Bug: idempotency logic should first validate the payload and then cache

[rubenfonseca]

Expected Behaviour

The idempotency utility should only cache the results from the persistence layer if the retrieved record passes payload tampering validation.

Current Behaviour

The results from the persistence layer are always written to the cache, even if it later fails tampering validation. This should be the other way around.

Code snippet

https://github.com/aws-powertools/powertools-lambda-python/blob/8ed384d6b58819843bcd9df8caeefa9e7001e450/aws_lambda_powertools/utilities/idempotency/persistence/base.py#L386-L388

Possible Solution

Change the logic

Steps to Reproduce

powertools-lambda-python/aws_lambda_powertools/utilities/idempotency/persistence/base.py

Lines 386 to 388 in 8ed384d

	self._save_to_cache(data_record=record)
	self._validate_payload(data_payload=data, stored_data_record=record)

Powertools for AWS Lambda (Python) version

latest

AWS Lambda function runtime

3.12

Packaging format used

PyPi

Debugging logs

No response

[github-actions]

⚠️COMMENT VISIBILITY WARNING⚠️

This issue is now closed. Please be mindful that future comments are hard for our team to see.

If you need more assistance, please either tag a team member or open a new issue that references this one.

If you wish to keep having a conversation with other community members under this issue feel free to do so.

[github-actions]

This is now released under 2.34.1 version!