Merge branch 'master' into dynamodb-aws-sdk-no-install

CHANGELOG.md

@@ -2,6 +2,33 @@
 
 All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
 
+## [1.35.0](https://github.com/aws/aws-cdk/compare/v1.34.1...v1.35.0) (2020-04-23)
+
+
+### ⚠ BREAKING CHANGES
+
+* **assets:** `cdk deploy` now needs `s3:ListBucket` instead of `s3:HeadObject`.
+* **efs:** Exported types no longer have the `Efs` prefix.
+* **efs:** `provisionedThroughputInMibps` property is renamed to `provisionedThroughputPerSecond` and has the type `Size`.
+* **efs:** The property `fileSystemID` is now renamed to `fileSystemId` in the now named `FileSystemAttributes` (previously, `EfsFileSystemAttributes`).
+* **efs:** `LifecyclePolicyProperty` is now renamed to `LifecyclePolicy`.
+
+### Features
+
+* **cfnspec:** cloudformation spec v13.0.0 ([#7504](https://github.com/aws/aws-cdk/issues/7504)) ([6903869](https://github.com/aws/aws-cdk/commit/6903869def944f8100c8eef51dd7145c181984e2))
+* **cloudtrail:** Lambda Function data events ([4a70138](https://github.com/aws/aws-cdk/commit/4a70138faf2e863be37a66bec23ed29a784b486a))
+* **cognito:** user pool domain ([#7224](https://github.com/aws/aws-cdk/issues/7224)) ([feadd6c](https://github.com/aws/aws-cdk/commit/feadd6cb643b415ae002191ba2cb4622221a5af6)), closes [#6787](https://github.com/aws/aws-cdk/issues/6787)
+* **stepfunctions:** retrieve all reachable states from a given state in a state machine definition ([#7324](https://github.com/aws/aws-cdk/issues/7324)) ([ac3b330](https://github.com/aws/aws-cdk/commit/ac3b330c71ef258afd145b86fd90a06db5d1c990)), closes [#7256](https://github.com/aws/aws-cdk/issues/7256)
+
+
+### Bug Fixes
+
+* **assets:** infrequent "ValidationError: S3 error: Access Denied" ([#7556](https://github.com/aws/aws-cdk/issues/7556)) ([00c9deb](https://github.com/aws/aws-cdk/commit/00c9deb975fe794eef9003cd26a6453abc514928)), closes [#6430](https://github.com/aws/aws-cdk/issues/6430) [#7553](https://github.com/aws/aws-cdk/issues/7553)
+* **route53:** cannot add tags to `HostedZone` ([#7531](https://github.com/aws/aws-cdk/issues/7531)) ([2729804](https://github.com/aws/aws-cdk/commit/272980492dc6b98d71ce9c3b23cab38f656dc632)), closes [#7445](https://github.com/aws/aws-cdk/issues/7445)
+
+
+* **efs:** drop Efs prefix from all exported types ([#7481](https://github.com/aws/aws-cdk/issues/7481)) ([ddd47cd](https://github.com/aws/aws-cdk/commit/ddd47cd7e0735424d2e47891c32e4b7813035067))
+
 ## [1.34.1](https://github.com/aws/aws-cdk/compare/v1.34.0...v1.34.1) (2020-04-22)
 
 

lerna.json

@@ -10,5 +10,5 @@
     "tools/*"
   ],
   "rejectCycles": "true",
-  "version": "1.34.1"
+  "version": "1.35.0"
 }

packages/@aws-cdk/aws-apigateway/lib/authorizer.ts

@@ -1,14 +1,29 @@
-import { Resource } from '@aws-cdk/core';
+import { Construct, Resource, ResourceProps } from '@aws-cdk/core';
 import { AuthorizationType } from './method';
 import { RestApi } from './restapi';
 
+const AUTHORIZER_SYMBOL = Symbol.for('@aws-cdk/aws-apigateway.Authorizer');
+
 /**
  * Base class for all custom authorizers
  */
 export abstract class Authorizer extends Resource implements IAuthorizer {
+  /**
+   * Return whether the given object is an Authorizer.
+   */
+  public static isAuthorizer(x: any): x is Authorizer {
+    return x !== null && typeof(x) === 'object' && AUTHORIZER_SYMBOL in x;
+  }
+
   public readonly abstract authorizerId: string;
   public readonly authorizationType?: AuthorizationType = AuthorizationType.CUSTOM;
 
+  public constructor(scope: Construct, id: string, props?: ResourceProps) {
+    super(scope, id, props);
+
+    Object.defineProperty(this, AUTHORIZER_SYMBOL, { value: true });
+  }
+
   /**
    * Called when the authorizer is used from a specific REST API.
    * @internal

packages/@aws-cdk/aws-apigateway/lib/method.ts

@@ -52,7 +52,7 @@ export interface MethodOptions {
    * for the integration response to be correctly mapped to a response to the client.
    * @see https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-method-settings-method-response.html
    */
-  readonly methodResponses?: MethodResponse[]
+  readonly methodResponses?: MethodResponse[];
 
   /**
    * The request parameters that API Gateway accepts. Specify request parameters
@@ -65,15 +65,45 @@ export interface MethodOptions {
   readonly requestParameters?: { [param: string]: boolean };
 
   /**
-   * The resources that are used for the response's content type. Specify request
-   * models as key-value pairs (string-to-string mapping), with a content type
-   * as the key and a Model resource name as the value
+   * The models which describe data structure of request payload. When
+   * combined with `requestValidator` or `requestValidatorOptions`, the service
+   * will validate the API request payload before it reaches the API's Integration (including proxies).
+   * Specify `requestModels` as key-value pairs, with a content type
+   * (e.g. `'application/json'`) as the key and an API Gateway Model as the value.
+   *
+   * @example
+   *
+   *     const userModel: apigateway.Model = api.addModel('UserModel', {
+   *         schema: {
+   *             type: apigateway.JsonSchemaType.OBJECT
+   *             properties: {
+   *                 userId: {
+   *                     type: apigateway.JsonSchema.STRING
+   *                 },
+   *                 name: {
+   *                     type: apigateway.JsonSchema.STRING
+   *                 }
+   *             },
+   *             required: ['userId']
+   *         }
+   *     });
+   *     api.root.addResource('user').addMethod('POST',
+   *         new apigateway.LambdaIntegration(userLambda), {
+   *             requestModels: {
+   *                 'application/json': userModel
+   *             }
+   *         }
+   *     );
+   *
+   * @see https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-method-settings-method-request.html#setup-method-request-model
    */
   readonly requestModels?: { [param: string]: IModel };
 
   /**
    * The ID of the associated request validator.
    * Only one of `requestValidator` or `requestValidatorOptions` must be specified.
+   * Works together with `requestModels` or `requestParameters` to validate
+   * the request before it reaches integration like Lambda Proxy Integration.
    * @default - No default validator
    */
   readonly requestValidator?: IRequestValidator;
@@ -84,11 +114,13 @@ export interface MethodOptions {
    * @see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-method.html#cfn-apigateway-method-authorizationscopes
    * @default - no authorization scopes
    */
-  readonly authorizationScopes?: string[]
+  readonly authorizationScopes?: string[];
 
   /**
    * Request validator options to create new validator
    * Only one of `requestValidator` or `requestValidatorOptions` must be specified.
+   * Works together with `requestModels` or `requestParameters` to validate
+   * the request before it reaches integration like Lambda Proxy Integration.
    * @default - No default validator
    */
   readonly requestValidatorOptions?: RequestValidatorOptions;
@@ -153,7 +185,7 @@ export class Method extends Resource {
         `which is different from what is required by the authorizer [${authorizer.authorizationType}]`);
     }
 
-    if (authorizer instanceof Authorizer) {
+    if (Authorizer.isAuthorizer(authorizer)) {
       authorizer._attachToApi(this.restApi);
     }
 

packages/@aws-cdk/aws-apigateway/test/test.authorizer.ts

@@ -0,0 +1,21 @@
+import { Stack } from '@aws-cdk/core';
+import { Test } from 'nodeunit';
+import { Authorizer, RestApi } from '../lib';
+
+export = {
+  'isAuthorizer correctly detects an instance of type Authorizer'(test: Test) {
+    class MyAuthorizer extends Authorizer {
+      public readonly authorizerId = 'test-authorizer-id';
+      public _attachToApi(_: RestApi): void {
+        // do nothing
+      }
+    }
+    const stack = new Stack();
+    const authorizer = new MyAuthorizer(stack, 'authorizer');
+
+    test.ok(Authorizer.isAuthorizer(authorizer), 'type Authorizer expected but is not');
+    test.ok(!Authorizer.isAuthorizer(stack), 'type Authorizer found, when not expected');
+
+    test.done();
+  },
+};

packages/@aws-cdk/aws-cloudfront/package.json

@@ -64,7 +64,7 @@
   "devDependencies": {
     "@aws-cdk/assert": "0.0.0",
     "@types/nodeunit": "^0.0.30",
-    "aws-sdk": "^2.661.0",
+    "aws-sdk": "^2.662.0",
     "cdk-build-tools": "0.0.0",
     "cdk-integ-tools": "0.0.0",
     "cfn2ts": "0.0.0",

packages/@aws-cdk/aws-cloudtrail/package.json

@@ -64,7 +64,7 @@
   "devDependencies": {
     "@aws-cdk/assert": "0.0.0",
     "@types/nodeunit": "^0.0.30",
-    "aws-sdk": "^2.661.0",
+    "aws-sdk": "^2.662.0",
     "cdk-build-tools": "0.0.0",
     "cdk-integ-tools": "0.0.0",
     "cfn2ts": "0.0.0",

packages/@aws-cdk/aws-codebuild/package.json

@@ -70,7 +70,7 @@
     "@aws-cdk/aws-sns": "0.0.0",
     "@aws-cdk/aws-sqs": "0.0.0",
     "@types/nodeunit": "^0.0.30",
-    "aws-sdk": "^2.661.0",
+    "aws-sdk": "^2.662.0",
     "cdk-build-tools": "0.0.0",
     "cdk-integ-tools": "0.0.0",
     "cfn2ts": "0.0.0",

packages/@aws-cdk/aws-codecommit/package.json

@@ -70,7 +70,7 @@
     "@aws-cdk/assert": "0.0.0",
     "@aws-cdk/aws-sns": "0.0.0",
     "@types/nodeunit": "^0.0.30",
-    "aws-sdk": "^2.661.0",
+    "aws-sdk": "^2.662.0",
     "cdk-build-tools": "0.0.0",
     "cdk-integ-tools": "0.0.0",
     "cfn2ts": "0.0.0",

packages/@aws-cdk/aws-dynamodb/package.json

@@ -64,7 +64,7 @@
   "devDependencies": {
     "@aws-cdk/assert": "0.0.0",
     "@types/jest": "^25.2.1",
-    "aws-sdk": "^2.661.0",
+    "aws-sdk": "^2.662.0",
     "aws-sdk-mock": "^5.1.0",
     "cdk-build-tools": "0.0.0",
     "cdk-integ-tools": "0.0.0",

packages/@aws-cdk/aws-eks/lib/cluster-resource-handler/cluster.ts

@@ -3,7 +3,7 @@
 import { IsCompleteResponse, OnEventResponse } from '@aws-cdk/custom-resources/lib/provider-framework/types';
 // eslint-disable-next-line import/no-extraneous-dependencies
 import * as aws from 'aws-sdk';
-import { EksClient, ResourceHandler } from './common';
+import { EksClient, ResourceEvent, ResourceHandler } from './common';
 
 const MAX_CLUSTER_NAME_LEN = 100;
 
@@ -19,7 +19,7 @@ export class ClusterResourceHandler extends ResourceHandler {
   private readonly newProps: aws.EKS.CreateClusterRequest;
   private readonly oldProps: Partial<aws.EKS.CreateClusterRequest>;
 
-  constructor(eks: EksClient, event: AWSLambda.CloudFormationCustomResourceEvent) {
+  constructor(eks: EksClient, event: ResourceEvent) {
     super(eks, event);
 
     this.newProps = parseProps(this.event.ResourceProperties);
@@ -127,15 +127,17 @@ export class ClusterResourceHandler extends ResourceHandler {
         throw new Error(`Cannot remove cluster version configuration. Current version is ${this.oldProps.version}`);
       }
 
-      await this.updateClusterVersion(this.newProps.version);
+      return await this.updateClusterVersion(this.newProps.version);
     }
 
     if (updates.updateLogging || updates.updateAccess) {
-      await this.eks.updateClusterConfig({
+      const updateResponse = await this.eks.updateClusterConfig({
         name: this.clusterName,
         logging: this.newProps.logging,
         resourcesVpcConfig: this.newProps.resourcesVpcConfig,
       });
+
+      return { EksUpdateId: updateResponse.update?.id };
     }
 
     // no updates
@@ -144,6 +146,12 @@ export class ClusterResourceHandler extends ResourceHandler {
 
   protected async isUpdateComplete() {
     console.log('isUpdateComplete');
+
+    // if this is an EKS update, we will monitor the update event itself
+    if (this.event.EksUpdateId) {
+      return this.isEksUpdateComplete(this.event.EksUpdateId);
+    }
+
     return this.isActive();
   }
 
@@ -158,7 +166,8 @@ export class ClusterResourceHandler extends ResourceHandler {
       return;
     }
 
-    await this.eks.updateClusterVersion({ name: this.clusterName, version: newVersion });
+    const updateResponse = await this.eks.updateClusterVersion({ name: this.clusterName, version: newVersion });
+    return { EksUpdateId: updateResponse.update?.id };
   }
 
   private async isActive(): Promise<IsCompleteResponse> {
@@ -187,6 +196,33 @@ export class ClusterResourceHandler extends ResourceHandler {
     }
   }
 
+  private async isEksUpdateComplete(eksUpdateId: string) {
+    this.log({ isEksUpdateComplete: eksUpdateId });
+
+    const describeUpdateResponse = await this.eks.describeUpdate({
+      name: this.clusterName,
+      updateId: eksUpdateId,
+    });
+
+    this.log({ describeUpdateResponse });
+
+    if (!describeUpdateResponse.update) {
+      throw new Error(`unable to describe update with id "${eksUpdateId}"`);
+    }
+
+    switch (describeUpdateResponse.update.status) {
+      case 'InProgress':
+        return { IsComplete: false };
+      case 'Successful':
+        return { IsComplete: true };
+      case 'Failed':
+      case 'Cancelled':
+        throw new Error(`cluster update id "${eksUpdateId}" failed with errors: ${JSON.stringify(describeUpdateResponse.update.errors)}`);
+      default:
+        throw new Error(`unknown status "${describeUpdateResponse.update.status}" for update id "${eksUpdateId}"`);
+    }
+  }
+
   private generateClusterName() {
     const suffix = this.requestId.replace(/-/g, ''); // 32 chars
     const prefix = this.logicalResourceId.substr(0, MAX_CLUSTER_NAME_LEN - suffix.length - 1);

packages/@aws-cdk/aws-eks/lib/cluster-resource-handler/common.ts

@@ -3,14 +3,25 @@ import { IsCompleteResponse, OnEventResponse } from '@aws-cdk/custom-resources/l
 // eslint-disable-next-line import/no-extraneous-dependencies
 import * as aws from 'aws-sdk';
 
+export interface EksUpdateId {
+  /**
+   * If this field is included in an event passed to "IsComplete", it means we
+   * initiated an EKS update that should be monitored using eks:DescribeUpdate
+   * instead of just looking at the cluster status.
+   */
+  EksUpdateId?: string
+}
+
+export type ResourceEvent = AWSLambda.CloudFormationCustomResourceEvent & EksUpdateId;
+
 export abstract class ResourceHandler {
   protected readonly requestId: string;
   protected readonly logicalResourceId: string;
   protected readonly requestType: 'Create' | 'Update' | 'Delete';
   protected readonly physicalResourceId?: string;
-  protected readonly event: AWSLambda.CloudFormationCustomResourceEvent;
+  protected readonly event: ResourceEvent;
 
-  constructor(protected readonly eks: EksClient, event: AWSLambda.CloudFormationCustomResourceEvent) {
+  constructor(protected readonly eks: EksClient, event: ResourceEvent) {
     this.requestType = event.RequestType;
     this.requestId = event.RequestId;
     this.logicalResourceId = event.LogicalResourceId;
@@ -55,7 +66,7 @@ export abstract class ResourceHandler {
 
   protected abstract async onCreate(): Promise<OnEventResponse>;
   protected abstract async onDelete(): Promise<OnEventResponse | void>;
-  protected abstract async onUpdate(): Promise<OnEventResponse | void>;
+  protected abstract async onUpdate(): Promise<(OnEventResponse & EksUpdateId) | void>;
   protected abstract async isCreateComplete(): Promise<IsCompleteResponse>;
   protected abstract async isDeleteComplete(): Promise<IsCompleteResponse>;
   protected abstract async isUpdateComplete(): Promise<IsCompleteResponse>;
@@ -68,6 +79,7 @@ export interface EksClient {
   describeCluster(request: aws.EKS.DescribeClusterRequest): Promise<aws.EKS.DescribeClusterResponse>;
   updateClusterConfig(request: aws.EKS.UpdateClusterConfigRequest): Promise<aws.EKS.UpdateClusterConfigResponse>;
   updateClusterVersion(request: aws.EKS.UpdateClusterVersionRequest): Promise<aws.EKS.UpdateClusterVersionResponse>;
+  describeUpdate(req: aws.EKS.DescribeUpdateRequest): Promise<aws.EKS.DescribeUpdateResponse>;
   createFargateProfile(request: aws.EKS.CreateFargateProfileRequest): Promise<aws.EKS.CreateFargateProfileResponse>;
   describeFargateProfile(request: aws.EKS.DescribeFargateProfileRequest): Promise<aws.EKS.DescribeFargateProfileResponse>;
   deleteFargateProfile(request: aws.EKS.DeleteFargateProfileRequest): Promise<aws.EKS.DeleteFargateProfileResponse>;

packages/@aws-cdk/aws-eks/lib/cluster-resource-handler/index.ts

@@ -16,6 +16,7 @@ const defaultEksClient: EksClient = {
   createCluster: req => getEksClient().createCluster(req).promise(),
   deleteCluster: req => getEksClient().deleteCluster(req).promise(),
   describeCluster: req => getEksClient().describeCluster(req).promise(),
+  describeUpdate: req => getEksClient().describeUpdate(req).promise(),
   updateClusterConfig: req => getEksClient().updateClusterConfig(req).promise(),
   updateClusterVersion: req => getEksClient().updateClusterVersion(req).promise(),
   createFargateProfile: req => getEksClient().createFargateProfile(req).promise(),

packages/@aws-cdk/aws-eks/lib/cluster-resource.ts

@@ -81,6 +81,7 @@ export class ClusterResource extends Construct {
       actions: [
         'eks:CreateCluster',
         'eks:DescribeCluster',
+        'eks:DescribeUpdate',
         'eks:DeleteCluster',
         'eks:UpdateClusterVersion',
         'eks:UpdateClusterConfig',

packages/@aws-cdk/aws-eks/lib/cluster.ts

@@ -1078,6 +1078,6 @@ export enum MachineImageType {
 
 const GPU_INSTANCETYPES = ['p2', 'p3', 'g4'];
 
-export function nodeTypeForInstanceType(instanceType: ec2.InstanceType) {
+function nodeTypeForInstanceType(instanceType: ec2.InstanceType) {
   return GPU_INSTANCETYPES.includes(instanceType.toString().substring(0, 2)) ? NodeType.GPU : NodeType.STANDARD;
 }

packages/@aws-cdk/aws-eks/package.json

@@ -64,7 +64,7 @@
   "devDependencies": {
     "@aws-cdk/assert": "0.0.0",
     "@types/nodeunit": "^0.0.30",
-    "aws-sdk": "^2.661.0",
+    "aws-sdk": "^2.662.0",
     "cdk-build-tools": "0.0.0",
     "cdk-integ-tools": "0.0.0",
     "cfn2ts": "0.0.0",