awspec 1.31.0 → 1.33.0

data/lib/awspec/generator/doc/type/backup_plan.rb

@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+module Awspec::Generator
+  module Doc
+    module Type
+      class BackupPlan < Base
+        def initialize
+          super
+          @type_name = 'BackupPlan'
+          @type = Awspec::Type::BackupPlan.new('my-backup-plan')
+          @ret = @type.resource_via_client
+          @matchers = []
+          @ignore_matchers = []
+          @describes = []
+        end
+      end
+    end
+  end
+end

data/lib/awspec/generator/doc/type/backup_selection.rb

@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+module Awspec::Generator
+  module Doc
+    module Type
+      class BackupSelection < Base
+        def initialize
+          super
+          @type_name = 'BackupSelection'
+          @type = Awspec::Type::BackupSelection.new('my-backup-selection')
+          @ret = @type.resource_via_client
+          @matchers = []
+          @ignore_matchers = []
+          @describes = []
+        end
+      end
+    end
+  end
+end

data/lib/awspec/generator/doc/type/backup_vault.rb

@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+module Awspec::Generator
+  module Doc
+    module Type
+      class BackupVault < Base
+        def initialize
+          super
+          @type_name = 'BackupVault'
+          @type = Awspec::Type::BackupVault.new('my-backup-vault')
+          @ret = @type.resource_via_client
+          @matchers = []
+          @ignore_matchers = []
+          @describes = []
+        end
+      end
+    end
+  end
+end

data/lib/awspec/generator/doc/type/codepipeline.rb

@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+module Awspec::Generator
+  module Doc
+    module Type
+      class Codepipeline < Base
+        def initialize
+          super
+          @type_name = 'Codepipeline'
+          @type = Awspec::Type::Codepipeline.new('my-codepipeline')
+          @ret = @type.resource_via_client
+          @matchers = []
+          @ignore_matchers = []
+          @describes = []
+        end
+      end
+    end
+  end
+end

data/lib/awspec/generator/doc/type/wafv2_ip_set.rb

@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+module Awspec::Generator
+  module Doc
+    module Type
+      class Wafv2IpSet < Base
+        def initialize
+          super
+          @type_name = 'Wafv2IpSet'
+          @type = Awspec::Type::Wafv2IpSet.new('my-wafv2-ip-set')
+          @ret = @type.resource_via_client
+          @matchers = []
+          @ignore_matchers = []
+          @describes = []
+        end
+      end
+    end
+  end
+end

data/lib/awspec/generator/doc/type/wafv2_web_acl.rb

@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+module Awspec::Generator
+  module Doc
+    module Type
+      class Wafv2WebAcl < Base
+        def initialize
+          super
+          @type_name = 'Wafv2WebAcl'
+          @type = Awspec::Type::Wafv2WebAcl.new('my-wafv2-web-acl')
+          @ret = @type.resource_via_client
+          @matchers = []
+          @ignore_matchers = []
+          @describes = []
+        end
+      end
+    end
+  end
+end

data/lib/awspec/generator/spec/codepipeline.rb

@@ -0,0 +1,29 @@
+# frozen_string_literal: true
+
+module Awspec::Generator
+  module Spec
+    class Codepipeline
+      include Awspec::Helper::Finder
+      def generate_all
+        pipelines = select_all_codepipelines
+        raise 'Not Found CodePipeline' if pipelines.empty?
+
+        ERB.new(codepipeline_spec_template, nil, '-').result(binding).chomp
+      end
+
+      def codepipeline_spec_template
+        <<-'EOF'
+<% pipelines.each do |pipeline| %>
+describe codepipeline('<%= pipeline.name %>') do
+  it { should exist }
+  its(:name) { should eq '<%= pipeline.name %>' }
+  its(:version) { should eq <%= pipeline.version %> }
+  its(:pipeline_type) { should eq '<%= pipeline.pipeline_type %>' }
+  its(:execution_mode) { should eq '<%= pipeline.execution_mode %>' }
+end
+<% end %>
+EOF
+      end
+    end
+  end
+end

data/lib/awspec/generator/spec/wafv2_ip_set.rb

@@ -0,0 +1,35 @@
+# frozen_string_literal: true
+
+module Awspec::Generator
+  module Spec
+    class Wafv2IpSet
+      include Awspec::Helper::Finder
+      def generate_by_scope(scope)
+        ip_sets = select_all_ip_sets(scope)
+        raise 'Not Found WAFV2 IP sets' if ip_sets.empty?
+
+        specs = ip_sets.map do |i|
+          ip_set = get_ip_set(scope, i.name, i.id)
+          ERB.new(wafv2_ip_set_spec_template, nil, '-').result(binding).gsub(/^\n/, '')
+        end
+        specs.join("\n")
+      end
+
+      def wafv2_ip_set_spec_template
+        <<-'EOF'
+describe wafv2_ip_set('<%= ip_set.name %>'), scope: '<%= scope %>' do
+  it { should exist }
+  its(:name) { should eq '<%= ip_set.name %>' }
+  its(:id) { should eq '<%= ip_set.id %>' }
+  its(:arn) { should eq '<%= ip_set.arn %>' }
+  its(:description) { should eq '<%= ip_set.description %>' }
+  its(:ip_address_version) { should eq '<%= ip_set.ip_address_version %>' }
+<% ip_set.addresses.each do |address| %>
+  it { should have_ip_address('<%= address %>') }
+<% end %>
+end
+EOF
+      end
+    end
+  end
+end

data/lib/awspec/generator/spec/wafv2_web_acl.rb

@@ -0,0 +1,39 @@
+# frozen_string_literal: true
+
+module Awspec::Generator
+  module Spec
+    class Wafv2WebAcl
+      include Awspec::Helper::Finder
+      def generate_by_scope(scope)
+        web_acls = select_all_web_acls(scope)
+        raise 'Not Found WAFV2 Web ACL' if web_acls.empty?
+
+        specs = web_acls.map do |acl|
+          web_acl = get_web_acl(scope, acl.name, acl.id)
+          ERB.new(wafv2_web_acl_spec_template, nil, '-').result(binding).gsub(/^\n/, '')
+        end
+        specs.join("\n")
+      end
+
+      def wafv2_web_acl_spec_template
+        <<-'EOF'
+describe wafv2_web_acl('<%= web_acl.name %>'), scope: '<%= scope %>' do
+  it { should exist }
+  its(:name) { should eq '<%= web_acl.name %>' }
+  its(:id) { should eq '<%= web_acl.id %>' }
+  its(:arn) { should eq '<%= web_acl.arn %>' }
+  its(:default_action) { should eq '<%= web_acl.default_action.allow ? 'ALLOW' : 'BLOCK' %>' }
+  its(:description) { should eq '<%= web_acl.description %>' }
+  its(:capacity) { should eq <%= web_acl.capacity %> }
+  its(:managed_by_firewall_manager) { should eq <%= web_acl.managed_by_firewall_manager %> }
+  its(:label_namespace) { should eq '<%= web_acl.label_namespace %>' }
+  its(:retrofitted_by_firewall_manager) { should eq <%= web_acl.retrofitted_by_firewall_manager %> }
+<% web_acl.rules.each do |rule| %>
+  it { should have_rule('<%= rule.name %>').order(<%= rule.priority %>) }
+<% end %>
+end
+EOF
+      end
+    end
+  end
+end

data/lib/awspec/generator.rb

@@ -44,6 +44,9 @@ require 'awspec/generator/spec/rds_proxy'
 require 'awspec/generator/spec/rds_db_cluster'
 require 'awspec/generator/spec/rds_global_cluster'
 require 'awspec/generator/spec/managed_prefix_list'
+require 'awspec/generator/spec/codepipeline'
+require 'awspec/generator/spec/wafv2_ip_set'
+require 'awspec/generator/spec/wafv2_web_acl'
 
 # Doc
 require 'awspec/generator/doc/type'

data/lib/awspec/helper/finder/backup.rb

@@ -0,0 +1,88 @@
+# frozen_string_literal: true
+
+module Awspec::Helper
+  module Finder
+    module Backup
+      def find_backup_vault(id)
+        selected = []
+        req = {}
+        loop do
+          res = backup_client.list_backup_vaults(req)
+          selected += res.backup_vault_list.select do |v|
+            v.backup_vault_name == id || v.backup_vault_arn == id
+          end
+          break if res.next_token.nil?
+
+          req[:next_token] = res.next_token
+        end
+        selected.single_resource(id)
+      rescue Aws::Backup::Errors::ResourceNotFoundException
+        nil
+      end
+
+      def find_backup_plan(id)
+        selected = []
+        req = {}
+        loop do
+          res = backup_client.list_backup_plans(req)
+          selected += res.backup_plans_list.select do |p|
+            p.backup_plan_name == id || p.backup_plan_arn == id || p.backup_plan_id == id
+          end
+          break if res.next_token.nil?
+
+          req[:next_token] = res.next_token
+        end
+        selected.single_resource(id)
+      rescue Aws::Backup::Errors::ResourceNotFoundException
+        nil
+      end
+
+      def find_backup_selection(id)
+        backup_plans = []
+        req = {}
+        loop do
+          res = backup_client.list_backup_plans(req)
+          backup_plans += res.backup_plans_list.map { |p| p.backup_plan_id }
+          break if res.next_token.nil?
+
+          req[:next_token] = res.next_token
+        end
+
+        selected = []
+        next_token = nil
+
+        backup_plans.each do |plan_id|
+          loop do
+            res = backup_client.list_backup_selections({ backup_plan_id: plan_id, next_token: next_token })
+            selected += res.backup_selections_list.select do |s|
+              s.selection_id == id || s.selection_name == id
+            end
+            break if res.next_token.nil?
+
+            next_token = res.next_token
+          end
+        end
+        selected.single_resource(id)
+      rescue Aws::Backup::Errors::ResourceNotFoundException
+        nil
+      end
+
+      def locked?
+        resource_via_client.locked
+      end
+
+      def airgapped?
+        resource_via_client.vault_type == 'LOGICALLY_AIR_GAPPED_BACKUP_VAULT'
+      end
+
+      STATES = %w[
+        creating available failed
+      ]
+      STATES.each do |state|
+        define_method "#{state}?" do
+          resource_via_client.vault_state.downcase == state
+        end
+      end
+    end
+  end
+end

data/lib/awspec/helper/finder/codepipeline.rb

@@ -0,0 +1,25 @@
+# frozen_string_literal: true
+
+module Awspec::Helper
+  module Finder
+    module Codepipeline
+      def find_codepipeline(id)
+        res = codepipeline_client.get_pipeline({ name: id })
+        res.pipeline
+      end
+
+      def select_all_codepipelines
+        req = {}
+        pipelines = []
+        loop do
+          res = codepipeline_client.list_pipelines(req)
+          pipelines.push(*res.pipelines)
+          break if res.next_token.nil?
+
+          req[:next_token] = res.next_token
+        end
+        pipelines
+      end
+    end
+  end
+end

data/lib/awspec/helper/finder/transfer.rb

@@ -4,8 +4,28 @@ module Awspec::Helper
   module Finder
     module Transfer
       def find_transfer_server(id)
-        res = transfer_client.describe_server(server_id: id)
+        res = transfer_client.describe_server({ server_id: id })
         res.server
+      rescue Aws::Transfer::Errors::ValidationException, Aws::Transfer::Errors::ResourceNotFoundException
+        req = {}
+        servers = []
+        loop do
+          res = transfer_client.list_servers(req)
+          servers.push(*res.servers)
+          break if res.next_token.nil?
+
+          req[:next_token] = res.next_token
+        end
+
+        servers.each do |s|
+          server = transfer_client.describe_server({ server_id: s.server_id }).server
+          server.tags.each do |tag|
+            if tag.key == 'Name' && tag.value == id
+              return server
+            end
+          end
+        end
+        nil
       end
     end
   end

data/lib/awspec/helper/finder/vpc_endpoints.rb

@@ -11,8 +11,8 @@ module Awspec::Helper
         end
 
         resource = ret.single_resource(id)
-        return resource if resource
-
+        resource if resource
+      rescue Aws::EC2::Errors::InvalidVpcEndpointIdNotFound, Aws::EC2::Errors::InvalidVpcEndpointIdMalformed
         res = ec2_client.describe_vpc_endpoints({
                                                   filters: [{ name: 'tag:Name', values: [id] }]
                                                 })

data/lib/awspec/helper/finder/wafv2.rb

@@ -0,0 +1,47 @@
+# frozen_string_literal: true
+
+module Awspec::Helper
+  module Finder
+    module Wafv2
+      def find_ip_set(scope, name)
+        ip_sets = select_all_ip_sets(scope)
+        ip_set  = ip_sets.find do |i|
+          i.name == name
+        end
+        return false unless ip_set
+
+        get_ip_set(scope, name, ip_set.id)
+      end
+
+      def select_all_ip_sets(scope)
+        res = wafv2_client.list_ip_sets({ scope: scope })
+        res.ip_sets
+      end
+
+      def get_ip_set(scope, name, id)
+        res = wafv2_client.get_ip_set({ name: name, scope: scope, id: id })
+        res.ip_set
+      end
+
+      def find_web_acl(scope, name)
+        web_acls = select_all_web_acls(scope)
+        web_acl = web_acls.find do |acl|
+          acl.name == name
+        end
+        return false unless web_acl
+
+        get_web_acl(scope, name, web_acl.id)
+      end
+
+      def select_all_web_acls(scope)
+        res = wafv2_client.list_web_acls({ scope: scope })
+        res.web_acls
+      end
+
+      def get_web_acl(scope, name, id)
+        res = wafv2_client.get_web_acl({ name: name, scope: scope, id: id })
+        res.web_acl
+      end
+    end
+  end
+end

data/lib/awspec/helper/finder.rb

@@ -55,6 +55,9 @@ require 'awspec/helper/finder/cognito_user_pool'
 require 'awspec/helper/finder/msk'
 require 'awspec/helper/finder/cognito_identity_pool'
 require 'awspec/helper/finder/transfer'
+require 'awspec/helper/finder/codepipeline'
+require 'awspec/helper/finder/wafv2'
+require 'awspec/helper/finder/backup'
 
 require 'awspec/helper/finder/account_attributes'
 
@@ -117,6 +120,9 @@ module Awspec::Helper
     include Awspec::Helper::Finder::Msk
     include Awspec::Helper::Finder::CognitoIdentityPool
     include Awspec::Helper::Finder::Transfer
+    include Awspec::Helper::Finder::Codepipeline
+    include Awspec::Helper::Finder::Wafv2
+    include Awspec::Helper::Finder::Backup
 
     CLIENTS = {
       ec2_client: Aws::EC2::Client,
@@ -165,7 +171,10 @@ module Awspec::Helper
       msk_client: Aws::Kafka::Client,
       cognito_identity_client: Aws::CognitoIdentity::Client,
       cognito_identity_provider_client: Aws::CognitoIdentityProvider::Client,
-      transfer_client: Aws::Transfer::Client
+      transfer_client: Aws::Transfer::Client,
+      codepipeline_client: Aws::CodePipeline::Client,
+      wafv2_client: Aws::WAFV2::Client,
+      backup_client: Aws::Backup::Client
     }
 
     CLIENT_OPTIONS = {

data/lib/awspec/helper/type.rb

@@ -24,7 +24,8 @@ module Awspec
         internet_gateway acm cloudwatch_logs dynamodb_table eip sqs ssm_parameter cloudformation_stack
         codebuild sns_topic redshift redshift_cluster_parameter_group codedeploy codedeploy_deployment_group
         secretsmanager msk transit_gateway cognito_identity_pool cognito_user_pool vpc_endpoints
-        transfer_server managed_prefix_list
+        transfer_server managed_prefix_list codepipeline wafv2_ip_set wafv2_web_acl
+        backup_vault backup_plan backup_selection
       ]
 
       ACCOUNT_ATTRIBUTES = %w[

data/lib/awspec/matcher/belong_to_backup_plan.rb

@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+
+RSpec::Matchers.define :belong_to_backup_plan do |plan|
+  match do |type|
+    return true if type.backup_plan_id == plan
+
+    ret = type.find_backup_plan(plan)
+    return false unless ret
+
+    type.backup_plan_id == (ret.backup_plan_id)
+  end
+end

data/lib/awspec/matcher/have_rule.rb

@@ -4,6 +4,7 @@ RSpec::Matchers.define :have_rule do |rule_id|
   match do |type|
     return type.has_rule?(rule_id, @priority, @action) if type.instance_of?(Awspec::Type::WafWebAcl)
     return type.has_rule?(rule_id, @priority, @action) if type.instance_of?(Awspec::Type::WafregionalWebAcl)
+    return type.has_rule?(rule_id, @priority, @action, @override_action) if type.instance_of?(Awspec::Type::Wafv2WebAcl)
     return type.has_rule?(rule_id, @priority, @conditions, @actions) if type.instance_of?(Awspec::Type::AlbListener)
 
     type.has_rule?(rule_id, @priority, @conditions, @actions) if type.instance_of?(Awspec::Type::NlbListener)
@@ -21,6 +22,10 @@ RSpec::Matchers.define :have_rule do |rule_id|
     @action = action
   end
 
+  chain :override_action do |override_action|
+    @override_action = override_action
+  end
+
   chain :conditions do |conditions|
     @conditions = conditions
   end

data/lib/awspec/matcher.rb

@@ -93,3 +93,6 @@ require 'awspec/matcher/have_env_var_value'
 
 # ManagedPrefixList
 require 'awspec/matcher/have_cidr'
+
+# BackupSelection
+require 'awspec/matcher/belong_to_backup_plan'

data/lib/awspec/shared_context.rb

@@ -38,3 +38,9 @@ shared_context 'application_name', :application_name do
     example.metadata[:described_class].application_name = example.metadata[:application_name]
   end
 end
+
+shared_context 'scope', :scope do
+  before do |example|
+    example.metadata[:described_class].scope = example.metadata[:scope]
+  end
+end

data/lib/awspec/stub/backup_plan.rb

@@ -0,0 +1,33 @@
+# frozen_string_literal: true
+
+Aws.config[:backup] = {
+  stub_responses: {
+    list_backup_plans: {
+      backup_plans_list: [
+        {
+          backup_plan_arn: 'arn:aws:backup:us-west-2:111122223333:backup-plan:a460d5d5-d30b-4631-8014-38c58e3c72ca',
+          backup_plan_id: 'a460d5d5-d30b-4631-8014-38c58e3c72ca',
+          creation_date: Time.new(2016, 4, 4, 9, 00, 00, '+00:00'),
+          deletion_date: nil,
+          version_id: 'kMlWPgkmipEb4I9gOEZpdoQiMgxP5KIizKLDhhblGiixgahy',
+          backup_plan_name: 'old-obsolete-plan',
+          creator_request_id: nil,
+          last_execution_date: Time.new(2016, 10, 4, 9, 00, 00, '+00:00'),
+          advanced_backup_settings: nil
+        },
+        {
+          backup_plan_arn: 'arn:aws:backup:us-west-2:111122223333:backup-plan:fff3e784-1a0f-4e7c-8fe9-ba69825f7c00',
+          backup_plan_id: 'fff3e784-1a0f-4e7c-8fe9-ba69825f7c00',
+          creation_date: Time.new(2016, 10, 4, 9, 00, 00, '+00:00'),
+          deletion_date: nil,
+          version_id: 'disFW7K0dOAjTaMWKYlhEyScjBhmi5kKGf7BrY7i1BG8F8wB',
+          backup_plan_name: 'my-backup-plan',
+          creator_request_id: nil,
+          last_execution_date: Time.new(2025, 10, 4, 9, 00, 00, '+00:00'),
+          advanced_backup_settings: nil
+        }
+      ],
+      next_token: nil
+    }
+  }
+}

data/lib/awspec/stub/backup_selection.rb

@@ -0,0 +1,33 @@
+# frozen_string_literal: true
+
+Aws.config[:backup] = {
+  stub_responses: {
+    list_backup_plans: {
+      backup_plans_list: [
+        {
+          backup_plan_arn: 'arn:aws:backup:us-west-2:111122223333:backup-plan:fff3e784-1a0f-4e7c-8fe9-ba69825f7c00',
+          backup_plan_id: 'fff3e784-1a0f-4e7c-8fe9-ba69825f7c00',
+          creation_date: Time.new(2016, 10, 4, 9, 00, 00, '+00:00'),
+          deletion_date: nil,
+          version_id: 'disFW7K0dOAjTaMWKYlhEyScjBhmi5kKGf7BrY7i1BG8F8wB',
+          backup_plan_name: 'my-backup-plan',
+          creator_request_id: nil,
+          last_execution_date: Time.new(2025, 10, 4, 9, 00, 00, '+00:00'),
+          advanced_backup_settings: nil
+        }
+      ],
+      next_token: nil
+    },
+    list_backup_selections: {
+      backup_selections_list: [
+        selection_id: '01dfb41f-c3ca-4b45-91e7-63ef43fe7231',
+        selection_name: 'my-backup-selection',
+        backup_plan_id: 'fff3e784-1a0f-4e7c-8fe9-ba69825f7c00',
+        creation_date: Time.new(2016, 10, 4, 9, 00, 00, '+00:00'),
+        creator_request_id: nil,
+        iam_role_arn: 'arn:aws:iam::111122223333:role/service-role/my-backup-service-role'
+      ],
+      next_token: nil
+    }
+  }
+}

data/lib/awspec/stub/backup_vault.rb

@@ -0,0 +1,53 @@
+# frozen_string_literal: true
+
+Aws.config[:backup] = {
+  stub_responses: {
+    list_backup_vaults: {
+      backup_vault_list: [
+        {
+          backup_vault_name: 'Default',
+          backup_vault_arn: 'arn:aws:backup:us-west-2:111122223333:backup-vault:Default',
+          vault_type: 'BACKUP_VAULT',
+          vault_state: 'AVAILABLE',
+          creation_date: Time.new(2024, 4, 4, 9, 00, 00, '+00:00'),
+          encryption_key_arn: 'arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab',
+          creator_request_id: 'Default',
+          number_of_recovery_points: 0,
+          locked: false,
+          min_retention_days: nil,
+          max_retention_days: nil,
+          lock_date: nil
+        },
+        {
+          backup_vault_name: 'my-backup-vault',
+          backup_vault_arn: 'arn:aws:backup:us-west-2:111122223333:backup-vault:my-vault',
+          vault_type: 'BACKUP_VAULT',
+          vault_state: 'AVAILABLE',
+          creation_date: Time.new(2024, 4, 4, 9, 00, 00, '+00:00'),
+          encryption_key_arn: 'arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab',
+          creator_request_id: 'Default',
+          number_of_recovery_points: 123,
+          locked: true,
+          min_retention_days: 7,
+          max_retention_days: 35,
+          lock_date: Time.new(2024, 10, 4, 9, 00, 00, '+00:00')
+        },
+        {
+          backup_vault_name: 'my-airgapped-vault',
+          backup_vault_arn: 'arn:aws:backup:us-west-2:111122223333:backup-vault:my-airgapped-vault',
+          vault_type: 'LOGICALLY_AIR_GAPPED_BACKUP_VAULT',
+          vault_state: 'AVAILABLE',
+          creation_date: Time.new(2024, 4, 4, 9, 00, 00, '+00:00'),
+          encryption_key_arn: 'arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab',
+          creator_request_id: nil,
+          number_of_recovery_points: 12,
+          locked: false,
+          min_retention_days: 30,
+          max_retention_days: 30,
+          lock_date: nil
+        }
+      ],
+      next_token: nil
+    }
+  }
+}

data/lib/awspec/stub/cloudfront_distribution.rb

@@ -17,7 +17,6 @@ Aws.config[:cloudfront] = {
               status: 'Deployed',
               last_modified_time: Time.new(2015, 1, 2, 10, 00, 00, '+00:00'),
               domain_name: 'abcdefghijklmn.cloudfront.net',
-              staging: false,
               aliases: {
                 quantity: 0,
                 items: []
@@ -117,7 +116,6 @@ Aws.config[:cloudfront] = {
               status: 'Deployed',
               last_modified_time: Time.new(2016, 3, 2, 10, 00, 00, '+00:00'),
               domain_name: '123456789zyxw.cloudfront.net',
-              staging: false,
               aliases: {
                 quantity: 1,
                 items: ['cf-s3-origin-hosting.dev.example.com']