feat(codepipeline): change default value for crossAccountKeys to false (under feature flag)

[go-to-k]

The documentation mentions updating the default for CDK v2. Sounds like we should add it in with feature flag.

Closes #28247.

---

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

[aws-cdk-automation]

The pull request linter has failed. See the aws-cdk-automation comment below for failure reasons. If you believe this pull request should receive an exemption, please comment and provide a justification.

A comment requesting an exemption should contain the text Exemption Request. Additionally, if clarification is needed add Clarification Request to a comment.

[go-to-k]

Exemption Request: This just changes the default value, so unit tests could cover it.

[GavinZZ]

Thanks for contributing. This change looks good other than some minor question/changes.

[GavinZZ]

Why do we need to explicitly set it to true? The feature flag is not enabled by default and shouldn't change existing behaviour right?
Same questions for all other places where you added this prop.

[go-to-k]

It appears that the feature flag is enabled by default for integ tests in CodeBuild CI. I put it all back and got an error in CodeBuild CI.

Changes

CodeBuild CI Build log (AccessDenied by Request has expired)

[go-to-k]

I still tried to go back to the original code to test it out, and the CI was an error.

fd0ee48

However, there is also an integ test where the feature flag remains off by default.

https://github.com/go-to-k/aws-cdk/blob/cba7c75fdd055b1cd48f21fbaa3ab29cf5944693/packages/@aws-cdk-testing/framework-integ/test/aws-cloudwatch-actions/test/integ.lambda-alarm-action.ts#L60-L74

I thought it might be due to a difference in integ.json (this file and the another file) by using new integ.IntegTest() or not, but since I still don't understand how this works, I think I'll leave this PR as is for now. (Because fixing this could be another potentially destructive change.)

[go-to-k]

I ran the other test (integ.lambda-alarm-action.ts) as a new integ file (with no existing snapshot) to try it out, and it seems that the feature flag is enabled by default.
(Does using new integ.IntegTest() turn off the feature flag with an existing snapshot?)

Either way, I think we're good to go for now.

✅ Updated pull request passes all PRLinter validations. Dismissing previous PRLinter review.

Pull request has been modified.

[go-to-k]

@GavinZZ @paulhcsun

Thanks for your review. All review comments were reflected. I also have a few comments.

[paulhcsun]

Looks good to me, thanks @go-to-k! I'll defer the approval to @GavinZZ.

[GavinZZ]

LGTM, thanks for contributing!

[mergify]

Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

[aws-cdk-automation]

AWS CodeBuild CI Report

• CodeBuild project: AutoBuildv2Project1C6BFA3F-wQm2hXv2jqQv
• Commit ID: 460316d
• Result: SUCCEEDED
• Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

[mergify]

Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).