fix: remove vm2 (#12989)

awsluja · web-flow · commit 7bc0b5654a58 · 2023-07-26T14:14:23.000-04:00
* fix: remove vm2

* ci: fix missing await

* ci: refactor

* chore: refactor initializer override, lint

* chore: cleanup, make async

* chore: update api docs
diff --git a/packages/amplify-category-auth/package.json b/packages/amplify-category-auth/package.json
@@ -49,8 +49,7 @@
     "mime-types": "^2.1.26",
     "ora": "^4.0.3",
     "promise-sequential": "^1.1.1",
-    "uuid": "^8.3.2",
-    "vm2": "^3.9.19"
+    "uuid": "^8.3.2"
   },
   "devDependencies": {
     "@aws-sdk/client-cognito-identity-provider": "^3.303.0",
diff --git a/packages/amplify-category-auth/src/provider-utils/awscloudformation/auth-stack-builder/auth-stack-transform.ts b/packages/amplify-category-auth/src/provider-utils/awscloudformation/auth-stack-builder/auth-stack-transform.ts
@@ -11,6 +11,7 @@ import {
   FeatureFlags,
   JSONUtilities,
   pathManager,
+  runOverride,
   stateManager,
   Template,
   writeCFNTemplate,
@@ -20,7 +21,6 @@ import * as cdk from 'aws-cdk-lib';
 import * as fs from 'fs-extra';
 import _ from 'lodash';
 import * as path from 'path';
-import * as vm from 'vm2';
 import { AuthInputState } from '../auth-inputs-manager/auth-input-state';
 import { CognitoCLIInputs } from '../service-walkthrough-types/awsCognito-user-input-types';
 import { AuthTriggerConnection, AuthTriggerPermissions, CognitoStackOptions } from '../service-walkthrough-types/cognito-user-input-types';
@@ -109,26 +109,9 @@ export class AmplifyAuthTransform extends AmplifyCategoryTransform {
     const overrideDir = path.join(backendDir, this._category, this.resourceName);
     const isBuild = await buildOverrideDir(backendDir, overrideDir);
     if (isBuild) {
-      const overrideCode: string = await fs.readFile(path.join(overrideDir, 'build', 'override.js'), 'utf-8').catch(() => {
-        formatter.list(['No override File Found', `To override ${this.resourceName} run amplify override auth`]);
-        return '';
-      });
-
-      const sandboxNode = new vm.NodeVM({
-        console: 'inherit',
-        timeout: 5000,
-        sandbox: {},
-        require: {
-          context: 'sandbox',
-          builtin: ['path'],
-          external: true,
-        },
-      });
       const projectInfo = getProjectInfo();
       try {
-        await sandboxNode
-          .run(overrideCode, path.join(overrideDir, 'build', 'override.js'))
-          .override(this._authTemplateObj as AmplifyAuthCognitoStack & AmplifyStackTemplate, projectInfo);
+        await runOverride(overrideDir, this._authTemplateObj, projectInfo);
       } catch (err) {
         throw new AmplifyError(
           'InvalidOverrideError',
diff --git a/packages/amplify-category-auth/src/provider-utils/awscloudformation/auth-stack-builder/user-pool-group-stack-transform.ts b/packages/amplify-category-auth/src/provider-utils/awscloudformation/auth-stack-builder/user-pool-group-stack-transform.ts
@@ -10,14 +10,14 @@ import {
   CFNTemplateFormat,
   JSONUtilities,
   pathManager,
+  runOverride,
   Template,
   writeCFNTemplate,
 } from '@aws-amplify/amplify-cli-core';
 import { formatter } from '@aws-amplify/amplify-prompts';
 import * as cdk from 'aws-cdk-lib';
 import * as fs from 'fs-extra';
 import * as path from 'path';
-import * as vm from 'vm2';
 import { AuthInputState } from '../auth-inputs-manager/auth-input-state';
 import { CognitoCLIInputs } from '../service-walkthrough-types/awsCognito-user-input-types';
 import { AmplifyUserPoolGroupStack, AmplifyUserPoolGroupStackOutputs } from './index';
@@ -186,20 +186,9 @@ export class AmplifyUserPoolGroupTransform extends AmplifyCategoryTransform {
     const overrideDir = path.join(backendDir, this._category, this._resourceName);
     const isBuild = await buildOverrideDir(backendDir, overrideDir);
     if (isBuild) {
-      const overrideCode: string = await fs.readFile(path.join(overrideDir, 'build', 'override.js'), 'utf-8').catch(() => {
-        formatter.list(['No override File Found', `To override ${this._resourceName} run amplify override auth`]);
-        return '';
-      });
-      const sandboxNode = new vm.NodeVM({
-        console: 'inherit',
-        timeout: 5000,
-        sandbox: {},
-      });
       const projectInfo = getProjectInfo();
       try {
-        await sandboxNode
-          .run(overrideCode)
-          .override(this._userPoolGroupTemplateObj as AmplifyUserPoolGroupStack & AmplifyStackTemplate, projectInfo);
+        await runOverride(overrideDir, this._userPoolGroupTemplateObj, projectInfo);
       } catch (err: $TSAny) {
         throw new AmplifyError(
           'InvalidOverrideError',
diff --git a/packages/amplify-category-storage/package.json b/packages/amplify-category-storage/package.json
@@ -42,8 +42,7 @@
     "fs-extra": "^8.1.0",
     "lodash": "^4.17.21",
     "promise-sequential": "^1.1.1",
-    "uuid": "^8.3.2",
-    "vm2": "^3.9.19"
+    "uuid": "^8.3.2"
   },
   "devDependencies": {
     "cloudform-types": "^4.2.0",
diff --git a/packages/amplify-category-storage/src/provider-utils/awscloudformation/cdk-stack-builder/ddb-stack-transform.ts b/packages/amplify-category-storage/src/provider-utils/awscloudformation/cdk-stack-builder/ddb-stack-transform.ts
@@ -1,10 +1,9 @@
 import { AmplifyDDBResourceTemplate, getProjectInfo } from '@aws-amplify/cli-extensibility-helper';
-import { $TSContext, AmplifyError, buildOverrideDir, JSONUtilities, pathManager } from '@aws-amplify/amplify-cli-core';
+import { $TSContext, AmplifyError, buildOverrideDir, JSONUtilities, pathManager, runOverride } from '@aws-amplify/amplify-cli-core';
 import { formatter } from '@aws-amplify/amplify-prompts';
 import * as cdk from 'aws-cdk-lib';
 import * as fs from 'fs-extra';
 import * as path from 'path';
-import * as vm from 'vm2';
 import { getDdbAttrType } from '../cfn-template-utils';
 import { DynamoDBCLIInputs } from '../service-walkthrough-types/dynamoDB-user-input-types';
 import { DynamoDBInputState } from '../service-walkthroughs/dynamoDB-input-state';
@@ -188,48 +187,22 @@ export class DDBStackTransform {
   async applyOverrides(): Promise<void> {
     const backendDir = pathManager.getBackendDirPath();
     const resourceDirPath = pathManager.getResourceDirectoryPath(undefined, 'storage', this._resourceName);
-    const overrideJSFilePath = path.resolve(path.join(resourceDirPath, 'build', 'override.js'));
-
     const isBuild = await buildOverrideDir(backendDir, resourceDirPath);
     // skip if packageManager or override.ts not found
     if (isBuild) {
-      const { override } = await import(overrideJSFilePath).catch(() => {
-        formatter.list(['No override File Found', `To override ${this._resourceName} run amplify override auth ${this._resourceName} `]);
-        return undefined;
-      });
-
-      if (typeof override === 'function' && override) {
-        const overrideCode: string = await fs.readFile(overrideJSFilePath, 'utf-8').catch(() => {
-          formatter.list(['No override File Found', `To override ${this._resourceName} run amplify override auth`]);
-          return '';
-        });
-
-        const sandboxNode = new vm.NodeVM({
-          console: 'inherit',
-          timeout: 5000,
-          sandbox: {},
-          require: {
-            context: 'sandbox',
-            builtin: ['path'],
-            external: true,
+      const projectInfo = getProjectInfo();
+      try {
+        await runOverride(resourceDirPath, this._resourceTemplateObj, projectInfo);
+      } catch (err) {
+        throw new AmplifyError(
+          'InvalidOverrideError',
+          {
+            message: `Executing overrides failed.`,
+            details: err.message,
+            resolution: 'There may be runtime errors in your overrides file. If so, fix the errors and try again.',
           },
-        });
-        const projectInfo = getProjectInfo();
-        try {
-          await sandboxNode
-            .run(overrideCode, overrideJSFilePath)
-            .override(this._resourceTemplateObj as AmplifyDDBResourceTemplate, projectInfo);
-        } catch (err) {
-          throw new AmplifyError(
-            'InvalidOverrideError',
-            {
-              message: `Executing overrides failed.`,
-              details: err.message,
-              resolution: 'There may be runtime errors in your overrides file. If so, fix the errors and try again.',
-            },
-            err,
-          );
-        }
+          err,
+        );
       }
     }
   }
diff --git a/packages/amplify-category-storage/src/provider-utils/awscloudformation/cdk-stack-builder/s3-stack-transform.ts b/packages/amplify-category-storage/src/provider-utils/awscloudformation/cdk-stack-builder/s3-stack-transform.ts
@@ -10,11 +10,11 @@ import {
   IAmplifyResource,
   JSONUtilities,
   pathManager,
+  runOverride,
 } from '@aws-amplify/amplify-cli-core';
 import { formatter } from '@aws-amplify/amplify-prompts';
 import * as fs from 'fs-extra';
 import * as path from 'path';
-import * as vm from 'vm2';
 import { S3PermissionType, S3UserInputs } from '../service-walkthrough-types/s3-user-input-types';
 // eslint-disable-next-line import/no-cycle
 import { canResourceBeTransformed, S3CFNDependsOn, S3CFNPermissionType, S3InputState } from '../service-walkthroughs/s3-user-input-state';
@@ -195,49 +195,23 @@ export class AmplifyS3ResourceStackTransform {
    */
   applyOverrides = async (): Promise<void> => {
     const backendDir = pathManager.getBackendDirPath();
-    const resourceDirPath = pathManager.getResourceDirectoryPath(undefined, AmplifyCategories.STORAGE, this.resourceName);
-    const overrideJSFilePath = path.resolve(path.join(resourceDirPath, 'build', 'override.js'));
-
-    const isBuild = await buildOverrideDir(backendDir, resourceDirPath);
+    const overrideDir = pathManager.getResourceDirectoryPath(undefined, AmplifyCategories.STORAGE, this.resourceName);
+    const isBuild = await buildOverrideDir(backendDir, overrideDir);
     // Skip if packageManager or override.ts not found
     if (isBuild) {
-      const { override } = await import(overrideJSFilePath).catch(() => {
-        formatter.list(['No override File Found', `To override ${this.resourceName} run amplify override auth ${this.resourceName} `]);
-        return undefined;
-      });
-      // Pass stack object
-      if (override && typeof override === 'function') {
-        const overrideCode: string = await fs.readFile(overrideJSFilePath, 'utf-8').catch(() => {
-          formatter.list(['No override File Found', `To override ${this.resourceName} run amplify override auth`]);
-          return '';
-        });
-
-        const sandboxNode = new vm.NodeVM({
-          console: 'inherit',
-          timeout: 5000,
-          sandbox: {},
-          require: {
-            context: 'sandbox',
-            builtin: ['path'],
-            external: true,
+      const projectInfo = getProjectInfo();
+      try {
+        await runOverride(overrideDir, this.resourceTemplateObj, projectInfo);
+      } catch (err: $TSAny) {
+        throw new AmplifyError(
+          'InvalidOverrideError',
+          {
+            message: `Executing overrides failed.`,
+            details: err.message,
+            resolution: 'There may be runtime errors in your overrides file. If so, fix the errors and try again.',
           },
-        });
-        try {
-          const projectInfo = getProjectInfo();
-          await sandboxNode
-            .run(overrideCode, overrideJSFilePath)
-            .override(this.resourceTemplateObj as AmplifyS3ResourceTemplate, projectInfo);
-        } catch (err: $TSAny) {
-          throw new AmplifyError(
-            'InvalidOverrideError',
-            {
-              message: `Executing overrides failed.`,
-              details: err.message,
-              resolution: 'There may be runtime errors in your overrides file. If so, fix the errors and try again.',
-            },
-            err,
-          );
-        }
+          err,
+        );
       }
     }
   };
diff --git a/packages/amplify-cli-core/API.md b/packages/amplify-cli-core/API.md
@@ -1919,6 +1919,9 @@ export interface ResourceTuple {
 // @public (undocumented)
 export function runHelp(context: $TSContext, commandsInfo: Array<CommandInfo>): void;
 
+// @public (undocumented)
+export const runOverride: (overrideDir: string, templateObject: $TSAny, projectInfo: $TSAny) => Promise<void>;
+
 // @public (undocumented)
 export type Runtime = {
     plugins: Plugin_2[];
diff --git a/packages/amplify-cli-core/src/overrides-manager/index.ts b/packages/amplify-cli-core/src/overrides-manager/index.ts
@@ -1,2 +1,3 @@
 export * from './migration-message';
 export * from './override-skeleton-generator';
+export * from './override-runner';
diff --git a/packages/amplify-cli-core/src/overrides-manager/override-runner.ts b/packages/amplify-cli-core/src/overrides-manager/override-runner.ts
@@ -0,0 +1,15 @@
+import { $TSAny } from '../index';
+import * as path from 'path';
+
+export const runOverride = async (overrideDir: string, templateObject: $TSAny, projectInfo: $TSAny): Promise<void> => {
+  const overrideJSFilePath = path.join(overrideDir, 'build', 'override.js');
+  // before importing the override file, we should clear the require cache to avoid
+  // importing an outdated version of the override file
+  // see: https://github.com/nodejs/modules/issues/307
+  // and https://stackoverflow.com/questions/9210542/node-js-require-cache-possible-to-invalidate
+  delete require.cache[require.resolve(overrideJSFilePath)];
+  const overrideImport = require(overrideJSFilePath);
+  if (overrideImport && overrideImport?.override && typeof overrideImport?.override === 'function') {
+    await overrideImport.override(templateObject, projectInfo);
+  }
+};
diff --git a/packages/amplify-e2e-tests/src/__tests__/delete.test.ts b/packages/amplify-e2e-tests/src/__tests__/delete.test.ts
@@ -123,8 +123,8 @@ async function testDeletion(projRoot: string, settings: { ios?: boolean; android
   if (meta.AmplifyAppId) expect(await appExists(meta.AmplifyAppId, meta.Region)).toBe(false);
   expect(await bucketNotExists(deploymentBucketName1)).toBe(true);
   expect(await bucketNotExists(deploymentBucketName2)).toBe(true);
-  expect(AuthRoleName).not.toBeIAMRoleWithArn(AuthRoleName);
-  expect(UnauthRoleName).not.toBeIAMRoleWithArn(UnauthRoleName);
+  await expect(AuthRoleName).not.toBeIAMRoleWithArn(AuthRoleName);
+  await expect(UnauthRoleName).not.toBeIAMRoleWithArn(UnauthRoleName);
   // check that config/exports file was deleted
   if (settings.ios) {
     expect(fs.existsSync(getAWSConfigIOSPath(projRoot))).toBe(false);
diff --git a/packages/amplify-e2e-tests/src/__tests__/init-special-case.test.ts b/packages/amplify-e2e-tests/src/__tests__/init-special-case.test.ts
@@ -33,9 +33,9 @@ describe('amplify init', () => {
     const meta = getBackendAmplifyMeta(projectRoot).providers.awscloudformation;
     expect(meta.Region).toBeDefined();
     const { AuthRoleName, UnauthRoleName, UnauthRoleArn, AuthRoleArn, DeploymentBucketName } = meta;
-    expect(UnauthRoleName).toBeIAMRoleWithArn(UnauthRoleArn);
-    expect(AuthRoleName).toBeIAMRoleWithArn(AuthRoleArn);
-    expect(DeploymentBucketName).toBeAS3Bucket(DeploymentBucketName);
+    await expect(UnauthRoleName).toBeIAMRoleWithArn(UnauthRoleArn);
+    await expect(AuthRoleName).toBeIAMRoleWithArn(AuthRoleArn);
+    await expect(DeploymentBucketName).toBeAS3Bucket(DeploymentBucketName);
   });
 
   it('test init on a git pulled project', async () => {
diff --git a/packages/amplify-e2e-tests/src/__tests__/init_b.test.ts b/packages/amplify-e2e-tests/src/__tests__/init_b.test.ts
@@ -27,9 +27,9 @@ describe('amplify init b', () => {
     expect(meta.Region).toBeDefined();
     const { AuthRoleName, UnauthRoleName, UnauthRoleArn, AuthRoleArn, DeploymentBucketName } = meta;
 
-    expect(UnauthRoleName).toBeIAMRoleWithArn(UnauthRoleArn);
-    expect(AuthRoleName).toBeIAMRoleWithArn(AuthRoleArn);
-    expect(DeploymentBucketName).toBeAS3Bucket(DeploymentBucketName);
+    await expect(UnauthRoleName).toBeIAMRoleWithArn(UnauthRoleArn);
+    await expect(AuthRoleName).toBeIAMRoleWithArn(AuthRoleArn);
+    await expect(DeploymentBucketName).toBeAS3Bucket(DeploymentBucketName);
 
     // init new env
     await initNewEnvWithProfile(projRoot, { envName: 'foo' });
@@ -49,8 +49,8 @@ describe('amplify init b', () => {
     expect(AuthRoleArn).not.toEqual(newEnvAuthRoleArn);
     expect(DeploymentBucketName).not.toEqual(newEnvDeploymentBucketName);
 
-    expect(newEnvUnAuthRoleName).toBeIAMRoleWithArn(newEnvUnauthRoleArn);
-    expect(newEnvAuthRoleName).toBeIAMRoleWithArn(newEnvAuthRoleArn);
-    expect(newEnvDeploymentBucketName).toBeAS3Bucket(DeploymentBucketName);
+    await expect(newEnvUnAuthRoleName).toBeIAMRoleWithArn(newEnvUnauthRoleArn);
+    await expect(newEnvAuthRoleName).toBeIAMRoleWithArn(newEnvAuthRoleArn);
+    await expect(newEnvDeploymentBucketName).toBeAS3Bucket(DeploymentBucketName);
   });
 });
diff --git a/packages/amplify-e2e-tests/src/__tests__/init_c.test.ts b/packages/amplify-e2e-tests/src/__tests__/init_c.test.ts
@@ -36,9 +36,9 @@ describe('amplify init c', () => {
     expect(meta.Region).toBeDefined();
     const { AuthRoleName, UnauthRoleName, UnauthRoleArn, AuthRoleArn, DeploymentBucketName } = meta;
 
-    expect(UnauthRoleName).toBeIAMRoleWithArn(UnauthRoleArn);
-    expect(AuthRoleName).toBeIAMRoleWithArn(AuthRoleArn);
-    expect(DeploymentBucketName).toBeAS3Bucket(DeploymentBucketName);
+    await expect(UnauthRoleName).toBeIAMRoleWithArn(UnauthRoleArn);
+    await expect(AuthRoleName).toBeIAMRoleWithArn(AuthRoleArn);
+    await expect(DeploymentBucketName).toBeAS3Bucket(DeploymentBucketName);
 
     // init new env
     await initNewEnvWithAccessKey(projRoot, {
@@ -62,8 +62,8 @@ describe('amplify init c', () => {
     expect(AuthRoleArn).not.toEqual(newEnvAuthRoleArn);
     expect(DeploymentBucketName).not.toEqual(newEnvDeploymentBucketName);
 
-    expect(newEnvUnAuthRoleName).toBeIAMRoleWithArn(newEnvUnauthRoleArn);
-    expect(newEnvAuthRoleName).toBeIAMRoleWithArn(newEnvAuthRoleArn);
-    expect(newEnvDeploymentBucketName).toBeAS3Bucket(DeploymentBucketName);
+    await expect(newEnvUnAuthRoleName).toBeIAMRoleWithArn(newEnvUnauthRoleArn);
+    await expect(newEnvAuthRoleName).toBeIAMRoleWithArn(newEnvAuthRoleArn);
+    await expect(newEnvDeploymentBucketName).toBeAS3Bucket(DeploymentBucketName);
   });
 });
diff --git a/packages/amplify-e2e-tests/src/__tests__/init_e.test.ts b/packages/amplify-e2e-tests/src/__tests__/init_e.test.ts
@@ -40,9 +40,9 @@ describe('amplify init e', () => {
     expect(meta.Region).toBeDefined();
     const { AuthRoleName, UnauthRoleName, UnauthRoleArn, AuthRoleArn, DeploymentBucketName } = meta;
 
-    expect(UnauthRoleName).toBeIAMRoleWithArn(UnauthRoleArn);
-    expect(AuthRoleName).toBeIAMRoleWithArn(AuthRoleArn);
-    expect(DeploymentBucketName).toBeAS3Bucket(DeploymentBucketName);
+    await expect(UnauthRoleName).toBeIAMRoleWithArn(UnauthRoleArn);
+    await expect(AuthRoleName).toBeIAMRoleWithArn(AuthRoleArn);
+    await expect(DeploymentBucketName).toBeAS3Bucket(DeploymentBucketName);
 
     // override new env
     await amplifyOverrideRoot(projRoot, { testingWithLatestCodebase: false });
diff --git a/packages/amplify-provider-awscloudformation/package.json b/packages/amplify-provider-awscloudformation/package.json
@@ -68,7 +68,6 @@
     "promise-sequential": "^1.1.1",
     "proxy-agent": "^5.0.0",
     "rimraf": "^3.0.0",
-    "vm2": "^3.9.19",
     "xstate": "^4.14.0"
   },
   "devDependencies": {
diff --git a/packages/amplify-provider-awscloudformation/src/initializer.ts b/packages/amplify-provider-awscloudformation/src/initializer.ts
diff --git a/packages/amplify-provider-awscloudformation/src/root-stack-builder/root-stack-transform.ts b/packages/amplify-provider-awscloudformation/src/root-stack-builder/root-stack-transform.ts
diff --git a/yarn.lock b/yarn.lock

Original file line number	Diff line number	Diff line change
`@@ -1,2 +1,3 @@`
`1`	`1`	`export * from './migration-message';`
`2`	`2`	`export * from './override-skeleton-generator';`
	`3`	`+export * from './override-runner';`