fix(s3): default BlockPublicAccess class properties to true (under feature flag) #33001
+600
−7
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
… consistent behavior
github-actions
bot
added
beginning-contributor
aws-cdk-automation
previously requested changes
Jan 17, 2025
There was a problem hiding this comment.
The pull request linter fails with the following errors:
❌ The title of the pull request should omit 'aws-' from the name of modified packages. Use 's3' instead of 'aws-s3'.
If you believe this pull request should receive an exemption, please comment and provide a justification. A comment requesting an exemption should contain the text Exemption Request. Additionally, if clarification is needed, add Clarification Request to a comment.
manan-pancholi
changed the title
aws-cdk-automation
dismissed
their stale review
✅ Updated pull request passes all PRLinter validations. Dismissing previous PRLinter review.
aws-cdk-automation
added
the
pr/needs-community-review
lpizzinidev
suggested changes
Jan 18, 2025
There was a problem hiding this comment.
Thanks 👍
A couple of notes:
- I think the PR should be classified as a
fixand an integration test should be created/updated to cover the scenario. - More importantly, I assume this could change the visibility of deployed buckets without users noticing. If so, a feature flag is needed.
|
Thanks @lpizzinidev for reviewing the change. I'll make the suggested changes and send out a revision. |
manan-pancholi
changed the title
manan-pancholi
changed the title
aws-cdk-automation
removed
the
pr/needs-community-review
lpizzinidev
suggested changes
Jan 22, 2025
Thanks for the suggestion. Co-authored-by: Luca Pizzini <[email protected]>
Co-authored-by: Luca Pizzini <[email protected]>
Co-authored-by: Luca Pizzini <[email protected]>
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Issue # aws-s3: blockPublicAccess has a counterintuitive behaviour #32811
Closes #32811.
Reason for this change
S3 Bucket construct when initialized without specifying the
blockPublicAccessproperty results in all the members of classBlockPublicAccessset totrue. However if some properties are set tofalseduring initialization, then all remaining properties are also set tofalse. Reason for this is because the unspecified properties are treated asundefined, which evaluates tofalse. This causes an inconsistent behavior and leads to confusion.Description of changes
Inside the constructor of
BlockPublicAccessclass inaws-s3/lib/bucket.ts, we use the nullish coalescing operator??to check if the properties are not explicitly set by the customer. If they are not, then we set them totrue. This will create a consistent default for those properties totrue.Description of how you validated changes
Added a unit test to validate the changes.
Checklist
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license