From ea41033c3fab3b9439267b6e83b9ed98aa0fd66b Mon Sep 17 00:00:00 2001 From: Sumeet Badyal Date: Thu, 26 Nov 2020 10:19:30 -0800 Subject: [PATCH 1/7] feat(stepfunctions-tasks): add EKS call to SFN-tasks --- .../aws-stepfunctions-tasks/README.md | 24 ++++ .../aws-stepfunctions-tasks/lib/eks/call.ts | 104 ++++++++++++++++++ .../aws-stepfunctions-tasks/lib/index.ts | 2 + .../test/eks/call.test.ts | 54 +++++++++ .../test/eks/integ.call.expected.json | 65 +++++++++++ .../test/eks/integ.call.ts | 28 +++++ 6 files changed, 277 insertions(+) create mode 100644 packages/@aws-cdk/aws-stepfunctions-tasks/lib/eks/call.ts create mode 100644 packages/@aws-cdk/aws-stepfunctions-tasks/test/eks/call.test.ts create mode 100644 packages/@aws-cdk/aws-stepfunctions-tasks/test/eks/integ.call.expected.json create mode 100644 packages/@aws-cdk/aws-stepfunctions-tasks/test/eks/integ.call.ts diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/README.md b/packages/@aws-cdk/aws-stepfunctions-tasks/README.md index 80e1dab5ef73f..a3634da8b2dc5 100644 --- a/packages/@aws-cdk/aws-stepfunctions-tasks/README.md +++ b/packages/@aws-cdk/aws-stepfunctions-tasks/README.md @@ -54,6 +54,8 @@ This module is part of the [AWS Cloud Development Kit](https://github.com/aws/aw - [Cancel Step](#cancel-step) - [Modify Instance Fleet](#modify-instance-fleet) - [Modify Instance Group](#modify-instance-group) +- [EKS](#eks) + - [Call](#call) - [Glue](#glue) - [Glue DataBrew](#glue-databrew) - [Lambda](#lambda) @@ -664,6 +666,28 @@ new tasks.EmrModifyInstanceGroupByName(stack, 'Task', { }); ``` +## EKS + +Step Functions supports Amazon EKS through the service integration pattern. +The service integration APIs correspond to Amazon EKS APIs. + +[Read more](https://docs.aws.amazon.com/step-functions/latest/dg/connect-eks.html) about the differences when using these service integrations. + +### Call + +Read and write Kubernetes resource objects via a Kubernetes API endpoint. +Corresponds to the [`call`](https://docs.aws.amazon.com/step-functions/latest/dg/connect-eks.html) API in Step Functions Connector. + +```ts +new tasks.EksCall(stack, 'Call a EKS Endpoint', { + clusterName: 'clusterName', + certificateAuthority: 'certificateAuthority', + endpoint: 'https://apiid.gr7.us-east-1.eks.amazonaws.com', + httpMethod: MethodType.GET, + path: '/api/v1/namespaces/default/pods', +}); +``` + ## Glue Step Functions supports [AWS Glue](https://docs.aws.amazon.com/step-functions/latest/dg/connect-glue.html) through the service integration pattern. diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/lib/eks/call.ts b/packages/@aws-cdk/aws-stepfunctions-tasks/lib/eks/call.ts new file mode 100644 index 0000000000000..43aba47907859 --- /dev/null +++ b/packages/@aws-cdk/aws-stepfunctions-tasks/lib/eks/call.ts @@ -0,0 +1,104 @@ +import * as iam from '@aws-cdk/aws-iam'; +import * as sfn from '@aws-cdk/aws-stepfunctions'; +import { Construct } from 'constructs'; +import { integrationResourceArn, validatePatternSupported } from '../private/task-utils'; + +/** Properties for calling a EKS endpoint with EksCall */ +export interface EksCallProps extends sfn.TaskStateBaseProps { + + /** Name of the cluster */ + readonly clusterName: string; + + /** Base 64 encoded certificate data required to communicate with your cluster */ + readonly certificateAuthority: string; + + /** API endpoint to communicate with your cluster */ + readonly endpoint: string; + + /** The HTTP method ("GET", "POST", "PUT", ...) that clients use to call this method */ + readonly httpMethod: MethodType; + + /** Path of cluster */ + readonly path: string; + + /** + * Path of cluster + * @default - no query parameters + */ + readonly queryParameters?: { [key: string]: string[] }; + + /** + * request body of the http method + * @default - No request body + */ + readonly requestBody?: { [key: string]: any }; +} + +/** + * Call a EKS endpoint as a Task + * + * @see https://docs.aws.amazon.com/step-functions/latest/dg/connect-eks.html + */ +export class EksCall extends sfn.TaskStateBase { + + private static readonly SUPPORTED_INTEGRATION_PATTERNS: sfn.IntegrationPattern[] = [ + sfn.IntegrationPattern.REQUEST_RESPONSE, + ]; + + protected readonly taskMetrics?: sfn.TaskMetricsConfig; + protected readonly taskPolicies?: iam.PolicyStatement[]; + + private readonly integrationPattern: sfn.IntegrationPattern; + + constructor(scope: Construct, id: string, private readonly props: EksCallProps) { + super(scope, id, props); + this.integrationPattern = props.integrationPattern ?? sfn.IntegrationPattern.REQUEST_RESPONSE; + + validatePatternSupported(this.integrationPattern, EksCall.SUPPORTED_INTEGRATION_PATTERNS); + } + + /** + * Provides the EKS Call service integration task configuration + */ + /** + * @internal + */ + protected _renderTask(): any { + return { + Resource: integrationResourceArn('eks', 'call', this.integrationPattern), + Parameters: sfn.FieldUtils.renderObject({ + ClusterName: this.props.clusterName, + CertificateAuthority: this.props.certificateAuthority, + Endpoint: this.props.endpoint, + Method: this.props.httpMethod, + Path: this.props.path, + QueryParameters: this.props.queryParameters, + RequestBody: this.props.requestBody, + }), + }; + } +} + +/** Method type of a EKS call */ +export enum MethodType { + /** Retreive data from a server at the specified resource */ + GET = 'GET', + + /** Send data to the API endpoint to create or udpate a resource */ + POST = 'POST', + + /** Send data to the API endpoint to update or create a resource */ + PUT = 'PUT', + + /** Delete the resource at the specified endpoint */ + DELETE = 'DELETE', + + /** Apply partial modifications to the resource */ + PATCH = 'PATCH', + + /** Retreive data from a server at the specified resource without the response body */ + HEAD = 'HEAD', + + /** Return data describing what other methods and operations the server supports */ + OPTIONS = 'OPTIONS' +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/lib/index.ts b/packages/@aws-cdk/aws-stepfunctions-tasks/lib/index.ts index 84b790beff216..ee136abffb1aa 100644 --- a/packages/@aws-cdk/aws-stepfunctions-tasks/lib/index.ts +++ b/packages/@aws-cdk/aws-stepfunctions-tasks/lib/index.ts @@ -39,8 +39,10 @@ export * from './dynamodb/update-item'; export * from './dynamodb/delete-item'; export * from './dynamodb/shared-types'; export * from './codebuild/start-build'; +export * from './eks/call'; export * from './athena/start-query-execution'; export * from './athena/stop-query-execution'; export * from './athena/get-query-execution'; export * from './athena/get-query-results'; export * from './databrew/start-job-run'; +export * from './eks/call'; diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/test/eks/call.test.ts b/packages/@aws-cdk/aws-stepfunctions-tasks/test/eks/call.test.ts new file mode 100644 index 0000000000000..e67f3838af505 --- /dev/null +++ b/packages/@aws-cdk/aws-stepfunctions-tasks/test/eks/call.test.ts @@ -0,0 +1,54 @@ +import * as sfn from '@aws-cdk/aws-stepfunctions'; +import * as cdk from '@aws-cdk/core'; +import { EksCall, MethodType } from '../../lib/eks/call'; + +describe('Call an EKS endpoint', () => { + + test('default settings', () => { + // GIVEN + const stack = new cdk.Stack(); + + // WHEN + const task = new EksCall(stack, 'Call', { + clusterName: 'clusterName', + certificateAuthority: 'certificateAuthority', + endpoint: 'endpoint', + httpMethod: MethodType.GET, + path: 'path', + requestBody: sfn.TaskInput.fromObject({ + RequestBody: 'requestBody', + }), + }); + + // THEN + expect(stack.resolve(task.toStateJson())).toEqual({ + Type: 'Task', + Resource: { + 'Fn::Join': [ + '', + [ + 'arn:', + { + Ref: 'AWS::Partition', + }, + ':states:::eks:call', + ], + ], + }, + End: true, + Parameters: { + ClusterName: 'clusterName', + CertificateAuthority: 'certificateAuthority', + Endpoint: 'endpoint', + Method: 'GET', + Path: 'path', + RequestBody: { + type: 1, + value: { + RequestBody: 'requestBody', + }, + }, + }, + }); + }); +}); \ No newline at end of file diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/test/eks/integ.call.expected.json b/packages/@aws-cdk/aws-stepfunctions-tasks/test/eks/integ.call.expected.json new file mode 100644 index 0000000000000..c2c5cfd7e34d6 --- /dev/null +++ b/packages/@aws-cdk/aws-stepfunctions-tasks/test/eks/integ.call.expected.json @@ -0,0 +1,65 @@ +{ + "Resources": { + "StateMachineRoleB840431D": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": { + "Fn::Join": [ + "", + [ + "states.", + { + "Ref": "AWS::Region" + }, + ".amazonaws.com" + ] + ] + } + } + } + ], + "Version": "2012-10-17" + } + } + }, + "StateMachine2E01A3A5": { + "Type": "AWS::StepFunctions::StateMachine", + "Properties": { + "RoleArn": { + "Fn::GetAtt": [ + "StateMachineRoleB840431D", + "Arn" + ] + }, + "DefinitionString": { + "Fn::Join": [ + "", + [ + "{\"StartAt\":\"Call a EKS Endpoint\",\"States\":{\"Call a EKS Endpoint\":{\"End\":true,\"Type\":\"Task\",\"Resource\":\"arn:", + { + "Ref": "AWS::Partition" + }, + ":states:::eks:call\",\"Parameters\":{\"ClusterName\":\"clusterName\",\"CertificateAuthority\":\"certificateAuthority\",\"Endpoint\":\"https://apiid.gr7.us-east-1.eks.amazonaws.com\",\"Method\":\"GET\",\"Path\":\"/api/v1/namespaces/default/pods\"}}},\"TimeoutSeconds\":30}" + ] + ] + } + }, + "DependsOn": [ + "StateMachineRoleB840431D" + ] + } + }, + "Outputs": { + "stateMachineArn": { + "Value": { + "Ref": "StateMachine2E01A3A5" + } + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/test/eks/integ.call.ts b/packages/@aws-cdk/aws-stepfunctions-tasks/test/eks/integ.call.ts new file mode 100644 index 0000000000000..6ceed02d4ccf7 --- /dev/null +++ b/packages/@aws-cdk/aws-stepfunctions-tasks/test/eks/integ.call.ts @@ -0,0 +1,28 @@ +import * as sfn from '@aws-cdk/aws-stepfunctions'; +import * as cdk from '@aws-cdk/core'; +import { EksCall, MethodType } from '../../lib'; + +const app = new cdk.App(); +const stack = new cdk.Stack(app, 'aws-stepfunctions-tasks-eks-call-integ'); + +const callJob = new EksCall(stack, 'Call a EKS Endpoint', { + clusterName: 'clusterName', + certificateAuthority: 'certificateAuthority', + endpoint: 'https://apiid.gr7.us-east-1.eks.amazonaws.com', + httpMethod: MethodType.GET, + path: '/api/v1/namespaces/default/pods', +}); + +const chain = sfn.Chain.start(callJob); + +const sm = new sfn.StateMachine(stack, 'StateMachine', { + definition: chain, + timeout: cdk.Duration.seconds(30), +}); + +new cdk.CfnOutput(stack, 'stateMachineArn', { + value: sm.stateMachineArn, +}); + + +app.synth(); From d6d55e541c786a2cf9b9fbcd6fbd964ed6929ced Mon Sep 17 00:00:00 2001 From: Changheng Gu Date: Thu, 28 Jan 2021 16:35:37 -0800 Subject: [PATCH 2/7] feat(stepfunctions-tasks): addressed comments from previous commit --- .../aws-stepfunctions-tasks/lib/eks/call.ts | 63 ++++++++++++------- 1 file changed, 42 insertions(+), 21 deletions(-) diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/lib/eks/call.ts b/packages/@aws-cdk/aws-stepfunctions-tasks/lib/eks/call.ts index 43aba47907859..9aac53ad062ab 100644 --- a/packages/@aws-cdk/aws-stepfunctions-tasks/lib/eks/call.ts +++ b/packages/@aws-cdk/aws-stepfunctions-tasks/lib/eks/call.ts @@ -3,32 +3,44 @@ import * as sfn from '@aws-cdk/aws-stepfunctions'; import { Construct } from 'constructs'; import { integrationResourceArn, validatePatternSupported } from '../private/task-utils'; -/** Properties for calling a EKS endpoint with EksCall */ +/** + * Properties for calling a EKS endpoint with EksCall + */ export interface EksCallProps extends sfn.TaskStateBaseProps { - /** Name of the cluster */ + /** + * Name of the cluster + */ readonly clusterName: string; - /** Base 64 encoded certificate data required to communicate with your cluster */ + /** + * Base 64 encoded certificate data required to communicate with your cluster + */ readonly certificateAuthority: string; - /** API endpoint to communicate with your cluster */ + /** + * API endpoint to communicate with your cluster + */ readonly endpoint: string; - /** The HTTP method ("GET", "POST", "PUT", ...) that clients use to call this method */ + /** + * HTTP method ("GET", "POST", "PUT", ...) part of HTTP request + */ readonly httpMethod: MethodType; - /** Path of cluster */ + /** + * Path of cluster + */ readonly path: string; /** - * Path of cluster + * Query Parameters part of HTTP request * @default - no query parameters */ readonly queryParameters?: { [key: string]: string[] }; /** - * request body of the http method + * Request body part of HTTP request * @default - No request body */ readonly requestBody?: { [key: string]: any }; @@ -59,8 +71,6 @@ export class EksCall extends sfn.TaskStateBase { /** * Provides the EKS Call service integration task configuration - */ - /** * @internal */ protected _renderTask(): any { @@ -79,26 +89,37 @@ export class EksCall extends sfn.TaskStateBase { } } -/** Method type of a EKS call */ +/** + * Method type of a EKS call + */ export enum MethodType { - /** Retreive data from a server at the specified resource */ + /** + * Retrieve data from a server at the specified resource + */ GET = 'GET', - /** Send data to the API endpoint to create or udpate a resource */ + /** + * Send data to the API endpoint to create or update a resource + */ POST = 'POST', - /** Send data to the API endpoint to update or create a resource */ + /** + * Send data to the API endpoint to update or create a resource + */ PUT = 'PUT', - /** Delete the resource at the specified endpoint */ + /** + * Delete the resource at the specified endpoint + */ DELETE = 'DELETE', - /** Apply partial modifications to the resource */ + /** + * Apply partial modifications to the resource + */ PATCH = 'PATCH', - /** Retreive data from a server at the specified resource without the response body */ - HEAD = 'HEAD', - - /** Return data describing what other methods and operations the server supports */ - OPTIONS = 'OPTIONS' + /** + * Retrieve data from a server at the specified resource without the response body + */ + HEAD = 'HEAD' } \ No newline at end of file From b831188335cad70c2ae703e260148cc4f160c1df Mon Sep 17 00:00:00 2001 From: NovakGu Date: Wed, 3 Feb 2021 18:43:37 -0800 Subject: [PATCH 3/7] Add coverage/integ test & refactor using EKS L2 Construct --- .../aws-stepfunctions-tasks/README.md | 15 +- .../aws-stepfunctions-tasks/lib/eks/call.ts | 33 +- .../aws-stepfunctions-tasks/lib/index.ts | 1 - .../aws-stepfunctions-tasks/package.json | 2 + .../test/eks/call.test.ts | 135 +- .../test/eks/integ.call.expected.json | 1546 ++++++++++++++++- .../test/eks/integ.call.ts | 38 +- 7 files changed, 1691 insertions(+), 79 deletions(-) diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/README.md b/packages/@aws-cdk/aws-stepfunctions-tasks/README.md index a3634da8b2dc5..a84cd833d5d58 100644 --- a/packages/@aws-cdk/aws-stepfunctions-tasks/README.md +++ b/packages/@aws-cdk/aws-stepfunctions-tasks/README.md @@ -678,11 +678,20 @@ The service integration APIs correspond to Amazon EKS APIs. Read and write Kubernetes resource objects via a Kubernetes API endpoint. Corresponds to the [`call`](https://docs.aws.amazon.com/step-functions/latest/dg/connect-eks.html) API in Step Functions Connector. +The following code snippet includes a Task state that uses eks:call to list the pods. + ```ts +import * as eks from '@aws-cdk/aws-eks'; +import * as sfn from '@aws-cdk/aws-stepfunctions'; +import * as tasks from '@aws-cdk/aws-stepfunctions-tasks'; + +const myEksCluster = new eks.Cluster(this, 'my sample cluster', { + version: eks.KubernetesVersion.V1_18, + clusterName: 'myEksCluster', + }); + new tasks.EksCall(stack, 'Call a EKS Endpoint', { - clusterName: 'clusterName', - certificateAuthority: 'certificateAuthority', - endpoint: 'https://apiid.gr7.us-east-1.eks.amazonaws.com', + cluster: myEksCluster, httpMethod: MethodType.GET, path: '/api/v1/namespaces/default/pods', }); diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/lib/eks/call.ts b/packages/@aws-cdk/aws-stepfunctions-tasks/lib/eks/call.ts index 9aac53ad062ab..7b6005782d9ac 100644 --- a/packages/@aws-cdk/aws-stepfunctions-tasks/lib/eks/call.ts +++ b/packages/@aws-cdk/aws-stepfunctions-tasks/lib/eks/call.ts @@ -1,3 +1,4 @@ +import * as eks from '@aws-cdk/aws-eks'; import * as iam from '@aws-cdk/aws-iam'; import * as sfn from '@aws-cdk/aws-stepfunctions'; import { Construct } from 'constructs'; @@ -5,33 +6,24 @@ import { integrationResourceArn, validatePatternSupported } from '../private/tas /** * Properties for calling a EKS endpoint with EksCall + * @experimental */ export interface EksCallProps extends sfn.TaskStateBaseProps { /** - * Name of the cluster + * The EKS cluster */ - readonly clusterName: string; - - /** - * Base 64 encoded certificate data required to communicate with your cluster - */ - readonly certificateAuthority: string; - - /** - * API endpoint to communicate with your cluster - */ - readonly endpoint: string; + readonly cluster: eks.ICluster; /** * HTTP method ("GET", "POST", "PUT", ...) part of HTTP request */ - readonly httpMethod: MethodType; + readonly httpMethod: HttpMethods; /** - * Path of cluster + * HTTP path of the Kubernetes REST API operation */ - readonly path: string; + readonly httpPath: string; /** * Query Parameters part of HTTP request @@ -50,6 +42,7 @@ export interface EksCallProps extends sfn.TaskStateBaseProps { * Call a EKS endpoint as a Task * * @see https://docs.aws.amazon.com/step-functions/latest/dg/connect-eks.html + * @experimental */ export class EksCall extends sfn.TaskStateBase { @@ -77,11 +70,11 @@ export class EksCall extends sfn.TaskStateBase { return { Resource: integrationResourceArn('eks', 'call', this.integrationPattern), Parameters: sfn.FieldUtils.renderObject({ - ClusterName: this.props.clusterName, - CertificateAuthority: this.props.certificateAuthority, - Endpoint: this.props.endpoint, + ClusterName: this.props.cluster.clusterName, + CertificateAuthority: this.props.cluster.clusterCertificateAuthorityData, + Endpoint: this.props.cluster.clusterEndpoint, Method: this.props.httpMethod, - Path: this.props.path, + Path: this.props.httpPath, QueryParameters: this.props.queryParameters, RequestBody: this.props.requestBody, }), @@ -92,7 +85,7 @@ export class EksCall extends sfn.TaskStateBase { /** * Method type of a EKS call */ -export enum MethodType { +export enum HttpMethods { /** * Retrieve data from a server at the specified resource */ diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/lib/index.ts b/packages/@aws-cdk/aws-stepfunctions-tasks/lib/index.ts index ee136abffb1aa..32e684f6d1adf 100644 --- a/packages/@aws-cdk/aws-stepfunctions-tasks/lib/index.ts +++ b/packages/@aws-cdk/aws-stepfunctions-tasks/lib/index.ts @@ -39,7 +39,6 @@ export * from './dynamodb/update-item'; export * from './dynamodb/delete-item'; export * from './dynamodb/shared-types'; export * from './codebuild/start-build'; -export * from './eks/call'; export * from './athena/start-query-execution'; export * from './athena/stop-query-execution'; export * from './athena/get-query-execution'; diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/package.json b/packages/@aws-cdk/aws-stepfunctions-tasks/package.json index 3031ab05dc9a3..1f4041637c1d5 100644 --- a/packages/@aws-cdk/aws-stepfunctions-tasks/package.json +++ b/packages/@aws-cdk/aws-stepfunctions-tasks/package.json @@ -81,6 +81,7 @@ "@aws-cdk/aws-ecr": "0.0.0", "@aws-cdk/aws-ecr-assets": "0.0.0", "@aws-cdk/aws-ecs": "0.0.0", + "@aws-cdk/aws-eks": "0.0.0", "@aws-cdk/aws-glue": "0.0.0", "@aws-cdk/aws-iam": "0.0.0", "@aws-cdk/aws-kms": "0.0.0", @@ -103,6 +104,7 @@ "@aws-cdk/aws-ecr": "0.0.0", "@aws-cdk/aws-ecr-assets": "0.0.0", "@aws-cdk/aws-ecs": "0.0.0", + "@aws-cdk/aws-eks": "0.0.0", "@aws-cdk/aws-glue": "0.0.0", "@aws-cdk/aws-iam": "0.0.0", "@aws-cdk/aws-kms": "0.0.0", diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/test/eks/call.test.ts b/packages/@aws-cdk/aws-stepfunctions-tasks/test/eks/call.test.ts index e67f3838af505..164c1d4780f37 100644 --- a/packages/@aws-cdk/aws-stepfunctions-tasks/test/eks/call.test.ts +++ b/packages/@aws-cdk/aws-stepfunctions-tasks/test/eks/call.test.ts @@ -1,54 +1,103 @@ +import * as eks from '@aws-cdk/aws-eks'; import * as sfn from '@aws-cdk/aws-stepfunctions'; -import * as cdk from '@aws-cdk/core'; -import { EksCall, MethodType } from '../../lib/eks/call'; +import { Stack } from '@aws-cdk/core'; +import { EksCall, HttpMethods } from '../../lib/eks/call'; -describe('Call an EKS endpoint', () => { +let stack: Stack; +let cluster: eks.Cluster; - test('default settings', () => { - // GIVEN - const stack = new cdk.Stack(); +beforeEach(() => { + //GIVEN + stack = new Stack(); + cluster = new eks.Cluster(stack, 'Cluster', { + version: eks.KubernetesVersion.V1_18, + clusterName: 'eksCluster', + }); +}); - // WHEN - const task = new EksCall(stack, 'Call', { - clusterName: 'clusterName', - certificateAuthority: 'certificateAuthority', - endpoint: 'endpoint', - httpMethod: MethodType.GET, - path: 'path', - requestBody: sfn.TaskInput.fromObject({ - RequestBody: 'requestBody', - }), - }); +test('Call an EKS endpoint', () => { + // WHEN + const task = new EksCall(stack, 'Call', { + cluster: cluster, + httpMethod: HttpMethods.GET, + httpPath: 'path', + requestBody: sfn.TaskInput.fromObject({ + RequestBody: 'requestBody', + }), + }); - // THEN - expect(stack.resolve(task.toStateJson())).toEqual({ - Type: 'Task', - Resource: { - 'Fn::Join': [ - '', - [ - 'arn:', - { - Ref: 'AWS::Partition', - }, - ':states:::eks:call', - ], + // THEN + expect(stack.resolve(task.toStateJson())).toEqual({ + Type: 'Task', + Resource: { + 'Fn::Join': [ + '', + [ + 'arn:', + { + Ref: 'AWS::Partition', + }, + ':states:::eks:call', ], + ], + }, + End: true, + Parameters: { + ClusterName: { + Ref: 'Cluster9EE0221C', }, - End: true, - Parameters: { - ClusterName: 'clusterName', - CertificateAuthority: 'certificateAuthority', - Endpoint: 'endpoint', - Method: 'GET', - Path: 'path', - RequestBody: { - type: 1, - value: { - RequestBody: 'requestBody', - }, + CertificateAuthority: { + 'Fn::GetAtt': [ + 'Cluster9EE0221C', + 'CertificateAuthorityData', + ], + }, + Endpoint: { + 'Fn::GetAtt': [ + 'Cluster9EE0221C', + 'Endpoint', + ], + }, + Method: 'GET', + Path: 'path', + RequestBody: { + type: 1, + value: { + RequestBody: 'requestBody', }, }, - }); + }, }); +}); + +test('Task throws if RUN_JOB is supplied as service integration pattern', () => { + expect(() => { + new EksCall(stack, 'Call', { + cluster: cluster, + httpMethod: HttpMethods.GET, + httpPath: 'path', + requestBody: sfn.TaskInput.fromObject({ + RequestBody: 'requestBody', + }), + integrationPattern: sfn.IntegrationPattern.RUN_JOB, + }); + }).toThrow( + /Unsupported service integration pattern. Supported Patterns: REQUEST_RESPONSE. Received: RUN_JOB/, + ); +}); + +test('Task throws if WAIT_FOR_TASK_TOKEN is supplied as service integration pattern', () => { + expect(() => { + new EksCall(stack, 'Call', { + cluster: cluster, + httpMethod: HttpMethods.GET, + httpPath: 'path', + requestBody: sfn.TaskInput.fromObject({ + RequestBody: 'requestBody', + }), + integrationPattern: sfn.IntegrationPattern.WAIT_FOR_TASK_TOKEN, + }); + }).toThrow( + /Unsupported service integration pattern. Supported Patterns: REQUEST_RESPONSE. Received: WAIT_FOR_TASK_TOKEN/, + ); }); \ No newline at end of file diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/test/eks/integ.call.expected.json b/packages/@aws-cdk/aws-stepfunctions-tasks/test/eks/integ.call.expected.json index c2c5cfd7e34d6..a8eaf611abf00 100644 --- a/packages/@aws-cdk/aws-stepfunctions-tasks/test/eks/integ.call.expected.json +++ b/packages/@aws-cdk/aws-stepfunctions-tasks/test/eks/integ.call.expected.json @@ -1,6 +1,1389 @@ { "Resources": { - "StateMachineRoleB840431D": { + "EksClusterDefaultVpcB24550B2": { + "Type": "AWS::EC2::VPC", + "Properties": { + "CidrBlock": "10.0.0.0/16", + "EnableDnsHostnames": true, + "EnableDnsSupport": true, + "InstanceTenancy": "default", + "Tags": [ + { + "Key": "Name", + "Value": "aws-stepfunctions-tasks-eks-call-integ/EksCluster/DefaultVpc" + } + ] + } + }, + "EksClusterDefaultVpcPublicSubnet1SubnetCB1D1047": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "CidrBlock": "10.0.0.0/19", + "VpcId": { + "Ref": "EksClusterDefaultVpcB24550B2" + }, + "AvailabilityZone": "test-region-1a", + "MapPublicIpOnLaunch": true, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Public" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Public" + }, + { + "Key": "kubernetes.io/role/elb", + "Value": "1" + }, + { + "Key": "Name", + "Value": "aws-stepfunctions-tasks-eks-call-integ/EksCluster/DefaultVpc/PublicSubnet1" + } + ] + } + }, + "EksClusterDefaultVpcPublicSubnet1RouteTable163DE10A": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Ref": "EksClusterDefaultVpcB24550B2" + }, + "Tags": [ + { + "Key": "kubernetes.io/role/elb", + "Value": "1" + }, + { + "Key": "Name", + "Value": "aws-stepfunctions-tasks-eks-call-integ/EksCluster/DefaultVpc/PublicSubnet1" + } + ] + } + }, + "EksClusterDefaultVpcPublicSubnet1RouteTableAssociation36D085C2": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "EksClusterDefaultVpcPublicSubnet1RouteTable163DE10A" + }, + "SubnetId": { + "Ref": "EksClusterDefaultVpcPublicSubnet1SubnetCB1D1047" + } + } + }, + "EksClusterDefaultVpcPublicSubnet1DefaultRouteCE5F6EF3": { + "Type": "AWS::EC2::Route", + "Properties": { + "RouteTableId": { + "Ref": "EksClusterDefaultVpcPublicSubnet1RouteTable163DE10A" + }, + "DestinationCidrBlock": "0.0.0.0/0", + "GatewayId": { + "Ref": "EksClusterDefaultVpcIGWCA6A3220" + } + }, + "DependsOn": [ + "EksClusterDefaultVpcVPCGW0E4A5673" + ] + }, + "EksClusterDefaultVpcPublicSubnet1EIPF53713C9": { + "Type": "AWS::EC2::EIP", + "Properties": { + "Domain": "vpc", + "Tags": [ + { + "Key": "kubernetes.io/role/elb", + "Value": "1" + }, + { + "Key": "Name", + "Value": "aws-stepfunctions-tasks-eks-call-integ/EksCluster/DefaultVpc/PublicSubnet1" + } + ] + } + }, + "EksClusterDefaultVpcPublicSubnet1NATGateway548C2CDF": { + "Type": "AWS::EC2::NatGateway", + "Properties": { + "AllocationId": { + "Fn::GetAtt": [ + "EksClusterDefaultVpcPublicSubnet1EIPF53713C9", + "AllocationId" + ] + }, + "SubnetId": { + "Ref": "EksClusterDefaultVpcPublicSubnet1SubnetCB1D1047" + }, + "Tags": [ + { + "Key": "kubernetes.io/role/elb", + "Value": "1" + }, + { + "Key": "Name", + "Value": "aws-stepfunctions-tasks-eks-call-integ/EksCluster/DefaultVpc/PublicSubnet1" + } + ] + } + }, + "EksClusterDefaultVpcPublicSubnet2SubnetA8FE675D": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "CidrBlock": "10.0.32.0/19", + "VpcId": { + "Ref": "EksClusterDefaultVpcB24550B2" + }, + "AvailabilityZone": "test-region-1b", + "MapPublicIpOnLaunch": true, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Public" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Public" + }, + { + "Key": "kubernetes.io/role/elb", + "Value": "1" + }, + { + "Key": "Name", + "Value": "aws-stepfunctions-tasks-eks-call-integ/EksCluster/DefaultVpc/PublicSubnet2" + } + ] + } + }, + "EksClusterDefaultVpcPublicSubnet2RouteTable1027E4DE": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Ref": "EksClusterDefaultVpcB24550B2" + }, + "Tags": [ + { + "Key": "kubernetes.io/role/elb", + "Value": "1" + }, + { + "Key": "Name", + "Value": "aws-stepfunctions-tasks-eks-call-integ/EksCluster/DefaultVpc/PublicSubnet2" + } + ] + } + }, + "EksClusterDefaultVpcPublicSubnet2RouteTableAssociation39E2ABB3": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "EksClusterDefaultVpcPublicSubnet2RouteTable1027E4DE" + }, + "SubnetId": { + "Ref": "EksClusterDefaultVpcPublicSubnet2SubnetA8FE675D" + } + } + }, + "EksClusterDefaultVpcPublicSubnet2DefaultRoute8B910E5C": { + "Type": "AWS::EC2::Route", + "Properties": { + "RouteTableId": { + "Ref": "EksClusterDefaultVpcPublicSubnet2RouteTable1027E4DE" + }, + "DestinationCidrBlock": "0.0.0.0/0", + "GatewayId": { + "Ref": "EksClusterDefaultVpcIGWCA6A3220" + } + }, + "DependsOn": [ + "EksClusterDefaultVpcVPCGW0E4A5673" + ] + }, + "EksClusterDefaultVpcPublicSubnet2EIP16D41D80": { + "Type": "AWS::EC2::EIP", + "Properties": { + "Domain": "vpc", + "Tags": [ + { + "Key": "kubernetes.io/role/elb", + "Value": "1" + }, + { + "Key": "Name", + "Value": "aws-stepfunctions-tasks-eks-call-integ/EksCluster/DefaultVpc/PublicSubnet2" + } + ] + } + }, + "EksClusterDefaultVpcPublicSubnet2NATGateway869DDCBF": { + "Type": "AWS::EC2::NatGateway", + "Properties": { + "AllocationId": { + "Fn::GetAtt": [ + "EksClusterDefaultVpcPublicSubnet2EIP16D41D80", + "AllocationId" + ] + }, + "SubnetId": { + "Ref": "EksClusterDefaultVpcPublicSubnet2SubnetA8FE675D" + }, + "Tags": [ + { + "Key": "kubernetes.io/role/elb", + "Value": "1" + }, + { + "Key": "Name", + "Value": "aws-stepfunctions-tasks-eks-call-integ/EksCluster/DefaultVpc/PublicSubnet2" + } + ] + } + }, + "EksClusterDefaultVpcPublicSubnet3SubnetA04EFFC1": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "CidrBlock": "10.0.64.0/19", + "VpcId": { + "Ref": "EksClusterDefaultVpcB24550B2" + }, + "AvailabilityZone": "test-region-1c", + "MapPublicIpOnLaunch": true, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Public" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Public" + }, + { + "Key": "kubernetes.io/role/elb", + "Value": "1" + }, + { + "Key": "Name", + "Value": "aws-stepfunctions-tasks-eks-call-integ/EksCluster/DefaultVpc/PublicSubnet3" + } + ] + } + }, + "EksClusterDefaultVpcPublicSubnet3RouteTableEBB51B8A": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Ref": "EksClusterDefaultVpcB24550B2" + }, + "Tags": [ + { + "Key": "kubernetes.io/role/elb", + "Value": "1" + }, + { + "Key": "Name", + "Value": "aws-stepfunctions-tasks-eks-call-integ/EksCluster/DefaultVpc/PublicSubnet3" + } + ] + } + }, + "EksClusterDefaultVpcPublicSubnet3RouteTableAssociationFE466321": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "EksClusterDefaultVpcPublicSubnet3RouteTableEBB51B8A" + }, + "SubnetId": { + "Ref": "EksClusterDefaultVpcPublicSubnet3SubnetA04EFFC1" + } + } + }, + "EksClusterDefaultVpcPublicSubnet3DefaultRoute1F5BE861": { + "Type": "AWS::EC2::Route", + "Properties": { + "RouteTableId": { + "Ref": "EksClusterDefaultVpcPublicSubnet3RouteTableEBB51B8A" + }, + "DestinationCidrBlock": "0.0.0.0/0", + "GatewayId": { + "Ref": "EksClusterDefaultVpcIGWCA6A3220" + } + }, + "DependsOn": [ + "EksClusterDefaultVpcVPCGW0E4A5673" + ] + }, + "EksClusterDefaultVpcPublicSubnet3EIPF8D34EDE": { + "Type": "AWS::EC2::EIP", + "Properties": { + "Domain": "vpc", + "Tags": [ + { + "Key": "kubernetes.io/role/elb", + "Value": "1" + }, + { + "Key": "Name", + "Value": "aws-stepfunctions-tasks-eks-call-integ/EksCluster/DefaultVpc/PublicSubnet3" + } + ] + } + }, + "EksClusterDefaultVpcPublicSubnet3NATGatewayC35C74D3": { + "Type": "AWS::EC2::NatGateway", + "Properties": { + "AllocationId": { + "Fn::GetAtt": [ + "EksClusterDefaultVpcPublicSubnet3EIPF8D34EDE", + "AllocationId" + ] + }, + "SubnetId": { + "Ref": "EksClusterDefaultVpcPublicSubnet3SubnetA04EFFC1" + }, + "Tags": [ + { + "Key": "kubernetes.io/role/elb", + "Value": "1" + }, + { + "Key": "Name", + "Value": "aws-stepfunctions-tasks-eks-call-integ/EksCluster/DefaultVpc/PublicSubnet3" + } + ] + } + }, + "EksClusterDefaultVpcPrivateSubnet1Subnet4D665A2F": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "CidrBlock": "10.0.96.0/19", + "VpcId": { + "Ref": "EksClusterDefaultVpcB24550B2" + }, + "AvailabilityZone": "test-region-1a", + "MapPublicIpOnLaunch": false, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Private" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Private" + }, + { + "Key": "kubernetes.io/role/internal-elb", + "Value": "1" + }, + { + "Key": "Name", + "Value": "aws-stepfunctions-tasks-eks-call-integ/EksCluster/DefaultVpc/PrivateSubnet1" + } + ] + } + }, + "EksClusterDefaultVpcPrivateSubnet1RouteTable9104CFAB": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Ref": "EksClusterDefaultVpcB24550B2" + }, + "Tags": [ + { + "Key": "kubernetes.io/role/internal-elb", + "Value": "1" + }, + { + "Key": "Name", + "Value": "aws-stepfunctions-tasks-eks-call-integ/EksCluster/DefaultVpc/PrivateSubnet1" + } + ] + } + }, + "EksClusterDefaultVpcPrivateSubnet1RouteTableAssociationCC31B65B": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "EksClusterDefaultVpcPrivateSubnet1RouteTable9104CFAB" + }, + "SubnetId": { + "Ref": "EksClusterDefaultVpcPrivateSubnet1Subnet4D665A2F" + } + } + }, + "EksClusterDefaultVpcPrivateSubnet1DefaultRoute790DE5CF": { + "Type": "AWS::EC2::Route", + "Properties": { + "RouteTableId": { + "Ref": "EksClusterDefaultVpcPrivateSubnet1RouteTable9104CFAB" + }, + "DestinationCidrBlock": "0.0.0.0/0", + "NatGatewayId": { + "Ref": "EksClusterDefaultVpcPublicSubnet1NATGateway548C2CDF" + } + } + }, + "EksClusterDefaultVpcPrivateSubnet2Subnet180B8A71": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "CidrBlock": "10.0.128.0/19", + "VpcId": { + "Ref": "EksClusterDefaultVpcB24550B2" + }, + "AvailabilityZone": "test-region-1b", + "MapPublicIpOnLaunch": false, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Private" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Private" + }, + { + "Key": "kubernetes.io/role/internal-elb", + "Value": "1" + }, + { + "Key": "Name", + "Value": "aws-stepfunctions-tasks-eks-call-integ/EksCluster/DefaultVpc/PrivateSubnet2" + } + ] + } + }, + "EksClusterDefaultVpcPrivateSubnet2RouteTable04B34031": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Ref": "EksClusterDefaultVpcB24550B2" + }, + "Tags": [ + { + "Key": "kubernetes.io/role/internal-elb", + "Value": "1" + }, + { + "Key": "Name", + "Value": "aws-stepfunctions-tasks-eks-call-integ/EksCluster/DefaultVpc/PrivateSubnet2" + } + ] + } + }, + "EksClusterDefaultVpcPrivateSubnet2RouteTableAssociation86243837": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "EksClusterDefaultVpcPrivateSubnet2RouteTable04B34031" + }, + "SubnetId": { + "Ref": "EksClusterDefaultVpcPrivateSubnet2Subnet180B8A71" + } + } + }, + "EksClusterDefaultVpcPrivateSubnet2DefaultRoute99A19B21": { + "Type": "AWS::EC2::Route", + "Properties": { + "RouteTableId": { + "Ref": "EksClusterDefaultVpcPrivateSubnet2RouteTable04B34031" + }, + "DestinationCidrBlock": "0.0.0.0/0", + "NatGatewayId": { + "Ref": "EksClusterDefaultVpcPublicSubnet2NATGateway869DDCBF" + } + } + }, + "EksClusterDefaultVpcPrivateSubnet3Subnet6C4BFC07": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "CidrBlock": "10.0.160.0/19", + "VpcId": { + "Ref": "EksClusterDefaultVpcB24550B2" + }, + "AvailabilityZone": "test-region-1c", + "MapPublicIpOnLaunch": false, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Private" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Private" + }, + { + "Key": "kubernetes.io/role/internal-elb", + "Value": "1" + }, + { + "Key": "Name", + "Value": "aws-stepfunctions-tasks-eks-call-integ/EksCluster/DefaultVpc/PrivateSubnet3" + } + ] + } + }, + "EksClusterDefaultVpcPrivateSubnet3RouteTableA8F449F1": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Ref": "EksClusterDefaultVpcB24550B2" + }, + "Tags": [ + { + "Key": "kubernetes.io/role/internal-elb", + "Value": "1" + }, + { + "Key": "Name", + "Value": "aws-stepfunctions-tasks-eks-call-integ/EksCluster/DefaultVpc/PrivateSubnet3" + } + ] + } + }, + "EksClusterDefaultVpcPrivateSubnet3RouteTableAssociationCE2741BE": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "EksClusterDefaultVpcPrivateSubnet3RouteTableA8F449F1" + }, + "SubnetId": { + "Ref": "EksClusterDefaultVpcPrivateSubnet3Subnet6C4BFC07" + } + } + }, + "EksClusterDefaultVpcPrivateSubnet3DefaultRouteDC2E9DE0": { + "Type": "AWS::EC2::Route", + "Properties": { + "RouteTableId": { + "Ref": "EksClusterDefaultVpcPrivateSubnet3RouteTableA8F449F1" + }, + "DestinationCidrBlock": "0.0.0.0/0", + "NatGatewayId": { + "Ref": "EksClusterDefaultVpcPublicSubnet3NATGatewayC35C74D3" + } + } + }, + "EksClusterDefaultVpcIGWCA6A3220": { + "Type": "AWS::EC2::InternetGateway", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "aws-stepfunctions-tasks-eks-call-integ/EksCluster/DefaultVpc" + } + ] + } + }, + "EksClusterDefaultVpcVPCGW0E4A5673": { + "Type": "AWS::EC2::VPCGatewayAttachment", + "Properties": { + "VpcId": { + "Ref": "EksClusterDefaultVpcB24550B2" + }, + "InternetGatewayId": { + "Ref": "EksClusterDefaultVpcIGWCA6A3220" + } + } + }, + "EksClusterRoleC84B376F": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "eks.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "ManagedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/AmazonEKSClusterPolicy" + ] + ] + } + ] + } + }, + "EksClusterControlPlaneSecurityGroup9257A6D0": { + "Type": "AWS::EC2::SecurityGroup", + "Properties": { + "GroupDescription": "EKS Control Plane Security Group", + "SecurityGroupEgress": [ + { + "CidrIp": "0.0.0.0/0", + "Description": "Allow all outbound traffic by default", + "IpProtocol": "-1" + } + ], + "VpcId": { + "Ref": "EksClusterDefaultVpcB24550B2" + } + } + }, + "EksClusterCreationRole75AABE42": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" + ] + ] + } + } + } + ], + "Version": "2012-10-17" + } + }, + "DependsOn": [ + "EksClusterDefaultVpcIGWCA6A3220", + "EksClusterDefaultVpcPrivateSubnet1DefaultRoute790DE5CF", + "EksClusterDefaultVpcPrivateSubnet1RouteTable9104CFAB", + "EksClusterDefaultVpcPrivateSubnet1RouteTableAssociationCC31B65B", + "EksClusterDefaultVpcPrivateSubnet1Subnet4D665A2F", + "EksClusterDefaultVpcPrivateSubnet2DefaultRoute99A19B21", + "EksClusterDefaultVpcPrivateSubnet2RouteTable04B34031", + "EksClusterDefaultVpcPrivateSubnet2RouteTableAssociation86243837", + "EksClusterDefaultVpcPrivateSubnet2Subnet180B8A71", + "EksClusterDefaultVpcPrivateSubnet3DefaultRouteDC2E9DE0", + "EksClusterDefaultVpcPrivateSubnet3RouteTableA8F449F1", + "EksClusterDefaultVpcPrivateSubnet3RouteTableAssociationCE2741BE", + "EksClusterDefaultVpcPrivateSubnet3Subnet6C4BFC07", + "EksClusterDefaultVpcPublicSubnet1DefaultRouteCE5F6EF3", + "EksClusterDefaultVpcPublicSubnet1EIPF53713C9", + "EksClusterDefaultVpcPublicSubnet1NATGateway548C2CDF", + "EksClusterDefaultVpcPublicSubnet1RouteTable163DE10A", + "EksClusterDefaultVpcPublicSubnet1RouteTableAssociation36D085C2", + "EksClusterDefaultVpcPublicSubnet1SubnetCB1D1047", + "EksClusterDefaultVpcPublicSubnet2DefaultRoute8B910E5C", + "EksClusterDefaultVpcPublicSubnet2EIP16D41D80", + "EksClusterDefaultVpcPublicSubnet2NATGateway869DDCBF", + "EksClusterDefaultVpcPublicSubnet2RouteTable1027E4DE", + "EksClusterDefaultVpcPublicSubnet2RouteTableAssociation39E2ABB3", + "EksClusterDefaultVpcPublicSubnet2SubnetA8FE675D", + "EksClusterDefaultVpcPublicSubnet3DefaultRoute1F5BE861", + "EksClusterDefaultVpcPublicSubnet3EIPF8D34EDE", + "EksClusterDefaultVpcPublicSubnet3NATGatewayC35C74D3", + "EksClusterDefaultVpcPublicSubnet3RouteTableEBB51B8A", + "EksClusterDefaultVpcPublicSubnet3RouteTableAssociationFE466321", + "EksClusterDefaultVpcPublicSubnet3SubnetA04EFFC1", + "EksClusterDefaultVpcB24550B2", + "EksClusterDefaultVpcVPCGW0E4A5673" + ] + }, + "EksClusterCreationRoleDefaultPolicy2DFE4D73": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": "iam:PassRole", + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "EksClusterRoleC84B376F", + "Arn" + ] + } + }, + { + "Action": [ + "ec2:DescribeSubnets", + "ec2:DescribeRouteTables" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "eks:CreateCluster", + "eks:DescribeCluster", + "eks:DescribeUpdate", + "eks:DeleteCluster", + "eks:UpdateClusterVersion", + "eks:UpdateClusterConfig", + "eks:CreateFargateProfile", + "eks:TagResource", + "eks:UntagResource" + ], + "Effect": "Allow", + "Resource": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":eks:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":cluster/eksCluster" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":eks:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":cluster/eksCluster/*" + ] + ] + } + ] + }, + { + "Action": [ + "eks:DescribeFargateProfile", + "eks:DeleteFargateProfile" + ], + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":eks:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":fargateprofile/eksCluster/*" + ] + ] + } + }, + { + "Action": [ + "iam:GetRole", + "iam:listAttachedRolePolicies" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": "iam:CreateServiceLinkedRole", + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": "ec2:DescribeVpcs", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":ec2:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":vpc/", + { + "Ref": "EksClusterDefaultVpcB24550B2" + } + ] + ] + } + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "EksClusterCreationRoleDefaultPolicy2DFE4D73", + "Roles": [ + { + "Ref": "EksClusterCreationRole75AABE42" + } + ] + }, + "DependsOn": [ + "EksClusterDefaultVpcIGWCA6A3220", + "EksClusterDefaultVpcPrivateSubnet1DefaultRoute790DE5CF", + "EksClusterDefaultVpcPrivateSubnet1RouteTable9104CFAB", + "EksClusterDefaultVpcPrivateSubnet1RouteTableAssociationCC31B65B", + "EksClusterDefaultVpcPrivateSubnet1Subnet4D665A2F", + "EksClusterDefaultVpcPrivateSubnet2DefaultRoute99A19B21", + "EksClusterDefaultVpcPrivateSubnet2RouteTable04B34031", + "EksClusterDefaultVpcPrivateSubnet2RouteTableAssociation86243837", + "EksClusterDefaultVpcPrivateSubnet2Subnet180B8A71", + "EksClusterDefaultVpcPrivateSubnet3DefaultRouteDC2E9DE0", + "EksClusterDefaultVpcPrivateSubnet3RouteTableA8F449F1", + "EksClusterDefaultVpcPrivateSubnet3RouteTableAssociationCE2741BE", + "EksClusterDefaultVpcPrivateSubnet3Subnet6C4BFC07", + "EksClusterDefaultVpcPublicSubnet1DefaultRouteCE5F6EF3", + "EksClusterDefaultVpcPublicSubnet1EIPF53713C9", + "EksClusterDefaultVpcPublicSubnet1NATGateway548C2CDF", + "EksClusterDefaultVpcPublicSubnet1RouteTable163DE10A", + "EksClusterDefaultVpcPublicSubnet1RouteTableAssociation36D085C2", + "EksClusterDefaultVpcPublicSubnet1SubnetCB1D1047", + "EksClusterDefaultVpcPublicSubnet2DefaultRoute8B910E5C", + "EksClusterDefaultVpcPublicSubnet2EIP16D41D80", + "EksClusterDefaultVpcPublicSubnet2NATGateway869DDCBF", + "EksClusterDefaultVpcPublicSubnet2RouteTable1027E4DE", + "EksClusterDefaultVpcPublicSubnet2RouteTableAssociation39E2ABB3", + "EksClusterDefaultVpcPublicSubnet2SubnetA8FE675D", + "EksClusterDefaultVpcPublicSubnet3DefaultRoute1F5BE861", + "EksClusterDefaultVpcPublicSubnet3EIPF8D34EDE", + "EksClusterDefaultVpcPublicSubnet3NATGatewayC35C74D3", + "EksClusterDefaultVpcPublicSubnet3RouteTableEBB51B8A", + "EksClusterDefaultVpcPublicSubnet3RouteTableAssociationFE466321", + "EksClusterDefaultVpcPublicSubnet3SubnetA04EFFC1", + "EksClusterDefaultVpcB24550B2", + "EksClusterDefaultVpcVPCGW0E4A5673" + ] + }, + "EksClusterFAB68BDB": { + "Type": "Custom::AWSCDK-EKS-Cluster", + "Properties": { + "ServiceToken": { + "Fn::GetAtt": [ + "awscdkawseksClusterResourceProviderNestedStackawscdkawseksClusterResourceProviderNestedStackResource9827C454", + "Outputs.awsstepfunctionstasksekscallintegawscdkawseksClusterResourceProviderframeworkonEvent5722A6A8Arn" + ] + }, + "Config": { + "name": "eksCluster", + "version": "1.18", + "roleArn": { + "Fn::GetAtt": [ + "EksClusterRoleC84B376F", + "Arn" + ] + }, + "resourcesVpcConfig": { + "subnetIds": [ + { + "Ref": "EksClusterDefaultVpcPublicSubnet1SubnetCB1D1047" + }, + { + "Ref": "EksClusterDefaultVpcPublicSubnet2SubnetA8FE675D" + }, + { + "Ref": "EksClusterDefaultVpcPublicSubnet3SubnetA04EFFC1" + }, + { + "Ref": "EksClusterDefaultVpcPrivateSubnet1Subnet4D665A2F" + }, + { + "Ref": "EksClusterDefaultVpcPrivateSubnet2Subnet180B8A71" + }, + { + "Ref": "EksClusterDefaultVpcPrivateSubnet3Subnet6C4BFC07" + } + ], + "securityGroupIds": [ + { + "Fn::GetAtt": [ + "EksClusterControlPlaneSecurityGroup9257A6D0", + "GroupId" + ] + } + ], + "endpointPublicAccess": true, + "endpointPrivateAccess": true + } + }, + "AssumeRoleArn": { + "Fn::GetAtt": [ + "EksClusterCreationRole75AABE42", + "Arn" + ] + }, + "AttributesRevision": 2 + }, + "DependsOn": [ + "EksClusterDefaultVpcIGWCA6A3220", + "EksClusterDefaultVpcPrivateSubnet1DefaultRoute790DE5CF", + "EksClusterDefaultVpcPrivateSubnet1RouteTable9104CFAB", + "EksClusterDefaultVpcPrivateSubnet1RouteTableAssociationCC31B65B", + "EksClusterDefaultVpcPrivateSubnet1Subnet4D665A2F", + "EksClusterDefaultVpcPrivateSubnet2DefaultRoute99A19B21", + "EksClusterDefaultVpcPrivateSubnet2RouteTable04B34031", + "EksClusterDefaultVpcPrivateSubnet2RouteTableAssociation86243837", + "EksClusterDefaultVpcPrivateSubnet2Subnet180B8A71", + "EksClusterDefaultVpcPrivateSubnet3DefaultRouteDC2E9DE0", + "EksClusterDefaultVpcPrivateSubnet3RouteTableA8F449F1", + "EksClusterDefaultVpcPrivateSubnet3RouteTableAssociationCE2741BE", + "EksClusterDefaultVpcPrivateSubnet3Subnet6C4BFC07", + "EksClusterDefaultVpcPublicSubnet1DefaultRouteCE5F6EF3", + "EksClusterDefaultVpcPublicSubnet1EIPF53713C9", + "EksClusterDefaultVpcPublicSubnet1NATGateway548C2CDF", + "EksClusterDefaultVpcPublicSubnet1RouteTable163DE10A", + "EksClusterDefaultVpcPublicSubnet1RouteTableAssociation36D085C2", + "EksClusterDefaultVpcPublicSubnet1SubnetCB1D1047", + "EksClusterDefaultVpcPublicSubnet2DefaultRoute8B910E5C", + "EksClusterDefaultVpcPublicSubnet2EIP16D41D80", + "EksClusterDefaultVpcPublicSubnet2NATGateway869DDCBF", + "EksClusterDefaultVpcPublicSubnet2RouteTable1027E4DE", + "EksClusterDefaultVpcPublicSubnet2RouteTableAssociation39E2ABB3", + "EksClusterDefaultVpcPublicSubnet2SubnetA8FE675D", + "EksClusterDefaultVpcPublicSubnet3DefaultRoute1F5BE861", + "EksClusterDefaultVpcPublicSubnet3EIPF8D34EDE", + "EksClusterDefaultVpcPublicSubnet3NATGatewayC35C74D3", + "EksClusterDefaultVpcPublicSubnet3RouteTableEBB51B8A", + "EksClusterDefaultVpcPublicSubnet3RouteTableAssociationFE466321", + "EksClusterDefaultVpcPublicSubnet3SubnetA04EFFC1", + "EksClusterDefaultVpcB24550B2", + "EksClusterDefaultVpcVPCGW0E4A5673", + "EksClusterCreationRoleDefaultPolicy2DFE4D73", + "EksClusterCreationRole75AABE42" + ], + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "EksClusterKubectlReadyBarrier502B0E83": { + "Type": "AWS::SSM::Parameter", + "Properties": { + "Type": "String", + "Value": "aws:cdk:eks:kubectl-ready" + }, + "DependsOn": [ + "EksClusterCreationRoleDefaultPolicy2DFE4D73", + "EksClusterCreationRole75AABE42", + "EksClusterFAB68BDB" + ] + }, + "EksClusterMastersRole3F49FAC3": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" + ] + ] + } + } + } + ], + "Version": "2012-10-17" + } + } + }, + "EksClusterAwsAuthmanifest4F460A9B": { + "Type": "Custom::AWSCDK-EKS-KubernetesResource", + "Properties": { + "ServiceToken": { + "Fn::GetAtt": [ + "awscdkawseksKubectlProviderNestedStackawscdkawseksKubectlProviderNestedStackResourceA7AEBA6B", + "Outputs.awsstepfunctionstasksekscallintegawscdkawseksKubectlProviderframeworkonEventAF076895Arn" + ] + }, + "Manifest": { + "Fn::Join": [ + "", + [ + "[{\"apiVersion\":\"v1\",\"kind\":\"ConfigMap\",\"metadata\":{\"name\":\"aws-auth\",\"namespace\":\"kube-system\",\"labels\":{\"aws.cdk.eks/prune-c8f58087a1a3e6c10f65d847befda9c1aa2145a8fc\":\"\"}},\"data\":{\"mapRoles\":\"[{\\\"rolearn\\\":\\\"", + { + "Fn::GetAtt": [ + "EksClusterMastersRole3F49FAC3", + "Arn" + ] + }, + "\\\",\\\"username\\\":\\\"", + { + "Fn::GetAtt": [ + "EksClusterMastersRole3F49FAC3", + "Arn" + ] + }, + "\\\",\\\"groups\\\":[\\\"system:masters\\\"]},{\\\"rolearn\\\":\\\"", + { + "Fn::GetAtt": [ + "EksClusterNodegroupDefaultCapacityNodeGroupRole70D09CEC", + "Arn" + ] + }, + "\\\",\\\"username\\\":\\\"system:node:{{EC2PrivateDNSName}}\\\",\\\"groups\\\":[\\\"system:bootstrappers\\\",\\\"system:nodes\\\"]},{\\\"rolearn\\\":\\\"", + { + "Fn::GetAtt": [ + "Role1ABCC5F0", + "Arn" + ] + }, + "\\\",\\\"username\\\":\\\"", + { + "Fn::GetAtt": [ + "Role1ABCC5F0", + "Arn" + ] + }, + "\\\",\\\"groups\\\":[\\\"system:masters\\\"]}]\",\"mapUsers\":\"[]\",\"mapAccounts\":\"[]\"}}]" + ] + ] + }, + "ClusterName": { + "Ref": "EksClusterFAB68BDB" + }, + "RoleArn": { + "Fn::GetAtt": [ + "EksClusterCreationRole75AABE42", + "Arn" + ] + }, + "PruneLabel": "aws.cdk.eks/prune-c8f58087a1a3e6c10f65d847befda9c1aa2145a8fc", + "Overwrite": true + }, + "DependsOn": [ + "EksClusterKubectlReadyBarrier502B0E83" + ], + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "EksClusterNodegroupDefaultCapacityNodeGroupRole70D09CEC": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": { + "Fn::Join": [ + "", + [ + "ec2.", + { + "Ref": "AWS::URLSuffix" + } + ] + ] + } + } + } + ], + "Version": "2012-10-17" + }, + "ManagedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/AmazonEKSWorkerNodePolicy" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/AmazonEKS_CNI_Policy" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/AmazonEC2ContainerRegistryReadOnly" + ] + ] + } + ] + } + }, + "EksClusterNodegroupDefaultCapacityA81E70F9": { + "Type": "AWS::EKS::Nodegroup", + "Properties": { + "ClusterName": { + "Ref": "EksClusterFAB68BDB" + }, + "NodeRole": { + "Fn::GetAtt": [ + "EksClusterNodegroupDefaultCapacityNodeGroupRole70D09CEC", + "Arn" + ] + }, + "Subnets": [ + { + "Ref": "EksClusterDefaultVpcPrivateSubnet1Subnet4D665A2F" + }, + { + "Ref": "EksClusterDefaultVpcPrivateSubnet2Subnet180B8A71" + }, + { + "Ref": "EksClusterDefaultVpcPrivateSubnet3Subnet6C4BFC07" + } + ], + "AmiType": "AL2_x86_64", + "ForceUpdateEnabled": true, + "InstanceTypes": [ + "m5.large" + ], + "ScalingConfig": { + "DesiredSize": 2, + "MaxSize": 2, + "MinSize": 2 + } + } + }, + "awscdkawseksClusterResourceProviderNestedStackawscdkawseksClusterResourceProviderNestedStackResource9827C454": { + "Type": "AWS::CloudFormation::Stack", + "Properties": { + "TemplateURL": { + "Fn::Join": [ + "", + [ + "https://s3.", + { + "Ref": "AWS::Region" + }, + ".", + { + "Ref": "AWS::URLSuffix" + }, + "/", + { + "Ref": "AssetParameters3aee2b76026cd725af3b14456bf03061e83d56cce0e0354c7c8e88ee1150e527S3Bucket7ED14FA7" + }, + "/", + { + "Fn::Select": [ + 0, + { + "Fn::Split": [ + "||", + { + "Ref": "AssetParameters3aee2b76026cd725af3b14456bf03061e83d56cce0e0354c7c8e88ee1150e527S3VersionKeyF4EF0775" + } + ] + } + ] + }, + { + "Fn::Select": [ + 1, + { + "Fn::Split": [ + "||", + { + "Ref": "AssetParameters3aee2b76026cd725af3b14456bf03061e83d56cce0e0354c7c8e88ee1150e527S3VersionKeyF4EF0775" + } + ] + } + ] + } + ] + ] + }, + "Parameters": { + "referencetoawsstepfunctionstasksekscallintegEksClusterCreationRole00B486C4Arn": { + "Fn::GetAtt": [ + "EksClusterCreationRole75AABE42", + "Arn" + ] + }, + "referencetoawsstepfunctionstasksekscallintegAssetParameters87b1e2c41f84590d14f7ab8cb0f338c51d6fa3efe78943867af07fa959593dbaS3Bucket61AA45E5Ref": { + "Ref": "AssetParameters87b1e2c41f84590d14f7ab8cb0f338c51d6fa3efe78943867af07fa959593dbaS3Bucket14D204F9" + }, + "referencetoawsstepfunctionstasksekscallintegAssetParameters87b1e2c41f84590d14f7ab8cb0f338c51d6fa3efe78943867af07fa959593dbaS3VersionKey48ACDBCFRef": { + "Ref": "AssetParameters87b1e2c41f84590d14f7ab8cb0f338c51d6fa3efe78943867af07fa959593dbaS3VersionKeyDE8A2F1F" + }, + "referencetoawsstepfunctionstasksekscallintegAssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3BucketCF9FB24DRef": { + "Ref": "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3BucketDC4B98B1" + }, + "referencetoawsstepfunctionstasksekscallintegAssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3VersionKey4B465A75Ref": { + "Ref": "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3VersionKeyA495226F" + } + } + } + }, + "awscdkawseksKubectlProviderNestedStackawscdkawseksKubectlProviderNestedStackResourceA7AEBA6B": { + "Type": "AWS::CloudFormation::Stack", + "Properties": { + "TemplateURL": { + "Fn::Join": [ + "", + [ + "https://s3.", + { + "Ref": "AWS::Region" + }, + ".", + { + "Ref": "AWS::URLSuffix" + }, + "/", + { + "Ref": "AssetParameters70e36baae0c71157dc0e643bf7dbe9efff54826f5461a2ee910ab5d9d99be4a1S3Bucket99903CA7" + }, + "/", + { + "Fn::Select": [ + 0, + { + "Fn::Split": [ + "||", + { + "Ref": "AssetParameters70e36baae0c71157dc0e643bf7dbe9efff54826f5461a2ee910ab5d9d99be4a1S3VersionKeyE34850A1" + } + ] + } + ] + }, + { + "Fn::Select": [ + 1, + { + "Fn::Split": [ + "||", + { + "Ref": "AssetParameters70e36baae0c71157dc0e643bf7dbe9efff54826f5461a2ee910ab5d9d99be4a1S3VersionKeyE34850A1" + } + ] + } + ] + } + ] + ] + }, + "Parameters": { + "referencetoawsstepfunctionstasksekscallintegEksClusterCA674174Arn": { + "Fn::GetAtt": [ + "EksClusterFAB68BDB", + "Arn" + ] + }, + "referencetoawsstepfunctionstasksekscallintegEksClusterCreationRole00B486C4Arn": { + "Fn::GetAtt": [ + "EksClusterCreationRole75AABE42", + "Arn" + ] + }, + "referencetoawsstepfunctionstasksekscallintegAssetParametersbafd50ae9f214e496ff8c72c6425f93dca3ccd590e20963706d5d610d9c75757S3BucketB45933E2Ref": { + "Ref": "AssetParametersbafd50ae9f214e496ff8c72c6425f93dca3ccd590e20963706d5d610d9c75757S3Bucket008DBB35" + }, + "referencetoawsstepfunctionstasksekscallintegAssetParametersbafd50ae9f214e496ff8c72c6425f93dca3ccd590e20963706d5d610d9c75757S3VersionKey897E2F88Ref": { + "Ref": "AssetParametersbafd50ae9f214e496ff8c72c6425f93dca3ccd590e20963706d5d610d9c75757S3VersionKey97C3E1A0" + }, + "referencetoawsstepfunctionstasksekscallintegEksClusterDefaultVpcPrivateSubnet1Subnet3A6964EARef": { + "Ref": "EksClusterDefaultVpcPrivateSubnet1Subnet4D665A2F" + }, + "referencetoawsstepfunctionstasksekscallintegEksClusterDefaultVpcPrivateSubnet2Subnet08905A58Ref": { + "Ref": "EksClusterDefaultVpcPrivateSubnet2Subnet180B8A71" + }, + "referencetoawsstepfunctionstasksekscallintegEksClusterDefaultVpcPrivateSubnet3SubnetF3A2081ERef": { + "Ref": "EksClusterDefaultVpcPrivateSubnet3Subnet6C4BFC07" + }, + "referencetoawsstepfunctionstasksekscallintegEksClusterCA674174ClusterSecurityGroupId": { + "Fn::GetAtt": [ + "EksClusterFAB68BDB", + "ClusterSecurityGroupId" + ] + }, + "referencetoawsstepfunctionstasksekscallintegAssetParameterse9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68S3Bucket3F56B6C0Ref": { + "Ref": "AssetParameterse9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68S3BucketAEADE8C7" + }, + "referencetoawsstepfunctionstasksekscallintegAssetParameterse9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68S3VersionKey14F73D88Ref": { + "Ref": "AssetParameterse9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68S3VersionKeyE415415F" + }, + "referencetoawsstepfunctionstasksekscallintegAssetParameters844c1a4b13479b359ea0e607dccb4a04b73e22cf88cf9b64feed2c5f0de213c0S3Bucket82DB0998Ref": { + "Ref": "AssetParameters844c1a4b13479b359ea0e607dccb4a04b73e22cf88cf9b64feed2c5f0de213c0S3Bucket6ABE1927" + }, + "referencetoawsstepfunctionstasksekscallintegAssetParameters844c1a4b13479b359ea0e607dccb4a04b73e22cf88cf9b64feed2c5f0de213c0S3VersionKey5CB2DA63Ref": { + "Ref": "AssetParameters844c1a4b13479b359ea0e607dccb4a04b73e22cf88cf9b64feed2c5f0de213c0S3VersionKeyF55A2EA9" + }, + "referencetoawsstepfunctionstasksekscallintegEksClusterDefaultVpc549F5A2DRef": { + "Ref": "EksClusterDefaultVpcB24550B2" + }, + "referencetoawsstepfunctionstasksekscallintegAssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3BucketCF9FB24DRef": { + "Ref": "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3BucketDC4B98B1" + }, + "referencetoawsstepfunctionstasksekscallintegAssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3VersionKey4B465A75Ref": { + "Ref": "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3VersionKeyA495226F" + } + } + } + }, + "Role1ABCC5F0": { "Type": "AWS::IAM::Role", "Properties": { "AssumeRolePolicyDocument": { @@ -25,7 +1408,8 @@ } ], "Version": "2012-10-17" - } + }, + "RoleName": "testRoleEksCall" } }, "StateMachine2E01A3A5": { @@ -33,7 +1417,7 @@ "Properties": { "RoleArn": { "Fn::GetAtt": [ - "StateMachineRoleB840431D", + "Role1ABCC5F0", "Arn" ] }, @@ -45,21 +1429,173 @@ { "Ref": "AWS::Partition" }, - ":states:::eks:call\",\"Parameters\":{\"ClusterName\":\"clusterName\",\"CertificateAuthority\":\"certificateAuthority\",\"Endpoint\":\"https://apiid.gr7.us-east-1.eks.amazonaws.com\",\"Method\":\"GET\",\"Path\":\"/api/v1/namespaces/default/pods\"}}},\"TimeoutSeconds\":30}" + ":states:::eks:call\",\"Parameters\":{\"ClusterName\":\"", + { + "Ref": "EksClusterFAB68BDB" + }, + "\",\"CertificateAuthority\":\"", + { + "Fn::GetAtt": [ + "EksClusterFAB68BDB", + "CertificateAuthorityData" + ] + }, + "\",\"Endpoint\":\"", + { + "Fn::GetAtt": [ + "EksClusterFAB68BDB", + "Endpoint" + ] + }, + "\",\"Method\":\"GET\",\"Path\":\"/api/v1/namespaces/default/pods\"}}},\"TimeoutSeconds\":30}" ] ] } }, "DependsOn": [ - "StateMachineRoleB840431D" + "Role1ABCC5F0" ] } }, "Outputs": { + "EksClusterConfigCommand2AE6ED67": { + "Value": { + "Fn::Join": [ + "", + [ + "aws eks update-kubeconfig --name ", + { + "Ref": "EksClusterFAB68BDB" + }, + " --region ", + { + "Ref": "AWS::Region" + }, + " --role-arn ", + { + "Fn::GetAtt": [ + "EksClusterMastersRole3F49FAC3", + "Arn" + ] + } + ] + ] + } + }, + "EksClusterGetTokenCommandDF0BEDB9": { + "Value": { + "Fn::Join": [ + "", + [ + "aws eks get-token --cluster-name ", + { + "Ref": "EksClusterFAB68BDB" + }, + " --region ", + { + "Ref": "AWS::Region" + }, + " --role-arn ", + { + "Fn::GetAtt": [ + "EksClusterMastersRole3F49FAC3", + "Arn" + ] + } + ] + ] + } + }, "stateMachineArn": { "Value": { "Ref": "StateMachine2E01A3A5" } } + }, + "Parameters": { + "AssetParameters87b1e2c41f84590d14f7ab8cb0f338c51d6fa3efe78943867af07fa959593dbaS3Bucket14D204F9": { + "Type": "String", + "Description": "S3 bucket for asset \"87b1e2c41f84590d14f7ab8cb0f338c51d6fa3efe78943867af07fa959593dba\"" + }, + "AssetParameters87b1e2c41f84590d14f7ab8cb0f338c51d6fa3efe78943867af07fa959593dbaS3VersionKeyDE8A2F1F": { + "Type": "String", + "Description": "S3 key for asset version \"87b1e2c41f84590d14f7ab8cb0f338c51d6fa3efe78943867af07fa959593dba\"" + }, + "AssetParameters87b1e2c41f84590d14f7ab8cb0f338c51d6fa3efe78943867af07fa959593dbaArtifactHash54822A43": { + "Type": "String", + "Description": "Artifact hash for asset \"87b1e2c41f84590d14f7ab8cb0f338c51d6fa3efe78943867af07fa959593dba\"" + }, + "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3BucketDC4B98B1": { + "Type": "String", + "Description": "S3 bucket for asset \"daeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1\"" + }, + "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3VersionKeyA495226F": { + "Type": "String", + "Description": "S3 key for asset version \"daeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1\"" + }, + "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1ArtifactHashA521A16F": { + "Type": "String", + "Description": "Artifact hash for asset \"daeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1\"" + }, + "AssetParametersbafd50ae9f214e496ff8c72c6425f93dca3ccd590e20963706d5d610d9c75757S3Bucket008DBB35": { + "Type": "String", + "Description": "S3 bucket for asset \"bafd50ae9f214e496ff8c72c6425f93dca3ccd590e20963706d5d610d9c75757\"" + }, + "AssetParametersbafd50ae9f214e496ff8c72c6425f93dca3ccd590e20963706d5d610d9c75757S3VersionKey97C3E1A0": { + "Type": "String", + "Description": "S3 key for asset version \"bafd50ae9f214e496ff8c72c6425f93dca3ccd590e20963706d5d610d9c75757\"" + }, + "AssetParametersbafd50ae9f214e496ff8c72c6425f93dca3ccd590e20963706d5d610d9c75757ArtifactHashF584A7D8": { + "Type": "String", + "Description": "Artifact hash for asset \"bafd50ae9f214e496ff8c72c6425f93dca3ccd590e20963706d5d610d9c75757\"" + }, + "AssetParameterse9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68S3BucketAEADE8C7": { + "Type": "String", + "Description": "S3 bucket for asset \"e9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68\"" + }, + "AssetParameterse9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68S3VersionKeyE415415F": { + "Type": "String", + "Description": "S3 key for asset version \"e9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68\"" + }, + "AssetParameterse9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68ArtifactHashD9A515C3": { + "Type": "String", + "Description": "Artifact hash for asset \"e9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68\"" + }, + "AssetParameters844c1a4b13479b359ea0e607dccb4a04b73e22cf88cf9b64feed2c5f0de213c0S3Bucket6ABE1927": { + "Type": "String", + "Description": "S3 bucket for asset \"844c1a4b13479b359ea0e607dccb4a04b73e22cf88cf9b64feed2c5f0de213c0\"" + }, + "AssetParameters844c1a4b13479b359ea0e607dccb4a04b73e22cf88cf9b64feed2c5f0de213c0S3VersionKeyF55A2EA9": { + "Type": "String", + "Description": "S3 key for asset version \"844c1a4b13479b359ea0e607dccb4a04b73e22cf88cf9b64feed2c5f0de213c0\"" + }, + "AssetParameters844c1a4b13479b359ea0e607dccb4a04b73e22cf88cf9b64feed2c5f0de213c0ArtifactHash1D7A2D6E": { + "Type": "String", + "Description": "Artifact hash for asset \"844c1a4b13479b359ea0e607dccb4a04b73e22cf88cf9b64feed2c5f0de213c0\"" + }, + "AssetParameters3aee2b76026cd725af3b14456bf03061e83d56cce0e0354c7c8e88ee1150e527S3Bucket7ED14FA7": { + "Type": "String", + "Description": "S3 bucket for asset \"3aee2b76026cd725af3b14456bf03061e83d56cce0e0354c7c8e88ee1150e527\"" + }, + "AssetParameters3aee2b76026cd725af3b14456bf03061e83d56cce0e0354c7c8e88ee1150e527S3VersionKeyF4EF0775": { + "Type": "String", + "Description": "S3 key for asset version \"3aee2b76026cd725af3b14456bf03061e83d56cce0e0354c7c8e88ee1150e527\"" + }, + "AssetParameters3aee2b76026cd725af3b14456bf03061e83d56cce0e0354c7c8e88ee1150e527ArtifactHash94EFED5E": { + "Type": "String", + "Description": "Artifact hash for asset \"3aee2b76026cd725af3b14456bf03061e83d56cce0e0354c7c8e88ee1150e527\"" + }, + "AssetParameters70e36baae0c71157dc0e643bf7dbe9efff54826f5461a2ee910ab5d9d99be4a1S3Bucket99903CA7": { + "Type": "String", + "Description": "S3 bucket for asset \"70e36baae0c71157dc0e643bf7dbe9efff54826f5461a2ee910ab5d9d99be4a1\"" + }, + "AssetParameters70e36baae0c71157dc0e643bf7dbe9efff54826f5461a2ee910ab5d9d99be4a1S3VersionKeyE34850A1": { + "Type": "String", + "Description": "S3 key for asset version \"70e36baae0c71157dc0e643bf7dbe9efff54826f5461a2ee910ab5d9d99be4a1\"" + }, + "AssetParameters70e36baae0c71157dc0e643bf7dbe9efff54826f5461a2ee910ab5d9d99be4a1ArtifactHash3D960303": { + "Type": "String", + "Description": "Artifact hash for asset \"70e36baae0c71157dc0e643bf7dbe9efff54826f5461a2ee910ab5d9d99be4a1\"" + } } } \ No newline at end of file diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/test/eks/integ.call.ts b/packages/@aws-cdk/aws-stepfunctions-tasks/test/eks/integ.call.ts index 6ceed02d4ccf7..68eb1cefdef42 100644 --- a/packages/@aws-cdk/aws-stepfunctions-tasks/test/eks/integ.call.ts +++ b/packages/@aws-cdk/aws-stepfunctions-tasks/test/eks/integ.call.ts @@ -1,22 +1,47 @@ +import * as eks from '@aws-cdk/aws-eks'; +import * as iam from '@aws-cdk/aws-iam'; import * as sfn from '@aws-cdk/aws-stepfunctions'; import * as cdk from '@aws-cdk/core'; -import { EksCall, MethodType } from '../../lib'; +import { EksCall, HttpMethods } from '../../lib'; + +/* + * Create a state machine with a task state to use the Kubernetes API to read Kubernetes resource objects + * via a Kubernetes API endpoint. + * + * Stack verification steps: + * The generated State Machine can be executed from the CLI (or Step Functions console) + * and runs with an execution status of `Succeeded`. + * + * -- aws stepfunctions start-execution --state-machine-arn provides execution arn + * -- aws stepfunctions describe-execution --execution-arn returns a status of `Succeeded` + */ const app = new cdk.App(); const stack = new cdk.Stack(app, 'aws-stepfunctions-tasks-eks-call-integ'); +const cluster = new eks.Cluster(stack, 'EksCluster', { + version: eks.KubernetesVersion.V1_18, + clusterName: 'eksCluster', +}); + +const executionRole = new iam.Role(stack, 'Role', { + roleName: 'executionRole', + assumedBy: new iam.ServicePrincipal('states.amazonaws.com'), +}); + +cluster.awsAuth.addMastersRole(executionRole); + const callJob = new EksCall(stack, 'Call a EKS Endpoint', { - clusterName: 'clusterName', - certificateAuthority: 'certificateAuthority', - endpoint: 'https://apiid.gr7.us-east-1.eks.amazonaws.com', - httpMethod: MethodType.GET, - path: '/api/v1/namespaces/default/pods', + cluster: cluster, + httpMethod: HttpMethods.GET, + httpPath: '/api/v1/namespaces/default/pods', }); const chain = sfn.Chain.start(callJob); const sm = new sfn.StateMachine(stack, 'StateMachine', { definition: chain, + role: executionRole, timeout: cdk.Duration.seconds(30), }); @@ -24,5 +49,4 @@ new cdk.CfnOutput(stack, 'stateMachineArn', { value: sm.stateMachineArn, }); - app.synth(); From db84626453f5f9fb93c76ed71adba8324d73a1b1 Mon Sep 17 00:00:00 2001 From: NovakGu Date: Wed, 3 Feb 2021 20:36:56 -0800 Subject: [PATCH 4/7] Fix typo in README and failed build due to execution role name in expected.json --- packages/@aws-cdk/aws-stepfunctions-tasks/README.md | 2 +- .../aws-stepfunctions-tasks/test/eks/integ.call.expected.json | 2 +- .../@aws-cdk/aws-stepfunctions-tasks/test/eks/integ.call.ts | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/README.md b/packages/@aws-cdk/aws-stepfunctions-tasks/README.md index a84cd833d5d58..0fbc077e953ac 100644 --- a/packages/@aws-cdk/aws-stepfunctions-tasks/README.md +++ b/packages/@aws-cdk/aws-stepfunctions-tasks/README.md @@ -693,7 +693,7 @@ const myEksCluster = new eks.Cluster(this, 'my sample cluster', { new tasks.EksCall(stack, 'Call a EKS Endpoint', { cluster: myEksCluster, httpMethod: MethodType.GET, - path: '/api/v1/namespaces/default/pods', + httpPath: '/api/v1/namespaces/default/pods', }); ``` diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/test/eks/integ.call.expected.json b/packages/@aws-cdk/aws-stepfunctions-tasks/test/eks/integ.call.expected.json index a8eaf611abf00..8c6dd26d2bb0c 100644 --- a/packages/@aws-cdk/aws-stepfunctions-tasks/test/eks/integ.call.expected.json +++ b/packages/@aws-cdk/aws-stepfunctions-tasks/test/eks/integ.call.expected.json @@ -1409,7 +1409,7 @@ ], "Version": "2012-10-17" }, - "RoleName": "testRoleEksCall" + "RoleName": "stateMachineExecutionRole" } }, "StateMachine2E01A3A5": { diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/test/eks/integ.call.ts b/packages/@aws-cdk/aws-stepfunctions-tasks/test/eks/integ.call.ts index 68eb1cefdef42..7a3f0b70c8e9d 100644 --- a/packages/@aws-cdk/aws-stepfunctions-tasks/test/eks/integ.call.ts +++ b/packages/@aws-cdk/aws-stepfunctions-tasks/test/eks/integ.call.ts @@ -25,7 +25,7 @@ const cluster = new eks.Cluster(stack, 'EksCluster', { }); const executionRole = new iam.Role(stack, 'Role', { - roleName: 'executionRole', + roleName: 'stateMachineExecutionRole', assumedBy: new iam.ServicePrincipal('states.amazonaws.com'), }); From 6f545ed1dcb9070267ef1521a0f6c61dd27de47b Mon Sep 17 00:00:00 2001 From: NovakGu Date: Tue, 9 Feb 2021 11:44:24 -0800 Subject: [PATCH 5/7] Address comments and nits --- .../aws-stepfunctions-tasks/lib/eks/call.ts | 8 +- .../test/eks/call.test.ts | 103 +++++++++++++++++- 2 files changed, 104 insertions(+), 7 deletions(-) diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/lib/eks/call.ts b/packages/@aws-cdk/aws-stepfunctions-tasks/lib/eks/call.ts index 7b6005782d9ac..9ad1b1d9bd2a6 100644 --- a/packages/@aws-cdk/aws-stepfunctions-tasks/lib/eks/call.ts +++ b/packages/@aws-cdk/aws-stepfunctions-tasks/lib/eks/call.ts @@ -22,6 +22,7 @@ export interface EksCallProps extends sfn.TaskStateBaseProps { /** * HTTP path of the Kubernetes REST API operation + * For example: /api/v1/namespaces/default/pods */ readonly httpPath: string; @@ -35,7 +36,7 @@ export interface EksCallProps extends sfn.TaskStateBaseProps { * Request body part of HTTP request * @default - No request body */ - readonly requestBody?: { [key: string]: any }; + readonly requestBody?: sfn.TaskInput; } /** @@ -50,6 +51,9 @@ export class EksCall extends sfn.TaskStateBase { sfn.IntegrationPattern.REQUEST_RESPONSE, ]; + /** No policies are required due to eks:call is an Http service integration and does not call and EKS API directly + * @see https://docs.aws.amazon.com/step-functions/latest/dg/connect-eks.html#connect-eks-permissions + */ protected readonly taskMetrics?: sfn.TaskMetricsConfig; protected readonly taskPolicies?: iam.PolicyStatement[]; @@ -76,7 +80,7 @@ export class EksCall extends sfn.TaskStateBase { Method: this.props.httpMethod, Path: this.props.httpPath, QueryParameters: this.props.queryParameters, - RequestBody: this.props.requestBody, + RequestBody: this.props.requestBody?.value, }), }; } diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/test/eks/call.test.ts b/packages/@aws-cdk/aws-stepfunctions-tasks/test/eks/call.test.ts index 164c1d4780f37..3c6f9b625750b 100644 --- a/packages/@aws-cdk/aws-stepfunctions-tasks/test/eks/call.test.ts +++ b/packages/@aws-cdk/aws-stepfunctions-tasks/test/eks/call.test.ts @@ -22,7 +22,7 @@ test('Call an EKS endpoint', () => { httpMethod: HttpMethods.GET, httpPath: 'path', requestBody: sfn.TaskInput.fromObject({ - RequestBody: 'requestBody', + Body: 'requestBody', }), }); @@ -61,11 +61,104 @@ test('Call an EKS endpoint', () => { Method: 'GET', Path: 'path', RequestBody: { - type: 1, - value: { - RequestBody: 'requestBody', - }, + Body: 'requestBody', + }, + }, + }); +}); + +test('Call an EKS endpoint with requestBody as a string', () => { + // WHEN + const task = new EksCall(stack, 'Call', { + cluster: cluster, + httpMethod: HttpMethods.GET, + httpPath: 'path', + requestBody: sfn.TaskInput.fromText('requestBody'), + }); + + // THEN + expect(stack.resolve(task.toStateJson())).toEqual({ + Type: 'Task', + Resource: { + 'Fn::Join': [ + '', + [ + 'arn:', + { + Ref: 'AWS::Partition', + }, + ':states:::eks:call', + ], + ], + }, + End: true, + Parameters: { + ClusterName: { + Ref: 'Cluster9EE0221C', + }, + CertificateAuthority: { + 'Fn::GetAtt': [ + 'Cluster9EE0221C', + 'CertificateAuthorityData', + ], + }, + Endpoint: { + 'Fn::GetAtt': [ + 'Cluster9EE0221C', + 'Endpoint', + ], + }, + Method: 'GET', + Path: 'path', + RequestBody: 'requestBody', + }, + }); +}); + +test('Call an EKS endpoint with requestBody supply through path', () => { + // WHEN + const task = new EksCall(stack, 'Call', { + cluster: cluster, + httpMethod: HttpMethods.GET, + httpPath: 'path', + requestBody: sfn.TaskInput.fromJsonPathAt('$.Request.Body'), + }); + + // THEN + expect(stack.resolve(task.toStateJson())).toEqual({ + Type: 'Task', + Resource: { + 'Fn::Join': [ + '', + [ + 'arn:', + { + Ref: 'AWS::Partition', + }, + ':states:::eks:call', + ], + ], + }, + End: true, + Parameters: { + 'ClusterName': { + Ref: 'Cluster9EE0221C', + }, + 'CertificateAuthority': { + 'Fn::GetAtt': [ + 'Cluster9EE0221C', + 'CertificateAuthorityData', + ], + }, + 'Endpoint': { + 'Fn::GetAtt': [ + 'Cluster9EE0221C', + 'Endpoint', + ], }, + 'Method': 'GET', + 'Path': 'path', + 'RequestBody.$': '$.Request.Body', }, }); }); From 113067582b8bfce621c4077069eb90f21be4607f Mon Sep 17 00:00:00 2001 From: NovakGu Date: Wed, 17 Feb 2021 17:42:19 -0800 Subject: [PATCH 6/7] add validation for clusterEndpoint and clusterCertAuth and coverage tests --- .../aws-stepfunctions-tasks/lib/eks/call.ts | 19 +++++++++- .../test/eks/call.test.ts | 38 +++++++++++++++++++ 2 files changed, 55 insertions(+), 2 deletions(-) diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/lib/eks/call.ts b/packages/@aws-cdk/aws-stepfunctions-tasks/lib/eks/call.ts index 9ad1b1d9bd2a6..8cbf3fcca5886 100644 --- a/packages/@aws-cdk/aws-stepfunctions-tasks/lib/eks/call.ts +++ b/packages/@aws-cdk/aws-stepfunctions-tasks/lib/eks/call.ts @@ -59,11 +59,26 @@ export class EksCall extends sfn.TaskStateBase { private readonly integrationPattern: sfn.IntegrationPattern; + private readonly clusterEndpoint: string; + private readonly clusterCertificateAuthorityData: string; + constructor(scope: Construct, id: string, private readonly props: EksCallProps) { super(scope, id, props); this.integrationPattern = props.integrationPattern ?? sfn.IntegrationPattern.REQUEST_RESPONSE; validatePatternSupported(this.integrationPattern, EksCall.SUPPORTED_INTEGRATION_PATTERNS); + + try { + this.clusterEndpoint = this.props.cluster.clusterEndpoint; + } catch (e) { + throw new Error('The "clusterEndpoint" property must be specified when using an imported Cluster.'); + } + + try { + this.clusterCertificateAuthorityData = this.props.cluster.clusterCertificateAuthorityData; + } catch (e) { + throw new Error('The "clusterCertificateAuthorityData" property must be specified when using an imported Cluster.'); + } } /** @@ -75,8 +90,8 @@ export class EksCall extends sfn.TaskStateBase { Resource: integrationResourceArn('eks', 'call', this.integrationPattern), Parameters: sfn.FieldUtils.renderObject({ ClusterName: this.props.cluster.clusterName, - CertificateAuthority: this.props.cluster.clusterCertificateAuthorityData, - Endpoint: this.props.cluster.clusterEndpoint, + CertificateAuthority: this.clusterCertificateAuthorityData, + Endpoint: this.clusterEndpoint, Method: this.props.httpMethod, Path: this.props.httpPath, QueryParameters: this.props.queryParameters, diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/test/eks/call.test.ts b/packages/@aws-cdk/aws-stepfunctions-tasks/test/eks/call.test.ts index 3c6f9b625750b..fd7c9f7cb0dd7 100644 --- a/packages/@aws-cdk/aws-stepfunctions-tasks/test/eks/call.test.ts +++ b/packages/@aws-cdk/aws-stepfunctions-tasks/test/eks/call.test.ts @@ -193,4 +193,42 @@ test('Task throws if WAIT_FOR_TASK_TOKEN is supplied as service integration patt }).toThrow( /Unsupported service integration pattern. Supported Patterns: REQUEST_RESPONSE. Received: WAIT_FOR_TASK_TOKEN/, ); +}); + +test('Task throws if cluster supplied does not have clusterEndpoint configured', () => { + const importedCluster = eks.Cluster.fromClusterAttributes(stack, 'InvalidCluster', { + clusterName: 'importedCluster', + clusterCertificateAuthorityData: 'clusterCertificateAuthorityData', + }); + expect(() => { + new EksCall(stack, 'Call', { + cluster: importedCluster, + httpMethod: HttpMethods.GET, + httpPath: 'path', + requestBody: sfn.TaskInput.fromObject({ + RequestBody: 'requestBody', + }), + }); + }).toThrow( + /The "clusterEndpoint" property must be specified when using an imported Cluster./, + ); +}); + +test('Task throws if cluster supplied does not have clusterCertificateAuthorityData configured', () => { + const importedCluster = eks.Cluster.fromClusterAttributes(stack, 'InvalidCluster', { + clusterName: 'importedCluster', + clusterEndpoint: 'clusterEndpoint', + }); + expect(() => { + new EksCall(stack, 'Call', { + cluster: importedCluster, + httpMethod: HttpMethods.GET, + httpPath: 'path', + requestBody: sfn.TaskInput.fromObject({ + RequestBody: 'requestBody', + }), + }); + }).toThrow( + /The "clusterCertificateAuthorityData" property must be specified when using an imported Cluster./, + ); }); \ No newline at end of file From b5556e95f5f83305a84e1d5399feefd123f97cdd Mon Sep 17 00:00:00 2001 From: NovakGu Date: Mon, 22 Feb 2021 12:09:24 -0800 Subject: [PATCH 7/7] update expected json for eks:call integ test --- .../test/eks/integ.call.expected.json | 71 +++++++------------ 1 file changed, 25 insertions(+), 46 deletions(-) diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/test/eks/integ.call.expected.json b/packages/@aws-cdk/aws-stepfunctions-tasks/test/eks/integ.call.expected.json index 8c6dd26d2bb0c..23ad4160b9f7b 100644 --- a/packages/@aws-cdk/aws-stepfunctions-tasks/test/eks/integ.call.expected.json +++ b/packages/@aws-cdk/aws-stepfunctions-tasks/test/eks/integ.call.expected.json @@ -715,14 +715,6 @@ ] } }, - { - "Action": [ - "ec2:DescribeSubnets", - "ec2:DescribeRouteTables" - ], - "Effect": "Allow", - "Resource": "*" - }, { "Action": [ "eks:CreateCluster", @@ -820,31 +812,17 @@ "Resource": "*" }, { - "Action": "ec2:DescribeVpcs", + "Action": [ + "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeRouteTables", + "ec2:DescribeDhcpOptions", + "ec2:DescribeVpcs" + ], "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":ec2:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":vpc/", - { - "Ref": "EksClusterDefaultVpcB24550B2" - } - ] - ] - } + "Resource": "*" } ], "Version": "2012-10-17" @@ -1274,7 +1252,9 @@ "Ref": "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3VersionKeyA495226F" } } - } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" }, "awscdkawseksKubectlProviderNestedStackawscdkawseksKubectlProviderNestedStackResourceA7AEBA6B": { "Type": "AWS::CloudFormation::Stack", @@ -1293,7 +1273,7 @@ }, "/", { - "Ref": "AssetParameters70e36baae0c71157dc0e643bf7dbe9efff54826f5461a2ee910ab5d9d99be4a1S3Bucket99903CA7" + "Ref": "AssetParameterscad1ae036643e3cd17cd3b2b30a2f9e07c1aacaf5284314f41437e4c20447aeaS3BucketED16A657" }, "/", { @@ -1303,7 +1283,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters70e36baae0c71157dc0e643bf7dbe9efff54826f5461a2ee910ab5d9d99be4a1S3VersionKeyE34850A1" + "Ref": "AssetParameterscad1ae036643e3cd17cd3b2b30a2f9e07c1aacaf5284314f41437e4c20447aeaS3VersionKey37A80BBF" } ] } @@ -1316,7 +1296,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters70e36baae0c71157dc0e643bf7dbe9efff54826f5461a2ee910ab5d9d99be4a1S3VersionKeyE34850A1" + "Ref": "AssetParameterscad1ae036643e3cd17cd3b2b30a2f9e07c1aacaf5284314f41437e4c20447aeaS3VersionKey37A80BBF" } ] } @@ -1371,9 +1351,6 @@ "referencetoawsstepfunctionstasksekscallintegAssetParameters844c1a4b13479b359ea0e607dccb4a04b73e22cf88cf9b64feed2c5f0de213c0S3VersionKey5CB2DA63Ref": { "Ref": "AssetParameters844c1a4b13479b359ea0e607dccb4a04b73e22cf88cf9b64feed2c5f0de213c0S3VersionKeyF55A2EA9" }, - "referencetoawsstepfunctionstasksekscallintegEksClusterDefaultVpc549F5A2DRef": { - "Ref": "EksClusterDefaultVpcB24550B2" - }, "referencetoawsstepfunctionstasksekscallintegAssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3BucketCF9FB24DRef": { "Ref": "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3BucketDC4B98B1" }, @@ -1381,7 +1358,9 @@ "Ref": "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3VersionKeyA495226F" } } - } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" }, "Role1ABCC5F0": { "Type": "AWS::IAM::Role", @@ -1585,17 +1564,17 @@ "Type": "String", "Description": "Artifact hash for asset \"3aee2b76026cd725af3b14456bf03061e83d56cce0e0354c7c8e88ee1150e527\"" }, - "AssetParameters70e36baae0c71157dc0e643bf7dbe9efff54826f5461a2ee910ab5d9d99be4a1S3Bucket99903CA7": { + "AssetParameterscad1ae036643e3cd17cd3b2b30a2f9e07c1aacaf5284314f41437e4c20447aeaS3BucketED16A657": { "Type": "String", - "Description": "S3 bucket for asset \"70e36baae0c71157dc0e643bf7dbe9efff54826f5461a2ee910ab5d9d99be4a1\"" + "Description": "S3 bucket for asset \"cad1ae036643e3cd17cd3b2b30a2f9e07c1aacaf5284314f41437e4c20447aea\"" }, - "AssetParameters70e36baae0c71157dc0e643bf7dbe9efff54826f5461a2ee910ab5d9d99be4a1S3VersionKeyE34850A1": { + "AssetParameterscad1ae036643e3cd17cd3b2b30a2f9e07c1aacaf5284314f41437e4c20447aeaS3VersionKey37A80BBF": { "Type": "String", - "Description": "S3 key for asset version \"70e36baae0c71157dc0e643bf7dbe9efff54826f5461a2ee910ab5d9d99be4a1\"" + "Description": "S3 key for asset version \"cad1ae036643e3cd17cd3b2b30a2f9e07c1aacaf5284314f41437e4c20447aea\"" }, - "AssetParameters70e36baae0c71157dc0e643bf7dbe9efff54826f5461a2ee910ab5d9d99be4a1ArtifactHash3D960303": { + "AssetParameterscad1ae036643e3cd17cd3b2b30a2f9e07c1aacaf5284314f41437e4c20447aeaArtifactHash11CEC9E5": { "Type": "String", - "Description": "Artifact hash for asset \"70e36baae0c71157dc0e643bf7dbe9efff54826f5461a2ee910ab5d9d99be4a1\"" + "Description": "Artifact hash for asset \"cad1ae036643e3cd17cd3b2b30a2f9e07c1aacaf5284314f41437e4c20447aea\"" } } } \ No newline at end of file