docs: added guidelines for facades and traits#37860
Conversation
|
👋 It looks like your PR description follows the template but is missing a valid issue number in the first section. PRs without a linked issue will receive lower priority for review and merging. Please update the description to include a reference like |
aws-cdk-automation
added
the
pr/needs-maintainer-review
aws-cdk-automation
temporarily deployed
to
automation
GitHub Actions
Inactive
aws-cdk-automation
temporarily deployed
to
automation
GitHub Actions
Inactive
kumvprat
left a comment
kumvprat
left a comment
There was a problem hiding this comment.
Added a few inline comments
Overall the new guidelines do clear a lot about facades and traits, as well how they work with each other.
| ? Grant.addToPrincipalOrResource({ /* ... */ resource: this.policyResource }) | ||
| : Grant.addToPrincipal({ /* ... */ }); | ||
|
|
||
| this.encryptedResource?.grantOnKey(grantee, 'kms:Decrypt'); |
There was a problem hiding this comment.
Based on my understanding, a facade uses a trait directly to manipulate the external consumers like done here with the IEncryptedResource trait which grants permission to the grantee to use the kms key for decryption
Any reason we don't do the same for the policyResource variable here which is again a type of trait IResourceWithPolicyV2?
Maybe this is just an example but do we want to promote using only traits inside a facade or is that just a loose guidance
There was a problem hiding this comment.
Both policyResource and encryptedResource are traits consumed by the Facade - the difference is in what each trait's contract provides:
IResourceWithPolicyV2hasaddToResourcePolicy()which accepts a statement — it's passed intoGrant.addToPrincipalOrResourcebecause the Grant framework needs to decide whether to use the
principal's policy or the resource's policy. Calling it directly would bypass that decision.IEncryptedResourceprovides single self-containedgrantOnKey()- it finds the KMS key and grants on it. No decision logic needed, so the Facade calls it directly.
There was a problem hiding this comment.
Got it
So the facade author would need enough context to make this decision which given the fact that facades are per resource/service is a reasonable assumption.(Author should know enough about the service and it's dependent services to make decisions when designing a facade)
| `DefaultEncryptedResourceFactories` / `EncryptedResources` (encryption). | ||
|
|
||
| To register a Trait for a CloudFormation resource type, implement the factory | ||
| and register it in `lib/private/default-traits.ts`: |
There was a problem hiding this comment.
When adding new traits do we just implement the factory here or the trait itself ?
If trait is not implemented here what is the correct location for a trait for any given module/L1 resource?
There was a problem hiding this comment.
Currently both trait interfaces (IResourceWithPolicyV2, IEncryptedResource) live in aws-iam/lib/grant.ts because they are both IAM-related.
The general principle would be: the trait interface and registry live in the module most closely associated with the capability (e.g., an IAM-related trait → aws-iam)
The per-service factory implementations goes in lib/private/default-traits.ts of the service module.
|
Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork). |
Merge Queue Status
This pull request spent 46 minutes 28 seconds in the queue, including 45 minutes 55 seconds running CI. Required conditions to merge
|
|
Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork). |
|
Comments on closed issues and PRs are hard for our team to see. |
aws-cdk-automation
removed
the
pr/needs-maintainer-review
aws-cdk-automation
temporarily deployed
to
automation
GitHub Actions
Inactive
3 participants
Issue # (if applicable)
Closes #.
Reason for this change
The existing
design/mixins-facades-traits.mddescribes the architectural relationship between Facades, Traits, and Mixins, anddocs/DESIGN_GUIDELINES.mdcovers when to use each building block. However, Facades and Traits lack a dedicated implementation guideline.A new
docs/FACADES_AND_TRAITS_DESIGN_GUIDELINES.mdprovides implementation guidance for Facades and Traits, covering the structural pattern (factory method, private constructor, public methods), naming conventions, project structures, how to use Facades and Traits in construct interfaces, and testing requirements.Description of changes
docs/FACADES_AND_TRAITS_DESIGN_GUIDELINES.md- dedicated design guideline for Facades and Traits, covering their key characteristicsChecklist
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license