chore(ecs-patterns): ExecuteCommand support in ApplicationLoadBalancedFargateService #15497
Conversation
|
|
peterwoodworth
added
the
@aws-cdk/aws-ecs-patterns
|
@mzizzi thanks for this - I was waiting for this functionality as well :) Also - looks like this needs to be rebased against |
|
Awesome stuff. Roughly when would this be rolled into a release? |
|
|
||
| // THEN - stack contains a service with execute-command enabled | ||
| expect(stack).to(haveResourceLike('AWS::ECS::Service', { | ||
| EnableExecuteCommand: ABSENT, |
There was a problem hiding this comment.
Does expected default value is ABSENT? or we do we expect false as a default value?
There was a problem hiding this comment.
Hey sorry for the late response. As implemented the default for the interface is to leave that property undefined as an optional with readonly enableExecuteCommand?: boolean;
If you're arguing that we shouldn't be allowed to omit that property and force a true/false then I can make those changes. Cloudformation looks to be happy with either true/false or omitting the property altogether.
Unrelated: I'll fix the copy/pasta comments that are incorrect.
There was a problem hiding this comment.
I don't think we need either of the omitted or false tests. The ABSENT test asserts whether the prop is undefined or not set (a check not necessary in our case) and the false test below essentially checks if the enableExecuteCommand is set correctly and so does the true test. It would be great if you could remove both these unit tests.
There was a problem hiding this comment.
Hey, thanks for the review!
I don't think we need either of the omitted or false tests. The ABSENT test asserts whether the prop is undefined or not set (a check not necessary in our case)
Why wouldn't it be necessary to test ABSENT behavior? It's a valid config and what most (all) people will be using prior to this PR being merged. It's a good check of back compatibility and that the underlying templates that get synthed aren't changing for people that omit this option.
and the false test below essentially checks if the enableExecuteCommand is set correctly and so does the true test. It would be great if you could remove both these unit tests.
I'd argue that we should be testing to ensure that the proper value is getting set all of the way through for each possible input and not just the happy (true) path. These act as regression tests for each of possible configs related to this feature. If the guts of the implementation change and break things then these tests will fail.
There was a problem hiding this comment.
The purpose of the ABSENT assertion is not to check for backwards compatibility. The new test suite will run only against the updated construct. If there is a field that explicitly needs to be false/ undefined for a certain configuration of props then we would use the ABSENT assertion.
You’re right, we should not only check for happy paths. enableExecuteCommand for this L3 construct is only an input property (not a class attribute which can be modified). It will set the corresponding L2 property to what is provided as input and any other testing is taken care by the L2. Thus, we should be good with using the true literal.
|
@mzizzi are you sure this will handle adjusting the iam roles for |
upparekh
added
the
response-requested
upparekh
changed the title
It should ultimately be handled it in the same way that it is handled here: |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
packages/@aws-cdk/aws-ecs-patterns/lib/fargate/application-load-balanced-fargate-service.ts
Show resolved
Hide resolved
|
|
||
| // THEN - stack contains a service with execute-command enabled | ||
| expect(stack).to(haveResourceLike('AWS::ECS::Service', { | ||
| EnableExecuteCommand: ABSENT, |
There was a problem hiding this comment.
I don't think we need either of the omitted or false tests. The ABSENT test asserts whether the prop is undefined or not set (a check not necessary in our case) and the false test below essentially checks if the enableExecuteCommand is set correctly and so does the true test. It would be great if you could remove both these unit tests.
github-actions
bot
removed
the
response-requested
RomainMuller
force-pushed
the
master
branch
from
924c117 to
ebfd5f2
Compare
| @@ -174,6 +181,7 @@ export class ApplicationLoadBalancedFargateService extends ApplicationLoadBalanc | |||
| circuitBreaker: props.circuitBreaker, | |||
| securityGroups: props.securityGroups, | |||
| vpcSubnets: props.taskSubnets, | |||
| enableExecuteCommand: props.enableExecuteCommand, | |||
There was a problem hiding this comment.
why scope it that small and not patch it into all base classes of the patterns (i.e. application-load-balanced-service-base.ts, application-multiple-target-groups-service-base.ts, network-load-balanced-service-base.ts, network-multiple-target-groups-service-base.ts, queue-processing-service-base.ts, scheduled-task-base.ts)
There was a problem hiding this comment.
IIRC ECS Exec works on Fargate and EC2, so I would reccomend patching the base classes to propagate it into the implementations of the patterns
|
Closing as this is superseded by #18663 |
Addresses #15197 by adding support for enabling ExecuteCommand for Services created with ApplicationLoadBalancedFargateService.
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license