chore(release): 1.115.0 (#15694)

See [CHANGELOG](https://github.com/aws/aws-cdk/blob/bump/1.115.0/CHANGELOG.md)
aws · Jul 21, 2021 · f0ca40f · f0ca40f
2 parents 7e41b6b + 1f2a06b
commit f0ca40f
Show file tree

Hide file tree

Showing 147 changed files with 7,530 additions and 1,656 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,6 +2,34 @@
 
 All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
 
+## [1.115.0](https://github.com/aws/aws-cdk/compare/v1.114.0...v1.115.0) (2021-07-21)
+
+
+### Features
+
+* **apigatewayv2:** websocket - callback url ([#15227](https://github.com/aws/aws-cdk/issues/15227)) ([349de7c](https://github.com/aws/aws-cdk/commit/349de7c2abff97e10a6e76dd6b7856ecbfd0c441)), closes [#14836](https://github.com/aws/aws-cdk/issues/14836)
+* **apigatewayv2-integrations:** http private integrations - tls config ([#15469](https://github.com/aws/aws-cdk/issues/15469)) ([6453769](https://github.com/aws/aws-cdk/commit/645376958a699ee89e3cc805546c293c93d99613)), closes [#14036](https://github.com/aws/aws-cdk/issues/14036)
+* **appsync:** optional operation parameter for lambdaRequest mapping template ([#15283](https://github.com/aws/aws-cdk/issues/15283)) ([efd2e68](https://github.com/aws/aws-cdk/commit/efd2e68d9799f0827c542a562f3c17a5a0dbdee1)), closes [#15274](https://github.com/aws/aws-cdk/issues/15274) [#14079](https://github.com/aws/aws-cdk/issues/14079)
+* **aws-efs:** grant support on FileSystem ([#14999](https://github.com/aws/aws-cdk/issues/14999)) ([09591c6](https://github.com/aws/aws-cdk/commit/09591c6268d0e03937741e4f7cad9b97e21b131b)), closes [#14998](https://github.com/aws/aws-cdk/issues/14998)
+* **cli:** add ability to specify an external id for the deploy-role ([#15604](https://github.com/aws/aws-cdk/issues/15604)) ([2647cf3](https://github.com/aws/aws-cdk/commit/2647cf300ae0f9053104e3a545e2fd94dd7249e1))
+* **lambda-nodejs:** source map mode ([#15621](https://github.com/aws/aws-cdk/issues/15621)) ([b934976](https://github.com/aws/aws-cdk/commit/b934976f057cd395de660dc4099e2303415cdc78)), closes [#14857](https://github.com/aws/aws-cdk/issues/14857)
+* **pipelines:** confirm IAM changes before starting the deployment ([#15441](https://github.com/aws/aws-cdk/issues/15441)) ([ebba618](https://github.com/aws/aws-cdk/commit/ebba61830ea7ee73e168099d1cd8e8f4003d595c)), closes [#12748](https://github.com/aws/aws-cdk/issues/12748)
+* **rds:** allow setting copyTagsToSnapshot on Clusters ([#15553](https://github.com/aws/aws-cdk/issues/15553)) ([f7c6289](https://github.com/aws/aws-cdk/commit/f7c628948e7f71df7a95cb00cdc2746e2e46dc03)), closes [#15521](https://github.com/aws/aws-cdk/issues/15521)
+* **servicecatalog:** Add stack event notification constraint ([#15610](https://github.com/aws/aws-cdk/issues/15610)) ([4e40db3](https://github.com/aws/aws-cdk/commit/4e40db3e5577c575aa5e25093e1b82eae6e7cb31))
+* **servicecatalog:** Add TagOptions for portfolio ([#15612](https://github.com/aws/aws-cdk/issues/15612)) ([e7760ee](https://github.com/aws/aws-cdk/commit/e7760ee9da19d7d006cdf1836ce6f71bf9f31327))
+
+
+### Bug Fixes
+
+* **appsync:** update timestamp for apikey test ([#15624](https://github.com/aws/aws-cdk/issues/15624)) ([9c4e51c](https://github.com/aws/aws-cdk/commit/9c4e51ca1719b89bcdd9d4032f50063876fac69a)), closes [#15623](https://github.com/aws/aws-cdk/issues/15623)
+* **cfnspec:** make EndpointConfiguration of AWS::Serverless::Api a union type ([#15526](https://github.com/aws/aws-cdk/issues/15526)) ([dd38eff](https://github.com/aws/aws-cdk/commit/dd38eff318c31bf2c5308f6b3daae0fd433b4370))
+* **cli:** `cdk deploy` is listing deprecated ids ([#15603](https://github.com/aws/aws-cdk/issues/15603)) ([22f2499](https://github.com/aws/aws-cdk/commit/22f2499508bccd3f44733705bbfa3c4e2b0b0d63))
+* **iam:** `PrincipalWithConditions.addCondition` does not work ([#15414](https://github.com/aws/aws-cdk/issues/15414)) ([fdce08c](https://github.com/aws/aws-cdk/commit/fdce08cee6f0eb58aad93572641a1dd4b59e8d37))
+* **pipelines:** `CodeBuildStep.partialBuildSpec` not used, buildspec control for legacy API ([#15625](https://github.com/aws/aws-cdk/issues/15625)) ([d8dc818](https://github.com/aws/aws-cdk/commit/d8dc8185203e73172786024eea90eeb60153ce0e)), closes [#15169](https://github.com/aws/aws-cdk/issues/15169)
+* **pipelines:** new pipeline stages aren't validated ([#15665](https://github.com/aws/aws-cdk/issues/15665)) ([309b9b4](https://github.com/aws/aws-cdk/commit/309b9b4cf554474c87fe3d833a5205498e200ecf))
+* **pipelines:** permissions check in legacy API does not work ([#15660](https://github.com/aws/aws-cdk/issues/15660)) ([5e3cf2b](https://github.com/aws/aws-cdk/commit/5e3cf2b0558401fab25f75da319fac587df1bcfb))
+* **pipelines:** unresolved source names aren't handled properly ([#15600](https://github.com/aws/aws-cdk/issues/15600)) ([4b7116d](https://github.com/aws/aws-cdk/commit/4b7116d8a252a6768ae50d736d5cab0f0cef22f4)), closes [#15592](https://github.com/aws/aws-cdk/issues/15592)
+
 ## [1.114.0](https://github.com/aws/aws-cdk/compare/v1.113.0...v1.114.0) (2021-07-15)
 
 

diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -7,7 +7,10 @@ coming from the community. We want to recognize all your hard work
 by getting your code merged as quickly as we can, so please read the guidance
 here carefully to make sure the review process goes smoothly.
 
-This document describes how to set up a development environment and submit your changes. Please 
+The CDK is released under the [Apache license](http://aws.amazon.com/apache2.0/).
+Any code you submit will be released under that license.
+
+This document describes how to set up a development environment and submit your changes. Please
 let us know if it's not up-to-date (even better, submit a PR with your  corrections ;-)).
 
 - [Getting Started](#getting-started)
@@ -142,20 +145,6 @@ docker$ exit
 
 The `dist/` folder within each module contains the packaged up language artifacts.
 
-## Docker Build (Alternative)
-
-Build the docker image:
-
-```console
-$ docker build -t aws-cdk .
-```
-
-This allows you to run the CDK in a CDK-compatible directory with a command like:
-
-```console
-$ docker run -v $(pwd):/app -w /app aws-cdk <CDK ARGS>
-```
-
 ## Gitpod (Alternative)
 
 You may also set up your local development environment using [Gitpod](http://gitpod.io) -

diff --git a/Dockerfile b/Dockerfile
diff --git a/README.md b/README.md
@@ -160,7 +160,7 @@ this capability, please see the
     * [S1E2](https://www.twitch.tv/videos/925801382): Triggers (part 2); **Participants:** @NetaNir, @eladb, @iliapolo 
     * [S1E3](https://www.twitch.tv/videos/944565768): Triggers (part 3); **Participants:** @NetaNir, @eladb, @iliapolo, @RomainMuller
   * [S1E4](https://www.twitch.tv/aws/video/960287598): [Tokens](https://docs.aws.amazon.com/cdk/latest/guide/tokens.html) Deep Dive; **Participants:** @NetaNir,@rix0rrr, @iliapolo, @RomainMuller
-  * [S1E5](https://www.twitch.tv/aws/video/977551207): [Assets](https://docs.aws.amazon.com/cdk/latest/guide/assets.html) Deep Dive; **Participants:** @NetaNir, @eladb, @jogold
+  * [S1E5](https://www.twitch.tv/videos/981481112): [Assets](https://docs.aws.amazon.com/cdk/latest/guide/assets.html) Deep Dive; **Participants:** @NetaNir, @eladb, @jogold
   * [S1E6](https://www.twitch.tv/aws/video/1005334364): [Best Practices](https://aws.amazon.com/blogs/devops/best-practices-for-developing-cloud-applications-with-aws-cdk/); **Participants:** @skinny85, @eladb, @rix0rrr, @alexpulver
   * [S1E7](https://www.twitch.tv/videos/1019059654): Tips and Tricks From The CDK Team; **Participants:** All the CDK team! 
 * [Examples](https://github.com/aws-samples/aws-cdk-examples)

diff --git a/package.json b/package.json
@@ -109,6 +109,8 @@
       "@aws-cdk/core/minimatch/**",
       "@aws-cdk/cx-api/semver",
       "@aws-cdk/cx-api/semver/**",
+      "@aws-cdk/pipelines/aws-sdk",
+      "@aws-cdk/pipelines/aws-sdk/**",
       "@aws-cdk/yaml-cfn/yaml",
       "@aws-cdk/yaml-cfn/yaml/**",
       "aws-cdk-lib/@balena/dockerignore",

diff --git a/packages/@aws-cdk/aws-apigatewayv2-integrations/lib/http/alb.ts b/packages/@aws-cdk/aws-apigatewayv2-integrations/lib/http/alb.ts
@@ -43,6 +43,7 @@ export class HttpAlbIntegration extends HttpPrivateIntegration {
       connectionType: this.connectionType,
       connectionId: vpcLink.vpcLinkId,
       uri: this.props.listener.listenerArn,
+      secureServerName: this.props.secureServerName,
     };
   }
 }
diff --git a/packages/@aws-cdk/aws-apigatewayv2-integrations/lib/http/base-types.ts b/packages/@aws-cdk/aws-apigatewayv2-integrations/lib/http/base-types.ts
@@ -16,4 +16,12 @@ export interface HttpPrivateIntegrationOptions {
    * @default HttpMethod.ANY
    */
   readonly method?: HttpMethod;
-}
+
+  /**
+  * Specifies the server name to verified by HTTPS when calling the backend integration
+  * @see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-apigatewayv2-integration-tlsconfig.html
+  * @default undefined private integration traffic will use HTTP protocol
+  */
+
+  readonly secureServerName?: string;
+}
diff --git a/packages/@aws-cdk/aws-apigatewayv2-integrations/lib/http/nlb.ts b/packages/@aws-cdk/aws-apigatewayv2-integrations/lib/http/nlb.ts
@@ -43,6 +43,7 @@ export class HttpNlbIntegration extends HttpPrivateIntegration {
       connectionType: this.connectionType,
       connectionId: vpcLink.vpcLinkId,
       uri: this.props.listener.listenerArn,
+      secureServerName: this.props.secureServerName,
     };
   }
 }
diff --git a/packages/@aws-cdk/aws-apigatewayv2-integrations/lib/http/service-discovery.ts b/packages/@aws-cdk/aws-apigatewayv2-integrations/lib/http/service-discovery.ts
@@ -33,6 +33,7 @@ export class HttpServiceDiscoveryIntegration extends HttpPrivateIntegration {
       connectionType: this.connectionType,
       connectionId: this.props.vpcLink.vpcLinkId,
       uri: this.props.service.serviceArn,
+      secureServerName: this.props.secureServerName,
     };
   }
 }
diff --git a/packages/@aws-cdk/aws-apigatewayv2-integrations/package.json b/packages/@aws-cdk/aws-apigatewayv2-integrations/package.json
@@ -72,10 +72,8 @@
   "license": "Apache-2.0",
   "devDependencies": {
     "@types/jest": "^26.0.24",
-    "@types/nodeunit": "^0.0.32",
     "cdk-build-tools": "0.0.0",
     "cdk-integ-tools": "0.0.0",
-    "nodeunit": "^0.11.3",
     "pkglint": "0.0.0",
     "@aws-cdk/assert-internal": "0.0.0"
   },

diff --git a/packages/@aws-cdk/aws-apigatewayv2-integrations/test/http/alb.test.ts b/packages/@aws-cdk/aws-apigatewayv2-integrations/test/http/alb.test.ts
@@ -116,4 +116,31 @@ describe('HttpAlbIntegration', () => {
       routeKey: HttpRouteKey.with('/pets'),
     })).toThrow(/vpcLink property must be specified/);
   });
+
+  test('tlsConfig option is correctly recognized', () => {
+    // GIVEN
+    const stack = new Stack();
+    const vpc = new ec2.Vpc(stack, 'VPC');
+    const lb = new elbv2.ApplicationLoadBalancer(stack, 'lb', { vpc });
+    const listener = lb.addListener('listener', { port: 80 });
+    listener.addTargets('target', { port: 80 });
+
+    // WHEN
+    const api = new HttpApi(stack, 'HttpApi');
+    new HttpRoute(stack, 'HttpProxyPrivateRoute', {
+      httpApi: api,
+      integration: new HttpAlbIntegration({
+        listener,
+        secureServerName: 'name-to-verify',
+      }),
+      routeKey: HttpRouteKey.with('/pets'),
+    });
+
+    // THEN
+    expect(stack).toHaveResource('AWS::ApiGatewayV2::Integration', {
+      TlsConfig: {
+        ServerNameToVerify: 'name-to-verify',
+      },
+    });
+  });
 });
diff --git a/packages/@aws-cdk/aws-apigatewayv2-integrations/test/http/nlb.test.ts b/packages/@aws-cdk/aws-apigatewayv2-integrations/test/http/nlb.test.ts
@@ -113,4 +113,31 @@ describe('HttpNlbIntegration', () => {
       routeKey: HttpRouteKey.with('/pets'),
     })).toThrow(/vpcLink property must be specified/);
   });
+
+  test('tlsConfig option is correctly recognized', () => {
+    // GIVEN
+    const stack = new Stack();
+    const vpc = new ec2.Vpc(stack, 'VPC');
+    const lb = new elbv2.NetworkLoadBalancer(stack, 'lb', { vpc });
+    const listener = lb.addListener('listener', { port: 80 });
+    listener.addTargets('target', { port: 80 });
+
+    // WHEN
+    const api = new HttpApi(stack, 'HttpApi');
+    new HttpRoute(stack, 'HttpProxyPrivateRoute', {
+      httpApi: api,
+      integration: new HttpNlbIntegration({
+        listener,
+        secureServerName: 'name-to-verify',
+      }),
+      routeKey: HttpRouteKey.with('/pets'),
+    });
+
+    // THEN
+    expect(stack).toHaveResource('AWS::ApiGatewayV2::Integration', {
+      TlsConfig: {
+        ServerNameToVerify: 'name-to-verify',
+      },
+    });
+  });
 });
diff --git a/packages/@aws-cdk/aws-apigatewayv2-integrations/test/http/service-discovery.test.ts b/packages/@aws-cdk/aws-apigatewayv2-integrations/test/http/service-discovery.test.ts
@@ -94,4 +94,35 @@ describe('HttpServiceDiscoveryIntegration', () => {
       routeKey: HttpRouteKey.with('/pets'),
     })).toThrow(/vpcLink property is mandatory/);
   });
+
+  test('tlsConfig option is correctly recognized', () => {
+    // GIVEN
+    const stack = new Stack();
+    const vpc = new ec2.Vpc(stack, 'VPC');
+    const vpcLink = new VpcLink(stack, 'VpcLink', { vpc });
+    const namespace = new servicediscovery.PrivateDnsNamespace(stack, 'Namespace', {
+      name: 'foobar.com',
+      vpc,
+    });
+    const service = namespace.createService('Service');
+
+    // WHEN
+    const api = new HttpApi(stack, 'HttpApi');
+    new HttpRoute(stack, 'HttpProxyPrivateRoute', {
+      httpApi: api,
+      integration: new HttpServiceDiscoveryIntegration({
+        vpcLink,
+        service,
+        secureServerName: 'name-to-verify',
+      }),
+      routeKey: HttpRouteKey.with('/pets'),
+    });
+
+    // THEN
+    expect(stack).toHaveResource('AWS::ApiGatewayV2::Integration', {
+      TlsConfig: {
+        ServerNameToVerify: 'name-to-verify',
+      },
+    });
+  });
 });
diff --git a/packages/@aws-cdk/aws-apigatewayv2/README.md b/packages/@aws-cdk/aws-apigatewayv2/README.md
@@ -311,6 +311,15 @@ new WebSocketStage(stack, 'mystage', {
 });
 ```
 
+To retrieve a websocket URL and a callback URL:
+
+```ts
+const webSocketURL = webSocketStage.url;
+// wss://${this.api.apiId}.execute-api.${s.region}.${s.urlSuffix}/${urlPath}
+const callbackURL = webSocketURL.callbackUrl;
+// https://${this.api.apiId}.execute-api.${s.region}.${s.urlSuffix}/${urlPath}
+```
+
 To add any other route:
 
 ```ts

diff --git a/packages/@aws-cdk/aws-apigatewayv2/lib/http/api.ts b/packages/@aws-cdk/aws-apigatewayv2/lib/http/api.ts
@@ -304,6 +304,7 @@ abstract class HttpApiBase extends ApiBase implements IHttpApi { // note that th
       connectionId: config.connectionId,
       connectionType: config.connectionType,
       payloadFormatVersion: config.payloadFormatVersion,
+      secureServerName: config.secureServerName,
     });
     this._integrationCache.saveIntegration(scope, config, integration);
 

diff --git a/packages/@aws-cdk/aws-apigatewayv2/lib/http/integration.ts b/packages/@aws-cdk/aws-apigatewayv2/lib/http/integration.ts
@@ -1,3 +1,4 @@
+/* eslint-disable quotes */
 import { Resource } from '@aws-cdk/core';
 import { Construct } from 'constructs';
 import { CfnIntegration } from '../apigatewayv2.generated';
@@ -120,6 +121,13 @@ export interface HttpIntegrationProps {
    * @default - defaults to latest in the case of HttpIntegrationType.LAMBDA_PROXY`, irrelevant otherwise.
    */
   readonly payloadFormatVersion?: PayloadFormatVersion;
+
+  /**
+   * Specifies the TLS configuration for a private integration
+   * @see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-apigatewayv2-integration-tlsconfig.html
+   * @default undefined private integration traffic will use HTTP protocol
+   */
+  readonly secureServerName?: string;
 }
 
 /**
@@ -142,6 +150,13 @@ export class HttpIntegration extends Resource implements IHttpIntegration {
       connectionType: props.connectionType,
       payloadFormatVersion: props.payloadFormatVersion?.version,
     });
+
+    if (props.secureServerName) {
+      integ.tlsConfig = {
+        serverNameToVerify: props.secureServerName,
+      };
+    }
+
     this.integrationId = integ.ref;
     this.httpApi = props.httpApi;
   }
@@ -215,4 +230,11 @@ export interface HttpRouteIntegrationConfig {
    * @default - undefined
    */
   readonly payloadFormatVersion: PayloadFormatVersion;
+
+  /**
+   * Specifies the server name to verified by HTTPS when calling the backend integration
+   * @see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-apigatewayv2-integration-tlsconfig.html
+   * @default undefined private integration traffic will use HTTP protocol
+   */
+  readonly secureServerName?: string;
 }
diff --git a/packages/@aws-cdk/aws-apigatewayv2/lib/websocket/stage.ts b/packages/@aws-cdk/aws-apigatewayv2/lib/websocket/stage.ts
@@ -13,6 +13,14 @@ export interface IWebSocketStage extends IStage {
    * The API this stage is associated to.
    */
   readonly api: IWebSocketApi;
+
+  /**
+   * The callback URL to this stage.
+   * You can use the callback URL to send messages to the client from the backend system.
+   * https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-basic-concept.html
+   * https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-how-to-call-websocket-api-connections.html
+   */
+  readonly callbackUrl: string;
 }
 
 /**
@@ -57,6 +65,10 @@ export class WebSocketStage extends StageBase implements IWebSocketStage {
       get url(): string {
         throw new Error('url is not available for imported stages.');
       }
+
+      get callbackUrl(): string {
+        throw new Error('callback url is not available for imported stages.');
+      }
     }
     return new Import(scope, id);
   }
@@ -86,11 +98,20 @@ export class WebSocketStage extends StageBase implements IWebSocketStage {
   }
 
   /**
-   * The URL to this stage.
+   * The websocket URL to this stage.
    */
   public get url(): string {
     const s = Stack.of(this);
     const urlPath = this.stageName;
     return `wss://${this.api.apiId}.execute-api.${s.region}.${s.urlSuffix}/${urlPath}`;
   }
+
+  /**
+   * The callback URL to this stage.
+   */
+  public get callbackUrl(): string {
+    const s = Stack.of(this);
+    const urlPath = this.stageName;
+    return `https://${this.api.apiId}.execute-api.${s.region}.${s.urlSuffix}/${urlPath}`;
+  }
 }
diff --git a/packages/@aws-cdk/aws-apigatewayv2/test/http/route.test.ts b/packages/@aws-cdk/aws-apigatewayv2/test/http/route.test.ts
@@ -173,6 +173,7 @@ describe('HttpRoute', () => {
           connectionId: 'some-connection-id',
           connectionType: HttpConnectionType.VPC_LINK,
           uri: 'some-target-arn',
+          secureServerName: 'some-server-name',
         };
       }
     }
@@ -192,7 +193,11 @@ describe('HttpRoute', () => {
       IntegrationMethod: 'ANY',
       IntegrationUri: 'some-target-arn',
       PayloadFormatVersion: '1.0',
+      TlsConfig: {
+        ServerNameToVerify: 'some-server-name',
+      },
     });
+
     expect(stack).not.toHaveResource('AWS::ApiGatewayV2::VpcLink');
   });