Merge pull request #231 from pierretr/master

Fix backward incompatible change of VPC endpoint names

Author: pierretr

src/e3/aws/troposphere/ec2/__init__.py

@@ -102,6 +102,7 @@ def __init__(
         cidr_block: str,
         vpc: ec2.vpc,
         interface_endpoints: list[tuple[str, PolicyDocument | None]] | None = None,
+        vpc_prefixed_endpoints: bool | None = None,
     ) -> None:
         """Initialize VPCEndpointsSubnet Construct.
 
@@ -111,11 +112,15 @@ def __init__(
         :param vpc: attach the subnet to this vpc
         :param interface_endpoint: list of (<service_name>, <endpoint_policy_document>)
             tuples for each interface endpoint to create in the vpc endpoints subnet.
+        :param vpc_prefixed_endpoints: If True prefix endpoint names by VPC name.
+            This is to avoid conflicts in stacks with multiple VPCs with endpoints for
+            the same services. This is not the default for backward compatibility.
         """
         self.name = name
         self.region = region
         self.cidr_block = cidr_block
         self.vpc = vpc
+        self.vpc_prefixed_endpoints = vpc_prefixed_endpoints
         self.has_ses_endpoint = False
 
         if interface_endpoints:
@@ -220,9 +225,14 @@ def interface_vpc_endpoints(self) -> list[ec2.VPCEndpoint]:
             else:
                 security_group_id = Ref(self.security_group)
 
+            if self.vpc_prefixed_endpoints:
+                endpoint_name = f"{self.vpc.name}-{service_name}Endpoint"
+            else:
+                endpoint_name = f"{service_name}Endpoint"
+
             endpoints.append(
                 ec2.VPCEndpoint(
-                    name_to_id(f"{self.vpc.name}-{service_name}Endpoint"),
+                    name_to_id(endpoint_name),
                     PrivateDnsEnabled="true",
                     SecurityGroupIds=[security_group_id],
                     ServiceName=f"com.amazonaws.{self.region}.{service_name}",
@@ -404,6 +414,7 @@ def __init__(
         s3_endpoint_policy_document: PolicyDocument | None = None,
         interface_endpoints: list[tuple[str, PolicyDocument | None]] | None = None,
         tags: dict[str, str] | None = None,
+        vpc_prefixed_endpoints: bool | None = None,
     ) -> None:
         """Initialize VPC Construct.
 
@@ -424,6 +435,9 @@ def __init__(
         :param interface_endpoint: list of (<service_name>, <endpoint_policy_document>)
             tuples for each interface endpoint to create in the vpc endpoints subnet.
         :param tags: tags for the VPC
+        :param vpc_prefixed_endpoints: It should be set to True if multiple VPCs in
+            the same stack have endpoints for the same services to avoid name
+            conflicts. It is None by default for backward compatibility.
         """
         self.name = name
         self.region = region
@@ -496,6 +510,7 @@ def __init__(
             cidr_block=vpc_endpoints_subnet_cidr_block,
             vpc=self.vpc,
             interface_endpoints=interface_endpoints,
+            vpc_prefixed_endpoints=vpc_prefixed_endpoints,
         )
 
     @cached_property

tests/tests_e3_aws/troposphere/ec2/ec2_test.py

@@ -130,3 +130,26 @@ def test_vpc_with_ses_and_other_endpoints(stack: Stack) -> None:
         expected_template = json.load(fd)
 
     assert stack.export()["Resources"] == expected_template
+
+
+def test_vpc_with_vpc_prefixed_endpoints(stack: Stack) -> None:
+    """Test creation of a VPC with endpoints prefixed by vpc name."""
+    vpc = VPC(
+        name="TestVPC",
+        region="eu-west-1",
+        nat_gateway=False,
+        interface_endpoints=[
+            ("email-smtp", None),
+            ("logs", None),
+            ("sts", None),
+        ],
+        vpc_prefixed_endpoints=True,
+    )
+    stack.add(vpc)
+
+    with open(
+        os.path.join(TEST_DIR, "vpc_ses_and_other_endpoints_prefixed.json")
+    ) as fd:
+        expected_template = json.load(fd)
+
+    assert stack.export()["Resources"] == expected_template

tests/tests_e3_aws/troposphere/ec2/vpc.json

@@ -242,7 +242,7 @@
         },
         "Type": "AWS::EC2::SecurityGroupIngress"
     },
-    "TestVPCLogsEndpoint": {
+    "LogsEndpoint": {
         "Properties": {
             "PrivateDnsEnabled": true,
             "SecurityGroupIds": [
@@ -278,7 +278,7 @@
         },
         "Type": "AWS::EC2::VPCEndpoint"
     },
-    "TestVPCEcrapiEndpoint": {
+    "EcrapiEndpoint": {
         "Properties": {
             "PrivateDnsEnabled": true,
             "SecurityGroupIds": [
@@ -314,7 +314,7 @@
         },
         "Type": "AWS::EC2::VPCEndpoint"
     },
-    "TestVPCEcrdkrEndpoint": {
+    "EcrdkrEndpoint": {
         "Properties": {
             "PrivateDnsEnabled": true,
             "SecurityGroupIds": [
@@ -350,7 +350,7 @@
         },
         "Type": "AWS::EC2::VPCEndpoint"
     },
-    "TestVPCStsEndpoint": {
+    "StsEndpoint": {
         "Properties": {
             "PrivateDnsEnabled": true,
             "SecurityGroupIds": [
@@ -371,7 +371,7 @@
         },
         "Type": "AWS::EC2::VPCEndpoint"
     },
-    "TestVPCSecretsmanagerEndpoint": {
+    "SecretsmanagerEndpoint": {
         "Properties": {
             "PrivateDnsEnabled": true,
             "SecurityGroupIds": [
@@ -501,4 +501,4 @@
         },
         "Type": "AWS::EC2::SecurityGroup"
     }
-}
+}

tests/tests_e3_aws/troposphere/ec2/vpc_ses_and_other_endpoints.json

@@ -242,7 +242,7 @@
         },
         "Type": "AWS::EC2::SecurityGroupIngress"
     },
-    "TestVPCEmailSmtpEndpoint": {
+    "EmailSmtpEndpoint": {
         "Properties": {
             "PrivateDnsEnabled": true,
             "SecurityGroupIds": [
@@ -263,7 +263,7 @@
         },
         "Type": "AWS::EC2::VPCEndpoint"
     },
-    "TestVPCLogsEndpoint": {
+    "LogsEndpoint": {
         "Properties": {
             "PrivateDnsEnabled": true,
             "SecurityGroupIds": [
@@ -284,7 +284,7 @@
         },
         "Type": "AWS::EC2::VPCEndpoint"
     },
-    "TestVPCStsEndpoint": {
+    "StsEndpoint": {
         "Properties": {
             "PrivateDnsEnabled": true,
             "SecurityGroupIds": [