chore(iam): migrate tests to assertions (#18488)

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

Author: rix0rrr

packages/@aws-cdk/aws-iam/package.json

@@ -79,7 +79,6 @@
   },
   "license": "Apache-2.0",
   "devDependencies": {
-    "@aws-cdk/assert-internal": "0.0.0",
     "@aws-cdk/assertions": "0.0.0",
     "@aws-cdk/cdk-build-tools": "0.0.0",
     "@aws-cdk/cdk-integ-tools": "0.0.0",

packages/@aws-cdk/aws-iam/test/access-key.test.ts

@@ -1,4 +1,4 @@
-import '@aws-cdk/assert-internal/jest';
+import { Template } from '@aws-cdk/assertions';
 import { App, Stack } from '@aws-cdk/core';
 import { AccessKey, AccessKeyStatus, User } from '../lib';
 
@@ -13,7 +13,7 @@ describe('IAM Access keys', () => {
     new AccessKey(stack, 'MyAccessKey', { user });
 
     // THEN
-    expect(stack).toMatchTemplate({
+    Template.fromStack(stack).templateMatches({
       Resources: {
         MyUserDC45028B: {
           Type: 'AWS::IAM::User',
@@ -38,7 +38,7 @@ describe('IAM Access keys', () => {
     new AccessKey(stack, 'MyAccessKey', { user, status: AccessKeyStatus.ACTIVE });
 
     // THEN
-    expect(stack).toHaveResourceLike('AWS::IAM::AccessKey', { Status: 'Active' });
+    Template.fromStack(stack).hasResourceProperties('AWS::IAM::AccessKey', { Status: 'Active' });
   });
 
   test('inactive status is specified with correct capitalization', () => {
@@ -54,7 +54,7 @@ describe('IAM Access keys', () => {
     });
 
     // THEN
-    expect(stack).toHaveResourceLike('AWS::IAM::AccessKey', {
+    Template.fromStack(stack).hasResourceProperties('AWS::IAM::AccessKey', {
       Status: 'Inactive',
     });
   });

packages/@aws-cdk/aws-iam/test/auto-cross-stack-refs.test.ts

@@ -1,5 +1,4 @@
-import { SynthUtils } from '@aws-cdk/assert-internal';
-import '@aws-cdk/assert-internal/jest';
+import { Template } from '@aws-cdk/assertions';
 import * as cdk from '@aws-cdk/core';
 import * as iam from '../lib';
 
@@ -25,7 +24,7 @@ describe('automatic cross-stack references', () => {
     //
 
     // THEN
-    expect(stackWithUser).toMatchTemplate({
+    Template.fromStack(stackWithUser).templateMatches({
       Resources: {
         User00B015A1: {
           Type: 'AWS::IAM::User',
@@ -35,7 +34,7 @@ describe('automatic cross-stack references', () => {
         },
       },
     });
-    expect(stackWithGroup).toMatchTemplate({
+    Template.fromStack(stackWithGroup).templateMatches({
       Outputs: {
         ExportsOutputRefGroupC77FDACD8CF7DD5B: {
           Value: { Ref: 'GroupC77FDACD' },
@@ -59,6 +58,6 @@ describe('automatic cross-stack references', () => {
     group.addUser(user);
 
     // THEN
-    expect(() => SynthUtils.synthesize(stack1)).toThrow(/Cannot reference across apps/);
+    expect(() => cdk.App.of(stack1)!.synth()).toThrow(/Cannot reference across apps/);
   });
 });

packages/@aws-cdk/aws-iam/test/cross-account.test.ts

@@ -1,4 +1,4 @@
-import '@aws-cdk/assert-internal/jest';
+import { Template } from '@aws-cdk/assertions';
 import * as cdk from '@aws-cdk/core';
 import * as constructs from 'constructs';
 import * as iam from '../lib';
@@ -191,7 +191,7 @@ function doGrant(resource: FakeResource, principal: iam.IPrincipal) {
 }
 
 function assertTrustCreated(stack: cdk.Stack, principal: any) {
-  expect(stack).toHaveResource('Test::Fake::Resource', {
+  Template.fromStack(stack).hasResourceProperties('Test::Fake::Resource', {
     ResourcePolicy: {
       Statement: [
         {
@@ -207,17 +207,17 @@ function assertTrustCreated(stack: cdk.Stack, principal: any) {
 }
 
 function noTrustCreated(stack: cdk.Stack) {
-  expect(stack).not.toHaveResourceLike('Test::Fake::Resource', {
+  expect(Template.fromStack(stack).findResources('Test::Fake::Resource', {
     ResourcePolicy: {
       Statement: [
         {},
       ],
     },
-  });
+  })).toEqual({});
 }
 
 function assertPolicyCreated(stack: cdk.Stack) {
-  expect(stack).toHaveResource('AWS::IAM::Policy', {
+  Template.fromStack(stack).hasResourceProperties('AWS::IAM::Policy', {
     PolicyDocument: {
       Statement: [
         {
@@ -232,5 +232,5 @@ function assertPolicyCreated(stack: cdk.Stack) {
 }
 
 function noPolicyCreated(stack: cdk.Stack) {
-  expect(stack).not.toHaveResource('AWS::IAM::Policy');
+  Template.fromStack(stack).resourceCountIs('AWS::IAM::Policy', 0);
 }

packages/@aws-cdk/aws-iam/test/escape-hatch.test.ts

@@ -1,7 +1,7 @@
 // tests for the L1 escape hatches (overrides). those are in the IAM module
 // because we want to verify them end-to-end, as a complement to the unit
 // tests in the @aws-cdk/core module
-import '@aws-cdk/assert-internal/jest';
+import { Template } from '@aws-cdk/assertions';
 import { Stack } from '@aws-cdk/core';
 import * as iam from '../lib';
 
@@ -17,7 +17,7 @@ describe('IAM escape hatches', () => {
     const cfn = user.node.findChild('Resource') as iam.CfnUser;
     cfn.addPropertyOverride('UserName', 'OverriddenUserName');
 
-    expect(stack).toMatchTemplate({
+    Template.fromStack(stack).templateMatches({
       'Resources': {
         'user2C2B57AE': {
           'Type': 'AWS::IAM::User',
@@ -39,7 +39,7 @@ describe('IAM escape hatches', () => {
     cfn.addPropertyOverride('Hello.World', 'Boom');
 
     // THEN
-    expect(stack).toMatchTemplate({
+    Template.fromStack(stack).templateMatches({
       'Resources': {
         'user2C2B57AE': {
           'Type': 'AWS::IAM::User',
@@ -69,7 +69,7 @@ describe('IAM escape hatches', () => {
     cfn.addOverride('UpdatePolicy.UseOnlineResharding.Type', 'None');
 
     // THEN
-    expect(stack).toMatchTemplate({
+    Template.fromStack(stack).templateMatches({
       'Resources': {
         'user2C2B57AE': {
           'Type': 'AWS::IAM::User',

packages/@aws-cdk/aws-iam/test/grant.test.ts

@@ -1,5 +1,4 @@
-import { ResourcePart } from '@aws-cdk/assert-internal';
-import '@aws-cdk/assert-internal/jest';
+import { Template } from '@aws-cdk/assertions';
 import { CfnResource, Resource, Stack } from '@aws-cdk/core';
 import { Construct } from 'constructs';
 import * as iam from '../lib';
@@ -109,9 +108,9 @@ function applyGrantWithDependencyTo(principal: iam.IPrincipal) {
 }
 
 function expectDependencyOn(id: string) {
-  expect(stack).toHaveResource('CDK::Test::SomeResource', (props: any) => {
+  Template.fromStack(stack).hasResource('CDK::Test::SomeResource', (props: any) => {
     return (props?.DependsOn ?? []).includes(id);
-  }, ResourcePart.CompleteDefinition);
+  });
 }
 
 class FakeResourceWithPolicy extends Resource implements iam.IResourceWithPolicy {

packages/@aws-cdk/aws-iam/test/group.test.ts

@@ -1,4 +1,4 @@
-import '@aws-cdk/assert-internal/jest';
+import { Template } from '@aws-cdk/assertions';
 import { App, Stack } from '@aws-cdk/core';
 import { Group, ManagedPolicy, User } from '../lib';
 
@@ -8,7 +8,7 @@ describe('IAM groups', () => {
     const stack = new Stack(app, 'MyStack');
     new Group(stack, 'MyGroup');
 
-    expect(stack).toMatchTemplate({
+    Template.fromStack(stack).templateMatches({
       Resources: { MyGroupCBA54B1B: { Type: 'AWS::IAM::Group' } },
     });
   });
@@ -22,7 +22,7 @@ describe('IAM groups', () => {
     user1.addToGroup(group);
     group.addUser(user2);
 
-    expect(stack).toMatchTemplate({
+    Template.fromStack(stack).templateMatches({
       Resources:
       {
         MyGroupCBA54B1B: { Type: 'AWS::IAM::Group' },
@@ -50,7 +50,7 @@ describe('IAM groups', () => {
     });
 
     // THEN
-    expect(stack).toHaveResource('AWS::IAM::Group', {
+    Template.fromStack(stack).hasResourceProperties('AWS::IAM::Group', {
       ManagedPolicyArns: [
         { 'Fn::Join': ['', ['arn:', { Ref: 'AWS::Partition' }, ':iam::aws:policy/asdf']] },
       ],

packages/@aws-cdk/aws-iam/test/immutable-role.test.ts

@@ -1,4 +1,4 @@
-import '@aws-cdk/assert-internal/jest';
+import { Template } from '@aws-cdk/assertions';
 import { Stack } from '@aws-cdk/core';
 import * as iam from '../lib';
 
@@ -33,7 +33,7 @@ describe('ImmutableRole', () => {
 
     immutableRole.attachInlinePolicy(policy);
 
-    expect(stack).toHaveResource('AWS::IAM::Policy', {
+    Template.fromStack(stack).hasResourceProperties('AWS::IAM::Policy', {
       'PolicyDocument': {
         'Statement': [
           {
@@ -58,7 +58,7 @@ describe('ImmutableRole', () => {
 
     immutableRole.addManagedPolicy({ managedPolicyArn: 'Arn2' });
 
-    expect(stack).toHaveResourceLike('AWS::IAM::Role', {
+    Template.fromStack(stack).hasResourceProperties('AWS::IAM::Role', {
       'ManagedPolicyArns': [
         'Arn1',
       ],
@@ -76,7 +76,7 @@ describe('ImmutableRole', () => {
       actions: ['s3:*'],
     }));
 
-    expect(stack).toHaveResource('AWS::IAM::Policy', {
+    Template.fromStack(stack).hasResourceProperties('AWS::IAM::Policy', {
       'PolicyDocument': {
         'Version': '2012-10-17',
         'Statement': [
@@ -98,7 +98,7 @@ describe('ImmutableRole', () => {
       resourceArns: ['*'],
     });
 
-    expect(stack).not.toHaveResourceLike('AWS::IAM::Policy', {
+    expect(Template.fromStack(stack).findResources('AWS::IAM::Policy', {
       'PolicyDocument': {
         'Statement': [
           {
@@ -108,7 +108,7 @@ describe('ImmutableRole', () => {
           },
         ],
       },
-    });
+    })).toEqual({});
   });
 
   // this pattern is used here:

packages/@aws-cdk/aws-iam/test/lazy-role.test.ts

@@ -1,4 +1,4 @@
-import '@aws-cdk/assert-internal/jest';
+import { Template } from '@aws-cdk/assertions';
 import * as cdk from '@aws-cdk/core';
 import * as iam from '../lib';
 
@@ -13,7 +13,7 @@ describe('IAM lazy role', () => {
     });
 
     // THEN
-    expect(stack).not.toHaveResource('AWS::IAM::Role');
+    Template.fromStack(stack).resourceCountIs('AWS::IAM::Role', 0);
   });
 
   test('creates the resource when a property is read', () => {
@@ -27,7 +27,7 @@ describe('IAM lazy role', () => {
 
     // THEN
     expect(roleArn).not.toBeNull();
-    expect(stack).toHaveResource('AWS::IAM::Role', {
+    Template.fromStack(stack).hasResourceProperties('AWS::IAM::Role', {
       AssumeRolePolicyDocument: {
         Version: '2012-10-17',
         Statement: [{

packages/@aws-cdk/aws-iam/test/managed-policy.test.ts

@@ -1,4 +1,4 @@
-import '@aws-cdk/assert-internal/jest';
+import { Template } from '@aws-cdk/assertions';
 import * as cdk from '@aws-cdk/core';
 import { Group, ManagedPolicy, PolicyDocument, PolicyStatement, Role, ServicePrincipal, User } from '../lib';
 
@@ -49,7 +49,7 @@ describe('managed policy', () => {
     const group = new Group(stack, 'MyGroup');
     group.addManagedPolicy(policy);
 
-    expect(stack).toMatchTemplate({
+    Template.fromStack(stack).templateMatches({
       Resources: {
         MyManagedPolicy9F3720AE: {
           Type: 'AWS::IAM::ManagedPolicy',
@@ -89,7 +89,7 @@ describe('managed policy', () => {
       }),
     });
 
-    expect(stack).toMatchTemplate({
+    Template.fromStack(stack).templateMatches({
       Resources: {
         MyManagedPolicy9F3720AE: {
           Type: 'AWS::IAM::ManagedPolicy',
@@ -120,7 +120,7 @@ describe('managed policy', () => {
       statements: [new PolicyStatement({ resources: ['arn'], actions: ['sns:Subscribe'] })],
     });
 
-    expect(stack).toMatchTemplate({
+    Template.fromStack(stack).templateMatches({
       Resources: {
         MyManagedPolicy9F3720AE: {
           Type: 'AWS::IAM::ManagedPolicy',
@@ -148,7 +148,7 @@ describe('managed policy', () => {
     const group = new Group(stack, 'MyGroup');
     group.addManagedPolicy(policy);
 
-    expect(stack).toMatchTemplate({
+    Template.fromStack(stack).templateMatches({
       Resources: {
         MyManagedPolicy9F3720AE: {
           Type: 'AWS::IAM::ManagedPolicy',
@@ -192,7 +192,7 @@ describe('managed policy', () => {
       statements: [new PolicyStatement({ resources: ['*'], actions: ['dynamodb:PutItem'] })],
     });
 
-    expect(stack).toMatchTemplate({
+    Template.fromStack(stack).templateMatches({
       Resources: {
         User1E278A736: { Type: 'AWS::IAM::User' },
         Group1BEBD4686: { Type: 'AWS::IAM::Group' },
@@ -248,7 +248,7 @@ describe('managed policy', () => {
     p.attachToRole(role);
     p.attachToRole(role);
 
-    expect(stack).toMatchTemplate({
+    Template.fromStack(stack).templateMatches({
       Resources: {
         MyManagedPolicy9F3720AE: {
           Type: 'AWS::IAM::ManagedPolicy',
@@ -295,7 +295,7 @@ describe('managed policy', () => {
     p.attachToRole(new Role(stack, 'Role1', { assumedBy: new ServicePrincipal('test.service') }));
     p.addStatements(new PolicyStatement({ resources: ['*'], actions: ['dynamodb:GetItem'] }));
 
-    expect(stack).toMatchTemplate({
+    Template.fromStack(stack).templateMatches({
       Resources: {
         MyManagedPolicy9F3720AE: {
           Type: 'AWS::IAM::ManagedPolicy',
@@ -346,7 +346,7 @@ describe('managed policy', () => {
 
     policy.addStatements(new PolicyStatement({ resources: ['*'], actions: ['*'] }));
 
-    expect(stack).toMatchTemplate({
+    Template.fromStack(stack).templateMatches({
       Resources: {
         MyManagedPolicy9F3720AE: {
           Type: 'AWS::IAM::ManagedPolicy',
@@ -390,7 +390,7 @@ describe('managed policy', () => {
     group.addManagedPolicy(policy);
     role.addManagedPolicy(policy);
 
-    expect(stack).toMatchTemplate({
+    Template.fromStack(stack).templateMatches({
       Resources: {
         MyUserDC45028B: {
           Type: 'AWS::IAM::User',
@@ -466,7 +466,7 @@ describe('managed policy', () => {
     group.addManagedPolicy(policy);
     role.addManagedPolicy(policy);
 
-    expect(stack).toMatchTemplate({
+    Template.fromStack(stack).templateMatches({
       Resources: {
         MyUserDC45028B: {
           Type: 'AWS::IAM::User',
@@ -594,7 +594,7 @@ describe('managed policy', () => {
       value: mp.managedPolicyArn,
     });
 
-    expect(stack2).toMatchTemplate({
+    Template.fromStack(stack2).templateMatches({
       Outputs: {
         Output: {
           Value: {