MaintenanceWindowLambdaParameters Payload incorrect validation.

[blade2005]

Per the documents here https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ssm-maintenancewindowtask-maintenancewindowlambdaparameters.html#cfn-ssm-maintenancewindowtask-maintenancewindowlambdaparameters-payload

"Although Type is listed as "String" for this property, the payload content must be formatted as a Base64-encoded binary data object."

https://github.com/cloudtools/troposphere/blob/main/troposphere/ssm.py#L194 validates that it's proper JSON but the expected value should be base64 encoded JSON string.

[markpeek]

Interesting. Thanks for highlighting this issue. One solution would be using Fn::Base64 although that would likely break for encoded strings larger than 4096. Perhaps a validator like this? (untested)

def validate_json_base64(payload):
    """
    Property: MaintenanceWindowLambdaParameters.Payload
    """
    import base64
    import json
    from .. import AWSHelperFn

    if isinstance(payload, AWSHelperFn):
        return payload
    elif isinstance(payload, str):
        # Verify it is a valid json string
        payload = json.loads(payload)
    elif isinstance(payload, dict):
        # Convert the dict to a basestring
        payload = json.dumps(payload)
    else:
        raise TypeError("json object must be a str or dict")

    # base64 encode and check length
    payload = base64.b64encode(bytes(payload, 'utf-8')).decode()
    if len(payload) > 4096:
        raise ValueError("payload is greater than 4096 (base64 encoded)")

    return payload

[markpeek]

@blade2005 have you had a chance to review or try the above?

[blade2005]

@markpeek somehow I missed this notification. The code looks like it would work. I've not tried it. I'm no longer working on that project anymore.

I'm not sure if the 4096 constraint is on base64 encoded data or the decoded format.