Skip to content

Commit

Permalink
chore(scheduler-alpha): unit test schedule with Lambda alias as target (
Browse files Browse the repository at this point in the history
aws#31873)

### Issue # (if applicable)

None

### Reason for this change

Missing this test case.

### Description of changes

Adding a unit test to verify `Schedule` works with Lambda Alias and correct permissions are added. 

### Description of how you validated changes

Unit test.

### Checklist
- [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md)

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
  • Loading branch information
samson-keung authored Oct 24, 2024
1 parent 6136d9e commit 886283e
Showing 1 changed file with 62 additions and 0 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -286,6 +286,68 @@ describe('schedule target', () => {
});
});

test('creates IAM role and IAM policy for lambda alias', () => {
const lambdaVersion = new lambda.Version(stack, 'MyLambdaVersion', {
lambda: func,
});
const lambdaAlias = new lambda.Alias(stack, 'MyLambdaAlias', {
version: lambdaVersion,
aliasName: 'SomeAliasName',
});

const lambdaTarget = new LambdaInvoke(lambdaAlias, {});

new Schedule(stack, 'MyScheduleDummy', {
schedule: expr,
target: lambdaTarget,
});

Template.fromStack(stack).resourceCountIs('AWS::Lambda::Permission', 0);

Template.fromStack(stack).hasResource('AWS::Scheduler::Schedule', {
Properties: {
Target: {
Arn: {
Ref: 'MyLambdaAliasD26C43B4',
},
RoleArn: { 'Fn::GetAtt': ['SchedulerRoleForTarget1441a743A31888', 'Arn'] },
RetryPolicy: {},
},
},
});

Template.fromStack(stack).hasResourceProperties('AWS::IAM::Policy', {
PolicyDocument: {
Statement: [
{
Action: 'lambda:InvokeFunction',
Effect: 'Allow',
Resource: {
Ref: 'MyLambdaAliasD26C43B4',
},
},
],
},
Roles: [{ Ref: 'SchedulerRoleForTarget1441a743A31888' }],
});

Template.fromStack(stack).hasResourceProperties('AWS::IAM::Role', {
AssumeRolePolicyDocument: {
Version: '2012-10-17',
Statement: [
{
Effect: 'Allow',
Condition: { StringEquals: { 'aws:SourceAccount': '123456789012' } },
Principal: {
Service: 'scheduler.amazonaws.com',
},
Action: 'sts:AssumeRole',
},
],
},
});
});

test('creates IAM policy for imported role for lambda function in the same account', () => {
const importedRole = Role.fromRoleArn(stack, 'ImportedRole', 'arn:aws:iam::123456789012:role/someRole');

Expand Down

0 comments on commit 886283e

Please sign in to comment.