-
Notifications
You must be signed in to change notification settings - Fork 4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
add unit test for oac permission levels #31225
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The pull request linter has failed. See the aws-cdk-automation comment below for failure reasons. If you believe this pull request should receive an exemption, please comment and provide a justification.
A comment requesting an exemption should contain the text Exemption Request
. Additionally, if clarification is needed add Clarification Request
to a comment.
@@ -466,6 +466,72 @@ describe('S3BucketOrigin', () => { | |||
}); | |||
}); | |||
}); | |||
describe('when specifying READ, WRITE, and DELETE origin access levels', () => { | |||
it('should add the correct permissions to bucket policy', () => { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I expected this case to have been covered by the existing unit test: https://github.com/samson-keung/aws-cdk/blob/4c9d7196370351c9f4f7a61b82e2981520b0f516/packages/aws-cdk-lib/aws-cloudfront-origins/test/s3-bucket-origin.test.ts#L20
Or do we need this one to focus on the security aspect?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes I was thinking this is scoped to checking the permissions and covers DELETE
permissions as well.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would suggest modifying the existing unit test to cover the DELETE case so we do not have overlapping tests. But with that said, I don't think it is a blocked to have overlapping tests either.
The pull request linter fails with the following errors:
PRs must pass status checks before we can provide a meaningful review. If you would like to request an exemption from the status checks or clarification on feedback, please leave a comment on this PR containing |
Comments on closed issues and PRs are hard for our team to see. |
originAccessLevels
Checklist
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license