Skip to content

fix(pipelines): cannot publish assets to more than 35 environments#21010

Merged
mergify[bot] merged 10 commits intomainfrom
huijbers/pipes-assets
Jul 7, 2022
Merged

fix(pipelines): cannot publish assets to more than 35 environments#21010
mergify[bot] merged 10 commits intomainfrom
huijbers/pipes-assets

Conversation

@rix0rrr
Copy link
Copy Markdown
Contributor

@rix0rrr rix0rrr commented Jul 6, 2022
edited
Loading

We used to use Lazy.list() to render the list of Role ARNs that the
Asset Publishing Role needs to assume.

The Lazy list cannot be split up, meaning the overflow rendering logic
we recently added cannot apply to this policy. Turn the lazy list into
mutating a policy statement in-place, so the policy overflow logic can
split the policy statement into multiple managed policies.

Also in this PR:

  • To keep the tests behavior consistent (on whether arrays get rendered to the Resource field in statements or not, regardless of exactly which code path is taken), change the behavior of PolicyStatement, have it eagerly dedupe in memory.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

@rix0rrr
fix(pipelines): cannot publish assets to more than 35 environments
4c17f00 
We used to use `Lazy.list()` to render the list of Role ARNs that the
Asset Publishing Role needs to assume.

The Lazy list cannot be split up, meaning the overflow rendering logic
we recently added cannot apply to this policy. Turn the lazy list into
mutating a policy statement in-place, so the policy overflow logic can
split the policy statement into multiple managed policies.
@rix0rrr rix0rrr requested a review from a team July 6, 2022 10:09
@rix0rrr rix0rrr self-assigned this Jul 6, 2022
@gitpod-io
Copy link
Copy Markdown

gitpod-io bot commented Jul 6, 2022

@aws-cdk-automation aws-cdk-automation requested a review from a team July 6, 2022 10:09
@github-actions github-actions bot added the p2 label Jul 6, 2022
@mergify mergify bot added the contribution/core This is a PR that came from AWS. label Jul 6, 2022
RomainMuller
RomainMuller approved these changes Jul 7, 2022
View reviewed changes
packages/@aws-cdk/pipelines/lib/legacy/pipeline.ts
private readonly MAX_PUBLISHERS_PER_STAGE = 50;

private readonly publishers: Record<string, PublishAssetsAction> = {};
private readonly assetRoles: Record<string, iam.IRole> = {};
Copy link
Copy Markdown
Contributor

@RomainMuller RomainMuller Jul 7, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

❤️

@RomainMuller RomainMuller added the pr/do-not-merge This PR should not be merged at this time. label Jul 7, 2022
rix0rrr and others added 3 commits July 7, 2022 12:25
@rix0rrr @RomainMuller
Update packages/@aws-cdk/aws-iam/lib/policy-statement.ts
6d3feec 
Co-authored-by: Romain Marcadier <rmuller@amazon.com>
@rix0rrr @RomainMuller
Update packages/@aws-cdk/aws-iam/lib/policy-statement.ts
322cb1c 
Co-authored-by: Romain Marcadier <rmuller@amazon.com>
@rix0rrr @RomainMuller
Update packages/@aws-cdk/aws-iam/lib/policy-statement.ts
118711d 
Co-authored-by: Romain Marcadier <rmuller@amazon.com>
@rix0rrr rix0rrr removed the pr/do-not-merge This PR should not be merged at this time. label Jul 7, 2022
@mergify
Copy link
Copy Markdown
Contributor

mergify bot commented Jul 7, 2022

Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

@mergify
Copy link
Copy Markdown
Contributor

mergify bot commented Jul 7, 2022

Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

@aws-cdk-automation
Copy link
Copy Markdown
Collaborator

aws-cdk-automation commented Jul 7, 2022

AWS CodeBuild CI Report

  • CodeBuild project: AutoBuildv2Project1C6BFA3F-wQm2hXv2jqQv
  • Commit ID: 1b38af8
  • Result: SUCCEEDED
  • Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

@mergify mergify bot merged commit 4b4af84 into main Jul 7, 2022
@mergify mergify bot deleted the huijbers/pipes-assets branch July 7, 2022 21:53
@mergify
Copy link
Copy Markdown
Contributor

mergify bot commented Jul 7, 2022

Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

daschaa pushed a commit to daschaa/aws-cdk that referenced this pull request Jul 9, 2022
@rix0rrr @daschaa
fix(pipelines): cannot publish assets to more than 35 environments (a…
c3b9091 
…ws#21010)

We used to use `Lazy.list()` to render the list of Role ARNs that the
Asset Publishing Role needs to assume.

The Lazy list cannot be split up, meaning the overflow rendering logic
we recently added cannot apply to this policy. Turn the lazy list into
mutating a policy statement in-place, so the policy overflow logic can
split the policy statement into multiple managed policies.

Also in this PR:

- To keep the tests behavior consistent (on whether arrays get rendered to the `Resource` field in statements or not, regardless of exactly which code path is taken), change the behavior of `PolicyStatement`, have it eagerly dedupe in memory.


----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@RomainMuller RomainMuller RomainMuller approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@rix0rrr rix0rrr

Labels

contribution/core This is a PR that came from AWS. p2

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@rix0rrr @aws-cdk-automation @RomainMuller