fix(lambda): Function allows specifying vpcSubnets without vpc

[laurelmay]

This is almost certainly never something that a user would intend.
As-is, vpcSubnets does nothing if vpc is unspecified, so the Lambda
Function would have no interfaces placed in a VPC. This is unlikely to be what
a user would have expected if they passed a set of private subnets. This
should be an error to prevent users from accidentally thinking they've
put a Lambda Function into a VPC.

If throwing an Error is a breaking change and not acceptable, then
perhaps at least a Warning Annotation should be added in this case.

This is motivated by the feedback received during review of #21357.

---

All Submissions:

• Have you followed the guidelines in our Contributing guide?

Adding new Unconventional Dependencies:

• This PR adds new unconventional dependencies following the process described here

New Features

• Have you added the new feature to an integration test?
  • Did you use yarn integ to deploy the infrastructure and generate the snapshot (i.e. yarn integ without --dry-run)?

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

[gitpod-io]

[corymhall]

I think I'm fine with this change given that it does not cause any changes to the deployed infra.

One nit - can you put this check in the configureVpc method? It feels like it should go there since that is where the other checks are.

Pull request has been modified.

[laurelmay]

Hoping the failure on ec5cd4f is fixed by #21374 and therefore the merge from main.

[TheRealAmazonKendra]

Just a couple of stylistic suggestions.

[TheRealAmazonKendra]

Suggested change

	if (!props.vpc) {
	if (props.vpcSubnets) {
	if (!props.vpc && props.vpcSubnets) {

[laurelmay]

I thought about doing this, but there's the return undefined; after the inner if. So it'd have to be rewritten as:

if (!props.vpc && props.vpcSubnets) {
  throw new Error("...");
} else if (!props.vpc) {
  return undefined
}

which felt a little messy and maybe more confusing to repeat half of the condition?

Actually mean to include a note/question about this when I pushed the new commit but got distracted by the failing build 😄 So I'm happy to making the change but just want to make sure that this is the desired outcome?

[TheRealAmazonKendra]

No need for you to revise because of a small stylistic difference. I only made the suggestion because I was also making the suggestion to change the error message. Otherwise, I would have just plain approved since @corymhall is also in favor.

[TheRealAmazonKendra]

But also, I didn't notice that the error message above was infinitely better than the one I suggested. So, sorry, one more suggested change to that.

[laurelmay]

All good! And I meant "meant to" instead of "mean to" -- oops, sorta changes the tone. But in any case, thanks for the feedback on the error message. I read https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md#error-messages and I think ended up writing something too wordy; this one is much clearer!

Pull request has been modified.

[TheRealAmazonKendra]

I should have looked at the code directly above and made my suggestion to align to that. Sorry for the extra back and forth!

[TheRealAmazonKendra]

But also, I didn't notice that the error message above was infinitely better than the one I suggested. So, sorry, one more suggested change to that.

[TheRealAmazonKendra]

Aaand then I hit the wrong button...

Pull request has been modified.

[laurelmay]

Not sure what's up with the CodeBuild failure this time around -- it doesn't really feel related to anything that's changed and running the integ-runner tests locally doesn't result in a failure. I think I'm just going to hope it's a one-off issue and that re-triggering a build fixes it? But I don't know how to ask CodeBuild to rebuild without a new commit so I'll just click the Update branch button? 🤷🏻

@aws-cdk/integ-runner: FAIL test/runner/snapshot-test-runner.test.js
@aws-cdk/integ-runner:   ● IntegTest runSnapshotTests › with defaults no diff
@aws-cdk/integ-runner:     Cannot read integ manifest 'test/test-data/test-with-snapshot.integ.snapshot/manifest.json': Unexpected end of JSON input
@aws-cdk/integ-runner:       32 |
@aws-cdk/integ-runner:       33 |     } catch (e) {
@aws-cdk/integ-runner:     > 34 |       throw new Error(`Cannot read integ manifest '${fileName}': ${e.message}`);
@aws-cdk/integ-runner:          |             ^
@aws-cdk/integ-runner:       35 |     }
@aws-cdk/integ-runner:       36 |   }
@aws-cdk/integ-runner:       37 |
@aws-cdk/integ-runner:       at Function.fromFile (lib/runner/private/cloud-assembly.ts:34:13)
@aws-cdk/integ-runner:       at Function.fromPath (lib/runner/private/cloud-assembly.ts:51:37)
@aws-cdk/integ-runner:       at IntegSnapshotRunner.readAssembly (lib/runner/snapshot-test-runner.ts:223:45)
@aws-cdk/integ-runner:       at IntegSnapshotRunner.testSnapshot (lib/runner/snapshot-test-runner.ts:55:33)
@aws-cdk/integ-runner:       at Object.<anonymous> (test/runner/snapshot-test-runner.test.ts:55:31)

[mergify]

Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

[aws-cdk-automation]

AWS CodeBuild CI Report

• CodeBuild project: AutoBuildv2Project1C6BFA3F-wQm2hXv2jqQv
• Commit ID: 6512acb
• Result: SUCCEEDED
• Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

[mergify]

Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).