-
Notifications
You must be signed in to change notification settings - Fork 4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix(ssm): StringParameter.fromSecureStringParameterAttributes
not working without version
#22311
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The Pull Request Linter fails with the following errors:
❌ The title of this pull request does not follow the Conventional Commits format, see https://www.conventionalcommits.org/.
PRs must pass status checks before we can provide a meaningful review.
Nice catch! Would you mind applying the same fix here: https://github.com/aws/aws-cdk/pull/22311/files#diff-c6cc0ad12503f28d8ab4c545f7efa3d406d90dfe0d34b67c2b29ad115e7a889bR671 |
Pull request has been modified.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The Pull Request Linter fails with the following errors:
❌ Fixes must contain a change to an integration test file and the resulting snapshot.
❌ The title of this pull request does not follow the Conventional Commits format, see https://www.conventionalcommits.org/.
PRs must pass status checks before we can provide a meaningful review.
Pull Request updated. Dissmissing previous PRLinter Review.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The Pull Request Linter fails with the following errors:
❌ Fixes must contain a change to an integration test file and the resulting snapshot.
❌ The title of this pull request does not follow the Conventional Commits format, see https://www.conventionalcommits.org/.
PRs must pass status checks before we can provide a meaningful review.
Pull request has been modified.
Pull Request updated. Dissmissing previous PRLinter Review.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The Pull Request Linter fails with the following errors:
❌ Fixes must contain a change to an integration test file and the resulting snapshot.
❌ The title of this pull request does not follow the Conventional Commits format, see https://www.conventionalcommits.org/.
PRs must pass status checks before we can provide a meaningful review.
Pull Request updated. Dissmissing previous PRLinter Review.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The Pull Request Linter fails with the following errors:
❌ Fixes must contain a change to an integration test file and the resulting snapshot.
❌ The title of this pull request does not follow the Conventional Commits format, see https://www.conventionalcommits.org/.
PRs must pass status checks before we can provide a meaningful review.
Pull request has been modified.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The Pull Request Linter fails with the following errors:
❌ Fixes must contain a change to an integration test file and the resulting snapshot.
❌ The title of this pull request does not follow the Conventional Commits format, see https://www.conventionalcommits.org/.
PRs must pass status checks before we can provide a meaningful review.
Pull Request updated. Dissmissing previous PRLinter Review.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The Pull Request Linter fails with the following errors:
❌ Fixes must contain a change to an integration test file and the resulting snapshot.
❌ The title of this pull request does not follow the Conventional Commits format, see https://www.conventionalcommits.org/.
PRs must pass status checks before we can provide a meaningful review.
Pull Request updated. Dissmissing previous PRLinter Review.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The Pull Request Linter fails with the following errors:
❌ Fixes must contain a change to an integration test file and the resulting snapshot.
❌ The title of this pull request does not follow the Conventional Commits format, see https://www.conventionalcommits.org/.
PRs must pass status checks before we can provide a meaningful review.
Hey @mrgrain - I'm not sure where you intended to link with that comment, but it just takes me to the changes I've already made. I can't see anywhere else that doesn't have conditional logic on the I've fixed the unit test, but can't seem to make the PR title happy for conventional commits, and it's unhappy with me for not updating any snapshots - although they all seem happy... Would appreciate any pointers here, if you have any! :)
|
Pull Request updated. Dissmissing previous PRLinter Review.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The Pull Request Linter fails with the following errors:
❌ Fixes must contain a change to an integration test file and the resulting snapshot.
PRs must pass status checks before we can provide a meaningful review.
StringParamter.fromSecureStringParameterAttributes
not working without version
@dglsparsons Apologies, I thought the List one needed a fix as well, but I see now how that's not the case. 🙇🏻 Regarding integration tests, it appears there is no existing integration test that covered omitting You were missing a |
Pull Request updated. Dissmissing previous PRLinter Review.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The Pull Request Linter fails with the following errors:
❌ Fixes must contain a change to an integration test file and the resulting snapshot.
PRs must pass status checks before we can provide a meaningful review.
StringParamter.fromSecureStringParameterAttributes
not working without versionStringParameter.fromSecureStringParameterAttributes
not working without version
Pull Request updated. Dissmissing previous PRLinter Review.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The Pull Request Linter fails with the following errors:
❌ Fixes must contain a change to an integration test file and the resulting snapshot.
PRs must pass status checks before we can provide a meaningful review.
…orking without version It is possible to omit the `version` of an SSM SecureString parameter. When omitted, the reference generated by CDK results in a ValidationError when applying the changes. e.g. ``` Error [ValidationError]: Incorrect format is used in the following SSM reference: [{{resolve:ssm-secure:/some/parameter:}}] ```
Pull request has been modified.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The Pull Request Linter fails with the following errors:
❌ Fixes must contain a change to an integration test file and the resulting snapshot.
PRs must pass status checks before we can provide a meaningful review.
@mrgrain - it looks like the integration tests don't really exist for SecureString parameters as there is no way to provision them (no construct for SecureString, only String). So I'm a bit unsure on how to proceed. |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
I see. Could we maybe use an Something like (untested code): new cr.AwsCustomResource(this, 'GetParameter', {
onUpdate: { // will also be called for a CREATE event
service: 'SSM',
action: 'putParameter',
parameters: {
Name: '/My/Secure/Parameter',
Type: 'SecureString',
Value: 'abcdef'
},
physicalResourceId: cr.PhysicalResourceId.of('/My/Secure/Parameter'),
},
onDelete: {
service: 'SSM',
action: 'deleteParameter',
parameters: {
Name: new cr.PhysicalResourceIdReference(),
},
},
policy: cr.AwsCustomResourcePolicy.fromSdkCalls({
resources: cr.AwsCustomResourcePolicy.ANY_RESOURCE,
}),
}); See also: |
This PR has been in the CHANGES REQUESTED state for 3 weeks, and looks abandoned. To keep this PR from being closed, please continue work on it. If not, it will automatically be closed in a week. |
@dglsparsons Thanks for your original contribution. FYI I've prepared the new PR #22618 that includes your change, as well as a refacor of the SSM Parameter Store integ tests. |
That's amazing! Thank you! I've been meaning to carve out some time to address those tests for ages but haven't been able to get around to it :). |
Yeah no worries! It turned out to be a bit more complicated anyway. But I'm glad we've now got proper tests for this. 🎉 |
Closing in favour of #22618 |
…orking without version (#22618) It is possible to omit the `version` of an SSM SecureString parameter. When omitted, the reference generated by CDK results in a ValidationError when applying the changes. e.g. ``` Error [ValidationError]: Incorrect format is used in the following SSM reference: [{{resolve:ssm-secure:/some/parameter:}}] ``` Related to #18729 Replaces #22311 ---- ### All Submissions: * [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [x] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)? * [x] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
It is possible to omit the
version
of an SSM SecureString parameter.When omitted, the reference generated by CDK results in a ValidationError when applying the changes.
e.g.
Related to #18729
All Submissions:
Adding new Unconventional Dependencies:
New Features
yarn integ
to deploy the infrastructure and generate the snapshot (i.e.yarn integ
without--dry-run
)?By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license