Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Handle missing auto-naming constraints #1816

Open
flostadler opened this issue Nov 11, 2024 · 2 comments · May be fixed by #1831
Open

Handle missing auto-naming constraints #1816

flostadler opened this issue Nov 11, 2024 · 2 comments · May be fixed by #1831
Assignees
@corymhall
Labels
kind/enhancement Improvements or new features
Milestone
0.113

Comments

@flostadler
Copy link
Contributor

flostadler commented Nov 11, 2024
edited
Loading

Hello!

  • Vote on this issue by adding a 👍 reaction
  • If you want to implement this feature, comment to let us know (we'll work with you on design, scheduling, etc.)

Issue details

The CloudFormation schema provided by AWS, which we use to generate the AWS Native provider metadata, lacks resource name length constraints for many AWS services. This is particularly problematic for resources like lambda.Function and iam.Role where AWS enforces strict length limitations (e.g., 64 characters for Lambda Role names) at the API level.

When users rely on the provider's auto-naming feature, deployments can fail unexpectedly because the provider isn't aware of these AWS-imposed limits. Since these constraints aren't present in the CloudFormation schema, the provider cannot validate or handle resource names appropriately before deployment.

Proposal

Enhance provider metadata with length constraints for common AWS resources:

  • Manually add known length limits for popular resources (e.g., IAM Roles, Lambda Functions)
  • Implement intelligent name handling for resources exceeding limits
    • When auto-naming is enabled, trim long names while preserving uniqueness
      • Example: For a 100-character resource name with a 64-character limit, trim to 56 characters and append the random suffix (similar to AWS CloudFormation's approach)

Considerations:

  • This change should be non-breaking as resources exceeding AWS limits are currently undeployable with auto-naming. But it cannot rely only on the CloudFormation schema for constraint validation as it might be incorrect
    • Existing resources should retain their current names from state
  • Should document the auto-trimming behavior for transparency

Affected area/feature

  • aws-native
  • pulumi-cdk
@flostadler flostadler added the kind/enhancement Improvements or new features label Nov 11, 2024
@pulumi-bot pulumi-bot added the needs-triage Needs attention from the triage team label Nov 11, 2024
@flostadler
Copy link
Contributor Author

This affects pulumi-cdk more regularly because the logical resource names are assembled based on the component hierarchy. Nested components more easily hit those shorter limits like 58 character for Lambda functions (64 characters - 8 for random suffix).

@flostadler flostadler removed the needs-triage Needs attention from the triage team label Nov 11, 2024
@cleverguy25
Copy link

Added to epic https://github.com/pulumi/home/issues/2191

@mjeffryes mjeffryes added this to the 0.113 milestone Nov 13, 2024
corymhall added a commit that referenced this issue Nov 14, 2024
@corymhall
Add autonaming overlay
81b7f18 
Most resources have some limits on what the resource name can be.
Unfortunately a lot of those limits are not currently stored in the
CloudFormation schema.

This PR introduces a new schema overlay where we can manually store
min/max length constraints for resource names.

This is the first step in addressing #1816. I will follow this up with
another PR to trim names to fit within the constraints.

re #1816, re pulumi/pulumi-cdk#62
@corymhall corymhall mentioned this issue Nov 14, 2024
Merged
corymhall added a commit that referenced this issue Nov 14, 2024
@corymhall
Add autonaming overlay (#1828)
4111ee4 
Most resources have some limits on what the resource name can be.
Unfortunately a lot of those limits are not currently stored in the
CloudFormation schema.

This PR introduces a new schema overlay where we can manually store
min/max length constraints for resource names.

This is the first step in addressing #1816. I will follow this up with
another PR to trim names to fit within the constraints.

re #1816, re pulumi/pulumi-cdk#62
corymhall added a commit that referenced this issue Nov 14, 2024
@corymhall
Add configuration for controlling the autonaming behavior
178c614 
This PR adds some new functionality to control the auto naming behavior.
The new behavior lives behind a provider config variable and must be
explicitly enabled by the user. The existing behavior will remain the
default behavior of the provider.

**What's new**

- `autoTrim`: When this is set to true the provider will automatically
  trim the generated name to fit within the `maxLength` requirement.
- `randomSuffixMinLength`: Set this to control the minimum length of the
  random suffix that is generated. This is especially useful in
  combination with `autoTrim` to ensure that you still end up with
  unique names (e.g. a random suffix of 1 character is not very unique)

closes #1816, re pulumi/pulumi-cdk#62
@corymhall corymhall linked a pull request Nov 14, 2024 that will close this issue
Open
@flostadler flostadler mentioned this issue Nov 15, 2024
Merged
flostadler added a commit to pulumi/pulumi-cdk that referenced this issue Nov 15, 2024
@flostadler
Add support for CDK Custom Resources (#190)
0f18dfe 
This PR adds support for [CloudFormation Custom
Resource](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/template-custom-resources.html)
to pulumi-cdk. It implements does so by using the
`CustomResourceEmulator` resource from
[aws-native](https://www.pulumi.com/registry/packages/aws-native/api-docs/cloudformation/customresourceemulator/).

For the first implementation we decided to limit the scope to Lambda
backed Custom Resources, because the SNS variants are not widely used.

I'd recommend reviewing in this order:
- `src/graph.ts`and `src/converters/app-converter.ts`. The changes in
these files ensure that Custom Resources get correctly parsed and other
resources can reference their attributes with the `GetAtt` intrinsic
- `src/cfn-resource-mappings.ts`: This constructs the
`CustomResourceEmulator` based on the CDK inputs while re-using the
staging bucket to store the CustomResource responses.
- unit & integration tests

**Noteworthy**:
I added a temporary workaround for shortening the resource names until
pulumi/pulumi-aws-native#1816 is resolved. It
can be toggled on by setting the
`PULUMI_CDK_EXPERIMENTAL_MAX_NAME_LENGTH` env variable. Without this
none of the CustomResources worked because they have deeply nested
Lambdas and IAM roles. Those resources have a max name limit of 64.

Closes #109
Closes #60
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@corymhall corymhall

Labels
kind/enhancement Improvements or new features
Projects
None yet
Milestone
0.113
Development

Successfully merging a pull request may close this issue.

Add configuration for controlling the autonaming behavior pulumi/pulumi-aws-native
5 participants
@mjeffryes @flostadler @cleverguy25 @pulumi-bot @corymhall