forked from aws/aws-cdk
-
Notifications
You must be signed in to change notification settings - Fork 0
/
log-group-resource-policy.test.ts
65 lines (61 loc) · 2.06 KB
/
log-group-resource-policy.test.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
import { Template } from '@aws-cdk/assertions';
import * as iam from '@aws-cdk/aws-iam';
import { App, Stack } from '@aws-cdk/core';
import { LogGroupResourcePolicy } from '../lib/log-group-resource-policy';
let app: App;
let stack: Stack;
beforeEach(() => {
app = new App();
stack = new Stack(app, 'Stack', {
env: { account: '1234', region: 'testregion' },
});
});
test('minimal example renders correctly', () => {
new LogGroupResourcePolicy(stack, 'LogGroupResourcePolicy', {
policyName: 'TestPolicy',
policyStatements: [new iam.PolicyStatement({
effect: iam.Effect.ALLOW,
actions: ['logs:PutLogEvents', 'logs:CreateLogStream'],
resources: ['*'],
principals: [new iam.ServicePrincipal('es.amazonaws.com')],
})],
});
Template.fromStack(stack).hasResourceProperties('Custom::CloudwatchLogResourcePolicy', {
ServiceToken: {
'Fn::GetAtt': [
'AWS679f53fac002430cb0da5b7982bd22872D164C4C',
'Arn',
],
},
Create: JSON.stringify({
service: 'CloudWatchLogs',
action: 'putResourcePolicy',
parameters: {
policyName: 'TestPolicy',
policyDocument: '{"Statement":[{"Action":["logs:PutLogEvents","logs:CreateLogStream"],"Effect":"Allow","Principal":{"Service":"es.amazonaws.com"},"Resource":"*"}],"Version":"2012-10-17"}',
},
physicalResourceId: {
id: 'LogGroupResourcePolicy',
},
}),
Update: JSON.stringify({
service: 'CloudWatchLogs',
action: 'putResourcePolicy',
parameters: {
policyName: 'TestPolicy',
policyDocument: '{"Statement":[{"Action":["logs:PutLogEvents","logs:CreateLogStream"],"Effect":"Allow","Principal":{"Service":"es.amazonaws.com"},"Resource":"*"}],"Version":"2012-10-17"}',
},
physicalResourceId: {
id: 'LogGroupResourcePolicy',
},
}),
Delete: JSON.stringify({
service: 'CloudWatchLogs',
action: 'deleteResourcePolicy',
parameters: {
policyName: 'TestPolicy',
},
ignoreErrorCodesMatching: 'ResourceNotFoundException',
}),
});
});