Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(rds): database proxy #8476

Merged
merged 8 commits into from
Jul 1, 2020
Merged

feat(rds): database proxy #8476

merged 8 commits into from
Jul 1, 2020

Conversation

civilizeddev
Copy link
Contributor

@civilizeddev civilizeddev commented Jun 10, 2020
edited by nija-at
Loading

closes #8475

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

@viktor-ku
Copy link

Cool, so I'll be able to take proxy.endpoint; and add it to lambda env vars to have access to my db?

@civilizeddev
Copy link
Contributor Author

civilizeddev commented Jun 12, 2020
edited
Loading

Cool, so I'll be able to take proxy.endpoint; and add it to lambda env vars to have access to my db?

@viktor-ku As for the endpoint, yes. But you still need to provide credentials to authenticate.

nija-at
nija-at previously requested changes Jun 16, 2020
View reviewed changes
Copy link
Contributor

@nija-at nija-at left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for submitting this PR!

I've requested some changes below, as a first round.

packages/@aws-cdk/aws-rds/lib/proxy.ts Outdated Show resolved Hide resolved
packages/@aws-cdk/aws-rds/lib/proxy.ts Outdated Show resolved Hide resolved
packages/@aws-cdk/aws-rds/lib/proxy.ts Outdated Show resolved Hide resolved
packages/@aws-cdk/aws-rds/lib/proxy.ts Outdated Show resolved Hide resolved
packages/@aws-cdk/aws-rds/lib/proxy.ts Outdated Show resolved Hide resolved
packages/@aws-cdk/aws-rds/lib/proxy.ts Outdated Show resolved Hide resolved
packages/@aws-cdk/aws-rds/lib/proxy.ts Outdated Show resolved Hide resolved
packages/@aws-cdk/aws-rds/lib/proxy.ts Outdated Show resolved Hide resolved
packages/@aws-cdk/aws-rds/README.md Outdated Show resolved Hide resolved
packages/@aws-cdk/aws-rds/README.md Outdated Show resolved Hide resolved
@mergify mergify bot dismissed nija-at’s stale review June 17, 2020 11:19

Pull request has been modified.

@civilizeddev
Copy link
Contributor Author

affected by #8686

nija-at
nija-at previously requested changes Jun 24, 2020
View reviewed changes
Copy link
Contributor

@nija-at nija-at left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@civilizeddev - sorry about the delayed response to this PR.

See some of my comments below.

packages/@aws-cdk/aws-rds/lib/proxy.ts Outdated Show resolved Hide resolved
packages/@aws-cdk/aws-rds/lib/proxy.ts Outdated
Comment on lines 191 to 197
/**
* The kinds of databases that the proxy can connect to.
* This value determines which database network protocol the proxy recognizes when it interprets network traffic to
* and from the database.
* The engine family applies to MySQL and PostgreSQL for both RDS and Aurora.
*/
readonly engineFamily: ProxyEngineFamily;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This information is already available in the DatabaseInstance or DatabaseCluster from its engine. We should determine this automatically, at least as its default and make the property optional.

@skinny85 - is this something that can be easily done after #8686

packages/@aws-cdk/aws-rds/lib/proxy.ts Outdated
* A Boolean parameter that specifies whether Transport Layer Security (TLS) encryption is required for connections to the proxy.
* By enabling this setting, you can enforce encrypted TLS connections to the proxy.
*
* @default false
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Enabling TLS by default is a common security best practice. Any particular reason it should be different here?

packages/@aws-cdk/aws-rds/lib/proxy.ts Outdated Show resolved Hide resolved
packages/@aws-cdk/aws-rds/lib/proxy.ts Outdated Show resolved Hide resolved
packages/@aws-cdk/aws-rds/lib/proxy.ts Outdated Show resolved Hide resolved
packages/@aws-cdk/aws-rds/lib/proxy.ts Outdated Show resolved Hide resolved
@nija-at nija-at changed the title feat(rds): Add L2 DatabaseProxy (AWS::RDS::DBProxy) feat(rds): database proxy Jun 24, 2020
@mergify mergify bot dismissed nija-at’s stale review June 24, 2020 18:26

Pull request has been modified.

@civilizeddev
Copy link
Contributor Author

Everything cannot be perfect at once.

Is it worth weeks to make this perfect?

While not perfect, it can deliver value to those who want to use the L2 Contstruct for DB Proxy at the moment.
(That's I, I want to use it directly from aws-cdk)

And let someone after me have a chance to fix the rest later.

@nija-at
Copy link
Contributor

nija-at commented Jun 29, 2020

Everything cannot be perfect at once.

Is it worth weeks to make this perfect?

The goal of these comments is to get the public API as close to correct as possible and consistent with the rest of the CDK. The implementation can always be fixed up later, without breaking customers.

I have pushed a change to adjust the API and make it a bit cleaner. I hope you don't mind.

@civilizeddev
Copy link
Contributor Author

#8476 (comment)

I think ProxyTarget.fromInstance(), ProxyTarget.fromCluster() make more sense as @jogold suggests.

There are many cases that static fromXXX, which means 'to create <Return Type> from XXX', are used in aws-cdk,

and I am also very familiar with it.

But now you introduced .atXXX() for the first time.

Is it really for "consistent with the rest of the CDK."

@nija-at
Copy link
Contributor

nija-at commented Jun 29, 2020

The fromXXX() methods are usually import APIs that allow importing an external resource into a CDK app. This is not what this API is doing.

I've changed for it to be forXXX() instead. This way it means 'create a proxy target for "this" db instance'. Hope that's better.

@civilizeddev
Copy link
Contributor Author

civilizeddev commented Jun 29, 2020
edited
Loading

Objection, your honor!

There are many counter evidences in aws-cdk.

fromXXX() is not just for importing external resources.

amplify

aws-cdk/packages/@aws-cdk/aws-amplify/lib/basic-auth.ts

Line 60 in af69f80

public static fromCredentials(username: string, password: SecretValue) {

aws-cdk/packages/@aws-cdk/aws-amplify/lib/basic-auth.ts

Line 72 in af69f80

public static fromGeneratedPassword(username: string, encryptionKey?: kms.IKey) {

apigateway

aws-cdk/packages/@aws-cdk/aws-apigateway/lib/api-definition.ts

Line 14 in af69f80

public static fromBucket(bucket: s3.IBucket, key: string, objectVersion?: string): S3ApiDefinition {

aws-cdk/packages/@aws-cdk/aws-apigateway/lib/api-definition.ts

Line 64 in af69f80

public static fromInline(definition: any): InlineApiDefinition {

aws-cdk/packages/@aws-cdk/aws-apigateway/lib/api-definition.ts

Line 72 in af69f80

public static fromAsset(file: string, options?: s3_assets.AssetOptions): AssetApiDefinition {

appsync

aws-cdk/packages/@aws-cdk/aws-appsync/lib/graphqlapi.ts

Line 1195 in af69f80

public static fromString(template: string): MappingTemplate {

aws-cdk/packages/@aws-cdk/aws-appsync/lib/graphqlapi.ts

Line 1202 in af69f80

public static fromFile(fileName: string): MappingTemplate {

cloudformation

aws-cdk/packages/@aws-cdk/aws-cloudformation/lib/custom-resource.ts

Line 43 in af69f80

public static fromLambda(handler: lambda.IFunction): CustomResourceProvider {

aws-cdk/packages/@aws-cdk/aws-cloudformation/lib/custom-resource.ts

Line 50 in af69f80

public static fromTopic(topic: sns.ITopic): CustomResourceProvider {

cloudfront

aws-cdk/packages/@aws-cdk/aws-cloudfront/lib/web_distribution.ts

Line 438 in af69f80

public static fromAcmCertificate(certificate: certificatemanager.ICertificate, options: ViewerCertificateOptions = {}) {

aws-cdk/packages/@aws-cdk/aws-cloudfront/lib/web_distribution.ts

Line 456 in af69f80

public static fromIamCertificate(iamCertificateId: string, options: ViewerCertificateOptions = {}) {

aws-cdk/packages/@aws-cdk/aws-cloudfront/lib/web_distribution.ts

Line 476 in af69f80

public static fromCloudFrontDefaultCertificate(...aliases: string[]) {

codebuild

aws-cdk/packages/@aws-cdk/aws-codebuild/lib/project.ts

Line 1340 in af69f80

public static fromDockerRegistry(name: string, options: DockerImageOptions = {}): IBuildImage {

aws-cdk/packages/@aws-cdk/aws-codebuild/lib/project.ts

Line 1359 in af69f80

public static fromEcrRepository(repository: ecr.IRepository, tag: string = 'latest'): IBuildImage {

aws-cdk/packages/@aws-cdk/aws-codebuild/lib/project.ts

Line 1370 in af69f80

public static fromAsset(scope: Construct, id: string, props: DockerImageAssetProps): IBuildImage {

aws-cdk/packages/@aws-cdk/aws-codebuild/lib/project.ts

Line 1389 in af69f80

public static fromCodeBuildImageId(id: string): IBuildImage {

ecs

aws-cdk/packages/@aws-cdk/aws-ecs/lib/container-definition.ts

Line 19 in af69f80

public static fromSsmParameter(parameter: ssm.IParameter): Secret {

aws-cdk/packages/@aws-cdk/aws-ecs/lib/container-definition.ts

Line 36 in af69f80

public static fromSecretsManager(secret: secretsmanager.ISecret, field?: string): Secret {

aws-cdk/packages/@aws-cdk/aws-ecs/lib/container-image.ts

Line 13 in af69f80

public static fromRegistry(name: string, props: RepositoryImageProps = {}) {

aws-cdk/packages/@aws-cdk/aws-ecs/lib/container-image.ts

Line 20 in af69f80

public static fromEcrRepository(repository: ecr.IRepository, tag: string = 'latest') {

aws-cdk/packages/@aws-cdk/aws-ecs/lib/container-image.ts

Line 32 in af69f80

public static fromAsset(directory: string, props: AssetImageProps = {}) {

route53

aws-cdk/packages/@aws-cdk/aws-route53/lib/record-set.ts

Line 154 in af69f80

public static fromValues(...values: string[]) {

aws-cdk/packages/@aws-cdk/aws-route53/lib/record-set.ts

Line 161 in af69f80

public static fromAlias(aliasTarget: IAliasRecordTarget) {

aws-cdk/packages/@aws-cdk/aws-route53/lib/record-set.ts

Line 168 in af69f80

public static fromIpAddresses(...ipAddresses: string[]) {

@nija-at
Copy link
Contributor

nija-at commented Jun 29, 2020

In many of these cases, 'from' is the correct preposition, probably not all.

Feel free to change the API back to using from - I don't mind at all. And I'll be happy to merge.

@civilizeddev
Copy link
Contributor Author

I would like to get feedback from cdk users and follow it up.

@viktor-ku
Copy link

Thanks for your effort @civilizeddev and reviewers! I cannot wait for it to be merged, because it seems like a such enabler for lambdas!

nija-at
nija-at approved these changes Jul 1, 2020
View reviewed changes
Copy link
Contributor

@nija-at nija-at left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good.

@mergify
Copy link
Contributor

mergify bot commented Jul 1, 2020

Thank you for contributing! Your pull request will be updated from master and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

@aws-cdk-automation
Copy link
Collaborator

AWS CodeBuild CI Report

  • CodeBuild project: AutoBuildProject6AEA49D1-qxepHUsryhcu
  • Commit ID: 2c07dff
  • Result: SUCCEEDED
  • Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

@mergify
Copy link
Contributor

mergify bot commented Jul 1, 2020

Thank you for contributing! Your pull request will be updated from master and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

@mergify mergify bot merged commit e0e5e03 into aws:master Jul 1, 2020
@civilizeddev civilizeddev deleted the feat/rds branch July 1, 2020 08:53
@civilizeddev civilizeddev mentioned this pull request Jul 4, 2020
Merged
@civilizeddev
Copy link
Contributor Author

As for #8896, I wonder how it passed the integration tests at that moment.

mergify bot pushed a commit that referenced this pull request Jul 6, 2020
@civilizeddev
fix(rds): proxy for db cluster fails with model validation error (#8896)
7d47cfb 
fixes #8885
follows #8476

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
@civilizeddev civilizeddev mentioned this pull request Jul 27, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jogold jogold jogold left review comments

@nija-at nija-at nija-at approved these changes

Assignees

@nija-at nija-at

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Add L2 rds.DatabaseProxy (AWS::RDS::DBProxy)
5 participants
@civilizeddev @viktor-ku @nija-at @aws-cdk-automation @jogold