Rip out non-AMI/SSM additionalCacheKey

Author: luxaritas

packages/aws-cdk-lib/aws-ec2/README.md

@@ -626,13 +626,6 @@ called `cdk.context.json`. You must commit this file to source control so
 that the lookup values are available in non-privileged environments such
 as CI build steps, and to ensure your template builds are repeatable.
 
-To customize the cache key, use the `additionalCacheKey` parameter.
-This allows you to have multiple lookups with the same parameters
-cache their values separately. This can be useful if you want to
-scope the context variable to a construct (ie, using `additionalCacheKey: this.node.path`),
-so that if the value in the cache needs to be updated, it does not need to be updated
-for all constructs at the same time.
-
 Here's how `Vpc.fromLookup()` can be used:
 
 [importing existing VPCs](test/integ.import-default-vpc.lit.ts)
@@ -878,13 +871,6 @@ written to a file called `cdk.context.json`.
 You must commit this file to source control so that the lookup values are available in non-privileged
 environments such as CI build steps, and to ensure your template builds are repeatable.
 
-To customize the cache key, use the `additionalCacheKey` property of the `options` parameter.
-This allows you to have multiple lookups with the same parameters
-cache their values separately. This can be useful if you want to
-scope the context variable to a construct (ie, using `additionalCacheKey: this.node.path`),
-so that if the value in the cache needs to be updated, it does not need to be updated
-for all constructs at the same time.
-
 ### Cross Stack Connections
 
 If you are attempting to add a connection from a peer in one stack to a peer in a different stack, sometimes it is necessary to ensure that you are making the connection in

packages/aws-cdk-lib/aws-ec2/lib/security-group.ts

@@ -5,8 +5,7 @@ import { IPeer, Peer } from './peer';
 import { Port } from './port';
 import { IVpc } from './vpc';
 import * as cxschema from '../../cloud-assembly-schema';
-import { Annotations, ContextProvider, IResource, Lazy, Names, Resource, ResourceProps, Stack, Token, ValidationError } from '../../core';
-import { addConstructMetadata, MethodMetadata } from '../../core/lib/metadata-resource';
+import { Annotations, ContextProvider, IResource, Lazy, Names, Resource, ResourceProps, Stack, Token } from '../../core';
 import * as cxapi from '../../cx-api';
 
 const SECURITY_GROUP_SYMBOL = Symbol.for('@aws-cdk/iam.SecurityGroup');
@@ -180,6 +179,7 @@ abstract class SecurityGroupBase extends Resource implements ISecurityGroup {
     connection: Port,
     fromTo: 'from' | 'to',
     remoteRule?: boolean): RuleScope {
+
     if (remoteRule && SecurityGroupBase.isSecurityGroup(peer) && differentStacks(this, peer)) {
       // Reversed
       const reversedFromTo = fromTo === 'from' ? 'to' : 'from';
@@ -280,7 +280,7 @@ export interface SecurityGroupProps {
    * Inlining rules is an optimization for producing smaller stack templates. Sometimes
    * this is not desirable, for example when security group access is managed via tags.
    *
-   * The default value can be overridden globally by setting the context variable
+   * The default value can be overriden globally by setting the context variable
    * '@aws-cdk/aws-ec2.securityGroupDisableInlineRules'.
    *
    * @default false
@@ -369,22 +369,22 @@ export class SecurityGroup extends SecurityGroupBase {
    *
    * @deprecated Use `fromLookupById()` instead
    */
-  public static fromLookup(scope: Construct, id: string, securityGroupId: string, options?: BaseSecurityGroupLookupOptions) {
-    return this.fromLookupAttributes(scope, id, { securityGroupId, ...options });
+  public static fromLookup(scope: Construct, id: string, securityGroupId: string) {
+    return this.fromLookupAttributes(scope, id, { securityGroupId });
   }
 
   /**
    * Look up a security group by id.
    */
-  public static fromLookupById(scope: Construct, id: string, securityGroupId: string, options?: BaseSecurityGroupLookupOptions) {
-    return this.fromLookupAttributes(scope, id, { securityGroupId, ...options });
+  public static fromLookupById(scope: Construct, id: string, securityGroupId: string) {
+    return this.fromLookupAttributes(scope, id, { securityGroupId });
   }
 
   /**
    * Look up a security group by name.
    */
-  public static fromLookupByName(scope: Construct, id: string, securityGroupName: string, vpc: IVpc, options?: BaseSecurityGroupLookupOptions) {
-    return this.fromLookupAttributes(scope, id, { securityGroupName, vpc, ...options });
+  public static fromLookupByName(scope: Construct, id: string, securityGroupName: string, vpc: IVpc) {
+    return this.fromLookupAttributes(scope, id, { securityGroupName, vpc });
   }
 
   /**
@@ -434,8 +434,8 @@ export class SecurityGroup extends SecurityGroupBase {
    * Look up a security group.
    */
   private static fromLookupAttributes(scope: Construct, id: string, options: SecurityGroupLookupOptions) {
-    if (Token.isUnresolved(options.securityGroupId) || Token.isUnresolved(options.securityGroupName) || Token.isUnresolved(options.vpc?.vpcId)) {
-      throw new ValidationError('All arguments to look up a security group must be concrete (no Tokens)', scope);
+    if (Token.isUnresolved(options.securityGroupId) || Token.isUnresolved(options.securityGroupName) || Token.isUnresolved(options.vpc?.vpcId)) {
+      throw new Error('All arguments to look up a security group must be concrete (no Tokens)');
     }
 
     const attributes: cxapi.SecurityGroupContextResponse = ContextProvider.getValue(scope, {
@@ -449,7 +449,6 @@ export class SecurityGroup extends SecurityGroupBase {
         securityGroupId: 'sg-12345678',
         allowAllOutbound: true,
       } as cxapi.SecurityGroupContextResponse,
-      additionalCacheKey: options.additionalCacheKey,
     }).value;
 
     return SecurityGroup.fromSecurityGroupId(scope, id, attributes.securityGroupId, {
@@ -503,8 +502,6 @@ export class SecurityGroup extends SecurityGroupBase {
     super(scope, id, {
       physicalName: props.securityGroupName,
     });
-    // Enhanced CDK Analytics Telemetry
-    addConstructMetadata(this, props);
 
     const groupDescription = props.description || this.node.path;
 
@@ -518,8 +515,8 @@ export class SecurityGroup extends SecurityGroupBase {
     this.securityGroup = new CfnSecurityGroup(this, 'Resource', {
       groupName: this.physicalName,
       groupDescription,
-      securityGroupIngress: Lazy.any({ produce: () => this.directIngressRules }, { omitEmptyArray: true }),
-      securityGroupEgress: Lazy.any({ produce: () => this.directEgressRules }, { omitEmptyArray: true }),
+      securityGroupIngress: Lazy.any({ produce: () => this.directIngressRules }, { omitEmptyArray: true } ),
+      securityGroupEgress: Lazy.any({ produce: () => this.directEgressRules }, { omitEmptyArray: true } ),
       vpcId: props.vpc.vpcId,
     });
 
@@ -531,7 +528,6 @@ export class SecurityGroup extends SecurityGroupBase {
     this.addDefaultIpv6EgressRule();
   }
 
-  @MethodMetadata()
   public addIngressRule(peer: IPeer, connection: Port, description?: string, remoteRule?: boolean) {
     if (!peer.canInlineRule || !connection.canInlineRule || this.disableInlineRules) {
       super.addIngressRule(peer, connection, description, remoteRule);
@@ -549,15 +545,14 @@ export class SecurityGroup extends SecurityGroupBase {
     });
   }
 
-  @MethodMetadata()
   public addEgressRule(peer: IPeer, connection: Port, description?: string, remoteRule?: boolean) {
     const isIpv6 = peer.toEgressRuleConfig().hasOwnProperty('cidrIpv6');
 
     if (!isIpv6 && this.allowAllOutbound) {
       // In the case of "allowAllOutbound", we don't add any more rules. There
       // is only one rule which allows all traffic and that subsumes any other
       // rule.
-      if (!remoteRule) { // Warn only if addEgressRule() was explicitly called
+      if (!remoteRule) { // Warn only if addEgressRule() was explicitely called
         Annotations.of(this).addWarningV2('@aws-cdk/aws-ec2:ipv4IgnoreEgressRule', 'Ignoring Egress rule since \'allowAllOutbound\' is set to true; To add customized rules, set allowAllOutbound=false on the SecurityGroup');
       }
       return;
@@ -572,7 +567,7 @@ export class SecurityGroup extends SecurityGroupBase {
       // In the case of "allowAllIpv6Outbound", we don't add any more rules. There
       // is only one rule which allows all traffic and that subsumes any other
       // rule.
-      if (!remoteRule) { // Warn only if addEgressRule() was explicitly called
+      if (!remoteRule) { // Warn only if addEgressRule() was explicitely called
         Annotations.of(this).addWarningV2('@aws-cdk/aws-ec2:ipv6IgnoreEgressRule', 'Ignoring Egress rule since \'allowAllIpv6Outbound\' is set to true; To add customized rules, set allowAllIpv6Outbound=false on the SecurityGroup');
       }
       return;
@@ -599,7 +594,7 @@ export class SecurityGroup extends SecurityGroupBase {
       // to "allOutbound=true" mode, because we might have already emitted
       // EgressRule objects (which count as rules added later) and there's no way
       // to recall those. Better to prevent this for now.
-      throw new ValidationError('Cannot add an "all traffic" egress rule in this way; set allowAllOutbound=true (for ipv6) or allowAllIpv6Outbound=true (for ipv6) on the SecurityGroup instead.', this);
+      throw new Error('Cannot add an "all traffic" egress rule in this way; set allowAllOutbound=true (for ipv6) or allowAllIpv6Outbound=true (for ipv6) on the SecurityGroup instead.');
     }
 
     this.addDirectEgressRule(rule);
@@ -658,7 +653,7 @@ export class SecurityGroup extends SecurityGroupBase {
       const description = this.allowAllOutbound ? ALLOW_ALL_RULE.description : MATCH_NO_TRAFFIC.description;
       super.addEgressRule(peer, port, description, false);
     } else {
-      const rule = this.allowAllOutbound ? ALLOW_ALL_RULE : MATCH_NO_TRAFFIC;
+      const rule = this.allowAllOutbound? ALLOW_ALL_RULE : MATCH_NO_TRAFFIC;
       this.directEgressRules.push(rule);
     }
   }
@@ -816,24 +811,12 @@ function isAllTrafficRule(rule: any) {
   return (rule.cidrIp === '0.0.0.0/0' || rule.cidrIpv6 === '::/0') && rule.ipProtocol === '-1';
 }
 
-/**
- * Base properties for looking up an existing SecurityGroup.
- */
-export interface BaseSecurityGroupLookupOptions {
-  /**
-   * Adds an additional discriminator to the `cdk.context.json` cache key.
-   *
-   * @default - no additional cache key
-   */
-  readonly additionalCacheKey?: string;
-}
-
 /**
  * Properties for looking up an existing SecurityGroup.
  *
  * Either `securityGroupName` or `securityGroupId` has to be specified.
  */
-interface SecurityGroupLookupOptions extends BaseSecurityGroupLookupOptions {
+interface SecurityGroupLookupOptions {
   /**
    * The name of the security group
    *
@@ -859,12 +842,5 @@ interface SecurityGroupLookupOptions extends BaseSecurityGroupLookupOptions {
    *
    * @default Don't filter on VPC
    */
-  readonly vpc?: IVpc;
-
-  /**
-   * Adds an additional discriminator to the `cdk.context.json` cache key.
-   *
-   * @default - no additional cache key
-   */
-  readonly additionalCacheKey?: string;
+  readonly vpc?: IVpc,
 }

packages/aws-cdk-lib/aws-ec2/lib/vpc-lookup.ts

@@ -75,11 +75,4 @@ export interface VpcLookupOptions {
    * @default the account id of the parent stack
    */
   readonly ownerAccountId?: string;
-
-  /**
-   * Adds an additional discriminator to the `cdk.context.json` cache key.
-   *
-   * @default - no additional cache key
-   */
-  readonly additionalCacheKey?: string;
 }