feat(ecs): add managed storage configuration to Cluster and tests #36500
Conversation
github-actions
bot
added
feature-request
…sters - Updated the `fromClusterAttributes` method to accept `managedStorageConfiguration` including a KMS key. - Enhanced the integration test to verify the accessibility of `managedStorageConfiguration` on imported clusters. - Updated documentation to reflect the new capability of importing clusters with managed storage configuration.
aws-cdk-automation
dismissed
their stale review
✅ Updated pull request passes all PRLinter validations. Dismissing previous PRLinter review.
|
|
||||||||||||||
|
|
||||||||||||||
aws-cdk-automation
added
the
pr/needs-community-review
badmintoncryer
left a comment
badmintoncryer
left a comment
There was a problem hiding this comment.
Thank you for your contribution!!
I'm still unclear about the purpose of adding managedStorageConfiguration as an argument to fromAttributes().
In the case of executeCommandConfiguration, it's included as an argument because it's required by the permission-granting function in base-service.ts.
Is there a similar intention to add permission-granting functions for managedStorageConfiguration in the future?
Or is the goal simply to enable cross-stack references, instead of passing the KMS key directly, you pass the imported cluster and retrieve the KMS key from it? Is that the correct understanding?
| // Verify that managedStorageConfiguration is accessible on imported cluster | ||
| if (!importedCluster.managedStorageConfiguration) { | ||
| throw new Error('managedStorageConfiguration should be defined on imported cluster'); | ||
| } | ||
|
|
There was a problem hiding this comment.
This test is not executed in integ test normally. I think it is enough to remove these lines.
| // Verify that managedStorageConfiguration is accessible on imported cluster | |
| if (!importedCluster.managedStorageConfiguration) { | |
| throw new Error('managedStorageConfiguration should be defined on imported cluster'); | |
| } |
aws-cdk-automation
removed
the
pr/needs-community-review
|
The implementation itself seems good, so I'm planning to approve after understanding the background! |
|
@badmintoncryer You're absolutely right about the similar pattern to When users import a cluster from another stack, they may need to access the managed storage configuration, particularly the KMS key, for
So yes, your understanding is correct: instead of passing the KMS key directly, users can pass the imported cluster and retrieve the KMS key from it via While there's no immediate plan to add automatic permission-granting functions specifically for |
…romClusterAttributes
badmintoncryer
left a comment
badmintoncryer
left a comment
There was a problem hiding this comment.
Thank you for your clarification!
aws-cdk-automation
added
the
pr/needs-maintainer-review
badmintoncryer
left a comment
badmintoncryer
left a comment
There was a problem hiding this comment.
I forgot to add a minor comment.
| declare const vpc: ec2.Vpc; | ||
| declare const key: kms.Key; |
There was a problem hiding this comment.
We can use interface of constructs.
| declare const vpc: ec2.Vpc; | |
| declare const key: kms.Key; | |
| declare const vpc: ec2.IVpc; | |
| declare const key: kms.IKey; |
3 participants
Issue # (if applicable)
Closes #36499
Reason for this change
Description of changes
Expose
managedStorageConfigurationproperty on theIClusterinterface, following the same pattern asexecuteCommandConfiguration.Changes:
managedStorageConfigurationtoIClusterinterfacemanagedStorageConfigurationtoClusterAttributesinterfaceClusterclassImportedClusterclassDescription of how you validated changes
Checklist
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license