feat(iot): add Action to republish MQTT messages to another MQTT topic #18661
Conversation
|
|
There was a problem hiding this comment.
Thanks for the contribution @yamatatsu, looks great as usual! A few questions, mainly about naming.
| /** | ||
| * The action to put the record from an MQTT message to republish another MQTT topic. | ||
| */ | ||
| export class IotRepublishAction implements iot.IAction { |
There was a problem hiding this comment.
I wonder, why not use the term "Mqtt" here for the name of this Action? Does it not fit well for some reason?
There was a problem hiding this comment.
There is no reason. Once think again, it would be easier to understand if "MQTT" was included.
| import { singletonActionRole } from './private/role'; | ||
|
|
||
| /** | ||
| * MQTT Quality of Service |
There was a problem hiding this comment.
This comment doesn't explain what this is, it just expands the acronym in the name 😛. How about adding something like "controls the message delivery semantics used when publishing messages to the MQTT topic".
There was a problem hiding this comment.
You're right, I didn't explain it well enough. I've added explaination that copied from the definition.
| const role = this.role ?? singletonActionRole(rule); | ||
| role.addToPrincipalPolicy(new iam.PolicyStatement({ | ||
| actions: ['iot:Publish'], | ||
| resources: ['*'], |
There was a problem hiding this comment.
Hmm... does this have to be "*"? Doesn't the fact that we have the topic here allow us to write a more constrained permission policy?
There was a problem hiding this comment.
I think too, it is maybe less restrictive. But I have no good idea..
When the passed topic is literal, The topic's ARN arn:aws:iot:aws-region:AWS-account-ID:topic/Topic can be identified.
But when the passed topic includes any expressions (e.g. "${topic()}/republished", this case is rather common), the ARN cannot be identified.
Users can use more restrictive permission with that they provide property role that has DENY policy and notResources. Should we explain it in JSDoc? Or add the property to identify candidats topics like topicCandidates?: string[]?
There was a problem hiding this comment.
OK. Let's leave it as-is for now (if you want to add a quick blurb in the ReadMe about this, feel free, but I won't require it).
packages/@aws-cdk/aws-iot-actions/test/iot/iot-republish-action.test.ts
Outdated
Show resolved
Hide resolved
| "s3:PutObjectLegalHold", | ||
| "s3:PutObjectRetention", | ||
| "s3:PutObjectTagging", | ||
| "s3:PutObjectVersionTagging", |
There was a problem hiding this comment.
Sorry, what happened here?
There was a problem hiding this comment.
My local build is old... I've fix it!
mergify
bot
dismissed
skinny85’s stale review
Pull request has been modified.
There was a problem hiding this comment.
Looks great @yamatatsu, just one tiny naming change, and we can merge this in.
| * | ||
| * @default MqttQualityOfService.ZERO_OR_MORE_TIMES | ||
| */ | ||
| readonly qos?: MqttQualityOfService; |
There was a problem hiding this comment.
Sorry, I missed this in the initial review.
Let's rename this to qualityOfService.
There was a problem hiding this comment.
Oops... It's my missing of fix. Sorry.
| const role = this.role ?? singletonActionRole(rule); | ||
| role.addToPrincipalPolicy(new iam.PolicyStatement({ | ||
| actions: ['iot:Publish'], | ||
| resources: ['*'], |
There was a problem hiding this comment.
OK. Let's leave it as-is for now (if you want to add a quick blurb in the ReadMe about this, feel free, but I won't require it).
mergify
bot
dismissed
skinny85’s stale review
Pull request has been modified.
|
Thank you for contributing! Your pull request will be updated from master and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork). |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
|
Thank you for contributing! Your pull request will be updated from master and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork). |
* origin/master: (74 commits) chore: remove reliance on `decdk` in build system (aws#18760) chore: add repository directory for all packages.json (aws#17203) docs(ecs): correct comment documentation for NetworkMode (aws#17841) feat(ecs): expose image name in container definition (aws#17793) feat(ecr): add server-side encryption configuration (aws#16966) chore(region-info): ap-southeast-3 (Jakarta) ROUTE_53_BUCKET_WEBSITE_ZONE_ID (aws#18110) chore: reassign njlynch's ownership areas (aws#18751) chore(ecs-service-extensions): migrate tests to assertions (aws#18649) chore(s3): Fixed documentation for `InventoryFormat.ORC` (aws#18717) feat(iot): add Action to republish MQTT messages to another MQTT topic (aws#18661) chore(rds): add support for PostgreSQL 14 (aws#18713) fix(core): correctly reference versionless secure parameters (aws#18730) fix(ec2): `UserData.addSignalOnExitCommand` does not work in combination with `userDataCausesReplacement` (aws#18726) fix(vpc): Vpc.fromLookup should throw if subnet group name tag is explicitly given and does not exist (aws#18714) docs(dynamodb): add note around table encryption (aws#18721) chore: override `markdown-it` version (aws#18723) docs(cfnspec): update CloudFormation documentation (aws#18741) chore(release): 1.142.0 chore(lambda-layer-awscli): contains a CLI version with a CVE (aws#18727) chore(lambda-python): remove Pillow dependency (aws#18722) ...
resolve #17701
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license