feat(backup): throw ValidationError instead of untyped Errors (#33387)

mrgrain · web-flow · commit 48f2bf7de291 · 2025-02-12T10:58:09.000Z
### Issue Relates to #32569 ### Description of changes `ValidationErrors` everywhere ### Describe any new or updated permissions being added n/a ### Description of how you validated changes Existing tests. Exemptions granted as this is a refactor of existing code. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
diff --git a/packages/aws-cdk-lib/.eslintrc.js b/packages/aws-cdk-lib/.eslintrc.js
@@ -16,6 +16,7 @@ baseConfig.rules['import/no-extraneous-dependencies'] = [
 
 // no-throw-default-error
 const enableNoThrowDefaultErrorIn = [
+  'aws-backup',
   'assets',
   'aws-amplify',
   'aws-amplifyuibuilder',
diff --git a/packages/aws-cdk-lib/aws-backup/lib/plan.ts b/packages/aws-cdk-lib/aws-backup/lib/plan.ts
@@ -3,7 +3,7 @@ import { CfnBackupPlan } from './backup.generated';
 import { BackupPlanCopyActionProps, BackupPlanRule } from './rule';
 import { BackupSelection, BackupSelectionOptions } from './selection';
 import { BackupVault, IBackupVault } from './vault';
-import { IResource, Lazy, Resource } from '../../core';
+import { IResource, Lazy, Resource, ValidationError } from '../../core';
 import { addConstructMetadata, MethodMetadata } from '../../core/lib/metadata-resource';
 
 /**
@@ -217,7 +217,7 @@ export class BackupPlan extends Resource implements IBackupPlan {
   public get backupVault(): IBackupVault {
     if (!this._backupVault) {
       // This cannot happen but is here to make TypeScript happy
-      throw new Error('No backup vault!');
+      throw new ValidationError('No backup vault!', this);
     }
 
     return this._backupVault;
diff --git a/packages/aws-cdk-lib/aws-backup/lib/rule.ts b/packages/aws-cdk-lib/aws-backup/lib/rule.ts
@@ -1,6 +1,6 @@
 import { IBackupVault } from './vault';
 import * as events from '../../aws-events';
-import { Duration, Token } from '../../core';
+import { Duration, Token, UnscopedValidationError } from '../../core';
 
 /**
  * Properties for a BackupPlanRule
@@ -206,30 +206,30 @@ export class BackupPlanRule {
   constructor(props: BackupPlanRuleProps) {
     if (props.deleteAfter && props.moveToColdStorageAfter &&
       props.deleteAfter.toDays() < props.moveToColdStorageAfter.toDays()) {
-      throw new Error('`deleteAfter` must be greater than `moveToColdStorageAfter`');
+      throw new UnscopedValidationError('`deleteAfter` must be greater than `moveToColdStorageAfter`');
     }
 
     if (props.scheduleExpression && !/^cron/.test(props.scheduleExpression.expressionString)) {
-      throw new Error('`scheduleExpression` must be of type `cron`');
+      throw new UnscopedValidationError('`scheduleExpression` must be of type `cron`');
     }
 
     const deleteAfter = (props.enableContinuousBackup && !props.deleteAfter) ? Duration.days(35) : props.deleteAfter;
 
     if (props.enableContinuousBackup && props.moveToColdStorageAfter) {
-      throw new Error('`moveToColdStorageAfter` must not be specified if `enableContinuousBackup` is enabled');
+      throw new UnscopedValidationError('`moveToColdStorageAfter` must not be specified if `enableContinuousBackup` is enabled');
     }
 
     if (props.enableContinuousBackup && props.deleteAfter &&
       (props.deleteAfter?.toDays() < 1 || props.deleteAfter?.toDays() > 35)) {
-      throw new Error(`'deleteAfter' must be between 1 and 35 days if 'enableContinuousBackup' is enabled, but got ${props.deleteAfter.toHumanString()}`);
+      throw new UnscopedValidationError(`'deleteAfter' must be between 1 and 35 days if 'enableContinuousBackup' is enabled, but got ${props.deleteAfter.toHumanString()}`);
     }
 
     if (props.copyActions && props.copyActions.length > 0) {
       props.copyActions.forEach(copyAction => {
         if (copyAction.deleteAfter && !Token.isUnresolved(copyAction.deleteAfter) &&
           copyAction.moveToColdStorageAfter && !Token.isUnresolved(copyAction.moveToColdStorageAfter) &&
           copyAction.deleteAfter.toDays() < copyAction.moveToColdStorageAfter.toDays() + 90) {
-          throw new Error([
+          throw new UnscopedValidationError([
             '\'deleteAfter\' must at least 90 days later than corresponding \'moveToColdStorageAfter\'',
             `received 'deleteAfter: ${copyAction.deleteAfter.toDays()}' and 'moveToColdStorageAfter: ${copyAction.moveToColdStorageAfter.toDays()}'`,
           ].join('\n'));
diff --git a/packages/aws-cdk-lib/aws-backup/lib/vault.ts b/packages/aws-cdk-lib/aws-backup/lib/vault.ts
@@ -3,7 +3,7 @@ import { CfnBackupVault } from './backup.generated';
 import * as iam from '../../aws-iam';
 import * as kms from '../../aws-kms';
 import * as sns from '../../aws-sns';
-import { ArnFormat, Duration, IResource, Lazy, Names, RemovalPolicy, Resource, Stack, Token } from '../../core';
+import { ArnFormat, Duration, IResource, Lazy, Names, RemovalPolicy, Resource, Stack, Token, ValidationError } from '../../core';
 import { addConstructMetadata, MethodMetadata } from '../../core/lib/metadata-resource';
 
 /**
@@ -209,7 +209,7 @@ abstract class BackupVaultBase extends Resource implements IBackupVault {
   public grant(grantee: iam.IGrantable, ...actions: string[]): iam.Grant {
     for (const action of actions) {
       if (action.indexOf('*') >= 0) {
-        throw new Error("AWS Backup access policies don't support a wildcard in the Action key.");
+        throw new ValidationError("AWS Backup access policies don't support a wildcard in the Action key.", this);
       }
     }
 
@@ -246,10 +246,10 @@ export class BackupVault extends BackupVaultBase {
     const parsedArn = Stack.of(scope).splitArn(backupVaultArn, ArnFormat.COLON_RESOURCE_NAME);
 
     if (parsedArn.arnFormat !== ArnFormat.COLON_RESOURCE_NAME) {
-      throw new Error(`Backup Vault Arn ${backupVaultArn} has the wrong format, expected ${ArnFormat.COLON_RESOURCE_NAME}.`);
+      throw new ValidationError(`Backup Vault Arn ${backupVaultArn} has the wrong format, expected ${ArnFormat.COLON_RESOURCE_NAME}.`, scope);
     }
     if (!parsedArn.resourceName) {
-      throw new Error(`Backup Vault Arn ${backupVaultArn} does not have a resource name.`);
+      throw new ValidationError(`Backup Vault Arn ${backupVaultArn} does not have a resource name.`, scope);
     }
 
     class Import extends BackupVaultBase {
@@ -274,7 +274,7 @@ export class BackupVault extends BackupVaultBase {
     addConstructMetadata(this, props);
 
     if (props.backupVaultName && !Token.isUnresolved(props.backupVaultName) && !/^[a-zA-Z0-9\-_]{2,50}$/.test(props.backupVaultName)) {
-      throw new Error('Expected vault name to match pattern `^[a-zA-Z0-9\-_]{2,50}$`');
+      throw new ValidationError('Expected vault name to match pattern `^[a-zA-Z0-9\-_]{2,50}$`', this);
     }
 
     let notifications: CfnBackupVault.NotificationObjectTypeProperty | undefined;
@@ -296,7 +296,7 @@ export class BackupVault extends BackupVaultBase {
       accessPolicy: Lazy.any({ produce: () => this.accessPolicy.toJSON() }),
       encryptionKeyArn: props.encryptionKey && props.encryptionKey.keyArn,
       notifications,
-      lockConfiguration: renderLockConfiguration(props.lockConfiguration),
+      lockConfiguration: renderLockConfiguration(this, props.lockConfiguration),
     });
     vault.applyRemovalPolicy(props.removalPolicy);
 
@@ -336,26 +336,26 @@ export class BackupVault extends BackupVaultBase {
   }
 }
 
-function renderLockConfiguration(config?: LockConfiguration): CfnBackupVault.LockConfigurationTypeProperty | undefined {
+function renderLockConfiguration(scope: Construct, config?: LockConfiguration): CfnBackupVault.LockConfigurationTypeProperty | undefined {
   if (!config) {
     return undefined;
   }
 
   if (config.changeableFor && config.changeableFor.toHours() < 72) {
-    throw new Error(`AWS Backup enforces a 72-hour cooling-off period before Vault Lock takes effect and becomes immutable, got ${config.changeableFor.toHours()} hours`);
+    throw new ValidationError(`AWS Backup enforces a 72-hour cooling-off period before Vault Lock takes effect and becomes immutable, got ${config.changeableFor.toHours()} hours`, scope);
   }
 
   if (config.maxRetention) {
     if (config.maxRetention.toDays() > 36500) {
-      throw new Error(`The longest maximum retention period you can specify is 36500 days, got ${config.maxRetention.toDays()} days`);
+      throw new ValidationError(`The longest maximum retention period you can specify is 36500 days, got ${config.maxRetention.toDays()} days`, scope);
     }
     if (config.maxRetention.toDays() <= config.minRetention.toDays()) {
-      throw new Error(`The maximum retention period (${config.maxRetention.toDays()} days) must be greater than the minimum retention period (${config.minRetention.toDays()} days)`);
+      throw new ValidationError(`The maximum retention period (${config.maxRetention.toDays()} days) must be greater than the minimum retention period (${config.minRetention.toDays()} days)`, scope);
     }
   }
 
   if (config.minRetention.toHours() < 24) {
-    throw new Error(`The shortest minimum retention period you can specify is 1 day, got ${config.minRetention.toHours()} hours`);
+    throw new ValidationError(`The shortest minimum retention period you can specify is 1 day, got ${config.minRetention.toHours()} hours`, scope);
   }
 
   return {

Original file line number	Diff line number	Diff line change
`@@ -3,7 +3,7 @@ import { CfnBackupVault } from './backup.generated';`
`3`	`3`	`import * as iam from '../../aws-iam';`
`4`	`4`	`import * as kms from '../../aws-kms';`
`5`	`5`	`import * as sns from '../../aws-sns';`
`6`		`-import { ArnFormat, Duration, IResource, Lazy, Names, RemovalPolicy, Resource, Stack, Token } from '../../core';`
	`6`	`+import { ArnFormat, Duration, IResource, Lazy, Names, RemovalPolicy, Resource, Stack, Token, ValidationError } from '../../core';`
`7`	`7`	`import { addConstructMetadata, MethodMetadata } from '../../core/lib/metadata-resource';`
`8`	`8`
`9`	`9`	`/**`
`@@ -209,7 +209,7 @@ abstract class BackupVaultBase extends Resource implements IBackupVault {`
`209`	`209`	`public grant(grantee: iam.IGrantable, ...actions: string[]): iam.Grant {`
`210`	`210`	`for (const action of actions) {`
`211`	`211`	`if (action.indexOf('*') >= 0) {`
`212`		`- throw new Error("AWS Backup access policies don't support a wildcard in the Action key.");`
	`212`	`+ throw new ValidationError("AWS Backup access policies don't support a wildcard in the Action key.", this);`
`213`	`213`	`}`
`214`	`214`	`}`
`215`	`215`
`@@ -246,10 +246,10 @@ export class BackupVault extends BackupVaultBase {`
`246`	`246`	`const parsedArn = Stack.of(scope).splitArn(backupVaultArn, ArnFormat.COLON_RESOURCE_NAME);`
`247`	`247`
`248`	`248`	`if (parsedArn.arnFormat !== ArnFormat.COLON_RESOURCE_NAME) {`
`249`		- throw new Error(`Backup Vault Arn ${backupVaultArn} has the wrong format, expected ${ArnFormat.COLON_RESOURCE_NAME}.`);
	`249`	+ throw new ValidationError(`Backup Vault Arn ${backupVaultArn} has the wrong format, expected ${ArnFormat.COLON_RESOURCE_NAME}.`, scope);
`250`	`250`	`}`
`251`	`251`	`if (!parsedArn.resourceName) {`
`252`		- throw new Error(`Backup Vault Arn ${backupVaultArn} does not have a resource name.`);
	`252`	+ throw new ValidationError(`Backup Vault Arn ${backupVaultArn} does not have a resource name.`, scope);
`253`	`253`	`}`
`254`	`254`
`255`	`255`	`class Import extends BackupVaultBase {`
`@@ -274,7 +274,7 @@ export class BackupVault extends BackupVaultBase {`
`274`	`274`	`addConstructMetadata(this, props);`
`275`	`275`
`276`	`276`	`if (props.backupVaultName && !Token.isUnresolved(props.backupVaultName) && !/^[a-zA-Z0-9\-_]{2,50}$/.test(props.backupVaultName)) {`
`277`		- throw new Error('Expected vault name to match pattern `^[a-zA-Z0-9\-_]{2,50}$`');
	`277`	+ throw new ValidationError('Expected vault name to match pattern `^[a-zA-Z0-9\-_]{2,50}$`', this);
`278`	`278`	`}`
`279`	`279`
`280`	`280`	`let notifications: CfnBackupVault.NotificationObjectTypeProperty \| undefined;`
`@@ -296,7 +296,7 @@ export class BackupVault extends BackupVaultBase {`
`296`	`296`	`accessPolicy: Lazy.any({ produce: () => this.accessPolicy.toJSON() }),`
`297`	`297`	`encryptionKeyArn: props.encryptionKey && props.encryptionKey.keyArn,`
`298`	`298`	`notifications,`
`299`		`- lockConfiguration: renderLockConfiguration(props.lockConfiguration),`
	`299`	`+ lockConfiguration: renderLockConfiguration(this, props.lockConfiguration),`
`300`	`300`	`});`
`301`	`301`	`vault.applyRemovalPolicy(props.removalPolicy);`
`302`	`302`
`@@ -336,26 +336,26 @@ export class BackupVault extends BackupVaultBase {`
`336`	`336`	`}`
`337`	`337`	`}`
`338`	`338`
`339`		`-function renderLockConfiguration(config?: LockConfiguration): CfnBackupVault.LockConfigurationTypeProperty \| undefined {`
	`339`	`+function renderLockConfiguration(scope: Construct, config?: LockConfiguration): CfnBackupVault.LockConfigurationTypeProperty \| undefined {`
`340`	`340`	`if (!config) {`
`341`	`341`	`return undefined;`
`342`	`342`	`}`
`343`	`343`
`344`	`344`	`if (config.changeableFor && config.changeableFor.toHours() < 72) {`
`345`		- throw new Error(`AWS Backup enforces a 72-hour cooling-off period before Vault Lock takes effect and becomes immutable, got ${config.changeableFor.toHours()} hours`);
	`345`	+ throw new ValidationError(`AWS Backup enforces a 72-hour cooling-off period before Vault Lock takes effect and becomes immutable, got ${config.changeableFor.toHours()} hours`, scope);
`346`	`346`	`}`
`347`	`347`
`348`	`348`	`if (config.maxRetention) {`
`349`	`349`	`if (config.maxRetention.toDays() > 36500) {`
`350`		- throw new Error(`The longest maximum retention period you can specify is 36500 days, got ${config.maxRetention.toDays()} days`);
	`350`	+ throw new ValidationError(`The longest maximum retention period you can specify is 36500 days, got ${config.maxRetention.toDays()} days`, scope);
`351`	`351`	`}`
`352`	`352`	`if (config.maxRetention.toDays() <= config.minRetention.toDays()) {`
`353`		- throw new Error(`The maximum retention period (${config.maxRetention.toDays()} days) must be greater than the minimum retention period (${config.minRetention.toDays()} days)`);
	`353`	+ throw new ValidationError(`The maximum retention period (${config.maxRetention.toDays()} days) must be greater than the minimum retention period (${config.minRetention.toDays()} days)`, scope);
`354`	`354`	`}`
`355`	`355`	`}`
`356`	`356`
`357`	`357`	`if (config.minRetention.toHours() < 24) {`
`358`		- throw new Error(`The shortest minimum retention period you can specify is 1 day, got ${config.minRetention.toHours()} hours`);
	`358`	+ throw new ValidationError(`The shortest minimum retention period you can specify is 1 day, got ${config.minRetention.toHours()} hours`, scope);
`359`	`359`	`}`
`360`	`360`
`361`	`361`	`return {`