From a1dcaa6c4a3db245d1becf0e9ace1d488b6d528d Mon Sep 17 00:00:00 2001 From: Calvin Combs <66279577+comcalvi@users.noreply.github.com> Date: Wed, 8 May 2024 18:44:48 -0700 Subject: [PATCH] fix(cli): handle attributes of AWS::KMS::Key when hotswapping (#30112) ### Issue # (if applicable) Closes #25418. ### Reason for this change KMS Keys cannot be referenced in hotswappable resources. CDK complains that this is a limitation: ``` Could not perform a hotswap deployment, because the CloudFormation template could not be resolved: We don't support attributes of the 'AWS::KMS::Key' resource. This is a CDK limitation. Please report it at https://github.com/aws/aws-cdk/issues/new/choose. ``` ### Description of changes Add KMS keys to the supported list of resource attributes for hotswapping. ### Description of how you validated changes Tests ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- .../api/evaluate-cloudformation-template.ts | 1 + .../state-machine-hotswap-deployments.test.ts | 63 +++++++++++++++++++ 2 files changed, 64 insertions(+) diff --git a/packages/aws-cdk/lib/api/evaluate-cloudformation-template.ts b/packages/aws-cdk/lib/api/evaluate-cloudformation-template.ts index 088e40b28f3b4..a3d416aaadc3d 100644 --- a/packages/aws-cdk/lib/api/evaluate-cloudformation-template.ts +++ b/packages/aws-cdk/lib/api/evaluate-cloudformation-template.ts @@ -504,6 +504,7 @@ const RESOURCE_TYPE_ATTRIBUTES_FORMATS: { [type: string]: { [attribute: string]: 'AWS::AppSync::GraphQLApi': { ApiId: appsyncGraphQlApiApiIdFmt }, 'AWS::AppSync::FunctionConfiguration': { FunctionId: appsyncGraphQlFunctionIDFmt }, 'AWS::AppSync::DataSource': { Name: appsyncGraphQlDataSourceNameFmt }, + 'AWS::KMS::Key': { Arn: stdSlashResourceArnFmt }, }; function iamArnFmt(parts: ArnParts): string { diff --git a/packages/aws-cdk/test/api/hotswap/state-machine-hotswap-deployments.test.ts b/packages/aws-cdk/test/api/hotswap/state-machine-hotswap-deployments.test.ts index 663542c84c48b..053e490502412 100644 --- a/packages/aws-cdk/test/api/hotswap/state-machine-hotswap-deployments.test.ts +++ b/packages/aws-cdk/test/api/hotswap/state-machine-hotswap-deployments.test.ts @@ -677,6 +677,69 @@ describe.each([HotswapMode.FALL_BACK, HotswapMode.HOTSWAP_ONLY])('%p mode', (hot }); }); + test('knows how to handle attributes of the AWS::KMS::Key resource', async () => { + // GIVEN + setup.setCurrentCfnStackTemplate({ + Resources: { + Key: { + Type: 'AWS::KMS::Key', + Properties: { + Description: 'magic-key', + }, + }, + Machine: { + Type: 'AWS::StepFunctions::StateMachine', + Properties: { + DefinitionString: '{}', + StateMachineName: 'my-machine', + }, + }, + }, + }); + setup.pushStackResourceSummaries( + setup.stackSummaryOf('Key', 'AWS::KMS::Key', 'a-key'), + ); + const cdkStackArtifact = setup.cdkStackArtifactOf({ + template: { + Resources: { + Key: { + Type: 'AWS::KMS::Key', + Properties: { + Description: 'magic-key', + }, + }, + Machine: { + Type: 'AWS::StepFunctions::StateMachine', + Properties: { + DefinitionString: { + 'Fn::Join': ['', [ + '{"KeyId":"', + { Ref: 'Key' }, + '","KeyArn":"', + { 'Fn::GetAtt': ['Key', 'Arn'] }, + '"}', + ]], + }, + StateMachineName: 'my-machine', + }, + }, + }, + }, + }); + + // THEN + const result = await hotswapMockSdkProvider.tryHotswapDeployment(hotswapMode, cdkStackArtifact); + + expect(result).not.toBeUndefined(); + expect(mockUpdateMachineDefinition).toHaveBeenCalledWith({ + stateMachineArn: 'arn:aws:states:here:123456789012:stateMachine:my-machine', + definition: JSON.stringify({ + KeyId: 'a-key', + KeyArn: 'arn:aws:kms:here:123456789012:key/a-key', + }), + }); + }); + test('does not explode if the DependsOn changes', async () => { // GIVEN setup.setCurrentCfnStackTemplate({