feat Add aws-rds.DatabaseInstance.fromLookup #33258
Conversation
github-actions
bot
added
the
beginning-contributor
github-actions
bot
added
effort/small
pcheungamz
requested a deployment
to
test-pipeline
GitHub Actions
Waiting
There was a problem hiding this comment.
The pull request linter fails with the following errors:
❌ Features must contain a change to an integration test file and the resulting snapshot.
❌ CLI code has changed. A maintainer must run the code through the testing pipeline (git fetch origin pull/33258/head && git push -f origin FETCH_HEAD:test-main-pipeline), then add the 'pr-linter/cli-integ-tested' label when the pipeline succeeds.
❌ The title prefix of this pull request must be one of "feat|fix|build|chore|ci|docs|style|refactor|perf|test|revert"
If you believe this pull request should receive an exemption, please comment and provide a justification. A comment requesting an exemption should contain the text Exemption Request. Additionally, if clarification is needed, add Clarification Request to a comment.
pcheungamz
changed the title
pcheungamz
changed the title
pcheungamz
requested a deployment
to
test-pipeline
GitHub Actions
Waiting
|
This PR cannot be merged because it has conflicts. Please resolve them. The PR will be considered stale and closed if it remains in an unmergeable state. |
1 similar comment
|
This PR cannot be merged because it has conflicts. Please resolve them. The PR will be considered stale and closed if it remains in an unmergeable state. |
| const securityGroups: ec2.ISecurityGroup[] = []; | ||
| const dbsg: [string] = instance.DBSecurityGroups; | ||
| dbsg.forEach(securityGroupId => { |
There was a problem hiding this comment.
💅 Instead of using forEach for a list.push() side effect, it's nicer to use a list.map() to produce another list.
const securityGroups = instance.DBSecurityGroups.map(id => ec2.SecurityGroup.fromSecurityGroupid(...))| Object.assign(dataObj, { ['DBInstanceArn']: 'arn:aws:rds:us-east-1:123456789012:db:instance-1' }); | ||
| Object.assign(dataObj, { ['Endpoint.Address']: 'instance-1.testserver.us-east-1.rds.amazonaws.com' }); | ||
| Object.assign(dataObj, { ['Endpoint.Port']: '5432' }); | ||
| Object.assign(dataObj, { ['DbiResourceId']: 'db-ABCDEFGHI' }); | ||
| Object.assign(dataObj, { ['DBSecurityGroups']: [] }); | ||
| Object.assign(dataObj, { ['Identifier']: 'instance-1' }); |
There was a problem hiding this comment.
💅 Object.assign() is a way to copy fields from object A to object B, usually useful if you don't know what fields an object might have. Since all values are constants known in advance here, we could also have done:
const dataObj = {
'DBInstanceArn': 'arn:aws...',
'Endpoint.Address': 'instance-1.testserver',
'Endpoint.Port': '5432',
// ...
};Which is a lot simpler.
There was a problem hiding this comment.
I ran into a linter error. I guess it is better to turn off linter for this test files than to use Object.assign.
| describe('DatabaseInstanceBase from lookup with DBSG', () => { | ||
| test('return correct instance info', () => { | ||
| const dataObj = {}; | ||
| Object.assign(dataObj, { ['DBInstanceArn']: 'arn:aws:rds:us-east-1:123456789012:db:instance-1' }); |
| function mockDbInstanceContextProviderWith(response: Object, paramValidator?: (options: cxschema.CcApiContextQuery) => void) { | ||
| const previous = ContextProvider.getValue; | ||
| ContextProvider.getValue = (_scope: Construct, options: GetContextValueOptions) => { | ||
| // do some basic sanity checks | ||
| expect(options.provider).toEqual(cxschema.ContextProvider.CC_API_PROVIDER); | ||
|
|
||
| if (paramValidator) { | ||
| paramValidator(options.props as any); | ||
| } | ||
|
|
||
| return { | ||
| value: { | ||
| ...response, | ||
| } as Map<string, Map<string, any>>, | ||
| }; | ||
| }; | ||
| return previous; | ||
| } | ||
|
|
||
| function restoreContextProvider(previous: (scope: any, options: GetContextValueOptions) => GetContextValueResult): void { | ||
| ContextProvider.getValue = previous; | ||
| } |
There was a problem hiding this comment.
Did you copy this from elsewhere? Because using a Jest mock is simpler than this and it's the currently recommended way to write this.
// GIVEN
const mock = jest.spyOn(ContextProvider.prototype, 'getValue').mockResolvedValue(...);
// WHEN
// ...
// THEN
expect(mock).toHaveBeenCalledWith(...);
mock.restore();There was a problem hiding this comment.
yes, I borrowed it from aws-kms/test/key.from-lookup.test.ts. Will change that to follow the recommended standard.
There was a problem hiding this comment.
I couldn't get jest.spyOn to work with ContextProvider. I got:
Property `getValue` does not exist in the provided object
| const result = await cc.listResources({ | ||
| TypeName: args.typeName, | ||
| }); |
There was a problem hiding this comment.
Slightly annoying but I believe that cc.getResource and cc.listResources will return different properties (at the discretion of the resource handler implementation). getResource will definitely return everything, and listResources wil return some summarized version.
That will probably be an annoying an unexpected behavior for users in the future. The safer behavior would be to call listResources first, and then call getResource for every resource returned that way. I'm debating whether we cast that behavior in stone right now, or wait for problems to turn up...
At least this behavior should be documented somewhere.
There was a problem hiding this comment.
I tested with
aws cloudcontrol list-resources --type-name AWS::RDS::DBInstance
and
aws cloudcontrol get-resource --type-name AWS::RDS::DBInstance --identifier shine-reporting-aurora-instance-1
The properties return are the same. getResource and listResources are consistent at least for DBInstance.
| } | ||
|
|
||
| private async findResources(cc: ICloudControlClient, args: CcApiContextQuery): Promise<{[key: string]: any}> { | ||
| if (args.exactIdentifier) { |
There was a problem hiding this comment.
It should be an error if both exactIdentifier and propertyMatch are given. The most logical place to check would be here I think.
And it would be nicer if the the parameters to this.getResource() and this.listResources() were the relevant fields directly and all checks on the field could be supplied here, rather than the entire CcApiContextQuery objeect.
There was a problem hiding this comment.
Will move the param validation here.
| const propsObj = getResultObj(propsObject, args.propertiesToReturn); | ||
|
|
||
| // Add the identifier back to the propsObj. | ||
| propsObj.Identifier = result.ResourceDescription?.Identifier; |
There was a problem hiding this comment.
Can we make returning Identifier part of getResultObj as well? Then that function is entirely responsible for producing the returned object, which seems nice and comprehensible, and we don't have to remember to do this in both query functions.
| let misMatch = false; | ||
| matchKey.forEach((key) => { | ||
| const value = findJsonValue(propsObject, key); | ||
| if (value !== args.propertyMatch![key]) { | ||
| misMatch = true; | ||
| } | ||
| }); |
There was a problem hiding this comment.
This could be formulated as:
const filters = Object.values(args.propertyMatch);
const isMatch = filters.every(([key, expected] => {
const actual = findJsonValue(propsObject, key);
return propertyMatchesFilter(actual, expected);
});
function propertyMatchesFilter(actual: any, expected: any) {
// For now we just check for strict equality, but we can implement pattern matching and fuzzy matching here later
return expected === actual;
}I did 3 things here:
- Use
Object.values()instead ofObject.keys(), so we iterate over key/value pairs (saves a lookup and some visual noise, imo). - Use
list.every()instead of aforEachcombined with mutating a boolean - Extract the actual comparison to a helper function, so that we have a clear location to start implementing more advanced filtering later
There was a problem hiding this comment.
Thanks. will use this pattern.
There was a problem hiding this comment.
I couldn't get your code to work. Object.values() doesn't give me back the key, but Object.entries() gave me both key and value. I also had trouble with every. It only gave me the first element.
There was a problem hiding this comment.
I got this to work
const filters = Object.entries(myRecord);
filters.every((expected, index, arr) => {
const key = arr[index][0];
const expected = arr[index][1];
const actual = findJsonValue(propsObject, key);
return propertyMatchesFilter(actual, expected);
});
|
|
||
| // Add the identifier back to the propsObj. | ||
| propsObj.Identifier = result.ResourceDescription?.Identifier; | ||
| resultObj[CcApiContextProviderPlugin.RESULTS] = [propsObj]; |
There was a problem hiding this comment.
I see you decided to return a object with a { results: [...] } key, rather than a list directly.
I'm not against it because it's more easily extensible, but I'm not sure I see the need yet and I'm curious if there are any specific reasons to do it this wat? Just returning a direct list seems simpler to me, but I wonder if you're predicting some future change I'm not seeing yet.
There was a problem hiding this comment.
I was following the Coral results within the return object that I am used to seeing. I am not tied to it. Happy to change it to a direct list, since this is more idiomatic for CDK.
| // THEN | ||
| const results = result[CcApiContextProviderPlugin.RESULTS]; | ||
| let propsObj = results[0]; | ||
| expect(propsObj.DBInstanceArn).toEqual('arn:aws:rds:us-east-1:123456789012:db:test-instance-1'); |
There was a problem hiding this comment.
💅 Could also do:
expect(propsObj).toEqual({
DBInstanceArn: 'arn:...',
StorageEncrypted: 'true',
// ...
});Or even
expect(propsObj).toEqual(expect.objectContaining({
DBInstanceArn: 'arn:...',
StorageEncrypted: 'true',
// ...
}));There was a problem hiding this comment.
thanks. will use this pattern.
| propsObj.Identifier = result.ResourceDescription?.Identifier; | ||
| resultObj[CcApiContextProviderPlugin.RESULTS] = [propsObj]; | ||
| } else { | ||
| throw new TypeError(`Could not get resource ${args.exactIdentifier}.`); |
There was a problem hiding this comment.
Please add in the error message here.
And I don't agree that this is a TypeError.
There was a problem hiding this comment.
Will use ContextProviderError instead.
| throw new TypeError(`Could not get resource ${args.exactIdentifier}.`); | ||
| } | ||
| } catch (err) { | ||
| throw new TypeError(`Encountered CC API error while getting resource ${args.exactIdentifier}.`); |
There was a problem hiding this comment.
Please add in the error message here.
And I don't agree that this is a TypeError.
There was a problem hiding this comment.
will use ContextProviderError and include err in the message.
pcheungamz
requested a deployment
to
test-pipeline
GitHub Actions
Waiting
pcheungamz
requested a deployment
to
test-pipeline
GitHub Actions
Waiting
pcheungamz
requested a deployment
to
test-pipeline
GitHub Actions
Waiting
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
Issue # (if applicable)
Closes #31720
This replaces my previous PR #32901. I addressed the PR comments in this new PR.
This depends on this PR: cdklabs/cloud-assembly-schema#124
Reason for this change
Add DatabaseInstance.fromLookup() feature
Description of changes
Describe any new or updated permissions being added
User will need to have permission to run CloudControl API.
Description of how you validated changes
Tested with this code. I already have an RDS DB in my AWS account. I want to look it up and grant connect to a new user.
Saved to packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/my-test-app.ts
Ran this command:
Checklist
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license