fix(riff-raff.yaml): Loosen restrictions on GuStacks in an App #1695
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
akash1810
changed the title
jacobwinch
reviewed
Jan 20, 2023
jacobwinch
reviewed
Jan 20, 2023
akash1810
force-pushed
the
riff-raff-waf
branch
3 times, most recently
from
9e2b212
to
bd365eb
Compare
akash1810
commented
Jan 21, 2023
| @@ -33,7 +176,7 @@ describe("The RiffRaffYamlFileExperimental class", () => { | |||
|
|
|||
| expect(() => { | |||
| new RiffRaffYamlFileExperimental(app); | |||
| }).toThrowError("Unable to produce a working riff-raff.yaml file; missing 4 definitions"); | |||
| }).toThrowError("Unable to produce a working riff-raff.yaml file; missing 1 definitions"); // Stack of media-service has no CODE stage | |||
There was a problem hiding this comment.
Previously this was missing 4 definitions:
PASS src/experimental/riff-raff-yaml-file/index.test.ts
● Console
console.log
Unable to produce a working riff-raff.yaml file; missing 4 definitions (details below)
at RiffRaffYamlFileExperimental.validateStacksInApp (src/experimental/riff-raff-yaml-file/index.ts:195:15)
console.log
For the class: MyApplicationStack
at src/experimental/riff-raff-yaml-file/index.ts:197:17
at Array.forEach (<anonymous>)
console.log
┌───────────────┬────────────────────────────┐
│ (index) │ eu-west-1 │
├───────────────┼────────────────────────────┤
│ deploy │ { CODE: '✅', PROD: '✅' } │
│ media-service │ { CODE: '❌', PROD: '✅' } │
└───────────────┴────────────────────────────┘
at src/experimental/riff-raff-yaml-file/index.ts:198:17
at Array.forEach (<anonymous>)
console.log
For the class: MyDatabaseStack
at src/experimental/riff-raff-yaml-file/index.ts:197:17
at Array.forEach (<anonymous>)
console.log
┌───────────────┬────────────────────────────┐
│ (index) │ eu-west-1 │
├───────────────┼────────────────────────────┤
│ deploy │ { CODE: '❌', PROD: '✅' } │
│ media-service │ { CODE: '❌', PROD: '❌' } │
└───────────────┴────────────────────────────┘
at src/experimental/riff-raff-yaml-file/index.ts:198:17
The changes in this PR means only 1 definition is missing:
PASS src/experimental/riff-raff-yaml-file/index.test.ts
● Console
console.log
Unable to produce a working riff-raff.yaml file; missing 1 definitions (details below)
at RiffRaffYamlFileExperimental.validateStacksInApp (src/experimental/riff-raff-yaml-file/index.ts:165:15)
console.log
┌───────────────┬──────┬──────┐
│ (index) │ CODE │ PROD │
├───────────────┼──────┼──────┤
│ deploy │ '✅' │ '✅' │
│ media-service │ '❌' │ '✅' │
└───────────────┴──────┴──────┘
at RiffRaffYamlFileExperimental.validateStacksInApp (src/experimental/riff-raff-yaml-file/index.ts:166:15)
bd365eb
to
e73f32c
Compare
Adds the test case for different GuStacks across multiple AWS accounts. Co-authored-by: Jacob <jacobwinch@users.noreply.github.com> Co-authored-by: Thalia <tjsilver@users.noreply.github.com>
Support the use-case where an `App` includes multiple types of `GuStack`.
For example:
```ts
class ServiceRunningInDeployTools extends GuStack {}
class ServiceRunningInSecurity extends GuStack {}
new ServiceRunningInDeployTools(app, "App-CODE-deploy", {
stack: "deploy",
stage: "CODE",
});
new ServiceRunningInSecurity(app, "App-CODE-security", {
stack: "security",
stage: "CODE",
});
```
It's not clear why this validation was originally added.
The class name is used for the `app` property in a `cloud-formation`
deployment type. This functionality remains, as demonstrated by the tests.
Co-authored-by: Jacob <jacobwinch@users.noreply.github.com>
Co-authored-by: Thalia <tjsilver@users.noreply.github.com>
Supports the case of deploying to multiple stacks, but not necessarily the same region.
akash1810
force-pushed
the
riff-raff-waf
branch
from
e73f32c
to
d1be4d9
Compare
kenoir
approved these changes
Jan 26, 2023
kenoir
reviewed
Jan 26, 2023
| * ├───────────────┼──────┼──────┤ | ||
| * │ deploy │ '✅' │ '✅' │ | ||
| * │ media-service │ '❌' │ '✅' │ | ||
| * └───────────────┴──────┴──────┘ | ||
| * ``` | ||
| * | ||
| * @private | ||
| */ | ||
| private validateStacksInApp(): void { |
There was a problem hiding this comment.
I think it would be useful to validate and describe the logic in this function as a unit test apart from the higher level behaviour, not blocking for merge.
|
🎉 This PR is included in version 49.0.3 🎉 The release is available on: Your semantic-release bot 📦🚀 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Background
When we added
riff-raff.yamlgeneration in #1372, we had a validation step that:GuStacks in anAppregionsstackssstagesGuStackthat matched.This meant, for example, for the following:
We'd get validation errors as there is no
PRODMyDatabaseStackdefinition.The aim of this validation is to only produce
riff-raff.yamlthat works.With
MyDatabaseStackofPRODmissing, when we deployPROD, Riff-Raff would fail to locate the CloudFormation template file, as it simply doesn't exist, and the deployment would fail.This behaviour is due to
allowedStages(correctly) being a property at the root of theriff-raff.yamlfile, rather than a property per deployment.However, there are some niche scenarios where this 4 part validation is too strict.
What does this change?
In this change, we support the, rather niche, use-case of deploying different
GuStacks to multiple AWS accounts (aka Riff-Raff stacks), and regions. For example:To get this to work, the validation step changes (see changes to
isCdkStackPresent).Previously the requirement was that every combination of
GuStack,stack,stage, andregionwas present in anApp, however this is unnecessarily restrictive for the above use-case.In this change, the validation becomes every combination of
stack, andstageare present in anApp.How to test
See the added tests, also https://github.com/guardian/waf/pull/21.
How can we measure success?
We can auto-generate the
riff-raff.yamlfile for more services, such as https://github.com/guardian/waf.Have we considered potential risks?
N/A - the current tests continue to pass, so existing uses of this feature will continue to work.
Checklist
[ ] I have listed any breaking changes, along with a migration path 1Footnotes
Consider whether this is something that will mean changes to projects that have already been migrated, or to the CDK CLI tool. If changes are required, consider adding a checklist here and/or linking to related PRs. ↩
If you are adding a new construct or pattern, has new documentation been added? If you are amending defaults or changing behaviour, are the existing docs still valid? ↩