Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: add StepFunctionsCallbackPolicy policy template #3545

Merged

Conversation

kshyun28
Copy link
Contributor

Issue #, if available

#2193

Description of changes

Adds a new policy template StepFunctionsCallbackPolicy with the necessary permissions for implementing callback patterns.

For more context, I've recently implemented callback patterns with my Step Functions workflow. A Lambda function calls back with the task token along with SendTaskSuccess or SendTaskFailure.

I've originally implemented this (Step Functions - Lambda callback pattern) via SAM Connectors (AWS::Lambda::Function to AWS::StepFunctions::StateMachine), but found the connector policy lacking the necessary permissions for the SendTaskSuccess or SendTaskFailure callbacks.

With connector policies not working for callback patterns, I opted for defining my own policy, which worked.

This is a continuation of a previous attempt to provide a policy template for callback patterns (issue and PR). I've also corrected the Resource scope, which was a requested change that was never resolved in the original PR.

Description of how you validated changes

I validated the changes by updating the translator tests and running make test on Python 3.8.16.

Total test coverage is at 95.73%.

Required test coverage of 95% reached. Total coverage: 95.73%

3961 passed in 267.87s (0:04:27)

Checklist

Examples?

Please reach out in the comments if you want to add an example. Examples will be
added to sam init through aws/aws-sam-cli-app-templates.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@kshyun28 kshyun28 requested a review from a team as a code owner February 17, 2024 15:49
moelasmar
moelasmar previously approved these changes Feb 25, 2024
@xazhao
Copy link
Contributor

xazhao commented Mar 1, 2024

Hello @kshyun28 , For new policy template PR, it has to go through security review which will take some time. We won't be able to merge the PR now.

@kshyun28
Copy link
Contributor Author

kshyun28 commented Mar 1, 2024

Hello @xazhao, I understand.

If there's anything else required from me (or if the team thinks this is not a valid use case), please let me know.

Thank you for reviewing!

@moelasmar moelasmar self-requested a review March 3, 2024 08:49
@moelasmar moelasmar dismissed their stale review March 3, 2024 08:58

needs security review

@GavinZZ
Copy link
Contributor

GavinZZ commented Mar 26, 2024

Hi there, just an update on this pull request. We've created the security review internally. It's pending a couple of tasks at the moment. Once the tasks are complete, we will bring it up the security engineer for a final round of review.

@GavinZZ
Copy link
Contributor

GavinZZ commented May 30, 2024

Hi @kshyun28, sorry for the long wait! I've some good news to share with you. We've finally gotten security engineer's sign off and I will be merging this PR soon.

@GavinZZ GavinZZ enabled auto-merge (squash) May 31, 2024 18:56
@kshyun28
Copy link
Contributor Author

kshyun28 commented Jun 3, 2024

Hello @GavinZZ, I appreciate all the hard work you and the AWS-SAM team did in order to add this feature.

It's my pleasure making a small contribution to a tool I've used for serverless applications.

@GavinZZ GavinZZ merged commit bbe98a5 into aws:develop Jun 3, 2024
7 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants