Merge branch 'master' into x-acct-lookups

aws · Jun 3, 2021 · f55cb57 · f55cb57
2 parents 39ad002 + df16d40
commit f55cb57
Show file tree

Hide file tree

Showing 41 changed files with 680 additions and 81 deletions.
diff --git a/.github/workflows/auto-approve.yml b/.github/workflows/auto-approve.yml
@@ -2,7 +2,7 @@
 
 name: auto-approve
 on:
-  pull_request:
+  pull_request_target:
     types: [ labeled, unlabeled, opened, synchronize, reopened, ready_for_review, review_requested ]
 
 jobs:

diff --git a/.github/workflows/issue-label-assign.yml b/.github/workflows/issue-label-assign.yml
@@ -87,14 +87,14 @@ jobs:
            {"keywords":["(@aws-cdk/aws-docdb)","(aws-docdb)","(docdb)","(doc db)","(doc-db)"],"labels":["@aws-cdk/aws-docdb"],"assignees":["skinny85"]},
            {"keywords":["(@aws-cdk/aws-dynamodb)","(aws-dynamodb)","(dynamodb)","(dynamo db)","(dynamo-db)"],"labels":["@aws-cdk/aws-dynamodb"],"assignees":["skinny85"]},
            {"keywords":["(@aws-cdk/aws-dynamodb-global)","(aws-dynamodb-global)","(dynamodb-global)","(dynamodb global)"],"labels":["@aws-cdk/aws-dynamodb-global"],"assignees":["skinny85"]},
-           {"keywords":["(@aws-cdk/aws-ec2)","(aws-ec2)","(ec2)","(vpc)"],"labels":["@aws-cdk/aws-ec2"],"assignees":["rix0rrr"]},
+           {"keywords":["(@aws-cdk/aws-ec2)","(aws-ec2)","(ec2)","(vpc)"],"labels":["@aws-cdk/aws-ec2"],"assignees":["njlynch"]},
            {"keywords":["(@aws-cdk/aws-ecr)","(aws-ecr)","(ecr)"],"labels":["@aws-cdk/aws-ecr"],"assignees":["madeline-k"]},
            {"keywords":["(@aws-cdk/aws-ecr-assets)","(aws-ecr-assets)","(ecr-assets)","(ecr assets)","(ecrassets)"],"labels":["@aws-cdk/aws-ecr-assets"],"assignees":["eladb"]},
            {"keywords":["(@aws-cdk/aws-ecs)","(aws-ecs)","(ecs)"],"labels":["@aws-cdk/aws-ecs"],"assignees":["madeline-k"]},
            {"keywords":["(@aws-cdk/aws-ecs-patterns)","(aws-ecs-patterns)","(ecs-patterns)"],"labels":["@aws-cdk/aws-ecs-patterns"],"assignees":["madeline-k"]},
            {"keywords":["(@aws-cdk/aws-efs)","(aws-efs)","(efs)"],"labels":["@aws-cdk/aws-efs"],"assignees":["nija-at"]},
-           {"keywords":["(@aws-cdk/aws-eks)","(aws-eks)","(eks)"],"labels":["@aws-cdk/aws-eks"],"assignees":["iliapolo"]},
-           {"keywords":["(@aws-cdk/aws-eks-legacy)","(aws-eks-legacy)","(eks-legacy)"],"labels":["@aws-cdk/aws-eks-legacy"],"assignees":["iliapolo"]},
+           {"keywords":["(@aws-cdk/aws-eks)","(aws-eks)","(eks)"],"labels":["@aws-cdk/aws-eks"],"assignees":["otaviomacedo"]},
+           {"keywords":["(@aws-cdk/aws-eks-legacy)","(aws-eks-legacy)","(eks-legacy)"],"labels":["@aws-cdk/aws-eks-legacy"],"assignees":["otaviomacedo"]},
            {"keywords":["(@aws-cdk/aws-elasticache)","(aws-elasticache)","(elasticache)","(elastic cache)","(elastic-cache)"],"labels":["@aws-cdk/aws-elasticache"],"assignees":["otaviomacedo"]},
            {"keywords":["(@aws-cdk/aws-elasticbeanstalk)","(aws-elasticbeanstalk)","(elasticbeanstalk)","(elastic beanstalk)","(elastic-beanstalk)"],"labels":["@aws-cdk/aws-elasticbeanstalk"],"assignees":["skinny85"]},
            {"keywords":["(@aws-cdk/aws-elasticloadbalancing)","(aws-elasticloadbalancing)","(elasticloadbalancing)","(elastic loadbalancing)","(elastic-loadbalancing)","(elb)"],"labels":["@aws-cdk/aws-elasticloadbalancing"],"assignees":["njlynch"]},

diff --git a/.github/workflows/yarn-upgrade.yml b/.github/workflows/yarn-upgrade.yml
@@ -27,7 +27,7 @@ jobs:
         run: echo "::set-output name=dir::$(yarn cache dir)"
 
       - name: Restore Yarn cache
-        uses: actions/cache@v2.1.5
+        uses: actions/cache@v2.1.6
         with:
           path: ${{ steps.yarn-cache.outputs.dir }}
           key: ${{ runner.os }}-yarn-${{ hashFiles('**/yarn.lock') }}

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,6 +2,32 @@
 
 All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
 
+## [1.107.0](https://github.com/aws/aws-cdk/compare/v1.106.1...v1.107.0) (2021-06-02)
+
+
+### ⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES
+
+* **appmesh:** the creation property `clientPolicy` in `VirtualNode` has been renamed to `tlsClientPolicy`, and its type changed to `TlsClientPolicy`
+* **appmesh:** to create `TlsClientPolicy`, `validation` property must be defined.
+* **appmesh:** the creation property `tlsCertificate` in `VirtualNode` has been renamed to `tls`, and its type changed to `TlsListener`
+* **appmesh:** the `tlsMode` property has been removed from the options when creating a `TlsCertificate`, moved to the new `TlsListener` interface, and renamed `mode`
+
+### Features
+
+* **cfnspec:** cloudformation spec v37.0.0 ([#14873](https://github.com/aws/aws-cdk/issues/14873)) ([8bb4357](https://github.com/aws/aws-cdk/commit/8bb4357036f549af1235de81f2f5c528f5fa80f8))
+* **cloudfront:** add L2 support for CloudFront functions ([#14511](https://github.com/aws/aws-cdk/issues/14511)) ([40d2ff9](https://github.com/aws/aws-cdk/commit/40d2ff964c97954c70d79a09d60fcb795ef16791))
+* **eks:** support Kubernetes 1.20 ([#14758](https://github.com/aws/aws-cdk/issues/14758)) ([1956ef6](https://github.com/aws/aws-cdk/commit/1956ef6708d59329da61fbdd6056de4727e1e2e1)), closes [#14756](https://github.com/aws/aws-cdk/issues/14756)
+* **pipelines:** allow switching to one CodeBuild action for same-typed assets ([#13803](https://github.com/aws/aws-cdk/issues/13803)) ([ed72ad3](https://github.com/aws/aws-cdk/commit/ed72ad322a2739709cad91759ea18e159f28f795))
+
+
+### Bug Fixes
+
+* **appmesh:** introduce the TlsClientPolicy and TlsValidation concepts ([#14782](https://github.com/aws/aws-cdk/issues/14782)) ([8263c78](https://github.com/aws/aws-cdk/commit/8263c788a8e71006a4b2dce0f37444199de9c435)), closes [#12733](https://github.com/aws/aws-cdk/issues/12733)
+* **appmesh:** TLS mode is set on the Certificate class ([#14856](https://github.com/aws/aws-cdk/issues/14856)) ([061fd55](https://github.com/aws/aws-cdk/commit/061fd558a3327b805bb5fe0abc72de7c21bbbdb9))
+* **elasticsearch:** 'r6gd' not marked as supported type for instance storage ([#14894](https://github.com/aws/aws-cdk/issues/14894)) ([d07a49f](https://github.com/aws/aws-cdk/commit/d07a49ff00ae07ea013ce6cc83d768e7729225a8)), closes [#14773](https://github.com/aws/aws-cdk/issues/14773)
+* **lambda-nodejs:** cannot bundle locally when consuming a node module with a NodejsFunction ([#14914](https://github.com/aws/aws-cdk/issues/14914)) ([52da59c](https://github.com/aws/aws-cdk/commit/52da59c34c4be74d696af0637521eeb0d6e69fa9)), closes [#14739](https://github.com/aws/aws-cdk/issues/14739)
+* **rds:** Add exception throw when az is defined for multi-az db instance ([#14837](https://github.com/aws/aws-cdk/issues/14837)) ([fd8445f](https://github.com/aws/aws-cdk/commit/fd8445ff1bf94b3dde26211c497bda7211b54dc0)), closes [#10949](https://github.com/aws/aws-cdk/issues/10949)
+
 ## [1.106.1](https://github.com/aws/aws-cdk/compare/v1.106.0...v1.106.1) (2021-05-26)
 
 

diff --git a/build.sh b/build.sh
@@ -59,6 +59,9 @@ if [ "$check_prereqs" == "true" ]; then
   /bin/bash ./scripts/check-build-prerequisites.sh
 fi
 
+# Check that the yarn.lock is consistent
+node ./scripts/check-yarn-lock.js
+
 # Prepare for build with references
 /bin/bash scripts/generate-aggregate-tsconfig.sh > tsconfig.json
 

diff --git a/package.json b/package.json
@@ -7,7 +7,6 @@
   },
   "scripts": {
     "pkglint": "lerna --scope pkglint run build && lerna run pkglint",
-    "prebuild": "node ./scripts/check-yarn-lock.js",
     "build": "./build.sh",
     "pack": "./pack.sh",
     "compat": "./scripts/check-api-compatibility.sh",

diff --git a/packages/@aws-cdk/aws-cloudfront/README.md b/packages/@aws-cdk/aws-cloudfront/README.md
@@ -386,6 +386,28 @@ new cloudfront.Distribution(this, 'distro', {
 });
 ```
 
+### CloudFront Function
+
+You can also deploy CloudFront functions and add them to a CloudFront distribution.
+
+```ts
+const cfFunction = new cloudfront.Function(stack, 'Function', {
+  code: cloudfront.FunctionCode.fromInline('function handler(event) { return event.request }'),
+});
+
+new cloudfront.Distribution(stack, 'distro', {
+  defaultBehavior: {
+    origin: new origins.S3Origin(s3Bucket),
+    functionAssociations: [{
+      function: cfFunction,
+      eventType: cloudfront.FunctionEventType.VIEWER_REQUEST,
+    }],
+  },
+});
+```
+
+It will auto-generate the name of the function and deploy it to the `live` stage.
+
 ### Logging
 
 You can configure CloudFront to create log files that contain detailed information about every user request that CloudFront receives.

diff --git a/packages/@aws-cdk/aws-cloudfront/lib/distribution.ts b/packages/@aws-cdk/aws-cloudfront/lib/distribution.ts
@@ -5,6 +5,7 @@ import { IResource, Lazy, Resource, Stack, Token, Duration, Names } from '@aws-c
 import { Construct } from 'constructs';
 import { ICachePolicy } from './cache-policy';
 import { CfnDistribution } from './cloudfront.generated';
+import { FunctionAssociation } from './function';
 import { GeoRestriction } from './geo-restriction';
 import { IKeyGroup } from './key-group';
 import { IOrigin, OriginBindConfig, OriginBindOptions } from './origin';
@@ -445,7 +446,7 @@ export class Distribution extends Resource implements IDistribution {
   }
 
   private renderViewerCertificate(certificate: acm.ICertificate,
-    minimumProtocolVersion: SecurityPolicyProtocol = SecurityPolicyProtocol.TLS_V1_2_2019) : CfnDistribution.ViewerCertificateProperty {
+    minimumProtocolVersion: SecurityPolicyProtocol = SecurityPolicyProtocol.TLS_V1_2_2019): CfnDistribution.ViewerCertificateProperty {
     return {
       acmCertificateArn: certificate.certificateArn,
       sslSupportMethod: SSLMethod.SNI,
@@ -706,6 +707,13 @@ export interface AddBehaviorOptions {
    */
   readonly viewerProtocolPolicy?: ViewerProtocolPolicy;
 
+  /**
+   * The CloudFront functions to invoke before serving the contents.
+   *
+   * @default - no functions will be invoked
+   */
+  readonly functionAssociations?: FunctionAssociation[];
+
   /**
    * The Lambda@Edge functions to invoke before serving the contents.
    *

diff --git a/packages/@aws-cdk/aws-cloudfront/lib/function.ts b/packages/@aws-cdk/aws-cloudfront/lib/function.ts
@@ -0,0 +1,180 @@
+import { IResource, Names, Resource, Stack } from '@aws-cdk/core';
+import { Construct } from 'constructs';
+import { CfnFunction } from './cloudfront.generated';
+
+/**
+ * Represents the function's source code
+ */
+export abstract class FunctionCode {
+
+  /**
+   * Inline code for function
+   * @returns `InlineCode` with inline code.
+   * @param code The actual function code
+   */
+  public static fromInline(code: string): FunctionCode {
+    return new InlineCode(code);
+  }
+
+  /**
+   * renders the function code
+   */
+  public abstract render(): string;
+}
+
+/**
+ * Represents the function's source code as inline code
+ */
+class InlineCode extends FunctionCode {
+
+  constructor(private code: string) {
+    super();
+  }
+
+  public render(): string {
+    return this.code;
+  }
+}
+
+/**
+ * Represents a CloudFront Function
+ */
+export interface IFunction extends IResource {
+  /**
+   * The name of the function.
+   * @attribute
+   */
+  readonly functionName: string;
+
+  /**
+   * The ARN of the function.
+   * @attribute
+   */
+  readonly functionArn: string;
+}
+
+/**
+ * Attributes of an existing CloudFront Function to import it
+ */
+export interface FunctionAttributes {
+  /**
+   * The name of the function.
+   */
+  readonly functionName: string;
+
+  /**
+   * The ARN of the function.
+   */
+  readonly functionArn: string;
+}
+
+/**
+ * Properties for creating a CloudFront Function
+ */
+export interface FunctionProps {
+  /**
+   * A name to identify the function.
+   * @default - generated from the `id`
+   */
+  readonly functionName?: string;
+
+  /**
+   * A comment to describe the function.
+   * @default - same as `functionName`
+   */
+  readonly comment?: string;
+
+  /**
+   * The source code of the function.
+   */
+  readonly code: FunctionCode;
+}
+
+/**
+ * A CloudFront Function
+ *
+ * @resource AWS::CloudFront::Function
+ */
+export class Function extends Resource implements IFunction {
+
+  /** Imports a function by its name and ARN */
+  public static fromFunctionAttributes(scope: Construct, id: string, attrs: FunctionAttributes): IFunction {
+    return new class extends Resource implements IFunction {
+      public readonly functionName = attrs.functionName;
+      public readonly functionArn = attrs.functionArn;
+    }(scope, id);
+  }
+
+  /**
+   * the name of the CloudFront function
+   * @attribute
+   */
+  public readonly functionName: string;
+  /**
+   * the ARN of the CloudFront function
+   * @attribute
+   */
+  public readonly functionArn: string;
+  /**
+   * the deployment stage of the CloudFront function
+   * @attribute
+   */
+  public readonly functionStage: string;
+
+  constructor(scope: Construct, id: string, props: FunctionProps) {
+    super(scope, id);
+
+    this.functionName = props.functionName ?? this.generateName();
+
+    const resource = new CfnFunction(this, 'Resource', {
+      autoPublish: true,
+      functionCode: props.code.render(),
+      functionConfig: {
+        comment: props.comment ?? this.functionName,
+        runtime: 'cloudfront-js-1.0',
+      },
+      name: this.functionName,
+    });
+
+    this.functionArn = resource.attrFunctionArn;
+    this.functionStage = resource.attrStage;
+  }
+
+  private generateName(): string {
+    const name = Stack.of(this).region + Names.uniqueId(this);
+    if (name.length > 64) {
+      return name.substring(0, 32) + name.substring(name.length - 32);
+    }
+    return name;
+  }
+}
+
+/**
+ * The type of events that a CloudFront function can be invoked in response to.
+ */
+export enum FunctionEventType {
+
+  /**
+   * The viewer-request specifies the incoming request
+   */
+  VIEWER_REQUEST = 'viewer-request',
+
+  /**
+   * The viewer-response specifies the outgoing response
+   */
+  VIEWER_RESPONSE = 'viewer-response',
+}
+
+/**
+ * Represents a CloudFront function and event type when using CF Functions.
+ * The type of the {@link AddBehaviorOptions.functionAssociations} property.
+ */
+export interface FunctionAssociation {
+  /**
+   * The CloudFront function that will be invoked.
+   */
+  readonly function: IFunction;
+
+  /** The type of event which should invoke the function. */
+  readonly eventType: FunctionEventType;
+}
diff --git a/packages/@aws-cdk/aws-cloudfront/lib/index.ts b/packages/@aws-cdk/aws-cloudfront/lib/index.ts
@@ -1,5 +1,6 @@
 export * from './cache-policy';
 export * from './distribution';
+export * from './function';
 export * from './geo-restriction';
 export * from './key-group';
 export * from './origin';

diff --git a/packages/@aws-cdk/aws-cloudfront/lib/private/cache-behavior.ts b/packages/@aws-cdk/aws-cloudfront/lib/private/cache-behavior.ts
@@ -50,6 +50,10 @@ export class CacheBehavior {
       originRequestPolicyId: this.props.originRequestPolicy?.originRequestPolicyId,
       smoothStreaming: this.props.smoothStreaming,
       viewerProtocolPolicy: this.props.viewerProtocolPolicy ?? ViewerProtocolPolicy.ALLOW_ALL,
+      functionAssociations: this.props.functionAssociations?.map(association => ({
+        functionArn: association.function.functionArn,
+        eventType: association.eventType.toString(),
+      })),
       lambdaFunctionAssociations: this.props.edgeLambdas?.map(edgeLambda => ({
         lambdaFunctionArn: edgeLambda.functionVersion.edgeArn,
         eventType: edgeLambda.eventType.toString(),