test(stepfunctions): add integration test for JSONata TaskRole credentials

Author: t3yamoto

packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions/test/fake-task.ts

@@ -35,3 +35,33 @@ export class FakeTask extends sfn.TaskStateBase {
     };
   }
 }
+
+/**
+ * JSONata-compatible task for integ testing
+ */
+export class FakeTaskJsonata extends sfn.TaskStateBase {
+  protected readonly taskMetrics?: sfn.TaskMetricsConfig;
+  protected readonly taskPolicies?: iam.PolicyStatement[];
+  protected readonly parameters?: { [key: string]: string };
+
+  constructor(scope: constructs.Construct, id: string, props: FakeTaskProps = {}) {
+    super(scope, id, props);
+    this.parameters = props.parameters;
+  }
+
+  protected _renderTask(): any {
+    return {
+      Type: 'Task',
+      Resource: 'arn:aws:states:::dynamodb:putItem',
+      Arguments: {
+        TableName: 'my-cool-table',
+        Item: {
+          id: {
+            S: 'my-entry',
+          },
+        },
+        ...this.parameters,
+      },
+    };
+  }
+}

packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions/test/integ.state-machine-credentials.js.snapshot/StateMachineCredentialsDefaultTestDeployAssert3F5E6D8D.assets.json

@@ -78,12 +78,6 @@
   "StateMachineWithLiteralCredentialsBF5A67AE": {
    "Type": "AWS::StepFunctions::StateMachine",
    "Properties": {
-    "RoleArn": {
-     "Fn::GetAtt": [
-      "StateMachineWithLiteralCredentialsRole1F1DEEC1",
-      "Arn"
-     ]
-    },
     "DefinitionString": {
      "Fn::Join": [
       "",
@@ -98,6 +92,12 @@
        "\"},\"Resource\":\"arn:aws:states:::dynamodb:putItem\",\"Parameters\":{\"TableName\":\"my-cool-table\",\"Item\":{\"id\":{\"S\":\"my-entry\"}}}}},\"TimeoutSeconds\":30}"
       ]
      ]
+    },
+    "RoleArn": {
+     "Fn::GetAtt": [
+      "StateMachineWithLiteralCredentialsRole1F1DEEC1",
+      "Arn"
+     ]
     }
    },
    "DependsOn": [
@@ -148,13 +148,13 @@
   "StateMachineWithCrossAccountLiteralCredentialsA2DD713D": {
    "Type": "AWS::StepFunctions::StateMachine",
    "Properties": {
+    "DefinitionString": "{\"StartAt\":\"FakeTaskWithCrossAccountLiteralCredentials\",\"States\":{\"FakeTaskWithCrossAccountLiteralCredentials\":{\"End\":true,\"Type\":\"Task\",\"Credentials\":{\"RoleArn\":\"arn:aws:iam::123456789012:role/CrossAccountRole\"},\"Resource\":\"arn:aws:states:::dynamodb:putItem\",\"Parameters\":{\"TableName\":\"my-cool-table\",\"Item\":{\"id\":{\"S\":\"my-entry\"}}}}},\"TimeoutSeconds\":30}",
     "RoleArn": {
      "Fn::GetAtt": [
       "StateMachineWithCrossAccountLiteralCredentialsRole4AA04DBC",
       "Arn"
      ]
-    },
-    "DefinitionString": "{\"StartAt\":\"FakeTaskWithCrossAccountLiteralCredentials\",\"States\":{\"FakeTaskWithCrossAccountLiteralCredentials\":{\"End\":true,\"Type\":\"Task\",\"Credentials\":{\"RoleArn\":\"arn:aws:iam::123456789012:role/CrossAccountRole\"},\"Resource\":\"arn:aws:states:::dynamodb:putItem\",\"Parameters\":{\"TableName\":\"my-cool-table\",\"Item\":{\"id\":{\"S\":\"my-entry\"}}}}},\"TimeoutSeconds\":30}"
+    }
    },
    "DependsOn": [
     "StateMachineWithCrossAccountLiteralCredentialsRoleDefaultPolicy9B9943BD",
@@ -204,20 +204,76 @@
   "StateMachineWithJsonPathCredentials5786712E": {
    "Type": "AWS::StepFunctions::StateMachine",
    "Properties": {
+    "DefinitionString": "{\"StartAt\":\"FakeTaskWithJsonPathCredentials\",\"States\":{\"FakeTaskWithJsonPathCredentials\":{\"End\":true,\"Type\":\"Task\",\"Credentials\":{\"RoleArn.$\":\"$.RoleArn\"},\"Resource\":\"arn:aws:states:::dynamodb:putItem\",\"Parameters\":{\"TableName\":\"my-cool-table\",\"Item\":{\"id\":{\"S\":\"my-entry\"}}}}},\"TimeoutSeconds\":30}",
     "RoleArn": {
      "Fn::GetAtt": [
       "StateMachineWithJsonPathCredentialsRole7BDE9FA6",
       "Arn"
      ]
-    },
-    "DefinitionString": "{\"StartAt\":\"FakeTaskWithJsonPathCredentials\",\"States\":{\"FakeTaskWithJsonPathCredentials\":{\"End\":true,\"Type\":\"Task\",\"Credentials\":{\"RoleArn.$\":\"$.RoleArn\"},\"Resource\":\"arn:aws:states:::dynamodb:putItem\",\"Parameters\":{\"TableName\":\"my-cool-table\",\"Item\":{\"id\":{\"S\":\"my-entry\"}}}}},\"TimeoutSeconds\":30}"
+    }
    },
    "DependsOn": [
     "StateMachineWithJsonPathCredentialsRoleDefaultPolicy1DA1C50B",
     "StateMachineWithJsonPathCredentialsRole7BDE9FA6"
    ],
    "UpdateReplacePolicy": "Delete",
    "DeletionPolicy": "Delete"
+  },
+  "StateMachineWithJSONataCredentialsRole97AD3731": {
+   "Type": "AWS::IAM::Role",
+   "Properties": {
+    "AssumeRolePolicyDocument": {
+     "Statement": [
+      {
+       "Action": "sts:AssumeRole",
+       "Effect": "Allow",
+       "Principal": {
+        "Service": "states.amazonaws.com"
+       }
+      }
+     ],
+     "Version": "2012-10-17"
+    }
+   }
+  },
+  "StateMachineWithJSONataCredentialsRoleDefaultPolicyF552EED1": {
+   "Type": "AWS::IAM::Policy",
+   "Properties": {
+    "PolicyDocument": {
+     "Statement": [
+      {
+       "Action": "sts:AssumeRole",
+       "Effect": "Allow",
+       "Resource": "*"
+      }
+     ],
+     "Version": "2012-10-17"
+    },
+    "PolicyName": "StateMachineWithJSONataCredentialsRoleDefaultPolicyF552EED1",
+    "Roles": [
+     {
+      "Ref": "StateMachineWithJSONataCredentialsRole97AD3731"
+     }
+    ]
+   }
+  },
+  "StateMachineWithJSONataCredentialsA18E2D6C": {
+   "Type": "AWS::StepFunctions::StateMachine",
+   "Properties": {
+    "DefinitionString": "{\"StartAt\":\"FakeTaskWithJSONataCredentials\",\"States\":{\"FakeTaskWithJSONataCredentials\":{\"End\":true,\"Type\":\"Task\",\"Arguments\":{\"TableName\":\"my-cool-table\",\"Item\":{\"id\":{\"S\":\"my-entry\"}}},\"Credentials\":{\"RoleArn\":\"{% $states.input.RoleArn %}\"},\"Resource\":\"arn:aws:states:::dynamodb:putItem\"}},\"TimeoutSeconds\":30,\"QueryLanguage\":\"JSONata\"}",
+    "RoleArn": {
+     "Fn::GetAtt": [
+      "StateMachineWithJSONataCredentialsRole97AD3731",
+      "Arn"
+     ]
+    }
+   },
+   "DependsOn": [
+    "StateMachineWithJSONataCredentialsRoleDefaultPolicyF552EED1",
+    "StateMachineWithJSONataCredentialsRole97AD3731"
+   ],
+   "UpdateReplacePolicy": "Delete",
+   "DeletionPolicy": "Delete"
   }
  },
  "Parameters": {