Merge branch 'master' into update-singleton-function-runtime

aws · May 29, 2022 · 030095e · 030095e
2 parents f45f573 + f4439ce
commit 030095e
Show file tree

Hide file tree

Showing 44 changed files with 728 additions and 91 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,6 +2,28 @@
 
 All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
 
+## [1.158.0](https://github.com/aws/aws-cdk/compare/v1.157.0...v1.158.0) (2022-05-27)
+
+
+### Features
+
+* **apprunner:** VpcConnector construct ([#20471](https://github.com/aws/aws-cdk/issues/20471)) ([5052191](https://github.com/aws/aws-cdk/commit/50521911f22f433323d700db77530e883762138a))
+* **aws-ecr-assets:** support the --platform option when building docker images ([#20439](https://github.com/aws/aws-cdk/issues/20439)) ([adc0368](https://github.com/aws/aws-cdk/commit/adc0368dc1f137aeaa4bd92de77028269e3a48f4)), closes [#12472](https://github.com/aws/aws-cdk/issues/12472) [#16770](https://github.com/aws/aws-cdk/issues/16770) [#16858](https://github.com/aws/aws-cdk/issues/16858)
+* **lambda:** validate function description length ([#20476](https://github.com/aws/aws-cdk/issues/20476)) ([de027e2](https://github.com/aws/aws-cdk/commit/de027e28ce5c95e70fed8874e6531eabba24521c)), closes [#20475](https://github.com/aws/aws-cdk/issues/20475)
+* **s3:** adds objectSizeGreaterThan property for s3 lifecycle rule ([#20425](https://github.com/aws/aws-cdk/issues/20425)) ([23690e4](https://github.com/aws/aws-cdk/commit/23690e40b1604839f99da8b8f96168dda8679c47)), closes [#20372](https://github.com/aws/aws-cdk/issues/20372)
+* **servicecatalog:** ProductStackHistory can retain old ProductStack iterations ([#20244](https://github.com/aws/aws-cdk/issues/20244)) ([1037b8c](https://github.com/aws/aws-cdk/commit/1037b8c7f58ccd162491b49d75954c38d685d67f))
+
+
+### Bug Fixes
+
+* **core:** NestedStack defaultChild is undefined ([#20450](https://github.com/aws/aws-cdk/issues/20450)) ([0a49927](https://github.com/aws/aws-cdk/commit/0a49927e9e5bc250f339f664fa843fae2fab92ec)), closes [#11221](https://github.com/aws/aws-cdk/issues/11221)
+* **iam:** Role policies cannot grow beyond 10k ([#20400](https://github.com/aws/aws-cdk/issues/20400)) ([75bfce7](https://github.com/aws/aws-cdk/commit/75bfce70dbc57fe688c96b3c5cbb67fc4e6fcc56)), closes [#19276](https://github.com/aws/aws-cdk/issues/19276) [#19939](https://github.com/aws/aws-cdk/issues/19939) [#19835](https://github.com/aws/aws-cdk/issues/19835)
+* **integ-runner:** always resynth on deploy ([#20508](https://github.com/aws/aws-cdk/issues/20508)) ([7138057](https://github.com/aws/aws-cdk/commit/71380571b878a50fe4b754c7dac78da075a98242))
+* **integ-tests:** DeployAssert should be private ([#20466](https://github.com/aws/aws-cdk/issues/20466)) ([0f52813](https://github.com/aws/aws-cdk/commit/0f52813bcf6a48c352f697004a899461dd06935d))
+* **lambda:** Fix typo in public subnet warning ([#20470](https://github.com/aws/aws-cdk/issues/20470)) ([85f4e29](https://github.com/aws/aws-cdk/commit/85f4e29e0551d71dd5f2f588584785cbc1ae7b72))
+* **pipelines:** too many CodeBuild steps inflate policy size ([#20396](https://github.com/aws/aws-cdk/issues/20396)) ([f334060](https://github.com/aws/aws-cdk/commit/f334060fca02e928bc4f5fdcfd45244060731d78)), closes [#20189](https://github.com/aws/aws-cdk/issues/20189) [#19276](https://github.com/aws/aws-cdk/issues/19276) [#19939](https://github.com/aws/aws-cdk/issues/19939) [#19835](https://github.com/aws/aws-cdk/issues/19835)
+* **s3-deployment:** default role does not get `PutAcl` permissions on… ([#20492](https://github.com/aws/aws-cdk/issues/20492)) ([3e6ec5c](https://github.com/aws/aws-cdk/commit/3e6ec5c48cff41cec2b32566990046fd704f4ec1))
+
 ## [1.157.0](https://github.com/aws/aws-cdk/compare/v1.156.1...v1.157.0) (2022-05-20)
 
 

diff --git a/README.md b/README.md
@@ -25,7 +25,6 @@ The CDK is available in the following languages:
 * Java ([Java ≥ 8](https://www.oracle.com/technetwork/java/javase/downloads/index.html) and [Maven ≥ 3.5.4](https://maven.apache.org/download.cgi))
 * .NET ([.NET Core ≥ 3.1](https://dotnet.microsoft.com/download))
 * Go ([Go ≥ 1.16.4](https://golang.org/))
-  - Go is currently in developer preview and is not recommended for production use.
 
 \
 Jump To:

diff --git a/packages/@aws-cdk/aws-ecr-assets/README.md b/packages/@aws-cdk/aws-ecr-assets/README.md
@@ -92,6 +92,18 @@ const asset = new DockerImageAsset(this, 'MyBuildImage', {
 })
 ```
 
+You can optionally pass an alternate platform to the `docker build` command by specifying
+the `platform` property:
+
+```ts
+import { DockerImageAsset, Platform } from '@aws-cdk/aws-ecr-assets';
+
+const asset = new DockerImageAsset(this, 'MyBuildImage', {
+  directory: path.join(__dirname, 'my-image'),
+  platform: Platform.LINUX_ARM64,
+})
+```
+
 ## Images from Tarball
 
 Images are loaded from a local tarball, uploaded to ECR by the CDK toolkit and/or your app's CI-CD pipeline, and can be

diff --git a/packages/@aws-cdk/aws-ecr-assets/lib/image-asset.ts b/packages/@aws-cdk/aws-ecr-assets/lib/image-asset.ts
@@ -56,6 +56,36 @@ export class NetworkMode {
   private constructor(public readonly mode: string) {}
 }
 
+/**
+ * platform supported by docker
+ */
+export class Platform {
+  /**
+   * Build for linux/amd64
+   */
+  public static readonly LINUX_AMD64 = new Platform('linux/amd64');
+
+  /**
+   * Build for linux/arm64
+   */
+  public static readonly LINUX_ARM64 = new Platform('linux/arm64');
+
+  /**
+   * Used to specify a custom platform
+   * Use this if the platform name is not yet supported by the CDK.
+   *
+   * @param platform The platform to use for docker build
+   */
+  public static custom(platform: string) {
+    return new Platform(platform);
+  }
+
+  /**
+   * @param platform The platform to use for docker build
+   */
+  private constructor(public readonly platform: string) {}
+}
+
 /**
  * Options to control invalidation of `DockerImageAsset` asset hashes
  */
@@ -101,6 +131,13 @@ export interface DockerImageAssetInvalidationOptions {
    * @default true
    */
   readonly networkMode?: boolean;
+
+  /**
+   * Use `platform` while calculating the asset hash
+   *
+   * @default true
+   */
+  readonly platform?: boolean;
 }
 
 /**
@@ -153,6 +190,13 @@ export interface DockerImageAssetOptions extends FingerprintOptions, FileFingerp
    */
   readonly networkMode?: NetworkMode;
 
+  /**
+   * Platform to build for. _Requires Docker Buildx_.
+   *
+   * @default - no platform specified (the current machine architecture will be used)
+   */
+  readonly platform?: Platform;
+
   /**
    * Options to control which parameters are used to invalidate the asset hash.
    *
@@ -286,6 +330,7 @@ export class DockerImageAsset extends CoreConstruct implements IAsset {
     if (props.invalidation?.file !== false && props.file) { extraHash.file = props.file; }
     if (props.invalidation?.repositoryName !== false && props.repositoryName) { extraHash.repositoryName = props.repositoryName; }
     if (props.invalidation?.networkMode !== false && props.networkMode) { extraHash.networkMode = props.networkMode; }
+    if (props.invalidation?.platform !== false && props.platform) { extraHash.platform = props.platform; }
 
     // add "salt" to the hash in order to invalidate the image in the upgrade to
     // 1.21.0 which removes the AdoptedRepository resource (and will cause the
@@ -318,6 +363,7 @@ export class DockerImageAsset extends CoreConstruct implements IAsset {
       dockerFile: props.file,
       sourceHash: staging.assetHash,
       networkMode: props.networkMode?.mode,
+      platform: props.platform?.platform,
     });
 
     this.repository = ecr.Repository.fromRepositoryName(this, 'Repository', location.repositoryName);

diff --git a/...napshot/asset.394b24fcdc153a83b1fc400bf2e812ee67e3a5ffafdf977d531cfe2187d95f38/Dockerfile b/...napshot/asset.394b24fcdc153a83b1fc400bf2e812ee67e3a5ffafdf977d531cfe2187d95f38/Dockerfile
@@ -0,0 +1,5 @@
+FROM public.ecr.aws/lambda/python:3.6
+EXPOSE 8000
+WORKDIR /src
+ADD . /src
+CMD python3 index.py
diff --git a/....snapshot/asset.394b24fcdc153a83b1fc400bf2e812ee67e3a5ffafdf977d531cfe2187d95f38/index.py b/....snapshot/asset.394b24fcdc153a83b1fc400bf2e812ee67e3a5ffafdf977d531cfe2187d95f38/index.py
@@ -0,0 +1,33 @@
+#!/usr/bin/python
+import sys
+import textwrap
+import http.server
+import socketserver
+
+PORT = 8000
+
+
+class Handler(http.server.SimpleHTTPRequestHandler):
+    def do_GET(self):
+        self.send_response(200)
+        self.send_header('Content-Type', 'text/html')
+        self.end_headers()
+        self.wfile.write(textwrap.dedent('''\
+            <!doctype html>
+            <html><head><title>It works</title></head>
+            <body>
+                <h1>Hello from the integ test container</h1>
+                <p>This container got built and started as part of the integ test.</p>
+                <img src="https://media.giphy.com/media/nFjDu1LjEADh6/giphy.gif">
+            </body>
+            ''').encode('utf-8'))
+
+
+def main():
+    httpd = http.server.HTTPServer(("", PORT), Handler)
+    print("serving at port", PORT)
+    httpd.serve_forever()
+
+
+if __name__ == '__main__':
+    main()
diff --git a/packages/@aws-cdk/aws-ecr-assets/test/assets-docker.integ.snapshot/cdk.out b/packages/@aws-cdk/aws-ecr-assets/test/assets-docker.integ.snapshot/cdk.out
@@ -1 +1 @@
-{"version":"17.0.0"}
+{"version":"20.0.0"}
diff --git a/...ws-cdk/aws-ecr-assets/test/assets-docker.integ.snapshot/integ-assets-docker.template.json b/...ws-cdk/aws-ecr-assets/test/assets-docker.integ.snapshot/integ-assets-docker.template.json
@@ -74,6 +74,48 @@
      ]
     ]
    }
+  },
+  "ImageUri2": {
+   "Value": {
+    "Fn::Join": [
+     "",
+     [
+      {
+       "Ref": "AWS::AccountId"
+      },
+      ".dkr.ecr.",
+      {
+       "Ref": "AWS::Region"
+      },
+      ".",
+      {
+       "Ref": "AWS::URLSuffix"
+      },
+      "/aws-cdk/assets:0a3355be12051c9984bf2b0b2bba4e6ea535968e5b6e7396449701732fe5ed14"
+     ]
+    ]
+   }
+  },
+  "ImageUri3": {
+   "Value": {
+    "Fn::Join": [
+     "",
+     [
+      {
+       "Ref": "AWS::AccountId"
+      },
+      ".dkr.ecr.",
+      {
+       "Ref": "AWS::Region"
+      },
+      ".",
+      {
+       "Ref": "AWS::URLSuffix"
+      },
+      "/aws-cdk/assets:394b24fcdc153a83b1fc400bf2e812ee67e3a5ffafdf977d531cfe2187d95f38"
+     ]
+    ]
+   }
   }
  }
 }
diff --git a/packages/@aws-cdk/aws-ecr-assets/test/assets-docker.integ.snapshot/integ.json b/packages/@aws-cdk/aws-ecr-assets/test/assets-docker.integ.snapshot/integ.json
@@ -1,7 +1,7 @@
 {
-  "version": "18.0.0",
+  "version": "20.0.0",
   "testCases": {
-    "aws-ecr-assets/test/integ.assets-docker": {
+    "integ.assets-docker": {
       "stacks": [
         "integ-assets-docker"
       ],

diff --git a/packages/@aws-cdk/aws-ecr-assets/test/assets-docker.integ.snapshot/manifest.json b/packages/@aws-cdk/aws-ecr-assets/test/assets-docker.integ.snapshot/manifest.json
@@ -1,5 +1,5 @@
 {
-  "version": "17.0.0",
+  "version": "20.0.0",
   "artifacts": {
     "Tree": {
       "type": "cdk:tree",
@@ -26,6 +26,18 @@
               "path": "asset.0a3355be12051c9984bf2b0b2bba4e6ea535968e5b6e7396449701732fe5ed14",
               "sourceHash": "0a3355be12051c9984bf2b0b2bba4e6ea535968e5b6e7396449701732fe5ed14"
             }
+          },
+          {
+            "type": "aws:cdk:asset",
+            "data": {
+              "repositoryName": "aws-cdk/assets",
+              "imageTag": "394b24fcdc153a83b1fc400bf2e812ee67e3a5ffafdf977d531cfe2187d95f38",
+              "id": "394b24fcdc153a83b1fc400bf2e812ee67e3a5ffafdf977d531cfe2187d95f38",
+              "packaging": "container-image",
+              "path": "asset.394b24fcdc153a83b1fc400bf2e812ee67e3a5ffafdf977d531cfe2187d95f38",
+              "sourceHash": "394b24fcdc153a83b1fc400bf2e812ee67e3a5ffafdf977d531cfe2187d95f38",
+              "platform": "linux/arm64"
+            }
           }
         ],
         "/integ-assets-docker/MyUser/Resource": [
@@ -45,6 +57,18 @@
             "type": "aws:cdk:logicalId",
             "data": "ImageUri"
           }
+        ],
+        "/integ-assets-docker/ImageUri2": [
+          {
+            "type": "aws:cdk:logicalId",
+            "data": "ImageUri2"
+          }
+        ],
+        "/integ-assets-docker/ImageUri3": [
+          {
+            "type": "aws:cdk:logicalId",
+            "data": "ImageUri3"
+          }
         ]
       },
       "displayName": "integ-assets-docker"

diff --git a/packages/@aws-cdk/aws-ecr-assets/test/assets-docker.integ.snapshot/tree.json b/packages/@aws-cdk/aws-ecr-assets/test/assets-docker.integ.snapshot/tree.json
@@ -68,6 +68,32 @@
               "version": "0.0.0"
             }
           },
+          "DockerImage3": {
+            "id": "DockerImage3",
+            "path": "integ-assets-docker/DockerImage3",
+            "children": {
+              "Staging": {
+                "id": "Staging",
+                "path": "integ-assets-docker/DockerImage3/Staging",
+                "constructInfo": {
+                  "fqn": "@aws-cdk/core.AssetStaging",
+                  "version": "0.0.0"
+                }
+              },
+              "Repository": {
+                "id": "Repository",
+                "path": "integ-assets-docker/DockerImage3/Repository",
+                "constructInfo": {
+                  "fqn": "@aws-cdk/aws-ecr.RepositoryBase",
+                  "version": "0.0.0"
+                }
+              }
+            },
+            "constructInfo": {
+              "fqn": "@aws-cdk/aws-ecr-assets.DockerImageAsset",
+              "version": "0.0.0"
+            }
+          },
           "MyUser": {
             "id": "MyUser",
             "path": "integ-assets-docker/MyUser",
@@ -99,8 +125,8 @@
                             {
                               "Action": [
                                 "ecr:BatchCheckLayerAvailability",
-                                "ecr:BatchGetImage",
-                                "ecr:GetDownloadUrlForLayer"
+                                "ecr:GetDownloadUrlForLayer",
+                                "ecr:BatchGetImage"
                               ],
                               "Effect": "Allow",
                               "Resource": {
@@ -164,6 +190,22 @@
               "fqn": "@aws-cdk/core.CfnOutput",
               "version": "0.0.0"
             }
+          },
+          "ImageUri2": {
+            "id": "ImageUri2",
+            "path": "integ-assets-docker/ImageUri2",
+            "constructInfo": {
+              "fqn": "@aws-cdk/core.CfnOutput",
+              "version": "0.0.0"
+            }
+          },
+          "ImageUri3": {
+            "id": "ImageUri3",
+            "path": "integ-assets-docker/ImageUri3",
+            "constructInfo": {
+              "fqn": "@aws-cdk/core.CfnOutput",
+              "version": "0.0.0"
+            }
           }
         },
         "constructInfo": {

diff --git a/packages/@aws-cdk/aws-ecr-assets/test/image-asset.test.ts b/packages/@aws-cdk/aws-ecr-assets/test/image-asset.test.ts
@@ -1,12 +1,12 @@
-import * as fs from 'fs';
-import * as path from 'path';
 import { Template } from '@aws-cdk/assertions';
 import * as iam from '@aws-cdk/aws-iam';
 import { describeDeprecated, testDeprecated, testFutureBehavior } from '@aws-cdk/cdk-build-tools';
 import * as cxschema from '@aws-cdk/cloud-assembly-schema';
 import { App, DefaultStackSynthesizer, IgnoreMode, Lazy, LegacyStackSynthesizer, Stack, Stage } from '@aws-cdk/core';
 import * as cxapi from '@aws-cdk/cx-api';
-import { DockerImageAsset, NetworkMode } from '../lib';
+import * as fs from 'fs';
+import * as path from 'path';
+import { DockerImageAsset, NetworkMode, Platform } from '../lib';
 
 /* eslint-disable quote-props */
 
@@ -156,6 +156,20 @@ describe('image asset', () => {
     expect(assetMetadata && (assetMetadata.data as cxschema.ContainerImageAssetMetadataEntry).networkMode).toEqual('default');
   });
 
+  testFutureBehavior('with platform', flags, App, (app) => {
+    // GIVEN
+    const stack = new Stack(app);
+    // WHEN
+    new DockerImageAsset(stack, 'Image', {
+      directory: path.join(__dirname, 'demo-image'),
+      platform: Platform.LINUX_ARM64,
+    });
+
+    // THEN
+    const assetMetadata = stack.node.metadataEntry.find(({ type }) => type === cxschema.ArtifactMetadataEntryType.ASSET);
+    expect(assetMetadata && (assetMetadata.data as cxschema.ContainerImageAssetMetadataEntry).platform).toEqual('linux/arm64');
+  });
+
   testFutureBehavior('asset.repository.grantPull can be used to grant a principal permissions to use the image', flags, App, (app) => {
     // GIVEN
     const stack = new Stack(app);