Merge branch 'master' into 7104-netcore-31-lambda

Author: mergify[bot]

packages/@aws-cdk/app-delivery/package.json

@@ -56,7 +56,7 @@
     "@types/nodeunit": "^0.0.30",
     "cdk-build-tools": "0.0.0",
     "cdk-integ-tools": "0.0.0",
-    "fast-check": "^1.22.2",
+    "fast-check": "^1.24.0",
     "nodeunit": "^0.11.3",
     "pkglint": "0.0.0"
   },

packages/@aws-cdk/aws-apigateway/README.md

@@ -297,18 +297,17 @@ const errorResponseModel = api.addModel('ErrorResponseModel', {
 And reference all on your method definition.
 
 ```ts
-// If you want to define parameter mappings for the request, you need a validator
-const validator = api.addRequestValidator('DefaultValidator', {
-  validateRequestBody: false,
-  validateRequestParameters: true
-});
 resource.addMethod('GET', integration, {
   // We can mark the parameters as required
   requestParameters: {
     'method.request.querystring.who': true
   },
-  // We need to set the validator for ensuring they are passed
-  requestValidator: validator,
+  // we can set request validator options like below
+  requestValidatorOptions: {
+    requestValidatorName: 'test-validator',
+    validateRequestBody: true,
+    validateRequestParameters: false
+  }
   methodResponses: [
     {
       // Successful response from the integration
@@ -340,6 +339,9 @@ resource.addMethod('GET', integration, {
 });
 ```
 
+Specifying `requestValidatorOptions` automatically creates the RequestValidator construct with the given options.
+However, if you have your RequestValidator already initialized or imported, use the `requestValidator` option instead.
+
 #### Default Integration and Method Options
 
 The `defaultIntegration` and `defaultMethodOptions` properties can be used to

packages/@aws-cdk/aws-apigateway/lib/method.ts

@@ -5,7 +5,7 @@ import { ConnectionType, Integration } from './integration';
 import { MockIntegration } from './integrations/mock';
 import { MethodResponse } from './methodresponse';
 import { IModel } from './model';
-import { IRequestValidator } from './requestvalidator';
+import { IRequestValidator, RequestValidatorOptions } from './requestvalidator';
 import { IResource } from './resource';
 import { RestApi } from './restapi';
 import { validateHttpMethod } from './util';
@@ -73,6 +73,8 @@ export interface MethodOptions {
 
   /**
    * The ID of the associated request validator.
+   * Only one of `requestValidator` or `requestValidatorOptions` must be specified.
+   * @default - No default validator
    */
   readonly requestValidator?: IRequestValidator;
 
@@ -83,6 +85,13 @@ export interface MethodOptions {
    * @default - no authorization scopes
    */
   readonly authorizationScopes?: string[]
+
+  /**
+   * Request validator options to create new validator
+   * Only one of `requestValidator` or `requestValidatorOptions` must be specified.
+   * @default - No default validator
+   */
+  readonly requestValidatorOptions?: RequestValidatorOptions;
 }
 
 export interface MethodProps {
@@ -160,7 +169,7 @@ export class Method extends Resource {
       integration: this.renderIntegration(props.integration),
       methodResponses: this.renderMethodResponses(options.methodResponses),
       requestModels: this.renderRequestModels(options.requestModels),
-      requestValidatorId: options.requestValidator ? options.requestValidator.requestValidatorId : undefined,
+      requestValidatorId: this.requestValidatorId(options),
       authorizationScopes: options.authorizationScopes ?? defaultMethodOptions.authorizationScopes,
     };
 
@@ -302,6 +311,20 @@ export class Method extends Resource {
 
     return models;
   }
+
+  private requestValidatorId(options: MethodOptions): string | undefined {
+    if (options.requestValidator && options.requestValidatorOptions) {
+      throw new Error(`Only one of 'requestValidator' or 'requestValidatorOptions' must be specified.`);
+    }
+
+    if (options.requestValidatorOptions) {
+      const validator = this.restApi.addRequestValidator('validator', options.requestValidatorOptions);
+      return validator.requestValidatorId;
+    }
+
+    // For backward compatibility
+    return options.requestValidator?.requestValidatorId;
+  }
 }
 
 export enum AuthorizationType {

packages/@aws-cdk/aws-apigateway/test/test.method.ts

@@ -802,6 +802,84 @@ export = {
       AuthorizationScopes: ABSENT
     }));
 
+    test.done();
+  },
+
+  'method has a request validator with provided properties'(test: Test) {
+    // GIVEN
+    const stack = new cdk.Stack();
+    const api = new apigw.RestApi(stack, 'test-api', { deploy: false });
+
+    // WHEN
+    new apigw.Method(stack, 'method-man', {
+      httpMethod: 'GET',
+      resource: api.root,
+      options: {
+        requestValidatorOptions: {
+          requestValidatorName: 'test-validator',
+          validateRequestBody: true,
+          validateRequestParameters: false
+        }
+      }
+    });
+
+    // THEN
+    expect(stack).to(haveResource('AWS::ApiGateway::RequestValidator', {
+      RestApiId: stack.resolve(api.restApiId),
+      ValidateRequestBody: true,
+      ValidateRequestParameters: false,
+      Name: 'test-validator'
+    }));
+
+    test.done();
+  },
+
+  'method does not have a request validator'(test: Test) {
+    // GIVEN
+    const stack = new cdk.Stack();
+    const api = new apigw.RestApi(stack, 'test-api', { deploy: false });
+
+    // WHEN
+    new apigw.Method(stack, 'method-man', {
+      httpMethod: 'GET',
+      resource: api.root
+    });
+
+    // THEN
+    expect(stack).to(haveResource('AWS::ApiGateway::Method', {
+      RequestValidatorId: ABSENT
+    }));
+
+    test.done();
+  },
+
+  'method does not support both request validator and request validator options'(test: Test) {
+    // GIVEN
+    const stack = new cdk.Stack();
+    const api = new apigw.RestApi(stack, 'test-api', { deploy: false });
+    const validator = api.addRequestValidator('test-validator1', {
+      validateRequestBody: true,
+      validateRequestParameters: false
+    });
+
+    // WHEN
+    const methodProps = {
+      httpMethod: 'GET',
+      resource: api.root,
+      options: {
+        requestValidatorOptions: {
+          requestValidatorName: 'test-validator2',
+          validateRequestBody: true,
+          validateRequestParameters: false
+        },
+        requestValidator: validator
+      }
+    };
+
+    // THEN
+    test.throws(() => new apigw.Method(stack, 'method', methodProps),
+      /Only one of 'requestValidator' or 'requestValidatorOptions' must be specified./);
+
     test.done();
   }
 };

packages/@aws-cdk/aws-applicationautoscaling/package.json

@@ -66,7 +66,7 @@
     "@types/nodeunit": "^0.0.30",
     "cdk-build-tools": "0.0.0",
     "cfn2ts": "0.0.0",
-    "fast-check": "^1.22.2",
+    "fast-check": "^1.24.0",
     "nodeunit": "^0.11.3",
     "pkglint": "0.0.0"
   },

packages/@aws-cdk/aws-autoscaling-common/package.json

@@ -62,7 +62,7 @@
     "@types/nodeunit": "^0.0.30",
     "cdk-build-tools": "0.0.0",
     "cdk-integ-tools": "0.0.0",
-    "fast-check": "^1.22.2",
+    "fast-check": "^1.24.0",
     "nodeunit": "^0.11.3",
     "pkglint": "0.0.0"
   },

packages/@aws-cdk/aws-certificatemanager/lambda-packages/dns_validated_certificate_handler/lib/index.js

@@ -99,15 +99,24 @@ const requestCertificate = async function(requestId, domainName, subjectAlternat
 
   console.log('Waiting for ACM to provide DNS records for validation...');
 
-  let record;
-  for (let attempt = 0; attempt < maxAttempts && !record; attempt++) {
+  let records;
+  for (let attempt = 0; attempt < maxAttempts && !records; attempt++) {
     const { Certificate } = await acm.describeCertificate({
       CertificateArn: reqCertResponse.CertificateArn
     }).promise();
     const options = Certificate.DomainValidationOptions || [];
-
     if (options.length > 0 && options[0].ResourceRecord) {
-      record = options[0].ResourceRecord;
+      // some alternative names will produce the same validation record
+      // as the main domain (eg. example.com + *.example.com)
+      // filtering duplicates to avoid errors with adding the same record
+      // to the route53 zone twice
+      const unique = options
+        .map((val) => val.ResourceRecord)
+        .reduce((acc, cur) => {
+          acc[cur.Name] = cur;
+          return acc;
+        }, {});
+      records = Object.keys(unique).sort().map(key => unique[key]);
     } else {
       // Exponential backoff with jitter based on 200ms base
       // component of backoff fixed to ensure minimum total wait time on
@@ -116,25 +125,28 @@ const requestCertificate = async function(requestId, domainName, subjectAlternat
       await sleep(random() * base * 50 + base * 150);
     }
   }
-  if (!record) {
+  if (!records) {
     throw new Error(`Response from describeCertificate did not contain DomainValidationOptions after ${maxAttempts} attempts.`)
   }
 
-  console.log(`Upserting DNS record into zone ${hostedZoneId}: ${record.Name} ${record.Type} ${record.Value}`);
+  console.log(`Upserting ${records.length} DNS records into zone ${hostedZoneId}:`);
 
   const changeBatch = await route53.changeResourceRecordSets({
     ChangeBatch: {
-      Changes: [{
-        Action: 'UPSERT',
-        ResourceRecordSet: {
-          Name: record.Name,
-          Type: record.Type,
-          TTL: 60,
-          ResourceRecords: [{
-            Value: record.Value
-          }]
-        }
-      }]
+      Changes: records.map((record) => {
+        console.log(`${record.Name} ${record.Type} ${record.Value}`)
+        return {
+          Action: 'UPSERT',
+          ResourceRecordSet: {
+            Name: record.Name,
+            Type: record.Type,
+            TTL: 60,
+            ResourceRecords: [{
+              Value: record.Value
+            }]
+          }
+        };
+      }),
     },
     HostedZoneId: hostedZoneId
   }).promise();