Skip to content

Commit

Permalink
Merge branch 'master' into upparekh/support-for-enable-exec-command
Browse files Browse the repository at this point in the history
  • Loading branch information
SoManyHs authored Jun 3, 2021
2 parents 50f3692 + af6d49f commit 880a2a1
Show file tree
Hide file tree
Showing 35 changed files with 825 additions and 45 deletions.
4 changes: 2 additions & 2 deletions .github/workflows/issue-label-assign.yml
Original file line number Diff line number Diff line change
Expand Up @@ -201,8 +201,8 @@ jobs:
{"keywords":["(@aws-cdk/aws-sqs)","(aws-sqs)","(sqs)"],"labels":["@aws-cdk/aws-sqs"],"assignees":["njlynch"]},
{"keywords":["(@aws-cdk/aws-ssm)","(aws-ssm)","(ssm)"],"labels":["@aws-cdk/aws-ssm"],"assignees":["njlynch"]},
{"keywords":["(@aws-cdk/aws-sso)","(aws-sso)","(sso)"],"labels":["@aws-cdk/aws-sso"],"assignees":["skinny85"]},
{"keywords":["(@aws-cdk/aws-stepfunctions)","(aws-stepfunctions)","(stepfunctions)","(step functions)","(step-functions)"],"labels":["@aws-cdk/aws-stepfunctions"],"assignees":["shivlaks"]},
{"keywords":["(@aws-cdk/aws-stepfunctions-tasks)","(aws-stepfunctions-tasks)","(stepfunctions-tasks)","(stepfunctions tasks)"],"labels":["@aws-cdk/aws-stepfunctions-tasks"],"assignees":["shivlaks"]},
{"keywords":["(@aws-cdk/aws-stepfunctions)","(aws-stepfunctions)","(stepfunctions)","(step functions)","(step-functions)"],"labels":["@aws-cdk/aws-stepfunctions"],"assignees":["BenChaimberg"]},
{"keywords":["(@aws-cdk/aws-stepfunctions-tasks)","(aws-stepfunctions-tasks)","(stepfunctions-tasks)","(stepfunctions tasks)"],"labels":["@aws-cdk/aws-stepfunctions-tasks"],"assignees":["BenChaimberg"]},
{"keywords":["(@aws-cdk/aws-synthetics)","(aws-synthetics)","(synthetics)"],"labels":["@aws-cdk/aws-synthetics"],"assignees":["BenChaimberg"]},
{"keywords":["(@aws-cdk/aws-timestream)","(aws-timestream)","(timestream)"],"labels":["@aws-cdk/aws-timestream"],"assignees":["skinny85"]},
{"keywords":["(@aws-cdk/aws-transfer)","(aws-transfer)","(transfer)"],"labels":["@aws-cdk/aws-transfer"],"assignees":["otaviomacedo"]},
Expand Down
2 changes: 2 additions & 0 deletions packages/@aws-cdk/aws-apigatewayv2/lib/http/api.ts
Original file line number Diff line number Diff line change
Expand Up @@ -422,6 +422,8 @@ export class HttpApi extends HttpApiBase {
httpApi: this,
routeKey: HttpRouteKey.DEFAULT,
integration: props.defaultIntegration,
authorizer: props.defaultAuthorizer,
authorizationScopes: props.defaultAuthorizationScopes,
});
}

Expand Down
18 changes: 18 additions & 0 deletions packages/@aws-cdk/aws-apigatewayv2/test/http/api.test.ts
Original file line number Diff line number Diff line change
Expand Up @@ -400,6 +400,24 @@ describe('HttpApi', () => {
});
});

test('can add default authorizer when using default integration', () => {
const stack = new Stack();

const authorizer = new DummyAuthorizer();

new HttpApi(stack, 'api', {
defaultIntegration: new DummyRouteIntegration(),
defaultAuthorizer: authorizer,
defaultAuthorizationScopes: ['read:pets'],
});

expect(stack).toHaveResource('AWS::ApiGatewayV2::Route', {
AuthorizerId: 'auth-1234',
AuthorizationType: 'JWT',
AuthorizationScopes: ['read:pets'],
});
});

test('can add default authorizer, but remove it for a route', () => {
const stack = new Stack();
const authorizer = new DummyAuthorizer();
Expand Down
5 changes: 5 additions & 0 deletions packages/@aws-cdk/aws-ec2/lib/instance-types.ts
Original file line number Diff line number Diff line change
Expand Up @@ -527,6 +527,11 @@ export enum InstanceSize {
*/
XLARGE2 = '2xlarge',

/**
* Instance size XLARGE3 (3xlarge)
*/
XLARGE3 = '3xlarge',

/**
* Instance size XLARGE4 (4xlarge)
*/
Expand Down
33 changes: 23 additions & 10 deletions packages/@aws-cdk/aws-ec2/test/instance.test.ts
Original file line number Diff line number Diff line change
Expand Up @@ -21,17 +21,30 @@ beforeEach(() => {

nodeunitShim({
'instance is created correctly'(test: Test) {
// WHEN
new Instance(stack, 'Instance', {
vpc,
machineImage: new AmazonLinuxImage(),
instanceType: InstanceType.of(InstanceClass.BURSTABLE4_GRAVITON, InstanceSize.LARGE),
});
// GIVEN
const sampleInstances = [{
instanceClass: InstanceClass.BURSTABLE4_GRAVITON,
instanceSize: InstanceSize.LARGE,
instanceType: 't4g.large',
}, {
instanceClass: InstanceClass.HIGH_COMPUTE_MEMORY1,
instanceSize: InstanceSize.XLARGE3,
instanceType: 'z1d.3xlarge',
}];

// THEN
cdkExpect(stack).to(haveResource('AWS::EC2::Instance', {
InstanceType: 't4g.large',
}));
for (const [i, sampleInstance] of sampleInstances.entries()) {
// WHEN
new Instance(stack, `Instance${i}`, {
vpc,
machineImage: new AmazonLinuxImage(),
instanceType: InstanceType.of(sampleInstance.instanceClass, sampleInstance.instanceSize),
});

// THEN
cdkExpect(stack).to(haveResource('AWS::EC2::Instance', {
InstanceType: sampleInstance.instanceType,
}));
}

test.done();
},
Expand Down
10 changes: 9 additions & 1 deletion packages/@aws-cdk/aws-iam/lib/policy-statement.ts
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ export class PolicyStatement {
* @param obj the PolicyStatement in object form.
*/
public static fromJson(obj: any) {
return new PolicyStatement({
const ret = new PolicyStatement({
sid: obj.Sid,
actions: ensureArrayOrUndefined(obj.Action),
resources: ensureArrayOrUndefined(obj.Resource),
Expand All @@ -41,6 +41,14 @@ export class PolicyStatement {
principals: obj.Principal ? [new JsonPrincipal(obj.Principal)] : undefined,
notPrincipals: obj.NotPrincipal ? [new JsonPrincipal(obj.NotPrincipal)] : undefined,
});

// validate that the PolicyStatement has the correct shape
const errors = ret.validateForAnyPolicy();
if (errors.length > 0) {
throw new Error('Incorrect Policy Statement: ' + errors.join('\n'));
}

return ret;
}

/**
Expand Down
51 changes: 50 additions & 1 deletion packages/@aws-cdk/aws-kms/lib/key.ts
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
import * as iam from '@aws-cdk/aws-iam';
import { FeatureFlags, IResource, RemovalPolicy, Resource, Stack, Duration } from '@aws-cdk/core';
import { FeatureFlags, IResource, Lazy, RemovalPolicy, Resource, Stack, Duration } from '@aws-cdk/core';
import * as cxapi from '@aws-cdk/cx-api';
import { IConstruct, Construct } from 'constructs';
import { Alias } from './alias';
Expand Down Expand Up @@ -485,6 +485,55 @@ export class Key extends KeyBase {
return new Import(keyResourceName);
}

/**
* Create a mutable {@link IKey} based on a low-level {@link CfnKey}.
* This is most useful when combined with the cloudformation-include module.
* This method is different than {@link fromKeyArn()} because the {@link IKey}
* returned from this method is mutable;
* meaning, calling any mutating methods on it,
* like {@link IKey.addToResourcePolicy()},
* will actually be reflected in the resulting template,
* as opposed to the object returned from {@link fromKeyArn()},
* on which calling those methods would have no effect.
*/
public static fromCfnKey(cfnKey: CfnKey): IKey {
// use a "weird" id that has a higher chance of being unique
const id = '@FromCfnKey';

// if fromCfnKey() was already called on this cfnKey,
// return the same L2
// (as different L2s would conflict, because of the mutation of the keyPolicy property of the L1 below)
const existing = cfnKey.node.tryFindChild(id);
if (existing) {
return <IKey>existing;
}

let keyPolicy: iam.PolicyDocument;
try {
keyPolicy = iam.PolicyDocument.fromJson(cfnKey.keyPolicy);
} catch (e) {
// If the KeyPolicy contains any CloudFormation functions,
// PolicyDocument.fromJson() throws an exception.
// In that case, because we would have to effectively make the returned IKey immutable,
// throw an exception suggesting to use the other importing methods instead.
// We might make this parsing logic smarter later,
// but let's start by erroring out.
throw new Error('Could not parse the PolicyDocument of the passed AWS::KMS::Key resource because it contains CloudFormation functions. ' +
'This makes it impossible to create a mutable IKey from that Policy. ' +
'You have to use fromKeyArn instead, passing it the ARN attribute property of the low-level CfnKey');
}

// change the key policy of the L1, so that all changes done in the L2 are reflected in the resulting template
cfnKey.keyPolicy = Lazy.any({ produce: () => keyPolicy.toJSON() });

return new class extends KeyBase {
public readonly keyArn = cfnKey.attrArn;
public readonly keyId = cfnKey.ref;
protected readonly policy = keyPolicy;
protected readonly trustAccountIdentities = false;
}(cfnKey, id);
}

public readonly keyArn: string;
public readonly keyId: string;
protected readonly policy?: iam.PolicyDocument;
Expand Down
Loading

0 comments on commit 880a2a1

Please sign in to comment.