From 43e8deadff13be0fa296a01e9c4a340a5ea1d326 Mon Sep 17 00:00:00 2001 From: Kaizen Conroy <36202692+kaizen3031593@users.noreply.github.com> Date: Fri, 25 Mar 2022 16:24:10 -0400 Subject: [PATCH] chore: deprecate qualifier parameter for lambda integrations (#19548) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ‼️ Lambda is changing their authorization strategy. Under this new behavior customer lambda invocations will fail in this scenario: - the invocation is requested using an IAM Permission with an unqualified ARN as the FunctionName - the invocation is requested with an unqualified ARN and a Qualifier parameter The idea is to steer away from invoking lambdas with a Qualifier request parameter altogether, hence the deprecations. Instead, customers should be requesting permissions on qualified ARNs (versions and aliases) if they want to invoke versions/aliases. See #19464. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- .../@aws-cdk/aws-stepfunctions-tasks/lib/lambda/invoke.ts | 1 + .../aws-stepfunctions-tasks/lib/lambda/run-lambda-task.ts | 1 + .../aws-stepfunctions-tasks/test/lambda/invoke.test.ts | 7 ++++--- 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/lib/lambda/invoke.ts b/packages/@aws-cdk/aws-stepfunctions-tasks/lib/lambda/invoke.ts index 6917fa31f175b..1d682e7db1cdf 100644 --- a/packages/@aws-cdk/aws-stepfunctions-tasks/lib/lambda/invoke.ts +++ b/packages/@aws-cdk/aws-stepfunctions-tasks/lib/lambda/invoke.ts @@ -45,6 +45,7 @@ export interface LambdaInvokeProps extends sfn.TaskStateBaseProps { * directly as the `lambdaFunction` argument. * * @default - Version or alias inherent to the `lambdaFunction` object. + * @deprecated pass a Version or Alias object as lambdaFunction instead */ readonly qualifier?: string; diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/lib/lambda/run-lambda-task.ts b/packages/@aws-cdk/aws-stepfunctions-tasks/lib/lambda/run-lambda-task.ts index 372f1ced1dca1..830b30cc4ae3e 100644 --- a/packages/@aws-cdk/aws-stepfunctions-tasks/lib/lambda/run-lambda-task.ts +++ b/packages/@aws-cdk/aws-stepfunctions-tasks/lib/lambda/run-lambda-task.ts @@ -48,6 +48,7 @@ export interface RunLambdaTaskProps { * Version or alias of the function to be invoked * * @default - No qualifier + * @deprecated pass a Version or Alias object as lambdaFunction instead */ readonly qualifier?: string; } diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/test/lambda/invoke.test.ts b/packages/@aws-cdk/aws-stepfunctions-tasks/test/lambda/invoke.test.ts index cbbd0092706ab..f588a8e7d129a 100644 --- a/packages/@aws-cdk/aws-stepfunctions-tasks/test/lambda/invoke.test.ts +++ b/packages/@aws-cdk/aws-stepfunctions-tasks/test/lambda/invoke.test.ts @@ -2,6 +2,7 @@ import * as lambda from '@aws-cdk/aws-lambda'; import * as sfn from '@aws-cdk/aws-stepfunctions'; import { Stack } from '@aws-cdk/core'; import { LambdaInvocationType, LambdaInvoke } from '../../lib'; +import { testDeprecated } from '@aws-cdk/cdk-build-tools'; /* eslint-disable quote-props */ @@ -66,7 +67,7 @@ describe('LambdaInvoke', () => { }); }); - test('optional settings', () => { + testDeprecated('optional settings', () => { // WHEN const task = new LambdaInvoke(stack, 'Task', { lambdaFunction, @@ -163,7 +164,7 @@ describe('LambdaInvoke', () => { })); }); - test('invoke Lambda function and wait for task token', () => { + testDeprecated('invoke Lambda function and wait for task token', () => { // GIVEN const task = new LambdaInvoke(stack, 'Task', { lambdaFunction, @@ -360,7 +361,7 @@ describe('LambdaInvoke', () => { }).toThrow(/The 'payloadResponseOnly' property cannot be used if 'integrationPattern', 'invocationType', 'clientContext', or 'qualifier' are specified./); }); - test('fails when qualifier used with payloadResponseOnly', () => { + testDeprecated('fails when qualifier used with payloadResponseOnly', () => { expect(() => { new LambdaInvoke(stack, 'Task', { lambdaFunction,