Skip to content

chore(lambda): fix integration tests #36938

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
aemada-aws wants to merge 2 commits into
base: main
Choose a base branch
from
Open

chore(lambda): fix integration tests #36938

aemada-aws wants to merge 2 commits into from
+3,733 −158,402

Conversation

@aemada-aws
Copy link
Contributor

@aemada-aws aemada-aws commented Feb 10, 2026
edited
Loading

Issue # (if applicable)

N/A - Remediation of 8 failing aws-lambda integration tests.

Reason for this change

Eight aws-lambda integration tests were failing due to a combination of issues: hardcoded physical names causing collisions, a non-existent IAM managed policy reference, an unsupported EC2 instance type for Lambda CapacityProvider, regional availability constraints for AWS::Lambda::CapacityProvider, API response size exceeding CloudFormation custom resource limits, a corrupt test asset (handler.zip), and the Lambda runtime SDK (3.895.0) not yet including capacity provider APIs (introduced in SDK 3.942.0).

Description of changes

integ.capacity-provider-all-fields.ts:

  • Removed hardcoded capacityProviderName to avoid name collisions
  • Fixed managed policy from AmazonLambdaCapacityProviderOperatorRolePolicy (does not exist) to AWSLambdaManagedEC2ResourceOperator
  • Changed instance type from t2.micro to m5.large (t2.micro not supported by Lambda CapacityProvider for x86_64)
  • Added region constraint (10 regions where AWS::Lambda::CapacityProvider is available)
  • Commented out GetCapacityProvider assertions (runtime SDK too old)

integ.capacity-provider-defaults.ts:

  • Added region constraint
  • Commented out GetCapacityProvider assertions (runtime SDK too old)

integ.function-capacity-provider-all-fields.ts:

  • Set @aws-cdk/aws-lambda:useCdkManagedLogGroup: false to avoid race condition where Lambda auto-creates the log group before CloudFormation can create the explicit AWS::Logs::LogGroup resource
  • Added outputPaths to GetFunction API call to stay within 4KB custom resource response limit
  • Added region constraint
  • Commented out capacity-provider-specific assertions (runtime SDK too old)

integ.function-capacity-provider-minimal.ts:

  • Same LogGroup race condition fix
  • Same outputPaths fix
  • Added region constraint
  • Commented out capacity-provider-specific assertions (runtime SDK too old)

integ.version-scaling-config-all-fields.ts:

  • Same LogGroup race condition fix
  • Changed version.functionArn to fn.functionName for listVersionsByFunction (API rejects version-qualified ARNs)
  • Added region constraint
  • Commented out FunctionScalingConfig assertions (runtime SDK too old)

integ.lambda-sourceKMSKeyArn.ts:

  • Removed hardcoded bucketName: 's3sourcekmskeyarnbucket' to avoid global name collisions

integ.assets.file.ts:

  • No code changes; recreated corrupt handler.zip (was truncated to 313 bytes)

integ.durable-config.ts:

  • No changes needed; passes as-is

Why assertions are commented out:
The integ-test assertion Lambda runs on nodejs22.x, which ships with AWS SDK 3.895.0. The Lambda capacity provider APIs (GetCapacityProviderCommand, CapacityProviderConfig in GetFunction, FunctionScalingConfig in listVersionsByFunction) were introduced in SDK 3.942.0. The runtime SDK strips these fields from responses. Assertions are preserved as commented code with TODO markers and can be uncommented when the runtime SDK is updated. See runtime SDK version docs.

Describe any new or updated permissions being added

No new permissions. The managed policy fix corrects AmazonLambdaCapacityProviderOperatorRolePolicy (non-existent) to AWSLambdaManagedEC2ResourceOperator (the actual AWS managed policy for Lambda capacity provider operator roles).

Description of how you validated changes

All 8 integration tests were deployed and validated via integ-runner with --update-on-failed across multiple parallel regions:

yarn integ \
  test/aws-lambda/test/integ.assets.file.js \
  test/aws-lambda/test/integ.capacity-provider-all-fields.js \
  test/aws-lambda/test/integ.capacity-provider-defaults.js \
  test/aws-lambda/test/integ.durable-config.js \
  test/aws-lambda/test/integ.function-capacity-provider-all-fields.js \
  test/aws-lambda/test/integ.function-capacity-provider-minimal.js \
  test/aws-lambda/test/integ.lambda-sourceKMSKeyArn.js \
  test/aws-lambda/test/integ.version-scaling-config-all-fields.js \
  --disable-update-workflow \
  --update-on-failed \
  --parallel-regions us-east-1 us-east-2 us-west-2 eu-west-1 eu-central-1 eu-north-1 ap-south-1 ap-southeast-1 ap-southeast-2 ap-northeast-1

All 8 tests pass. Snapshots updated via integ-runner only.

Checklist

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

@aws-cdk-automation aws-cdk-automation requested a review from a team February 10, 2026 22:24
@github-actions github-actions bot added the p2 label Feb 10, 2026
@mergify mergify bot added the contribution/core This is a PR that came from AWS. label Feb 10, 2026
@aemada-aws
fix(aws-lambda): remediate 8 integration tests
e1d0bd7 
Fix integration test failures for aws-lambda capacity provider,
durable config, sourceKMSKeyArn, version scaling, and assets tests.

Fixes include removing hardcoded physical names, correcting managed
policy references, adding region constraints for CapacityProvider
availability, fixing response size limits, resolving LogGroup race
conditions, and recreating a corrupt test asset.
@aemada-aws aemada-aws force-pushed the fix/lambda-integ-tests-remediation branch from a74f4dd to e1d0bd7 Compare February 10, 2026 22:25
aws-cdk-automation
aws-cdk-automation previously requested changes Feb 10, 2026
View reviewed changes
Copy link
Collaborator

@aws-cdk-automation aws-cdk-automation left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

(This review is outdated)

@aemada-aws aemada-aws changed the title fix(aws-lambda): remediate 8 integration tests chore(lambda): fix integration tests Feb 10, 2026
@github-actions
Copy link
Contributor

github-actions bot commented Feb 10, 2026
edited
Loading

⚠️ Experimental Feature: This security report is currently in experimental phase. Results may include false positives and the rules are being actively refined.
Please try merge from main to avoid findings unrelated to the PR.

TestsPassed ✅SkippedFailed
Security Guardian Results288 ran288 passed
TestResult
No test annotations available

@github-actions
Copy link
Contributor

github-actions bot commented Feb 10, 2026
edited
Loading

⚠️ Experimental Feature: This security report is currently in experimental phase. Results may include false positives and the rules are being actively refined.
Please try merge from main to avoid findings unrelated to the PR.

TestsPassed ✅SkippedFailed
Security Guardian Results with resolved templates288 ran288 passed
TestResult
No test annotations available

@aws-cdk-automation aws-cdk-automation dismissed their stale review February 10, 2026 22:26

✅ Updated pull request passes all PRLinter validations. Dismissing previous PRLinter review.

@aemada-aws aemada-aws marked this pull request as ready for review February 11, 2026 09:23
@aemada-aws aemada-aws added the pr/needs-integration-tests-deployment Requires the PR to deploy the integration test snapshots. label Feb 11, 2026
@aws-cdk-automation aws-cdk-automation added the pr/needs-maintainer-review This PR needs a review from a Core Team Member label Feb 11, 2026
@aws-cdk-automation aws-cdk-automation deployed to deployment-integ-test February 11, 2026 09:25 — with GitHub Actions Active
kumvprat
kumvprat reviewed Feb 11, 2026
View reviewed changes
.../@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.capacity-provider-all-fields.ts Outdated
},
}));
// TODO: Uncomment when the Lambda runtime SDK is updated to >= 3.942.0.
// The nodejs22.x Lambda runtime currently ships SDK 3.895.0, which does not
Copy link
Contributor

@kumvprat kumvprat Feb 11, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is it feasible to have the test setup work with node 20.x? Or are the assertion checks deployed on node 22.x and that is causing the limitations ?

I think if we dont want this code we can remove it completely as it's not useful to test that CFN template is passing the correct config to Lambda(outside of cdk scope)

Copy link
Contributor Author

@aemada-aws aemada-aws Feb 11, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The limitation is that the latest Node.js lambda (22) does not come the SDK with the new Lambda APIs. The integ test assertions lambda uses node js 22.

We can keep the assertions for future reference for when the SDK is updated.

...es/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.capacity-provider-defaults.ts Outdated
SecurityGroupIds: [securityGroup.securityGroupId],
},
}));
// TODO: Uncomment when the Lambda runtime SDK is updated to >= 3.942.0.
Copy link
Contributor

@kumvprat kumvprat Feb 11, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same comment as the above test case

...-testing/framework-integ/test/aws-lambda/test/integ.function-capacity-provider-all-fields.ts Outdated
getFunction.assertAtPath('Configuration.State', integ.ExpectedResult.stringLikeRegexp('Active'));

// TODO: Uncomment when the Lambda runtime SDK is updated to >= 3.942.0.
// The nodejs22.x Lambda runtime currently ships SDK 3.895.0, which strips
Copy link
Contributor

@kumvprat kumvprat Feb 11, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same comment as above test case

...cdk-testing/framework-integ/test/aws-lambda/test/integ.function-capacity-provider-minimal.ts Outdated
getFunction.assertAtPath('Configuration.State', integ.ExpectedResult.stringLikeRegexp('Active'));

// TODO: Uncomment when the Lambda runtime SDK is updated to >= 3.942.0.
// The nodejs22.x Lambda runtime currently ships SDK 3.895.0, which strips
Copy link
Contributor

@kumvprat kumvprat Feb 11, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same as above test case

...-cdk-testing/framework-integ/test/aws-lambda/test/integ.version-scaling-config-all-fields.ts

const version = fn.currentVersion;
// Access currentVersion to trigger Version resource creation with scaling config
fn.currentVersion;
Copy link
Contributor

@kumvprat kumvprat Feb 11, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why do we keep this line ?
If we are not assigning it or using it then we can totally remove it

Copy link
Contributor Author

@aemada-aws aemada-aws Feb 11, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It is a lazy initialiser, accessing it creates the version if none exist.

Copy link
Contributor

@kumvprat kumvprat Feb 11, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

But isn't there a better way to do this, like asserting on the version ?
There seems to be an older version to the sdk command : https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/lambda/command/ListVersionsByFunctionCommand/

Maybe we can use that in our assertions?

...-cdk-testing/framework-integ/test/aws-lambda/test/integ.version-scaling-config-all-fields.ts Outdated
],
}));
// TODO: Uncomment when the Lambda runtime SDK is updated to >= 3.942.0.
// The nodejs22.x Lambda runtime currently ships SDK 3.895.0, which does not
Copy link
Contributor

@kumvprat kumvprat Feb 11, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same comment as above test cases

@aemada-aws aemada-aws force-pushed the fix/lambda-integ-tests-remediation branch from b3ef1cc to 3c1dd06 Compare February 11, 2026 14:48
@aemada-aws aemada-aws force-pushed the fix/lambda-integ-tests-remediation branch from 3c1dd06 to 7102132 Compare February 11, 2026 14:56
@aemada-aws
chore(lambda): remove commented out assertions from integ tests
556b46a 
Remove commented assertions that were waiting for Lambda runtime SDK >= 3.942.0.
These assertions cannot be tested with the current nodejs22.x runtime (SDK 3.895.0)
and are not needed for the integration tests to pass.
@aemada-aws aemada-aws force-pushed the fix/lambda-integ-tests-remediation branch from 7102132 to 556b46a Compare February 11, 2026 15:03
@aemada-aws aemada-aws requested a deployment to deployment-integ-test February 11, 2026 15:04 — with GitHub Actions Queued
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kumvprat kumvprat kumvprat approved these changes

@aws-cdk-automation aws-cdk-automation aws-cdk-automation left review comments

Assignees

No one assigned

Labels

contribution/core This is a PR that came from AWS. p2 pr/needs-integration-tests-deployment Requires the PR to deploy the integration test snapshots. pr/needs-maintainer-review This PR needs a review from a Core Team Member

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@aemada-aws @aws-cdk-automation @kumvprat