From a55ab9ec86a53e881d301f42b6a107be4a986b4e Mon Sep 17 00:00:00 2001 From: Mike Cowgill Date: Tue, 25 Sep 2018 00:55:38 -0700 Subject: [PATCH] feat(ec2): Add tag support to security groups --- .../@aws-cdk/aws-ec2/lib/security-group.ts | 16 ++++- packages/@aws-cdk/aws-ec2/lib/vpc.ts | 2 +- packages/@aws-cdk/aws-ec2/test/test.vpc.ts | 68 +++++++++++-------- 3 files changed, 54 insertions(+), 32 deletions(-) diff --git a/packages/@aws-cdk/aws-ec2/lib/security-group.ts b/packages/@aws-cdk/aws-ec2/lib/security-group.ts index 07d23af92f456..662dde72a7366 100644 --- a/packages/@aws-cdk/aws-ec2/lib/security-group.ts +++ b/packages/@aws-cdk/aws-ec2/lib/security-group.ts @@ -1,4 +1,4 @@ -import { Construct, Output, Token } from '@aws-cdk/cdk'; +import { Construct, ITaggable, Output, TagManager, Tags, Token } from '@aws-cdk/cdk'; import { Connections, IConnectable } from './connections'; import { cloudformation } from './ec2.generated'; import { IPortRange, ISecurityGroupRule } from './security-group-rule'; @@ -89,6 +89,11 @@ export interface SecurityGroupProps { */ description?: string; + /** + * The AWS resource tags to associate with the security group. + */ + tags?: Tags; + /** * The VPC in which to create the security group. */ @@ -102,7 +107,7 @@ export interface SecurityGroupProps { * inline ingress and egress rule (which saves on the total number of resources inside * the template). */ -export class SecurityGroup extends SecurityGroupRef { +export class SecurityGroup extends SecurityGroupRef implements ITaggable { /** * An attribute that represents the security group name. */ @@ -118,6 +123,11 @@ export class SecurityGroup extends SecurityGroupRef { */ public readonly securityGroupId: string; + /** + * Manage tags for this construct and children + */ + public readonly tags: TagManager; + private readonly securityGroup: cloudformation.SecurityGroupResource; private readonly directIngressRules: cloudformation.SecurityGroupResource.IngressProperty[] = []; private readonly directEgressRules: cloudformation.SecurityGroupResource.EgressProperty[] = []; @@ -125,6 +135,7 @@ export class SecurityGroup extends SecurityGroupRef { constructor(parent: Construct, name: string, props: SecurityGroupProps) { super(parent, name); + this.tags = new TagManager(this, { initialTags: props.tags}); const groupDescription = props.description || this.path; this.securityGroup = new cloudformation.SecurityGroupResource(this, 'Resource', { groupName: props.groupName, @@ -132,6 +143,7 @@ export class SecurityGroup extends SecurityGroupRef { securityGroupIngress: new Token(() => this.directIngressRules), securityGroupEgress: new Token(() => this.directEgressRules), vpcId: props.vpc.vpcId, + tags: this.tags, }); this.securityGroupId = this.securityGroup.securityGroupId; diff --git a/packages/@aws-cdk/aws-ec2/lib/vpc.ts b/packages/@aws-cdk/aws-ec2/lib/vpc.ts index b6ba29a9df281..faf8c4b7f0a63 100644 --- a/packages/@aws-cdk/aws-ec2/lib/vpc.ts +++ b/packages/@aws-cdk/aws-ec2/lib/vpc.ts @@ -468,7 +468,7 @@ export class VpcSubnet extends VpcSubnetRef implements cdk.ITaggable { constructor(parent: cdk.Construct, name: string, props: VpcSubnetProps) { super(parent, name); - this.tags = new cdk.TagManager(this, props.tags); + this.tags = new cdk.TagManager(this, {initialTags: props.tags}); this.tags.setTag(NAME_TAG, this.path, {overwrite: false}); this.availabilityZone = props.availabilityZone; diff --git a/packages/@aws-cdk/aws-ec2/test/test.vpc.ts b/packages/@aws-cdk/aws-ec2/test/test.vpc.ts index 459ab504462a5..b9a52dfad6d50 100644 --- a/packages/@aws-cdk/aws-ec2/test/test.vpc.ts +++ b/packages/@aws-cdk/aws-ec2/test/test.vpc.ts @@ -128,6 +128,10 @@ export = { cidrMask: 24, name: 'ingress', subnetType: SubnetType.Public, + tags: { + type: 'Public', + init: 'No', + }, }, { cidrMask: 24, @@ -155,44 +159,50 @@ export = { CidrBlock: `10.0.6.${i * 16}/28` })); } + expect(stack).to(haveResource("AWS::EC2::Subnet", hasTags( + [ + { Key: 'type', Value: 'Public'}, + { Key: 'init', Value: 'No'}, + ], + ))); test.done(); }, "with custom subents and natGateways = 2 there should be only two NATGW"(test: Test) { const stack = getTestStack(); new VpcNetwork(stack, 'TheVPC', { - cidr: '10.0.0.0/21', - natGateways: 2, - subnetConfiguration: [ - { - cidrMask: 24, - name: 'ingress', - subnetType: SubnetType.Public, - }, - { - cidrMask: 24, - name: 'application', - subnetType: SubnetType.Private, - }, - { - cidrMask: 28, - name: 'rds', - subnetType: SubnetType.Isolated, - } - ], - maxAZs: 3 + cidr: '10.0.0.0/21', + natGateways: 2, + subnetConfiguration: [ + { + cidrMask: 24, + name: 'ingress', + subnetType: SubnetType.Public, + }, + { + cidrMask: 24, + name: 'application', + subnetType: SubnetType.Private, + }, + { + cidrMask: 28, + name: 'rds', + subnetType: SubnetType.Isolated, + } + ], + maxAZs: 3 }); expect(stack).to(countResources("AWS::EC2::InternetGateway", 1)); expect(stack).to(countResources("AWS::EC2::NatGateway", 2)); expect(stack).to(countResources("AWS::EC2::Subnet", 9)); for (let i = 0; i < 6; i++) { - expect(stack).to(haveResource("AWS::EC2::Subnet", { - CidrBlock: `10.0.${i}.0/24` - })); + expect(stack).to(haveResource("AWS::EC2::Subnet", { + CidrBlock: `10.0.${i}.0/24` + })); } for (let i = 0; i < 3; i++) { - expect(stack).to(haveResource("AWS::EC2::Subnet", { - CidrBlock: `10.0.6.${i * 16}/28` - })); + expect(stack).to(haveResource("AWS::EC2::Subnet", { + CidrBlock: `10.0.6.${i * 16}/28` + })); } test.done(); }, @@ -229,9 +239,9 @@ export = { expect(stack).to(countResources("AWS::EC2::Subnet", 4)); expect(stack).to(countResources("AWS::EC2::Route", 4)); for (let i = 0; i < 4; i++) { - expect(stack).to(haveResource("AWS::EC2::Subnet", { - CidrBlock: `10.0.${i * 64}.0/18` - })); + expect(stack).to(haveResource("AWS::EC2::Subnet", { + CidrBlock: `10.0.${i * 64}.0/18` + })); } expect(stack).to(haveResource("AWS::EC2::Route", { DestinationCidrBlock: '0.0.0.0/0',