(assertions): incorrect validation error during GetLogEvents API call

msambol commented 3 months ago

Describe the bug

I don't believe this is a CDK issue, but I'm hoping this can be routed to the correct team.

I wrote an integration test and used the following code:

const message = putMessageOnQueue.next(test.assertions.awsApiCall('CloudWatchLogs', 'GetLogEvents', {
  LogGroupName: targetLogGroup.logGroupName,
  LogStreamName: logStreamName,
}));

I received the following error:

I tried both LogGroupName and LogGroupArn.

Expected Behavior

Log events to be returned

Current Behavior

ValidationException

Reproduction Steps

I wrote an integration test with the following code:

const targetLogGroup = new cdk.aws_logs.LogGroup(stack, 'TargetLogGroup');

const message = putMessageOnQueue.next(test.assertions.awsApiCall('CloudWatchLogs', 'GetLogEvents', {
  LogGroupName: targetLogGroup.logGroupName,
  LogStreamName: 'mylogstream',
}));

Possible Solution

No response

Additional Information/Context

No response

CDK CLI Version

2.147.1 (build d3695d4)

Framework Version

No response

Node.js Version

v20.11.1

OS

MacOS 14.6

Language

TypeScript

Language Version

No response

Other information

No response

ashishdhingra commented 3 months ago

@msambol Good morning. Could you please share the self contained CDK code and packages used to reproduce the issue?

Thanks, Ashish

msambol commented 3 months ago

@ashishdhingra – It happened while running this integration test: https://github.com/aws/aws-cdk/pull/30665/files#diff-2763bd6ad8e804e782f19c082f9eac5be850ff7e79b98407aaa86f999985ec3b.

ashishdhingra commented 3 months ago

@msambol Good afternoon. Thanks for sharing the input. Upon testing, looks like the parameter names for an API operation are case sensitive. If you refer GetLogEvents, the parameters logGroupName and logStreamName start with a lowercase letter.

One more problem in your code is that you are not creating Log Stream.

I was able to successfully deploy the below stack after making necessary changes:

#!/usr/bin/env node
import 'source-map-support/register';
import * as cdk from 'aws-cdk-lib';
import { IntegTest } from '@aws-cdk/integ-tests-alpha';

const app = new cdk.App();
const stack = new cdk.Stack(app, 'aws-cdk-pipes-targets');

const test = new IntegTest(app, 'integtest-pipe-target-sqs', {
  testCases: [stack],
});

const sourceQueue = new cdk.aws_sqs.Queue(stack, 'SourceQueue');
const body = 'Cozumel';
const targetLogGroup = new cdk.aws_logs.LogGroup(stack, 'TargetLogGroup');
const logStreamName = 'Mexico';
const targetLogStream = new cdk.aws_logs.LogStream(stack, 'TargetLogStream', {
  logGroup: targetLogGroup,
  logStreamName: logStreamName
});

const putMessageOnQueue = test.assertions.awsApiCall('SQS', 'sendMessage', {
  QueueUrl: sourceQueue.queueUrl,
  MessageBody: body,
});

new cdk.CfnOutput(stack, 'logGroupName', { value: targetLogGroup.logGroupName});
const message = putMessageOnQueue.next(test.assertions.awsApiCall('CloudWatchLogs', 'getLogEvents', {
  logGroupName: targetLogGroup.logGroupName,
  logStreamName: logStreamName,
}));

cdk deploy --all output:


✨  Synthesis time: 4.32s

aws-cdk-pipes-targets:  start: Building cd9a666799767f3a3dd751d031b84a19218ced862e6d0b58130b48f5505ac88c:current_account-current_region
aws-cdk-pipes-targets:  success: Built cd9a666799767f3a3dd751d031b84a19218ced862e6d0b58130b48f5505ac88c:current_account-current_region
integtestpipetargetsqsDefaultTestDeployAssertD5F047DA:  start: Building d3834ebd0daa47a28ee30f6e618e772fd05ff85ef2fd5ad9d064029ed126fb7e:current_account-current_region
integtestpipetargetsqsDefaultTestDeployAssertD5F047DA:  success: Built d3834ebd0daa47a28ee30f6e618e772fd05ff85ef2fd5ad9d064029ed126fb7e:current_account-current_region
aws-cdk-pipes-targets:  start: Publishing cd9a666799767f3a3dd751d031b84a19218ced862e6d0b58130b48f5505ac88c:current_account-current_region
aws-cdk-pipes-targets:  success: Published cd9a666799767f3a3dd751d031b84a19218ced862e6d0b58130b48f5505ac88c:current_account-current_region
aws-cdk-pipes-targets
aws-cdk-pipes-targets: deploying... [1/2]
aws-cdk-pipes-targets: creating CloudFormation changeset...

 ✅  aws-cdk-pipes-targets

✨  Deployment time: 44.39s

Outputs:
aws-cdk-pipes-targets.ExportsOutputRefSourceQueue6E809DF09604904F = https://sqs.us-east-2.amazonaws.com/139480602983/aws-cdk-pipes-targets-SourceQueue6E809DF0-SKI5ESKKsptW
aws-cdk-pipes-targets.ExportsOutputRefTargetLogGroupB910FA6FA19EA81F = aws-cdk-pipes-targets-TargetLogGroupB910FA6F-ChBptfjWlH3k
aws-cdk-pipes-targets.logGroupName = aws-cdk-pipes-targets-TargetLogGroupB910FA6F-ChBptfjWlH3k
Stack ARN:
arn:aws:cloudformation:us-east-2:139480602983:stack/aws-cdk-pipes-targets/064136d0-3342-11ef-844a-06475977c107

✨  Total time: 48.71s

integtestpipetargetsqsDefaultTestDeployAssertD5F047DA:  start: Publishing d3834ebd0daa47a28ee30f6e618e772fd05ff85ef2fd5ad9d064029ed126fb7e:current_account-current_region
integtestpipetargetsqsDefaultTestDeployAssertD5F047DA:  success: Published d3834ebd0daa47a28ee30f6e618e772fd05ff85ef2fd5ad9d064029ed126fb7e:current_account-current_region
integtest-pipe-target-sqs/DefaultTest/DeployAssert
This deployment will make potentially sensitive changes according to your current security approval level (--require-approval broadening).
Please confirm you intend to make the following modifications:

IAM Statement Changes
┌───┬───────────────────────────────────────────────────────────────┬────────┬───────────────────┬────────────────────────────────────────────────────────────────┬───────────┐
│   │ Resource                                                      │ Effect │ Action            │ Principal                                                      │ Condition │
├───┼───────────────────────────────────────────────────────────────┼────────┼───────────────────┼────────────────────────────────────────────────────────────────┼───────────┤
│ + │ ${DefaultTest/DeployAssert/SingletonFunction1488541a7b2346648 │ Allow  │ sts:AssumeRole    │ Service:lambda.amazonaws.com                                   │           │
│   │ 1b69b4408076b81/Role.Arn}                                     │        │                   │                                                                │           │
├───┼───────────────────────────────────────────────────────────────┼────────┼───────────────────┼────────────────────────────────────────────────────────────────┼───────────┤
│ + │ *                                                             │ Allow  │ sqs:SendMessage   │ AWS:${DefaultTest/DeployAssert/SingletonFunction1488541a7b2346 │           │
│   │                                                               │        │                   │ 6481b69b4408076b81/Role}                                       │           │
│ + │ *                                                             │ Allow  │ logs:GetLogEvents │ AWS:${DefaultTest/DeployAssert/SingletonFunction1488541a7b2346 │           │
│   │                                                               │        │                   │ 6481b69b4408076b81/Role}                                       │           │
└───┴───────────────────────────────────────────────────────────────┴────────┴───────────────────┴────────────────────────────────────────────────────────────────┴───────────┘
IAM Policy Changes
┌───┬────────────────────────────────────────────────────────────────────────────────────┬────────────────────────────────────────────────────────────────────────────────────┐
│   │ Resource                                                                           │ Managed Policy ARN                                                                 │
├───┼────────────────────────────────────────────────────────────────────────────────────┼────────────────────────────────────────────────────────────────────────────────────┤
│ + │ ${DefaultTest/DeployAssert/SingletonFunction1488541a7b23466481b69b4408076b81/Role} │ {"Fn::Sub":"arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecu │
│   │                                                                                    │ tionRole"}                                                                         │
└───┴────────────────────────────────────────────────────────────────────────────────────┴────────────────────────────────────────────────────────────────────────────────────┘
(NOTE: There may be security-related changes not in this list. See https://github.com/aws/aws-cdk/issues/1299)

Do you wish to deploy these changes (y/n)? y
integtest-pipe-target-sqs/DefaultTest/DeployAssert: deploying... [2/2]
integtestpipetargetsqsDefaultTestDeployAssertD5F047DA: creating CloudFormation changeset...

 ✅  integtest-pipe-target-sqs/DefaultTest/DeployAssert

✨  Deployment time: 44.37s

Stack ARN:
arn:aws:cloudformation:us-east-2:139480602983:stack/integtestpipetargetsqsDefaultTestDeployAssertD5F047DA/228822e0-3342-11ef-a20f-0ae554c22593

✨  Total time: 48.69s

Just FYI, I added new cdk.CfnOutput(stack, 'logGroupName', { value: targetLogGroup.logGroupName}); for debugging purposes.

Thanks, Ashish

msambol commented 3 months ago

@ashishdhingra Beautiful, thank you!

github-actions[bot] commented 3 months ago

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see. If you need more assistance, please either tag a team member or open a new issue that references this one. If you wish to keep having a conversation with other community members under this issue feel free to do so.

aws-cdk-automation commented 2 months ago

Comments on closed issues and PRs are hard for our team to see. If you need help, please open a new issue that references this one.

aws / aws-cdk