fix(amplify-provider-awscloudformation): consolidate REST API policies #6904
Conversation
Codecov Report
@@ Coverage Diff @@
## master #6904 +/- ##
=======================================
Coverage 56.43% 56.43%
=======================================
Files 445 445
Lines 21859 21859
Branches 4373 4373
=======================================
Hits 12336 12336
Misses 8745 8745
Partials 778 778 Continue to review full report at Codecov.
|
packages/amplify-provider-awscloudformation/src/utils/consolidate-apigw-policies.ts
Outdated
Show resolved
Hide resolved
packages/amplify-provider-awscloudformation/src/utils/consolidate-apigw-policies.ts
Outdated
Show resolved
Hide resolved
packages/amplify-provider-awscloudformation/src/utils/consolidate-apigw-policies.ts
Outdated
Show resolved
Hide resolved
packages/amplify-provider-awscloudformation/src/utils/consolidate-apigw-policies.ts
Outdated
Show resolved
Hide resolved
|
Discussed Offline , Some nits Otherwise LGTM!! |
...lify-category-api/src/__tests__/provider-utils/awscloudformation/legacy-add-resource.test.ts
Outdated
Show resolved
Hide resolved
...y-category-api/src/__tests__/provider-utils/awscloudformation/legacy-update-resource.test.ts
Outdated
Show resolved
Hide resolved
| ]); | ||
| } | ||
|
|
||
| function computePolicySizeIncrease(methodLength: number, pathLength: number, nameLength: number): number { |
There was a problem hiding this comment.
does this compute an increase, or just the new policy size?
There was a problem hiding this comment.
It computes the increase, and is added to the current policy size on line 122.
| // Initial size of 100 for version, statement, etc. | ||
| options.policyDocSize = 100 + policySizeIncrease; | ||
| options.roleCount++; | ||
| options.managedPolicy = createManagedPolicy(this, `${namePrefix}${options.roleCount}`, (roleName as unknown) as string); |
There was a problem hiding this comment.
won't this overwrite the previous policy on each iteration?
There was a problem hiding this comment.
Only when a new policy needs to be created (either because it's the first iteration, or because the current policy is "full").
packages/amplify-provider-awscloudformation/src/utils/consolidate-apigw-policies.ts
Outdated
Show resolved
Hide resolved
| type: 'String', | ||
| }); | ||
|
|
||
| const state: ApiGatewayPolicyCreationState = { |
There was a problem hiding this comment.
why does this need to be outside of the forEach closure below?
There was a problem hiding this comment.
It doesn't strictly need to be. I hoisted it out of that loop to avoid creating a bunch of extra garbage objects. It could be hoisted up even further, but my thought was that the number of API gateways is probably small, but the number of paths could be a good bit larger.
| ':', | ||
| api, | ||
| '/', | ||
| (cdk.Fn.conditionIf('ShouldNotCreateEnvResources', 'Prod', env) as unknown) as string, |
There was a problem hiding this comment.
why is 'Prod' the default here?
There was a problem hiding this comment.
That's the current behavior in packages/amplify-category-api/resources/awscloudformation/cloudformation-templates/apigw-cloudformation-template-default.json.ejs.
packages/amplify-provider-awscloudformation/src/utils/consolidate-apigw-policies.ts
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
It looks good in general as we discussed offline, a few points:
- Check with @renebrandel about the necessity of feature flags based on the scenarios we talked about
- Remove manual upload code and put the policy stack beside the root stack template, so it will be present in current cloud backend zip
- It would be nice to only regenerate this stack during push if ANY of the apigw resources are having changes, otherwise no reason to do so
|
This pull request introduces 1 alert when merging 8f02597 into 3b6298d - view on LGTM.com new alerts:
|
packages/amplify-category-api/src/provider-utils/awscloudformation/legacy-add-resource.ts
Outdated
Show resolved
Hide resolved
packages/amplify-provider-awscloudformation/src/utils/consolidate-apigw-policies.ts
Outdated
Show resolved
Hide resolved
This commit updates the REST API IAM policy logic. Instead of using an inline policy per REST API, the logic now combines multiple REST API policies into managed IAM policies. Refs: #2084
github-actions
bot
added
the
referenced-in-release
|
👋 Hi, this pull request was referenced in the v4.50.0 release! Check out the release notes here https://github.com/aws-amplify/amplify-cli/releases/tag/v4.50.0. |
Issue #, if available: #2084
Description of changes:
This commit updates the REST API IAM policy logic. Instead of using an inline policy per REST API, the logic now combines multiple REST API policies into managed IAM policies.
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.