++ b/packages/@aws-cdk/aws-cloudwatch/test/dashboard.integ.snapshot/manifest.json @@ -0,0 +1,117 @@ +{ + "version": "21.0.0", + "artifacts": { + "Tree": { + "type": "cdk:tree", + "properties": { + "file": "tree.json" + } + }, + "DashboardIntegrationTestStack.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "DashboardIntegrationTestStack.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "DashboardIntegrationTestStack": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "DashboardIntegrationTestStack.template.json", + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/b452fe16df3d8f84e50f1907b5f1c4ba0b5fe8de850fbc95a0e752203d6573ae.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "DashboardIntegrationTestStack.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "DashboardIntegrationTestStack.assets" + ], + "metadata": { + "/DashboardIntegrationTestStack/Dash/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "DashCCD7F836" + } + ], + "/DashboardIntegrationTestStack/DashboardArn": [ + { + "type": "aws:cdk:logicalId", + "data": "DashboardArn" + } + ], + "/DashboardIntegrationTestStack/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/DashboardIntegrationTestStack/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "DashboardIntegrationTestStack" + }, + "DashboardIntegrationTestDefaultTestDeployAssert5BE38902.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "DashboardIntegrationTestDefaultTestDeployAssert5BE38902.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "DashboardIntegrationTestDefaultTestDeployAssert5BE38902": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "DashboardIntegrationTestDefaultTestDeployAssert5BE38902.template.json", + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "DashboardIntegrationTestDefaultTestDeployAssert5BE38902.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "DashboardIntegrationTestDefaultTestDeployAssert5BE38902.assets" + ], + "metadata": { + "/DashboardIntegrationTest/DefaultTest/DeployAssert/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/DashboardIntegrationTest/DefaultTest/DeployAssert/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "DashboardIntegrationTest/DefaultTest/DeployAssert" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-cloudwatch/test/dashboard.integ.snapshot/tree.json b/packages/@aws-cdk/aws-cloudwatch/test/dashboard.integ.snapshot/tree.json new file mode 100644 index 0000000000000..f1f3b85e88edd --- /dev/null +++ b/packages/@aws-cdk/aws-cloudwatch/test/dashboard.integ.snapshot/tree.json @@ -0,0 +1,99 @@ +{ + "version": "tree-0.1", + "tree": { + "id": "App", + "path": "", + "children": { + "Tree": { + "id": "Tree", + "path": "Tree", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.1.129" + } + }, + "DashboardIntegrationTestStack": { + "id": "DashboardIntegrationTestStack", + "path": "DashboardIntegrationTestStack", + "children": { + "Dash": { + "id": "Dash", + "path": "DashboardIntegrationTestStack/Dash", + "children": { + "Resource": { + "id": "Resource", + "path": "DashboardIntegrationTestStack/Dash/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::CloudWatch::Dashboard", + "aws:cdk:cloudformation:props": { + "dashboardBody": "{\"widgets\":[]}" + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-cloudwatch.CfnDashboard", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-cloudwatch.Dashboard", + "version": "0.0.0" + } + }, + "DashboardArn": { + "id": "DashboardArn", + "path": "DashboardIntegrationTestStack/DashboardArn", + "constructInfo": { + "fqn": "@aws-cdk/core.CfnOutput", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/core.Stack", + "version": "0.0.0" + } + }, + "DashboardIntegrationTest": { + "id": "DashboardIntegrationTest", + "path": "DashboardIntegrationTest", + "children": { + "DefaultTest": { + "id": "DefaultTest", + "path": "DashboardIntegrationTest/DefaultTest", + "children": { + "Default": { + "id": "Default", + "path": "DashboardIntegrationTest/DefaultTest/Default", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.1.129" + } + }, + "DeployAssert": { + "id": "DeployAssert", + "path": "DashboardIntegrationTest/DefaultTest/DeployAssert", + "constructInfo": { + "fqn": "@aws-cdk/core.Stack", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests.IntegTestCase", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests.IntegTest", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/core.App", + "version": "0.0.0" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-cloudwatch/test/integ.dashboard.ts b/packages/@aws-cdk/aws-cloudwatch/test/integ.dashboard.ts new file mode 100644 index 0000000000000..bbc8603e98045 --- /dev/null +++ b/packages/@aws-cdk/aws-cloudwatch/test/integ.dashboard.ts @@ -0,0 +1,19 @@ +import * as cdk from '@aws-cdk/core'; +import * as integ from '@aws-cdk/integ-tests'; +import * as cloudwatch from '../lib'; + +const app = new cdk.App(); + +const stack = new cdk.Stack(app, 'DashboardIntegrationTestStack'); + +const dashboard = new cloudwatch.Dashboard(stack, 'Dash'); + +new cdk.CfnOutput(stack, 'DashboardArn', { + value: dashboard.dashboardArn, +}); + +new integ.IntegTest(app, 'DashboardIntegrationTest', { + testCases: [stack], +}); + +app.synth();