Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Aspect to enforce unique app/region/stack on lambdas #2567

Open
wants to merge 6 commits into
base: main
Choose a base branch
from
Open

Aspect to enforce unique app/region/stack on lambdas #2567

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
f3854bf
Aspect to enforce unque app-regoin-stack
Jakeii Jan 24, 2025
884e231
update test import
Jakeii Jan 24, 2025
b0cf7b9
fix circular dependency
Jakeii Jan 24, 2025
c3a9601
update multiple lambdas pattern test
Jakeii Jan 24, 2025
f5ddf8b
better way to resolve cicrular dependency
Jakeii Jan 24, 2025
0aaed07
changeset
Jakeii Jan 24, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 7 additions & 0 deletions .changeset/silent-kids-bathe.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
---
"@guardian/cdk": major
---

Enforce unique app/region/stack combination on `GuLambdaFunction`

This is a breaking change as it will break builds for projects not using unique app/region/stack on their lambdas.
44 changes: 44 additions & 0 deletions src/aspects/unique-lambda-app-region-stack.test.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,44 @@
import { App, Stack } from "aws-cdk-lib";
import { Runtime } from "aws-cdk-lib/aws-lambda";
import { GuStack } from "../constructs/core";
import { GuLambdaFunction } from "../constructs/lambda";
import { UniqueLambdaAppRegionStackAspect } from "./unique-lambda-app-region-stack";

const testLambdaProps = { handler: "index.handler", fileName: "test", runtime: Runtime.NODEJS_20_X };
describe("UniqueAppRegionStackAspect", () => {
let stack: GuStack;
let aspect: UniqueLambdaAppRegionStackAspect;

beforeEach(() => {
stack = new GuStack(new App(), "TestStack", { stack: "test", stage: "CODE" });
aspect = new UniqueLambdaAppRegionStackAspect(stack);
});

it("should allow unique app combinations", () => {
const lambda1 = new GuLambdaFunction(stack, "Lambda1", { ...testLambdaProps, app: "app1" });
const lambda2 = new GuLambdaFunction(stack, "Lambda2", { ...testLambdaProps, app: "app2" });

expect(() => {
aspect.visit(lambda1);
aspect.visit(lambda2);
}).not.toThrow();
});

it("should throw error for duplicate app combinations", () => {
const lambda1 = new GuLambdaFunction(stack, "Lambda1", { ...testLambdaProps, app: "app1" });
const lambda2 = new GuLambdaFunction(stack, "Lambda2", { ...testLambdaProps, app: "app1" });

expect(() => {
aspect.visit(lambda1);
aspect.visit(lambda2);
}).toThrow("GuLambdaFunction must have a unique combination of app, region and stack");
});

it("should ignore non-GuLambdaFunction constructs", () => {
const nonLambdaConstruct = new Stack();

expect(() => {
aspect.visit(nonLambdaConstruct);
}).not.toThrow();
});
});
27 changes: 27 additions & 0 deletions src/aspects/unique-lambda-app-region-stack.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
import type { IAspect, Stack } from "aws-cdk-lib";
import type { IConstruct } from "constructs";
import { GuLambdaFunction } from "../constructs/lambda";

export class UniqueLambdaAppRegionStackAspect implements IAspect {
readonly stack: Stack;
private seenCombinations = new Set<string>();

// eslint-disable-next-line custom-rules/valid-constructors -- doesn't apply here
public constructor(stack: Stack) {
this.stack = stack;
}

public visit(node: IConstruct): void {
if (node instanceof GuLambdaFunction) {
const combination = `${this.stack.region}:${this.stack.stackName}:${node.app}`;

if (this.seenCombinations.has(combination)) {
throw new Error(
`GuLambdaFunction must have a unique combination of app, region and stack. Found duplicate: ${node.app}`,
);
}

this.seenCombinations.add(combination);
}
}
}
2 changes: 2 additions & 0 deletions src/constructs/core/stack.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ import gitUrlParse from "git-url-parse";
import { CfnIncludeReporter } from "../../aspects/cfn-include-reporter";
import { CfnParameterReporter } from "../../aspects/cfn-parameter-reporter";
import { Metadata } from "../../aspects/metadata";
import { UniqueLambdaAppRegionStackAspect } from "../../aspects/unique-lambda-app-region-stack";
import { ContextKeys, MetadataKeys, TrackingTag } from "../../constants";
import { gitRemoteOriginUrl } from "../../utils/git";
import type { StackStageIdentity } from "./identity";
Expand Down Expand Up @@ -151,6 +152,7 @@ export class GuStack extends Stack implements StackStageIdentity {

Aspects.of(this).add(new CfnIncludeReporter());
Aspects.of(this).add(new CfnParameterReporter());
Aspects.of(this).add(new UniqueLambdaAppRegionStackAspect(this));
}

/**
Expand Down
7 changes: 4 additions & 3 deletions src/constructs/lambda/lambda.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,10 +7,11 @@ import { Bucket } from "aws-cdk-lib/aws-s3";
import { StringParameter } from "aws-cdk-lib/aws-ssm";
import { GuDistributable } from "../../types";
import type { GuLambdaErrorPercentageMonitoringProps, GuLambdaThrottlingMonitoringProps } from "../cloudwatch";
import { GuLambdaErrorPercentageAlarm, GuLambdaThrottlingAlarm } from "../cloudwatch";
import { GuLambdaErrorPercentageAlarm, GuLambdaThrottlingAlarm } from "../cloudwatch/lambda-alarms";
import type { GuStack } from "../core";
import { AppIdentity, GuDistributionBucketParameter } from "../core";
import { ReadParametersByName, ReadParametersByPath } from "../iam";
import { AppIdentity } from "../core/identity";
import { GuDistributionBucketParameter } from "../core/parameters/s3";
import { ReadParametersByName, ReadParametersByPath } from "../iam/policies/parameter-store-read";

export interface GuFunctionProps extends GuDistributable, Omit<FunctionProps, "code">, AppIdentity {
/**
Expand Down
56 changes: 28 additions & 28 deletions src/patterns/__snapshots__/api-multiple-lambdas.test.ts.snap
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -740,11 +740,11 @@ exports[`The GuApiGatewayWithLambdaByPath pattern should create the correct reso
"S3Bucket": {
"Ref": "DistributionBucketName",
},
"S3Key": "test-stack/TEST/testing/my-app-4.zip",
"S3Key": "test-stack/TEST/my-app-4/my-app-4.zip",
},
"Environment": {
"Variables": {
"APP": "testing",
"APP": "my-app-4",
"STACK": "test-stack",
"STAGE": "TEST",
},
Expand All @@ -764,7 +764,7 @@ exports[`The GuApiGatewayWithLambdaByPath pattern should create the correct reso
"Tags": [
{
"Key": "App",
"Value": "testing",
"Value": "my-app-4",
},
{
"Key": "gu:cdk:version",
Expand Down Expand Up @@ -818,7 +818,7 @@ exports[`The GuApiGatewayWithLambdaByPath pattern should create the correct reso
"Tags": [
{
"Key": "App",
"Value": "testing",
"Value": "my-app-4",
},
{
"Key": "gu:cdk:version",
Expand Down Expand Up @@ -879,7 +879,7 @@ exports[`The GuApiGatewayWithLambdaByPath pattern should create the correct reso
{
"Ref": "DistributionBucketName",
},
"/test-stack/TEST/testing/my-app-4.zip",
"/test-stack/TEST/my-app-4/my-app-4.zip",
],
],
},
Expand All @@ -900,7 +900,7 @@ exports[`The GuApiGatewayWithLambdaByPath pattern should create the correct reso
{
"Ref": "AWS::AccountId",
},
":parameter/TEST/test-stack/testing",
":parameter/TEST/test-stack/my-app-4",
],
],
},
Expand All @@ -923,7 +923,7 @@ exports[`The GuApiGatewayWithLambdaByPath pattern should create the correct reso
{
"Ref": "AWS::AccountId",
},
":parameter/TEST/test-stack/testing/*",
":parameter/TEST/test-stack/my-app-4/*",
],
],
},
Expand All @@ -950,11 +950,11 @@ exports[`The GuApiGatewayWithLambdaByPath pattern should create the correct reso
"S3Bucket": {
"Ref": "DistributionBucketName",
},
"S3Key": "test-stack/TEST/testing/my-app-1.zip",
"S3Key": "test-stack/TEST/my-app-1/my-app-1.zip",
},
"Environment": {
"Variables": {
"APP": "testing",
"APP": "my-app-1",
"STACK": "test-stack",
"STAGE": "TEST",
},
Expand All @@ -974,7 +974,7 @@ exports[`The GuApiGatewayWithLambdaByPath pattern should create the correct reso
"Tags": [
{
"Key": "App",
"Value": "testing",
"Value": "my-app-1",
},
{
"Key": "gu:cdk:version",
Expand Down Expand Up @@ -1036,7 +1036,7 @@ exports[`The GuApiGatewayWithLambdaByPath pattern should create the correct reso
{
"Ref": "DistributionBucketName",
},
"/test-stack/TEST/testing/my-app-1.zip",
"/test-stack/TEST/my-app-1/my-app-1.zip",
],
],
},
Expand All @@ -1057,7 +1057,7 @@ exports[`The GuApiGatewayWithLambdaByPath pattern should create the correct reso
{
"Ref": "AWS::AccountId",
},
":parameter/TEST/test-stack/testing",
":parameter/TEST/test-stack/my-app-1",
],
],
},
Expand All @@ -1080,7 +1080,7 @@ exports[`The GuApiGatewayWithLambdaByPath pattern should create the correct reso
{
"Ref": "AWS::AccountId",
},
":parameter/TEST/test-stack/testing/*",
":parameter/TEST/test-stack/my-app-1/*",
],
],
},
Expand Down Expand Up @@ -1128,7 +1128,7 @@ exports[`The GuApiGatewayWithLambdaByPath pattern should create the correct reso
"Tags": [
{
"Key": "App",
"Value": "testing",
"Value": "my-app-1",
},
{
"Key": "gu:cdk:version",
Expand Down Expand Up @@ -1160,11 +1160,11 @@ exports[`The GuApiGatewayWithLambdaByPath pattern should create the correct reso
"S3Bucket": {
"Ref": "DistributionBucketName",
},
"S3Key": "test-stack/TEST/testing/my-app-3.zip",
"S3Key": "test-stack/TEST/my-app-3/my-app-3.zip",
},
"Environment": {
"Variables": {
"APP": "testing",
"APP": "my-app-3",
"STACK": "test-stack",
"STAGE": "TEST",
},
Expand All @@ -1184,7 +1184,7 @@ exports[`The GuApiGatewayWithLambdaByPath pattern should create the correct reso
"Tags": [
{
"Key": "App",
"Value": "testing",
"Value": "my-app-3",
},
{
"Key": "gu:cdk:version",
Expand Down Expand Up @@ -1238,7 +1238,7 @@ exports[`The GuApiGatewayWithLambdaByPath pattern should create the correct reso
"Tags": [
{
"Key": "App",
"Value": "testing",
"Value": "my-app-3",
},
{
"Key": "gu:cdk:version",
Expand Down Expand Up @@ -1299,7 +1299,7 @@ exports[`The GuApiGatewayWithLambdaByPath pattern should create the correct reso
{
"Ref": "DistributionBucketName",
},
"/test-stack/TEST/testing/my-app-3.zip",
"/test-stack/TEST/my-app-3/my-app-3.zip",
],
],
},
Expand All @@ -1320,7 +1320,7 @@ exports[`The GuApiGatewayWithLambdaByPath pattern should create the correct reso
{
"Ref": "AWS::AccountId",
},
":parameter/TEST/test-stack/testing",
":parameter/TEST/test-stack/my-app-3",
],
],
},
Expand All @@ -1343,7 +1343,7 @@ exports[`The GuApiGatewayWithLambdaByPath pattern should create the correct reso
{
"Ref": "AWS::AccountId",
},
":parameter/TEST/test-stack/testing/*",
":parameter/TEST/test-stack/my-app-3/*",
],
],
},
Expand All @@ -1370,11 +1370,11 @@ exports[`The GuApiGatewayWithLambdaByPath pattern should create the correct reso
"S3Bucket": {
"Ref": "DistributionBucketName",
},
"S3Key": "test-stack/TEST/testing/my-app-2.zip",
"S3Key": "test-stack/TEST/my-app-2/my-app-2.zip",
},
"Environment": {
"Variables": {
"APP": "testing",
"APP": "my-app-2",
"STACK": "test-stack",
"STAGE": "TEST",
},
Expand All @@ -1394,7 +1394,7 @@ exports[`The GuApiGatewayWithLambdaByPath pattern should create the correct reso
"Tags": [
{
"Key": "App",
"Value": "testing",
"Value": "my-app-2",
},
{
"Key": "gu:cdk:version",
Expand Down Expand Up @@ -1448,7 +1448,7 @@ exports[`The GuApiGatewayWithLambdaByPath pattern should create the correct reso
"Tags": [
{
"Key": "App",
"Value": "testing",
"Value": "my-app-2",
},
{
"Key": "gu:cdk:version",
Expand Down Expand Up @@ -1509,7 +1509,7 @@ exports[`The GuApiGatewayWithLambdaByPath pattern should create the correct reso
{
"Ref": "DistributionBucketName",
},
"/test-stack/TEST/testing/my-app-2.zip",
"/test-stack/TEST/my-app-2/my-app-2.zip",
],
],
},
Expand All @@ -1530,7 +1530,7 @@ exports[`The GuApiGatewayWithLambdaByPath pattern should create the correct reso
{
"Ref": "AWS::AccountId",
},
":parameter/TEST/test-stack/testing",
":parameter/TEST/test-stack/my-app-2",
],
],
},
Expand All @@ -1553,7 +1553,7 @@ exports[`The GuApiGatewayWithLambdaByPath pattern should create the correct reso
{
"Ref": "AWS::AccountId",
},
":parameter/TEST/test-stack/testing/*",
":parameter/TEST/test-stack/my-app-2/*",
],
],
},
Expand Down
Loading
Loading