Merge branch 'master' into DnsValidatedCertificateTokens

.github/PULL_REQUEST_TEMPLATE.md

@@ -1,37 +1,10 @@
-## Description
 
-<!--
-The description should describe _motivation_. Think about your code reviewers and what information they need in order to understand what you did. If it's a big commit (hopefully not), try to provide some good entry points so it will be easier to follow.
-If not obvious (i.e. from unit tests), describe how you verified that your change works.
--->
-
-## Commit Message
-<!--Simply copy paste from the PR title and replace the necessary parts-->
-{*replace-with-pr-title*} (#{*replace-with-pr-number*})
-
-<!--Use this to give a more detailed message that describes the change-->
-{replace-with-extended-commit-message}
-
-<!--For every issue your PR resolves, add `fixes #<issue>` or `closes #<issue>`-->
-
-<!--Shout out to collaborators.-->
-
-<!--If your PR includes breaking changes, uncomment and fill in the following (notice how multiple breaking changes should be formatted):-->
-<!--
-BREAKING CHANGE: Description of what broke and how to achieve this behavior now<br>
-\* **module-name:** Another breaking change<br>
-\* **module-name:** Yet another breaking change
--->
-
-<!--IMPORTANT: This section cannot contain any additional markdown headers (#)-->
-
-## End Commit Message
 
 ----
 
 *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
 
-<!--
+<!-- 
 Please read the contribution guidelines and follow the pull-request checklist:
 https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md
  -->

.github/actions/prlinter/index.js

@@ -3,8 +3,7 @@ const github = require('@actions/github');
 const linter = require('prlint')
 
 const checks = {
-    "MANDATORY_CHANGES": linter.mandatoryChanges,
-    "COMMIT_MESSAGE": linter.commitMessage
+    "MANDATORY_CHANGES": linter.mandatoryChanges
 }
 
 async function run() {
@@ -21,7 +20,7 @@ async function run() {
         }
 
         await check(number);
-
+    
     } catch (error) {
 
         core.setFailed(error.message);

CONTRIBUTING.md

@@ -11,8 +11,9 @@ and let us know if it's not up-to-date (even better, submit a PR with your  corr
   - [Step 1: Open Issue](#step-1-open-issue)
   - [Step 2: Design (optional)](#step-2-design-optional)
   - [Step 3: Work your Magic](#step-3-work-your-magic)
-  - [Step 4: Pull Request](#step-4-pull-request)
-  - [Step 5: Merge](#step-5-merge)
+  - [Step 4: Commit](#step-4-commit)
+  - [Step 5: Pull Request](#step-5-pull-request)
+  - [Step 6: Merge](#step-6-merge)
 - [Tools](#tools)
   - [Main build scripts](#main-build-scripts)
   - [Partial build tools](#partial-build-tools)
@@ -52,7 +53,7 @@ For day-to-day development and normal contributions, the following SDKs and tool
  - [.NET Core SDK 3.0](https://www.microsoft.com/net/download)
  - [Python 3.6.5](https://www.python.org/downloads/release/python-365/)
  - [Ruby 2.5.1](https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-5-1-released/)
-
+ 
 The basic commands to get the repository cloned and built locally follow:
 
 ```console
@@ -141,7 +142,7 @@ Integration tests perform a few functions in the CDK code base -
 3. (Optionally) Acts as a way to validate that constructs set up the CloudFormation resources as expected. A successful
    CloudFormation deployment does not mean that the resources are set up correctly.
 
-If you are working on a new feature that is using previously unused CloudFormation resource types, or involves
+If you are working on a new feature that is using previously unused CloudFormation resource types, or involves 
 configuring resource types across services, you need to write integration tests that use these resource types or
 features.
 
@@ -161,37 +162,48 @@ Examples:
 * [integ.destinations.ts](https://github.com/aws/aws-cdk/blob/master/packages/%40aws-cdk/aws-lambda-destinations/test/integ.destinations.ts#L7)
 * [integ.token-authorizer.ts](https://github.com/aws/aws-cdk/blob/master/packages/%40aws-cdk/aws-apigateway/test/authorizers/integ.token-authorizer.ts#L6)
 
-### Step 4: Pull Request
+### Step 4: Commit
 
-* Push to a GitHub fork or to a branch (naming convention: `<user>/<feature-bug-name>`)
-* Submit a Pull Request on GitHub and assign the PR for a review to the "aws/aws-cdk-team" team. The title and description will be used to format the commit message when its merged to master. This in turn, will translate to CHANGELOG entries. It is therefore important we be consistent and informative. Here is an example PR you should use as a reference: https://github.com/aws/aws-cdk/pull/6553.
+Create a commit with the proposed change changes:
 
-  ### Title
+* Commit title and message (and PR title and description) must adhere to [conventionalcommits](https://www.conventionalcommits.org).
+  * The title must begin with `feat(module): title`, `fix(module): title`, `refactor(module): title` or
+    `chore(module): title`.
+  * Title should be lowercase.
+  * No period at the end of the title.
 
-  * Must adhere to [conventionalcommits](https://www.conventionalcommits.org).
-  * The title must begin with one of:
-    - `feat(module): title`
-    - `fix(module): title`
-    - `refactor(module): title`
-    - `chore(module): title`
-  * Should be lowercase.
-  * No period at the end.
+* Commit message should describe _motivation_. Think about your code reviewers and what information they need in
+  order to understand what you did. If it's a big commit (hopefully not), try to provide some good entry points so
+  it will be easier to follow.
 
+* Commit message should indicate which issues are fixed: `fixes #<issue>` or `closes #<issue>`.
 
-  ### Description
+* Shout out to collaborators.
 
-  * Simply follow the PR template carefully.
+* If not obvious (i.e. from unit tests), describe how you verified that your change works.
 
+* If this commit includes breaking changes, they must be listed at the end in the following format (notice how multiple breaking changes should be formatted):
 
+```
+BREAKING CHANGE: Description of what broke and how to achieve this behavior now
+* **module-name:** Another breaking change
+* **module-name:** Yet another breaking change
+```
+
+### Step 5: Pull Request
+
+* Push to a GitHub fork or to a branch (naming convention: `<user>/<feature-bug-name>`)
+* Submit a Pull Requests on GitHub and assign the PR for a review to the "awslabs/aws-cdk" team.
 * Please follow the PR checklist written below. We trust our contributors to self-check, and this helps that process!
 * Discuss review comments and iterate until you get at least one “Approve”. When iterating, push new commits to the
   same branch. Usually all these are going to be squashed when you merge to master. The commit messages should be hints
   for you when you finalize your merge commit message.
-* Make sure to update the PR title/description if things change.
+* Make sure to update the PR title/description if things change. The PR title/description are going to be used as the
+  commit title/message and will appear in the CHANGELOG, so maintain them all the way throughout the process.
 
 
 
-### Step 5: Merge
+### Step 6: Merge
 
 * Make sure your PR builds successfully (we have CodeBuild setup to automatically build all PRs)
 * Once approved and tested, a maintainer will squash-merge to master and will use your PR title/description as the

allowed-breaking-changes.txt

@@ -40,4 +40,4 @@ change-return-type:@aws-cdk/aws-lambda-destinations.EventBridgeDestination.bind
 change-return-type:@aws-cdk/aws-lambda-destinations.LambdaDestination.bind
 change-return-type:@aws-cdk/aws-lambda-destinations.SnsDestination.bind
 change-return-type:@aws-cdk/aws-lambda-destinations.SqsDestination.bind
-
+removed:@aws-cdk/cdk-assets-schema.DockerImageDestination.imageUri

package.json

@@ -16,7 +16,7 @@
   "devDependencies": {
     "conventional-changelog-cli": "^2.0.31",
     "fs-extra": "^8.1.0",
-    "jsii-diff": "^1.0.0",
+    "jsii-diff": "^1.1.0",
     "jsii-pacmak": "^0.22.0",
     "jsii-rosetta": "^0.22.0",
     "lerna": "^3.20.2",

packages/@aws-cdk/aws-apigateway/README.md

@@ -153,6 +153,36 @@ plan.addApiStage({
 });
 ```
 
+In scenarios where you need to create a single api key and configure rate limiting for it, you can use `RateLimitedApiKey`.
+This construct lets you specify rate limiting properties which should be applied only to the api key being created.
+The API key created has the specified rate limits, such as quota and throttles, applied.
+
+The following example shows how to use a rate limited api key :
+```ts
+const hello = new lambda.Function(this, 'hello', {
+  runtime: lambda.Runtime.NODEJS_10_X,
+  handler: 'hello.handler',
+  code: lambda.Code.fromAsset('lambda')
+});
+
+const api = new apigateway.RestApi(this, 'hello-api', { });
+const integration = new apigateway.LambdaIntegration(hello);
+
+const v1 = api.root.addResource('v1');
+const echo = v1.addResource('echo');
+const echoMethod = echo.addMethod('GET', integration, { apiKeyRequired: true });
+
+const key = new apigateway.RateLimitedApiKey(this, 'rate-limited-api-key', {
+  customerId: 'hello-customer',
+  resources: [api],
+  quota: {
+    limit: 10000,
+    period: apigateway.Period.MONTH
+  }
+});
+
+```
+
 ### Working with models
 
 When you work with Lambda integrations that are not Proxy integrations, you
@@ -343,7 +373,7 @@ that can be used for controlling access to your REST APIs.
 
 #### IAM-based authorizer
 
-The following CDK code provides 'excecute-api' permission to an IAM user, via IAM policies, for the 'GET' method on the `books` resource:
+The following CDK code provides 'execute-api' permission to an IAM user, via IAM policies, for the 'GET' method on the `books` resource:
 
 ```ts
 const getBooks = books.addMethod('GET', new apigateway.HttpIntegration('http://amazon.com'), {

packages/@aws-cdk/aws-apigateway/lib/api-key.ts

@@ -20,6 +20,7 @@ export interface IApiKey extends IResourceBase {
  */
 export interface ApiKeyProps extends ResourceOptions {
   /**
+   * [disable-awslint:ref-via-interface]
    * A list of resources this api key is associated with.
    * @default none
    */

packages/@aws-cdk/aws-apigateway/lib/index.ts

@@ -7,6 +7,7 @@ export * from './stage';
 export * from './integrations';
 export * from './lambda-api';
 export * from './api-key';
+export * from './rate-limited-api-key';
 export * from './usage-plan';
 export * from './vpc-link';
 export * from './methodresponse';

packages/@aws-cdk/aws-apigateway/lib/rate-limited-api-key.ts

@@ -0,0 +1,54 @@
+import { Construct, Resource } from '@aws-cdk/core';
+import { ApiKey, ApiKeyProps, IApiKey } from './api-key';
+import { QuotaSettings, ThrottleSettings, UsagePlan, UsagePlanPerApiStage } from './usage-plan';
+
+/**
+ * RateLimitedApiKey properties.
+ */
+export interface RateLimitedApiKeyProps extends ApiKeyProps {
+  /**
+   * API Stages to be associated with the RateLimitedApiKey.
+   * @default none
+   */
+  readonly apiStages?: UsagePlanPerApiStage[];
+
+  /**
+   * Number of requests clients can make in a given time period.
+   * @default none
+   */
+  readonly quota?: QuotaSettings;
+
+  /**
+   * Overall throttle settings for the API.
+   * @default none
+   */
+  readonly throttle?: ThrottleSettings;
+}
+
+/**
+ * An API Gateway ApiKey, for which a rate limiting configuration can be specified.
+ *
+ * @resource AWS::ApiGateway::ApiKey
+ */
+export class RateLimitedApiKey extends Resource implements IApiKey {
+  public readonly keyId: string;
+
+  constructor(scope: Construct, id: string, props: RateLimitedApiKeyProps = { }) {
+    super(scope, id, {
+      physicalName: props.apiKeyName,
+    });
+
+    const resource = new ApiKey(this, 'Resource', props);
+
+    if (props.apiStages || props.quota || props.throttle) {
+      new UsagePlan(this, 'UsagePlanResource', {
+        apiKey: resource,
+        apiStages: props.apiStages,
+        quota: props.quota,
+        throttle: props.throttle
+      });
+    }
+
+    this.keyId = resource.keyId;
+  }
+}

packages/@aws-cdk/aws-apigateway/test/test.rate-limited-api-key.ts

@@ -0,0 +1,108 @@
+import { expect, haveResource, ResourcePart } from '@aws-cdk/assert';
+import * as cdk from '@aws-cdk/core';
+import { Test } from "nodeunit";
+import * as apigateway from '../lib';
+
+const API_KEY_RESOURCE_TYPE = 'AWS::ApiGateway::ApiKey';
+const USAGE_PLAN_RESOURCE_TYPE = 'AWS::ApiGateway::UsagePlan';
+const USAGE_PLAN_KEY_RESOURCE_TYPE = 'AWS::ApiGateway::UsagePlanKey';
+
+export = {
+  'default setup'(test: Test) {
+    // GIVEN
+    const stack = new cdk.Stack();
+    const api = new apigateway.RestApi(stack, 'my-api', { cloudWatchRole: false, deploy: false });
+    api.root.addMethod('GET'); // Need at least one method on the api
+
+    // WHEN
+    new apigateway.RateLimitedApiKey(stack, 'my-api-key');
+
+    // THEN
+    // should have an api key with no props defined.
+    expect(stack).to(haveResource(API_KEY_RESOURCE_TYPE, undefined, ResourcePart.CompleteDefinition));
+    // should not have a usage plan.
+    expect(stack).notTo(haveResource(USAGE_PLAN_RESOURCE_TYPE));
+    // should not have a usage plan key.
+    expect(stack).notTo(haveResource(USAGE_PLAN_KEY_RESOURCE_TYPE));
+
+    test.done();
+  },
+
+  'only api key is created when rate limiting properties are not provided'(test: Test) {
+    // GIVEN
+    const stack = new cdk.Stack();
+    const api = new apigateway.RestApi(stack, 'test-api', { cloudWatchRole: false, deploy: true, deployOptions: { stageName: 'test' } });
+    api.root.addMethod('GET'); // api must have atleast one method.
+
+    // WHEN
+    new apigateway.RateLimitedApiKey(stack, 'test-api-key', {
+      customerId: 'test-customer',
+      resources: [api]
+    });
+
+    // THEN
+    expect(stack).to(haveResource('AWS::ApiGateway::ApiKey', {
+      CustomerId: 'test-customer',
+      StageKeys: [
+        {
+          RestApiId: { Ref: "testapiD6451F70" },
+          StageName: { Ref: "testapiDeploymentStagetest5869DF71" }
+        }
+      ]
+    }));
+    // should not have a usage plan.
+    expect(stack).notTo(haveResource(USAGE_PLAN_RESOURCE_TYPE));
+    // should not have a usage plan key.
+    expect(stack).notTo(haveResource(USAGE_PLAN_KEY_RESOURCE_TYPE));
+
+    test.done();
+  },
+
+  'api key and usage plan are created and linked when rate limiting properties are provided'(test: Test) {
+    // GIVEN
+    const stack = new cdk.Stack();
+    const api = new apigateway.RestApi(stack, 'test-api', { cloudWatchRole: false, deploy: true, deployOptions: { stageName: 'test' } });
+    api.root.addMethod('GET'); // api must have atleast one method.
+
+    // WHEN
+    new apigateway.RateLimitedApiKey(stack, 'test-api-key', {
+      customerId: 'test-customer',
+      resources: [api],
+      quota: {
+        limit: 10000,
+        period: apigateway.Period.MONTH
+      }
+    });
+
+    // THEN
+    // should have an api key
+    expect(stack).to(haveResource('AWS::ApiGateway::ApiKey', {
+      CustomerId: 'test-customer',
+      StageKeys: [
+        {
+          RestApiId: { Ref: "testapiD6451F70" },
+          StageName: { Ref: "testapiDeploymentStagetest5869DF71" }
+        }
+      ]
+    }));
+    // should have a usage plan with specified quota.
+    expect(stack).to(haveResource(USAGE_PLAN_RESOURCE_TYPE, {
+      Quota: {
+        Limit: 10000,
+        Period: 'MONTH'
+      }
+    }, ResourcePart.Properties));
+    // should have a usage plan key linking the api key and usage plan
+    expect(stack).to(haveResource(USAGE_PLAN_KEY_RESOURCE_TYPE, {
+      KeyId: {
+        Ref: 'testapikey998028B6'
+      },
+      KeyType: 'API_KEY',
+      UsagePlanId: {
+        Ref: 'testapikeyUsagePlanResource66DB63D6'
+      }
+    }, ResourcePart.Properties));
+
+    test.done();
+  }
+};