(codebuild): ReportGroup grants test permissions when set to CODE_COVERAGE #21534
Description
Describe the bug
grantWrite on a ReportGroup only applies 'codebuild:CreateReport', 'codebuild:UpdateReport', 'codebuild:BatchPutTestCases'. If you use a ReportGroup with type: "CODE_COVERAGE" it still sets those actions as allowed, but misses the 'codebuild:BatchPutCodeCoverages'.
Expected Behavior
new ReportGroup(...,{type: ReportGroupType.TEST} ).grantWrite(codeBuildStep)
should add a policy statement with 'codebuild:CreateReport', 'codebuild:UpdateReport', 'codebuild:BatchPutTestCases'
while
new ReportGroup(...,{type: ReportGroupType.CODE_COVERAGE} ).grantWrite(codeBuildStep)
should add a policy statement with 'codebuild:CreateReport', 'codebuild:UpdateReport', 'codebuild:BatchPutCodeCoverages'
Current Behavior
new ReportGroup(...,{type: ReportGroupType.CODE_COVERAGE} ).grantWrite(codeBuildStep)
adds a policy statement with 'codebuild:CreateReport', 'codebuild:UpdateReport', 'codebuild:BatchPutTestCases'
Reproduction Steps
const testReports = new ReportGroup(this, 'TestReports', {
type: ReportGroupType.TEST,
});
const coverageReports = new ReportGroup(this, 'CoverageReports', {
type: ReportGroupType.CODE_COVERAGE,
});
const buildAndTestStep = new CodeBuildStep('BuildAndTestStep', {
...
partialBuildSpec: BuildSpec.fromObject({
...
reports: {
[coverageReports.reportGroupArn]: {
'file-format': 'CLOVERXML',
files: ['coverage/clover.xml'],
},
[testReports.reportGroupArn]: {
'file-format': 'JUNITXML',
files: ['**/junit.xml'],
},
},
}),
});
...
const pipeline = new CodePipeline(this, 'Pipeline', {
synth: buildAndTestStep,
});
pipeline.buildPipeline();
testReports.grantWrite(buildAndTestStep);
coverageReports.grantWrite(buildAndTestStep);Possible Solution
No response
Additional Information/Context
No response
CDK CLI Version
2.37.0
Framework Version
No response
Node.js Version
16.15.1
OS
Ubuntu 22.04 LTS (Linux 5.15.0-43)
Language
Typescript
Language Version
4.7.4
Other information
No response