我目前正在使用 Typescript 实施 cdk-nag 并实施管道测试,我收到以下错误:
Suppression path "/this/construct/path" did not match any resource. This can occur when a resource does not exist or if a suppression is applied before a resource is created.
FAIL test/pipeline.test.ts (78.874 s)
● PipelineStack › Check AWS pipeline default
Suppression path "/this/construct/path" did not match any resource. This can occur when a resource does not exist or if a suppression is applied before a resource is created.
155 | pipeline.buildPipeline();
156 | // The path suppression will error if you comment out "ExamplePipeline.buildPipeline();""
> 157 | NagSuppressions.addResourceSuppressionsByPath(this, '/this/construct/path', [
| ^
158 | {
159 | id: 'AwsSolutions-IAM5',
160 | reason: 'Policy created by CDK to allow cross-account access and CB projects rights',
at node_modules/cdk-nag/src/nag-suppressions.ts:115:15
at Array.forEach (<anonymous>)
at Function.addResourceSuppressionsByPath (node_modules/cdk-nag/src/nag-suppressions.ts:98:15)
at new PipelineStack (src/pipeline-stack.ts:157:21)
at Object.<anonymous> (test/pipeline.test.ts:9:27)
到目前为止,这是我的 pipeline.test.ts:
describe('Check cdk-nag AwsSolutions Pack', () => {
let pipelineStack: PipelineStack;
let app: App;
// In this case we can use beforeAll() over beforeEach() since our tests
// do not modify the state of the application
beforeAll(() => {
// GIVEN
app = new App();
pipelineStack = new PipelineStack(app, "PipelineStack", {
env: {
account: "123456789012",
region: "us-east-2",
},
});
// WHEN
Aspects.of(pipelineStack).add(new AwsSolutionsChecks());
NagSuppressions.addResourceSuppressionsByPath(pipelineStack, '/this/construct/path', [
{
id: 'AwsSolutions-IAM5',
reason: 'Policy created by CDK to allow cross-account access and CB projects rights',
},
]);
});
// THEN
test('No unsuppressed Warnings', () => {
const warnings = Annotations.fromStack(pipelineStack).findWarning(
'*',
Match.stringLikeRegexp('AwsSolutions-.*')
);
expect(warnings).toHaveLength(0);
});
test('No unsuppressed Errors', () => {
const errors = Annotations.fromStack(pipelineStack).findError(
'*',
Match.stringLikeRegexp('AwsSolutions-.*')
);
expect(errors).toHaveLength(0);
});
});
在我的 Codepipeline 管道堆栈中,我已经添加了 ExamplePipeline.buildPipeline() 以强制首先创建管道(参见here),但是对于测试,如何完成/实施?
问题是抑制中的堆栈名称。
抑制中的堆栈名称与测试中使用的堆栈名称 (PipelineStack) 不匹配,这将导致测试堆栈中的构造路径不同。
将抑制路径更改为如下所示以说明不同的堆栈名称。
`/{this.stackName}/construct/path`