fix(cli): conversion of "tags" filter for EC2 DescribeVpcs call (#3393)

RomainMuller · Elad Ben-Israel · commit cf2e3f678e3c · 2019-07-29T23:33:30.000+03:00
When in the `Filters` parameter of the `DescribeVpcs` call, the tags need to be encoded as `{ Name: "tag:<name>", Values: ["<value>"] }`, but the `tag:` prefix was not added by the preparation code. Fixes #3372
diff --git a/packages/@aws-cdk/aws-backup/.npmignore b/packages/@aws-cdk/aws-backup/.npmignore
@@ -16,4 +16,7 @@ dist
 .LAST_PACKAGE
 .jsii
 
-*.tsbuildinfo
+*.tsbuildinfo
+
+# Include .jsii
+!.jsii
diff --git a/packages/@aws-cdk/aws-ec2/lib/vpc.ts b/packages/@aws-cdk/aws-ec2/lib/vpc.ts
@@ -685,7 +685,7 @@ export class Vpc extends VpcBase {
    * Import an existing VPC from by querying the AWS environment this stack is deployed to.
    */
   public static fromLookup(scope: Construct, id: string, options: VpcLookupOptions): IVpc {
-    const filter: {[key: string]: string} = options.tags || {};
+    const filter: {[key: string]: string} = makeTagFilter(options.tags);
 
     // We give special treatment to some tags
     if (options.vpcId) { filter['vpc-id'] = options.vpcId; }
@@ -701,6 +701,17 @@ export class Vpc extends VpcBase {
     });
 
     return this.fromVpcAttributes(scope, id, attributes);
+
+    /**
+     * Prefixes all keys in the argument with `tag:`.`
+     */
+    function makeTagFilter(tags: { [name: string]: string } | undefined): { [name: string]: string } {
+      const result: { [name: string]: string } = {};
+      for (const [name, value] of Object.entries(tags || {})) {
+        result[`tag:${name}`] = value;
+      }
+      return result;
+    }
   }
 
   /**
diff --git a/packages/@aws-cdk/aws-medialive/.npmignore b/packages/@aws-cdk/aws-medialive/.npmignore
@@ -16,4 +16,7 @@ dist
 .LAST_PACKAGE
 .jsii
 
-*.tsbuildinfo
+*.tsbuildinfo
+
+# Include .jsii
+!.jsii
diff --git a/packages/@aws-cdk/aws-securityhub/.npmignore b/packages/@aws-cdk/aws-securityhub/.npmignore
@@ -16,4 +16,7 @@ dist
 .LAST_PACKAGE
 .jsii
 
-*.tsbuildinfo
+*.tsbuildinfo
+
+# Include .jsii
+!.jsii
diff --git a/packages/aws-cdk/lib/context-providers/vpcs.ts b/packages/aws-cdk/lib/context-providers/vpcs.ts
@@ -22,7 +22,7 @@ export class VpcNetworkContextProviderPlugin implements ContextProviderPlugin {
 
   private async findVpc(ec2: AWS.EC2, args: cxapi.VpcContextQuery): Promise<string> {
     // Build request filter (map { Name -> Value } to list of [{ Name, Values }])
-    const filters: AWS.EC2.Filter[] = Object.entries(args.filter).map(x => ({ Name: x[0], Values: [x[1]] }));
+    const filters: AWS.EC2.Filter[] = Object.entries(args.filter).map(([tag, value]) => ({ Name: tag, Values: [value] }));
 
     debug(`Listing VPCs in ${args.account}:${args.region}`);
     const response = await ec2.describeVpcs({ Filters: filters }).promise();
diff --git a/packages/aws-cdk/test/integ/cli/app/app.js b/packages/aws-cdk/test/integ/cli/app/app.js
@@ -1,5 +1,6 @@
 const path = require('path');
 const cdk = require('@aws-cdk/core');
+const ec2 = require('@aws-cdk/aws-ec2');
 const ssm = require('@aws-cdk/aws-ssm');
 const iam = require('@aws-cdk/aws-iam');
 const sns = require('@aws-cdk/aws-sns');
@@ -101,6 +102,28 @@ class DockerStack extends cdk.Stack {
   }
 }
 
+const VPC_TAG_NAME = 'custom-tag';
+const VPC_TAG_VALUE = 'bazinga!';
+
+class DefineVpcStack extends cdk.Stack {
+  constructor(parent, id, props) {
+    super(parent, id, props);
+
+    new ec2.Vpc(this, 'VPC', {
+      maxAzs: 1,
+    }).node.applyAspect(new cdk.Tag(VPC_TAG_NAME, VPC_TAG_VALUE));
+  }
+}
+
+class ImportVpcStack extends cdk.Stack {
+  constructor(parent, id, props) {
+    super(parent, id, props);
+
+    ec2.Vpc.fromLookup(this, 'DefaultVPC', { isDefault: true });
+    ec2.Vpc.fromLookup(this, 'ByTag', { tags: { [VPC_TAG_NAME]: VPC_TAG_VALUE } });
+  }
+}
+
 const stackPrefix = process.env.STACK_NAME_PREFIX || 'cdk-toolkit-integration';
 
 const app = new cdk.App();
@@ -123,4 +146,12 @@ new MissingSSMParameterStack(app, `${stackPrefix}-missing-ssm-parameter`, { env:
 new LambdaStack(app, `${stackPrefix}-lambda`);
 new DockerStack(app, `${stackPrefix}-docker`);
 
+if (process.env.ENABLE_VPC_TESTING) { // Gating so we don't do context fetching unless that's what we are here for
+  const env = { account: process.env.CDK_DEFAULT_ACCOUNT, region: process.env.CDK_DEFAULT_REGION };
+  if (process.env.ENABLE_VPC_TESTING === 'DEFINE')
+    new DefineVpcStack(app, `${stackPrefix}-define-vpc`, { env });
+  if (process.env.ENABLE_VPC_TESTING === 'IMPORT')
+  new ImportVpcStack(app, `${stackPrefix}-import-vpc`, { env });
+}
+
 app.synth();
diff --git a/packages/aws-cdk/test/integ/cli/common.bash b/packages/aws-cdk/test/integ/cli/common.bash
@@ -82,6 +82,7 @@ function setup() {
   install_dep @aws-cdk/aws-lambda
   install_dep @aws-cdk/aws-ssm
   install_dep @aws-cdk/aws-ecr-assets
+  install_dep @aws-cdk/aws-ec2
 
   echo "| setup complete at: $PWD"
   echo "| 'cdk' is: $(which cdk)"
diff --git a/packages/aws-cdk/test/integ/cli/test-vpc-lookup.sh b/packages/aws-cdk/test/integ/cli/test-vpc-lookup.sh
@@ -0,0 +1,21 @@
+#!/bin/bash
+set -euo pipefail
+scriptdir=$(cd $(dirname $0) && pwd)
+source ${scriptdir}/common.bash
+# ----------------------------------------------------------
+
+setup
+
+echo "Setting up: creating a VPC with known tags"
+ENABLE_VPC_TESTING="DEFINE" cdk deploy ${STACK_NAME_PREFIX}-define-vpc
+echo "Setup complete!"
+
+# verify we can synth the importing stack now
+echo "Verifying we can now import that VPC"
+ENABLE_VPC_TESTING="IMPORT" cdk synth -v ${STACK_NAME_PREFIX}-import-vpc
+
+# destroy
+echo "Cleaning up..."
+ENABLE_VPC_TESTING="DEFINE" cdk destroy -f ${STACK_NAME_PREFIX}-define-vpc
+
+echo "✅  success"
