feat: data source for vended log types #2204
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This comment was marked as outdated.
This comment was marked as outdated.
mrgrain
reviewed
Nov 13, 2025
| readonly validations?: unknown; | ||
| arnTemplate?: string; | ||
| isStateful?: boolean; | ||
| logTypes?: string[]; |
Contributor
There was a problem hiding this comment.
This is probably not quite enough. Let's make this a list of a new custom type VendedLogs. See slack discussion for details on what needs to go there.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
ShadowCat567
commented
Nov 14, 2025
| >, | ||
| report: ProblemReport, | ||
| ) { | ||
| // clears vendedLogs property from all resources before processing - goal: ensure that logTypes and destinations are up to date and cut down on complicated deduplication code |
Contributor
Author
There was a problem hiding this comment.
Open to other ideas to handle possible duplication of logTypes (when it comes to repeated imports of data source) or removal of logTypes (if a service stops supporting a certain logType). This current implementation is a bit aggressive.
Contributor
There was a problem hiding this comment.
You just don't need to do that at all. The DB starts out empty.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
mrgrain
reviewed
Nov 17, 2025
Comment on lines
18
to
22
| for (const resource of db.all('resource')) { | ||
| if (resource.vendedLogs) { | ||
| delete resource.vendedLogs; | ||
| } | ||
| } |
Contributor
There was a problem hiding this comment.
Suggested change
| for (const resource of db.all('resource')) { | |
| if (resource.vendedLogs) { | |
| delete resource.vendedLogs; | |
| } | |
| } |
mrgrain
reviewed
Nov 17, 2025
| /** | ||
| * What version of permissions the destination supports V1 | V2 | ||
| */ | ||
| permissionsVersion: string; |
Contributor
There was a problem hiding this comment.
Suggested change
| permissionsVersion: string; | |
| readonly permissionsVersion: string; |
mrgrain
reviewed
Nov 17, 2025
| /** | ||
| * List of the destinations the can consume those logs | ||
| */ | ||
| readonly logDestinations: LogDestination[]; |
Contributor
There was a problem hiding this comment.
Prefer to remove duplicate naming. In this context, its pretty clear we are talking about log destinations.
Suggested change
| readonly logDestinations: LogDestination[]; | |
| readonly destinations: LogDestination[]; |
mrgrain
reviewed
Nov 17, 2025
| /** | ||
| * List of the types of logs a Cloudformation resource can produce | ||
| */ | ||
| readonly logTypes: string[]; |
Contributor
There was a problem hiding this comment.
Normally you would consider removing the log prefix here as well (see next comment). In this case it's probably okay to keep it because A/ types is very generic (probably too generic) and B/ it's the term used here.
So I vote to keep it in this case.
mrgrain
reviewed
Nov 17, 2025
| /** | ||
| * Resource type of the destination S3 | CWL | FH | XRAY | ||
| */ | ||
| readonly destinationType: string; |
Contributor
There was a problem hiding this comment.
Again doubling up. Here I think it's fine to remove the prefix. You could also call it something like service or not even have a separate interface.
Suggested change
| readonly destinationType: string; | |
| readonly type: string; |
Contributor
Author
There was a problem hiding this comment.
currently have this as a separate interface since we may want logFormat (json, parquet, plain text, raw...) in the future and that can vary per destination service
Contributor
There was a problem hiding this comment.
Both is fine. My usual approach is to not over-optimize for future possibilities.
Contributor
Author
There was a problem hiding this comment.
ended up moving this out of its separate interface since it will be easier to handle and we currently don't have plans to add logFormat or any service-specific fields that would require the separate interface
mrgrain
reviewed
Nov 17, 2025
| /** | ||
| * Resource type of the destination S3 | CWL | FH | XRAY | ||
| */ | ||
| readonly destinationType: string; |
Contributor
There was a problem hiding this comment.
There should be no reason to not strongly type this:
Suggested change
| readonly destinationType: string; | |
| readonly destinationType: "S3" | "CWL" | "FH" | "XRAY"; |
mrgrain
reviewed
Nov 17, 2025
Comment on lines
28
to
42
| let permissionValue = ''; | ||
| for (const dest of value.Destinations) { | ||
| if (permissionValue === '') { | ||
| permissionValue = dest.PermissionsVersion; | ||
| } else { | ||
| if (permissionValue !== dest.PermissionsVersion) { | ||
| report.reportFailure( | ||
| new ReportAudience('Log Source Import'), | ||
| 'interpreting', | ||
| failure.in(resourceType)( | ||
| `Resouce of type ${resourceType} has inconsistent permissions version for log of type ${value.LogType}`, | ||
| ), | ||
| ); | ||
| } | ||
| } |
Contributor
There was a problem hiding this comment.
You can simplify this a lot along these lines
Suggested change
| let permissionValue = ''; | |
| for (const dest of value.Destinations) { | |
| if (permissionValue === '') { | |
| permissionValue = dest.PermissionsVersion; | |
| } else { | |
| if (permissionValue !== dest.PermissionsVersion) { | |
| report.reportFailure( | |
| new ReportAudience('Log Source Import'), | |
| 'interpreting', | |
| failure.in(resourceType)( | |
| `Resouce of type ${resourceType} has inconsistent permissions version for log of type ${value.LogType}`, | |
| ), | |
| ); | |
| } | |
| } | |
| const permissionValue = Value.Destinations[0].PermissionsVersion; | |
| if (!value.Destinations.every(v => v.PermissionsVersion === permissionValue)) { | |
| // ... report failure | |
| } |
mrgrain
reviewed
Nov 17, 2025
Comment on lines
49
to
67
| if (resource.vendedLogs) { | ||
| // we take whatever the newest permissions value is and assume that all logs in a resource use the same permissions | ||
| resource.vendedLogs.permissionsVersion = permissionValue; | ||
| resource.vendedLogs.logTypes.push(value.LogType); | ||
| // dedupes incoming destinations | ||
| const newDestinations = destinations.filter( | ||
| (dest) => | ||
| !resource.vendedLogs!.logDestinations.some( | ||
| (existing) => existing.destinationType === dest.destinationType, | ||
| ), | ||
| ); | ||
| resource.vendedLogs.logDestinations.push(...newDestinations); | ||
| } else { | ||
| resource.vendedLogs = { | ||
| permissionsVersion: permissionValue, | ||
| logTypes: [value.LogType], | ||
| logDestinations: destinations, | ||
| }; | ||
| } |
Contributor
There was a problem hiding this comment.
Simplify by flipping it around:
??= = Nullish coalescing assignment
Suggested change
| if (resource.vendedLogs) { | |
| // we take whatever the newest permissions value is and assume that all logs in a resource use the same permissions | |
| resource.vendedLogs.permissionsVersion = permissionValue; | |
| resource.vendedLogs.logTypes.push(value.LogType); | |
| // dedupes incoming destinations | |
| const newDestinations = destinations.filter( | |
| (dest) => | |
| !resource.vendedLogs!.logDestinations.some( | |
| (existing) => existing.destinationType === dest.destinationType, | |
| ), | |
| ); | |
| resource.vendedLogs.logDestinations.push(...newDestinations); | |
| } else { | |
| resource.vendedLogs = { | |
| permissionsVersion: permissionValue, | |
| logTypes: [value.LogType], | |
| logDestinations: destinations, | |
| }; | |
| } | |
| resource.vendedLogs ??= {}; | |
| resource.vendedLogs.logTypes ??= []; | |
| resource.vendedLogs.logDestinations ??= []; | |
| // we take whatever the newest permissions value is and assume that all logs in a resource use the same permissions | |
| resource.vendedLogs.permissionsVersion = permissionValue; | |
| // Add log types | |
| resource.vendedLogs.logTypes.push(value.LogType); | |
| // dedupes incoming destinations | |
| const newDestinations = destinations.filter( | |
| (dest) => | |
| !resource.vendedLogs!.logDestinations.some( | |
| (existing) => existing.destinationType === dest.destinationType, | |
| ), | |
| ); | |
| resource.vendedLogs.logDestinations.push(...newDestinations); |
mrgrain
requested changes
Nov 17, 2025
Contributor
mrgrain
left a comment
mrgrain
left a comment
There was a problem hiding this comment.
Some minor inline comments
│ └logDestinations: [{"destinationType":"S3"}, {"destinationType":"CWL"}, {"destinationType":"FH"}]
If you keep LogDestination as an interface type, let's please simplify this diff to
│ └logDestinations: [S3, CW, FH]
If you change LogDestination to be a string (or rather S3, CW, FH, XRAY) this should happen more or less for free.
This comment was marked as outdated.
This comment was marked as outdated.
mrgrain
changed the title
mrgrain
approved these changes
Nov 17, 2025
This comment was marked as outdated.
This comment was marked as outdated.
Contributor
|
@aws-cdk/aws-service-spec: Model database diff detected |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Adds new data source to populate
logTypesattribute for Cloudformation resources. Does not add github actions to update the data source (for now).