Merge branch 'main' into fix-eks-ng

aws · Apr 19, 2024 · 32a0090 · 32a0090
2 parents 93a6aea + 2da544f
commit 32a0090
Show file tree

Hide file tree

Showing 16 changed files with 386 additions and 411 deletions.
diff --git a/packages/@aws-cdk-testing/cli-integ/lib/eventually.ts b/packages/@aws-cdk-testing/cli-integ/lib/eventually.ts
@@ -0,0 +1,42 @@
+/**
+ * @param maxAttempts the maximum number of attempts
+ * @param interval interval in milliseconds to observe between attempts
+ */
+export type EventuallyOptions = {
+  maxAttempts?: number;
+  interval?: number;
+};
+
+const wait = (ms: number): Promise<void> => new Promise((resolve) => setTimeout(resolve, ms));
+const DEFAULT_INTERVAL = 1000;
+const DEFAULT_MAX_ATTEMPTS = 10;
+
+/**
+ * Runs a function on an interval until the maximum number of attempts has
+ * been reached.
+ *
+ * Default interval = 1000 milliseconds
+ * Default maxAttempts = 10
+ *
+ * @param fn function to run
+ * @param options EventuallyOptions
+ */
+const eventually = async <T>(call: () => Promise<T>, options?: EventuallyOptions): Promise<T> => {
+  const opts = {
+    interval: options?.interval ? options.interval : DEFAULT_INTERVAL,
+    maxAttempts: options?.maxAttempts ? options.maxAttempts : DEFAULT_MAX_ATTEMPTS,
+  };
+
+  while (opts.maxAttempts-- >= 0) {
+    try {
+      return await call();
+    } catch (err) {
+      if (opts.maxAttempts <= 0) throw err;
+    }
+    await wait(opts.interval);
+  }
+
+  throw new Error('An unexpected error has occurred.');
+};
+
+export default eventually;
diff --git a/packages/@aws-cdk-testing/cli-integ/tests/cli-integ-tests/bootstrapping.integtest.ts b/packages/@aws-cdk-testing/cli-integ/tests/cli-integ-tests/bootstrapping.integtest.ts
@@ -3,6 +3,7 @@ import * as fs from 'fs';
 import * as path from 'path';
 import * as yaml from 'yaml';
 import { integTest, randomString, withoutBootstrap } from '../../lib';
+import eventually from '../../lib/eventually';
 
 jest.setTimeout(2 * 60 * 60_000); // Includes the time to acquire locks, worst-case single-threaded runtime
 
@@ -283,17 +284,25 @@ integTest('can remove customPermissionsBoundary', withoutBootstrap(async (fixtur
       }),
     });
     policyArn = policy.Policy?.Arn;
-    await fixture.cdkBootstrapModern({
-      // toolkitStackName doesn't matter for this particular invocation
-      toolkitStackName: bootstrapStackName,
-      customPermissionsBoundary: policyName,
-    });
 
-    const response = await fixture.aws.cloudFormation('describeStacks', { StackName: bootstrapStackName });
-    expect(
-      response.Stacks?.[0].Parameters?.some(
-        param => (param.ParameterKey === 'InputPermissionsBoundary' && param.ParameterValue === policyName),
-      )).toEqual(true);
+    // Policy creation and consistency across regions is "almost immediate"
+    // See: https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_eventual-consistency
+    // We will put this in an `eventually` block to retry stack creation with a reasonable timeout
+    const createStackWithPermissionBoundary = async (): Promise<void> => {
+      await fixture.cdkBootstrapModern({
+        // toolkitStackName doesn't matter for this particular invocation
+        toolkitStackName: bootstrapStackName,
+        customPermissionsBoundary: policyName,
+      });
+
+      const response = await fixture.aws.cloudFormation('describeStacks', { StackName: bootstrapStackName });
+      expect(
+        response.Stacks?.[0].Parameters?.some(
+          param => (param.ParameterKey === 'InputPermissionsBoundary' && param.ParameterValue === policyName),
+        )).toEqual(true);
+    };
+
+    await eventually(createStackWithPermissionBoundary, { maxAttempts: 3 });
 
     await fixture.cdkBootstrapModern({
       // toolkitStackName doesn't matter for this particular invocation

diff --git a/...napshot/asset.96d0b6be9a64ae309bf89a86f5515453f0fa1d07b4f6b37198051cc98e251f34/index.d.ts b/...napshot/asset.96d0b6be9a64ae309bf89a86f5515453f0fa1d07b4f6b37198051cc98e251f34/index.d.ts
diff --git a/....snapshot/asset.96d0b6be9a64ae309bf89a86f5515453f0fa1d07b4f6b37198051cc98e251f34/index.js b/....snapshot/asset.96d0b6be9a64ae309bf89a86f5515453f0fa1d07b4f6b37198051cc98e251f34/index.js
diff --git a/....snapshot/asset.96d0b6be9a64ae309bf89a86f5515453f0fa1d07b4f6b37198051cc98e251f34/index.ts b/....snapshot/asset.96d0b6be9a64ae309bf89a86f5515453f0fa1d07b4f6b37198051cc98e251f34/index.ts
diff --git a/...integ/test/aws-ses-actions/test/integ.actions.js.snapshot/aws-cdk-ses-receipt.assets.json b/...integ/test/aws-ses-actions/test/integ.actions.js.snapshot/aws-cdk-ses-receipt.assets.json
diff --git a/...teg/test/aws-ses-actions/test/integ.actions.js.snapshot/aws-cdk-ses-receipt.template.json b/...teg/test/aws-ses-actions/test/integ.actions.js.snapshot/aws-cdk-ses-receipt.template.json
@@ -86,8 +86,31 @@
        "Action": "s3:PutObject",
        "Condition": {
         "StringEquals": {
-         "aws:Referer": {
+         "aws:SourceAccount": {
           "Ref": "AWS::AccountId"
+         },
+         "aws:SourceArn": {
+          "Fn::Join": [
+           "",
+           [
+            "arn:",
+            {
+             "Ref": "AWS::Partition"
+            },
+            ":ses:",
+            {
+             "Ref": "AWS::Region"
+            },
+            ":",
+            {
+             "Ref": "AWS::AccountId"
+            },
+            ":receipt-rule-set/INBOUND_MAIL:receipt-rule/",
+            {
+             "Ref": "RuleSetFirstRule0A27C8CC"
+            }
+           ]
+          ]
          }
         }
        },
@@ -172,40 +195,9 @@
    "UpdateReplacePolicy": "Retain",
    "DeletionPolicy": "Retain"
   },
-  "RuleSetE30C6C48": {
-   "Type": "AWS::SES::ReceiptRuleSet"
-  },
-  "RuleSetDropSpamRule5809F51B": {
-   "Type": "AWS::SES::ReceiptRule",
-   "Properties": {
-    "Rule": {
-     "Actions": [
-      {
-       "LambdaAction": {
-        "FunctionArn": {
-         "Fn::GetAtt": [
-          "SingletonLambda224e77f9a32e4b4dac32983477abba164533EA15",
-          "Arn"
-         ]
-        },
-        "InvocationType": "RequestResponse"
-       }
-      }
-     ],
-     "Enabled": true,
-     "ScanEnabled": true
-    },
-    "RuleSetName": {
-     "Ref": "RuleSetE30C6C48"
-    }
-   }
-  },
   "RuleSetFirstRule0A27C8CC": {
    "Type": "AWS::SES::ReceiptRule",
    "Properties": {
-    "After": {
-     "Ref": "RuleSetDropSpamRule5809F51B"
-    },
     "Rule": {
      "Actions": [
       {
@@ -256,7 +248,7 @@
       {
        "BounceAction": {
         "Message": "Message content rejected",
-        "Sender": "cdk-ses-receipt-test@yopmail.com",
+        "Sender": "test@cdk-test-123.awsapps.com",
         "SmtpReplyCode": "500",
         "StatusCode": "5.6.1",
         "TopicArn": {
@@ -268,17 +260,14 @@
      "Enabled": true,
      "Name": "FirstRule",
      "Recipients": [
-      "cdk-ses-receipt-test@yopmail.com"
+      "test@cdk-test-123.awsapps.com"
      ],
      "ScanEnabled": true,
      "TlsPolicy": "Require"
     },
-    "RuleSetName": {
-     "Ref": "RuleSetE30C6C48"
-    }
+    "RuleSetName": "INBOUND_MAIL"
    },
    "DependsOn": [
-    "BucketPolicyE9A3008A",
     "FunctionAllowSes1829904A"
    ]
   },
@@ -301,79 +290,66 @@
      ],
      "Enabled": true
     },
-    "RuleSetName": {
-     "Ref": "RuleSetE30C6C48"
-    }
+    "RuleSetName": "INBOUND_MAIL"
    }
   },
-  "SingletonLambda224e77f9a32e4b4dac32983477abba16ServiceRole3037F5B4": {
-   "Type": "AWS::IAM::Role",
+  "NotificationQueue36610CC1": {
+   "Type": "AWS::SQS::Queue",
+   "UpdateReplacePolicy": "Delete",
+   "DeletionPolicy": "Delete"
+  },
+  "NotificationQueuePolicyCC060EA6": {
+   "Type": "AWS::SQS::QueuePolicy",
    "Properties": {
-    "AssumeRolePolicyDocument": {
+    "PolicyDocument": {
      "Statement": [
       {
-       "Action": "sts:AssumeRole",
+       "Action": "sqs:SendMessage",
+       "Condition": {
+        "ArnEquals": {
+         "aws:SourceArn": {
+          "Ref": "TopicBFC7AF6E"
+         }
+        }
+       },
        "Effect": "Allow",
        "Principal": {
-        "Service": "lambda.amazonaws.com"
+        "Service": "sns.amazonaws.com"
+       },
+       "Resource": {
+        "Fn::GetAtt": [
+         "NotificationQueue36610CC1",
+         "Arn"
+        ]
        }
       }
      ],
      "Version": "2012-10-17"
     },
-    "ManagedPolicyArns": [
+    "Queues": [
      {
-      "Fn::Join": [
-       "",
-       [
-        "arn:",
-        {
-         "Ref": "AWS::Partition"
-        },
-        ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
-       ]
-      ]
+      "Ref": "NotificationQueue36610CC1"
      }
     ]
    }
   },
-  "SingletonLambda224e77f9a32e4b4dac32983477abba164533EA15": {
-   "Type": "AWS::Lambda::Function",
+  "NotificationQueueawscdksesreceiptTopicE9CA2388E8E96C33": {
+   "Type": "AWS::SNS::Subscription",
    "Properties": {
-    "Code": {
-     "S3Bucket": {
-      "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
-     },
-     "S3Key": "96d0b6be9a64ae309bf89a86f5515453f0fa1d07b4f6b37198051cc98e251f34.zip"
-    },
-    "Handler": "index.handler",
-    "Role": {
+    "Endpoint": {
      "Fn::GetAtt": [
-      "SingletonLambda224e77f9a32e4b4dac32983477abba16ServiceRole3037F5B4",
+      "NotificationQueue36610CC1",
       "Arn"
      ]
     },
-    "Runtime": "nodejs18.x"
+    "Protocol": "sqs",
+    "TopicArn": {
+     "Ref": "TopicBFC7AF6E"
+    }
    },
    "DependsOn": [
-    "SingletonLambda224e77f9a32e4b4dac32983477abba16ServiceRole3037F5B4"
+    "NotificationQueuePolicyCC060EA6"
    ]
-  },
-  "SingletonLambda224e77f9a32e4b4dac32983477abba16AllowSesB42DF904": {
-   "Type": "AWS::Lambda::Permission",
-   "Properties": {
-    "Action": "lambda:InvokeFunction",
-    "FunctionName": {
-     "Fn::GetAtt": [
-      "SingletonLambda224e77f9a32e4b4dac32983477abba164533EA15",
-      "Arn"
-     ]
-    },
-    "Principal": "ses.amazonaws.com",
-    "SourceAccount": {
-     "Ref": "AWS::AccountId"
-    }
-   }
   }
  },
  "Parameters": {

diff --git a/...s-cdk-testing/framework-integ/test/aws-ses-actions/test/integ.actions.js.snapshot/cdk.out b/...s-cdk-testing/framework-integ/test/aws-ses-actions/test/integ.actions.js.snapshot/cdk.out