ministackorg/ministack v1.3.12

on GitHub

What's Changed

New Contributors

• @david-hay made their first contribution in #436

[1.3.12] — 2026-04-24

Added

• CloudFront Functions API (stub) — CreateFunction, DescribeFunction, GetFunction, ListFunctions, PublishFunction, UpdateFunction, and DeleteFunction under /2020-05-31/function*, returning XML FunctionSummary / FunctionList plus ETag headers where the AWS SDK expects them, and raw function bytes on GetFunction. Covers Terraform aws_cloudfront_function (create + publish + read + delete) and attaching a function ARN to distribution cache behaviors. Limitations: in-memory only (same persistence bucket as other CloudFront state); no TestFunction; KeyValueStoreAssociations are not modeled (responses use empty associations); no execution of CloudFront Functions at the edge; DescribeFunction requires the Stage query parameter (DEVELOPMENT | LIVE), matching AWS; UpdateFunction invalidates the emulated LIVE revision until the next PublishFunction. Contributed by @david-hay.

Fixed

• EC2 AuthorizeSecurityGroupIngress failed on duplicate rules — ingress authorization returned InvalidPermission.Duplicate when Terraform re-submitted an unchanged rule, while egress already treated duplicates as a no-op. Ingress is now idempotent in the same way, so aws_security_group updates no longer fail on re-authorize. Contributed by @david-hay.
• IAM CreatePolicy Description field lost on warm boot — the field was silently dropped on create and never emitted by GetPolicy. Because description is ForceNew in the Terraform AWS provider, every aws_iam_policy with a description planned destroy-and-recreate on every warm boot, taking every attached aws_iam_role_policy_attachment with it. CreatePolicy now stores Description and the managed-policy XML emits <Description> when non-empty (omitted otherwise, matching real AWS). Reported by @whittin3.
• IAM GetUser omitted tags — _user_xml() never emitted a <Tags> block even though CreateUser/TagUser stored them correctly, so Terraform refresh saw tags_all = {} and replanned default_tags on every apply. _user_xml() now mirrors _role_xml()'s tag serialization. Reported by @whittin3.
• Lambda CreateAlias / UpdateAlias echoed phantom RoutingConfig — Terraform sends RoutingConfig: {"AdditionalVersionWeights": {}} even when no weighted routing is declared; the existing truthy guard stored the empty shape and GetAlias replayed it, so Terraform planned to remove the block on every apply. Routing config is now stored only when AdditionalVersionWeights is non-empty, matching real AWS's "omit when empty" response shape; clearing to empty via UpdateAlias explicitly removes the field. Reported by @whittin3.
• Lambda CreateEventSourceMapping silently dropped Tags — the request body's Tags parameter was never read, so ListTags returned {} for any ESM ARN and Terraform re-added tags on every apply. CreateEventSourceMapping now stores Tags, and ListTags / TagResource / UntagResource all route ESM ARNs (arn:aws:lambda:…:event-source-mapping:<uuid>) to the ESM record. Reported by @whittin3.
• API Gateway v2 contentHandlingStrategy not persisted — CreateIntegration accepted the field but never stored it, UpdateIntegration wasn't in the allowlist, and GetIntegration never echoed it. Terraform planned an in-place update adding the field back on every apply, and at runtime requests lost CONVERT_TO_TEXT / CONVERT_TO_BINARY payload translation. All three paths now honour the field. Reported by @whittin3.