From 752d7d2f5109f8b20401c5e3df4f7dde71e42a59 Mon Sep 17 00:00:00 2001 From: Sven Kirschbaum Date: Mon, 2 Aug 2021 22:34:29 +0200 Subject: [PATCH 1/3] Check if distribution paths in s3-deployment start with a "/" --- .../lib/bucket-deployment.ts | 9 +++++-- .../test/bucket-deployment.test.ts | 24 +++++++++++++++++++ 2 files changed, 31 insertions(+), 2 deletions(-) diff --git a/packages/@aws-cdk/aws-s3-deployment/lib/bucket-deployment.ts b/packages/@aws-cdk/aws-s3-deployment/lib/bucket-deployment.ts index 3a73b950792bf..1bf9b0c87ba0a 100644 --- a/packages/@aws-cdk/aws-s3-deployment/lib/bucket-deployment.ts +++ b/packages/@aws-cdk/aws-s3-deployment/lib/bucket-deployment.ts @@ -196,8 +196,13 @@ export class BucketDeployment extends CoreConstruct { constructor(scope: Construct, id: string, props: BucketDeploymentProps) { super(scope, id); - if (props.distributionPaths && !props.distribution) { - throw new Error('Distribution must be specified if distribution paths are specified'); + if (props.distributionPaths) { + if (!props.distribution) { + throw new Error('Distribution must be specified if distribution paths are specified'); + } + if (!props.distributionPaths.every(distributionPath => distributionPath.startsWith('/'))) { + throw new Error('Distribution paths must start with "/"'); + } } const handler = new lambda.SingletonFunction(this, 'CustomResourceHandler', { diff --git a/packages/@aws-cdk/aws-s3-deployment/test/bucket-deployment.test.ts b/packages/@aws-cdk/aws-s3-deployment/test/bucket-deployment.test.ts index 2bbe5e34a41a6..893c5ae03b35f 100644 --- a/packages/@aws-cdk/aws-s3-deployment/test/bucket-deployment.test.ts +++ b/packages/@aws-cdk/aws-s3-deployment/test/bucket-deployment.test.ts @@ -491,6 +491,30 @@ test('fails if distribution paths provided but not distribution ID', () => { }); +test('fails if distribution paths don\'t start with "/"', () => { + // GIVEN + const stack = new cdk.Stack(); + const bucket = new s3.Bucket(stack, 'Dest'); + const distribution = new cloudfront.CloudFrontWebDistribution(stack, 'Distribution', { + originConfigs: [ + { + s3OriginSource: { + s3BucketSource: bucket, + }, + behaviors: [{ isDefaultBehavior: true }], + }, + ], + }); + + // THEN + expect(() => new s3deploy.BucketDeployment(stack, 'Deploy', { + sources: [s3deploy.Source.asset(path.join(__dirname, 'my-website.zip'))], + destinationBucket: bucket, + distribution, + distributionPaths: ['images/*'], + })).toThrow(/Distribution paths must start with "\/"/); +}); + testFutureBehavior('lambda execution role gets permissions to read from the source bucket and read/write in destination', s3GrantWriteCtx, cdk.App, (app) => { // GIVEN const stack = new cdk.Stack(app); From 41238eab123a9bc97d833eefc4adab314340cbfc Mon Sep 17 00:00:00 2001 From: Sven Kirschbaum Date: Tue, 3 Aug 2021 00:14:59 +0200 Subject: [PATCH 2/3] Check for Tokens --- .../@aws-cdk/aws-s3-deployment/lib/bucket-deployment.ts | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/packages/@aws-cdk/aws-s3-deployment/lib/bucket-deployment.ts b/packages/@aws-cdk/aws-s3-deployment/lib/bucket-deployment.ts index 1bf9b0c87ba0a..3d0c083b05f64 100644 --- a/packages/@aws-cdk/aws-s3-deployment/lib/bucket-deployment.ts +++ b/packages/@aws-cdk/aws-s3-deployment/lib/bucket-deployment.ts @@ -5,6 +5,7 @@ import * as iam from '@aws-cdk/aws-iam'; import * as lambda from '@aws-cdk/aws-lambda'; import * as s3 from '@aws-cdk/aws-s3'; import * as cdk from '@aws-cdk/core'; +import { Token } from '@aws-cdk/core'; import { AwsCliLayer } from '@aws-cdk/lambda-layer-awscli'; import { kebab as toKebabCase } from 'case'; import { Construct } from 'constructs'; @@ -200,8 +201,10 @@ export class BucketDeployment extends CoreConstruct { if (!props.distribution) { throw new Error('Distribution must be specified if distribution paths are specified'); } - if (!props.distributionPaths.every(distributionPath => distributionPath.startsWith('/'))) { - throw new Error('Distribution paths must start with "/"'); + if (!Token.isUnresolved(props.distributionPaths)) { + if (!props.distributionPaths.every(distributionPath => Token.isUnresolved(distributionPath) || distributionPath.startsWith('/'))) { + throw new Error('Distribution paths must start with "/"'); + } } } From a1ccdccf7ee8922076e0699cb4b934d69414fbf5 Mon Sep 17 00:00:00 2001 From: Sven Kirschbaum Date: Tue, 3 Aug 2021 00:32:09 +0200 Subject: [PATCH 3/3] Removed duplicate import --- packages/@aws-cdk/aws-s3-deployment/lib/bucket-deployment.ts | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/packages/@aws-cdk/aws-s3-deployment/lib/bucket-deployment.ts b/packages/@aws-cdk/aws-s3-deployment/lib/bucket-deployment.ts index 3d0c083b05f64..990a1ec359d0b 100644 --- a/packages/@aws-cdk/aws-s3-deployment/lib/bucket-deployment.ts +++ b/packages/@aws-cdk/aws-s3-deployment/lib/bucket-deployment.ts @@ -5,7 +5,6 @@ import * as iam from '@aws-cdk/aws-iam'; import * as lambda from '@aws-cdk/aws-lambda'; import * as s3 from '@aws-cdk/aws-s3'; import * as cdk from '@aws-cdk/core'; -import { Token } from '@aws-cdk/core'; import { AwsCliLayer } from '@aws-cdk/lambda-layer-awscli'; import { kebab as toKebabCase } from 'case'; import { Construct } from 'constructs'; @@ -201,8 +200,8 @@ export class BucketDeployment extends CoreConstruct { if (!props.distribution) { throw new Error('Distribution must be specified if distribution paths are specified'); } - if (!Token.isUnresolved(props.distributionPaths)) { - if (!props.distributionPaths.every(distributionPath => Token.isUnresolved(distributionPath) || distributionPath.startsWith('/'))) { + if (!cdk.Token.isUnresolved(props.distributionPaths)) { + if (!props.distributionPaths.every(distributionPath => cdk.Token.isUnresolved(distributionPath) || distributionPath.startsWith('/'))) { throw new Error('Distribution paths must start with "/"'); } }