Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(cloudfront): Add support for response headers policy #17359

Merged
merged 8 commits into from
Nov 24, 2021
Merged

feat(cloudfront): Add support for response headers policy #17359

merged 8 commits into from
Nov 24, 2021

Conversation

ayush987goyal
Copy link
Contributor

@ayush987goyal ayush987goyal commented Nov 5, 2021
edited
Loading

feat(cloudfront): Add support for response headers policy

closes #17290

Notes:
1. Currently the CFNSpec is not up-to-date with the latest available cloudformation changes for ResponseHeadersPolicyId in AWS::CloudFront::Distribution CacheBehavior. Some aspects of the same are added to the PR but are left commented. Would update the PR once the spec is updated.

Refs:

  1. https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/adding-response-headers.html
  2. https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-responseheaderspolicy.html
  3. https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-cachebehavior.html#cfn-cloudfront-distribution-cachebehavior-responseheaderspolicyid

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

@gitpod-io
Copy link

gitpod-io bot commented Nov 5, 2021

@github-actions github-actions bot added the @aws-cdk/aws-cloudfront Related to Amazon CloudFront label Nov 5, 2021
@ayush987goyal ayush987goyal marked this pull request as ready for review November 6, 2021 04:31
@ayush987goyal ayush987goyal mentioned this pull request Nov 12, 2021
Closed
@ayush987goyal
Copy link
Contributor Author

@njlynch Post the cfnspec bump merge, this PR is now ready for review. :)

njlynch
njlynch previously requested changes Nov 12, 2021
View reviewed changes
Copy link
Contributor

@njlynch njlynch left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks great!

Aside from the two spots where it looks like enums could be used, I think this looks good, but I want to chew on it for a bit. Some of the modeling (where it's copying the L1) feels like there's maybe just a bit of room for either flattening or simplifying the structure of CloudFormation.

packages/@aws-cdk/aws-cloudfront/lib/response-headers-policy.ts Outdated Show resolved Hide resolved
packages/@aws-cdk/aws-cloudfront/lib/response-headers-policy.ts Outdated Show resolved Hide resolved
packages/@aws-cdk/aws-cloudfront/lib/response-headers-policy.ts
*
* @default - no content type options
*/
readonly contentTypeOptions?: ResponseHeadersContentTypeOptions;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I wonder if this is an instance where we'd prefer to flatten this structure, or otherwise model it a bit differently.

This is an example usage when modeled as-is:

{
   ...,
   contentTypeOptions: { override: false },
}

I'm not sure that's intuitively clear that means "set X-Content-Type-Options header to nosniff unless the origin also includes the header". Although I guess since that's the only valid value for the header, maybe it does intuitively mean that. Let me chew on this for a (business) day or so and see if anything else springs to mind as an alternative model.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah that was my understanding as well. The override flag would signify if the behavior should override the header if it is already a part of the response from the origin. Therefore I kept it nested.

More often than not, the customers might use a managed policy for this. But in cases where they would want to customize the behavior, we should give them the full plethora of controls.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

After giving it some thought (sorry -- much more than a business day or so!) I think this is fine. There are a few alternatives to how it could be modeled, but many try to anticipate usage and simplify for the "normal" case, and I don't (yet) know what that is here. This is functional and reasonably straightforward, so let's roll with it!

@mergify mergify bot dismissed njlynch’s stale review November 13, 2021 02:42

Pull request has been modified.

@ayush987goyal
Copy link
Contributor Author

@njlynch Did you get a chance to look into this?

@mergify mergify bot dismissed njlynch’s stale review November 24, 2021 10:51

Pull request has been modified.

njlynch
njlynch previously approved these changes Nov 24, 2021
View reviewed changes
Copy link
Contributor

@njlynch njlynch left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!

@mergify
Copy link
Contributor

mergify bot commented Nov 24, 2021

Thank you for contributing! Your pull request will be updated from master and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

@mergify mergify bot dismissed njlynch’s stale review November 24, 2021 13:47

Pull request has been modified.

@mergify
Copy link
Contributor

mergify bot commented Nov 24, 2021

Thank you for contributing! Your pull request will be updated from master and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

@robertd
Copy link
Contributor

robertd commented Nov 24, 2021

Excellent work @ayush987goyal Thanks for shipping this feature. 😃 🎉

@aws-cdk-automation
Copy link
Collaborator

AWS CodeBuild CI Report

  • CodeBuild project: AutoBuildProject89A8053A-LhjRyN9kxr8o
  • Commit ID: 2cf666e
  • Result: SUCCEEDED
  • Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

@mergify mergify bot merged commit ea0acff into aws:master Nov 24, 2021
@mergify
Copy link
Contributor

mergify bot commented Nov 24, 2021

Thank you for contributing! Your pull request will be updated from master and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

@ayush987goyal ayush987goyal deleted the pr/cloudfront-response branch November 24, 2021 18:09
@robertd robertd mentioned this pull request Nov 29, 2021
Closed
2 tasks
beezly pushed a commit to beezly/aws-cdk that referenced this pull request Nov 29, 2021
@ayush987goyal
feat(cloudfront): Add support for response headers policy (aws#17359)
b800c91 
feat(cloudfront): Add support for response headers policy

closes aws#17290 

Notes:
~1. Currently the CFNSpec is not up-to-date with the latest available cloudformation changes for `ResponseHeadersPolicyId` in `AWS::CloudFront::Distribution CacheBehavior`. Some aspects of the same are added to the PR but are left commented. Would update the PR once the spec is updated.~

Refs:
1. https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/adding-response-headers.html
2. https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-responseheaderspolicy.html
3. https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-cachebehavior.html#cfn-cloudfront-distribution-cachebehavior-responseheaderspolicyid

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
@samarkumar1
Copy link

Hi,
I am trying to use responseHeadersPolicy where my cdk version is 2.0.0 and "@aws-cdk/aws-cloudfront": "^1.134.0",
i am getting below error, any suggestion what changes i need to do.
error TS2322: Type '{ origin: S3Origin; allowedMethods: cloudfront.AllowedMethods; viewerProtocolPolicy: cloudfront.ViewerProtocolPolicy.REDIRECT_TO_HTTPS; responseHeadersPolicy: cloudfront.CfnResponseHeadersPolicy; functionAssociations: { ...; }[]; }' is not assignable to type 'BehaviorOptions'.
Object literal may only specify known properties, and 'responseHeadersPolicy' does not exist in type 'BehaviorOptions'.

156 responseHeadersPolicy: cfnResponseHeadersPolicy,
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

node_modules/@aws-cdk/aws-cloudfront/lib/distribution.d.ts:72:14
72 readonly defaultBehavior: BehaviorOptions;
~~~~~~~~~~~~~~~
The expected type comes from property 'defaultBehavior' which is declared here on type 'DistributionProps'

@robertd
Copy link
Contributor

robertd commented Dec 3, 2021
edited
Loading

@samarkumar1 You can't really mix and match cdk1 and cdk2. ckd2 is now a monolithic library going forward (it contains all cdk packages). Also, cdk2 has this new cloudfront feature available where as 1.134.0 does not (it will be present in 1.135.0). Hope this helps.

@samarkumar1
Copy link

Hi @robertd,
I converted from cdk1 to cdk2 where i defined the latest version as below in package.json file, but it look like in latest Tag of 2.0.0 we don't have file response-headers-policy.ts, so i believe i need to wait to get this in latest release tag.
"devDependencies": {
"aws-cdk-lib": "~2.0.0",
"@aws-cdk/assert": "^2.0.0",
"constructs": "^10.0.0",
"typescript": "^4.5.2"
},
"peerDependencies": {
"aws-cdk-lib": "~2.0.0",
"constructs": "^10.0.0",
"source-map-support": "^0.5.21"
}

@robertd
Copy link
Contributor

robertd commented Dec 8, 2021

@samarkumar1 You're absolutely right.... For some reason I thought this feature snuck into v2. Given that re:invent was last week I'm expecting that v2.1.0 and v1.135.0 will get released this week. 🤞

@robertd
Copy link
Contributor

robertd commented Dec 8, 2021

@samarkumar1 https://github.com/aws/aws-cdk/releases/tag/v2.1.0 🎉

@robertd
Copy link
Contributor

robertd commented Jan 5, 2022 via email

TikiTDO pushed a commit to TikiTDO/aws-cdk that referenced this pull request Feb 21, 2022
@ayush987goyal @TikiTDO
feat(cloudfront): Add support for response headers policy (aws#17359)
df77808 
feat(cloudfront): Add support for response headers policy

closes aws#17290 

Notes:
~1. Currently the CFNSpec is not up-to-date with the latest available cloudformation changes for `ResponseHeadersPolicyId` in `AWS::CloudFront::Distribution CacheBehavior`. Some aspects of the same are added to the PR but are left commented. Would update the PR once the spec is updated.~

Refs:
1. https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/adding-response-headers.html
2. https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-responseheaderspolicy.html
3. https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-cachebehavior.html#cfn-cloudfront-distribution-cachebehavior-responseheaderspolicyid

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@njlynch njlynch njlynch approved these changes

Assignees

@njlynch njlynch

Labels
@aws-cdk/aws-cloudfront Related to Amazon CloudFront
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

(cloudfront): Add support for ResponseHeadersPolicy
5 participants
@ayush987goyal @robertd @aws-cdk-automation @samarkumar1 @njlynch