Skip to content

Commit

Permalink
fix(custom-resources): bad payload deserialization
Browse files Browse the repository at this point in the history 
When `AwsCustomResource` was updated to use sdkv3, it wasn't updated to
correctly handle the change in returned value when calling
`lambda.invokeFunction`. The payload property was changed from type
`Buffer` to `Uint8Array` to increase compatibility in browsers.

Added a check in the `flatten` function used to format payloads in
`AwsCustomResource`'s runtime to correctly decode values if they are a
typed array or a buffer.

Created a new integ test which fails to deploy if the payload property
is not serialized correctly and able to be made a Cfn output.

Fixes: #26730
  • Loading branch information
@MrArnoldPalmer
MrArnoldPalmer committed Aug 17, 2023
1 parent ecb34bb commit 5cdb425
Show file tree
Hide file tree
Showing 15 changed files with 2,151 additions and 11 deletions.
19 changes: 19 additions & 0 deletions ...s.snapshot/AwsCustomResourceInvokePayloadIntegDefaultTestDeployAssertB4B64337.assets.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
{
"version": "33.0.0",
"files": {
"21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": {
"source": {
"path": "AwsCustomResourceInvokePayloadIntegDefaultTestDeployAssertB4B64337.template.json",
"packaging": "file"
},
"destinations": {
"current_account-current_region": {
"bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}",
"objectKey": "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json",
"assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}"
}
}
}
},
"dockerImages": {}
}
36 changes: 36 additions & 0 deletions ...snapshot/AwsCustomResourceInvokePayloadIntegDefaultTestDeployAssertB4B64337.template.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
{
"Parameters": {
"BootstrapVersion": {
"Type": "AWS::SSM::Parameter::Value<String>",
"Default": "/cdk-bootstrap/hnb659fds/version",
"Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]"
}
},
"Rules": {
"CheckBootstrapVersion": {
"Assertions": [
{
"Assert": {
"Fn::Not": [
{
"Fn::Contains": [
[
"1",
"2",
"3",
"4",
"5"
],
{
"Ref": "BootstrapVersion"
}
]
}
]
},
"AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI."
}
]
}
}
}
32 changes: 32 additions & 0 deletions ...integ.invoke-function-payload.js.snapshot/AwsCustomResourceInvokePayloadStack.assets.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
{
"version": "33.0.0",
"files": {
"66db480cb40e7e6208f01c9d9e882f4c416110a2c66dd0c6d12844e8ca9129b6": {
"source": {
"path": "asset.66db480cb40e7e6208f01c9d9e882f4c416110a2c66dd0c6d12844e8ca9129b6",
"packaging": "zip"
},
"destinations": {
"current_account-current_region": {
"bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}",
"objectKey": "66db480cb40e7e6208f01c9d9e882f4c416110a2c66dd0c6d12844e8ca9129b6.zip",
"assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}"
}
}
},
"5873734ee9738f2cc2e5299d2cdbd51b7cba842b46af87b9047f5d77044b81b3": {
"source": {
"path": "AwsCustomResourceInvokePayloadStack.template.json",
"packaging": "file"
},
"destinations": {
"current_account-current_region": {
"bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}",
"objectKey": "5873734ee9738f2cc2e5299d2cdbd51b7cba842b46af87b9047f5d77044b81b3.json",
"assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}"
}
}
}
},
"dockerImages": {}
}
271 changes: 271 additions & 0 deletions ...teg.invoke-function-payload.js.snapshot/AwsCustomResourceInvokePayloadStack.template.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,271 @@
{
"Resources": {
"FunctionServiceRole675BB04A": {
"Type": "AWS::IAM::Role",
"Properties": {
"AssumeRolePolicyDocument": {
"Statement": [
{
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Principal": {
"Service": "lambda.amazonaws.com"
}
}
],
"Version": "2012-10-17"
},
"ManagedPolicyArns": [
{
"Fn::Join": [
"",
[
"arn:",
{
"Ref": "AWS::Partition"
},
":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
]
]
}
]
}
},
"Function76856677": {
"Type": "AWS::Lambda::Function",
"Properties": {
"Code": {
"ZipFile": "exports.handler = async () => { return { statusCode: 200, body: 'Hello World' }; };"
},
"Handler": "index.handler",
"Role": {
"Fn::GetAtt": [
"FunctionServiceRole675BB04A",
"Arn"
]
},
"Runtime": "nodejs18.x"
},
"DependsOn": [
"FunctionServiceRole675BB04A"
]
},
"ListLambdaFunctionsF9FB8E2B": {
"Type": "Custom::AWS",
"Properties": {
"ServiceToken": {
"Fn::GetAtt": [
"AWS679f53fac002430cb0da5b7982bd22872D164C4C",
"Arn"
]
},
"Create": {
"Fn::Join": [
"",
[
"{\"service\":\"Lambda\",\"action\":\"invoke\",\"parameters\":{\"FunctionName\":\"",
{
"Ref": "Function76856677"
},
"\"},\"physicalResourceId\":{\"id\":\"",
{
"Fn::GetAtt": [
"Function76856677",
"Arn"
]
},
"\"}}"
]
]
},
"Update": {
"Fn::Join": [
"",
[
"{\"service\":\"Lambda\",\"action\":\"invoke\",\"parameters\":{\"FunctionName\":\"",
{
"Ref": "Function76856677"
},
"\"},\"physicalResourceId\":{\"id\":\"",
{
"Fn::GetAtt": [
"Function76856677",
"Arn"
]
},
"\"}}"
]
]
},
"InstallLatestAwsSdk": "false"
},
"DependsOn": [
"ListLambdaFunctionsCustomResourcePolicyCFFF021A"
],
"UpdateReplacePolicy": "Delete",
"DeletionPolicy": "Delete"
},
"ListLambdaFunctionsCustomResourcePolicyCFFF021A": {
"Type": "AWS::IAM::Policy",
"Properties": {
"PolicyDocument": {
"Statement": [
{
"Action": "*",
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyName": "ListLambdaFunctionsCustomResourcePolicyCFFF021A",
"Roles": [
{
"Ref": "AWS679f53fac002430cb0da5b7982bd2287ServiceRoleC1EA0FF2"
}
]
}
},
"AWS679f53fac002430cb0da5b7982bd2287ServiceRoleC1EA0FF2": {
"Type": "AWS::IAM::Role",
"Properties": {
"AssumeRolePolicyDocument": {
"Statement": [
{
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Principal": {
"Service": "lambda.amazonaws.com"
}
}
],
"Version": "2012-10-17"
},
"ManagedPolicyArns": [
{
"Fn::Join": [
"",
[
"arn:",
{
"Ref": "AWS::Partition"
},
":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
]
]
}
]
}
},
"AWS679f53fac002430cb0da5b7982bd2287ServiceRoleDefaultPolicyD28E1A5E": {
"Type": "AWS::IAM::Policy",
"Properties": {
"PolicyDocument": {
"Statement": [
{
"Action": "lambda:InvokeFunction",
"Effect": "Allow",
"Resource": [
{
"Fn::GetAtt": [
"Function76856677",
"Arn"
]
},
{
"Fn::Join": [
"",
[
{
"Fn::GetAtt": [
"Function76856677",
"Arn"
]
},
":*"
]
]
}
]
}
],
"Version": "2012-10-17"
},
"PolicyName": "AWS679f53fac002430cb0da5b7982bd2287ServiceRoleDefaultPolicyD28E1A5E",
"Roles": [
{
"Ref": "AWS679f53fac002430cb0da5b7982bd2287ServiceRoleC1EA0FF2"
}
]
}
},
"AWS679f53fac002430cb0da5b7982bd22872D164C4C": {
"Type": "AWS::Lambda::Function",
"Properties": {
"Code": {
"S3Bucket": {
"Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
},
"S3Key": "66db480cb40e7e6208f01c9d9e882f4c416110a2c66dd0c6d12844e8ca9129b6.zip"
},
"Handler": "index.handler",
"Role": {
"Fn::GetAtt": [
"AWS679f53fac002430cb0da5b7982bd2287ServiceRoleC1EA0FF2",
"Arn"
]
},
"Runtime": "nodejs18.x",
"Timeout": 120
},
"DependsOn": [
"AWS679f53fac002430cb0da5b7982bd2287ServiceRoleDefaultPolicyD28E1A5E",
"AWS679f53fac002430cb0da5b7982bd2287ServiceRoleC1EA0FF2"
]
}
},
"Outputs": {
"FunctionPayload": {
"Value": {
"Fn::GetAtt": [
"ListLambdaFunctionsF9FB8E2B",
"Payload"
]
}
}
},
"Parameters": {
"BootstrapVersion": {
"Type": "AWS::SSM::Parameter::Value<String>",
"Default": "/cdk-bootstrap/hnb659fds/version",
"Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]"
}
},
"Rules": {
"CheckBootstrapVersion": {
"Assertions": [
{
"Assert": {
"Fn::Not": [
{
"Fn::Contains": [
[
"1",
"2",
"3",
"4",
"5"
],
{
"Ref": "BootstrapVersion"
}
]
}
]
},
"AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI."
}
]
}
}
}
Loading

0 comments on commit 5cdb425

Please sign in to comment.