Merge pull request #1 from brianlaoaws/feature/download-payload

brianlaoaws · web-flow · commit 29c198293523 · 2024-03-04T09:32:35.000-05:00
Add support to download hook target data for stack-level hooks
diff --git a/src/main/java/software/amazon/cloudformation/HookAbstractWrapper.java b/src/main/java/software/amazon/cloudformation/HookAbstractWrapper.java
@@ -17,12 +17,18 @@
 import com.amazonaws.AmazonServiceException;
 import com.amazonaws.retry.RetryUtils;
 import com.fasterxml.jackson.core.type.TypeReference;
+import com.google.common.annotations.VisibleForTesting;
+import java.io.ByteArrayOutputStream;
 import java.io.IOException;
 import java.io.InputStream;
 import java.io.OutputStream;
+import java.net.URISyntaxException;
+import java.net.URL;
 import java.nio.charset.StandardCharsets;
 import java.time.Instant;
+import java.util.Collections;
 import java.util.Date;
+import java.util.Map;
 import org.apache.commons.io.FileUtils;
 import org.apache.commons.io.IOUtils;
 import org.apache.commons.lang3.exception.ExceptionUtils;
@@ -31,10 +37,15 @@
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import software.amazon.awssdk.awscore.exception.AwsServiceException;
+import software.amazon.awssdk.http.HttpExecuteRequest;
+import software.amazon.awssdk.http.HttpExecuteResponse;
 import software.amazon.awssdk.http.HttpStatusCode;
 import software.amazon.awssdk.http.HttpStatusFamily;
 import software.amazon.awssdk.http.SdkHttpClient;
+import software.amazon.awssdk.http.SdkHttpMethod;
+import software.amazon.awssdk.http.SdkHttpRequest;
 import software.amazon.awssdk.http.apache.ApacheHttpClient;
+import software.amazon.awssdk.utils.IoUtils;
 import software.amazon.cloudformation.encryption.Cipher;
 import software.amazon.cloudformation.encryption.KMSCipher;
 import software.amazon.cloudformation.exceptions.BaseHandlerException;
@@ -63,6 +74,7 @@
 import software.amazon.cloudformation.proxy.hook.HookInvocationRequest;
 import software.amazon.cloudformation.proxy.hook.HookProgressEvent;
 import software.amazon.cloudformation.proxy.hook.HookRequestContext;
+import software.amazon.cloudformation.proxy.hook.HookRequestData;
 import software.amazon.cloudformation.proxy.hook.HookStatus;
 import software.amazon.cloudformation.resource.SchemaValidator;
 import software.amazon.cloudformation.resource.Serializer;
@@ -89,6 +101,9 @@ public abstract class HookAbstractWrapper<TargetT, CallbackT, ConfigurationT> {
     final SchemaValidator validator;
     final TypeReference<HookInvocationRequest<ConfigurationT, CallbackT>> typeReference;
 
+    final TypeReference<Map<String, Object>> hookStackPayloadS3TypeReference = new TypeReference<>() {
+    };
+
     private MetricsPublisher providerMetricsPublisher;
 
     private CloudWatchLogHelper cloudWatchLogHelper;
@@ -222,18 +237,20 @@ private ProgressEvent<TargetT, CallbackT> processInvocation(final JSONObject raw
 
         assert request != null : "Invalid request object received. Request object is null";
 
-        if (request.getRequestData() == null || request.getRequestData().getTargetModel() == null) {
-            throw new TerminalException("Invalid request object received. Target Model can not be null.");
-        }
-
-        // TODO: Include hook schema validation here after schema is finalized
+        boolean isPayloadRemote = isHookInvocationPayloadRemote(request.getRequestData());
 
         try {
             // initialise dependencies with platform credentials
             initialiseRuntime(request.getHookTypeName(), request.getRequestData().getProviderCredentials(),
                 request.getRequestData().getProviderLogGroupName(), request.getAwsAccountId(),
                 request.getRequestData().getHookEncryptionKeyArn(), request.getRequestData().getHookEncryptionKeyRole());
 
+            if (isPayloadRemote) {
+                Map<String, Object> targetModelData = retrieveHookInvocationPayloadFromS3(request.getRequestData().getPayload());
+
+                request.getRequestData().setTargetModel(targetModelData);
+            }
+
             // transform the request object to pass to caller
             HookHandlerRequest hookHandlerRequest = transform(request);
             ConfigurationT typeConfiguration = request.getHookModel();
@@ -366,6 +383,49 @@ private void writeResponse(final OutputStream outputStream, final HookProgressEv
         outputStream.flush();
     }
 
+    public Map<String, Object> retrieveHookInvocationPayloadFromS3(final String s3PresignedUrl) {
+        if (s3PresignedUrl != null) {
+            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
+
+            try {
+                URL presignedUrl = new URL(s3PresignedUrl);
+                SdkHttpRequest httpRequest = SdkHttpRequest.builder().method(SdkHttpMethod.GET).uri(presignedUrl.toURI()).build();
+
+                HttpExecuteRequest executeRequest = HttpExecuteRequest.builder().request(httpRequest).build();
+
+                HttpExecuteResponse response = HTTP_CLIENT.prepareRequest(executeRequest).call();
+
+                response.responseBody().ifPresentOrElse(abortableInputStream -> {
+                    try {
+                        IoUtils.copy(abortableInputStream, byteArrayOutputStream);
+                    } catch (IOException e) {
+                        throw new RuntimeException(e);
+                    }
+                }, () -> loggerProxy.log("Hook invocation payload is empty."));
+
+                String str = byteArrayOutputStream.toString(StandardCharsets.UTF_8);
+
+                return this.serializer.deserialize(str, hookStackPayloadS3TypeReference);
+            } catch (RuntimeException | IOException | URISyntaxException exp) {
+                loggerProxy.log("Failed to retrieve hook invocation payload" + exp.toString());
+            }
+        }
+        return Collections.emptyMap();
+    }
+
+    @VisibleForTesting
+    protected boolean isHookInvocationPayloadRemote(HookRequestData hookRequestData) {
+        if (hookRequestData == null || hookRequestData.getTargetModel() == null) {
+            throw new TerminalException("Invalid request object received. Target Model can not be null.");
+        }
+
+        if (hookRequestData.getTargetModel().isEmpty() && hookRequestData.getPayload() == null) {
+            throw new TerminalException("No payload data set.");
+        }
+
+        return hookRequestData.getTargetModel().isEmpty();
+    }
+
     /**
      * Transforms the incoming request to the subset of typed models which the
      * handler implementor needs
diff --git a/src/main/java/software/amazon/cloudformation/proxy/hook/HookRequestData.java b/src/main/java/software/amazon/cloudformation/proxy/hook/HookRequestData.java
@@ -29,6 +29,7 @@ public class HookRequestData {
     private String targetType;
     private String targetLogicalId;
     private Map<String, Object> targetModel;
+    private String payload;
     private String callerCredentials;
     private String providerCredentials;
     private String providerLogGroupName;
diff --git a/src/main/java/software/amazon/cloudformation/proxy/hook/targetmodel/ChangedResource.java b/src/main/java/software/amazon/cloudformation/proxy/hook/targetmodel/ChangedResource.java
@@ -15,7 +15,10 @@
 package software.amazon.cloudformation.proxy.hook.targetmodel;
 
 import com.fasterxml.jackson.annotation.JsonProperty;
-import lombok.*;
+import lombok.AllArgsConstructor;
+import lombok.Builder;
+import lombok.Data;
+import lombok.NoArgsConstructor;
 
 @Data
 @Builder
diff --git a/src/main/java/software/amazon/cloudformation/proxy/hook/targetmodel/StackHookTargetModel.java b/src/main/java/software/amazon/cloudformation/proxy/hook/targetmodel/StackHookTargetModel.java
@@ -19,8 +19,12 @@
 import com.fasterxml.jackson.annotation.JsonProperty;
 import com.fasterxml.jackson.core.type.TypeReference;
 import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
+import lombok.EqualsAndHashCode;
+import lombok.Getter;
+import lombok.NoArgsConstructor;
+import lombok.ToString;
+
 import java.util.List;
-import lombok.*;
 
 @EqualsAndHashCode(callSuper = false)
 @Getter
@@ -33,13 +37,13 @@ public class StackHookTargetModel extends HookTargetModel {
     };
 
     @JsonProperty("Template")
-    private String template;
+    private Object template;
 
     @JsonProperty("PreviousTemplate")
-    private String previousTemplate;
+    private Object previousTemplate;
 
     @JsonProperty("ResolvedTemplate")
-    private String resolvedTemplate;
+    private Object resolvedTemplate;
 
     @JsonProperty("ChangedResources")
     private List<ChangedResource> changedResources;
diff --git a/src/test/java/software/amazon/cloudformation/HookLambdaWrapperOverride.java b/src/test/java/software/amazon/cloudformation/HookLambdaWrapperOverride.java
@@ -19,6 +19,7 @@
 import java.nio.charset.StandardCharsets;
 import java.util.LinkedList;
 import java.util.List;
+import java.util.Map;
 import java.util.Queue;
 import lombok.Data;
 import lombok.EqualsAndHashCode;
@@ -46,6 +47,8 @@
 @EqualsAndHashCode(callSuper = true)
 public class HookLambdaWrapperOverride extends HookLambdaWrapper<TestModel, TestContext, TestConfigurationModel> {
 
+    private Map<String, Object> hookInvocationPayloadFromS3;
+
     /**
      * This .ctor provided for testing
      */
@@ -128,6 +131,15 @@ protected HookHandlerRequest transform(final HookInvocationRequest<TestConfigura
 
     public HookHandlerRequest transformResponse;
 
+    @Override
+    public Map<String, Object> retrieveHookInvocationPayloadFromS3(final String s3PresignedUrl) {
+        return hookInvocationPayloadFromS3;
+    }
+
+    public void setHookInvocationPayloadFromS3(Map<String, Object> input) {
+        hookInvocationPayloadFromS3 = input;
+    }
+
     @Override
     protected TypeReference<HookInvocationRequest<TestConfigurationModel, TestContext>> getTypeReference() {
         return new TypeReference<HookInvocationRequest<TestConfigurationModel, TestContext>>() {
diff --git a/src/test/java/software/amazon/cloudformation/HookLambdaWrapperTest.java b/src/test/java/software/amazon/cloudformation/HookLambdaWrapperTest.java
@@ -23,21 +23,29 @@
 import com.amazonaws.services.lambda.runtime.Context;
 import com.amazonaws.services.lambda.runtime.LambdaLogger;
 import com.fasterxml.jackson.core.type.TypeReference;
+import com.google.common.collect.ImmutableList;
+import com.google.common.collect.ImmutableMap;
 import java.io.ByteArrayOutputStream;
 import java.io.File;
 import java.io.FileInputStream;
 import java.io.FileNotFoundException;
 import java.io.IOException;
 import java.io.InputStream;
 import java.io.OutputStream;
+import java.util.Collections;
+import java.util.List;
+import java.util.Map;
+import org.junit.jupiter.api.Assertions;
 import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.ExtendWith;
 import org.junit.jupiter.params.ParameterizedTest;
 import org.junit.jupiter.params.provider.CsvSource;
 import org.mockito.Mock;
 import org.mockito.junit.jupiter.MockitoExtension;
 import software.amazon.awssdk.http.SdkHttpClient;
 import software.amazon.cloudformation.encryption.KMSCipher;
+import software.amazon.cloudformation.exceptions.TerminalException;
 import software.amazon.cloudformation.injection.CredentialsProvider;
 import software.amazon.cloudformation.loggers.CloudWatchLogPublisher;
 import software.amazon.cloudformation.loggers.LogPublisher;
@@ -48,6 +56,7 @@
 import software.amazon.cloudformation.proxy.ProgressEvent;
 import software.amazon.cloudformation.proxy.hook.HookHandlerRequest;
 import software.amazon.cloudformation.proxy.hook.HookProgressEvent;
+import software.amazon.cloudformation.proxy.hook.HookRequestData;
 import software.amazon.cloudformation.proxy.hook.HookStatus;
 import software.amazon.cloudformation.proxy.hook.targetmodel.ChangedResource;
 import software.amazon.cloudformation.proxy.hook.targetmodel.StackHookTargetModel;
@@ -333,6 +342,22 @@ public void invokeHandler_WithStackLevelHook_returnsSuccess(final String request
 
         lenient().when(cipher.decryptCredentials(any())).thenReturn(new Credentials("123", "123", "123"));
 
+        wrapper.setHookInvocationPayloadFromS3(Map.of(
+                "Template", "template string here",
+                "PreviousTemplate", "previous template string here",
+                "ResolvedTemplate", "resolved template string here",
+                "ChangedResources", List.of(
+                        Map.of(
+                                "LogicalResourceId", "SomeLogicalResourceId",
+                                "ResourceType", "AWS::S3::Bucket",
+                                "Action", "CREATE",
+                                "LineNumber", 3,
+                                "ResourceProperties", "<Resource Properties as json string>",
+                                "PreviousResourceProperties", "<Resource Properties as json string>"
+                        )
+                )
+        ));
+
         try (final InputStream in = loadRequestStream(requestDataPath); final OutputStream out = new ByteArrayOutputStream()) {
             final Context context = getLambdaContext();
 
@@ -369,6 +394,33 @@ public void invokeHandler_WithStackLevelHook_returnsSuccess(final String request
         }
     }
 
+   @Test
+   public void testIsHookInvocationPayloadRemote() {
+        List<HookRequestData> invalidHookRequestDataObjects = ImmutableList.of(
+                HookRequestData.builder().targetModel(null).build(),
+                HookRequestData.builder().targetModel(null).payload(null).build(),
+                HookRequestData.builder().targetModel(Collections.emptyMap()).payload(null).build(),
+                HookRequestData.builder().targetModel(Collections.emptyMap()).payload(null).build()
+        );
+
+        invalidHookRequestDataObjects.forEach(requestData -> {
+            Assertions.assertThrows(TerminalException.class, () -> wrapper.isHookInvocationPayloadRemote(requestData));
+        });
+
+        Assertions.assertThrows(TerminalException.class, () -> wrapper.isHookInvocationPayloadRemote(null));
+
+        HookRequestData bothFieldsPopulated = HookRequestData.builder().targetModel(ImmutableMap.of("foo", "bar"))
+            .payload("http://s3PresignedUrl").build();
+        HookRequestData onlyTargetModelPopulated = HookRequestData.builder().targetModel(ImmutableMap.of("foo", "bar"))
+            .payload(null).build();
+        HookRequestData onlyPayloadPopulated = HookRequestData.builder().targetModel(Collections.emptyMap())
+            .payload("http://s3PresignedUrl").build();
+
+        Assertions.assertFalse(wrapper.isHookInvocationPayloadRemote(bothFieldsPopulated));
+        Assertions.assertFalse(wrapper.isHookInvocationPayloadRemote(onlyTargetModelPopulated));
+        Assertions.assertTrue(wrapper.isHookInvocationPayloadRemote(onlyPayloadPopulated));
+    }
+
     private final String expectedStringWhenStrictDeserializingWithExtraneousFields = "Unrecognized field \"targetName\" (class software.amazon.cloudformation.proxy.hook.HookInvocationRequest), not marked as ignorable (10 known properties: \"requestContext\", \"stackId\", \"clientRequestToken\", \"hookModel\", \"hookTypeName\", \"requestData\", \"actionInvocationPoint\", \"awsAccountId\", \"changeSetId\", \"hookTypeVersion\"])\n"
         + " at [Source: (String)\"{\n" + "    \"clientRequestToken\": \"123456\",\n" + "    \"awsAccountId\": \"123456789012\",\n"
         + "    \"stackId\": \"arn:aws:cloudformation:us-east-1:123456789012:stack/SampleStack/e722ae60-fe62-11e8-9a0e-0ae8cc519968\",\n"
diff --git a/src/test/java/software/amazon/cloudformation/data/hook/preCreate.request.with-stack-level-hook.json b/src/test/java/software/amazon/cloudformation/data/hook/preCreate.request.with-stack-level-hook.json
@@ -14,21 +14,8 @@
         "targetName": "STACK",
         "targetType": "STACK",
         "targetLogicalId": "myStack",
-        "targetModel": {
-            "template": "template string here",
-            "previousTemplate": "previous template string here",
-            "resolvedTemplate": "resolved template string here",
-            "changedResources": [
-                {
-                    "LogicalResourceId": "SomeLogicalResourceId",
-                    "ResourceType": "AWS::S3::Bucket",
-                    "LineNumber": 3,
-                    "Action": "CREATE",
-                    "ResourceProperties": "<Resource Properties as json string>",
-                    "PreviousResourceProperties": "<Resource Properties as json string>"
-                }
-            ]
-        },
+        "targetModel": {},
+        "payload": "http://someS3PresignedUrl",
         "callerCredentials": "callerCredentials",
         "providerCredentials": "providerCredentials",
         "providerLogGroupName": "providerLoggingGroupName",
diff --git a/src/test/java/software/amazon/cloudformation/proxy/hook/targetmodel/HookTargetModelTest.java b/src/test/java/software/amazon/cloudformation/proxy/hook/targetmodel/HookTargetModelTest.java
@@ -222,11 +222,11 @@ public void testStackHookTargetModel() throws Exception {
         Assertions.assertEquals(changedResources, targetModel.getChangedResources());
         Assertions.assertNull(targetModel.getHookTargetTypeReference());
         Assertions.assertEquals(
-            "{\"Template\":\"{\\\"key1\\\":\\\"value1\\\"}\",\"PreviousTemplate\":\"{\\\"previousKey1\\\":\\\"" +
-                    "previousValue1\\\"}\",\"ResolvedTemplate\":\"{\\\"resolvedKey1\\\":\\\"resolvedValue1\\\"}\",\"ChangedResources\"" +
-                    ":[{\"LogicalResourceId\":\"SomeLogicalResourceId\",\"ResourceType\":\"AWS::S3::Bucket\",\"LineNumber\":" +
-                    "11,\"Action\":\"CREATE\",\"ResourceProperties\":\"{\\\"BucketName\\\": \\\"some-bucket-name\\\"\"," +
-                    "\"PreviousResourceProperties\":\"{\\\"BucketName\\\": \\\"some-prev-bucket-name\\\"\"}]}",
+            "{\"Template\":\"{\\\"key1\\\":\\\"value1\\\"}\",\"PreviousTemplate\":\"{\\\"previousKey1\\\":\\\""
+                + "previousValue1\\\"}\",\"ResolvedTemplate\":\"{\\\"resolvedKey1\\\":\\\"resolvedValue1\\\"}\",\"ChangedResources\""
+                + ":[{\"LogicalResourceId\":\"SomeLogicalResourceId\",\"ResourceType\":\"AWS::S3::Bucket\",\"LineNumber\":"
+                + "11,\"Action\":\"CREATE\",\"ResourceProperties\":\"{\\\"BucketName\\\": \\\"some-bucket-name\\\"\","
+                + "\"PreviousResourceProperties\":\"{\\\"BucketName\\\": \\\"some-prev-bucket-name\\\"\"}]}",
             OBJECT_MAPPER.writeValueAsString(targetModel));
     }
 
@@ -252,14 +252,12 @@ public void testStackHookTargetModelWithAdditionalPropertiesInInput() throws Exc
         Assertions.assertEquals(changedResources, targetModel.getChangedResources());
         Assertions.assertNull(targetModel.getHookTargetTypeReference());
 
-        Assertions.assertEquals(
-            "{\"Template\":\"{\\\"key1\\\":\\\"value1\\\"}\",\"PreviousTemplate\":\"{\\\"previousKey1\\\":" +
-                    "\\\"previousValue1\\\"}\",\"ResolvedTemplate\":\"{\\\"resolvedKey1\\\":\\\"resolvedValue1\\\"}\"," +
-                    "\"ChangedResources\":[{\"LogicalResourceId\":\"SomeLogicalResourceId\",\"ResourceType\":" +
-                    "\"AWS::S3::Bucket\",\"LineNumber\":11,\"Action\":\"CREATE\",\"ResourceProperties\":\"{" +
-                    "\\\"BucketName\\\": \\\"some-bucket-name\\\"\",\"PreviousResourceProperties\":\"{\\\"BucketName\\\":" +
-                    " \\\"some-prev-bucket-name\\\"\"}]}",
-            OBJECT_MAPPER.writeValueAsString(targetModel));
+        Assertions.assertEquals("{\"Template\":\"{\\\"key1\\\":\\\"value1\\\"}\",\"PreviousTemplate\":\"{\\\"previousKey1\\\":"
+            + "\\\"previousValue1\\\"}\",\"ResolvedTemplate\":\"{\\\"resolvedKey1\\\":\\\"resolvedValue1\\\"}\","
+            + "\"ChangedResources\":[{\"LogicalResourceId\":\"SomeLogicalResourceId\",\"ResourceType\":"
+            + "\"AWS::S3::Bucket\",\"LineNumber\":11,\"Action\":\"CREATE\",\"ResourceProperties\":\"{"
+            + "\\\"BucketName\\\": \\\"some-bucket-name\\\"\",\"PreviousResourceProperties\":\"{\\\"BucketName\\\":"
+            + " \\\"some-prev-bucket-name\\\"\"}]}", OBJECT_MAPPER.writeValueAsString(targetModel));
     }
 
     @Test
@@ -282,11 +280,11 @@ public void testStackHookTargetModelWithMissingPropertiesInInput() throws Except
         Assertions.assertEquals(changedResources, targetModel.getChangedResources());
         Assertions.assertNull(targetModel.getHookTargetTypeReference());
         Assertions.assertEquals(
-            "{\"Template\":\"{\\\"key1\\\":\\\"value1\\\"}\",\"PreviousTemplate\":null,\"ResolvedTemplate\":" +
-                    "\"{\\\"resolvedKey1\\\":\\\"resolvedValue1\\\"}\",\"ChangedResources\":[{\"LogicalResourceId\":" +
-                    "\"SomeLogicalResourceId\",\"ResourceType\":\"AWS::S3::Bucket\",\"LineNumber\":null,\"Action\":" +
-                    "\"CREATE\",\"ResourceProperties\":\"{\\\"BucketName\\\": \\\"some-bucket-name\\\"\"," +
-                    "\"PreviousResourceProperties\":\"{\\\"BucketName\\\": \\\"some-prev-bucket-name\\\"\"}]}",
+            "{\"Template\":\"{\\\"key1\\\":\\\"value1\\\"}\",\"PreviousTemplate\":null,\"ResolvedTemplate\":"
+                + "\"{\\\"resolvedKey1\\\":\\\"resolvedValue1\\\"}\",\"ChangedResources\":[{\"LogicalResourceId\":"
+                + "\"SomeLogicalResourceId\",\"ResourceType\":\"AWS::S3::Bucket\",\"LineNumber\":null,\"Action\":"
+                + "\"CREATE\",\"ResourceProperties\":\"{\\\"BucketName\\\": \\\"some-bucket-name\\\"\","
+                + "\"PreviousResourceProperties\":\"{\\\"BucketName\\\": \\\"some-prev-bucket-name\\\"\"}]}",
             OBJECT_MAPPER.writeValueAsString(targetModel));
     }
 
