Merge branch 'master' into relm/lambda-python-skip-build

.github/workflows/yarn-upgrade.yml

@@ -18,7 +18,7 @@ jobs:
         uses: actions/checkout@v2
 
       - name: Set up Node
-        uses: actions/setup-node@v2.5.1
+        uses: actions/setup-node@v3
         with:
           node-version: 12
 

CHANGELOG.md

@@ -2,6 +2,33 @@
 
 All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
 
+## [1.146.0](https://github.com/aws/aws-cdk/compare/v1.145.0...v1.146.0) (2022-02-24)
+
+
+### Features
+
+* **apigatewayv2:** Import existing WebSocketApi from attributes ([#18958](https://github.com/aws/aws-cdk/issues/18958)) ([f203845](https://github.com/aws/aws-cdk/commit/f203845d26ae8333f467f1cb91ad965697087d85))
+* **cli:** bundle dependencies ([#18667](https://github.com/aws/aws-cdk/issues/18667)) ([31d135f](https://github.com/aws/aws-cdk/commit/31d135fb51d3cd4e26fbdc132e03815a1416da75))
+* **cli:** support for matching notices with arbitrary module names ([#19088](https://github.com/aws/aws-cdk/issues/19088)) ([a87dee7](https://github.com/aws/aws-cdk/commit/a87dee756057e554909207237b70f80af185b110))
+* **cli:** support for notices ([#18936](https://github.com/aws/aws-cdk/issues/18936)) ([d37fbbb](https://github.com/aws/aws-cdk/commit/d37fbbbb31003d69da88b9340a6a9c9e1e927ac5))
+* **cloudfront-origins:** extend max keepaliveTimeout of HttpOrigin to 180 ([#18837](https://github.com/aws/aws-cdk/issues/18837)) ([171fdcd](https://github.com/aws/aws-cdk/commit/171fdcdf595fcff5b2567b17e6fa73bf0d42e1bc)), closes [#18697](https://github.com/aws/aws-cdk/issues/18697)
+* **eks:** Allow helm pull from OCI repositories ([#18547](https://github.com/aws/aws-cdk/issues/18547)) ([7e624d9](https://github.com/aws/aws-cdk/commit/7e624d994c94dbd584643c4cb6e9f8df53dabc18))
+* **lambda:** add a fromFunctionName() method ([#19076](https://github.com/aws/aws-cdk/issues/19076)) ([5b92cc3](https://github.com/aws/aws-cdk/commit/5b92cc3a31eea29b40814498fca614eb1c7c8724)), closes [#18255](https://github.com/aws/aws-cdk/issues/18255) [#19031](https://github.com/aws/aws-cdk/issues/19031)
+* **pipelines:** ECR source action  ([#16385](https://github.com/aws/aws-cdk/issues/16385)) ([fc11ae2](https://github.com/aws/aws-cdk/commit/fc11ae2c4ec3bd9dfe3ff813aa831c744d8ac444)), closes [#16378](https://github.com/aws/aws-cdk/issues/16378)
+* **pipelines:** step outputs ([#19024](https://github.com/aws/aws-cdk/issues/19024)) ([0dec2ee](https://github.com/aws/aws-cdk/commit/0dec2ee78a70832c3a697be26c67498460a587dd)), closes [#17189](https://github.com/aws/aws-cdk/issues/17189) [#18893](https://github.com/aws/aws-cdk/issues/18893) [#15943](https://github.com/aws/aws-cdk/issues/15943) [#16407](https://github.com/aws/aws-cdk/issues/16407)
+* **rds:** make VPC optional for serverless Clusters ([#17413](https://github.com/aws/aws-cdk/issues/17413)) ([4f7818d](https://github.com/aws/aws-cdk/commit/4f7818dd76bd48ed652407f4852cc97ba57d7395)), closes [#17401](https://github.com/aws/aws-cdk/issues/17401)
+* triggers ([#19011](https://github.com/aws/aws-cdk/issues/19011)) ([11d6c69](https://github.com/aws/aws-cdk/commit/11d6c69a8b1ee70cbea025d134be7702dd804444))
+
+
+### Bug Fixes
+
+* **cli:** hotswapping is slow for many resources deployed at once ([#19081](https://github.com/aws/aws-cdk/issues/19081)) ([040238e](https://github.com/aws/aws-cdk/commit/040238e9285945d1c48ef79474e527b871e7824c)), closes [#19021](https://github.com/aws/aws-cdk/issues/19021)
+* **s3-notifications:** notifications allowed with imported kms keys ([#18989](https://github.com/aws/aws-cdk/issues/18989)) ([7441418](https://github.com/aws/aws-cdk/commit/7441418fbf9ffdf8d85a573e3c81c45c5648fe8a))
+* API compatibility check fails in CI pipeline ([#19069](https://github.com/aws/aws-cdk/issues/19069)) ([6ec1005](https://github.com/aws/aws-cdk/commit/6ec1005c9cfa9723520885748d759b00be5cd2fa)), closes [#19070](https://github.com/aws/aws-cdk/issues/19070)
+* **cloudfront:** trim autogenerated cache policy name ([#18953](https://github.com/aws/aws-cdk/issues/18953)) ([c7394c9](https://github.com/aws/aws-cdk/commit/c7394c96c42cb6a5af1e309bee2a5f11eb3ad35c)), closes [#18918](https://github.com/aws/aws-cdk/issues/18918)
+* **elasticloadbalancingv2:** validate port/protocol are not provided for lambda targets ([#19043](https://github.com/aws/aws-cdk/issues/19043)) ([64d26cc](https://github.com/aws/aws-cdk/commit/64d26cc22b1fe456777c3367769ddbe860f26cf3)), closes [#12514](https://github.com/aws/aws-cdk/issues/12514)
+* **route53:** fix cross account delegation deployment dependency ([#19047](https://github.com/aws/aws-cdk/issues/19047)) ([692a0d0](https://github.com/aws/aws-cdk/commit/692a0d06f2865503d1d88b0ba8af38ecceaec871)), closes [#19041](https://github.com/aws/aws-cdk/issues/19041)
+
 ## [1.145.0](https://github.com/aws/aws-cdk/compare/v1.144.0...v1.145.0) (2022-02-18)
 
 

packages/@aws-cdk-containers/ecs-service-extensions/test/integ.assign-public-ip.expected.json

@@ -766,7 +766,8 @@
                 "dynamodb:BatchWriteItem",
                 "dynamodb:PutItem",
                 "dynamodb:UpdateItem",
-                "dynamodb:DeleteItem"
+                "dynamodb:DeleteItem",
+                "dynamodb:DescribeTable"
               ],
               "Effect": "Allow",
               "Resource": [

packages/@aws-cdk/aws-apigateway/lib/resource.ts

@@ -311,8 +311,8 @@ export abstract class ResourceBase extends ResourceConstruct implements IResourc
 
       const template = new Array<string>();
 
-      template.push('#set($origin = $input.params("Origin"))');
-      template.push('#if($origin == "") #set($origin = $input.params("origin")) #end');
+      template.push('#set($origin = $input.params().header.get("Origin"))');
+      template.push('#if($origin == "") #set($origin = $input.params().header.get("origin")) #end');
 
       const condition = origins.map(o => `$origin.matches("${o}")`).join(' || ');
 

packages/@aws-cdk/aws-apigateway/lib/usage-plan.ts

@@ -6,7 +6,7 @@ import { CfnUsagePlan, CfnUsagePlanKey } from './apigateway.generated';
 import { Method } from './method';
 import { IRestApi } from './restapi';
 import { Stage } from './stage';
-import { validateInteger } from './util';
+import { validateDouble, validateInteger } from './util';
 
 /**
  * Container for defining throttling parameters to API stages or methods.
@@ -316,7 +316,7 @@ export class UsagePlan extends UsagePlanBase {
       const burstLimit = props.burstLimit;
       validateInteger(burstLimit, 'Throttle burst limit');
       const rateLimit = props.rateLimit;
-      validateInteger(rateLimit, 'Throttle rate limit');
+      validateDouble(rateLimit, 'Throttle rate limit');
 
       ret = {
         burstLimit: burstLimit,

packages/@aws-cdk/aws-apigateway/lib/util.ts

@@ -78,6 +78,12 @@ export function validateInteger(property: number | undefined, messagePrefix: str
   }
 }
 
+export function validateDouble(property: number | undefined, messagePrefix: string) {
+  if (property && isNaN(property) && isNaN(parseFloat(property.toString()))) {
+    throw new Error(`${messagePrefix} should be an double`);
+  }
+}
+
 export class JsonSchemaMapper {
   /**
    * Transforms naming of some properties to prefix with a $, where needed

packages/@aws-cdk/aws-apigateway/test/cors.test.ts

@@ -290,7 +290,7 @@ describe('cors', () => {
               'method.response.header.Access-Control-Allow-Methods': "'OPTIONS,GET,PUT,POST,DELETE,PATCH,HEAD'",
             },
             ResponseTemplates: {
-              'application/json': '#set($origin = $input.params("Origin"))\n#if($origin == "") #set($origin = $input.params("origin")) #end\n#if($origin.matches("https://amazon.com") || $origin.matches("https://aws.amazon.com"))\n  #set($context.responseOverride.header.Access-Control-Allow-Origin = $origin)\n#end',
+              'application/json': '#set($origin = $input.params().header.get("Origin"))\n#if($origin == "") #set($origin = $input.params().header.get("origin")) #end\n#if($origin.matches("https://amazon.com") || $origin.matches("https://aws.amazon.com"))\n  #set($context.responseOverride.header.Access-Control-Allow-Origin = $origin)\n#end',
             },
             StatusCode: '204',
           },

packages/@aws-cdk/aws-apigateway/test/integ.cors.expected.json

@@ -51,7 +51,7 @@
         "corsapitest8682546E"
       ]
     },
-    "corsapitestDeployment2BF1633A228079ea05e5799220dd4ca13512b92d": {
+    "corsapitestDeployment2BF1633A51392cbce1ac2785bd0e53063423e203": {
       "Type": "AWS::ApiGateway::Deployment",
       "Properties": {
         "RestApiId": {
@@ -74,7 +74,7 @@
           "Ref": "corsapitest8682546E"
         },
         "DeploymentId": {
-          "Ref": "corsapitestDeployment2BF1633A228079ea05e5799220dd4ca13512b92d"
+          "Ref": "corsapitestDeployment2BF1633A51392cbce1ac2785bd0e53063423e203"
         },
         "StageName": "prod"
       },
@@ -472,7 +472,7 @@
                 "method.response.header.Access-Control-Allow-Methods": "'OPTIONS,GET,PUT,POST,DELETE,PATCH,HEAD'"
               },
               "ResponseTemplates": {
-                "application/json": "#set($origin = $input.params(\"Origin\"))\n#if($origin == \"\") #set($origin = $input.params(\"origin\")) #end\n#if($origin.matches(\"https://www.test-cors.org\"))\n  #set($context.responseOverride.header.Access-Control-Allow-Origin = $origin)\n#end"
+                "application/json": "#set($origin = $input.params().header.get(\"Origin\"))\n#if($origin == \"\") #set($origin = $input.params().header.get(\"origin\")) #end\n#if($origin.matches(\"https://www.test-cors.org\"))\n  #set($context.responseOverride.header.Access-Control-Allow-Origin = $origin)\n#end"
               },
               "StatusCode": "204"
             }

packages/@aws-cdk/aws-apigateway/test/usage-plan.test.ts

@@ -27,13 +27,13 @@ describe('usage plan', () => {
     });
   });
 
-  test('usage plan with throttling limits', () => {
+  test('usage plan with integer throttling limits', () => {
     // GIVEN
     const stack = new cdk.Stack();
     const api = new apigateway.RestApi(stack, 'my-api', { cloudWatchRole: false, deploy: true, deployOptions: { stageName: 'test' } });
     const method: apigateway.Method = api.root.addMethod('GET'); // Need at least one method on the api
     const usagePlanName = 'Basic';
-    const usagePlanDescription = 'Basic Usage Plan with throttling limits';
+    const usagePlanDescription = 'Basic Usage Plan with integer throttling limits';
 
     // WHEN
     new apigateway.UsagePlan(stack, 'my-usage-plan', {
@@ -78,6 +78,57 @@ describe('usage plan', () => {
     });
   });
 
+  test('usage plan with integer and float throttling limits', () => {
+    // GIVEN
+    const stack = new cdk.Stack();
+    const api = new apigateway.RestApi(stack, 'my-api', { cloudWatchRole: false, deploy: true, deployOptions: { stageName: 'test' } });
+    const method: apigateway.Method = api.root.addMethod('GET'); // Need at least one method on the api
+    const usagePlanName = 'Basic';
+    const usagePlanDescription = 'Basic Usage Plan with integer and float throttling limits';
+
+    // WHEN
+    new apigateway.UsagePlan(stack, 'my-usage-plan', {
+      name: usagePlanName,
+      description: usagePlanDescription,
+      apiStages: [
+        {
+          stage: api.deploymentStage,
+          throttle: [
+            {
+              method,
+              throttle: {
+                burstLimit: 20,
+                rateLimit: 10.5,
+              },
+            },
+          ],
+        },
+      ],
+    });
+
+    // THEN
+    Template.fromStack(stack).hasResourceProperties(RESOURCE_TYPE, {
+      UsagePlanName: usagePlanName,
+      Description: usagePlanDescription,
+      ApiStages: [
+        {
+          ApiId: {
+            Ref: 'myapi4C7BF186',
+          },
+          Stage: {
+            Ref: 'myapiDeploymentStagetest4A4AB65E',
+          },
+          Throttle: {
+            '//GET': {
+              BurstLimit: 20,
+              RateLimit: 10.5,
+            },
+          },
+        },
+      ],
+    });
+  });
+
   test('usage plan with blocked methods', () => {
     // GIVEN
     const stack = new cdk.Stack();

packages/@aws-cdk/aws-appsync/test/integ.api-import.expected.json

@@ -85,7 +85,8 @@
                   "dynamodb:BatchWriteItem",
                   "dynamodb:PutItem",
                   "dynamodb:UpdateItem",
-                  "dynamodb:DeleteItem"
+                  "dynamodb:DeleteItem",
+                  "dynamodb:DescribeTable"
                 ],
                 "Effect": "Allow",
                 "Resource": [

packages/@aws-cdk/aws-appsync/test/integ.auth-apikey.expected.json

@@ -68,7 +68,8 @@
                 "dynamodb:BatchWriteItem",
                 "dynamodb:PutItem",
                 "dynamodb:UpdateItem",
-                "dynamodb:DeleteItem"
+                "dynamodb:DeleteItem",
+                "dynamodb:DescribeTable"
               ],
               "Effect": "Allow",
               "Resource": [

packages/@aws-cdk/aws-appsync/test/integ.graphql-iam.expected.json

@@ -99,7 +99,8 @@
                 "dynamodb:BatchWriteItem",
                 "dynamodb:PutItem",
                 "dynamodb:UpdateItem",
-                "dynamodb:DeleteItem"
+                "dynamodb:DeleteItem",
+                "dynamodb:DescribeTable"
               ],
               "Effect": "Allow",
               "Resource": [

packages/@aws-cdk/aws-appsync/test/integ.graphql-schema.expected.json

@@ -67,7 +67,8 @@
                 "dynamodb:BatchWriteItem",
                 "dynamodb:PutItem",
                 "dynamodb:UpdateItem",
-                "dynamodb:DeleteItem"
+                "dynamodb:DeleteItem",
+                "dynamodb:DescribeTable"
               ],
               "Effect": "Allow",
               "Resource": [

packages/@aws-cdk/aws-appsync/test/integ.graphql.expected.json

@@ -147,7 +147,8 @@
                 "dynamodb:BatchWriteItem",
                 "dynamodb:PutItem",
                 "dynamodb:UpdateItem",
-                "dynamodb:DeleteItem"
+                "dynamodb:DeleteItem",
+                "dynamodb:DescribeTable"
               ],
               "Effect": "Allow",
               "Resource": [
@@ -360,7 +361,8 @@
                 "dynamodb:BatchWriteItem",
                 "dynamodb:PutItem",
                 "dynamodb:UpdateItem",
-                "dynamodb:DeleteItem"
+                "dynamodb:DeleteItem",
+                "dynamodb:DescribeTable"
               ],
               "Effect": "Allow",
               "Resource": [
@@ -752,7 +754,8 @@
                 "dynamodb:BatchWriteItem",
                 "dynamodb:PutItem",
                 "dynamodb:UpdateItem",
-                "dynamodb:DeleteItem"
+                "dynamodb:DeleteItem",
+                "dynamodb:DescribeTable"
               ],
               "Effect": "Allow",
               "Resource": [

packages/@aws-cdk/aws-cloudformation/test/nested-stack.test.ts

@@ -4,7 +4,7 @@ import { Template } from '@aws-cdk/assertions';
 import * as s3_assets from '@aws-cdk/aws-s3-assets';
 import * as sns from '@aws-cdk/aws-sns';
 import { describeDeprecated } from '@aws-cdk/cdk-build-tools';
-import { App, CfnParameter, CfnResource, ContextProvider, LegacyStackSynthesizer, Names, Stack } from '@aws-cdk/core';
+import { App, CfnParameter, CfnResource, ContextProvider, LegacyStackSynthesizer, Names, Stack, Tags } from '@aws-cdk/core';
 import { NestedStack } from '../lib/nested-stack';
 
 // keep this import separate from other imports to reduce chance for merge conflicts with v2-main
@@ -1085,4 +1085,49 @@ describeDeprecated('NestedStack', () => {
     });
   });
 
+  test('nested stack should get the tags added in root stack', () =>{
+    const app = new App();
+    const parentStack = new Stack(app, 'parent-stack');
+    const nestedStack = new NestedStack(parentStack, 'MyNestedStack');
+
+    // add tags
+    Tags.of(nestedStack).add('tag-1', '22');
+    Tags.of(nestedStack).add('tag-2', '33');
+
+    new sns.Topic(nestedStack, 'MyTopic');
+
+    // THEN
+    Template.fromStack(parentStack).hasResourceProperties(
+      'AWS::CloudFormation::Stack',
+      {
+        Tags: [
+          {
+            Key: 'tag-1',
+            Value: '22',
+          },
+          {
+            Key: 'tag-2',
+            Value: '33',
+          },
+        ],
+      },
+    );
+
+    Template.fromStack(nestedStack).hasResourceProperties(
+      'AWS::SNS::Topic',
+      {
+        Tags: [
+          {
+            Key: 'tag-1',
+            Value: '22',
+          },
+          {
+            Key: 'tag-2',
+            Value: '33',
+          },
+        ],
+      },
+    );
+  });
+
 });

packages/@aws-cdk/aws-dynamodb/lib/perms.ts

@@ -29,3 +29,5 @@ export const READ_STREAM_DATA_ACTIONS = [
   'dynamodb:GetRecords',
   'dynamodb:GetShardIterator',
 ];
+
+export const DESCRIBE_TABLE = 'dynamodb:DescribeTable';

packages/@aws-cdk/aws-dynamodb/lib/table.ts

@@ -679,15 +679,16 @@ abstract class TableBase extends Resource implements ITable {
 
   /**
    * Permits an IAM principal all data read operations from this table:
-   * BatchGetItem, GetRecords, GetShardIterator, Query, GetItem, Scan.
+   * BatchGetItem, GetRecords, GetShardIterator, Query, GetItem, Scan, DescribeTable.
    *
    * Appropriate grants will also be added to the customer-managed KMS key
    * if one was configured.
    *
    * @param grantee The principal to grant access to
    */
   public grantReadData(grantee: iam.IGrantable): iam.Grant {
-    return this.combinedGrant(grantee, { keyActions: perms.KEY_READ_ACTIONS, tableActions: perms.READ_DATA_ACTIONS });
+    const tableActions = perms.READ_DATA_ACTIONS.concat(perms.DESCRIBE_TABLE);
+    return this.combinedGrant(grantee, { keyActions: perms.KEY_READ_ACTIONS, tableActions });
   }
 
   /**
@@ -724,29 +725,31 @@ abstract class TableBase extends Resource implements ITable {
 
   /**
    * Permits an IAM principal all data write operations to this table:
-   * BatchWriteItem, PutItem, UpdateItem, DeleteItem.
+   * BatchWriteItem, PutItem, UpdateItem, DeleteItem, DescribeTable.
    *
    * Appropriate grants will also be added to the customer-managed KMS key
    * if one was configured.
    *
    * @param grantee The principal to grant access to
    */
   public grantWriteData(grantee: iam.IGrantable): iam.Grant {
-    return this.combinedGrant(grantee, { keyActions: perms.KEY_WRITE_ACTIONS, tableActions: perms.WRITE_DATA_ACTIONS });
+    const tableActions = perms.WRITE_DATA_ACTIONS.concat(perms.DESCRIBE_TABLE);
+    const keyActions = perms.KEY_READ_ACTIONS.concat(perms.KEY_WRITE_ACTIONS);
+    return this.combinedGrant(grantee, { keyActions, tableActions });
   }
 
   /**
    * Permits an IAM principal to all data read/write operations to this table.
    * BatchGetItem, GetRecords, GetShardIterator, Query, GetItem, Scan,
-   * BatchWriteItem, PutItem, UpdateItem, DeleteItem
+   * BatchWriteItem, PutItem, UpdateItem, DeleteItem, DescribeTable
    *
    * Appropriate grants will also be added to the customer-managed KMS key
    * if one was configured.
    *
    * @param grantee The principal to grant access to
    */
   public grantReadWriteData(grantee: iam.IGrantable): iam.Grant {
-    const tableActions = perms.READ_DATA_ACTIONS.concat(perms.WRITE_DATA_ACTIONS);
+    const tableActions = perms.READ_DATA_ACTIONS.concat(perms.WRITE_DATA_ACTIONS).concat(perms.DESCRIBE_TABLE);
     const keyActions = perms.KEY_READ_ACTIONS.concat(perms.KEY_WRITE_ACTIONS);
     return this.combinedGrant(grantee, { keyActions, tableActions });
   }