Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merge #16

Merged
merged 67 commits into from
Jun 11, 2020
Merged

Merge #16

merged 67 commits into from
Jun 11, 2020

Conversation

flemjame-at-amazon
Copy link
Owner


By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

AWS CDK Team and others added 30 commits June 3, 2020 22:24
change `fooBoo`'s type from `string` to `string[]`.
`fooBoo` is string array in this example.


----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
In order to make migrating from hyper-modular CDK to Mono-CDK easier,
align the .NET and Java base namespace/package to match the ones set on
the `@aws-cdk/core` library, as those types will be hoisted to the root
of the Mono-CDK packaging.


----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…ion (#8152)

Add that the authorizerURI includes the correct partition. Previously, it
always used the aws partition.

fixes #8098

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
MonoCDK was previously using a special packaging process, but this was
changed to use the standard packaging process used by any other CDK
library. It is thus no longer necessary to apply those exceptions which
risk making the build slower.


----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Bumps [ts-jest](https://github.com/kulshekhar/ts-jest) from 26.0.0 to 26.1.0.
- [Release notes](https://github.com/kulshekhar/ts-jest/releases)
- [Changelog](https://github.com/kulshekhar/ts-jest/blob/master/CHANGELOG.md)
- [Commits](kulshekhar/ts-jest@v26.0.0...v26.1.0)

Signed-off-by: dependabot-preview[bot] <[email protected]>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
The example of EFS doc is using older naming of EFS L2 API, which can not be compiled any more.


----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Elastic Load Balancer's ApplicationListener.addAction does not pass on conditions array to ApplicationListenerRule. 

This PR adds a line that passes on the conditions in the addAction function.

fixes #8328 

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
The conventional CDK name for properties that hold KMS Keys is 'encryptionKey',
not 'kmsKey' (we don't use the service name as part of the class or property name).

BREAKING CHANGE: DatabaseClusterProps.kmsKey has been renamed to storageEncryptionKey
* **rds**: DatabaseInstanceNewProps.performanceInsightKmsKey has been renamed to performanceInsightEncryptionKey
* **rds**: DatabaseInstanceSourceProps.secretKmsKey has been renamed to masterUserPasswordEncryptionKey
* **rds**: DatabaseInstanceProps.kmsKey has been renamed to storageEncryptionKey
* **rds**: DatabaseInstanceReadReplicaProps.kmsKey has been renamed to storageEncryptionKey
* **rds**: Login.kmsKey has been renamed to encryptionKey

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Fixes #6669

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…rmissions (#8409)

`Secret.grantRead()` now gives permission for `secretmanager:DescribeSecret` and `secretmanager:GetSecretValue`,
instead of only `secretmanager:GetSecretValue`. 

Fixes #6444 
Fixes #7953 

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
No new tests or expectations added.


----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
For security purposes, we decided that it would be lower risk to assume a different role when we publish S3 assets and when we publish ECR assets. The reason is that ECR publishers execute `docker build` which can potentially execute 3rd party code (via a base docker image).

This change modifies the conventional name for the publishing roles as well as adds a set of properties to the `DefaultStackSynthesizer` to allow customization as needed.

This is a resubmission of #8319. That one was failing backwards regression tests... and for good reason! However in this case, the regression was intended (and deemed acceptable since we haven't officially "released" the feature we're breaking yet).

Unfortunately the mechanism to skip integration tests during the regression tests has been broken recently, so had to be reintroduced here.

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Adds recognition of tokens for all validations that validate the content
in some form.

fixes #8314


----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
The PR #8403 changed the "IAM stack" to use the default environment and forgot to update the expected output (which now does not contain a token for the URL suffix).
Stages are self-contained application units that synthesize as a cloud assembly. This change centralizes prepare + synthesis logic into the stage level and changes `App` to extend `Stage`. 

Once `stage.synth()` is called, the stage becomes (practically) immutable. This means that subsequent synths will return the same output.

The cloud assembly produced by stages is nested as an artifact inside another cloud assembly (either the App's top-level assembly) or a child.

Authors: @rix0rrr, @eladb 

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Bumps [aws-sdk](https://github.com/aws/aws-sdk-js) from 2.689.0 to 2.691.0.
- [Release notes](https://github.com/aws/aws-sdk-js/releases)
- [Changelog](https://github.com/aws/aws-sdk-js/blob/master/CHANGELOG.md)
- [Commits](aws/aws-sdk-js@v2.689.0...v2.691.0)

Signed-off-by: dependabot-preview[bot] <[email protected]>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
…ks (#8206)

Path parameters in API Gateway allows for paths to contain the resource
id, such as `/pets/{petId}/comments/{commentId}`. When generating the
ARN for a Method to this Resource, the path parameters should be placed
with asterisks, such as `/pets/*/comments/*`.

fixes #8036


----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Was missing arguments to `addTargets()`.

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
I've taken the liberty to implement a preview, refer to #7752

Any feedback is welcome!

BREAKING CHANGE: `requiredAttributes` on `UserPool` construct is now replaced with `standardAttributes` with a slightly modified signature.

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
The permissions required to clean up old DynamoDB Global Tables replicas
were set up in such a way that removing a replication region, or
dropping replication entirely (or when causing a table replacement),
they were removed before CloudFormation gets to the `CLEAN_UP` phase,
causing a clean up failure (and old tables would remain there).

This changes the way permissions are granted to the replication handler
resource so that they are added using a separate `iam.Policy` resource,
so that deleted permissions are also removed during the `CLEAN_UP` phase
after the resources depending on them have been deleted.

The tradeoff is that two additional resources are added to the stack
that defines the DynamoDB Global Tables, where previously those
permissions were mastered in the nested stack that holds the replication
handler. Unofrtunately, the nested stack gets it's `CLEAN_UP` phase
executed as part of the nested stack resource update, not during it's
parent stack's `CLEAN_UP` phase.

Fixes #7189


----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Both the aws-s3-deployment and aws-codepipeline-actions CacheControl class uses
"s-max-age" instead of the correct "s-maxage". This change fixes to the correct
header value.

fixes #6292


----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
RomainMuller and others added 29 commits June 9, 2020 12:15
Packages that are not containers of L1 libraries (`Cfn~` classes) have
no point in having a `cfn2ts` script registered. This causes problems
when trying to generate L1s across the whole repository using
`lerna run cfn2ts`.

This adds a `pkglint` rule that mandates the `cfn2ts` script is only
present when the related other metadata is also required to be present.


----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 10.17.21 to 10.17.25.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

Signed-off-by: dependabot-preview[bot] <[email protected]>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
In order to write better assertions on complex resource structs that
only test what we're interested in (and not properties that may
accidentally change as part of unrelated refactors), add more powerful
matchers that can express things like:

- `objectLike()`
- `arrayWith()`
- `stringContaining()` (not implemented by default but easy to add now)

We can now write:

```ts
  expect(stack).toHaveResourceLike('AWS::S3::BucketPolicy',  {
    PolicyDocument: {
      Statement: arrayWith(objectLike({
        Action: arrayWith('s3:GetObject*', 's3:GetBucket*', 's3:List*'),
        Principal: {
          AWS: {
            'Fn::Sub': stringContaining('-deploy-role-')
          }
        }
      }))
    }
  });
```

And be invariant to things like the order of elements in the arrays,
and default role name qualifiers.

Refactor the old assertions to be epxressed in terms of the new
matchers.

NOTE: Matchers are now functions, which won't translate into
jsii in the future. It will be easy enough to make them single-method
objects in the future when we move this library (or a similar
one to jsii). For now, I did not want to let that impact the design.


----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
When a Fargate Profile is added to the cluster, we need to make sure the aws-auth config map is updated from within the CDK app. EKS will do that behind the scenes if it's not done manually, but this means that it would be an out-of-band update of the config map and will be overridden by the CDK if the config map is updated manually.

Fixes #7981



----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Improve the reliability of `@monocdk-experiment/rewrite-imports` by
making it use the TypeScript compiler to locate import statements that
need re-writing, and performing the relevant surgery on the source code
based on the findings.


----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Get the last 64 chars of the `uniqueId`.

See #7885 (comment).

Closes #7885
Closes #8442

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
----
AutoScalingGroup [notificationconfigurations](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-as-group.html#cfn-as-group-notificationconfigurations) property allows configuring autoscaling to send notifications about fleet scaling events to one or more SNS topics. 

The current AutoScalingGroup API expose a `notificationsTopic` property which only allows configuring a single topic, and does not allows configuring which events will trigger a notification but instead configures all notifications, which can be rather noisy.

This PR deprecates the `notificationsTopic` property and introduce a `notifications` property
 which allows configuring multiple `NotificationConfiguration`, each with is own SNS topic and a custom list of events which will trigger a notification.

closes #8053

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Adds a DependsOn Fargate profile resources when more than one Fargate profiles
exists on the same cluster.

fixes #6084

----

Tested via:
```ts
    const vpc = new Vpc(this, 'VPC', {maxAzs: 2});
    const cluster = new FargateCluster(this, 'Cluster', {
      clusterName: 'my-app',
      mastersRole: new Role(this, 'ClusterAdminRole', {
        assumedBy: new AccountRootPrincipal()}
      ),
      vpc,
    });
    const profile1 = cluster.addFargateProfile('MyCustomFargateProfile1', {
      fargateProfileName: 'my-app',
      selectors: [
        {namespace: 'my-app'}
      ],
      vpc
    });
    const profile2 = cluster.addFargateProfile('MyCustomFargateProfile2', {
      fargateProfileName: 'my-app2',
      selectors: [
        {namespace: 'my-app2'}
      ],
      vpc
    });
```

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
chore: mergify team update and stale review rule update
…#8317)

This PR will have the EKS Cluster construct expose [**ClusterSecurityGroupId**](https://docs.aws.amazon.com/eks/latest/APIReference/API_VpcConfigResponse.html#AmazonEKS-Type-VpcConfigResponse-clusterSecurityGroupId) (ID of Security group that was created by Amazon EKS for the cluster) and [**EncryptionConfigKeyArn**](https://docs.aws.amazon.com/eks/latest/APIReference/API_Provider.html#AmazonEKS-Type-Provider-keyArn) (ARN of the customer master key used in the encryption configuration for the cluster) attributes for both custom resource and native CloudFormation option.

This also fixes #8276 in the following way: if a custom resource returns an attribute with an "undefined" value, CFN will fail with a "vendor response doesn't contain key" error. To avoid this, we return empty strings in case an attribute is undefined. This is also true for when adding new attributes, in which case updating to the new version will fail on previously deployed clusters with the same error. To mitigate this (and fix #8276 along the way), we add a fake property called "AttributesRevision" with a number that needs to be manually incremented every time new attributes are introduced. This will cause old clusters to be updated and the new attributes returned.

Closes #8236 



----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Bumps [nyc](https://github.com/istanbuljs/nyc) from 15.0.1 to 15.1.0.
- [Release notes](https://github.com/istanbuljs/nyc/releases)
- [Changelog](https://github.com/istanbuljs/nyc/blob/master/CHANGELOG.md)
- [Commits](istanbuljs/nyc@v15.0.1...v15.1.0)

Signed-off-by: dependabot-preview[bot] <[email protected]>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
Bumps [lerna](https://github.com/lerna/lerna/tree/HEAD/core/lerna) from 3.22.0 to 3.22.1.
- [Release notes](https://github.com/lerna/lerna/releases)
- [Changelog](https://github.com/lerna/lerna/blob/master/core/lerna/CHANGELOG.md)
- [Commits](https://github.com/lerna/lerna/commits/v3.22.1/core/lerna)

Signed-off-by: dependabot-preview[bot] <[email protected]>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
The `os.tmpdir()` built-in doesn't return the real path when the
returned path is a symlink.

Add a `FileSystem.tmpdir` that wraps `os.tmpdir()` in a
`fs.realpathSync()` and caches the result.

Add a `FileSystem.mkdtemp()` to create temp directories in
the system temp directory.

Fixes #8465


----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
### Commit Message
feat(appsync): enhances and completes auth config

- Enhances auth config system with strongly-typed interfaces.
- Adds support for `AWS_IAM` and `OPENID_CONNECT` authorization.
- Fixes issue with `API_KEY` default authorization which caused CDK to not create new API Key upon not finding `apiKeyDesc` (the intended behavior was creation of new API key when no auth config was present).

BREAKING CHANGE: Changes way of auth config even for existing supported methods viz., User Pools and API Key.
### End Commit Message

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Adding @aws-solutions-constructs to the list of WHITELIST_SCOPES for Metadata version reporting, due to the name change of AWS Solutions Konstruk to AWS Solutions Constructs


----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
This creates an additional option called `timeout` that will be passed down whenever deploying helm chart to an EKS cluster.

In order to allow the timeout parameter to work while performing helm commands, the provider framework has to honor the maximum timeout of 15 minutes from target process (lambda in this case).

closes #8215 

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
In order to support environments in which docker cannot be executed or has a unique location, we added an environment variable `CDK_DOCKER` which is used instead of `docker` if defined.

Resolves #8460


----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Get `uid` and `gid` of current user and pass it to `docker run` to avoid
running the container as `root`. On Windows, use `1000:1000` as default.

Add `user` to `BundlingOptions`.

Fixes #8489


----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Gives users the option to choose between detailed and basic monitoring.
Defaults to detailed when not specified, maintaining current behavior.

Fixes #8212 
----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
)

Added some infos regarding how to put credentials into gitpod as persisting environment variables. Setting up the CDK dev environment is pretty tough compared to other OSS projects no matter which way you go. Every  infos making it easier should be made available.

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
)

Otherwise, the build fails in some environments
(for example, Gitpod) with the error:

    ERROR: Can not combine '--user' and '--prefix' as they imply different installation locations

Fixes #8102

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
@flemjame-at-amazon flemjame-at-amazon merged commit ef301f4 into flemjame-at-amazon:master Jun 11, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.