feat(ec2): Add Transit Gateway settings to FlowLogResourceType #27262
Conversation
to FlowLogResourceType
github-actions
bot
added
the
beginning-contributor
There was a problem hiding this comment.
The pull request linter has failed. See the aws-cdk-automation comment below for failure reasons. If you believe this pull request should receive an exemption, please comment and provide a justification.
A comment requesting an exemption should contain the text Exemption Request. Additionally, if clarification is needed add Clarification Request to a comment.
github-actions
bot
added
effort/small
dyoshikawa
changed the title
aws-cdk-automation
dismissed
their stale review
✅ Updated pull request passes all PRLinter validations. Dismissing previous PRLinter review.
|
This PR cannot be merged because it has conflicts. Please resolve them. The PR will be considered stale and closed if it remains in an unmergeable state. |
There was a problem hiding this comment.
The PR looks good! It just needs a couple more steps.
- First, there are merge conflicts, please resolve these. They look relatively simple
- Please link documentation you referenced in the process of finding the feature gap and adding the feature. Adding it to the PR description would be appreciated as well!
- Address the comments on the integ test
I will be ready to approve when you get back with these asks!
| resourceType: FlowLogResourceType.fromTransitGatewayId(transitGateway.ref), | ||
| flowLogName: 'TransitGatewayFlowLogName', | ||
| }); | ||
| } |
There was a problem hiding this comment.
Is there a reason you did not add a fromTransitGatewayAttachmentId resource type FlowLog into the test as well?
| const featureFlagTest = new FeatureFlagStack(app, 'FlowLogsFeatureFlag'); | ||
|
|
||
| const integ = new IntegTest(app, 'FlowLogs', { | ||
| testCases: [ | ||
| new TestStack(app, 'FlowLogsTestStack'), | ||
| featureFlagTest, | ||
| new DependencyTestStack(app, 'DependencyTestStack'), | ||
| new TransitGatewayFlowLogStack(app, 'TransitGatewayFlowLogStack'), | ||
| ], | ||
| diffAssets: true, | ||
| }); |
There was a problem hiding this comment.
Are there assertions you could add here to confirm the FlowLog is created as you intend it to be?
There was a problem hiding this comment.
I tried it. But, when I ran integration tests, the following error has occurred. The error message Response object is too is ambiguous, so I cannot proceed.
FlowLogsDefaultTestDeployAssertXXXXXX | 3/5 | 4:31:08 PM |
CREATE_FAILED | Custom::DeployAssert@SdkCallEC2describeFlowLogs
| FlowLogs/DefaultTest/DeployAssert/AwsApiCallEC2describeFlowLogsXXXXXXXXXXXXX/Default/Default
(AwsApiCallEC2describeFlowLogsXXXXXXXXXXX) Response object is too
long.
Could you help me?
There was a problem hiding this comment.
Yes, this is a common problem and not well documented. One solution is to do something along the lines of:
const describe = integ.assertions.awsApiCall(...);
describe.assertAtPath('path.key.in.object', ExpectedResult.stringLikeRegexp('string you expect'));
This will prevent the full response object coming back to cloudformation.
|
This PR cannot be merged because it has conflicts. Please resolve them. The PR will be considered stale and closed if it remains in an unmergeable state. |
2 similar comments
|
This PR cannot be merged because it has conflicts. Please resolve them. The PR will be considered stale and closed if it remains in an unmergeable state. |
|
This PR cannot be merged because it has conflicts. Please resolve them. The PR will be considered stale and closed if it remains in an unmergeable state. |
|
@scanlonp Thank you for your review. I'll check those. |
'origin' into transit-gateway-flow-log-resource-type
scanlonp
added
pr/needs-maintainer-review
aws-cdk-automation
added
pr/needs-community-review
…ub.com/dyoshikawa/aws-cdk into transit-gateway-flow-log-resource-type
from a transit gateway attachment to docs
|
@scanlonp Thank you. I worked on these again. So could you review more once? |
| this, | ||
| 'TransitGatewayAttachment', | ||
| { | ||
| subnetIds: vpc.selectSubnets({ |
There was a problem hiding this comment.
This is causing the build to fail since you have not created the vpc. Add the vpc declaration to the example:
declare const vpc: ec2.Vpc;
|
There is still the task of re-writing the user contract so that |
|
@scanlonp I'm sorry to have kept you waiting. Could you review again?
I worked on it. |
There was a problem hiding this comment.
Couple more small comments. We should do some validation rather than coercion.
But also, I noticed that trafficType is used in the addFlowLogs() method. Deprecating it leaves no non-deprecated option for that function.
As an end result, we should have trafficType be deprecated when used in our from...() methods, and not deprecated when used in addFlowLogs(). This is a little tricky, but a possible solution is to have an interface extend FlowLogOptions (or have FlowLogOptions extend an interface), and have trafficType be deprecated in one and not in the other. Then give each method its proper interface.
This is a little convoluted, so let me put a little more thought into it. Ideas are welcome, but I will get back to you soon!
| let trafficType: FlowLogTrafficType | undefined = undefined; | ||
| if (!['TransitGateway', 'TransitGatewayAttachment'].includes(props.resourceType.resourceType)) { |
There was a problem hiding this comment.
We should not need this now, right? Should be a validation rather than a coercion.
There was a problem hiding this comment.
As to the code, because I had intended behavior that already exists will not changed.
OK, I will change as you say. But I don't know how should I write well so I asked you.
| trafficType = props.trafficType ?? props.resourceType.trafficType ?? FlowLogTrafficType.ALL; | ||
| } |
There was a problem hiding this comment.
We should validate that both are not set.
There was a problem hiding this comment.
Ok, but how should it failure? In that case, it should occur throw new Error() ?
| @@ -616,6 +644,7 @@ export interface FlowLogOptions { | |||
| * The type of traffic to log. You can log traffic that the resource accepts or rejects, or all traffic. | |||
| * | |||
| * @default ALL | |||
| * @deprecated Use `resourceType.trafficType` instead | |||
There was a problem hiding this comment.
This is used in the addFlowLogs method, which means we would be deprecating traffic type with no alternative there. Probably cannot deprecate this as-is. I overlooked this before.
There was a problem hiding this comment.
Maybe instead of deprecating, we can give a warning if it is set here.
There was a problem hiding this comment.
I see. In that case, can I use this.warn such like the code that already exists?
aws-cdk-automation
removed
the
pr/needs-community-review
| @@ -616,6 +644,7 @@ export interface FlowLogOptions { | |||
| * The type of traffic to log. You can log traffic that the resource accepts or rejects, or all traffic. | |||
| * | |||
| * @default ALL | |||
| * @deprecated Use `resourceType.trafficType` instead | |||
There was a problem hiding this comment.
Maybe instead of deprecating, we can give a warning if it is set here.
mergify
bot
dismissed
scanlonp’s stale review
Pull request has been modified.
|
@scanlonp Also, I'm sorry for so late reaction. I've been busy these days. |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
|
This PR has been in the BUILD FAILING state for 3 weeks, and looks abandoned. To keep this PR from being closed, please continue work on it. If not, it will automatically be closed in a week. |
|
This PR has been deemed to be abandoned, and will be automatically closed. Please create a new PR for these changes if you think this decision has been made in error. |
aws-cdk-automation
added
the
closed-for-staleness
Closes #27222.
AWS documents:
Other references:
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license