Skip to content

Commit

Permalink
Merge branch 'DnsValidatedCertificateTokens' of https://github.com/rh…
Browse files Browse the repository at this point in the history
…ermes62/aws-cdk into DnsValidatedCertificateTokens
  • Loading branch information
Reed Hermes committed Mar 12, 2020
2 parents 101c371 + 2576651 commit 6c4f5db
Show file tree
Hide file tree
Showing 153 changed files with 3,329 additions and 2,694 deletions.
29 changes: 1 addition & 28 deletions .github/PULL_REQUEST_TEMPLATE.md
Original file line number Diff line number Diff line change
@@ -1,37 +1,10 @@
## Description

<!--
The description should describe _motivation_. Think about your code reviewers and what information they need in order to understand what you did. If it's a big commit (hopefully not), try to provide some good entry points so it will be easier to follow.
If not obvious (i.e. from unit tests), describe how you verified that your change works.
-->

## Commit Message
<!--Simply copy paste from the PR title and replace the necessary parts-->
{*replace-with-pr-title*} (#{*replace-with-pr-number*})

<!--Use this to give a more detailed message that describes the change-->
{replace-with-extended-commit-message}

<!--For every issue your PR resolves, add `fixes #<issue>` or `closes #<issue>`-->

<!--Shout out to collaborators.-->

<!--If your PR includes breaking changes, uncomment and fill in the following (notice how multiple breaking changes should be formatted):-->
<!--
BREAKING CHANGE: Description of what broke and how to achieve this behavior now<br>
\* **module-name:** Another breaking change<br>
\* **module-name:** Yet another breaking change
-->

<!--IMPORTANT: This section cannot contain any additional markdown headers (#)-->

## End Commit Message

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

<!--
<!--
Please read the contribution guidelines and follow the pull-request checklist:
https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md
-->
5 changes: 2 additions & 3 deletions .github/actions/prlinter/index.js
Original file line number Diff line number Diff line change
Expand Up @@ -3,8 +3,7 @@ const github = require('@actions/github');
const linter = require('prlint')

const checks = {
"MANDATORY_CHANGES": linter.mandatoryChanges,
"COMMIT_MESSAGE": linter.commitMessage
"MANDATORY_CHANGES": linter.mandatoryChanges
}

async function run() {
Expand All @@ -21,7 +20,7 @@ async function run() {
}

await check(number);

} catch (error) {

core.setFailed(error.message);
Expand Down
52 changes: 32 additions & 20 deletions CONTRIBUTING.md
Original file line number Diff line number Diff line change
Expand Up @@ -11,8 +11,9 @@ and let us know if it's not up-to-date (even better, submit a PR with your corr
- [Step 1: Open Issue](#step-1-open-issue)
- [Step 2: Design (optional)](#step-2-design-optional)
- [Step 3: Work your Magic](#step-3-work-your-magic)
- [Step 4: Pull Request](#step-4-pull-request)
- [Step 5: Merge](#step-5-merge)
- [Step 4: Commit](#step-4-commit)
- [Step 5: Pull Request](#step-5-pull-request)
- [Step 6: Merge](#step-6-merge)
- [Tools](#tools)
- [Main build scripts](#main-build-scripts)
- [Partial build tools](#partial-build-tools)
Expand Down Expand Up @@ -52,7 +53,7 @@ For day-to-day development and normal contributions, the following SDKs and tool
- [.NET Core SDK 3.0](https://www.microsoft.com/net/download)
- [Python 3.6.5](https://www.python.org/downloads/release/python-365/)
- [Ruby 2.5.1](https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-5-1-released/)

The basic commands to get the repository cloned and built locally follow:

```console
Expand Down Expand Up @@ -141,7 +142,7 @@ Integration tests perform a few functions in the CDK code base -
3. (Optionally) Acts as a way to validate that constructs set up the CloudFormation resources as expected. A successful
CloudFormation deployment does not mean that the resources are set up correctly.

If you are working on a new feature that is using previously unused CloudFormation resource types, or involves
If you are working on a new feature that is using previously unused CloudFormation resource types, or involves
configuring resource types across services, you need to write integration tests that use these resource types or
features.

Expand All @@ -161,37 +162,48 @@ Examples:
* [integ.destinations.ts](https://github.com/aws/aws-cdk/blob/master/packages/%40aws-cdk/aws-lambda-destinations/test/integ.destinations.ts#L7)
* [integ.token-authorizer.ts](https://github.com/aws/aws-cdk/blob/master/packages/%40aws-cdk/aws-apigateway/test/authorizers/integ.token-authorizer.ts#L6)

### Step 4: Pull Request
### Step 4: Commit

* Push to a GitHub fork or to a branch (naming convention: `<user>/<feature-bug-name>`)
* Submit a Pull Request on GitHub and assign the PR for a review to the "aws/aws-cdk-team" team. The title and description will be used to format the commit message when its merged to master. This in turn, will translate to CHANGELOG entries. It is therefore important we be consistent and informative. Here is an example PR you should use as a reference: https://github.com/aws/aws-cdk/pull/6553.
Create a commit with the proposed change changes:

### Title
* Commit title and message (and PR title and description) must adhere to [conventionalcommits](https://www.conventionalcommits.org).
* The title must begin with `feat(module): title`, `fix(module): title`, `refactor(module): title` or
`chore(module): title`.
* Title should be lowercase.
* No period at the end of the title.

* Must adhere to [conventionalcommits](https://www.conventionalcommits.org).
* The title must begin with one of:
- `feat(module): title`
- `fix(module): title`
- `refactor(module): title`
- `chore(module): title`
* Should be lowercase.
* No period at the end.
* Commit message should describe _motivation_. Think about your code reviewers and what information they need in
order to understand what you did. If it's a big commit (hopefully not), try to provide some good entry points so
it will be easier to follow.

* Commit message should indicate which issues are fixed: `fixes #<issue>` or `closes #<issue>`.

### Description
* Shout out to collaborators.

* Simply follow the PR template carefully.
* If not obvious (i.e. from unit tests), describe how you verified that your change works.

* If this commit includes breaking changes, they must be listed at the end in the following format (notice how multiple breaking changes should be formatted):

```
BREAKING CHANGE: Description of what broke and how to achieve this behavior now
* **module-name:** Another breaking change
* **module-name:** Yet another breaking change
```

### Step 5: Pull Request

* Push to a GitHub fork or to a branch (naming convention: `<user>/<feature-bug-name>`)
* Submit a Pull Requests on GitHub and assign the PR for a review to the "awslabs/aws-cdk" team.
* Please follow the PR checklist written below. We trust our contributors to self-check, and this helps that process!
* Discuss review comments and iterate until you get at least one “Approve”. When iterating, push new commits to the
same branch. Usually all these are going to be squashed when you merge to master. The commit messages should be hints
for you when you finalize your merge commit message.
* Make sure to update the PR title/description if things change.
* Make sure to update the PR title/description if things change. The PR title/description are going to be used as the
commit title/message and will appear in the CHANGELOG, so maintain them all the way throughout the process.



### Step 5: Merge
### Step 6: Merge

* Make sure your PR builds successfully (we have CodeBuild setup to automatically build all PRs)
* Once approved and tested, a maintainer will squash-merge to master and will use your PR title/description as the
Expand Down
2 changes: 1 addition & 1 deletion allowed-breaking-changes.txt
Original file line number Diff line number Diff line change
Expand Up @@ -40,4 +40,4 @@ change-return-type:@aws-cdk/aws-lambda-destinations.EventBridgeDestination.bind
change-return-type:@aws-cdk/aws-lambda-destinations.LambdaDestination.bind
change-return-type:@aws-cdk/aws-lambda-destinations.SnsDestination.bind
change-return-type:@aws-cdk/aws-lambda-destinations.SqsDestination.bind

removed:@aws-cdk/cdk-assets-schema.DockerImageDestination.imageUri
2 changes: 1 addition & 1 deletion package.json
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@
"devDependencies": {
"conventional-changelog-cli": "^2.0.31",
"fs-extra": "^8.1.0",
"jsii-diff": "^1.0.0",
"jsii-diff": "^1.1.0",
"jsii-pacmak": "^0.22.0",
"jsii-rosetta": "^0.22.0",
"lerna": "^3.20.2",
Expand Down
32 changes: 31 additions & 1 deletion packages/@aws-cdk/aws-apigateway/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -153,6 +153,36 @@ plan.addApiStage({
});
```

In scenarios where you need to create a single api key and configure rate limiting for it, you can use `RateLimitedApiKey`.
This construct lets you specify rate limiting properties which should be applied only to the api key being created.
The API key created has the specified rate limits, such as quota and throttles, applied.

The following example shows how to use a rate limited api key :
```ts
const hello = new lambda.Function(this, 'hello', {
runtime: lambda.Runtime.NODEJS_10_X,
handler: 'hello.handler',
code: lambda.Code.fromAsset('lambda')
});

const api = new apigateway.RestApi(this, 'hello-api', { });
const integration = new apigateway.LambdaIntegration(hello);

const v1 = api.root.addResource('v1');
const echo = v1.addResource('echo');
const echoMethod = echo.addMethod('GET', integration, { apiKeyRequired: true });

const key = new apigateway.RateLimitedApiKey(this, 'rate-limited-api-key', {
customerId: 'hello-customer',
resources: [api],
quota: {
limit: 10000,
period: apigateway.Period.MONTH
}
});

```

### Working with models

When you work with Lambda integrations that are not Proxy integrations, you
Expand Down Expand Up @@ -343,7 +373,7 @@ that can be used for controlling access to your REST APIs.

#### IAM-based authorizer

The following CDK code provides 'excecute-api' permission to an IAM user, via IAM policies, for the 'GET' method on the `books` resource:
The following CDK code provides 'execute-api' permission to an IAM user, via IAM policies, for the 'GET' method on the `books` resource:

```ts
const getBooks = books.addMethod('GET', new apigateway.HttpIntegration('http://amazon.com'), {
Expand Down
1 change: 1 addition & 0 deletions packages/@aws-cdk/aws-apigateway/lib/api-key.ts
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@ export interface IApiKey extends IResourceBase {
*/
export interface ApiKeyProps extends ResourceOptions {
/**
* [disable-awslint:ref-via-interface]
* A list of resources this api key is associated with.
* @default none
*/
Expand Down
1 change: 1 addition & 0 deletions packages/@aws-cdk/aws-apigateway/lib/index.ts
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ export * from './stage';
export * from './integrations';
export * from './lambda-api';
export * from './api-key';
export * from './rate-limited-api-key';
export * from './usage-plan';
export * from './vpc-link';
export * from './methodresponse';
Expand Down
54 changes: 54 additions & 0 deletions packages/@aws-cdk/aws-apigateway/lib/rate-limited-api-key.ts
Original file line number Diff line number Diff line change
@@ -0,0 +1,54 @@
import { Construct, Resource } from '@aws-cdk/core';
import { ApiKey, ApiKeyProps, IApiKey } from './api-key';
import { QuotaSettings, ThrottleSettings, UsagePlan, UsagePlanPerApiStage } from './usage-plan';

/**
* RateLimitedApiKey properties.
*/
export interface RateLimitedApiKeyProps extends ApiKeyProps {
/**
* API Stages to be associated with the RateLimitedApiKey.
* @default none
*/
readonly apiStages?: UsagePlanPerApiStage[];

/**
* Number of requests clients can make in a given time period.
* @default none
*/
readonly quota?: QuotaSettings;

/**
* Overall throttle settings for the API.
* @default none
*/
readonly throttle?: ThrottleSettings;
}

/**
* An API Gateway ApiKey, for which a rate limiting configuration can be specified.
*
* @resource AWS::ApiGateway::ApiKey
*/
export class RateLimitedApiKey extends Resource implements IApiKey {
public readonly keyId: string;

constructor(scope: Construct, id: string, props: RateLimitedApiKeyProps = { }) {
super(scope, id, {
physicalName: props.apiKeyName,
});

const resource = new ApiKey(this, 'Resource', props);

if (props.apiStages || props.quota || props.throttle) {
new UsagePlan(this, 'UsagePlanResource', {
apiKey: resource,
apiStages: props.apiStages,
quota: props.quota,
throttle: props.throttle
});
}

this.keyId = resource.keyId;
}
}
108 changes: 108 additions & 0 deletions packages/@aws-cdk/aws-apigateway/test/test.rate-limited-api-key.ts
Original file line number Diff line number Diff line change
@@ -0,0 +1,108 @@
import { expect, haveResource, ResourcePart } from '@aws-cdk/assert';
import * as cdk from '@aws-cdk/core';
import { Test } from "nodeunit";
import * as apigateway from '../lib';

const API_KEY_RESOURCE_TYPE = 'AWS::ApiGateway::ApiKey';
const USAGE_PLAN_RESOURCE_TYPE = 'AWS::ApiGateway::UsagePlan';
const USAGE_PLAN_KEY_RESOURCE_TYPE = 'AWS::ApiGateway::UsagePlanKey';

export = {
'default setup'(test: Test) {
// GIVEN
const stack = new cdk.Stack();
const api = new apigateway.RestApi(stack, 'my-api', { cloudWatchRole: false, deploy: false });
api.root.addMethod('GET'); // Need at least one method on the api

// WHEN
new apigateway.RateLimitedApiKey(stack, 'my-api-key');

// THEN
// should have an api key with no props defined.
expect(stack).to(haveResource(API_KEY_RESOURCE_TYPE, undefined, ResourcePart.CompleteDefinition));
// should not have a usage plan.
expect(stack).notTo(haveResource(USAGE_PLAN_RESOURCE_TYPE));
// should not have a usage plan key.
expect(stack).notTo(haveResource(USAGE_PLAN_KEY_RESOURCE_TYPE));

test.done();
},

'only api key is created when rate limiting properties are not provided'(test: Test) {
// GIVEN
const stack = new cdk.Stack();
const api = new apigateway.RestApi(stack, 'test-api', { cloudWatchRole: false, deploy: true, deployOptions: { stageName: 'test' } });
api.root.addMethod('GET'); // api must have atleast one method.

// WHEN
new apigateway.RateLimitedApiKey(stack, 'test-api-key', {
customerId: 'test-customer',
resources: [api]
});

// THEN
expect(stack).to(haveResource('AWS::ApiGateway::ApiKey', {
CustomerId: 'test-customer',
StageKeys: [
{
RestApiId: { Ref: "testapiD6451F70" },
StageName: { Ref: "testapiDeploymentStagetest5869DF71" }
}
]
}));
// should not have a usage plan.
expect(stack).notTo(haveResource(USAGE_PLAN_RESOURCE_TYPE));
// should not have a usage plan key.
expect(stack).notTo(haveResource(USAGE_PLAN_KEY_RESOURCE_TYPE));

test.done();
},

'api key and usage plan are created and linked when rate limiting properties are provided'(test: Test) {
// GIVEN
const stack = new cdk.Stack();
const api = new apigateway.RestApi(stack, 'test-api', { cloudWatchRole: false, deploy: true, deployOptions: { stageName: 'test' } });
api.root.addMethod('GET'); // api must have atleast one method.

// WHEN
new apigateway.RateLimitedApiKey(stack, 'test-api-key', {
customerId: 'test-customer',
resources: [api],
quota: {
limit: 10000,
period: apigateway.Period.MONTH
}
});

// THEN
// should have an api key
expect(stack).to(haveResource('AWS::ApiGateway::ApiKey', {
CustomerId: 'test-customer',
StageKeys: [
{
RestApiId: { Ref: "testapiD6451F70" },
StageName: { Ref: "testapiDeploymentStagetest5869DF71" }
}
]
}));
// should have a usage plan with specified quota.
expect(stack).to(haveResource(USAGE_PLAN_RESOURCE_TYPE, {
Quota: {
Limit: 10000,
Period: 'MONTH'
}
}, ResourcePart.Properties));
// should have a usage plan key linking the api key and usage plan
expect(stack).to(haveResource(USAGE_PLAN_KEY_RESOURCE_TYPE, {
KeyId: {
Ref: 'testapikey998028B6'
},
KeyType: 'API_KEY',
UsagePlanId: {
Ref: 'testapikeyUsagePlanResource66DB63D6'
}
}, ResourcePart.Properties));

test.done();
}
};
Loading

0 comments on commit 6c4f5db

Please sign in to comment.