Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(ec2): lookup security group by name #17246

Merged
merged 8 commits into from
Nov 16, 2021

Conversation

jumic
Copy link
Contributor

@jumic jumic commented Oct 31, 2021

Support looking up a security group by name.

Currently, looking up a security group is only possible by ID. This PR enhances the existing implementation to support lookup by security group name.

securityGroupName or securityGroupId can be passed to the new method SecurityGroup.fromLookupAttributes. In addition, property vpc provides the option to restrict the lookup method to a specific VPC.

If no or more than one security group is found, an error is thrown.

Closes #4241.


By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

@gitpod-io
Copy link

gitpod-io bot commented Oct 31, 2021

@github-actions github-actions bot added the @aws-cdk/aws-ec2 Related to Amazon Elastic Compute Cloud label Oct 31, 2021
@jumic
Copy link
Contributor Author

jumic commented Oct 31, 2021

The first build failed because property securityGroupId was changed to optional:

@aws-cdk/cloud-assembly-schema... CHANGES.
Original assembly: @aws-cdk/cloud-assembly-schema@1.130.0
Updated assembly:  @aws-cdk/cloud-assembly-schema@0.0.0
API elements with incompatible changes:
err  - IFACE @aws-cdk/cloud-assembly-schema.SecurityGroupContextQuery: formerly required property 'securityGroupId' is optional: type of property props, type of property missing, returned from @aws-cdk/cloud-assembly-schema.Manifest.load (...and 1 more...) [weakened:@aws-cdk/cloud-assembly-schema.SecurityGroupContextQuery]

I added this line to the breaking changes to allow this change.

weakened:@aws-cdk/cloud-assembly-schema.SecurityGroupContextQuery

Please check if this change is allowed.

@fixundfertig123
Copy link

@jumic sorry for asking this question but I am not that familiar with the approval/pipeline process of cdk. I just by coincident bumbed into this issue today when setting up a multi account pipeline. Therefore I would really appreciate if you could give me an indication when this feature hits GA. Would it be deployed to next release? Best, and thank you for your work!

Copy link
Contributor

@njlynch njlynch left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks mostly good. One comment about the public API for SecurityGroup I think is worth discussing.

The result of the `SecurityGroup.fromLookupAttributes` operation will be written to a file called `cdk.context.json`. You must commit this file to source control so that the lookup values are available in non-privileged environments such as CI build steps, and to ensure your template builds are repeatable.

```ts fixture=with-vpc
const sg = ec2.SecurityGroup.fromLookupAttributes(
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What do you think about dedicated fromLookupById and fromLookupByName methods? They could both still use a (private) fromLookupAttributes method, but it may make the API intent a bit more clear.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I tried to create an API similar to VpcLookupOptions. Now I compared it to fromLookupById and fromLookupByName again. For me, this seems to be a better option because the necessary parameters are defined by the API. I've implemented the following changes:

  • Deprecated method fromLookup, will be replaced by fromLookupById (same parameters).
  • New method fromLookupById with parameter securityGroupId. Parameter vpc not defined because the security group id is sufficient to clearly identify the security group.
  • New method fromLookupByName with parameters securityGroupName and vpc. vpc is defined as required parameter because it avoids problems if the same security group name is used multiple times per account and region. A security group is used in context of a VPC. Therefore, the VPC should be available in the CDK code. If it should be defined as optional later, we could changed it easily (no breaking change).

packages/@aws-cdk/aws-ec2/lib/security-group-lookup.ts Outdated Show resolved Hide resolved
packages/@aws-cdk/aws-ec2/lib/security-group.ts Outdated Show resolved Hide resolved
@mergify mergify bot dismissed njlynch’s stale review November 14, 2021 10:05

Pull request has been modified.

@jumic jumic requested a review from njlynch November 14, 2021 10:28
Copy link
Contributor

@njlynch njlynch left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks great! One nitpicky code organization comment; otherwise good to go!

packages/@aws-cdk/aws-ec2/lib/security-group-lookup.ts Outdated Show resolved Hide resolved
@mergify mergify bot dismissed njlynch’s stale review November 15, 2021 19:03

Pull request has been modified.

@jumic jumic requested a review from njlynch November 15, 2021 19:07
Copy link
Contributor

@njlynch njlynch left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🎉

@mergify
Copy link
Contributor

mergify bot commented Nov 16, 2021

Thank you for contributing! Your pull request will be updated from master and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

@aws-cdk-automation
Copy link
Collaborator

AWS CodeBuild CI Report

  • CodeBuild project: AutoBuildProject89A8053A-LhjRyN9kxr8o
  • Commit ID: 6f85178
  • Result: SUCCEEDED
  • Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

@mergify mergify bot merged commit 5bf0d07 into aws:master Nov 16, 2021
@mergify
Copy link
Contributor

mergify bot commented Nov 16, 2021

Thank you for contributing! Your pull request will be updated from master and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

mpvosseller pushed a commit to mpvosseller/aws-cdk that referenced this pull request Nov 16, 2021
Support looking up a security group by name.

Currently, looking up a security group is only possible by ID. This PR enhances the existing implementation to support lookup by security group name.

`securityGroupName` or `securityGroupId` can be passed to the new method `SecurityGroup.fromLookupAttributes`. In addition, property `vpc` provides the option to restrict the lookup method to a specific VPC.

If no or more than one security group is found, an error is thrown.

Closes aws#4241.

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
TikiTDO pushed a commit to TikiTDO/aws-cdk that referenced this pull request Feb 21, 2022
Support looking up a security group by name.

Currently, looking up a security group is only possible by ID. This PR enhances the existing implementation to support lookup by security group name.

`securityGroupName` or `securityGroupId` can be passed to the new method `SecurityGroup.fromLookupAttributes`. In addition, property `vpc` provides the option to restrict the lookup method to a specific VPC.

If no or more than one security group is found, an error is thrown.

Closes aws#4241.

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
@aws-cdk/aws-ec2 Related to Amazon Elastic Compute Cloud
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Add Security Group lookup by name
5 participants