Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add validation for a cross-account CodeBuild CodePipeline action with outputs #4032

Closed
skinny85 opened this issue Sep 11, 2019 · 0 comments · Fixed by #4171
Closed

Add validation for a cross-account CodeBuild CodePipeline action with outputs #4032

skinny85 opened this issue Sep 11, 2019 · 0 comments · Fixed by #4171
Assignees
@skinny85
Labels
@aws-cdk/aws-codebuild Related to AWS CodeBuild @aws-cdk/aws-codepipeline Related to AWS CodePipeline

Comments

@skinny85
Copy link
Contributor

A CodeBuild action that has outputs cannot be cross-account - it will fail at CodePipeline runtime.

  • Add validation that fails if a customer tries to create a cross-account CodeBuild action with outputs
  • Create an issue in our backlog that points to the CodeBuild troubleshooting guide, and add a link to this issue to the validation message created above
  • Consider adding a property like skipCrossAccountOutputsValidation: boolean (default: false) that allows a customer to get rid of this validation once CodeBuild fixes the issue without having to update their CDK version. Later we can deprecate that field, remove the validation and never use the property anymore
@skinny85 skinny85 added @aws-cdk/aws-codepipeline Related to AWS CodePipeline @aws-cdk/aws-codebuild Related to AWS CodeBuild labels Sep 11, 2019
@skinny85 skinny85 self-assigned this Sep 11, 2019
skinny85 added a commit to skinny85/aws-cdk that referenced this issue Sep 20, 2019
@skinny85
fix(codebuild): validate if a CodePipeline action that is cross-accou…
358a00a 
…nt does not have outputs

Fixes aws#4032
@skinny85 skinny85 mentioned this issue Sep 20, 2019
Merged
skinny85 added a commit to skinny85/aws-cdk that referenced this issue Sep 20, 2019
@skinny85
fix(codebuild): validate if a CodePipeline action that is cross-accou…
93a09af 
…nt does not have outputs

Fixes aws#4032
skinny85 added a commit to skinny85/aws-cdk that referenced this issue Sep 20, 2019
@skinny85
fix(codebuild): validate if a CodePipeline action that is cross-accou…
1f7f76e 
…nt does not have outputs

Fixes aws#4032
skinny85 added a commit to skinny85/aws-cdk that referenced this issue Sep 24, 2019
@skinny85
fix(codebuild): validate if a CodePipeline action that is cross-accou…
f21f3bb 
…nt does not have outputs

Fixes aws#4032
skinny85 added a commit to skinny85/aws-cdk that referenced this issue Oct 2, 2019
@skinny85
fix(codebuild): validate if a CodePipeline action that is cross-accou…
ff82220 
…nt does not have outputs

Fixes aws#4032
skinny85 added a commit that referenced this issue Oct 3, 2019
@skinny85
fix(codebuild): validate if a CodePipeline action that is cross-accou…
1744f8a 
…nt does not have outputs (#4171)

CodeBuild does not honor the key set on the project if the key is from a different account. That means a cross-account CodeBuild action effectively cannot have outputs (as they will be written with the default S3 key of the CodeBuild account, which the other actions won't have access to).

Add validation that throws an error if there is an attempt to add a cross-account CodeBuild action with outputs.

Fixes #4032
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@skinny85 skinny85

Labels
@aws-cdk/aws-codebuild Related to AWS CodeBuild @aws-cdk/aws-codepipeline Related to AWS CodePipeline
Projects
None yet
Milestone
No milestone
1 participant
@skinny85