diff --git a/packages/@aws-cdk/aws-eks/lib/oidc-provider.ts b/packages/@aws-cdk/aws-eks/lib/oidc-provider.ts index 5a3e90b1bdc38..ae0e7b0411689 100644 --- a/packages/@aws-cdk/aws-eks/lib/oidc-provider.ts +++ b/packages/@aws-cdk/aws-eks/lib/oidc-provider.ts @@ -41,18 +41,10 @@ export class OpenIdConnectProvider extends iam.OpenIdConnectProvider { * @param props Initialization properties */ public constructor(scope: Construct, id: string, props: OpenIdConnectProviderProps) { - /** - * For some reason EKS isn't validating the root certificate but a intermediate certificate - * which is one level up in the tree. Because of the a constant thumbprint value has to be - * stated with this OpenID Connect provider. The certificate thumbprint is the same for all the regions. - */ - const thumbprints = ['9e99a48a9960b14926bb7f3b02e22da2b0ab7280']; - const clientIds = ['sts.amazonaws.com']; super(scope, id, { url: props.url, - thumbprints, clientIds, }); } diff --git a/packages/@aws-cdk/aws-eks/test/cluster.test.ts b/packages/@aws-cdk/aws-eks/test/cluster.test.ts index 23041760e452f..2469264f6de28 100644 --- a/packages/@aws-cdk/aws-eks/test/cluster.test.ts +++ b/packages/@aws-cdk/aws-eks/test/cluster.test.ts @@ -2156,9 +2156,6 @@ describe('cluster', () => { ClientIDList: [ 'sts.amazonaws.com', ], - ThumbprintList: [ - '9e99a48a9960b14926bb7f3b02e22da2b0ab7280', - ], Url: { 'Fn::GetAtt': [ 'Cluster9EE0221C', diff --git a/packages/@aws-cdk/aws-eks/test/integ.alb-controller.js.snapshot/asset.4288ebb3652acdf2d828b7db7ca44a7162a401ace50ebb4026e84b18a02a06ee.zip b/packages/@aws-cdk/aws-eks/test/integ.alb-controller.js.snapshot/asset.4288ebb3652acdf2d828b7db7ca44a7162a401ace50ebb4026e84b18a02a06ee.zip index bea20c7049002..4b95260872643 100644 Binary files a/packages/@aws-cdk/aws-eks/test/integ.alb-controller.js.snapshot/asset.4288ebb3652acdf2d828b7db7ca44a7162a401ace50ebb4026e84b18a02a06ee.zip and b/packages/@aws-cdk/aws-eks/test/integ.alb-controller.js.snapshot/asset.4288ebb3652acdf2d828b7db7ca44a7162a401ace50ebb4026e84b18a02a06ee.zip differ diff --git a/packages/@aws-cdk/aws-eks/test/integ.alb-controller.js.snapshot/asset.42973d1d89f4a393a64981f78d088964ba13e63a3aab4478cd74109c77cf9174/diff.d.ts b/packages/@aws-cdk/aws-eks/test/integ.alb-controller.js.snapshot/asset.42973d1d89f4a393a64981f78d088964ba13e63a3aab4478cd74109c77cf9174/diff.d.ts deleted file mode 100644 index 53962e1f09938..0000000000000 --- a/packages/@aws-cdk/aws-eks/test/integ.alb-controller.js.snapshot/asset.42973d1d89f4a393a64981f78d088964ba13e63a3aab4478cd74109c77cf9174/diff.d.ts +++ /dev/null @@ -1,4 +0,0 @@ -export declare function arrayDiff(oldValues: string[], newValues: string[]): { - adds: string[]; - deletes: string[]; -}; diff --git a/packages/@aws-cdk/aws-eks/test/integ.alb-controller.js.snapshot/asset.42973d1d89f4a393a64981f78d088964ba13e63a3aab4478cd74109c77cf9174/diff.ts b/packages/@aws-cdk/aws-eks/test/integ.alb-controller.js.snapshot/asset.42973d1d89f4a393a64981f78d088964ba13e63a3aab4478cd74109c77cf9174/diff.ts deleted file mode 100644 index 8a91e6ebddc53..0000000000000 --- a/packages/@aws-cdk/aws-eks/test/integ.alb-controller.js.snapshot/asset.42973d1d89f4a393a64981f78d088964ba13e63a3aab4478cd74109c77cf9174/diff.ts +++ /dev/null @@ -1,17 +0,0 @@ -export function arrayDiff(oldValues: string[], newValues: string[]) { - const deletes = new Set(oldValues); - const adds = new Set(); - - for (const v of new Set(newValues)) { - if (deletes.has(v)) { - deletes.delete(v); - } else { - adds.add(v); - } - } - - return { - adds: Array.from(adds), - deletes: Array.from(deletes), - }; -} diff --git a/packages/@aws-cdk/aws-eks/test/integ.alb-controller.js.snapshot/asset.42973d1d89f4a393a64981f78d088964ba13e63a3aab4478cd74109c77cf9174/external.d.ts b/packages/@aws-cdk/aws-eks/test/integ.alb-controller.js.snapshot/asset.42973d1d89f4a393a64981f78d088964ba13e63a3aab4478cd74109c77cf9174/external.d.ts deleted file mode 100644 index 8fe88b8f82209..0000000000000 --- a/packages/@aws-cdk/aws-eks/test/integ.alb-controller.js.snapshot/asset.42973d1d89f4a393a64981f78d088964ba13e63a3aab4478cd74109c77cf9174/external.d.ts +++ /dev/null @@ -1,24 +0,0 @@ -import * as aws from 'aws-sdk'; -declare function defaultLogger(fmt: string, ...args: any[]): void; -/** - * Downloads the CA thumbprint from the issuer URL - */ -declare function downloadThumbprint(issuerUrl: string): Promise; -export declare const external: { - downloadThumbprint: typeof downloadThumbprint; - log: typeof defaultLogger; - createOpenIDConnectProvider: (req: aws.IAM.CreateOpenIDConnectProviderRequest) => Promise>; - deleteOpenIDConnectProvider: (req: aws.IAM.DeleteOpenIDConnectProviderRequest) => Promise<{ - $response: aws.Response<{}, aws.AWSError>; - }>; - updateOpenIDConnectProviderThumbprint: (req: aws.IAM.UpdateOpenIDConnectProviderThumbprintRequest) => Promise<{ - $response: aws.Response<{}, aws.AWSError>; - }>; - addClientIDToOpenIDConnectProvider: (req: aws.IAM.AddClientIDToOpenIDConnectProviderRequest) => Promise<{ - $response: aws.Response<{}, aws.AWSError>; - }>; - removeClientIDFromOpenIDConnectProvider: (req: aws.IAM.RemoveClientIDFromOpenIDConnectProviderRequest) => Promise<{ - $response: aws.Response<{}, aws.AWSError>; - }>; -}; -export {}; diff --git a/packages/@aws-cdk/aws-eks/test/integ.alb-controller.js.snapshot/asset.42973d1d89f4a393a64981f78d088964ba13e63a3aab4478cd74109c77cf9174/external.js b/packages/@aws-cdk/aws-eks/test/integ.alb-controller.js.snapshot/asset.42973d1d89f4a393a64981f78d088964ba13e63a3aab4478cd74109c77cf9174/external.js deleted file mode 100644 index 2f6632aed7b13..0000000000000 --- a/packages/@aws-cdk/aws-eks/test/integ.alb-controller.js.snapshot/asset.42973d1d89f4a393a64981f78d088964ba13e63a3aab4478cd74109c77cf9174/external.js +++ /dev/null @@ -1,53 +0,0 @@ -"use strict"; -/* istanbul ignore file */ -Object.defineProperty(exports, "__esModule", { value: true }); -exports.external = void 0; -const tls = require("tls"); -const url = require("url"); -// eslint-disable-next-line import/no-extraneous-dependencies -const aws = require("aws-sdk"); -let client; -function iam() { - if (!client) { - client = new aws.IAM(); - } - return client; -} -function defaultLogger(fmt, ...args) { - // eslint-disable-next-line no-console - console.log(fmt, ...args); -} -/** - * Downloads the CA thumbprint from the issuer URL - */ -async function downloadThumbprint(issuerUrl) { - exports.external.log(`downloading certificate authority thumbprint for ${issuerUrl}`); - return new Promise((ok, ko) => { - const purl = url.parse(issuerUrl); - const port = purl.port ? parseInt(purl.port, 10) : 443; - if (!purl.host) { - return ko(new Error(`unable to determine host from issuer url ${issuerUrl}`)); - } - const socket = tls.connect(port, purl.host, { rejectUnauthorized: false, servername: purl.host }); - socket.once('error', ko); - socket.once('secureConnect', () => { - const cert = socket.getPeerCertificate(); - socket.end(); - const thumbprint = cert.fingerprint.split(':').join(''); - exports.external.log(`certificate authority thumbprint for ${issuerUrl} is ${thumbprint}`); - ok(thumbprint); - }); - }); -} -// allows unit test to replace with mocks -/* eslint-disable max-len */ -exports.external = { - downloadThumbprint, - log: defaultLogger, - createOpenIDConnectProvider: (req) => iam().createOpenIDConnectProvider(req).promise(), - deleteOpenIDConnectProvider: (req) => iam().deleteOpenIDConnectProvider(req).promise(), - updateOpenIDConnectProviderThumbprint: (req) => iam().updateOpenIDConnectProviderThumbprint(req).promise(), - addClientIDToOpenIDConnectProvider: (req) => iam().addClientIDToOpenIDConnectProvider(req).promise(), - removeClientIDFromOpenIDConnectProvider: (req) => iam().removeClientIDFromOpenIDConnectProvider(req).promise(), -}; -//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZXh0ZXJuYWwuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyJleHRlcm5hbC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiO0FBQUEsMEJBQTBCOzs7QUFFMUIsMkJBQTJCO0FBQzNCLDJCQUEyQjtBQUMzQiw2REFBNkQ7QUFDN0QsK0JBQStCO0FBRS9CLElBQUksTUFBZSxDQUFDO0FBRXBCLFNBQVMsR0FBRztJQUNWLElBQUksQ0FBQyxNQUFNLEVBQUU7UUFBRSxNQUFNLEdBQUcsSUFBSSxHQUFHLENBQUMsR0FBRyxFQUFFLENBQUM7S0FBRTtJQUN4QyxPQUFPLE1BQU0sQ0FBQztBQUNoQixDQUFDO0FBRUQsU0FBUyxhQUFhLENBQUMsR0FBVyxFQUFFLEdBQUcsSUFBVztJQUNoRCxzQ0FBc0M7SUFDdEMsT0FBTyxDQUFDLEdBQUcsQ0FBQyxHQUFHLEVBQUUsR0FBRyxJQUFJLENBQUMsQ0FBQztBQUM1QixDQUFDO0FBRUQ7O0dBRUc7QUFDSCxLQUFLLFVBQVUsa0JBQWtCLENBQUMsU0FBaUI7SUFDakQsZ0JBQVEsQ0FBQyxHQUFHLENBQUMsb0RBQW9ELFNBQVMsRUFBRSxDQUFDLENBQUM7SUFDOUUsT0FBTyxJQUFJLE9BQU8sQ0FBUyxDQUFDLEVBQUUsRUFBRSxFQUFFLEVBQUUsRUFBRTtRQUNwQyxNQUFNLElBQUksR0FBRyxHQUFHLENBQUMsS0FBSyxDQUFDLFNBQVMsQ0FBQyxDQUFDO1FBQ2xDLE1BQU0sSUFBSSxHQUFHLElBQUksQ0FBQyxJQUFJLENBQUMsQ0FBQyxDQUFDLFFBQVEsQ0FBQyxJQUFJLENBQUMsSUFBSSxFQUFFLEVBQUUsQ0FBQyxDQUFDLENBQUMsQ0FBQyxHQUFHLENBQUM7UUFDdkQsSUFBSSxDQUFDLElBQUksQ0FBQyxJQUFJLEVBQUU7WUFDZCxPQUFPLEVBQUUsQ0FBQyxJQUFJLEtBQUssQ0FBQyw0Q0FBNEMsU0FBUyxFQUFFLENBQUMsQ0FBQyxDQUFDO1NBQy9FO1FBQ0QsTUFBTSxNQUFNLEdBQUcsR0FBRyxDQUFDLE9BQU8sQ0FBQyxJQUFJLEVBQUUsSUFBSSxDQUFDLElBQUksRUFBRSxFQUFFLGtCQUFrQixFQUFFLEtBQUssRUFBRSxVQUFVLEVBQUUsSUFBSSxDQUFDLElBQUksRUFBRSxDQUFDLENBQUM7UUFDbEcsTUFBTSxDQUFDLElBQUksQ0FBQyxPQUFPLEVBQUUsRUFBRSxDQUFDLENBQUM7UUFDekIsTUFBTSxDQUFDLElBQUksQ0FBQyxlQUFlLEVBQUUsR0FBRyxFQUFFO1lBQ2hDLE1BQU0sSUFBSSxHQUFHLE1BQU0sQ0FBQyxrQkFBa0IsRUFBRSxDQUFDO1lBQ3pDLE1BQU0sQ0FBQyxHQUFHLEVBQUUsQ0FBQztZQUNiLE1BQU0sVUFBVSxHQUFHLElBQUksQ0FBQyxXQUFXLENBQUMsS0FBSyxDQUFDLEdBQUcsQ0FBQyxDQUFDLElBQUksQ0FBQyxFQUFFLENBQUMsQ0FBQztZQUN4RCxnQkFBUSxDQUFDLEdBQUcsQ0FBQyx3Q0FBd0MsU0FBUyxPQUFPLFVBQVUsRUFBRSxDQUFDLENBQUM7WUFDbkYsRUFBRSxDQUFDLFVBQVUsQ0FBQyxDQUFDO1FBQ2pCLENBQUMsQ0FBQyxDQUFDO0lBQ0wsQ0FBQyxDQUFDLENBQUM7QUFDTCxDQUFDO0FBRUQseUNBQXlDO0FBQ3pDLDRCQUE0QjtBQUNmLFFBQUEsUUFBUSxHQUFHO0lBQ3RCLGtCQUFrQjtJQUNsQixHQUFHLEVBQUUsYUFBYTtJQUNsQiwyQkFBMkIsRUFBRSxDQUFDLEdBQStDLEVBQUUsRUFBRSxDQUFDLEdBQUcsRUFBRSxDQUFDLDJCQUEyQixDQUFDLEdBQUcsQ0FBQyxDQUFDLE9BQU8sRUFBRTtJQUNsSSwyQkFBMkIsRUFBRSxDQUFDLEdBQStDLEVBQUUsRUFBRSxDQUFDLEdBQUcsRUFBRSxDQUFDLDJCQUEyQixDQUFDLEdBQUcsQ0FBQyxDQUFDLE9BQU8sRUFBRTtJQUNsSSxxQ0FBcUMsRUFBRSxDQUFDLEdBQXlELEVBQUUsRUFBRSxDQUFDLEdBQUcsRUFBRSxDQUFDLHFDQUFxQyxDQUFDLEdBQUcsQ0FBQyxDQUFDLE9BQU8sRUFBRTtJQUNoSyxrQ0FBa0MsRUFBRSxDQUFDLEdBQXNELEVBQUUsRUFBRSxDQUFDLEdBQUcsRUFBRSxDQUFDLGtDQUFrQyxDQUFDLEdBQUcsQ0FBQyxDQUFDLE9BQU8sRUFBRTtJQUN2Six1Q0FBdUMsRUFBRSxDQUFDLEdBQTJELEVBQUUsRUFBRSxDQUFDLEdBQUcsRUFBRSxDQUFDLHVDQUF1QyxDQUFDLEdBQUcsQ0FBQyxDQUFDLE9BQU8sRUFBRTtDQUN2SyxDQUFDIiwic291cmNlc0NvbnRlbnQiOlsiLyogaXN0YW5idWwgaWdub3JlIGZpbGUgKi9cblxuaW1wb3J0ICogYXMgdGxzIGZyb20gJ3Rscyc7XG5pbXBvcnQgKiBhcyB1cmwgZnJvbSAndXJsJztcbi8vIGVzbGludC1kaXNhYmxlLW5leHQtbGluZSBpbXBvcnQvbm8tZXh0cmFuZW91cy1kZXBlbmRlbmNpZXNcbmltcG9ydCAqIGFzIGF3cyBmcm9tICdhd3Mtc2RrJztcblxubGV0IGNsaWVudDogYXdzLklBTTtcblxuZnVuY3Rpb24gaWFtKCkge1xuICBpZiAoIWNsaWVudCkgeyBjbGllbnQgPSBuZXcgYXdzLklBTSgpOyB9XG4gIHJldHVybiBjbGllbnQ7XG59XG5cbmZ1bmN0aW9uIGRlZmF1bHRMb2dnZXIoZm10OiBzdHJpbmcsIC4uLmFyZ3M6IGFueVtdKSB7XG4gIC8vIGVzbGludC1kaXNhYmxlLW5leHQtbGluZSBuby1jb25zb2xlXG4gIGNvbnNvbGUubG9nKGZtdCwgLi4uYXJncyk7XG59XG5cbi8qKlxuICogRG93bmxvYWRzIHRoZSBDQSB0aHVtYnByaW50IGZyb20gdGhlIGlzc3VlciBVUkxcbiAqL1xuYXN5bmMgZnVuY3Rpb24gZG93bmxvYWRUaHVtYnByaW50KGlzc3VlclVybDogc3RyaW5nKSB7XG4gIGV4dGVybmFsLmxvZyhgZG93bmxvYWRpbmcgY2VydGlmaWNhdGUgYXV0aG9yaXR5IHRodW1icHJpbnQgZm9yICR7aXNzdWVyVXJsfWApO1xuICByZXR1cm4gbmV3IFByb21pc2U8c3RyaW5nPigob2ssIGtvKSA9PiB7XG4gICAgY29uc3QgcHVybCA9IHVybC5wYXJzZShpc3N1ZXJVcmwpO1xuICAgIGNvbnN0IHBvcnQgPSBwdXJsLnBvcnQgPyBwYXJzZUludChwdXJsLnBvcnQsIDEwKSA6IDQ0MztcbiAgICBpZiAoIXB1cmwuaG9zdCkge1xuICAgICAgcmV0dXJuIGtvKG5ldyBFcnJvcihgdW5hYmxlIHRvIGRldGVybWluZSBob3N0IGZyb20gaXNzdWVyIHVybCAke2lzc3VlclVybH1gKSk7XG4gICAgfVxuICAgIGNvbnN0IHNvY2tldCA9IHRscy5jb25uZWN0KHBvcnQsIHB1cmwuaG9zdCwgeyByZWplY3RVbmF1dGhvcml6ZWQ6IGZhbHNlLCBzZXJ2ZXJuYW1lOiBwdXJsLmhvc3QgfSk7XG4gICAgc29ja2V0Lm9uY2UoJ2Vycm9yJywga28pO1xuICAgIHNvY2tldC5vbmNlKCdzZWN1cmVDb25uZWN0JywgKCkgPT4ge1xuICAgICAgY29uc3QgY2VydCA9IHNvY2tldC5nZXRQZWVyQ2VydGlmaWNhdGUoKTtcbiAgICAgIHNvY2tldC5lbmQoKTtcbiAgICAgIGNvbnN0IHRodW1icHJpbnQgPSBjZXJ0LmZpbmdlcnByaW50LnNwbGl0KCc6Jykuam9pbignJyk7XG4gICAgICBleHRlcm5hbC5sb2coYGNlcnRpZmljYXRlIGF1dGhvcml0eSB0aHVtYnByaW50IGZvciAke2lzc3VlclVybH0gaXMgJHt0aHVtYnByaW50fWApO1xuICAgICAgb2sodGh1bWJwcmludCk7XG4gICAgfSk7XG4gIH0pO1xufVxuXG4vLyBhbGxvd3MgdW5pdCB0ZXN0IHRvIHJlcGxhY2Ugd2l0aCBtb2Nrc1xuLyogZXNsaW50LWRpc2FibGUgbWF4LWxlbiAqL1xuZXhwb3J0IGNvbnN0IGV4dGVybmFsID0ge1xuICBkb3dubG9hZFRodW1icHJpbnQsXG4gIGxvZzogZGVmYXVsdExvZ2dlcixcbiAgY3JlYXRlT3BlbklEQ29ubmVjdFByb3ZpZGVyOiAocmVxOiBhd3MuSUFNLkNyZWF0ZU9wZW5JRENvbm5lY3RQcm92aWRlclJlcXVlc3QpID0+IGlhbSgpLmNyZWF0ZU9wZW5JRENvbm5lY3RQcm92aWRlcihyZXEpLnByb21pc2UoKSxcbiAgZGVsZXRlT3BlbklEQ29ubmVjdFByb3ZpZGVyOiAocmVxOiBhd3MuSUFNLkRlbGV0ZU9wZW5JRENvbm5lY3RQcm92aWRlclJlcXVlc3QpID0+IGlhbSgpLmRlbGV0ZU9wZW5JRENvbm5lY3RQcm92aWRlcihyZXEpLnByb21pc2UoKSxcbiAgdXBkYXRlT3BlbklEQ29ubmVjdFByb3ZpZGVyVGh1bWJwcmludDogKHJlcTogYXdzLklBTS5VcGRhdGVPcGVuSURDb25uZWN0UHJvdmlkZXJUaHVtYnByaW50UmVxdWVzdCkgPT4gaWFtKCkudXBkYXRlT3BlbklEQ29ubmVjdFByb3ZpZGVyVGh1bWJwcmludChyZXEpLnByb21pc2UoKSxcbiAgYWRkQ2xpZW50SURUb09wZW5JRENvbm5lY3RQcm92aWRlcjogKHJlcTogYXdzLklBTS5BZGRDbGllbnRJRFRvT3BlbklEQ29ubmVjdFByb3ZpZGVyUmVxdWVzdCkgPT4gaWFtKCkuYWRkQ2xpZW50SURUb09wZW5JRENvbm5lY3RQcm92aWRlcihyZXEpLnByb21pc2UoKSxcbiAgcmVtb3ZlQ2xpZW50SURGcm9tT3BlbklEQ29ubmVjdFByb3ZpZGVyOiAocmVxOiBhd3MuSUFNLlJlbW92ZUNsaWVudElERnJvbU9wZW5JRENvbm5lY3RQcm92aWRlclJlcXVlc3QpID0+IGlhbSgpLnJlbW92ZUNsaWVudElERnJvbU9wZW5JRENvbm5lY3RQcm92aWRlcihyZXEpLnByb21pc2UoKSxcbn07XG4iXX0= \ No newline at end of file diff --git a/packages/@aws-cdk/aws-eks/test/integ.alb-controller.js.snapshot/asset.42973d1d89f4a393a64981f78d088964ba13e63a3aab4478cd74109c77cf9174/external.ts b/packages/@aws-cdk/aws-eks/test/integ.alb-controller.js.snapshot/asset.42973d1d89f4a393a64981f78d088964ba13e63a3aab4478cd74109c77cf9174/external.ts deleted file mode 100644 index 4ad18aed4f17d..0000000000000 --- a/packages/@aws-cdk/aws-eks/test/integ.alb-controller.js.snapshot/asset.42973d1d89f4a393a64981f78d088964ba13e63a3aab4478cd74109c77cf9174/external.ts +++ /dev/null @@ -1,53 +0,0 @@ -/* istanbul ignore file */ - -import * as tls from 'tls'; -import * as url from 'url'; -// eslint-disable-next-line import/no-extraneous-dependencies -import * as aws from 'aws-sdk'; - -let client: aws.IAM; - -function iam() { - if (!client) { client = new aws.IAM(); } - return client; -} - -function defaultLogger(fmt: string, ...args: any[]) { - // eslint-disable-next-line no-console - console.log(fmt, ...args); -} - -/** - * Downloads the CA thumbprint from the issuer URL - */ -async function downloadThumbprint(issuerUrl: string) { - external.log(`downloading certificate authority thumbprint for ${issuerUrl}`); - return new Promise((ok, ko) => { - const purl = url.parse(issuerUrl); - const port = purl.port ? parseInt(purl.port, 10) : 443; - if (!purl.host) { - return ko(new Error(`unable to determine host from issuer url ${issuerUrl}`)); - } - const socket = tls.connect(port, purl.host, { rejectUnauthorized: false, servername: purl.host }); - socket.once('error', ko); - socket.once('secureConnect', () => { - const cert = socket.getPeerCertificate(); - socket.end(); - const thumbprint = cert.fingerprint.split(':').join(''); - external.log(`certificate authority thumbprint for ${issuerUrl} is ${thumbprint}`); - ok(thumbprint); - }); - }); -} - -// allows unit test to replace with mocks -/* eslint-disable max-len */ -export const external = { - downloadThumbprint, - log: defaultLogger, - createOpenIDConnectProvider: (req: aws.IAM.CreateOpenIDConnectProviderRequest) => iam().createOpenIDConnectProvider(req).promise(), - deleteOpenIDConnectProvider: (req: aws.IAM.DeleteOpenIDConnectProviderRequest) => iam().deleteOpenIDConnectProvider(req).promise(), - updateOpenIDConnectProviderThumbprint: (req: aws.IAM.UpdateOpenIDConnectProviderThumbprintRequest) => iam().updateOpenIDConnectProviderThumbprint(req).promise(), - addClientIDToOpenIDConnectProvider: (req: aws.IAM.AddClientIDToOpenIDConnectProviderRequest) => iam().addClientIDToOpenIDConnectProvider(req).promise(), - removeClientIDFromOpenIDConnectProvider: (req: aws.IAM.RemoveClientIDFromOpenIDConnectProviderRequest) => iam().removeClientIDFromOpenIDConnectProvider(req).promise(), -}; diff --git a/packages/@aws-cdk/aws-eks/test/integ.alb-controller.js.snapshot/asset.42973d1d89f4a393a64981f78d088964ba13e63a3aab4478cd74109c77cf9174/index.d.ts b/packages/@aws-cdk/aws-eks/test/integ.alb-controller.js.snapshot/asset.42973d1d89f4a393a64981f78d088964ba13e63a3aab4478cd74109c77cf9174/index.d.ts deleted file mode 100644 index 038b626561d4a..0000000000000 --- a/packages/@aws-cdk/aws-eks/test/integ.alb-controller.js.snapshot/asset.42973d1d89f4a393a64981f78d088964ba13e63a3aab4478cd74109c77cf9174/index.d.ts +++ /dev/null @@ -1,3 +0,0 @@ -export declare function handler(event: AWSLambda.CloudFormationCustomResourceEvent): Promise; diff --git a/packages/@aws-cdk/aws-eks/test/integ.alb-controller.js.snapshot/asset.42973d1d89f4a393a64981f78d088964ba13e63a3aab4478cd74109c77cf9174/index.ts b/packages/@aws-cdk/aws-eks/test/integ.alb-controller.js.snapshot/asset.42973d1d89f4a393a64981f78d088964ba13e63a3aab4478cd74109c77cf9174/index.ts deleted file mode 100644 index ee276edd3fa9b..0000000000000 --- a/packages/@aws-cdk/aws-eks/test/integ.alb-controller.js.snapshot/asset.42973d1d89f4a393a64981f78d088964ba13e63a3aab4478cd74109c77cf9174/index.ts +++ /dev/null @@ -1,89 +0,0 @@ -import { arrayDiff } from './diff'; -import { external } from './external'; - -export async function handler(event: AWSLambda.CloudFormationCustomResourceEvent) { - if (event.RequestType === 'Create') { return onCreate(event); } - if (event.RequestType === 'Update') { return onUpdate(event); } - if (event.RequestType === 'Delete') { return onDelete(event); } - throw new Error('invalid request type'); -} - -async function onCreate(event: AWSLambda.CloudFormationCustomResourceCreateEvent) { - const issuerUrl = event.ResourceProperties.Url; - const thumbprints: string[] = (event.ResourceProperties.ThumbprintList ?? []).sort(); // keep sorted for UPDATE - const clients: string[] = (event.ResourceProperties.ClientIDList ?? []).sort(); - - if (thumbprints.length === 0) { - thumbprints.push(await external.downloadThumbprint(issuerUrl)); - } - - const resp = await external.createOpenIDConnectProvider({ - Url: issuerUrl, - ClientIDList: clients, - ThumbprintList: thumbprints, - }); - - return { - PhysicalResourceId: resp.OpenIDConnectProviderArn, - }; -} - -async function onUpdate(event: AWSLambda.CloudFormationCustomResourceUpdateEvent) { - const issuerUrl = event.ResourceProperties.Url; - const thumbprints: string[] = (event.ResourceProperties.ThumbprintList ?? []).sort(); // keep sorted for UPDATE - const clients: string[] = (event.ResourceProperties.ClientIDList ?? []).sort(); - - // determine which update we are talking about. - const oldIssuerUrl = event.OldResourceProperties.Url; - - // if this is a URL update, then we basically create a new resource and cfn will delete the old one - // since the physical resource ID will change. - if (oldIssuerUrl !== issuerUrl) { - return onCreate({ ...event, RequestType: 'Create' }); - } - - const providerArn = event.PhysicalResourceId; - - // if thumbprints changed, we can update in-place, but bear in mind that if the new thumbprint list - // is empty, we will grab it from the server like we do in CREATE - const oldThumbprints = (event.OldResourceProperties.ThumbprintList || []).sort(); - if (JSON.stringify(oldThumbprints) !== JSON.stringify(thumbprints)) { - const thumbprintList = thumbprints.length > 0 ? thumbprints : [await external.downloadThumbprint(issuerUrl)]; - external.log('updating thumbprint list from', oldThumbprints, 'to', thumbprints); - await external.updateOpenIDConnectProviderThumbprint({ - OpenIDConnectProviderArn: providerArn, - ThumbprintList: thumbprintList, - }); - - // don't return, we might have more updates... - } - - // if client ID list has changed, determine "diff" because the API is add/remove - const oldClients: string[] = (event.OldResourceProperties.ClientIDList || []).sort(); - const diff = arrayDiff(oldClients, clients); - external.log(`client ID diff: ${JSON.stringify(diff)}`); - - for (const addClient of diff.adds) { - external.log(`adding client id "${addClient}" to provider ${providerArn}`); - await external.addClientIDToOpenIDConnectProvider({ - OpenIDConnectProviderArn: providerArn, - ClientID: addClient, - }); - } - - for (const deleteClient of diff.deletes) { - external.log(`removing client id "${deleteClient}" from provider ${providerArn}`); - await external.removeClientIDFromOpenIDConnectProvider({ - OpenIDConnectProviderArn: providerArn, - ClientID: deleteClient, - }); - } - - return; -} - -async function onDelete(deleteEvent: AWSLambda.CloudFormationCustomResourceDeleteEvent) { - await external.deleteOpenIDConnectProvider({ - OpenIDConnectProviderArn: deleteEvent.PhysicalResourceId, - }); -} diff --git a/packages/@aws-cdk/aws-eks/test/integ.alb-controller.js.snapshot/asset.42973d1d89f4a393a64981f78d088964ba13e63a3aab4478cd74109c77cf9174/__entrypoint__.js b/packages/@aws-cdk/aws-eks/test/integ.alb-controller.js.snapshot/asset.b461123ee060208a85a3dbdaa41982700ad24caf5f4c4af2f625986b92ac60c3/__entrypoint__.js similarity index 100% rename from packages/@aws-cdk/aws-eks/test/integ.alb-controller.js.snapshot/asset.42973d1d89f4a393a64981f78d088964ba13e63a3aab4478cd74109c77cf9174/__entrypoint__.js rename to packages/@aws-cdk/aws-eks/test/integ.alb-controller.js.snapshot/asset.b461123ee060208a85a3dbdaa41982700ad24caf5f4c4af2f625986b92ac60c3/__entrypoint__.js diff --git a/packages/@aws-cdk/aws-eks/test/integ.alb-controller.js.snapshot/asset.42973d1d89f4a393a64981f78d088964ba13e63a3aab4478cd74109c77cf9174/diff.js b/packages/@aws-cdk/aws-eks/test/integ.alb-controller.js.snapshot/asset.b461123ee060208a85a3dbdaa41982700ad24caf5f4c4af2f625986b92ac60c3/diff.js similarity index 100% rename from packages/@aws-cdk/aws-eks/test/integ.alb-controller.js.snapshot/asset.42973d1d89f4a393a64981f78d088964ba13e63a3aab4478cd74109c77cf9174/diff.js rename to packages/@aws-cdk/aws-eks/test/integ.alb-controller.js.snapshot/asset.b461123ee060208a85a3dbdaa41982700ad24caf5f4c4af2f625986b92ac60c3/diff.js diff --git a/packages/@aws-cdk/aws-eks/test/integ.alb-controller.js.snapshot/asset.b461123ee060208a85a3dbdaa41982700ad24caf5f4c4af2f625986b92ac60c3/external.js b/packages/@aws-cdk/aws-eks/test/integ.alb-controller.js.snapshot/asset.b461123ee060208a85a3dbdaa41982700ad24caf5f4c4af2f625986b92ac60c3/external.js new file mode 100644 index 0000000000000..7d8c6e611c70b --- /dev/null +++ b/packages/@aws-cdk/aws-eks/test/integ.alb-controller.js.snapshot/asset.b461123ee060208a85a3dbdaa41982700ad24caf5f4c4af2f625986b92ac60c3/external.js @@ -0,0 +1,88 @@ +"use strict"; +Object.defineProperty(exports, "__esModule", { value: true }); +exports.external = exports.downloadThumbprint = void 0; +const util = require("node:util"); +const tls = require("tls"); +const url = require("url"); +// eslint-disable-next-line import/no-extraneous-dependencies +const aws = require("aws-sdk"); +let client; +function iam() { + if (!client) { + client = new aws.IAM(); + } + return client; +} +function defaultLogger(fmt, ...args) { + // eslint-disable-next-line no-console + console.log(fmt, ...args); +} +/** + * Downloads the CA thumbprint from the issuer URL + */ +async function downloadThumbprint(issuerUrl) { + exports.external.log(`Downloading certificate authority thumbprint for ${issuerUrl}`); + return new Promise((ok, ko) => { + const purl = url.parse(issuerUrl); + const port = purl.port ? parseInt(purl.port, 10) : 443; + if (!purl.host) { + return ko(new Error(`unable to determine host from issuer url ${issuerUrl}`)); + } + const socket = tls.connect(port, purl.host, { rejectUnauthorized: false, servername: purl.host }); + socket.once('error', ko); + socket.once('secureConnect', () => { + // This set to `true` would return the entire chain of certificates as a circular reference object + let cert = socket.getPeerCertificate(true); + const unqiueCerts = new Set(); + do { + unqiueCerts.add(cert); + cert = cert.issuerCertificate; + } while (cert && typeof cert === 'object' && !unqiueCerts.has(cert)); + // The last `cert` obtained must be the root certificate in the certificate chain + const rootCert = [...unqiueCerts].pop(); + // Add `ca: true` when node merges the feature. Awaiting resolution: https://github.com/nodejs/node/issues/44905 + if (!(util.isDeepStrictEqual(rootCert.issuer, rootCert.subject))) { + return ko(new Error(`Subject and Issuer of certificate received are different. + Received: \'Subject\' is ${JSON.stringify(rootCert.subject, null, 4)} and \'Issuer\':${JSON.stringify(rootCert.issuer, null, 4)}`)); + } + const validTo = new Date(rootCert.valid_to); + const certificateValidity = getCertificateValidity(validTo); + if (certificateValidity < 0) { + return ko(new Error(`The certificate has already expired on: ${validTo.toUTCString()}`)); + } + // Warning user if certificate validity is expiring within 6 months + if (certificateValidity < 180) { + /* eslint-disable-next-line no-console */ + console.warn(`The root certificate obtained would expire in ${certificateValidity} days!`); + } + socket.end(); + const thumbprint = rootCert.fingerprint.split(':').join(''); + exports.external.log(`Certificate Authority thumbprint for ${issuerUrl} is ${thumbprint}`); + ok(thumbprint); + }); + }); +} +exports.downloadThumbprint = downloadThumbprint; +/** + * To get the validity timeline for the certificate + * @param certDate The valid to date for the certificate + * @returns The number of days the certificate is valid wrt current date + */ +function getCertificateValidity(certDate) { + const millisecondsInDay = 24 * 60 * 60 * 1000; + const currentDate = new Date(); + const validity = Math.round((certDate.getTime() - currentDate.getTime()) / millisecondsInDay); + return validity; +} +// allows unit test to replace with mocks +/* eslint-disable max-len */ +exports.external = { + downloadThumbprint, + log: defaultLogger, + createOpenIDConnectProvider: (req) => iam().createOpenIDConnectProvider(req).promise(), + deleteOpenIDConnectProvider: (req) => iam().deleteOpenIDConnectProvider(req).promise(), + updateOpenIDConnectProviderThumbprint: (req) => iam().updateOpenIDConnectProviderThumbprint(req).promise(), + addClientIDToOpenIDConnectProvider: (req) => iam().addClientIDToOpenIDConnectProvider(req).promise(), + removeClientIDFromOpenIDConnectProvider: (req) => iam().removeClientIDFromOpenIDConnectProvider(req).promise(), +}; +//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZXh0ZXJuYWwuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyJleHRlcm5hbC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7QUFFQSxrQ0FBa0M7QUFDbEMsMkJBQTJCO0FBQzNCLDJCQUEyQjtBQUMzQiw2REFBNkQ7QUFDN0QsK0JBQStCO0FBRS9CLElBQUksTUFBZSxDQUFDO0FBRXBCLFNBQVMsR0FBRztJQUNWLElBQUksQ0FBQyxNQUFNLEVBQUU7UUFBRSxNQUFNLEdBQUcsSUFBSSxHQUFHLENBQUMsR0FBRyxFQUFFLENBQUM7S0FBRTtJQUN4QyxPQUFPLE1BQU0sQ0FBQztBQUNoQixDQUFDO0FBRUQsU0FBUyxhQUFhLENBQUMsR0FBVyxFQUFFLEdBQUcsSUFBVztJQUNoRCxzQ0FBc0M7SUFDdEMsT0FBTyxDQUFDLEdBQUcsQ0FBQyxHQUFHLEVBQUUsR0FBRyxJQUFJLENBQUMsQ0FBQztBQUM1QixDQUFDO0FBRUQ7O0dBRUc7QUFDSSxLQUFLLFVBQVUsa0JBQWtCLENBQUMsU0FBaUI7SUFFeEQsZ0JBQVEsQ0FBQyxHQUFHLENBQUMsb0RBQW9ELFNBQVMsRUFBRSxDQUFDLENBQUM7SUFFOUUsT0FBTyxJQUFJLE9BQU8sQ0FBUyxDQUFDLEVBQUUsRUFBRSxFQUFFLEVBQUUsRUFBRTtRQUNwQyxNQUFNLElBQUksR0FBRyxHQUFHLENBQUMsS0FBSyxDQUFDLFNBQVMsQ0FBQyxDQUFDO1FBQ2xDLE1BQU0sSUFBSSxHQUFHLElBQUksQ0FBQyxJQUFJLENBQUMsQ0FBQyxDQUFDLFFBQVEsQ0FBQyxJQUFJLENBQUMsSUFBSSxFQUFFLEVBQUUsQ0FBQyxDQUFDLENBQUMsQ0FBQyxHQUFHLENBQUM7UUFFdkQsSUFBSSxDQUFDLElBQUksQ0FBQyxJQUFJLEVBQUU7WUFDZCxPQUFPLEVBQUUsQ0FBQyxJQUFJLEtBQUssQ0FBQyw0Q0FBNEMsU0FBUyxFQUFFLENBQUMsQ0FBQyxDQUFDO1NBQy9FO1FBRUQsTUFBTSxNQUFNLEdBQUcsR0FBRyxDQUFDLE9BQU8sQ0FBQyxJQUFJLEVBQUUsSUFBSSxDQUFDLElBQUksRUFBRSxFQUFFLGtCQUFrQixFQUFFLEtBQUssRUFBRSxVQUFVLEVBQUUsSUFBSSxDQUFDLElBQUksRUFBRSxDQUFDLENBQUM7UUFDbEcsTUFBTSxDQUFDLElBQUksQ0FBQyxPQUFPLEVBQUUsRUFBRSxDQUFDLENBQUM7UUFFekIsTUFBTSxDQUFDLElBQUksQ0FBQyxlQUFlLEVBQUUsR0FBRyxFQUFFO1lBQ2hDLGtHQUFrRztZQUNsRyxJQUFJLElBQUksR0FBRyxNQUFNLENBQUMsa0JBQWtCLENBQUMsSUFBSSxDQUFDLENBQUM7WUFFM0MsTUFBTSxXQUFXLEdBQUcsSUFBSSxHQUFHLEVBQTJCLENBQUM7WUFDdkQsR0FBRztnQkFDRCxXQUFXLENBQUMsR0FBRyxDQUFDLElBQUksQ0FBQyxDQUFDO2dCQUN0QixJQUFJLEdBQUcsSUFBSSxDQUFDLGlCQUFpQixDQUFDO2FBQy9CLFFBQVMsSUFBSSxJQUFJLE9BQU8sSUFBSSxLQUFLLFFBQVEsSUFBSSxDQUFDLFdBQVcsQ0FBQyxHQUFHLENBQUMsSUFBSSxDQUFDLEVBQUU7WUFFdEUsaUZBQWlGO1lBQ2pGLE1BQU0sUUFBUSxHQUFHLENBQUMsR0FBRyxXQUFXLENBQUMsQ0FBQyxHQUFHLEVBQUcsQ0FBQztZQUV6QyxnSEFBZ0g7WUFDaEgsSUFBSSxDQUFDLENBQUMsSUFBSSxDQUFDLGlCQUFpQixDQUFDLFFBQVEsQ0FBQyxNQUFNLEVBQUUsUUFBUSxDQUFDLE9BQU8sQ0FBQyxDQUFDLEVBQUU7Z0JBQ2hFLE9BQU8sRUFBRSxDQUFDLElBQUksS0FBSyxDQUFDO21DQUNPLElBQUksQ0FBQyxTQUFTLENBQUMsUUFBUSxDQUFDLE9BQU8sRUFBRSxJQUFJLEVBQUUsQ0FBQyxDQUFDLG1CQUFtQixJQUFJLENBQUMsU0FBUyxDQUFDLFFBQVEsQ0FBQyxNQUFNLEVBQUUsSUFBSSxFQUFFLENBQUMsQ0FBQyxFQUFFLENBQUMsQ0FBQyxDQUFDO2FBQ3JJO1lBRUQsTUFBTSxPQUFPLEdBQUcsSUFBSSxJQUFJLENBQUMsUUFBUSxDQUFDLFFBQVEsQ0FBQyxDQUFDO1lBQzVDLE1BQU0sbUJBQW1CLEdBQUcsc0JBQXNCLENBQUMsT0FBTyxDQUFDLENBQUM7WUFFNUQsSUFBSSxtQkFBbUIsR0FBRyxDQUFDLEVBQUU7Z0JBQzNCLE9BQU8sRUFBRSxDQUFDLElBQUksS0FBSyxDQUFDLDJDQUEyQyxPQUFPLENBQUMsV0FBVyxFQUFFLEVBQUUsQ0FBQyxDQUFDLENBQUM7YUFDMUY7WUFFRCxtRUFBbUU7WUFDbkUsSUFBSSxtQkFBbUIsR0FBRyxHQUFHLEVBQUU7Z0JBQzdCLHlDQUF5QztnQkFDekMsT0FBTyxDQUFDLElBQUksQ0FBQyxpREFBaUQsbUJBQW1CLFFBQVEsQ0FBQyxDQUFDO2FBQzVGO1lBRUQsTUFBTSxDQUFDLEdBQUcsRUFBRSxDQUFDO1lBRWIsTUFBTSxVQUFVLEdBQUcsUUFBUSxDQUFDLFdBQVcsQ0FBQyxLQUFLLENBQUMsR0FBRyxDQUFDLENBQUMsSUFBSSxDQUFDLEVBQUUsQ0FBQyxDQUFDO1lBQzVELGdCQUFRLENBQUMsR0FBRyxDQUFDLHdDQUF3QyxTQUFTLE9BQU8sVUFBVSxFQUFFLENBQUMsQ0FBQztZQUVuRixFQUFFLENBQUMsVUFBVSxDQUFDLENBQUM7UUFDakIsQ0FBQyxDQUFDLENBQUM7SUFDTCxDQUFDLENBQUMsQ0FBQztBQUNMLENBQUM7QUF2REQsZ0RBdURDO0FBRUQ7Ozs7R0FJRztBQUNILFNBQVMsc0JBQXNCLENBQUMsUUFBYztJQUM1QyxNQUFNLGlCQUFpQixHQUFHLEVBQUUsR0FBRyxFQUFFLEdBQUcsRUFBRSxHQUFHLElBQUksQ0FBQztJQUM5QyxNQUFNLFdBQVcsR0FBRyxJQUFJLElBQUksRUFBRSxDQUFDO0lBRS9CLE1BQU0sUUFBUSxHQUFHLElBQUksQ0FBQyxLQUFLLENBQUMsQ0FBQyxRQUFRLENBQUMsT0FBTyxFQUFFLEdBQUcsV0FBVyxDQUFDLE9BQU8sRUFBRSxDQUFDLEdBQUcsaUJBQWlCLENBQUMsQ0FBQztJQUU5RixPQUFPLFFBQVEsQ0FBQztBQUNsQixDQUFDO0FBRUQseUNBQXlDO0FBQ3pDLDRCQUE0QjtBQUNmLFFBQUEsUUFBUSxHQUFHO0lBQ3RCLGtCQUFrQjtJQUNsQixHQUFHLEVBQUUsYUFBYTtJQUNsQiwyQkFBMkIsRUFBRSxDQUFDLEdBQStDLEVBQUUsRUFBRSxDQUFDLEdBQUcsRUFBRSxDQUFDLDJCQUEyQixDQUFDLEdBQUcsQ0FBQyxDQUFDLE9BQU8sRUFBRTtJQUNsSSwyQkFBMkIsRUFBRSxDQUFDLEdBQStDLEVBQUUsRUFBRSxDQUFDLEdBQUcsRUFBRSxDQUFDLDJCQUEyQixDQUFDLEdBQUcsQ0FBQyxDQUFDLE9BQU8sRUFBRTtJQUNsSSxxQ0FBcUMsRUFBRSxDQUFDLEdBQXlELEVBQUUsRUFBRSxDQUFDLEdBQUcsRUFBRSxDQUFDLHFDQUFxQyxDQUFDLEdBQUcsQ0FBQyxDQUFDLE9BQU8sRUFBRTtJQUNoSyxrQ0FBa0MsRUFBRSxDQUFDLEdBQXNELEVBQUUsRUFBRSxDQUFDLEdBQUcsRUFBRSxDQUFDLGtDQUFrQyxDQUFDLEdBQUcsQ0FBQyxDQUFDLE9BQU8sRUFBRTtJQUN2Six1Q0FBdUMsRUFBRSxDQUFDLEdBQTJELEVBQUUsRUFBRSxDQUFDLEdBQUcsRUFBRSxDQUFDLHVDQUF1QyxDQUFDLEdBQUcsQ0FBQyxDQUFDLE9BQU8sRUFBRTtDQUN2SyxDQUFDIiwic291cmNlc0NvbnRlbnQiOlsiLyogaXN0YW5idWwgaWdub3JlIGZpbGUgKi9cbmltcG9ydCB7IERldGFpbGVkUGVlckNlcnRpZmljYXRlIH0gZnJvbSAnbm9kZTp0bHMnO1xuaW1wb3J0ICogYXMgdXRpbCBmcm9tICdub2RlOnV0aWwnO1xuaW1wb3J0ICogYXMgdGxzIGZyb20gJ3Rscyc7XG5pbXBvcnQgKiBhcyB1cmwgZnJvbSAndXJsJztcbi8vIGVzbGludC1kaXNhYmxlLW5leHQtbGluZSBpbXBvcnQvbm8tZXh0cmFuZW91cy1kZXBlbmRlbmNpZXNcbmltcG9ydCAqIGFzIGF3cyBmcm9tICdhd3Mtc2RrJztcblxubGV0IGNsaWVudDogYXdzLklBTTtcblxuZnVuY3Rpb24gaWFtKCkge1xuICBpZiAoIWNsaWVudCkgeyBjbGllbnQgPSBuZXcgYXdzLklBTSgpOyB9XG4gIHJldHVybiBjbGllbnQ7XG59XG5cbmZ1bmN0aW9uIGRlZmF1bHRMb2dnZXIoZm10OiBzdHJpbmcsIC4uLmFyZ3M6IGFueVtdKSB7XG4gIC8vIGVzbGludC1kaXNhYmxlLW5leHQtbGluZSBuby1jb25zb2xlXG4gIGNvbnNvbGUubG9nKGZtdCwgLi4uYXJncyk7XG59XG5cbi8qKlxuICogRG93bmxvYWRzIHRoZSBDQSB0aHVtYnByaW50IGZyb20gdGhlIGlzc3VlciBVUkxcbiAqL1xuZXhwb3J0IGFzeW5jIGZ1bmN0aW9uIGRvd25sb2FkVGh1bWJwcmludChpc3N1ZXJVcmw6IHN0cmluZykge1xuXG4gIGV4dGVybmFsLmxvZyhgRG93bmxvYWRpbmcgY2VydGlmaWNhdGUgYXV0aG9yaXR5IHRodW1icHJpbnQgZm9yICR7aXNzdWVyVXJsfWApO1xuXG4gIHJldHVybiBuZXcgUHJvbWlzZTxzdHJpbmc+KChvaywga28pID0+IHtcbiAgICBjb25zdCBwdXJsID0gdXJsLnBhcnNlKGlzc3VlclVybCk7XG4gICAgY29uc3QgcG9ydCA9IHB1cmwucG9ydCA/IHBhcnNlSW50KHB1cmwucG9ydCwgMTApIDogNDQzO1xuXG4gICAgaWYgKCFwdXJsLmhvc3QpIHtcbiAgICAgIHJldHVybiBrbyhuZXcgRXJyb3IoYHVuYWJsZSB0byBkZXRlcm1pbmUgaG9zdCBmcm9tIGlzc3VlciB1cmwgJHtpc3N1ZXJVcmx9YCkpO1xuICAgIH1cblxuICAgIGNvbnN0IHNvY2tldCA9IHRscy5jb25uZWN0KHBvcnQsIHB1cmwuaG9zdCwgeyByZWplY3RVbmF1dGhvcml6ZWQ6IGZhbHNlLCBzZXJ2ZXJuYW1lOiBwdXJsLmhvc3QgfSk7XG4gICAgc29ja2V0Lm9uY2UoJ2Vycm9yJywga28pO1xuXG4gICAgc29ja2V0Lm9uY2UoJ3NlY3VyZUNvbm5lY3QnLCAoKSA9PiB7XG4gICAgICAvLyBUaGlzIHNldCB0byBgdHJ1ZWAgd291bGQgcmV0dXJuIHRoZSBlbnRpcmUgY2hhaW4gb2YgY2VydGlmaWNhdGVzIGFzIGEgY2lyY3VsYXIgcmVmZXJlbmNlIG9iamVjdFxuICAgICAgbGV0IGNlcnQgPSBzb2NrZXQuZ2V0UGVlckNlcnRpZmljYXRlKHRydWUpO1xuXG4gICAgICBjb25zdCB1bnFpdWVDZXJ0cyA9IG5ldyBTZXQ8RGV0YWlsZWRQZWVyQ2VydGlmaWNhdGU+KCk7XG4gICAgICBkbyB7XG4gICAgICAgIHVucWl1ZUNlcnRzLmFkZChjZXJ0KTtcbiAgICAgICAgY2VydCA9IGNlcnQuaXNzdWVyQ2VydGlmaWNhdGU7XG4gICAgICB9IHdoaWxlICggY2VydCAmJiB0eXBlb2YgY2VydCA9PT0gJ29iamVjdCcgJiYgIXVucWl1ZUNlcnRzLmhhcyhjZXJ0KSk7XG5cbiAgICAgIC8vIFRoZSBsYXN0IGBjZXJ0YCBvYnRhaW5lZCBtdXN0IGJlIHRoZSByb290IGNlcnRpZmljYXRlIGluIHRoZSBjZXJ0aWZpY2F0ZSBjaGFpblxuICAgICAgY29uc3Qgcm9vdENlcnQgPSBbLi4udW5xaXVlQ2VydHNdLnBvcCgpITtcblxuICAgICAgLy8gQWRkIGBjYTogdHJ1ZWAgd2hlbiBub2RlIG1lcmdlcyB0aGUgZmVhdHVyZS4gQXdhaXRpbmcgcmVzb2x1dGlvbjogaHR0cHM6Ly9naXRodWIuY29tL25vZGVqcy9ub2RlL2lzc3Vlcy80NDkwNVxuICAgICAgaWYgKCEodXRpbC5pc0RlZXBTdHJpY3RFcXVhbChyb290Q2VydC5pc3N1ZXIsIHJvb3RDZXJ0LnN1YmplY3QpKSkge1xuICAgICAgICByZXR1cm4ga28obmV3IEVycm9yKGBTdWJqZWN0IGFuZCBJc3N1ZXIgb2YgY2VydGlmaWNhdGUgcmVjZWl2ZWQgYXJlIGRpZmZlcmVudC4gXG4gICAgICAgIFJlY2VpdmVkOiBcXCdTdWJqZWN0XFwnIGlzICR7SlNPTi5zdHJpbmdpZnkocm9vdENlcnQuc3ViamVjdCwgbnVsbCwgNCl9IGFuZCBcXCdJc3N1ZXJcXCc6JHtKU09OLnN0cmluZ2lmeShyb290Q2VydC5pc3N1ZXIsIG51bGwsIDQpfWApKTtcbiAgICAgIH1cblxuICAgICAgY29uc3QgdmFsaWRUbyA9IG5ldyBEYXRlKHJvb3RDZXJ0LnZhbGlkX3RvKTtcbiAgICAgIGNvbnN0IGNlcnRpZmljYXRlVmFsaWRpdHkgPSBnZXRDZXJ0aWZpY2F0ZVZhbGlkaXR5KHZhbGlkVG8pO1xuXG4gICAgICBpZiAoY2VydGlmaWNhdGVWYWxpZGl0eSA8IDApIHtcbiAgICAgICAgcmV0dXJuIGtvKG5ldyBFcnJvcihgVGhlIGNlcnRpZmljYXRlIGhhcyBhbHJlYWR5IGV4cGlyZWQgb246ICR7dmFsaWRUby50b1VUQ1N0cmluZygpfWApKTtcbiAgICAgIH1cblxuICAgICAgLy8gV2FybmluZyB1c2VyIGlmIGNlcnRpZmljYXRlIHZhbGlkaXR5IGlzIGV4cGlyaW5nIHdpdGhpbiA2IG1vbnRoc1xuICAgICAgaWYgKGNlcnRpZmljYXRlVmFsaWRpdHkgPCAxODApIHtcbiAgICAgICAgLyogZXNsaW50LWRpc2FibGUtbmV4dC1saW5lIG5vLWNvbnNvbGUgKi9cbiAgICAgICAgY29uc29sZS53YXJuKGBUaGUgcm9vdCBjZXJ0aWZpY2F0ZSBvYnRhaW5lZCB3b3VsZCBleHBpcmUgaW4gJHtjZXJ0aWZpY2F0ZVZhbGlkaXR5fSBkYXlzIWApO1xuICAgICAgfVxuXG4gICAgICBzb2NrZXQuZW5kKCk7XG5cbiAgICAgIGNvbnN0IHRodW1icHJpbnQgPSByb290Q2VydC5maW5nZXJwcmludC5zcGxpdCgnOicpLmpvaW4oJycpO1xuICAgICAgZXh0ZXJuYWwubG9nKGBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgdGh1bWJwcmludCBmb3IgJHtpc3N1ZXJVcmx9IGlzICR7dGh1bWJwcmludH1gKTtcblxuICAgICAgb2sodGh1bWJwcmludCk7XG4gICAgfSk7XG4gIH0pO1xufVxuXG4vKipcbiAqIFRvIGdldCB0aGUgdmFsaWRpdHkgdGltZWxpbmUgZm9yIHRoZSBjZXJ0aWZpY2F0ZVxuICogQHBhcmFtIGNlcnREYXRlIFRoZSB2YWxpZCB0byBkYXRlIGZvciB0aGUgY2VydGlmaWNhdGVcbiAqIEByZXR1cm5zIFRoZSBudW1iZXIgb2YgZGF5cyB0aGUgY2VydGlmaWNhdGUgaXMgdmFsaWQgd3J0IGN1cnJlbnQgZGF0ZVxuICovXG5mdW5jdGlvbiBnZXRDZXJ0aWZpY2F0ZVZhbGlkaXR5KGNlcnREYXRlOiBEYXRlKTogTnVtYmVyIHtcbiAgY29uc3QgbWlsbGlzZWNvbmRzSW5EYXkgPSAyNCAqIDYwICogNjAgKiAxMDAwO1xuICBjb25zdCBjdXJyZW50RGF0ZSA9IG5ldyBEYXRlKCk7XG5cbiAgY29uc3QgdmFsaWRpdHkgPSBNYXRoLnJvdW5kKChjZXJ0RGF0ZS5nZXRUaW1lKCkgLSBjdXJyZW50RGF0ZS5nZXRUaW1lKCkpIC8gbWlsbGlzZWNvbmRzSW5EYXkpO1xuXG4gIHJldHVybiB2YWxpZGl0eTtcbn1cblxuLy8gYWxsb3dzIHVuaXQgdGVzdCB0byByZXBsYWNlIHdpdGggbW9ja3Ncbi8qIGVzbGludC1kaXNhYmxlIG1heC1sZW4gKi9cbmV4cG9ydCBjb25zdCBleHRlcm5hbCA9IHtcbiAgZG93bmxvYWRUaHVtYnByaW50LFxuICBsb2c6IGRlZmF1bHRMb2dnZXIsXG4gIGNyZWF0ZU9wZW5JRENvbm5lY3RQcm92aWRlcjogKHJlcTogYXdzLklBTS5DcmVhdGVPcGVuSURDb25uZWN0UHJvdmlkZXJSZXF1ZXN0KSA9PiBpYW0oKS5jcmVhdGVPcGVuSURDb25uZWN0UHJvdmlkZXIocmVxKS5wcm9taXNlKCksXG4gIGRlbGV0ZU9wZW5JRENvbm5lY3RQcm92aWRlcjogKHJlcTogYXdzLklBTS5EZWxldGVPcGVuSURDb25uZWN0UHJvdmlkZXJSZXF1ZXN0KSA9PiBpYW0oKS5kZWxldGVPcGVuSURDb25uZWN0UHJvdmlkZXIocmVxKS5wcm9taXNlKCksXG4gIHVwZGF0ZU9wZW5JRENvbm5lY3RQcm92aWRlclRodW1icHJpbnQ6IChyZXE6IGF3cy5JQU0uVXBkYXRlT3BlbklEQ29ubmVjdFByb3ZpZGVyVGh1bWJwcmludFJlcXVlc3QpID0+IGlhbSgpLnVwZGF0ZU9wZW5JRENvbm5lY3RQcm92aWRlclRodW1icHJpbnQocmVxKS5wcm9taXNlKCksXG4gIGFkZENsaWVudElEVG9PcGVuSURDb25uZWN0UHJvdmlkZXI6IChyZXE6IGF3cy5JQU0uQWRkQ2xpZW50SURUb09wZW5JRENvbm5lY3RQcm92aWRlclJlcXVlc3QpID0+IGlhbSgpLmFkZENsaWVudElEVG9PcGVuSURDb25uZWN0UHJvdmlkZXIocmVxKS5wcm9taXNlKCksXG4gIHJlbW92ZUNsaWVudElERnJvbU9wZW5JRENvbm5lY3RQcm92aWRlcjogKHJlcTogYXdzLklBTS5SZW1vdmVDbGllbnRJREZyb21PcGVuSURDb25uZWN0UHJvdmlkZXJSZXF1ZXN0KSA9PiBpYW0oKS5yZW1vdmVDbGllbnRJREZyb21PcGVuSURDb25uZWN0UHJvdmlkZXIocmVxKS5wcm9taXNlKCksXG59O1xuIl19 \ No newline at end of file diff --git a/packages/@aws-cdk/aws-eks/test/integ.alb-controller.js.snapshot/asset.42973d1d89f4a393a64981f78d088964ba13e63a3aab4478cd74109c77cf9174/index.js b/packages/@aws-cdk/aws-eks/test/integ.alb-controller.js.snapshot/asset.b461123ee060208a85a3dbdaa41982700ad24caf5f4c4af2f625986b92ac60c3/index.js similarity index 100% rename from packages/@aws-cdk/aws-eks/test/integ.alb-controller.js.snapshot/asset.42973d1d89f4a393a64981f78d088964ba13e63a3aab4478cd74109c77cf9174/index.js rename to packages/@aws-cdk/aws-eks/test/integ.alb-controller.js.snapshot/asset.b461123ee060208a85a3dbdaa41982700ad24caf5f4c4af2f625986b92ac60c3/index.js diff --git a/packages/@aws-cdk/aws-eks/test/integ.alb-controller.js.snapshot/asset.b9db8e64e56b84987288e77a56bf3c0fb982931aa35cb2dcff4bc8a115ae87b3/consts.d.ts b/packages/@aws-cdk/aws-eks/test/integ.alb-controller.js.snapshot/asset.b9db8e64e56b84987288e77a56bf3c0fb982931aa35cb2dcff4bc8a115ae87b3/consts.d.ts deleted file mode 100644 index 35c3d8f5c637f..0000000000000 --- a/packages/@aws-cdk/aws-eks/test/integ.alb-controller.js.snapshot/asset.b9db8e64e56b84987288e77a56bf3c0fb982931aa35cb2dcff4bc8a115ae87b3/consts.d.ts +++ /dev/null @@ -1,13 +0,0 @@ -/** - * Supported resource type. - */ -export declare const enum CfnUtilsResourceType { - /** - * CfnJson - */ - CFN_JSON = "Custom::AWSCDKCfnJson", - /** - * CfnJsonStringify - */ - CFN_JSON_STRINGIFY = "Custom::AWSCDKCfnJsonStringify" -} diff --git a/packages/@aws-cdk/aws-eks/test/integ.alb-controller.js.snapshot/asset.b9db8e64e56b84987288e77a56bf3c0fb982931aa35cb2dcff4bc8a115ae87b3/consts.ts b/packages/@aws-cdk/aws-eks/test/integ.alb-controller.js.snapshot/asset.b9db8e64e56b84987288e77a56bf3c0fb982931aa35cb2dcff4bc8a115ae87b3/consts.ts deleted file mode 100644 index 9718dcef40645..0000000000000 --- a/packages/@aws-cdk/aws-eks/test/integ.alb-controller.js.snapshot/asset.b9db8e64e56b84987288e77a56bf3c0fb982931aa35cb2dcff4bc8a115ae87b3/consts.ts +++ /dev/null @@ -1,14 +0,0 @@ -/** - * Supported resource type. - */ -export const enum CfnUtilsResourceType { - /** - * CfnJson - */ - CFN_JSON = 'Custom::AWSCDKCfnJson', - - /** - * CfnJsonStringify - */ - CFN_JSON_STRINGIFY = 'Custom::AWSCDKCfnJsonStringify', -} diff --git a/packages/@aws-cdk/aws-eks/test/integ.alb-controller.js.snapshot/asset.b9db8e64e56b84987288e77a56bf3c0fb982931aa35cb2dcff4bc8a115ae87b3/index.d.ts b/packages/@aws-cdk/aws-eks/test/integ.alb-controller.js.snapshot/asset.b9db8e64e56b84987288e77a56bf3c0fb982931aa35cb2dcff4bc8a115ae87b3/index.d.ts deleted file mode 100644 index b228aec7fd8cc..0000000000000 --- a/packages/@aws-cdk/aws-eks/test/integ.alb-controller.js.snapshot/asset.b9db8e64e56b84987288e77a56bf3c0fb982931aa35cb2dcff4bc8a115ae87b3/index.d.ts +++ /dev/null @@ -1,8 +0,0 @@ -/** - * Parses the value of "Value" and reflects it back as attribute. - */ -export declare function handler(event: AWSLambda.CloudFormationCustomResourceEvent): Promise<{ - Data: { - Value: any; - }; -}>; diff --git a/packages/@aws-cdk/aws-eks/test/integ.alb-controller.js.snapshot/asset.b9db8e64e56b84987288e77a56bf3c0fb982931aa35cb2dcff4bc8a115ae87b3/index.ts b/packages/@aws-cdk/aws-eks/test/integ.alb-controller.js.snapshot/asset.b9db8e64e56b84987288e77a56bf3c0fb982931aa35cb2dcff4bc8a115ae87b3/index.ts deleted file mode 100644 index f082001f80159..0000000000000 --- a/packages/@aws-cdk/aws-eks/test/integ.alb-controller.js.snapshot/asset.b9db8e64e56b84987288e77a56bf3c0fb982931aa35cb2dcff4bc8a115ae87b3/index.ts +++ /dev/null @@ -1,33 +0,0 @@ -import { CfnUtilsResourceType } from './consts'; - -/** - * Parses the value of "Value" and reflects it back as attribute. - */ -export async function handler(event: AWSLambda.CloudFormationCustomResourceEvent) { - - // dispatch based on resource type - if (event.ResourceType === CfnUtilsResourceType.CFN_JSON) { - return cfnJsonHandler(event); - } - if (event.ResourceType === CfnUtilsResourceType.CFN_JSON_STRINGIFY) { - return cfnJsonStringifyHandler(event); - } - - throw new Error(`unexpected resource type "${event.ResourceType}`); -} - -function cfnJsonHandler(event: AWSLambda.CloudFormationCustomResourceEvent) { - return { - Data: { - Value: JSON.parse(event.ResourceProperties.Value), - }, - }; -} - -function cfnJsonStringifyHandler(event: AWSLambda.CloudFormationCustomResourceEvent) { - return { - Data: { - Value: JSON.stringify(event.ResourceProperties.Value), - }, - }; -} diff --git a/packages/@aws-cdk/aws-eks/test/integ.alb-controller.js.snapshot/asset.c409e6c5845f1f349df8cd84e160bf6f1c35d2b060b63e1f032f9bd39d4542cc.zip b/packages/@aws-cdk/aws-eks/test/integ.alb-controller.js.snapshot/asset.c409e6c5845f1f349df8cd84e160bf6f1c35d2b060b63e1f032f9bd39d4542cc.zip index 4b3aea09155c1..8097ad2422b72 100644 Binary files a/packages/@aws-cdk/aws-eks/test/integ.alb-controller.js.snapshot/asset.c409e6c5845f1f349df8cd84e160bf6f1c35d2b060b63e1f032f9bd39d4542cc.zip and b/packages/@aws-cdk/aws-eks/test/integ.alb-controller.js.snapshot/asset.c409e6c5845f1f349df8cd84e160bf6f1c35d2b060b63e1f032f9bd39d4542cc.zip differ diff --git a/packages/@aws-cdk/aws-eks/test/integ.alb-controller.js.snapshot/asset.b9db8e64e56b84987288e77a56bf3c0fb982931aa35cb2dcff4bc8a115ae87b3/__entrypoint__.js b/packages/@aws-cdk/aws-eks/test/integ.alb-controller.js.snapshot/asset.f4599f463f56c5c9d584a8aca5b607b7bb0cead0b089b8ccd66b69f00b5ee98a/__entrypoint__.js similarity index 100% rename from packages/@aws-cdk/aws-eks/test/integ.alb-controller.js.snapshot/asset.b9db8e64e56b84987288e77a56bf3c0fb982931aa35cb2dcff4bc8a115ae87b3/__entrypoint__.js rename to packages/@aws-cdk/aws-eks/test/integ.alb-controller.js.snapshot/asset.f4599f463f56c5c9d584a8aca5b607b7bb0cead0b089b8ccd66b69f00b5ee98a/__entrypoint__.js diff --git a/packages/@aws-cdk/aws-eks/test/integ.alb-controller.js.snapshot/asset.b9db8e64e56b84987288e77a56bf3c0fb982931aa35cb2dcff4bc8a115ae87b3/consts.js b/packages/@aws-cdk/aws-eks/test/integ.alb-controller.js.snapshot/asset.f4599f463f56c5c9d584a8aca5b607b7bb0cead0b089b8ccd66b69f00b5ee98a/consts.js similarity index 100% rename from packages/@aws-cdk/aws-eks/test/integ.alb-controller.js.snapshot/asset.b9db8e64e56b84987288e77a56bf3c0fb982931aa35cb2dcff4bc8a115ae87b3/consts.js rename to packages/@aws-cdk/aws-eks/test/integ.alb-controller.js.snapshot/asset.f4599f463f56c5c9d584a8aca5b607b7bb0cead0b089b8ccd66b69f00b5ee98a/consts.js diff --git a/packages/@aws-cdk/aws-eks/test/integ.alb-controller.js.snapshot/asset.b9db8e64e56b84987288e77a56bf3c0fb982931aa35cb2dcff4bc8a115ae87b3/index.js b/packages/@aws-cdk/aws-eks/test/integ.alb-controller.js.snapshot/asset.f4599f463f56c5c9d584a8aca5b607b7bb0cead0b089b8ccd66b69f00b5ee98a/index.js similarity index 100% rename from packages/@aws-cdk/aws-eks/test/integ.alb-controller.js.snapshot/asset.b9db8e64e56b84987288e77a56bf3c0fb982931aa35cb2dcff4bc8a115ae87b3/index.js rename to packages/@aws-cdk/aws-eks/test/integ.alb-controller.js.snapshot/asset.f4599f463f56c5c9d584a8aca5b607b7bb0cead0b089b8ccd66b69f00b5ee98a/index.js diff --git a/packages/@aws-cdk/aws-eks/test/integ.alb-controller.js.snapshot/aws-cdk-eks-cluster-alb-controller-test.assets.json b/packages/@aws-cdk/aws-eks/test/integ.alb-controller.js.snapshot/aws-cdk-eks-cluster-alb-controller-test.assets.json index a5a15070c9784..67b4bfa356a5d 100644 --- a/packages/@aws-cdk/aws-eks/test/integ.alb-controller.js.snapshot/aws-cdk-eks-cluster-alb-controller-test.assets.json +++ b/packages/@aws-cdk/aws-eks/test/integ.alb-controller.js.snapshot/aws-cdk-eks-cluster-alb-controller-test.assets.json @@ -79,28 +79,28 @@ } } }, - "42973d1d89f4a393a64981f78d088964ba13e63a3aab4478cd74109c77cf9174": { + "b461123ee060208a85a3dbdaa41982700ad24caf5f4c4af2f625986b92ac60c3": { "source": { - "path": "asset.42973d1d89f4a393a64981f78d088964ba13e63a3aab4478cd74109c77cf9174", + "path": "asset.b461123ee060208a85a3dbdaa41982700ad24caf5f4c4af2f625986b92ac60c3", "packaging": "zip" }, "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "42973d1d89f4a393a64981f78d088964ba13e63a3aab4478cd74109c77cf9174.zip", + "objectKey": "b461123ee060208a85a3dbdaa41982700ad24caf5f4c4af2f625986b92ac60c3.zip", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } }, - "b9db8e64e56b84987288e77a56bf3c0fb982931aa35cb2dcff4bc8a115ae87b3": { + "f4599f463f56c5c9d584a8aca5b607b7bb0cead0b089b8ccd66b69f00b5ee98a": { "source": { - "path": "asset.b9db8e64e56b84987288e77a56bf3c0fb982931aa35cb2dcff4bc8a115ae87b3", + "path": "asset.f4599f463f56c5c9d584a8aca5b607b7bb0cead0b089b8ccd66b69f00b5ee98a", "packaging": "zip" }, "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "b9db8e64e56b84987288e77a56bf3c0fb982931aa35cb2dcff4bc8a115ae87b3.zip", + "objectKey": "f4599f463f56c5c9d584a8aca5b607b7bb0cead0b089b8ccd66b69f00b5ee98a.zip", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } @@ -144,7 +144,7 @@ } } }, - "b979a26c3b4dd2602b0c309245ef44500e5b3879b1823d4dc7c488bd93b98fa0": { + "2a37b5f78157b93b9cbdc03beb4a8849536cb7108aa484032e7921ddcf3c129b": { "source": { "path": "aws-cdk-eks-cluster-alb-controller-test.template.json", "packaging": "file" @@ -152,7 +152,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "b979a26c3b4dd2602b0c309245ef44500e5b3879b1823d4dc7c488bd93b98fa0.json", + "objectKey": "2a37b5f78157b93b9cbdc03beb4a8849536cb7108aa484032e7921ddcf3c129b.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/packages/@aws-cdk/aws-eks/test/integ.alb-controller.js.snapshot/aws-cdk-eks-cluster-alb-controller-test.template.json b/packages/@aws-cdk/aws-eks/test/integ.alb-controller.js.snapshot/aws-cdk-eks-cluster-alb-controller-test.template.json index 759e0ceb37a58..d95b81b5ba13a 100644 --- a/packages/@aws-cdk/aws-eks/test/integ.alb-controller.js.snapshot/aws-cdk-eks-cluster-alb-controller-test.template.json +++ b/packages/@aws-cdk/aws-eks/test/integ.alb-controller.js.snapshot/aws-cdk-eks-cluster-alb-controller-test.template.json @@ -790,9 +790,6 @@ "ClientIDList": [ "sts.amazonaws.com" ], - "ThumbprintList": [ - "9e99a48a9960b14926bb7f3b02e22da2b0ab7280" - ], "Url": { "Fn::GetAtt": [ "Cluster9EE0221C", @@ -1490,7 +1487,7 @@ "S3Bucket": { "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" }, - "S3Key": "42973d1d89f4a393a64981f78d088964ba13e63a3aab4478cd74109c77cf9174.zip" + "S3Key": "b461123ee060208a85a3dbdaa41982700ad24caf5f4c4af2f625986b92ac60c3.zip" }, "Timeout": 900, "MemorySize": 128, @@ -1536,7 +1533,7 @@ "S3Bucket": { "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" }, - "S3Key": "b9db8e64e56b84987288e77a56bf3c0fb982931aa35cb2dcff4bc8a115ae87b3.zip" + "S3Key": "f4599f463f56c5c9d584a8aca5b607b7bb0cead0b089b8ccd66b69f00b5ee98a.zip" }, "Timeout": 900, "MemorySize": 128, diff --git a/packages/@aws-cdk/aws-eks/test/integ.alb-controller.js.snapshot/manifest.json b/packages/@aws-cdk/aws-eks/test/integ.alb-controller.js.snapshot/manifest.json index 086975ebc37eb..2c463459d9e21 100644 --- a/packages/@aws-cdk/aws-eks/test/integ.alb-controller.js.snapshot/manifest.json +++ b/packages/@aws-cdk/aws-eks/test/integ.alb-controller.js.snapshot/manifest.json @@ -23,7 +23,7 @@ "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/b979a26c3b4dd2602b0c309245ef44500e5b3879b1823d4dc7c488bd93b98fa0.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/2a37b5f78157b93b9cbdc03beb4a8849536cb7108aa484032e7921ddcf3c129b.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ diff --git a/packages/@aws-cdk/aws-eks/test/integ.eks-cluster.js.snapshot/asset.4288ebb3652acdf2d828b7db7ca44a7162a401ace50ebb4026e84b18a02a06ee.zip b/packages/@aws-cdk/aws-eks/test/integ.eks-cluster.js.snapshot/asset.4288ebb3652acdf2d828b7db7ca44a7162a401ace50ebb4026e84b18a02a06ee.zip index 2b34405599fa0..4b95260872643 100644 Binary files a/packages/@aws-cdk/aws-eks/test/integ.eks-cluster.js.snapshot/asset.4288ebb3652acdf2d828b7db7ca44a7162a401ace50ebb4026e84b18a02a06ee.zip and b/packages/@aws-cdk/aws-eks/test/integ.eks-cluster.js.snapshot/asset.4288ebb3652acdf2d828b7db7ca44a7162a401ace50ebb4026e84b18a02a06ee.zip differ diff --git a/packages/@aws-cdk/aws-eks/test/integ.eks-cluster.js.snapshot/asset.42973d1d89f4a393a64981f78d088964ba13e63a3aab4478cd74109c77cf9174/diff.d.ts b/packages/@aws-cdk/aws-eks/test/integ.eks-cluster.js.snapshot/asset.42973d1d89f4a393a64981f78d088964ba13e63a3aab4478cd74109c77cf9174/diff.d.ts deleted file mode 100644 index 53962e1f09938..0000000000000 --- a/packages/@aws-cdk/aws-eks/test/integ.eks-cluster.js.snapshot/asset.42973d1d89f4a393a64981f78d088964ba13e63a3aab4478cd74109c77cf9174/diff.d.ts +++ /dev/null @@ -1,4 +0,0 @@ -export declare function arrayDiff(oldValues: string[], newValues: string[]): { - adds: string[]; - deletes: string[]; -}; diff --git a/packages/@aws-cdk/aws-eks/test/integ.eks-cluster.js.snapshot/asset.42973d1d89f4a393a64981f78d088964ba13e63a3aab4478cd74109c77cf9174/diff.ts b/packages/@aws-cdk/aws-eks/test/integ.eks-cluster.js.snapshot/asset.42973d1d89f4a393a64981f78d088964ba13e63a3aab4478cd74109c77cf9174/diff.ts deleted file mode 100644 index 8a91e6ebddc53..0000000000000 --- a/packages/@aws-cdk/aws-eks/test/integ.eks-cluster.js.snapshot/asset.42973d1d89f4a393a64981f78d088964ba13e63a3aab4478cd74109c77cf9174/diff.ts +++ /dev/null @@ -1,17 +0,0 @@ -export function arrayDiff(oldValues: string[], newValues: string[]) { - const deletes = new Set(oldValues); - const adds = new Set(); - - for (const v of new Set(newValues)) { - if (deletes.has(v)) { - deletes.delete(v); - } else { - adds.add(v); - } - } - - return { - adds: Array.from(adds), - deletes: Array.from(deletes), - }; -} diff --git a/packages/@aws-cdk/aws-eks/test/integ.eks-cluster.js.snapshot/asset.42973d1d89f4a393a64981f78d088964ba13e63a3aab4478cd74109c77cf9174/external.d.ts b/packages/@aws-cdk/aws-eks/test/integ.eks-cluster.js.snapshot/asset.42973d1d89f4a393a64981f78d088964ba13e63a3aab4478cd74109c77cf9174/external.d.ts deleted file mode 100644 index 8fe88b8f82209..0000000000000 --- a/packages/@aws-cdk/aws-eks/test/integ.eks-cluster.js.snapshot/asset.42973d1d89f4a393a64981f78d088964ba13e63a3aab4478cd74109c77cf9174/external.d.ts +++ /dev/null @@ -1,24 +0,0 @@ -import * as aws from 'aws-sdk'; -declare function defaultLogger(fmt: string, ...args: any[]): void; -/** - * Downloads the CA thumbprint from the issuer URL - */ -declare function downloadThumbprint(issuerUrl: string): Promise; -export declare const external: { - downloadThumbprint: typeof downloadThumbprint; - log: typeof defaultLogger; - createOpenIDConnectProvider: (req: aws.IAM.CreateOpenIDConnectProviderRequest) => Promise>; - deleteOpenIDConnectProvider: (req: aws.IAM.DeleteOpenIDConnectProviderRequest) => Promise<{ - $response: aws.Response<{}, aws.AWSError>; - }>; - updateOpenIDConnectProviderThumbprint: (req: aws.IAM.UpdateOpenIDConnectProviderThumbprintRequest) => Promise<{ - $response: aws.Response<{}, aws.AWSError>; - }>; - addClientIDToOpenIDConnectProvider: (req: aws.IAM.AddClientIDToOpenIDConnectProviderRequest) => Promise<{ - $response: aws.Response<{}, aws.AWSError>; - }>; - removeClientIDFromOpenIDConnectProvider: (req: aws.IAM.RemoveClientIDFromOpenIDConnectProviderRequest) => Promise<{ - $response: aws.Response<{}, aws.AWSError>; - }>; -}; -export {}; diff --git a/packages/@aws-cdk/aws-eks/test/integ.eks-cluster.js.snapshot/asset.42973d1d89f4a393a64981f78d088964ba13e63a3aab4478cd74109c77cf9174/external.js b/packages/@aws-cdk/aws-eks/test/integ.eks-cluster.js.snapshot/asset.42973d1d89f4a393a64981f78d088964ba13e63a3aab4478cd74109c77cf9174/external.js deleted file mode 100644 index 2f6632aed7b13..0000000000000 --- a/packages/@aws-cdk/aws-eks/test/integ.eks-cluster.js.snapshot/asset.42973d1d89f4a393a64981f78d088964ba13e63a3aab4478cd74109c77cf9174/external.js +++ /dev/null @@ -1,53 +0,0 @@ -"use strict"; -/* istanbul ignore file */ -Object.defineProperty(exports, "__esModule", { value: true }); -exports.external = void 0; -const tls = require("tls"); -const url = require("url"); -// eslint-disable-next-line import/no-extraneous-dependencies -const aws = require("aws-sdk"); -let client; -function iam() { - if (!client) { - client = new aws.IAM(); - } - return client; -} -function defaultLogger(fmt, ...args) { - // eslint-disable-next-line no-console - console.log(fmt, ...args); -} -/** - * Downloads the CA thumbprint from the issuer URL - */ -async function downloadThumbprint(issuerUrl) { - exports.external.log(`downloading certificate authority thumbprint for ${issuerUrl}`); - return new Promise((ok, ko) => { - const purl = url.parse(issuerUrl); - const port = purl.port ? parseInt(purl.port, 10) : 443; - if (!purl.host) { - return ko(new Error(`unable to determine host from issuer url ${issuerUrl}`)); - } - const socket = tls.connect(port, purl.host, { rejectUnauthorized: false, servername: purl.host }); - socket.once('error', ko); - socket.once('secureConnect', () => { - const cert = socket.getPeerCertificate(); - socket.end(); - const thumbprint = cert.fingerprint.split(':').join(''); - exports.external.log(`certificate authority thumbprint for ${issuerUrl} is ${thumbprint}`); - ok(thumbprint); - }); - }); -} -// allows unit test to replace with mocks -/* eslint-disable max-len */ -exports.external = { - downloadThumbprint, - log: defaultLogger, - createOpenIDConnectProvider: (req) => iam().createOpenIDConnectProvider(req).promise(), - deleteOpenIDConnectProvider: (req) => iam().deleteOpenIDConnectProvider(req).promise(), - updateOpenIDConnectProviderThumbprint: (req) => iam().updateOpenIDConnectProviderThumbprint(req).promise(), - addClientIDToOpenIDConnectProvider: (req) => iam().addClientIDToOpenIDConnectProvider(req).promise(), - removeClientIDFromOpenIDConnectProvider: (req) => iam().removeClientIDFromOpenIDConnectProvider(req).promise(), -}; -//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZXh0ZXJuYWwuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyJleHRlcm5hbC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiO0FBQUEsMEJBQTBCOzs7QUFFMUIsMkJBQTJCO0FBQzNCLDJCQUEyQjtBQUMzQiw2REFBNkQ7QUFDN0QsK0JBQStCO0FBRS9CLElBQUksTUFBZSxDQUFDO0FBRXBCLFNBQVMsR0FBRztJQUNWLElBQUksQ0FBQyxNQUFNLEVBQUU7UUFBRSxNQUFNLEdBQUcsSUFBSSxHQUFHLENBQUMsR0FBRyxFQUFFLENBQUM7S0FBRTtJQUN4QyxPQUFPLE1BQU0sQ0FBQztBQUNoQixDQUFDO0FBRUQsU0FBUyxhQUFhLENBQUMsR0FBVyxFQUFFLEdBQUcsSUFBVztJQUNoRCxzQ0FBc0M7SUFDdEMsT0FBTyxDQUFDLEdBQUcsQ0FBQyxHQUFHLEVBQUUsR0FBRyxJQUFJLENBQUMsQ0FBQztBQUM1QixDQUFDO0FBRUQ7O0dBRUc7QUFDSCxLQUFLLFVBQVUsa0JBQWtCLENBQUMsU0FBaUI7SUFDakQsZ0JBQVEsQ0FBQyxHQUFHLENBQUMsb0RBQW9ELFNBQVMsRUFBRSxDQUFDLENBQUM7SUFDOUUsT0FBTyxJQUFJLE9BQU8sQ0FBUyxDQUFDLEVBQUUsRUFBRSxFQUFFLEVBQUUsRUFBRTtRQUNwQyxNQUFNLElBQUksR0FBRyxHQUFHLENBQUMsS0FBSyxDQUFDLFNBQVMsQ0FBQyxDQUFDO1FBQ2xDLE1BQU0sSUFBSSxHQUFHLElBQUksQ0FBQyxJQUFJLENBQUMsQ0FBQyxDQUFDLFFBQVEsQ0FBQyxJQUFJLENBQUMsSUFBSSxFQUFFLEVBQUUsQ0FBQyxDQUFDLENBQUMsQ0FBQyxHQUFHLENBQUM7UUFDdkQsSUFBSSxDQUFDLElBQUksQ0FBQyxJQUFJLEVBQUU7WUFDZCxPQUFPLEVBQUUsQ0FBQyxJQUFJLEtBQUssQ0FBQyw0Q0FBNEMsU0FBUyxFQUFFLENBQUMsQ0FBQyxDQUFDO1NBQy9FO1FBQ0QsTUFBTSxNQUFNLEdBQUcsR0FBRyxDQUFDLE9BQU8sQ0FBQyxJQUFJLEVBQUUsSUFBSSxDQUFDLElBQUksRUFBRSxFQUFFLGtCQUFrQixFQUFFLEtBQUssRUFBRSxVQUFVLEVBQUUsSUFBSSxDQUFDLElBQUksRUFBRSxDQUFDLENBQUM7UUFDbEcsTUFBTSxDQUFDLElBQUksQ0FBQyxPQUFPLEVBQUUsRUFBRSxDQUFDLENBQUM7UUFDekIsTUFBTSxDQUFDLElBQUksQ0FBQyxlQUFlLEVBQUUsR0FBRyxFQUFFO1lBQ2hDLE1BQU0sSUFBSSxHQUFHLE1BQU0sQ0FBQyxrQkFBa0IsRUFBRSxDQUFDO1lBQ3pDLE1BQU0sQ0FBQyxHQUFHLEVBQUUsQ0FBQztZQUNiLE1BQU0sVUFBVSxHQUFHLElBQUksQ0FBQyxXQUFXLENBQUMsS0FBSyxDQUFDLEdBQUcsQ0FBQyxDQUFDLElBQUksQ0FBQyxFQUFFLENBQUMsQ0FBQztZQUN4RCxnQkFBUSxDQUFDLEdBQUcsQ0FBQyx3Q0FBd0MsU0FBUyxPQUFPLFVBQVUsRUFBRSxDQUFDLENBQUM7WUFDbkYsRUFBRSxDQUFDLFVBQVUsQ0FBQyxDQUFDO1FBQ2pCLENBQUMsQ0FBQyxDQUFDO0lBQ0wsQ0FBQyxDQUFDLENBQUM7QUFDTCxDQUFDO0FBRUQseUNBQXlDO0FBQ3pDLDRCQUE0QjtBQUNmLFFBQUEsUUFBUSxHQUFHO0lBQ3RCLGtCQUFrQjtJQUNsQixHQUFHLEVBQUUsYUFBYTtJQUNsQiwyQkFBMkIsRUFBRSxDQUFDLEdBQStDLEVBQUUsRUFBRSxDQUFDLEdBQUcsRUFBRSxDQUFDLDJCQUEyQixDQUFDLEdBQUcsQ0FBQyxDQUFDLE9BQU8sRUFBRTtJQUNsSSwyQkFBMkIsRUFBRSxDQUFDLEdBQStDLEVBQUUsRUFBRSxDQUFDLEdBQUcsRUFBRSxDQUFDLDJCQUEyQixDQUFDLEdBQUcsQ0FBQyxDQUFDLE9BQU8sRUFBRTtJQUNsSSxxQ0FBcUMsRUFBRSxDQUFDLEdBQXlELEVBQUUsRUFBRSxDQUFDLEdBQUcsRUFBRSxDQUFDLHFDQUFxQyxDQUFDLEdBQUcsQ0FBQyxDQUFDLE9BQU8sRUFBRTtJQUNoSyxrQ0FBa0MsRUFBRSxDQUFDLEdBQXNELEVBQUUsRUFBRSxDQUFDLEdBQUcsRUFBRSxDQUFDLGtDQUFrQyxDQUFDLEdBQUcsQ0FBQyxDQUFDLE9BQU8sRUFBRTtJQUN2Six1Q0FBdUMsRUFBRSxDQUFDLEdBQTJELEVBQUUsRUFBRSxDQUFDLEdBQUcsRUFBRSxDQUFDLHVDQUF1QyxDQUFDLEdBQUcsQ0FBQyxDQUFDLE9BQU8sRUFBRTtDQUN2SyxDQUFDIiwic291cmNlc0NvbnRlbnQiOlsiLyogaXN0YW5idWwgaWdub3JlIGZpbGUgKi9cblxuaW1wb3J0ICogYXMgdGxzIGZyb20gJ3Rscyc7XG5pbXBvcnQgKiBhcyB1cmwgZnJvbSAndXJsJztcbi8vIGVzbGludC1kaXNhYmxlLW5leHQtbGluZSBpbXBvcnQvbm8tZXh0cmFuZW91cy1kZXBlbmRlbmNpZXNcbmltcG9ydCAqIGFzIGF3cyBmcm9tICdhd3Mtc2RrJztcblxubGV0IGNsaWVudDogYXdzLklBTTtcblxuZnVuY3Rpb24gaWFtKCkge1xuICBpZiAoIWNsaWVudCkgeyBjbGllbnQgPSBuZXcgYXdzLklBTSgpOyB9XG4gIHJldHVybiBjbGllbnQ7XG59XG5cbmZ1bmN0aW9uIGRlZmF1bHRMb2dnZXIoZm10OiBzdHJpbmcsIC4uLmFyZ3M6IGFueVtdKSB7XG4gIC8vIGVzbGludC1kaXNhYmxlLW5leHQtbGluZSBuby1jb25zb2xlXG4gIGNvbnNvbGUubG9nKGZtdCwgLi4uYXJncyk7XG59XG5cbi8qKlxuICogRG93bmxvYWRzIHRoZSBDQSB0aHVtYnByaW50IGZyb20gdGhlIGlzc3VlciBVUkxcbiAqL1xuYXN5bmMgZnVuY3Rpb24gZG93bmxvYWRUaHVtYnByaW50KGlzc3VlclVybDogc3RyaW5nKSB7XG4gIGV4dGVybmFsLmxvZyhgZG93bmxvYWRpbmcgY2VydGlmaWNhdGUgYXV0aG9yaXR5IHRodW1icHJpbnQgZm9yICR7aXNzdWVyVXJsfWApO1xuICByZXR1cm4gbmV3IFByb21pc2U8c3RyaW5nPigob2ssIGtvKSA9PiB7XG4gICAgY29uc3QgcHVybCA9IHVybC5wYXJzZShpc3N1ZXJVcmwpO1xuICAgIGNvbnN0IHBvcnQgPSBwdXJsLnBvcnQgPyBwYXJzZUludChwdXJsLnBvcnQsIDEwKSA6IDQ0MztcbiAgICBpZiAoIXB1cmwuaG9zdCkge1xuICAgICAgcmV0dXJuIGtvKG5ldyBFcnJvcihgdW5hYmxlIHRvIGRldGVybWluZSBob3N0IGZyb20gaXNzdWVyIHVybCAke2lzc3VlclVybH1gKSk7XG4gICAgfVxuICAgIGNvbnN0IHNvY2tldCA9IHRscy5jb25uZWN0KHBvcnQsIHB1cmwuaG9zdCwgeyByZWplY3RVbmF1dGhvcml6ZWQ6IGZhbHNlLCBzZXJ2ZXJuYW1lOiBwdXJsLmhvc3QgfSk7XG4gICAgc29ja2V0Lm9uY2UoJ2Vycm9yJywga28pO1xuICAgIHNvY2tldC5vbmNlKCdzZWN1cmVDb25uZWN0JywgKCkgPT4ge1xuICAgICAgY29uc3QgY2VydCA9IHNvY2tldC5nZXRQZWVyQ2VydGlmaWNhdGUoKTtcbiAgICAgIHNvY2tldC5lbmQoKTtcbiAgICAgIGNvbnN0IHRodW1icHJpbnQgPSBjZXJ0LmZpbmdlcnByaW50LnNwbGl0KCc6Jykuam9pbignJyk7XG4gICAgICBleHRlcm5hbC5sb2coYGNlcnRpZmljYXRlIGF1dGhvcml0eSB0aHVtYnByaW50IGZvciAke2lzc3VlclVybH0gaXMgJHt0aHVtYnByaW50fWApO1xuICAgICAgb2sodGh1bWJwcmludCk7XG4gICAgfSk7XG4gIH0pO1xufVxuXG4vLyBhbGxvd3MgdW5pdCB0ZXN0IHRvIHJlcGxhY2Ugd2l0aCBtb2Nrc1xuLyogZXNsaW50LWRpc2FibGUgbWF4LWxlbiAqL1xuZXhwb3J0IGNvbnN0IGV4dGVybmFsID0ge1xuICBkb3dubG9hZFRodW1icHJpbnQsXG4gIGxvZzogZGVmYXVsdExvZ2dlcixcbiAgY3JlYXRlT3BlbklEQ29ubmVjdFByb3ZpZGVyOiAocmVxOiBhd3MuSUFNLkNyZWF0ZU9wZW5JRENvbm5lY3RQcm92aWRlclJlcXVlc3QpID0+IGlhbSgpLmNyZWF0ZU9wZW5JRENvbm5lY3RQcm92aWRlcihyZXEpLnByb21pc2UoKSxcbiAgZGVsZXRlT3BlbklEQ29ubmVjdFByb3ZpZGVyOiAocmVxOiBhd3MuSUFNLkRlbGV0ZU9wZW5JRENvbm5lY3RQcm92aWRlclJlcXVlc3QpID0+IGlhbSgpLmRlbGV0ZU9wZW5JRENvbm5lY3RQcm92aWRlcihyZXEpLnByb21pc2UoKSxcbiAgdXBkYXRlT3BlbklEQ29ubmVjdFByb3ZpZGVyVGh1bWJwcmludDogKHJlcTogYXdzLklBTS5VcGRhdGVPcGVuSURDb25uZWN0UHJvdmlkZXJUaHVtYnByaW50UmVxdWVzdCkgPT4gaWFtKCkudXBkYXRlT3BlbklEQ29ubmVjdFByb3ZpZGVyVGh1bWJwcmludChyZXEpLnByb21pc2UoKSxcbiAgYWRkQ2xpZW50SURUb09wZW5JRENvbm5lY3RQcm92aWRlcjogKHJlcTogYXdzLklBTS5BZGRDbGllbnRJRFRvT3BlbklEQ29ubmVjdFByb3ZpZGVyUmVxdWVzdCkgPT4gaWFtKCkuYWRkQ2xpZW50SURUb09wZW5JRENvbm5lY3RQcm92aWRlcihyZXEpLnByb21pc2UoKSxcbiAgcmVtb3ZlQ2xpZW50SURGcm9tT3BlbklEQ29ubmVjdFByb3ZpZGVyOiAocmVxOiBhd3MuSUFNLlJlbW92ZUNsaWVudElERnJvbU9wZW5JRENvbm5lY3RQcm92aWRlclJlcXVlc3QpID0+IGlhbSgpLnJlbW92ZUNsaWVudElERnJvbU9wZW5JRENvbm5lY3RQcm92aWRlcihyZXEpLnByb21pc2UoKSxcbn07XG4iXX0= \ No newline at end of file diff --git a/packages/@aws-cdk/aws-eks/test/integ.eks-cluster.js.snapshot/asset.42973d1d89f4a393a64981f78d088964ba13e63a3aab4478cd74109c77cf9174/external.ts b/packages/@aws-cdk/aws-eks/test/integ.eks-cluster.js.snapshot/asset.42973d1d89f4a393a64981f78d088964ba13e63a3aab4478cd74109c77cf9174/external.ts deleted file mode 100644 index 4ad18aed4f17d..0000000000000 --- a/packages/@aws-cdk/aws-eks/test/integ.eks-cluster.js.snapshot/asset.42973d1d89f4a393a64981f78d088964ba13e63a3aab4478cd74109c77cf9174/external.ts +++ /dev/null @@ -1,53 +0,0 @@ -/* istanbul ignore file */ - -import * as tls from 'tls'; -import * as url from 'url'; -// eslint-disable-next-line import/no-extraneous-dependencies -import * as aws from 'aws-sdk'; - -let client: aws.IAM; - -function iam() { - if (!client) { client = new aws.IAM(); } - return client; -} - -function defaultLogger(fmt: string, ...args: any[]) { - // eslint-disable-next-line no-console - console.log(fmt, ...args); -} - -/** - * Downloads the CA thumbprint from the issuer URL - */ -async function downloadThumbprint(issuerUrl: string) { - external.log(`downloading certificate authority thumbprint for ${issuerUrl}`); - return new Promise((ok, ko) => { - const purl = url.parse(issuerUrl); - const port = purl.port ? parseInt(purl.port, 10) : 443; - if (!purl.host) { - return ko(new Error(`unable to determine host from issuer url ${issuerUrl}`)); - } - const socket = tls.connect(port, purl.host, { rejectUnauthorized: false, servername: purl.host }); - socket.once('error', ko); - socket.once('secureConnect', () => { - const cert = socket.getPeerCertificate(); - socket.end(); - const thumbprint = cert.fingerprint.split(':').join(''); - external.log(`certificate authority thumbprint for ${issuerUrl} is ${thumbprint}`); - ok(thumbprint); - }); - }); -} - -// allows unit test to replace with mocks -/* eslint-disable max-len */ -export const external = { - downloadThumbprint, - log: defaultLogger, - createOpenIDConnectProvider: (req: aws.IAM.CreateOpenIDConnectProviderRequest) => iam().createOpenIDConnectProvider(req).promise(), - deleteOpenIDConnectProvider: (req: aws.IAM.DeleteOpenIDConnectProviderRequest) => iam().deleteOpenIDConnectProvider(req).promise(), - updateOpenIDConnectProviderThumbprint: (req: aws.IAM.UpdateOpenIDConnectProviderThumbprintRequest) => iam().updateOpenIDConnectProviderThumbprint(req).promise(), - addClientIDToOpenIDConnectProvider: (req: aws.IAM.AddClientIDToOpenIDConnectProviderRequest) => iam().addClientIDToOpenIDConnectProvider(req).promise(), - removeClientIDFromOpenIDConnectProvider: (req: aws.IAM.RemoveClientIDFromOpenIDConnectProviderRequest) => iam().removeClientIDFromOpenIDConnectProvider(req).promise(), -}; diff --git a/packages/@aws-cdk/aws-eks/test/integ.eks-cluster.js.snapshot/asset.42973d1d89f4a393a64981f78d088964ba13e63a3aab4478cd74109c77cf9174/index.d.ts b/packages/@aws-cdk/aws-eks/test/integ.eks-cluster.js.snapshot/asset.42973d1d89f4a393a64981f78d088964ba13e63a3aab4478cd74109c77cf9174/index.d.ts deleted file mode 100644 index 038b626561d4a..0000000000000 --- a/packages/@aws-cdk/aws-eks/test/integ.eks-cluster.js.snapshot/asset.42973d1d89f4a393a64981f78d088964ba13e63a3aab4478cd74109c77cf9174/index.d.ts +++ /dev/null @@ -1,3 +0,0 @@ -export declare function handler(event: AWSLambda.CloudFormationCustomResourceEvent): Promise; diff --git a/packages/@aws-cdk/aws-eks/test/integ.eks-cluster.js.snapshot/asset.42973d1d89f4a393a64981f78d088964ba13e63a3aab4478cd74109c77cf9174/index.ts b/packages/@aws-cdk/aws-eks/test/integ.eks-cluster.js.snapshot/asset.42973d1d89f4a393a64981f78d088964ba13e63a3aab4478cd74109c77cf9174/index.ts deleted file mode 100644 index ee276edd3fa9b..0000000000000 --- a/packages/@aws-cdk/aws-eks/test/integ.eks-cluster.js.snapshot/asset.42973d1d89f4a393a64981f78d088964ba13e63a3aab4478cd74109c77cf9174/index.ts +++ /dev/null @@ -1,89 +0,0 @@ -import { arrayDiff } from './diff'; -import { external } from './external'; - -export async function handler(event: AWSLambda.CloudFormationCustomResourceEvent) { - if (event.RequestType === 'Create') { return onCreate(event); } - if (event.RequestType === 'Update') { return onUpdate(event); } - if (event.RequestType === 'Delete') { return onDelete(event); } - throw new Error('invalid request type'); -} - -async function onCreate(event: AWSLambda.CloudFormationCustomResourceCreateEvent) { - const issuerUrl = event.ResourceProperties.Url; - const thumbprints: string[] = (event.ResourceProperties.ThumbprintList ?? []).sort(); // keep sorted for UPDATE - const clients: string[] = (event.ResourceProperties.ClientIDList ?? []).sort(); - - if (thumbprints.length === 0) { - thumbprints.push(await external.downloadThumbprint(issuerUrl)); - } - - const resp = await external.createOpenIDConnectProvider({ - Url: issuerUrl, - ClientIDList: clients, - ThumbprintList: thumbprints, - }); - - return { - PhysicalResourceId: resp.OpenIDConnectProviderArn, - }; -} - -async function onUpdate(event: AWSLambda.CloudFormationCustomResourceUpdateEvent) { - const issuerUrl = event.ResourceProperties.Url; - const thumbprints: string[] = (event.ResourceProperties.ThumbprintList ?? []).sort(); // keep sorted for UPDATE - const clients: string[] = (event.ResourceProperties.ClientIDList ?? []).sort(); - - // determine which update we are talking about. - const oldIssuerUrl = event.OldResourceProperties.Url; - - // if this is a URL update, then we basically create a new resource and cfn will delete the old one - // since the physical resource ID will change. - if (oldIssuerUrl !== issuerUrl) { - return onCreate({ ...event, RequestType: 'Create' }); - } - - const providerArn = event.PhysicalResourceId; - - // if thumbprints changed, we can update in-place, but bear in mind that if the new thumbprint list - // is empty, we will grab it from the server like we do in CREATE - const oldThumbprints = (event.OldResourceProperties.ThumbprintList || []).sort(); - if (JSON.stringify(oldThumbprints) !== JSON.stringify(thumbprints)) { - const thumbprintList = thumbprints.length > 0 ? thumbprints : [await external.downloadThumbprint(issuerUrl)]; - external.log('updating thumbprint list from', oldThumbprints, 'to', thumbprints); - await external.updateOpenIDConnectProviderThumbprint({ - OpenIDConnectProviderArn: providerArn, - ThumbprintList: thumbprintList, - }); - - // don't return, we might have more updates... - } - - // if client ID list has changed, determine "diff" because the API is add/remove - const oldClients: string[] = (event.OldResourceProperties.ClientIDList || []).sort(); - const diff = arrayDiff(oldClients, clients); - external.log(`client ID diff: ${JSON.stringify(diff)}`); - - for (const addClient of diff.adds) { - external.log(`adding client id "${addClient}" to provider ${providerArn}`); - await external.addClientIDToOpenIDConnectProvider({ - OpenIDConnectProviderArn: providerArn, - ClientID: addClient, - }); - } - - for (const deleteClient of diff.deletes) { - external.log(`removing client id "${deleteClient}" from provider ${providerArn}`); - await external.removeClientIDFromOpenIDConnectProvider({ - OpenIDConnectProviderArn: providerArn, - ClientID: deleteClient, - }); - } - - return; -} - -async function onDelete(deleteEvent: AWSLambda.CloudFormationCustomResourceDeleteEvent) { - await external.deleteOpenIDConnectProvider({ - OpenIDConnectProviderArn: deleteEvent.PhysicalResourceId, - }); -} diff --git a/packages/@aws-cdk/aws-eks/test/integ.eks-cluster.js.snapshot/asset.42973d1d89f4a393a64981f78d088964ba13e63a3aab4478cd74109c77cf9174/__entrypoint__.js b/packages/@aws-cdk/aws-eks/test/integ.eks-cluster.js.snapshot/asset.b461123ee060208a85a3dbdaa41982700ad24caf5f4c4af2f625986b92ac60c3/__entrypoint__.js similarity index 100% rename from packages/@aws-cdk/aws-eks/test/integ.eks-cluster.js.snapshot/asset.42973d1d89f4a393a64981f78d088964ba13e63a3aab4478cd74109c77cf9174/__entrypoint__.js rename to packages/@aws-cdk/aws-eks/test/integ.eks-cluster.js.snapshot/asset.b461123ee060208a85a3dbdaa41982700ad24caf5f4c4af2f625986b92ac60c3/__entrypoint__.js diff --git a/packages/@aws-cdk/aws-eks/test/integ.eks-cluster.js.snapshot/asset.42973d1d89f4a393a64981f78d088964ba13e63a3aab4478cd74109c77cf9174/diff.js b/packages/@aws-cdk/aws-eks/test/integ.eks-cluster.js.snapshot/asset.b461123ee060208a85a3dbdaa41982700ad24caf5f4c4af2f625986b92ac60c3/diff.js similarity index 100% rename from packages/@aws-cdk/aws-eks/test/integ.eks-cluster.js.snapshot/asset.42973d1d89f4a393a64981f78d088964ba13e63a3aab4478cd74109c77cf9174/diff.js rename to packages/@aws-cdk/aws-eks/test/integ.eks-cluster.js.snapshot/asset.b461123ee060208a85a3dbdaa41982700ad24caf5f4c4af2f625986b92ac60c3/diff.js diff --git a/packages/@aws-cdk/aws-eks/test/integ.eks-cluster.js.snapshot/asset.b461123ee060208a85a3dbdaa41982700ad24caf5f4c4af2f625986b92ac60c3/external.js b/packages/@aws-cdk/aws-eks/test/integ.eks-cluster.js.snapshot/asset.b461123ee060208a85a3dbdaa41982700ad24caf5f4c4af2f625986b92ac60c3/external.js new file mode 100644 index 0000000000000..7d8c6e611c70b --- /dev/null +++ b/packages/@aws-cdk/aws-eks/test/integ.eks-cluster.js.snapshot/asset.b461123ee060208a85a3dbdaa41982700ad24caf5f4c4af2f625986b92ac60c3/external.js @@ -0,0 +1,88 @@ +"use strict"; +Object.defineProperty(exports, "__esModule", { value: true }); +exports.external = exports.downloadThumbprint = void 0; +const util = require("node:util"); +const tls = require("tls"); +const url = require("url"); +// eslint-disable-next-line import/no-extraneous-dependencies +const aws = require("aws-sdk"); +let client; +function iam() { + if (!client) { + client = new aws.IAM(); + } + return client; +} +function defaultLogger(fmt, ...args) { + // eslint-disable-next-line no-console + console.log(fmt, ...args); +} +/** + * Downloads the CA thumbprint from the issuer URL + */ +async function downloadThumbprint(issuerUrl) { + exports.external.log(`Downloading certificate authority thumbprint for ${issuerUrl}`); + return new Promise((ok, ko) => { + const purl = url.parse(issuerUrl); + const port = purl.port ? parseInt(purl.port, 10) : 443; + if (!purl.host) { + return ko(new Error(`unable to determine host from issuer url ${issuerUrl}`)); + } + const socket = tls.connect(port, purl.host, { rejectUnauthorized: false, servername: purl.host }); + socket.once('error', ko); + socket.once('secureConnect', () => { + // This set to `true` would return the entire chain of certificates as a circular reference object + let cert = socket.getPeerCertificate(true); + const unqiueCerts = new Set(); + do { + unqiueCerts.add(cert); + cert = cert.issuerCertificate; + } while (cert && typeof cert === 'object' && !unqiueCerts.has(cert)); + // The last `cert` obtained must be the root certificate in the certificate chain + const rootCert = [...unqiueCerts].pop(); + // Add `ca: true` when node merges the feature. Awaiting resolution: https://github.com/nodejs/node/issues/44905 + if (!(util.isDeepStrictEqual(rootCert.issuer, rootCert.subject))) { + return ko(new Error(`Subject and Issuer of certificate received are different. + Received: \'Subject\' is ${JSON.stringify(rootCert.subject, null, 4)} and \'Issuer\':${JSON.stringify(rootCert.issuer, null, 4)}`)); + } + const validTo = new Date(rootCert.valid_to); + const certificateValidity = getCertificateValidity(validTo); + if (certificateValidity < 0) { + return ko(new Error(`The certificate has already expired on: ${validTo.toUTCString()}`)); + } + // Warning user if certificate validity is expiring within 6 months + if (certificateValidity < 180) { + /* eslint-disable-next-line no-console */ + console.warn(`The root certificate obtained would expire in ${certificateValidity} days!`); + } + socket.end(); + const thumbprint = rootCert.fingerprint.split(':').join(''); + exports.external.log(`Certificate Authority thumbprint for ${issuerUrl} is ${thumbprint}`); + ok(thumbprint); + }); + }); +} +exports.downloadThumbprint = downloadThumbprint; +/** + * To get the validity timeline for the certificate + * @param certDate The valid to date for the certificate + * @returns The number of days the certificate is valid wrt current date + */ +function getCertificateValidity(certDate) { + const millisecondsInDay = 24 * 60 * 60 * 1000; + const currentDate = new Date(); + const validity = Math.round((certDate.getTime() - currentDate.getTime()) / millisecondsInDay); + return validity; +} +// allows unit test to replace with mocks +/* eslint-disable max-len */ +exports.external = { + downloadThumbprint, + log: defaultLogger, + createOpenIDConnectProvider: (req) => iam().createOpenIDConnectProvider(req).promise(), + deleteOpenIDConnectProvider: (req) => iam().deleteOpenIDConnectProvider(req).promise(), + updateOpenIDConnectProviderThumbprint: (req) => iam().updateOpenIDConnectProviderThumbprint(req).promise(), + addClientIDToOpenIDConnectProvider: (req) => iam().addClientIDToOpenIDConnectProvider(req).promise(), + removeClientIDFromOpenIDConnectProvider: (req) => iam().removeClientIDFromOpenIDConnectProvider(req).promise(), +}; +//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZXh0ZXJuYWwuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyJleHRlcm5hbC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7QUFFQSxrQ0FBa0M7QUFDbEMsMkJBQTJCO0FBQzNCLDJCQUEyQjtBQUMzQiw2REFBNkQ7QUFDN0QsK0JBQStCO0FBRS9CLElBQUksTUFBZSxDQUFDO0FBRXBCLFNBQVMsR0FBRztJQUNWLElBQUksQ0FBQyxNQUFNLEVBQUU7UUFBRSxNQUFNLEdBQUcsSUFBSSxHQUFHLENBQUMsR0FBRyxFQUFFLENBQUM7S0FBRTtJQUN4QyxPQUFPLE1BQU0sQ0FBQztBQUNoQixDQUFDO0FBRUQsU0FBUyxhQUFhLENBQUMsR0FBVyxFQUFFLEdBQUcsSUFBVztJQUNoRCxzQ0FBc0M7SUFDdEMsT0FBTyxDQUFDLEdBQUcsQ0FBQyxHQUFHLEVBQUUsR0FBRyxJQUFJLENBQUMsQ0FBQztBQUM1QixDQUFDO0FBRUQ7O0dBRUc7QUFDSSxLQUFLLFVBQVUsa0JBQWtCLENBQUMsU0FBaUI7SUFFeEQsZ0JBQVEsQ0FBQyxHQUFHLENBQUMsb0RBQW9ELFNBQVMsRUFBRSxDQUFDLENBQUM7SUFFOUUsT0FBTyxJQUFJLE9BQU8sQ0FBUyxDQUFDLEVBQUUsRUFBRSxFQUFFLEVBQUUsRUFBRTtRQUNwQyxNQUFNLElBQUksR0FBRyxHQUFHLENBQUMsS0FBSyxDQUFDLFNBQVMsQ0FBQyxDQUFDO1FBQ2xDLE1BQU0sSUFBSSxHQUFHLElBQUksQ0FBQyxJQUFJLENBQUMsQ0FBQyxDQUFDLFFBQVEsQ0FBQyxJQUFJLENBQUMsSUFBSSxFQUFFLEVBQUUsQ0FBQyxDQUFDLENBQUMsQ0FBQyxHQUFHLENBQUM7UUFFdkQsSUFBSSxDQUFDLElBQUksQ0FBQyxJQUFJLEVBQUU7WUFDZCxPQUFPLEVBQUUsQ0FBQyxJQUFJLEtBQUssQ0FBQyw0Q0FBNEMsU0FBUyxFQUFFLENBQUMsQ0FBQyxDQUFDO1NBQy9FO1FBRUQsTUFBTSxNQUFNLEdBQUcsR0FBRyxDQUFDLE9BQU8sQ0FBQyxJQUFJLEVBQUUsSUFBSSxDQUFDLElBQUksRUFBRSxFQUFFLGtCQUFrQixFQUFFLEtBQUssRUFBRSxVQUFVLEVBQUUsSUFBSSxDQUFDLElBQUksRUFBRSxDQUFDLENBQUM7UUFDbEcsTUFBTSxDQUFDLElBQUksQ0FBQyxPQUFPLEVBQUUsRUFBRSxDQUFDLENBQUM7UUFFekIsTUFBTSxDQUFDLElBQUksQ0FBQyxlQUFlLEVBQUUsR0FBRyxFQUFFO1lBQ2hDLGtHQUFrRztZQUNsRyxJQUFJLElBQUksR0FBRyxNQUFNLENBQUMsa0JBQWtCLENBQUMsSUFBSSxDQUFDLENBQUM7WUFFM0MsTUFBTSxXQUFXLEdBQUcsSUFBSSxHQUFHLEVBQTJCLENBQUM7WUFDdkQsR0FBRztnQkFDRCxXQUFXLENBQUMsR0FBRyxDQUFDLElBQUksQ0FBQyxDQUFDO2dCQUN0QixJQUFJLEdBQUcsSUFBSSxDQUFDLGlCQUFpQixDQUFDO2FBQy9CLFFBQVMsSUFBSSxJQUFJLE9BQU8sSUFBSSxLQUFLLFFBQVEsSUFBSSxDQUFDLFdBQVcsQ0FBQyxHQUFHLENBQUMsSUFBSSxDQUFDLEVBQUU7WUFFdEUsaUZBQWlGO1lBQ2pGLE1BQU0sUUFBUSxHQUFHLENBQUMsR0FBRyxXQUFXLENBQUMsQ0FBQyxHQUFHLEVBQUcsQ0FBQztZQUV6QyxnSEFBZ0g7WUFDaEgsSUFBSSxDQUFDLENBQUMsSUFBSSxDQUFDLGlCQUFpQixDQUFDLFFBQVEsQ0FBQyxNQUFNLEVBQUUsUUFBUSxDQUFDLE9BQU8sQ0FBQyxDQUFDLEVBQUU7Z0JBQ2hFLE9BQU8sRUFBRSxDQUFDLElBQUksS0FBSyxDQUFDO21DQUNPLElBQUksQ0FBQyxTQUFTLENBQUMsUUFBUSxDQUFDLE9BQU8sRUFBRSxJQUFJLEVBQUUsQ0FBQyxDQUFDLG1CQUFtQixJQUFJLENBQUMsU0FBUyxDQUFDLFFBQVEsQ0FBQyxNQUFNLEVBQUUsSUFBSSxFQUFFLENBQUMsQ0FBQyxFQUFFLENBQUMsQ0FBQyxDQUFDO2FBQ3JJO1lBRUQsTUFBTSxPQUFPLEdBQUcsSUFBSSxJQUFJLENBQUMsUUFBUSxDQUFDLFFBQVEsQ0FBQyxDQUFDO1lBQzVDLE1BQU0sbUJBQW1CLEdBQUcsc0JBQXNCLENBQUMsT0FBTyxDQUFDLENBQUM7WUFFNUQsSUFBSSxtQkFBbUIsR0FBRyxDQUFDLEVBQUU7Z0JBQzNCLE9BQU8sRUFBRSxDQUFDLElBQUksS0FBSyxDQUFDLDJDQUEyQyxPQUFPLENBQUMsV0FBVyxFQUFFLEVBQUUsQ0FBQyxDQUFDLENBQUM7YUFDMUY7WUFFRCxtRUFBbUU7WUFDbkUsSUFBSSxtQkFBbUIsR0FBRyxHQUFHLEVBQUU7Z0JBQzdCLHlDQUF5QztnQkFDekMsT0FBTyxDQUFDLElBQUksQ0FBQyxpREFBaUQsbUJBQW1CLFFBQVEsQ0FBQyxDQUFDO2FBQzVGO1lBRUQsTUFBTSxDQUFDLEdBQUcsRUFBRSxDQUFDO1lBRWIsTUFBTSxVQUFVLEdBQUcsUUFBUSxDQUFDLFdBQVcsQ0FBQyxLQUFLLENBQUMsR0FBRyxDQUFDLENBQUMsSUFBSSxDQUFDLEVBQUUsQ0FBQyxDQUFDO1lBQzVELGdCQUFRLENBQUMsR0FBRyxDQUFDLHdDQUF3QyxTQUFTLE9BQU8sVUFBVSxFQUFFLENBQUMsQ0FBQztZQUVuRixFQUFFLENBQUMsVUFBVSxDQUFDLENBQUM7UUFDakIsQ0FBQyxDQUFDLENBQUM7SUFDTCxDQUFDLENBQUMsQ0FBQztBQUNMLENBQUM7QUF2REQsZ0RBdURDO0FBRUQ7Ozs7R0FJRztBQUNILFNBQVMsc0JBQXNCLENBQUMsUUFBYztJQUM1QyxNQUFNLGlCQUFpQixHQUFHLEVBQUUsR0FBRyxFQUFFLEdBQUcsRUFBRSxHQUFHLElBQUksQ0FBQztJQUM5QyxNQUFNLFdBQVcsR0FBRyxJQUFJLElBQUksRUFBRSxDQUFDO0lBRS9CLE1BQU0sUUFBUSxHQUFHLElBQUksQ0FBQyxLQUFLLENBQUMsQ0FBQyxRQUFRLENBQUMsT0FBTyxFQUFFLEdBQUcsV0FBVyxDQUFDLE9BQU8sRUFBRSxDQUFDLEdBQUcsaUJBQWlCLENBQUMsQ0FBQztJQUU5RixPQUFPLFFBQVEsQ0FBQztBQUNsQixDQUFDO0FBRUQseUNBQXlDO0FBQ3pDLDRCQUE0QjtBQUNmLFFBQUEsUUFBUSxHQUFHO0lBQ3RCLGtCQUFrQjtJQUNsQixHQUFHLEVBQUUsYUFBYTtJQUNsQiwyQkFBMkIsRUFBRSxDQUFDLEdBQStDLEVBQUUsRUFBRSxDQUFDLEdBQUcsRUFBRSxDQUFDLDJCQUEyQixDQUFDLEdBQUcsQ0FBQyxDQUFDLE9BQU8sRUFBRTtJQUNsSSwyQkFBMkIsRUFBRSxDQUFDLEdBQStDLEVBQUUsRUFBRSxDQUFDLEdBQUcsRUFBRSxDQUFDLDJCQUEyQixDQUFDLEdBQUcsQ0FBQyxDQUFDLE9BQU8sRUFBRTtJQUNsSSxxQ0FBcUMsRUFBRSxDQUFDLEdBQXlELEVBQUUsRUFBRSxDQUFDLEdBQUcsRUFBRSxDQUFDLHFDQUFxQyxDQUFDLEdBQUcsQ0FBQyxDQUFDLE9BQU8sRUFBRTtJQUNoSyxrQ0FBa0MsRUFBRSxDQUFDLEdBQXNELEVBQUUsRUFBRSxDQUFDLEdBQUcsRUFBRSxDQUFDLGtDQUFrQyxDQUFDLEdBQUcsQ0FBQyxDQUFDLE9BQU8sRUFBRTtJQUN2Six1Q0FBdUMsRUFBRSxDQUFDLEdBQTJELEVBQUUsRUFBRSxDQUFDLEdBQUcsRUFBRSxDQUFDLHVDQUF1QyxDQUFDLEdBQUcsQ0FBQyxDQUFDLE9BQU8sRUFBRTtDQUN2SyxDQUFDIiwic291cmNlc0NvbnRlbnQiOlsiLyogaXN0YW5idWwgaWdub3JlIGZpbGUgKi9cbmltcG9ydCB7IERldGFpbGVkUGVlckNlcnRpZmljYXRlIH0gZnJvbSAnbm9kZTp0bHMnO1xuaW1wb3J0ICogYXMgdXRpbCBmcm9tICdub2RlOnV0aWwnO1xuaW1wb3J0ICogYXMgdGxzIGZyb20gJ3Rscyc7XG5pbXBvcnQgKiBhcyB1cmwgZnJvbSAndXJsJztcbi8vIGVzbGludC1kaXNhYmxlLW5leHQtbGluZSBpbXBvcnQvbm8tZXh0cmFuZW91cy1kZXBlbmRlbmNpZXNcbmltcG9ydCAqIGFzIGF3cyBmcm9tICdhd3Mtc2RrJztcblxubGV0IGNsaWVudDogYXdzLklBTTtcblxuZnVuY3Rpb24gaWFtKCkge1xuICBpZiAoIWNsaWVudCkgeyBjbGllbnQgPSBuZXcgYXdzLklBTSgpOyB9XG4gIHJldHVybiBjbGllbnQ7XG59XG5cbmZ1bmN0aW9uIGRlZmF1bHRMb2dnZXIoZm10OiBzdHJpbmcsIC4uLmFyZ3M6IGFueVtdKSB7XG4gIC8vIGVzbGludC1kaXNhYmxlLW5leHQtbGluZSBuby1jb25zb2xlXG4gIGNvbnNvbGUubG9nKGZtdCwgLi4uYXJncyk7XG59XG5cbi8qKlxuICogRG93bmxvYWRzIHRoZSBDQSB0aHVtYnByaW50IGZyb20gdGhlIGlzc3VlciBVUkxcbiAqL1xuZXhwb3J0IGFzeW5jIGZ1bmN0aW9uIGRvd25sb2FkVGh1bWJwcmludChpc3N1ZXJVcmw6IHN0cmluZykge1xuXG4gIGV4dGVybmFsLmxvZyhgRG93bmxvYWRpbmcgY2VydGlmaWNhdGUgYXV0aG9yaXR5IHRodW1icHJpbnQgZm9yICR7aXNzdWVyVXJsfWApO1xuXG4gIHJldHVybiBuZXcgUHJvbWlzZTxzdHJpbmc+KChvaywga28pID0+IHtcbiAgICBjb25zdCBwdXJsID0gdXJsLnBhcnNlKGlzc3VlclVybCk7XG4gICAgY29uc3QgcG9ydCA9IHB1cmwucG9ydCA/IHBhcnNlSW50KHB1cmwucG9ydCwgMTApIDogNDQzO1xuXG4gICAgaWYgKCFwdXJsLmhvc3QpIHtcbiAgICAgIHJldHVybiBrbyhuZXcgRXJyb3IoYHVuYWJsZSB0byBkZXRlcm1pbmUgaG9zdCBmcm9tIGlzc3VlciB1cmwgJHtpc3N1ZXJVcmx9YCkpO1xuICAgIH1cblxuICAgIGNvbnN0IHNvY2tldCA9IHRscy5jb25uZWN0KHBvcnQsIHB1cmwuaG9zdCwgeyByZWplY3RVbmF1dGhvcml6ZWQ6IGZhbHNlLCBzZXJ2ZXJuYW1lOiBwdXJsLmhvc3QgfSk7XG4gICAgc29ja2V0Lm9uY2UoJ2Vycm9yJywga28pO1xuXG4gICAgc29ja2V0Lm9uY2UoJ3NlY3VyZUNvbm5lY3QnLCAoKSA9PiB7XG4gICAgICAvLyBUaGlzIHNldCB0byBgdHJ1ZWAgd291bGQgcmV0dXJuIHRoZSBlbnRpcmUgY2hhaW4gb2YgY2VydGlmaWNhdGVzIGFzIGEgY2lyY3VsYXIgcmVmZXJlbmNlIG9iamVjdFxuICAgICAgbGV0IGNlcnQgPSBzb2NrZXQuZ2V0UGVlckNlcnRpZmljYXRlKHRydWUpO1xuXG4gICAgICBjb25zdCB1bnFpdWVDZXJ0cyA9IG5ldyBTZXQ8RGV0YWlsZWRQZWVyQ2VydGlmaWNhdGU+KCk7XG4gICAgICBkbyB7XG4gICAgICAgIHVucWl1ZUNlcnRzLmFkZChjZXJ0KTtcbiAgICAgICAgY2VydCA9IGNlcnQuaXNzdWVyQ2VydGlmaWNhdGU7XG4gICAgICB9IHdoaWxlICggY2VydCAmJiB0eXBlb2YgY2VydCA9PT0gJ29iamVjdCcgJiYgIXVucWl1ZUNlcnRzLmhhcyhjZXJ0KSk7XG5cbiAgICAgIC8vIFRoZSBsYXN0IGBjZXJ0YCBvYnRhaW5lZCBtdXN0IGJlIHRoZSByb290IGNlcnRpZmljYXRlIGluIHRoZSBjZXJ0aWZpY2F0ZSBjaGFpblxuICAgICAgY29uc3Qgcm9vdENlcnQgPSBbLi4udW5xaXVlQ2VydHNdLnBvcCgpITtcblxuICAgICAgLy8gQWRkIGBjYTogdHJ1ZWAgd2hlbiBub2RlIG1lcmdlcyB0aGUgZmVhdHVyZS4gQXdhaXRpbmcgcmVzb2x1dGlvbjogaHR0cHM6Ly9naXRodWIuY29tL25vZGVqcy9ub2RlL2lzc3Vlcy80NDkwNVxuICAgICAgaWYgKCEodXRpbC5pc0RlZXBTdHJpY3RFcXVhbChyb290Q2VydC5pc3N1ZXIsIHJvb3RDZXJ0LnN1YmplY3QpKSkge1xuICAgICAgICByZXR1cm4ga28obmV3IEVycm9yKGBTdWJqZWN0IGFuZCBJc3N1ZXIgb2YgY2VydGlmaWNhdGUgcmVjZWl2ZWQgYXJlIGRpZmZlcmVudC4gXG4gICAgICAgIFJlY2VpdmVkOiBcXCdTdWJqZWN0XFwnIGlzICR7SlNPTi5zdHJpbmdpZnkocm9vdENlcnQuc3ViamVjdCwgbnVsbCwgNCl9IGFuZCBcXCdJc3N1ZXJcXCc6JHtKU09OLnN0cmluZ2lmeShyb290Q2VydC5pc3N1ZXIsIG51bGwsIDQpfWApKTtcbiAgICAgIH1cblxuICAgICAgY29uc3QgdmFsaWRUbyA9IG5ldyBEYXRlKHJvb3RDZXJ0LnZhbGlkX3RvKTtcbiAgICAgIGNvbnN0IGNlcnRpZmljYXRlVmFsaWRpdHkgPSBnZXRDZXJ0aWZpY2F0ZVZhbGlkaXR5KHZhbGlkVG8pO1xuXG4gICAgICBpZiAoY2VydGlmaWNhdGVWYWxpZGl0eSA8IDApIHtcbiAgICAgICAgcmV0dXJuIGtvKG5ldyBFcnJvcihgVGhlIGNlcnRpZmljYXRlIGhhcyBhbHJlYWR5IGV4cGlyZWQgb246ICR7dmFsaWRUby50b1VUQ1N0cmluZygpfWApKTtcbiAgICAgIH1cblxuICAgICAgLy8gV2FybmluZyB1c2VyIGlmIGNlcnRpZmljYXRlIHZhbGlkaXR5IGlzIGV4cGlyaW5nIHdpdGhpbiA2IG1vbnRoc1xuICAgICAgaWYgKGNlcnRpZmljYXRlVmFsaWRpdHkgPCAxODApIHtcbiAgICAgICAgLyogZXNsaW50LWRpc2FibGUtbmV4dC1saW5lIG5vLWNvbnNvbGUgKi9cbiAgICAgICAgY29uc29sZS53YXJuKGBUaGUgcm9vdCBjZXJ0aWZpY2F0ZSBvYnRhaW5lZCB3b3VsZCBleHBpcmUgaW4gJHtjZXJ0aWZpY2F0ZVZhbGlkaXR5fSBkYXlzIWApO1xuICAgICAgfVxuXG4gICAgICBzb2NrZXQuZW5kKCk7XG5cbiAgICAgIGNvbnN0IHRodW1icHJpbnQgPSByb290Q2VydC5maW5nZXJwcmludC5zcGxpdCgnOicpLmpvaW4oJycpO1xuICAgICAgZXh0ZXJuYWwubG9nKGBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgdGh1bWJwcmludCBmb3IgJHtpc3N1ZXJVcmx9IGlzICR7dGh1bWJwcmludH1gKTtcblxuICAgICAgb2sodGh1bWJwcmludCk7XG4gICAgfSk7XG4gIH0pO1xufVxuXG4vKipcbiAqIFRvIGdldCB0aGUgdmFsaWRpdHkgdGltZWxpbmUgZm9yIHRoZSBjZXJ0aWZpY2F0ZVxuICogQHBhcmFtIGNlcnREYXRlIFRoZSB2YWxpZCB0byBkYXRlIGZvciB0aGUgY2VydGlmaWNhdGVcbiAqIEByZXR1cm5zIFRoZSBudW1iZXIgb2YgZGF5cyB0aGUgY2VydGlmaWNhdGUgaXMgdmFsaWQgd3J0IGN1cnJlbnQgZGF0ZVxuICovXG5mdW5jdGlvbiBnZXRDZXJ0aWZpY2F0ZVZhbGlkaXR5KGNlcnREYXRlOiBEYXRlKTogTnVtYmVyIHtcbiAgY29uc3QgbWlsbGlzZWNvbmRzSW5EYXkgPSAyNCAqIDYwICogNjAgKiAxMDAwO1xuICBjb25zdCBjdXJyZW50RGF0ZSA9IG5ldyBEYXRlKCk7XG5cbiAgY29uc3QgdmFsaWRpdHkgPSBNYXRoLnJvdW5kKChjZXJ0RGF0ZS5nZXRUaW1lKCkgLSBjdXJyZW50RGF0ZS5nZXRUaW1lKCkpIC8gbWlsbGlzZWNvbmRzSW5EYXkpO1xuXG4gIHJldHVybiB2YWxpZGl0eTtcbn1cblxuLy8gYWxsb3dzIHVuaXQgdGVzdCB0byByZXBsYWNlIHdpdGggbW9ja3Ncbi8qIGVzbGludC1kaXNhYmxlIG1heC1sZW4gKi9cbmV4cG9ydCBjb25zdCBleHRlcm5hbCA9IHtcbiAgZG93bmxvYWRUaHVtYnByaW50LFxuICBsb2c6IGRlZmF1bHRMb2dnZXIsXG4gIGNyZWF0ZU9wZW5JRENvbm5lY3RQcm92aWRlcjogKHJlcTogYXdzLklBTS5DcmVhdGVPcGVuSURDb25uZWN0UHJvdmlkZXJSZXF1ZXN0KSA9PiBpYW0oKS5jcmVhdGVPcGVuSURDb25uZWN0UHJvdmlkZXIocmVxKS5wcm9taXNlKCksXG4gIGRlbGV0ZU9wZW5JRENvbm5lY3RQcm92aWRlcjogKHJlcTogYXdzLklBTS5EZWxldGVPcGVuSURDb25uZWN0UHJvdmlkZXJSZXF1ZXN0KSA9PiBpYW0oKS5kZWxldGVPcGVuSURDb25uZWN0UHJvdmlkZXIocmVxKS5wcm9taXNlKCksXG4gIHVwZGF0ZU9wZW5JRENvbm5lY3RQcm92aWRlclRodW1icHJpbnQ6IChyZXE6IGF3cy5JQU0uVXBkYXRlT3BlbklEQ29ubmVjdFByb3ZpZGVyVGh1bWJwcmludFJlcXVlc3QpID0+IGlhbSgpLnVwZGF0ZU9wZW5JRENvbm5lY3RQcm92aWRlclRodW1icHJpbnQocmVxKS5wcm9taXNlKCksXG4gIGFkZENsaWVudElEVG9PcGVuSURDb25uZWN0UHJvdmlkZXI6IChyZXE6IGF3cy5JQU0uQWRkQ2xpZW50SURUb09wZW5JRENvbm5lY3RQcm92aWRlclJlcXVlc3QpID0+IGlhbSgpLmFkZENsaWVudElEVG9PcGVuSURDb25uZWN0UHJvdmlkZXIocmVxKS5wcm9taXNlKCksXG4gIHJlbW92ZUNsaWVudElERnJvbU9wZW5JRENvbm5lY3RQcm92aWRlcjogKHJlcTogYXdzLklBTS5SZW1vdmVDbGllbnRJREZyb21PcGVuSURDb25uZWN0UHJvdmlkZXJSZXF1ZXN0KSA9PiBpYW0oKS5yZW1vdmVDbGllbnRJREZyb21PcGVuSURDb25uZWN0UHJvdmlkZXIocmVxKS5wcm9taXNlKCksXG59O1xuIl19 \ No newline at end of file diff --git a/packages/@aws-cdk/aws-eks/test/integ.eks-cluster.js.snapshot/asset.42973d1d89f4a393a64981f78d088964ba13e63a3aab4478cd74109c77cf9174/index.js b/packages/@aws-cdk/aws-eks/test/integ.eks-cluster.js.snapshot/asset.b461123ee060208a85a3dbdaa41982700ad24caf5f4c4af2f625986b92ac60c3/index.js similarity index 100% rename from packages/@aws-cdk/aws-eks/test/integ.eks-cluster.js.snapshot/asset.42973d1d89f4a393a64981f78d088964ba13e63a3aab4478cd74109c77cf9174/index.js rename to packages/@aws-cdk/aws-eks/test/integ.eks-cluster.js.snapshot/asset.b461123ee060208a85a3dbdaa41982700ad24caf5f4c4af2f625986b92ac60c3/index.js diff --git a/packages/@aws-cdk/aws-eks/test/integ.eks-cluster.js.snapshot/asset.b9db8e64e56b84987288e77a56bf3c0fb982931aa35cb2dcff4bc8a115ae87b3/consts.d.ts b/packages/@aws-cdk/aws-eks/test/integ.eks-cluster.js.snapshot/asset.b9db8e64e56b84987288e77a56bf3c0fb982931aa35cb2dcff4bc8a115ae87b3/consts.d.ts deleted file mode 100644 index 35c3d8f5c637f..0000000000000 --- a/packages/@aws-cdk/aws-eks/test/integ.eks-cluster.js.snapshot/asset.b9db8e64e56b84987288e77a56bf3c0fb982931aa35cb2dcff4bc8a115ae87b3/consts.d.ts +++ /dev/null @@ -1,13 +0,0 @@ -/** - * Supported resource type. - */ -export declare const enum CfnUtilsResourceType { - /** - * CfnJson - */ - CFN_JSON = "Custom::AWSCDKCfnJson", - /** - * CfnJsonStringify - */ - CFN_JSON_STRINGIFY = "Custom::AWSCDKCfnJsonStringify" -} diff --git a/packages/@aws-cdk/aws-eks/test/integ.eks-cluster.js.snapshot/asset.b9db8e64e56b84987288e77a56bf3c0fb982931aa35cb2dcff4bc8a115ae87b3/consts.ts b/packages/@aws-cdk/aws-eks/test/integ.eks-cluster.js.snapshot/asset.b9db8e64e56b84987288e77a56bf3c0fb982931aa35cb2dcff4bc8a115ae87b3/consts.ts deleted file mode 100644 index 9718dcef40645..0000000000000 --- a/packages/@aws-cdk/aws-eks/test/integ.eks-cluster.js.snapshot/asset.b9db8e64e56b84987288e77a56bf3c0fb982931aa35cb2dcff4bc8a115ae87b3/consts.ts +++ /dev/null @@ -1,14 +0,0 @@ -/** - * Supported resource type. - */ -export const enum CfnUtilsResourceType { - /** - * CfnJson - */ - CFN_JSON = 'Custom::AWSCDKCfnJson', - - /** - * CfnJsonStringify - */ - CFN_JSON_STRINGIFY = 'Custom::AWSCDKCfnJsonStringify', -} diff --git a/packages/@aws-cdk/aws-eks/test/integ.eks-cluster.js.snapshot/asset.b9db8e64e56b84987288e77a56bf3c0fb982931aa35cb2dcff4bc8a115ae87b3/index.d.ts b/packages/@aws-cdk/aws-eks/test/integ.eks-cluster.js.snapshot/asset.b9db8e64e56b84987288e77a56bf3c0fb982931aa35cb2dcff4bc8a115ae87b3/index.d.ts deleted file mode 100644 index b228aec7fd8cc..0000000000000 --- a/packages/@aws-cdk/aws-eks/test/integ.eks-cluster.js.snapshot/asset.b9db8e64e56b84987288e77a56bf3c0fb982931aa35cb2dcff4bc8a115ae87b3/index.d.ts +++ /dev/null @@ -1,8 +0,0 @@ -/** - * Parses the value of "Value" and reflects it back as attribute. - */ -export declare function handler(event: AWSLambda.CloudFormationCustomResourceEvent): Promise<{ - Data: { - Value: any; - }; -}>; diff --git a/packages/@aws-cdk/aws-eks/test/integ.eks-cluster.js.snapshot/asset.b9db8e64e56b84987288e77a56bf3c0fb982931aa35cb2dcff4bc8a115ae87b3/index.ts b/packages/@aws-cdk/aws-eks/test/integ.eks-cluster.js.snapshot/asset.b9db8e64e56b84987288e77a56bf3c0fb982931aa35cb2dcff4bc8a115ae87b3/index.ts deleted file mode 100644 index f082001f80159..0000000000000 --- a/packages/@aws-cdk/aws-eks/test/integ.eks-cluster.js.snapshot/asset.b9db8e64e56b84987288e77a56bf3c0fb982931aa35cb2dcff4bc8a115ae87b3/index.ts +++ /dev/null @@ -1,33 +0,0 @@ -import { CfnUtilsResourceType } from './consts'; - -/** - * Parses the value of "Value" and reflects it back as attribute. - */ -export async function handler(event: AWSLambda.CloudFormationCustomResourceEvent) { - - // dispatch based on resource type - if (event.ResourceType === CfnUtilsResourceType.CFN_JSON) { - return cfnJsonHandler(event); - } - if (event.ResourceType === CfnUtilsResourceType.CFN_JSON_STRINGIFY) { - return cfnJsonStringifyHandler(event); - } - - throw new Error(`unexpected resource type "${event.ResourceType}`); -} - -function cfnJsonHandler(event: AWSLambda.CloudFormationCustomResourceEvent) { - return { - Data: { - Value: JSON.parse(event.ResourceProperties.Value), - }, - }; -} - -function cfnJsonStringifyHandler(event: AWSLambda.CloudFormationCustomResourceEvent) { - return { - Data: { - Value: JSON.stringify(event.ResourceProperties.Value), - }, - }; -} diff --git a/packages/@aws-cdk/aws-eks/test/integ.eks-cluster.js.snapshot/asset.c409e6c5845f1f349df8cd84e160bf6f1c35d2b060b63e1f032f9bd39d4542cc.zip b/packages/@aws-cdk/aws-eks/test/integ.eks-cluster.js.snapshot/asset.c409e6c5845f1f349df8cd84e160bf6f1c35d2b060b63e1f032f9bd39d4542cc.zip index 352f28b6701e5..8097ad2422b72 100644 Binary files a/packages/@aws-cdk/aws-eks/test/integ.eks-cluster.js.snapshot/asset.c409e6c5845f1f349df8cd84e160bf6f1c35d2b060b63e1f032f9bd39d4542cc.zip and b/packages/@aws-cdk/aws-eks/test/integ.eks-cluster.js.snapshot/asset.c409e6c5845f1f349df8cd84e160bf6f1c35d2b060b63e1f032f9bd39d4542cc.zip differ diff --git a/packages/@aws-cdk/aws-eks/test/integ.eks-cluster.js.snapshot/asset.b9db8e64e56b84987288e77a56bf3c0fb982931aa35cb2dcff4bc8a115ae87b3/__entrypoint__.js b/packages/@aws-cdk/aws-eks/test/integ.eks-cluster.js.snapshot/asset.f4599f463f56c5c9d584a8aca5b607b7bb0cead0b089b8ccd66b69f00b5ee98a/__entrypoint__.js similarity index 100% rename from packages/@aws-cdk/aws-eks/test/integ.eks-cluster.js.snapshot/asset.b9db8e64e56b84987288e77a56bf3c0fb982931aa35cb2dcff4bc8a115ae87b3/__entrypoint__.js rename to packages/@aws-cdk/aws-eks/test/integ.eks-cluster.js.snapshot/asset.f4599f463f56c5c9d584a8aca5b607b7bb0cead0b089b8ccd66b69f00b5ee98a/__entrypoint__.js diff --git a/packages/@aws-cdk/aws-eks/test/integ.eks-cluster.js.snapshot/asset.b9db8e64e56b84987288e77a56bf3c0fb982931aa35cb2dcff4bc8a115ae87b3/consts.js b/packages/@aws-cdk/aws-eks/test/integ.eks-cluster.js.snapshot/asset.f4599f463f56c5c9d584a8aca5b607b7bb0cead0b089b8ccd66b69f00b5ee98a/consts.js similarity index 100% rename from packages/@aws-cdk/aws-eks/test/integ.eks-cluster.js.snapshot/asset.b9db8e64e56b84987288e77a56bf3c0fb982931aa35cb2dcff4bc8a115ae87b3/consts.js rename to packages/@aws-cdk/aws-eks/test/integ.eks-cluster.js.snapshot/asset.f4599f463f56c5c9d584a8aca5b607b7bb0cead0b089b8ccd66b69f00b5ee98a/consts.js diff --git a/packages/@aws-cdk/aws-eks/test/integ.eks-cluster.js.snapshot/asset.b9db8e64e56b84987288e77a56bf3c0fb982931aa35cb2dcff4bc8a115ae87b3/index.js b/packages/@aws-cdk/aws-eks/test/integ.eks-cluster.js.snapshot/asset.f4599f463f56c5c9d584a8aca5b607b7bb0cead0b089b8ccd66b69f00b5ee98a/index.js similarity index 100% rename from packages/@aws-cdk/aws-eks/test/integ.eks-cluster.js.snapshot/asset.b9db8e64e56b84987288e77a56bf3c0fb982931aa35cb2dcff4bc8a115ae87b3/index.js rename to packages/@aws-cdk/aws-eks/test/integ.eks-cluster.js.snapshot/asset.f4599f463f56c5c9d584a8aca5b607b7bb0cead0b089b8ccd66b69f00b5ee98a/index.js diff --git a/packages/@aws-cdk/aws-eks/test/integ.eks-cluster.js.snapshot/aws-cdk-eks-cluster-test.assets.json b/packages/@aws-cdk/aws-eks/test/integ.eks-cluster.js.snapshot/aws-cdk-eks-cluster-test.assets.json index 655fd2161eecc..9440b57680a26 100644 --- a/packages/@aws-cdk/aws-eks/test/integ.eks-cluster.js.snapshot/aws-cdk-eks-cluster-test.assets.json +++ b/packages/@aws-cdk/aws-eks/test/integ.eks-cluster.js.snapshot/aws-cdk-eks-cluster-test.assets.json @@ -99,29 +99,29 @@ } } }, - "42973d1d89f4a393a64981f78d088964ba13e63a3aab4478cd74109c77cf9174": { + "b461123ee060208a85a3dbdaa41982700ad24caf5f4c4af2f625986b92ac60c3": { "source": { - "path": "asset.42973d1d89f4a393a64981f78d088964ba13e63a3aab4478cd74109c77cf9174", + "path": "asset.b461123ee060208a85a3dbdaa41982700ad24caf5f4c4af2f625986b92ac60c3", "packaging": "zip" }, "destinations": { "current_account-us-east-1": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-us-east-1", - "objectKey": "42973d1d89f4a393a64981f78d088964ba13e63a3aab4478cd74109c77cf9174.zip", + "objectKey": "b461123ee060208a85a3dbdaa41982700ad24caf5f4c4af2f625986b92ac60c3.zip", "region": "us-east-1", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-us-east-1" } } }, - "b9db8e64e56b84987288e77a56bf3c0fb982931aa35cb2dcff4bc8a115ae87b3": { + "f4599f463f56c5c9d584a8aca5b607b7bb0cead0b089b8ccd66b69f00b5ee98a": { "source": { - "path": "asset.b9db8e64e56b84987288e77a56bf3c0fb982931aa35cb2dcff4bc8a115ae87b3", + "path": "asset.f4599f463f56c5c9d584a8aca5b607b7bb0cead0b089b8ccd66b69f00b5ee98a", "packaging": "zip" }, "destinations": { "current_account-us-east-1": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-us-east-1", - "objectKey": "b9db8e64e56b84987288e77a56bf3c0fb982931aa35cb2dcff4bc8a115ae87b3.zip", + "objectKey": "f4599f463f56c5c9d584a8aca5b607b7bb0cead0b089b8ccd66b69f00b5ee98a.zip", "region": "us-east-1", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-us-east-1" } @@ -155,7 +155,7 @@ } } }, - "cd7379f454bce263be9bdb8610853e73586b9e3605d095098feaf5088680667a": { + "c9e0ac0505f6d702ce628b027fcfd077437f08b5a0e7fffb71865c5d7dd1311f": { "source": { "path": "aws-cdk-eks-cluster-test.template.json", "packaging": "file" @@ -163,7 +163,7 @@ "destinations": { "current_account-us-east-1": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-us-east-1", - "objectKey": "cd7379f454bce263be9bdb8610853e73586b9e3605d095098feaf5088680667a.json", + "objectKey": "c9e0ac0505f6d702ce628b027fcfd077437f08b5a0e7fffb71865c5d7dd1311f.json", "region": "us-east-1", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-us-east-1" } diff --git a/packages/@aws-cdk/aws-eks/test/integ.eks-cluster.js.snapshot/aws-cdk-eks-cluster-test.template.json b/packages/@aws-cdk/aws-eks/test/integ.eks-cluster.js.snapshot/aws-cdk-eks-cluster-test.template.json index 6831fd9bd50d0..019c9f4f8247b 100644 --- a/packages/@aws-cdk/aws-eks/test/integ.eks-cluster.js.snapshot/aws-cdk-eks-cluster-test.template.json +++ b/packages/@aws-cdk/aws-eks/test/integ.eks-cluster.js.snapshot/aws-cdk-eks-cluster-test.template.json @@ -3232,9 +3232,6 @@ "ClientIDList": [ "sts.amazonaws.com" ], - "ThumbprintList": [ - "9e99a48a9960b14926bb7f3b02e22da2b0ab7280" - ], "Url": { "Fn::GetAtt": [ "Cluster9EE0221C", @@ -3553,7 +3550,7 @@ "S3Bucket": { "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-us-east-1" }, - "S3Key": "42973d1d89f4a393a64981f78d088964ba13e63a3aab4478cd74109c77cf9174.zip" + "S3Key": "b461123ee060208a85a3dbdaa41982700ad24caf5f4c4af2f625986b92ac60c3.zip" }, "Timeout": 900, "MemorySize": 128, @@ -3599,7 +3596,7 @@ "S3Bucket": { "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-us-east-1" }, - "S3Key": "b9db8e64e56b84987288e77a56bf3c0fb982931aa35cb2dcff4bc8a115ae87b3.zip" + "S3Key": "f4599f463f56c5c9d584a8aca5b607b7bb0cead0b089b8ccd66b69f00b5ee98a.zip" }, "Timeout": 900, "MemorySize": 128, diff --git a/packages/@aws-cdk/aws-eks/test/integ.eks-cluster.js.snapshot/manifest.json b/packages/@aws-cdk/aws-eks/test/integ.eks-cluster.js.snapshot/manifest.json index 91794333007cc..faecdb2f3e4df 100644 --- a/packages/@aws-cdk/aws-eks/test/integ.eks-cluster.js.snapshot/manifest.json +++ b/packages/@aws-cdk/aws-eks/test/integ.eks-cluster.js.snapshot/manifest.json @@ -23,7 +23,7 @@ "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-us-east-1", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-us-east-1", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-us-east-1/cd7379f454bce263be9bdb8610853e73586b9e3605d095098feaf5088680667a.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-us-east-1/c9e0ac0505f6d702ce628b027fcfd077437f08b5a0e7fffb71865c5d7dd1311f.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ diff --git a/packages/@aws-cdk/aws-eks/test/integ.eks-inference.js.snapshot/asset.4288ebb3652acdf2d828b7db7ca44a7162a401ace50ebb4026e84b18a02a06ee.zip b/packages/@aws-cdk/aws-eks/test/integ.eks-inference.js.snapshot/asset.4288ebb3652acdf2d828b7db7ca44a7162a401ace50ebb4026e84b18a02a06ee.zip index bea20c7049002..4b95260872643 100644 Binary files a/packages/@aws-cdk/aws-eks/test/integ.eks-inference.js.snapshot/asset.4288ebb3652acdf2d828b7db7ca44a7162a401ace50ebb4026e84b18a02a06ee.zip and b/packages/@aws-cdk/aws-eks/test/integ.eks-inference.js.snapshot/asset.4288ebb3652acdf2d828b7db7ca44a7162a401ace50ebb4026e84b18a02a06ee.zip differ diff --git a/packages/@aws-cdk/aws-eks/test/integ.eks-inference.js.snapshot/asset.42973d1d89f4a393a64981f78d088964ba13e63a3aab4478cd74109c77cf9174/diff.d.ts b/packages/@aws-cdk/aws-eks/test/integ.eks-inference.js.snapshot/asset.42973d1d89f4a393a64981f78d088964ba13e63a3aab4478cd74109c77cf9174/diff.d.ts deleted file mode 100644 index 53962e1f09938..0000000000000 --- a/packages/@aws-cdk/aws-eks/test/integ.eks-inference.js.snapshot/asset.42973d1d89f4a393a64981f78d088964ba13e63a3aab4478cd74109c77cf9174/diff.d.ts +++ /dev/null @@ -1,4 +0,0 @@ -export declare function arrayDiff(oldValues: string[], newValues: string[]): { - adds: string[]; - deletes: string[]; -}; diff --git a/packages/@aws-cdk/aws-eks/test/integ.eks-inference.js.snapshot/asset.42973d1d89f4a393a64981f78d088964ba13e63a3aab4478cd74109c77cf9174/diff.ts b/packages/@aws-cdk/aws-eks/test/integ.eks-inference.js.snapshot/asset.42973d1d89f4a393a64981f78d088964ba13e63a3aab4478cd74109c77cf9174/diff.ts deleted file mode 100644 index 8a91e6ebddc53..0000000000000 --- a/packages/@aws-cdk/aws-eks/test/integ.eks-inference.js.snapshot/asset.42973d1d89f4a393a64981f78d088964ba13e63a3aab4478cd74109c77cf9174/diff.ts +++ /dev/null @@ -1,17 +0,0 @@ -export function arrayDiff(oldValues: string[], newValues: string[]) { - const deletes = new Set(oldValues); - const adds = new Set(); - - for (const v of new Set(newValues)) { - if (deletes.has(v)) { - deletes.delete(v); - } else { - adds.add(v); - } - } - - return { - adds: Array.from(adds), - deletes: Array.from(deletes), - }; -} diff --git a/packages/@aws-cdk/aws-eks/test/integ.eks-inference.js.snapshot/asset.42973d1d89f4a393a64981f78d088964ba13e63a3aab4478cd74109c77cf9174/external.d.ts b/packages/@aws-cdk/aws-eks/test/integ.eks-inference.js.snapshot/asset.42973d1d89f4a393a64981f78d088964ba13e63a3aab4478cd74109c77cf9174/external.d.ts deleted file mode 100644 index 8fe88b8f82209..0000000000000 --- a/packages/@aws-cdk/aws-eks/test/integ.eks-inference.js.snapshot/asset.42973d1d89f4a393a64981f78d088964ba13e63a3aab4478cd74109c77cf9174/external.d.ts +++ /dev/null @@ -1,24 +0,0 @@ -import * as aws from 'aws-sdk'; -declare function defaultLogger(fmt: string, ...args: any[]): void; -/** - * Downloads the CA thumbprint from the issuer URL - */ -declare function downloadThumbprint(issuerUrl: string): Promise; -export declare const external: { - downloadThumbprint: typeof downloadThumbprint; - log: typeof defaultLogger; - createOpenIDConnectProvider: (req: aws.IAM.CreateOpenIDConnectProviderRequest) => Promise>; - deleteOpenIDConnectProvider: (req: aws.IAM.DeleteOpenIDConnectProviderRequest) => Promise<{ - $response: aws.Response<{}, aws.AWSError>; - }>; - updateOpenIDConnectProviderThumbprint: (req: aws.IAM.UpdateOpenIDConnectProviderThumbprintRequest) => Promise<{ - $response: aws.Response<{}, aws.AWSError>; - }>; - addClientIDToOpenIDConnectProvider: (req: aws.IAM.AddClientIDToOpenIDConnectProviderRequest) => Promise<{ - $response: aws.Response<{}, aws.AWSError>; - }>; - removeClientIDFromOpenIDConnectProvider: (req: aws.IAM.RemoveClientIDFromOpenIDConnectProviderRequest) => Promise<{ - $response: aws.Response<{}, aws.AWSError>; - }>; -}; -export {}; diff --git a/packages/@aws-cdk/aws-eks/test/integ.eks-inference.js.snapshot/asset.42973d1d89f4a393a64981f78d088964ba13e63a3aab4478cd74109c77cf9174/external.js b/packages/@aws-cdk/aws-eks/test/integ.eks-inference.js.snapshot/asset.42973d1d89f4a393a64981f78d088964ba13e63a3aab4478cd74109c77cf9174/external.js deleted file mode 100644 index 2f6632aed7b13..0000000000000 --- a/packages/@aws-cdk/aws-eks/test/integ.eks-inference.js.snapshot/asset.42973d1d89f4a393a64981f78d088964ba13e63a3aab4478cd74109c77cf9174/external.js +++ /dev/null @@ -1,53 +0,0 @@ -"use strict"; -/* istanbul ignore file */ -Object.defineProperty(exports, "__esModule", { value: true }); -exports.external = void 0; -const tls = require("tls"); -const url = require("url"); -// eslint-disable-next-line import/no-extraneous-dependencies -const aws = require("aws-sdk"); -let client; -function iam() { - if (!client) { - client = new aws.IAM(); - } - return client; -} -function defaultLogger(fmt, ...args) { - // eslint-disable-next-line no-console - console.log(fmt, ...args); -} -/** - * Downloads the CA thumbprint from the issuer URL - */ -async function downloadThumbprint(issuerUrl) { - exports.external.log(`downloading certificate authority thumbprint for ${issuerUrl}`); - return new Promise((ok, ko) => { - const purl = url.parse(issuerUrl); - const port = purl.port ? parseInt(purl.port, 10) : 443; - if (!purl.host) { - return ko(new Error(`unable to determine host from issuer url ${issuerUrl}`)); - } - const socket = tls.connect(port, purl.host, { rejectUnauthorized: false, servername: purl.host }); - socket.once('error', ko); - socket.once('secureConnect', () => { - const cert = socket.getPeerCertificate(); - socket.end(); - const thumbprint = cert.fingerprint.split(':').join(''); - exports.external.log(`certificate authority thumbprint for ${issuerUrl} is ${thumbprint}`); - ok(thumbprint); - }); - }); -} -// allows unit test to replace with mocks -/* eslint-disable max-len */ -exports.external = { - downloadThumbprint, - log: defaultLogger, - createOpenIDConnectProvider: (req) => iam().createOpenIDConnectProvider(req).promise(), - deleteOpenIDConnectProvider: (req) => iam().deleteOpenIDConnectProvider(req).promise(), - updateOpenIDConnectProviderThumbprint: (req) => iam().updateOpenIDConnectProviderThumbprint(req).promise(), - addClientIDToOpenIDConnectProvider: (req) => iam().addClientIDToOpenIDConnectProvider(req).promise(), - removeClientIDFromOpenIDConnectProvider: (req) => iam().removeClientIDFromOpenIDConnectProvider(req).promise(), -}; -//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZXh0ZXJuYWwuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyJleHRlcm5hbC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiO0FBQUEsMEJBQTBCOzs7QUFFMUIsMkJBQTJCO0FBQzNCLDJCQUEyQjtBQUMzQiw2REFBNkQ7QUFDN0QsK0JBQStCO0FBRS9CLElBQUksTUFBZSxDQUFDO0FBRXBCLFNBQVMsR0FBRztJQUNWLElBQUksQ0FBQyxNQUFNLEVBQUU7UUFBRSxNQUFNLEdBQUcsSUFBSSxHQUFHLENBQUMsR0FBRyxFQUFFLENBQUM7S0FBRTtJQUN4QyxPQUFPLE1BQU0sQ0FBQztBQUNoQixDQUFDO0FBRUQsU0FBUyxhQUFhLENBQUMsR0FBVyxFQUFFLEdBQUcsSUFBVztJQUNoRCxzQ0FBc0M7SUFDdEMsT0FBTyxDQUFDLEdBQUcsQ0FBQyxHQUFHLEVBQUUsR0FBRyxJQUFJLENBQUMsQ0FBQztBQUM1QixDQUFDO0FBRUQ7O0dBRUc7QUFDSCxLQUFLLFVBQVUsa0JBQWtCLENBQUMsU0FBaUI7SUFDakQsZ0JBQVEsQ0FBQyxHQUFHLENBQUMsb0RBQW9ELFNBQVMsRUFBRSxDQUFDLENBQUM7SUFDOUUsT0FBTyxJQUFJLE9BQU8sQ0FBUyxDQUFDLEVBQUUsRUFBRSxFQUFFLEVBQUUsRUFBRTtRQUNwQyxNQUFNLElBQUksR0FBRyxHQUFHLENBQUMsS0FBSyxDQUFDLFNBQVMsQ0FBQyxDQUFDO1FBQ2xDLE1BQU0sSUFBSSxHQUFHLElBQUksQ0FBQyxJQUFJLENBQUMsQ0FBQyxDQUFDLFFBQVEsQ0FBQyxJQUFJLENBQUMsSUFBSSxFQUFFLEVBQUUsQ0FBQyxDQUFDLENBQUMsQ0FBQyxHQUFHLENBQUM7UUFDdkQsSUFBSSxDQUFDLElBQUksQ0FBQyxJQUFJLEVBQUU7WUFDZCxPQUFPLEVBQUUsQ0FBQyxJQUFJLEtBQUssQ0FBQyw0Q0FBNEMsU0FBUyxFQUFFLENBQUMsQ0FBQyxDQUFDO1NBQy9FO1FBQ0QsTUFBTSxNQUFNLEdBQUcsR0FBRyxDQUFDLE9BQU8sQ0FBQyxJQUFJLEVBQUUsSUFBSSxDQUFDLElBQUksRUFBRSxFQUFFLGtCQUFrQixFQUFFLEtBQUssRUFBRSxVQUFVLEVBQUUsSUFBSSxDQUFDLElBQUksRUFBRSxDQUFDLENBQUM7UUFDbEcsTUFBTSxDQUFDLElBQUksQ0FBQyxPQUFPLEVBQUUsRUFBRSxDQUFDLENBQUM7UUFDekIsTUFBTSxDQUFDLElBQUksQ0FBQyxlQUFlLEVBQUUsR0FBRyxFQUFFO1lBQ2hDLE1BQU0sSUFBSSxHQUFHLE1BQU0sQ0FBQyxrQkFBa0IsRUFBRSxDQUFDO1lBQ3pDLE1BQU0sQ0FBQyxHQUFHLEVBQUUsQ0FBQztZQUNiLE1BQU0sVUFBVSxHQUFHLElBQUksQ0FBQyxXQUFXLENBQUMsS0FBSyxDQUFDLEdBQUcsQ0FBQyxDQUFDLElBQUksQ0FBQyxFQUFFLENBQUMsQ0FBQztZQUN4RCxnQkFBUSxDQUFDLEdBQUcsQ0FBQyx3Q0FBd0MsU0FBUyxPQUFPLFVBQVUsRUFBRSxDQUFDLENBQUM7WUFDbkYsRUFBRSxDQUFDLFVBQVUsQ0FBQyxDQUFDO1FBQ2pCLENBQUMsQ0FBQyxDQUFDO0lBQ0wsQ0FBQyxDQUFDLENBQUM7QUFDTCxDQUFDO0FBRUQseUNBQXlDO0FBQ3pDLDRCQUE0QjtBQUNmLFFBQUEsUUFBUSxHQUFHO0lBQ3RCLGtCQUFrQjtJQUNsQixHQUFHLEVBQUUsYUFBYTtJQUNsQiwyQkFBMkIsRUFBRSxDQUFDLEdBQStDLEVBQUUsRUFBRSxDQUFDLEdBQUcsRUFBRSxDQUFDLDJCQUEyQixDQUFDLEdBQUcsQ0FBQyxDQUFDLE9BQU8sRUFBRTtJQUNsSSwyQkFBMkIsRUFBRSxDQUFDLEdBQStDLEVBQUUsRUFBRSxDQUFDLEdBQUcsRUFBRSxDQUFDLDJCQUEyQixDQUFDLEdBQUcsQ0FBQyxDQUFDLE9BQU8sRUFBRTtJQUNsSSxxQ0FBcUMsRUFBRSxDQUFDLEdBQXlELEVBQUUsRUFBRSxDQUFDLEdBQUcsRUFBRSxDQUFDLHFDQUFxQyxDQUFDLEdBQUcsQ0FBQyxDQUFDLE9BQU8sRUFBRTtJQUNoSyxrQ0FBa0MsRUFBRSxDQUFDLEdBQXNELEVBQUUsRUFBRSxDQUFDLEdBQUcsRUFBRSxDQUFDLGtDQUFrQyxDQUFDLEdBQUcsQ0FBQyxDQUFDLE9BQU8sRUFBRTtJQUN2Six1Q0FBdUMsRUFBRSxDQUFDLEdBQTJELEVBQUUsRUFBRSxDQUFDLEdBQUcsRUFBRSxDQUFDLHVDQUF1QyxDQUFDLEdBQUcsQ0FBQyxDQUFDLE9BQU8sRUFBRTtDQUN2SyxDQUFDIiwic291cmNlc0NvbnRlbnQiOlsiLyogaXN0YW5idWwgaWdub3JlIGZpbGUgKi9cblxuaW1wb3J0ICogYXMgdGxzIGZyb20gJ3Rscyc7XG5pbXBvcnQgKiBhcyB1cmwgZnJvbSAndXJsJztcbi8vIGVzbGludC1kaXNhYmxlLW5leHQtbGluZSBpbXBvcnQvbm8tZXh0cmFuZW91cy1kZXBlbmRlbmNpZXNcbmltcG9ydCAqIGFzIGF3cyBmcm9tICdhd3Mtc2RrJztcblxubGV0IGNsaWVudDogYXdzLklBTTtcblxuZnVuY3Rpb24gaWFtKCkge1xuICBpZiAoIWNsaWVudCkgeyBjbGllbnQgPSBuZXcgYXdzLklBTSgpOyB9XG4gIHJldHVybiBjbGllbnQ7XG59XG5cbmZ1bmN0aW9uIGRlZmF1bHRMb2dnZXIoZm10OiBzdHJpbmcsIC4uLmFyZ3M6IGFueVtdKSB7XG4gIC8vIGVzbGludC1kaXNhYmxlLW5leHQtbGluZSBuby1jb25zb2xlXG4gIGNvbnNvbGUubG9nKGZtdCwgLi4uYXJncyk7XG59XG5cbi8qKlxuICogRG93bmxvYWRzIHRoZSBDQSB0aHVtYnByaW50IGZyb20gdGhlIGlzc3VlciBVUkxcbiAqL1xuYXN5bmMgZnVuY3Rpb24gZG93bmxvYWRUaHVtYnByaW50KGlzc3VlclVybDogc3RyaW5nKSB7XG4gIGV4dGVybmFsLmxvZyhgZG93bmxvYWRpbmcgY2VydGlmaWNhdGUgYXV0aG9yaXR5IHRodW1icHJpbnQgZm9yICR7aXNzdWVyVXJsfWApO1xuICByZXR1cm4gbmV3IFByb21pc2U8c3RyaW5nPigob2ssIGtvKSA9PiB7XG4gICAgY29uc3QgcHVybCA9IHVybC5wYXJzZShpc3N1ZXJVcmwpO1xuICAgIGNvbnN0IHBvcnQgPSBwdXJsLnBvcnQgPyBwYXJzZUludChwdXJsLnBvcnQsIDEwKSA6IDQ0MztcbiAgICBpZiAoIXB1cmwuaG9zdCkge1xuICAgICAgcmV0dXJuIGtvKG5ldyBFcnJvcihgdW5hYmxlIHRvIGRldGVybWluZSBob3N0IGZyb20gaXNzdWVyIHVybCAke2lzc3VlclVybH1gKSk7XG4gICAgfVxuICAgIGNvbnN0IHNvY2tldCA9IHRscy5jb25uZWN0KHBvcnQsIHB1cmwuaG9zdCwgeyByZWplY3RVbmF1dGhvcml6ZWQ6IGZhbHNlLCBzZXJ2ZXJuYW1lOiBwdXJsLmhvc3QgfSk7XG4gICAgc29ja2V0Lm9uY2UoJ2Vycm9yJywga28pO1xuICAgIHNvY2tldC5vbmNlKCdzZWN1cmVDb25uZWN0JywgKCkgPT4ge1xuICAgICAgY29uc3QgY2VydCA9IHNvY2tldC5nZXRQZWVyQ2VydGlmaWNhdGUoKTtcbiAgICAgIHNvY2tldC5lbmQoKTtcbiAgICAgIGNvbnN0IHRodW1icHJpbnQgPSBjZXJ0LmZpbmdlcnByaW50LnNwbGl0KCc6Jykuam9pbignJyk7XG4gICAgICBleHRlcm5hbC5sb2coYGNlcnRpZmljYXRlIGF1dGhvcml0eSB0aHVtYnByaW50IGZvciAke2lzc3VlclVybH0gaXMgJHt0aHVtYnByaW50fWApO1xuICAgICAgb2sodGh1bWJwcmludCk7XG4gICAgfSk7XG4gIH0pO1xufVxuXG4vLyBhbGxvd3MgdW5pdCB0ZXN0IHRvIHJlcGxhY2Ugd2l0aCBtb2Nrc1xuLyogZXNsaW50LWRpc2FibGUgbWF4LWxlbiAqL1xuZXhwb3J0IGNvbnN0IGV4dGVybmFsID0ge1xuICBkb3dubG9hZFRodW1icHJpbnQsXG4gIGxvZzogZGVmYXVsdExvZ2dlcixcbiAgY3JlYXRlT3BlbklEQ29ubmVjdFByb3ZpZGVyOiAocmVxOiBhd3MuSUFNLkNyZWF0ZU9wZW5JRENvbm5lY3RQcm92aWRlclJlcXVlc3QpID0+IGlhbSgpLmNyZWF0ZU9wZW5JRENvbm5lY3RQcm92aWRlcihyZXEpLnByb21pc2UoKSxcbiAgZGVsZXRlT3BlbklEQ29ubmVjdFByb3ZpZGVyOiAocmVxOiBhd3MuSUFNLkRlbGV0ZU9wZW5JRENvbm5lY3RQcm92aWRlclJlcXVlc3QpID0+IGlhbSgpLmRlbGV0ZU9wZW5JRENvbm5lY3RQcm92aWRlcihyZXEpLnByb21pc2UoKSxcbiAgdXBkYXRlT3BlbklEQ29ubmVjdFByb3ZpZGVyVGh1bWJwcmludDogKHJlcTogYXdzLklBTS5VcGRhdGVPcGVuSURDb25uZWN0UHJvdmlkZXJUaHVtYnByaW50UmVxdWVzdCkgPT4gaWFtKCkudXBkYXRlT3BlbklEQ29ubmVjdFByb3ZpZGVyVGh1bWJwcmludChyZXEpLnByb21pc2UoKSxcbiAgYWRkQ2xpZW50SURUb09wZW5JRENvbm5lY3RQcm92aWRlcjogKHJlcTogYXdzLklBTS5BZGRDbGllbnRJRFRvT3BlbklEQ29ubmVjdFByb3ZpZGVyUmVxdWVzdCkgPT4gaWFtKCkuYWRkQ2xpZW50SURUb09wZW5JRENvbm5lY3RQcm92aWRlcihyZXEpLnByb21pc2UoKSxcbiAgcmVtb3ZlQ2xpZW50SURGcm9tT3BlbklEQ29ubmVjdFByb3ZpZGVyOiAocmVxOiBhd3MuSUFNLlJlbW92ZUNsaWVudElERnJvbU9wZW5JRENvbm5lY3RQcm92aWRlclJlcXVlc3QpID0+IGlhbSgpLnJlbW92ZUNsaWVudElERnJvbU9wZW5JRENvbm5lY3RQcm92aWRlcihyZXEpLnByb21pc2UoKSxcbn07XG4iXX0= \ No newline at end of file diff --git a/packages/@aws-cdk/aws-eks/test/integ.eks-inference.js.snapshot/asset.42973d1d89f4a393a64981f78d088964ba13e63a3aab4478cd74109c77cf9174/external.ts b/packages/@aws-cdk/aws-eks/test/integ.eks-inference.js.snapshot/asset.42973d1d89f4a393a64981f78d088964ba13e63a3aab4478cd74109c77cf9174/external.ts deleted file mode 100644 index 4ad18aed4f17d..0000000000000 --- a/packages/@aws-cdk/aws-eks/test/integ.eks-inference.js.snapshot/asset.42973d1d89f4a393a64981f78d088964ba13e63a3aab4478cd74109c77cf9174/external.ts +++ /dev/null @@ -1,53 +0,0 @@ -/* istanbul ignore file */ - -import * as tls from 'tls'; -import * as url from 'url'; -// eslint-disable-next-line import/no-extraneous-dependencies -import * as aws from 'aws-sdk'; - -let client: aws.IAM; - -function iam() { - if (!client) { client = new aws.IAM(); } - return client; -} - -function defaultLogger(fmt: string, ...args: any[]) { - // eslint-disable-next-line no-console - console.log(fmt, ...args); -} - -/** - * Downloads the CA thumbprint from the issuer URL - */ -async function downloadThumbprint(issuerUrl: string) { - external.log(`downloading certificate authority thumbprint for ${issuerUrl}`); - return new Promise((ok, ko) => { - const purl = url.parse(issuerUrl); - const port = purl.port ? parseInt(purl.port, 10) : 443; - if (!purl.host) { - return ko(new Error(`unable to determine host from issuer url ${issuerUrl}`)); - } - const socket = tls.connect(port, purl.host, { rejectUnauthorized: false, servername: purl.host }); - socket.once('error', ko); - socket.once('secureConnect', () => { - const cert = socket.getPeerCertificate(); - socket.end(); - const thumbprint = cert.fingerprint.split(':').join(''); - external.log(`certificate authority thumbprint for ${issuerUrl} is ${thumbprint}`); - ok(thumbprint); - }); - }); -} - -// allows unit test to replace with mocks -/* eslint-disable max-len */ -export const external = { - downloadThumbprint, - log: defaultLogger, - createOpenIDConnectProvider: (req: aws.IAM.CreateOpenIDConnectProviderRequest) => iam().createOpenIDConnectProvider(req).promise(), - deleteOpenIDConnectProvider: (req: aws.IAM.DeleteOpenIDConnectProviderRequest) => iam().deleteOpenIDConnectProvider(req).promise(), - updateOpenIDConnectProviderThumbprint: (req: aws.IAM.UpdateOpenIDConnectProviderThumbprintRequest) => iam().updateOpenIDConnectProviderThumbprint(req).promise(), - addClientIDToOpenIDConnectProvider: (req: aws.IAM.AddClientIDToOpenIDConnectProviderRequest) => iam().addClientIDToOpenIDConnectProvider(req).promise(), - removeClientIDFromOpenIDConnectProvider: (req: aws.IAM.RemoveClientIDFromOpenIDConnectProviderRequest) => iam().removeClientIDFromOpenIDConnectProvider(req).promise(), -}; diff --git a/packages/@aws-cdk/aws-eks/test/integ.eks-inference.js.snapshot/asset.42973d1d89f4a393a64981f78d088964ba13e63a3aab4478cd74109c77cf9174/index.d.ts b/packages/@aws-cdk/aws-eks/test/integ.eks-inference.js.snapshot/asset.42973d1d89f4a393a64981f78d088964ba13e63a3aab4478cd74109c77cf9174/index.d.ts deleted file mode 100644 index 038b626561d4a..0000000000000 --- a/packages/@aws-cdk/aws-eks/test/integ.eks-inference.js.snapshot/asset.42973d1d89f4a393a64981f78d088964ba13e63a3aab4478cd74109c77cf9174/index.d.ts +++ /dev/null @@ -1,3 +0,0 @@ -export declare function handler(event: AWSLambda.CloudFormationCustomResourceEvent): Promise; diff --git a/packages/@aws-cdk/aws-eks/test/integ.eks-inference.js.snapshot/asset.42973d1d89f4a393a64981f78d088964ba13e63a3aab4478cd74109c77cf9174/index.ts b/packages/@aws-cdk/aws-eks/test/integ.eks-inference.js.snapshot/asset.42973d1d89f4a393a64981f78d088964ba13e63a3aab4478cd74109c77cf9174/index.ts deleted file mode 100644 index ee276edd3fa9b..0000000000000 --- a/packages/@aws-cdk/aws-eks/test/integ.eks-inference.js.snapshot/asset.42973d1d89f4a393a64981f78d088964ba13e63a3aab4478cd74109c77cf9174/index.ts +++ /dev/null @@ -1,89 +0,0 @@ -import { arrayDiff } from './diff'; -import { external } from './external'; - -export async function handler(event: AWSLambda.CloudFormationCustomResourceEvent) { - if (event.RequestType === 'Create') { return onCreate(event); } - if (event.RequestType === 'Update') { return onUpdate(event); } - if (event.RequestType === 'Delete') { return onDelete(event); } - throw new Error('invalid request type'); -} - -async function onCreate(event: AWSLambda.CloudFormationCustomResourceCreateEvent) { - const issuerUrl = event.ResourceProperties.Url; - const thumbprints: string[] = (event.ResourceProperties.ThumbprintList ?? []).sort(); // keep sorted for UPDATE - const clients: string[] = (event.ResourceProperties.ClientIDList ?? []).sort(); - - if (thumbprints.length === 0) { - thumbprints.push(await external.downloadThumbprint(issuerUrl)); - } - - const resp = await external.createOpenIDConnectProvider({ - Url: issuerUrl, - ClientIDList: clients, - ThumbprintList: thumbprints, - }); - - return { - PhysicalResourceId: resp.OpenIDConnectProviderArn, - }; -} - -async function onUpdate(event: AWSLambda.CloudFormationCustomResourceUpdateEvent) { - const issuerUrl = event.ResourceProperties.Url; - const thumbprints: string[] = (event.ResourceProperties.ThumbprintList ?? []).sort(); // keep sorted for UPDATE - const clients: string[] = (event.ResourceProperties.ClientIDList ?? []).sort(); - - // determine which update we are talking about. - const oldIssuerUrl = event.OldResourceProperties.Url; - - // if this is a URL update, then we basically create a new resource and cfn will delete the old one - // since the physical resource ID will change. - if (oldIssuerUrl !== issuerUrl) { - return onCreate({ ...event, RequestType: 'Create' }); - } - - const providerArn = event.PhysicalResourceId; - - // if thumbprints changed, we can update in-place, but bear in mind that if the new thumbprint list - // is empty, we will grab it from the server like we do in CREATE - const oldThumbprints = (event.OldResourceProperties.ThumbprintList || []).sort(); - if (JSON.stringify(oldThumbprints) !== JSON.stringify(thumbprints)) { - const thumbprintList = thumbprints.length > 0 ? thumbprints : [await external.downloadThumbprint(issuerUrl)]; - external.log('updating thumbprint list from', oldThumbprints, 'to', thumbprints); - await external.updateOpenIDConnectProviderThumbprint({ - OpenIDConnectProviderArn: providerArn, - ThumbprintList: thumbprintList, - }); - - // don't return, we might have more updates... - } - - // if client ID list has changed, determine "diff" because the API is add/remove - const oldClients: string[] = (event.OldResourceProperties.ClientIDList || []).sort(); - const diff = arrayDiff(oldClients, clients); - external.log(`client ID diff: ${JSON.stringify(diff)}`); - - for (const addClient of diff.adds) { - external.log(`adding client id "${addClient}" to provider ${providerArn}`); - await external.addClientIDToOpenIDConnectProvider({ - OpenIDConnectProviderArn: providerArn, - ClientID: addClient, - }); - } - - for (const deleteClient of diff.deletes) { - external.log(`removing client id "${deleteClient}" from provider ${providerArn}`); - await external.removeClientIDFromOpenIDConnectProvider({ - OpenIDConnectProviderArn: providerArn, - ClientID: deleteClient, - }); - } - - return; -} - -async function onDelete(deleteEvent: AWSLambda.CloudFormationCustomResourceDeleteEvent) { - await external.deleteOpenIDConnectProvider({ - OpenIDConnectProviderArn: deleteEvent.PhysicalResourceId, - }); -} diff --git a/packages/@aws-cdk/aws-eks/test/integ.eks-inference.js.snapshot/asset.42973d1d89f4a393a64981f78d088964ba13e63a3aab4478cd74109c77cf9174/__entrypoint__.js b/packages/@aws-cdk/aws-eks/test/integ.eks-inference.js.snapshot/asset.b461123ee060208a85a3dbdaa41982700ad24caf5f4c4af2f625986b92ac60c3/__entrypoint__.js similarity index 100% rename from packages/@aws-cdk/aws-eks/test/integ.eks-inference.js.snapshot/asset.42973d1d89f4a393a64981f78d088964ba13e63a3aab4478cd74109c77cf9174/__entrypoint__.js rename to packages/@aws-cdk/aws-eks/test/integ.eks-inference.js.snapshot/asset.b461123ee060208a85a3dbdaa41982700ad24caf5f4c4af2f625986b92ac60c3/__entrypoint__.js diff --git a/packages/@aws-cdk/aws-eks/test/integ.eks-inference.js.snapshot/asset.42973d1d89f4a393a64981f78d088964ba13e63a3aab4478cd74109c77cf9174/diff.js b/packages/@aws-cdk/aws-eks/test/integ.eks-inference.js.snapshot/asset.b461123ee060208a85a3dbdaa41982700ad24caf5f4c4af2f625986b92ac60c3/diff.js similarity index 100% rename from packages/@aws-cdk/aws-eks/test/integ.eks-inference.js.snapshot/asset.42973d1d89f4a393a64981f78d088964ba13e63a3aab4478cd74109c77cf9174/diff.js rename to packages/@aws-cdk/aws-eks/test/integ.eks-inference.js.snapshot/asset.b461123ee060208a85a3dbdaa41982700ad24caf5f4c4af2f625986b92ac60c3/diff.js diff --git a/packages/@aws-cdk/aws-eks/test/integ.eks-inference.js.snapshot/asset.b461123ee060208a85a3dbdaa41982700ad24caf5f4c4af2f625986b92ac60c3/external.js b/packages/@aws-cdk/aws-eks/test/integ.eks-inference.js.snapshot/asset.b461123ee060208a85a3dbdaa41982700ad24caf5f4c4af2f625986b92ac60c3/external.js new file mode 100644 index 0000000000000..7d8c6e611c70b --- /dev/null +++ b/packages/@aws-cdk/aws-eks/test/integ.eks-inference.js.snapshot/asset.b461123ee060208a85a3dbdaa41982700ad24caf5f4c4af2f625986b92ac60c3/external.js @@ -0,0 +1,88 @@ +"use strict"; +Object.defineProperty(exports, "__esModule", { value: true }); +exports.external = exports.downloadThumbprint = void 0; +const util = require("node:util"); +const tls = require("tls"); +const url = require("url"); +// eslint-disable-next-line import/no-extraneous-dependencies +const aws = require("aws-sdk"); +let client; +function iam() { + if (!client) { + client = new aws.IAM(); + } + return client; +} +function defaultLogger(fmt, ...args) { + // eslint-disable-next-line no-console + console.log(fmt, ...args); +} +/** + * Downloads the CA thumbprint from the issuer URL + */ +async function downloadThumbprint(issuerUrl) { + exports.external.log(`Downloading certificate authority thumbprint for ${issuerUrl}`); + return new Promise((ok, ko) => { + const purl = url.parse(issuerUrl); + const port = purl.port ? parseInt(purl.port, 10) : 443; + if (!purl.host) { + return ko(new Error(`unable to determine host from issuer url ${issuerUrl}`)); + } + const socket = tls.connect(port, purl.host, { rejectUnauthorized: false, servername: purl.host }); + socket.once('error', ko); + socket.once('secureConnect', () => { + // This set to `true` would return the entire chain of certificates as a circular reference object + let cert = socket.getPeerCertificate(true); + const unqiueCerts = new Set(); + do { + unqiueCerts.add(cert); + cert = cert.issuerCertificate; + } while (cert && typeof cert === 'object' && !unqiueCerts.has(cert)); + // The last `cert` obtained must be the root certificate in the certificate chain + const rootCert = [...unqiueCerts].pop(); + // Add `ca: true` when node merges the feature. Awaiting resolution: https://github.com/nodejs/node/issues/44905 + if (!(util.isDeepStrictEqual(rootCert.issuer, rootCert.subject))) { + return ko(new Error(`Subject and Issuer of certificate received are different. + Received: \'Subject\' is ${JSON.stringify(rootCert.subject, null, 4)} and \'Issuer\':${JSON.stringify(rootCert.issuer, null, 4)}`)); + } + const validTo = new Date(rootCert.valid_to); + const certificateValidity = getCertificateValidity(validTo); + if (certificateValidity < 0) { + return ko(new Error(`The certificate has already expired on: ${validTo.toUTCString()}`)); + } + // Warning user if certificate validity is expiring within 6 months + if (certificateValidity < 180) { + /* eslint-disable-next-line no-console */ + console.warn(`The root certificate obtained would expire in ${certificateValidity} days!`); + } + socket.end(); + const thumbprint = rootCert.fingerprint.split(':').join(''); + exports.external.log(`Certificate Authority thumbprint for ${issuerUrl} is ${thumbprint}`); + ok(thumbprint); + }); + }); +} +exports.downloadThumbprint = downloadThumbprint; +/** + * To get the validity timeline for the certificate + * @param certDate The valid to date for the certificate + * @returns The number of days the certificate is valid wrt current date + */ +function getCertificateValidity(certDate) { + const millisecondsInDay = 24 * 60 * 60 * 1000; + const currentDate = new Date(); + const validity = Math.round((certDate.getTime() - currentDate.getTime()) / millisecondsInDay); + return validity; +} +// allows unit test to replace with mocks +/* eslint-disable max-len */ +exports.external = { + downloadThumbprint, + log: defaultLogger, + createOpenIDConnectProvider: (req) => iam().createOpenIDConnectProvider(req).promise(), + deleteOpenIDConnectProvider: (req) => iam().deleteOpenIDConnectProvider(req).promise(), + updateOpenIDConnectProviderThumbprint: (req) => iam().updateOpenIDConnectProviderThumbprint(req).promise(), + addClientIDToOpenIDConnectProvider: (req) => iam().addClientIDToOpenIDConnectProvider(req).promise(), + removeClientIDFromOpenIDConnectProvider: (req) => iam().removeClientIDFromOpenIDConnectProvider(req).promise(), +}; +//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZXh0ZXJuYWwuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyJleHRlcm5hbC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7QUFFQSxrQ0FBa0M7QUFDbEMsMkJBQTJCO0FBQzNCLDJCQUEyQjtBQUMzQiw2REFBNkQ7QUFDN0QsK0JBQStCO0FBRS9CLElBQUksTUFBZSxDQUFDO0FBRXBCLFNBQVMsR0FBRztJQUNWLElBQUksQ0FBQyxNQUFNLEVBQUU7UUFBRSxNQUFNLEdBQUcsSUFBSSxHQUFHLENBQUMsR0FBRyxFQUFFLENBQUM7S0FBRTtJQUN4QyxPQUFPLE1BQU0sQ0FBQztBQUNoQixDQUFDO0FBRUQsU0FBUyxhQUFhLENBQUMsR0FBVyxFQUFFLEdBQUcsSUFBVztJQUNoRCxzQ0FBc0M7SUFDdEMsT0FBTyxDQUFDLEdBQUcsQ0FBQyxHQUFHLEVBQUUsR0FBRyxJQUFJLENBQUMsQ0FBQztBQUM1QixDQUFDO0FBRUQ7O0dBRUc7QUFDSSxLQUFLLFVBQVUsa0JBQWtCLENBQUMsU0FBaUI7SUFFeEQsZ0JBQVEsQ0FBQyxHQUFHLENBQUMsb0RBQW9ELFNBQVMsRUFBRSxDQUFDLENBQUM7SUFFOUUsT0FBTyxJQUFJLE9BQU8sQ0FBUyxDQUFDLEVBQUUsRUFBRSxFQUFFLEVBQUUsRUFBRTtRQUNwQyxNQUFNLElBQUksR0FBRyxHQUFHLENBQUMsS0FBSyxDQUFDLFNBQVMsQ0FBQyxDQUFDO1FBQ2xDLE1BQU0sSUFBSSxHQUFHLElBQUksQ0FBQyxJQUFJLENBQUMsQ0FBQyxDQUFDLFFBQVEsQ0FBQyxJQUFJLENBQUMsSUFBSSxFQUFFLEVBQUUsQ0FBQyxDQUFDLENBQUMsQ0FBQyxHQUFHLENBQUM7UUFFdkQsSUFBSSxDQUFDLElBQUksQ0FBQyxJQUFJLEVBQUU7WUFDZCxPQUFPLEVBQUUsQ0FBQyxJQUFJLEtBQUssQ0FBQyw0Q0FBNEMsU0FBUyxFQUFFLENBQUMsQ0FBQyxDQUFDO1NBQy9FO1FBRUQsTUFBTSxNQUFNLEdBQUcsR0FBRyxDQUFDLE9BQU8sQ0FBQyxJQUFJLEVBQUUsSUFBSSxDQUFDLElBQUksRUFBRSxFQUFFLGtCQUFrQixFQUFFLEtBQUssRUFBRSxVQUFVLEVBQUUsSUFBSSxDQUFDLElBQUksRUFBRSxDQUFDLENBQUM7UUFDbEcsTUFBTSxDQUFDLElBQUksQ0FBQyxPQUFPLEVBQUUsRUFBRSxDQUFDLENBQUM7UUFFekIsTUFBTSxDQUFDLElBQUksQ0FBQyxlQUFlLEVBQUUsR0FBRyxFQUFFO1lBQ2hDLGtHQUFrRztZQUNsRyxJQUFJLElBQUksR0FBRyxNQUFNLENBQUMsa0JBQWtCLENBQUMsSUFBSSxDQUFDLENBQUM7WUFFM0MsTUFBTSxXQUFXLEdBQUcsSUFBSSxHQUFHLEVBQTJCLENBQUM7WUFDdkQsR0FBRztnQkFDRCxXQUFXLENBQUMsR0FBRyxDQUFDLElBQUksQ0FBQyxDQUFDO2dCQUN0QixJQUFJLEdBQUcsSUFBSSxDQUFDLGlCQUFpQixDQUFDO2FBQy9CLFFBQVMsSUFBSSxJQUFJLE9BQU8sSUFBSSxLQUFLLFFBQVEsSUFBSSxDQUFDLFdBQVcsQ0FBQyxHQUFHLENBQUMsSUFBSSxDQUFDLEVBQUU7WUFFdEUsaUZBQWlGO1lBQ2pGLE1BQU0sUUFBUSxHQUFHLENBQUMsR0FBRyxXQUFXLENBQUMsQ0FBQyxHQUFHLEVBQUcsQ0FBQztZQUV6QyxnSEFBZ0g7WUFDaEgsSUFBSSxDQUFDLENBQUMsSUFBSSxDQUFDLGlCQUFpQixDQUFDLFFBQVEsQ0FBQyxNQUFNLEVBQUUsUUFBUSxDQUFDLE9BQU8sQ0FBQyxDQUFDLEVBQUU7Z0JBQ2hFLE9BQU8sRUFBRSxDQUFDLElBQUksS0FBSyxDQUFDO21DQUNPLElBQUksQ0FBQyxTQUFTLENBQUMsUUFBUSxDQUFDLE9BQU8sRUFBRSxJQUFJLEVBQUUsQ0FBQyxDQUFDLG1CQUFtQixJQUFJLENBQUMsU0FBUyxDQUFDLFFBQVEsQ0FBQyxNQUFNLEVBQUUsSUFBSSxFQUFFLENBQUMsQ0FBQyxFQUFFLENBQUMsQ0FBQyxDQUFDO2FBQ3JJO1lBRUQsTUFBTSxPQUFPLEdBQUcsSUFBSSxJQUFJLENBQUMsUUFBUSxDQUFDLFFBQVEsQ0FBQyxDQUFDO1lBQzVDLE1BQU0sbUJBQW1CLEdBQUcsc0JBQXNCLENBQUMsT0FBTyxDQUFDLENBQUM7WUFFNUQsSUFBSSxtQkFBbUIsR0FBRyxDQUFDLEVBQUU7Z0JBQzNCLE9BQU8sRUFBRSxDQUFDLElBQUksS0FBSyxDQUFDLDJDQUEyQyxPQUFPLENBQUMsV0FBVyxFQUFFLEVBQUUsQ0FBQyxDQUFDLENBQUM7YUFDMUY7WUFFRCxtRUFBbUU7WUFDbkUsSUFBSSxtQkFBbUIsR0FBRyxHQUFHLEVBQUU7Z0JBQzdCLHlDQUF5QztnQkFDekMsT0FBTyxDQUFDLElBQUksQ0FBQyxpREFBaUQsbUJBQW1CLFFBQVEsQ0FBQyxDQUFDO2FBQzVGO1lBRUQsTUFBTSxDQUFDLEdBQUcsRUFBRSxDQUFDO1lBRWIsTUFBTSxVQUFVLEdBQUcsUUFBUSxDQUFDLFdBQVcsQ0FBQyxLQUFLLENBQUMsR0FBRyxDQUFDLENBQUMsSUFBSSxDQUFDLEVBQUUsQ0FBQyxDQUFDO1lBQzVELGdCQUFRLENBQUMsR0FBRyxDQUFDLHdDQUF3QyxTQUFTLE9BQU8sVUFBVSxFQUFFLENBQUMsQ0FBQztZQUVuRixFQUFFLENBQUMsVUFBVSxDQUFDLENBQUM7UUFDakIsQ0FBQyxDQUFDLENBQUM7SUFDTCxDQUFDLENBQUMsQ0FBQztBQUNMLENBQUM7QUF2REQsZ0RBdURDO0FBRUQ7Ozs7R0FJRztBQUNILFNBQVMsc0JBQXNCLENBQUMsUUFBYztJQUM1QyxNQUFNLGlCQUFpQixHQUFHLEVBQUUsR0FBRyxFQUFFLEdBQUcsRUFBRSxHQUFHLElBQUksQ0FBQztJQUM5QyxNQUFNLFdBQVcsR0FBRyxJQUFJLElBQUksRUFBRSxDQUFDO0lBRS9CLE1BQU0sUUFBUSxHQUFHLElBQUksQ0FBQyxLQUFLLENBQUMsQ0FBQyxRQUFRLENBQUMsT0FBTyxFQUFFLEdBQUcsV0FBVyxDQUFDLE9BQU8sRUFBRSxDQUFDLEdBQUcsaUJBQWlCLENBQUMsQ0FBQztJQUU5RixPQUFPLFFBQVEsQ0FBQztBQUNsQixDQUFDO0FBRUQseUNBQXlDO0FBQ3pDLDRCQUE0QjtBQUNmLFFBQUEsUUFBUSxHQUFHO0lBQ3RCLGtCQUFrQjtJQUNsQixHQUFHLEVBQUUsYUFBYTtJQUNsQiwyQkFBMkIsRUFBRSxDQUFDLEdBQStDLEVBQUUsRUFBRSxDQUFDLEdBQUcsRUFBRSxDQUFDLDJCQUEyQixDQUFDLEdBQUcsQ0FBQyxDQUFDLE9BQU8sRUFBRTtJQUNsSSwyQkFBMkIsRUFBRSxDQUFDLEdBQStDLEVBQUUsRUFBRSxDQUFDLEdBQUcsRUFBRSxDQUFDLDJCQUEyQixDQUFDLEdBQUcsQ0FBQyxDQUFDLE9BQU8sRUFBRTtJQUNsSSxxQ0FBcUMsRUFBRSxDQUFDLEdBQXlELEVBQUUsRUFBRSxDQUFDLEdBQUcsRUFBRSxDQUFDLHFDQUFxQyxDQUFDLEdBQUcsQ0FBQyxDQUFDLE9BQU8sRUFBRTtJQUNoSyxrQ0FBa0MsRUFBRSxDQUFDLEdBQXNELEVBQUUsRUFBRSxDQUFDLEdBQUcsRUFBRSxDQUFDLGtDQUFrQyxDQUFDLEdBQUcsQ0FBQyxDQUFDLE9BQU8sRUFBRTtJQUN2Six1Q0FBdUMsRUFBRSxDQUFDLEdBQTJELEVBQUUsRUFBRSxDQUFDLEdBQUcsRUFBRSxDQUFDLHVDQUF1QyxDQUFDLEdBQUcsQ0FBQyxDQUFDLE9BQU8sRUFBRTtDQUN2SyxDQUFDIiwic291cmNlc0NvbnRlbnQiOlsiLyogaXN0YW5idWwgaWdub3JlIGZpbGUgKi9cbmltcG9ydCB7IERldGFpbGVkUGVlckNlcnRpZmljYXRlIH0gZnJvbSAnbm9kZTp0bHMnO1xuaW1wb3J0ICogYXMgdXRpbCBmcm9tICdub2RlOnV0aWwnO1xuaW1wb3J0ICogYXMgdGxzIGZyb20gJ3Rscyc7XG5pbXBvcnQgKiBhcyB1cmwgZnJvbSAndXJsJztcbi8vIGVzbGludC1kaXNhYmxlLW5leHQtbGluZSBpbXBvcnQvbm8tZXh0cmFuZW91cy1kZXBlbmRlbmNpZXNcbmltcG9ydCAqIGFzIGF3cyBmcm9tICdhd3Mtc2RrJztcblxubGV0IGNsaWVudDogYXdzLklBTTtcblxuZnVuY3Rpb24gaWFtKCkge1xuICBpZiAoIWNsaWVudCkgeyBjbGllbnQgPSBuZXcgYXdzLklBTSgpOyB9XG4gIHJldHVybiBjbGllbnQ7XG59XG5cbmZ1bmN0aW9uIGRlZmF1bHRMb2dnZXIoZm10OiBzdHJpbmcsIC4uLmFyZ3M6IGFueVtdKSB7XG4gIC8vIGVzbGludC1kaXNhYmxlLW5leHQtbGluZSBuby1jb25zb2xlXG4gIGNvbnNvbGUubG9nKGZtdCwgLi4uYXJncyk7XG59XG5cbi8qKlxuICogRG93bmxvYWRzIHRoZSBDQSB0aHVtYnByaW50IGZyb20gdGhlIGlzc3VlciBVUkxcbiAqL1xuZXhwb3J0IGFzeW5jIGZ1bmN0aW9uIGRvd25sb2FkVGh1bWJwcmludChpc3N1ZXJVcmw6IHN0cmluZykge1xuXG4gIGV4dGVybmFsLmxvZyhgRG93bmxvYWRpbmcgY2VydGlmaWNhdGUgYXV0aG9yaXR5IHRodW1icHJpbnQgZm9yICR7aXNzdWVyVXJsfWApO1xuXG4gIHJldHVybiBuZXcgUHJvbWlzZTxzdHJpbmc+KChvaywga28pID0+IHtcbiAgICBjb25zdCBwdXJsID0gdXJsLnBhcnNlKGlzc3VlclVybCk7XG4gICAgY29uc3QgcG9ydCA9IHB1cmwucG9ydCA/IHBhcnNlSW50KHB1cmwucG9ydCwgMTApIDogNDQzO1xuXG4gICAgaWYgKCFwdXJsLmhvc3QpIHtcbiAgICAgIHJldHVybiBrbyhuZXcgRXJyb3IoYHVuYWJsZSB0byBkZXRlcm1pbmUgaG9zdCBmcm9tIGlzc3VlciB1cmwgJHtpc3N1ZXJVcmx9YCkpO1xuICAgIH1cblxuICAgIGNvbnN0IHNvY2tldCA9IHRscy5jb25uZWN0KHBvcnQsIHB1cmwuaG9zdCwgeyByZWplY3RVbmF1dGhvcml6ZWQ6IGZhbHNlLCBzZXJ2ZXJuYW1lOiBwdXJsLmhvc3QgfSk7XG4gICAgc29ja2V0Lm9uY2UoJ2Vycm9yJywga28pO1xuXG4gICAgc29ja2V0Lm9uY2UoJ3NlY3VyZUNvbm5lY3QnLCAoKSA9PiB7XG4gICAgICAvLyBUaGlzIHNldCB0byBgdHJ1ZWAgd291bGQgcmV0dXJuIHRoZSBlbnRpcmUgY2hhaW4gb2YgY2VydGlmaWNhdGVzIGFzIGEgY2lyY3VsYXIgcmVmZXJlbmNlIG9iamVjdFxuICAgICAgbGV0IGNlcnQgPSBzb2NrZXQuZ2V0UGVlckNlcnRpZmljYXRlKHRydWUpO1xuXG4gICAgICBjb25zdCB1bnFpdWVDZXJ0cyA9IG5ldyBTZXQ8RGV0YWlsZWRQZWVyQ2VydGlmaWNhdGU+KCk7XG4gICAgICBkbyB7XG4gICAgICAgIHVucWl1ZUNlcnRzLmFkZChjZXJ0KTtcbiAgICAgICAgY2VydCA9IGNlcnQuaXNzdWVyQ2VydGlmaWNhdGU7XG4gICAgICB9IHdoaWxlICggY2VydCAmJiB0eXBlb2YgY2VydCA9PT0gJ29iamVjdCcgJiYgIXVucWl1ZUNlcnRzLmhhcyhjZXJ0KSk7XG5cbiAgICAgIC8vIFRoZSBsYXN0IGBjZXJ0YCBvYnRhaW5lZCBtdXN0IGJlIHRoZSByb290IGNlcnRpZmljYXRlIGluIHRoZSBjZXJ0aWZpY2F0ZSBjaGFpblxuICAgICAgY29uc3Qgcm9vdENlcnQgPSBbLi4udW5xaXVlQ2VydHNdLnBvcCgpITtcblxuICAgICAgLy8gQWRkIGBjYTogdHJ1ZWAgd2hlbiBub2RlIG1lcmdlcyB0aGUgZmVhdHVyZS4gQXdhaXRpbmcgcmVzb2x1dGlvbjogaHR0cHM6Ly9naXRodWIuY29tL25vZGVqcy9ub2RlL2lzc3Vlcy80NDkwNVxuICAgICAgaWYgKCEodXRpbC5pc0RlZXBTdHJpY3RFcXVhbChyb290Q2VydC5pc3N1ZXIsIHJvb3RDZXJ0LnN1YmplY3QpKSkge1xuICAgICAgICByZXR1cm4ga28obmV3IEVycm9yKGBTdWJqZWN0IGFuZCBJc3N1ZXIgb2YgY2VydGlmaWNhdGUgcmVjZWl2ZWQgYXJlIGRpZmZlcmVudC4gXG4gICAgICAgIFJlY2VpdmVkOiBcXCdTdWJqZWN0XFwnIGlzICR7SlNPTi5zdHJpbmdpZnkocm9vdENlcnQuc3ViamVjdCwgbnVsbCwgNCl9IGFuZCBcXCdJc3N1ZXJcXCc6JHtKU09OLnN0cmluZ2lmeShyb290Q2VydC5pc3N1ZXIsIG51bGwsIDQpfWApKTtcbiAgICAgIH1cblxuICAgICAgY29uc3QgdmFsaWRUbyA9IG5ldyBEYXRlKHJvb3RDZXJ0LnZhbGlkX3RvKTtcbiAgICAgIGNvbnN0IGNlcnRpZmljYXRlVmFsaWRpdHkgPSBnZXRDZXJ0aWZpY2F0ZVZhbGlkaXR5KHZhbGlkVG8pO1xuXG4gICAgICBpZiAoY2VydGlmaWNhdGVWYWxpZGl0eSA8IDApIHtcbiAgICAgICAgcmV0dXJuIGtvKG5ldyBFcnJvcihgVGhlIGNlcnRpZmljYXRlIGhhcyBhbHJlYWR5IGV4cGlyZWQgb246ICR7dmFsaWRUby50b1VUQ1N0cmluZygpfWApKTtcbiAgICAgIH1cblxuICAgICAgLy8gV2FybmluZyB1c2VyIGlmIGNlcnRpZmljYXRlIHZhbGlkaXR5IGlzIGV4cGlyaW5nIHdpdGhpbiA2IG1vbnRoc1xuICAgICAgaWYgKGNlcnRpZmljYXRlVmFsaWRpdHkgPCAxODApIHtcbiAgICAgICAgLyogZXNsaW50LWRpc2FibGUtbmV4dC1saW5lIG5vLWNvbnNvbGUgKi9cbiAgICAgICAgY29uc29sZS53YXJuKGBUaGUgcm9vdCBjZXJ0aWZpY2F0ZSBvYnRhaW5lZCB3b3VsZCBleHBpcmUgaW4gJHtjZXJ0aWZpY2F0ZVZhbGlkaXR5fSBkYXlzIWApO1xuICAgICAgfVxuXG4gICAgICBzb2NrZXQuZW5kKCk7XG5cbiAgICAgIGNvbnN0IHRodW1icHJpbnQgPSByb290Q2VydC5maW5nZXJwcmludC5zcGxpdCgnOicpLmpvaW4oJycpO1xuICAgICAgZXh0ZXJuYWwubG9nKGBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgdGh1bWJwcmludCBmb3IgJHtpc3N1ZXJVcmx9IGlzICR7dGh1bWJwcmludH1gKTtcblxuICAgICAgb2sodGh1bWJwcmludCk7XG4gICAgfSk7XG4gIH0pO1xufVxuXG4vKipcbiAqIFRvIGdldCB0aGUgdmFsaWRpdHkgdGltZWxpbmUgZm9yIHRoZSBjZXJ0aWZpY2F0ZVxuICogQHBhcmFtIGNlcnREYXRlIFRoZSB2YWxpZCB0byBkYXRlIGZvciB0aGUgY2VydGlmaWNhdGVcbiAqIEByZXR1cm5zIFRoZSBudW1iZXIgb2YgZGF5cyB0aGUgY2VydGlmaWNhdGUgaXMgdmFsaWQgd3J0IGN1cnJlbnQgZGF0ZVxuICovXG5mdW5jdGlvbiBnZXRDZXJ0aWZpY2F0ZVZhbGlkaXR5KGNlcnREYXRlOiBEYXRlKTogTnVtYmVyIHtcbiAgY29uc3QgbWlsbGlzZWNvbmRzSW5EYXkgPSAyNCAqIDYwICogNjAgKiAxMDAwO1xuICBjb25zdCBjdXJyZW50RGF0ZSA9IG5ldyBEYXRlKCk7XG5cbiAgY29uc3QgdmFsaWRpdHkgPSBNYXRoLnJvdW5kKChjZXJ0RGF0ZS5nZXRUaW1lKCkgLSBjdXJyZW50RGF0ZS5nZXRUaW1lKCkpIC8gbWlsbGlzZWNvbmRzSW5EYXkpO1xuXG4gIHJldHVybiB2YWxpZGl0eTtcbn1cblxuLy8gYWxsb3dzIHVuaXQgdGVzdCB0byByZXBsYWNlIHdpdGggbW9ja3Ncbi8qIGVzbGludC1kaXNhYmxlIG1heC1sZW4gKi9cbmV4cG9ydCBjb25zdCBleHRlcm5hbCA9IHtcbiAgZG93bmxvYWRUaHVtYnByaW50LFxuICBsb2c6IGRlZmF1bHRMb2dnZXIsXG4gIGNyZWF0ZU9wZW5JRENvbm5lY3RQcm92aWRlcjogKHJlcTogYXdzLklBTS5DcmVhdGVPcGVuSURDb25uZWN0UHJvdmlkZXJSZXF1ZXN0KSA9PiBpYW0oKS5jcmVhdGVPcGVuSURDb25uZWN0UHJvdmlkZXIocmVxKS5wcm9taXNlKCksXG4gIGRlbGV0ZU9wZW5JRENvbm5lY3RQcm92aWRlcjogKHJlcTogYXdzLklBTS5EZWxldGVPcGVuSURDb25uZWN0UHJvdmlkZXJSZXF1ZXN0KSA9PiBpYW0oKS5kZWxldGVPcGVuSURDb25uZWN0UHJvdmlkZXIocmVxKS5wcm9taXNlKCksXG4gIHVwZGF0ZU9wZW5JRENvbm5lY3RQcm92aWRlclRodW1icHJpbnQ6IChyZXE6IGF3cy5JQU0uVXBkYXRlT3BlbklEQ29ubmVjdFByb3ZpZGVyVGh1bWJwcmludFJlcXVlc3QpID0+IGlhbSgpLnVwZGF0ZU9wZW5JRENvbm5lY3RQcm92aWRlclRodW1icHJpbnQocmVxKS5wcm9taXNlKCksXG4gIGFkZENsaWVudElEVG9PcGVuSURDb25uZWN0UHJvdmlkZXI6IChyZXE6IGF3cy5JQU0uQWRkQ2xpZW50SURUb09wZW5JRENvbm5lY3RQcm92aWRlclJlcXVlc3QpID0+IGlhbSgpLmFkZENsaWVudElEVG9PcGVuSURDb25uZWN0UHJvdmlkZXIocmVxKS5wcm9taXNlKCksXG4gIHJlbW92ZUNsaWVudElERnJvbU9wZW5JRENvbm5lY3RQcm92aWRlcjogKHJlcTogYXdzLklBTS5SZW1vdmVDbGllbnRJREZyb21PcGVuSURDb25uZWN0UHJvdmlkZXJSZXF1ZXN0KSA9PiBpYW0oKS5yZW1vdmVDbGllbnRJREZyb21PcGVuSURDb25uZWN0UHJvdmlkZXIocmVxKS5wcm9taXNlKCksXG59O1xuIl19 \ No newline at end of file diff --git a/packages/@aws-cdk/aws-eks/test/integ.eks-inference.js.snapshot/asset.42973d1d89f4a393a64981f78d088964ba13e63a3aab4478cd74109c77cf9174/index.js b/packages/@aws-cdk/aws-eks/test/integ.eks-inference.js.snapshot/asset.b461123ee060208a85a3dbdaa41982700ad24caf5f4c4af2f625986b92ac60c3/index.js similarity index 100% rename from packages/@aws-cdk/aws-eks/test/integ.eks-inference.js.snapshot/asset.42973d1d89f4a393a64981f78d088964ba13e63a3aab4478cd74109c77cf9174/index.js rename to packages/@aws-cdk/aws-eks/test/integ.eks-inference.js.snapshot/asset.b461123ee060208a85a3dbdaa41982700ad24caf5f4c4af2f625986b92ac60c3/index.js diff --git a/packages/@aws-cdk/aws-eks/test/integ.eks-inference.js.snapshot/asset.b9db8e64e56b84987288e77a56bf3c0fb982931aa35cb2dcff4bc8a115ae87b3/consts.d.ts b/packages/@aws-cdk/aws-eks/test/integ.eks-inference.js.snapshot/asset.b9db8e64e56b84987288e77a56bf3c0fb982931aa35cb2dcff4bc8a115ae87b3/consts.d.ts deleted file mode 100644 index 35c3d8f5c637f..0000000000000 --- a/packages/@aws-cdk/aws-eks/test/integ.eks-inference.js.snapshot/asset.b9db8e64e56b84987288e77a56bf3c0fb982931aa35cb2dcff4bc8a115ae87b3/consts.d.ts +++ /dev/null @@ -1,13 +0,0 @@ -/** - * Supported resource type. - */ -export declare const enum CfnUtilsResourceType { - /** - * CfnJson - */ - CFN_JSON = "Custom::AWSCDKCfnJson", - /** - * CfnJsonStringify - */ - CFN_JSON_STRINGIFY = "Custom::AWSCDKCfnJsonStringify" -} diff --git a/packages/@aws-cdk/aws-eks/test/integ.eks-inference.js.snapshot/asset.b9db8e64e56b84987288e77a56bf3c0fb982931aa35cb2dcff4bc8a115ae87b3/consts.ts b/packages/@aws-cdk/aws-eks/test/integ.eks-inference.js.snapshot/asset.b9db8e64e56b84987288e77a56bf3c0fb982931aa35cb2dcff4bc8a115ae87b3/consts.ts deleted file mode 100644 index 9718dcef40645..0000000000000 --- a/packages/@aws-cdk/aws-eks/test/integ.eks-inference.js.snapshot/asset.b9db8e64e56b84987288e77a56bf3c0fb982931aa35cb2dcff4bc8a115ae87b3/consts.ts +++ /dev/null @@ -1,14 +0,0 @@ -/** - * Supported resource type. - */ -export const enum CfnUtilsResourceType { - /** - * CfnJson - */ - CFN_JSON = 'Custom::AWSCDKCfnJson', - - /** - * CfnJsonStringify - */ - CFN_JSON_STRINGIFY = 'Custom::AWSCDKCfnJsonStringify', -} diff --git a/packages/@aws-cdk/aws-eks/test/integ.eks-inference.js.snapshot/asset.b9db8e64e56b84987288e77a56bf3c0fb982931aa35cb2dcff4bc8a115ae87b3/index.d.ts b/packages/@aws-cdk/aws-eks/test/integ.eks-inference.js.snapshot/asset.b9db8e64e56b84987288e77a56bf3c0fb982931aa35cb2dcff4bc8a115ae87b3/index.d.ts deleted file mode 100644 index b228aec7fd8cc..0000000000000 --- a/packages/@aws-cdk/aws-eks/test/integ.eks-inference.js.snapshot/asset.b9db8e64e56b84987288e77a56bf3c0fb982931aa35cb2dcff4bc8a115ae87b3/index.d.ts +++ /dev/null @@ -1,8 +0,0 @@ -/** - * Parses the value of "Value" and reflects it back as attribute. - */ -export declare function handler(event: AWSLambda.CloudFormationCustomResourceEvent): Promise<{ - Data: { - Value: any; - }; -}>; diff --git a/packages/@aws-cdk/aws-eks/test/integ.eks-inference.js.snapshot/asset.b9db8e64e56b84987288e77a56bf3c0fb982931aa35cb2dcff4bc8a115ae87b3/index.ts b/packages/@aws-cdk/aws-eks/test/integ.eks-inference.js.snapshot/asset.b9db8e64e56b84987288e77a56bf3c0fb982931aa35cb2dcff4bc8a115ae87b3/index.ts deleted file mode 100644 index f082001f80159..0000000000000 --- a/packages/@aws-cdk/aws-eks/test/integ.eks-inference.js.snapshot/asset.b9db8e64e56b84987288e77a56bf3c0fb982931aa35cb2dcff4bc8a115ae87b3/index.ts +++ /dev/null @@ -1,33 +0,0 @@ -import { CfnUtilsResourceType } from './consts'; - -/** - * Parses the value of "Value" and reflects it back as attribute. - */ -export async function handler(event: AWSLambda.CloudFormationCustomResourceEvent) { - - // dispatch based on resource type - if (event.ResourceType === CfnUtilsResourceType.CFN_JSON) { - return cfnJsonHandler(event); - } - if (event.ResourceType === CfnUtilsResourceType.CFN_JSON_STRINGIFY) { - return cfnJsonStringifyHandler(event); - } - - throw new Error(`unexpected resource type "${event.ResourceType}`); -} - -function cfnJsonHandler(event: AWSLambda.CloudFormationCustomResourceEvent) { - return { - Data: { - Value: JSON.parse(event.ResourceProperties.Value), - }, - }; -} - -function cfnJsonStringifyHandler(event: AWSLambda.CloudFormationCustomResourceEvent) { - return { - Data: { - Value: JSON.stringify(event.ResourceProperties.Value), - }, - }; -} diff --git a/packages/@aws-cdk/aws-eks/test/integ.eks-inference.js.snapshot/asset.c409e6c5845f1f349df8cd84e160bf6f1c35d2b060b63e1f032f9bd39d4542cc.zip b/packages/@aws-cdk/aws-eks/test/integ.eks-inference.js.snapshot/asset.c409e6c5845f1f349df8cd84e160bf6f1c35d2b060b63e1f032f9bd39d4542cc.zip index 4b3aea09155c1..8097ad2422b72 100644 Binary files a/packages/@aws-cdk/aws-eks/test/integ.eks-inference.js.snapshot/asset.c409e6c5845f1f349df8cd84e160bf6f1c35d2b060b63e1f032f9bd39d4542cc.zip and b/packages/@aws-cdk/aws-eks/test/integ.eks-inference.js.snapshot/asset.c409e6c5845f1f349df8cd84e160bf6f1c35d2b060b63e1f032f9bd39d4542cc.zip differ diff --git a/packages/@aws-cdk/aws-eks/test/integ.eks-inference.js.snapshot/asset.b9db8e64e56b84987288e77a56bf3c0fb982931aa35cb2dcff4bc8a115ae87b3/__entrypoint__.js b/packages/@aws-cdk/aws-eks/test/integ.eks-inference.js.snapshot/asset.f4599f463f56c5c9d584a8aca5b607b7bb0cead0b089b8ccd66b69f00b5ee98a/__entrypoint__.js similarity index 100% rename from packages/@aws-cdk/aws-eks/test/integ.eks-inference.js.snapshot/asset.b9db8e64e56b84987288e77a56bf3c0fb982931aa35cb2dcff4bc8a115ae87b3/__entrypoint__.js rename to packages/@aws-cdk/aws-eks/test/integ.eks-inference.js.snapshot/asset.f4599f463f56c5c9d584a8aca5b607b7bb0cead0b089b8ccd66b69f00b5ee98a/__entrypoint__.js diff --git a/packages/@aws-cdk/aws-eks/test/integ.eks-inference.js.snapshot/asset.b9db8e64e56b84987288e77a56bf3c0fb982931aa35cb2dcff4bc8a115ae87b3/consts.js b/packages/@aws-cdk/aws-eks/test/integ.eks-inference.js.snapshot/asset.f4599f463f56c5c9d584a8aca5b607b7bb0cead0b089b8ccd66b69f00b5ee98a/consts.js similarity index 100% rename from packages/@aws-cdk/aws-eks/test/integ.eks-inference.js.snapshot/asset.b9db8e64e56b84987288e77a56bf3c0fb982931aa35cb2dcff4bc8a115ae87b3/consts.js rename to packages/@aws-cdk/aws-eks/test/integ.eks-inference.js.snapshot/asset.f4599f463f56c5c9d584a8aca5b607b7bb0cead0b089b8ccd66b69f00b5ee98a/consts.js diff --git a/packages/@aws-cdk/aws-eks/test/integ.eks-inference.js.snapshot/asset.b9db8e64e56b84987288e77a56bf3c0fb982931aa35cb2dcff4bc8a115ae87b3/index.js b/packages/@aws-cdk/aws-eks/test/integ.eks-inference.js.snapshot/asset.f4599f463f56c5c9d584a8aca5b607b7bb0cead0b089b8ccd66b69f00b5ee98a/index.js similarity index 100% rename from packages/@aws-cdk/aws-eks/test/integ.eks-inference.js.snapshot/asset.b9db8e64e56b84987288e77a56bf3c0fb982931aa35cb2dcff4bc8a115ae87b3/index.js rename to packages/@aws-cdk/aws-eks/test/integ.eks-inference.js.snapshot/asset.f4599f463f56c5c9d584a8aca5b607b7bb0cead0b089b8ccd66b69f00b5ee98a/index.js diff --git a/packages/@aws-cdk/aws-eks/test/integ.eks-inference.js.snapshot/aws-cdk-eks-cluster-inference-test.assets.json b/packages/@aws-cdk/aws-eks/test/integ.eks-inference.js.snapshot/aws-cdk-eks-cluster-inference-test.assets.json index 2d6ff5ceea69a..f6738537ab0b1 100644 --- a/packages/@aws-cdk/aws-eks/test/integ.eks-inference.js.snapshot/aws-cdk-eks-cluster-inference-test.assets.json +++ b/packages/@aws-cdk/aws-eks/test/integ.eks-inference.js.snapshot/aws-cdk-eks-cluster-inference-test.assets.json @@ -79,28 +79,28 @@ } } }, - "42973d1d89f4a393a64981f78d088964ba13e63a3aab4478cd74109c77cf9174": { + "b461123ee060208a85a3dbdaa41982700ad24caf5f4c4af2f625986b92ac60c3": { "source": { - "path": "asset.42973d1d89f4a393a64981f78d088964ba13e63a3aab4478cd74109c77cf9174", + "path": "asset.b461123ee060208a85a3dbdaa41982700ad24caf5f4c4af2f625986b92ac60c3", "packaging": "zip" }, "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "42973d1d89f4a393a64981f78d088964ba13e63a3aab4478cd74109c77cf9174.zip", + "objectKey": "b461123ee060208a85a3dbdaa41982700ad24caf5f4c4af2f625986b92ac60c3.zip", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } }, - "b9db8e64e56b84987288e77a56bf3c0fb982931aa35cb2dcff4bc8a115ae87b3": { + "f4599f463f56c5c9d584a8aca5b607b7bb0cead0b089b8ccd66b69f00b5ee98a": { "source": { - "path": "asset.b9db8e64e56b84987288e77a56bf3c0fb982931aa35cb2dcff4bc8a115ae87b3", + "path": "asset.f4599f463f56c5c9d584a8aca5b607b7bb0cead0b089b8ccd66b69f00b5ee98a", "packaging": "zip" }, "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "b9db8e64e56b84987288e77a56bf3c0fb982931aa35cb2dcff4bc8a115ae87b3.zip", + "objectKey": "f4599f463f56c5c9d584a8aca5b607b7bb0cead0b089b8ccd66b69f00b5ee98a.zip", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } @@ -131,7 +131,7 @@ } } }, - "05fb7987c76195968e624b0f55bd43dae83b193488be58d7ae6c64ce4ffa48ca": { + "9b7425e32a92d8dc2e71c6b8da0932cf61805cf2de553385b81250f4e32df5d9": { "source": { "path": "aws-cdk-eks-cluster-inference-test.template.json", "packaging": "file" @@ -139,7 +139,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "05fb7987c76195968e624b0f55bd43dae83b193488be58d7ae6c64ce4ffa48ca.json", + "objectKey": "9b7425e32a92d8dc2e71c6b8da0932cf61805cf2de553385b81250f4e32df5d9.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/packages/@aws-cdk/aws-eks/test/integ.eks-inference.js.snapshot/aws-cdk-eks-cluster-inference-test.template.json b/packages/@aws-cdk/aws-eks/test/integ.eks-inference.js.snapshot/aws-cdk-eks-cluster-inference-test.template.json index 950e654ba9014..75c15c4cd069b 100644 --- a/packages/@aws-cdk/aws-eks/test/integ.eks-inference.js.snapshot/aws-cdk-eks-cluster-inference-test.template.json +++ b/packages/@aws-cdk/aws-eks/test/integ.eks-inference.js.snapshot/aws-cdk-eks-cluster-inference-test.template.json @@ -839,9 +839,6 @@ "ClientIDList": [ "sts.amazonaws.com" ], - "ThumbprintList": [ - "9e99a48a9960b14926bb7f3b02e22da2b0ab7280" - ], "Url": { "Fn::GetAtt": [ "Cluster9EE0221C", @@ -1855,7 +1852,7 @@ "S3Bucket": { "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" }, - "S3Key": "42973d1d89f4a393a64981f78d088964ba13e63a3aab4478cd74109c77cf9174.zip" + "S3Key": "b461123ee060208a85a3dbdaa41982700ad24caf5f4c4af2f625986b92ac60c3.zip" }, "Timeout": 900, "MemorySize": 128, @@ -1901,7 +1898,7 @@ "S3Bucket": { "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" }, - "S3Key": "b9db8e64e56b84987288e77a56bf3c0fb982931aa35cb2dcff4bc8a115ae87b3.zip" + "S3Key": "f4599f463f56c5c9d584a8aca5b607b7bb0cead0b089b8ccd66b69f00b5ee98a.zip" }, "Timeout": 900, "MemorySize": 128, diff --git a/packages/@aws-cdk/aws-eks/test/integ.eks-inference.js.snapshot/manifest.json b/packages/@aws-cdk/aws-eks/test/integ.eks-inference.js.snapshot/manifest.json index 902cc52520359..212cc67af1803 100644 --- a/packages/@aws-cdk/aws-eks/test/integ.eks-inference.js.snapshot/manifest.json +++ b/packages/@aws-cdk/aws-eks/test/integ.eks-inference.js.snapshot/manifest.json @@ -23,7 +23,7 @@ "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/05fb7987c76195968e624b0f55bd43dae83b193488be58d7ae6c64ce4ffa48ca.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/9b7425e32a92d8dc2e71c6b8da0932cf61805cf2de553385b81250f4e32df5d9.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ diff --git a/packages/@aws-cdk/aws-eks/test/integ.eks-oidc-provider.js.snapshot/asset.78989d876411e582ce92577de10ee129b12c1f09d8b77f9f45ce2b97cb53bad7/__entrypoint__.js b/packages/@aws-cdk/aws-eks/test/integ.eks-oidc-provider.js.snapshot/asset.78989d876411e582ce92577de10ee129b12c1f09d8b77f9f45ce2b97cb53bad7/__entrypoint__.js deleted file mode 100644 index 9df94382cc74e..0000000000000 --- a/packages/@aws-cdk/aws-eks/test/integ.eks-oidc-provider.js.snapshot/asset.78989d876411e582ce92577de10ee129b12c1f09d8b77f9f45ce2b97cb53bad7/__entrypoint__.js +++ /dev/null @@ -1,118 +0,0 @@ -"use strict"; -Object.defineProperty(exports, "__esModule", { value: true }); -exports.handler = exports.external = void 0; -const https = require("https"); -const url = require("url"); -// for unit tests -exports.external = { - sendHttpRequest: defaultSendHttpRequest, - log: defaultLog, - includeStackTraces: true, - userHandlerIndex: './index', -}; -const CREATE_FAILED_PHYSICAL_ID_MARKER = 'AWSCDK::CustomResourceProviderFramework::CREATE_FAILED'; -const MISSING_PHYSICAL_ID_MARKER = 'AWSCDK::CustomResourceProviderFramework::MISSING_PHYSICAL_ID'; -async function handler(event, context) { - const sanitizedEvent = { ...event, ResponseURL: '...' }; - exports.external.log(JSON.stringify(sanitizedEvent, undefined, 2)); - // ignore DELETE event when the physical resource ID is the marker that - // indicates that this DELETE is a subsequent DELETE to a failed CREATE - // operation. - if (event.RequestType === 'Delete' && event.PhysicalResourceId === CREATE_FAILED_PHYSICAL_ID_MARKER) { - exports.external.log('ignoring DELETE event caused by a failed CREATE event'); - await submitResponse('SUCCESS', event); - return; - } - try { - // invoke the user handler. this is intentionally inside the try-catch to - // ensure that if there is an error it's reported as a failure to - // cloudformation (otherwise cfn waits). - // eslint-disable-next-line @typescript-eslint/no-require-imports - const userHandler = require(exports.external.userHandlerIndex).handler; - const result = await userHandler(sanitizedEvent, context); - // validate user response and create the combined event - const responseEvent = renderResponse(event, result); - // submit to cfn as success - await submitResponse('SUCCESS', responseEvent); - } - catch (e) { - const resp = { - ...event, - Reason: exports.external.includeStackTraces ? e.stack : e.message, - }; - if (!resp.PhysicalResourceId) { - // special case: if CREATE fails, which usually implies, we usually don't - // have a physical resource id. in this case, the subsequent DELETE - // operation does not have any meaning, and will likely fail as well. to - // address this, we use a marker so the provider framework can simply - // ignore the subsequent DELETE. - if (event.RequestType === 'Create') { - exports.external.log('CREATE failed, responding with a marker physical resource id so that the subsequent DELETE will be ignored'); - resp.PhysicalResourceId = CREATE_FAILED_PHYSICAL_ID_MARKER; - } - else { - // otherwise, if PhysicalResourceId is not specified, something is - // terribly wrong because all other events should have an ID. - exports.external.log(`ERROR: Malformed event. "PhysicalResourceId" is required: ${JSON.stringify(event)}`); - } - } - // this is an actual error, fail the activity altogether and exist. - await submitResponse('FAILED', resp); - } -} -exports.handler = handler; -function renderResponse(cfnRequest, handlerResponse = {}) { - // if physical ID is not returned, we have some defaults for you based - // on the request type. - const physicalResourceId = handlerResponse.PhysicalResourceId ?? cfnRequest.PhysicalResourceId ?? cfnRequest.RequestId; - // if we are in DELETE and physical ID was changed, it's an error. - if (cfnRequest.RequestType === 'Delete' && physicalResourceId !== cfnRequest.PhysicalResourceId) { - throw new Error(`DELETE: cannot change the physical resource ID from "${cfnRequest.PhysicalResourceId}" to "${handlerResponse.PhysicalResourceId}" during deletion`); - } - // merge request event and result event (result prevails). - return { - ...cfnRequest, - ...handlerResponse, - PhysicalResourceId: physicalResourceId, - }; -} -async function submitResponse(status, event) { - const json = { - Status: status, - Reason: event.Reason ?? status, - StackId: event.StackId, - RequestId: event.RequestId, - PhysicalResourceId: event.PhysicalResourceId || MISSING_PHYSICAL_ID_MARKER, - LogicalResourceId: event.LogicalResourceId, - NoEcho: event.NoEcho, - Data: event.Data, - }; - exports.external.log('submit response to cloudformation', json); - const responseBody = JSON.stringify(json); - const parsedUrl = url.parse(event.ResponseURL); - const req = { - hostname: parsedUrl.hostname, - path: parsedUrl.path, - method: 'PUT', - headers: { 'content-type': '', 'content-length': responseBody.length }, - }; - await exports.external.sendHttpRequest(req, responseBody); -} -async function defaultSendHttpRequest(options, responseBody) { - return new Promise((resolve, reject) => { - try { - const request = https.request(options, _ => resolve()); - request.on('error', reject); - request.write(responseBody); - request.end(); - } - catch (e) { - reject(e); - } - }); -} -function defaultLog(fmt, ...params) { - // eslint-disable-next-line no-console - console.log(fmt, ...params); -} -//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoibm9kZWpzLWVudHJ5cG9pbnQuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyJub2RlanMtZW50cnlwb2ludC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7QUFBQSwrQkFBK0I7QUFDL0IsMkJBQTJCO0FBRTNCLGlCQUFpQjtBQUNKLFFBQUEsUUFBUSxHQUFHO0lBQ3RCLGVBQWUsRUFBRSxzQkFBc0I7SUFDdkMsR0FBRyxFQUFFLFVBQVU7SUFDZixrQkFBa0IsRUFBRSxJQUFJO0lBQ3hCLGdCQUFnQixFQUFFLFNBQVM7Q0FDNUIsQ0FBQztBQUVGLE1BQU0sZ0NBQWdDLEdBQUcsd0RBQXdELENBQUM7QUFDbEcsTUFBTSwwQkFBMEIsR0FBRyw4REFBOEQsQ0FBQztBQVczRixLQUFLLFVBQVUsT0FBTyxDQUFDLEtBQWtELEVBQUUsT0FBMEI7SUFDMUcsTUFBTSxjQUFjLEdBQUcsRUFBRSxHQUFHLEtBQUssRUFBRSxXQUFXLEVBQUUsS0FBSyxFQUFFLENBQUM7SUFDeEQsZ0JBQVEsQ0FBQyxHQUFHLENBQUMsSUFBSSxDQUFDLFNBQVMsQ0FBQyxjQUFjLEVBQUUsU0FBUyxFQUFFLENBQUMsQ0FBQyxDQUFDLENBQUM7SUFFM0QsdUVBQXVFO0lBQ3ZFLHVFQUF1RTtJQUN2RSxhQUFhO0lBQ2IsSUFBSSxLQUFLLENBQUMsV0FBVyxLQUFLLFFBQVEsSUFBSSxLQUFLLENBQUMsa0JBQWtCLEtBQUssZ0NBQWdDLEVBQUU7UUFDbkcsZ0JBQVEsQ0FBQyxHQUFHLENBQUMsdURBQXVELENBQUMsQ0FBQztRQUN0RSxNQUFNLGNBQWMsQ0FBQyxTQUFTLEVBQUUsS0FBSyxDQUFDLENBQUM7UUFDdkMsT0FBTztLQUNSO0lBRUQsSUFBSTtRQUNGLHlFQUF5RTtRQUN6RSxpRUFBaUU7UUFDakUsd0NBQXdDO1FBQ3hDLGlFQUFpRTtRQUNqRSxNQUFNLFdBQVcsR0FBWSxPQUFPLENBQUMsZ0JBQVEsQ0FBQyxnQkFBZ0IsQ0FBQyxDQUFDLE9BQU8sQ0FBQztRQUN4RSxNQUFNLE1BQU0sR0FBRyxNQUFNLFdBQVcsQ0FBQyxjQUFjLEVBQUUsT0FBTyxDQUFDLENBQUM7UUFFMUQsdURBQXVEO1FBQ3ZELE1BQU0sYUFBYSxHQUFHLGNBQWMsQ0FBQyxLQUFLLEVBQUUsTUFBTSxDQUFDLENBQUM7UUFFcEQsMkJBQTJCO1FBQzNCLE1BQU0sY0FBYyxDQUFDLFNBQVMsRUFBRSxhQUFhLENBQUMsQ0FBQztLQUNoRDtJQUFDLE9BQU8sQ0FBQyxFQUFFO1FBQ1YsTUFBTSxJQUFJLEdBQWE7WUFDckIsR0FBRyxLQUFLO1lBQ1IsTUFBTSxFQUFFLGdCQUFRLENBQUMsa0JBQWtCLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQyxLQUFLLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQyxPQUFPO1NBQzFELENBQUM7UUFFRixJQUFJLENBQUMsSUFBSSxDQUFDLGtCQUFrQixFQUFFO1lBQzVCLHlFQUF5RTtZQUN6RSxtRUFBbUU7WUFDbkUsd0VBQXdFO1lBQ3hFLHFFQUFxRTtZQUNyRSxnQ0FBZ0M7WUFDaEMsSUFBSSxLQUFLLENBQUMsV0FBVyxLQUFLLFFBQVEsRUFBRTtnQkFDbEMsZ0JBQVEsQ0FBQyxHQUFHLENBQUMsNEdBQTRHLENBQUMsQ0FBQztnQkFDM0gsSUFBSSxDQUFDLGtCQUFrQixHQUFHLGdDQUFnQyxDQUFDO2FBQzVEO2lCQUFNO2dCQUNMLGtFQUFrRTtnQkFDbEUsNkRBQTZEO2dCQUM3RCxnQkFBUSxDQUFDLEdBQUcsQ0FBQyw2REFBNkQsSUFBSSxDQUFDLFNBQVMsQ0FBQyxLQUFLLENBQUMsRUFBRSxDQUFDLENBQUM7YUFDcEc7U0FDRjtRQUVELG1FQUFtRTtRQUNuRSxNQUFNLGNBQWMsQ0FBQyxRQUFRLEVBQUUsSUFBSSxDQUFDLENBQUM7S0FDdEM7QUFDSCxDQUFDO0FBbkRELDBCQW1EQztBQUVELFNBQVMsY0FBYyxDQUNyQixVQUF5RixFQUN6RixrQkFBMEMsRUFBRztJQUU3QyxzRUFBc0U7SUFDdEUsdUJBQXVCO0lBQ3ZCLE1BQU0sa0JBQWtCLEdBQUcsZUFBZSxDQUFDLGtCQUFrQixJQUFJLFVBQVUsQ0FBQyxrQkFBa0IsSUFBSSxVQUFVLENBQUMsU0FBUyxDQUFDO0lBRXZILGtFQUFrRTtJQUNsRSxJQUFJLFVBQVUsQ0FBQyxXQUFXLEtBQUssUUFBUSxJQUFJLGtCQUFrQixLQUFLLFVBQVUsQ0FBQyxrQkFBa0IsRUFBRTtRQUMvRixNQUFNLElBQUksS0FBSyxDQUFDLHdEQUF3RCxVQUFVLENBQUMsa0JBQWtCLFNBQVMsZUFBZSxDQUFDLGtCQUFrQixtQkFBbUIsQ0FBQyxDQUFDO0tBQ3RLO0lBRUQsMERBQTBEO0lBQzFELE9BQU87UUFDTCxHQUFHLFVBQVU7UUFDYixHQUFHLGVBQWU7UUFDbEIsa0JBQWtCLEVBQUUsa0JBQWtCO0tBQ3ZDLENBQUM7QUFDSixDQUFDO0FBRUQsS0FBSyxVQUFVLGNBQWMsQ0FBQyxNQUE0QixFQUFFLEtBQWU7SUFDekUsTUFBTSxJQUFJLEdBQW1EO1FBQzNELE1BQU0sRUFBRSxNQUFNO1FBQ2QsTUFBTSxFQUFFLEtBQUssQ0FBQyxNQUFNLElBQUksTUFBTTtRQUM5QixPQUFPLEVBQUUsS0FBSyxDQUFDLE9BQU87UUFDdEIsU0FBUyxFQUFFLEtBQUssQ0FBQyxTQUFTO1FBQzFCLGtCQUFrQixFQUFFLEtBQUssQ0FBQyxrQkFBa0IsSUFBSSwwQkFBMEI7UUFDMUUsaUJBQWlCLEVBQUUsS0FBSyxDQUFDLGlCQUFpQjtRQUMxQyxNQUFNLEVBQUUsS0FBSyxDQUFDLE1BQU07UUFDcEIsSUFBSSxFQUFFLEtBQUssQ0FBQyxJQUFJO0tBQ2pCLENBQUM7SUFFRixnQkFBUSxDQUFDLEdBQUcsQ0FBQyxtQ0FBbUMsRUFBRSxJQUFJLENBQUMsQ0FBQztJQUV4RCxNQUFNLFlBQVksR0FBRyxJQUFJLENBQUMsU0FBUyxDQUFDLElBQUksQ0FBQyxDQUFDO0lBQzFDLE1BQU0sU0FBUyxHQUFHLEdBQUcsQ0FBQyxLQUFLLENBQUMsS0FBSyxDQUFDLFdBQVcsQ0FBQyxDQUFDO0lBQy9DLE1BQU0sR0FBRyxHQUFHO1FBQ1YsUUFBUSxFQUFFLFNBQVMsQ0FBQyxRQUFRO1FBQzVCLElBQUksRUFBRSxTQUFTLENBQUMsSUFBSTtRQUNwQixNQUFNLEVBQUUsS0FBSztRQUNiLE9BQU8sRUFBRSxFQUFFLGNBQWMsRUFBRSxFQUFFLEVBQUUsZ0JBQWdCLEVBQUUsWUFBWSxDQUFDLE1BQU0sRUFBRTtLQUN2RSxDQUFDO0lBRUYsTUFBTSxnQkFBUSxDQUFDLGVBQWUsQ0FBQyxHQUFHLEVBQUUsWUFBWSxDQUFDLENBQUM7QUFDcEQsQ0FBQztBQUVELEtBQUssVUFBVSxzQkFBc0IsQ0FBQyxPQUE2QixFQUFFLFlBQW9CO0lBQ3ZGLE9BQU8sSUFBSSxPQUFPLENBQUMsQ0FBQyxPQUFPLEVBQUUsTUFBTSxFQUFFLEVBQUU7UUFDckMsSUFBSTtZQUNGLE1BQU0sT0FBTyxHQUFHLEtBQUssQ0FBQyxPQUFPLENBQUMsT0FBTyxFQUFFLENBQUMsQ0FBQyxFQUFFLENBQUMsT0FBTyxFQUFFLENBQUMsQ0FBQztZQUN2RCxPQUFPLENBQUMsRUFBRSxDQUFDLE9BQU8sRUFBRSxNQUFNLENBQUMsQ0FBQztZQUM1QixPQUFPLENBQUMsS0FBSyxDQUFDLFlBQVksQ0FBQyxDQUFDO1lBQzVCLE9BQU8sQ0FBQyxHQUFHLEVBQUUsQ0FBQztTQUNmO1FBQUMsT0FBTyxDQUFDLEVBQUU7WUFDVixNQUFNLENBQUMsQ0FBQyxDQUFDLENBQUM7U0FDWDtJQUNILENBQUMsQ0FBQyxDQUFDO0FBQ0wsQ0FBQztBQUVELFNBQVMsVUFBVSxDQUFDLEdBQVcsRUFBRSxHQUFHLE1BQWE7SUFDL0Msc0NBQXNDO0lBQ3RDLE9BQU8sQ0FBQyxHQUFHLENBQUMsR0FBRyxFQUFFLEdBQUcsTUFBTSxDQUFDLENBQUM7QUFDOUIsQ0FBQyIsInNvdXJjZXNDb250ZW50IjpbImltcG9ydCAqIGFzIGh0dHBzIGZyb20gJ2h0dHBzJztcbmltcG9ydCAqIGFzIHVybCBmcm9tICd1cmwnO1xuXG4vLyBmb3IgdW5pdCB0ZXN0c1xuZXhwb3J0IGNvbnN0IGV4dGVybmFsID0ge1xuICBzZW5kSHR0cFJlcXVlc3Q6IGRlZmF1bHRTZW5kSHR0cFJlcXVlc3QsXG4gIGxvZzogZGVmYXVsdExvZyxcbiAgaW5jbHVkZVN0YWNrVHJhY2VzOiB0cnVlLFxuICB1c2VySGFuZGxlckluZGV4OiAnLi9pbmRleCcsXG59O1xuXG5jb25zdCBDUkVBVEVfRkFJTEVEX1BIWVNJQ0FMX0lEX01BUktFUiA9ICdBV1NDREs6OkN1c3RvbVJlc291cmNlUHJvdmlkZXJGcmFtZXdvcms6OkNSRUFURV9GQUlMRUQnO1xuY29uc3QgTUlTU0lOR19QSFlTSUNBTF9JRF9NQVJLRVIgPSAnQVdTQ0RLOjpDdXN0b21SZXNvdXJjZVByb3ZpZGVyRnJhbWV3b3JrOjpNSVNTSU5HX1BIWVNJQ0FMX0lEJztcblxuZXhwb3J0IHR5cGUgUmVzcG9uc2UgPSBBV1NMYW1iZGEuQ2xvdWRGb3JtYXRpb25DdXN0b21SZXNvdXJjZUV2ZW50ICYgSGFuZGxlclJlc3BvbnNlO1xuZXhwb3J0IHR5cGUgSGFuZGxlciA9IChldmVudDogQVdTTGFtYmRhLkNsb3VkRm9ybWF0aW9uQ3VzdG9tUmVzb3VyY2VFdmVudCwgY29udGV4dDogQVdTTGFtYmRhLkNvbnRleHQpID0+IFByb21pc2U8SGFuZGxlclJlc3BvbnNlIHwgdm9pZD47XG5leHBvcnQgdHlwZSBIYW5kbGVyUmVzcG9uc2UgPSB1bmRlZmluZWQgfCB7XG4gIERhdGE/OiBhbnk7XG4gIFBoeXNpY2FsUmVzb3VyY2VJZD86IHN0cmluZztcbiAgUmVhc29uPzogc3RyaW5nO1xuICBOb0VjaG8/OiBib29sZWFuO1xufTtcblxuZXhwb3J0IGFzeW5jIGZ1bmN0aW9uIGhhbmRsZXIoZXZlbnQ6IEFXU0xhbWJkYS5DbG91ZEZvcm1hdGlvbkN1c3RvbVJlc291cmNlRXZlbnQsIGNvbnRleHQ6IEFXU0xhbWJkYS5Db250ZXh0KSB7XG4gIGNvbnN0IHNhbml0aXplZEV2ZW50ID0geyAuLi5ldmVudCwgUmVzcG9uc2VVUkw6ICcuLi4nIH07XG4gIGV4dGVybmFsLmxvZyhKU09OLnN0cmluZ2lmeShzYW5pdGl6ZWRFdmVudCwgdW5kZWZpbmVkLCAyKSk7XG5cbiAgLy8gaWdub3JlIERFTEVURSBldmVudCB3aGVuIHRoZSBwaHlzaWNhbCByZXNvdXJjZSBJRCBpcyB0aGUgbWFya2VyIHRoYXRcbiAgLy8gaW5kaWNhdGVzIHRoYXQgdGhpcyBERUxFVEUgaXMgYSBzdWJzZXF1ZW50IERFTEVURSB0byBhIGZhaWxlZCBDUkVBVEVcbiAgLy8gb3BlcmF0aW9uLlxuICBpZiAoZXZlbnQuUmVxdWVzdFR5cGUgPT09ICdEZWxldGUnICYmIGV2ZW50LlBoeXNpY2FsUmVzb3VyY2VJZCA9PT0gQ1JFQVRFX0ZBSUxFRF9QSFlTSUNBTF9JRF9NQVJLRVIpIHtcbiAgICBleHRlcm5hbC5sb2coJ2lnbm9yaW5nIERFTEVURSBldmVudCBjYXVzZWQgYnkgYSBmYWlsZWQgQ1JFQVRFIGV2ZW50Jyk7XG4gICAgYXdhaXQgc3VibWl0UmVzcG9uc2UoJ1NVQ0NFU1MnLCBldmVudCk7XG4gICAgcmV0dXJuO1xuICB9XG5cbiAgdHJ5IHtcbiAgICAvLyBpbnZva2UgdGhlIHVzZXIgaGFuZGxlci4gdGhpcyBpcyBpbnRlbnRpb25hbGx5IGluc2lkZSB0aGUgdHJ5LWNhdGNoIHRvXG4gICAgLy8gZW5zdXJlIHRoYXQgaWYgdGhlcmUgaXMgYW4gZXJyb3IgaXQncyByZXBvcnRlZCBhcyBhIGZhaWx1cmUgdG9cbiAgICAvLyBjbG91ZGZvcm1hdGlvbiAob3RoZXJ3aXNlIGNmbiB3YWl0cykuXG4gICAgLy8gZXNsaW50LWRpc2FibGUtbmV4dC1saW5lIEB0eXBlc2NyaXB0LWVzbGludC9uby1yZXF1aXJlLWltcG9ydHNcbiAgICBjb25zdCB1c2VySGFuZGxlcjogSGFuZGxlciA9IHJlcXVpcmUoZXh0ZXJuYWwudXNlckhhbmRsZXJJbmRleCkuaGFuZGxlcjtcbiAgICBjb25zdCByZXN1bHQgPSBhd2FpdCB1c2VySGFuZGxlcihzYW5pdGl6ZWRFdmVudCwgY29udGV4dCk7XG5cbiAgICAvLyB2YWxpZGF0ZSB1c2VyIHJlc3BvbnNlIGFuZCBjcmVhdGUgdGhlIGNvbWJpbmVkIGV2ZW50XG4gICAgY29uc3QgcmVzcG9uc2VFdmVudCA9IHJlbmRlclJlc3BvbnNlKGV2ZW50LCByZXN1bHQpO1xuXG4gICAgLy8gc3VibWl0IHRvIGNmbiBhcyBzdWNjZXNzXG4gICAgYXdhaXQgc3VibWl0UmVzcG9uc2UoJ1NVQ0NFU1MnLCByZXNwb25zZUV2ZW50KTtcbiAgfSBjYXRjaCAoZSkge1xuICAgIGNvbnN0IHJlc3A6IFJlc3BvbnNlID0ge1xuICAgICAgLi4uZXZlbnQsXG4gICAgICBSZWFzb246IGV4dGVybmFsLmluY2x1ZGVTdGFja1RyYWNlcyA/IGUuc3RhY2sgOiBlLm1lc3NhZ2UsXG4gICAgfTtcblxuICAgIGlmICghcmVzcC5QaHlzaWNhbFJlc291cmNlSWQpIHtcbiAgICAgIC8vIHNwZWNpYWwgY2FzZTogaWYgQ1JFQVRFIGZhaWxzLCB3aGljaCB1c3VhbGx5IGltcGxpZXMsIHdlIHVzdWFsbHkgZG9uJ3RcbiAgICAgIC8vIGhhdmUgYSBwaHlzaWNhbCByZXNvdXJjZSBpZC4gaW4gdGhpcyBjYXNlLCB0aGUgc3Vic2VxdWVudCBERUxFVEVcbiAgICAgIC8vIG9wZXJhdGlvbiBkb2VzIG5vdCBoYXZlIGFueSBtZWFuaW5nLCBhbmQgd2lsbCBsaWtlbHkgZmFpbCBhcyB3ZWxsLiB0b1xuICAgICAgLy8gYWRkcmVzcyB0aGlzLCB3ZSB1c2UgYSBtYXJrZXIgc28gdGhlIHByb3ZpZGVyIGZyYW1ld29yayBjYW4gc2ltcGx5XG4gICAgICAvLyBpZ25vcmUgdGhlIHN1YnNlcXVlbnQgREVMRVRFLlxuICAgICAgaWYgKGV2ZW50LlJlcXVlc3RUeXBlID09PSAnQ3JlYXRlJykge1xuICAgICAgICBleHRlcm5hbC5sb2coJ0NSRUFURSBmYWlsZWQsIHJlc3BvbmRpbmcgd2l0aCBhIG1hcmtlciBwaHlzaWNhbCByZXNvdXJjZSBpZCBzbyB0aGF0IHRoZSBzdWJzZXF1ZW50IERFTEVURSB3aWxsIGJlIGlnbm9yZWQnKTtcbiAgICAgICAgcmVzcC5QaHlzaWNhbFJlc291cmNlSWQgPSBDUkVBVEVfRkFJTEVEX1BIWVNJQ0FMX0lEX01BUktFUjtcbiAgICAgIH0gZWxzZSB7XG4gICAgICAgIC8vIG90aGVyd2lzZSwgaWYgUGh5c2ljYWxSZXNvdXJjZUlkIGlzIG5vdCBzcGVjaWZpZWQsIHNvbWV0aGluZyBpc1xuICAgICAgICAvLyB0ZXJyaWJseSB3cm9uZyBiZWNhdXNlIGFsbCBvdGhlciBldmVudHMgc2hvdWxkIGhhdmUgYW4gSUQuXG4gICAgICAgIGV4dGVybmFsLmxvZyhgRVJST1I6IE1hbGZvcm1lZCBldmVudC4gXCJQaHlzaWNhbFJlc291cmNlSWRcIiBpcyByZXF1aXJlZDogJHtKU09OLnN0cmluZ2lmeShldmVudCl9YCk7XG4gICAgICB9XG4gICAgfVxuXG4gICAgLy8gdGhpcyBpcyBhbiBhY3R1YWwgZXJyb3IsIGZhaWwgdGhlIGFjdGl2aXR5IGFsdG9nZXRoZXIgYW5kIGV4aXN0LlxuICAgIGF3YWl0IHN1Ym1pdFJlc3BvbnNlKCdGQUlMRUQnLCByZXNwKTtcbiAgfVxufVxuXG5mdW5jdGlvbiByZW5kZXJSZXNwb25zZShcbiAgY2ZuUmVxdWVzdDogQVdTTGFtYmRhLkNsb3VkRm9ybWF0aW9uQ3VzdG9tUmVzb3VyY2VFdmVudCAmIHsgUGh5c2ljYWxSZXNvdXJjZUlkPzogc3RyaW5nIH0sXG4gIGhhbmRsZXJSZXNwb25zZTogdm9pZCB8IEhhbmRsZXJSZXNwb25zZSA9IHsgfSk6IFJlc3BvbnNlIHtcblxuICAvLyBpZiBwaHlzaWNhbCBJRCBpcyBub3QgcmV0dXJuZWQsIHdlIGhhdmUgc29tZSBkZWZhdWx0cyBmb3IgeW91IGJhc2VkXG4gIC8vIG9uIHRoZSByZXF1ZXN0IHR5cGUuXG4gIGNvbnN0IHBoeXNpY2FsUmVzb3VyY2VJZCA9IGhhbmRsZXJSZXNwb25zZS5QaHlzaWNhbFJlc291cmNlSWQgPz8gY2ZuUmVxdWVzdC5QaHlzaWNhbFJlc291cmNlSWQgPz8gY2ZuUmVxdWVzdC5SZXF1ZXN0SWQ7XG5cbiAgLy8gaWYgd2UgYXJlIGluIERFTEVURSBhbmQgcGh5c2ljYWwgSUQgd2FzIGNoYW5nZWQsIGl0J3MgYW4gZXJyb3IuXG4gIGlmIChjZm5SZXF1ZXN0LlJlcXVlc3RUeXBlID09PSAnRGVsZXRlJyAmJiBwaHlzaWNhbFJlc291cmNlSWQgIT09IGNmblJlcXVlc3QuUGh5c2ljYWxSZXNvdXJjZUlkKSB7XG4gICAgdGhyb3cgbmV3IEVycm9yKGBERUxFVEU6IGNhbm5vdCBjaGFuZ2UgdGhlIHBoeXNpY2FsIHJlc291cmNlIElEIGZyb20gXCIke2NmblJlcXVlc3QuUGh5c2ljYWxSZXNvdXJjZUlkfVwiIHRvIFwiJHtoYW5kbGVyUmVzcG9uc2UuUGh5c2ljYWxSZXNvdXJjZUlkfVwiIGR1cmluZyBkZWxldGlvbmApO1xuICB9XG5cbiAgLy8gbWVyZ2UgcmVxdWVzdCBldmVudCBhbmQgcmVzdWx0IGV2ZW50IChyZXN1bHQgcHJldmFpbHMpLlxuICByZXR1cm4ge1xuICAgIC4uLmNmblJlcXVlc3QsXG4gICAgLi4uaGFuZGxlclJlc3BvbnNlLFxuICAgIFBoeXNpY2FsUmVzb3VyY2VJZDogcGh5c2ljYWxSZXNvdXJjZUlkLFxuICB9O1xufVxuXG5hc3luYyBmdW5jdGlvbiBzdWJtaXRSZXNwb25zZShzdGF0dXM6ICdTVUNDRVNTJyB8ICdGQUlMRUQnLCBldmVudDogUmVzcG9uc2UpIHtcbiAgY29uc3QganNvbjogQVdTTGFtYmRhLkNsb3VkRm9ybWF0aW9uQ3VzdG9tUmVzb3VyY2VSZXNwb25zZSA9IHtcbiAgICBTdGF0dXM6IHN0YXR1cyxcbiAgICBSZWFzb246IGV2ZW50LlJlYXNvbiA/PyBzdGF0dXMsXG4gICAgU3RhY2tJZDogZXZlbnQuU3RhY2tJZCxcbiAgICBSZXF1ZXN0SWQ6IGV2ZW50LlJlcXVlc3RJZCxcbiAgICBQaHlzaWNhbFJlc291cmNlSWQ6IGV2ZW50LlBoeXNpY2FsUmVzb3VyY2VJZCB8fCBNSVNTSU5HX1BIWVNJQ0FMX0lEX01BUktFUixcbiAgICBMb2dpY2FsUmVzb3VyY2VJZDogZXZlbnQuTG9naWNhbFJlc291cmNlSWQsXG4gICAgTm9FY2hvOiBldmVudC5Ob0VjaG8sXG4gICAgRGF0YTogZXZlbnQuRGF0YSxcbiAgfTtcblxuICBleHRlcm5hbC5sb2coJ3N1Ym1pdCByZXNwb25zZSB0byBjbG91ZGZvcm1hdGlvbicsIGpzb24pO1xuXG4gIGNvbnN0IHJlc3BvbnNlQm9keSA9IEpTT04uc3RyaW5naWZ5KGpzb24pO1xuICBjb25zdCBwYXJzZWRVcmwgPSB1cmwucGFyc2UoZXZlbnQuUmVzcG9uc2VVUkwpO1xuICBjb25zdCByZXEgPSB7XG4gICAgaG9zdG5hbWU6IHBhcnNlZFVybC5ob3N0bmFtZSxcbiAgICBwYXRoOiBwYXJzZWRVcmwucGF0aCxcbiAgICBtZXRob2Q6ICdQVVQnLFxuICAgIGhlYWRlcnM6IHsgJ2NvbnRlbnQtdHlwZSc6ICcnLCAnY29udGVudC1sZW5ndGgnOiByZXNwb25zZUJvZHkubGVuZ3RoIH0sXG4gIH07XG5cbiAgYXdhaXQgZXh0ZXJuYWwuc2VuZEh0dHBSZXF1ZXN0KHJlcSwgcmVzcG9uc2VCb2R5KTtcbn1cblxuYXN5bmMgZnVuY3Rpb24gZGVmYXVsdFNlbmRIdHRwUmVxdWVzdChvcHRpb25zOiBodHRwcy5SZXF1ZXN0T3B0aW9ucywgcmVzcG9uc2VCb2R5OiBzdHJpbmcpOiBQcm9taXNlPHZvaWQ+IHtcbiAgcmV0dXJuIG5ldyBQcm9taXNlKChyZXNvbHZlLCByZWplY3QpID0+IHtcbiAgICB0cnkge1xuICAgICAgY29uc3QgcmVxdWVzdCA9IGh0dHBzLnJlcXVlc3Qob3B0aW9ucywgXyA9PiByZXNvbHZlKCkpO1xuICAgICAgcmVxdWVzdC5vbignZXJyb3InLCByZWplY3QpO1xuICAgICAgcmVxdWVzdC53cml0ZShyZXNwb25zZUJvZHkpO1xuICAgICAgcmVxdWVzdC5lbmQoKTtcbiAgICB9IGNhdGNoIChlKSB7XG4gICAgICByZWplY3QoZSk7XG4gICAgfVxuICB9KTtcbn1cblxuZnVuY3Rpb24gZGVmYXVsdExvZyhmbXQ6IHN0cmluZywgLi4ucGFyYW1zOiBhbnlbXSkge1xuICAvLyBlc2xpbnQtZGlzYWJsZS1uZXh0LWxpbmUgbm8tY29uc29sZVxuICBjb25zb2xlLmxvZyhmbXQsIC4uLnBhcmFtcyk7XG59XG4iXX0= \ No newline at end of file diff --git a/packages/@aws-cdk/aws-eks/test/integ.eks-oidc-provider.js.snapshot/asset.78989d876411e582ce92577de10ee129b12c1f09d8b77f9f45ce2b97cb53bad7/diff.d.ts b/packages/@aws-cdk/aws-eks/test/integ.eks-oidc-provider.js.snapshot/asset.78989d876411e582ce92577de10ee129b12c1f09d8b77f9f45ce2b97cb53bad7/diff.d.ts deleted file mode 100644 index 53962e1f09938..0000000000000 --- a/packages/@aws-cdk/aws-eks/test/integ.eks-oidc-provider.js.snapshot/asset.78989d876411e582ce92577de10ee129b12c1f09d8b77f9f45ce2b97cb53bad7/diff.d.ts +++ /dev/null @@ -1,4 +0,0 @@ -export declare function arrayDiff(oldValues: string[], newValues: string[]): { - adds: string[]; - deletes: string[]; -}; diff --git a/packages/@aws-cdk/aws-eks/test/integ.eks-oidc-provider.js.snapshot/asset.78989d876411e582ce92577de10ee129b12c1f09d8b77f9f45ce2b97cb53bad7/diff.ts b/packages/@aws-cdk/aws-eks/test/integ.eks-oidc-provider.js.snapshot/asset.78989d876411e582ce92577de10ee129b12c1f09d8b77f9f45ce2b97cb53bad7/diff.ts deleted file mode 100644 index 8a91e6ebddc53..0000000000000 --- a/packages/@aws-cdk/aws-eks/test/integ.eks-oidc-provider.js.snapshot/asset.78989d876411e582ce92577de10ee129b12c1f09d8b77f9f45ce2b97cb53bad7/diff.ts +++ /dev/null @@ -1,17 +0,0 @@ -export function arrayDiff(oldValues: string[], newValues: string[]) { - const deletes = new Set(oldValues); - const adds = new Set(); - - for (const v of new Set(newValues)) { - if (deletes.has(v)) { - deletes.delete(v); - } else { - adds.add(v); - } - } - - return { - adds: Array.from(adds), - deletes: Array.from(deletes), - }; -} diff --git a/packages/@aws-cdk/aws-eks/test/integ.eks-oidc-provider.js.snapshot/asset.78989d876411e582ce92577de10ee129b12c1f09d8b77f9f45ce2b97cb53bad7/external.d.ts b/packages/@aws-cdk/aws-eks/test/integ.eks-oidc-provider.js.snapshot/asset.78989d876411e582ce92577de10ee129b12c1f09d8b77f9f45ce2b97cb53bad7/external.d.ts deleted file mode 100644 index 8fe88b8f82209..0000000000000 --- a/packages/@aws-cdk/aws-eks/test/integ.eks-oidc-provider.js.snapshot/asset.78989d876411e582ce92577de10ee129b12c1f09d8b77f9f45ce2b97cb53bad7/external.d.ts +++ /dev/null @@ -1,24 +0,0 @@ -import * as aws from 'aws-sdk'; -declare function defaultLogger(fmt: string, ...args: any[]): void; -/** - * Downloads the CA thumbprint from the issuer URL - */ -declare function downloadThumbprint(issuerUrl: string): Promise; -export declare const external: { - downloadThumbprint: typeof downloadThumbprint; - log: typeof defaultLogger; - createOpenIDConnectProvider: (req: aws.IAM.CreateOpenIDConnectProviderRequest) => Promise>; - deleteOpenIDConnectProvider: (req: aws.IAM.DeleteOpenIDConnectProviderRequest) => Promise<{ - $response: aws.Response<{}, aws.AWSError>; - }>; - updateOpenIDConnectProviderThumbprint: (req: aws.IAM.UpdateOpenIDConnectProviderThumbprintRequest) => Promise<{ - $response: aws.Response<{}, aws.AWSError>; - }>; - addClientIDToOpenIDConnectProvider: (req: aws.IAM.AddClientIDToOpenIDConnectProviderRequest) => Promise<{ - $response: aws.Response<{}, aws.AWSError>; - }>; - removeClientIDFromOpenIDConnectProvider: (req: aws.IAM.RemoveClientIDFromOpenIDConnectProviderRequest) => Promise<{ - $response: aws.Response<{}, aws.AWSError>; - }>; -}; -export {}; diff --git a/packages/@aws-cdk/aws-eks/test/integ.eks-oidc-provider.js.snapshot/asset.78989d876411e582ce92577de10ee129b12c1f09d8b77f9f45ce2b97cb53bad7/external.js b/packages/@aws-cdk/aws-eks/test/integ.eks-oidc-provider.js.snapshot/asset.78989d876411e582ce92577de10ee129b12c1f09d8b77f9f45ce2b97cb53bad7/external.js deleted file mode 100644 index 2f6632aed7b13..0000000000000 --- a/packages/@aws-cdk/aws-eks/test/integ.eks-oidc-provider.js.snapshot/asset.78989d876411e582ce92577de10ee129b12c1f09d8b77f9f45ce2b97cb53bad7/external.js +++ /dev/null @@ -1,53 +0,0 @@ -"use strict"; -/* istanbul ignore file */ -Object.defineProperty(exports, "__esModule", { value: true }); -exports.external = void 0; -const tls = require("tls"); -const url = require("url"); -// eslint-disable-next-line import/no-extraneous-dependencies -const aws = require("aws-sdk"); -let client; -function iam() { - if (!client) { - client = new aws.IAM(); - } - return client; -} -function defaultLogger(fmt, ...args) { - // eslint-disable-next-line no-console - console.log(fmt, ...args); -} -/** - * Downloads the CA thumbprint from the issuer URL - */ -async function downloadThumbprint(issuerUrl) { - exports.external.log(`downloading certificate authority thumbprint for ${issuerUrl}`); - return new Promise((ok, ko) => { - const purl = url.parse(issuerUrl); - const port = purl.port ? parseInt(purl.port, 10) : 443; - if (!purl.host) { - return ko(new Error(`unable to determine host from issuer url ${issuerUrl}`)); - } - const socket = tls.connect(port, purl.host, { rejectUnauthorized: false, servername: purl.host }); - socket.once('error', ko); - socket.once('secureConnect', () => { - const cert = socket.getPeerCertificate(); - socket.end(); - const thumbprint = cert.fingerprint.split(':').join(''); - exports.external.log(`certificate authority thumbprint for ${issuerUrl} is ${thumbprint}`); - ok(thumbprint); - }); - }); -} -// allows unit test to replace with mocks -/* eslint-disable max-len */ -exports.external = { - downloadThumbprint, - log: defaultLogger, - createOpenIDConnectProvider: (req) => iam().createOpenIDConnectProvider(req).promise(), - deleteOpenIDConnectProvider: (req) => iam().deleteOpenIDConnectProvider(req).promise(), - updateOpenIDConnectProviderThumbprint: (req) => iam().updateOpenIDConnectProviderThumbprint(req).promise(), - addClientIDToOpenIDConnectProvider: (req) => iam().addClientIDToOpenIDConnectProvider(req).promise(), - removeClientIDFromOpenIDConnectProvider: (req) => iam().removeClientIDFromOpenIDConnectProvider(req).promise(), -}; -//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZXh0ZXJuYWwuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyJleHRlcm5hbC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiO0FBQUEsMEJBQTBCOzs7QUFFMUIsMkJBQTJCO0FBQzNCLDJCQUEyQjtBQUMzQiw2REFBNkQ7QUFDN0QsK0JBQStCO0FBRS9CLElBQUksTUFBZSxDQUFDO0FBRXBCLFNBQVMsR0FBRztJQUNWLElBQUksQ0FBQyxNQUFNLEVBQUU7UUFBRSxNQUFNLEdBQUcsSUFBSSxHQUFHLENBQUMsR0FBRyxFQUFFLENBQUM7S0FBRTtJQUN4QyxPQUFPLE1BQU0sQ0FBQztBQUNoQixDQUFDO0FBRUQsU0FBUyxhQUFhLENBQUMsR0FBVyxFQUFFLEdBQUcsSUFBVztJQUNoRCxzQ0FBc0M7SUFDdEMsT0FBTyxDQUFDLEdBQUcsQ0FBQyxHQUFHLEVBQUUsR0FBRyxJQUFJLENBQUMsQ0FBQztBQUM1QixDQUFDO0FBRUQ7O0dBRUc7QUFDSCxLQUFLLFVBQVUsa0JBQWtCLENBQUMsU0FBaUI7SUFDakQsZ0JBQVEsQ0FBQyxHQUFHLENBQUMsb0RBQW9ELFNBQVMsRUFBRSxDQUFDLENBQUM7SUFDOUUsT0FBTyxJQUFJLE9BQU8sQ0FBUyxDQUFDLEVBQUUsRUFBRSxFQUFFLEVBQUUsRUFBRTtRQUNwQyxNQUFNLElBQUksR0FBRyxHQUFHLENBQUMsS0FBSyxDQUFDLFNBQVMsQ0FBQyxDQUFDO1FBQ2xDLE1BQU0sSUFBSSxHQUFHLElBQUksQ0FBQyxJQUFJLENBQUMsQ0FBQyxDQUFDLFFBQVEsQ0FBQyxJQUFJLENBQUMsSUFBSSxFQUFFLEVBQUUsQ0FBQyxDQUFDLENBQUMsQ0FBQyxHQUFHLENBQUM7UUFDdkQsSUFBSSxDQUFDLElBQUksQ0FBQyxJQUFJLEVBQUU7WUFDZCxPQUFPLEVBQUUsQ0FBQyxJQUFJLEtBQUssQ0FBQyw0Q0FBNEMsU0FBUyxFQUFFLENBQUMsQ0FBQyxDQUFDO1NBQy9FO1FBQ0QsTUFBTSxNQUFNLEdBQUcsR0FBRyxDQUFDLE9BQU8sQ0FBQyxJQUFJLEVBQUUsSUFBSSxDQUFDLElBQUksRUFBRSxFQUFFLGtCQUFrQixFQUFFLEtBQUssRUFBRSxVQUFVLEVBQUUsSUFBSSxDQUFDLElBQUksRUFBRSxDQUFDLENBQUM7UUFDbEcsTUFBTSxDQUFDLElBQUksQ0FBQyxPQUFPLEVBQUUsRUFBRSxDQUFDLENBQUM7UUFDekIsTUFBTSxDQUFDLElBQUksQ0FBQyxlQUFlLEVBQUUsR0FBRyxFQUFFO1lBQ2hDLE1BQU0sSUFBSSxHQUFHLE1BQU0sQ0FBQyxrQkFBa0IsRUFBRSxDQUFDO1lBQ3pDLE1BQU0sQ0FBQyxHQUFHLEVBQUUsQ0FBQztZQUNiLE1BQU0sVUFBVSxHQUFHLElBQUksQ0FBQyxXQUFXLENBQUMsS0FBSyxDQUFDLEdBQUcsQ0FBQyxDQUFDLElBQUksQ0FBQyxFQUFFLENBQUMsQ0FBQztZQUN4RCxnQkFBUSxDQUFDLEdBQUcsQ0FBQyx3Q0FBd0MsU0FBUyxPQUFPLFVBQVUsRUFBRSxDQUFDLENBQUM7WUFDbkYsRUFBRSxDQUFDLFVBQVUsQ0FBQyxDQUFDO1FBQ2pCLENBQUMsQ0FBQyxDQUFDO0lBQ0wsQ0FBQyxDQUFDLENBQUM7QUFDTCxDQUFDO0FBRUQseUNBQXlDO0FBQ3pDLDRCQUE0QjtBQUNmLFFBQUEsUUFBUSxHQUFHO0lBQ3RCLGtCQUFrQjtJQUNsQixHQUFHLEVBQUUsYUFBYTtJQUNsQiwyQkFBMkIsRUFBRSxDQUFDLEdBQStDLEVBQUUsRUFBRSxDQUFDLEdBQUcsRUFBRSxDQUFDLDJCQUEyQixDQUFDLEdBQUcsQ0FBQyxDQUFDLE9BQU8sRUFBRTtJQUNsSSwyQkFBMkIsRUFBRSxDQUFDLEdBQStDLEVBQUUsRUFBRSxDQUFDLEdBQUcsRUFBRSxDQUFDLDJCQUEyQixDQUFDLEdBQUcsQ0FBQyxDQUFDLE9BQU8sRUFBRTtJQUNsSSxxQ0FBcUMsRUFBRSxDQUFDLEdBQXlELEVBQUUsRUFBRSxDQUFDLEdBQUcsRUFBRSxDQUFDLHFDQUFxQyxDQUFDLEdBQUcsQ0FBQyxDQUFDLE9BQU8sRUFBRTtJQUNoSyxrQ0FBa0MsRUFBRSxDQUFDLEdBQXNELEVBQUUsRUFBRSxDQUFDLEdBQUcsRUFBRSxDQUFDLGtDQUFrQyxDQUFDLEdBQUcsQ0FBQyxDQUFDLE9BQU8sRUFBRTtJQUN2Six1Q0FBdUMsRUFBRSxDQUFDLEdBQTJELEVBQUUsRUFBRSxDQUFDLEdBQUcsRUFBRSxDQUFDLHVDQUF1QyxDQUFDLEdBQUcsQ0FBQyxDQUFDLE9BQU8sRUFBRTtDQUN2SyxDQUFDIiwic291cmNlc0NvbnRlbnQiOlsiLyogaXN0YW5idWwgaWdub3JlIGZpbGUgKi9cblxuaW1wb3J0ICogYXMgdGxzIGZyb20gJ3Rscyc7XG5pbXBvcnQgKiBhcyB1cmwgZnJvbSAndXJsJztcbi8vIGVzbGludC1kaXNhYmxlLW5leHQtbGluZSBpbXBvcnQvbm8tZXh0cmFuZW91cy1kZXBlbmRlbmNpZXNcbmltcG9ydCAqIGFzIGF3cyBmcm9tICdhd3Mtc2RrJztcblxubGV0IGNsaWVudDogYXdzLklBTTtcblxuZnVuY3Rpb24gaWFtKCkge1xuICBpZiAoIWNsaWVudCkgeyBjbGllbnQgPSBuZXcgYXdzLklBTSgpOyB9XG4gIHJldHVybiBjbGllbnQ7XG59XG5cbmZ1bmN0aW9uIGRlZmF1bHRMb2dnZXIoZm10OiBzdHJpbmcsIC4uLmFyZ3M6IGFueVtdKSB7XG4gIC8vIGVzbGludC1kaXNhYmxlLW5leHQtbGluZSBuby1jb25zb2xlXG4gIGNvbnNvbGUubG9nKGZtdCwgLi4uYXJncyk7XG59XG5cbi8qKlxuICogRG93bmxvYWRzIHRoZSBDQSB0aHVtYnByaW50IGZyb20gdGhlIGlzc3VlciBVUkxcbiAqL1xuYXN5bmMgZnVuY3Rpb24gZG93bmxvYWRUaHVtYnByaW50KGlzc3VlclVybDogc3RyaW5nKSB7XG4gIGV4dGVybmFsLmxvZyhgZG93bmxvYWRpbmcgY2VydGlmaWNhdGUgYXV0aG9yaXR5IHRodW1icHJpbnQgZm9yICR7aXNzdWVyVXJsfWApO1xuICByZXR1cm4gbmV3IFByb21pc2U8c3RyaW5nPigob2ssIGtvKSA9PiB7XG4gICAgY29uc3QgcHVybCA9IHVybC5wYXJzZShpc3N1ZXJVcmwpO1xuICAgIGNvbnN0IHBvcnQgPSBwdXJsLnBvcnQgPyBwYXJzZUludChwdXJsLnBvcnQsIDEwKSA6IDQ0MztcbiAgICBpZiAoIXB1cmwuaG9zdCkge1xuICAgICAgcmV0dXJuIGtvKG5ldyBFcnJvcihgdW5hYmxlIHRvIGRldGVybWluZSBob3N0IGZyb20gaXNzdWVyIHVybCAke2lzc3VlclVybH1gKSk7XG4gICAgfVxuICAgIGNvbnN0IHNvY2tldCA9IHRscy5jb25uZWN0KHBvcnQsIHB1cmwuaG9zdCwgeyByZWplY3RVbmF1dGhvcml6ZWQ6IGZhbHNlLCBzZXJ2ZXJuYW1lOiBwdXJsLmhvc3QgfSk7XG4gICAgc29ja2V0Lm9uY2UoJ2Vycm9yJywga28pO1xuICAgIHNvY2tldC5vbmNlKCdzZWN1cmVDb25uZWN0JywgKCkgPT4ge1xuICAgICAgY29uc3QgY2VydCA9IHNvY2tldC5nZXRQZWVyQ2VydGlmaWNhdGUoKTtcbiAgICAgIHNvY2tldC5lbmQoKTtcbiAgICAgIGNvbnN0IHRodW1icHJpbnQgPSBjZXJ0LmZpbmdlcnByaW50LnNwbGl0KCc6Jykuam9pbignJyk7XG4gICAgICBleHRlcm5hbC5sb2coYGNlcnRpZmljYXRlIGF1dGhvcml0eSB0aHVtYnByaW50IGZvciAke2lzc3VlclVybH0gaXMgJHt0aHVtYnByaW50fWApO1xuICAgICAgb2sodGh1bWJwcmludCk7XG4gICAgfSk7XG4gIH0pO1xufVxuXG4vLyBhbGxvd3MgdW5pdCB0ZXN0IHRvIHJlcGxhY2Ugd2l0aCBtb2Nrc1xuLyogZXNsaW50LWRpc2FibGUgbWF4LWxlbiAqL1xuZXhwb3J0IGNvbnN0IGV4dGVybmFsID0ge1xuICBkb3dubG9hZFRodW1icHJpbnQsXG4gIGxvZzogZGVmYXVsdExvZ2dlcixcbiAgY3JlYXRlT3BlbklEQ29ubmVjdFByb3ZpZGVyOiAocmVxOiBhd3MuSUFNLkNyZWF0ZU9wZW5JRENvbm5lY3RQcm92aWRlclJlcXVlc3QpID0+IGlhbSgpLmNyZWF0ZU9wZW5JRENvbm5lY3RQcm92aWRlcihyZXEpLnByb21pc2UoKSxcbiAgZGVsZXRlT3BlbklEQ29ubmVjdFByb3ZpZGVyOiAocmVxOiBhd3MuSUFNLkRlbGV0ZU9wZW5JRENvbm5lY3RQcm92aWRlclJlcXVlc3QpID0+IGlhbSgpLmRlbGV0ZU9wZW5JRENvbm5lY3RQcm92aWRlcihyZXEpLnByb21pc2UoKSxcbiAgdXBkYXRlT3BlbklEQ29ubmVjdFByb3ZpZGVyVGh1bWJwcmludDogKHJlcTogYXdzLklBTS5VcGRhdGVPcGVuSURDb25uZWN0UHJvdmlkZXJUaHVtYnByaW50UmVxdWVzdCkgPT4gaWFtKCkudXBkYXRlT3BlbklEQ29ubmVjdFByb3ZpZGVyVGh1bWJwcmludChyZXEpLnByb21pc2UoKSxcbiAgYWRkQ2xpZW50SURUb09wZW5JRENvbm5lY3RQcm92aWRlcjogKHJlcTogYXdzLklBTS5BZGRDbGllbnRJRFRvT3BlbklEQ29ubmVjdFByb3ZpZGVyUmVxdWVzdCkgPT4gaWFtKCkuYWRkQ2xpZW50SURUb09wZW5JRENvbm5lY3RQcm92aWRlcihyZXEpLnByb21pc2UoKSxcbiAgcmVtb3ZlQ2xpZW50SURGcm9tT3BlbklEQ29ubmVjdFByb3ZpZGVyOiAocmVxOiBhd3MuSUFNLlJlbW92ZUNsaWVudElERnJvbU9wZW5JRENvbm5lY3RQcm92aWRlclJlcXVlc3QpID0+IGlhbSgpLnJlbW92ZUNsaWVudElERnJvbU9wZW5JRENvbm5lY3RQcm92aWRlcihyZXEpLnByb21pc2UoKSxcbn07XG4iXX0= \ No newline at end of file diff --git a/packages/@aws-cdk/aws-eks/test/integ.eks-oidc-provider.js.snapshot/asset.78989d876411e582ce92577de10ee129b12c1f09d8b77f9f45ce2b97cb53bad7/external.ts b/packages/@aws-cdk/aws-eks/test/integ.eks-oidc-provider.js.snapshot/asset.78989d876411e582ce92577de10ee129b12c1f09d8b77f9f45ce2b97cb53bad7/external.ts deleted file mode 100644 index 4ad18aed4f17d..0000000000000 --- a/packages/@aws-cdk/aws-eks/test/integ.eks-oidc-provider.js.snapshot/asset.78989d876411e582ce92577de10ee129b12c1f09d8b77f9f45ce2b97cb53bad7/external.ts +++ /dev/null @@ -1,53 +0,0 @@ -/* istanbul ignore file */ - -import * as tls from 'tls'; -import * as url from 'url'; -// eslint-disable-next-line import/no-extraneous-dependencies -import * as aws from 'aws-sdk'; - -let client: aws.IAM; - -function iam() { - if (!client) { client = new aws.IAM(); } - return client; -} - -function defaultLogger(fmt: string, ...args: any[]) { - // eslint-disable-next-line no-console - console.log(fmt, ...args); -} - -/** - * Downloads the CA thumbprint from the issuer URL - */ -async function downloadThumbprint(issuerUrl: string) { - external.log(`downloading certificate authority thumbprint for ${issuerUrl}`); - return new Promise((ok, ko) => { - const purl = url.parse(issuerUrl); - const port = purl.port ? parseInt(purl.port, 10) : 443; - if (!purl.host) { - return ko(new Error(`unable to determine host from issuer url ${issuerUrl}`)); - } - const socket = tls.connect(port, purl.host, { rejectUnauthorized: false, servername: purl.host }); - socket.once('error', ko); - socket.once('secureConnect', () => { - const cert = socket.getPeerCertificate(); - socket.end(); - const thumbprint = cert.fingerprint.split(':').join(''); - external.log(`certificate authority thumbprint for ${issuerUrl} is ${thumbprint}`); - ok(thumbprint); - }); - }); -} - -// allows unit test to replace with mocks -/* eslint-disable max-len */ -export const external = { - downloadThumbprint, - log: defaultLogger, - createOpenIDConnectProvider: (req: aws.IAM.CreateOpenIDConnectProviderRequest) => iam().createOpenIDConnectProvider(req).promise(), - deleteOpenIDConnectProvider: (req: aws.IAM.DeleteOpenIDConnectProviderRequest) => iam().deleteOpenIDConnectProvider(req).promise(), - updateOpenIDConnectProviderThumbprint: (req: aws.IAM.UpdateOpenIDConnectProviderThumbprintRequest) => iam().updateOpenIDConnectProviderThumbprint(req).promise(), - addClientIDToOpenIDConnectProvider: (req: aws.IAM.AddClientIDToOpenIDConnectProviderRequest) => iam().addClientIDToOpenIDConnectProvider(req).promise(), - removeClientIDFromOpenIDConnectProvider: (req: aws.IAM.RemoveClientIDFromOpenIDConnectProviderRequest) => iam().removeClientIDFromOpenIDConnectProvider(req).promise(), -}; diff --git a/packages/@aws-cdk/aws-eks/test/integ.eks-oidc-provider.js.snapshot/asset.78989d876411e582ce92577de10ee129b12c1f09d8b77f9f45ce2b97cb53bad7/index.d.ts b/packages/@aws-cdk/aws-eks/test/integ.eks-oidc-provider.js.snapshot/asset.78989d876411e582ce92577de10ee129b12c1f09d8b77f9f45ce2b97cb53bad7/index.d.ts deleted file mode 100644 index 038b626561d4a..0000000000000 --- a/packages/@aws-cdk/aws-eks/test/integ.eks-oidc-provider.js.snapshot/asset.78989d876411e582ce92577de10ee129b12c1f09d8b77f9f45ce2b97cb53bad7/index.d.ts +++ /dev/null @@ -1,3 +0,0 @@ -export declare function handler(event: AWSLambda.CloudFormationCustomResourceEvent): Promise; diff --git a/packages/@aws-cdk/aws-eks/test/integ.eks-oidc-provider.js.snapshot/asset.78989d876411e582ce92577de10ee129b12c1f09d8b77f9f45ce2b97cb53bad7/index.ts b/packages/@aws-cdk/aws-eks/test/integ.eks-oidc-provider.js.snapshot/asset.78989d876411e582ce92577de10ee129b12c1f09d8b77f9f45ce2b97cb53bad7/index.ts deleted file mode 100644 index ee276edd3fa9b..0000000000000 --- a/packages/@aws-cdk/aws-eks/test/integ.eks-oidc-provider.js.snapshot/asset.78989d876411e582ce92577de10ee129b12c1f09d8b77f9f45ce2b97cb53bad7/index.ts +++ /dev/null @@ -1,89 +0,0 @@ -import { arrayDiff } from './diff'; -import { external } from './external'; - -export async function handler(event: AWSLambda.CloudFormationCustomResourceEvent) { - if (event.RequestType === 'Create') { return onCreate(event); } - if (event.RequestType === 'Update') { return onUpdate(event); } - if (event.RequestType === 'Delete') { return onDelete(event); } - throw new Error('invalid request type'); -} - -async function onCreate(event: AWSLambda.CloudFormationCustomResourceCreateEvent) { - const issuerUrl = event.ResourceProperties.Url; - const thumbprints: string[] = (event.ResourceProperties.ThumbprintList ?? []).sort(); // keep sorted for UPDATE - const clients: string[] = (event.ResourceProperties.ClientIDList ?? []).sort(); - - if (thumbprints.length === 0) { - thumbprints.push(await external.downloadThumbprint(issuerUrl)); - } - - const resp = await external.createOpenIDConnectProvider({ - Url: issuerUrl, - ClientIDList: clients, - ThumbprintList: thumbprints, - }); - - return { - PhysicalResourceId: resp.OpenIDConnectProviderArn, - }; -} - -async function onUpdate(event: AWSLambda.CloudFormationCustomResourceUpdateEvent) { - const issuerUrl = event.ResourceProperties.Url; - const thumbprints: string[] = (event.ResourceProperties.ThumbprintList ?? []).sort(); // keep sorted for UPDATE - const clients: string[] = (event.ResourceProperties.ClientIDList ?? []).sort(); - - // determine which update we are talking about. - const oldIssuerUrl = event.OldResourceProperties.Url; - - // if this is a URL update, then we basically create a new resource and cfn will delete the old one - // since the physical resource ID will change. - if (oldIssuerUrl !== issuerUrl) { - return onCreate({ ...event, RequestType: 'Create' }); - } - - const providerArn = event.PhysicalResourceId; - - // if thumbprints changed, we can update in-place, but bear in mind that if the new thumbprint list - // is empty, we will grab it from the server like we do in CREATE - const oldThumbprints = (event.OldResourceProperties.ThumbprintList || []).sort(); - if (JSON.stringify(oldThumbprints) !== JSON.stringify(thumbprints)) { - const thumbprintList = thumbprints.length > 0 ? thumbprints : [await external.downloadThumbprint(issuerUrl)]; - external.log('updating thumbprint list from', oldThumbprints, 'to', thumbprints); - await external.updateOpenIDConnectProviderThumbprint({ - OpenIDConnectProviderArn: providerArn, - ThumbprintList: thumbprintList, - }); - - // don't return, we might have more updates... - } - - // if client ID list has changed, determine "diff" because the API is add/remove - const oldClients: string[] = (event.OldResourceProperties.ClientIDList || []).sort(); - const diff = arrayDiff(oldClients, clients); - external.log(`client ID diff: ${JSON.stringify(diff)}`); - - for (const addClient of diff.adds) { - external.log(`adding client id "${addClient}" to provider ${providerArn}`); - await external.addClientIDToOpenIDConnectProvider({ - OpenIDConnectProviderArn: providerArn, - ClientID: addClient, - }); - } - - for (const deleteClient of diff.deletes) { - external.log(`removing client id "${deleteClient}" from provider ${providerArn}`); - await external.removeClientIDFromOpenIDConnectProvider({ - OpenIDConnectProviderArn: providerArn, - ClientID: deleteClient, - }); - } - - return; -} - -async function onDelete(deleteEvent: AWSLambda.CloudFormationCustomResourceDeleteEvent) { - await external.deleteOpenIDConnectProvider({ - OpenIDConnectProviderArn: deleteEvent.PhysicalResourceId, - }); -} diff --git a/packages/@aws-cdk/aws-eks/test/integ.eks-service-account-sdk-call.js.snapshot/asset.8a0a8c03b198919a101198f32c18622186aec532054cb63937cc769635f8e7ef/__entrypoint__.js b/packages/@aws-cdk/aws-eks/test/integ.eks-oidc-provider.js.snapshot/asset.b461123ee060208a85a3dbdaa41982700ad24caf5f4c4af2f625986b92ac60c3/__entrypoint__.js similarity index 100% rename from packages/@aws-cdk/aws-eks/test/integ.eks-service-account-sdk-call.js.snapshot/asset.8a0a8c03b198919a101198f32c18622186aec532054cb63937cc769635f8e7ef/__entrypoint__.js rename to packages/@aws-cdk/aws-eks/test/integ.eks-oidc-provider.js.snapshot/asset.b461123ee060208a85a3dbdaa41982700ad24caf5f4c4af2f625986b92ac60c3/__entrypoint__.js diff --git a/packages/@aws-cdk/aws-eks/test/integ.eks-oidc-provider.js.snapshot/asset.78989d876411e582ce92577de10ee129b12c1f09d8b77f9f45ce2b97cb53bad7/diff.js b/packages/@aws-cdk/aws-eks/test/integ.eks-oidc-provider.js.snapshot/asset.b461123ee060208a85a3dbdaa41982700ad24caf5f4c4af2f625986b92ac60c3/diff.js similarity index 100% rename from packages/@aws-cdk/aws-eks/test/integ.eks-oidc-provider.js.snapshot/asset.78989d876411e582ce92577de10ee129b12c1f09d8b77f9f45ce2b97cb53bad7/diff.js rename to packages/@aws-cdk/aws-eks/test/integ.eks-oidc-provider.js.snapshot/asset.b461123ee060208a85a3dbdaa41982700ad24caf5f4c4af2f625986b92ac60c3/diff.js diff --git a/packages/@aws-cdk/aws-eks/test/integ.eks-oidc-provider.js.snapshot/asset.b461123ee060208a85a3dbdaa41982700ad24caf5f4c4af2f625986b92ac60c3/external.js b/packages/@aws-cdk/aws-eks/test/integ.eks-oidc-provider.js.snapshot/asset.b461123ee060208a85a3dbdaa41982700ad24caf5f4c4af2f625986b92ac60c3/external.js new file mode 100644 index 0000000000000..7d8c6e611c70b --- /dev/null +++ b/packages/@aws-cdk/aws-eks/test/integ.eks-oidc-provider.js.snapshot/asset.b461123ee060208a85a3dbdaa41982700ad24caf5f4c4af2f625986b92ac60c3/external.js @@ -0,0 +1,88 @@ +"use strict"; +Object.defineProperty(exports, "__esModule", { value: true }); +exports.external = exports.downloadThumbprint = void 0; +const util = require("node:util"); +const tls = require("tls"); +const url = require("url"); +// eslint-disable-next-line import/no-extraneous-dependencies +const aws = require("aws-sdk"); +let client; +function iam() { + if (!client) { + client = new aws.IAM(); + } + return client; +} +function defaultLogger(fmt, ...args) { + // eslint-disable-next-line no-console + console.log(fmt, ...args); +} +/** + * Downloads the CA thumbprint from the issuer URL + */ +async function downloadThumbprint(issuerUrl) { + exports.external.log(`Downloading certificate authority thumbprint for ${issuerUrl}`); + return new Promise((ok, ko) => { + const purl = url.parse(issuerUrl); + const port = purl.port ? parseInt(purl.port, 10) : 443; + if (!purl.host) { + return ko(new Error(`unable to determine host from issuer url ${issuerUrl}`)); + } + const socket = tls.connect(port, purl.host, { rejectUnauthorized: false, servername: purl.host }); + socket.once('error', ko); + socket.once('secureConnect', () => { + // This set to `true` would return the entire chain of certificates as a circular reference object + let cert = socket.getPeerCertificate(true); + const unqiueCerts = new Set(); + do { + unqiueCerts.add(cert); + cert = cert.issuerCertificate; + } while (cert && typeof cert === 'object' && !unqiueCerts.has(cert)); + // The last `cert` obtained must be the root certificate in the certificate chain + const rootCert = [...unqiueCerts].pop(); + // Add `ca: true` when node merges the feature. Awaiting resolution: https://github.com/nodejs/node/issues/44905 + if (!(util.isDeepStrictEqual(rootCert.issuer, rootCert.subject))) { + return ko(new Error(`Subject and Issuer of certificate received are different. + Received: \'Subject\' is ${JSON.stringify(rootCert.subject, null, 4)} and \'Issuer\':${JSON.stringify(rootCert.issuer, null, 4)}`)); + } + const validTo = new Date(rootCert.valid_to); + const certificateValidity = getCertificateValidity(validTo); + if (certificateValidity < 0) { + return ko(new Error(`The certificate has already expired on: ${validTo.toUTCString()}`)); + } + // Warning user if certificate validity is expiring within 6 months + if (certificateValidity < 180) { + /* eslint-disable-next-line no-console */ + console.warn(`The root certificate obtained would expire in ${certificateValidity} days!`); + } + socket.end(); + const thumbprint = rootCert.fingerprint.split(':').join(''); + exports.external.log(`Certificate Authority thumbprint for ${issuerUrl} is ${thumbprint}`); + ok(thumbprint); + }); + }); +} +exports.downloadThumbprint = downloadThumbprint; +/** + * To get the validity timeline for the certificate + * @param certDate The valid to date for the certificate + * @returns The number of days the certificate is valid wrt current date + */ +function getCertificateValidity(certDate) { + const millisecondsInDay = 24 * 60 * 60 * 1000; + const currentDate = new Date(); + const validity = Math.round((certDate.getTime() - currentDate.getTime()) / millisecondsInDay); + return validity; +} +// allows unit test to replace with mocks +/* eslint-disable max-len */ +exports.external = { + downloadThumbprint, + log: defaultLogger, + createOpenIDConnectProvider: (req) => iam().createOpenIDConnectProvider(req).promise(), + deleteOpenIDConnectProvider: (req) => iam().deleteOpenIDConnectProvider(req).promise(), + updateOpenIDConnectProviderThumbprint: (req) => iam().updateOpenIDConnectProviderThumbprint(req).promise(), + addClientIDToOpenIDConnectProvider: (req) => iam().addClientIDToOpenIDConnectProvider(req).promise(), + removeClientIDFromOpenIDConnectProvider: (req) => iam().removeClientIDFromOpenIDConnectProvider(req).promise(), +}; +//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZXh0ZXJuYWwuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyJleHRlcm5hbC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7QUFFQSxrQ0FBa0M7QUFDbEMsMkJBQTJCO0FBQzNCLDJCQUEyQjtBQUMzQiw2REFBNkQ7QUFDN0QsK0JBQStCO0FBRS9CLElBQUksTUFBZSxDQUFDO0FBRXBCLFNBQVMsR0FBRztJQUNWLElBQUksQ0FBQyxNQUFNLEVBQUU7UUFBRSxNQUFNLEdBQUcsSUFBSSxHQUFHLENBQUMsR0FBRyxFQUFFLENBQUM7S0FBRTtJQUN4QyxPQUFPLE1BQU0sQ0FBQztBQUNoQixDQUFDO0FBRUQsU0FBUyxhQUFhLENBQUMsR0FBVyxFQUFFLEdBQUcsSUFBVztJQUNoRCxzQ0FBc0M7SUFDdEMsT0FBTyxDQUFDLEdBQUcsQ0FBQyxHQUFHLEVBQUUsR0FBRyxJQUFJLENBQUMsQ0FBQztBQUM1QixDQUFDO0FBRUQ7O0dBRUc7QUFDSSxLQUFLLFVBQVUsa0JBQWtCLENBQUMsU0FBaUI7SUFFeEQsZ0JBQVEsQ0FBQyxHQUFHLENBQUMsb0RBQW9ELFNBQVMsRUFBRSxDQUFDLENBQUM7SUFFOUUsT0FBTyxJQUFJLE9BQU8sQ0FBUyxDQUFDLEVBQUUsRUFBRSxFQUFFLEVBQUUsRUFBRTtRQUNwQyxNQUFNLElBQUksR0FBRyxHQUFHLENBQUMsS0FBSyxDQUFDLFNBQVMsQ0FBQyxDQUFDO1FBQ2xDLE1BQU0sSUFBSSxHQUFHLElBQUksQ0FBQyxJQUFJLENBQUMsQ0FBQyxDQUFDLFFBQVEsQ0FBQyxJQUFJLENBQUMsSUFBSSxFQUFFLEVBQUUsQ0FBQyxDQUFDLENBQUMsQ0FBQyxHQUFHLENBQUM7UUFFdkQsSUFBSSxDQUFDLElBQUksQ0FBQyxJQUFJLEVBQUU7WUFDZCxPQUFPLEVBQUUsQ0FBQyxJQUFJLEtBQUssQ0FBQyw0Q0FBNEMsU0FBUyxFQUFFLENBQUMsQ0FBQyxDQUFDO1NBQy9FO1FBRUQsTUFBTSxNQUFNLEdBQUcsR0FBRyxDQUFDLE9BQU8sQ0FBQyxJQUFJLEVBQUUsSUFBSSxDQUFDLElBQUksRUFBRSxFQUFFLGtCQUFrQixFQUFFLEtBQUssRUFBRSxVQUFVLEVBQUUsSUFBSSxDQUFDLElBQUksRUFBRSxDQUFDLENBQUM7UUFDbEcsTUFBTSxDQUFDLElBQUksQ0FBQyxPQUFPLEVBQUUsRUFBRSxDQUFDLENBQUM7UUFFekIsTUFBTSxDQUFDLElBQUksQ0FBQyxlQUFlLEVBQUUsR0FBRyxFQUFFO1lBQ2hDLGtHQUFrRztZQUNsRyxJQUFJLElBQUksR0FBRyxNQUFNLENBQUMsa0JBQWtCLENBQUMsSUFBSSxDQUFDLENBQUM7WUFFM0MsTUFBTSxXQUFXLEdBQUcsSUFBSSxHQUFHLEVBQTJCLENBQUM7WUFDdkQsR0FBRztnQkFDRCxXQUFXLENBQUMsR0FBRyxDQUFDLElBQUksQ0FBQyxDQUFDO2dCQUN0QixJQUFJLEdBQUcsSUFBSSxDQUFDLGlCQUFpQixDQUFDO2FBQy9CLFFBQVMsSUFBSSxJQUFJLE9BQU8sSUFBSSxLQUFLLFFBQVEsSUFBSSxDQUFDLFdBQVcsQ0FBQyxHQUFHLENBQUMsSUFBSSxDQUFDLEVBQUU7WUFFdEUsaUZBQWlGO1lBQ2pGLE1BQU0sUUFBUSxHQUFHLENBQUMsR0FBRyxXQUFXLENBQUMsQ0FBQyxHQUFHLEVBQUcsQ0FBQztZQUV6QyxnSEFBZ0g7WUFDaEgsSUFBSSxDQUFDLENBQUMsSUFBSSxDQUFDLGlCQUFpQixDQUFDLFFBQVEsQ0FBQyxNQUFNLEVBQUUsUUFBUSxDQUFDLE9BQU8sQ0FBQyxDQUFDLEVBQUU7Z0JBQ2hFLE9BQU8sRUFBRSxDQUFDLElBQUksS0FBSyxDQUFDO21DQUNPLElBQUksQ0FBQyxTQUFTLENBQUMsUUFBUSxDQUFDLE9BQU8sRUFBRSxJQUFJLEVBQUUsQ0FBQyxDQUFDLG1CQUFtQixJQUFJLENBQUMsU0FBUyxDQUFDLFFBQVEsQ0FBQyxNQUFNLEVBQUUsSUFBSSxFQUFFLENBQUMsQ0FBQyxFQUFFLENBQUMsQ0FBQyxDQUFDO2FBQ3JJO1lBRUQsTUFBTSxPQUFPLEdBQUcsSUFBSSxJQUFJLENBQUMsUUFBUSxDQUFDLFFBQVEsQ0FBQyxDQUFDO1lBQzVDLE1BQU0sbUJBQW1CLEdBQUcsc0JBQXNCLENBQUMsT0FBTyxDQUFDLENBQUM7WUFFNUQsSUFBSSxtQkFBbUIsR0FBRyxDQUFDLEVBQUU7Z0JBQzNCLE9BQU8sRUFBRSxDQUFDLElBQUksS0FBSyxDQUFDLDJDQUEyQyxPQUFPLENBQUMsV0FBVyxFQUFFLEVBQUUsQ0FBQyxDQUFDLENBQUM7YUFDMUY7WUFFRCxtRUFBbUU7WUFDbkUsSUFBSSxtQkFBbUIsR0FBRyxHQUFHLEVBQUU7Z0JBQzdCLHlDQUF5QztnQkFDekMsT0FBTyxDQUFDLElBQUksQ0FBQyxpREFBaUQsbUJBQW1CLFFBQVEsQ0FBQyxDQUFDO2FBQzVGO1lBRUQsTUFBTSxDQUFDLEdBQUcsRUFBRSxDQUFDO1lBRWIsTUFBTSxVQUFVLEdBQUcsUUFBUSxDQUFDLFdBQVcsQ0FBQyxLQUFLLENBQUMsR0FBRyxDQUFDLENBQUMsSUFBSSxDQUFDLEVBQUUsQ0FBQyxDQUFDO1lBQzVELGdCQUFRLENBQUMsR0FBRyxDQUFDLHdDQUF3QyxTQUFTLE9BQU8sVUFBVSxFQUFFLENBQUMsQ0FBQztZQUVuRixFQUFFLENBQUMsVUFBVSxDQUFDLENBQUM7UUFDakIsQ0FBQyxDQUFDLENBQUM7SUFDTCxDQUFDLENBQUMsQ0FBQztBQUNMLENBQUM7QUF2REQsZ0RBdURDO0FBRUQ7Ozs7R0FJRztBQUNILFNBQVMsc0JBQXNCLENBQUMsUUFBYztJQUM1QyxNQUFNLGlCQUFpQixHQUFHLEVBQUUsR0FBRyxFQUFFLEdBQUcsRUFBRSxHQUFHLElBQUksQ0FBQztJQUM5QyxNQUFNLFdBQVcsR0FBRyxJQUFJLElBQUksRUFBRSxDQUFDO0lBRS9CLE1BQU0sUUFBUSxHQUFHLElBQUksQ0FBQyxLQUFLLENBQUMsQ0FBQyxRQUFRLENBQUMsT0FBTyxFQUFFLEdBQUcsV0FBVyxDQUFDLE9BQU8sRUFBRSxDQUFDLEdBQUcsaUJBQWlCLENBQUMsQ0FBQztJQUU5RixPQUFPLFFBQVEsQ0FBQztBQUNsQixDQUFDO0FBRUQseUNBQXlDO0FBQ3pDLDRCQUE0QjtBQUNmLFFBQUEsUUFBUSxHQUFHO0lBQ3RCLGtCQUFrQjtJQUNsQixHQUFHLEVBQUUsYUFBYTtJQUNsQiwyQkFBMkIsRUFBRSxDQUFDLEdBQStDLEVBQUUsRUFBRSxDQUFDLEdBQUcsRUFBRSxDQUFDLDJCQUEyQixDQUFDLEdBQUcsQ0FBQyxDQUFDLE9BQU8sRUFBRTtJQUNsSSwyQkFBMkIsRUFBRSxDQUFDLEdBQStDLEVBQUUsRUFBRSxDQUFDLEdBQUcsRUFBRSxDQUFDLDJCQUEyQixDQUFDLEdBQUcsQ0FBQyxDQUFDLE9BQU8sRUFBRTtJQUNsSSxxQ0FBcUMsRUFBRSxDQUFDLEdBQXlELEVBQUUsRUFBRSxDQUFDLEdBQUcsRUFBRSxDQUFDLHFDQUFxQyxDQUFDLEdBQUcsQ0FBQyxDQUFDLE9BQU8sRUFBRTtJQUNoSyxrQ0FBa0MsRUFBRSxDQUFDLEdBQXNELEVBQUUsRUFBRSxDQUFDLEdBQUcsRUFBRSxDQUFDLGtDQUFrQyxDQUFDLEdBQUcsQ0FBQyxDQUFDLE9BQU8sRUFBRTtJQUN2Six1Q0FBdUMsRUFBRSxDQUFDLEdBQTJELEVBQUUsRUFBRSxDQUFDLEdBQUcsRUFBRSxDQUFDLHVDQUF1QyxDQUFDLEdBQUcsQ0FBQyxDQUFDLE9BQU8sRUFBRTtDQUN2SyxDQUFDIiwic291cmNlc0NvbnRlbnQiOlsiLyogaXN0YW5idWwgaWdub3JlIGZpbGUgKi9cbmltcG9ydCB7IERldGFpbGVkUGVlckNlcnRpZmljYXRlIH0gZnJvbSAnbm9kZTp0bHMnO1xuaW1wb3J0ICogYXMgdXRpbCBmcm9tICdub2RlOnV0aWwnO1xuaW1wb3J0ICogYXMgdGxzIGZyb20gJ3Rscyc7XG5pbXBvcnQgKiBhcyB1cmwgZnJvbSAndXJsJztcbi8vIGVzbGludC1kaXNhYmxlLW5leHQtbGluZSBpbXBvcnQvbm8tZXh0cmFuZW91cy1kZXBlbmRlbmNpZXNcbmltcG9ydCAqIGFzIGF3cyBmcm9tICdhd3Mtc2RrJztcblxubGV0IGNsaWVudDogYXdzLklBTTtcblxuZnVuY3Rpb24gaWFtKCkge1xuICBpZiAoIWNsaWVudCkgeyBjbGllbnQgPSBuZXcgYXdzLklBTSgpOyB9XG4gIHJldHVybiBjbGllbnQ7XG59XG5cbmZ1bmN0aW9uIGRlZmF1bHRMb2dnZXIoZm10OiBzdHJpbmcsIC4uLmFyZ3M6IGFueVtdKSB7XG4gIC8vIGVzbGludC1kaXNhYmxlLW5leHQtbGluZSBuby1jb25zb2xlXG4gIGNvbnNvbGUubG9nKGZtdCwgLi4uYXJncyk7XG59XG5cbi8qKlxuICogRG93bmxvYWRzIHRoZSBDQSB0aHVtYnByaW50IGZyb20gdGhlIGlzc3VlciBVUkxcbiAqL1xuZXhwb3J0IGFzeW5jIGZ1bmN0aW9uIGRvd25sb2FkVGh1bWJwcmludChpc3N1ZXJVcmw6IHN0cmluZykge1xuXG4gIGV4dGVybmFsLmxvZyhgRG93bmxvYWRpbmcgY2VydGlmaWNhdGUgYXV0aG9yaXR5IHRodW1icHJpbnQgZm9yICR7aXNzdWVyVXJsfWApO1xuXG4gIHJldHVybiBuZXcgUHJvbWlzZTxzdHJpbmc+KChvaywga28pID0+IHtcbiAgICBjb25zdCBwdXJsID0gdXJsLnBhcnNlKGlzc3VlclVybCk7XG4gICAgY29uc3QgcG9ydCA9IHB1cmwucG9ydCA/IHBhcnNlSW50KHB1cmwucG9ydCwgMTApIDogNDQzO1xuXG4gICAgaWYgKCFwdXJsLmhvc3QpIHtcbiAgICAgIHJldHVybiBrbyhuZXcgRXJyb3IoYHVuYWJsZSB0byBkZXRlcm1pbmUgaG9zdCBmcm9tIGlzc3VlciB1cmwgJHtpc3N1ZXJVcmx9YCkpO1xuICAgIH1cblxuICAgIGNvbnN0IHNvY2tldCA9IHRscy5jb25uZWN0KHBvcnQsIHB1cmwuaG9zdCwgeyByZWplY3RVbmF1dGhvcml6ZWQ6IGZhbHNlLCBzZXJ2ZXJuYW1lOiBwdXJsLmhvc3QgfSk7XG4gICAgc29ja2V0Lm9uY2UoJ2Vycm9yJywga28pO1xuXG4gICAgc29ja2V0Lm9uY2UoJ3NlY3VyZUNvbm5lY3QnLCAoKSA9PiB7XG4gICAgICAvLyBUaGlzIHNldCB0byBgdHJ1ZWAgd291bGQgcmV0dXJuIHRoZSBlbnRpcmUgY2hhaW4gb2YgY2VydGlmaWNhdGVzIGFzIGEgY2lyY3VsYXIgcmVmZXJlbmNlIG9iamVjdFxuICAgICAgbGV0IGNlcnQgPSBzb2NrZXQuZ2V0UGVlckNlcnRpZmljYXRlKHRydWUpO1xuXG4gICAgICBjb25zdCB1bnFpdWVDZXJ0cyA9IG5ldyBTZXQ8RGV0YWlsZWRQZWVyQ2VydGlmaWNhdGU+KCk7XG4gICAgICBkbyB7XG4gICAgICAgIHVucWl1ZUNlcnRzLmFkZChjZXJ0KTtcbiAgICAgICAgY2VydCA9IGNlcnQuaXNzdWVyQ2VydGlmaWNhdGU7XG4gICAgICB9IHdoaWxlICggY2VydCAmJiB0eXBlb2YgY2VydCA9PT0gJ29iamVjdCcgJiYgIXVucWl1ZUNlcnRzLmhhcyhjZXJ0KSk7XG5cbiAgICAgIC8vIFRoZSBsYXN0IGBjZXJ0YCBvYnRhaW5lZCBtdXN0IGJlIHRoZSByb290IGNlcnRpZmljYXRlIGluIHRoZSBjZXJ0aWZpY2F0ZSBjaGFpblxuICAgICAgY29uc3Qgcm9vdENlcnQgPSBbLi4udW5xaXVlQ2VydHNdLnBvcCgpITtcblxuICAgICAgLy8gQWRkIGBjYTogdHJ1ZWAgd2hlbiBub2RlIG1lcmdlcyB0aGUgZmVhdHVyZS4gQXdhaXRpbmcgcmVzb2x1dGlvbjogaHR0cHM6Ly9naXRodWIuY29tL25vZGVqcy9ub2RlL2lzc3Vlcy80NDkwNVxuICAgICAgaWYgKCEodXRpbC5pc0RlZXBTdHJpY3RFcXVhbChyb290Q2VydC5pc3N1ZXIsIHJvb3RDZXJ0LnN1YmplY3QpKSkge1xuICAgICAgICByZXR1cm4ga28obmV3IEVycm9yKGBTdWJqZWN0IGFuZCBJc3N1ZXIgb2YgY2VydGlmaWNhdGUgcmVjZWl2ZWQgYXJlIGRpZmZlcmVudC4gXG4gICAgICAgIFJlY2VpdmVkOiBcXCdTdWJqZWN0XFwnIGlzICR7SlNPTi5zdHJpbmdpZnkocm9vdENlcnQuc3ViamVjdCwgbnVsbCwgNCl9IGFuZCBcXCdJc3N1ZXJcXCc6JHtKU09OLnN0cmluZ2lmeShyb290Q2VydC5pc3N1ZXIsIG51bGwsIDQpfWApKTtcbiAgICAgIH1cblxuICAgICAgY29uc3QgdmFsaWRUbyA9IG5ldyBEYXRlKHJvb3RDZXJ0LnZhbGlkX3RvKTtcbiAgICAgIGNvbnN0IGNlcnRpZmljYXRlVmFsaWRpdHkgPSBnZXRDZXJ0aWZpY2F0ZVZhbGlkaXR5KHZhbGlkVG8pO1xuXG4gICAgICBpZiAoY2VydGlmaWNhdGVWYWxpZGl0eSA8IDApIHtcbiAgICAgICAgcmV0dXJuIGtvKG5ldyBFcnJvcihgVGhlIGNlcnRpZmljYXRlIGhhcyBhbHJlYWR5IGV4cGlyZWQgb246ICR7dmFsaWRUby50b1VUQ1N0cmluZygpfWApKTtcbiAgICAgIH1cblxuICAgICAgLy8gV2FybmluZyB1c2VyIGlmIGNlcnRpZmljYXRlIHZhbGlkaXR5IGlzIGV4cGlyaW5nIHdpdGhpbiA2IG1vbnRoc1xuICAgICAgaWYgKGNlcnRpZmljYXRlVmFsaWRpdHkgPCAxODApIHtcbiAgICAgICAgLyogZXNsaW50LWRpc2FibGUtbmV4dC1saW5lIG5vLWNvbnNvbGUgKi9cbiAgICAgICAgY29uc29sZS53YXJuKGBUaGUgcm9vdCBjZXJ0aWZpY2F0ZSBvYnRhaW5lZCB3b3VsZCBleHBpcmUgaW4gJHtjZXJ0aWZpY2F0ZVZhbGlkaXR5fSBkYXlzIWApO1xuICAgICAgfVxuXG4gICAgICBzb2NrZXQuZW5kKCk7XG5cbiAgICAgIGNvbnN0IHRodW1icHJpbnQgPSByb290Q2VydC5maW5nZXJwcmludC5zcGxpdCgnOicpLmpvaW4oJycpO1xuICAgICAgZXh0ZXJuYWwubG9nKGBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgdGh1bWJwcmludCBmb3IgJHtpc3N1ZXJVcmx9IGlzICR7dGh1bWJwcmludH1gKTtcblxuICAgICAgb2sodGh1bWJwcmludCk7XG4gICAgfSk7XG4gIH0pO1xufVxuXG4vKipcbiAqIFRvIGdldCB0aGUgdmFsaWRpdHkgdGltZWxpbmUgZm9yIHRoZSBjZXJ0aWZpY2F0ZVxuICogQHBhcmFtIGNlcnREYXRlIFRoZSB2YWxpZCB0byBkYXRlIGZvciB0aGUgY2VydGlmaWNhdGVcbiAqIEByZXR1cm5zIFRoZSBudW1iZXIgb2YgZGF5cyB0aGUgY2VydGlmaWNhdGUgaXMgdmFsaWQgd3J0IGN1cnJlbnQgZGF0ZVxuICovXG5mdW5jdGlvbiBnZXRDZXJ0aWZpY2F0ZVZhbGlkaXR5KGNlcnREYXRlOiBEYXRlKTogTnVtYmVyIHtcbiAgY29uc3QgbWlsbGlzZWNvbmRzSW5EYXkgPSAyNCAqIDYwICogNjAgKiAxMDAwO1xuICBjb25zdCBjdXJyZW50RGF0ZSA9IG5ldyBEYXRlKCk7XG5cbiAgY29uc3QgdmFsaWRpdHkgPSBNYXRoLnJvdW5kKChjZXJ0RGF0ZS5nZXRUaW1lKCkgLSBjdXJyZW50RGF0ZS5nZXRUaW1lKCkpIC8gbWlsbGlzZWNvbmRzSW5EYXkpO1xuXG4gIHJldHVybiB2YWxpZGl0eTtcbn1cblxuLy8gYWxsb3dzIHVuaXQgdGVzdCB0byByZXBsYWNlIHdpdGggbW9ja3Ncbi8qIGVzbGludC1kaXNhYmxlIG1heC1sZW4gKi9cbmV4cG9ydCBjb25zdCBleHRlcm5hbCA9IHtcbiAgZG93bmxvYWRUaHVtYnByaW50LFxuICBsb2c6IGRlZmF1bHRMb2dnZXIsXG4gIGNyZWF0ZU9wZW5JRENvbm5lY3RQcm92aWRlcjogKHJlcTogYXdzLklBTS5DcmVhdGVPcGVuSURDb25uZWN0UHJvdmlkZXJSZXF1ZXN0KSA9PiBpYW0oKS5jcmVhdGVPcGVuSURDb25uZWN0UHJvdmlkZXIocmVxKS5wcm9taXNlKCksXG4gIGRlbGV0ZU9wZW5JRENvbm5lY3RQcm92aWRlcjogKHJlcTogYXdzLklBTS5EZWxldGVPcGVuSURDb25uZWN0UHJvdmlkZXJSZXF1ZXN0KSA9PiBpYW0oKS5kZWxldGVPcGVuSURDb25uZWN0UHJvdmlkZXIocmVxKS5wcm9taXNlKCksXG4gIHVwZGF0ZU9wZW5JRENvbm5lY3RQcm92aWRlclRodW1icHJpbnQ6IChyZXE6IGF3cy5JQU0uVXBkYXRlT3BlbklEQ29ubmVjdFByb3ZpZGVyVGh1bWJwcmludFJlcXVlc3QpID0+IGlhbSgpLnVwZGF0ZU9wZW5JRENvbm5lY3RQcm92aWRlclRodW1icHJpbnQocmVxKS5wcm9taXNlKCksXG4gIGFkZENsaWVudElEVG9PcGVuSURDb25uZWN0UHJvdmlkZXI6IChyZXE6IGF3cy5JQU0uQWRkQ2xpZW50SURUb09wZW5JRENvbm5lY3RQcm92aWRlclJlcXVlc3QpID0+IGlhbSgpLmFkZENsaWVudElEVG9PcGVuSURDb25uZWN0UHJvdmlkZXIocmVxKS5wcm9taXNlKCksXG4gIHJlbW92ZUNsaWVudElERnJvbU9wZW5JRENvbm5lY3RQcm92aWRlcjogKHJlcTogYXdzLklBTS5SZW1vdmVDbGllbnRJREZyb21PcGVuSURDb25uZWN0UHJvdmlkZXJSZXF1ZXN0KSA9PiBpYW0oKS5yZW1vdmVDbGllbnRJREZyb21PcGVuSURDb25uZWN0UHJvdmlkZXIocmVxKS5wcm9taXNlKCksXG59O1xuIl19 \ No newline at end of file diff --git a/packages/@aws-cdk/aws-eks/test/integ.eks-oidc-provider.js.snapshot/asset.78989d876411e582ce92577de10ee129b12c1f09d8b77f9f45ce2b97cb53bad7/index.js b/packages/@aws-cdk/aws-eks/test/integ.eks-oidc-provider.js.snapshot/asset.b461123ee060208a85a3dbdaa41982700ad24caf5f4c4af2f625986b92ac60c3/index.js similarity index 100% rename from packages/@aws-cdk/aws-eks/test/integ.eks-oidc-provider.js.snapshot/asset.78989d876411e582ce92577de10ee129b12c1f09d8b77f9f45ce2b97cb53bad7/index.js rename to packages/@aws-cdk/aws-eks/test/integ.eks-oidc-provider.js.snapshot/asset.b461123ee060208a85a3dbdaa41982700ad24caf5f4c4af2f625986b92ac60c3/index.js diff --git a/packages/@aws-cdk/aws-eks/test/integ.eks-oidc-provider.js.snapshot/aws-eks-oidc-provider-test.assets.json b/packages/@aws-cdk/aws-eks/test/integ.eks-oidc-provider.js.snapshot/aws-eks-oidc-provider-test.assets.json index 6faf1bf429d20..d9652ed0f4ae0 100644 --- a/packages/@aws-cdk/aws-eks/test/integ.eks-oidc-provider.js.snapshot/aws-eks-oidc-provider-test.assets.json +++ b/packages/@aws-cdk/aws-eks/test/integ.eks-oidc-provider.js.snapshot/aws-eks-oidc-provider-test.assets.json @@ -1,20 +1,20 @@ { "version": "21.0.0", "files": { - "78989d876411e582ce92577de10ee129b12c1f09d8b77f9f45ce2b97cb53bad7": { + "b461123ee060208a85a3dbdaa41982700ad24caf5f4c4af2f625986b92ac60c3": { "source": { - "path": "asset.78989d876411e582ce92577de10ee129b12c1f09d8b77f9f45ce2b97cb53bad7", + "path": "asset.b461123ee060208a85a3dbdaa41982700ad24caf5f4c4af2f625986b92ac60c3", "packaging": "zip" }, "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "78989d876411e582ce92577de10ee129b12c1f09d8b77f9f45ce2b97cb53bad7.zip", + "objectKey": "b461123ee060208a85a3dbdaa41982700ad24caf5f4c4af2f625986b92ac60c3.zip", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } }, - "76b51880fe57f935e35645541ea15057c464712e1df4dd9e985255c2705248cf": { + "7743d71b59f17dc51c3a8650683e193e23090b274e74ec0d8fc118b91534d2ce": { "source": { "path": "aws-eks-oidc-provider-test.template.json", "packaging": "file" @@ -22,7 +22,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "76b51880fe57f935e35645541ea15057c464712e1df4dd9e985255c2705248cf.json", + "objectKey": "7743d71b59f17dc51c3a8650683e193e23090b274e74ec0d8fc118b91534d2ce.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/packages/@aws-cdk/aws-eks/test/integ.eks-oidc-provider.js.snapshot/aws-eks-oidc-provider-test.template.json b/packages/@aws-cdk/aws-eks/test/integ.eks-oidc-provider.js.snapshot/aws-eks-oidc-provider-test.template.json index d1c76e68082a2..13fd66e941d1e 100644 --- a/packages/@aws-cdk/aws-eks/test/integ.eks-oidc-provider.js.snapshot/aws-eks-oidc-provider-test.template.json +++ b/packages/@aws-cdk/aws-eks/test/integ.eks-oidc-provider.js.snapshot/aws-eks-oidc-provider-test.template.json @@ -12,9 +12,6 @@ "ClientIDList": [ "sts.amazonaws.com" ], - "ThumbprintList": [ - "9e99a48a9960b14926bb7f3b02e22da2b0ab7280" - ], "Url": { "Fn::Join": [ "", @@ -81,7 +78,7 @@ "S3Bucket": { "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" }, - "S3Key": "78989d876411e582ce92577de10ee129b12c1f09d8b77f9f45ce2b97cb53bad7.zip" + "S3Key": "b461123ee060208a85a3dbdaa41982700ad24caf5f4c4af2f625986b92ac60c3.zip" }, "Timeout": 900, "MemorySize": 128, diff --git a/packages/@aws-cdk/aws-eks/test/integ.eks-oidc-provider.js.snapshot/manifest.json b/packages/@aws-cdk/aws-eks/test/integ.eks-oidc-provider.js.snapshot/manifest.json index 915f5824fa7b6..0a95e21ce710e 100644 --- a/packages/@aws-cdk/aws-eks/test/integ.eks-oidc-provider.js.snapshot/manifest.json +++ b/packages/@aws-cdk/aws-eks/test/integ.eks-oidc-provider.js.snapshot/manifest.json @@ -23,7 +23,7 @@ "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/76b51880fe57f935e35645541ea15057c464712e1df4dd9e985255c2705248cf.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/7743d71b59f17dc51c3a8650683e193e23090b274e74ec0d8fc118b91534d2ce.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ diff --git a/packages/@aws-cdk/aws-eks/test/integ.eks-oidc-provider.js.snapshot/tree.json b/packages/@aws-cdk/aws-eks/test/integ.eks-oidc-provider.js.snapshot/tree.json index e445b4a5ce25d..2f6c11fc89269 100644 --- a/packages/@aws-cdk/aws-eks/test/integ.eks-oidc-provider.js.snapshot/tree.json +++ b/packages/@aws-cdk/aws-eks/test/integ.eks-oidc-provider.js.snapshot/tree.json @@ -9,7 +9,7 @@ "path": "Tree", "constructInfo": { "fqn": "constructs.Construct", - "version": "10.1.95" + "version": "10.1.140" } }, "aws-eks-oidc-provider-test": { @@ -97,7 +97,7 @@ "path": "aws-cdk-eks-oidc-provider/DefaultTest/Default", "constructInfo": { "fqn": "constructs.Construct", - "version": "10.1.95" + "version": "10.1.140" } }, "DeployAssert": { diff --git a/packages/@aws-cdk/aws-eks/test/integ.eks-service-account-sdk-call.js.snapshot/asset.4288ebb3652acdf2d828b7db7ca44a7162a401ace50ebb4026e84b18a02a06ee.zip b/packages/@aws-cdk/aws-eks/test/integ.eks-service-account-sdk-call.js.snapshot/asset.4288ebb3652acdf2d828b7db7ca44a7162a401ace50ebb4026e84b18a02a06ee.zip index 069c7e28f7cbe..4b95260872643 100644 Binary files a/packages/@aws-cdk/aws-eks/test/integ.eks-service-account-sdk-call.js.snapshot/asset.4288ebb3652acdf2d828b7db7ca44a7162a401ace50ebb4026e84b18a02a06ee.zip and b/packages/@aws-cdk/aws-eks/test/integ.eks-service-account-sdk-call.js.snapshot/asset.4288ebb3652acdf2d828b7db7ca44a7162a401ace50ebb4026e84b18a02a06ee.zip differ diff --git a/packages/@aws-cdk/aws-eks/test/integ.eks-service-account-sdk-call.js.snapshot/asset.8a0a8c03b198919a101198f32c18622186aec532054cb63937cc769635f8e7ef/external.js b/packages/@aws-cdk/aws-eks/test/integ.eks-service-account-sdk-call.js.snapshot/asset.8a0a8c03b198919a101198f32c18622186aec532054cb63937cc769635f8e7ef/external.js deleted file mode 100644 index 2f6632aed7b13..0000000000000 --- a/packages/@aws-cdk/aws-eks/test/integ.eks-service-account-sdk-call.js.snapshot/asset.8a0a8c03b198919a101198f32c18622186aec532054cb63937cc769635f8e7ef/external.js +++ /dev/null @@ -1,53 +0,0 @@ -"use strict"; -/* istanbul ignore file */ -Object.defineProperty(exports, "__esModule", { value: true }); -exports.external = void 0; -const tls = require("tls"); -const url = require("url"); -// eslint-disable-next-line import/no-extraneous-dependencies -const aws = require("aws-sdk"); -let client; -function iam() { - if (!client) { - client = new aws.IAM(); - } - return client; -} -function defaultLogger(fmt, ...args) { - // eslint-disable-next-line no-console - console.log(fmt, ...args); -} -/** - * Downloads the CA thumbprint from the issuer URL - */ -async function downloadThumbprint(issuerUrl) { - exports.external.log(`downloading certificate authority thumbprint for ${issuerUrl}`); - return new Promise((ok, ko) => { - const purl = url.parse(issuerUrl); - const port = purl.port ? parseInt(purl.port, 10) : 443; - if (!purl.host) { - return ko(new Error(`unable to determine host from issuer url ${issuerUrl}`)); - } - const socket = tls.connect(port, purl.host, { rejectUnauthorized: false, servername: purl.host }); - socket.once('error', ko); - socket.once('secureConnect', () => { - const cert = socket.getPeerCertificate(); - socket.end(); - const thumbprint = cert.fingerprint.split(':').join(''); - exports.external.log(`certificate authority thumbprint for ${issuerUrl} is ${thumbprint}`); - ok(thumbprint); - }); - }); -} -// allows unit test to replace with mocks -/* eslint-disable max-len */ -exports.external = { - downloadThumbprint, - log: defaultLogger, - createOpenIDConnectProvider: (req) => iam().createOpenIDConnectProvider(req).promise(), - deleteOpenIDConnectProvider: (req) => iam().deleteOpenIDConnectProvider(req).promise(), - updateOpenIDConnectProviderThumbprint: (req) => iam().updateOpenIDConnectProviderThumbprint(req).promise(), - addClientIDToOpenIDConnectProvider: (req) => iam().addClientIDToOpenIDConnectProvider(req).promise(), - removeClientIDFromOpenIDConnectProvider: (req) => iam().removeClientIDFromOpenIDConnectProvider(req).promise(), -}; -//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZXh0ZXJuYWwuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyJleHRlcm5hbC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiO0FBQUEsMEJBQTBCOzs7QUFFMUIsMkJBQTJCO0FBQzNCLDJCQUEyQjtBQUMzQiw2REFBNkQ7QUFDN0QsK0JBQStCO0FBRS9CLElBQUksTUFBZSxDQUFDO0FBRXBCLFNBQVMsR0FBRztJQUNWLElBQUksQ0FBQyxNQUFNLEVBQUU7UUFBRSxNQUFNLEdBQUcsSUFBSSxHQUFHLENBQUMsR0FBRyxFQUFFLENBQUM7S0FBRTtJQUN4QyxPQUFPLE1BQU0sQ0FBQztBQUNoQixDQUFDO0FBRUQsU0FBUyxhQUFhLENBQUMsR0FBVyxFQUFFLEdBQUcsSUFBVztJQUNoRCxzQ0FBc0M7SUFDdEMsT0FBTyxDQUFDLEdBQUcsQ0FBQyxHQUFHLEVBQUUsR0FBRyxJQUFJLENBQUMsQ0FBQztBQUM1QixDQUFDO0FBRUQ7O0dBRUc7QUFDSCxLQUFLLFVBQVUsa0JBQWtCLENBQUMsU0FBaUI7SUFDakQsZ0JBQVEsQ0FBQyxHQUFHLENBQUMsb0RBQW9ELFNBQVMsRUFBRSxDQUFDLENBQUM7SUFDOUUsT0FBTyxJQUFJLE9BQU8sQ0FBUyxDQUFDLEVBQUUsRUFBRSxFQUFFLEVBQUUsRUFBRTtRQUNwQyxNQUFNLElBQUksR0FBRyxHQUFHLENBQUMsS0FBSyxDQUFDLFNBQVMsQ0FBQyxDQUFDO1FBQ2xDLE1BQU0sSUFBSSxHQUFHLElBQUksQ0FBQyxJQUFJLENBQUMsQ0FBQyxDQUFDLFFBQVEsQ0FBQyxJQUFJLENBQUMsSUFBSSxFQUFFLEVBQUUsQ0FBQyxDQUFDLENBQUMsQ0FBQyxHQUFHLENBQUM7UUFDdkQsSUFBSSxDQUFDLElBQUksQ0FBQyxJQUFJLEVBQUU7WUFDZCxPQUFPLEVBQUUsQ0FBQyxJQUFJLEtBQUssQ0FBQyw0Q0FBNEMsU0FBUyxFQUFFLENBQUMsQ0FBQyxDQUFDO1NBQy9FO1FBQ0QsTUFBTSxNQUFNLEdBQUcsR0FBRyxDQUFDLE9BQU8sQ0FBQyxJQUFJLEVBQUUsSUFBSSxDQUFDLElBQUksRUFBRSxFQUFFLGtCQUFrQixFQUFFLEtBQUssRUFBRSxVQUFVLEVBQUUsSUFBSSxDQUFDLElBQUksRUFBRSxDQUFDLENBQUM7UUFDbEcsTUFBTSxDQUFDLElBQUksQ0FBQyxPQUFPLEVBQUUsRUFBRSxDQUFDLENBQUM7UUFDekIsTUFBTSxDQUFDLElBQUksQ0FBQyxlQUFlLEVBQUUsR0FBRyxFQUFFO1lBQ2hDLE1BQU0sSUFBSSxHQUFHLE1BQU0sQ0FBQyxrQkFBa0IsRUFBRSxDQUFDO1lBQ3pDLE1BQU0sQ0FBQyxHQUFHLEVBQUUsQ0FBQztZQUNiLE1BQU0sVUFBVSxHQUFHLElBQUksQ0FBQyxXQUFXLENBQUMsS0FBSyxDQUFDLEdBQUcsQ0FBQyxDQUFDLElBQUksQ0FBQyxFQUFFLENBQUMsQ0FBQztZQUN4RCxnQkFBUSxDQUFDLEdBQUcsQ0FBQyx3Q0FBd0MsU0FBUyxPQUFPLFVBQVUsRUFBRSxDQUFDLENBQUM7WUFDbkYsRUFBRSxDQUFDLFVBQVUsQ0FBQyxDQUFDO1FBQ2pCLENBQUMsQ0FBQyxDQUFDO0lBQ0wsQ0FBQyxDQUFDLENBQUM7QUFDTCxDQUFDO0FBRUQseUNBQXlDO0FBQ3pDLDRCQUE0QjtBQUNmLFFBQUEsUUFBUSxHQUFHO0lBQ3RCLGtCQUFrQjtJQUNsQixHQUFHLEVBQUUsYUFBYTtJQUNsQiwyQkFBMkIsRUFBRSxDQUFDLEdBQStDLEVBQUUsRUFBRSxDQUFDLEdBQUcsRUFBRSxDQUFDLDJCQUEyQixDQUFDLEdBQUcsQ0FBQyxDQUFDLE9BQU8sRUFBRTtJQUNsSSwyQkFBMkIsRUFBRSxDQUFDLEdBQStDLEVBQUUsRUFBRSxDQUFDLEdBQUcsRUFBRSxDQUFDLDJCQUEyQixDQUFDLEdBQUcsQ0FBQyxDQUFDLE9BQU8sRUFBRTtJQUNsSSxxQ0FBcUMsRUFBRSxDQUFDLEdBQXlELEVBQUUsRUFBRSxDQUFDLEdBQUcsRUFBRSxDQUFDLHFDQUFxQyxDQUFDLEdBQUcsQ0FBQyxDQUFDLE9BQU8sRUFBRTtJQUNoSyxrQ0FBa0MsRUFBRSxDQUFDLEdBQXNELEVBQUUsRUFBRSxDQUFDLEdBQUcsRUFBRSxDQUFDLGtDQUFrQyxDQUFDLEdBQUcsQ0FBQyxDQUFDLE9BQU8sRUFBRTtJQUN2Six1Q0FBdUMsRUFBRSxDQUFDLEdBQTJELEVBQUUsRUFBRSxDQUFDLEdBQUcsRUFBRSxDQUFDLHVDQUF1QyxDQUFDLEdBQUcsQ0FBQyxDQUFDLE9BQU8sRUFBRTtDQUN2SyxDQUFDIiwic291cmNlc0NvbnRlbnQiOlsiLyogaXN0YW5idWwgaWdub3JlIGZpbGUgKi9cblxuaW1wb3J0ICogYXMgdGxzIGZyb20gJ3Rscyc7XG5pbXBvcnQgKiBhcyB1cmwgZnJvbSAndXJsJztcbi8vIGVzbGludC1kaXNhYmxlLW5leHQtbGluZSBpbXBvcnQvbm8tZXh0cmFuZW91cy1kZXBlbmRlbmNpZXNcbmltcG9ydCAqIGFzIGF3cyBmcm9tICdhd3Mtc2RrJztcblxubGV0IGNsaWVudDogYXdzLklBTTtcblxuZnVuY3Rpb24gaWFtKCkge1xuICBpZiAoIWNsaWVudCkgeyBjbGllbnQgPSBuZXcgYXdzLklBTSgpOyB9XG4gIHJldHVybiBjbGllbnQ7XG59XG5cbmZ1bmN0aW9uIGRlZmF1bHRMb2dnZXIoZm10OiBzdHJpbmcsIC4uLmFyZ3M6IGFueVtdKSB7XG4gIC8vIGVzbGludC1kaXNhYmxlLW5leHQtbGluZSBuby1jb25zb2xlXG4gIGNvbnNvbGUubG9nKGZtdCwgLi4uYXJncyk7XG59XG5cbi8qKlxuICogRG93bmxvYWRzIHRoZSBDQSB0aHVtYnByaW50IGZyb20gdGhlIGlzc3VlciBVUkxcbiAqL1xuYXN5bmMgZnVuY3Rpb24gZG93bmxvYWRUaHVtYnByaW50KGlzc3VlclVybDogc3RyaW5nKSB7XG4gIGV4dGVybmFsLmxvZyhgZG93bmxvYWRpbmcgY2VydGlmaWNhdGUgYXV0aG9yaXR5IHRodW1icHJpbnQgZm9yICR7aXNzdWVyVXJsfWApO1xuICByZXR1cm4gbmV3IFByb21pc2U8c3RyaW5nPigob2ssIGtvKSA9PiB7XG4gICAgY29uc3QgcHVybCA9IHVybC5wYXJzZShpc3N1ZXJVcmwpO1xuICAgIGNvbnN0IHBvcnQgPSBwdXJsLnBvcnQgPyBwYXJzZUludChwdXJsLnBvcnQsIDEwKSA6IDQ0MztcbiAgICBpZiAoIXB1cmwuaG9zdCkge1xuICAgICAgcmV0dXJuIGtvKG5ldyBFcnJvcihgdW5hYmxlIHRvIGRldGVybWluZSBob3N0IGZyb20gaXNzdWVyIHVybCAke2lzc3VlclVybH1gKSk7XG4gICAgfVxuICAgIGNvbnN0IHNvY2tldCA9IHRscy5jb25uZWN0KHBvcnQsIHB1cmwuaG9zdCwgeyByZWplY3RVbmF1dGhvcml6ZWQ6IGZhbHNlLCBzZXJ2ZXJuYW1lOiBwdXJsLmhvc3QgfSk7XG4gICAgc29ja2V0Lm9uY2UoJ2Vycm9yJywga28pO1xuICAgIHNvY2tldC5vbmNlKCdzZWN1cmVDb25uZWN0JywgKCkgPT4ge1xuICAgICAgY29uc3QgY2VydCA9IHNvY2tldC5nZXRQZWVyQ2VydGlmaWNhdGUoKTtcbiAgICAgIHNvY2tldC5lbmQoKTtcbiAgICAgIGNvbnN0IHRodW1icHJpbnQgPSBjZXJ0LmZpbmdlcnByaW50LnNwbGl0KCc6Jykuam9pbignJyk7XG4gICAgICBleHRlcm5hbC5sb2coYGNlcnRpZmljYXRlIGF1dGhvcml0eSB0aHVtYnByaW50IGZvciAke2lzc3VlclVybH0gaXMgJHt0aHVtYnByaW50fWApO1xuICAgICAgb2sodGh1bWJwcmludCk7XG4gICAgfSk7XG4gIH0pO1xufVxuXG4vLyBhbGxvd3MgdW5pdCB0ZXN0IHRvIHJlcGxhY2Ugd2l0aCBtb2Nrc1xuLyogZXNsaW50LWRpc2FibGUgbWF4LWxlbiAqL1xuZXhwb3J0IGNvbnN0IGV4dGVybmFsID0ge1xuICBkb3dubG9hZFRodW1icHJpbnQsXG4gIGxvZzogZGVmYXVsdExvZ2dlcixcbiAgY3JlYXRlT3BlbklEQ29ubmVjdFByb3ZpZGVyOiAocmVxOiBhd3MuSUFNLkNyZWF0ZU9wZW5JRENvbm5lY3RQcm92aWRlclJlcXVlc3QpID0+IGlhbSgpLmNyZWF0ZU9wZW5JRENvbm5lY3RQcm92aWRlcihyZXEpLnByb21pc2UoKSxcbiAgZGVsZXRlT3BlbklEQ29ubmVjdFByb3ZpZGVyOiAocmVxOiBhd3MuSUFNLkRlbGV0ZU9wZW5JRENvbm5lY3RQcm92aWRlclJlcXVlc3QpID0+IGlhbSgpLmRlbGV0ZU9wZW5JRENvbm5lY3RQcm92aWRlcihyZXEpLnByb21pc2UoKSxcbiAgdXBkYXRlT3BlbklEQ29ubmVjdFByb3ZpZGVyVGh1bWJwcmludDogKHJlcTogYXdzLklBTS5VcGRhdGVPcGVuSURDb25uZWN0UHJvdmlkZXJUaHVtYnByaW50UmVxdWVzdCkgPT4gaWFtKCkudXBkYXRlT3BlbklEQ29ubmVjdFByb3ZpZGVyVGh1bWJwcmludChyZXEpLnByb21pc2UoKSxcbiAgYWRkQ2xpZW50SURUb09wZW5JRENvbm5lY3RQcm92aWRlcjogKHJlcTogYXdzLklBTS5BZGRDbGllbnRJRFRvT3BlbklEQ29ubmVjdFByb3ZpZGVyUmVxdWVzdCkgPT4gaWFtKCkuYWRkQ2xpZW50SURUb09wZW5JRENvbm5lY3RQcm92aWRlcihyZXEpLnByb21pc2UoKSxcbiAgcmVtb3ZlQ2xpZW50SURGcm9tT3BlbklEQ29ubmVjdFByb3ZpZGVyOiAocmVxOiBhd3MuSUFNLlJlbW92ZUNsaWVudElERnJvbU9wZW5JRENvbm5lY3RQcm92aWRlclJlcXVlc3QpID0+IGlhbSgpLnJlbW92ZUNsaWVudElERnJvbU9wZW5JRENvbm5lY3RQcm92aWRlcihyZXEpLnByb21pc2UoKSxcbn07XG4iXX0= \ No newline at end of file diff --git a/packages/@aws-cdk/aws-eks/test/integ.eks-service-account-sdk-call.js.snapshot/asset.b461123ee060208a85a3dbdaa41982700ad24caf5f4c4af2f625986b92ac60c3/__entrypoint__.js b/packages/@aws-cdk/aws-eks/test/integ.eks-service-account-sdk-call.js.snapshot/asset.b461123ee060208a85a3dbdaa41982700ad24caf5f4c4af2f625986b92ac60c3/__entrypoint__.js new file mode 100644 index 0000000000000..1e3a3093c1706 --- /dev/null +++ b/packages/@aws-cdk/aws-eks/test/integ.eks-service-account-sdk-call.js.snapshot/asset.b461123ee060208a85a3dbdaa41982700ad24caf5f4c4af2f625986b92ac60c3/__entrypoint__.js @@ -0,0 +1,144 @@ +"use strict"; +Object.defineProperty(exports, "__esModule", { value: true }); +exports.withRetries = exports.handler = exports.external = void 0; +const https = require("https"); +const url = require("url"); +// for unit tests +exports.external = { + sendHttpRequest: defaultSendHttpRequest, + log: defaultLog, + includeStackTraces: true, + userHandlerIndex: './index', +}; +const CREATE_FAILED_PHYSICAL_ID_MARKER = 'AWSCDK::CustomResourceProviderFramework::CREATE_FAILED'; +const MISSING_PHYSICAL_ID_MARKER = 'AWSCDK::CustomResourceProviderFramework::MISSING_PHYSICAL_ID'; +async function handler(event, context) { + const sanitizedEvent = { ...event, ResponseURL: '...' }; + exports.external.log(JSON.stringify(sanitizedEvent, undefined, 2)); + // ignore DELETE event when the physical resource ID is the marker that + // indicates that this DELETE is a subsequent DELETE to a failed CREATE + // operation. + if (event.RequestType === 'Delete' && event.PhysicalResourceId === CREATE_FAILED_PHYSICAL_ID_MARKER) { + exports.external.log('ignoring DELETE event caused by a failed CREATE event'); + await submitResponse('SUCCESS', event); + return; + } + try { + // invoke the user handler. this is intentionally inside the try-catch to + // ensure that if there is an error it's reported as a failure to + // cloudformation (otherwise cfn waits). + // eslint-disable-next-line @typescript-eslint/no-require-imports + const userHandler = require(exports.external.userHandlerIndex).handler; + const result = await userHandler(sanitizedEvent, context); + // validate user response and create the combined event + const responseEvent = renderResponse(event, result); + // submit to cfn as success + await submitResponse('SUCCESS', responseEvent); + } + catch (e) { + const resp = { + ...event, + Reason: exports.external.includeStackTraces ? e.stack : e.message, + }; + if (!resp.PhysicalResourceId) { + // special case: if CREATE fails, which usually implies, we usually don't + // have a physical resource id. in this case, the subsequent DELETE + // operation does not have any meaning, and will likely fail as well. to + // address this, we use a marker so the provider framework can simply + // ignore the subsequent DELETE. + if (event.RequestType === 'Create') { + exports.external.log('CREATE failed, responding with a marker physical resource id so that the subsequent DELETE will be ignored'); + resp.PhysicalResourceId = CREATE_FAILED_PHYSICAL_ID_MARKER; + } + else { + // otherwise, if PhysicalResourceId is not specified, something is + // terribly wrong because all other events should have an ID. + exports.external.log(`ERROR: Malformed event. "PhysicalResourceId" is required: ${JSON.stringify(event)}`); + } + } + // this is an actual error, fail the activity altogether and exist. + await submitResponse('FAILED', resp); + } +} +exports.handler = handler; +function renderResponse(cfnRequest, handlerResponse = {}) { + // if physical ID is not returned, we have some defaults for you based + // on the request type. + const physicalResourceId = handlerResponse.PhysicalResourceId ?? cfnRequest.PhysicalResourceId ?? cfnRequest.RequestId; + // if we are in DELETE and physical ID was changed, it's an error. + if (cfnRequest.RequestType === 'Delete' && physicalResourceId !== cfnRequest.PhysicalResourceId) { + throw new Error(`DELETE: cannot change the physical resource ID from "${cfnRequest.PhysicalResourceId}" to "${handlerResponse.PhysicalResourceId}" during deletion`); + } + // merge request event and result event (result prevails). + return { + ...cfnRequest, + ...handlerResponse, + PhysicalResourceId: physicalResourceId, + }; +} +async function submitResponse(status, event) { + const json = { + Status: status, + Reason: event.Reason ?? status, + StackId: event.StackId, + RequestId: event.RequestId, + PhysicalResourceId: event.PhysicalResourceId || MISSING_PHYSICAL_ID_MARKER, + LogicalResourceId: event.LogicalResourceId, + NoEcho: event.NoEcho, + Data: event.Data, + }; + exports.external.log('submit response to cloudformation', json); + const responseBody = JSON.stringify(json); + const parsedUrl = url.parse(event.ResponseURL); + const req = { + hostname: parsedUrl.hostname, + path: parsedUrl.path, + method: 'PUT', + headers: { 'content-type': '', 'content-length': responseBody.length }, + }; + const retryOptions = { + attempts: 5, + sleep: 1000, + }; + await withRetries(retryOptions, exports.external.sendHttpRequest)(req, responseBody); +} +async function defaultSendHttpRequest(options, responseBody) { + return new Promise((resolve, reject) => { + try { + const request = https.request(options, _ => resolve()); + request.on('error', reject); + request.write(responseBody); + request.end(); + } + catch (e) { + reject(e); + } + }); +} +function defaultLog(fmt, ...params) { + // eslint-disable-next-line no-console + console.log(fmt, ...params); +} +function withRetries(options, fn) { + return async (...xs) => { + let attempts = options.attempts; + let ms = options.sleep; + while (true) { + try { + return await fn(...xs); + } + catch (e) { + if (attempts-- <= 0) { + throw e; + } + await sleep(Math.floor(Math.random() * ms)); + ms *= 2; + } + } + }; +} +exports.withRetries = withRetries; +async function sleep(ms) { + return new Promise((ok) => setTimeout(ok, ms)); +} +//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoibm9kZWpzLWVudHJ5cG9pbnQuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyJub2RlanMtZW50cnlwb2ludC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7QUFBQSwrQkFBK0I7QUFDL0IsMkJBQTJCO0FBRTNCLGlCQUFpQjtBQUNKLFFBQUEsUUFBUSxHQUFHO0lBQ3RCLGVBQWUsRUFBRSxzQkFBc0I7SUFDdkMsR0FBRyxFQUFFLFVBQVU7SUFDZixrQkFBa0IsRUFBRSxJQUFJO0lBQ3hCLGdCQUFnQixFQUFFLFNBQVM7Q0FDNUIsQ0FBQztBQUVGLE1BQU0sZ0NBQWdDLEdBQUcsd0RBQXdELENBQUM7QUFDbEcsTUFBTSwwQkFBMEIsR0FBRyw4REFBOEQsQ0FBQztBQVczRixLQUFLLFVBQVUsT0FBTyxDQUFDLEtBQWtELEVBQUUsT0FBMEI7SUFDMUcsTUFBTSxjQUFjLEdBQUcsRUFBRSxHQUFHLEtBQUssRUFBRSxXQUFXLEVBQUUsS0FBSyxFQUFFLENBQUM7SUFDeEQsZ0JBQVEsQ0FBQyxHQUFHLENBQUMsSUFBSSxDQUFDLFNBQVMsQ0FBQyxjQUFjLEVBQUUsU0FBUyxFQUFFLENBQUMsQ0FBQyxDQUFDLENBQUM7SUFFM0QsdUVBQXVFO0lBQ3ZFLHVFQUF1RTtJQUN2RSxhQUFhO0lBQ2IsSUFBSSxLQUFLLENBQUMsV0FBVyxLQUFLLFFBQVEsSUFBSSxLQUFLLENBQUMsa0JBQWtCLEtBQUssZ0NBQWdDLEVBQUU7UUFDbkcsZ0JBQVEsQ0FBQyxHQUFHLENBQUMsdURBQXVELENBQUMsQ0FBQztRQUN0RSxNQUFNLGNBQWMsQ0FBQyxTQUFTLEVBQUUsS0FBSyxDQUFDLENBQUM7UUFDdkMsT0FBTztLQUNSO0lBRUQsSUFBSTtRQUNGLHlFQUF5RTtRQUN6RSxpRUFBaUU7UUFDakUsd0NBQXdDO1FBQ3hDLGlFQUFpRTtRQUNqRSxNQUFNLFdBQVcsR0FBWSxPQUFPLENBQUMsZ0JBQVEsQ0FBQyxnQkFBZ0IsQ0FBQyxDQUFDLE9BQU8sQ0FBQztRQUN4RSxNQUFNLE1BQU0sR0FBRyxNQUFNLFdBQVcsQ0FBQyxjQUFjLEVBQUUsT0FBTyxDQUFDLENBQUM7UUFFMUQsdURBQXVEO1FBQ3ZELE1BQU0sYUFBYSxHQUFHLGNBQWMsQ0FBQyxLQUFLLEVBQUUsTUFBTSxDQUFDLENBQUM7UUFFcEQsMkJBQTJCO1FBQzNCLE1BQU0sY0FBYyxDQUFDLFNBQVMsRUFBRSxhQUFhLENBQUMsQ0FBQztLQUNoRDtJQUFDLE9BQU8sQ0FBQyxFQUFFO1FBQ1YsTUFBTSxJQUFJLEdBQWE7WUFDckIsR0FBRyxLQUFLO1lBQ1IsTUFBTSxFQUFFLGdCQUFRLENBQUMsa0JBQWtCLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQyxLQUFLLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQyxPQUFPO1NBQzFELENBQUM7UUFFRixJQUFJLENBQUMsSUFBSSxDQUFDLGtCQUFrQixFQUFFO1lBQzVCLHlFQUF5RTtZQUN6RSxtRUFBbUU7WUFDbkUsd0VBQXdFO1lBQ3hFLHFFQUFxRTtZQUNyRSxnQ0FBZ0M7WUFDaEMsSUFBSSxLQUFLLENBQUMsV0FBVyxLQUFLLFFBQVEsRUFBRTtnQkFDbEMsZ0JBQVEsQ0FBQyxHQUFHLENBQUMsNEdBQTRHLENBQUMsQ0FBQztnQkFDM0gsSUFBSSxDQUFDLGtCQUFrQixHQUFHLGdDQUFnQyxDQUFDO2FBQzVEO2lCQUFNO2dCQUNMLGtFQUFrRTtnQkFDbEUsNkRBQTZEO2dCQUM3RCxnQkFBUSxDQUFDLEdBQUcsQ0FBQyw2REFBNkQsSUFBSSxDQUFDLFNBQVMsQ0FBQyxLQUFLLENBQUMsRUFBRSxDQUFDLENBQUM7YUFDcEc7U0FDRjtRQUVELG1FQUFtRTtRQUNuRSxNQUFNLGNBQWMsQ0FBQyxRQUFRLEVBQUUsSUFBSSxDQUFDLENBQUM7S0FDdEM7QUFDSCxDQUFDO0FBbkRELDBCQW1EQztBQUVELFNBQVMsY0FBYyxDQUNyQixVQUF5RixFQUN6RixrQkFBMEMsRUFBRztJQUU3QyxzRUFBc0U7SUFDdEUsdUJBQXVCO0lBQ3ZCLE1BQU0sa0JBQWtCLEdBQUcsZUFBZSxDQUFDLGtCQUFrQixJQUFJLFVBQVUsQ0FBQyxrQkFBa0IsSUFBSSxVQUFVLENBQUMsU0FBUyxDQUFDO0lBRXZILGtFQUFrRTtJQUNsRSxJQUFJLFVBQVUsQ0FBQyxXQUFXLEtBQUssUUFBUSxJQUFJLGtCQUFrQixLQUFLLFVBQVUsQ0FBQyxrQkFBa0IsRUFBRTtRQUMvRixNQUFNLElBQUksS0FBSyxDQUFDLHdEQUF3RCxVQUFVLENBQUMsa0JBQWtCLFNBQVMsZUFBZSxDQUFDLGtCQUFrQixtQkFBbUIsQ0FBQyxDQUFDO0tBQ3RLO0lBRUQsMERBQTBEO0lBQzFELE9BQU87UUFDTCxHQUFHLFVBQVU7UUFDYixHQUFHLGVBQWU7UUFDbEIsa0JBQWtCLEVBQUUsa0JBQWtCO0tBQ3ZDLENBQUM7QUFDSixDQUFDO0FBRUQsS0FBSyxVQUFVLGNBQWMsQ0FBQyxNQUE0QixFQUFFLEtBQWU7SUFDekUsTUFBTSxJQUFJLEdBQW1EO1FBQzNELE1BQU0sRUFBRSxNQUFNO1FBQ2QsTUFBTSxFQUFFLEtBQUssQ0FBQyxNQUFNLElBQUksTUFBTTtRQUM5QixPQUFPLEVBQUUsS0FBSyxDQUFDLE9BQU87UUFDdEIsU0FBUyxFQUFFLEtBQUssQ0FBQyxTQUFTO1FBQzFCLGtCQUFrQixFQUFFLEtBQUssQ0FBQyxrQkFBa0IsSUFBSSwwQkFBMEI7UUFDMUUsaUJBQWlCLEVBQUUsS0FBSyxDQUFDLGlCQUFpQjtRQUMxQyxNQUFNLEVBQUUsS0FBSyxDQUFDLE1BQU07UUFDcEIsSUFBSSxFQUFFLEtBQUssQ0FBQyxJQUFJO0tBQ2pCLENBQUM7SUFFRixnQkFBUSxDQUFDLEdBQUcsQ0FBQyxtQ0FBbUMsRUFBRSxJQUFJLENBQUMsQ0FBQztJQUV4RCxNQUFNLFlBQVksR0FBRyxJQUFJLENBQUMsU0FBUyxDQUFDLElBQUksQ0FBQyxDQUFDO0lBQzFDLE1BQU0sU0FBUyxHQUFHLEdBQUcsQ0FBQyxLQUFLLENBQUMsS0FBSyxDQUFDLFdBQVcsQ0FBQyxDQUFDO0lBQy9DLE1BQU0sR0FBRyxHQUFHO1FBQ1YsUUFBUSxFQUFFLFNBQVMsQ0FBQyxRQUFRO1FBQzVCLElBQUksRUFBRSxTQUFTLENBQUMsSUFBSTtRQUNwQixNQUFNLEVBQUUsS0FBSztRQUNiLE9BQU8sRUFBRSxFQUFFLGNBQWMsRUFBRSxFQUFFLEVBQUUsZ0JBQWdCLEVBQUUsWUFBWSxDQUFDLE1BQU0sRUFBRTtLQUN2RSxDQUFDO0lBRUYsTUFBTSxZQUFZLEdBQUc7UUFDbkIsUUFBUSxFQUFFLENBQUM7UUFDWCxLQUFLLEVBQUUsSUFBSTtLQUNaLENBQUM7SUFDRixNQUFNLFdBQVcsQ0FBQyxZQUFZLEVBQUUsZ0JBQVEsQ0FBQyxlQUFlLENBQUMsQ0FBQyxHQUFHLEVBQUUsWUFBWSxDQUFDLENBQUM7QUFDL0UsQ0FBQztBQUVELEtBQUssVUFBVSxzQkFBc0IsQ0FBQyxPQUE2QixFQUFFLFlBQW9CO0lBQ3ZGLE9BQU8sSUFBSSxPQUFPLENBQUMsQ0FBQyxPQUFPLEVBQUUsTUFBTSxFQUFFLEVBQUU7UUFDckMsSUFBSTtZQUNGLE1BQU0sT0FBTyxHQUFHLEtBQUssQ0FBQyxPQUFPLENBQUMsT0FBTyxFQUFFLENBQUMsQ0FBQyxFQUFFLENBQUMsT0FBTyxFQUFFLENBQUMsQ0FBQztZQUN2RCxPQUFPLENBQUMsRUFBRSxDQUFDLE9BQU8sRUFBRSxNQUFNLENBQUMsQ0FBQztZQUM1QixPQUFPLENBQUMsS0FBSyxDQUFDLFlBQVksQ0FBQyxDQUFDO1lBQzVCLE9BQU8sQ0FBQyxHQUFHLEVBQUUsQ0FBQztTQUNmO1FBQUMsT0FBTyxDQUFDLEVBQUU7WUFDVixNQUFNLENBQUMsQ0FBQyxDQUFDLENBQUM7U0FDWDtJQUNILENBQUMsQ0FBQyxDQUFDO0FBQ0wsQ0FBQztBQUVELFNBQVMsVUFBVSxDQUFDLEdBQVcsRUFBRSxHQUFHLE1BQWE7SUFDL0Msc0NBQXNDO0lBQ3RDLE9BQU8sQ0FBQyxHQUFHLENBQUMsR0FBRyxFQUFFLEdBQUcsTUFBTSxDQUFDLENBQUM7QUFDOUIsQ0FBQztBQVNELFNBQWdCLFdBQVcsQ0FBMEIsT0FBcUIsRUFBRSxFQUE0QjtJQUN0RyxPQUFPLEtBQUssRUFBRSxHQUFHLEVBQUssRUFBRSxFQUFFO1FBQ3hCLElBQUksUUFBUSxHQUFHLE9BQU8sQ0FBQyxRQUFRLENBQUM7UUFDaEMsSUFBSSxFQUFFLEdBQUcsT0FBTyxDQUFDLEtBQUssQ0FBQztRQUN2QixPQUFPLElBQUksRUFBRTtZQUNYLElBQUk7Z0JBQ0YsT0FBTyxNQUFNLEVBQUUsQ0FBQyxHQUFHLEVBQUUsQ0FBQyxDQUFDO2FBQ3hCO1lBQUMsT0FBTyxDQUFDLEVBQUU7Z0JBQ1YsSUFBSSxRQUFRLEVBQUUsSUFBSSxDQUFDLEVBQUU7b0JBQ25CLE1BQU0sQ0FBQyxDQUFDO2lCQUNUO2dCQUNELE1BQU0sS0FBSyxDQUFDLElBQUksQ0FBQyxLQUFLLENBQUMsSUFBSSxDQUFDLE1BQU0sRUFBRSxHQUFHLEVBQUUsQ0FBQyxDQUFDLENBQUM7Z0JBQzVDLEVBQUUsSUFBSSxDQUFDLENBQUM7YUFDVDtTQUNGO0lBQ0gsQ0FBQyxDQUFDO0FBQ0osQ0FBQztBQWhCRCxrQ0FnQkM7QUFFRCxLQUFLLFVBQVUsS0FBSyxDQUFDLEVBQVU7SUFDN0IsT0FBTyxJQUFJLE9BQU8sQ0FBQyxDQUFDLEVBQUUsRUFBRSxFQUFFLENBQUMsVUFBVSxDQUFDLEVBQUUsRUFBRSxFQUFFLENBQUMsQ0FBQyxDQUFDO0FBQ2pELENBQUMiLCJzb3VyY2VzQ29udGVudCI6WyJpbXBvcnQgKiBhcyBodHRwcyBmcm9tICdodHRwcyc7XG5pbXBvcnQgKiBhcyB1cmwgZnJvbSAndXJsJztcblxuLy8gZm9yIHVuaXQgdGVzdHNcbmV4cG9ydCBjb25zdCBleHRlcm5hbCA9IHtcbiAgc2VuZEh0dHBSZXF1ZXN0OiBkZWZhdWx0U2VuZEh0dHBSZXF1ZXN0LFxuICBsb2c6IGRlZmF1bHRMb2csXG4gIGluY2x1ZGVTdGFja1RyYWNlczogdHJ1ZSxcbiAgdXNlckhhbmRsZXJJbmRleDogJy4vaW5kZXgnLFxufTtcblxuY29uc3QgQ1JFQVRFX0ZBSUxFRF9QSFlTSUNBTF9JRF9NQVJLRVIgPSAnQVdTQ0RLOjpDdXN0b21SZXNvdXJjZVByb3ZpZGVyRnJhbWV3b3JrOjpDUkVBVEVfRkFJTEVEJztcbmNvbnN0IE1JU1NJTkdfUEhZU0lDQUxfSURfTUFSS0VSID0gJ0FXU0NESzo6Q3VzdG9tUmVzb3VyY2VQcm92aWRlckZyYW1ld29yazo6TUlTU0lOR19QSFlTSUNBTF9JRCc7XG5cbmV4cG9ydCB0eXBlIFJlc3BvbnNlID0gQVdTTGFtYmRhLkNsb3VkRm9ybWF0aW9uQ3VzdG9tUmVzb3VyY2VFdmVudCAmIEhhbmRsZXJSZXNwb25zZTtcbmV4cG9ydCB0eXBlIEhhbmRsZXIgPSAoZXZlbnQ6IEFXU0xhbWJkYS5DbG91ZEZvcm1hdGlvbkN1c3RvbVJlc291cmNlRXZlbnQsIGNvbnRleHQ6IEFXU0xhbWJkYS5Db250ZXh0KSA9PiBQcm9taXNlPEhhbmRsZXJSZXNwb25zZSB8IHZvaWQ+O1xuZXhwb3J0IHR5cGUgSGFuZGxlclJlc3BvbnNlID0gdW5kZWZpbmVkIHwge1xuICBEYXRhPzogYW55O1xuICBQaHlzaWNhbFJlc291cmNlSWQ/OiBzdHJpbmc7XG4gIFJlYXNvbj86IHN0cmluZztcbiAgTm9FY2hvPzogYm9vbGVhbjtcbn07XG5cbmV4cG9ydCBhc3luYyBmdW5jdGlvbiBoYW5kbGVyKGV2ZW50OiBBV1NMYW1iZGEuQ2xvdWRGb3JtYXRpb25DdXN0b21SZXNvdXJjZUV2ZW50LCBjb250ZXh0OiBBV1NMYW1iZGEuQ29udGV4dCkge1xuICBjb25zdCBzYW5pdGl6ZWRFdmVudCA9IHsgLi4uZXZlbnQsIFJlc3BvbnNlVVJMOiAnLi4uJyB9O1xuICBleHRlcm5hbC5sb2coSlNPTi5zdHJpbmdpZnkoc2FuaXRpemVkRXZlbnQsIHVuZGVmaW5lZCwgMikpO1xuXG4gIC8vIGlnbm9yZSBERUxFVEUgZXZlbnQgd2hlbiB0aGUgcGh5c2ljYWwgcmVzb3VyY2UgSUQgaXMgdGhlIG1hcmtlciB0aGF0XG4gIC8vIGluZGljYXRlcyB0aGF0IHRoaXMgREVMRVRFIGlzIGEgc3Vic2VxdWVudCBERUxFVEUgdG8gYSBmYWlsZWQgQ1JFQVRFXG4gIC8vIG9wZXJhdGlvbi5cbiAgaWYgKGV2ZW50LlJlcXVlc3RUeXBlID09PSAnRGVsZXRlJyAmJiBldmVudC5QaHlzaWNhbFJlc291cmNlSWQgPT09IENSRUFURV9GQUlMRURfUEhZU0lDQUxfSURfTUFSS0VSKSB7XG4gICAgZXh0ZXJuYWwubG9nKCdpZ25vcmluZyBERUxFVEUgZXZlbnQgY2F1c2VkIGJ5IGEgZmFpbGVkIENSRUFURSBldmVudCcpO1xuICAgIGF3YWl0IHN1Ym1pdFJlc3BvbnNlKCdTVUNDRVNTJywgZXZlbnQpO1xuICAgIHJldHVybjtcbiAgfVxuXG4gIHRyeSB7XG4gICAgLy8gaW52b2tlIHRoZSB1c2VyIGhhbmRsZXIuIHRoaXMgaXMgaW50ZW50aW9uYWxseSBpbnNpZGUgdGhlIHRyeS1jYXRjaCB0b1xuICAgIC8vIGVuc3VyZSB0aGF0IGlmIHRoZXJlIGlzIGFuIGVycm9yIGl0J3MgcmVwb3J0ZWQgYXMgYSBmYWlsdXJlIHRvXG4gICAgLy8gY2xvdWRmb3JtYXRpb24gKG90aGVyd2lzZSBjZm4gd2FpdHMpLlxuICAgIC8vIGVzbGludC1kaXNhYmxlLW5leHQtbGluZSBAdHlwZXNjcmlwdC1lc2xpbnQvbm8tcmVxdWlyZS1pbXBvcnRzXG4gICAgY29uc3QgdXNlckhhbmRsZXI6IEhhbmRsZXIgPSByZXF1aXJlKGV4dGVybmFsLnVzZXJIYW5kbGVySW5kZXgpLmhhbmRsZXI7XG4gICAgY29uc3QgcmVzdWx0ID0gYXdhaXQgdXNlckhhbmRsZXIoc2FuaXRpemVkRXZlbnQsIGNvbnRleHQpO1xuXG4gICAgLy8gdmFsaWRhdGUgdXNlciByZXNwb25zZSBhbmQgY3JlYXRlIHRoZSBjb21iaW5lZCBldmVudFxuICAgIGNvbnN0IHJlc3BvbnNlRXZlbnQgPSByZW5kZXJSZXNwb25zZShldmVudCwgcmVzdWx0KTtcblxuICAgIC8vIHN1Ym1pdCB0byBjZm4gYXMgc3VjY2Vzc1xuICAgIGF3YWl0IHN1Ym1pdFJlc3BvbnNlKCdTVUNDRVNTJywgcmVzcG9uc2VFdmVudCk7XG4gIH0gY2F0Y2ggKGUpIHtcbiAgICBjb25zdCByZXNwOiBSZXNwb25zZSA9IHtcbiAgICAgIC4uLmV2ZW50LFxuICAgICAgUmVhc29uOiBleHRlcm5hbC5pbmNsdWRlU3RhY2tUcmFjZXMgPyBlLnN0YWNrIDogZS5tZXNzYWdlLFxuICAgIH07XG5cbiAgICBpZiAoIXJlc3AuUGh5c2ljYWxSZXNvdXJjZUlkKSB7XG4gICAgICAvLyBzcGVjaWFsIGNhc2U6IGlmIENSRUFURSBmYWlscywgd2hpY2ggdXN1YWxseSBpbXBsaWVzLCB3ZSB1c3VhbGx5IGRvbid0XG4gICAgICAvLyBoYXZlIGEgcGh5c2ljYWwgcmVzb3VyY2UgaWQuIGluIHRoaXMgY2FzZSwgdGhlIHN1YnNlcXVlbnQgREVMRVRFXG4gICAgICAvLyBvcGVyYXRpb24gZG9lcyBub3QgaGF2ZSBhbnkgbWVhbmluZywgYW5kIHdpbGwgbGlrZWx5IGZhaWwgYXMgd2VsbC4gdG9cbiAgICAgIC8vIGFkZHJlc3MgdGhpcywgd2UgdXNlIGEgbWFya2VyIHNvIHRoZSBwcm92aWRlciBmcmFtZXdvcmsgY2FuIHNpbXBseVxuICAgICAgLy8gaWdub3JlIHRoZSBzdWJzZXF1ZW50IERFTEVURS5cbiAgICAgIGlmIChldmVudC5SZXF1ZXN0VHlwZSA9PT0gJ0NyZWF0ZScpIHtcbiAgICAgICAgZXh0ZXJuYWwubG9nKCdDUkVBVEUgZmFpbGVkLCByZXNwb25kaW5nIHdpdGggYSBtYXJrZXIgcGh5c2ljYWwgcmVzb3VyY2UgaWQgc28gdGhhdCB0aGUgc3Vic2VxdWVudCBERUxFVEUgd2lsbCBiZSBpZ25vcmVkJyk7XG4gICAgICAgIHJlc3AuUGh5c2ljYWxSZXNvdXJjZUlkID0gQ1JFQVRFX0ZBSUxFRF9QSFlTSUNBTF9JRF9NQVJLRVI7XG4gICAgICB9IGVsc2Uge1xuICAgICAgICAvLyBvdGhlcndpc2UsIGlmIFBoeXNpY2FsUmVzb3VyY2VJZCBpcyBub3Qgc3BlY2lmaWVkLCBzb21ldGhpbmcgaXNcbiAgICAgICAgLy8gdGVycmlibHkgd3JvbmcgYmVjYXVzZSBhbGwgb3RoZXIgZXZlbnRzIHNob3VsZCBoYXZlIGFuIElELlxuICAgICAgICBleHRlcm5hbC5sb2coYEVSUk9SOiBNYWxmb3JtZWQgZXZlbnQuIFwiUGh5c2ljYWxSZXNvdXJjZUlkXCIgaXMgcmVxdWlyZWQ6ICR7SlNPTi5zdHJpbmdpZnkoZXZlbnQpfWApO1xuICAgICAgfVxuICAgIH1cblxuICAgIC8vIHRoaXMgaXMgYW4gYWN0dWFsIGVycm9yLCBmYWlsIHRoZSBhY3Rpdml0eSBhbHRvZ2V0aGVyIGFuZCBleGlzdC5cbiAgICBhd2FpdCBzdWJtaXRSZXNwb25zZSgnRkFJTEVEJywgcmVzcCk7XG4gIH1cbn1cblxuZnVuY3Rpb24gcmVuZGVyUmVzcG9uc2UoXG4gIGNmblJlcXVlc3Q6IEFXU0xhbWJkYS5DbG91ZEZvcm1hdGlvbkN1c3RvbVJlc291cmNlRXZlbnQgJiB7IFBoeXNpY2FsUmVzb3VyY2VJZD86IHN0cmluZyB9LFxuICBoYW5kbGVyUmVzcG9uc2U6IHZvaWQgfCBIYW5kbGVyUmVzcG9uc2UgPSB7IH0pOiBSZXNwb25zZSB7XG5cbiAgLy8gaWYgcGh5c2ljYWwgSUQgaXMgbm90IHJldHVybmVkLCB3ZSBoYXZlIHNvbWUgZGVmYXVsdHMgZm9yIHlvdSBiYXNlZFxuICAvLyBvbiB0aGUgcmVxdWVzdCB0eXBlLlxuICBjb25zdCBwaHlzaWNhbFJlc291cmNlSWQgPSBoYW5kbGVyUmVzcG9uc2UuUGh5c2ljYWxSZXNvdXJjZUlkID8/IGNmblJlcXVlc3QuUGh5c2ljYWxSZXNvdXJjZUlkID8/IGNmblJlcXVlc3QuUmVxdWVzdElkO1xuXG4gIC8vIGlmIHdlIGFyZSBpbiBERUxFVEUgYW5kIHBoeXNpY2FsIElEIHdhcyBjaGFuZ2VkLCBpdCdzIGFuIGVycm9yLlxuICBpZiAoY2ZuUmVxdWVzdC5SZXF1ZXN0VHlwZSA9PT0gJ0RlbGV0ZScgJiYgcGh5c2ljYWxSZXNvdXJjZUlkICE9PSBjZm5SZXF1ZXN0LlBoeXNpY2FsUmVzb3VyY2VJZCkge1xuICAgIHRocm93IG5ldyBFcnJvcihgREVMRVRFOiBjYW5ub3QgY2hhbmdlIHRoZSBwaHlzaWNhbCByZXNvdXJjZSBJRCBmcm9tIFwiJHtjZm5SZXF1ZXN0LlBoeXNpY2FsUmVzb3VyY2VJZH1cIiB0byBcIiR7aGFuZGxlclJlc3BvbnNlLlBoeXNpY2FsUmVzb3VyY2VJZH1cIiBkdXJpbmcgZGVsZXRpb25gKTtcbiAgfVxuXG4gIC8vIG1lcmdlIHJlcXVlc3QgZXZlbnQgYW5kIHJlc3VsdCBldmVudCAocmVzdWx0IHByZXZhaWxzKS5cbiAgcmV0dXJuIHtcbiAgICAuLi5jZm5SZXF1ZXN0LFxuICAgIC4uLmhhbmRsZXJSZXNwb25zZSxcbiAgICBQaHlzaWNhbFJlc291cmNlSWQ6IHBoeXNpY2FsUmVzb3VyY2VJZCxcbiAgfTtcbn1cblxuYXN5bmMgZnVuY3Rpb24gc3VibWl0UmVzcG9uc2Uoc3RhdHVzOiAnU1VDQ0VTUycgfCAnRkFJTEVEJywgZXZlbnQ6IFJlc3BvbnNlKSB7XG4gIGNvbnN0IGpzb246IEFXU0xhbWJkYS5DbG91ZEZvcm1hdGlvbkN1c3RvbVJlc291cmNlUmVzcG9uc2UgPSB7XG4gICAgU3RhdHVzOiBzdGF0dXMsXG4gICAgUmVhc29uOiBldmVudC5SZWFzb24gPz8gc3RhdHVzLFxuICAgIFN0YWNrSWQ6IGV2ZW50LlN0YWNrSWQsXG4gICAgUmVxdWVzdElkOiBldmVudC5SZXF1ZXN0SWQsXG4gICAgUGh5c2ljYWxSZXNvdXJjZUlkOiBldmVudC5QaHlzaWNhbFJlc291cmNlSWQgfHwgTUlTU0lOR19QSFlTSUNBTF9JRF9NQVJLRVIsXG4gICAgTG9naWNhbFJlc291cmNlSWQ6IGV2ZW50LkxvZ2ljYWxSZXNvdXJjZUlkLFxuICAgIE5vRWNobzogZXZlbnQuTm9FY2hvLFxuICAgIERhdGE6IGV2ZW50LkRhdGEsXG4gIH07XG5cbiAgZXh0ZXJuYWwubG9nKCdzdWJtaXQgcmVzcG9uc2UgdG8gY2xvdWRmb3JtYXRpb24nLCBqc29uKTtcblxuICBjb25zdCByZXNwb25zZUJvZHkgPSBKU09OLnN0cmluZ2lmeShqc29uKTtcbiAgY29uc3QgcGFyc2VkVXJsID0gdXJsLnBhcnNlKGV2ZW50LlJlc3BvbnNlVVJMKTtcbiAgY29uc3QgcmVxID0ge1xuICAgIGhvc3RuYW1lOiBwYXJzZWRVcmwuaG9zdG5hbWUsXG4gICAgcGF0aDogcGFyc2VkVXJsLnBhdGgsXG4gICAgbWV0aG9kOiAnUFVUJyxcbiAgICBoZWFkZXJzOiB7ICdjb250ZW50LXR5cGUnOiAnJywgJ2NvbnRlbnQtbGVuZ3RoJzogcmVzcG9uc2VCb2R5Lmxlbmd0aCB9LFxuICB9O1xuXG4gIGNvbnN0IHJldHJ5T3B0aW9ucyA9IHtcbiAgICBhdHRlbXB0czogNSxcbiAgICBzbGVlcDogMTAwMCxcbiAgfTtcbiAgYXdhaXQgd2l0aFJldHJpZXMocmV0cnlPcHRpb25zLCBleHRlcm5hbC5zZW5kSHR0cFJlcXVlc3QpKHJlcSwgcmVzcG9uc2VCb2R5KTtcbn1cblxuYXN5bmMgZnVuY3Rpb24gZGVmYXVsdFNlbmRIdHRwUmVxdWVzdChvcHRpb25zOiBodHRwcy5SZXF1ZXN0T3B0aW9ucywgcmVzcG9uc2VCb2R5OiBzdHJpbmcpOiBQcm9taXNlPHZvaWQ+IHtcbiAgcmV0dXJuIG5ldyBQcm9taXNlKChyZXNvbHZlLCByZWplY3QpID0+IHtcbiAgICB0cnkge1xuICAgICAgY29uc3QgcmVxdWVzdCA9IGh0dHBzLnJlcXVlc3Qob3B0aW9ucywgXyA9PiByZXNvbHZlKCkpO1xuICAgICAgcmVxdWVzdC5vbignZXJyb3InLCByZWplY3QpO1xuICAgICAgcmVxdWVzdC53cml0ZShyZXNwb25zZUJvZHkpO1xuICAgICAgcmVxdWVzdC5lbmQoKTtcbiAgICB9IGNhdGNoIChlKSB7XG4gICAgICByZWplY3QoZSk7XG4gICAgfVxuICB9KTtcbn1cblxuZnVuY3Rpb24gZGVmYXVsdExvZyhmbXQ6IHN0cmluZywgLi4ucGFyYW1zOiBhbnlbXSkge1xuICAvLyBlc2xpbnQtZGlzYWJsZS1uZXh0LWxpbmUgbm8tY29uc29sZVxuICBjb25zb2xlLmxvZyhmbXQsIC4uLnBhcmFtcyk7XG59XG5cbmV4cG9ydCBpbnRlcmZhY2UgUmV0cnlPcHRpb25zIHtcbiAgLyoqIEhvdyBtYW55IHJldHJpZXMgKHdpbGwgYXQgbGVhc3QgdHJ5IG9uY2UpICovXG4gIHJlYWRvbmx5IGF0dGVtcHRzOiBudW1iZXI7XG4gIC8qKiBTbGVlcCBiYXNlLCBpbiBtcyAqL1xuICByZWFkb25seSBzbGVlcDogbnVtYmVyO1xufVxuXG5leHBvcnQgZnVuY3Rpb24gd2l0aFJldHJpZXM8QSBleHRlbmRzIEFycmF5PGFueT4sIEI+KG9wdGlvbnM6IFJldHJ5T3B0aW9ucywgZm46ICguLi54czogQSkgPT4gUHJvbWlzZTxCPik6ICguLi54czogQSkgPT4gUHJvbWlzZTxCPiB7XG4gIHJldHVybiBhc3luYyAoLi4ueHM6IEEpID0+IHtcbiAgICBsZXQgYXR0ZW1wdHMgPSBvcHRpb25zLmF0dGVtcHRzO1xuICAgIGxldCBtcyA9IG9wdGlvbnMuc2xlZXA7XG4gICAgd2hpbGUgKHRydWUpIHtcbiAgICAgIHRyeSB7XG4gICAgICAgIHJldHVybiBhd2FpdCBmbiguLi54cyk7XG4gICAgICB9IGNhdGNoIChlKSB7XG4gICAgICAgIGlmIChhdHRlbXB0cy0tIDw9IDApIHtcbiAgICAgICAgICB0aHJvdyBlO1xuICAgICAgICB9XG4gICAgICAgIGF3YWl0IHNsZWVwKE1hdGguZmxvb3IoTWF0aC5yYW5kb20oKSAqIG1zKSk7XG4gICAgICAgIG1zICo9IDI7XG4gICAgICB9XG4gICAgfVxuICB9O1xufVxuXG5hc3luYyBmdW5jdGlvbiBzbGVlcChtczogbnVtYmVyKTogUHJvbWlzZTx2b2lkPiB7XG4gIHJldHVybiBuZXcgUHJvbWlzZSgob2spID0+IHNldFRpbWVvdXQob2ssIG1zKSk7XG59Il19 \ No newline at end of file diff --git a/packages/@aws-cdk/aws-eks/test/integ.eks-service-account-sdk-call.js.snapshot/asset.8a0a8c03b198919a101198f32c18622186aec532054cb63937cc769635f8e7ef/diff.js b/packages/@aws-cdk/aws-eks/test/integ.eks-service-account-sdk-call.js.snapshot/asset.b461123ee060208a85a3dbdaa41982700ad24caf5f4c4af2f625986b92ac60c3/diff.js similarity index 100% rename from packages/@aws-cdk/aws-eks/test/integ.eks-service-account-sdk-call.js.snapshot/asset.8a0a8c03b198919a101198f32c18622186aec532054cb63937cc769635f8e7ef/diff.js rename to packages/@aws-cdk/aws-eks/test/integ.eks-service-account-sdk-call.js.snapshot/asset.b461123ee060208a85a3dbdaa41982700ad24caf5f4c4af2f625986b92ac60c3/diff.js diff --git a/packages/@aws-cdk/aws-eks/test/integ.eks-service-account-sdk-call.js.snapshot/asset.b461123ee060208a85a3dbdaa41982700ad24caf5f4c4af2f625986b92ac60c3/external.js b/packages/@aws-cdk/aws-eks/test/integ.eks-service-account-sdk-call.js.snapshot/asset.b461123ee060208a85a3dbdaa41982700ad24caf5f4c4af2f625986b92ac60c3/external.js new file mode 100644 index 0000000000000..7d8c6e611c70b --- /dev/null +++ b/packages/@aws-cdk/aws-eks/test/integ.eks-service-account-sdk-call.js.snapshot/asset.b461123ee060208a85a3dbdaa41982700ad24caf5f4c4af2f625986b92ac60c3/external.js @@ -0,0 +1,88 @@ +"use strict"; +Object.defineProperty(exports, "__esModule", { value: true }); +exports.external = exports.downloadThumbprint = void 0; +const util = require("node:util"); +const tls = require("tls"); +const url = require("url"); +// eslint-disable-next-line import/no-extraneous-dependencies +const aws = require("aws-sdk"); +let client; +function iam() { + if (!client) { + client = new aws.IAM(); + } + return client; +} +function defaultLogger(fmt, ...args) { + // eslint-disable-next-line no-console + console.log(fmt, ...args); +} +/** + * Downloads the CA thumbprint from the issuer URL + */ +async function downloadThumbprint(issuerUrl) { + exports.external.log(`Downloading certificate authority thumbprint for ${issuerUrl}`); + return new Promise((ok, ko) => { + const purl = url.parse(issuerUrl); + const port = purl.port ? parseInt(purl.port, 10) : 443; + if (!purl.host) { + return ko(new Error(`unable to determine host from issuer url ${issuerUrl}`)); + } + const socket = tls.connect(port, purl.host, { rejectUnauthorized: false, servername: purl.host }); + socket.once('error', ko); + socket.once('secureConnect', () => { + // This set to `true` would return the entire chain of certificates as a circular reference object + let cert = socket.getPeerCertificate(true); + const unqiueCerts = new Set(); + do { + unqiueCerts.add(cert); + cert = cert.issuerCertificate; + } while (cert && typeof cert === 'object' && !unqiueCerts.has(cert)); + // The last `cert` obtained must be the root certificate in the certificate chain + const rootCert = [...unqiueCerts].pop(); + // Add `ca: true` when node merges the feature. Awaiting resolution: https://github.com/nodejs/node/issues/44905 + if (!(util.isDeepStrictEqual(rootCert.issuer, rootCert.subject))) { + return ko(new Error(`Subject and Issuer of certificate received are different. + Received: \'Subject\' is ${JSON.stringify(rootCert.subject, null, 4)} and \'Issuer\':${JSON.stringify(rootCert.issuer, null, 4)}`)); + } + const validTo = new Date(rootCert.valid_to); + const certificateValidity = getCertificateValidity(validTo); + if (certificateValidity < 0) { + return ko(new Error(`The certificate has already expired on: ${validTo.toUTCString()}`)); + } + // Warning user if certificate validity is expiring within 6 months + if (certificateValidity < 180) { + /* eslint-disable-next-line no-console */ + console.warn(`The root certificate obtained would expire in ${certificateValidity} days!`); + } + socket.end(); + const thumbprint = rootCert.fingerprint.split(':').join(''); + exports.external.log(`Certificate Authority thumbprint for ${issuerUrl} is ${thumbprint}`); + ok(thumbprint); + }); + }); +} +exports.downloadThumbprint = downloadThumbprint; +/** + * To get the validity timeline for the certificate + * @param certDate The valid to date for the certificate + * @returns The number of days the certificate is valid wrt current date + */ +function getCertificateValidity(certDate) { + const millisecondsInDay = 24 * 60 * 60 * 1000; + const currentDate = new Date(); + const validity = Math.round((certDate.getTime() - currentDate.getTime()) / millisecondsInDay); + return validity; +} +// allows unit test to replace with mocks +/* eslint-disable max-len */ +exports.external = { + downloadThumbprint, + log: defaultLogger, + createOpenIDConnectProvider: (req) => iam().createOpenIDConnectProvider(req).promise(), + deleteOpenIDConnectProvider: (req) => iam().deleteOpenIDConnectProvider(req).promise(), + updateOpenIDConnectProviderThumbprint: (req) => iam().updateOpenIDConnectProviderThumbprint(req).promise(), + addClientIDToOpenIDConnectProvider: (req) => iam().addClientIDToOpenIDConnectProvider(req).promise(), + removeClientIDFromOpenIDConnectProvider: (req) => iam().removeClientIDFromOpenIDConnectProvider(req).promise(), +}; +//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZXh0ZXJuYWwuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyJleHRlcm5hbC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7QUFFQSxrQ0FBa0M7QUFDbEMsMkJBQTJCO0FBQzNCLDJCQUEyQjtBQUMzQiw2REFBNkQ7QUFDN0QsK0JBQStCO0FBRS9CLElBQUksTUFBZSxDQUFDO0FBRXBCLFNBQVMsR0FBRztJQUNWLElBQUksQ0FBQyxNQUFNLEVBQUU7UUFBRSxNQUFNLEdBQUcsSUFBSSxHQUFHLENBQUMsR0FBRyxFQUFFLENBQUM7S0FBRTtJQUN4QyxPQUFPLE1BQU0sQ0FBQztBQUNoQixDQUFDO0FBRUQsU0FBUyxhQUFhLENBQUMsR0FBVyxFQUFFLEdBQUcsSUFBVztJQUNoRCxzQ0FBc0M7SUFDdEMsT0FBTyxDQUFDLEdBQUcsQ0FBQyxHQUFHLEVBQUUsR0FBRyxJQUFJLENBQUMsQ0FBQztBQUM1QixDQUFDO0FBRUQ7O0dBRUc7QUFDSSxLQUFLLFVBQVUsa0JBQWtCLENBQUMsU0FBaUI7SUFFeEQsZ0JBQVEsQ0FBQyxHQUFHLENBQUMsb0RBQW9ELFNBQVMsRUFBRSxDQUFDLENBQUM7SUFFOUUsT0FBTyxJQUFJLE9BQU8sQ0FBUyxDQUFDLEVBQUUsRUFBRSxFQUFFLEVBQUUsRUFBRTtRQUNwQyxNQUFNLElBQUksR0FBRyxHQUFHLENBQUMsS0FBSyxDQUFDLFNBQVMsQ0FBQyxDQUFDO1FBQ2xDLE1BQU0sSUFBSSxHQUFHLElBQUksQ0FBQyxJQUFJLENBQUMsQ0FBQyxDQUFDLFFBQVEsQ0FBQyxJQUFJLENBQUMsSUFBSSxFQUFFLEVBQUUsQ0FBQyxDQUFDLENBQUMsQ0FBQyxHQUFHLENBQUM7UUFFdkQsSUFBSSxDQUFDLElBQUksQ0FBQyxJQUFJLEVBQUU7WUFDZCxPQUFPLEVBQUUsQ0FBQyxJQUFJLEtBQUssQ0FBQyw0Q0FBNEMsU0FBUyxFQUFFLENBQUMsQ0FBQyxDQUFDO1NBQy9FO1FBRUQsTUFBTSxNQUFNLEdBQUcsR0FBRyxDQUFDLE9BQU8sQ0FBQyxJQUFJLEVBQUUsSUFBSSxDQUFDLElBQUksRUFBRSxFQUFFLGtCQUFrQixFQUFFLEtBQUssRUFBRSxVQUFVLEVBQUUsSUFBSSxDQUFDLElBQUksRUFBRSxDQUFDLENBQUM7UUFDbEcsTUFBTSxDQUFDLElBQUksQ0FBQyxPQUFPLEVBQUUsRUFBRSxDQUFDLENBQUM7UUFFekIsTUFBTSxDQUFDLElBQUksQ0FBQyxlQUFlLEVBQUUsR0FBRyxFQUFFO1lBQ2hDLGtHQUFrRztZQUNsRyxJQUFJLElBQUksR0FBRyxNQUFNLENBQUMsa0JBQWtCLENBQUMsSUFBSSxDQUFDLENBQUM7WUFFM0MsTUFBTSxXQUFXLEdBQUcsSUFBSSxHQUFHLEVBQTJCLENBQUM7WUFDdkQsR0FBRztnQkFDRCxXQUFXLENBQUMsR0FBRyxDQUFDLElBQUksQ0FBQyxDQUFDO2dCQUN0QixJQUFJLEdBQUcsSUFBSSxDQUFDLGlCQUFpQixDQUFDO2FBQy9CLFFBQVMsSUFBSSxJQUFJLE9BQU8sSUFBSSxLQUFLLFFBQVEsSUFBSSxDQUFDLFdBQVcsQ0FBQyxHQUFHLENBQUMsSUFBSSxDQUFDLEVBQUU7WUFFdEUsaUZBQWlGO1lBQ2pGLE1BQU0sUUFBUSxHQUFHLENBQUMsR0FBRyxXQUFXLENBQUMsQ0FBQyxHQUFHLEVBQUcsQ0FBQztZQUV6QyxnSEFBZ0g7WUFDaEgsSUFBSSxDQUFDLENBQUMsSUFBSSxDQUFDLGlCQUFpQixDQUFDLFFBQVEsQ0FBQyxNQUFNLEVBQUUsUUFBUSxDQUFDLE9BQU8sQ0FBQyxDQUFDLEVBQUU7Z0JBQ2hFLE9BQU8sRUFBRSxDQUFDLElBQUksS0FBSyxDQUFDO21DQUNPLElBQUksQ0FBQyxTQUFTLENBQUMsUUFBUSxDQUFDLE9BQU8sRUFBRSxJQUFJLEVBQUUsQ0FBQyxDQUFDLG1CQUFtQixJQUFJLENBQUMsU0FBUyxDQUFDLFFBQVEsQ0FBQyxNQUFNLEVBQUUsSUFBSSxFQUFFLENBQUMsQ0FBQyxFQUFFLENBQUMsQ0FBQyxDQUFDO2FBQ3JJO1lBRUQsTUFBTSxPQUFPLEdBQUcsSUFBSSxJQUFJLENBQUMsUUFBUSxDQUFDLFFBQVEsQ0FBQyxDQUFDO1lBQzVDLE1BQU0sbUJBQW1CLEdBQUcsc0JBQXNCLENBQUMsT0FBTyxDQUFDLENBQUM7WUFFNUQsSUFBSSxtQkFBbUIsR0FBRyxDQUFDLEVBQUU7Z0JBQzNCLE9BQU8sRUFBRSxDQUFDLElBQUksS0FBSyxDQUFDLDJDQUEyQyxPQUFPLENBQUMsV0FBVyxFQUFFLEVBQUUsQ0FBQyxDQUFDLENBQUM7YUFDMUY7WUFFRCxtRUFBbUU7WUFDbkUsSUFBSSxtQkFBbUIsR0FBRyxHQUFHLEVBQUU7Z0JBQzdCLHlDQUF5QztnQkFDekMsT0FBTyxDQUFDLElBQUksQ0FBQyxpREFBaUQsbUJBQW1CLFFBQVEsQ0FBQyxDQUFDO2FBQzVGO1lBRUQsTUFBTSxDQUFDLEdBQUcsRUFBRSxDQUFDO1lBRWIsTUFBTSxVQUFVLEdBQUcsUUFBUSxDQUFDLFdBQVcsQ0FBQyxLQUFLLENBQUMsR0FBRyxDQUFDLENBQUMsSUFBSSxDQUFDLEVBQUUsQ0FBQyxDQUFDO1lBQzVELGdCQUFRLENBQUMsR0FBRyxDQUFDLHdDQUF3QyxTQUFTLE9BQU8sVUFBVSxFQUFFLENBQUMsQ0FBQztZQUVuRixFQUFFLENBQUMsVUFBVSxDQUFDLENBQUM7UUFDakIsQ0FBQyxDQUFDLENBQUM7SUFDTCxDQUFDLENBQUMsQ0FBQztBQUNMLENBQUM7QUF2REQsZ0RBdURDO0FBRUQ7Ozs7R0FJRztBQUNILFNBQVMsc0JBQXNCLENBQUMsUUFBYztJQUM1QyxNQUFNLGlCQUFpQixHQUFHLEVBQUUsR0FBRyxFQUFFLEdBQUcsRUFBRSxHQUFHLElBQUksQ0FBQztJQUM5QyxNQUFNLFdBQVcsR0FBRyxJQUFJLElBQUksRUFBRSxDQUFDO0lBRS9CLE1BQU0sUUFBUSxHQUFHLElBQUksQ0FBQyxLQUFLLENBQUMsQ0FBQyxRQUFRLENBQUMsT0FBTyxFQUFFLEdBQUcsV0FBVyxDQUFDLE9BQU8sRUFBRSxDQUFDLEdBQUcsaUJBQWlCLENBQUMsQ0FBQztJQUU5RixPQUFPLFFBQVEsQ0FBQztBQUNsQixDQUFDO0FBRUQseUNBQXlDO0FBQ3pDLDRCQUE0QjtBQUNmLFFBQUEsUUFBUSxHQUFHO0lBQ3RCLGtCQUFrQjtJQUNsQixHQUFHLEVBQUUsYUFBYTtJQUNsQiwyQkFBMkIsRUFBRSxDQUFDLEdBQStDLEVBQUUsRUFBRSxDQUFDLEdBQUcsRUFBRSxDQUFDLDJCQUEyQixDQUFDLEdBQUcsQ0FBQyxDQUFDLE9BQU8sRUFBRTtJQUNsSSwyQkFBMkIsRUFBRSxDQUFDLEdBQStDLEVBQUUsRUFBRSxDQUFDLEdBQUcsRUFBRSxDQUFDLDJCQUEyQixDQUFDLEdBQUcsQ0FBQyxDQUFDLE9BQU8sRUFBRTtJQUNsSSxxQ0FBcUMsRUFBRSxDQUFDLEdBQXlELEVBQUUsRUFBRSxDQUFDLEdBQUcsRUFBRSxDQUFDLHFDQUFxQyxDQUFDLEdBQUcsQ0FBQyxDQUFDLE9BQU8sRUFBRTtJQUNoSyxrQ0FBa0MsRUFBRSxDQUFDLEdBQXNELEVBQUUsRUFBRSxDQUFDLEdBQUcsRUFBRSxDQUFDLGtDQUFrQyxDQUFDLEdBQUcsQ0FBQyxDQUFDLE9BQU8sRUFBRTtJQUN2Six1Q0FBdUMsRUFBRSxDQUFDLEdBQTJELEVBQUUsRUFBRSxDQUFDLEdBQUcsRUFBRSxDQUFDLHVDQUF1QyxDQUFDLEdBQUcsQ0FBQyxDQUFDLE9BQU8sRUFBRTtDQUN2SyxDQUFDIiwic291cmNlc0NvbnRlbnQiOlsiLyogaXN0YW5idWwgaWdub3JlIGZpbGUgKi9cbmltcG9ydCB7IERldGFpbGVkUGVlckNlcnRpZmljYXRlIH0gZnJvbSAnbm9kZTp0bHMnO1xuaW1wb3J0ICogYXMgdXRpbCBmcm9tICdub2RlOnV0aWwnO1xuaW1wb3J0ICogYXMgdGxzIGZyb20gJ3Rscyc7XG5pbXBvcnQgKiBhcyB1cmwgZnJvbSAndXJsJztcbi8vIGVzbGludC1kaXNhYmxlLW5leHQtbGluZSBpbXBvcnQvbm8tZXh0cmFuZW91cy1kZXBlbmRlbmNpZXNcbmltcG9ydCAqIGFzIGF3cyBmcm9tICdhd3Mtc2RrJztcblxubGV0IGNsaWVudDogYXdzLklBTTtcblxuZnVuY3Rpb24gaWFtKCkge1xuICBpZiAoIWNsaWVudCkgeyBjbGllbnQgPSBuZXcgYXdzLklBTSgpOyB9XG4gIHJldHVybiBjbGllbnQ7XG59XG5cbmZ1bmN0aW9uIGRlZmF1bHRMb2dnZXIoZm10OiBzdHJpbmcsIC4uLmFyZ3M6IGFueVtdKSB7XG4gIC8vIGVzbGludC1kaXNhYmxlLW5leHQtbGluZSBuby1jb25zb2xlXG4gIGNvbnNvbGUubG9nKGZtdCwgLi4uYXJncyk7XG59XG5cbi8qKlxuICogRG93bmxvYWRzIHRoZSBDQSB0aHVtYnByaW50IGZyb20gdGhlIGlzc3VlciBVUkxcbiAqL1xuZXhwb3J0IGFzeW5jIGZ1bmN0aW9uIGRvd25sb2FkVGh1bWJwcmludChpc3N1ZXJVcmw6IHN0cmluZykge1xuXG4gIGV4dGVybmFsLmxvZyhgRG93bmxvYWRpbmcgY2VydGlmaWNhdGUgYXV0aG9yaXR5IHRodW1icHJpbnQgZm9yICR7aXNzdWVyVXJsfWApO1xuXG4gIHJldHVybiBuZXcgUHJvbWlzZTxzdHJpbmc+KChvaywga28pID0+IHtcbiAgICBjb25zdCBwdXJsID0gdXJsLnBhcnNlKGlzc3VlclVybCk7XG4gICAgY29uc3QgcG9ydCA9IHB1cmwucG9ydCA/IHBhcnNlSW50KHB1cmwucG9ydCwgMTApIDogNDQzO1xuXG4gICAgaWYgKCFwdXJsLmhvc3QpIHtcbiAgICAgIHJldHVybiBrbyhuZXcgRXJyb3IoYHVuYWJsZSB0byBkZXRlcm1pbmUgaG9zdCBmcm9tIGlzc3VlciB1cmwgJHtpc3N1ZXJVcmx9YCkpO1xuICAgIH1cblxuICAgIGNvbnN0IHNvY2tldCA9IHRscy5jb25uZWN0KHBvcnQsIHB1cmwuaG9zdCwgeyByZWplY3RVbmF1dGhvcml6ZWQ6IGZhbHNlLCBzZXJ2ZXJuYW1lOiBwdXJsLmhvc3QgfSk7XG4gICAgc29ja2V0Lm9uY2UoJ2Vycm9yJywga28pO1xuXG4gICAgc29ja2V0Lm9uY2UoJ3NlY3VyZUNvbm5lY3QnLCAoKSA9PiB7XG4gICAgICAvLyBUaGlzIHNldCB0byBgdHJ1ZWAgd291bGQgcmV0dXJuIHRoZSBlbnRpcmUgY2hhaW4gb2YgY2VydGlmaWNhdGVzIGFzIGEgY2lyY3VsYXIgcmVmZXJlbmNlIG9iamVjdFxuICAgICAgbGV0IGNlcnQgPSBzb2NrZXQuZ2V0UGVlckNlcnRpZmljYXRlKHRydWUpO1xuXG4gICAgICBjb25zdCB1bnFpdWVDZXJ0cyA9IG5ldyBTZXQ8RGV0YWlsZWRQZWVyQ2VydGlmaWNhdGU+KCk7XG4gICAgICBkbyB7XG4gICAgICAgIHVucWl1ZUNlcnRzLmFkZChjZXJ0KTtcbiAgICAgICAgY2VydCA9IGNlcnQuaXNzdWVyQ2VydGlmaWNhdGU7XG4gICAgICB9IHdoaWxlICggY2VydCAmJiB0eXBlb2YgY2VydCA9PT0gJ29iamVjdCcgJiYgIXVucWl1ZUNlcnRzLmhhcyhjZXJ0KSk7XG5cbiAgICAgIC8vIFRoZSBsYXN0IGBjZXJ0YCBvYnRhaW5lZCBtdXN0IGJlIHRoZSByb290IGNlcnRpZmljYXRlIGluIHRoZSBjZXJ0aWZpY2F0ZSBjaGFpblxuICAgICAgY29uc3Qgcm9vdENlcnQgPSBbLi4udW5xaXVlQ2VydHNdLnBvcCgpITtcblxuICAgICAgLy8gQWRkIGBjYTogdHJ1ZWAgd2hlbiBub2RlIG1lcmdlcyB0aGUgZmVhdHVyZS4gQXdhaXRpbmcgcmVzb2x1dGlvbjogaHR0cHM6Ly9naXRodWIuY29tL25vZGVqcy9ub2RlL2lzc3Vlcy80NDkwNVxuICAgICAgaWYgKCEodXRpbC5pc0RlZXBTdHJpY3RFcXVhbChyb290Q2VydC5pc3N1ZXIsIHJvb3RDZXJ0LnN1YmplY3QpKSkge1xuICAgICAgICByZXR1cm4ga28obmV3IEVycm9yKGBTdWJqZWN0IGFuZCBJc3N1ZXIgb2YgY2VydGlmaWNhdGUgcmVjZWl2ZWQgYXJlIGRpZmZlcmVudC4gXG4gICAgICAgIFJlY2VpdmVkOiBcXCdTdWJqZWN0XFwnIGlzICR7SlNPTi5zdHJpbmdpZnkocm9vdENlcnQuc3ViamVjdCwgbnVsbCwgNCl9IGFuZCBcXCdJc3N1ZXJcXCc6JHtKU09OLnN0cmluZ2lmeShyb290Q2VydC5pc3N1ZXIsIG51bGwsIDQpfWApKTtcbiAgICAgIH1cblxuICAgICAgY29uc3QgdmFsaWRUbyA9IG5ldyBEYXRlKHJvb3RDZXJ0LnZhbGlkX3RvKTtcbiAgICAgIGNvbnN0IGNlcnRpZmljYXRlVmFsaWRpdHkgPSBnZXRDZXJ0aWZpY2F0ZVZhbGlkaXR5KHZhbGlkVG8pO1xuXG4gICAgICBpZiAoY2VydGlmaWNhdGVWYWxpZGl0eSA8IDApIHtcbiAgICAgICAgcmV0dXJuIGtvKG5ldyBFcnJvcihgVGhlIGNlcnRpZmljYXRlIGhhcyBhbHJlYWR5IGV4cGlyZWQgb246ICR7dmFsaWRUby50b1VUQ1N0cmluZygpfWApKTtcbiAgICAgIH1cblxuICAgICAgLy8gV2FybmluZyB1c2VyIGlmIGNlcnRpZmljYXRlIHZhbGlkaXR5IGlzIGV4cGlyaW5nIHdpdGhpbiA2IG1vbnRoc1xuICAgICAgaWYgKGNlcnRpZmljYXRlVmFsaWRpdHkgPCAxODApIHtcbiAgICAgICAgLyogZXNsaW50LWRpc2FibGUtbmV4dC1saW5lIG5vLWNvbnNvbGUgKi9cbiAgICAgICAgY29uc29sZS53YXJuKGBUaGUgcm9vdCBjZXJ0aWZpY2F0ZSBvYnRhaW5lZCB3b3VsZCBleHBpcmUgaW4gJHtjZXJ0aWZpY2F0ZVZhbGlkaXR5fSBkYXlzIWApO1xuICAgICAgfVxuXG4gICAgICBzb2NrZXQuZW5kKCk7XG5cbiAgICAgIGNvbnN0IHRodW1icHJpbnQgPSByb290Q2VydC5maW5nZXJwcmludC5zcGxpdCgnOicpLmpvaW4oJycpO1xuICAgICAgZXh0ZXJuYWwubG9nKGBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgdGh1bWJwcmludCBmb3IgJHtpc3N1ZXJVcmx9IGlzICR7dGh1bWJwcmludH1gKTtcblxuICAgICAgb2sodGh1bWJwcmludCk7XG4gICAgfSk7XG4gIH0pO1xufVxuXG4vKipcbiAqIFRvIGdldCB0aGUgdmFsaWRpdHkgdGltZWxpbmUgZm9yIHRoZSBjZXJ0aWZpY2F0ZVxuICogQHBhcmFtIGNlcnREYXRlIFRoZSB2YWxpZCB0byBkYXRlIGZvciB0aGUgY2VydGlmaWNhdGVcbiAqIEByZXR1cm5zIFRoZSBudW1iZXIgb2YgZGF5cyB0aGUgY2VydGlmaWNhdGUgaXMgdmFsaWQgd3J0IGN1cnJlbnQgZGF0ZVxuICovXG5mdW5jdGlvbiBnZXRDZXJ0aWZpY2F0ZVZhbGlkaXR5KGNlcnREYXRlOiBEYXRlKTogTnVtYmVyIHtcbiAgY29uc3QgbWlsbGlzZWNvbmRzSW5EYXkgPSAyNCAqIDYwICogNjAgKiAxMDAwO1xuICBjb25zdCBjdXJyZW50RGF0ZSA9IG5ldyBEYXRlKCk7XG5cbiAgY29uc3QgdmFsaWRpdHkgPSBNYXRoLnJvdW5kKChjZXJ0RGF0ZS5nZXRUaW1lKCkgLSBjdXJyZW50RGF0ZS5nZXRUaW1lKCkpIC8gbWlsbGlzZWNvbmRzSW5EYXkpO1xuXG4gIHJldHVybiB2YWxpZGl0eTtcbn1cblxuLy8gYWxsb3dzIHVuaXQgdGVzdCB0byByZXBsYWNlIHdpdGggbW9ja3Ncbi8qIGVzbGludC1kaXNhYmxlIG1heC1sZW4gKi9cbmV4cG9ydCBjb25zdCBleHRlcm5hbCA9IHtcbiAgZG93bmxvYWRUaHVtYnByaW50LFxuICBsb2c6IGRlZmF1bHRMb2dnZXIsXG4gIGNyZWF0ZU9wZW5JRENvbm5lY3RQcm92aWRlcjogKHJlcTogYXdzLklBTS5DcmVhdGVPcGVuSURDb25uZWN0UHJvdmlkZXJSZXF1ZXN0KSA9PiBpYW0oKS5jcmVhdGVPcGVuSURDb25uZWN0UHJvdmlkZXIocmVxKS5wcm9taXNlKCksXG4gIGRlbGV0ZU9wZW5JRENvbm5lY3RQcm92aWRlcjogKHJlcTogYXdzLklBTS5EZWxldGVPcGVuSURDb25uZWN0UHJvdmlkZXJSZXF1ZXN0KSA9PiBpYW0oKS5kZWxldGVPcGVuSURDb25uZWN0UHJvdmlkZXIocmVxKS5wcm9taXNlKCksXG4gIHVwZGF0ZU9wZW5JRENvbm5lY3RQcm92aWRlclRodW1icHJpbnQ6IChyZXE6IGF3cy5JQU0uVXBkYXRlT3BlbklEQ29ubmVjdFByb3ZpZGVyVGh1bWJwcmludFJlcXVlc3QpID0+IGlhbSgpLnVwZGF0ZU9wZW5JRENvbm5lY3RQcm92aWRlclRodW1icHJpbnQocmVxKS5wcm9taXNlKCksXG4gIGFkZENsaWVudElEVG9PcGVuSURDb25uZWN0UHJvdmlkZXI6IChyZXE6IGF3cy5JQU0uQWRkQ2xpZW50SURUb09wZW5JRENvbm5lY3RQcm92aWRlclJlcXVlc3QpID0+IGlhbSgpLmFkZENsaWVudElEVG9PcGVuSURDb25uZWN0UHJvdmlkZXIocmVxKS5wcm9taXNlKCksXG4gIHJlbW92ZUNsaWVudElERnJvbU9wZW5JRENvbm5lY3RQcm92aWRlcjogKHJlcTogYXdzLklBTS5SZW1vdmVDbGllbnRJREZyb21PcGVuSURDb25uZWN0UHJvdmlkZXJSZXF1ZXN0KSA9PiBpYW0oKS5yZW1vdmVDbGllbnRJREZyb21PcGVuSURDb25uZWN0UHJvdmlkZXIocmVxKS5wcm9taXNlKCksXG59O1xuIl19 \ No newline at end of file diff --git a/packages/@aws-cdk/aws-eks/test/integ.eks-service-account-sdk-call.js.snapshot/asset.8a0a8c03b198919a101198f32c18622186aec532054cb63937cc769635f8e7ef/index.js b/packages/@aws-cdk/aws-eks/test/integ.eks-service-account-sdk-call.js.snapshot/asset.b461123ee060208a85a3dbdaa41982700ad24caf5f4c4af2f625986b92ac60c3/index.js similarity index 100% rename from packages/@aws-cdk/aws-eks/test/integ.eks-service-account-sdk-call.js.snapshot/asset.8a0a8c03b198919a101198f32c18622186aec532054cb63937cc769635f8e7ef/index.js rename to packages/@aws-cdk/aws-eks/test/integ.eks-service-account-sdk-call.js.snapshot/asset.b461123ee060208a85a3dbdaa41982700ad24caf5f4c4af2f625986b92ac60c3/index.js diff --git a/packages/@aws-cdk/aws-eks/test/integ.eks-service-account-sdk-call.js.snapshot/asset.c409e6c5845f1f349df8cd84e160bf6f1c35d2b060b63e1f032f9bd39d4542cc.zip b/packages/@aws-cdk/aws-eks/test/integ.eks-service-account-sdk-call.js.snapshot/asset.c409e6c5845f1f349df8cd84e160bf6f1c35d2b060b63e1f032f9bd39d4542cc.zip index dbb0dfc9e9fb2..8097ad2422b72 100644 Binary files a/packages/@aws-cdk/aws-eks/test/integ.eks-service-account-sdk-call.js.snapshot/asset.c409e6c5845f1f349df8cd84e160bf6f1c35d2b060b63e1f032f9bd39d4542cc.zip and b/packages/@aws-cdk/aws-eks/test/integ.eks-service-account-sdk-call.js.snapshot/asset.c409e6c5845f1f349df8cd84e160bf6f1c35d2b060b63e1f032f9bd39d4542cc.zip differ diff --git a/packages/@aws-cdk/aws-eks/test/integ.eks-service-account-sdk-call.js.snapshot/asset.c6964dbf0c556ec82ce09622e99ad6f6d4e488cdaac0ef9e8492e078ec61ffed.zip b/packages/@aws-cdk/aws-eks/test/integ.eks-service-account-sdk-call.js.snapshot/asset.c6964dbf0c556ec82ce09622e99ad6f6d4e488cdaac0ef9e8492e078ec61ffed.zip index cd73574e4a548..c8445903b628b 100644 Binary files a/packages/@aws-cdk/aws-eks/test/integ.eks-service-account-sdk-call.js.snapshot/asset.c6964dbf0c556ec82ce09622e99ad6f6d4e488cdaac0ef9e8492e078ec61ffed.zip and b/packages/@aws-cdk/aws-eks/test/integ.eks-service-account-sdk-call.js.snapshot/asset.c6964dbf0c556ec82ce09622e99ad6f6d4e488cdaac0ef9e8492e078ec61ffed.zip differ diff --git a/packages/@aws-cdk/aws-eks/test/integ.eks-service-account-sdk-call.js.snapshot/aws-eks-service-account-sdk-calls-test.assets.json b/packages/@aws-cdk/aws-eks/test/integ.eks-service-account-sdk-call.js.snapshot/aws-eks-service-account-sdk-calls-test.assets.json index b904b7131fcd2..7eca60f4192d7 100644 --- a/packages/@aws-cdk/aws-eks/test/integ.eks-service-account-sdk-call.js.snapshot/aws-eks-service-account-sdk-calls-test.assets.json +++ b/packages/@aws-cdk/aws-eks/test/integ.eks-service-account-sdk-call.js.snapshot/aws-eks-service-account-sdk-calls-test.assets.json @@ -79,15 +79,15 @@ } } }, - "8a0a8c03b198919a101198f32c18622186aec532054cb63937cc769635f8e7ef": { + "b461123ee060208a85a3dbdaa41982700ad24caf5f4c4af2f625986b92ac60c3": { "source": { - "path": "asset.8a0a8c03b198919a101198f32c18622186aec532054cb63937cc769635f8e7ef", + "path": "asset.b461123ee060208a85a3dbdaa41982700ad24caf5f4c4af2f625986b92ac60c3", "packaging": "zip" }, "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "8a0a8c03b198919a101198f32c18622186aec532054cb63937cc769635f8e7ef.zip", + "objectKey": "b461123ee060208a85a3dbdaa41982700ad24caf5f4c4af2f625986b92ac60c3.zip", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } @@ -144,7 +144,7 @@ } } }, - "d263340aa5fe5d22093e50ee4d716318129c29970cdfd19fd44a053c4fd9893f": { + "34a99f3d829847b33fc4e08ecc5885bcd56839e42d0da51284c3b7387d699134": { "source": { "path": "aws-eks-service-account-sdk-calls-test.template.json", "packaging": "file" @@ -152,7 +152,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "d263340aa5fe5d22093e50ee4d716318129c29970cdfd19fd44a053c4fd9893f.json", + "objectKey": "34a99f3d829847b33fc4e08ecc5885bcd56839e42d0da51284c3b7387d699134.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/packages/@aws-cdk/aws-eks/test/integ.eks-service-account-sdk-call.js.snapshot/aws-eks-service-account-sdk-calls-test.template.json b/packages/@aws-cdk/aws-eks/test/integ.eks-service-account-sdk-call.js.snapshot/aws-eks-service-account-sdk-calls-test.template.json index a9f5265d24210..3f447486af067 100644 --- a/packages/@aws-cdk/aws-eks/test/integ.eks-service-account-sdk-call.js.snapshot/aws-eks-service-account-sdk-calls-test.template.json +++ b/packages/@aws-cdk/aws-eks/test/integ.eks-service-account-sdk-call.js.snapshot/aws-eks-service-account-sdk-calls-test.template.json @@ -1002,9 +1002,6 @@ "ClientIDList": [ "sts.amazonaws.com" ], - "ThumbprintList": [ - "9e99a48a9960b14926bb7f3b02e22da2b0ab7280" - ], "Url": { "Fn::GetAtt": [ "Cluster9EE0221C", @@ -1201,7 +1198,7 @@ "S3Bucket": { "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" }, - "S3Key": "8a0a8c03b198919a101198f32c18622186aec532054cb63937cc769635f8e7ef.zip" + "S3Key": "b461123ee060208a85a3dbdaa41982700ad24caf5f4c4af2f625986b92ac60c3.zip" }, "Timeout": 900, "MemorySize": 128, diff --git a/packages/@aws-cdk/aws-eks/test/integ.eks-service-account-sdk-call.js.snapshot/manifest.json b/packages/@aws-cdk/aws-eks/test/integ.eks-service-account-sdk-call.js.snapshot/manifest.json index b524f451f5206..037bfcda60283 100644 --- a/packages/@aws-cdk/aws-eks/test/integ.eks-service-account-sdk-call.js.snapshot/manifest.json +++ b/packages/@aws-cdk/aws-eks/test/integ.eks-service-account-sdk-call.js.snapshot/manifest.json @@ -23,7 +23,7 @@ "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/d263340aa5fe5d22093e50ee4d716318129c29970cdfd19fd44a053c4fd9893f.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/34a99f3d829847b33fc4e08ecc5885bcd56839e42d0da51284c3b7387d699134.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ diff --git a/packages/@aws-cdk/aws-iam/lib/oidc-provider/external.ts b/packages/@aws-cdk/aws-iam/lib/oidc-provider/external.ts index 4ad18aed4f17d..78d22eb4037b7 100644 --- a/packages/@aws-cdk/aws-iam/lib/oidc-provider/external.ts +++ b/packages/@aws-cdk/aws-iam/lib/oidc-provider/external.ts @@ -1,5 +1,6 @@ /* istanbul ignore file */ - +import { DetailedPeerCertificate } from 'node:tls'; +import * as util from 'node:util'; import * as tls from 'tls'; import * as url from 'url'; // eslint-disable-next-line import/no-extraneous-dependencies @@ -20,26 +21,80 @@ function defaultLogger(fmt: string, ...args: any[]) { /** * Downloads the CA thumbprint from the issuer URL */ -async function downloadThumbprint(issuerUrl: string) { - external.log(`downloading certificate authority thumbprint for ${issuerUrl}`); +export async function downloadThumbprint(issuerUrl: string) { + external.log(`Downloading certificate authority thumbprint for ${issuerUrl}`); + return new Promise((ok, ko) => { const purl = url.parse(issuerUrl); const port = purl.port ? parseInt(purl.port, 10) : 443; + if (!purl.host) { return ko(new Error(`unable to determine host from issuer url ${issuerUrl}`)); } + const socket = tls.connect(port, purl.host, { rejectUnauthorized: false, servername: purl.host }); socket.once('error', ko); + socket.once('secureConnect', () => { - const cert = socket.getPeerCertificate(); + // This set to `true` will return the entire chain of certificates as a nested object + let cert = socket.getPeerCertificate(true); + + const unqiueCerts = new Set(); + do { + unqiueCerts.add(cert); + cert = cert.issuerCertificate; + } while ( cert && typeof cert === 'object' && !unqiueCerts.has(cert)); + + if (unqiueCerts.size == 0) { + return ko(new Error(`No certificates were returned for the mentioned url: ${issuerUrl}`)); + } + + // The last `cert` obtained must be the root certificate in the certificate chain + const rootCert = [...unqiueCerts].pop()!; + + // Add `ca: true` when node merges the feature. Awaiting resolution: https://github.com/nodejs/node/issues/44905 + if (!(util.isDeepStrictEqual(rootCert.issuer, rootCert.subject))) { + return ko(new Error(`Subject and Issuer of certificate received are different. + Received: \'Subject\' is ${JSON.stringify(rootCert.subject, null, 4)} and \'Issuer\':${JSON.stringify(rootCert.issuer, null, 4)}`)); + } + + const validTo = new Date(rootCert.valid_to); + const certificateValidity = getCertificateValidity(validTo); + + if (certificateValidity < 0) { + return ko(new Error(`The certificate has already expired on: ${validTo.toUTCString()}`)); + } + + // Warning user if certificate validity is expiring within 6 months + if (certificateValidity < 180) { + /* eslint-disable-next-line no-console */ + console.warn(`The root certificate obtained would expire in ${certificateValidity} days!`); + } + socket.end(); - const thumbprint = cert.fingerprint.split(':').join(''); - external.log(`certificate authority thumbprint for ${issuerUrl} is ${thumbprint}`); + + const thumbprint = rootCert.fingerprint.split(':').join(''); + external.log(`Certificate Authority thumbprint for ${issuerUrl} is ${thumbprint}`); + ok(thumbprint); }); }); } +/** + * To get the validity timeline for the certificate + * @param certDate The valid to date for the certificate + * @returns The number of days the certificate is valid wrt current date + */ +function getCertificateValidity(certDate: Date): Number { + const millisecondsInDay = 24 * 60 * 60 * 1000; + const currentDate = new Date(); + + const validity = Math.round((certDate.getTime() - currentDate.getTime()) / millisecondsInDay); + + return validity; +} + // allows unit test to replace with mocks /* eslint-disable max-len */ export const external = { diff --git a/packages/@aws-cdk/aws-iam/test/oidc-provider/external.test.ts b/packages/@aws-cdk/aws-iam/test/oidc-provider/external.test.ts new file mode 100644 index 0000000000000..b849eb5140de0 --- /dev/null +++ b/packages/@aws-cdk/aws-iam/test/oidc-provider/external.test.ts @@ -0,0 +1,172 @@ +import { TLSSocket, DetailedPeerCertificate, Certificate } from 'tls'; +import { downloadThumbprint } from '../../lib/oidc-provider/external'; + +const chainLength = 3; +let certificateCount = 0; +let placeholderCertificate: DetailedPeerCertificate; +let peerCertificate: DetailedPeerCertificate; + +describe('downloadThumbprint', () => { + + const peerCertificateMock = jest.spyOn(TLSSocket.prototype, 'getPeerCertificate').mockImplementation(()=> { + return peerCertificate; + }); + + beforeEach(() => { + certificateCount = 0; + peerCertificate = createChainedCertificateObject(); + + // This is to create a circular reference in the root certificate + getRootCertificateFromChain().issuerCertificate = peerCertificate; + + // To have silent test runs for this test + jest.spyOn(console, 'warn').mockImplementation(() => {}); + jest.spyOn(console, 'log').mockImplementation(() => {}); + }); + + test('is able to get root certificate from certificate chain', async () => { + // WHEN + await downloadThumbprint('https://example.com'); + + // THEN + expect(peerCertificateMock).toHaveBeenCalledTimes(2); + }); + + test('throws when subject and issuer are different of expected root certificate', async () => { + // GIVEN + const subject: Certificate = { + C: 'another-country-code-root', + ST: 'another-street-root', + L: 'another-locality-root', + O: 'another-organization-root', + OU: 'another-organizational-unit-root', + CN: 'another-common-name-root', + }; + + getRootCertificateFromChain().subject = subject; + + // THEN + await expect(() => downloadThumbprint('https://example.com')).rejects.toThrowError(/Subject and Issuer of certificate received are different/); + + expect(peerCertificateMock).toHaveBeenCalledTimes(2); + }); + + test('throws error when certificate receieved is expired', async () => { + // GIVEN + const currentDate = new Date(); + const expiredValidityDate = subtractDaysFromDate(currentDate, 5); + + getRootCertificateFromChain().valid_to = expiredValidityDate.toUTCString(); + + // THEN + await expect(() => downloadThumbprint('https://example.com')).rejects.toThrowError(/The certificate has already expired on/); + + expect(peerCertificateMock).toHaveBeenCalledTimes(2); + }); + + afterEach(() => { + peerCertificateMock.mockClear(); + }); +}); + +function createChainedCertificateObject(): DetailedPeerCertificate { + return createCertificateObject(); +} + +function createCertificateObject(): DetailedPeerCertificate { + const currentDate = new Date(); + + if (certificateCount == chainLength ) { + // Root Certificate with circular reference to first certificate + return { + subject: { + C: 'country-code-root', + ST: 'street-root', + L: 'locality-root', + O: 'organization-root', + OU: 'organizational-unit-root', + CN: 'common-name-root', + }, + issuer: { + C: 'country-code-root', + ST: 'street-root', + L: 'locality-root', + O: 'organization-root', + OU: 'organizational-unit-root', + CN: 'common-name-root', + }, + subjectaltname: 'subjectal-name-root', + infoAccess: { + key: ['value-root'], + }, + modulus: 'modulus-root', + exponent: 'exponent-root', + valid_from: currentDate.toUTCString(), + valid_to: addDaysToDate(currentDate, 200).toUTCString(), + fingerprint: '01:02:59:D9:C3:D2:0D:08:F7:82:4E:44:A4:B4:53:C5:E2:3A:87:00', + fingerprint256: '69:AE:1A:6A:D4:3D:C6:C1:1B:EA:C6:23:DE:BA:2A:14:62:62:93:5C:7A:EA:06:41:9B:0B:BC:87:CE:48:4E:00', + ext_key_usage: ['key-usage-root'], + serialNumber: 'serial-number-root', + raw: Buffer.alloc(10), + issuerCertificate: placeholderCertificate, + }; + } + + certificateCount++; + + const certificate = { + subject: { + C: `subject-country-code-${certificateCount}`, + ST: `subject-street-${certificateCount}`, + L: `subject-locality-${certificateCount}`, + O: `subject-organization-${certificateCount}`, + OU: `subject-organizational-unit-${certificateCount}`, + CN: `subject-common-name-${certificateCount}`, + }, + issuer: { + C: `issuer-country-code-${certificateCount}`, + ST: `issuer-street-${certificateCount}`, + L: `issuer-locality-${certificateCount}`, + O: `issuer-organization-${certificateCount}`, + OU: `issuer-organizational-unit-${certificateCount}`, + CN: `issuer-common-name-${certificateCount}`, + }, + subjectaltname: `subjectal-name-${certificateCount}`, + infoAccess: { + key: [`value-${certificateCount}`], + }, + modulus: `modulus-${certificateCount}`, + exponent: `exponent-${certificateCount}`, + valid_from: currentDate.toUTCString(), + valid_to: addDaysToDate(currentDate, 200).toUTCString(), + fingerprint: `01:02:59:D9:C3:D2:0D:08:F7:82:4E:44:A4:B4:53:C5:E2:3A:87:${certificateCount}D`, + fingerprint256: `69:AE:1A:6A:D4:3D:C6:C1:1B:EA:C6:23:DE:BA:2A:14:62:62:93:5C:7A:EA:06:41:9B:0B:BC:87:CE:48:4E:0${certificateCount}`, + ext_key_usage: [`key-usage-${certificateCount}`], + serialNumber: `serial-number-${certificateCount}`, + raw: Buffer.alloc(10), + issuerCertificate: createCertificateObject(), + }; + + return certificate; +} + +function addDaysToDate(date: Date, numberOfDays: number): Date { + const newDate = new Date(); + return new Date(newDate.setDate(date.getDate() + numberOfDays)); +} + +function subtractDaysFromDate(date: Date, numberOfDays: number): Date { + const newDate = new Date(); + return new Date(newDate.setDate(date.getDate() - numberOfDays)); +} + +function getRootCertificateFromChain(): DetailedPeerCertificate { + let rootCert: DetailedPeerCertificate = peerCertificate; + let certificateNumber = 0; + + while (chainLength > certificateNumber++) { + rootCert = rootCert.issuerCertificate; + } + + return rootCert; +}