Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(pipelines): cannot publish assets to more than 35 environments #21010

Merged
merged 10 commits into from
Jul 7, 2022

Conversation

rix0rrr
Copy link
Contributor

@rix0rrr rix0rrr commented Jul 6, 2022

We used to use Lazy.list() to render the list of Role ARNs that the
Asset Publishing Role needs to assume.

The Lazy list cannot be split up, meaning the overflow rendering logic
we recently added cannot apply to this policy. Turn the lazy list into
mutating a policy statement in-place, so the policy overflow logic can
split the policy statement into multiple managed policies.

Also in this PR:

  • To keep the tests behavior consistent (on whether arrays get rendered to the Resource field in statements or not, regardless of exactly which code path is taken), change the behavior of PolicyStatement, have it eagerly dedupe in memory.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

We used to use `Lazy.list()` to render the list of Role ARNs that the
Asset Publishing Role needs to assume.

The Lazy list cannot be split up, meaning the overflow rendering logic
we recently added cannot apply to this policy. Turn the lazy list into
mutating a policy statement in-place, so the policy overflow logic can
split the policy statement into multiple managed policies.
@rix0rrr rix0rrr requested a review from a team July 6, 2022 10:09
@rix0rrr rix0rrr self-assigned this Jul 6, 2022
@gitpod-io
Copy link

gitpod-io bot commented Jul 6, 2022

@aws-cdk-automation aws-cdk-automation requested a review from a team July 6, 2022 10:09
@github-actions github-actions bot added the p2 label Jul 6, 2022
@mergify mergify bot added the contribution/core This is a PR that came from AWS. label Jul 6, 2022
@@ -488,10 +489,10 @@ class AssetPublishing extends Construct {
private readonly MAX_PUBLISHERS_PER_STAGE = 50;

private readonly publishers: Record<string, PublishAssetsAction> = {};
private readonly assetRoles: Record<string, iam.IRole> = {};
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

❤️

packages/@aws-cdk/aws-iam/lib/policy-statement.ts Outdated Show resolved Hide resolved
packages/@aws-cdk/aws-iam/lib/policy-statement.ts Outdated Show resolved Hide resolved
packages/@aws-cdk/aws-iam/lib/policy-statement.ts Outdated Show resolved Hide resolved
@RomainMuller RomainMuller added the pr/do-not-merge This PR should not be merged at this time. label Jul 7, 2022
@rix0rrr rix0rrr removed the pr/do-not-merge This PR should not be merged at this time. label Jul 7, 2022
@mergify
Copy link
Contributor

mergify bot commented Jul 7, 2022

Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

@mergify
Copy link
Contributor

mergify bot commented Jul 7, 2022

Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

@aws-cdk-automation
Copy link
Collaborator

AWS CodeBuild CI Report

  • CodeBuild project: AutoBuildv2Project1C6BFA3F-wQm2hXv2jqQv
  • Commit ID: 1b38af8
  • Result: SUCCEEDED
  • Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

@mergify mergify bot merged commit 4b4af84 into main Jul 7, 2022
@mergify mergify bot deleted the huijbers/pipes-assets branch July 7, 2022 21:53
@mergify
Copy link
Contributor

mergify bot commented Jul 7, 2022

Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

daschaa pushed a commit to daschaa/aws-cdk that referenced this pull request Jul 9, 2022
…ws#21010)

We used to use `Lazy.list()` to render the list of Role ARNs that the
Asset Publishing Role needs to assume.

The Lazy list cannot be split up, meaning the overflow rendering logic
we recently added cannot apply to this policy. Turn the lazy list into
mutating a policy statement in-place, so the policy overflow logic can
split the policy statement into multiple managed policies.

Also in this PR:

- To keep the tests behavior consistent (on whether arrays get rendered to the `Resource` field in statements or not, regardless of exactly which code path is taken), change the behavior of `PolicyStatement`, have it eagerly dedupe in memory.


----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
contribution/core This is a PR that came from AWS. p2
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants