Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Ensure non-empty arrays for CIDR ranges #2093

Closed
wants to merge 2 commits into from

Conversation

mxdvl
Copy link
Contributor

@mxdvl mxdvl commented Nov 2, 2023

What does this change?

Ensure that Internal and Restricted access provide at least one CIDR range.

This is technically a breaking change, as some consumers may currently provide empty arrays.

How to test

type NonEmptyArray<T> = [T, ...T[]]

How can we measure success?

More type safety.

Have we considered potential risks?

Some consumers might start getting type errors.

Checklist

  • I have listed any breaking changes, along with a migration path 1
  • I have updated the documentation as required for the described changes 2

Footnotes

  1. Consider whether this is something that will mean changes to projects that have already been migrated, or to the CDK CLI tool. If changes are required, consider adding a checklist here and/or linking to related PRs.

  2. If you are adding a new construct or pattern, has new documentation been added? If you are amending defaults or changing behaviour, are the existing docs still valid?

Copy link

changeset-bot bot commented Nov 2, 2023

🦋 Changeset detected

Latest commit: 5c92098

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package
Name Type
@guardian/cdk Major

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

Copy link
Contributor

github-actions bot commented Dec 4, 2023

This PR is stale because it has been open 30 days with no activity. Unless a comment is added or the “stale” label removed, this will be closed in 3 days

@github-actions github-actions bot added the Stale label Dec 4, 2023
@mxdvl mxdvl force-pushed the mxdvl/non-empty-cidr-ranges branch 2 times, most recently from 88063c2 to a10dbb7 Compare December 6, 2023 09:42
@mxdvl mxdvl removed the Stale label Dec 6, 2023
Copy link
Contributor

github-actions bot commented Jan 8, 2024

This PR is stale because it has been open 30 days with no activity. Unless a comment is added or the “stale” label removed, this will be closed in 3 days

@github-actions github-actions bot added the Stale label Jan 8, 2024
@mxdvl mxdvl force-pushed the mxdvl/non-empty-cidr-ranges branch from a10dbb7 to 5c92098 Compare January 8, 2024 16:10
@mxdvl mxdvl marked this pull request as ready for review January 8, 2024 16:10
@github-actions github-actions bot removed the Stale label Jan 9, 2024
Copy link
Contributor

github-actions bot commented Feb 8, 2024

This PR is stale because it has been open 30 days with no activity. Unless a comment is added or the “stale” label removed, this will be closed in 3 days

@github-actions github-actions bot added the Stale label Feb 8, 2024
*
* You should, for example, use Google Auth for human access,
* or a suitable machine auth mechanism, rather treating an
* access limited to the VPN as sufficient.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

good fix!

Copy link

@chrislomaxjones chrislomaxjones left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice improvement @mxdvl!

This change introduces a type error to src/patterns/ec2-app/framework.ts, do you want to fix that as part of this PR? Perhaps the GuWorkerPlayApp will need to take at least one CIDR range as a parameter (assuming it's up to the caller to specify one?).

@mxdvl
Copy link
Contributor Author

mxdvl commented Feb 8, 2024

This change introduces a type error to src/patterns/ec2-app/framework.ts, do you want to fix that as part of this PR? Perhaps the GuWorkerPlayApp will need to take at least one CIDR range as a parameter (assuming it's up to the caller to specify one?).

Yes, is that correct? I was wondering whether the example was correct or not and whether my assumption about CIDR ranges made sense in practice.

@AshCorr
Copy link
Member

AshCorr commented Mar 7, 2024

Am I mistaken in thinking this change would force Apps to have atleast one Ingress that uses a IP based filter?

I'm not sure thats behaviour that we would want, apps may want to use more sophisticated methods of limiting access such as only allowing traffic from specific security groups to access the app.

@mxdvl mxdvl closed this Mar 7, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants