feat(ecs): container dependencies #3032
Conversation
|
👍 |
| /** | ||
| * This method adds one or more container dependencies to the container. | ||
| */ | ||
| public addContainerDependencies(...containerDependencies: ContainerDependency[]) { |
There was a problem hiding this comment.
Please also add an optional array property to the Props object to initialize these.
There was a problem hiding this comment.
See my comment below, I'm keeping it consistent with similar properties but open to refactoring all the properties to output cleaner cloudformation.
| @@ -418,6 +430,7 @@ export class ContainerDefinition extends cdk.Construct { | |||
| command: this.props.command, | |||
| cpu: this.props.cpu, | |||
| disableNetworking: this.props.disableNetworking, | |||
| dependsOn: this.containerDependencies.map(renderContainerDependency), | |||
There was a problem hiding this comment.
Please don't render the property at all if the list is empty.
There was a problem hiding this comment.
I was unsure about this. Rendering an empty list keeps in consistent with Links, MountPoints and VolumesFrom however it results in a noisy change to the tests.
I'm happy to make it different to the other three and then do further PR to make the other three not output if their list is empty, would you be open to that?
There was a problem hiding this comment.
Or, leave it as is, and refactor all four as a separate PR?
There was a problem hiding this comment.
We prefer not to render empty arrays/objects. Would be great to fix the others as well...
There was a problem hiding this comment.
Ok, cool. I can fix the others as well as part of this PR.
| @@ -230,6 +230,7 @@ | |||
| "Properties": { | |||
| "ContainerDefinitions": [ | |||
| { | |||
| "DependsOn": [], | |||
There was a problem hiding this comment.
Preferably don't render if the array is empty
| /** | ||
| * An array dependencies defined for container startup and shutdown. | ||
| */ | ||
| public readonly containerDependencies = Array<ContainerDependency>(); |
There was a problem hiding this comment.
I am only now realizing that all of these are exposing mutable arrays to users... Not ideal. @rix0rrr what do you think?
| @@ -418,6 +430,7 @@ export class ContainerDefinition extends cdk.Construct { | |||
| command: this.props.command, | |||
| cpu: this.props.cpu, | |||
| disableNetworking: this.props.disableNetworking, | |||
| dependsOn: this.containerDependencies.map(renderContainerDependency), | |||
There was a problem hiding this comment.
We prefer not to render empty arrays/objects. Would be great to fix the others as well...
| /** | ||
| * The container to depend on. | ||
| */ | ||
| readonly container: ContainerDefinition, |
| * The dependency condition of the container. Valid values are ContainerDependencyCondition.START, ContainerDependencyCondition.COMPLETE, | ||
| * ContainerDependencyCondition.SUCCESS and ContainerDependencyCondition.HEALTHY. | ||
| * | ||
| * @default - ContainerDependencyCondition.HEALTHY |
There was a problem hiding this comment.
We only use - when it's not a "real" value. In your case you are actually providing a value...
| */ | ||
| readonly container: ContainerDefinition, | ||
| /** | ||
| * The dependency condition of the container. Valid values are ContainerDependencyCondition.START, ContainerDependencyCondition.COMPLETE, |
There was a problem hiding this comment.
What is the dependency condition? Can you copy & paste from AWS docs?
There was a problem hiding this comment.
This is a copy & paste from the docs :) Added some more of my own context.
|
See some review comments |
Added tests for VolumesFrom and Links. |
| @@ -469,15 +482,15 @@ export class ContainerDefinition extends cdk.Construct { | |||
| image: this.imageConfig.imageName, | |||
| memory: this.props.memoryLimitMiB, | |||
| memoryReservation: this.props.memoryReservationMiB, | |||
There was a problem hiding this comment.
Shouldn’t these be Lazy? What happens if you add something to the array after initialization?
|
|
||
| function renderContainerDependency(containerDependency: ContainerDependency): CfnTaskDefinition.ContainerDependencyProperty { | ||
| return { | ||
| containerName: containerDependency.container.node.id, |
There was a problem hiding this comment.
If the name of the container is similar to the node ID that’s a detail that needs to be encapsulated behind a container.containerName property
There was a problem hiding this comment.
Would this also apply to the reference to container.node.id in addLink and in validate() in TaskDefinition?
I took all those arrays private and all the tests still ran, what do you think of doing that? It would create some breaking changes, would that be acceptable? |
|
I don't think it will be acceptable to break this public API sadly. What we can do is mark them as @deprecated so people don't rely on them and we will get rid of it in v2.0 sometime in the future. |
|
Apologies for the confusion... I was just venting ;-) |
NGL321
added
the
pr/blocked
Add new addContainerDependency method to allow for container dependencies Fixes #2490
No worries, reverted those changes :) |
eladb
changed the title
Add new addContainerDependencies method to allow for container dependencies Fixes #2490
* chore: update package-lock.json * feat(eks): define kubernetes resources This change allows defining arbitrary Kubernetes resources within an EKS cluster. * nice! * update readme * Update README.md * feat(events): ability to add cross-account targets (#3323) This adds the capability of adding a target to an event rule that belongs to a different account than the rule itself. Required for things like cross-account CodePipelines with source actions triggered by events. * chore(ci): add mergify config file (#3502) * chore: update jsii to 0.14.3 (#3513) * fix(iam): correctly limit the default PolicyName to 128 characters (#3487) Our logic for trimming the length of the default IAM policy name was not working, as it wasn't updated when logicalId became a Token rather than a literate string, and so it was never actually triggered (it just checked that the display name of the Token was less than 128 characters, which it always is). The fix is to resolve the logical ID Token before applying the trimming logic. Fixes #3402 * v1.3.0 (#3516) See CHANGELOG * fix: typo in restapi.ts (#3530) * feat(ecs): container dependencies (#3032) Add new addContainerDependencies method to allow for container dependencies Fixes #2490 * feat(s3-deployment): CloudFront invalidation (#3213) see #3106 * docs(core): findChild gets direct child only (#3512) * doc(iam): update references to addManagedPolicy (#3511) * fix(sqs): do not emit grants to the AWS-managed encryption key (#3169) Grants on the `alias/aws/sqs` KMS key alias are not necessary since the key will implicitly allow for it's intended usage to be fulfilled (as opposed to how you have to manage grants yourself when using a user-managed key instead). This removes the statement that was generated using an invalid resource entry. Fixes #2794 * fix(lambda): allow ArnPrincipal in grantInvoke (#3501) Fixes #3264 I'm trying to allow a lambda function in another account to be able to invoke my CDK generated lambda function. This works through the CLI like so: aws lambda add-permission --function-name=myFunction --statement-id=ABoldStatement --action=lambda:InvokeFunction --principal=arn:aws:iam::{account_id}:role/a_lambda_execution_role But CDK doesn't seem to allow me to add an ArnPrincipal doing something like this: myFunction.grantInvoke(new iam.ArnPrincipal(props.myARN)) With the error: Invalid principal type for Lambda permission statement: ArnPrincipal. Supported: AccountPrincipal, ServicePrincipal This PR allows ArnPrincipal to be passed to lambda.grantInvoke. There might be some additional validation required on the exact ARN as I believe only some ARNs are supported by lambda add-permission * chore(contrib): remove API stabilization disclaimer * fix(ssm): add GetParameters action to grantRead() (#3546) * misc * rename `KubernetesManifest` to `KubernetesResource` and `addResource` * move AWS Auth APIs to `cluster.awsAuth` and expose `AwsAuth` * remove the yaml library (we can just use a JSON stream) * add support for adding accounts to aws-auth * fix cluster deletion bug * move kubctl app info to constants * addManifest => addResource * update test expectations * add unit test for customresrouce.ref * fix sample link
Add new
addContainerDependenciesmethod to allow for container dependenciesFixes #2490
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license