feat(core): enable additional metadata collection (under feature flag)

[GavinZZ]

Issue # (if applicable)

Closes #.

Reason for this change

Expand the scope of usage data collected by the AWS CDK to better inform CDK development and improve communication for security concerns and emerging issues. Currently, for those that opt in, the CDK collects usage data on your CDK version and which L2 constructs you use. For more information on current CDK behavior, see Version Reporting.

This proposal expands the scope of usage data collection to include the following from L2 constructs in CDK applications:

• Property keys - Collect which property keys you use from the L2 constructs in your app. This includes property keys nested in dictionary objects.
• Property values of Boolean and enum types - Collect property key values of only Boolean and enum types. All other types, such as string values or construct references will be redacted.
• Method name, keys, and property values of Boolean and ENUM types - When you use an L2 construct method, we will collect the method name, property keys, and property values of of Boolean and enum types

Description of changes

Update CDK synthesis code to additionally handle resource metadata.

On feature flag set to true, synthesis will not only inject Metadata usage like version and construct name, it will additionally look for any construct/method/feature flag metadata injected during resource creation.

Note that this PR is only part one so we will have follow up PRs to add metadata injection during resource creation.

On feature flag set to false, it should be the same as before.

Describe any new or updated permissions being added

N/A

Description of how you validated changes

New unit tests added.
New integration tests added.

Checklist

• My code adheres to the CONTRIBUTING GUIDE and DESIGN GUIDELINES

---

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

[GavinZZ]

Temporarily change the target branch to main to trigger integration tests.

Note that adding import statements and this.node.addMetadata(...) statement to Resources' constructor will be in separate PR.
Currently, this will redact ENUM values as well. We do want to keep ENUM values un-redacted, but this will come as a future change.

[moelasmar]

I could not see the metadata resource in this template, although you enabled the ENABLE_ADDITIONAL_METADATA_COLLECTION FF. Is this expected

[GavinZZ]

This is expected as all of our integration test have analyticsReporting: false to avoid contaminate the actual DB. I enabled to flag to make sure that it does deploy on my local test machine by overriding analyticsReporting to true.

[moelasmar]

add a TODO here to change this test case with your change to only collect data for our types.

[aws-cdk-automation]

The pull request linter has failed. See the aws-cdk-automation comment below for failure reasons. If you believe this pull request should receive an exemption, please comment and provide a justification.

A comment requesting an exemption should contain the text Exemption Request. Additionally, if clarification is needed add Clarification Request to a comment.

[GavinZZ]

Verified that this build successfully. Going to ask Core team for a review and set the target branch to feature branch to merge in the change (instead of merging to main).

✅ Updated pull request passes all PRLinter validations. Dismissing previous PRLinter review.

[aws-cdk-automation]

AWS CodeBuild CI Report

• CodeBuild project: AutoBuildv2Project1C6BFA3F-wQm2hXv2jqQv
• Commit ID: eac2bdd
• Result: SUCCEEDED
• Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository