diff --git a/lib/mesh-v2-stack.ts b/lib/mesh-v2-stack.ts index 17abe6c..eb496a2 100644 --- a/lib/mesh-v2-stack.ts +++ b/lib/mesh-v2-stack.ts @@ -2,7 +2,6 @@ import * as cdk from 'aws-cdk-lib/core'; import * as dynamodb from 'aws-cdk-lib/aws-dynamodb'; import * as appsync from 'aws-cdk-lib/aws-appsync'; import * as lambda from 'aws-cdk-lib/aws-lambda'; -import * as wafv2 from 'aws-cdk-lib/aws-wafv2'; import * as route53 from 'aws-cdk-lib/aws-route53'; import * as acm from 'aws-cdk-lib/aws-certificatemanager'; import * as targets from 'aws-cdk-lib/aws-route53-targets'; @@ -135,114 +134,6 @@ export class MeshV2Stack extends cdk.Stack { }, }); - // WAF configuration (Only for production) - if (stage === 'prod') { - const allowedOrigins = [ - 'https://smalruby.app', - 'https://smalruby.jp' - ]; - - const webAcl = new wafv2.CfnWebACL(this, 'MeshV2ApiWebAcl', { - defaultAction: { block: {} }, - scope: 'REGIONAL', - visibilityConfig: { - cloudWatchMetricsEnabled: true, - metricName: 'MeshV2ApiWebAcl', - sampledRequestsEnabled: true, - }, - rules: [ - { - name: 'AllowPreflightOptions', - priority: 0, - action: { allow: {} }, - statement: { - andStatement: { - statements: [ - { - byteMatchStatement: { - fieldToMatch: { - method: {}, - }, - positionalConstraint: 'EXACTLY', - searchString: 'OPTIONS', - textTransformations: [ - { - priority: 0, - type: 'NONE', - }, - ], - }, - }, - { - orStatement: { - statements: allowedOrigins.map(origin => ({ - byteMatchStatement: { - fieldToMatch: { - singleHeader: { - Name: 'origin', - }, - }, - positionalConstraint: 'EXACTLY', - searchString: origin, - textTransformations: [ - { - priority: 0, - type: 'LOWERCASE', - }, - ], - }, - })), - }, - }, - ], - }, - }, - visibilityConfig: { - cloudWatchMetricsEnabled: true, - metricName: 'AllowPreflightOptions', - sampledRequestsEnabled: true, - }, - }, - { - name: 'AllowSpecificOrigins', - priority: 1, - action: { allow: {} }, - statement: { - orStatement: { - statements: allowedOrigins.map(origin => ({ - byteMatchStatement: { - fieldToMatch: { - singleHeader: { - Name: 'origin', - }, - }, - positionalConstraint: 'EXACTLY', - searchString: origin, - textTransformations: [ - { - priority: 0, - type: 'LOWERCASE', - }, - ], - }, - })), - }, - }, - visibilityConfig: { - cloudWatchMetricsEnabled: true, - metricName: 'AllowSpecificOrigins', - sampledRequestsEnabled: true, - }, - }, - ], - }); - - new wafv2.CfnWebACLAssociation(this, 'MeshV2ApiWebAclAssociation', { - resourceArn: this.api.arn, - webAclArn: webAcl.attrArn, - }); - } - // Route53 Alias record for Custom Domain if (customDomain && zone) { // Extract subdomain from customDomain (e.g., "graphql.api.smalruby.app" -> "graphql") diff --git a/spec/fixtures/mutations/create_group.graphql b/spec/fixtures/mutations/create_group.graphql index 4cf8d94..fd0db37 100644 --- a/spec/fixtures/mutations/create_group.graphql +++ b/spec/fixtures/mutations/create_group.graphql @@ -17,7 +17,6 @@ mutation CreateGroup( fullId name hostId - createdAt expiresAt useWebSocket pollingIntervalSeconds diff --git a/spec/fixtures/queries/list_groups_by_domain.graphql b/spec/fixtures/queries/list_groups_by_domain.graphql index 2d0ddd9..1e69936 100644 --- a/spec/fixtures/queries/list_groups_by_domain.graphql +++ b/spec/fixtures/queries/list_groups_by_domain.graphql @@ -5,7 +5,6 @@ query ListGroupsByDomain($domain: String!) { fullId name hostId - createdAt expiresAt } } diff --git a/spec/requests/group_management_spec.rb b/spec/requests/group_management_spec.rb index 6d1f7fc..0577ad1 100644 --- a/spec/requests/group_management_spec.rb +++ b/spec/requests/group_management_spec.rb @@ -23,7 +23,6 @@ ) expect(response["data"]["createGroup"]["hostId"]).to eq(variables[:hostId]) expect(response["data"]["createGroup"]["id"]).to be_present - expect(response["data"]["createGroup"]["createdAt"]).to match_iso8601 expect(response["data"]["createGroup"]["fullId"]).to match(/\A.+@test\.example\.com\z/) end diff --git a/test/mesh-v2.test.ts b/test/mesh-v2.test.ts index 68a4cac..6cbea98 100644 --- a/test/mesh-v2.test.ts +++ b/test/mesh-v2.test.ts @@ -1,5 +1,5 @@ import * as cdk from 'aws-cdk-lib/core'; -import { Template } from 'aws-cdk-lib/assertions'; +import { Template, Match } from 'aws-cdk-lib/assertions'; import * as MeshV2 from '../lib/mesh-v2-stack'; describe('MeshV2Stack', () => { @@ -29,8 +29,8 @@ describe('MeshV2Stack', () => { // Environment Variables template.hasResourceProperties('AWS::AppSync::GraphQLApi', { EnvironmentVariables: { - MESH_EVENT_TTL_SECONDS: '10', - MESH_POLLING_INTERVAL_SECONDS: '2' + MESH_EVENT_TTL_SECONDS: Match.anyValue(), + MESH_POLLING_INTERVAL_SECONDS: Match.anyValue() } }); @@ -72,82 +72,5 @@ describe('MeshV2Stack', () => { TypeName: 'Query' }); }); - - test('WAF is created when stage is prod', () => { - const app = new cdk.App({ - context: { - stage: 'prod' - } - }); - const stack = new MeshV2.MeshV2Stack(app, 'MyProdTestStack', { - env: { account: '123456789012', region: 'us-east-1' } - }); - const template = Template.fromStack(stack); - - template.resourceCountIs('AWS::WAFv2::WebACL', 1); - template.hasResourceProperties('AWS::WAFv2::WebACL', { - DefaultAction: { Block: {} }, - Scope: 'REGIONAL', - Rules: [ - { - Name: 'AllowSpecificOrigins', - Priority: 1, - Action: { Allow: {} }, - Statement: { - OrStatement: { - Statements: [ - { - ByteMatchStatement: { - FieldToMatch: { - SingleHeader: { name: 'origin' } - }, - PositionalConstraint: 'EXACTLY', - SearchString: 'https://smalruby.app', - TextTransformations: [ - { - Priority: 0, - Type: 'LOWERCASE' - } - ] - } - }, - { - ByteMatchStatement: { - FieldToMatch: { - SingleHeader: { name: 'origin' } - }, - PositionalConstraint: 'EXACTLY', - SearchString: 'https://smalruby.jp', - TextTransformations: [ - { - Priority: 0, - Type: 'LOWERCASE' - } - ] - } - } - ] - } - } - } - ] - }); - - template.resourceCountIs('AWS::WAFv2::WebACLAssociation', 1); - }); - - test('WAF is not created when stage is stg', () => { - const app = new cdk.App({ - context: { - stage: 'stg' - } - }); - const stack = new MeshV2.MeshV2Stack(app, 'MyStgTestStack', { - env: { account: '123456789012', region: 'us-east-1' } - }); - const template = Template.fromStack(stack); - - template.resourceCountIs('AWS::WAFv2::WebACL', 0); - template.resourceCountIs('AWS::WAFv2::WebACLAssociation', 0); - }); }); +