From 970ea94b388b027abb2c4f3369f0b72f999d5384 Mon Sep 17 00:00:00 2001 From: AWS CDK Team Date: Thu, 21 Jan 2021 11:58:42 +0000 Subject: [PATCH 1/9] chore(release): 1.86.0 --- CHANGELOG.md | 20 ++++++++++++++++++++ version.v1.json | 2 +- 2 files changed, 21 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 731ddcf6c5e4f..53464a6ced7a9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,26 @@ All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines. +## [1.86.0](https://github.com/aws/aws-cdk/compare/v1.85.0...v1.86.0) (2021-01-21) + + +### Features + +* **cfnspec:** cloudformation spec v24.0.0 ([#12615](https://github.com/aws/aws-cdk/issues/12615)) ([98ebe96](https://github.com/aws/aws-cdk/commit/98ebe964fcd1f528fc4796bf39dc574b222b0014)), closes [#12474](https://github.com/aws/aws-cdk/issues/12474) +* **cognito:** allow to set read and write attributes in Cognito UserPoolClient ([#7607](https://github.com/aws/aws-cdk/issues/7607)) ([552e1e9](https://github.com/aws/aws-cdk/commit/552e1e9d649528875680a8a1cb2aad8f0a0ebcea)), closes [#7407](https://github.com/aws/aws-cdk/issues/7407) +* **ec2:** Support for new EBS types ([#12074](https://github.com/aws/aws-cdk/issues/12074)) ([6a2ce55](https://github.com/aws/aws-cdk/commit/6a2ce55e7213bb8356f2f37dbd02f1a3d52883be)), closes [#12071](https://github.com/aws/aws-cdk/issues/12071) +* **elasticsearch:** UltraWarm nodes ([#12265](https://github.com/aws/aws-cdk/issues/12265)) ([3a9056d](https://github.com/aws/aws-cdk/commit/3a9056d87b0c739247013fc74678ab54fd3eb382)), closes [#6462](https://github.com/aws/aws-cdk/issues/6462) +* **s3:** Bucket keys ([#12376](https://github.com/aws/aws-cdk/issues/12376)) ([d126fcc](https://github.com/aws/aws-cdk/commit/d126fcca685346c0607babfbbf4d341f669a9e81)), closes [#11828](https://github.com/aws/aws-cdk/issues/11828) + + +### Bug Fixes + +* **apigateway:** cannot remove first api key from usage plan ([#12505](https://github.com/aws/aws-cdk/issues/12505)) ([96cbe32](https://github.com/aws/aws-cdk/commit/96cbe32d2399d82a2ad6c3bf6dc1fd65396882d4)), closes [#11876](https://github.com/aws/aws-cdk/issues/11876) +* **aws-ecs:** Invalid user data defined for windows autoscaling groups ([#12585](https://github.com/aws/aws-cdk/issues/12585)) ([638b995](https://github.com/aws/aws-cdk/commit/638b995cb72b0819a1965a7ccf451b6ed9034a1b)), closes [#12583](https://github.com/aws/aws-cdk/issues/12583) +* **ec2:** Vpc.fromVpcAttributes cannot be used with EKS ([#12569](https://github.com/aws/aws-cdk/issues/12569)) ([1cdc244](https://github.com/aws/aws-cdk/commit/1cdc244e940396c962147d4e3ada4a0722923321)), closes [#12040](https://github.com/aws/aws-cdk/issues/12040) [#12160](https://github.com/aws/aws-cdk/issues/12160) +* **iam:** Groups are erroneously accepted as the Principal of a policy ([#11479](https://github.com/aws/aws-cdk/issues/11479)) ([#12549](https://github.com/aws/aws-cdk/issues/12549)) ([c9b0859](https://github.com/aws/aws-cdk/commit/c9b085996319e8d4d7d2db19184fb2f2148889a3)) +* **synthetics:** default execution role breaks in non aws partitions ([#12096](https://github.com/aws/aws-cdk/issues/12096)) ([c01272c](https://github.com/aws/aws-cdk/commit/c01272c14be9b7ff635281952f3cfeed971a352e)), closes [#12094](https://github.com/aws/aws-cdk/issues/12094) + ## [1.85.0](https://github.com/aws/aws-cdk/compare/v1.84.0...v1.85.0) (2021-01-14) * **s3-deployment**: This version includes an important update, please upgrade to prevent deployment failure. This is in prepartion of Lambda deprecation of the request module in boto, more details are available in [AWS blog](https://aws.amazon.com/blogs/compute/upcoming-changes-to-the-python-sdk-in-aws-lambda/). Note, users of versions < `1.81.0` will not be impacted by this deprecation, but are still encouraged to upgrade to the latest version. diff --git a/version.v1.json b/version.v1.json index e9e06b8086b92..549ac5ace19cd 100644 --- a/version.v1.json +++ b/version.v1.json @@ -1,3 +1,3 @@ { - "version": "1.85.0" + "version": "1.86.0" } From 8fe32b466d673d20292ef052a7ce123184bc0c03 Mon Sep 17 00:00:00 2001 From: Alexey Novikov Date: Thu, 21 Jan 2021 19:50:13 +0100 Subject: [PATCH 2/9] docs(ecs): typo in docstring (#12621) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- packages/@aws-cdk/aws-ecs/lib/ec2/ec2-service.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/@aws-cdk/aws-ecs/lib/ec2/ec2-service.ts b/packages/@aws-cdk/aws-ecs/lib/ec2/ec2-service.ts index aa2dd8adbdc43..a119e445e6571 100644 --- a/packages/@aws-cdk/aws-ecs/lib/ec2/ec2-service.ts +++ b/packages/@aws-cdk/aws-ecs/lib/ec2/ec2-service.ts @@ -250,7 +250,7 @@ export class Ec2Service extends BaseService implements IEc2Service { } /** - * Adds one or more placement strategies to use for tasks in the service. For more information, see + * Adds one or more placement contstraints to use for tasks in the service. For more information, see * [Amazon ECS Task Placement Constraints](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-placement-constraints.html). */ public addPlacementConstraints(...constraints: PlacementConstraint[]) { From 01169c1d30e307e8a8d26475e9e93ab42f6bba46 Mon Sep 17 00:00:00 2001 From: Rico Huijbers Date: Thu, 21 Jan 2021 20:27:11 +0100 Subject: [PATCH 3/9] chore(integtests): make installing NPM7 safe against concurrent calls (#12642) Do this by memoizing the Promise of the async call; each call gets the same promise. This is fine because it is safe to await a Promise multiple times. Effectively the function will only get invoked once and each caller waits for the one copy to finish. We lose "debugging" output here, where it would write the progress bar of NPM to the output log of the first test to install NPM7. I did not think maintaining that was worth breaking the clear contract of the memoize implementation (0 arguments clearly implies that there is no argument-value based cache here). (Failure to install will still bubble up as an exception including the shell output) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- packages/aws-cdk/test/integ/helpers/cdk.ts | 27 ++++++++----------- .../aws-cdk/test/integ/helpers/memoize.ts | 14 ++++++++++ 2 files changed, 25 insertions(+), 16 deletions(-) create mode 100644 packages/aws-cdk/test/integ/helpers/memoize.ts diff --git a/packages/aws-cdk/test/integ/helpers/cdk.ts b/packages/aws-cdk/test/integ/helpers/cdk.ts index bff3357d5d12e..3758998a63206 100644 --- a/packages/aws-cdk/test/integ/helpers/cdk.ts +++ b/packages/aws-cdk/test/integ/helpers/cdk.ts @@ -3,6 +3,7 @@ import * as fs from 'fs'; import * as os from 'os'; import * as path from 'path'; import { outputFromStack, AwsClients } from './aws'; +import { memoize0 } from './memoize'; import { findYarnPackages } from './monorepo'; import { ResourcePool } from './resource-pool'; import { TestContext } from './test-helpers'; @@ -489,7 +490,7 @@ async function installNpmPackages(fixture: TestFixture, packages: Record { - if (NPM7_INSTALL_LOCATION === undefined) { - const installDir = path.join(os.tmpdir(), 'cdk-integ-npm7'); - await shell(['rm', '-rf', installDir], { output }); - await shell(['mkdir', '-p', installDir], { output }); +const installNpm7 = memoize0(async (): Promise => { + const installDir = path.join(os.tmpdir(), 'cdk-integ-npm7'); + await shell(['rm', '-rf', installDir]); + await shell(['mkdir', '-p', installDir]); - await shell(['npm', 'install', - '--prefix', installDir, - 'npm@7'], { output }); + await shell(['npm', 'install', + '--prefix', installDir, + 'npm@7']); - NPM7_INSTALL_LOCATION = path.join(installDir, 'node_modules', '.bin', 'npm'); - } - - return NPM7_INSTALL_LOCATION; -} - -let NPM7_INSTALL_LOCATION: string | undefined; + return path.join(installDir, 'node_modules', '.bin', 'npm'); +}); \ No newline at end of file diff --git a/packages/aws-cdk/test/integ/helpers/memoize.ts b/packages/aws-cdk/test/integ/helpers/memoize.ts new file mode 100644 index 0000000000000..da06371222c88 --- /dev/null +++ b/packages/aws-cdk/test/integ/helpers/memoize.ts @@ -0,0 +1,14 @@ +/** + * Return a memoized version of an function with 0 arguments. + * + * Async-safe. + */ +export function memoize0(fn: () => Promise): () => Promise { + let promise: Promise | undefined; + return () => { + if (!promise) { + promise = fn(); + } + return promise; + }; +} \ No newline at end of file From 138ff7d4547bc70de293f3d2ed1c3408681d57f3 Mon Sep 17 00:00:00 2001 From: Adam Ruka Date: Thu, 21 Jan 2021 12:03:19 -0800 Subject: [PATCH 4/9] chore: deprecate app-delivery and EKS-legacy modules (#12545) Deprecate the `@aws-cdk/app-delivery` and `@aws-cdk/aws-eks-legacy` modules, thus removing them from `aws-cdk-lib`. Since removing them from `monocdk` would be considered a breaking change, add a mechanism to `ubergen` that allows explicitly listing which modules the given monolithic package considers 'deprecated', instead of relying only on the deprecation of the packages themselves. This way, these two deprecated modules can still be shipped as part of `monocdk`. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- packages/@aws-cdk/app-delivery/package.json | 1 + packages/@aws-cdk/aws-eks-legacy/package.json | 1 + packages/decdk/package.json | 2 - packages/monocdk/package.json | 6 +++ tools/ubergen/bin/ubergen.ts | 39 ++++++++++++------- 5 files changed, 32 insertions(+), 17 deletions(-) diff --git a/packages/@aws-cdk/app-delivery/package.json b/packages/@aws-cdk/app-delivery/package.json index b207d25ff7c1c..b122d9803fc8b 100644 --- a/packages/@aws-cdk/app-delivery/package.json +++ b/packages/@aws-cdk/app-delivery/package.json @@ -1,6 +1,7 @@ { "name": "@aws-cdk/app-delivery", "description": "Continuous Integration / Continuous Delivery for CDK Applications", + "deprecated": "Use the @aws-cdk/pipelines module instead", "version": "0.0.0", "main": "lib/index.js", "types": "lib/index.d.ts", diff --git a/packages/@aws-cdk/aws-eks-legacy/package.json b/packages/@aws-cdk/aws-eks-legacy/package.json index 3517e013b9eb1..32c6b684fa2c6 100644 --- a/packages/@aws-cdk/aws-eks-legacy/package.json +++ b/packages/@aws-cdk/aws-eks-legacy/package.json @@ -1,6 +1,7 @@ { "name": "@aws-cdk/aws-eks-legacy", "version": "0.0.0", + "deprecated": "Use the @aws-cdk/aws-eks module instead", "description": "The CDK Construct Library for AWS::EKS (Legacy)", "main": "lib/index.js", "types": "lib/index.d.ts", diff --git a/packages/decdk/package.json b/packages/decdk/package.json index 6a1ce8d9debb4..7f8ace298e383 100644 --- a/packages/decdk/package.json +++ b/packages/decdk/package.json @@ -28,7 +28,6 @@ "license": "Apache-2.0", "dependencies": { "@aws-cdk/alexa-ask": "0.0.0", - "@aws-cdk/app-delivery": "0.0.0", "@aws-cdk/assets": "0.0.0", "@aws-cdk/aws-accessanalyzer": "0.0.0", "@aws-cdk/aws-acmpca": "0.0.0", @@ -95,7 +94,6 @@ "@aws-cdk/aws-ecs-patterns": "0.0.0", "@aws-cdk/aws-efs": "0.0.0", "@aws-cdk/aws-eks": "0.0.0", - "@aws-cdk/aws-eks-legacy": "0.0.0", "@aws-cdk/aws-elasticache": "0.0.0", "@aws-cdk/aws-elasticbeanstalk": "0.0.0", "@aws-cdk/aws-elasticloadbalancing": "0.0.0", diff --git a/packages/monocdk/package.json b/packages/monocdk/package.json index 7807f5aac29eb..dddf5eb0b77fd 100644 --- a/packages/monocdk/package.json +++ b/packages/monocdk/package.json @@ -34,6 +34,12 @@ "disable": true } }, + "ubergen": { + "deprecatedPackages": [ + "@aws-cdk/aws-dynamodb-global", + "@aws-cdk/cdk-assets-schema" + ] + }, "pkglint": { "exclude": [ "package-info/maturity", diff --git a/tools/ubergen/bin/ubergen.ts b/tools/ubergen/bin/ubergen.ts index 5169dfcf814de..ea5c529f77f3e 100644 --- a/tools/ubergen/bin/ubergen.ts +++ b/tools/ubergen/bin/ubergen.ts @@ -7,14 +7,17 @@ import * as ts from 'typescript'; const LIB_ROOT = path.resolve(process.cwd(), 'lib'); const ROOT_PATH = findWorkspacePath(); +const UBER_PACKAGE_JSON_PATH = path.resolve(process.cwd(), 'package.json'); async function main() { console.log(`🌴 workspace root path is: ${ROOT_PATH}`); - const libraries = await findLibrariesToPackage(); - const packageJson = await verifyDependencies(libraries); - await prepareSourceFiles(libraries, packageJson); -} + const uberPackageJson = await fs.readJson(UBER_PACKAGE_JSON_PATH); + + const libraries = await findLibrariesToPackage(uberPackageJson); + await verifyDependencies(uberPackageJson, libraries); + await prepareSourceFiles(libraries, uberPackageJson); +} main().then( () => process.exit(0), @@ -56,6 +59,9 @@ interface PackageJson { readonly types: string; readonly version: string; readonly [key: string]: unknown; + readonly ubergen?: { + readonly deprecatedPackages?: readonly string[]; + }; } /** @@ -78,9 +84,10 @@ function findWorkspacePath(): string { } } -async function findLibrariesToPackage(): Promise { +async function findLibrariesToPackage(uberPackageJson: PackageJson): Promise { console.log('🔍 Discovering libraries that need packaging...'); + const deprecatedPackages = uberPackageJson.ubergen?.deprecatedPackages; const result = new Array(); const librariesRoot = path.resolve(ROOT_PATH, 'packages', '@aws-cdk'); @@ -88,13 +95,18 @@ async function findLibrariesToPackage(): Promise { const packageJson = await fs.readJson(path.resolve(librariesRoot, dir, 'package.json')); if (packageJson.ubergen?.exclude) { - console.log(`\t⚠️ Skipping (ubergen excluded): ${packageJson.name}`); - continue; - } else if (packageJson.deprecated) { - console.log(`\t⚠️ Skipping (deprecated): ${packageJson.name}`); + console.log(`\t⚠️ Skipping (ubergen excluded): ${packageJson.name}`); continue; } else if (packageJson.jsii == null ) { - console.log(`\t⚠️ Skipping (not jsii-enabled): ${packageJson.name}`); + console.log(`\t⚠️ Skipping (not jsii-enabled): ${packageJson.name}`); + continue; + } else if (deprecatedPackages) { + if (deprecatedPackages.some(packageName => packageName === packageJson.name)) { + console.log(`\t⚠️ Skipping (ubergen deprecated): ${packageJson.name}`); + continue; + } + } else if (packageJson.deprecated) { + console.log(`\t⚠️ Skipping (deprecated): ${packageJson.name}`); continue; } result.push({ @@ -109,10 +121,8 @@ async function findLibrariesToPackage(): Promise { return result; } -async function verifyDependencies(libraries: readonly LibraryReference[]): Promise { +async function verifyDependencies(packageJson: any, libraries: readonly LibraryReference[]): Promise { console.log('🧐 Verifying dependencies are complete...'); - const packageJsonPath = path.resolve(process.cwd(), 'package.json'); - const packageJson = await fs.readJson(packageJsonPath); let changed = false; const toBundle: Record = {}; @@ -193,12 +203,11 @@ async function verifyDependencies(libraries: readonly LibraryReference[]): Promi } if (changed) { - await fs.writeFile(packageJsonPath, JSON.stringify(packageJson, null, 2) + '\n', { encoding: 'utf8' }); + await fs.writeFile(UBER_PACKAGE_JSON_PATH, JSON.stringify(packageJson, null, 2) + '\n', { encoding: 'utf8' }); throw new Error('Fixed dependency inconsistencies. Commit the updated package.json file.'); } console.log('\t✅ Dependencies are correct!'); - return packageJson; } async function prepareSourceFiles(libraries: readonly LibraryReference[], packageJson: PackageJson) { From e2434d6d5850b60a7583812a1b77eb0e889cdd05 Mon Sep 17 00:00:00 2001 From: "dependabot-preview[bot]" <27856297+dependabot-preview[bot]@users.noreply.github.com> Date: Thu, 21 Jan 2021 20:49:09 +0000 Subject: [PATCH 5/9] chore(deps): bump aws-sdk from 2.828.0 to 2.830.0 (#12650) Bumps [aws-sdk](https://github.com/aws/aws-sdk-js) from 2.828.0 to 2.830.0. - [Release notes](https://github.com/aws/aws-sdk-js/releases) - [Changelog](https://github.com/aws/aws-sdk-js/blob/master/CHANGELOG.md) - [Commits](https://github.com/aws/aws-sdk-js/compare/v2.828.0...v2.830.0) Signed-off-by: dependabot-preview[bot] Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com> --- packages/@aws-cdk/aws-cloudfront-origins/package.json | 2 +- packages/@aws-cdk/aws-cloudfront/package.json | 2 +- packages/@aws-cdk/aws-cloudtrail/package.json | 2 +- packages/@aws-cdk/aws-codebuild/package.json | 2 +- packages/@aws-cdk/aws-codecommit/package.json | 2 +- packages/@aws-cdk/aws-dynamodb/package.json | 2 +- packages/@aws-cdk/aws-eks/package.json | 2 +- packages/@aws-cdk/aws-events-targets/package.json | 2 +- packages/@aws-cdk/aws-logs/package.json | 2 +- packages/@aws-cdk/aws-route53/package.json | 2 +- packages/@aws-cdk/aws-sqs/package.json | 2 +- packages/@aws-cdk/custom-resources/package.json | 2 +- packages/aws-cdk/package.json | 2 +- packages/cdk-assets/package.json | 2 +- yarn.lock | 8 ++++---- 15 files changed, 18 insertions(+), 18 deletions(-) diff --git a/packages/@aws-cdk/aws-cloudfront-origins/package.json b/packages/@aws-cdk/aws-cloudfront-origins/package.json index 36c8558662687..c6c5e867e0471 100644 --- a/packages/@aws-cdk/aws-cloudfront-origins/package.json +++ b/packages/@aws-cdk/aws-cloudfront-origins/package.json @@ -71,7 +71,7 @@ "devDependencies": { "@aws-cdk/assert": "0.0.0", "@aws-cdk/aws-ec2": "0.0.0", - "aws-sdk": "^2.828.0", + "aws-sdk": "^2.830.0", "cdk-build-tools": "0.0.0", "cdk-integ-tools": "0.0.0", "pkglint": "0.0.0" diff --git a/packages/@aws-cdk/aws-cloudfront/package.json b/packages/@aws-cdk/aws-cloudfront/package.json index 75163624d7083..651d22e95e668 100644 --- a/packages/@aws-cdk/aws-cloudfront/package.json +++ b/packages/@aws-cdk/aws-cloudfront/package.json @@ -72,7 +72,7 @@ "license": "Apache-2.0", "devDependencies": { "@aws-cdk/assert": "0.0.0", - "aws-sdk": "^2.828.0", + "aws-sdk": "^2.830.0", "cdk-build-tools": "0.0.0", "cdk-integ-tools": "0.0.0", "cfn2ts": "0.0.0", diff --git a/packages/@aws-cdk/aws-cloudtrail/package.json b/packages/@aws-cdk/aws-cloudtrail/package.json index 3815ad87f2bce..2dd9a2fbc7971 100644 --- a/packages/@aws-cdk/aws-cloudtrail/package.json +++ b/packages/@aws-cdk/aws-cloudtrail/package.json @@ -72,7 +72,7 @@ "license": "Apache-2.0", "devDependencies": { "@aws-cdk/assert": "0.0.0", - "aws-sdk": "^2.828.0", + "aws-sdk": "^2.830.0", "cdk-build-tools": "0.0.0", "cdk-integ-tools": "0.0.0", "cfn2ts": "0.0.0", diff --git a/packages/@aws-cdk/aws-codebuild/package.json b/packages/@aws-cdk/aws-codebuild/package.json index b75397a8c6860..7c378d037ce4c 100644 --- a/packages/@aws-cdk/aws-codebuild/package.json +++ b/packages/@aws-cdk/aws-codebuild/package.json @@ -78,7 +78,7 @@ "@aws-cdk/aws-sns": "0.0.0", "@aws-cdk/aws-sqs": "0.0.0", "@types/nodeunit": "^0.0.31", - "aws-sdk": "^2.828.0", + "aws-sdk": "^2.830.0", "cdk-build-tools": "0.0.0", "cdk-integ-tools": "0.0.0", "cfn2ts": "0.0.0", diff --git a/packages/@aws-cdk/aws-codecommit/package.json b/packages/@aws-cdk/aws-codecommit/package.json index 28f243d53b102..6f617c91a0183 100644 --- a/packages/@aws-cdk/aws-codecommit/package.json +++ b/packages/@aws-cdk/aws-codecommit/package.json @@ -78,7 +78,7 @@ "@aws-cdk/assert": "0.0.0", "@aws-cdk/aws-sns": "0.0.0", "@types/nodeunit": "^0.0.31", - "aws-sdk": "^2.828.0", + "aws-sdk": "^2.830.0", "cdk-build-tools": "0.0.0", "cdk-integ-tools": "0.0.0", "cfn2ts": "0.0.0", diff --git a/packages/@aws-cdk/aws-dynamodb/package.json b/packages/@aws-cdk/aws-dynamodb/package.json index 4a44e455ea4c6..6bae1adb77c14 100644 --- a/packages/@aws-cdk/aws-dynamodb/package.json +++ b/packages/@aws-cdk/aws-dynamodb/package.json @@ -73,7 +73,7 @@ "devDependencies": { "@aws-cdk/assert": "0.0.0", "@types/jest": "^26.0.15", - "aws-sdk": "^2.828.0", + "aws-sdk": "^2.830.0", "aws-sdk-mock": "^5.1.0", "cdk-build-tools": "0.0.0", "cdk-integ-tools": "0.0.0", diff --git a/packages/@aws-cdk/aws-eks/package.json b/packages/@aws-cdk/aws-eks/package.json index 842fc758a5f0c..939d90d267ac8 100644 --- a/packages/@aws-cdk/aws-eks/package.json +++ b/packages/@aws-cdk/aws-eks/package.json @@ -73,7 +73,7 @@ "@aws-cdk/assert": "0.0.0", "@types/nodeunit": "^0.0.31", "@types/yaml": "1.9.6", - "aws-sdk": "^2.828.0", + "aws-sdk": "^2.830.0", "cdk-build-tools": "0.0.0", "cdk-integ-tools": "0.0.0", "cfn2ts": "0.0.0", diff --git a/packages/@aws-cdk/aws-events-targets/package.json b/packages/@aws-cdk/aws-events-targets/package.json index 99ecd21408fdd..2fbad9a4cd421 100644 --- a/packages/@aws-cdk/aws-events-targets/package.json +++ b/packages/@aws-cdk/aws-events-targets/package.json @@ -74,7 +74,7 @@ "@aws-cdk/assert": "0.0.0", "@aws-cdk/aws-codecommit": "0.0.0", "@aws-cdk/aws-s3": "0.0.0", - "aws-sdk": "^2.828.0", + "aws-sdk": "^2.830.0", "aws-sdk-mock": "^5.1.0", "cdk-build-tools": "0.0.0", "cdk-integ-tools": "0.0.0", diff --git a/packages/@aws-cdk/aws-logs/package.json b/packages/@aws-cdk/aws-logs/package.json index 4f7bd5f3e3273..2b1b897cd3785 100644 --- a/packages/@aws-cdk/aws-logs/package.json +++ b/packages/@aws-cdk/aws-logs/package.json @@ -72,7 +72,7 @@ "devDependencies": { "@aws-cdk/assert": "0.0.0", "@types/nodeunit": "^0.0.31", - "aws-sdk": "^2.828.0", + "aws-sdk": "^2.830.0", "aws-sdk-mock": "^5.1.0", "cdk-build-tools": "0.0.0", "cdk-integ-tools": "0.0.0", diff --git a/packages/@aws-cdk/aws-route53/package.json b/packages/@aws-cdk/aws-route53/package.json index 495eeb8356ef6..89990b82cc61f 100644 --- a/packages/@aws-cdk/aws-route53/package.json +++ b/packages/@aws-cdk/aws-route53/package.json @@ -72,7 +72,7 @@ "devDependencies": { "@aws-cdk/assert": "0.0.0", "@types/nodeunit": "^0.0.31", - "aws-sdk": "^2.828.0", + "aws-sdk": "^2.830.0", "cdk-build-tools": "0.0.0", "cdk-integ-tools": "0.0.0", "cfn2ts": "0.0.0", diff --git a/packages/@aws-cdk/aws-sqs/package.json b/packages/@aws-cdk/aws-sqs/package.json index 688617e078dac..87c9aa9ffebff 100644 --- a/packages/@aws-cdk/aws-sqs/package.json +++ b/packages/@aws-cdk/aws-sqs/package.json @@ -73,7 +73,7 @@ "@aws-cdk/assert": "0.0.0", "@aws-cdk/aws-s3": "0.0.0", "@types/nodeunit": "^0.0.31", - "aws-sdk": "^2.828.0", + "aws-sdk": "^2.830.0", "cdk-build-tools": "0.0.0", "cdk-integ-tools": "0.0.0", "cfn2ts": "0.0.0", diff --git a/packages/@aws-cdk/custom-resources/package.json b/packages/@aws-cdk/custom-resources/package.json index bab6dd4c1eeae..cab6d86231e9a 100644 --- a/packages/@aws-cdk/custom-resources/package.json +++ b/packages/@aws-cdk/custom-resources/package.json @@ -78,7 +78,7 @@ "@types/aws-lambda": "^8.10.64", "@types/fs-extra": "^8.1.1", "@types/sinon": "^9.0.9", - "aws-sdk": "^2.828.0", + "aws-sdk": "^2.830.0", "aws-sdk-mock": "^5.1.0", "cdk-build-tools": "0.0.0", "cdk-integ-tools": "0.0.0", diff --git a/packages/aws-cdk/package.json b/packages/aws-cdk/package.json index 5a87b58c443ac..f5f79f1c11d65 100644 --- a/packages/aws-cdk/package.json +++ b/packages/aws-cdk/package.json @@ -73,7 +73,7 @@ "@aws-cdk/region-info": "0.0.0", "@aws-cdk/yaml-cfn": "0.0.0", "archiver": "^5.2.0", - "aws-sdk": "^2.828.0", + "aws-sdk": "^2.830.0", "camelcase": "^6.2.0", "cdk-assets": "0.0.0", "colors": "^1.4.0", diff --git a/packages/cdk-assets/package.json b/packages/cdk-assets/package.json index 0d30bbcf4e3b0..ba54b8625f279 100644 --- a/packages/cdk-assets/package.json +++ b/packages/cdk-assets/package.json @@ -47,7 +47,7 @@ "@aws-cdk/cloud-assembly-schema": "0.0.0", "@aws-cdk/cx-api": "0.0.0", "archiver": "^5.2.0", - "aws-sdk": "^2.828.0", + "aws-sdk": "^2.830.0", "glob": "^7.1.6", "yargs": "^16.2.0" }, diff --git a/yarn.lock b/yarn.lock index bdaf076fe34d7..5dfc08b1b75c7 100644 --- a/yarn.lock +++ b/yarn.lock @@ -2310,10 +2310,10 @@ aws-sdk-mock@^5.1.0: sinon "^9.0.1" traverse "^0.6.6" -aws-sdk@^2.637.0, aws-sdk@^2.828.0: - version "2.828.0" - resolved "https://registry.yarnpkg.com/aws-sdk/-/aws-sdk-2.828.0.tgz#6aa599c3582f219568f41fb287eb65753e4a9234" - integrity sha512-JoDujGdncSIF9ka+XFZjop/7G+fNGucwPwYj7OHYMmFIOV5p7YmqomdbVmH/vIzd988YZz8oLOinWc4jM6vvhg== +aws-sdk@^2.637.0, aws-sdk@^2.830.0: + version "2.830.0" + resolved "https://registry.yarnpkg.com/aws-sdk/-/aws-sdk-2.830.0.tgz#1d3631d573d18c48373046da7ad92855a7fd1636" + integrity sha512-vFatoWkdJmRzpymWbqsuwVsAJdhdAvU2JcM9jKRENTNKJw90ljnLyeP1eKCp4O3/4Lg43PVBwY/KUqPy4wL+OA== dependencies: buffer "4.9.2" events "1.1.1" From 671618152dc585ef0703f6c3501f6ee5a366b4a9 Mon Sep 17 00:00:00 2001 From: Bradley Walters Date: Thu, 21 Jan 2021 14:26:36 -0700 Subject: [PATCH 6/9] fix(s3-deployment): User metadata keys have redundant triple `x-amz` prefix (#12414) Without this fix, keys are prefixed with x-amzn-meta- by the TypeScript code, then the Python code runs and prefixes metadata keys again with x-amz-meta-. Then, the Python shells out to aws-cli which makes a request to the S3 service. There, the keys are prefixed *yet again* with x-amz-meta- _unconditionally_. Thus no matter what keys the user specified, the keys in S3 would be: x-amz-meta-x-amz-meta-x-amzn-meta-. This issue was originally reported as #8459. #10678 attempted to fix this issue, and fixed the Python, but missed the TS. It also suffers from the S3 service adding the prefix unconditionally. After this change, neither the TypeScript code nor the Python code will attempt to prepend to the metadata key. Instead we rely on the S3 service to do it. BREAKING CHANGE: User metadata keys of bucket objects will change from `x-amz-meta-x-amz-meta-x-amzn-meta-mykey` to `x-amz-meta-mykey`. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- .../ec2/integ.environment-file.expected.json | 18 +++++++------- packages/@aws-cdk/aws-s3-deployment/README.md | 2 +- .../lib/bucket-deployment.ts | 7 ++---- .../aws-s3-deployment/lib/lambda/index.py | 2 +- .../test/bucket-deployment.test.ts | 2 +- ...bucket-deployment-cloudfront.expected.json | 18 +++++++------- .../integ.bucket-deployment.expected.json | 24 +++++++++---------- .../aws-s3-deployment/test/lambda/test.py | 2 +- 8 files changed, 36 insertions(+), 39 deletions(-) diff --git a/packages/@aws-cdk/aws-ecs/test/ec2/integ.environment-file.expected.json b/packages/@aws-cdk/aws-ecs/test/ec2/integ.environment-file.expected.json index 34017cbb94b10..9376c507c20cf 100644 --- a/packages/@aws-cdk/aws-ecs/test/ec2/integ.environment-file.expected.json +++ b/packages/@aws-cdk/aws-ecs/test/ec2/integ.environment-file.expected.json @@ -1219,7 +1219,7 @@ "Properties": { "Code": { "S3Bucket": { - "Ref": "AssetParameters8bda025b845a88fbeb54ef75e52048aa9f3378463116cb413f12f6014673a59aS3BucketFD1BBE00" + "Ref": "AssetParametersc24b999656e4fe6c609c31bae56a1cf4717a405619c3aa6ba1bc686b8c2c86cfS3Bucket55EFA30C" }, "S3Key": { "Fn::Join": [ @@ -1232,7 +1232,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters8bda025b845a88fbeb54ef75e52048aa9f3378463116cb413f12f6014673a59aS3VersionKey6E54DC76" + "Ref": "AssetParametersc24b999656e4fe6c609c31bae56a1cf4717a405619c3aa6ba1bc686b8c2c86cfS3VersionKey60329B70" } ] } @@ -1245,7 +1245,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters8bda025b845a88fbeb54ef75e52048aa9f3378463116cb413f12f6014673a59aS3VersionKey6E54DC76" + "Ref": "AssetParametersc24b999656e4fe6c609c31bae56a1cf4717a405619c3aa6ba1bc686b8c2c86cfS3VersionKey60329B70" } ] } @@ -1348,17 +1348,17 @@ "Type": "String", "Description": "Artifact hash for asset \"e9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68\"" }, - "AssetParameters8bda025b845a88fbeb54ef75e52048aa9f3378463116cb413f12f6014673a59aS3BucketFD1BBE00": { + "AssetParametersc24b999656e4fe6c609c31bae56a1cf4717a405619c3aa6ba1bc686b8c2c86cfS3Bucket55EFA30C": { "Type": "String", - "Description": "S3 bucket for asset \"8bda025b845a88fbeb54ef75e52048aa9f3378463116cb413f12f6014673a59a\"" + "Description": "S3 bucket for asset \"c24b999656e4fe6c609c31bae56a1cf4717a405619c3aa6ba1bc686b8c2c86cf\"" }, - "AssetParameters8bda025b845a88fbeb54ef75e52048aa9f3378463116cb413f12f6014673a59aS3VersionKey6E54DC76": { + "AssetParametersc24b999656e4fe6c609c31bae56a1cf4717a405619c3aa6ba1bc686b8c2c86cfS3VersionKey60329B70": { "Type": "String", - "Description": "S3 key for asset version \"8bda025b845a88fbeb54ef75e52048aa9f3378463116cb413f12f6014673a59a\"" + "Description": "S3 key for asset version \"c24b999656e4fe6c609c31bae56a1cf4717a405619c3aa6ba1bc686b8c2c86cf\"" }, - "AssetParameters8bda025b845a88fbeb54ef75e52048aa9f3378463116cb413f12f6014673a59aArtifactHash595EC1E7": { + "AssetParametersc24b999656e4fe6c609c31bae56a1cf4717a405619c3aa6ba1bc686b8c2c86cfArtifactHash85F58E48": { "Type": "String", - "Description": "Artifact hash for asset \"8bda025b845a88fbeb54ef75e52048aa9f3378463116cb413f12f6014673a59a\"" + "Description": "Artifact hash for asset \"c24b999656e4fe6c609c31bae56a1cf4717a405619c3aa6ba1bc686b8c2c86cf\"" }, "AssetParameters972240f9dd6e036a93d5f081af9a24315b2053828ac049b3b19b2fa12d7ae64aS3Bucket1F1A8472": { "Type": "String", diff --git a/packages/@aws-cdk/aws-s3-deployment/README.md b/packages/@aws-cdk/aws-s3-deployment/README.md index eb8a4d4a08a7c..f8da930bf947e 100644 --- a/packages/@aws-cdk/aws-s3-deployment/README.md +++ b/packages/@aws-cdk/aws-s3-deployment/README.md @@ -109,7 +109,7 @@ new BucketDeployment(this, 'HTMLBucketDeployment', { You can specify metadata to be set on all the objects in your deployment. There are 2 types of metadata in S3: system-defined metadata and user-defined metadata. System-defined metadata have a special purpose, for example cache-control defines how long to keep an object cached. -User-defined metadata are not used by S3 and keys always begin with `x-amzn-meta-` (if this is not provided, it is added automatically). +User-defined metadata are not used by S3 and keys always begin with `x-amz-meta-` (this prefix is added automatically). System defined metadata keys include the following: diff --git a/packages/@aws-cdk/aws-s3-deployment/lib/bucket-deployment.ts b/packages/@aws-cdk/aws-s3-deployment/lib/bucket-deployment.ts index 9e1c20ae02ef7..bbf526b79df86 100644 --- a/packages/@aws-cdk/aws-s3-deployment/lib/bucket-deployment.ts +++ b/packages/@aws-cdk/aws-s3-deployment/lib/bucket-deployment.ts @@ -257,10 +257,7 @@ export class BucketDeployment extends CoreConstruct { */ function mapUserMetadata(metadata: UserDefinedObjectMetadata) { - const mapKey = (key: string) => - key.toLowerCase().startsWith('x-amzn-meta-') - ? key.toLowerCase() - : `x-amzn-meta-${key.toLowerCase()}`; + const mapKey = (key: string) => key.toLowerCase(); return Object.keys(metadata).reduce((o, key) => ({ ...o, [mapKey(key)]: metadata[key] }), {}); } @@ -358,7 +355,7 @@ export class Expires { export interface UserDefinedObjectMetadata { /** * Arbitrary metadata key-values - * Keys must begin with `x-amzn-meta-` (will be added automatically if not provided) + * The `x-amz-meta-` prefix will automatically be added to keys. * @see https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingMetadata.html#UserMetadata */ readonly [key: string]: string; diff --git a/packages/@aws-cdk/aws-s3-deployment/lib/lambda/index.py b/packages/@aws-cdk/aws-s3-deployment/lib/lambda/index.py index bf16d84608517..3935e3122529d 100644 --- a/packages/@aws-cdk/aws-s3-deployment/lib/lambda/index.py +++ b/packages/@aws-cdk/aws-s3-deployment/lib/lambda/index.py @@ -169,7 +169,7 @@ def create_metadata_args(raw_user_metadata, raw_system_metadata): return [] format_system_metadata_key = lambda k: k.lower() - format_user_metadata_key = lambda k: k.lower() if k.lower().startswith("x-amz-meta-") else f"x-amz-meta-{k.lower()}" + format_user_metadata_key = lambda k: k.lower() system_metadata = { format_system_metadata_key(k): v for k, v in raw_system_metadata.items() } user_metadata = { format_user_metadata_key(k): v for k, v in raw_user_metadata.items() } diff --git a/packages/@aws-cdk/aws-s3-deployment/test/bucket-deployment.test.ts b/packages/@aws-cdk/aws-s3-deployment/test/bucket-deployment.test.ts index a1e43dfd10eb3..5cb7cdc1e7cdf 100644 --- a/packages/@aws-cdk/aws-s3-deployment/test/bucket-deployment.test.ts +++ b/packages/@aws-cdk/aws-s3-deployment/test/bucket-deployment.test.ts @@ -297,7 +297,7 @@ test('user metadata is correctly transformed', () => { // THEN expect(stack).toHaveResource('Custom::CDKBucketDeployment', { - UserMetadata: { 'x-amzn-meta-a': '1', 'x-amzn-meta-b': '2' }, + UserMetadata: { a: '1', b: '2' }, }); }); diff --git a/packages/@aws-cdk/aws-s3-deployment/test/integ.bucket-deployment-cloudfront.expected.json b/packages/@aws-cdk/aws-s3-deployment/test/integ.bucket-deployment-cloudfront.expected.json index 3e138f405e0d6..fa5e26b9d57e9 100644 --- a/packages/@aws-cdk/aws-s3-deployment/test/integ.bucket-deployment-cloudfront.expected.json +++ b/packages/@aws-cdk/aws-s3-deployment/test/integ.bucket-deployment-cloudfront.expected.json @@ -295,7 +295,7 @@ "Properties": { "Code": { "S3Bucket": { - "Ref": "AssetParameters8bda025b845a88fbeb54ef75e52048aa9f3378463116cb413f12f6014673a59aS3BucketFD1BBE00" + "Ref": "AssetParametersc24b999656e4fe6c609c31bae56a1cf4717a405619c3aa6ba1bc686b8c2c86cfS3Bucket55EFA30C" }, "S3Key": { "Fn::Join": [ @@ -308,7 +308,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters8bda025b845a88fbeb54ef75e52048aa9f3378463116cb413f12f6014673a59aS3VersionKey6E54DC76" + "Ref": "AssetParametersc24b999656e4fe6c609c31bae56a1cf4717a405619c3aa6ba1bc686b8c2c86cfS3VersionKey60329B70" } ] } @@ -321,7 +321,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters8bda025b845a88fbeb54ef75e52048aa9f3378463116cb413f12f6014673a59aS3VersionKey6E54DC76" + "Ref": "AssetParametersc24b999656e4fe6c609c31bae56a1cf4717a405619c3aa6ba1bc686b8c2c86cfS3VersionKey60329B70" } ] } @@ -365,17 +365,17 @@ "Type": "String", "Description": "Artifact hash for asset \"e9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68\"" }, - "AssetParameters8bda025b845a88fbeb54ef75e52048aa9f3378463116cb413f12f6014673a59aS3BucketFD1BBE00": { + "AssetParametersc24b999656e4fe6c609c31bae56a1cf4717a405619c3aa6ba1bc686b8c2c86cfS3Bucket55EFA30C": { "Type": "String", - "Description": "S3 bucket for asset \"8bda025b845a88fbeb54ef75e52048aa9f3378463116cb413f12f6014673a59a\"" + "Description": "S3 bucket for asset \"c24b999656e4fe6c609c31bae56a1cf4717a405619c3aa6ba1bc686b8c2c86cf\"" }, - "AssetParameters8bda025b845a88fbeb54ef75e52048aa9f3378463116cb413f12f6014673a59aS3VersionKey6E54DC76": { + "AssetParametersc24b999656e4fe6c609c31bae56a1cf4717a405619c3aa6ba1bc686b8c2c86cfS3VersionKey60329B70": { "Type": "String", - "Description": "S3 key for asset version \"8bda025b845a88fbeb54ef75e52048aa9f3378463116cb413f12f6014673a59a\"" + "Description": "S3 key for asset version \"c24b999656e4fe6c609c31bae56a1cf4717a405619c3aa6ba1bc686b8c2c86cf\"" }, - "AssetParameters8bda025b845a88fbeb54ef75e52048aa9f3378463116cb413f12f6014673a59aArtifactHash595EC1E7": { + "AssetParametersc24b999656e4fe6c609c31bae56a1cf4717a405619c3aa6ba1bc686b8c2c86cfArtifactHash85F58E48": { "Type": "String", - "Description": "Artifact hash for asset \"8bda025b845a88fbeb54ef75e52048aa9f3378463116cb413f12f6014673a59a\"" + "Description": "Artifact hash for asset \"c24b999656e4fe6c609c31bae56a1cf4717a405619c3aa6ba1bc686b8c2c86cf\"" }, "AssetParametersfc4481abf279255619ff7418faa5d24456fef3432ea0da59c95542578ff0222eS3Bucket9CD8B20A": { "Type": "String", diff --git a/packages/@aws-cdk/aws-s3-deployment/test/integ.bucket-deployment.expected.json b/packages/@aws-cdk/aws-s3-deployment/test/integ.bucket-deployment.expected.json index 9d52b89269f5a..92d6c5bb8514b 100644 --- a/packages/@aws-cdk/aws-s3-deployment/test/integ.bucket-deployment.expected.json +++ b/packages/@aws-cdk/aws-s3-deployment/test/integ.bucket-deployment.expected.json @@ -304,7 +304,7 @@ "Properties": { "Code": { "S3Bucket": { - "Ref": "AssetParameters8bda025b845a88fbeb54ef75e52048aa9f3378463116cb413f12f6014673a59aS3BucketFD1BBE00" + "Ref": "AssetParametersc24b999656e4fe6c609c31bae56a1cf4717a405619c3aa6ba1bc686b8c2c86cfS3Bucket55EFA30C" }, "S3Key": { "Fn::Join": [ @@ -317,7 +317,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters8bda025b845a88fbeb54ef75e52048aa9f3378463116cb413f12f6014673a59aS3VersionKey6E54DC76" + "Ref": "AssetParametersc24b999656e4fe6c609c31bae56a1cf4717a405619c3aa6ba1bc686b8c2c86cfS3VersionKey60329B70" } ] } @@ -330,7 +330,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters8bda025b845a88fbeb54ef75e52048aa9f3378463116cb413f12f6014673a59aS3VersionKey6E54DC76" + "Ref": "AssetParametersc24b999656e4fe6c609c31bae56a1cf4717a405619c3aa6ba1bc686b8c2c86cfS3VersionKey60329B70" } ] } @@ -572,9 +572,9 @@ "RetainOnDelete": false, "Prune": true, "UserMetadata": { - "x-amzn-meta-a": "aaa", - "x-amzn-meta-b": "bbb", - "x-amzn-meta-c": "ccc" + "a": "aaa", + "b": "bbb", + "c": "ccc" }, "SystemMetadata": { "cache-control": "public, max-age=60", @@ -700,17 +700,17 @@ "Type": "String", "Description": "Artifact hash for asset \"e9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68\"" }, - "AssetParameters8bda025b845a88fbeb54ef75e52048aa9f3378463116cb413f12f6014673a59aS3BucketFD1BBE00": { + "AssetParametersc24b999656e4fe6c609c31bae56a1cf4717a405619c3aa6ba1bc686b8c2c86cfS3Bucket55EFA30C": { "Type": "String", - "Description": "S3 bucket for asset \"8bda025b845a88fbeb54ef75e52048aa9f3378463116cb413f12f6014673a59a\"" + "Description": "S3 bucket for asset \"c24b999656e4fe6c609c31bae56a1cf4717a405619c3aa6ba1bc686b8c2c86cf\"" }, - "AssetParameters8bda025b845a88fbeb54ef75e52048aa9f3378463116cb413f12f6014673a59aS3VersionKey6E54DC76": { + "AssetParametersc24b999656e4fe6c609c31bae56a1cf4717a405619c3aa6ba1bc686b8c2c86cfS3VersionKey60329B70": { "Type": "String", - "Description": "S3 key for asset version \"8bda025b845a88fbeb54ef75e52048aa9f3378463116cb413f12f6014673a59a\"" + "Description": "S3 key for asset version \"c24b999656e4fe6c609c31bae56a1cf4717a405619c3aa6ba1bc686b8c2c86cf\"" }, - "AssetParameters8bda025b845a88fbeb54ef75e52048aa9f3378463116cb413f12f6014673a59aArtifactHash595EC1E7": { + "AssetParametersc24b999656e4fe6c609c31bae56a1cf4717a405619c3aa6ba1bc686b8c2c86cfArtifactHash85F58E48": { "Type": "String", - "Description": "Artifact hash for asset \"8bda025b845a88fbeb54ef75e52048aa9f3378463116cb413f12f6014673a59a\"" + "Description": "Artifact hash for asset \"c24b999656e4fe6c609c31bae56a1cf4717a405619c3aa6ba1bc686b8c2c86cf\"" }, "AssetParametersfc4481abf279255619ff7418faa5d24456fef3432ea0da59c95542578ff0222eS3Bucket9CD8B20A": { "Type": "String", diff --git a/packages/@aws-cdk/aws-s3-deployment/test/lambda/test.py b/packages/@aws-cdk/aws-s3-deployment/test/lambda/test.py index fcd79f18af4d5..7813a13db3859 100644 --- a/packages/@aws-cdk/aws-s3-deployment/test/lambda/test.py +++ b/packages/@aws-cdk/aws-s3-deployment/test/lambda/test.py @@ -122,7 +122,7 @@ def test_create_update_with_metadata(self): self.assertAwsCommands( ["s3", "cp", "s3:///", "archive.zip"], - ["s3", "sync", "--delete", "contents.zip", "s3:///", "--content-type", "text/html", "--content-language", "en", "--metadata", "{\"x-amz-meta-best\":\"game\"}", "--metadata-directive", "REPLACE"] + ["s3", "sync", "--delete", "contents.zip", "s3:///", "--content-type", "text/html", "--content-language", "en", "--metadata", "{\"best\":\"game\"}", "--metadata-directive", "REPLACE"] ) def test_delete_no_retain(self): From d169688f35bc78c88c44ff9a7d8fa0dfea71f904 Mon Sep 17 00:00:00 2001 From: Alban Esc Date: Thu, 21 Jan 2021 14:58:57 -0800 Subject: [PATCH 7/9] feat(aws-codepipeline-actions): Add Full Clone support for CodeCommit (#12558) Add `codeBuildCloneOutput` property to the CodeCommit source action. It automatically adds the `codecommit:GetRepository` permission to the CodeCommitSourceAction role. It will also add the `codecommit:GitPull` permission to any CodeBuildAction using the artifact from CodeCommitSourceAction as input. Closes #12236 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- .../aws-codepipeline-actions/README.md | 20 ++++ .../lib/codebuild/build-action.ts | 18 ++- .../lib/codecommit/source-action.ts | 31 ++++- .../test.codecommit-source-action.ts | 107 +++++++++++++++++- 4 files changed, 171 insertions(+), 5 deletions(-) diff --git a/packages/@aws-cdk/aws-codepipeline-actions/README.md b/packages/@aws-cdk/aws-codepipeline-actions/README.md index e241c5104ff22..cdc6cf1028ce3 100644 --- a/packages/@aws-cdk/aws-codepipeline-actions/README.md +++ b/packages/@aws-cdk/aws-codepipeline-actions/README.md @@ -57,6 +57,26 @@ const sourceAction = new codepipeline_actions.CodeCommitSourceAction({ }); ``` +If you want to clone the entire CodeCommit repository (only available for CodeBuild actions), +you can set the `codeBuildCloneOutput` property to `true`: + +```ts +const sourceOutput = new codepipeline.Artifact(); +const sourceAction = new codepipeline_actions.CodeCommitSourceAction({ + actionName: 'CodeCommit', + repository: repo, + output: sourceOutput, + codeBuildCloneOutput: true, +}); + +const buildAction = new codepipeline_actions.CodeBuildAction({ + actionName: 'CodeBuild', + project, + input: sourceOutput, // The build action must use the CodeCommitSourceAction output as input. + outputs: [new codepipeline.Artifact()], // optional +}); +``` + The CodeCommit source action emits variables: ```ts diff --git a/packages/@aws-cdk/aws-codepipeline-actions/lib/codebuild/build-action.ts b/packages/@aws-cdk/aws-codepipeline-actions/lib/codebuild/build-action.ts index b55d9742c514b..468684664cc5f 100644 --- a/packages/@aws-cdk/aws-codepipeline-actions/lib/codebuild/build-action.ts +++ b/packages/@aws-cdk/aws-codepipeline-actions/lib/codebuild/build-action.ts @@ -4,6 +4,7 @@ import * as iam from '@aws-cdk/aws-iam'; import * as cdk from '@aws-cdk/core'; import { BitBucketSourceAction } from '..'; import { Action } from '../action'; +import { CodeCommitSourceAction } from '../codecommit/source-action'; // keep this import separate from other imports to reduce chance for merge conflicts with v2-main // eslint-disable-next-line no-duplicate-imports, import/order @@ -176,10 +177,10 @@ export class CodeBuildAction extends Action { }); } - // if any of the inputs come from the BitBucketSourceAction - // with codeBuildCloneOutput=true, - // grant the Project's Role to use the connection for (const inputArtifact of this.actionProperties.inputs || []) { + // if any of the inputs come from the BitBucketSourceAction + // with codeBuildCloneOutput=true, + // grant the Project's Role to use the connection const connectionArn = inputArtifact.getMetadata(BitBucketSourceAction._CONNECTION_ARN_PROPERTY); if (connectionArn) { this.props.project.addToRolePolicy(new iam.PolicyStatement({ @@ -187,6 +188,17 @@ export class CodeBuildAction extends Action { resources: [connectionArn], })); } + + // if any of the inputs come from the CodeCommitSourceAction + // with codeBuildCloneOutput=true, + // grant the Project's Role git pull access to the repository + const codecommitRepositoryArn = inputArtifact.getMetadata(CodeCommitSourceAction._FULL_CLONE_ARN_PROPERTY); + if (codecommitRepositoryArn) { + this.props.project.addToRolePolicy(new iam.PolicyStatement({ + actions: ['codecommit:GitPull'], + resources: [codecommitRepositoryArn], + })); + } } const configuration: any = { diff --git a/packages/@aws-cdk/aws-codepipeline-actions/lib/codecommit/source-action.ts b/packages/@aws-cdk/aws-codepipeline-actions/lib/codecommit/source-action.ts index 9935bcb5be4d7..2b18bb9db6071 100644 --- a/packages/@aws-cdk/aws-codepipeline-actions/lib/codecommit/source-action.ts +++ b/packages/@aws-cdk/aws-codepipeline-actions/lib/codecommit/source-action.ts @@ -85,12 +85,33 @@ export interface CodeCommitSourceActionProps extends codepipeline.CommonAwsActio * @default a new role will be created. */ readonly eventRole?: iam.IRole; + + /** + * Whether the output should be the contents of the repository + * (which is the default), + * or a link that allows CodeBuild to clone the repository before building. + * + * **Note**: if this option is true, + * then only CodeBuild actions can use the resulting {@link output}. + * + * @default false + * @see https://docs.aws.amazon.com/codepipeline/latest/userguide/action-reference-CodeCommit.html + */ + readonly codeBuildCloneOutput?: boolean; } /** * CodePipeline Source that is provided by an AWS CodeCommit repository. */ export class CodeCommitSourceAction extends Action { + /** + * The name of the property that holds the ARN of the CodeCommit Repository + * inside of the CodePipeline Artifact's metadata. + * + * @internal + */ + public static readonly _FULL_CLONE_ARN_PROPERTY = 'CodeCommitCloneRepositoryArn'; + private readonly branch: string; private readonly props: CodeCommitSourceActionProps; @@ -100,6 +121,10 @@ export class CodeCommitSourceAction extends Action { throw new Error("'branch' parameter cannot be an empty string"); } + if (props.codeBuildCloneOutput === true) { + props.output.setMetadata(CodeCommitSourceAction._FULL_CLONE_ARN_PROPERTY, props.repository.repositoryArn); + } + super({ ...props, resource: props.repository, @@ -144,7 +169,7 @@ export class CodeCommitSourceAction extends Action { options.bucket.grantReadWrite(options.role); // https://docs.aws.amazon.com/codecommit/latest/userguide/auth-and-access-control-permissions-reference.html#aa-acp - options.role.addToPolicy(new iam.PolicyStatement({ + options.role.addToPrincipalPolicy(new iam.PolicyStatement({ resources: [this.props.repository.repositoryArn], actions: [ 'codecommit:GetBranch', @@ -152,6 +177,7 @@ export class CodeCommitSourceAction extends Action { 'codecommit:UploadArchive', 'codecommit:GetUploadArchiveStatus', 'codecommit:CancelUploadArchive', + ...(this.props.codeBuildCloneOutput === true ? ['codecommit:GetRepository'] : []), ], })); @@ -160,6 +186,9 @@ export class CodeCommitSourceAction extends Action { RepositoryName: this.props.repository.repositoryName, BranchName: this.branch, PollForSourceChanges: this.props.trigger === CodeCommitTrigger.POLL, + OutputArtifactFormat: this.props.codeBuildCloneOutput === true + ? 'CODEBUILD_CLONE_REF' + : undefined, }, }; } diff --git a/packages/@aws-cdk/aws-codepipeline-actions/test/codecommit/test.codecommit-source-action.ts b/packages/@aws-cdk/aws-codepipeline-actions/test/codecommit/test.codecommit-source-action.ts index 9aa0ac65a72c9..3dc5b1c739d4e 100644 --- a/packages/@aws-cdk/aws-codepipeline-actions/test/codecommit/test.codecommit-source-action.ts +++ b/packages/@aws-cdk/aws-codepipeline-actions/test/codecommit/test.codecommit-source-action.ts @@ -1,4 +1,4 @@ -import { countResources, expect, haveResourceLike, not } from '@aws-cdk/assert'; +import { arrayWith, countResources, expect, haveResourceLike, not, objectLike } from '@aws-cdk/assert'; import * as codebuild from '@aws-cdk/aws-codebuild'; import * as codecommit from '@aws-cdk/aws-codecommit'; import * as codepipeline from '@aws-cdk/aws-codepipeline'; @@ -269,6 +269,111 @@ export = { test.done(); }, + 'allows to enable full clone'(test: Test) { + const stack = new Stack(); + + const sourceOutput = new codepipeline.Artifact(); + new codepipeline.Pipeline(stack, 'P', { + stages: [ + { + stageName: 'Source', + actions: [ + new cpactions.CodeCommitSourceAction({ + actionName: 'CodeCommit', + repository: new codecommit.Repository(stack, 'R', { + repositoryName: 'repository', + }), + branch: Lazy.string({ produce: () => 'my-branch' }), + output: sourceOutput, + codeBuildCloneOutput: true, + }), + ], + }, + { + stageName: 'Build', + actions: [ + new cpactions.CodeBuildAction({ + actionName: 'Build', + project: new codebuild.PipelineProject(stack, 'CodeBuild'), + input: sourceOutput, + }), + ], + }, + ], + }); + + expect(stack).to(haveResourceLike('AWS::CodePipeline::Pipeline', { + 'Stages': [ + { + 'Name': 'Source', + 'Actions': [{ + 'Configuration': { + 'OutputArtifactFormat': 'CODEBUILD_CLONE_REF', + }, + }], + }, + { + 'Name': 'Build', + 'Actions': [ + { + 'Name': 'Build', + }, + ], + }, + ], + })); + + expect(stack).to(haveResourceLike('AWS::IAM::Policy', { + 'PolicyDocument': { + 'Statement': arrayWith( + objectLike({ + 'Action': [ + 'logs:CreateLogGroup', + 'logs:CreateLogStream', + 'logs:PutLogEvents', + ], + }), + objectLike({ + 'Action': 'codecommit:GitPull', + 'Effect': 'Allow', + 'Resource': { + 'Fn::GetAtt': [ + 'RC21A1702', + 'Arn', + ], + }, + }), + ), + }, + })); + + expect(stack).to(haveResourceLike('AWS::IAM::Policy', { + 'PolicyDocument': { + 'Statement': arrayWith( + objectLike({ + 'Action': [ + 'codecommit:GetBranch', + 'codecommit:GetCommit', + 'codecommit:UploadArchive', + 'codecommit:GetUploadArchiveStatus', + 'codecommit:CancelUploadArchive', + 'codecommit:GetRepository', + ], + 'Effect': 'Allow', + 'Resource': { + 'Fn::GetAtt': [ + 'RC21A1702', + 'Arn', + ], + }, + }), + ), + }, + })); + + test.done(); + }, + 'uses the role when passed'(test: Test) { const stack = new Stack(); From 2ac13a245c1d51d896563c4d9c2db6b9a426a066 Mon Sep 17 00:00:00 2001 From: "dependabot-preview[bot]" <27856297+dependabot-preview[bot]@users.noreply.github.com> Date: Fri, 22 Jan 2021 00:22:38 +0000 Subject: [PATCH 8/9] chore(deps-dev): bump esbuild from 0.8.33 to 0.8.34 (#12653) Bumps [esbuild](https://github.com/evanw/esbuild) from 0.8.33 to 0.8.34. - [Release notes](https://github.com/evanw/esbuild/releases) - [Changelog](https://github.com/evanw/esbuild/blob/master/CHANGELOG.md) - [Commits](https://github.com/evanw/esbuild/compare/v0.8.33...v0.8.34) Signed-off-by: dependabot-preview[bot] Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com> --- packages/@aws-cdk/aws-lambda-nodejs/package.json | 2 +- yarn.lock | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/packages/@aws-cdk/aws-lambda-nodejs/package.json b/packages/@aws-cdk/aws-lambda-nodejs/package.json index 7ba1dec7298b5..eeb868b60073e 100644 --- a/packages/@aws-cdk/aws-lambda-nodejs/package.json +++ b/packages/@aws-cdk/aws-lambda-nodejs/package.json @@ -67,7 +67,7 @@ "cdk-build-tools": "0.0.0", "cdk-integ-tools": "0.0.0", "delay": "4.4.0", - "esbuild": "^0.8.33", + "esbuild": "^0.8.34", "pkglint": "0.0.0" }, "dependencies": { diff --git a/yarn.lock b/yarn.lock index 5dfc08b1b75c7..04ec4d7447fea 100644 --- a/yarn.lock +++ b/yarn.lock @@ -3944,10 +3944,10 @@ es6-promisify@^5.0.0: dependencies: es6-promise "^4.0.3" -esbuild@^0.8.33: - version "0.8.33" - resolved "https://registry.yarnpkg.com/esbuild/-/esbuild-0.8.33.tgz#4e24ab4e780b08ff5527171bf5a684594c8b56e9" - integrity sha512-2ms/P6Y9zJfopR9dKo2vHzhXKfGSNlquVVoVOF8YnhjuzZVrvManMVBPadBsR/t7jzIkRnwqvxrs7d4f3C3eyg== +esbuild@^0.8.34: + version "0.8.34" + resolved "https://registry.yarnpkg.com/esbuild/-/esbuild-0.8.34.tgz#16b4ac58f74c821d2c5a8c2f0585ca96a38ab4e6" + integrity sha512-tnr0V1ooakYr1aRLXQLzCn2GVG1kBTW3FWpRyC+NgrR3ntsouVpJOlTOV0BS4YLATx3/c+x3h/uBq9lWJlUAtQ== escalade@^3.1.1: version "3.1.1" From 179d9e0aab9f2118e22dee0fd3a6f5cfe0b3c871 Mon Sep 17 00:00:00 2001 From: Jacob Mason Date: Thu, 21 Jan 2021 23:53:29 -0800 Subject: [PATCH 9/9] docs(stepfunctions-tasks): Replace deprecated class name (#12658) `Data` -> `JsonPath` ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- packages/@aws-cdk/aws-stepfunctions-tasks/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/README.md b/packages/@aws-cdk/aws-stepfunctions-tasks/README.md index 689ed0a53195f..bdbce771ecab8 100644 --- a/packages/@aws-cdk/aws-stepfunctions-tasks/README.md +++ b/packages/@aws-cdk/aws-stepfunctions-tasks/README.md @@ -153,7 +153,7 @@ merge a subset of the task output to the input. Most tasks take parameters. Parameter values can either be static, supplied directly in the workflow definition (by specifying their values), or a value available at runtime in the state machine's execution (either as its input or an output of a prior state). -Parameter values available at runtime can be specified via the `Data` class, +Parameter values available at runtime can be specified via the `JsonPath` class, using methods such as `JsonPath.stringAt()`. The following example provides the field named `input` as the input to the Lambda function