Removed versioning from s3 objects

packages/aws-cdk-lib/aws-ecs/lib/container-definition.ts

@@ -1,7 +1,7 @@
 import { Construct } from 'constructs';
 import { NetworkMode, TaskDefinition } from './base/task-definition';
 import { ContainerImage, ContainerImageConfig } from './container-image';
-import { CredentialSpec, ICredentialSpecConfig } from './credential-spec';
+import { CredentialSpec, CredentialSpecConfig } from './credential-spec';
 import { CfnTaskDefinition } from './ecs.generated';
 import { EnvironmentFile, EnvironmentFileConfig } from './environment-file';
 import { LinuxParameters } from './linux-parameters';
@@ -473,7 +473,7 @@ export class ContainerDefinition extends Construct {
   /**
    * The crdential specifications for this container.
    */
-  public readonly credentialSpecs?: ICredentialSpecConfig[];
+  public readonly credentialSpecs?: CredentialSpecConfig[];
 
   /**
    * The name of the image referenced by this container.
@@ -936,7 +936,7 @@ function renderEnvironmentFiles(partition: string, environmentFiles: Environment
   return ret;
 }
 
-function renderCredentialSpec(credSpec: ICredentialSpecConfig): string {
+function renderCredentialSpec(credSpec: CredentialSpecConfig): string {
   if (!credSpec.location) {
     throw Error('CredentialSpec must specify a valid location or ARN');
   }

packages/aws-cdk-lib/aws-ecs/lib/credential-spec.ts

@@ -8,18 +8,12 @@ export class CredentialSpec {
   /**
    * Get the ARN for an S3 object.
    */
-  protected static arnForS3Object(bucket: IBucket, key: string, objectVersion?: string) {
-    let keyPattern = key;
-
+  protected static arnForS3Object(bucket: IBucket, key: string) {
     if (!key) {
       throw new Error('key is undefined');
     }
 
-    if (objectVersion) {
-      keyPattern += `/${objectVersion}`;
-    }
-
-    return bucket.arnForObjects(keyPattern);
+    return bucket.arnForObjects(key);
   }
 
   /**
@@ -51,7 +45,7 @@ export class CredentialSpec {
    * Called when the container is initialized to allow this object to bind
    * to the stack.
    */
-  public bind(): ICredentialSpecConfig {
+  public bind(): CredentialSpecConfig {
     return {
       typePrefix: this.prefixId,
       location: this.fileLocation,
@@ -73,11 +67,10 @@ export class DomainJoinedCredentialSpec extends CredentialSpec {
    *
    * @param bucket The S3 bucket
    * @param key The object key
-   * @param objectVersion Optional S3 object version
    * @returns CredSpec with it's locations set to the S3 object's ARN.
    */
-  public static fromS3Bucket(bucket: IBucket, key: string, objectVersion?: string) {
-    return new DomainJoinedCredentialSpec(CredentialSpec.arnForS3Object(bucket, key, objectVersion));
+  public static fromS3Bucket(bucket: IBucket, key: string) {
+    return new DomainJoinedCredentialSpec(CredentialSpec.arnForS3Object(bucket, key));
   }
 
   /**
@@ -109,11 +102,10 @@ export class DomainlessCredentialSpec extends CredentialSpec {
    *
    * @param bucket The S3 bucket
    * @param key The object key
-   * @param objectVersion Optional S3 object version
    * @returns CredSpec with it's locations set to the S3 object's ARN.
    */
-  public static fromS3Bucket(bucket: IBucket, key: string, objectVersion?: string) {
-    return new DomainlessCredentialSpec(CredentialSpec.arnForS3Object(bucket, key, objectVersion));
+  public static fromS3Bucket(bucket: IBucket, key: string) {
+    return new DomainlessCredentialSpec(CredentialSpec.arnForS3Object(bucket, key));
   }
 
   /**
@@ -134,7 +126,7 @@ export class DomainlessCredentialSpec extends CredentialSpec {
 /**
  * Configuration for a credential specification (CredSpec) used for a ECS container.
  */
-export interface ICredentialSpecConfig {
+export interface CredentialSpecConfig {
   /**
    * Prefix used for the CredSpec string.
    */

packages/aws-cdk-lib/aws-ecs/test/credential-spec.test.ts

@@ -21,15 +21,6 @@ describe('credential spec', () => {
     });
 
     describe('fromS3Bucket', () => {
-      test('fails if key name is empty', () => {
-        // GIVEN
-        const stack = new cdk.Stack();
-        const bucket = new s3.Bucket(stack, 'bucket');
-
-        // THEN
-        expect(() => ecs.DomainJoinedCredentialSpec.fromS3Bucket(bucket, '')).toThrow(/key is undefined/);
-      });
-
       test('returns a valid version-less S3 object ARN as location', () => {
         // GIVEN
         const stack = new cdk.Stack();
@@ -46,13 +37,12 @@ describe('credential spec', () => {
         // GIVEN
         const stack = new cdk.Stack();
         const objectKey = 'credSpec';
-        const objectVersion = 'xwghdvg2672';
         const bucket = new s3.Bucket(stack, 'bucket');
-        const credSpec = ecs.DomainJoinedCredentialSpec.fromS3Bucket(bucket, objectKey, objectVersion);
+        const credSpec = ecs.DomainJoinedCredentialSpec.fromS3Bucket(bucket, objectKey);
         const containerDefinition = defineContainerDefinition(stack, credSpec);
 
         // THEN
-        expect(containerDefinition.credentialSpecs?.at(0)?.location).toEqual(bucket.arnForObjects(`${objectKey}/${objectVersion}`));
+        expect(containerDefinition.credentialSpecs?.at(0)?.location).toEqual(bucket.arnForObjects(objectKey));
       });
     });
 
@@ -112,13 +102,12 @@ describe('credential spec', () => {
         // GIVEN
         const stack = new cdk.Stack();
         const objectKey = 'credSpec';
-        const objectVersion = 'xwghdvg2672';
         const bucket = new s3.Bucket(stack, 'bucket');
-        const credSpec = ecs.DomainlessCredentialSpec.fromS3Bucket(bucket, objectKey, objectVersion);
+        const credSpec = ecs.DomainlessCredentialSpec.fromS3Bucket(bucket, objectKey);
         const containerDefinition = defineContainerDefinition(stack, credSpec);
 
         // THEN
-        expect(containerDefinition.credentialSpecs?.at(0)?.location).toEqual(bucket.arnForObjects(`${objectKey}/${objectVersion}`));
+        expect(containerDefinition.credentialSpecs?.at(0)?.location).toEqual(bucket.arnForObjects(objectKey));
       });
     });