Skip to content

Comments

chore(cloudformation-include): remove hardcoded S3 bucket names from integ test templates#37069

Open
aemada-aws wants to merge 1 commit intomainfrom
fix/cfn-include-integ-bucket-name-collisions
Open

chore(cloudformation-include): remove hardcoded S3 bucket names from integ test templates#37069
aemada-aws wants to merge 1 commit intomainfrom
fix/cfn-include-integ-bucket-name-collisions

Conversation

@aemada-aws
Copy link
Contributor

@aemada-aws aemada-aws commented Feb 24, 2026

Issue # (if applicable)

N/A

Reason for this change

Three cloudformation-include integration tests fail with S3 bucket name collision errors (AlreadyExists, HTTP 409) because their CloudFormation template files contain hardcoded S3 bucket names. Since S3 bucket names are globally unique, these tests cannot deploy reliably.

Failing tests:

  • integ.resource-tags-wtih-intrinsics — hardcoded BucketName: "cdk-integ-cfn-include-bucket2" in tags-with-intrinsics.json
  • integ.novalue-nonstring — hardcoded BucketName: "test-novalue-boolean-bucket" in novalue-boolean.json
  • integ.nested-stacks — hardcoded bucket name bucket-name-prefix-some-magic-bucket-name via Fn::Join in grandchild-import-stack.json

Original errors:

Resource handler returned message: "The requested bucket name is not available. The bucket namespace is shared by all users of the system. Please select a different name and try again. (Service: S3, Status Code: 409, HandlerErrorCode: AlreadyExists)

Description of changes

Removed hardcoded BucketName properties from the CloudFormation template JSON files used by these integration tests, allowing CloudFormation to auto-generate unique bucket names.

  • tags-with-intrinsics.json: Removed BucketName property. The test's purpose is to verify CfnInclude handles tags with intrinsic functions (Fn::If, Fn::Select, AWS::NoValue) — the bucket name is irrelevant to this.

  • novalue-boolean.json: Removed BucketName property. The test's purpose is to verify CfnInclude handles AWS::NoValue in place of a boolean (ObjectLockEnabled) — the bucket name is irrelevant to this.

  • grandchild-import-stack.json: Replaced BucketName (which used Fn::Join with Ref: MyBucketParameter) with a Tags property using the same Fn::Join + Ref pattern. This preserves the test's intent of verifying nested stack parameter passing through CfnInclude while avoiding the name collision.

No .ts integ test files were modified — only the JSON template files they reference.

Destructive changes: All three tests have WILL_REPLACE on their S3 bucket resources. This is expected and intentional — removing hardcoded bucket names requires bucket replacement.

Describe any new or updated permissions being added

N/A

Description of how you validated changes

All three tests deployed successfully:

yarn integ test/cloudformation-include/test/integ.resource-tags-wtih-intrinsics.js test/cloudformation-include/test/integ.novalue-nonstring.js test/cloudformation-include/test/integ.nested-stacks.js --disable-update-workflow --update-on-failed --force --parallel-regions us-east-1 --parallel-regions us-east-2 --parallel-regions us-west-1 --parallel-regions us-west-2 --parallel-regions eu-west-1 --parallel-regions eu-west-2 --parallel-regions eu-central-1 --parallel-regions ap-northeast-1 --parallel-regions ap-southeast-1 --parallel-regions sa-east-1 --verbose

Results:

SUCCESS    cloudformation-include/test/integ.resource-tags-wtih-intrinsics-ResourceTagIntrinsicStack/DefaultTest 40.904s
SUCCESS    cloudformation-include/test/integ.novalue-nonstring-CfnIncludeNoValueBooleanTest/DefaultTest 41.519s
SUCCESS    cloudformation-include/test/integ.nested-stacks-integ.nested-stacks 58.938s

Tests:    3 passed, 3 total

No skipped tests. No converted tests.

Checklist

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

@aemada-aws
fix(cloudformation-include): remove hardcoded S3 bucket names from in…
5354e4e 
…teg test templates

Three cloudformation-include integration tests fail with S3 bucket name
collision errors (AlreadyExists, HTTP 409) because their CloudFormation
template JSON files contain hardcoded S3 bucket names.

- tags-with-intrinsics.json: removed BucketName property (test verifies
  tag intrinsics, not bucket naming)
- novalue-boolean.json: removed BucketName property (test verifies
  AWS::NoValue handling, not bucket naming)
- grandchild-import-stack.json: replaced BucketName with Tags using the
  same Fn::Join + Ref pattern to preserve nested stack parameter passing
  test intent
@aws-cdk-automation aws-cdk-automation requested a review from a team February 24, 2026 15:49
@github-actions github-actions bot added the p2 label Feb 24, 2026
@mergify mergify bot added the contribution/core This is a PR that came from AWS. label Feb 24, 2026
@aemada-aws aemada-aws changed the title fix(cloudformation-include): remove hardcoded S3 bucket names from integ test templates chore(cloudformation-include): remove hardcoded S3 bucket names from integ test templates Feb 24, 2026
@aemada-aws aemada-aws added the pr/needs-integration-tests-deployment Requires the PR to deploy the integration test snapshots. label Feb 24, 2026
@aemada-aws aemada-aws marked this pull request as ready for review February 24, 2026 15:50
@aemada-aws aemada-aws temporarily deployed to deployment-integ-test February 24, 2026 15:50 — with GitHub Actions Inactive
@github-actions
Copy link
Contributor

github-actions bot commented Feb 24, 2026
edited
Loading

⚠️ Experimental Feature: This security report is currently in experimental phase. Results may include false positives and the rules are being actively refined.
Please try merge from main to avoid findings unrelated to the PR.

TestsPassed ✅SkippedFailed
Security Guardian Results96 ran96 passed
TestResult
No test annotations available

@github-actions
Copy link
Contributor

github-actions bot commented Feb 24, 2026
edited
Loading

⚠️ Experimental Feature: This security report is currently in experimental phase. Results may include false positives and the rules are being actively refined.
Please try merge from main to avoid findings unrelated to the PR.

TestsPassed ✅SkippedFailed
Security Guardian Results with resolved templates96 ran96 passed
TestResult
No test annotations available

@aws-cdk-automation aws-cdk-automation added the pr/needs-maintainer-review This PR needs a review from a Core Team Member label Feb 24, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

contribution/core This is a PR that came from AWS. p2 pr/needs-integration-tests-deployment Requires the PR to deploy the integration test snapshots. pr/needs-maintainer-review This PR needs a review from a Core Team Member

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@aemada-aws @aws-cdk-automation