fix(ecs): remove accidental duplication of cloudmap namespaces with s…

…ervice connect (#25891) This PR should fix #25616, where service connect accidentally creates a duplicate HTTP namespace when a customer sets a service connect default namespace on the cluster. Closes #25616 However, I think that a broader fix for this issue should include deprecation of the `namespace` parameter in `ServiceConnectProps` in favor of a `cloudmapNamespace: INamespace` parameter; that way, we can force resolution by ARN under the hood of the construct and never trigger the namespace duplication behavior. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
aws · Jun 13, 2023 · 4f60293 · 4f60293
1 parent 7a6758d
commit 4f60293
Show file tree

Hide file tree

Showing 12 changed files with 2,024 additions and 157 deletions.
diff --git a/...teg.service-connect.js.snapshot/ServiceConnectDefaultTestDeployAssert88F6A66F.assets.json b/...teg.service-connect.js.snapshot/ServiceConnectDefaultTestDeployAssert88F6A66F.assets.json
@@ -1,15 +1,28 @@
 {
-  "version": "21.0.0",
+  "version": "32.0.0",
   "files": {
-    "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": {
+    "36618132bd37b6b15f9987b57ad1fbf613f1ad937aec72381232b163ed9c44c4": {
+      "source": {
+        "path": "asset.36618132bd37b6b15f9987b57ad1fbf613f1ad937aec72381232b163ed9c44c4.bundle",
+        "packaging": "zip"
+      },
+      "destinations": {
+        "current_account-current_region": {
+          "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}",
+          "objectKey": "36618132bd37b6b15f9987b57ad1fbf613f1ad937aec72381232b163ed9c44c4.zip",
+          "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}"
+        }
+      }
+    },
+    "d1bb9f9c141c0b0bba4f15ebed577c22d74718e011b71b5d9c262b81d5257cc9": {
       "source": {
         "path": "ServiceConnectDefaultTestDeployAssert88F6A66F.template.json",
         "packaging": "file"
       },
       "destinations": {
         "current_account-current_region": {
           "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}",
-          "objectKey": "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json",
+          "objectKey": "d1bb9f9c141c0b0bba4f15ebed577c22d74718e011b71b5d9c262b81d5257cc9.json",
           "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}"
         }
       }

diff --git a/...g.service-connect.js.snapshot/ServiceConnectDefaultTestDeployAssert88F6A66F.template.json b/...g.service-connect.js.snapshot/ServiceConnectDefaultTestDeployAssert88F6A66F.template.json
@@ -1,4 +1,104 @@
 {
+ "Resources": {
+  "AwsApiCallServiceDiscoverylistNamespaces": {
+   "Type": "Custom::DeployAssert@SdkCallServiceDiscoverylistNamespaces",
+   "Properties": {
+    "ServiceToken": {
+     "Fn::GetAtt": [
+      "SingletonFunction1488541a7b23466481b69b4408076b81HandlerCD40AE9F",
+      "Arn"
+     ]
+    },
+    "service": "ServiceDiscovery",
+    "api": "listNamespaces",
+    "expected": "{\"$ObjectLike\":{\"Namespaces\":{\"$ArrayWith\":[{\"$ObjectLike\":{\"Name\":\"whistler.com\",\"Type\":\"HTTP\"}}]}}}",
+    "flattenResponse": "false",
+    "salt": "1686165472436"
+   },
+   "UpdateReplacePolicy": "Delete",
+   "DeletionPolicy": "Delete"
+  },
+  "SingletonFunction1488541a7b23466481b69b4408076b81Role37ABCE73": {
+   "Type": "AWS::IAM::Role",
+   "Properties": {
+    "AssumeRolePolicyDocument": {
+     "Version": "2012-10-17",
+     "Statement": [
+      {
+       "Action": "sts:AssumeRole",
+       "Effect": "Allow",
+       "Principal": {
+        "Service": "lambda.amazonaws.com"
+       }
+      }
+     ]
+    },
+    "ManagedPolicyArns": [
+     {
+      "Fn::Sub": "arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
+     }
+    ],
+    "Policies": [
+     {
+      "PolicyName": "Inline",
+      "PolicyDocument": {
+       "Version": "2012-10-17",
+       "Statement": [
+        {
+         "Action": [
+          "servicediscovery:ListNamespaces"
+         ],
+         "Effect": "Allow",
+         "Resource": [
+          "*"
+         ]
+        },
+        {
+         "Effect": "Allow",
+         "Action": [
+          "servicediscovery:ListNamespaces"
+         ],
+         "Resource": [
+          "*"
+         ]
+        }
+       ]
+      }
+     }
+    ]
+   }
+  },
+  "SingletonFunction1488541a7b23466481b69b4408076b81HandlerCD40AE9F": {
+   "Type": "AWS::Lambda::Function",
+   "Properties": {
+    "Runtime": "nodejs14.x",
+    "Code": {
+     "S3Bucket": {
+      "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
+     },
+     "S3Key": "36618132bd37b6b15f9987b57ad1fbf613f1ad937aec72381232b163ed9c44c4.zip"
+    },
+    "Timeout": 120,
+    "Handler": "index.handler",
+    "Role": {
+     "Fn::GetAtt": [
+      "SingletonFunction1488541a7b23466481b69b4408076b81Role37ABCE73",
+      "Arn"
+     ]
+    }
+   }
+  }
+ },
+ "Outputs": {
+  "AssertionResultsAwsApiCallServiceDiscoverylistNamespaces": {
+   "Value": {
+    "Fn::GetAtt": [
+     "AwsApiCallServiceDiscoverylistNamespaces",
+     "assertion"
+    ]
+   }
+  }
+ },
  "Parameters": {
   "BootstrapVersion": {
    "Type": "AWS::SSM::Parameter::Value<String>",