feat(eks-v2-alpha): create the alpha package for the EKS L2 rewrite and setup test #32366
Conversation
There was a problem hiding this comment.
The pull request linter has failed. See the aws-cdk-automation comment below for failure reasons. If you believe this pull request should receive an exemption, please comment and provide a justification.
A comment requesting an exemption should contain the text Exemption Request. Additionally, if clarification is needed add Clarification Request to a comment.
xazhao
force-pushed
the
xazhao/eks-rewrite
branch
from
53b6ba8 to
cff9406
Compare
xazhao
changed the title
aws-cdk-automation
dismissed
their stale review
✅ Updated pull request passes all PRLinter validations. Dismissing previous PRLinter review.
xazhao
force-pushed
the
xazhao/eks-rewrite
branch
from
6936205 to
8e24182
Compare
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #32366 +/- ##
=======================================
Coverage 78.67% 78.67%
=======================================
Files 107 107
Lines 7237 7237
Branches 1329 1329
=======================================
Hits 5694 5694
Misses 1357 1357
Partials 186 186
Flags with carried forward coverage won't be shown. Click here to find out more.
|
| skip_crds = props.get('SkipCrds', False) | ||
|
|
||
| # "log in" to the cluster | ||
| subprocess.check_call([ 'aws', 'eks', 'update-kubeconfig', |
There was a problem hiding this comment.
Recommendation generated by Amazon CodeGuru Reviewer. Leave feedback on this recommendation by replying to the comment or by reacting to the comment using emoji.
Starting a process with a partial executable path https://bandit.readthedocs.io/en/latest/plugins/b607_start_process_with_partial_path.html
| role_arn = props['RoleArn'] | ||
|
|
||
| # "log in" to the cluster | ||
| subprocess.check_call([ 'aws', 'eks', 'update-kubeconfig', |
There was a problem hiding this comment.
Recommendation generated by Amazon CodeGuru Reviewer. Leave feedback on this recommendation by replying to the comment or by reacting to the comment using emoji.
Starting a process with a partial executable path https://bandit.readthedocs.io/en/latest/plugins/b607_start_process_with_partial_path.html
| def get_chart_asset_from_url(chart_asset_url): | ||
| chart_zip = os.path.join(outdir, 'chart.zip') | ||
| shutil.rmtree(chart_zip, ignore_errors=True) | ||
| subprocess.check_call(['aws', 's3', 'cp', chart_asset_url, chart_zip]) |
There was a problem hiding this comment.
Recommendation generated by Amazon CodeGuru Reviewer. Leave feedback on this recommendation by replying to the comment or by reacting to the comment using emoji.
Starting a process with a partial executable path https://bandit.readthedocs.io/en/latest/plugins/b607_start_process_with_partial_path.html
| role_arn = props['RoleArn'] | ||
|
|
||
| # "log in" to the cluster | ||
| subprocess.check_call([ 'aws', 'eks', 'update-kubeconfig', |
There was a problem hiding this comment.
Recommendation generated by Amazon CodeGuru Reviewer. Leave feedback on this recommendation by replying to the comment or by reacting to the comment using emoji.
Starting a process with a partial executable path https://bandit.readthedocs.io/en/latest/plugins/b607_start_process_with_partial_path.html
| while retry > 0: | ||
| try: | ||
| logger.info(cmnd) | ||
| output = subprocess.check_output(cmnd, stderr=subprocess.STDOUT, cwd=tmpdir, shell=True) |
There was a problem hiding this comment.
Recommendation generated by Amazon CodeGuru Reviewer. Leave feedback on this recommendation by replying to the comment or by reacting to the comment using emoji.
subprocess call with shell=True identified, security issue. https://bandit.readthedocs.io/en/latest/plugins/b602_subprocess_popen_with_shell_equals_true.html
| retry = retry - 1 | ||
| logger.info("Broken pipe, retries left: %s" % retry) | ||
| else: | ||
| raise Exception(output) |
There was a problem hiding this comment.
Recommendation generated by Amazon CodeGuru Reviewer. Leave feedback on this recommendation by replying to the comment or by reacting to the comment using emoji.
Using Exception and BaseException can make your code prone to errors and difficult to maintain. Instead, we recommend using one of the Built-in Exceptions or creating a custom exception class that is derived from Exception or one of its subclasses.
Similar issue at line number 158.
| retry = retry - 1 | ||
| logger.info("Broken pipe, retries left: %s" % retry) | ||
| else: | ||
| raise Exception(output) |
There was a problem hiding this comment.
Recommendation generated by Amazon CodeGuru Reviewer. Leave feedback on this recommendation by replying to the comment or by reacting to the comment using emoji.
Using Exception and BaseException can make your code prone to errors and difficult to maintain. Instead, we recommend using one of the Built-in Exceptions or creating a custom exception class that is derived from Exception or one of its subclasses.
Similar issue at line number 203.
| elif request_type == 'Delete': | ||
| patch_json = restore_patch_json | ||
| else: | ||
| raise Exception("invalid request type %s" % request_type) |
There was a problem hiding this comment.
Recommendation generated by Amazon CodeGuru Reviewer. Leave feedback on this recommendation by replying to the comment or by reacting to the comment using emoji.
Using Exception and BaseException can make your code prone to errors and difficult to maintain. Instead, we recommend using one of the Built-in Exceptions or creating a custom exception class that is derived from Exception or one of its subclasses.
| elif request_type == 'Delete': | ||
| pass | ||
| else: | ||
| raise Exception("invalid request type %s" % request_type) |
There was a problem hiding this comment.
Recommendation generated by Amazon CodeGuru Reviewer. Leave feedback on this recommendation by replying to the comment or by reacting to the comment using emoji.
Using Exception and BaseException can make your code prone to errors and difficult to maintain. Instead, we recommend using one of the Built-in Exceptions or creating a custom exception class that is derived from Exception or one of its subclasses.
| retry = retry - 1 | ||
| logger.info("kubectl timed out, retries left: %s" % retry) | ||
| else: | ||
| raise Exception(output) |
There was a problem hiding this comment.
Recommendation generated by Amazon CodeGuru Reviewer. Leave feedback on this recommendation by replying to the comment or by reacting to the comment using emoji.
Using Exception and BaseException can make your code prone to errors and difficult to maintain. Instead, we recommend using one of the Built-in Exceptions or creating a custom exception class that is derived from Exception or one of its subclasses.
Similar issue at line number 70.
| retry = retry - 1 | ||
| logger.info("kubectl timed out, retries left: %s" % retry) | ||
| else: | ||
| raise Exception(output) |
There was a problem hiding this comment.
Recommendation generated by Amazon CodeGuru Reviewer. Leave feedback on this recommendation by replying to the comment or by reacting to the comment using emoji.
Using Exception and BaseException can make your code prone to errors and difficult to maintain. Instead, we recommend using one of the Built-in Exceptions or creating a custom exception class that is derived from Exception or one of its subclasses.
Similar issue at line number 95.
| if resource_type == 'Custom::AWSCDK-EKS-KubernetesObjectValue': | ||
| return get_handler(event, context) | ||
|
|
||
| raise Exception("unknown resource type %s" % resource_type) |
There was a problem hiding this comment.
Recommendation generated by Amazon CodeGuru Reviewer. Leave feedback on this recommendation by replying to the comment or by reacting to the comment using emoji.
Using Exception and BaseException can make your code prone to errors and difficult to maintain. Instead, we recommend using one of the Built-in Exceptions or creating a custom exception class that is derived from Exception or one of its subclasses.
| logger.info("kubectl timed out, retries left: %s" % retry) | ||
| retry = retry - 1 | ||
| else: | ||
| raise Exception(output) |
There was a problem hiding this comment.
Recommendation generated by Amazon CodeGuru Reviewer. Leave feedback on this recommendation by replying to the comment or by reacting to the comment using emoji.
Using Exception and BaseException can make your code prone to errors and difficult to maintain. Instead, we recommend using one of the Built-in Exceptions or creating a custom exception class that is derived from Exception or one of its subclasses.
|
|
||
| if request_type == 'Create' or request_type == 'Update': | ||
| # Ensure chart or chart_asset_url are set | ||
| if chart == None and chart_asset_url == None: |
There was a problem hiding this comment.
Recommendation generated by Amazon CodeGuru Reviewer. Leave feedback on this recommendation by replying to the comment or by reacting to the comment using emoji.
The == and != operators use the compared objects' __eq__ method to test if they are equal. To check if an object is a singleton, such as None, we recommend that you use the is identity comparison operator.
Similar issue at line numbers 80, 81, 82, and 83.
| import subprocess | ||
|
|
||
| cmnd = ['helm', verb, release] | ||
| if not chart is None: |
There was a problem hiding this comment.
Recommendation generated by Amazon CodeGuru Reviewer. Leave feedback on this recommendation by replying to the comment or by reacting to the comment using emoji.
Use is not operator rather than not ... is because it is more readable and makes your code easier to understand.
Similar issue at line numbers 171, 173, 175, 177, and 183.
|
|
||
| # Write out the values to a file and include them with the install and upgrade | ||
| values_file = None | ||
| if not request_type == "Delete" and not values_text is None: |
There was a problem hiding this comment.
Recommendation generated by Amazon CodeGuru Reviewer. Leave feedback on this recommendation by replying to the comment or by reacting to the comment using emoji.
Use is not operator rather than not ... is because it is more readable and makes your code easier to understand.
| chart = get_chart_asset_from_url(chart_asset_url) | ||
|
|
||
| if repository is not None and repository.startswith('oci://'): | ||
| tmpdir = tempfile.TemporaryDirectory() |
There was a problem hiding this comment.
Recommendation generated by Amazon CodeGuru Reviewer. Leave feedback on this recommendation by replying to the comment or by reacting to the comment using emoji.
Problem
This line of code might contain a resource leak. Resource leaks can cause your system to slow down or crash.
Fix
Consider closing the following resource: tmpdir. The resource is allocated by call tempfile.TemporaryDirectory. Execution paths that do not contain closure statements were detected. To prevent this resource leak, close tmpdir in a try-finally block or declare it using a with statement.
More info
View details about the with statement in the Python developer's guide (external link).
aws-cdk-automation
added
the
pr/needs-maintainer-review
|
Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork). |
aws-cdk-automation
removed
the
pr/needs-maintainer-review
|
Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork). |
|
@Mergifyio refresh |
✅ Pull request refreshed |
|
Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork). |
There was a problem hiding this comment.
I think this module is too large to provide valuable feedback and reviews. I'll approve this since Xia mentioned that this is pretty much just a copy&paste of the current eks module. I think merging this in now makes sense so that all the future changes are reviewable and those changes are what we care the most about.
|
Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork). |
|
@mergify Update |
❌ Sorry but I didn't understand the command. Please consult the commands documentation 📚. |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
|
Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork). |
|
Comments on closed issues and PRs are hard for our team to see. |
Reason for this change
Setup the alpha module for the EKS L2 rewrite
aws-eks-v2-alpha.This module will be private until all development are done by setting
"private": trueinpackage.json,Also setup unit tests/integration tests so future changes will be visible on test diff.
Description of changes
This is the full copy of existing
aws-eksmodule. I made some minor changes like updating import path to make sure build and all tests pass.Description of how you validated changes
unit tests and integration tests
Checklist
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license