Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(stepfunctions): disabling logging still requires LogGroup #30816

Open
wants to merge 8 commits into
base: main
Choose a base branch
from

Conversation

Tietew
Copy link
Contributor

@Tietew Tietew commented Jul 10, 2024

Issue # (if applicable)

Closes #30814.

Reason for this change

To disable logging on a StateMachine (with logging enabled), we should specify LogLevel.OFF to LogOptions.level. But cannot remove the LogGroup because LogOptions.destination is required.

new sfn.StateMachine(this, 'StateMachine', {
  definitionBody: ...,
  logs: { level: sfn.LogLevel.OFF } // allow to disable logging
});

Description of changes

  • Make LogOptions.destination optional.
  • Validate LogOptions.destination is present when LogOptions.level is not OFF.

Description of how you validated changes

Unit and integ tests that verify LogOptions.destination is opitional when LogOptions.level is OFF and throw an exception otherwise.

Checklist


By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

@github-actions github-actions bot added bug This issue is a bug. p2 labels Jul 10, 2024
@aws-cdk-automation aws-cdk-automation requested a review from a team July 10, 2024 10:20
@github-actions github-actions bot added the admired-contributor [Pilot] contributed between 13-24 PRs to the CDK label Jul 10, 2024
Copy link
Collaborator

@aws-cdk-automation aws-cdk-automation left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The pull request linter has failed. See the aws-cdk-automation comment below for failure reasons. If you believe this pull request should receive an exemption, please comment and provide a justification.

A comment requesting an exemption should contain the text Exemption Request. Additionally, if clarification is needed add Clarification Request to a comment.

@Tietew
Copy link
Contributor Author

Tietew commented Jul 10, 2024

Clarification Request
Existing integration tests do not include StateMachine with logging enabled.
Needed to add integ tests?

Added.

@aws-cdk-automation aws-cdk-automation added the pr/reviewer-clarification-requested The contributor has requested clarification on feedback, a failing build, or a failing PR Linter run label Jul 10, 2024
@aws-cdk-automation aws-cdk-automation added the pr/needs-community-review This PR needs a review from a Trusted Community Member or Core Team Member. label Jul 11, 2024
@aws-cdk-automation aws-cdk-automation dismissed their stale review July 11, 2024 03:25

✅ Updated pull request passes all PRLinter validations. Dismissing previous PRLinter review.

Comment on lines +512 to +514
if (logOptions.level !== LogLevel.OFF && !logOptions.destination) {
throw new Error('Logs destination is required when level is not OFF.');
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

shall this validation be done earlier (at line 427) with other validations instead?

if (!logs && !logs.level != LogLevel.OFF && !logs.destination) { ...

reasons for ask:

  • with current change, validations will be split across various places and as this file is big (and keep getting bigger), hence, it will become difficult to have complete picture of validation
  • ideally, caller shall not even call buildLoggingConfiguration if prerequisites are not met

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

added a separate validation method validateLogOptions()

Comment on lines 516 to 537
if (logOptions.destination) {
// https://docs.aws.amazon.com/step-functions/latest/dg/cw-logs.html#cloudwatch-iam-policy
this.addToRolePolicy(new iam.PolicyStatement({
effect: iam.Effect.ALLOW,
actions: [
'logs:CreateLogDelivery',
'logs:GetLogDelivery',
'logs:UpdateLogDelivery',
'logs:DeleteLogDelivery',
'logs:ListLogDeliveries',
'logs:PutResourcePolicy',
'logs:DescribeResourcePolicies',
'logs:DescribeLogGroups',
],
resources: ['*'],
}));
}

return {
destinations: [{
destinations: logOptions.destination ? [{
cloudWatchLogsLogGroup: { logGroupArn: logOptions.destination.logGroupArn },
}],
}] : undefined,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

if we do this like as follows - will it reduce need to check logOptions.destination twice and simplify a bit?

let destinations = undefined;
if (logOptions.destination) {
  // Policy addition
  destinations = [{
    cloudWatchLogsLogGroup: { logGroupArn: logOptions.destination.logGroupArn },
  }];
}

return {
  destinations,
  ...,
  level: logOptions.level || LogLevel.ERROR
}

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

updated.

*/
readonly destination: logs.ILogGroup;
readonly destination?: logs.ILogGroup;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

will this not be a breaking change for existing usage? example:

const logOptions: LogOptions = {
  destination: <LogGroup>
}

const stateMachine: StateMachine = new StateMachine(parent, 'ID', {
  logs: logOptions,
  ...
}
... 

stateMachine.logs.destination.logGroupName // Error
stateMachine.logs.destination!.logGroupName // Change needed

Some user(s) might be utilising ILogGroup's public properties from logOptions which will now cause issues because now such users will need to make non-null assertions before using such properties (e.g. with !)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

According to the jsii-diff documentation:

You are allowed to make inputs optional

So i think this change is not a breaking change.


expect(() => {
new sfn.StateMachine(stack, 'MyStateMachine', {
definitionBody: sfn.DefinitionBody.fromChainable(sfn.Chain.start(new sfn.Pass(stack, 'Pass'))),
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can we not directly pass new sfn.Pass(stack, 'Pass') to DefintionBody.fromChainable as Pass implements IChainable?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

it's just a copy & paste.
README also uses sfn.Chain.start() instead of bare sfn.Pass.

@Tietew Tietew changed the title fix(stepfunctions): make LogOptions.destination optional fix(stepfunctions): disabling logging still requires LogGroup Aug 22, 2024
@github-actions github-actions bot added the effort/small Small work item – less than a day of effort label Aug 22, 2024
Copy link

codecov bot commented Nov 20, 2024

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 77.18%. Comparing base (baa8561) to head (e0aacb9).

Additional details and impacted files
@@           Coverage Diff           @@
##             main   #30816   +/-   ##
=======================================
  Coverage   77.18%   77.18%           
=======================================
  Files         105      105           
  Lines        7161     7161           
  Branches     1312     1312           
=======================================
  Hits         5527     5527           
  Misses       1454     1454           
  Partials      180      180           
Flag Coverage Δ
suite.unit 77.18% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

Components Coverage Δ
packages/aws-cdk 77.18% <ø> (ø)
---- 🚨 Try these New Features:

@aws-cdk-automation
Copy link
Collaborator

AWS CodeBuild CI Report

  • CodeBuild project: AutoBuildv2Project1C6BFA3F-wQm2hXv2jqQv
  • Commit ID: e0aacb9
  • Result: SUCCEEDED
  • Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
admired-contributor [Pilot] contributed between 13-24 PRs to the CDK bug This issue is a bug. effort/small Small work item – less than a day of effort p2 pr/needs-community-review This PR needs a review from a Trusted Community Member or Core Team Member. pr/reviewer-clarification-requested The contributor has requested clarification on feedback, a failing build, or a failing PR Linter run
Projects
None yet
Development

Successfully merging this pull request may close these issues.

(stepfunctions): cannot disable StateMachine logging with removing LogGroup
3 participants