feat(stepfunctions-tasks): specify step functions alias or version ARN in StartExecution #26546
Conversation
…rsion ARN in StartExecution
github-actions
bot
added
the
star-contributor
github-actions
bot
added
effort/medium
aws-cdk-automation
added
the
pr/needs-community-review
| @@ -119,7 +131,7 @@ export class StepFunctionsStartExecution extends sfn.TaskStateBase { | |||
| const policyStatements = [ | |||
| new iam.PolicyStatement({ | |||
| actions: ['states:StartExecution'], | |||
| resources: [this.props.stateMachine.stateMachineArn], | |||
| resources: [this.stateMachineArn], | |||
There was a problem hiding this comment.
StartExecution only has resource-level permissions on the unqualified state machine ARN. If this.stateMachineArn is a version or alias ARN, we need to strip the qualifier :<versionId> or <:aliasName> at the end
|
|
||
| /** | ||
| * The Step Functions state machine ARN to start the execution on. | ||
| * This allows to specify the ARN of a specific state machine version or alias. |
There was a problem hiding this comment.
| * This allows to specify the ARN of a specific state machine version or alias. | |
| * This allows you to specify a state machine version or alias ARN. |
| * This allows to specify the ARN of a specific state machine version or alias. | ||
| * If specified, it overrides the ARN of the stateMachine. | ||
| * | ||
| * @default - The ARN of stateMachine is used |
There was a problem hiding this comment.
Not sure what the convention is for referencing other properties. Perhaps specify stateMachine is from StepFunctionsStartExecutionProps?
| * @default - The ARN of stateMachine is used | |
| * @default - The ARN of StepFunctionsStartExecutionProps.stateMachine is used |
| name: 'myExecutionTask', | ||
| }); | ||
|
|
||
| new IntegTest(app, 'cdk-integ-sfn-start-execution-alias', { |
There was a problem hiding this comment.
nit: stack name says "alias` but there's only a version here
| @@ -0,0 +1,86 @@ | |||
| { | |||
| "Resources": { | |||
| "ChildRole1E3E0EF5": { | |||
There was a problem hiding this comment.
Shouldn't this have some permissions?
aws-cdk-automation
removed
the
pr/needs-community-review
kaizencc
changed the title
There was a problem hiding this comment.
@lpizzinidev I chnaged this to a feat which means that there should be readme change introducing this option too :)
There was a problem hiding this comment.
The pull request linter has failed. See the aws-cdk-automation comment below for failure reasons. If you believe this pull request should receive an exemption, please comment and provide a justification.
A comment requesting an exemption should contain the text Exemption Request. Additionally, if clarification is needed add Clarification Request to a comment.
aws-cdk-automation
dismissed
their stale review
✅ Updated pull request passes all PRLinter validations. Dismissing previous PRLinter review.
|
This PR has been in the CHANGES REQUESTED state for 3 weeks, and looks abandoned. To keep this PR from being closed, please continue work on it. If not, it will automatically be closed in a week. |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
| * @default - The ARN of StepFunctionsStartExecutionProps.stateMachine is used | ||
| */ | ||
| readonly stateMachineArn?: string; |
There was a problem hiding this comment.
Why do this, instead writing:
new StartExecution({
stateMachine: StateMachine.fromStateMachineArn(this, 'SM', 'arn:aws:...'),
});Like we do for every other construct?
There was a problem hiding this comment.
I guess that works from looking at the implementation. However, StateMachineVersion and StateMachineAlias are different constructs. The ARN of an alias (e.g. arn:aws:....:stateMachine:MyStateMachineName:MyAlias) is not a state machine ARN
aws-cdk/packages/aws-cdk-lib/aws-stepfunctions/lib/state-machine.ts
Lines 166 to 168 in 27b7201
If that's the preferred approach, it needs to be documented.
There was a problem hiding this comment.
Not sure it will work because, as you can see in the integration test, I'm referring to the attrArn of the machine alias-version.
From my understanding stateMachineArn is not returning the ARN with the alias or version (might be wrong of course).
If that is the case, maybe changing this to:
this.stateMachineArn = props.stateMachine.attrArn;
will do the job?
There was a problem hiding this comment.
I see that we don't have L2 support for StateMachineVersion and StateMachineAlias, so you are trying to pass the ARN of an alias into stateMachineArn ?
What we do in Lambda for a very similar situation, is that we have IFunction which is implemented by all of Function, Version and Alias:
interface IFunction {
/**
* Plain ARN, version ARN or Alias ARN, whatever the case may be
*/
readonly functionArn: string;
// More
}Now -- that's not entirely great because the double-duty that functionArn does is sometimes a bit confusion. So if we were to repeat that pattern, I think I would go something like:
interface IStartableStateMachine /* or something */ {
/** Machine ARN, version ARN or alias ARN */
readonly startableStateMachineArn: string;
}
interface IStateMachine extends IStartableStateMachineArn {
/** Just the plain state machine ARN */
readonly stateMachineArn: string;
}And then when we were interested in just staring the state machine and nothing else, we can accept IStartableStateMachine, and perhaps that also has a grantStartExecution() method.
However
This PR wasn't about adding L2s for versions and aliases, it was just about ALLOWING aliases to be used where StateMachines were expected.
Since StateMachine.fromStacheMachineArn(..., 'my-arn') basically is just a fancy typed version of the string 'my-arn', and:
StateMachine.fromStateMachineArn(..., 'my-arn').stateMachineArn == 'my-arn'I'm confused why just calling .fromStateMachineArn() on an alias ARN wouldn't work. Is it because it is doing validation and it's rejecting the additional ':Version' part of the ARN?
|
This PR has been in the CHANGES REQUESTED state for 3 weeks, and looks abandoned. To keep this PR from being closed, please continue work on it. If not, it will automatically be closed in a week. |
|
@lpizzinidev There are outstanding comments that need to be addressed on this PR. Can you address them or should this PR be closed? |
|
@indrora holds for ARNs of versions or aliases. |
|
This PR has been deemed to be abandoned, and will be automatically closed. Please create a new PR for these changes if you think this decision has been made in error. |
aws-cdk-automation
added
the
closed-for-staleness
The
stateMachineArnproperty allows specifying the ARN of a state machine alias or version into theStepFunctionsStartExecutionconstruct.This allows to start the execution of a specific state machine alias or version.
Closes #26532.
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license