From 1e896e4b6c3d552cf1da5c5ea4a297142e736ced Mon Sep 17 00:00:00 2001 From: Jonathan Ifegunni Date: Wed, 7 Feb 2024 11:55:02 -0800 Subject: [PATCH] Added more test --- .../aws-lambda-event-sources/test/s3.test.ts | 57 ++++++++++++++++++- 1 file changed, 56 insertions(+), 1 deletion(-) diff --git a/packages/aws-cdk-lib/aws-lambda-event-sources/test/s3.test.ts b/packages/aws-cdk-lib/aws-lambda-event-sources/test/s3.test.ts index de5692a3b8e72..9299ba3fbd01c 100644 --- a/packages/aws-cdk-lib/aws-lambda-event-sources/test/s3.test.ts +++ b/packages/aws-cdk-lib/aws-lambda-event-sources/test/s3.test.ts @@ -252,5 +252,60 @@ describe('S3EventSource', () => { 'SourceArn': 'arn:aws:s3:::some-bucket-not-in-this-account', }); }); -}); + test('Test bucket account is referenced intrinsicly', () => { + // GIVEN + const stack = new cdk.Stack(); + const fn = new TestFunction(stack, 'Fn'); + const bucket = new s3.Bucket(stack, 'B'); + + // WHEN + fn.addEventSource(new sources.S3EventSource(bucket, { + events: [s3.EventType.OBJECT_CREATED, s3.EventType.OBJECT_REMOVED], + filters: [ + { prefix: 'prefix/' }, + { suffix: '.png' }, + ], + })); + + // THEN + Template.fromStack(stack).hasResourceProperties('AWS::Lambda::Permission', { + 'Principal': 's3.amazonaws.com', + 'SourceAccount': { + 'Ref': 'AWS::AccountId', + }, + 'SourceArn': { + 'Fn::GetAtt': ['B08E7C7AF', 'Arn'], + }, + }); + }); + + test('Default to stack account if bucket account doesnt exist', () => { + // GIVEN + const app = new cdk.App(); + const stack = new cdk.Stack(app, 'stack'); + const fn = new TestFunction(stack, 'Fn'); + + let accountB = ''; + //WHEN + const foreignBucket = + s3.Bucket.fromBucketAttributes(stack, 'ImportedBucket', { + bucketArn: 'arn:aws:s3:::some-bucket-not-in-this-account', + // The account the bucket really lives in + account: accountB, + }); + + // This will generate the IAM bindings + fn.addEventSource(new sources.S3EventSource(foreignBucket as s3.Bucket, + { events: [s3.EventType.OBJECT_CREATED] })); + + // THEN + Template.fromStack(stack).hasResourceProperties('AWS::Lambda::Permission', { + 'Principal': 's3.amazonaws.com', + 'SourceAccount': { + 'Ref': 'AWS::AccountId', + }, + 'SourceArn': 'arn:aws:s3:::some-bucket-not-in-this-account', + }); + }); +});