Merge branch 'main' into feature/commentting-encoding

aws · Mar 7, 2023 · 2613835 · 2613835
2 parents 307e1b8 + 1b2014e
commit 2613835
Show file tree

Hide file tree

Showing 192 changed files with 6,485 additions and 1,877 deletions.
diff --git a/package.json b/package.json
@@ -19,14 +19,14 @@
     "@types/node": "18.11.19",
     "@types/prettier": "2.6.0",
     "@yarnpkg/lockfile": "^1.1.0",
-    "cdk-generate-synthetic-examples": "^0.1.167",
+    "cdk-generate-synthetic-examples": "^0.1.173",
     "conventional-changelog-cli": "^2.2.2",
     "fs-extra": "^9.1.0",
     "graceful-fs": "^4.2.10",
     "jest-junit": "^13.2.0",
-    "jsii-diff": "1.76.0",
-    "jsii-pacmak": "1.76.0",
-    "jsii-reflect": "1.76.0",
+    "jsii-diff": "1.77.0",
+    "jsii-pacmak": "1.77.0",
+    "jsii-reflect": "1.77.0",
     "jsii-rosetta": "v4.9-next",
     "lerna": "^4.0.0",
     "patch-package": "^6.5.1",

diff --git a/packages/@aws-cdk-testing/cli-integ/lib/integ-test.ts b/packages/@aws-cdk-testing/cli-integ/lib/integ-test.ts
@@ -36,6 +36,7 @@ export function integTest(
     output.write('================================================================\n');
 
     try {
+      process.stderr.write(`▶️ [INTEG TEST::${name}] Starting...\n`);
       return await callback({
         output,
         randomString: randomString(),
@@ -44,13 +45,16 @@ export function integTest(
         },
       });
     } catch (e) {
+      process.stderr.write(`💥 [INTEG TEST::${name}] Failed: ${e}\n`);
       output.write(e.message);
       output.write(e.stack);
       // Print output only if the test fails. Use 'console.log' so the output is buffered by
       // jest and prints without a stack trace (if verbose: false).
       // eslint-disable-next-line no-console
       console.log(output.buffer().toString());
       throw e;
+    } finally {
+      process.stderr.write(`⏹️ [INTEG TEST::${name}] Done.\n`);
     }
   }, timeoutMillis);
 }

diff --git a/packages/@aws-cdk-testing/cli-integ/lib/resource-pool.ts b/packages/@aws-cdk-testing/cli-integ/lib/resource-pool.ts
@@ -44,9 +44,12 @@ export class ResourcePool<A extends string=string> {
     while (true) {
       // Start a wait on the unlock now -- if the unlock signal comes after
       // we try to acquire but before we start the wait, we might miss it.
-      const wait = this.pool.awaitUnlock(5000);
+      //
+      // (The timeout is in case the unlock signal doesn't come for whatever reason).
+      const wait = this.pool.awaitUnlock(10_000);
 
-      for (const res of this.unlockedResources()) {
+      // Try all mutexes, we might need to reacquire an expired lock
+      for (const res of this.resources) {
         const lease = await this.tryObtainLease(res);
         if (lease) {
           // Ignore the wait (count as handled)
@@ -107,13 +110,6 @@ export class ResourcePool<A extends string=string> {
     delete this.locks[value];
     await lock?.release();
   }
-
-  /**
-   * Return all resources that we definitely don't own the locks for
-   */
-  private unlockedResources(): A[] {
-    return this.resources.filter(res => !this.locks[res]);
-  }
 }
 
 /**

diff --git a/packages/@aws-cdk-testing/cli-integ/lib/xpmutex.ts b/packages/@aws-cdk-testing/cli-integ/lib/xpmutex.ts
@@ -141,7 +141,7 @@ export class XpMutex {
       // signal due to unfortunate timing.
       const wait = this.pool.awaitUnlock(5000);
 
-      const lock = await this.acquire();
+      const lock = await this.tryAcquire();
       if (lock) {
         // Ignore the wait (count as handled)
         wait.then(() => {}, () => {});

diff --git a/packages/@aws-cdk-testing/cli-integ/package.json b/packages/@aws-cdk-testing/cli-integ/package.json
@@ -39,7 +39,7 @@
   },
   "dependencies": {
     "@octokit/rest": "^18.12.0",
-    "aws-sdk": "^2.1325.0",
+    "aws-sdk": "^2.1329.0",
     "axios": "^0.27.2",
     "fs-extra": "^9.1.0",
     "glob": "^7.2.3",

diff --git a/packages/@aws-cdk-testing/cli-integ/test/xpmutex.test.ts b/packages/@aws-cdk-testing/cli-integ/test/xpmutex.test.ts
@@ -0,0 +1,46 @@
+import { XpMutexPool } from '../lib/xpmutex';
+
+const POOL = XpMutexPool.fromName('test-pool');
+
+test('acquire waits', async () => {
+  const mux = POOL.mutex('testA');
+  let secondLockAcquired = false;
+
+  // Current "process" acquires lock
+  const lock = await mux.acquire();
+
+  // Start a second "process" that tries to acquire the lock
+  const secondProcess = (async () => {
+    const secondLock = await mux.acquire();
+    try {
+      secondLockAcquired = true;
+    } finally {
+      await secondLock.release();
+    }
+  })();
+
+  // Once we release the lock the second process is free to take it
+  expect(secondLockAcquired).toBe(false);
+  await lock.release();
+
+  // We expect the variable to become true
+  await waitFor(() => secondLockAcquired);
+  expect(secondLockAcquired).toBe(true);
+
+  await secondProcess;
+});
+
+
+/**
+ * Poll for some condition every 10ms
+ */
+function waitFor(pred: () => boolean): Promise<void> {
+  return new Promise((ok) => {
+    const timerHandle = setInterval(() => {
+      if (pred()) {
+        clearInterval(timerHandle);
+        ok();
+      }
+    }, 5);
+  });
+}
diff --git a/packages/@aws-cdk-testing/cli-integ/tests/init-go/init-go.integtest.ts b/packages/@aws-cdk-testing/cli-integ/tests/init-go/init-go.integtest.ts
@@ -8,7 +8,7 @@ import { integTest, withTemporaryDirectory, ShellHelper, withPackages } from '..
     await context.packages.makeCliAvailable();
 
     await shell.shell(['cdk', 'init', '-l', 'go', template]);
-    await shell.shell(['go', 'mod', 'edit', '-replace', 'github.com/aws/aws-cdk-go/awscdk=$dist_root/go/awscdk']);
+    await shell.shell(['go', 'mod', 'edit', '-replace', 'github.com/aws/aws-cdk-go/awscdk/v2=$CODEBUILD_SRC_DIR/go/awscdk']);
     await shell.shell(['go', 'mod', 'tidy']);
     await shell.shell(['go', 'test']);
     await shell.shell(['cdk', 'synth']);

diff --git a/packages/@aws-cdk/aws-amplify/package.json b/packages/@aws-cdk/aws-amplify/package.json
@@ -88,7 +88,7 @@
     "@aws-cdk/cfn2ts": "0.0.0",
     "@aws-cdk/pkglint": "0.0.0",
     "@types/jest": "^27.5.2",
-    "aws-sdk": "^2.1325.0",
+    "aws-sdk": "^2.1329.0",
     "jsii": "v4.9-next"
   },
   "dependencies": {

diff --git a/packages/@aws-cdk/aws-apigateway/lib/authorizers/lambda.ts b/packages/@aws-cdk/aws-apigateway/lib/authorizers/lambda.ts
@@ -7,6 +7,7 @@ import { CfnAuthorizer, CfnAuthorizerProps } from '../apigateway.generated';
 import { Authorizer, IAuthorizer } from '../authorizer';
 import { IRestApi } from '../restapi';
 
+
 /**
  * Base properties for all lambda authorizers
  */
@@ -122,22 +123,36 @@ abstract class LambdaAuthorizer extends Authorizer implements IAuthorizer {
    */
   protected setupPermissions() {
     if (!this.role) {
-      this.handler.addPermission(`${Names.uniqueId(this)}:Permissions`, {
-        principal: new iam.ServicePrincipal('apigateway.amazonaws.com'),
-        sourceArn: this.authorizerArn,
-      });
-    } else if (this.role instanceof iam.Role) { // i.e. not imported
-      this.role.attachInlinePolicy(new iam.Policy(this, 'authorizerInvokePolicy', {
-        statements: [
-          new iam.PolicyStatement({
-            resources: this.handler.resourceArnsForGrantInvoke,
-            actions: ['lambda:InvokeFunction'],
-          }),
-        ],
-      }));
+      this.addDefaultPermisionRole();
+    } else if (iam.Role.isRole(this.role)) {
+      this.addLambdaInvokePermission(this.role);
     }
   }
 
+  /**
+   * Add Default Permission Role for handler
+   */
+  private addDefaultPermisionRole() :void {
+    this.handler.addPermission(`${Names.uniqueId(this)}:Permissions`, {
+      principal: new iam.ServicePrincipal('apigateway.amazonaws.com'),
+      sourceArn: this.authorizerArn,
+    });
+  }
+
+  /**
+   * Add Lambda Invoke Permission for LambdaAurhorizer's role
+   */
+  private addLambdaInvokePermission(role: iam.Role) :void {
+    role.attachInlinePolicy(new iam.Policy(this, 'authorizerInvokePolicy', {
+      statements: [
+        new iam.PolicyStatement({
+          resources: this.handler.resourceArnsForGrantInvoke,
+          actions: ['lambda:InvokeFunction'],
+        }),
+      ],
+    }));
+  }
+
   /**
    * Returns a token that resolves to the Rest Api Id at the time of synthesis.
    * Throws an error, during token resolution, if no RestApi is attached to this authorizer.

diff --git a/packages/@aws-cdk/aws-apigateway/test/authorizers/integ.request-authorizer.lit.ts b/packages/@aws-cdk/aws-apigateway/test/authorizers/integ.request-authorizer.lit.ts
@@ -1,9 +1,7 @@
 import * as path from 'path';
 import * as lambda from '@aws-cdk/aws-lambda';
 import { App, Stack } from '@aws-cdk/core';
-import { MockIntegration, PassthroughBehavior, RestApi } from '../../lib';
-import { RequestAuthorizer } from '../../lib/authorizers';
-import { IdentitySource } from '../../lib/authorizers/identity-source';
+import { MockIntegration, PassthroughBehavior, RestApi, RequestAuthorizer, IdentitySource } from '../../lib';
 
 // Against the RestApi endpoint from the stack output, run
 // `curl -s -o /dev/null -w "%{http_code}" <url>` should return 401

diff --git a/packages/@aws-cdk/aws-apprunner/lib/service.ts b/packages/@aws-cdk/aws-apprunner/lib/service.ts
@@ -4,6 +4,7 @@ import * as iam from '@aws-cdk/aws-iam';
 import * as secretsmanager from '@aws-cdk/aws-secretsmanager';
 import * as ssm from '@aws-cdk/aws-ssm';
 import * as cdk from '@aws-cdk/core';
+import { Lazy } from '@aws-cdk/core';
 import { Construct } from 'constructs';
 import { CfnService } from './apprunner.generated';
 import { IVpcConnector } from './vpc-connector';
@@ -924,16 +925,6 @@ export class Service extends cdk.Resource {
    */
   readonly environment: { [key: string]: string } = {};
 
-  /**
-   * Environment variables for this service.
-   */
-  private environmentVariables: { [key: string]: string } = {};
-
-  /**
-   * Environment secrets for this service.
-   */
-  private environmentSecrets: { [key: string]: Secret; } = {};
-
   /**
    * Environment secrets for this service.
    */
@@ -981,17 +972,22 @@ export class Service extends cdk.Resource {
     this.source = source;
     this.props = props;
 
-    this.environmentVariables = this.getEnvironmentVariables();
-    this.environmentSecrets = this.getEnvironmentSecrets();
+    this.instanceRole = this.props.instanceRole;
+
+    const environmentVariables = this.getEnvironmentVariables();
+    const environmentSecrets = this.getEnvironmentSecrets();
+
+    for (const [key, value] of Object.entries(environmentVariables)) {
+      this.addEnvironmentVariable(key, value);
+    }
+    for (const [key, value] of Object.entries(environmentSecrets)) {
+      this.addSecret(key, value);
+    }
 
     // generate an IAM role only when ImageRepositoryType is ECR and props.accessRole is undefined
     this.accessRole = (this.source.imageRepository?.imageRepositoryType == ImageRepositoryType.ECR) ?
       this.props.accessRole ?? this.generateDefaultRole() : undefined;
 
-    // generalte an IAM role only when environmentSecrets has values and props.instanceRole is undefined
-    this.instanceRole = (Object.keys(this.environmentSecrets).length > 0 && !this.props.instanceRole) ?
-      this.createInstanceRole() : this.props.instanceRole;
-
     if (this.source.codeRepository?.codeConfiguration.configurationSource == ConfigurationSourceType.REPOSITORY &&
       this.source.codeRepository?.codeConfiguration.configurationValues) {
       throw new Error('configurationValues cannot be provided if the ConfigurationSource is Repository');
@@ -1001,7 +997,7 @@ export class Service extends cdk.Resource {
       instanceConfiguration: {
         cpu: this.props.cpu?.unit,
         memory: this.props.memory?.unit,
-        instanceRoleArn: this.instanceRole?.roleArn,
+        instanceRoleArn: Lazy.string({ produce: () => this.instanceRole?.roleArn }),
       },
       sourceConfiguration: {
         authenticationConfiguration: this.renderAuthenticationConfiguration(),
@@ -1036,13 +1032,19 @@ export class Service extends cdk.Resource {
    * This method adds an environment variable to the App Runner service.
    */
   public addEnvironmentVariable(name: string, value: string) {
+    if (name.startsWith('AWSAPPRUNNER')) {
+      throw new Error(`Environment variable key ${name} with a prefix of AWSAPPRUNNER is not allowed`);
+    }
     this.variables.push({ name: name, value: value });
   }
 
   /**
    * This method adds a secret as environment variable to the App Runner service.
    */
   public addSecret(name: string, secret: Secret) {
+    if (name.startsWith('AWSAPPRUNNER')) {
+      throw new Error(`Environment secret key ${name} with a prefix of AWSAPPRUNNER is not allowed`);
+    }
     if (!this.instanceRole) {
       this.instanceRole = this.createInstanceRole();
     }
@@ -1130,36 +1132,22 @@ export class Service extends cdk.Resource {
       port: props.port,
       buildCommand: props.buildCommand,
       runtime: props.runtime.name,
-      runtimeEnvironmentVariables: this.renderEnvironmentVariables(),
-      runtimeEnvironmentSecrets: this.renderEnvironmentSecrets(),
+      runtimeEnvironmentVariables: Lazy.any({ produce: () => this.renderEnvironmentVariables() }),
+      runtimeEnvironmentSecrets: Lazy.any({ produce: () => this.renderEnvironmentSecrets() }),
       startCommand: props.startCommand,
     };
   }
 
   private renderEnvironmentVariables(): EnvironmentVariable[] | undefined {
-    if (Object.keys(this.environmentVariables).length > 0) {
-      for (const [key, value] of Object.entries(this.environmentVariables)) {
-        if (key.startsWith('AWSAPPRUNNER')) {
-          throw new Error(`Environment variable key ${key} with a prefix of AWSAPPRUNNER is not allowed`);
-        }
-        this.variables.push({ name: key, value: value });
-      }
+    if (this.variables.length > 0) {
       return this.variables;
     } else {
       return undefined;
     }
   }
 
   private renderEnvironmentSecrets(): EnvironmentSecret[] | undefined {
-    if (Object.keys(this.environmentSecrets).length > 0 && this.instanceRole) {
-      for (const [key, value] of Object.entries(this.environmentSecrets)) {
-        if (key.startsWith('AWSAPPRUNNER')) {
-          throw new Error(`Environment secret key ${key} with a prefix of AWSAPPRUNNER is not allowed`);
-        }
-
-        value.grantRead(this.instanceRole);
-        this.secrets.push({ name: key, value: value.arn });
-      }
+    if (this.secrets.length > 0 && this.instanceRole) {
       return this.secrets;
     } else {
       return undefined;
@@ -1171,8 +1159,8 @@ export class Service extends cdk.Resource {
       imageConfiguration: {
         port: repo.imageConfiguration?.port?.toString(),
         startCommand: repo.imageConfiguration?.startCommand,
-        runtimeEnvironmentVariables: this.renderEnvironmentVariables(),
-        runtimeEnvironmentSecrets: this.renderEnvironmentSecrets(),
+        runtimeEnvironmentVariables: Lazy.any({ produce: () => this.renderEnvironmentVariables() }),
+        runtimeEnvironmentSecrets: Lazy.any({ produce: () => this.renderEnvironmentSecrets() }),
       },
     });
   }

diff --git a/...-vars.js.snapshot/AppRunnerLaterSecretsEnvVarsDefaultTestDeployAssert07867A67.assets.json b/...-vars.js.snapshot/AppRunnerLaterSecretsEnvVarsDefaultTestDeployAssert07867A67.assets.json
@@ -0,0 +1,19 @@
+{
+  "version": "30.1.0",
+  "files": {
+    "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": {
+      "source": {
+        "path": "AppRunnerLaterSecretsEnvVarsDefaultTestDeployAssert07867A67.template.json",
+        "packaging": "file"
+      },
+      "destinations": {
+        "current_account-current_region": {
+          "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}",
+          "objectKey": "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json",
+          "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}"
+        }
+      }
+    }
+  },
+  "dockerImages": {}
+}