fix(s3): enforce that fromBucketAttributes supplies a valid bucket name (#16915)

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

Author: berenddeboer

packages/@aws-cdk/aws-apigateway/test/domains.test.ts

@@ -388,7 +388,7 @@ describe('domains', () => {
 
   test('accepts a mutual TLS configuration', () => {
     const stack = new Stack();
-    const bucket = Bucket.fromBucketName(stack, 'testBucket', 'exampleBucket');
+    const bucket = Bucket.fromBucketName(stack, 'testBucket', 'example-bucket');
     new apigw.DomainName(stack, 'another-domain', {
       domainName: 'example.com',
       mtls: {
@@ -402,14 +402,14 @@ describe('domains', () => {
       'DomainName': 'example.com',
       'EndpointConfiguration': { 'Types': ['REGIONAL'] },
       'RegionalCertificateArn': 'arn:aws:acm:us-east-1:1111111:certificate/11-3336f1-44483d-adc7-9cd375c5169d',
-      'MutualTlsAuthentication': { 'TruststoreUri': 's3://exampleBucket/someca.pem' },
+      'MutualTlsAuthentication': { 'TruststoreUri': 's3://example-bucket/someca.pem' },
     });
 
   });
 
   test('mTLS should allow versions to be set on the s3 bucket', () => {
     const stack = new Stack();
-    const bucket = Bucket.fromBucketName(stack, 'testBucket', 'exampleBucket');
+    const bucket = Bucket.fromBucketName(stack, 'testBucket', 'example-bucket');
     new apigw.DomainName(stack, 'another-domain', {
       domainName: 'example.com',
       certificate: acm.Certificate.fromCertificateArn(stack, 'cert2', 'arn:aws:acm:us-east-1:1111111:certificate/11-3336f1-44483d-adc7-9cd375c5169d'),
@@ -423,7 +423,7 @@ describe('domains', () => {
       'DomainName': 'example.com',
       'EndpointConfiguration': { 'Types': ['REGIONAL'] },
       'RegionalCertificateArn': 'arn:aws:acm:us-east-1:1111111:certificate/11-3336f1-44483d-adc7-9cd375c5169d',
-      'MutualTlsAuthentication': { 'TruststoreUri': 's3://exampleBucket/someca.pem', 'TruststoreVersion': 'version' },
+      'MutualTlsAuthentication': { 'TruststoreUri': 's3://example-bucket/someca.pem', 'TruststoreVersion': 'version' },
     });
   });
 

packages/@aws-cdk/aws-cloudtrail/test/cloudtrail.test.ts

@@ -131,13 +131,13 @@ describe('cloudtrail', () => {
     test('with imported s3 bucket', () => {
       // GIVEN
       const stack = getTestStack();
-      const bucket = s3.Bucket.fromBucketName(stack, 'S3', 'SomeBucket');
+      const bucket = s3.Bucket.fromBucketName(stack, 'S3', 'somebucket');
 
       // WHEN
       new Trail(stack, 'Trail', { bucket });
 
       expect(stack).toHaveResource('AWS::CloudTrail::Trail', {
-        S3BucketName: 'SomeBucket',
+        S3BucketName: 'somebucket',
       });
     });
 

packages/@aws-cdk/aws-codebuild/test/project.test.ts

@@ -673,7 +673,7 @@ describe('Environment', () => {
   test('logs config - s3', () => {
     // GIVEN
     const stack = new cdk.Stack();
-    const bucket = s3.Bucket.fromBucketName(stack, 'LogBucket', 'MyBucketName');
+    const bucket = s3.Bucket.fromBucketName(stack, 'LogBucket', 'mybucketname');
 
     // WHEN
     new codebuild.Project(stack, 'Project', {
@@ -693,7 +693,7 @@ describe('Environment', () => {
     expect(stack).toHaveResourceLike('AWS::CodeBuild::Project', {
       LogsConfig: objectLike({
         S3Logs: {
-          Location: 'MyBucketName/my-logs',
+          Location: 'mybucketname/my-logs',
           Status: 'ENABLED',
         },
       }),
@@ -703,7 +703,7 @@ describe('Environment', () => {
   test('logs config - cloudWatch and s3', () => {
     // GIVEN
     const stack = new cdk.Stack();
-    const bucket = s3.Bucket.fromBucketName(stack, 'LogBucket2', 'MyBucketName');
+    const bucket = s3.Bucket.fromBucketName(stack, 'LogBucket2', 'mybucketname');
     const logGroup = logs.LogGroup.fromLogGroupName(stack, 'LogGroup2', 'MyLogGroupName');
 
     // WHEN
@@ -730,7 +730,7 @@ describe('Environment', () => {
           Status: 'ENABLED',
         },
         S3Logs: {
-          Location: 'MyBucketName',
+          Location: 'mybucketname',
           Status: 'ENABLED',
         },
       }),

packages/@aws-cdk/aws-ec2/test/cfn-init-element.test.ts

@@ -664,15 +664,15 @@ describe('InitSource', () => {
 
   test('fromS3Object uses object URL', () => {
     // GIVEN
-    const bucket = s3.Bucket.fromBucketName(stack, 'bucket', 'MyBucket');
+    const bucket = s3.Bucket.fromBucketName(stack, 'bucket', 'mybucket');
     const source = ec2.InitSource.fromS3Object('/tmp/foo', bucket, 'myKey');
 
     // WHEN
     const rendered = getElementConfig(source, InitPlatform.LINUX);
 
     // THEN
     expect(rendered).toEqual({
-      '/tmp/foo': expect.stringContaining('/MyBucket/myKey'),
+      '/tmp/foo': expect.stringContaining('/mybucket/myKey'),
     });
   });
 

packages/@aws-cdk/aws-ec2/test/cfn-init.test.ts

@@ -667,7 +667,7 @@ class SingletonLocationSythesizer extends DefaultStackSynthesizer {
   public addFileAsset(_asset: FileAssetSource): FileAssetLocation {
     const httpUrl = 'https://MyBucket.s3.amazonaws.com/MyAsset';
     return {
-      bucketName: 'MyAssetBucket',
+      bucketName: 'myassetbucket',
       objectKey: 'MyAssetFile',
       httpUrl,
       s3ObjectUrl: httpUrl,

packages/@aws-cdk/aws-glue/test/code.test.ts

@@ -17,7 +17,7 @@ describe('Code', () => {
     let bucket: s3.IBucket;
 
     test('with valid bucket name and key and bound by job sets the right path and grants the job permissions to read from it', () => {
-      bucket = s3.Bucket.fromBucketName(stack, 'Bucket', 'bucketName');
+      bucket = s3.Bucket.fromBucketName(stack, 'Bucket', 'bucketname');
       script = glue.Code.fromBucket(bucket, key);
       new glue.Job(stack, 'Job1', {
         executable: glue.JobExecutable.pythonShell({
@@ -29,7 +29,7 @@ describe('Code', () => {
 
       Template.fromStack(stack).hasResourceProperties('AWS::Glue::Job', {
         Command: {
-          ScriptLocation: 's3://bucketName/script',
+          ScriptLocation: 's3://bucketname/script',
         },
       });
 
@@ -53,7 +53,7 @@ describe('Code', () => {
                       {
                         Ref: 'AWS::Partition',
                       },
-                      ':s3:::bucketName',
+                      ':s3:::bucketname',
                     ],
                   ],
                 },
@@ -65,7 +65,7 @@ describe('Code', () => {
                       {
                         Ref: 'AWS::Partition',
                       },
-                      ':s3:::bucketName/script',
+                      ':s3:::bucketname/script',
                     ],
                   ],
                 },

packages/@aws-cdk/aws-glue/test/job-executable.test.ts

@@ -31,7 +31,7 @@ describe('JobExecutable', () => {
 
   beforeEach(() => {
     stack = new cdk.Stack();
-    bucket = s3.Bucket.fromBucketName(stack, 'Bucket', 'bucketName');
+    bucket = s3.Bucket.fromBucketName(stack, 'Bucket', 'bucketname');
     script = glue.Code.fromBucket(bucket, 'script.py');
   });
 

packages/@aws-cdk/aws-glue/test/job.test.ts

@@ -55,7 +55,7 @@ describe('Job', () => {
 
   describe('new', () => {
     const className = 'com.amazon.test.ClassName';
-    const codeBucketName = 'bucketName';
+    const codeBucketName = 'bucketname';
     const codeBucketAccessStatement = {
       Action: [
         's3:GetObject*',
@@ -166,7 +166,7 @@ describe('Job', () => {
         Template.fromStack(stack).hasResourceProperties('AWS::Glue::Job', {
           Command: {
             Name: 'glueetl',
-            ScriptLocation: 's3://bucketName/script',
+            ScriptLocation: 's3://bucketname/script',
           },
           Role: {
             'Fn::GetAtt': [
@@ -383,7 +383,7 @@ describe('Job', () => {
       });
 
       describe('with bucket provided', () => {
-        const sparkUIBucketName = 'sparkBucketName';
+        const sparkUIBucketName = 'sparkbucketname';
         let sparkUIBucket: s3.IBucket;
 
         beforeEach(() => {
@@ -420,7 +420,7 @@ describe('Job', () => {
                           {
                             Ref: 'AWS::Partition',
                           },
-                          ':s3:::sparkBucketName',
+                          ':s3:::sparkbucketname',
                         ],
                       ],
                     },
@@ -432,7 +432,7 @@ describe('Job', () => {
                           {
                             Ref: 'AWS::Partition',
                           },
-                          ':s3:::sparkBucketName/*',
+                          ':s3:::sparkbucketname/*',
                         ],
                       ],
                     },
@@ -460,7 +460,7 @@ describe('Job', () => {
       });
 
       describe('with bucket and path provided', () => {
-        const sparkUIBucketName = 'sparkBucketName';
+        const sparkUIBucketName = 'sparkbucketname';
         const prefix = 'some/path/';
         let sparkUIBucket: s3.IBucket;
 
@@ -516,7 +516,7 @@ describe('Job', () => {
         Template.fromStack(stack).hasResourceProperties('AWS::Glue::Job', {
           Command: {
             Name: 'glueetl',
-            ScriptLocation: 's3://bucketName/script',
+            ScriptLocation: 's3://bucketname/script',
           },
           Role: {
             'Fn::GetAtt': [
@@ -614,7 +614,7 @@ describe('Job', () => {
         GlueVersion: '2.0',
         Command: {
           Name: 'glueetl',
-          ScriptLocation: 's3://bucketName/script',
+          ScriptLocation: 's3://bucketname/script',
           PythonVersion: '3',
         },
         Role: {
@@ -625,9 +625,9 @@ describe('Job', () => {
         },
         DefaultArguments: {
           '--job-language': 'python',
-          '--extra-jars': 's3://bucketName/file1.jar,s3://bucketName/file2.jar',
-          '--extra-py-files': 's3://bucketName/file1.py,s3://bucketName/file2.py',
-          '--extra-files': 's3://bucketName/file1.txt,s3://bucketName/file2.txt',
+          '--extra-jars': 's3://bucketname/file1.jar,s3://bucketname/file2.jar',
+          '--extra-py-files': 's3://bucketname/file1.py,s3://bucketname/file2.py',
+          '--extra-files': 's3://bucketname/file1.txt,s3://bucketname/file2.txt',
           '--user-jars-first': 'true',
         },
       });
@@ -649,7 +649,7 @@ describe('Job', () => {
         GlueVersion: '2.0',
         Command: {
           Name: 'gluestreaming',
-          ScriptLocation: 's3://bucketName/script',
+          ScriptLocation: 's3://bucketname/script',
         },
         Role: {
           'Fn::GetAtt': [
@@ -660,8 +660,8 @@ describe('Job', () => {
         DefaultArguments: {
           '--job-language': 'scala',
           '--class': 'com.amazon.test.ClassName',
-          '--extra-jars': 's3://bucketName/file1.jar,s3://bucketName/file2.jar',
-          '--extra-files': 's3://bucketName/file1.txt,s3://bucketName/file2.txt',
+          '--extra-jars': 's3://bucketname/file1.jar,s3://bucketname/file2.jar',
+          '--extra-files': 's3://bucketname/file1.txt,s3://bucketname/file2.txt',
           '--user-jars-first': 'true',
         },
       });

packages/@aws-cdk/aws-s3-notifications/test/notifications.test.ts

@@ -336,7 +336,7 @@ describe('CloudWatch Events', () => {
   test('onCloudTrailPutObject contains the Bucket ARN itself when path is undefined', () => {
     const stack = new cdk.Stack();
     const bucket = s3.Bucket.fromBucketAttributes(stack, 'Bucket', {
-      bucketName: 'MyBucket',
+      bucketName: 'mybucket',
     });
     bucket.onCloudTrailPutObject('PutRule', {
       target: {
@@ -363,7 +363,7 @@ describe('CloudWatch Events', () => {
                     {
                       'Ref': 'AWS::Partition',
                     },
-                    ':s3:::MyBucket',
+                    ':s3:::mybucket',
                   ],
                 ],
               },
@@ -378,7 +378,7 @@ describe('CloudWatch Events', () => {
   test("onCloudTrailPutObject contains the path when it's provided", () => {
     const stack = new cdk.Stack();
     const bucket = s3.Bucket.fromBucketAttributes(stack, 'Bucket', {
-      bucketName: 'MyBucket',
+      bucketName: 'mybucket',
     });
     bucket.onCloudTrailPutObject('PutRule', {
       target: {
@@ -406,7 +406,7 @@ describe('CloudWatch Events', () => {
                     {
                       'Ref': 'AWS::Partition',
                     },
-                    ':s3:::MyBucket/my/path.zip',
+                    ':s3:::mybucket/my/path.zip',
                   ],
                 ],
               },
@@ -421,7 +421,7 @@ describe('CloudWatch Events', () => {
   test('onCloudTrailWriteObject matches on events CompleteMultipartUpload, CopyObject, and PutObject', () => {
     const stack = new cdk.Stack();
     const bucket = s3.Bucket.fromBucketAttributes(stack, 'Bucket', {
-      bucketName: 'MyBucket',
+      bucketName: 'mybucket',
     });
     bucket.onCloudTrailWriteObject('OnCloudTrailWriteObjectRule', {
       target: {
@@ -449,7 +449,7 @@ describe('CloudWatch Events', () => {
   test('onCloudTrailWriteObject matches on the requestParameter bucketName when the path is not provided', () => {
     const stack = new cdk.Stack();
     const bucket = s3.Bucket.fromBucketAttributes(stack, 'Bucket', {
-      bucketName: 'MyBucket',
+      bucketName: 'mybucket',
     });
     bucket.onCloudTrailWriteObject('OnCloudTrailWriteObjectRule', {
       target: {
@@ -476,7 +476,7 @@ describe('CloudWatch Events', () => {
   test('onCloudTrailWriteObject matches on the requestParameters bucketName and key when the path is provided', () => {
     const stack = new cdk.Stack();
     const bucket = s3.Bucket.fromBucketAttributes(stack, 'Bucket', {
-      bucketName: 'MyBucket',
+      bucketName: 'mybucket',
     });
     bucket.onCloudTrailWriteObject('OnCloudTrailWriteObjectRule', {
       target: {