Skip to content

fix: Add ECR Policy Check to Integration Tests#3527

Merged
CoshUS merged 9 commits intoaws:developfrom
CoshUS:fix/ecr-policy-test
Jan 10, 2022
Merged

fix: Add ECR Policy Check to Integration Tests#3527
CoshUS merged 9 commits intoaws:developfrom
CoshUS:fix/ecr-policy-test

Conversation

@CoshUS
Copy link
Contributor

@CoshUS CoshUS commented Dec 10, 2021

Which issue(s) does this change fix?

Why is this change necessary?

How does it address the issue?

What side effects does this change have?

Checklist

  • Add input/output type hints to new functions/methods
  • Write design document (Do I need to write a design document?)
  • Write unit tests
  • Write/update functional tests
  • Write/update integration tests
  • make pr passes
  • make update-reproducible-reqs if dependencies were changed
  • Write documentation

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@CoshUS CoshUS requested review from jfuss and qingchm December 10, 2021 23:58
qingchm
qingchm reviewed Dec 11, 2021
View reviewed changes
qingchm
qingchm reviewed Dec 11, 2021
View reviewed changes
tests/integration/deploy/test_deploy_command.py Outdated
self.assertEqual(lambda_policy.get("Principal"), {"Service": "lambda.amazonaws.com"})
actions = lambda_policy.get("Action")
self.assertEqual(
sorted(actions), sorted(["ecr:GetDownloadUrlForLayer", "ecr:GetRepositoryPolicy", "ecr:BatchGetImage"])
Copy link
Contributor

@qingchm qingchm Dec 11, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

["ecr:GetDownloadUrlForLayer", "ecr:GetRepositoryPolicy", "ecr:BatchGetImage"] is this list stored somewhere in our codebase? Would be nice if this is an import and any changes to our ECR policies won't need an update on this test

Copy link
Contributor Author

@CoshUS CoshUS Dec 11, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's hard coded in the template generation part.
Not importing in the test as this test acts as a sanity check for any changes to the ECR policy.

@qingchm
Copy link
Contributor

qingchm commented Dec 11, 2021

LGTM! Just two small comments!

@CoshUS CoshUS merged commit 2aa7bf0 into aws:develop Jan 10, 2022
mndeveci added a commit to mndeveci/aws-sam-cli that referenced this pull request Apr 5, 2022
@CoshUS @mndeveci
fix: Add ECR Policy Check to Integration Tests (aws#3527)
cd25bbf 
* Added ECR Policy Check Tests

* Updated Dict Get Default

* Added Companion Stack Asserts to PackageIntegBase

Co-authored-by: Mehmet Nuri Deveci <5735811+mndeveci@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jfuss jfuss Awaiting requested review from jfuss

2 more reviewers

@mndeveci mndeveci mndeveci approved these changes

@qingchm qingchm qingchm approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

pr/internal

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@CoshUS @qingchm @mndeveci