Open evo-chris opened 11 months ago
Hi, could you add some tests to cover the new feature?
Hi @mnapoli, I can't see anywhere where there are tests on the existing outputs, url
, cname
& assetsBucketName
or see a way to verify they are accessible in the outputs of runServerless
I've tried to see if I could infer they exist but referencing them in a template
const { cfTemplate, computeLogicalId } = await runServerless({
command: "package",
config: Object.assign(baseConfig, {
provider: {
name: "aws",
iam: {
role: {
statements: [{
Effect: "Allow",
Action: [
'cloudfront:CreateInvalidation'
],
Resource: [
'arn:aws:cloudfront::${aws:accountId}:distribution/${construct:backend.distributionId}'
]
}]
}
}
},
constructs: {
backend: {
type: "server-side-website",
assets: {
"/assets/*": "public",
},
},
},
}),
});
but while it will error if I mess with the object itself it doesn't complain about an invalid reference.
I've also tried using a fixture
service: website
configValidationMode: error
provider:
name: aws
iam:
role:
statements:
-
Effect: Allow
Action:
- 'cloudfront:CreateInvalidation'
Resource:
- 'arn:aws:cloudfront::${aws:accountId}:distribution/${construct:website.distributionId}'
functions:
http:
handler: handler.handler
constructs:
backend:
type: server-side-website
assets:
"/assets/*": public
errorPage: error.html
but the variable are not replaced
{
Effect: 'Allow',
Action: [ 'logs:PutLogEvents' ],
Resource: [
{
'Fn::Sub': 'arn:${AWS::Partition}:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/lambda/test-serverSideWebsite-2ol0dc8r-dev*:*:*'
}
]
},
{
Effect: 'Allow',
Action: [ 'cloudfront:CreateInvalidation' ],
Resource: 'arn:aws:cloudfront::${aws:accountId}:distribution/${construct:website.distributionId}'
}
Any thoughts on how to go about testing this?
@mnapoli we may have jumped the gun a little with this one, do you know if ${construct:website.*} are resolvable in IAM roles? We've can see it output in Environment variables, but in IAM role it is an Object (Token) not a String.
Output the Cloudfront Distribution Id so can be used for IAM policies