[BUG] (type-safe-api) web acl names conflict for multiple apis in same stack with same logical id

[tactactactactac]

Describe the bug

When you create two type-safe-apis within one stack the generated web-acl name collides because both APIs will generate the same web-acl name despite being nested in distinct construct trees.

Looking at the code: https://github.com/aws/aws-pdk/blob/mainline/packages/type-safe-api/src/construct/waf/open-api-gateway-web-acl.ts#L34-L37

The web-acl name is generated from the nearest parent stack only.

Expected Behavior

When two separate api's are created within one stack the generated names will not collide.

Current Behavior

The generated web-acl names collide when you have two apis in one stack.

Reproduction Steps

1. Define a cdk stack
2. Define two type-safe-apis in the stack you made.
3. Deploy the stack.

Possible Solution

Generate the web-acl names with the construct context.

Additional Information/Context

No response

PDK version used

0.23.26

What languages are you seeing this issue on?

Typescript

Environment details (OS name and version, etc.)

Mac, 13.5.2 (22G91)

[cogwirrel]

Thanks for raising this! We actually have a test for this case here:

aws-pdk/packages/type-safe-api/test/construct/type-safe-rest-api.test.ts

Lines 164 to 189 in 7afa3b7

	it("Create 2 APIs on same stack", () => {
	const stack = new Stack(PDKNag.app());
	const func = new Function(stack, "Lambda", {
	code: Code.fromInline("code"),
	handler: "handler",
	runtime: Runtime.NODEJS_16_X,
	});
	withTempSpec(sampleSpec, (specPath) => {
	new TypeSafeRestApi(stack, "ApiTest1", {
	specPath,
	operationLookup,
	integrations: {
	testOperation: {
	integration: Integrations.lambda(func),
	},
	},
	});
	new TypeSafeRestApi(stack, "ApiTest2", {
	specPath,
	operationLookup,
	integrations: {
	testOperation: {
	integration: Integrations.lambda(func),
	},
	},
	});

I suppose the difference here is that the logical ID of the TypeSafeRestApi instances are different, which means the WebACLs have a different name - the names look a bit like: <stack>--<api>-Acl-WebAcl.

I imagine you're encountering this issue when you have different APIs with the same logical ID, just nested under different constructs? As a workaround you should be able to change the logical IDs and they won't conflict.

To address this properly we should do something similar to what we do for the lambda names:

aws-pdk/packages/type-safe-api/src/construct/type-safe-rest-api.ts

Lines 129 to 132 in 7afa3b7

	const lambdaNamePrefix = `${PDKNag.getStackPrefix(stack)
	.split("/")
	.join("-")
	.slice(0, 40)}${this.node.addr.slice(-8).toUpperCase()}`;

Or even better we can use the newer CDK Names utility :)