Skip to content

Commit

Permalink
Linting fixes and add integration test
Browse files Browse the repository at this point in the history
  • Loading branch information
@jdukewich
jdukewich committed Jun 22, 2024
1 parent 54ccc0d commit 7bdc9a4
Show file tree
Hide file tree
Showing 5 changed files with 110 additions and 79 deletions.
35 changes: 35 additions & 0 deletions packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.security-group-lookup.ts
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
import * as cdk from 'aws-cdk-lib';
import * as ec2 from 'aws-cdk-lib/aws-ec2';

import { EC2_RESTRICT_DEFAULT_SECURITY_GROUP } from 'aws-cdk-lib/cx-api';
import { IntegTest } from '@aws-cdk/integ-tests-alpha';

const app = new cdk.App();
const stack = new cdk.Stack(app, 'StackWithSg', {
env: {
region: 'eu-west-1',
account: '123456',
},
});
stack.node.setContext(EC2_RESTRICT_DEFAULT_SECURITY_GROUP, false);

const testVpc = new ec2.Vpc(stack, 'MyVpc', {
vpcName: 'my-vpc-name',
});
const testSgA = new ec2.SecurityGroup(stack, 'MySgA', { vpc: testVpc, description: 'my-description' });
new ec2.SecurityGroup(stack, 'MySgB', { vpc: testVpc, description: 'my-description' });
cdk.Tags.of(testSgA).add('myTag', 'my-value');

ec2.SecurityGroup.fromLookupByFilters(stack, 'SgFromLookup', {
description: 'my-description',
tags: {
myTag: ['my-value'],
},
});

new IntegTest(app, 'ArchiveTest', {
testCases: [stack],
enableLookups: true,
});
app.synth();

16 changes: 7 additions & 9 deletions packages/aws-cdk-lib/aws-ec2/lib/security-group.ts
View file
Original file line number Diff line number Diff line change
@@ -1,14 +1,12 @@
import * as cxapi from '../../cx-api';
import * as cxschema from '../../cloud-assembly-schema';

import { Annotations, ContextProvider, IResource, Lazy, Names, Resource, ResourceProps, Stack, Token } from '../../core';
import { Construct } from 'constructs';
import { Connections } from './connections';
import { CfnSecurityGroup, CfnSecurityGroupEgress, CfnSecurityGroupIngress } from './ec2.generated';
import { IPeer, Peer } from './peer';

import { Connections } from './connections';
import { Construct } from 'constructs';
import { IVpc } from './vpc';
import { Port } from './port';
import { IVpc } from './vpc';
import * as cxschema from '../../cloud-assembly-schema';
import { Annotations, ContextProvider, IResource, Lazy, Names, Resource, ResourceProps, Stack, Token } from '../../core';
import * as cxapi from '../../cx-api';

const SECURITY_GROUP_SYMBOL = Symbol.for('@aws-cdk/iam.SecurityGroup');

Expand Down Expand Up @@ -837,7 +835,7 @@ function isAllTrafficRule(rule: any) {
*
* Either `securityGroupName` or `securityGroupId` has to be specified.
*/
interface SecurityGroupLookupOptions {
export interface SecurityGroupLookupOptions {
/**
* The name of the security group
*
Expand Down
13 changes: 6 additions & 7 deletions packages/aws-cdk-lib/aws-ec2/test/security-group.test.ts
View file
Original file line number Diff line number Diff line change
@@ -1,9 +1,8 @@
import { testDeprecated } from '@aws-cdk/cdk-build-tools';
import { Template } from '../../assertions';
import { App, Intrinsic, Lazy, Stack, Token } from '../../core';
import { Peer, Port, SecurityGroup, SecurityGroupProps, Vpc } from '../lib';

import { Template } from '../../assertions';
import { testDeprecated } from '@aws-cdk/cdk-build-tools';

const SECURITY_GROUP_DISABLE_INLINE_RULES_CONTEXT_KEY = '@aws-cdk/aws-ec2.securityGroupDisableInlineRules';

describe('security group', () => {
Expand Down Expand Up @@ -609,10 +608,10 @@ describe('security group lookup', () => {

// WHEN
const securityGroup = SecurityGroup.fromLookupByFilters(stack, 'SG1', {
ownerId: "012345678901",
description: "my description",
tagKeys: ["tagA", "tagB"],
tags: { tagC: ["valueC", "otherValueC"], tagD: ["valueD"] }
ownerId: '012345678901',
description: 'my description',
tagKeys: ['tagA', 'tagB'],
tags: { tagC: ['valueC', 'otherValueC'], tagD: ['valueD'] },
});

// THEN
Expand Down
9 changes: 4 additions & 5 deletions packages/aws-cdk/lib/context-providers/security-groups.ts
View file
Original file line number Diff line number Diff line change
@@ -1,10 +1,9 @@
import * as AWS from 'aws-sdk';
import * as cxapi from '@aws-cdk/cx-api';
import * as cxschema from '@aws-cdk/cloud-assembly-schema';

import { ContextProviderPlugin } from '../api/plugin';
import * as cxapi from '@aws-cdk/cx-api';
import * as AWS from 'aws-sdk';
import { Mode } from '../api/aws-auth/credentials';
import { SdkProvider } from '../api/aws-auth/sdk-provider';
import { ContextProviderPlugin } from '../api/plugin';

export class SecurityGroupContextProviderPlugin implements ContextProviderPlugin {
constructor(private readonly aws: SdkProvider) {
Expand Down Expand Up @@ -58,7 +57,7 @@ export class SecurityGroupContextProviderPlugin implements ContextProviderPlugin
Name: `tag:${key}`,
Values: values,
});
})
});
}

const response = await ec2.describeSecurityGroups({
Expand Down
116 changes: 58 additions & 58 deletions packages/aws-cdk/test/context-providers/security-groups.test.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -229,71 +229,71 @@ describe('security group context provider plugin', () => {
});

test('looks up by security group description, owner id, tag keys, and tags', async () => {
// GIVEN
const provider = new SecurityGroupContextProviderPlugin(mockSDK);
// GIVEN
const provider = new SecurityGroupContextProviderPlugin(mockSDK);

AWS.mock('EC2', 'describeSecurityGroups', (_params: aws.EC2.DescribeSecurityGroupsRequest, cb: AwsCallback<aws.EC2.DescribeSecurityGroupsResult>) => {
expect(_params).toEqual({
Filters: [
{
Name: 'owner-id',
Values: ['012345678901'],
},
{
Name: 'description',
Values: ['my description'],
},
{
Name: 'tag-key',
Values: ['tagA', 'tagB'],
},
{
Name: 'tag:tagC',
Values: ['valueC', 'otherValueC'],
},
AWS.mock('EC2', 'describeSecurityGroups', (_params: aws.EC2.DescribeSecurityGroupsRequest, cb: AwsCallback<aws.EC2.DescribeSecurityGroupsResult>) => {
expect(_params).toEqual({
Filters: [
{
Name: 'owner-id',
Values: ['012345678901'],
},
{
Name: 'description',
Values: ['my description'],
},
{
Name: 'tag-key',
Values: ['tagA', 'tagB'],
},
{
Name: 'tag:tagC',
Values: ['valueC', 'otherValueC'],
},
{
Name: 'tag:tagD',
Values: ['valueD'],
},
],
});
cb(null, {
SecurityGroups: [
{
GroupId: 'sg-1234',
IpPermissionsEgress: [
{
Name: 'tag:tagD',
Values: ['valueD'],
IpProtocol: '-1',
IpRanges: [
{ CidrIp: '0.0.0.0/0' },
],
},
],
});
cb(null, {
SecurityGroups: [
{
GroupId: 'sg-1234',
IpPermissionsEgress: [
{
IpProtocol: '-1',
IpRanges: [
{ CidrIp: '0.0.0.0/0' },
],
},
{
IpProtocol: '-1',
Ipv6Ranges: [
{ CidrIpv6: '::/0' },
],
},
IpProtocol: '-1',
Ipv6Ranges: [
{ CidrIpv6: '::/0' },
],
},
],
});
});

// WHEN
const res = await provider.getValue({
account: '1234',
region: 'us-east-1',
ownerId: "012345678901",
description: "my description",
tagKeys: ["tagA", "tagB"],
tags: { tagC: ["valueC", "otherValueC"], tagD: ["valueD"] }
});

// THEN
expect(res.securityGroupId).toEqual('sg-1234');
expect(res.allowAllOutbound).toEqual(true);
})
},
],
});
});

// WHEN
const res = await provider.getValue({
account: '1234',
region: 'us-east-1',
ownerId: '012345678901',
description: 'my description',
tagKeys: ['tagA', 'tagB'],
tags: { tagC: ['valueC', 'otherValueC'], tagD: ['valueD'] },
});

// THEN
expect(res.securityGroupId).toEqual('sg-1234');
expect(res.allowAllOutbound).toEqual(true);
});

test('detects non all-outbound egress', async () => {
// GIVEN
Expand Down

0 comments on commit 7bdc9a4

Please sign in to comment.