feat(ec2): support PrefixList.fromLookup()
#33619
Conversation
github-actions
bot
added
effort/medium
aws-cdk-automation
dismissed
their stale review
✅ Updated pull request passes all PRLinter validations. Dismissing previous PRLinter review.
|
Verified CloudControl context provider works: import * as cxschema from '@aws-cdk/cloud-assembly-schema';
import { Toolkit } from '@aws-cdk/toolkit-lib';
import * as cdk from 'aws-cdk-lib';
(async () => {
const toolkit = new Toolkit({ sdkConfig: { profile: 'sandbox' } });
const cx = await toolkit.fromAssemblyBuilder(async () => {
const app = new cdk.App();
const stack = new cdk.Stack(app, 'Stack', { env: { region: 'us-east-1', account: 'ACCOUNT-ID' } });
const responses = cdk.ContextProvider.getValue(stack, {
provider: cxschema.ContextProvider.CC_API_PROVIDER,
props: {
typeName: 'AWS::EC2::PrefixList',
propertyMatch: {
PrefixListName: 'com.amazonaws.global.cloudfront.origin-facing',
},
propertiesToReturn: ['PrefixListId'],
},
dummyValue: [{ PrefixListId: 'pl-xxxxxxxx' }],
}).value;
new cdk.CfnOutput(stack, 'PrefixListId', {
value: responses[0].PrefixListId,
});
return app.synth();
});
const cxSnap = await toolkit.synth(cx);
const assembly = await cxSnap.produce();
const template = assembly.getStackByName('Stack').template;
const { Outputs } = template;
console.log(JSON.stringify({ Outputs }, undefined, 2));
})().catch(console.error);$ yarn ts-node --prefer-ts-exts cc-api-test.ts
✨ Synthesis time: 3.87s
Successfully synthesized to /tmp/cdk.out8jL5HY
{
"Outputs": {
"PrefixListId": {
"Value": "pl-3b927c52"
}
}
}
$ aws --profile sandbox --region us-east-1 ec2 describe-managed-prefix-lists --prefix-list-ids pl-3b927c52
{
"PrefixLists": [
{
"PrefixListId": "pl-3b927c52",
"AddressFamily": "IPv4",
"State": "create-complete",
"PrefixListArn": "arn:aws:ec2:us-east-1:aws:prefix-list/pl-3b927c52",
"PrefixListName": "com.amazonaws.global.cloudfront.origin-facing",
"Tags": [],
"OwnerId": "AWS"
}
]
} |
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #33619 +/- ##
=======================================
Coverage 82.38% 82.38%
=======================================
Files 120 120
Lines 6938 6938
Branches 1170 1170
=======================================
Hits 5716 5716
Misses 1119 1119
Partials 103 103
Flags with carried forward coverage won't be shown. Click here to find out more.
🚀 New features to boost your workflow:
|
aws-cdk-automation
added
the
pr/needs-community-review
aws-cdk-automation
added
pr/needs-maintainer-review
| let prefixList = response[0]; | ||
| if (!prefixList?.PrefixListId) { | ||
| Annotations.of(scope).addError(`Could not find the managed prefix list '${options.prefixListName}'`); | ||
| prefixList = dummyResponse; |
There was a problem hiding this comment.
for my understanding, why do we need the assignment here, can we just throw an error
There was a problem hiding this comment.
In other modules, fromLookup() never throws an error. An error thrown by context provider will be added as annotation in ContextProvider.getValue().
aws-cdk/packages/aws-cdk-lib/core/lib/context-provider.ts
Lines 127 to 131 in bff85e8
Therefore, in my understanding, annotation seems to be preferred here.
If not, I can change to throw ValidationError here.
There was a problem hiding this comment.
That's what I try to understand, why we want to add an error here, can we remove this?
There was a problem hiding this comment.
If the managed prefix list with specified name does not exist, CC API context provider returns an empty array []. We should detect it as an error.
Another solution: update the provider (in aws-cdk-lib) to return the dummy value with providerError if the result is empty.
There was a problem hiding this comment.
Submitted issue aws/aws-cdk-cli#257 and PR aws/aws-cdk-cli#251
There was a problem hiding this comment.
Updated to throw ValidationError instead of adding an error annotation.
After the above PR is merged, we can assume exact one result.
|
Thank you @Tietew for your contribution, changes look good to me, i just have few last questions before approving this PR. |
|
@shikha372 Thank you for review. I answered them. |
Tietew
force-pushed
the
ec2-prefixlist-lookup
branch
from
7815825 to
08a9bc8
Compare
|
Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork). |
|
This pull request has been removed from the queue for the following reason: The pull request can't be updated You should update or rebase your pull request manually. If you want to requeue this pull request, you can post a |
aws-cdk-automation
removed
the
pr/needs-maintainer-review
|
Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork). |
aws-cdk-automation
added
the
pr/needs-maintainer-review
|
Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork). |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
|
Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork). |
|
Comments on closed issues and PRs are hard for our team to see. |
Issue # (if applicable)
Closes #33606.
Closes #15115.
Reason for this change
AWS-managed prefix lists are useful to control traffic VPC and AWS managed services.
The name of the AWS-managed prefix list is documented but the id should be copy&paste by hand.
Description of changes
This PR implements
PrefixList.fromLookup()to look up an existing managed prefix list by name.Uses the new CloudControl context provider: aws/aws-cdk-cli#138 and cdklabs/cloud-assembly-schema#124.
Describe any new or updated permissions being added
Nothing.
Description of how you validated changes
Added unit tests and an integ test.
Checklist
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license