fix(ecr): Repository.addToResourcePolicy returns incorrect result

[watany-dev]

fixes #12412

To fix Repository.addToResourcePolicy returning incorrect result (false-> true)

---

All Submissions:

• Have you followed the guidelines in our Contributing guide?

Adding new Unconventional Dependencies:

• This PR adds new unconventional dependencies following the process described here

New Features

• Have you added the new feature to an integration test?
  • Did you use yarn integ to deploy the infrastructure and generate the snapshot (i.e. yarn integ without --dry-run)?

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

---

[gitpod-io]

[watany-dev]

hmm… lets add test

[TheRealAmazonKendra]

Thank you for your contribution. We'll need tests for this change before we can provide a meaningful review. Please also ensure the title and body of the PR align to the guidelines in the Pull Request section of our contributing guide.

[watany-dev]

Thank you for your comment. As a starting point, I reviewed the title and text of the PR. I'm going to add a test

Pull request has been modified.

[TheRealAmazonKendra]

@Mergifyio update

[mergify]

update

✅ Branch has been successfully updated

[TheRealAmazonKendra]

I'd like to see a little bit more robust testing. Please see my comment below and let me know if you have any questions. Once you've made the change and/or if you have questions, please assign this review to me so I can follow up quickly.

[TheRealAmazonKendra]

Thanks for adding this test. Let's also add a test that looks at the actual output of calling this on a policy statement with concrete values. One test where the policy document is already defined and one where it is not.

[watany-dev]

ok. Update to a test that checks all return values, not just singular

[TheRealAmazonKendra]

Did this build locally? I'm seeing that the build hangs in the same spot each time I run it in CodeBuild.

[TheRealAmazonKendra]

@Mergifyio update

[mergify]

update

✅ Branch has been successfully updated

[TheRealAmazonKendra]

OK, so I pulled this down locally to run and see what the result was and I'm getting this

(node:60431) UnhandledPromiseRejectionWarning: TypeError: Converting circular structure to JSON
    --> starting at object with constructor 'Object'
    --- property 'grantPrincipal' closes the circle
    at stringify (<anonymous>)
    at writeChannelMessage (internal/child_process/serialization.js:127:20)
    at process.target._send (internal/child_process.js:836:17)
    at process.target.send (internal/child_process.js:734:19)
    at reportSuccess (/Volumes/workplace/aws-cdk/node_modules/jest-worker/build/workers/processChild.js:59:11)
(Use `node --trace-warnings ...` to show where the warning was created)
(node:60431) UnhandledPromiseRejectionWarning: Unhandled promise rejection. This error originated either by throwing inside of an async function without a catch block, or by rejecting a promise which was not handled with .catch(). To terminate the node process on unhandled promise rejection, use the CLI flag `--unhandled-rejections=strict` (see https://nodejs.org/api/cli.html#cli_unhandled_rejections_mode). (rejection id: 2)
(node:60431) [DEP0018] DeprecationWarning: Unhandled promise rejections are deprecated. In the future, promise rejections that are not handled will terminate the Node.js process with a non-zero exit code.

Pull request has been modified.

[TheRealAmazonKendra]

Looks good, just one more thing: Can you add one more test where there is already a policy document and test against the full output of that as well?

Pull request has been modified.

[watany-dev]

Looks good, just one more thing: Can you add one more test where there is already a policy document and test against the full output of that as well?

@TheRealAmazonKendra
I tried to fix the test. I hope there is a corresponding image.

[TheRealAmazonKendra]

Looks good, just one more thing: Can you add one more test where there is already a policy document and test against the full output of that as well?

@TheRealAmazonKendra I tried to fix the test. I hope there is a corresponding image.

That test is great. I'd like a second test, though, where there is an already existing policy statement within the policy document and that the entire policy document is as expected after performing the mutation on it with const artifact = new ecr.Repository(stack, 'Repo1').addToResourcePolicy(policyStmt); Your test shows that it adds the statement to an empty policy document properly, but let's make sure it also adds it correctly to one with content already in it.

Pull request has been modified.

[mergify]

Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

[aws-cdk-automation]

AWS CodeBuild CI Report

• CodeBuild project: AutoBuildv2Project1C6BFA3F-wQm2hXv2jqQv
• Commit ID: 12d28d8
• Result: SUCCEEDED
• Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

[mergify]

Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).