From 70ecaacba4361bd9a7f039ca2dadefd235b67219 Mon Sep 17 00:00:00 2001 From: Steve Hu Date: Fri, 20 Mar 2026 13:55:43 -0400 Subject: [PATCH 1/2] fixes #160 Add validation for roleArn to avoid NPE --- .../java/com/networknt/aws/lambda/LambdaInvokerConfig.java | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/lambda-invoker/src/main/java/com/networknt/aws/lambda/LambdaInvokerConfig.java b/lambda-invoker/src/main/java/com/networknt/aws/lambda/LambdaInvokerConfig.java index 00c0a6c..14d2e54 100644 --- a/lambda-invoker/src/main/java/com/networknt/aws/lambda/LambdaInvokerConfig.java +++ b/lambda-invoker/src/main/java/com/networknt/aws/lambda/LambdaInvokerConfig.java @@ -199,6 +199,7 @@ private LambdaInvokerConfig(String configName) { mappedConfig = Config.getInstance().getJsonMapConfig(configName); setConfigData(); setConfigMap(); + validate(); } public static LambdaInvokerConfig load() { @@ -453,4 +454,10 @@ private void setConfigMap() { functions = Collections.emptyMap(); } } + + private void validate() { + if (stsEnabled && (roleArn == null || roleArn.trim().isEmpty())) { + throw new ConfigException(ROLE_ARN + " must be configured when " + STS_ENABLED + " is true."); + } + } } From 8dc937e3d98084efe07e7c24a88c95544413a338 Mon Sep 17 00:00:00 2001 From: Copilot <198982749+Copilot@users.noreply.github.com> Date: Fri, 20 Mar 2026 19:50:32 -0400 Subject: [PATCH 2/2] Add unit tests for roleArn validation when stsEnabled is true (#162) * Initial plan * Add unit tests for roleArn validation when stsEnabled is true Co-authored-by: stevehu <2042337+stevehu@users.noreply.github.com> Agent-Logs-Url: https://github.com/networknt/light-aws-lambda/sessions/9112dc37-502e-4d9a-9701-cb1fa8121d5b --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: stevehu <2042337+stevehu@users.noreply.github.com> --- .../aws/lambda/LambdaInvokerConfigTest.java | 18 ++++++++++++++++++ .../config/lambda-invoker-sts-no-role.yml | 2 ++ .../config/lambda-invoker-sts-with-role.yml | 2 ++ 3 files changed, 22 insertions(+) create mode 100644 lambda-invoker/src/test/resources/config/lambda-invoker-sts-no-role.yml create mode 100644 lambda-invoker/src/test/resources/config/lambda-invoker-sts-with-role.yml diff --git a/lambda-invoker/src/test/java/com/networknt/aws/lambda/LambdaInvokerConfigTest.java b/lambda-invoker/src/test/java/com/networknt/aws/lambda/LambdaInvokerConfigTest.java index 9cf783d..7ca6e87 100644 --- a/lambda-invoker/src/test/java/com/networknt/aws/lambda/LambdaInvokerConfigTest.java +++ b/lambda-invoker/src/test/java/com/networknt/aws/lambda/LambdaInvokerConfigTest.java @@ -1,11 +1,16 @@ package com.networknt.aws.lambda; import com.networknt.config.Config; +import com.networknt.config.ConfigException; import com.networknt.config.JsonMapper; import org.junit.jupiter.api.Test; import java.util.Map; +import static org.junit.jupiter.api.Assertions.assertThrows; +import static org.junit.jupiter.api.Assertions.assertNotNull; +import static org.junit.jupiter.api.Assertions.assertEquals; + public class LambdaInvokerConfigTest { private static LambdaInvokerConfig config = (LambdaInvokerConfig) Config.getInstance().getJsonObjectConfig(LambdaInvokerConfig.CONFIG_NAME, LambdaInvokerConfig.class); @@ -14,4 +19,17 @@ public void testFunctionMapping() { Map functions = config.getFunctions(); System.out.println(JsonMapper.toJson(functions)); } + + @Test + public void testStsEnabledWithoutRoleArnThrowsConfigException() { + assertThrows(ConfigException.class, () -> LambdaInvokerConfig.load("lambda-invoker-sts-no-role"), + "ConfigException was not thrown despite stsEnabled=true with blank roleArn"); + } + + @Test + public void testStsEnabledWithRoleArnSucceeds() { + LambdaInvokerConfig stsConfig = LambdaInvokerConfig.load("lambda-invoker-sts-with-role"); + assertNotNull(stsConfig); + assertEquals("arn:aws:iam::123456789012:role/TestRole", stsConfig.getRoleArn()); + } } diff --git a/lambda-invoker/src/test/resources/config/lambda-invoker-sts-no-role.yml b/lambda-invoker/src/test/resources/config/lambda-invoker-sts-no-role.yml new file mode 100644 index 0000000..9841484 --- /dev/null +++ b/lambda-invoker/src/test/resources/config/lambda-invoker-sts-no-role.yml @@ -0,0 +1,2 @@ +stsEnabled: true +roleArn: diff --git a/lambda-invoker/src/test/resources/config/lambda-invoker-sts-with-role.yml b/lambda-invoker/src/test/resources/config/lambda-invoker-sts-with-role.yml new file mode 100644 index 0000000..7ddc658 --- /dev/null +++ b/lambda-invoker/src/test/resources/config/lambda-invoker-sts-with-role.yml @@ -0,0 +1,2 @@ +stsEnabled: true +roleArn: arn:aws:iam::123456789012:role/TestRole