Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(lambda): propagate tags to log group #26049

Closed
wants to merge 87 commits into from
Closed
Changes from 1 commit
Commits
Show all changes
87 commits
Select commit Hold shift + click to select a range
e5236c3
made custom log retention resource taggable and added new function to…
colifran May 31, 2023
cd69181
added new function to handle setting tags on log group
colifran May 31, 2023
24a4a75
wip
colifran Jun 1, 2023
ffb4e64
rico comments
colifran Jun 1, 2023
cf55357
Merge branch 'main' into colifran/log-group-tags
colifran Jun 16, 2023
d7798b3
made log propagation conditional and updated actions in policy to ref…
colifran Jun 16, 2023
0bc3bf4
unit tests for log group propagation from tags set on lambda function
colifran Jun 16, 2023
4a0b380
updated comment about log retention to also include propagate logs
colifran Jun 19, 2023
7dd325c
updated log retention integ test and lambda handler for log retention
colifran Jun 19, 2023
89e191c
updated log group tags logic
colifran Jun 19, 2023
e57178e
updated integ test and lambda handler logic to now set tags on log group
colifran Jun 19, 2023
1c7942c
updated lambda handler log propagation logic to only set tags on log …
colifran Jun 19, 2023
7d81dbe
added logic to remove tags from log group to lambda handler
colifran Jun 19, 2023
b9a33b6
updated logic for deleting tags
colifran Jun 19, 2023
72e68b5
updated lambda log-retention and aws-logs log-retention integ tests
colifran Jun 19, 2023
94115b5
added a check to only untag log group if tagsToDelete has a length gr…
colifran Jun 19, 2023
d94a372
lambda log-retention integ test and snapshots
colifran Jun 19, 2023
c8c74e1
updated lambda log retention integ test to check for lambda custom re…
colifran Jun 19, 2023
f965942
updated adding permissions for tagging and untagging log groups and u…
colifran Jun 19, 2023
eded477
added ability to have a policy statement to grant propagate tags to s…
colifran Jun 19, 2023
1d9072d
updated integ tests for log-retention for aws-lambda and aws-logs
colifran Jun 19, 2023
b9da1ee
updated log-retention integ test and snapshot for aws-logs
colifran Jun 19, 2023
59433e2
added clarifying comment to integ test
colifran Jun 19, 2023
021b3ce
added unit tests to test multiple log retention with log propagation
colifran Jun 19, 2023
b7e175e
aws-lambda log-retention integ test and snapshots
colifran Jun 20, 2023
8344040
updated aws-lambda log-retention integ test and snapshots
colifran Jun 20, 2023
d0063f9
Merge branch 'main' into colifran/log-group-tags
colifran Jun 20, 2023
9bfdcbb
readded single quotes to template properties
colifran Jun 20, 2023
c6f1ea5
updated README
colifran Jun 20, 2023
31810a5
Merge branch 'main' into colifran/log-group-tags
colifran Jun 20, 2023
10030f2
Merge branch 'main' into colifran/log-group-tags
colifran Jun 20, 2023
4f4314e
Merge branch 'main' into colifran/log-group-tags
colifran Jun 20, 2023
9a9c18b
added unit tests to log retention provider to verify log group creati…
colifran Jun 20, 2023
a08d8d1
removed unused import
colifran Jun 20, 2023
7d3594b
updated setLogGroupTags handler logic and added log retention provide…
colifran Jun 20, 2023
c438f5d
unit test for tag update and deletion
colifran Jun 20, 2023
32fd3d3
updated log-retention integ test and snapshots for aws-lambda to refl…
colifran Jun 20, 2023
a13d5b4
updated log retention integ and snapshots for aws-logs to reflect upd…
colifran Jun 20, 2023
632c3c9
Merge branch 'main' into colifran/log-group-tags
colifran Jun 21, 2023
5fc572b
updated logic to still execute setLogGroupTags when propagateTagsToLo…
colifran Jun 21, 2023
c4e52af
updated lambda log-retention integ test
colifran Jun 21, 2023
569231c
updated aws-lambda log-retention integ test snapshots
colifran Jun 21, 2023
1860953
updated aws-logs log-retention integ test
colifran Jun 21, 2023
a222af3
removed stale assets from aws-logs log-retention snapshots
colifran Jun 21, 2023
58ca4d2
updated handler logic to check if PropagateTags is 'true' instead of …
colifran Jun 21, 2023
0013ee4
updated aws-logs log-retention integ test and snapshots
colifran Jun 21, 2023
cbf7f86
updated aws-lambda log-retention integ test and snapshots
colifran Jun 21, 2023
0b914fa
updated README
colifran Jun 21, 2023
4b05f13
updated README
colifran Jun 21, 2023
17d4b9e
empty commit to rerun build
colifran Jun 21, 2023
5f0d7c8
updated tag propagation unit tests in log retention provider with Pro…
colifran Jun 21, 2023
850b7a0
Merge branch 'main' into colifran/log-group-tags
colifran Jun 24, 2023
b756e8a
Merge branch 'main' into colifran/log-group-tags
colifran Jul 5, 2023
b205e64
Merge branch 'main' into colifran/log-group-tags
colifran Jul 6, 2023
f75fa5d
Merge branch 'main' into colifran/log-group-tags
colifran Jul 11, 2023
142da43
Merge branch 'main' into colifran/log-group-tags
colifran Jul 12, 2023
da5bf94
updated README for aws-lambda updated == to === in handler helper fun…
colifran Jun 24, 2023
7bea21d
updated logic to pass log group ARN as a property in the event passed…
colifran Jun 24, 2023
492e73c
updated setLogGroupTags to use listTagsForResource, tagResource, and …
colifran Jun 24, 2023
6593335
updated log retention provider unit tests for tag propagation with ne…
colifran Jun 24, 2023
4320593
updated unit tests in log-retention-provider based on updates to clou…
colifran Jun 24, 2023
57136f1
removed unneeded comment in handler
colifran Jun 24, 2023
a7d4595
added comments to code
colifran Jun 26, 2023
8ea4092
added check for tagsToSet to have at most 50 key-value pairs before c…
colifran Jun 26, 2023
2128024
updated logGroupArn that is passed as event to resource provider lamb…
colifran Jul 5, 2023
509896a
added excludeResourceTypes to integ test for log retention
colifran Jul 5, 2023
9c77ac6
updated actions to be TagResource, UntagResource, and ListTagsForReso…
colifran Jul 5, 2023
ec0d9e4
refactored code used to for granting permissions and creating log res…
colifran Jul 5, 2023
760f615
added clarifying comment to event object property
colifran Jul 5, 2023
abc7b82
updated log-retention integ test and snapshots
colifran Jul 5, 2023
2979b30
updated README with an example of excluding a resource type to preven…
colifran Jul 5, 2023
26c7e4d
updated unit tests with updated base arn format and updated tagging a…
colifran Jul 5, 2023
fa4ea99
removed unclear comment
colifran Jul 5, 2023
319618a
updated log-retention integ test to add assertions
colifran Jul 5, 2023
d4b5b97
updated log-retention integ test
colifran Jul 6, 2023
87ab519
moved multiple log retention tag propagation unit tests under the mul…
colifran Jul 6, 2023
fbd3afa
removed awsApiCall
colifran Jul 11, 2023
ce4fc50
Merge branch 'main' into colifran/log-group-tags
mrgrain Jul 20, 2023
1b5fa57
Merge branch 'main' into colifran/log-group-tags
colifran Jul 22, 2023
595259f
made tag propagation props on event conditional
colifran Jul 22, 2023
b963f0c
added assertion to aws-lambda log-retention integ test
colifran Jul 22, 2023
2013faf
snapshots for aws-lambda log-retention integ test
colifran Jul 22, 2023
d5fc13d
assertions for aws-logs log-retention integ test and snapshots
colifran Jul 23, 2023
1bec5ad
readme update
colifran Jul 23, 2023
7ff5640
Merge branch 'main' into colifran/log-group-tags
colifran Jul 26, 2023
aa30d6c
Merge branch 'main' into colifran/log-group-tags
colifran Jul 28, 2023
23a30d1
Merge branch 'main' into colifran/log-group-tags
mergify[bot] Aug 2, 2023
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
moved multiple log retention tag propagation unit tests under the mul…
…tiple log retention resources section of log retention unit tests

Signed-off-by: Francis <[email protected]>
colifran committed Jul 12, 2023
commit 87ab519553841be3ab17c488f83cebcf3af12e09
430 changes: 215 additions & 215 deletions packages/aws-cdk-lib/aws-logs/test/log-retention.test.ts
Original file line number Diff line number Diff line change
@@ -269,23 +269,17 @@ describe('log retention', () => {
});
});

test('propagate tags to multiple log groups', () => {
test('do not propagate tags to log group', () => {
// GIVEN
const stack = new cdk.Stack();
cdk.Tags.of(stack).add('env', 'prod');
cdk.Tags.of(stack).add('dept', 'eng');

// WHEN
new LogRetention(stack, 'MyFirstLambda', {
logGroupName: 'first-group',
retention: RetentionDays.ONE_MONTH,
propagateTags: true,
});

new LogRetention(stack, 'MySecondLambda', {
logGroupName: 'second-group',
new LogRetention(stack, 'MyLambda', {
logGroupName: 'group',
retention: RetentionDays.ONE_MONTH,
propagateTags: true,
propagateTags: false,
});

// THEN
@@ -296,38 +290,8 @@ describe('log retention', () => {
'Arn',
],
},
LogGroupName: 'first-group',
RetentionInDays: 30,
Tags: [
{
Key: 'dept',
Value: 'eng',
},
{
Key: 'env',
Value: 'prod',
},
],
});
Template.fromStack(stack).hasResourceProperties('Custom::LogRetention', {
ServiceToken: {
'Fn::GetAtt': [
'LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aFD4BFC8A',
'Arn',
],
},
LogGroupName: 'second-group',
LogGroupName: 'group',
RetentionInDays: 30,
Tags: [
{
Key: 'dept',
Value: 'eng',
},
{
Key: 'env',
Value: 'prod',
},
],
});
Template.fromStack(stack).hasResourceProperties('AWS::IAM::Policy', {
PolicyDocument: {
@@ -340,62 +304,6 @@ describe('log retention', () => {
Effect: 'Allow',
Resource: '*',
},
{
Action: [
'logs:ListTagsForResource',
'logs:TagResource',
'logs:UntagResource',
],
Effect: 'Allow',
Resource: {
'Fn::Join': [
'',
[
'arn:',
{
Ref: 'AWS::Partition',
},
':logs:',
{
Ref: 'AWS::Region',
},
':',
{
Ref: 'AWS::AccountId',
},
':log-group:first-group',
],
],
},
},
{
Action: [
'logs:ListTagsForResource',
'logs:TagResource',
'logs:UntagResource',
],
Effect: 'Allow',
Resource: {
'Fn::Join': [
'',
[
'arn:',
{
Ref: 'AWS::Partition',
},
':logs:',
{
Ref: 'AWS::Region',
},
':',
{
Ref: 'AWS::AccountId',
},
':log-group:second-group',
],
],
},
},
],
Version: '2012-10-17',
},
@@ -408,147 +316,239 @@ describe('log retention', () => {
});
});

// this is testing that the resource provider lambda will have it's policy document correctly
// updated even if the first log retention doesn't enable log propagation
test('propagate tags to second log group only', () => {
// GIVEN
const stack = new cdk.Stack();
cdk.Tags.of(stack).add('env', 'prod');
cdk.Tags.of(stack).add('dept', 'eng');
describe('multiple log retention resources', () => {
test('propagate tags to multiple log groups', () => {
// GIVEN
const stack = new cdk.Stack();
cdk.Tags.of(stack).add('env', 'prod');
cdk.Tags.of(stack).add('dept', 'eng');

// WHEN
new LogRetention(stack, 'MyFirstLambda', {
logGroupName: 'first-group',
retention: RetentionDays.ONE_MONTH,
propagateTags: false,
});
// WHEN
new LogRetention(stack, 'MyFirstLambda', {
logGroupName: 'first-group',
retention: RetentionDays.ONE_MONTH,
propagateTags: true,
});

new LogRetention(stack, 'MySeconLambda', {
logGroupName: 'second-group',
retention: RetentionDays.ONE_MONTH,
propagateTags: true,
});
new LogRetention(stack, 'MySecondLambda', {
logGroupName: 'second-group',
retention: RetentionDays.ONE_MONTH,
propagateTags: true,
});

// THEN
Template.fromStack(stack).hasResourceProperties('Custom::LogRetention', {
ServiceToken: {
'Fn::GetAtt': [
'LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aFD4BFC8A',
'Arn',
],
},
LogGroupName: 'second-group',
RetentionInDays: 30,
Tags: [
{
Key: 'dept',
Value: 'eng',
// THEN
Template.fromStack(stack).hasResourceProperties('Custom::LogRetention', {
ServiceToken: {
'Fn::GetAtt': [
'LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aFD4BFC8A',
'Arn',
],
},
{
Key: 'env',
Value: 'prod',
LogGroupName: 'first-group',
RetentionInDays: 30,
Tags: [
{
Key: 'dept',
Value: 'eng',
},
{
Key: 'env',
Value: 'prod',
},
],
});
Template.fromStack(stack).hasResourceProperties('Custom::LogRetention', {
ServiceToken: {
'Fn::GetAtt': [
'LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aFD4BFC8A',
'Arn',
],
},
],
});
Template.fromStack(stack).hasResourceProperties('AWS::IAM::Policy', {
PolicyDocument: {
Statement: [
LogGroupName: 'second-group',
RetentionInDays: 30,
Tags: [
{
Action: [
'logs:PutRetentionPolicy',
'logs:DeleteRetentionPolicy',
],
Effect: 'Allow',
Resource: '*',
Key: 'dept',
Value: 'eng',
},
{
Action: [
'logs:ListTagsForResource',
'logs:TagResource',
'logs:UntagResource',
],
Effect: 'Allow',
Resource: {
'Fn::Join': [
'',
[
'arn:',
{
Ref: 'AWS::Partition',
},
':logs:',
{
Ref: 'AWS::Region',
},
':',
{
Ref: 'AWS::AccountId',
},
':log-group:second-group',
Key: 'env',
Value: 'prod',
},
],
});
Template.fromStack(stack).hasResourceProperties('AWS::IAM::Policy', {
PolicyDocument: {
Statement: [
{
Action: [
'logs:PutRetentionPolicy',
'logs:DeleteRetentionPolicy',
],
Effect: 'Allow',
Resource: '*',
},
{
Action: [
'logs:ListTagsForResource',
'logs:TagResource',
'logs:UntagResource',
],
Effect: 'Allow',
Resource: {
'Fn::Join': [
'',
[
'arn:',
{
Ref: 'AWS::Partition',
},
':logs:',
{
Ref: 'AWS::Region',
},
':',
{
Ref: 'AWS::AccountId',
},
':log-group:first-group',
],
],
},
},
{
Action: [
'logs:ListTagsForResource',
'logs:TagResource',
'logs:UntagResource',
],
Effect: 'Allow',
Resource: {
'Fn::Join': [
'',
[
'arn:',
{
Ref: 'AWS::Partition',
},
':logs:',
{
Ref: 'AWS::Region',
},
':',
{
Ref: 'AWS::AccountId',
},
':log-group:second-group',
],
],
},
},
],
Version: '2012-10-17',
},
PolicyName: 'LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRoleDefaultPolicyADDA7DEB',
Roles: [
{
Ref: 'LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRole9741ECFB',
},
],
Version: '2012-10-17',
},
PolicyName: 'LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRoleDefaultPolicyADDA7DEB',
Roles: [
{
Ref: 'LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRole9741ECFB',
},
],
});
});
});

test('do not propagate tags to log group', () => {
// GIVEN
const stack = new cdk.Stack();
cdk.Tags.of(stack).add('env', 'prod');
cdk.Tags.of(stack).add('dept', 'eng');
// this is testing that the resource provider lambda will have it's policy document correctly
// updated even if the first log retention doesn't enable log propagation
test('propagate tags to second log group only', () => {
// GIVEN
const stack = new cdk.Stack();
cdk.Tags.of(stack).add('env', 'prod');
cdk.Tags.of(stack).add('dept', 'eng');

// WHEN
new LogRetention(stack, 'MyLambda', {
logGroupName: 'group',
retention: RetentionDays.ONE_MONTH,
propagateTags: false,
});
// WHEN
new LogRetention(stack, 'MyFirstLambda', {
logGroupName: 'first-group',
retention: RetentionDays.ONE_MONTH,
propagateTags: false,
});

// THEN
Template.fromStack(stack).hasResourceProperties('Custom::LogRetention', {
ServiceToken: {
'Fn::GetAtt': [
'LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aFD4BFC8A',
'Arn',
],
},
LogGroupName: 'group',
RetentionInDays: 30,
});
Template.fromStack(stack).hasResourceProperties('AWS::IAM::Policy', {
PolicyDocument: {
Statement: [
new LogRetention(stack, 'MySeconLambda', {
logGroupName: 'second-group',
retention: RetentionDays.ONE_MONTH,
propagateTags: true,
});

// THEN
Template.fromStack(stack).hasResourceProperties('Custom::LogRetention', {
ServiceToken: {
'Fn::GetAtt': [
'LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aFD4BFC8A',
'Arn',
],
},
LogGroupName: 'second-group',
RetentionInDays: 30,
Tags: [
{
Action: [
'logs:PutRetentionPolicy',
'logs:DeleteRetentionPolicy',
],
Effect: 'Allow',
Resource: '*',
Key: 'dept',
Value: 'eng',
},
{
Key: 'env',
Value: 'prod',
},
],
Version: '2012-10-17',
},
PolicyName: 'LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRoleDefaultPolicyADDA7DEB',
Roles: [
{
Ref: 'LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRole9741ECFB',
});
Template.fromStack(stack).hasResourceProperties('AWS::IAM::Policy', {
PolicyDocument: {
Statement: [
{
Action: [
'logs:PutRetentionPolicy',
'logs:DeleteRetentionPolicy',
],
Effect: 'Allow',
Resource: '*',
},
{
Action: [
'logs:ListTagsForResource',
'logs:TagResource',
'logs:UntagResource',
],
Effect: 'Allow',
Resource: {
'Fn::Join': [
'',
[
'arn:',
{
Ref: 'AWS::Partition',
},
':logs:',
{
Ref: 'AWS::Region',
},
':',
{
Ref: 'AWS::AccountId',
},
':log-group:second-group',
],
],
},
},
],
Version: '2012-10-17',
},
],
PolicyName: 'LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRoleDefaultPolicyADDA7DEB',
Roles: [
{
Ref: 'LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRole9741ECFB',
},
],
});
});
});

describe('multiple log retention resources', () => {
test('both removalPolicy DESTROY', () => {
// GIVEN
const stack = new cdk.Stack();