|
|
@@ -4,15 +4,13 @@ import (
|
|
|
"fmt"
|
|
|
"testing"
|
|
|
|
|
|
- "github.com/awslabs/goformation/v4/cloudformation/ec2"
|
|
|
-
|
|
|
"github.com/awslabs/goformation/v4/cloudformation"
|
|
|
+ "github.com/awslabs/goformation/v4/cloudformation/ec2"
|
|
|
+ "github.com/awslabs/goformation/v4/cloudformation/iam"
|
|
|
"github.com/compose-spec/compose-go/loader"
|
|
|
"github.com/compose-spec/compose-go/types"
|
|
|
-
|
|
|
- "gotest.tools/assert"
|
|
|
-
|
|
|
"github.com/docker/ecs-plugin/pkg/compose"
|
|
|
+ "gotest.tools/assert"
|
|
|
"gotest.tools/v3/golden"
|
|
|
)
|
|
|
|
|
|
@@ -30,6 +28,26 @@ func TestSimpleWithOverrides(t *testing.T) {
|
|
|
golden.Assert(t, result, expected)
|
|
|
}
|
|
|
|
|
|
+func TestRolePolicy(t *testing.T) {
|
|
|
+ template := convertYaml(t, `
|
|
|
+version: "3"
|
|
|
+services:
|
|
|
+ foo:
|
|
|
+ image: hello_world
|
|
|
+ x-aws-pull_credentials: "secret"
|
|
|
+`)
|
|
|
+ role := template.Resources["FooTaskExecutionRole"].(*iam.Role)
|
|
|
+ assert.Check(t, role != nil)
|
|
|
+ assert.Check(t, role.ManagedPolicyArns[0] == ECSTaskExecutionPolicy)
|
|
|
+ assert.Check(t, role.ManagedPolicyArns[1] == ECRReadOnlyPolicy)
|
|
|
+ // We expect an extra policy has been created for x-aws-pull_credentials
|
|
|
+ assert.Check(t, len(role.Policies) == 1)
|
|
|
+ policy := role.Policies[0].PolicyDocument.(*PolicyDocument)
|
|
|
+ expected := []string{"secretsmanager:GetSecretValue", "ssm:GetParameters", "kms:Decrypt"}
|
|
|
+ assert.DeepEqual(t, expected, policy.Statement[0].Action)
|
|
|
+ assert.DeepEqual(t, []string{"secret"}, policy.Statement[0].Resource)
|
|
|
+}
|
|
|
+
|
|
|
func TestMapNetworksToSecurityGroups(t *testing.T) {
|
|
|
template := convertYaml(t, `
|
|
|
version: "3"
|
Nicolas De Loof