Skip to content

Commit 63fd78b

Browse files
committed
alternative approach 2 - stringify after resolve
1 parent 0b7d9c4 commit 63fd78b

File tree

6 files changed

+18
-21
lines changed

6 files changed

+18
-21
lines changed

packages/aws-cdk-lib/aws-events-targets/test/lambda/lambda.test.ts

+1-3
Original file line numberDiff line numberDiff line change
@@ -320,9 +320,7 @@ test('must display a warning when using a Dead Letter Queue from another account
320320

321321
Template.fromStack(stack1).resourceCountIs('AWS::SQS::QueuePolicy', 0);
322322

323-
Annotations.fromStack(stack1).hasWarning('/Stack1/Rule', Match.stringLikeRegexp(
324-
'Cannot add a resource policy to your dead letter queue associated with rule \\${Token\\[TOKEN\\.[0-9]+\\]} because the queue is in a different account\\. You must add the resource policy manually to the dead letter queue in account 444455556666\\. \\[ack: @aws-cdk/aws-events-targets:manuallyAddDLQResourcePolicy\\]',
325-
));
323+
Annotations.fromStack(stack1).hasWarning('/Stack1/Rule', '{"Fn::Join":["",["Cannot add a resource policy to your dead letter queue associated with rule ",{"Ref":"Rule4C995B7F"}," because the queue is in a different account. You must add the resource policy manually to the dead letter queue in account 444455556666. [ack: @aws-cdk/aws-events-targets:manuallyAddDLQResourcePolicy]"]]}');
326324
});
327325

328326
test('specifying retry policy', () => {

packages/aws-cdk-lib/aws-lambda/test/function.test.ts

+1-1
Original file line numberDiff line numberDiff line change
@@ -254,7 +254,7 @@ describe('function', () => {
254254

255255
expect(getWarnings(app.synth())).toEqual([
256256
{
257-
message: expect.stringMatching(/^addPermission\(\) has no effect on a Lambda Function with region=us-west-2, account=123456789012, in a Stack with region=\${Token\[AWS\.Region\.\d+]}, account=\${Token\[AWS\.AccountId\.\d+]}. Suppress this warning if this is is intentional, or pass sameEnvironment=true to fromFunctionAttributes\(\) if you would like to add the permissions\. \[ack: UnclearLambdaEnvironment]$/),
257+
message: '{"Fn::Join":["",["addPermission() has no effect on a Lambda Function with region=us-west-2, account=123456789012, in a Stack with region=",{"Ref":"AWS::Region"},", account=",{"Ref":"AWS::AccountId"},". Suppress this warning if this is is intentional, or pass sameEnvironment=true to fromFunctionAttributes() if you would like to add the permissions. [ack: UnclearLambdaEnvironment]"]]}',
258258
path: '/Default/Imported',
259259
},
260260
]);

packages/aws-cdk-lib/aws-s3-notifications/test/queue.test.ts

+1-3
Original file line numberDiff line numberDiff line change
@@ -109,7 +109,5 @@ test('if the queue is encrypted with a imported kms key, printout warning', () =
109109

110110
bucket.addObjectCreatedNotification(new notif.SqsDestination(queue));
111111

112-
Annotations.fromStack(stack).hasWarning('/Default/ImportedKey', Match.stringLikeRegexp(
113-
'Can not change key policy of imported kms key\\. Ensure that your key policy contains the following permissions: \\n\\{\\n "Action": \\[\\n "kms:GenerateDataKey\\*",\\n "kms:Decrypt"\\n \\],\\n "Effect": "Allow",\\n "Principal": \\{\\n "Service": "\\${Token\\[s3\\.amazonaws\\.com\\.[0-9]+\\]}"\\n \\},\\n "Resource": "\\*"\\n\\} \\[ack: @aws-cdk/aws-s3-notifications:sqsKMSPermissionsNotAdded\\]',
114-
));
112+
Annotations.fromStack(stack).hasWarning('/Default/ImportedKey', 'Can not change key policy of imported kms key. Ensure that your key policy contains the following permissions: \n{\n "Action": [\n "kms:GenerateDataKey*",\n "kms:Decrypt"\n ],\n "Effect": "Allow",\n "Principal": {\n "Service": "s3.amazonaws.com"\n },\n "Resource": "*"\n} [ack: @aws-cdk/aws-s3-notifications:sqsKMSPermissionsNotAdded]');
115113
});

packages/aws-cdk-lib/aws-s3/test/notification.test.ts

+2-2
Original file line numberDiff line numberDiff line change
@@ -162,13 +162,13 @@ describe('notification', () => {
162162
});
163163

164164
// THEN - Following is warning thrown as a part of fix in : https://github.com/aws/aws-cdk/pull/31212
165-
const warningMessage = /Can't combine imported IManagedPolicy: arn:\${Token\[AWS\.Partition\.\d+\]}:iam::aws:policy\/service-role\/AWSLambdaBasicExecutionRole to imported role IRole: DevsNotAllowedToTouch\. Use ManagedPolicy directly\. \[ack: @aws-cdk\/aws-iam:IRoleCantBeUsedWithIManagedPolicy\]/;
165+
const warningMessage = '{"Fn::Join":["",["Can\'t combine imported IManagedPolicy: arn:",{"Ref":"AWS::Partition"},":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole to imported role IRole: DevsNotAllowedToTouch. Use ManagedPolicy directly. [ack: @aws-cdk/aws-iam:IRoleCantBeUsedWithIManagedPolicy]"]]}';
166166
const warningFromStack = Annotations.fromStack(stack).findWarning('*',
167167
Match.stringLikeRegexp(
168168
'@aws-cdk/aws-iam:IRoleCantBeUsedWithIManagedPolicy',
169169
),
170170
);
171-
expect(warningFromStack[0].entry.data).toEqual(expect.stringMatching(warningMessage));
171+
expect(warningFromStack[0].entry.data).toEqual(warningMessage);
172172
});
173173

174174
test('If `Role` is provided, PutBucketNotification, GetBucketNotification will be added along with `service-role/AWSLambdaBasicExecutionRole`', () => {

packages/aws-cdk-lib/core/lib/stack-synthesizers/_shared.ts

+12-11
Original file line numberDiff line numberDiff line change
@@ -101,21 +101,22 @@ function collectStackMetadata(stack: Stack) {
101101
if (node.node.metadata.length > 0) {
102102
// Make the path absolute
103103
output[Node.PATH_SEP + node.node.path] = node.node.metadata.map(md => {
104-
// If Annotations include a token, the message is resolved and output as `[object Object]` after synth
105-
// because the message will be object type using 'Ref' or 'Fn::Join'.
106-
// It would be easier for users to understand if the message from Annotations were output in token form,
107-
// rather than in `[object Object]` or the object type.
108-
// Therefore, we don't resolve the message if it's from Annotations.
109-
if ([
104+
const resolved = stack.resolve(md) as cxschema.MetadataEntry;
105+
106+
const isAnnotation = [
110107
cxschema.ArtifactMetadataEntryType.ERROR,
111108
cxschema.ArtifactMetadataEntryType.WARN,
112109
cxschema.ArtifactMetadataEntryType.INFO,
113-
].includes(md.type as cxschema.ArtifactMetadataEntryType)) {
114-
return md;
115-
}
110+
].includes(md.type as cxschema.ArtifactMetadataEntryType);
116111

117-
const resolved = stack.resolve(md);
118-
return resolved as cxschema.MetadataEntry;
112+
// Transform the data to a string for the case where Annotations include a token.
113+
// Otherwise, the message is resolved and output as `[object Object]` after synth
114+
// because the message will be object type using 'Ref' or 'Fn::Join'.
115+
const mdWithStringData: cxschema.MetadataEntry = {
116+
...resolved,
117+
data: (isAnnotation && typeof resolved.data === 'object') ? JSON.stringify(resolved.data) : resolved.data,
118+
};
119+
return mdWithStringData;
119120
});
120121
}
121122

packages/aws-cdk-lib/core/test/annotations.test.ts

+1-1
Original file line numberDiff line numberDiff line change
@@ -143,7 +143,7 @@ describe('annotations', () => {
143143
expect(getWarnings(app.synth())).toEqual([
144144
{
145145
path: '/S1/C1',
146-
message: expect.stringMatching(/stackId: \${Token\[AWS::StackId\.\d+\]} \[ack: MESSAGE\]/),
146+
message: '{"Fn::Join":["",["stackId: ",{"Ref":"AWS::StackId"}," [ack: MESSAGE]"]]}',
147147
},
148148
]);
149149
});

0 commit comments

Comments
 (0)