fix(stepfunctions-tasks): update resourceArn in service integrations (#…

…4598) Fixes #4597
aws · Oct 21, 2019 · b0f8a74 · b0f8a74
1 parent 5f50e5f
commit b0f8a74
Show file tree

Hide file tree

Showing 19 changed files with 369 additions and 78 deletions.
diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/lib/publish-to-topic.ts b/packages/@aws-cdk/aws-stepfunctions-tasks/lib/publish-to-topic.ts
@@ -1,7 +1,7 @@
 import iam = require('@aws-cdk/aws-iam');
 import sns = require('@aws-cdk/aws-sns');
 import sfn = require('@aws-cdk/aws-stepfunctions');
-import { resourceArnSuffix } from './resource-arn-suffix';
+import { getResourceArn } from './resource-arn-suffix';
 
 /**
  * Properties for PublishTask
@@ -70,7 +70,7 @@ export class PublishToTopic implements sfn.IStepFunctionsTask {
 
   public bind(_task: sfn.Task): sfn.StepFunctionsTaskConfig {
     return {
-      resourceArn: 'arn:aws:states:::sns:publish' + resourceArnSuffix.get(this.integrationPattern),
+      resourceArn: getResourceArn("sns", "publish", this.integrationPattern),
       policyStatements: [new iam.PolicyStatement({
         actions: ['sns:Publish'],
         resources: [this.topic.topicArn]

diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/lib/resource-arn-suffix.ts b/packages/@aws-cdk/aws-stepfunctions-tasks/lib/resource-arn-suffix.ts
@@ -1,4 +1,5 @@
 import sfn = require('@aws-cdk/aws-stepfunctions');
+import { Aws } from '@aws-cdk/core';
 
 /**
  * Suffixes corresponding to different service integration patterns
@@ -12,4 +13,10 @@ resourceArnSuffix.set(sfn.ServiceIntegrationPattern.FIRE_AND_FORGET, "");
 resourceArnSuffix.set(sfn.ServiceIntegrationPattern.SYNC, ".sync");
 resourceArnSuffix.set(sfn.ServiceIntegrationPattern.WAIT_FOR_TASK_TOKEN, ".waitForTaskToken");
 
-export { resourceArnSuffix };
+export function getResourceArn(service: string, api: string, integrationPattern: sfn.ServiceIntegrationPattern): string {
+    if (!service || !api) {
+        throw new Error("Both 'service' and 'api' must be provided to build the resource ARN.");
+    }
+    return `arn:${Aws.PARTITION}:states:::${service}:${api}` +
+        (integrationPattern ? resourceArnSuffix.get(integrationPattern) : "");
+}
diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/lib/run-ecs-task-base.ts b/packages/@aws-cdk/aws-stepfunctions-tasks/lib/run-ecs-task-base.ts
@@ -4,7 +4,7 @@ import iam = require('@aws-cdk/aws-iam');
 import sfn = require('@aws-cdk/aws-stepfunctions');
 import cdk = require('@aws-cdk/core');
 import { Stack } from '@aws-cdk/core';
-import { resourceArnSuffix } from './resource-arn-suffix';
+import { getResourceArn } from './resource-arn-suffix';
 import { ContainerOverride } from './run-ecs-task-base-types';
 
 /**
@@ -104,7 +104,7 @@ export class EcsRunTaskBase implements ec2.IConnectable, sfn.IStepFunctionsTask
     }
 
     return {
-      resourceArn: 'arn:aws:states:::ecs:runTask' + resourceArnSuffix.get(this.integrationPattern),
+      resourceArn: getResourceArn("ecs", "runTask", this.integrationPattern),
       parameters: {
         Cluster: this.props.cluster.clusterArn,
         TaskDefinition: this.props.taskDefinition.taskDefinitionArn,

diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/lib/run-lambda-task.ts b/packages/@aws-cdk/aws-stepfunctions-tasks/lib/run-lambda-task.ts
@@ -1,7 +1,7 @@
 import iam = require('@aws-cdk/aws-iam');
 import lambda = require('@aws-cdk/aws-lambda');
 import sfn = require('@aws-cdk/aws-stepfunctions');
-import { resourceArnSuffix } from './resource-arn-suffix';
+import { getResourceArn } from './resource-arn-suffix';
 
 /**
  * Properties for RunLambdaTask
@@ -79,10 +79,8 @@ export class RunLambdaTask implements sfn.IStepFunctionsTask {
   }
 
   public bind(_task: sfn.Task): sfn.StepFunctionsTaskConfig {
-    const resourceArn = 'arn:aws:states:::lambda:invoke' + resourceArnSuffix.get(this.integrationPattern);
-
     return {
-      resourceArn,
+      resourceArn: getResourceArn("lambda", "invoke", this.integrationPattern),
       policyStatements: [new iam.PolicyStatement({
         resources: [this.lambdaFunction.functionArn],
         actions: ["lambda:InvokeFunction"],

diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/lib/sagemaker-train-task.ts b/packages/@aws-cdk/aws-stepfunctions-tasks/lib/sagemaker-train-task.ts
@@ -2,7 +2,7 @@ import ec2 = require('@aws-cdk/aws-ec2');
 import iam = require('@aws-cdk/aws-iam');
 import sfn = require('@aws-cdk/aws-stepfunctions');
 import { Duration, Lazy, Stack } from '@aws-cdk/core';
-import { resourceArnSuffix } from './resource-arn-suffix';
+import { getResourceArn } from './resource-arn-suffix';
 import { AlgorithmSpecification, Channel, InputMode, OutputDataConfig, ResourceConfig,
          S3DataType, StoppingCondition, VpcConfig,  } from './sagemaker-task-base-types';
 
@@ -251,7 +251,7 @@ export class SagemakerTrainTask implements iam.IGrantable, ec2.IConnectable, sfn
         }
 
         return {
-          resourceArn: 'arn:aws:states:::sagemaker:createTrainingJob' + resourceArnSuffix.get(this.integrationPattern),
+          resourceArn: getResourceArn("sagemaker", "createTrainingJob", this.integrationPattern),
           parameters: this.renderParameters(),
           policyStatements: this.makePolicyStatements(task),
         };

diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/lib/sagemaker-transform-task.ts b/packages/@aws-cdk/aws-stepfunctions-tasks/lib/sagemaker-transform-task.ts
@@ -2,7 +2,7 @@ import ec2 = require('@aws-cdk/aws-ec2');
 import iam = require('@aws-cdk/aws-iam');
 import sfn = require('@aws-cdk/aws-stepfunctions');
 import { Stack } from '@aws-cdk/core';
-import { resourceArnSuffix } from './resource-arn-suffix';
+import { getResourceArn } from './resource-arn-suffix';
 import { BatchStrategy, S3DataType, TransformInput, TransformOutput, TransformResources } from './sagemaker-task-base-types';
 
 /**
@@ -141,7 +141,7 @@ export class SagemakerTransformTask implements sfn.IStepFunctionsTask {
         }
 
         return {
-          resourceArn: 'arn:aws:states:::sagemaker:createTransformJob' + resourceArnSuffix.get(this.integrationPattern),
+          resourceArn: getResourceArn("sagemaker", "createTransformJob", this.integrationPattern),
           parameters: this.renderParameters(),
           policyStatements: this.makePolicyStatements(task),
         };

diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/lib/send-to-queue.ts b/packages/@aws-cdk/aws-stepfunctions-tasks/lib/send-to-queue.ts
@@ -2,7 +2,7 @@ import iam = require('@aws-cdk/aws-iam');
 import sqs = require('@aws-cdk/aws-sqs');
 import sfn = require('@aws-cdk/aws-stepfunctions');
 import { Duration } from '@aws-cdk/core';
-import { resourceArnSuffix } from './resource-arn-suffix';
+import { getResourceArn } from './resource-arn-suffix';
 
 /**
  * Properties for SendMessageTask
@@ -80,7 +80,7 @@ export class SendToQueue implements sfn.IStepFunctionsTask {
 
   public bind(_task: sfn.Task): sfn.StepFunctionsTaskConfig {
     return {
-      resourceArn: 'arn:aws:states:::sqs:sendMessage' + resourceArnSuffix.get(this.integrationPattern),
+      resourceArn: getResourceArn("sqs", "sendMessage", this.integrationPattern),
       policyStatements: [new iam.PolicyStatement({
         actions: ['sqs:SendMessage'],
         resources: [this.queue.queueArn]

diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/lib/start-execution.ts b/packages/@aws-cdk/aws-stepfunctions-tasks/lib/start-execution.ts
@@ -1,7 +1,7 @@
 import iam = require('@aws-cdk/aws-iam');
 import sfn = require('@aws-cdk/aws-stepfunctions');
 import { Stack } from '@aws-cdk/core';
-import { resourceArnSuffix } from './resource-arn-suffix';
+import { getResourceArn } from './resource-arn-suffix';
 
 /**
  * Properties for StartExecution
@@ -59,10 +59,8 @@ export class StartExecution implements sfn.IStepFunctionsTask {
   }
 
   public bind(task: sfn.Task): sfn.StepFunctionsTaskConfig {
-    const resourceArn = 'arn:aws:states:::states:startExecution' + resourceArnSuffix.get(this.integrationPattern);
-
     return {
-      resourceArn,
+      resourceArn: getResourceArn("states", "startExecution", this.integrationPattern),
       policyStatements: this.createScopedAccessPolicy(task),
       parameters: {
         Input: this.props.input,

diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/test/ecs-tasks.test.ts b/packages/@aws-cdk/aws-stepfunctions-tasks/test/ecs-tasks.test.ts
@@ -104,7 +104,18 @@ test('Running a Fargate Task', () => {
         ],
       },
     },
-    Resource: "arn:aws:states:::ecs:runTask.sync",
+    Resource: {
+      "Fn::Join": [
+        "",
+        [
+          "arn:",
+          {
+            Ref: "AWS::Partition",
+          },
+          ":states:::ecs:runTask.sync",
+        ],
+      ],
+    },
     Type: "Task",
   });
 
@@ -193,7 +204,18 @@ test('Running an EC2 Task with bridge network', () => {
         ],
       },
     },
-    Resource: "arn:aws:states:::ecs:runTask.sync",
+    Resource: {
+      "Fn::Join": [
+        "",
+        [
+          "arn:",
+          {
+            Ref: "AWS::Partition",
+          },
+          ":states:::ecs:runTask.sync",
+        ],
+      ],
+    },
     Type: "Task",
   });
 
@@ -277,7 +299,18 @@ test('Running an EC2 Task with placement strategies', () => {
         { Type: "random", },
       ],
     },
-    Resource: "arn:aws:states:::ecs:runTask.sync",
+    Resource: {
+      "Fn::Join": [
+        "",
+        [
+          "arn:",
+          {
+            Ref: "AWS::Partition",
+          },
+          ":states:::ecs:runTask.sync",
+        ],
+      ],
+    },
     Type: "Task",
   });
 });
@@ -326,7 +359,18 @@ test('Running an EC2 Task with overridden number values', () => {
         ],
       },
     },
-    Resource: "arn:aws:states:::ecs:runTask.sync",
+    Resource: {
+      "Fn::Join": [
+        "",
+        [
+          "arn:",
+          {
+            Ref: "AWS::Partition",
+          },
+          ":states:::ecs:runTask.sync",
+        ],
+      ],
+    },
     Type: "Task",
   });
 });
diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/test/integ.ec2-task.expected.json b/packages/@aws-cdk/aws-stepfunctions-tasks/test/integ.ec2-task.expected.json
@@ -876,7 +876,11 @@
               {
                 "Ref": "TaskDef54694570"
               },
-              "\",\"Overrides\":{\"ContainerOverrides\":[{\"Name\":\"TheContainer\",\"Environment\":[{\"Name\":\"SOME_KEY\",\"Value.$\":\"$.SomeKey\"}]}]},\"LaunchType\":\"EC2\"},\"Type\":\"Task\",\"Resource\":\"arn:aws:states:::ecs:runTask.sync\"}}}"
+              "\",\"Overrides\":{\"ContainerOverrides\":[{\"Name\":\"TheContainer\",\"Environment\":[{\"Name\":\"SOME_KEY\",\"Value.$\":\"$.SomeKey\"}]}]},\"LaunchType\":\"EC2\"},\"Type\":\"Task\",\"Resource\":\"arn:",
+              {
+                "Ref": "AWS::Partition"
+              },
+              ":states:::ecs:runTask.sync\"}}}"
             ]
           ]
         },

diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/test/integ.fargate-task.expected.json b/packages/@aws-cdk/aws-stepfunctions-tasks/test/integ.fargate-task.expected.json
@@ -475,7 +475,11 @@
                   "GroupId"
                 ]
               },
-              "\"]}},\"Overrides\":{\"ContainerOverrides\":[{\"Name\":\"TheContainer\",\"Environment\":[{\"Name\":\"SOME_KEY\",\"Value.$\":\"$.SomeKey\"}]}]},\"LaunchType\":\"FARGATE\"},\"Type\":\"Task\",\"Resource\":\"arn:aws:states:::ecs:runTask.sync\"}}}"
+              "\"]}},\"Overrides\":{\"ContainerOverrides\":[{\"Name\":\"TheContainer\",\"Environment\":[{\"Name\":\"SOME_KEY\",\"Value.$\":\"$.SomeKey\"}]}]},\"LaunchType\":\"FARGATE\"},\"Type\":\"Task\",\"Resource\":\"arn:",
+                {
+                  "Ref": "AWS::Partition"
+                },
+                ":states:::ecs:runTask.sync\"}}}"
             ]
           ]
         },

diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/test/integ.invoke-function.expected.json b/packages/@aws-cdk/aws-stepfunctions-tasks/test/integ.invoke-function.expected.json
@@ -252,7 +252,11 @@
               {
                 "Ref": "CallbackHandler4434C38D"
               },
-              "\",\"Payload\":{\"token.$\":\"$$.Task.Token\"}},\"Type\":\"Task\",\"Resource\":\"arn:aws:states:::lambda:invoke.waitForTaskToken\",\"ResultPath\":\"$.status\"},\"Job Complete?\":{\"Type\":\"Choice\",\"Choices\":[{\"Variable\":\"$.status\",\"StringEquals\":\"FAILED\",\"Next\":\"Job Failed\"},{\"Variable\":\"$.status\",\"StringEquals\":\"SUCCEEDED\",\"Next\":\"Final step\"}]},\"Job Failed\":{\"Type\":\"Fail\",\"Error\":\"DescribeJob returned FAILED\",\"Cause\":\"AWS Batch Job Failed\"},\"Final step\":{\"Type\":\"Pass\",\"End\":true}},\"TimeoutSeconds\":30}"
+              "\",\"Payload\":{\"token.$\":\"$$.Task.Token\"}},\"Type\":\"Task\",\"Resource\":\"arn:",
+                {
+                  "Ref": "AWS::Partition"
+                },
+                ":states:::lambda:invoke.waitForTaskToken\",\"ResultPath\":\"$.status\"},\"Job Complete?\":{\"Type\":\"Choice\",\"Choices\":[{\"Variable\":\"$.status\",\"StringEquals\":\"FAILED\",\"Next\":\"Job Failed\"},{\"Variable\":\"$.status\",\"StringEquals\":\"SUCCEEDED\",\"Next\":\"Final step\"}]},\"Job Failed\":{\"Type\":\"Fail\",\"Error\":\"DescribeJob returned FAILED\",\"Cause\":\"AWS Batch Job Failed\"},\"Final step\":{\"Type\":\"Pass\",\"End\":true}},\"TimeoutSeconds\":30}"
             ]
           ]
         },

diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/test/integ.sagemaker.expected.json b/packages/@aws-cdk/aws-stepfunctions-tasks/test/integ.sagemaker.expected.json
@@ -376,7 +376,11 @@
               {
                 "Ref": "TrainingData3FDB6D34"
               },
-              "/result/\"},\"ResourceConfig\":{\"InstanceCount\":1,\"InstanceType\":\"ml.m4.xlarge\",\"VolumeSizeInGB\":10},\"StoppingCondition\":{\"MaxRuntimeInSeconds\":3600}},\"Type\":\"Task\",\"Resource\":\"arn:aws:states:::sagemaker:createTrainingJob\"}}}"
+              "/result/\"},\"ResourceConfig\":{\"InstanceCount\":1,\"InstanceType\":\"ml.m4.xlarge\",\"VolumeSizeInGB\":10},\"StoppingCondition\":{\"MaxRuntimeInSeconds\":3600}},\"Type\":\"Task\",\"Resource\":\"arn:",
+              {
+                "Ref": "AWS::Partition"
+              },
+              ":states:::sagemaker:createTrainingJob\"}}}"
             ]
           ]
         },

diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/test/publish-to-topic.test.ts b/packages/@aws-cdk/aws-stepfunctions-tasks/test/publish-to-topic.test.ts
@@ -16,7 +16,18 @@ test('Publish literal message to SNS topic', () => {
   // THEN
   expect(stack.resolve(pub.toStateJson())).toEqual({
     Type: 'Task',
-    Resource: 'arn:aws:states:::sns:publish',
+    Resource: {
+      "Fn::Join": [
+        "",
+        [
+          "arn:",
+          {
+            Ref: "AWS::Partition",
+          },
+          ":states:::sns:publish",
+        ],
+      ],
+    },
     End: true,
     Parameters: {
       TopicArn: { Ref: 'TopicBFC7AF6E' },
@@ -42,7 +53,18 @@ test('Publish JSON to SNS topic with task token', () => {
   // THEN
   expect(stack.resolve(pub.toStateJson())).toEqual({
     Type: 'Task',
-    Resource: 'arn:aws:states:::sns:publish.waitForTaskToken',
+    Resource: {
+      "Fn::Join": [
+        "",
+        [
+          "arn:",
+          {
+            Ref: "AWS::Partition",
+          },
+          ":states:::sns:publish.waitForTaskToken",
+        ],
+      ],
+    },
     End: true,
     Parameters: {
       TopicArn: { Ref: 'TopicBFC7AF6E' },
@@ -81,7 +103,18 @@ test('Publish to topic with ARN from payload', () => {
   // THEN
   expect(stack.resolve(pub.toStateJson())).toEqual({
     Type: 'Task',
-    Resource: 'arn:aws:states:::sns:publish',
+    Resource: {
+      "Fn::Join": [
+        "",
+        [
+          "arn:",
+          {
+            Ref: "AWS::Partition",
+          },
+          ":states:::sns:publish",
+        ],
+      ],
+    },
     End: true,
     Parameters: {
       'TopicArn.$': '$.topicArn',