bug: Credentials Field in Task State causing error during Deployment

[nickgonzfoxeng]

Is there an existing issue for this?

• I have searched the existing issues

Current Behavior

According the the current ASL Spec:

A Task State MAY include a "Credentials" field, whose value MUST be a JSON object whose value is defined by the interpreter. The States language does not constrain the value of the "Credentials" field. The interpreter will use the specified credentials to execute the work identified by the state's "Resource" field.

We are currently leveraging this field to pass in a Role Arn when one AWS::Serverless::StateMachine executes another. However, there's an error when trying to deploy this config using localstack:

An error occurred (InvalidDefinition) when calling the CreateStateMachine operation: ASLParserException ['line 14:8, at "Credentials", mismatched input \'"Credentials"\' expecting{\'"Comment"\', \'"Type"\', \'"Choices"\', \'"Default"\', \'"Branches"\',\'"SecondsPath"\', \'"Seconds"\', \'"TimestampPath"\', \'"Timestamp"\', \'"TimeoutSeconds"\', \'"TimeoutSecondsPath"\',\'"HeartbeatSeconds"\',\'"HeartbeatSecondsPath"\', \'"ItemProcessor"\', \'"Iterator"\',\'"ItemSelector"\', \'"MaxConcurrency"\',\'"Resource"\', \'"InputPath"\', \'"OutputPath"\', \'"ItemsPath"\',\'"ResultPath"\', \'"Result"\',\'"Parameters"\', \'"ResultSelector"\',\'"ItemReader"\', \'"Next"\', \'"End"\',\'"Cause"\', \'"Error"\', \'"Retry"\', \'"Catch"\'}', "line 17:15, at true, mismatched input 'true' expecting '{'"]

I'm not sure if this is a bug or it's a feature that's missing support, but deploying an ASL in this manner works perfectly fine. It's only when running locally with localstack that it presents an issue. Here are the example files I used to recreate the issue:

Expected Behavior

Localstack deploys the application normally.

How are you starting LocalStack?

With the localstack script

Steps To Reproduce

sam-template:

AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31
Description: An AWS Serverless Application that uses the AWS Step Functions State Machine resource

Resources:
  FirstStateMachine:
    Type: AWS::Serverless::StateMachine
    Properties:
      DefinitionUri: first_state_machine_definition.asl.json
    Tags:
      Application: !Ref AWS::StackName

  SecondStateMachine:
    Type: AWS::Serverless::StateMachine
    Properties:
      DefinitionUri: second_state_machine_definition.asl.json
    Tags:
      Application: !Ref AWS::StackName

first_state_machine_definition.asl.json:

{
    "Comment": "A State Machine that invokes another State Machine",
    "StartAt": "InvokeSecondStateMachine",
    "States": {
      "InvokeSecondStateMachine": {
        "Type": "Task",
        "Resource": "arn:aws:states:::states:startExecution.sync",
        "Parameters": {
          "StateMachineArn": "arn:aws:states:us-east-1:000000000000:stateMachine:SecondStateMachine",
          "Input": {
            "foo": "bar"
          }
        },
        "Credentials": {
          "RoleArn.$": "$.value.targetRoleArn"
      },
        "End": true
      }
    }
  }

second_state_machine_definition.asl.json:

{
    "Comment": "A simple Hello World State Machine",
    "StartAt": "HelloWorld",
    "States": {
      "HelloWorld": {
        "Type": "Pass",
        "End": true
      }
    }
}

Command used to start the localstack instance:

samlocal deploy --template-file sam-template-for-github.yml --stack-name github-example --region us-east-1 --resolve-s3

Environment

- OS: MacOS 13.6.4
- LocalStack:latest

Anything else?

No response

[localstack-bot]

Welcome to LocalStack! Thanks for reporting your first issue and our team will be working towards fixing the issue for you or reach out for more background information. We recommend joining our Slack Community for real-time help and drop a message to LocalStack Pro Support if you are a Pro user! If you are willing to contribute towards fixing this issue, please have a look at our contributing guidelines and our contributing guide.