aws-cdk
aws-cdk copied to clipboard
aws
(pipelines): ManualApprovalStep should support SNS notifications
Description
pipelines.ManualApprovalStep should be able to send an SNS notification to a user when their approval is requested.
Use Case
I'm migrating an old pipelines.CdkPipeline to pipelines.CodePipeline. The previous pipeline is using codepipeline_actions.ManualApprovalAction which supports the above functionality, but the parallel pipelines.ManualApprovalStep does not.
Proposed Solution
pipelines.ManualApprovalStep exposes an SNS notification topic property for providing this configuration.
Other information
As a workaround, one could implement a custom Step that exposes the codepipeline_actions.ManualApprovalAction for the pipelines.CodePipeline version.
Acknowledge
- [X] I may be able to implement this feature request
- [ ] This feature might incur a breaking change
The problem is that ManualApprovalStep might need to work with a backend that doesn't have SNS (like GitHub actions).
But, I suppose it would be okay to add an SNS action and other CDK Pipelines backends would reject that feature if set.
@rix0rrr, I see the issue there. What if there was a way to expose EventBridge configuration(s) more easily? This way it would scale across all of the different approval backends.
Maybe something of the form:
- Pipeline:
pipeline = pipelines.CodePipeline(...)
pipeline_rule: events.Rule = pipeline.on_started(...) # on_failed, etc
- Stage:
stage = ...
stage_rule: events.Rule = stage.on_started(...) # on_failed, etc
- Step:
step = ...
step_rule: events.Rule = step.on_started(...) # on_failed, etc
https://docs.aws.amazon.com/codepipeline/latest/userguide/detect-state-changes-cloudwatch-events.html
Now if you also meant different pipeline backends, such as replacing AWS CodePipeline with a GitHub Actions pipeline, then I can also see where this would create a wrinkle as well.
Description
pipelines.ManualApprovalStepshould be able to send an SNS notification to a user when their approval is requested.Use Case
I'm migrating an old
pipelines.CdkPipelinetopipelines.CodePipeline. The previous pipeline is usingcodepipeline_actions.ManualApprovalActionwhich supports the above functionality, but the parallelpipelines.ManualApprovalStepdoes not.Proposed Solution
pipelines.ManualApprovalStepexposes an SNS notification topic property for providing this configuration.Other information
As a workaround, one could implement a custom
Stepthat exposes thecodepipeline_actions.ManualApprovalActionfor thepipelines.CodePipelineversion.Acknowledge
- [x] I may be able to implement this feature request
- [ ] This feature might incur a breaking change
Same issue, can you please share the workaround solution in with detail? How to create a custom "Step?
My workaround is to go to the CodePipeline console (GUI) and manually add an SNS topic into the ManualApprovalStep action, but this break the cdk python code.
Any workaround? For now I am using ConfirmPermissionsBroadening where it has a notificationTopic property.
How about using CodeStar Notifications as a workaround? This approach only works if you want to get notified about all of your manual approval steps though.
const pipelineUpdatesTopic = new aws_sns.Topic(
this,
"PipelineUpdatesTopic"
);
const slack = new aws_chatbot.SlackChannelConfiguration(
this,
"aws-cicd-demo",
{
slackChannelConfigurationName,
slackWorkspaceId,
slackChannelId,
}
);
/**
* We must build the pipeline before creating the notification rule
*/
pipeline.buildPipeline();
const rule = new aws_codestarnotifications.NotificationRule(
this,
"PipelineNotificationRule",
{
source: pipeline.pipeline,
events: [
"codepipeline-pipeline-manual-approval-needed",
"codepipeline-pipeline-manual-approval-failed",
"codepipeline-pipeline-manual-approval-succeeded",
"codepipeline-pipeline-pipeline-execution-failed",
"codepipeline-pipeline-pipeline-execution-canceled",
"codepipeline-pipeline-pipeline-execution-started",
"codepipeline-pipeline-pipeline-execution-resumed",
"codepipeline-pipeline-pipeline-execution-succeeded",
"codepipeline-pipeline-pipeline-execution-superseded",
],
targets: [pipelineUpdatesTopic],
}
);
// Targeting slack
rule.addTarget(slack);
// Targeting a specific email
pipelineUpdatesTopic.addSubscription(
new aws_sns_subscriptions.EmailSubscription("[email protected]")
);
The NotificationRule can only be created after the pipeline has been built. And after the pipeline has been built, no modifications can be made on the pipeline.
I've implemented it via Arbitrary CodePipeline Action/Step. Little blog on it can be found here: https://yvovanzee.nl/cdk-pipeline-manual-approval-step-with-sns-notification
code used is: ` @jsii.implements(pipelines.ICodePipelineActionFactory) class ManualApprovalWithSNSStep(pipelines.Step): """ Create an Arbitrary CodePipeline step to enable SNS with manual approval https://docs.aws.amazon.com/cdk/api/v2/python/aws_cdk.pipelines/README.html#arbitrary-codepipeline-actions """
def __init__(self, id_, topic: aws_sns.ITopic):
super().__init__(id_)
self.topic = topic
@jsii.member(jsii_name="produceAction")
def produce_action(
self,
stage: aws_codepipeline.IStage,
options: pipelines.ProduceActionOptions,
) -> pipelines.CodePipelineActionFactoryResult:
stage.add_action(
aws_codepipeline_actions.ManualApprovalAction(
action_name=options.action_name,
additional_information="please approve",
run_order=options.run_order,
notification_topic=self.topic,
)
)
return pipelines.CodePipelineActionFactoryResult(run_orders_consumed=1)
`
