// Jest Snapshot v1, https://goo.gl/fbAQLP exports[`successful scenarios accepts CloudFormation parameters 1`] = ` Object { "Conditions": Object { "TestMskIsSecretEmptyConditionD1E36ADB": Object { "Fn::Equals": Array [ Object { "Ref": "SecretArn", }, "", ], }, "TestMskIsSecretNotEmptyCondition9929A158": Object { "Fn::Not": Array [ Object { "Condition": "TestMskIsSecretEmptyConditionD1E36ADB", }, ], }, }, "Parameters": Object { "AssetParameters477c7818d1b903cfa5d9f6314f50f1152e240d748a1b960aa518893f509c7ba6ArtifactHashB1F6A83C": Object { "Description": "Artifact hash for asset \\"477c7818d1b903cfa5d9f6314f50f1152e240d748a1b960aa518893f509c7ba6\\"", "Type": "String", }, "AssetParameters477c7818d1b903cfa5d9f6314f50f1152e240d748a1b960aa518893f509c7ba6S3BucketD928F991": Object { "Description": "S3 bucket for asset \\"477c7818d1b903cfa5d9f6314f50f1152e240d748a1b960aa518893f509c7ba6\\"", "Type": "String", }, "AssetParameters477c7818d1b903cfa5d9f6314f50f1152e240d748a1b960aa518893f509c7ba6S3VersionKey6F0B58C0": Object { "Description": "S3 key for asset version \\"477c7818d1b903cfa5d9f6314f50f1152e240d748a1b960aa518893f509c7ba6\\"", "Type": "String", }, "BatchSize": Object { "Type": "Number", }, "ClusterArn": Object { "Type": "String", }, "LambdaCodeBucket": Object { "Type": "String", }, "LambdaCodeKey": Object { "Type": "String", }, "SecretArn": Object { "Type": "String", }, "TopicName": Object { "Type": "String", }, }, "Resources": Object { "TestMskConsumer4592A744": Object { "DependsOn": Array [ "TestMskRole86578511", ], "Properties": Object { "Code": Object { "S3Bucket": Object { "Ref": "LambdaCodeBucket", }, "S3Key": Object { "Ref": "LambdaCodeKey", }, }, "Handler": "index.handler", "Role": Object { "Fn::GetAtt": Array [ "TestMskRole86578511", "Arn", ], }, "Runtime": "nodejs14.x", "Timeout": 60, }, "Type": "AWS::Lambda::Function", }, "TestMskConsumerMapping79C4A58A": Object { "Condition": "TestMskIsSecretEmptyConditionD1E36ADB", "Properties": Object { "BatchSize": Object { "Ref": "BatchSize", }, "Enabled": true, "EventSourceArn": Object { "Ref": "ClusterArn", }, "FunctionName": Object { "Ref": "TestMskConsumer4592A744", }, "StartingPosition": "LATEST", "Topics": Array [ Object { "Ref": "TopicName", }, ], }, "Type": "AWS::Lambda::EventSourceMapping", }, "TestMskConsumerMappingWithSecretBF6972F1": Object { "Condition": "TestMskIsSecretNotEmptyCondition9929A158", "DependsOn": Array [ "TestMskSecretPolicy272AB2E3", ], "Properties": Object { "BatchSize": Object { "Ref": "BatchSize", }, "Enabled": true, "EventSourceArn": Object { "Ref": "ClusterArn", }, "FunctionName": Object { "Ref": "TestMskConsumer4592A744", }, "SourceAccessConfigurations": Array [ Object { "Type": "SASL_SCRAM_512_AUTH", "URI": Object { "Ref": "SecretArn", }, }, ], "StartingPosition": "LATEST", "Topics": Array [ Object { "Ref": "TopicName", }, ], }, "Type": "AWS::Lambda::EventSourceMapping", }, "TestMskCustomResourceCD43A296": Object { "Condition": "TestMskIsSecretNotEmptyCondition9929A158", "DependsOn": Array [ "TestMskCustomResourceRoleDA0E0EAF", ], "Properties": Object { "Code": Object { "S3Bucket": Object { "Ref": "AssetParameters477c7818d1b903cfa5d9f6314f50f1152e240d748a1b960aa518893f509c7ba6S3BucketD928F991", }, "S3Key": Object { "Fn::Join": Array [ "", Array [ Object { "Fn::Select": Array [ 0, Object { "Fn::Split": Array [ "||", Object { "Ref": "AssetParameters477c7818d1b903cfa5d9f6314f50f1152e240d748a1b960aa518893f509c7ba6S3VersionKey6F0B58C0", }, ], }, ], }, Object { "Fn::Select": Array [ 1, Object { "Fn::Split": Array [ "||", Object { "Ref": "AssetParameters477c7818d1b903cfa5d9f6314f50f1152e240d748a1b960aa518893f509c7ba6S3VersionKey6F0B58C0", }, ], }, ], }, ], ], }, }, "Handler": "lambda_function.handler", "Role": Object { "Fn::GetAtt": Array [ "TestMskCustomResourceRoleDA0E0EAF", "Arn", ], }, "Runtime": "python3.8", "Timeout": 30, }, "Type": "AWS::Lambda::Function", }, "TestMskCustomResourceRoleDA0E0EAF": Object { "Condition": "TestMskIsSecretNotEmptyCondition9929A158", "Properties": Object { "AssumeRolePolicyDocument": Object { "Statement": Array [ Object { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": Object { "Service": "lambda.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "Policies": Array [ Object { "PolicyDocument": Object { "Statement": Array [ Object { "Action": Array [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents", ], "Effect": "Allow", "Resource": Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":logs:", Object { "Ref": "AWS::Region", }, ":", Object { "Ref": "AWS::AccountId", }, ":log-group:/aws/lambda/*", ], ], }, }, ], "Version": "2012-10-17", }, "PolicyName": "CloudWatchLogsPolicy", }, Object { "PolicyDocument": Object { "Statement": Array [ Object { "Action": "secretsmanager:DescribeSecret", "Effect": "Allow", "Resource": Object { "Ref": "SecretArn", }, }, ], "Version": "2012-10-17", }, "PolicyName": "SecretMetadataPolicy", }, ], }, "Type": "AWS::IAM::Role", }, "TestMskRole86578511": Object { "Metadata": Object { "cfn_nag": Object { "rules_to_suppress": Array [ Object { "id": "W11", "reason": "Actions do not support resource level permissions", }, ], }, }, "Properties": Object { "AssumeRolePolicyDocument": Object { "Statement": Array [ Object { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": Object { "Service": "lambda.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "Policies": Array [ Object { "PolicyDocument": Object { "Statement": Array [ Object { "Action": Array [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents", ], "Effect": "Allow", "Resource": Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":logs:", Object { "Ref": "AWS::Region", }, ":", Object { "Ref": "AWS::AccountId", }, ":log-group:/aws/lambda/*", ], ], }, }, ], "Version": "2012-10-17", }, "PolicyName": "CloudWatchLogsPolicy", }, Object { "PolicyDocument": Object { "Statement": Array [ Object { "Action": Array [ "kafka:DescribeCluster", "kafka:GetBootstrapBrokers", "kafka:ListScramSecrets", "ec2:CreateNetworkInterface", "ec2:DescribeNetworkInterfaces", "ec2:DescribeVpcs", "ec2:DeleteNetworkInterface", "ec2:DescribeSubnets", "ec2:DescribeSecurityGroups", ], "Effect": "Allow", "Resource": "*", "Sid": "NetworkingPolicy", }, Object { "Action": Array [ "kafka-cluster:Connect", "kafka-cluster:DescribeGroup", "kafka-cluster:AlterGroup", "kafka-cluster:DescribeTopic", "kafka-cluster:ReadData", "kafka-cluster:DescribeClusterDynamicConfiguration", ], "Effect": "Allow", "Resource": Array [ Object { "Ref": "ClusterArn", }, Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":kafka:", Object { "Ref": "AWS::Region", }, ":", Object { "Ref": "AWS::AccountId", }, ":topic/", Object { "Fn::Select": Array [ 1, Object { "Fn::Split": Array [ "/", Object { "Fn::Select": Array [ 5, Object { "Fn::Split": Array [ ":", Object { "Ref": "ClusterArn", }, ], }, ], }, ], }, ], }, "/*/", Object { "Ref": "TopicName", }, ], ], }, Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":kafka:", Object { "Ref": "AWS::Region", }, ":", Object { "Ref": "AWS::AccountId", }, ":group/", Object { "Fn::Select": Array [ 1, Object { "Fn::Split": Array [ "/", Object { "Fn::Select": Array [ 5, Object { "Fn::Split": Array [ ":", Object { "Ref": "ClusterArn", }, ], }, ], }, ], }, ], }, "/*/*", ], ], }, ], "Sid": "IamPolicy", }, ], "Version": "2012-10-17", }, "PolicyName": "MskPolicy", }, ], }, "Type": "AWS::IAM::Role", }, "TestMskSecretMetadataF8DCB6CD": Object { "Condition": "TestMskIsSecretNotEmptyCondition9929A158", "DeletionPolicy": "Delete", "Properties": Object { "SecretArn": Object { "Ref": "SecretArn", }, "ServiceToken": Object { "Fn::GetAtt": Array [ "TestMskCustomResourceCD43A296", "Arn", ], }, }, "Type": "Custom::SecretMetadata", "UpdateReplacePolicy": "Delete", }, "TestMskSecretPolicy272AB2E3": Object { "Condition": "TestMskIsSecretNotEmptyCondition9929A158", "Properties": Object { "PolicyDocument": Object { "Statement": Array [ Object { "Action": "kms:Decrypt", "Condition": Object { "StringEquals": Object { "kms:ViaService": Object { "Fn::Join": Array [ "", Array [ "secretsmanager.", Object { "Ref": "AWS::Region", }, ".", Object { "Ref": "AWS::URLSuffix", }, ], ], }, }, }, "Effect": "Allow", "Resource": Object { "Fn::GetAtt": Array [ "TestMskSecretMetadataF8DCB6CD", "KmsKeyId", ], }, }, Object { "Action": "secretsmanager:GetSecretValue", "Effect": "Allow", "Resource": Object { "Ref": "SecretArn", }, }, ], "Version": "2012-10-17", }, "PolicyName": "TestMskSecretPolicy272AB2E3", "Roles": Array [ Object { "Ref": "TestMskRole86578511", }, ], }, "Type": "AWS::IAM::Policy", }, }, } `; exports[`successful scenarios creates a MSK Lambda consumer 1`] = ` Object { "Conditions": Object { "TestMskIsSecretEmptyConditionD1E36ADB": Object { "Fn::Equals": Array [ "my-secret-arn", "", ], }, "TestMskIsSecretNotEmptyCondition9929A158": Object { "Fn::Not": Array [ Object { "Condition": "TestMskIsSecretEmptyConditionD1E36ADB", }, ], }, }, "Parameters": Object { "AssetParameters477c7818d1b903cfa5d9f6314f50f1152e240d748a1b960aa518893f509c7ba6ArtifactHashB1F6A83C": Object { "Description": "Artifact hash for asset \\"477c7818d1b903cfa5d9f6314f50f1152e240d748a1b960aa518893f509c7ba6\\"", "Type": "String", }, "AssetParameters477c7818d1b903cfa5d9f6314f50f1152e240d748a1b960aa518893f509c7ba6S3BucketD928F991": Object { "Description": "S3 bucket for asset \\"477c7818d1b903cfa5d9f6314f50f1152e240d748a1b960aa518893f509c7ba6\\"", "Type": "String", }, "AssetParameters477c7818d1b903cfa5d9f6314f50f1152e240d748a1b960aa518893f509c7ba6S3VersionKey6F0B58C0": Object { "Description": "S3 key for asset version \\"477c7818d1b903cfa5d9f6314f50f1152e240d748a1b960aa518893f509c7ba6\\"", "Type": "String", }, "LambdaCodeBucket": Object { "Type": "String", }, "LambdaCodeKey": Object { "Type": "String", }, }, "Resources": Object { "TestMskConsumer4592A744": Object { "DependsOn": Array [ "TestMskRole86578511", ], "Properties": Object { "Code": Object { "S3Bucket": Object { "Ref": "LambdaCodeBucket", }, "S3Key": Object { "Ref": "LambdaCodeKey", }, }, "Environment": Object { "Variables": Object { "MY_ENV_VARIABLE": "foo", }, }, "Handler": "index.handler", "Role": Object { "Fn::GetAtt": Array [ "TestMskRole86578511", "Arn", ], }, "Runtime": "nodejs14.x", "Timeout": 60, }, "Type": "AWS::Lambda::Function", }, "TestMskConsumerMapping79C4A58A": Object { "Condition": "TestMskIsSecretEmptyConditionD1E36ADB", "Properties": Object { "BatchSize": 10, "Enabled": true, "EventSourceArn": "arn:aws:kafka:region:account:cluster/cluster-name/cluster-uuid", "FunctionName": Object { "Ref": "TestMskConsumer4592A744", }, "StartingPosition": "LATEST", "Topics": Array [ "my-topic", ], }, "Type": "AWS::Lambda::EventSourceMapping", }, "TestMskConsumerMappingWithSecretBF6972F1": Object { "Condition": "TestMskIsSecretNotEmptyCondition9929A158", "DependsOn": Array [ "TestMskSecretPolicy272AB2E3", ], "Properties": Object { "BatchSize": 10, "Enabled": true, "EventSourceArn": "arn:aws:kafka:region:account:cluster/cluster-name/cluster-uuid", "FunctionName": Object { "Ref": "TestMskConsumer4592A744", }, "SourceAccessConfigurations": Array [ Object { "Type": "SASL_SCRAM_512_AUTH", "URI": "my-secret-arn", }, ], "StartingPosition": "LATEST", "Topics": Array [ "my-topic", ], }, "Type": "AWS::Lambda::EventSourceMapping", }, "TestMskCustomResourceCD43A296": Object { "Condition": "TestMskIsSecretNotEmptyCondition9929A158", "DependsOn": Array [ "TestMskCustomResourceRoleDA0E0EAF", ], "Properties": Object { "Code": Object { "S3Bucket": Object { "Ref": "AssetParameters477c7818d1b903cfa5d9f6314f50f1152e240d748a1b960aa518893f509c7ba6S3BucketD928F991", }, "S3Key": Object { "Fn::Join": Array [ "", Array [ Object { "Fn::Select": Array [ 0, Object { "Fn::Split": Array [ "||", Object { "Ref": "AssetParameters477c7818d1b903cfa5d9f6314f50f1152e240d748a1b960aa518893f509c7ba6S3VersionKey6F0B58C0", }, ], }, ], }, Object { "Fn::Select": Array [ 1, Object { "Fn::Split": Array [ "||", Object { "Ref": "AssetParameters477c7818d1b903cfa5d9f6314f50f1152e240d748a1b960aa518893f509c7ba6S3VersionKey6F0B58C0", }, ], }, ], }, ], ], }, }, "Handler": "lambda_function.handler", "Role": Object { "Fn::GetAtt": Array [ "TestMskCustomResourceRoleDA0E0EAF", "Arn", ], }, "Runtime": "python3.8", "Timeout": 30, }, "Type": "AWS::Lambda::Function", }, "TestMskCustomResourceRoleDA0E0EAF": Object { "Condition": "TestMskIsSecretNotEmptyCondition9929A158", "Properties": Object { "AssumeRolePolicyDocument": Object { "Statement": Array [ Object { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": Object { "Service": "lambda.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "Policies": Array [ Object { "PolicyDocument": Object { "Statement": Array [ Object { "Action": Array [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents", ], "Effect": "Allow", "Resource": Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":logs:", Object { "Ref": "AWS::Region", }, ":", Object { "Ref": "AWS::AccountId", }, ":log-group:/aws/lambda/*", ], ], }, }, ], "Version": "2012-10-17", }, "PolicyName": "CloudWatchLogsPolicy", }, Object { "PolicyDocument": Object { "Statement": Array [ Object { "Action": "secretsmanager:DescribeSecret", "Effect": "Allow", "Resource": "my-secret-arn", }, ], "Version": "2012-10-17", }, "PolicyName": "SecretMetadataPolicy", }, ], }, "Type": "AWS::IAM::Role", }, "TestMskRole86578511": Object { "Metadata": Object { "cfn_nag": Object { "rules_to_suppress": Array [ Object { "id": "W11", "reason": "Actions do not support resource level permissions", }, ], }, }, "Properties": Object { "AssumeRolePolicyDocument": Object { "Statement": Array [ Object { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": Object { "Service": "lambda.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "Policies": Array [ Object { "PolicyDocument": Object { "Statement": Array [ Object { "Action": Array [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents", ], "Effect": "Allow", "Resource": Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":logs:", Object { "Ref": "AWS::Region", }, ":", Object { "Ref": "AWS::AccountId", }, ":log-group:/aws/lambda/*", ], ], }, }, ], "Version": "2012-10-17", }, "PolicyName": "CloudWatchLogsPolicy", }, Object { "PolicyDocument": Object { "Statement": Array [ Object { "Action": Array [ "kafka:DescribeCluster", "kafka:GetBootstrapBrokers", "kafka:ListScramSecrets", "ec2:CreateNetworkInterface", "ec2:DescribeNetworkInterfaces", "ec2:DescribeVpcs", "ec2:DeleteNetworkInterface", "ec2:DescribeSubnets", "ec2:DescribeSecurityGroups", ], "Effect": "Allow", "Resource": "*", "Sid": "NetworkingPolicy", }, Object { "Action": Array [ "kafka-cluster:Connect", "kafka-cluster:DescribeGroup", "kafka-cluster:AlterGroup", "kafka-cluster:DescribeTopic", "kafka-cluster:ReadData", "kafka-cluster:DescribeClusterDynamicConfiguration", ], "Effect": "Allow", "Resource": Array [ "arn:aws:kafka:region:account:cluster/cluster-name/cluster-uuid", Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":kafka:", Object { "Ref": "AWS::Region", }, ":", Object { "Ref": "AWS::AccountId", }, ":topic/cluster-name/cluster-uuid/*/my-topic", ], ], }, Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":kafka:", Object { "Ref": "AWS::Region", }, ":", Object { "Ref": "AWS::AccountId", }, ":group/cluster-name/cluster-uuid/*/*", ], ], }, ], "Sid": "IamPolicy", }, ], "Version": "2012-10-17", }, "PolicyName": "MskPolicy", }, ], }, "Type": "AWS::IAM::Role", }, "TestMskSecretMetadataF8DCB6CD": Object { "Condition": "TestMskIsSecretNotEmptyCondition9929A158", "DeletionPolicy": "Delete", "Properties": Object { "SecretArn": "my-secret-arn", "ServiceToken": Object { "Fn::GetAtt": Array [ "TestMskCustomResourceCD43A296", "Arn", ], }, }, "Type": "Custom::SecretMetadata", "UpdateReplacePolicy": "Delete", }, "TestMskSecretPolicy272AB2E3": Object { "Condition": "TestMskIsSecretNotEmptyCondition9929A158", "Properties": Object { "PolicyDocument": Object { "Statement": Array [ Object { "Action": "kms:Decrypt", "Condition": Object { "StringEquals": Object { "kms:ViaService": Object { "Fn::Join": Array [ "", Array [ "secretsmanager.", Object { "Ref": "AWS::Region", }, ".", Object { "Ref": "AWS::URLSuffix", }, ], ], }, }, }, "Effect": "Allow", "Resource": Object { "Fn::GetAtt": Array [ "TestMskSecretMetadataF8DCB6CD", "KmsKeyId", ], }, }, Object { "Action": "secretsmanager:GetSecretValue", "Effect": "Allow", "Resource": "my-secret-arn", }, ], "Version": "2012-10-17", }, "PolicyName": "TestMskSecretPolicy272AB2E3", "Roles": Array [ Object { "Ref": "TestMskRole86578511", }, ], }, "Type": "AWS::IAM::Policy", }, }, } `;