-
Notifications
You must be signed in to change notification settings - Fork 4k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
fix(custom-resources): IAM policy incorrect for SDKv3 names
In the `AwsCustomResource` and the `Assertions` libraries, we advertise accepting all of the following service name formats: * The SDKv3 service name: `api-gateway` * The full SDKv3 package name: `@aws-sdk/client-api-gateway` * The SDKv2 constructor name: `APIGateway` * The SDKv2 constructor name in all lower case: `apigateway` And the following action name formats: * The API call name: `GetRestApi` * The API call name with a lowercase starting letter method name: `getRestApi` * The SDKv3 command class name: `GetRestApiCommand` However, the code that was taking care of mapping service names into an IAM name was not handling all cases correctly. There was also an issue with some commands that end in the word `"Command"`, like ECS's `ExecuteCommand`, which according to the rules above should work both written as `ExecuteCommand` as well as `ExecuteCommandCommand`: we did not have enough information to know if we saw the string `ExecuteCommand`, whether we should interpret it as `Execute` or `ExecuteCommand`. Also, we were recommending to use the full SDKv3 package name and class name formats: ``` { service: '@aws-sdk/client-api-gateway', action: 'GetRestApiCommand', } ``` Which looks ugly (imo) and leaks too many of the underlying implementation details. This PR changes the following: - Deprecate the `sdk-api-metadata.json` we extracted from SDKv2. - From SDKv3 models, extract a new `sdk-v3-metadata.json` which contains the following information: - IAM prefix for every service - A list of APIs that end in the word `Command`, so we can disambiguate around these. - From `aws-sdk-codemod`, extract a mapping from SDKv2 service names to SDKv3 service names (replacing the copy/pasted code we used to have with a build-time extraction). - Unfortunately, both of these mappings are duplicated: once for the construct library, and once for the handlers. I did not want to go into deduplicating between these for now. - At runtime, we now map a potential V2 service name to a V3 service name, then look up the V3 metadata to determine the IAM prefix and the normalized action name. - There was a lot of duplication between the `assertions` handler and the `AwsCustomResource` handler. Introduce a new `ApiCall` class that unifies the behavior between these two call sites. - Change the recommendation in the README from using SDKv3 names to using shorter form names (`api-gateway` and `GetRestApi`). Fixes #27255, closes #27268, closes #27270.
- Loading branch information
Showing
35 changed files
with
4,553 additions
and
3,298 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
47 changes: 21 additions & 26 deletions
47
packages/@aws-cdk/integ-tests-alpha/lib/assertions/providers/lambda-handler/utils.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.