Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

aws-stepfunction-tasks: verifiiedPermissions createPolicy error on parsing Property Static in Definition. #29968

Closed
Xenoha opened this issue Apr 26, 2024 · 8 comments
Closed

aws-stepfunction-tasks: verifiiedPermissions createPolicy error on parsing Property Static in Definition. #29968

Xenoha opened this issue Apr 26, 2024 · 8 comments
Labels
@aws-cdk/aws-stepfunctions-tasks bug This issue is a bug. closed-for-staleness This issue was automatically closed because it hadn't received any attention in a while. effort/medium Medium work item – several days of effort p3 response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days.

Comments

@Xenoha
Copy link

Xenoha commented Apr 26, 2024

Describe the bug

When creating a task to use the service verifiedPermissions of action createPolicy, I am getting a field not supported error for the property 'static'. I have tried using pascal and lower camelcase with the same error.

Type:AWS::StepFunctions::StateMachine, StatusReason:Resource handler returned message: "Invalid State Machine Definition: 'SCHEMA_VALIDATION_FAILED: The field "static" is not supported by Step Functions at /States/resource/Parameters' (Service: AWSStepFunctions; Status Code: 400)""

Expected Behavior

I would expect the CallAwsService tasks to be duplicate of the aws sdk v3 for inputs. I would expect this task to create a static policy.

Current Behavior

Type:AWS::StepFunctions::StateMachine, StatusReason:Resource handler returned message: "Invalid State Machine Definition: 'SCHEMA_VALIDATION_FAILED: The field "static" is not supported by Step Functions at /States/create-tenant-admin-policy/Parameters' (Service: AWSStepFunctions; Status Code: 400)""

The above error occurs at the time of deployment, not during synth.

Reproduction Steps

Create a state Machine and use the CallAwsService Construct to create a Policy in verified Permissions. You will get the error at the time of deployment, not during synthesis.

Possible Solution

Update the construct to follow the sdk v3 syntax for all properties.

Additional Information/Context

No response

CDK CLI Version

2.139

Framework Version

2.139

Node.js Version

20.12.0

OS

Linux

Language

TypeScript

Language Version

Typescript 5.4.4

Other information

No response
@Xenoha Xenoha added bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels Apr 26, 2024
@github-actions github-actions bot mentioned this issue Apr 29, 2024
Closed
@pahud
Copy link
Contributor

pahud commented Apr 29, 2024

Can you share your code snippets so we can reproduce and verify this issue?

@pahud pahud added p2 response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days. effort/medium Medium work item – several days of effort and removed needs-triage This issue or PR still needs to be triaged. labels Apr 29, 2024
@github-actions github-actions bot mentioned this issue May 1, 2024
Closed
@github-actions GitHub Actions
Copy link

github-actions bot commented May 1, 2024

This issue has not received a response in a while. If you want to keep this issue open, please leave a comment below and auto-close will be canceled.

@github-actions github-actions bot added the closing-soon This issue will automatically close in 4 days unless further comments are made. label May 1, 2024
@Xenoha
Copy link
Author

Xenoha commented May 6, 2024

Hello @pahud

Sorry for the delay.

I moved on from this, but here is a sample using the resouce.

const test = new CallAwsService(this, 'test-policy-create', { service: 'verifiedpermissions', action: 'createPolicy', iamResources: ['*'], parameters: { PolicyStoreId: 'foo', Definition: { Static: { Description: 'A test policy', Statement:
// policy def
, }, }, }, })

@github-actions github-actions bot removed closing-soon This issue will automatically close in 4 days unless further comments are made. response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days. labels May 6, 2024
@pahud pahud added p3 and removed p2 labels Jun 11, 2024
@Xenoha
Copy link
Author

Xenoha commented Jul 25, 2024

Hello, What is the status of this bug?

@pahud
Copy link
Contributor

pahud commented Jul 27, 2024
edited
Loading

CallAwsService essentially uses the SDK integration to call AWS services through state machine. Generally, I would suggest:

  1. make sure you can call that API via AWS CLI like aws verifiedpermissions create-policy
  2. or just try to use AWS JS SDK to attempt to call that API and see if it works. This ensures you are passing correct parameters from via SDK.

If the SDK call works, it should be good to configure CallAwsService to allow step function to call that for you.

  1. Can you make sure if you can successfully call that using SDK? If yes, can you share your full SDK code with all parameters?
  2. After that, can you share your full CDK code for CallAwsService with all the parameters you specified?
  3. And please share the full CDK or CloudFormation error messages.

Thank you.

const test = new CallAwsService(this, 'test-policy-create', { 
   service: 'verifiedpermissions', 
   action: 'createPolicy', 
   iamResources: ['*'], 
   parameters: { 
      PolicyStoreId: 'foo', 
      Definition: { 
         Static: { 
         Description: 'A test policy', 
         Statement: 
         // policy def
    , }, 
}, }, })

@pahud pahud added the response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days. label Jul 27, 2024
@Xenoha
Copy link
Author

Xenoha commented Jul 27, 2024

So, it seems like this has already been labeled a bug. I assumed this team has already been able to review and replicate the problem. The SDK call works just fine. I am forced to use a lambda as this integration has an issue with the "Static" property.

@github-actions github-actions bot removed the response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days. label Jul 28, 2024
@pahud
Copy link
Contributor

pahud commented Jul 28, 2024

This issue is in the bug category but we need more info before we could reproduce and address this issue and reprioritize it correctly. Are you able to provide the information as requested in my previous comment?

@pahud pahud added the response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days. label Jul 29, 2024
@github-actions GitHub Actions
Copy link

This issue has not received a response in a while. If you want to keep this issue open, please leave a comment below and auto-close will be canceled.

@github-actions github-actions bot added closing-soon This issue will automatically close in 4 days unless further comments are made. closed-for-staleness This issue was automatically closed because it hadn't received any attention in a while. and removed closing-soon This issue will automatically close in 4 days unless further comments are made. labels Jul 30, 2024
@github-actions github-actions bot closed this as completed Aug 4, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
@aws-cdk/aws-stepfunctions-tasks bug This issue is a bug. closed-for-staleness This issue was automatically closed because it hadn't received any attention in a while. effort/medium Medium work item – several days of effort p3 response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@pahud @Xenoha