From 4521ae3734f7e76c864d2b883fc290091b5fcf3d Mon Sep 17 00:00:00 2001
From: Jonathan Goldwasser <jogold@users.noreply.github.com>
Date: Mon, 15 Jun 2020 00:20:14 +0200
Subject: [PATCH] fix(core): asset staging custom hash generates invalid file
 names (#8521)

Hash the hash when using `AssetHashType.CUSTOM`.

This makes sure we can use this hash in a file/directory name. The
resulting hash will also have the same length as for other hash types.

Fixes #8513


----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
---
 packages/@aws-cdk/aws-s3-assets/lib/asset.ts   |  4 +++-
 .../aws-s3-deployment/lib/bucket-deployment.ts |  4 ++--
 ....bucket-deployment-cloudfront.expected.json | 18 +++++++++---------
 .../test/integ.bucket-deployment.expected.json | 18 +++++++++---------
 packages/@aws-cdk/core/lib/asset-staging.ts    |  5 ++++-
 packages/@aws-cdk/core/lib/assets.ts           |  4 +++-
 packages/@aws-cdk/core/test/test.staging.ts    |  2 +-
 7 files changed, 31 insertions(+), 24 deletions(-)

diff --git a/packages/@aws-cdk/aws-s3-assets/lib/asset.ts b/packages/@aws-cdk/aws-s3-assets/lib/asset.ts
index 5c3f0a514f07e..7a60aebbaf1f4 100644
--- a/packages/@aws-cdk/aws-s3-assets/lib/asset.ts
+++ b/packages/@aws-cdk/aws-s3-assets/lib/asset.ts
@@ -19,7 +19,9 @@ export interface AssetOptions extends assets.CopyOptions, cdk.AssetOptions {
   readonly readers?: iam.IGrantable[];
 
   /**
-   * Custom source hash to use when identifying the specific version of the asset.
+   * Custom hash to use when identifying the specific version of the asset. For consistency,
+   * this custom hash will be SHA256 hashed and encoded as hex. The resulting hash will be
+   * the asset hash.
    *
    * NOTE: the source hash is used in order to identify a specific revision of the asset,
    * and used for optimizing and caching deployment activities related to this asset such as
diff --git a/packages/@aws-cdk/aws-s3-deployment/lib/bucket-deployment.ts b/packages/@aws-cdk/aws-s3-deployment/lib/bucket-deployment.ts
index e8f4fda42651b..f989429b7552d 100644
--- a/packages/@aws-cdk/aws-s3-deployment/lib/bucket-deployment.ts
+++ b/packages/@aws-cdk/aws-s3-deployment/lib/bucket-deployment.ts
@@ -161,11 +161,11 @@ export class BucketDeployment extends cdk.Construct {
       throw new Error('Distribution must be specified if distribution paths are specified');
     }
 
-    const sourceHash = calcSourceHash(handlerSourceDirectory);
+    const assetHash = calcSourceHash(handlerSourceDirectory);
 
     const handler = new lambda.SingletonFunction(this, 'CustomResourceHandler', {
       uuid: this.renderSingletonUuid(props.memoryLimit),
-      code: lambda.Code.fromAsset(handlerCodeBundle, { sourceHash }),
+      code: lambda.Code.fromAsset(handlerCodeBundle, { assetHash }),
       runtime: lambda.Runtime.PYTHON_3_6,
       handler: 'index.handler',
       lambdaPurpose: 'Custom::CDKBucketDeployment',
diff --git a/packages/@aws-cdk/aws-s3-deployment/test/integ.bucket-deployment-cloudfront.expected.json b/packages/@aws-cdk/aws-s3-deployment/test/integ.bucket-deployment-cloudfront.expected.json
index cd76f93ae2e36..d0e61e14a23ae 100644
--- a/packages/@aws-cdk/aws-s3-deployment/test/integ.bucket-deployment-cloudfront.expected.json
+++ b/packages/@aws-cdk/aws-s3-deployment/test/integ.bucket-deployment-cloudfront.expected.json
@@ -248,7 +248,7 @@
       "Properties": {
         "Code": {
           "S3Bucket": {
-            "Ref": "AssetParametersa9125fa9a40550c71cde90bd478cc23091e868067a12380c1df0827d013ad2ffS3Bucket848A1F31"
+            "Ref": "AssetParameters85263806834b4abe18b7438876d0e408b131a41c86272285f069bb9fa96666f0S3Bucket88A20322"
           },
           "S3Key": {
             "Fn::Join": [
@@ -261,7 +261,7 @@
                       "Fn::Split": [
                         "||",
                         {
-                          "Ref": "AssetParametersa9125fa9a40550c71cde90bd478cc23091e868067a12380c1df0827d013ad2ffS3VersionKey983DBE96"
+                          "Ref": "AssetParameters85263806834b4abe18b7438876d0e408b131a41c86272285f069bb9fa96666f0S3VersionKey5726B1E8"
                         }
                       ]
                     }
@@ -274,7 +274,7 @@
                       "Fn::Split": [
                         "||",
                         {
-                          "Ref": "AssetParametersa9125fa9a40550c71cde90bd478cc23091e868067a12380c1df0827d013ad2ffS3VersionKey983DBE96"
+                          "Ref": "AssetParameters85263806834b4abe18b7438876d0e408b131a41c86272285f069bb9fa96666f0S3VersionKey5726B1E8"
                         }
                       ]
                     }
@@ -301,17 +301,17 @@
     }
   },
   "Parameters": {
-    "AssetParametersa9125fa9a40550c71cde90bd478cc23091e868067a12380c1df0827d013ad2ffS3Bucket848A1F31": {
+    "AssetParameters85263806834b4abe18b7438876d0e408b131a41c86272285f069bb9fa96666f0S3Bucket88A20322": {
       "Type": "String",
-      "Description": "S3 bucket for asset \"a9125fa9a40550c71cde90bd478cc23091e868067a12380c1df0827d013ad2ff\""
+      "Description": "S3 bucket for asset \"85263806834b4abe18b7438876d0e408b131a41c86272285f069bb9fa96666f0\""
     },
-    "AssetParametersa9125fa9a40550c71cde90bd478cc23091e868067a12380c1df0827d013ad2ffS3VersionKey983DBE96": {
+    "AssetParameters85263806834b4abe18b7438876d0e408b131a41c86272285f069bb9fa96666f0S3VersionKey5726B1E8": {
       "Type": "String",
-      "Description": "S3 key for asset version \"a9125fa9a40550c71cde90bd478cc23091e868067a12380c1df0827d013ad2ff\""
+      "Description": "S3 key for asset version \"85263806834b4abe18b7438876d0e408b131a41c86272285f069bb9fa96666f0\""
     },
-    "AssetParametersa9125fa9a40550c71cde90bd478cc23091e868067a12380c1df0827d013ad2ffArtifactHash08605F5E": {
+    "AssetParameters85263806834b4abe18b7438876d0e408b131a41c86272285f069bb9fa96666f0ArtifactHash877EFA91": {
       "Type": "String",
-      "Description": "Artifact hash for asset \"a9125fa9a40550c71cde90bd478cc23091e868067a12380c1df0827d013ad2ff\""
+      "Description": "Artifact hash for asset \"85263806834b4abe18b7438876d0e408b131a41c86272285f069bb9fa96666f0\""
     },
     "AssetParametersfc4481abf279255619ff7418faa5d24456fef3432ea0da59c95542578ff0222eS3Bucket9CD8B20A": {
       "Type": "String",
diff --git a/packages/@aws-cdk/aws-s3-deployment/test/integ.bucket-deployment.expected.json b/packages/@aws-cdk/aws-s3-deployment/test/integ.bucket-deployment.expected.json
index 628b948fbd440..e3308f63a431d 100644
--- a/packages/@aws-cdk/aws-s3-deployment/test/integ.bucket-deployment.expected.json
+++ b/packages/@aws-cdk/aws-s3-deployment/test/integ.bucket-deployment.expected.json
@@ -291,7 +291,7 @@
       "Properties": {
         "Code": {
           "S3Bucket": {
-            "Ref": "AssetParametersa9125fa9a40550c71cde90bd478cc23091e868067a12380c1df0827d013ad2ffS3Bucket848A1F31"
+            "Ref": "AssetParameters85263806834b4abe18b7438876d0e408b131a41c86272285f069bb9fa96666f0S3Bucket88A20322"
           },
           "S3Key": {
             "Fn::Join": [
@@ -304,7 +304,7 @@
                       "Fn::Split": [
                         "||",
                         {
-                          "Ref": "AssetParametersa9125fa9a40550c71cde90bd478cc23091e868067a12380c1df0827d013ad2ffS3VersionKey983DBE96"
+                          "Ref": "AssetParameters85263806834b4abe18b7438876d0e408b131a41c86272285f069bb9fa96666f0S3VersionKey5726B1E8"
                         }
                       ]
                     }
@@ -317,7 +317,7 @@
                       "Fn::Split": [
                         "||",
                         {
-                          "Ref": "AssetParametersa9125fa9a40550c71cde90bd478cc23091e868067a12380c1df0827d013ad2ffS3VersionKey983DBE96"
+                          "Ref": "AssetParameters85263806834b4abe18b7438876d0e408b131a41c86272285f069bb9fa96666f0S3VersionKey5726B1E8"
                         }
                       ]
                     }
@@ -478,17 +478,17 @@
     }
   },
   "Parameters": {
-    "AssetParametersa9125fa9a40550c71cde90bd478cc23091e868067a12380c1df0827d013ad2ffS3Bucket848A1F31": {
+    "AssetParameters85263806834b4abe18b7438876d0e408b131a41c86272285f069bb9fa96666f0S3Bucket88A20322": {
       "Type": "String",
-      "Description": "S3 bucket for asset \"a9125fa9a40550c71cde90bd478cc23091e868067a12380c1df0827d013ad2ff\""
+      "Description": "S3 bucket for asset \"85263806834b4abe18b7438876d0e408b131a41c86272285f069bb9fa96666f0\""
     },
-    "AssetParametersa9125fa9a40550c71cde90bd478cc23091e868067a12380c1df0827d013ad2ffS3VersionKey983DBE96": {
+    "AssetParameters85263806834b4abe18b7438876d0e408b131a41c86272285f069bb9fa96666f0S3VersionKey5726B1E8": {
       "Type": "String",
-      "Description": "S3 key for asset version \"a9125fa9a40550c71cde90bd478cc23091e868067a12380c1df0827d013ad2ff\""
+      "Description": "S3 key for asset version \"85263806834b4abe18b7438876d0e408b131a41c86272285f069bb9fa96666f0\""
     },
-    "AssetParametersa9125fa9a40550c71cde90bd478cc23091e868067a12380c1df0827d013ad2ffArtifactHash08605F5E": {
+    "AssetParameters85263806834b4abe18b7438876d0e408b131a41c86272285f069bb9fa96666f0ArtifactHash877EFA91": {
       "Type": "String",
-      "Description": "Artifact hash for asset \"a9125fa9a40550c71cde90bd478cc23091e868067a12380c1df0827d013ad2ff\""
+      "Description": "Artifact hash for asset \"85263806834b4abe18b7438876d0e408b131a41c86272285f069bb9fa96666f0\""
     },
     "AssetParametersfc4481abf279255619ff7418faa5d24456fef3432ea0da59c95542578ff0222eS3Bucket9CD8B20A": {
       "Type": "String",
diff --git a/packages/@aws-cdk/core/lib/asset-staging.ts b/packages/@aws-cdk/core/lib/asset-staging.ts
index 519844689177c..460d89d70133b 100644
--- a/packages/@aws-cdk/core/lib/asset-staging.ts
+++ b/packages/@aws-cdk/core/lib/asset-staging.ts
@@ -1,4 +1,5 @@
 import * as cxapi from '@aws-cdk/cx-api';
+import * as crypto from 'crypto';
 import * as fs from 'fs';
 import * as os from 'os';
 import * as path from 'path';
@@ -219,7 +220,9 @@ export class AssetStaging extends Construct {
         if (!props.assetHash) {
           throw new Error('`assetHash` must be specified when `assetHashType` is set to `AssetHashType.CUSTOM`.');
         }
-        return props.assetHash;
+        // Hash the hash to make sure we can use it in a file/directory name.
+        // The resulting hash will also have the same length as for the other hash types.
+        return crypto.createHash('sha256').update(props.assetHash).digest('hex');
       default:
         throw new Error('Unknown asset hash type.');
     }
diff --git a/packages/@aws-cdk/core/lib/assets.ts b/packages/@aws-cdk/core/lib/assets.ts
index bad303dbd8c31..19dfc0c89e89b 100644
--- a/packages/@aws-cdk/core/lib/assets.ts
+++ b/packages/@aws-cdk/core/lib/assets.ts
@@ -18,7 +18,9 @@ export interface IAsset {
 export interface AssetOptions {
   /**
    * Specify a custom hash for this asset. If `assetHashType` is set it must
-   * be set to `AssetHashType.CUSTOM`.
+   * be set to `AssetHashType.CUSTOM`. For consistency, this custom hash will
+   * be SHA256 hashed and encoded as hex. The resulting hash will be the asset
+   * hash.
    *
    * NOTE: the hash is used in order to identify a specific revision of the asset, and
    * used for optimizing and caching deployment activities related to this asset such as
diff --git a/packages/@aws-cdk/core/test/test.staging.ts b/packages/@aws-cdk/core/test/test.staging.ts
index 9bd123a50da0d..08e20fa0fbad0 100644
--- a/packages/@aws-cdk/core/test/test.staging.ts
+++ b/packages/@aws-cdk/core/test/test.staging.ts
@@ -192,7 +192,7 @@ export = {
 
     // THEN
     test.equal(fs.existsSync(STUB_INPUT_FILE), false);
-    test.equal(asset.assetHash, 'my-custom-hash');
+    test.equal(asset.assetHash, 'b9c77053f5b83bbe5ba343bc18e92db939a49017010813225fea91fa892c4823'); // hash of 'my-custom-hash'
 
     test.done();
   },