Merge branch 'master' into nija-at/eslint-vscode

.dependabot/config.yml

@@ -14,9 +14,6 @@ update_configs:
           dependency_name: "@jsii/*"
       - match:
           dependency_name: "codemaker"
-      - match:
-          dependency_name: "semver"
       - match:
           dependency_name: "@types/node"
           version_requirement: ">=11.0.0-0"
-

.github/PULL_REQUEST_TEMPLATE.md

@@ -1,5 +1,5 @@
 ### Commit Message
-COMMIT TITLE HERE (copy from PR title, keep in sync)
+COMMIT/PR TITLE HERE (must follow conventionalcommits.org)
 
 COMMIT MESSAGE HERE
 ### End Commit Message

CHANGELOG.md

@@ -2,6 +2,30 @@
 
 All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
 
+## [1.36.0](https://github.com/aws/aws-cdk/compare/v1.35.0...v1.36.0) (2020-04-28)
+
+
+### ⚠ BREAKING CHANGES
+
+* **stepfunctions-tasks:** `payload` in RunLambdaTask is now of type `TaskInput` and has a default of the state input instead of the empty object.
+You can migrate your current assignment to payload by supplying it to the `TaskInput.fromObject()` API
+
+### Features
+
+* **apigateway:** gateway responses ([#7441](https://github.com/aws/aws-cdk/issues/7441)) ([b0a65c1](https://github.com/aws/aws-cdk/commit/b0a65c1b7bb4532722adf20a10f653fff88d152a)), closes [#7071](https://github.com/aws/aws-cdk/issues/7071)
+* **aws-ecs:** add support for IPC and PID Mode for EC2 Task Definitions ([1ee629e](https://github.com/aws/aws-cdk/commit/1ee629e418fccec30b8a94e43682ed2c47ddd8da)), closes [#7186](https://github.com/aws/aws-cdk/issues/7186)
+
+
+### Bug Fixes
+
+* **apigateway:** authorizer is not attached to RestApi across projects ([#7596](https://github.com/aws/aws-cdk/issues/7596)) ([1423c53](https://github.com/aws/aws-cdk/commit/1423c53fec4172ba21946ca6d33f63fc7a9d8337)), closes [#7377](https://github.com/aws/aws-cdk/issues/7377)
+* **cli:** can't bootstrap environment not in app ([9566cca](https://github.com/aws/aws-cdk/commit/9566cca8c77b99922e8214567b87fa5680fe06ef))
+* **cli:** context keys specified in `cdk.json` get moved to `cdk.context.json` ([022eb66](https://github.com/aws/aws-cdk/commit/022eb66b85abba46c1a4d980259f440c31036d57)), closes [#7399](https://github.com/aws/aws-cdk/issues/7399)
+* **dynamodb:** grant() is not available on ITable ([#7618](https://github.com/aws/aws-cdk/issues/7618)) ([3b0a397](https://github.com/aws/aws-cdk/commit/3b0a3977e153e5a6a17967dfab360926712bff9e)), closes [#7473](https://github.com/aws/aws-cdk/issues/7473)
+* **dynamodb:** grantXxx() does not grant in replication regions ([98429e0](https://github.com/aws/aws-cdk/commit/98429e019e347459c74cccf3bb99994e58341377)), closes [#7362](https://github.com/aws/aws-cdk/issues/7362)
+* **eks:** version update completes prematurely ([#7526](https://github.com/aws/aws-cdk/issues/7526)) ([307c8b0](https://github.com/aws/aws-cdk/commit/307c8b021d5c00c1d675f4ce3cba8004a6a4a0a8)), closes [#7457](https://github.com/aws/aws-cdk/issues/7457)
+* **stepfunctions-tasks:** cannot specify part of execution data or task context as input to the `RunLambda` service integration ([#7428](https://github.com/aws/aws-cdk/issues/7428)) ([a1d9884](https://github.com/aws/aws-cdk/commit/a1d98845a209e7ed650d8adaaa1a724a3109b6a2)), closes [#7371](https://github.com/aws/aws-cdk/issues/7371)
+
 ## [1.35.0](https://github.com/aws/aws-cdk/compare/v1.34.1...v1.35.0) (2020-04-23)
 
 
@@ -15,6 +39,7 @@ All notable changes to this project will be documented in this file. See [standa
 
 ### Features
 
+* **backup:** Vault, Plan and Selection ([#7074](https://github.com/aws/aws-cdk/issues/7074)) ([c8aa92d](https://github.com/aws/aws-cdk/commit/c8aa92d1a0b87afc380fecaf91fc1048a74f670f))
 * **cfnspec:** cloudformation spec v13.0.0 ([#7504](https://github.com/aws/aws-cdk/issues/7504)) ([6903869](https://github.com/aws/aws-cdk/commit/6903869def944f8100c8eef51dd7145c181984e2))
 * **cloudtrail:** Lambda Function data events ([4a70138](https://github.com/aws/aws-cdk/commit/4a70138faf2e863be37a66bec23ed29a784b486a))
 * **cognito:** user pool domain ([#7224](https://github.com/aws/aws-cdk/issues/7224)) ([feadd6c](https://github.com/aws/aws-cdk/commit/feadd6cb643b415ae002191ba2cb4622221a5af6)), closes [#6787](https://github.com/aws/aws-cdk/issues/6787)
@@ -25,8 +50,6 @@ All notable changes to this project will be documented in this file. See [standa
 
 * **assets:** infrequent "ValidationError: S3 error: Access Denied" ([#7556](https://github.com/aws/aws-cdk/issues/7556)) ([00c9deb](https://github.com/aws/aws-cdk/commit/00c9deb975fe794eef9003cd26a6453abc514928)), closes [#6430](https://github.com/aws/aws-cdk/issues/6430) [#7553](https://github.com/aws/aws-cdk/issues/7553)
 * **route53:** cannot add tags to `HostedZone` ([#7531](https://github.com/aws/aws-cdk/issues/7531)) ([2729804](https://github.com/aws/aws-cdk/commit/272980492dc6b98d71ce9c3b23cab38f656dc632)), closes [#7445](https://github.com/aws/aws-cdk/issues/7445)
-
-
 * **efs:** drop Efs prefix from all exported types ([#7481](https://github.com/aws/aws-cdk/issues/7481)) ([ddd47cd](https://github.com/aws/aws-cdk/commit/ddd47cd7e0735424d2e47891c32e4b7813035067))
 
 ## [1.34.1](https://github.com/aws/aws-cdk/compare/v1.34.0...v1.34.1) (2020-04-22)

lerna.json

@@ -10,5 +10,5 @@
     "tools/*"
   ],
   "rejectCycles": "true",
-  "version": "1.35.0"
+  "version": "1.36.0"
 }

packages/@aws-cdk/app-delivery/package.json

@@ -57,7 +57,7 @@
     "@types/nodeunit": "^0.0.30",
     "cdk-build-tools": "0.0.0",
     "cdk-integ-tools": "0.0.0",
-    "fast-check": "^1.24.1",
+    "fast-check": "^1.24.2",
     "nodeunit": "^0.11.3",
     "pkglint": "0.0.0"
   },

packages/@aws-cdk/aws-apigateway/README.md

@@ -33,6 +33,7 @@ running on AWS Lambda, or any web application.
 - [Access Logging](#access-logging)
 - [Cross Origin Resource Sharing (CORS)](cross-origin-resource-sharing-cors)
 - [Endpoint Configuration](#endpoint-configuration)
+- [Gateway Response](#gateway-response)
 - [APIGateway v2](#apigateway-v2)
 
 ## Defining APIs
@@ -867,6 +868,32 @@ By performing this association, we can invoke the API gateway using the followin
 https://{rest-api-id}-{vpce-id}.execute-api.{region}.amazonaws.com/{stage}
 ```
 
+## Gateway response
+
+If the Rest API fails to process an incoming request, it returns to the client an error response without forwarding the
+request to the integration backend. API Gateway has a set of standard response messages that are sent to the client for
+each type of error. These error responses can be configured on the Rest API. The list of Gateway responses that can be
+configured can be found [here](https://docs.aws.amazon.com/apigateway/latest/developerguide/supported-gateway-response-types.html).
+Learn more about [Gateway
+Responses](https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-gatewayResponse-definition.html).
+
+The following code configures a Gateway Response when the response is 'access denied':
+
+```ts
+const api = new apigateway.RestApi(this, 'books-api');
+api.addGatewayResponse('test-response', {
+  type: ResponseType.ACCESS_DENIED,
+  statusCode: '500',
+  responseHeaders: {
+    'Access-Control-Allow-Origin': "test.com",
+    'test-key': 'test-value'
+  },
+  templates: {
+    'application/json': '{ "message": $context.error.messageString, "statusCode": "488", "type": "$context.error.responseType" }'
+  }
+});
+```
+
 ## APIGateway v2
 
 APIGateway v2 APIs are now moved to its own package named `aws-apigatewayv2`. For backwards compatibility, existing

packages/@aws-cdk/aws-apigateway/lib/gateway-response.ts

@@ -0,0 +1,210 @@
+import { Construct, IResource, Resource } from '@aws-cdk/core';
+import { CfnGatewayResponse } from './apigateway.generated';
+import { IRestApi } from './restapi';
+
+/**
+ * Represents gateway response resource.
+ */
+export interface IGatewayResponse extends IResource {
+}
+
+/**
+ * Properties for a new gateway response.
+ */
+export interface GatewayResponseProps extends GatewayResponseOptions {
+  /**
+   * Rest api resource to target.
+   */
+  readonly restApi: IRestApi;
+}
+
+/**
+ * Options to add gateway response.
+ */
+export interface GatewayResponseOptions {
+  /**
+   * Response type to associate with gateway response.
+   * @see https://docs.aws.amazon.com/apigateway/latest/developerguide/supported-gateway-response-types.html
+   */
+  readonly type: ResponseType;
+
+  /**
+   * Http status code for response.
+   * @default - standard http status code for the response type.
+   */
+  readonly statusCode?: string;
+
+  /**
+   * Custom headers parameters for response.
+   * @default - no headers
+   */
+  readonly responseHeaders?: { [key: string]: string };
+
+  /**
+   * Custom templates to get mapped as response.
+   * @default - Response from api will be returned without applying any transformation.
+   */
+  readonly templates?: { [key: string]: string };
+
+}
+
+/**
+ * Configure the response received by clients, produced from the API Gateway backend.
+ *
+ * @resource AWS::ApiGateway::GatewayResponse
+ */
+export class GatewayResponse extends Resource implements IGatewayResponse {
+  constructor(scope: Construct, id: string, props: GatewayResponseProps) {
+    super(scope, id);
+
+    const resource = new CfnGatewayResponse(this, 'Resource', {
+      restApiId: props.restApi.restApiId,
+      responseType: props.type.responseType,
+      responseParameters: this.buildResponseParameters(props.responseHeaders),
+      responseTemplates: props.templates,
+      statusCode: props.statusCode,
+    });
+
+    this.node.defaultChild = resource;
+  }
+
+  private buildResponseParameters(responseHeaders?: { [key: string]: string }): { [key: string]: string } | undefined {
+    if (!responseHeaders) {
+      return undefined;
+    }
+
+    const responseParameters: { [key: string]: string } = {};
+    for (const [header, value] of Object.entries(responseHeaders)) {
+      responseParameters[`gatewayresponse.header.${header}`] = value;
+    }
+    return responseParameters;
+  }
+}
+
+/**
+ * Supported types of gateway responses.
+ * @see https://docs.aws.amazon.com/apigateway/latest/developerguide/supported-gateway-response-types.html
+ */
+export class ResponseType {
+  /**
+   * The gateway response for authorization failure.
+   */
+  public static readonly ACCESS_DENIED = new ResponseType('ACCESS_DENIED');
+
+  /**
+   * The gateway response for an invalid API configuration.
+   */
+  public static readonly API_CONFIGURATION_ERROR = new ResponseType('API_CONFIGURATION_ERROR');
+
+  /**
+   * The gateway response when a custom or Amazon Cognito authorizer failed to authenticate the caller.
+   */
+  public static readonly AUTHORIZER_FAILURE = new ResponseType('AUTHORIZER_FAILURE');
+
+  /**
+   * The gateway response for failing to connect to a custom or Amazon Cognito authorizer.
+   */
+  public static readonly AUTHORIZER_CONFIGURATION_ERROR = new ResponseType('AUTHORIZER_CONFIGURATION_ERROR');
+
+  /**
+   * The gateway response when the request parameter cannot be validated according to an enabled request validator.
+   */
+  public static readonly BAD_REQUEST_PARAMETERS = new ResponseType('BAD_REQUEST_PARAMETERS');
+
+  /**
+   * The gateway response when the request body cannot be validated according to an enabled request validator.
+   */
+  public static readonly BAD_REQUEST_BODY = new ResponseType('BAD_REQUEST_BODY');
+
+  /**
+   * The default gateway response for an unspecified response type with the status code of 4XX.
+   */
+  public static readonly DEFAULT_4XX = new ResponseType('DEFAULT_4XX');
+
+  /**
+   * The default gateway response for an unspecified response type with a status code of 5XX.
+   */
+  public static readonly DEFAULT_5XX = new ResponseType('DEFAULT_5XX');
+
+  /**
+   * The gateway response for an AWS authentication token expired error.
+   */
+  public static readonly EXPIRED_TOKEN = new ResponseType('EXPIRED_TOKEN');
+
+  /**
+   * The gateway response for an invalid AWS signature error.
+   */
+  public static readonly INVALID_SIGNATURE = new ResponseType('INVALID_SIGNATURE');
+
+  /**
+   * The gateway response for an integration failed error.
+   */
+  public static readonly INTEGRATION_FAILURE = new ResponseType('INTEGRATION_FAILURE');
+
+  /**
+   * The gateway response for an integration timed out error.
+   */
+  public static readonly INTEGRATION_TIMEOUT = new ResponseType('INTEGRATION_TIMEOUT');
+
+  /**
+   * The gateway response for an invalid API key submitted for a method requiring an API key.
+   */
+  public static readonly INVALID_API_KEY = new ResponseType('INVALID_API_KEY');
+
+  /**
+   * The gateway response for a missing authentication token error,
+   * including the cases when the client attempts to invoke an unsupported API method or resource.
+   */
+  public static readonly MISSING_AUTHENTICATION_TOKEN = new ResponseType('MISSING_AUTHENTICATION_TOKEN');
+
+  /**
+   * The gateway response for the usage plan quota exceeded error.
+   */
+  public static readonly QUOTA_EXCEEDED = new ResponseType('QUOTA_EXCEEDED');
+
+  /**
+   * The gateway response for the request too large error.
+   */
+  public static readonly REQUEST_TOO_LARGE = new ResponseType('REQUEST_TOO_LARGE');
+
+  /**
+   * The gateway response when API Gateway cannot find the specified resource
+   * after an API request passes authentication and authorization.
+   */
+  public static readonly RESOURCE_NOT_FOUND = new ResponseType('RESOURCE_NOT_FOUND');
+
+  /**
+   * The gateway response when usage plan, method, stage, or account level throttling limits exceeded.
+   */
+  public static readonly THROTTLED = new ResponseType('THROTTLED');
+
+  /**
+   * The gateway response when the custom or Amazon Cognito authorizer failed to authenticate the caller.
+   */
+  public static readonly UNAUTHORIZED = new ResponseType('UNAUTHORIZED');
+
+  /**
+   * The gateway response when a payload is of an unsupported media type, if strict passthrough behavior is enabled.
+   */
+  public static readonly UNSUPPORTED_MEDIA_TYPE = new ResponseType('UNSUPPORTED_MEDIA_TYPE');
+
+  /**
+   * The gateway response when a request is blocked by AWS WAF.
+   */
+  public static readonly WAF_FILTERED = new ResponseType('WAF_FILTERED');
+
+  /** A custom response type to suppport future cases. */
+  public static of(type: string): ResponseType {
+    return new ResponseType(type.toUpperCase());
+  }
+
+  /**
+   * Valid value of response type.
+   */
+  public readonly responseType: string;
+
+  private constructor(type: string) {
+    this.responseType = type;
+  }
+
+}

packages/@aws-cdk/aws-apigateway/lib/index.ts

@@ -20,6 +20,7 @@ export * from './base-path-mapping';
 export * from './cors';
 export * from './authorizers';
 export * from './access-log';
+export * from './gateway-response';
 
 // AWS::ApiGateway CloudFormation Resources:
 export * from './apigateway.generated';

packages/@aws-cdk/aws-apigateway/lib/restapi.ts

@@ -6,6 +6,7 @@ import { CfnAccount, CfnRestApi } from './apigateway.generated';
 import { CorsOptions } from './cors';
 import { Deployment } from './deployment';
 import { DomainName, DomainNameOptions } from './domain-name';
+import { GatewayResponse, GatewayResponseOptions } from './gateway-response';
 import { Integration } from './integration';
 import { Method, MethodOptions } from './method';
 import { Model, ModelOptions } from './model';
@@ -390,6 +391,16 @@ export class RestApi extends Resource implements IRestApi {
     this.methods.push(method);
   }
 
+  /**
+   * Adds a new gateway response.
+   */
+  public addGatewayResponse(id: string, options: GatewayResponseOptions): GatewayResponse {
+    return new GatewayResponse(this, id, {
+      restApi: this,
+      ...options,
+    });
+  }
+
   /**
    * Performs validation of the REST API.
    */

packages/@aws-cdk/aws-apigateway/package.json

@@ -106,6 +106,7 @@
     "exclude": [
       "from-method:@aws-cdk/aws-apigateway.Resource",
       "duration-prop-type:@aws-cdk/aws-apigateway.QuotaSettings.period",
+      "duration-prop-type:@aws-cdk/aws-apigateway.ResponseType.INTEGRATION_TIMEOUT",
       "from-method:@aws-cdk/aws-apigateway.ApiKey",
       "ref-via-interface:@aws-cdk/aws-apigateway.ApiKeyProps.resources",
       "props-physical-name:@aws-cdk/aws-apigateway.DeploymentProps",
@@ -116,6 +117,7 @@
       "props-physical-name-type:@aws-cdk/aws-apigateway.StageProps.stageName",
       "props-physical-name:@aws-cdk/aws-apigateway.BasePathMappingProps",
       "props-physical-name:@aws-cdk/aws-apigateway.LambdaRestApiProps",
+      "props-physical-name:@aws-cdk/aws-apigateway.GatewayResponseProps",
       "construct-interface-extends-iconstruct:@aws-cdk/aws-apigateway.IModel",
       "resource-interface-extends-resource:@aws-cdk/aws-apigateway.IModel",
       "docs-public-apis:@aws-cdk/aws-apigateway.JsonSchema.definitions",