Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(pipeline): allow additional policy to build role #3709

Merged
merged 11 commits into from
Jul 13, 2022
Merged

feat(pipeline): allow additional policy to build role #3709

merged 11 commits into from
Jul 13, 2022

Conversation

paragbhingre
Copy link
Contributor

@paragbhingre paragbhingre commented Jul 1, 2022
edited by efekarakus
Loading

Resolves #2755

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the Apache 2.0 License.

@paragbhingre paragbhingre requested a review from a team as a code owner July 1, 2022 19:58
@paragbhingre paragbhingre requested review from iamhopaul123 and removed request for a team July 1, 2022 19:58
dannyrandall
dannyrandall reviewed Jul 5, 2022
View reviewed changes
internal/pkg/manifest/pipeline.go Outdated
Buildspec string `yaml:"buildspec,omitempty"`
Image string `yaml:"image"`
Buildspec string `yaml:"buildspec,omitempty"`
AdditionalPolicy *AdditionalPolicy `yaml:"additional_policy,omitempty"`
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

what would you think about just having this as yaml.Node or map[string]any and marshaling it directly into the pipeline template? and just letting cloudformation do the validation?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Agreed. I think right now it is pretty much the same as what CFN has (we don't do any abstraction or setting default values for them). We could just let them specify the json policy document as a string.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The only thing I thought of is CFN template errors are little difficult for the customers to understand and solve that is why I kept it this way that we will guide customers with more user friendly errors.

Copy link
Contributor

@iamhopaul123 iamhopaul123 Jul 5, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah but additional policies is a pretty advanced feature and most likely those users who need to specify additional policies they already have the json policy document handy.

efekarakus
efekarakus reviewed Jul 6, 2022
View reviewed changes
Copy link
Contributor

@efekarakus efekarakus left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yay awesome, this will provide a lot more flexibility to customers! 🎉

Is it also possible to add a local integration test in for example

copilot-cli/internal/pkg/deploy/cloudformation/stack/bb_pipeline_integration_test.go

Line 25 in 1caa364

func TestBB_Pipeline_Template(t *testing.T) {
to make sure the additonal policy is rendered in the template?

efekarakus
efekarakus reviewed Jul 8, 2022
View reviewed changes
Copy link
Contributor

@efekarakus efekarakus left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks great! We can :shipit: after fixing the integ test

@efekarakus efekarakus changed the title feat(pipeline): build project role addon policies feat(pipeline): allow additional policy to build role Jul 8, 2022
@iamhopaul123 iamhopaul123 added the do-not-merge Pull requests that mergify shouldn't merge until the requester allows it. label Jul 8, 2022
dannyrandall
dannyrandall approved these changes Jul 11, 2022
View reviewed changes
Copy link
Contributor

@dannyrandall dannyrandall left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

just some small things but looks good!!

@huanjani
Copy link
Contributor

Resolves #1689, #2546, #2535, #2104

@paragbhingre paragbhingre mentioned this pull request Jul 13, 2022
Merged
@paragbhingre paragbhingre removed the do-not-merge Pull requests that mergify shouldn't merge until the requester allows it. label Jul 13, 2022
@mergify mergify bot merged commit 86703f1 into aws:mainline Jul 13, 2022
mergify bot pushed a commit that referenced this pull request Jul 18, 2022
@paragbhingre
docs: add additional policy document (#3755)
96bbcd5 
Related to: [3709](#3709)
@paragbhingre paragbhingre deleted the buildProjectRoleAddonPolicies branch January 26, 2023 07:27
@Lou1415926 Lou1415926 mentioned this pull request May 23, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dannyrandall dannyrandall dannyrandall approved these changes

@efekarakus efekarakus efekarakus approved these changes

@iamhopaul123 iamhopaul123 Awaiting requested review from iamhopaul123 iamhopaul123 is a code owner automatically assigned from aws/aws-ecs-devx

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Feature request: build project role addon policies
5 participants
@paragbhingre @huanjani @efekarakus @dannyrandall @iamhopaul123