Add some testing

aws-cloudformation · Feb 8, 2024 · 3a5324f · 3a5324f
1 parent 4f1663c
commit 3a5324f
Show file tree

Hide file tree

Showing 4 changed files with 137 additions and 1 deletion.
diff --git a/test/fixtures/templates/good/resources/properties/hard_coded_arn_properties_cdk.yaml b/test/fixtures/templates/good/resources/properties/hard_coded_arn_properties_cdk.yaml
@@ -0,0 +1,82 @@
+AWSTemplateFormatVersion: 2010-09-09
+Resources:
+  CdkMetadata:
+    Type: AWS::CDK::Metadata
+
+  S3BadBucket:
+    Type: AWS::S3::Bucket
+    Properties:
+      AccessControl: Private
+      NotificationConfiguration:
+        TopicConfigurations:
+        - Topic: !Sub arn:aws:sns:us-east-1:123456789012:TestTopic
+          Event: s3:ReducedRedundancyLostObject
+
+  SampleBadBucketPolicy: 
+    Type: AWS::S3::BucketPolicy
+    Properties: 
+      Bucket: !Ref S3BadBucket
+      PolicyDocument: 
+        Statement: 
+          - Action: 
+              - s3:GetObject
+            Effect: Allow
+            Resource: !Sub arn:aws:s3:::${S3BadBucket}
+            Principal: "*"
+
+  SampleRole:
+    Type: AWS::IAM::Role
+    Properties:
+      AssumeRolePolicyDocument:
+        Version: '2012-10-17'
+        Statement:
+          - Effect: Allow
+            Principal:
+              Service:
+              - ec2.amazonaws.com
+            Action:
+              - 'sts:AssumeRole'
+      Path: /
+
+
+  SampleBadIAMPolicy1:
+    Type: AWS::IAM::ManagedPolicy
+    Properties:
+      PolicyDocument:
+        Version: '2012-10-17'
+        Statement:
+          - Effect: Allow
+            Action:
+              - sns:Publish
+            Resource: !Sub arn:${AWS::Partition}:sns:us-east-1:${AWS::AccountId}:TestTopic
+      Roles:
+        - !Ref SampleRole
+
+  SampleBadIAMPolicy2:
+    Type: AWS::IAM::ManagedPolicy
+    Properties:
+      PolicyDocument:
+        Version: '2012-10-17'
+        Statement:
+          - Effect: Allow
+            Action:
+              - sns:Publish
+            Resource: 
+              - !Sub arn:${AWS::Partition}:sns:us-east-1:${AWS::AccountId}:TestTopic
+              - !Sub arn:${AWS::Partition}:sns:${AWS::Region}:${AWS::AccountId}:TestTopic
+      Roles:
+        - !Ref SampleRole
+
+  SampleBadIAMPolicy3:
+    Type: AWS::IAM::ManagedPolicy
+    Properties:
+      PolicyDocument:
+        Version: '2012-10-17'
+        Statement:
+          - Effect: Allow
+            Action:
+              - sns:Publish
+            Resource: 
+              - !Sub arn:${AWS::Partition}:sns:${AWS::Partition}:${AWS::AccountId}:TestTopic
+      Roles:
+        - !Ref SampleRole
diff --git a/test/unit/module/test_template.py b/test/unit/module/test_template.py
@@ -1233,3 +1233,55 @@ def test_get_directives(self):
             "I1001": ["myBucket1"],
         }
         self.assertDictEqual(directives, expected_result)
+
+
+    def test_is_cdk_bad_type(self):
+        template = {
+            "Resources": {
+                "CDK": {
+                    "Type": ["AWS::CDK::Metadata"],
+                    "Properties": {
+                        "AssumeRolePolicyDocument": {
+                            "Version": "2012-10-17",
+                        }
+                    },
+                }
+            },
+        }
+
+        template = Template("test.yaml", template)
+        self.assertFalse(template.is_cdk_template())
+
+    def test_is_cdk_bad_resources(self):
+        template = {
+            "Resources": [{
+                "CDK": {
+                    "Type": ["AWS::CDK::Metadata"],
+                    "Properties": {
+                        "AssumeRolePolicyDocument": {
+                            "Version": "2012-10-17",
+                        }
+                    },
+                }
+            }],
+        }
+
+        template = Template("test.yaml", template)
+        self.assertFalse(template.is_cdk_template())
+
+    def test_is_cdk_bad_resource_props(self):
+        template = {
+            "Resources": {
+                "CDK": [{
+                    "Type": ["AWS::CDK::Metadata"],
+                    "Properties": {
+                        "AssumeRolePolicyDocument": {
+                            "Version": "2012-10-17",
+                        }
+                    },
+                }]
+            },
+        }
+
+        template = Template("test.yaml", template)
+        self.assertFalse(template.is_cdk_template())
diff --git a/test/unit/rules/resources/properties/test_availability_zone.py b/test/unit/rules/resources/properties/test_availability_zone.py
@@ -18,7 +18,8 @@ def setUp(self):
         super(TestPropertyAvailabilityZone, self).setUp()
         self.collection.register(AvailabilityZone())
         self.success_templates = [
-            "test/fixtures/templates/good/resources/properties/az.yaml"
+            "test/fixtures/templates/good/resources/properties/az.yaml",
+            "test/fixtures/templates/good/resources/properties/az_cdk.yaml",
         ]
 
     def test_file_positive(self):

diff --git a/test/unit/rules/resources/test_hardcodedarnproperties.py b/test/unit/rules/resources/test_hardcodedarnproperties.py
@@ -19,6 +19,7 @@ def setUp(self):
         self.collection.register(HardCodedArnProperties())
         self.success_templates = [
             "test/fixtures/templates/good/resources/properties/hard_coded_arn_properties_sam.yaml",
+            "test/fixtures/templates/good/resources/properties/hard_coded_arn_properties_cdk.yaml",
         ]
 
     def test_file_positive(self):