fix(apprunner-alpha): env vars and secrets can't solely be added via .add*() methods #24346
Conversation
github-actions
bot
added
repeat-contributor
There was a problem hiding this comment.
The pull request linter has failed. See the aws-cdk-automation comment below for failure reasons. If you believe this pull request should receive an exemption, please comment and provide a justification.
A comment requesting an exemption should contain the text Exemption Request. Additionally, if clarification is needed add Clarification Request to a comment.
|
Please make sure that your PR title confirms to the conventional commit standard (fix, feat, chore) and that it is written in a style that will reflect correctly in the change log (See Contributing Guide, Pull Requests) |
aws-cdk-automation
dismissed
their stale review
✅ Updated pull request passes all PRLinter validations. Dissmissing previous PRLinter review.
I've updated the code, tests, and added a new integration test and snapshot. |
I'll take a look but please also address the message above. |
rogerchi
changed the title
github-actions
bot
added
the
effort/medium
Let me know if the new title works. |
| if (Object.keys(this.environmentSecrets).length > 0 && this.instanceRole) { | ||
| for (const [key, value] of Object.entries(this.environmentSecrets)) { | ||
| if (key.startsWith('AWSAPPRUNNER')) { | ||
| throw new Error(`Environment secret key ${key} with a prefix of AWSAPPRUNNER is not allowed`); | ||
| } | ||
|
|
||
| value.grantRead(this.instanceRole); | ||
| this.secrets.push({ name: key, value: value.arn }); | ||
| } |
There was a problem hiding this comment.
The logic for throwing the error now happens in the .addSecret() method. And the prop secrets are added using the same .addSecret() method now, see lines 977:985. I followed the pattern that the lambda.Function construct established by using the .add* methods for both prop environment variables/secrets and ones added later using the .add* methods.
| if (Object.keys(this.environmentVariables).length > 0) { | ||
| for (const [key, value] of Object.entries(this.environmentVariables)) { | ||
| if (key.startsWith('AWSAPPRUNNER')) { | ||
| throw new Error(`Environment variable key ${key} with a prefix of AWSAPPRUNNER is not allowed`); | ||
| } | ||
| this.variables.push({ name: key, value: value }); | ||
| } |
There was a problem hiding this comment.
The logic for throwing the error now happens in the .addEnvironmentVariable() method (it was not catching variables that started with AWSAPPRUNNER if added through the .add*() methods.
| // generalte an IAM role only when environmentSecrets has values and props.instanceRole is undefined | ||
| this.instanceRole = (Object.keys(this.environmentSecrets).length > 0 && !this.props.instanceRole) ? | ||
| this.createInstanceRole() : this.props.instanceRole; | ||
|
|
There was a problem hiding this comment.
This same logic now needs to be performed lazily, no? Not entirely removed
There was a problem hiding this comment.
This is handled in lines 975, 1049, and then lazily produced in line 1000.
There was a problem hiding this comment.
ah, I missed that. I see, nicely done.
Co-authored-by: Calvin Combs <66279577+comcalvi@users.noreply.github.com>
|
@comcalvi I've tried to address/answer all of your comments. Let me know if there's any further suggestions or clarifications required! |
| // generalte an IAM role only when environmentSecrets has values and props.instanceRole is undefined | ||
| this.instanceRole = (Object.keys(this.environmentSecrets).length > 0 && !this.props.instanceRole) ? | ||
| this.createInstanceRole() : this.props.instanceRole; | ||
|
|
There was a problem hiding this comment.
ah, I missed that. I see, nicely done.
|
Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork). |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
|
Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork). |
….add*() methods (aws#24346) This fixes the logic for rendering environment variables and environment secrets for the `apprunner-alpha` module. Previously, `.addEnvironmentVariable()` and `.addSecret()` were being ignored if there were not already "seed" values in the input props. Closes aws#24345. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
This fixes the logic for rendering environment variables and environment secrets for the
apprunner-alphamodule. Previously,.addEnvironmentVariable()and.addSecret()were being ignored if there were not already "seed" values in the input props.Closes #24345.
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license