fix: AthenaWorkgroupEncryptedQueryResults property deprecation errors (…

…#804)
cdklabs · Apr 23, 2022 · bb23593 · bb23593
1 parent d91aaef
commit bb23593
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 117 deletions.
diff --git a/src/rules/athena/AthenaWorkgroupEncryptedQueryResults.ts b/src/rules/athena/AthenaWorkgroupEncryptedQueryResults.ts
@@ -17,62 +17,24 @@ export default Object.defineProperty(
       const workGroupConfiguration = Stack.of(node).resolve(
         node.workGroupConfiguration
       );
-      if (workGroupConfiguration == undefined) {
-        const workGroupConfigurationUpdates = Stack.of(node).resolve(
-          node.workGroupConfigurationUpdates
-        );
-        if (workGroupConfigurationUpdates == undefined) {
-          return NagRuleCompliance.NON_COMPLIANT;
-        }
-        const resultConfigurationUpdates = Stack.of(node).resolve(
-          workGroupConfigurationUpdates.resultConfigurationUpdates
-        );
-        if (resultConfigurationUpdates != undefined) {
-          const removeEncryptionConfiguration = NagRules.resolveIfPrimitive(
-            node,
-            resultConfigurationUpdates.removeEncryptionConfiguration
-          );
-          const encryptionConfiguration = Stack.of(node).resolve(
-            resultConfigurationUpdates.encryptionConfiguration
-          );
-          const enforceWorkGroupConfiguration = NagRules.resolveIfPrimitive(
-            node,
-            workGroupConfigurationUpdates.enforceWorkGroupConfiguration
-          );
-          if (
-            removeEncryptionConfiguration &&
-            encryptionConfiguration == undefined
-          ) {
-            return NagRuleCompliance.NON_COMPLIANT;
-          } else if (
-            encryptionConfiguration != undefined &&
-            !enforceWorkGroupConfiguration
-          ) {
-            return NagRuleCompliance.NON_COMPLIANT;
-          }
-        }
-      } else {
-        const enforceWorkGroupConfiguration = NagRules.resolveIfPrimitive(
-          node,
-          workGroupConfiguration.enforceWorkGroupConfiguration
-        );
-        if (!enforceWorkGroupConfiguration) {
-          return NagRuleCompliance.NON_COMPLIANT;
-        }
-        const resultConfiguration = Stack.of(node).resolve(
-          workGroupConfiguration.resultConfiguration
-        );
-
-        if (resultConfiguration == undefined) {
-          return NagRuleCompliance.NON_COMPLIANT;
-        }
-        const encryptionConfiguration = Stack.of(node).resolve(
-          resultConfiguration.encryptionConfiguration
-        );
-
-        if (encryptionConfiguration == undefined) {
-          return NagRuleCompliance.NON_COMPLIANT;
-        }
+      const enforceWorkGroupConfiguration = NagRules.resolveIfPrimitive(
+        node,
+        workGroupConfiguration?.enforceWorkGroupConfiguration
+      );
+      if (!enforceWorkGroupConfiguration) {
+        return NagRuleCompliance.NON_COMPLIANT;
+      }
+      const resultConfiguration = Stack.of(node).resolve(
+        workGroupConfiguration.resultConfiguration
+      );
+      if (resultConfiguration === undefined) {
+        return NagRuleCompliance.NON_COMPLIANT;
+      }
+      const encryptionConfiguration = Stack.of(node).resolve(
+        resultConfiguration.encryptionConfiguration
+      );
+      if (encryptionConfiguration === undefined) {
+        return NagRuleCompliance.NON_COMPLIANT;
       }
       return NagRuleCompliance.COMPLIANT;
     } else {

diff --git a/test/rules/Athena.test.ts b/test/rules/Athena.test.ts
@@ -60,43 +60,6 @@ describe('Amazon Athena', () => {
       });
       validateStack(stack, ruleId, TestType.NON_COMPLIANCE);
     });
-    test('Noncompliance 5', () => {
-      new CfnWorkGroup(stack, 'rWorkgroup', {
-        name: 'foo',
-        workGroupConfigurationUpdates: {
-          enforceWorkGroupConfiguration: false,
-          resultConfigurationUpdates: {
-            removeEncryptionConfiguration: true,
-          },
-        },
-      });
-      validateStack(stack, ruleId, TestType.NON_COMPLIANCE);
-    });
-    test('Noncompliance 6', () => {
-      new CfnWorkGroup(stack, 'rWorkgroup', {
-        name: 'foo',
-        workGroupConfigurationUpdates: {
-          enforceWorkGroupConfiguration: true,
-          resultConfigurationUpdates: {
-            removeEncryptionConfiguration: true,
-          },
-        },
-      });
-      validateStack(stack, ruleId, TestType.NON_COMPLIANCE);
-    });
-    test('Noncompliance 7', () => {
-      new CfnWorkGroup(stack, 'rWorkgroup', {
-        name: 'foo',
-        workGroupConfigurationUpdates: {
-          resultConfigurationUpdates: {
-            encryptionConfiguration: {
-              encryptionOption: 'SSE_S3',
-            },
-          },
-        },
-      });
-      validateStack(stack, ruleId, TestType.NON_COMPLIANCE);
-    });
     test('Compliance', () => {
       new CfnWorkGroup(stack, 'rWorkgroup', {
         name: 'foo',
@@ -109,30 +72,6 @@ describe('Amazon Athena', () => {
           },
         },
       });
-      new CfnWorkGroup(stack, 'rWorkgroup2', {
-        name: 'foo',
-        workGroupConfigurationUpdates: {
-          enforceWorkGroupConfiguration: true,
-          resultConfigurationUpdates: {
-            encryptionConfiguration: {
-              encryptionOption: 'SSE_S3',
-            },
-          },
-        },
-      });
-      new CfnWorkGroup(stack, 'rWorkgroup3', {
-        name: 'foo',
-        workGroupConfigurationUpdates: {
-          requesterPaysEnabled: true,
-        },
-      });
-      new CfnWorkGroup(stack, 'rWorkgroup4', {
-        name: 'foo',
-        workGroupConfigurationUpdates: {
-          enforceWorkGroupConfiguration: true,
-          requesterPaysEnabled: true,
-        },
-      });
       validateStack(stack, ruleId, TestType.COMPLIANCE);
     });
   });