Merge branch 'master' into xerofun/lambda-event-source-mapping-parame…

…ters-5236

.github/ISSUE_TEMPLATE/tracking.md

@@ -37,7 +37,7 @@ Checklist of use cases, constructs, features (such as grant methods) that will s
 - [ ] 
 - [ ]
 -->
-[CDK API Reference](url) <!-- replace `url` with link to the service's CDK API reference -->
+See the [CDK API Reference](url) for more implementation details.<!-- replace `url` with link to the service's CDK API reference -->
 
 
 

README.md

@@ -31,7 +31,7 @@ The CDK is available in the following languages:
 [Examples](https://github.com/aws-samples/aws-cdk-examples) |
 [Getting Help](#getting-help) |
 [RFCs](https://github.com/aws/aws-cdk-rfcs) |
-[Roadmap](https://github.com/aws/aws-cdk/ROADMAP.md)
+[Roadmap](https://github.com/aws/aws-cdk/blob/master/ROADMAP.md)
 
 Developers use the [CDK framework] in one of the
 supported programming languages to define reusable cloud components called [constructs], which

allowed-breaking-changes.txt

@@ -40,4 +40,4 @@ change-return-type:@aws-cdk/aws-lambda-destinations.EventBridgeDestination.bind
 change-return-type:@aws-cdk/aws-lambda-destinations.LambdaDestination.bind
 change-return-type:@aws-cdk/aws-lambda-destinations.SnsDestination.bind
 change-return-type:@aws-cdk/aws-lambda-destinations.SqsDestination.bind
-removed:@aws-cdk/cdk-assets-schema.DockerImageDestination.imageUri
+

packages/@aws-cdk/aws-apigateway/README.md

@@ -266,14 +266,30 @@ You can define models for your responses (and requests)
 const responseModel = api.addModel('ResponseModel', {
   contentType: 'application/json',
   modelName: 'ResponseModel',
-  schema: { '$schema': 'http://json-schema.org/draft-04/schema#', 'title': 'pollResponse', 'type': 'object', 'properties': { 'state': { 'type': 'string' }, 'greeting': { 'type': 'string' } } }
+  schema: {
+    schema: JsonSchemaVersion.DRAFT4,
+    title: 'pollResponse',
+    type: JsonSchemaType.OBJECT,
+    properties: {
+      state: { type: JsonSchemaType.STRING },
+      greeting: { type: JsonSchemaType.STRING }
+    }
+  }
 });
 
 // We define the JSON Schema for the transformed error response
 const errorResponseModel = api.addModel('ErrorResponseModel', {
   contentType: 'application/json',
   modelName: 'ErrorResponseModel',
-  schema: { '$schema': 'http://json-schema.org/draft-04/schema#', 'title': 'errorResponse', 'type': 'object', 'properties': { 'state': { 'type': 'string' }, 'message': { 'type': 'string' } } }
+  schema: {
+    schema: JsonSchemaVersion.DRAFT4,
+    title: 'errorResponse',
+    type: JsonSchemaType.OBJECT,
+    properties: {
+      state: { type: JsonSchemaType.STRING },
+      message: { type: JsonSchemaType.STRING }
+    }
+  }
 });
 
 ```

packages/@aws-cdk/aws-codebuild/README.md

@@ -213,6 +213,37 @@ The following example shows how to define an image from a private docker registr
 
 [Docker Registry example](./test/integ.docker-registry.lit.ts)
 
+## Credentials
+
+CodeBuild allows you to store credentials used when communicating with various sources,
+like GitHub:
+
+```typescript
+new codebuild.GitHubSourceCredentials(this, 'CodeBuildGitHubCreds', {
+  accessToken: cdk.SecretValue.secretsManager('my-token'),
+});
+// GitHub Enterprise is almost the same,
+// except the class is called GitHubEnterpriseSourceCredentials
+```
+
+and BitBucket:
+
+```typescript
+new codebuild.BitBucketSourceCredentials(this, 'CodeBuildBitBucketCreds', {
+  username: cdk.SecretValue.secretsManager('my-bitbucket-creds', { jsonField: 'username' }),
+  password: cdk.SecretValue.secretsManager('my-bitbucket-creds', { jsonField: 'password' }),
+});
+```
+
+**Note**: the credentials are global to a given account in a given region -
+they are not defined per CodeBuild project.
+CodeBuild only allows storing a single credential of a given type
+(GitHub, GitHub Enterprise or BitBucket)
+in a given account in a given region -
+any attempt to save more than one will result in an error.
+You can use the [`list-source-credentials` AWS CLI operation](https://docs.aws.amazon.com/cli/latest/reference/codebuild/list-source-credentials.html)
+to inspect what credentials are stored in your account.
+
 ## Events
 
 CodeBuild projects can be used either as a source for events or be triggered

packages/@aws-cdk/aws-codebuild/lib/index.ts

@@ -2,6 +2,7 @@ export * from './events';
 export * from './pipeline-project';
 export * from './project';
 export * from './source';
+export * from './source-credentials';
 export * from './artifacts';
 export * from './cache';
 export * from './build-spec';

packages/@aws-cdk/aws-codebuild/lib/source-credentials.ts

@@ -0,0 +1,98 @@
+import { Construct, Resource, SecretValue } from '@aws-cdk/core';
+import { CfnSourceCredential } from './codebuild.generated';
+
+/**
+ * Creation properties for {@link GitHubSourceCredentials}.
+ */
+export interface GitHubSourceCredentialsProps {
+  /**
+   * The personal access token to use when contacting the GitHub API.
+   */
+  readonly accessToken: SecretValue;
+}
+
+/**
+ * The source credentials used when contacting the GitHub API.
+ *
+ * **Note**: CodeBuild only allows a single credential for GitHub
+ * to be saved in a given AWS account in a given region -
+ * any attempt to add more than one will result in an error.
+ *
+ * @resource AWS::CodeBuild::SourceCredential
+ */
+export class GitHubSourceCredentials extends Resource {
+  constructor(scope: Construct, id: string, props: GitHubSourceCredentialsProps) {
+    super(scope, id);
+
+    new CfnSourceCredential(scope, 'Resource', {
+      serverType: 'GITHUB',
+      authType: 'PERSONAL_ACCESS_TOKEN',
+      token: props.accessToken.toString(),
+    });
+  }
+}
+
+/**
+ * Creation properties for {@link GitHubEnterpriseSourceCredentials}.
+ */
+export interface GitHubEnterpriseSourceCredentialsProps {
+  /**
+   * The personal access token to use when contacting the
+   * instance of the GitHub Enterprise API.
+   */
+  readonly accessToken: SecretValue;
+}
+
+/**
+ * The source credentials used when contacting the GitHub Enterprise API.
+ *
+ * **Note**: CodeBuild only allows a single credential for GitHub Enterprise
+ * to be saved in a given AWS account in a given region -
+ * any attempt to add more than one will result in an error.
+ *
+ * @resource AWS::CodeBuild::SourceCredential
+ */
+export class GitHubEnterpriseSourceCredentials extends Resource {
+  constructor(scope: Construct, id: string, props: GitHubEnterpriseSourceCredentialsProps) {
+    super(scope, id);
+
+    new CfnSourceCredential(scope, 'Resource', {
+      serverType: 'GITHUB_ENTERPRISE',
+      authType: 'PERSONAL_ACCESS_TOKEN',
+      token: props.accessToken.toString(),
+    });
+  }
+}
+
+/**
+ * Construction properties of {@link BitBucketSourceCredentials}.
+ */
+export interface BitBucketSourceCredentialsProps {
+  /** Your BitBucket username. */
+  readonly username: SecretValue;
+
+  /** Your BitBucket application password. */
+  readonly password: SecretValue;
+}
+
+/**
+ * The source credentials used when contacting the BitBucket API.
+ *
+ * **Note**: CodeBuild only allows a single credential for BitBucket
+ * to be saved in a given AWS account in a given region -
+ * any attempt to add more than one will result in an error.
+ *
+ * @resource AWS::CodeBuild::SourceCredential
+ */
+export class BitBucketSourceCredentials extends Resource {
+  constructor(scope: Construct, id: string, props: BitBucketSourceCredentialsProps) {
+    super(scope, id);
+
+    new CfnSourceCredential(this, 'Resource', {
+      serverType: 'BITBUCKET',
+      authType: 'BASIC_AUTH',
+      username: props.username.toString(),
+      token: props.password.toString(),
+    });
+  }
+}

packages/@aws-cdk/aws-codebuild/package.json

@@ -203,7 +203,10 @@
       "docs-public-apis:@aws-cdk/aws-codebuild.S3SourceProps.path",
       "docs-public-apis:@aws-cdk/aws-codebuild.SourceConfig.sourceProperty",
       "docs-public-apis:@aws-cdk/aws-codebuild.SourceConfig.buildTriggers",
-      "props-default-doc:@aws-cdk/aws-codebuild.SourceConfig.buildTriggers"
+      "props-default-doc:@aws-cdk/aws-codebuild.SourceConfig.buildTriggers",
+      "props-physical-name:@aws-cdk/aws-codebuild.BitBucketSourceCredentialsProps",
+      "props-physical-name:@aws-cdk/aws-codebuild.GitHubSourceCredentialsProps",
+      "props-physical-name:@aws-cdk/aws-codebuild.GitHubEnterpriseSourceCredentialsProps"
     ]
   },
   "stability": "stable"

packages/@aws-cdk/aws-codebuild/test/test.project.ts

@@ -124,26 +124,6 @@ export = {
       test.done();
     },
 
-    'can set the SourceVersion for a gitHubEnterprise'(test: Test) {
-      // GIVEN
-      const stack = new cdk.Stack();
-
-      // WHEN
-      new codebuild.Project(stack, 'Project', {
-        source: codebuild.Source.gitHubEnterprise({
-          httpsCloneUrl: 'https://mygithub-enterprise.com/myuser/myrepo',
-          branchOrRef: 'testbranch',
-        })
-      });
-
-      // THEN
-      expect(stack).to(haveResource('AWS::CodeBuild::Project', {
-        SourceVersion: 'testbranch',
-      }));
-
-      test.done();
-    },
-
     'can explicitly set reportBuildStatus to false'(test: Test) {
       // GIVEN
       const stack = new cdk.Stack();
@@ -205,27 +185,110 @@ export = {
 
       test.done();
     },
+
+    'can provide credentials to use with the source'(test: Test) {
+      // GIVEN
+      const stack = new cdk.Stack();
+
+      // WHEN
+      new codebuild.GitHubSourceCredentials(stack, 'GitHubSourceCredentials', {
+        accessToken: cdk.SecretValue.plainText('my-access-token'),
+      });
+
+      // THEN
+      expect(stack).to(haveResource('AWS::CodeBuild::SourceCredential', {
+        "ServerType": "GITHUB",
+        "AuthType": "PERSONAL_ACCESS_TOKEN",
+        "Token": "my-access-token",
+      }));
+
+      test.done();
+    },
   },
 
-  'project with bitbucket and SourceVersion'(test: Test) {
-    // GIVEN
-    const stack = new cdk.Stack();
+  'GitHub Enterprise source': {
+    'can use branchOrRef to set the source version'(test: Test) {
+      // GIVEN
+      const stack = new cdk.Stack();
 
-    // WHEN
-    new codebuild.Project(stack, 'Project', {
-      source: codebuild.Source.bitBucket({
-        owner: 'testowner',
-        repo: 'testrepo',
-        branchOrRef: 'testbranch',
-      })
-    });
+      // WHEN
+      new codebuild.Project(stack, 'Project', {
+        source: codebuild.Source.gitHubEnterprise({
+          httpsCloneUrl: 'https://mygithub-enterprise.com/myuser/myrepo',
+          branchOrRef: 'testbranch',
+        }),
+      });
 
-    // THEN
-    expect(stack).to(haveResource('AWS::CodeBuild::Project', {
-      SourceVersion: 'testbranch',
-    }));
+      // THEN
+      expect(stack).to(haveResource('AWS::CodeBuild::Project', {
+        SourceVersion: 'testbranch',
+      }));
 
-    test.done();
+      test.done();
+    },
+
+    'can provide credentials to use with the source'(test: Test) {
+      // GIVEN
+      const stack = new cdk.Stack();
+
+      // WHEN
+      new codebuild.GitHubEnterpriseSourceCredentials(stack, 'GitHubEnterpriseSourceCredentials', {
+        accessToken: cdk.SecretValue.plainText('my-access-token'),
+      });
+
+      // THEN
+      expect(stack).to(haveResource('AWS::CodeBuild::SourceCredential', {
+        "ServerType": "GITHUB_ENTERPRISE",
+        "AuthType": "PERSONAL_ACCESS_TOKEN",
+        "Token": "my-access-token",
+      }));
+
+      test.done();
+    },
+  },
+
+  'BitBucket source': {
+    'can use branchOrRef to set the source version'(test: Test) {
+      // GIVEN
+      const stack = new cdk.Stack();
+
+      // WHEN
+      new codebuild.Project(stack, 'Project', {
+        source: codebuild.Source.bitBucket({
+          owner: 'testowner',
+          repo: 'testrepo',
+          branchOrRef: 'testbranch',
+        })
+      });
+
+      // THEN
+      expect(stack).to(haveResource('AWS::CodeBuild::Project', {
+        SourceVersion: 'testbranch',
+      }));
+
+      test.done();
+    },
+
+    'can provide credentials to use with the source'(test: Test) {
+      // GIVEN
+      const stack = new cdk.Stack();
+
+      // WHEN
+      new codebuild.BitBucketSourceCredentials(stack, 'BitBucketSourceCredentials', {
+        username: cdk.SecretValue.plainText('my-username'),
+        password: cdk.SecretValue.plainText('password'),
+      });
+
+      // THEN
+      expect(stack).to(haveResource('AWS::CodeBuild::SourceCredential', {
+        "ServerType": "BITBUCKET",
+        "AuthType": "BASIC_AUTH",
+        "Username": "my-username",
+        "Token": "password",
+      }));
+
+      test.done();
+    },
   },
 
   'project with s3 cache bucket'(test: Test) {
@@ -433,4 +496,4 @@ export = {
 
     test.done();
   }
-};
+};

packages/@aws-cdk/cdk-assets-schema/README.md

@@ -1,4 +1,5 @@
 # cdk-assets-schema
+
 <!--BEGIN STABILITY BANNER-->
 
 ---