feat!: Tag support for a stack with multiple apps #326
Conversation
|
PR to fix the build - #327. |
| constructor(scope: GuStack, id: string = "GetDistributablePolicy", props?: GuNoStatementsPolicyProps) { | ||
| const path = [scope.stack, scope.stage, scope.app, "*"].join("/"); | ||
| super(scope, id, { ...props, bucketName: new GuDistributionBucketParameter(scope).valueAsString, paths: [path] }); | ||
| // eslint-disable-next-line custom-rules/valid-constructors -- TODO be better |
There was a problem hiding this comment.
Yeah, I'm not sure if this is the best change as it means the constructor for the constructs take different forms and goes against this decision slightly.
Thanks for this suggestion, it was helpful! |
| withoutLogShipping?: boolean; // optional to have log shipping added by default, you have to opt out | ||
| additionalPolicies?: GuPolicy[]; | ||
| } | ||
|
|
||
| export class GuInstanceRole extends GuRole { | ||
| private policies: GuPolicy[]; | ||
|
|
||
| constructor(scope: GuStack, id: string = "InstanceRole", props?: GuInstanceRoleProps) { | ||
| super(scope, id, { | ||
| // eslint-disable-next-line custom-rules/valid-constructors -- TODO be better |
There was a problem hiding this comment.
As we are starting to regularly break this convention perhaps we should consider relaxing the linting rule?
There was a problem hiding this comment.
Definitely! I started on this a couple of weeks ago, but looks like I deleted my branch! 😱
I think the rules should be:
- 1, 2 or 3 arguments
- 1st argument is always GuStack
- If only 2 arguments, 2nd argument is required and are
propsw/no default - If 3 arguments, 2nd is ID w/no default, 3rd are
propsw/no default and optional
Will raise this in a separate PR to see how it pans out.
There was a problem hiding this comment.
Agree with the rules stated above!
There was a problem hiding this comment.
#352 revises the linting rules.
| super(scope, AppIdentity.suffixText(props, "InstanceType"), { | ||
| type: "String", | ||
| description: "EC2 Instance Type", | ||
| description: `EC2 Instance Type for the app ${props.app}`, |
There was a problem hiding this comment.
For the app "janus", the ID/name of this parameter becomes "InstanceTypeJanus". Hopefully the description is helpful?
| }, | ||
| addTag<T extends IConstruct>(appIdentity: AppIdentity, construct: T): T { | ||
| Tags.of(construct).add("App", appIdentity.app); | ||
| return construct; |
There was a problem hiding this comment.
I find this return type a little surprising for a function called addTag
There was a problem hiding this comment.
Agreed. It's mainly out of laziness as we can do this:
const snsTopic = props.existingSnsTopic?.externalTopicName
? Topic.fromTopicArn(
scope,
topicId,
`arn:aws:sns:${scope.region}:${scope.account}:${props.existingSnsTopic.externalTopicName}`
)
: AppIdentity.addTag(
props,
new GuSnsTopic(scope, topicId, {
overrideId: !!props.existingSnsTopic?.logicalIdFromCloudFormation,
})
);The alternative is:
const newTopic = () => {
const topic = new GuSnsTopic(scope, topicId, {
overrideId: !!props.existingSnsTopic?.logicalIdFromCloudFormation,
});
AppIdentity.addTag(props, topic);
return topic;
};
const snsTopic = props.existingSnsTopic?.externalTopicName
? Topic.fromTopicArn(
scope,
topicId,
`arn:aws:sns:${scope.region}:${scope.account}:${props.existingSnsTopic.externalTopicName}`
)
: newTopic();Maybe withTag is a better name?
There was a problem hiding this comment.
Ah yes, I see the benefit now. We could go for withTag or taggedResource, but it's not a big deal so feel free to ignore this!
There was a problem hiding this comment.
Renamed to taggedConstruct to match the name of the parameter.
|
🎉 This PR is included in version 3.0.0 🎉 The release is available on: Your semantic-release bot 📦🚀 |
A `GuInstanceRole` provides the basic permissions needed by EC2, it grants access to: * SSM * Describing tags * Writing to kinesis for log shipping #326 started the work to support the declaration of multiple apps in a stack, where an app is a collection of ASG, LB etc. However, when actually attempting to use the updated constructs in reality, the synth step failed due to multiple constructs using the same ID. This change follows #341 and #337 and converts `GuSSMRunCommandPolicy` and `GuDescribeEC2Policy` to singletons. This means these policies will only get created once regardless of how many roles use them - there will be one policy with multiple roles attached to it. This helps keep the stack DRY and also reduces the chance of reaching the max file size limits of cloudformation. The commits have been crafted to be standalone, reviewing them one by one might make the overall review easier. Requires #341. BREAKING CHANGE: * `GuSSMRunCommandPolicy` and `GuDescribeEC2Policy` can no longer be directly instantiated
Looks like some @guardian/cdk constructs are not applying the App tag. I suspect since guardian/cdk#326. Until that is fixed, we can safely, manually apply it to all constructs in tree from `this` as it's a single app stack.
What does this change?
Currently, as noted by this comment, our constructs are tailored for single app stacks. We don't support a stack that has, for example, a frontend web app and an API app. If we were to create two ASGs in the same stack, they'd both get incorrectly tagged as the same "app". That is, we don't support micro-services very well.
This change moves the app string into an interface, this interface is then extended by any construct's props if they need to be app-aware.
As "app" is not in
GuStackand we want to continue adding the "app" tag to resources, we're having to callTags.of(this).add("App", props.app);a few more times, maybe there's a better solution here that keeps things DRY?Lastly, this is quite a big diff - a lot of the changes are within test files. I've tried to make each commit standalone, so it might be easier to review commit by commit?
BREAKING CHANGE:
GuStackno longer takes knows about an "app"GuAutoScalingGroup,GuUserData,GuParameterStoreReadPolicy,GuGetDistributablePolicyandGuInstanceRolenow requirepropsGuLambdaFunction,GuDatabaseInstance,GuInstanceTypeParameterandGuAmiParameternow take an "app" propDoes this change require changes to existing projects or CDK CLI?
Yes! There are numerous breaking changes in this PR!
How to test
See updated tests, aka observe CI.
How can we measure success?
It is possible to have a stack with multiple apps that are tagged correctly.
Have we considered potential risks?