Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore: forward merge 'master' into 'v2-main' #13563

Closed
wants to merge 16 commits into from

Conversation

aws-cdk-automation
Copy link
Collaborator

@aws-cdk-automation aws-cdk-automation commented Mar 12, 2021

Automated action from aws/cdk-ops

aws-cdk-automation and others added 16 commits March 10, 2021 09:38
Co-authored-by: AWS CDK Team <aws-cdk@amazon.com>
…13423)

See CDK RFC 253 (aws/aws-cdk-rfcs#254) for background and details.

Currently -- if a user has not opted out -- an AWS::CDK::Metadata resource
is added to each generated stack template with details about each loaded module
and version that matches an Amazon-specific allow list.

This modules list is used to:

- Track what library versions customers are using so they can be contacted in
  the event of a severe (security) issue with a library.
- Get business metrics on the adoption of CDK and its libraries.

This modules list is sometimes inaccurate (a module may be loaded into memory
without actually being used) and too braod to support CDK v2.

This feature (mostly) implements the specification proposed in RFC 253 to
include metadata about what constructs are present in each stack, rather than
modules loaded into memory. The allow-list is still used to ensure only CDK/AWS
constructs are reported on.

Implementation notes:
- The format of the Analytics property has changed slightly since the RFC. See
  the service-side code for justification and latest spec.
- How to handle the jsii runtime information was left un-spec'd. I've chosen to
  create a psuedo-Construct to add to the list as the simplest solution.
- `runtime-info.test.ts` leaps through some serious hoops to work equally well
  for both v1 and v2, and to fail somewhat gracefully locally if `tsc` was used
  to compile the module instead of `jsii`. Critques of this approach welcome!
- I removed an annoyance from `resolve-version-lib.js` that produced error
  messages when running unit tests.


----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Our previous implementation of `toJSON()` was quite hacky.

It replaced values inside the structure with objects that had a custom
`toJSON()` serializer, and then called `JSON.stringify()` on the result.

The resulting JSON would have special markers in it where the Token
values would be string-substituted back in.

It's actually easier and gives us more control to just implement
JSONification ourselves in a Token-aware recursive function.

This change has been split off from a larger, upcoming PR in order
to make the individual reviews smaller.

Incidentally also fixes #13465, as the type of encoded tokens is assumed to match
the type of the encoded value (e.g., a `string[]`-encoded token is assumed to
produce a list at deploy-time and so will not be quoted).


----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
The parameter currently used for `find` in `link-all.sh`,
`-perm /111`, fails on my Mac.
Switch to using `-perm +111`, which works fine,
and that's also what JSII uses in
[its `link-all.sh` script](https://github.com/aws/jsii/blob/f8bde4a01bf7c707c87ab00748eeeb7632e7c820/scripts/link-all.sh#L26-L26).

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Looking for guidance on error messaging and/or docs to update
Fixes #13479

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
#13494)

Changes:

* .NET: Namespace changed from `Amazon.CDK.Lib` -> `Amazon.CDK` (so `Stack` has the same FQN, same namespace as in Monocdk)
* Java: Package name changed from `software.amazon.awscdk.lib` -> `software.amazon.awscdk.core` (so `Stack` has the same FQN, same namespace as in Monocdk)
* Java: Changed artifact ID to match what's written in [RFC 6]
* Python: Changed dist name to match what's written in [RFC 6]
* Python: Change namespace to `aws_cdk` instead of `aws_cdk_lib` for minimal interference. Still need to test whether it's okay to change this to `aws_cdk.core` (like for Java) so `Stack` will keep the same FQN. Monocdk does something different for Python.

[RFC 6]: https://github.com/aws/aws-cdk-rfcs/blob/master/text/0006-monolothic-packaging.md

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…PIs (#13033)

feat(stepfunctions-tasks): Support calling APIGW REST and HTTP APIs

Taking ownership of the original PR #11565 by @Sumeet-Badyal 

API as per documentation here:
https://docs.aws.amazon.com/step-functions/latest/dg/connect-api-gateway.html
https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-control-access-using-iam-policies-to-invoke-api.html


closes #11566
closes #11565


----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Adds route retry policies for http/http2 and gRPC routes.

Closes #11642

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
The prefix-encoded trie could occasionally encode the tested resource
name in a way that prevents the test to match. Using a "fake" version
number ensures a unique prefix is always present, and hence the tested
entry will never be encoded in unexpected ways.


----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Ensure `imagePath` ends with `/.` so that the content at that location
is copied.

See https://docs.docker.com/engine/reference/commandline/cp/

Closes #13439


----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Adds route priority, header matching and matching by scheme and method.

Closes #11645

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…cture (#12943)

@sshver:
 
> Client Policies are inherently not related to the Virtual Service. It should be thought of as the client (the VN) telling envoy what connections they want to allow to the server (the Virtual Service). The server shouldn't be the one to define what policies are used to enforce connections with itself.

## Description of changes
I refactored the client policy from Virtual Service to a separate backend structure. This mirrors how our API is designed. Also ran `npm run lint -- --fix` and removed some comments to fix lint warnings.

```ts
/* Old backend defaults */
backendsDefaultClientPolicy: appmesh.ClientPolicy.fileTrust({
  certificateChain: 'path-to-certificate',
}),

/* result of this PR */
backendDefaults: {
  clientPolicy: appmesh.ClientPolicy.fileTrust({
    certificateChain: 'path-to-certificate',
  }),
},
```

```ts
/* Old Virtual Service with client policy */
const service1 = new appmesh.VirtualService(stack, 'service-1', {
  virtualServiceName: 'service1.domain.local',
  virtualServiceProvider: appmesh.VirtualServiceProvider.none(mesh),
  clientPolicy: appmesh.ClientPolicy.fileTrust({
    certificateChain: 'path-to-certificate',
    ports: [8080, 8081],
  }),
});

/* result of this PR; client policy is defined in the Virtual Node */
const service1 = new appmesh.VirtualService(stack, 'service-1', {
  virtualServiceName: 'service1.domain.local',
  virtualServiceProvider: appmesh.VirtualServiceProvider.none(mesh),
});

const node = new appmesh.VirtualNode(stack, 'test-node', {
  mesh,
  serviceDiscovery: appmesh.ServiceDiscovery.dns('test'),
});

node.addBackend({
  virtualService: service1,
  clientPolicy: appmesh.ClientPolicy.fileTrust({
    certificateChain: 'path-to-certificate',
    ports: [8080, 8081],
  }),
});
```

BREAKING CHANGE: Backend, backend default and Virtual Service client policies structures are being altered
* **appmesh**: you must use the backend default interface to define backend defaults in `VirtualGateway`.
  The property name also changed from `backendsDefaultClientPolicy` to `backendDefaults`
* **appmesh**:  you must use the backend default interface to define backend defaults in `VirtualNode`,
  (the property name also changed from `backendsDefaultClientPolicy` to `backendDefaults`),
  and the `Backend` class to define a backend
* **appmesh**: you can no longer attach a client policy to a `VirtualService`

Resolves #11996

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
@aws-cdk-automation aws-cdk-automation added pr/auto-approve Notifies the GH action to auto-approve this PR pr/forward-merge PR label to indicate forward merges of master to v2-main pr/no-squash This PR should be merged instead of squash-merging it labels Mar 12, 2021
@aws-cdk-automation
Copy link
Collaborator Author

AWS CodeBuild CI Report

  • CodeBuild project: AutoBuildProject89A8053A-LhjRyN9kxr8o
  • Commit ID: d3f4284
  • Result: SUCCEEDED
  • Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

@iliapolo
Copy link
Contributor

Superseded by #13631

@iliapolo iliapolo closed this Mar 17, 2021
@iliapolo iliapolo deleted the v2/forward-merge-20210312 branch March 17, 2021 20:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
pr/auto-approve Notifies the GH action to auto-approve this PR pr/forward-merge PR label to indicate forward merges of master to v2-main pr/no-squash This PR should be merged instead of squash-merging it
Projects
None yet
Development

Successfully merging this pull request may close these issues.