fix(custom-resources): ArrayBufferView decodes underlying buffer instead of the view

[s12v]

Issue

Related to #19065
Previous PR: #30356

Reason for this change

Sample app to reproduce:

import {Stack, StackProps} from 'aws-cdk-lib';
import {Construct} from 'constructs';
import {KeySpec, KeyUsage} from "aws-cdk-lib/aws-kms";
import cr = require('aws-cdk-lib/custom-resources');
import kms = require('aws-cdk-lib/aws-kms');

export class SampleStack extends Stack {
    constructor(scope: Construct, id: string, props?: StackProps) {
        super(scope, id, props);

        // Create key
        const kmsKey = new kms.Key(this, 'SampleKey', {
            keySpec: KeySpec.ECC_NIST_P256,
            keyUsage: KeyUsage.SIGN_VERIFY,
        });

        // Export public key
        const publicKeyApiCall = new cr.AwsCustomResource(this, 'PublicKey', {
            onCreate: {
                service: 'KMS',
                action: 'GetPublicKey',
                physicalResourceId: cr.PhysicalResourceId.of('PublicKey'),
                parameters: {
                    KeyId: kmsKey.keyArn,
                },
            },
            policy: cr.AwsCustomResourcePolicy.fromSdkCalls({
                resources: cr.AwsCustomResourcePolicy.ANY_RESOURCE,
            }),
        });

        const publicKey = publicKeyApiCall.getResponseField('PublicKey');
        this.exportValue(publicKey, {name: 'PublicKey'})
    }
}

Expected result: value of the PublicKey property of the KMS GetPublicKey API response.

Actual result: the entire underlying buffer of the response:

 2024-05-27T22:03:20.837Z	d9886a79-a519-4e21-99a5-5dffc09a2fec	INFO	API response {
    CustomerMasterKeySpec: 'ECC_NIST_P256',
    KeyId: 'arn:aws:kms:us-west-2:...:key/21e7d06f-b638-400b-82f3-613cca94abe1',
    KeySpec: 'ECC_NIST_P256',
    KeyUsage: 'SIGN_VERIFY',
    PublicKey: "0Y0\x13\x06\x07*�H�=\x02\x01\x06\b*�H�=\x03\x01\x07\x03B\x00\x04\b�I�Do�BgnM>l�hl�UF��'��hj�v�l��ɖ���b�\tf�=TC���\x10\n" +
      '[\rCC_�(\x15X1b~8\x00Z\x00\x00\x00a\x00\x00\x00z\x00\x00\x00/\x00\x00\x00/\x00\x00\x00\x10|\bv�U\x00\x00سjw�U\x00\x00\x00\x00\x02~\x01t_s\x00\x00\x00\x00Erro`~\bv�U\x00\x00 �jw�U\x00\x00\x00\x00\x00\x00���\x7F\x00\x00\x00\x00���\x7F\x00\x00\x00\x00\x01ninx�jw�U\x00\x00\x04\x00\x00\x00\x01\x00\x00\x00=\x00on bas8}\bv�U\x00\x00x�jw�U\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00`~\bv�U\x00\x00��jw�U\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00�z\bv�U\x00\x00\x03\x00\x00\x00�U\x00\x00�jw�U\x00\x00\x04\x00\x00\x00\x04\x00\x00\x00ȳjw�U\x00\x00@�jw�U\x00\x00��jw�U\x00\x00��jw�U\x00\x00�y\bv�U\x00\x00дjw�U\x00\x00\x00\x00\x00\x00���\x7F�\x03\x04v�U\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00K���\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00�ϘV�\x7F\x00\x00\x00\x00\x00\x00�U\x00\x00X\x04\x04v�U\x00\x00X�jw�U\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00�\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00�ϘV�\x7F\x00\x00\x18�jw�U\x00\x00\x01\x00\x00\x00\x01e\x00\x00fromStri\x02\x00\x00\x00�U\x00\x00�\x05\x04v�U\x00\x00��jw�U\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00�\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00�ϘV�\x7F\x00\x00X�jw�U\x00\x00\x00\x00\x00\
...

Which causes CloudFormation to fail with error ❌ SampleStack failed: Error: The stack named SampleStack failed to deploy: UPDATE_ROLLBACK_COMPLETE: Response object is too long.

Root cause: Uint8Array references an ArrayBuffer with offset and length. When using value.buffer, the entire buffer (entire response body) is used, while Uint8Array only references a part of it.

Description of changes

Decode the value instead of the underlying buffer.

Description of how you validated changes

• Updated a unit test
• Added integration test integ.aws-custom-resource-kms.ts

Checklist

• My code adheres to the CONTRIBUTING GUIDE and DESIGN GUIDELINES

---

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

[aws-cdk-automation]

The pull request linter has failed. See the aws-cdk-automation comment below for failure reasons. If you believe this pull request should receive an exemption, please comment and provide a justification.

A comment requesting an exemption should contain the text Exemption Request. Additionally, if clarification is needed add Clarification Request to a comment.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 78.46%. Comparing base (81cde0e) to head (f68ba04).
Report is 2 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main   #32336      +/-   ##
==========================================
+ Coverage   78.45%   78.46%   +0.01%     
==========================================
  Files         106      106              
  Lines        7208     7208              
  Branches     1323     1323              
==========================================
+ Hits         5655     5656       +1     
+ Misses       1365     1364       -1     
  Partials      188      188              

Flag	Coverage Δ
suite.unit	78.46% <ø> (+0.01%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Components	Coverage Δ
packages/aws-cdk	78.46% <ø> (+0.01%)	⬆️

[aws-cdk-automation]

The pull request linter fails with the following errors:

❌ The first word of the pull request title should not be capitalized. If the title starts with a CDK construct, it should be in backticks "``".

PRs must pass status checks before we can provide a meaningful review.

If you would like to request an exemption from the status checks or clarification on feedback, please leave a comment on this PR containing Exemption Request and/or Clarification Request.

[aws-cdk-automation]

AWS CodeBuild CI Report

• CodeBuild project: AutoBuildv2Project1C6BFA3F-wQm2hXv2jqQv
• Commit ID: f68ba04
• Result: FAILED
• Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository