From 4821faf671b418da26a5266da6bc73eb7c9a8a9d Mon Sep 17 00:00:00 2001 From: Kyle Laker Date: Fri, 25 Aug 2023 22:11:12 -0400 Subject: [PATCH 1/3] fix: partition is hardcoded in ALB controller IAM --- .../aws-cdk-lib/aws-eks/lib/alb-controller.ts | 32 +++++++++++++++---- .../aws-eks/test/alb-controller.test.ts | 15 +++++++++ packages/aws-cdk-lib/aws-eks/test/util.ts | 13 ++++---- 3 files changed, 48 insertions(+), 12 deletions(-) diff --git a/packages/aws-cdk-lib/aws-eks/lib/alb-controller.ts b/packages/aws-cdk-lib/aws-eks/lib/alb-controller.ts index 5f9251068bc75..f329c8bc14afe 100644 --- a/packages/aws-cdk-lib/aws-eks/lib/alb-controller.ts +++ b/packages/aws-cdk-lib/aws-eks/lib/alb-controller.ts @@ -1,6 +1,6 @@ import * as fs from 'fs'; import * as path from 'path'; -import { Construct, Node } from 'constructs'; +import { Construct } from 'constructs'; import { Cluster } from './cluster'; import { HelmChart } from './helm-chart'; import { ServiceAccount } from './service-account'; @@ -8,7 +8,7 @@ import * as iam from '../../aws-iam'; // v2 - keep this import as a separate section to reduce merge conflict when forward merging with the v2 branch. // eslint-disable-next-line -import { Duration, Names, Stack } from '../../core'; +import { Aws, Duration, Names, Stack } from '../../core'; /** * Controller version. @@ -263,7 +263,11 @@ export class AlbController extends Construct { const policy: any = props.policy ?? JSON.parse(fs.readFileSync(path.join(__dirname, 'addons', `alb-iam_policy-${props.version.version}.json`), 'utf8')); for (const statement of policy.Statement) { - serviceAccount.addToPrincipalPolicy(iam.PolicyStatement.fromJson(statement)); + const rewrittenStatement = { + ...statement, + Resource: this.rewritePolicyResources(statement.Resource), + }; + serviceAccount.addToPrincipalPolicy(iam.PolicyStatement.fromJson(rewrittenStatement)); } // https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.2/deploy/installation/#add-controller-to-cluster @@ -293,8 +297,24 @@ export class AlbController extends Construct { }); // the controller relies on permissions deployed using these resources. - Node.of(chart).addDependency(serviceAccount); - Node.of(chart).addDependency(props.cluster.openIdConnectProvider); - Node.of(chart).addDependency(props.cluster.awsAuth); + chart.node.addDependency(serviceAccount); + chart.node.addDependency(props.cluster.openIdConnectProvider); + chart.node.addDependency(props.cluster.awsAuth); + } + + private rewritePolicyResources(resources: string | string[] | undefined): string | string[] | undefined { + // This is safe to disable because we're actually replacing the literal partition with a reference to + // the stack partition (which is hardcoded into the JSON files) to prevent issues such as + // aws/aws-cdk#22520. + // eslint-disable-next-line @aws-cdk/no-literal-partition + const rewriteResource = (s: string) => s.replace('arn:aws:', `arn:${Aws.PARTITION}:`); + + if (!resources) { + return resources; + } + if (!Array.isArray(resources)) { + return rewriteResource(resources); + } + return resources.map(rewriteResource); } } diff --git a/packages/aws-cdk-lib/aws-eks/test/alb-controller.test.ts b/packages/aws-cdk-lib/aws-eks/test/alb-controller.test.ts index d71d06c2aed9c..a7307b2db79df 100644 --- a/packages/aws-cdk-lib/aws-eks/test/alb-controller.test.ts +++ b/packages/aws-cdk-lib/aws-eks/test/alb-controller.test.ts @@ -70,6 +70,21 @@ test('throws when a policy is not defined for a custom version', () => { })).toThrowError("'albControllerOptions.policy' is required when using a custom controller version"); }); +test.each(['us-gov-west-1', 'cn-north-1'])('stack does not include hard-coded partition', (region) => { + const { stack } = testFixture(region); + const cluster = new Cluster(stack, 'Cluster', { + version: KubernetesVersion.V1_25, + }); + + AlbController.create(stack, { + cluster, + version: AlbControllerVersion.V2_5_1, + }); + + const template = Template.fromStack(stack); + expect(JSON.stringify(template)).not.toContain('arn:aws'); +}); + test('correct helm chart version is set for selected alb controller version', () => { const { stack } = testFixture(); diff --git a/packages/aws-cdk-lib/aws-eks/test/util.ts b/packages/aws-cdk-lib/aws-eks/test/util.ts index eb3dde40a4560..a4d8af2d23839 100644 --- a/packages/aws-cdk-lib/aws-eks/test/util.ts +++ b/packages/aws-cdk-lib/aws-eks/test/util.ts @@ -3,22 +3,23 @@ import { App, Stack } from '../../core'; import { Cluster, ClusterProps, KubernetesVersion } from '../lib'; const CLUSTER_VERSION = KubernetesVersion.V1_25; +const DEFAULT_REGION = 'us-east-1'; -export function testFixture() { - const { stack, app } = testFixtureNoVpc(); +export function testFixture(region: string = DEFAULT_REGION) { + const { stack, app } = testFixtureNoVpc(region); const vpc = new ec2.Vpc(stack, 'VPC'); return { stack, vpc, app }; } -export function testFixtureNoVpc() { +export function testFixtureNoVpc(region: string = DEFAULT_REGION) { const app = new App(); - const stack = new Stack(app, 'Stack', { env: { region: 'us-east-1' } }); + const stack = new Stack(app, 'Stack', { env: { region } }); return { stack, app }; } -export function testFixtureCluster(props: Omit = {}) { - const { stack, app } = testFixtureNoVpc(); +export function testFixtureCluster(props: Omit = {}, region: string = DEFAULT_REGION) { + const { stack, app } = testFixtureNoVpc(region); const cluster = new Cluster(stack, 'Cluster', { version: CLUSTER_VERSION, prune: false, // mainly because this feature was added later and we wanted to avoid having to update all test expectations.... From 3cc7103deb9bfb0f1e319e3915c45cae75ab9fa9 Mon Sep 17 00:00:00 2001 From: Sumu Date: Tue, 17 Oct 2023 15:43:27 -0400 Subject: [PATCH 2/3] update snapshots from integ.alb-controller.js test Signed-off-by: Sumu --- .../apply/__init__.py | 0 .../get/__init__.py | 0 .../helm/__init__.py | 10 +- .../index.py | 0 .../patch/__init__.py | 0 .../cluster.d.ts | 0 .../cluster.js | 276 +++++++++++++++++ .../cluster.ts | 0 .../common.d.ts | 0 .../common.js | 42 +++ .../common.ts | 0 .../compareLogging.d.ts | 0 .../compareLogging.js | 37 +++ .../compareLogging.ts | 0 .../consts.d.ts | 0 .../consts.js | 5 + .../consts.ts | 0 .../fargate.d.ts | 0 .../fargate.js | 101 +++++++ .../fargate.ts | 0 .../index.d.ts | 0 .../index.js | 62 ++++ .../index.ts | 2 +- .../cluster.js | 277 ------------------ .../common.js | 43 --- .../compareLogging.js | 38 --- .../consts.js | 6 - .../fargate.js | 102 ------- .../index.js | 68 ----- ...ks-cluster-alb-controller-test.assets.json | 24 +- ...-cluster-alb-controller-test.template.json | 173 ++++++++++- ...ourceProvider5DBBAFBB.nested.template.json | 4 +- ...bectlProviderA1AC28D1.nested.template.json | 2 +- .../manifest.json | 2 +- .../tree.json | 179 +++++++++-- 35 files changed, 864 insertions(+), 589 deletions(-) rename packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/{asset.7ee709fdaf72d4a95dabe6f431ed4176b1dbcb78127986bf956f0ed8cad04779 => asset.0f19e51d1e47290d7a33e0b67405e4722942dee4b92b9d29425fccf0d99017c3}/apply/__init__.py (100%) rename packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/{asset.7ee709fdaf72d4a95dabe6f431ed4176b1dbcb78127986bf956f0ed8cad04779 => asset.0f19e51d1e47290d7a33e0b67405e4722942dee4b92b9d29425fccf0d99017c3}/get/__init__.py (100%) rename packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/{asset.7ee709fdaf72d4a95dabe6f431ed4176b1dbcb78127986bf956f0ed8cad04779 => asset.0f19e51d1e47290d7a33e0b67405e4722942dee4b92b9d29425fccf0d99017c3}/helm/__init__.py (97%) rename packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/{asset.7ee709fdaf72d4a95dabe6f431ed4176b1dbcb78127986bf956f0ed8cad04779 => asset.0f19e51d1e47290d7a33e0b67405e4722942dee4b92b9d29425fccf0d99017c3}/index.py (100%) rename packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/{asset.7ee709fdaf72d4a95dabe6f431ed4176b1dbcb78127986bf956f0ed8cad04779 => asset.0f19e51d1e47290d7a33e0b67405e4722942dee4b92b9d29425fccf0d99017c3}/patch/__init__.py (100%) rename packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/{asset.b8426d60bacb99593213adedd37997b7d83efb99683ef98c85e692a82056e829 => asset.9efb96d8186dd343e3f84c72cfbcaaf16aa5579bbac0c02c60d4f19f4300d832}/cluster.d.ts (100%) create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/asset.9efb96d8186dd343e3f84c72cfbcaaf16aa5579bbac0c02c60d4f19f4300d832/cluster.js rename packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/{asset.b8426d60bacb99593213adedd37997b7d83efb99683ef98c85e692a82056e829 => asset.9efb96d8186dd343e3f84c72cfbcaaf16aa5579bbac0c02c60d4f19f4300d832}/cluster.ts (100%) rename packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/{asset.b8426d60bacb99593213adedd37997b7d83efb99683ef98c85e692a82056e829 => asset.9efb96d8186dd343e3f84c72cfbcaaf16aa5579bbac0c02c60d4f19f4300d832}/common.d.ts (100%) create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/asset.9efb96d8186dd343e3f84c72cfbcaaf16aa5579bbac0c02c60d4f19f4300d832/common.js rename packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/{asset.b8426d60bacb99593213adedd37997b7d83efb99683ef98c85e692a82056e829 => asset.9efb96d8186dd343e3f84c72cfbcaaf16aa5579bbac0c02c60d4f19f4300d832}/common.ts (100%) rename packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/{asset.b8426d60bacb99593213adedd37997b7d83efb99683ef98c85e692a82056e829 => asset.9efb96d8186dd343e3f84c72cfbcaaf16aa5579bbac0c02c60d4f19f4300d832}/compareLogging.d.ts (100%) create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/asset.9efb96d8186dd343e3f84c72cfbcaaf16aa5579bbac0c02c60d4f19f4300d832/compareLogging.js rename packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/{asset.b8426d60bacb99593213adedd37997b7d83efb99683ef98c85e692a82056e829 => asset.9efb96d8186dd343e3f84c72cfbcaaf16aa5579bbac0c02c60d4f19f4300d832}/compareLogging.ts (100%) rename packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/{asset.b8426d60bacb99593213adedd37997b7d83efb99683ef98c85e692a82056e829 => asset.9efb96d8186dd343e3f84c72cfbcaaf16aa5579bbac0c02c60d4f19f4300d832}/consts.d.ts (100%) create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/asset.9efb96d8186dd343e3f84c72cfbcaaf16aa5579bbac0c02c60d4f19f4300d832/consts.js rename packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/{asset.b8426d60bacb99593213adedd37997b7d83efb99683ef98c85e692a82056e829 => asset.9efb96d8186dd343e3f84c72cfbcaaf16aa5579bbac0c02c60d4f19f4300d832}/consts.ts (100%) rename packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/{asset.b8426d60bacb99593213adedd37997b7d83efb99683ef98c85e692a82056e829 => asset.9efb96d8186dd343e3f84c72cfbcaaf16aa5579bbac0c02c60d4f19f4300d832}/fargate.d.ts (100%) create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/asset.9efb96d8186dd343e3f84c72cfbcaaf16aa5579bbac0c02c60d4f19f4300d832/fargate.js rename packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/{asset.b8426d60bacb99593213adedd37997b7d83efb99683ef98c85e692a82056e829 => asset.9efb96d8186dd343e3f84c72cfbcaaf16aa5579bbac0c02c60d4f19f4300d832}/fargate.ts (100%) rename packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/{asset.b8426d60bacb99593213adedd37997b7d83efb99683ef98c85e692a82056e829 => asset.9efb96d8186dd343e3f84c72cfbcaaf16aa5579bbac0c02c60d4f19f4300d832}/index.d.ts (100%) create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/asset.9efb96d8186dd343e3f84c72cfbcaaf16aa5579bbac0c02c60d4f19f4300d832/index.js rename packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/{asset.b8426d60bacb99593213adedd37997b7d83efb99683ef98c85e692a82056e829 => asset.9efb96d8186dd343e3f84c72cfbcaaf16aa5579bbac0c02c60d4f19f4300d832}/index.ts (99%) delete mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/asset.b8426d60bacb99593213adedd37997b7d83efb99683ef98c85e692a82056e829/cluster.js delete mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/asset.b8426d60bacb99593213adedd37997b7d83efb99683ef98c85e692a82056e829/common.js delete mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/asset.b8426d60bacb99593213adedd37997b7d83efb99683ef98c85e692a82056e829/compareLogging.js delete mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/asset.b8426d60bacb99593213adedd37997b7d83efb99683ef98c85e692a82056e829/consts.js delete mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/asset.b8426d60bacb99593213adedd37997b7d83efb99683ef98c85e692a82056e829/fargate.js delete mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/asset.b8426d60bacb99593213adedd37997b7d83efb99683ef98c85e692a82056e829/index.js diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/asset.7ee709fdaf72d4a95dabe6f431ed4176b1dbcb78127986bf956f0ed8cad04779/apply/__init__.py b/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/asset.0f19e51d1e47290d7a33e0b67405e4722942dee4b92b9d29425fccf0d99017c3/apply/__init__.py similarity index 100% rename from packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/asset.7ee709fdaf72d4a95dabe6f431ed4176b1dbcb78127986bf956f0ed8cad04779/apply/__init__.py rename to packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/asset.0f19e51d1e47290d7a33e0b67405e4722942dee4b92b9d29425fccf0d99017c3/apply/__init__.py diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/asset.7ee709fdaf72d4a95dabe6f431ed4176b1dbcb78127986bf956f0ed8cad04779/get/__init__.py b/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/asset.0f19e51d1e47290d7a33e0b67405e4722942dee4b92b9d29425fccf0d99017c3/get/__init__.py similarity index 100% rename from packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/asset.7ee709fdaf72d4a95dabe6f431ed4176b1dbcb78127986bf956f0ed8cad04779/get/__init__.py rename to packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/asset.0f19e51d1e47290d7a33e0b67405e4722942dee4b92b9d29425fccf0d99017c3/get/__init__.py diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/asset.7ee709fdaf72d4a95dabe6f431ed4176b1dbcb78127986bf956f0ed8cad04779/helm/__init__.py b/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/asset.0f19e51d1e47290d7a33e0b67405e4722942dee4b92b9d29425fccf0d99017c3/helm/__init__.py similarity index 97% rename from packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/asset.7ee709fdaf72d4a95dabe6f431ed4176b1dbcb78127986bf956f0ed8cad04779/helm/__init__.py rename to packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/asset.0f19e51d1e47290d7a33e0b67405e4722942dee4b92b9d29425fccf0d99017c3/helm/__init__.py index ce5fe63925637..3a5656f46db91 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/asset.7ee709fdaf72d4a95dabe6f431ed4176b1dbcb78127986bf956f0ed8cad04779/helm/__init__.py +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/asset.0f19e51d1e47290d7a33e0b67405e4722942dee4b92b9d29425fccf0d99017c3/helm/__init__.py @@ -100,8 +100,8 @@ def helm_handler(event, context): def get_oci_cmd(repository, version): # Generates OCI command based on pattern. Public ECR vs Private ECR are treated differently. - private_ecr_pattern = 'oci://(?P\d+.dkr.ecr.(?P[a-z0-9\-]+).amazonaws.com)*' - public_ecr_pattern = 'oci://(?Ppublic.ecr.aws)*' + private_ecr_pattern = 'oci://(?P\d+\.dkr\.ecr\.(?P[a-z0-9\-]+)\.amazonaws\.com)*' + public_ecr_pattern = 'oci://(?Ppublic\.ecr\.aws)*' private_registry = re.match(private_ecr_pattern, repository).groupdict() public_registry = re.match(public_ecr_pattern, repository).groupdict() @@ -115,7 +115,7 @@ def get_oci_cmd(repository, version): elif public_registry['registry'] is not None: logger.info("Found AWS public repository, will use default region as deployment") region = os.environ.get('AWS_REGION', 'us-east-1') - + if is_ecr_public_available(region): cmnd = [ f"aws ecr-public get-login-password --region us-east-1 | " \ @@ -124,7 +124,7 @@ def get_oci_cmd(repository, version): else: # `aws ecr-public get-login-password` and `helm registry login` not required as ecr public is not available in current region # see https://helm.sh/docs/helm/helm_registry_login/ - cmnd = [f"helm pull {repository} --version {version} --untar"] + cmnd = [f"helm pull {repository} --version {version} --untar"] else: logger.error("OCI repository format not recognized, falling back to helm pull") cmnd = [f"helm pull {repository} --version {version} --untar"] @@ -144,7 +144,7 @@ def get_chart_from_oci(tmpdir, repository = None, version = None): output = subprocess.check_output(cmnd, stderr=subprocess.STDOUT, cwd=tmpdir, shell=True) logger.info(output) - # effectively returns "$tmpDir/$lastPartOfOCIUrl", because this is how helm pull saves OCI artifact. + # effectively returns "$tmpDir/$lastPartOfOCIUrl", because this is how helm pull saves OCI artifact. # Eg. if we have oci://9999999999.dkr.ecr.us-east-1.amazonaws.com/foo/bar/pet-service repository, helm saves artifact under $tmpDir/pet-service return os.path.join(tmpdir, repository.rpartition('/')[-1]) except subprocess.CalledProcessError as exc: diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/asset.7ee709fdaf72d4a95dabe6f431ed4176b1dbcb78127986bf956f0ed8cad04779/index.py b/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/asset.0f19e51d1e47290d7a33e0b67405e4722942dee4b92b9d29425fccf0d99017c3/index.py similarity index 100% rename from packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/asset.7ee709fdaf72d4a95dabe6f431ed4176b1dbcb78127986bf956f0ed8cad04779/index.py rename to packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/asset.0f19e51d1e47290d7a33e0b67405e4722942dee4b92b9d29425fccf0d99017c3/index.py diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/asset.7ee709fdaf72d4a95dabe6f431ed4176b1dbcb78127986bf956f0ed8cad04779/patch/__init__.py b/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/asset.0f19e51d1e47290d7a33e0b67405e4722942dee4b92b9d29425fccf0d99017c3/patch/__init__.py similarity index 100% rename from packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/asset.7ee709fdaf72d4a95dabe6f431ed4176b1dbcb78127986bf956f0ed8cad04779/patch/__init__.py rename to packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/asset.0f19e51d1e47290d7a33e0b67405e4722942dee4b92b9d29425fccf0d99017c3/patch/__init__.py diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/asset.b8426d60bacb99593213adedd37997b7d83efb99683ef98c85e692a82056e829/cluster.d.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/asset.9efb96d8186dd343e3f84c72cfbcaaf16aa5579bbac0c02c60d4f19f4300d832/cluster.d.ts similarity index 100% rename from packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/asset.b8426d60bacb99593213adedd37997b7d83efb99683ef98c85e692a82056e829/cluster.d.ts rename to packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/asset.9efb96d8186dd343e3f84c72cfbcaaf16aa5579bbac0c02c60d4f19f4300d832/cluster.d.ts diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/asset.9efb96d8186dd343e3f84c72cfbcaaf16aa5579bbac0c02c60d4f19f4300d832/cluster.js b/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/asset.9efb96d8186dd343e3f84c72cfbcaaf16aa5579bbac0c02c60d4f19f4300d832/cluster.js new file mode 100644 index 0000000000000..63d36903fb5d6 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/asset.9efb96d8186dd343e3f84c72cfbcaaf16aa5579bbac0c02c60d4f19f4300d832/cluster.js @@ -0,0 +1,276 @@ +"use strict"; +/* eslint-disable no-console */ +Object.defineProperty(exports, "__esModule", { value: true }); +exports.ClusterResourceHandler = void 0; +var common_1 = () => { var tmp = require("./common"); common_1 = () => tmp; return tmp; }; +var compareLogging_1 = () => { var tmp = require("./compareLogging"); compareLogging_1 = () => tmp; return tmp; }; +const MAX_CLUSTER_NAME_LEN = 100; +class ClusterResourceHandler extends common_1().ResourceHandler { + get clusterName() { + if (!this.physicalResourceId) { + throw new Error('Cannot determine cluster name without physical resource ID'); + } + return this.physicalResourceId; + } + constructor(eks, event) { + super(eks, event); + this.newProps = parseProps(this.event.ResourceProperties); + this.oldProps = event.RequestType === 'Update' ? parseProps(event.OldResourceProperties) : {}; + // compare newProps and oldProps and update the newProps by appending disabled LogSetup if any + const compared = (0, compareLogging_1().compareLoggingProps)(this.oldProps, this.newProps); + this.newProps.logging = compared.logging; + } + // ------ + // CREATE + // ------ + async onCreate() { + console.log('onCreate: creating cluster with options:', JSON.stringify(this.newProps, undefined, 2)); + if (!this.newProps.roleArn) { + throw new Error('"roleArn" is required'); + } + const clusterName = this.newProps.name || this.generateClusterName(); + const resp = await this.eks.createCluster({ + ...this.newProps, + name: clusterName, + }); + if (!resp.cluster) { + throw new Error(`Error when trying to create cluster ${clusterName}: CreateCluster returned without cluster information`); + } + return { + PhysicalResourceId: resp.cluster.name, + }; + } + async isCreateComplete() { + return this.isActive(); + } + // ------ + // DELETE + // ------ + async onDelete() { + console.log(`onDelete: deleting cluster ${this.clusterName}`); + try { + await this.eks.deleteCluster({ name: this.clusterName }); + } + catch (e) { + if (e.name !== 'ResourceNotFoundException') { + throw e; + } + else { + console.log(`cluster ${this.clusterName} not found, idempotently succeeded`); + } + } + return { + PhysicalResourceId: this.clusterName, + }; + } + async isDeleteComplete() { + console.log(`isDeleteComplete: waiting for cluster ${this.clusterName} to be deleted`); + try { + const resp = await this.eks.describeCluster({ name: this.clusterName }); + console.log('describeCluster returned:', JSON.stringify(resp, undefined, 2)); + } + catch (e) { + if (e.name === 'ResourceNotFoundException') { + console.log('received ResourceNotFoundException, this means the cluster has been deleted (or never existed)'); + return { IsComplete: true }; + } + console.log('describeCluster error:', e); + throw e; + } + return { + IsComplete: false, + }; + } + // ------ + // UPDATE + // ------ + async onUpdate() { + const updates = analyzeUpdate(this.oldProps, this.newProps); + console.log('onUpdate:', JSON.stringify({ updates }, undefined, 2)); + // updates to encryption config is not supported + if (updates.updateEncryption) { + throw new Error('Cannot update cluster encryption configuration'); + } + // if there is an update that requires replacement, go ahead and just create + // a new cluster with the new config. The old cluster will automatically be + // deleted by cloudformation upon success. + if (updates.replaceName || updates.replaceRole || updates.replaceVpc) { + // if we are replacing this cluster and the cluster has an explicit + // physical name, the creation of the new cluster will fail with "there is + // already a cluster with that name". this is a common behavior for + // CloudFormation resources that support specifying a physical name. + if (this.oldProps.name === this.newProps.name && this.oldProps.name) { + throw new Error(`Cannot replace cluster "${this.oldProps.name}" since it has an explicit physical name. Either rename the cluster or remove the "name" configuration`); + } + return this.onCreate(); + } + // if a version update is required, issue the version update + if (updates.updateVersion) { + if (!this.newProps.version) { + throw new Error(`Cannot remove cluster version configuration. Current version is ${this.oldProps.version}`); + } + return this.updateClusterVersion(this.newProps.version); + } + if (updates.updateLogging && updates.updateAccess) { + throw new Error('Cannot update logging and access at the same time'); + } + if (updates.updateLogging || updates.updateAccess) { + const config = { + name: this.clusterName, + }; + if (updates.updateLogging) { + config.logging = this.newProps.logging; + } + ; + if (updates.updateAccess) { + // Updating the cluster with securityGroupIds and subnetIds (as specified in the warning here: + // https://awscli.amazonaws.com/v2/documentation/api/latest/reference/eks/update-cluster-config.html) + // will fail, therefore we take only the access fields explicitly + config.resourcesVpcConfig = { + endpointPrivateAccess: this.newProps.resourcesVpcConfig?.endpointPrivateAccess, + endpointPublicAccess: this.newProps.resourcesVpcConfig?.endpointPublicAccess, + publicAccessCidrs: this.newProps.resourcesVpcConfig?.publicAccessCidrs, + }; + } + const updateResponse = await this.eks.updateClusterConfig(config); + return { EksUpdateId: updateResponse.update?.id }; + } + // no updates + return; + } + async isUpdateComplete() { + console.log('isUpdateComplete'); + // if this is an EKS update, we will monitor the update event itself + if (this.event.EksUpdateId) { + const complete = await this.isEksUpdateComplete(this.event.EksUpdateId); + if (!complete) { + return { IsComplete: false }; + } + // fall through: if the update is done, we simply delegate to isActive() + // in order to extract attributes and state from the cluster itself, which + // is supposed to be in an ACTIVE state after the update is complete. + } + return this.isActive(); + } + async updateClusterVersion(newVersion) { + console.log(`updating cluster version to ${newVersion}`); + // update-cluster-version will fail if we try to update to the same version, + // so skip in this case. + const cluster = (await this.eks.describeCluster({ name: this.clusterName })).cluster; + if (cluster?.version === newVersion) { + console.log(`cluster already at version ${cluster.version}, skipping version update`); + return; + } + const updateResponse = await this.eks.updateClusterVersion({ name: this.clusterName, version: newVersion }); + return { EksUpdateId: updateResponse.update?.id }; + } + async isActive() { + console.log('waiting for cluster to become ACTIVE'); + const resp = await this.eks.describeCluster({ name: this.clusterName }); + console.log('describeCluster result:', JSON.stringify(resp, undefined, 2)); + const cluster = resp.cluster; + // if cluster is undefined (shouldnt happen) or status is not ACTIVE, we are + // not complete. note that the custom resource provider framework forbids + // returning attributes (Data) if isComplete is false. + if (cluster?.status === 'FAILED') { + // not very informative, unfortunately the response doesn't contain any error + // information :\ + throw new Error('Cluster is in a FAILED status'); + } + else if (cluster?.status !== 'ACTIVE') { + return { + IsComplete: false, + }; + } + else { + return { + IsComplete: true, + Data: { + Name: cluster.name, + Endpoint: cluster.endpoint, + Arn: cluster.arn, + // IMPORTANT: CFN expects that attributes will *always* have values, + // so return an empty string in case the value is not defined. + // Otherwise, CFN will throw with `Vendor response doesn't contain + // XXXX key`. + CertificateAuthorityData: cluster.certificateAuthority?.data ?? '', + ClusterSecurityGroupId: cluster.resourcesVpcConfig?.clusterSecurityGroupId ?? '', + OpenIdConnectIssuerUrl: cluster.identity?.oidc?.issuer ?? '', + OpenIdConnectIssuer: cluster.identity?.oidc?.issuer?.substring(8) ?? '', + // We can safely return the first item from encryption configuration array, because it has a limit of 1 item + // https://docs.amazon.com/eks/latest/APIReference/API_CreateCluster.html#AmazonEKS-CreateCluster-request-encryptionConfig + EncryptionConfigKeyArn: cluster.encryptionConfig?.shift()?.provider?.keyArn ?? '', + }, + }; + } + } + async isEksUpdateComplete(eksUpdateId) { + this.log({ isEksUpdateComplete: eksUpdateId }); + const describeUpdateResponse = await this.eks.describeUpdate({ + name: this.clusterName, + updateId: eksUpdateId, + }); + this.log({ describeUpdateResponse }); + if (!describeUpdateResponse.update) { + throw new Error(`unable to describe update with id "${eksUpdateId}"`); + } + switch (describeUpdateResponse.update.status) { + case 'InProgress': + return false; + case 'Successful': + return true; + case 'Failed': + case 'Cancelled': + throw new Error(`cluster update id "${eksUpdateId}" failed with errors: ${JSON.stringify(describeUpdateResponse.update.errors)}`); + default: + throw new Error(`unknown status "${describeUpdateResponse.update.status}" for update id "${eksUpdateId}"`); + } + } + generateClusterName() { + const suffix = this.requestId.replace(/-/g, ''); // 32 chars + const offset = MAX_CLUSTER_NAME_LEN - suffix.length - 1; + const prefix = this.logicalResourceId.slice(0, offset > 0 ? offset : 0); + return `${prefix}-${suffix}`; + } +} +exports.ClusterResourceHandler = ClusterResourceHandler; +function parseProps(props) { + const parsed = props?.Config ?? {}; + // this is weird but these boolean properties are passed by CFN as a string, and we need them to be booleanic for the SDK. + // Otherwise it fails with 'Unexpected Parameter: params.resourcesVpcConfig.endpointPrivateAccess is expected to be a boolean' + if (typeof (parsed.resourcesVpcConfig?.endpointPrivateAccess) === 'string') { + parsed.resourcesVpcConfig.endpointPrivateAccess = parsed.resourcesVpcConfig.endpointPrivateAccess === 'true'; + } + if (typeof (parsed.resourcesVpcConfig?.endpointPublicAccess) === 'string') { + parsed.resourcesVpcConfig.endpointPublicAccess = parsed.resourcesVpcConfig.endpointPublicAccess === 'true'; + } + if (typeof (parsed.logging?.clusterLogging[0].enabled) === 'string') { + parsed.logging.clusterLogging[0].enabled = parsed.logging.clusterLogging[0].enabled === 'true'; + } + return parsed; +} +function analyzeUpdate(oldProps, newProps) { + console.log('old props: ', JSON.stringify(oldProps)); + console.log('new props: ', JSON.stringify(newProps)); + const newVpcProps = newProps.resourcesVpcConfig || {}; + const oldVpcProps = oldProps.resourcesVpcConfig || {}; + const oldPublicAccessCidrs = new Set(oldVpcProps.publicAccessCidrs ?? []); + const newPublicAccessCidrs = new Set(newVpcProps.publicAccessCidrs ?? []); + const newEnc = newProps.encryptionConfig || {}; + const oldEnc = oldProps.encryptionConfig || {}; + return { + replaceName: newProps.name !== oldProps.name, + replaceVpc: JSON.stringify(newVpcProps.subnetIds?.sort()) !== JSON.stringify(oldVpcProps.subnetIds?.sort()) || + JSON.stringify(newVpcProps.securityGroupIds?.sort()) !== JSON.stringify(oldVpcProps.securityGroupIds?.sort()), + updateAccess: newVpcProps.endpointPrivateAccess !== oldVpcProps.endpointPrivateAccess || + newVpcProps.endpointPublicAccess !== oldVpcProps.endpointPublicAccess || + !setsEqual(newPublicAccessCidrs, oldPublicAccessCidrs), + replaceRole: newProps.roleArn !== oldProps.roleArn, + updateVersion: newProps.version !== oldProps.version, + updateEncryption: JSON.stringify(newEnc) !== JSON.stringify(oldEnc), + updateLogging: JSON.stringify(newProps.logging) !== JSON.stringify(oldProps.logging), + }; +} +function setsEqual(first, second) { + return first.size === second.size && [...first].every((e) => second.has(e)); +} diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/asset.b8426d60bacb99593213adedd37997b7d83efb99683ef98c85e692a82056e829/cluster.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/asset.9efb96d8186dd343e3f84c72cfbcaaf16aa5579bbac0c02c60d4f19f4300d832/cluster.ts similarity index 100% rename from packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/asset.b8426d60bacb99593213adedd37997b7d83efb99683ef98c85e692a82056e829/cluster.ts rename to packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/asset.9efb96d8186dd343e3f84c72cfbcaaf16aa5579bbac0c02c60d4f19f4300d832/cluster.ts diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/asset.b8426d60bacb99593213adedd37997b7d83efb99683ef98c85e692a82056e829/common.d.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/asset.9efb96d8186dd343e3f84c72cfbcaaf16aa5579bbac0c02c60d4f19f4300d832/common.d.ts similarity index 100% rename from packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/asset.b8426d60bacb99593213adedd37997b7d83efb99683ef98c85e692a82056e829/common.d.ts rename to packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/asset.9efb96d8186dd343e3f84c72cfbcaaf16aa5579bbac0c02c60d4f19f4300d832/common.d.ts diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/asset.9efb96d8186dd343e3f84c72cfbcaaf16aa5579bbac0c02c60d4f19f4300d832/common.js b/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/asset.9efb96d8186dd343e3f84c72cfbcaaf16aa5579bbac0c02c60d4f19f4300d832/common.js new file mode 100644 index 0000000000000..664ad51b2b12a --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/asset.9efb96d8186dd343e3f84c72cfbcaaf16aa5579bbac0c02c60d4f19f4300d832/common.js @@ -0,0 +1,42 @@ +"use strict"; +Object.defineProperty(exports, "__esModule", { value: true }); +exports.ResourceHandler = void 0; +class ResourceHandler { + constructor(eks, event) { + this.eks = eks; + this.requestType = event.RequestType; + this.requestId = event.RequestId; + this.logicalResourceId = event.LogicalResourceId; + this.physicalResourceId = event.PhysicalResourceId; + this.event = event; + const roleToAssume = event.ResourceProperties.AssumeRoleArn; + if (!roleToAssume) { + throw new Error('AssumeRoleArn must be provided'); + } + eks.configureAssumeRole({ + RoleArn: roleToAssume, + RoleSessionName: `AWSCDK.EKSCluster.${this.requestType}.${this.requestId}`, + }); + } + onEvent() { + switch (this.requestType) { + case 'Create': return this.onCreate(); + case 'Update': return this.onUpdate(); + case 'Delete': return this.onDelete(); + } + throw new Error(`Invalid request type ${this.requestType}`); + } + isComplete() { + switch (this.requestType) { + case 'Create': return this.isCreateComplete(); + case 'Update': return this.isUpdateComplete(); + case 'Delete': return this.isDeleteComplete(); + } + throw new Error(`Invalid request type ${this.requestType}`); + } + log(x) { + // eslint-disable-next-line no-console + console.log(JSON.stringify(x, undefined, 2)); + } +} +exports.ResourceHandler = ResourceHandler; diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/asset.b8426d60bacb99593213adedd37997b7d83efb99683ef98c85e692a82056e829/common.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/asset.9efb96d8186dd343e3f84c72cfbcaaf16aa5579bbac0c02c60d4f19f4300d832/common.ts similarity index 100% rename from packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/asset.b8426d60bacb99593213adedd37997b7d83efb99683ef98c85e692a82056e829/common.ts rename to packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/asset.9efb96d8186dd343e3f84c72cfbcaaf16aa5579bbac0c02c60d4f19f4300d832/common.ts diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/asset.b8426d60bacb99593213adedd37997b7d83efb99683ef98c85e692a82056e829/compareLogging.d.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/asset.9efb96d8186dd343e3f84c72cfbcaaf16aa5579bbac0c02c60d4f19f4300d832/compareLogging.d.ts similarity index 100% rename from packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/asset.b8426d60bacb99593213adedd37997b7d83efb99683ef98c85e692a82056e829/compareLogging.d.ts rename to packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/asset.9efb96d8186dd343e3f84c72cfbcaaf16aa5579bbac0c02c60d4f19f4300d832/compareLogging.d.ts diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/asset.9efb96d8186dd343e3f84c72cfbcaaf16aa5579bbac0c02c60d4f19f4300d832/compareLogging.js b/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/asset.9efb96d8186dd343e3f84c72cfbcaaf16aa5579bbac0c02c60d4f19f4300d832/compareLogging.js new file mode 100644 index 0000000000000..80c89d932c759 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/asset.9efb96d8186dd343e3f84c72cfbcaaf16aa5579bbac0c02c60d4f19f4300d832/compareLogging.js @@ -0,0 +1,37 @@ +"use strict"; +Object.defineProperty(exports, "__esModule", { value: true }); +exports.compareLoggingProps = void 0; +function compareLoggingProps(oldProps, newProps) { + const result = { logging: {} }; + let enabledTypes = []; + let disabledTypes = []; + if (newProps.logging?.clusterLogging === undefined && oldProps.logging?.clusterLogging === undefined) { + return newProps; + } + // if newProps containes LogSetup + if (newProps.logging && newProps.logging.clusterLogging && newProps.logging.clusterLogging.length > 0) { + enabledTypes = newProps.logging.clusterLogging[0].types; + // if oldProps contains LogSetup with enabled:true + if (oldProps.logging && oldProps.logging.clusterLogging && oldProps.logging.clusterLogging.length > 0) { + // LogType in oldProp but not in newProp should be considered disabled(enabled:false) + disabledTypes = oldProps.logging.clusterLogging[0].types.filter(t => !newProps.logging.clusterLogging[0].types.includes(t)); + } + } + else { + // all enabled:true in oldProps will be enabled:false + disabledTypes = oldProps.logging.clusterLogging[0].types; + } + if (enabledTypes.length > 0 || disabledTypes.length > 0) { + result.logging = { clusterLogging: [] }; + } + // append the enabled:false LogSetup to the result + if (enabledTypes.length > 0) { + result.logging.clusterLogging.push({ types: enabledTypes, enabled: true }); + } + // append the enabled:false LogSetup to the result + if (disabledTypes.length > 0) { + result.logging.clusterLogging.push({ types: disabledTypes, enabled: false }); + } + return result; +} +exports.compareLoggingProps = compareLoggingProps; diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/asset.b8426d60bacb99593213adedd37997b7d83efb99683ef98c85e692a82056e829/compareLogging.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/asset.9efb96d8186dd343e3f84c72cfbcaaf16aa5579bbac0c02c60d4f19f4300d832/compareLogging.ts similarity index 100% rename from packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/asset.b8426d60bacb99593213adedd37997b7d83efb99683ef98c85e692a82056e829/compareLogging.ts rename to packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/asset.9efb96d8186dd343e3f84c72cfbcaaf16aa5579bbac0c02c60d4f19f4300d832/compareLogging.ts diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/asset.b8426d60bacb99593213adedd37997b7d83efb99683ef98c85e692a82056e829/consts.d.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/asset.9efb96d8186dd343e3f84c72cfbcaaf16aa5579bbac0c02c60d4f19f4300d832/consts.d.ts similarity index 100% rename from packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/asset.b8426d60bacb99593213adedd37997b7d83efb99683ef98c85e692a82056e829/consts.d.ts rename to packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/asset.9efb96d8186dd343e3f84c72cfbcaaf16aa5579bbac0c02c60d4f19f4300d832/consts.d.ts diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/asset.9efb96d8186dd343e3f84c72cfbcaaf16aa5579bbac0c02c60d4f19f4300d832/consts.js b/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/asset.9efb96d8186dd343e3f84c72cfbcaaf16aa5579bbac0c02c60d4f19f4300d832/consts.js new file mode 100644 index 0000000000000..2f36099f19877 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/asset.9efb96d8186dd343e3f84c72cfbcaaf16aa5579bbac0c02c60d4f19f4300d832/consts.js @@ -0,0 +1,5 @@ +"use strict"; +Object.defineProperty(exports, "__esModule", { value: true }); +exports.FARGATE_PROFILE_RESOURCE_TYPE = exports.CLUSTER_RESOURCE_TYPE = void 0; +exports.CLUSTER_RESOURCE_TYPE = 'Custom::AWSCDK-EKS-Cluster'; +exports.FARGATE_PROFILE_RESOURCE_TYPE = 'Custom::AWSCDK-EKS-FargateProfile'; diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/asset.b8426d60bacb99593213adedd37997b7d83efb99683ef98c85e692a82056e829/consts.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/asset.9efb96d8186dd343e3f84c72cfbcaaf16aa5579bbac0c02c60d4f19f4300d832/consts.ts similarity index 100% rename from packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/asset.b8426d60bacb99593213adedd37997b7d83efb99683ef98c85e692a82056e829/consts.ts rename to packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/asset.9efb96d8186dd343e3f84c72cfbcaaf16aa5579bbac0c02c60d4f19f4300d832/consts.ts diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/asset.b8426d60bacb99593213adedd37997b7d83efb99683ef98c85e692a82056e829/fargate.d.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/asset.9efb96d8186dd343e3f84c72cfbcaaf16aa5579bbac0c02c60d4f19f4300d832/fargate.d.ts similarity index 100% rename from packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/asset.b8426d60bacb99593213adedd37997b7d83efb99683ef98c85e692a82056e829/fargate.d.ts rename to packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/asset.9efb96d8186dd343e3f84c72cfbcaaf16aa5579bbac0c02c60d4f19f4300d832/fargate.d.ts diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/asset.9efb96d8186dd343e3f84c72cfbcaaf16aa5579bbac0c02c60d4f19f4300d832/fargate.js b/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/asset.9efb96d8186dd343e3f84c72cfbcaaf16aa5579bbac0c02c60d4f19f4300d832/fargate.js new file mode 100644 index 0000000000000..6ac8895889bb4 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/asset.9efb96d8186dd343e3f84c72cfbcaaf16aa5579bbac0c02c60d4f19f4300d832/fargate.js @@ -0,0 +1,101 @@ +"use strict"; +Object.defineProperty(exports, "__esModule", { value: true }); +exports.FargateProfileResourceHandler = void 0; +var common_1 = () => { var tmp = require("./common"); common_1 = () => tmp; return tmp; }; +const MAX_NAME_LEN = 63; +class FargateProfileResourceHandler extends common_1().ResourceHandler { + async onCreate() { + const fargateProfileName = this.event.ResourceProperties.Config.fargateProfileName ?? this.generateProfileName(); + const createFargateProfile = { + fargateProfileName, + ...this.event.ResourceProperties.Config, + }; + this.log({ createFargateProfile }); + const createFargateProfileResponse = await this.eks.createFargateProfile(createFargateProfile); + this.log({ createFargateProfileResponse }); + if (!createFargateProfileResponse.fargateProfile) { + throw new Error('invalid CreateFargateProfile response'); + } + return { + PhysicalResourceId: createFargateProfileResponse.fargateProfile.fargateProfileName, + Data: { + fargateProfileArn: createFargateProfileResponse.fargateProfile.fargateProfileArn, + }, + }; + } + async onDelete() { + if (!this.physicalResourceId) { + throw new Error('Cannot delete a profile without a physical id'); + } + const deleteFargateProfile = { + clusterName: this.event.ResourceProperties.Config.clusterName, + fargateProfileName: this.physicalResourceId, + }; + this.log({ deleteFargateProfile }); + const deleteFargateProfileResponse = await this.eks.deleteFargateProfile(deleteFargateProfile); + this.log({ deleteFargateProfileResponse }); + return; + } + async onUpdate() { + // all updates require a replacement. as long as name is generated, we are + // good. if name is explicit, update will fail, which is common when trying + // to replace cfn resources with explicit physical names + return this.onCreate(); + } + async isCreateComplete() { + return this.isUpdateComplete(); + } + async isUpdateComplete() { + const status = await this.queryStatus(); + return { + IsComplete: status === 'ACTIVE', + }; + } + async isDeleteComplete() { + const status = await this.queryStatus(); + return { + IsComplete: status === 'NOT_FOUND', + }; + } + /** + * Generates a fargate profile name. + */ + generateProfileName() { + const suffix = this.requestId.replace(/-/g, ''); // 32 chars + const offset = MAX_NAME_LEN - suffix.length - 1; + const prefix = this.logicalResourceId.slice(0, offset > 0 ? offset : 0); + return `${prefix}-${suffix}`; + } + /** + * Queries the Fargate profile's current status and returns the status or + * NOT_FOUND if the profile doesn't exist (i.e. it has been deleted). + */ + async queryStatus() { + if (!this.physicalResourceId) { + throw new Error('Unable to determine status for fargate profile without a resource name'); + } + const describeFargateProfile = { + clusterName: this.event.ResourceProperties.Config.clusterName, + fargateProfileName: this.physicalResourceId, + }; + try { + this.log({ describeFargateProfile }); + const describeFargateProfileResponse = await this.eks.describeFargateProfile(describeFargateProfile); + this.log({ describeFargateProfileResponse }); + const status = describeFargateProfileResponse.fargateProfile?.status; + if (status === 'CREATE_FAILED' || status === 'DELETE_FAILED') { + throw new Error(status); + } + return status; + } + catch (describeFargateProfileError) { + if (describeFargateProfileError.name === 'ResourceNotFoundException') { + this.log('received ResourceNotFoundException, this means the profile has been deleted (or never existed)'); + return 'NOT_FOUND'; + } + this.log({ describeFargateProfileError }); + throw describeFargateProfileError; + } + } +} +exports.FargateProfileResourceHandler = FargateProfileResourceHandler; diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/asset.b8426d60bacb99593213adedd37997b7d83efb99683ef98c85e692a82056e829/fargate.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/asset.9efb96d8186dd343e3f84c72cfbcaaf16aa5579bbac0c02c60d4f19f4300d832/fargate.ts similarity index 100% rename from packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/asset.b8426d60bacb99593213adedd37997b7d83efb99683ef98c85e692a82056e829/fargate.ts rename to packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/asset.9efb96d8186dd343e3f84c72cfbcaaf16aa5579bbac0c02c60d4f19f4300d832/fargate.ts diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/asset.b8426d60bacb99593213adedd37997b7d83efb99683ef98c85e692a82056e829/index.d.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/asset.9efb96d8186dd343e3f84c72cfbcaaf16aa5579bbac0c02c60d4f19f4300d832/index.d.ts similarity index 100% rename from packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/asset.b8426d60bacb99593213adedd37997b7d83efb99683ef98c85e692a82056e829/index.d.ts rename to packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/asset.9efb96d8186dd343e3f84c72cfbcaaf16aa5579bbac0c02c60d4f19f4300d832/index.d.ts diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/asset.9efb96d8186dd343e3f84c72cfbcaaf16aa5579bbac0c02c60d4f19f4300d832/index.js b/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/asset.9efb96d8186dd343e3f84c72cfbcaaf16aa5579bbac0c02c60d4f19f4300d832/index.js new file mode 100644 index 0000000000000..337a8b2993e9b --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/asset.9efb96d8186dd343e3f84c72cfbcaaf16aa5579bbac0c02c60d4f19f4300d832/index.js @@ -0,0 +1,62 @@ +"use strict"; +Object.defineProperty(exports, "__esModule", { value: true }); +exports.isComplete = exports.onEvent = void 0; +var client_eks_1 = () => { var tmp = require("@aws-sdk/client-eks"); client_eks_1 = () => tmp; return tmp; }; +var credential_providers_1 = () => { var tmp = require("@aws-sdk/credential-providers"); credential_providers_1 = () => tmp; return tmp; }; +var node_http_handler_1 = () => { var tmp = require("@aws-sdk/node-http-handler"); node_http_handler_1 = () => tmp; return tmp; }; +var proxy_agent_1 = () => { var tmp = require("proxy-agent"); proxy_agent_1 = () => tmp; return tmp; }; +var cluster_1 = () => { var tmp = require("./cluster"); cluster_1 = () => tmp; return tmp; }; +var consts = () => { var tmp = require("./consts"); consts = () => tmp; return tmp; }; +var fargate_1 = () => { var tmp = require("./fargate"); fargate_1 = () => tmp; return tmp; }; +const proxyAgent = new (proxy_agent_1().ProxyAgent)(); +const awsConfig = { + logger: console, + requestHandler: new (node_http_handler_1().NodeHttpHandler)({ + httpAgent: proxyAgent, + httpsAgent: proxyAgent, + }), +}; +let eks; +const defaultEksClient = { + createCluster: req => getEksClient().createCluster(req), + deleteCluster: req => getEksClient().deleteCluster(req), + describeCluster: req => getEksClient().describeCluster(req), + describeUpdate: req => getEksClient().describeUpdate(req), + updateClusterConfig: req => getEksClient().updateClusterConfig(req), + updateClusterVersion: req => getEksClient().updateClusterVersion(req), + createFargateProfile: req => getEksClient().createFargateProfile(req), + deleteFargateProfile: req => getEksClient().deleteFargateProfile(req), + describeFargateProfile: req => getEksClient().describeFargateProfile(req), + configureAssumeRole: (req) => { + eks = new (client_eks_1().EKS)({ + ...awsConfig, + credentials: (0, credential_providers_1().fromTemporaryCredentials)({ + params: req, + }), + }); + }, +}; +function getEksClient() { + if (!eks) { + throw new Error('EKS client not initialized (call "configureAssumeRole")'); + } + return eks; +} +async function onEvent(event) { + const provider = createResourceHandler(event); + return provider.onEvent(); +} +exports.onEvent = onEvent; +async function isComplete(event) { + const provider = createResourceHandler(event); + return provider.isComplete(); +} +exports.isComplete = isComplete; +function createResourceHandler(event) { + switch (event.ResourceType) { + case consts().CLUSTER_RESOURCE_TYPE: return new (cluster_1().ClusterResourceHandler)(defaultEksClient, event); + case consts().FARGATE_PROFILE_RESOURCE_TYPE: return new (fargate_1().FargateProfileResourceHandler)(defaultEksClient, event); + default: + throw new Error(`Unsupported resource type "${event.ResourceType}`); + } +} diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/asset.b8426d60bacb99593213adedd37997b7d83efb99683ef98c85e692a82056e829/index.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/asset.9efb96d8186dd343e3f84c72cfbcaaf16aa5579bbac0c02c60d4f19f4300d832/index.ts similarity index 99% rename from packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/asset.b8426d60bacb99593213adedd37997b7d83efb99683ef98c85e692a82056e829/index.ts rename to packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/asset.9efb96d8186dd343e3f84c72cfbcaaf16aa5579bbac0c02c60d4f19f4300d832/index.ts index 4004ddf5cd22e..8ab163c37ac93 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/asset.b8426d60bacb99593213adedd37997b7d83efb99683ef98c85e692a82056e829/index.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/asset.9efb96d8186dd343e3f84c72cfbcaaf16aa5579bbac0c02c60d4f19f4300d832/index.ts @@ -19,7 +19,7 @@ const awsConfig = { requestHandler: new NodeHttpHandler({ httpAgent: proxyAgent, httpsAgent: proxyAgent, - }), + }) as any, }; let eks: EKS | undefined; diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/asset.b8426d60bacb99593213adedd37997b7d83efb99683ef98c85e692a82056e829/cluster.js b/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/asset.b8426d60bacb99593213adedd37997b7d83efb99683ef98c85e692a82056e829/cluster.js deleted file mode 100644 index 37f410e998666..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/asset.b8426d60bacb99593213adedd37997b7d83efb99683ef98c85e692a82056e829/cluster.js +++ /dev/null @@ -1,277 +0,0 @@ -"use strict"; -/* eslint-disable no-console */ -Object.defineProperty(exports, "__esModule", { value: true }); -exports.ClusterResourceHandler = void 0; -const common_1 = require("./common"); -const compareLogging_1 = require("./compareLogging"); -const MAX_CLUSTER_NAME_LEN = 100; -class ClusterResourceHandler extends common_1.ResourceHandler { - get clusterName() { - if (!this.physicalResourceId) { - throw new Error('Cannot determine cluster name without physical resource ID'); - } - return this.physicalResourceId; - } - constructor(eks, event) { - super(eks, event); - this.newProps = parseProps(this.event.ResourceProperties); - this.oldProps = event.RequestType === 'Update' ? parseProps(event.OldResourceProperties) : {}; - // compare newProps and oldProps and update the newProps by appending disabled LogSetup if any - const compared = (0, compareLogging_1.compareLoggingProps)(this.oldProps, this.newProps); - this.newProps.logging = compared.logging; - } - // ------ - // CREATE - // ------ - async onCreate() { - console.log('onCreate: creating cluster with options:', JSON.stringify(this.newProps, undefined, 2)); - if (!this.newProps.roleArn) { - throw new Error('"roleArn" is required'); - } - const clusterName = this.newProps.name || this.generateClusterName(); - const resp = await this.eks.createCluster({ - ...this.newProps, - name: clusterName, - }); - if (!resp.cluster) { - throw new Error(`Error when trying to create cluster ${clusterName}: CreateCluster returned without cluster information`); - } - return { - PhysicalResourceId: resp.cluster.name, - }; - } - async isCreateComplete() { - return this.isActive(); - } - // ------ - // DELETE - // ------ - async onDelete() { - console.log(`onDelete: deleting cluster ${this.clusterName}`); - try { - await this.eks.deleteCluster({ name: this.clusterName }); - } - catch (e) { - if (e.name !== 'ResourceNotFoundException') { - throw e; - } - else { - console.log(`cluster ${this.clusterName} not found, idempotently succeeded`); - } - } - return { - PhysicalResourceId: this.clusterName, - }; - } - async isDeleteComplete() { - console.log(`isDeleteComplete: waiting for cluster ${this.clusterName} to be deleted`); - try { - const resp = await this.eks.describeCluster({ name: this.clusterName }); - console.log('describeCluster returned:', JSON.stringify(resp, undefined, 2)); - } - catch (e) { - if (e.name === 'ResourceNotFoundException') { - console.log('received ResourceNotFoundException, this means the cluster has been deleted (or never existed)'); - return { IsComplete: true }; - } - console.log('describeCluster error:', e); - throw e; - } - return { - IsComplete: false, - }; - } - // ------ - // UPDATE - // ------ - async onUpdate() { - const updates = analyzeUpdate(this.oldProps, this.newProps); - console.log('onUpdate:', JSON.stringify({ updates }, undefined, 2)); - // updates to encryption config is not supported - if (updates.updateEncryption) { - throw new Error('Cannot update cluster encryption configuration'); - } - // if there is an update that requires replacement, go ahead and just create - // a new cluster with the new config. The old cluster will automatically be - // deleted by cloudformation upon success. - if (updates.replaceName || updates.replaceRole || updates.replaceVpc) { - // if we are replacing this cluster and the cluster has an explicit - // physical name, the creation of the new cluster will fail with "there is - // already a cluster with that name". this is a common behavior for - // CloudFormation resources that support specifying a physical name. - if (this.oldProps.name === this.newProps.name && this.oldProps.name) { - throw new Error(`Cannot replace cluster "${this.oldProps.name}" since it has an explicit physical name. Either rename the cluster or remove the "name" configuration`); - } - return this.onCreate(); - } - // if a version update is required, issue the version update - if (updates.updateVersion) { - if (!this.newProps.version) { - throw new Error(`Cannot remove cluster version configuration. Current version is ${this.oldProps.version}`); - } - return this.updateClusterVersion(this.newProps.version); - } - if (updates.updateLogging && updates.updateAccess) { - throw new Error('Cannot update logging and access at the same time'); - } - if (updates.updateLogging || updates.updateAccess) { - const config = { - name: this.clusterName, - }; - if (updates.updateLogging) { - config.logging = this.newProps.logging; - } - ; - if (updates.updateAccess) { - // Updating the cluster with securityGroupIds and subnetIds (as specified in the warning here: - // https://awscli.amazonaws.com/v2/documentation/api/latest/reference/eks/update-cluster-config.html) - // will fail, therefore we take only the access fields explicitly - config.resourcesVpcConfig = { - endpointPrivateAccess: this.newProps.resourcesVpcConfig?.endpointPrivateAccess, - endpointPublicAccess: this.newProps.resourcesVpcConfig?.endpointPublicAccess, - publicAccessCidrs: this.newProps.resourcesVpcConfig?.publicAccessCidrs, - }; - } - const updateResponse = await this.eks.updateClusterConfig(config); - return { EksUpdateId: updateResponse.update?.id }; - } - // no updates - return; - } - async isUpdateComplete() { - console.log('isUpdateComplete'); - // if this is an EKS update, we will monitor the update event itself - if (this.event.EksUpdateId) { - const complete = await this.isEksUpdateComplete(this.event.EksUpdateId); - if (!complete) { - return { IsComplete: false }; - } - // fall through: if the update is done, we simply delegate to isActive() - // in order to extract attributes and state from the cluster itself, which - // is supposed to be in an ACTIVE state after the update is complete. - } - return this.isActive(); - } - async updateClusterVersion(newVersion) { - console.log(`updating cluster version to ${newVersion}`); - // update-cluster-version will fail if we try to update to the same version, - // so skip in this case. - const cluster = (await this.eks.describeCluster({ name: this.clusterName })).cluster; - if (cluster?.version === newVersion) { - console.log(`cluster already at version ${cluster.version}, skipping version update`); - return; - } - const updateResponse = await this.eks.updateClusterVersion({ name: this.clusterName, version: newVersion }); - return { EksUpdateId: updateResponse.update?.id }; - } - async isActive() { - console.log('waiting for cluster to become ACTIVE'); - const resp = await this.eks.describeCluster({ name: this.clusterName }); - console.log('describeCluster result:', JSON.stringify(resp, undefined, 2)); - const cluster = resp.cluster; - // if cluster is undefined (shouldnt happen) or status is not ACTIVE, we are - // not complete. note that the custom resource provider framework forbids - // returning attributes (Data) if isComplete is false. - if (cluster?.status === 'FAILED') { - // not very informative, unfortunately the response doesn't contain any error - // information :\ - throw new Error('Cluster is in a FAILED status'); - } - else if (cluster?.status !== 'ACTIVE') { - return { - IsComplete: false, - }; - } - else { - return { - IsComplete: true, - Data: { - Name: cluster.name, - Endpoint: cluster.endpoint, - Arn: cluster.arn, - // IMPORTANT: CFN expects that attributes will *always* have values, - // so return an empty string in case the value is not defined. - // Otherwise, CFN will throw with `Vendor response doesn't contain - // XXXX key`. - CertificateAuthorityData: cluster.certificateAuthority?.data ?? '', - ClusterSecurityGroupId: cluster.resourcesVpcConfig?.clusterSecurityGroupId ?? '', - OpenIdConnectIssuerUrl: cluster.identity?.oidc?.issuer ?? '', - OpenIdConnectIssuer: cluster.identity?.oidc?.issuer?.substring(8) ?? '', - // We can safely return the first item from encryption configuration array, because it has a limit of 1 item - // https://docs.amazon.com/eks/latest/APIReference/API_CreateCluster.html#AmazonEKS-CreateCluster-request-encryptionConfig - EncryptionConfigKeyArn: cluster.encryptionConfig?.shift()?.provider?.keyArn ?? '', - }, - }; - } - } - async isEksUpdateComplete(eksUpdateId) { - this.log({ isEksUpdateComplete: eksUpdateId }); - const describeUpdateResponse = await this.eks.describeUpdate({ - name: this.clusterName, - updateId: eksUpdateId, - }); - this.log({ describeUpdateResponse }); - if (!describeUpdateResponse.update) { - throw new Error(`unable to describe update with id "${eksUpdateId}"`); - } - switch (describeUpdateResponse.update.status) { - case 'InProgress': - return false; - case 'Successful': - return true; - case 'Failed': - case 'Cancelled': - throw new Error(`cluster update id "${eksUpdateId}" failed with errors: ${JSON.stringify(describeUpdateResponse.update.errors)}`); - default: - throw new Error(`unknown status "${describeUpdateResponse.update.status}" for update id "${eksUpdateId}"`); - } - } - generateClusterName() { - const suffix = this.requestId.replace(/-/g, ''); // 32 chars - const offset = MAX_CLUSTER_NAME_LEN - suffix.length - 1; - const prefix = this.logicalResourceId.slice(0, offset > 0 ? offset : 0); - return `${prefix}-${suffix}`; - } -} -exports.ClusterResourceHandler = ClusterResourceHandler; -function parseProps(props) { - const parsed = props?.Config ?? {}; - // this is weird but these boolean properties are passed by CFN as a string, and we need them to be booleanic for the SDK. - // Otherwise it fails with 'Unexpected Parameter: params.resourcesVpcConfig.endpointPrivateAccess is expected to be a boolean' - if (typeof (parsed.resourcesVpcConfig?.endpointPrivateAccess) === 'string') { - parsed.resourcesVpcConfig.endpointPrivateAccess = parsed.resourcesVpcConfig.endpointPrivateAccess === 'true'; - } - if (typeof (parsed.resourcesVpcConfig?.endpointPublicAccess) === 'string') { - parsed.resourcesVpcConfig.endpointPublicAccess = parsed.resourcesVpcConfig.endpointPublicAccess === 'true'; - } - if (typeof (parsed.logging?.clusterLogging[0].enabled) === 'string') { - parsed.logging.clusterLogging[0].enabled = parsed.logging.clusterLogging[0].enabled === 'true'; - } - return parsed; -} -function analyzeUpdate(oldProps, newProps) { - console.log('old props: ', JSON.stringify(oldProps)); - console.log('new props: ', JSON.stringify(newProps)); - const newVpcProps = newProps.resourcesVpcConfig || {}; - const oldVpcProps = oldProps.resourcesVpcConfig || {}; - const oldPublicAccessCidrs = new Set(oldVpcProps.publicAccessCidrs ?? []); - const newPublicAccessCidrs = new Set(newVpcProps.publicAccessCidrs ?? []); - const newEnc = newProps.encryptionConfig || {}; - const oldEnc = oldProps.encryptionConfig || {}; - return { - replaceName: newProps.name !== oldProps.name, - replaceVpc: JSON.stringify(newVpcProps.subnetIds?.sort()) !== JSON.stringify(oldVpcProps.subnetIds?.sort()) || - JSON.stringify(newVpcProps.securityGroupIds?.sort()) !== JSON.stringify(oldVpcProps.securityGroupIds?.sort()), - updateAccess: newVpcProps.endpointPrivateAccess !== oldVpcProps.endpointPrivateAccess || - newVpcProps.endpointPublicAccess !== oldVpcProps.endpointPublicAccess || - !setsEqual(newPublicAccessCidrs, oldPublicAccessCidrs), - replaceRole: newProps.roleArn !== oldProps.roleArn, - updateVersion: newProps.version !== oldProps.version, - updateEncryption: JSON.stringify(newEnc) !== JSON.stringify(oldEnc), - updateLogging: JSON.stringify(newProps.logging) !== JSON.stringify(oldProps.logging), - }; -} -function setsEqual(first, second) { - return first.size === second.size && [...first].every((e) => second.has(e)); -} -//# sourceMappingURL=data:application/json;base64, \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/asset.b8426d60bacb99593213adedd37997b7d83efb99683ef98c85e692a82056e829/common.js b/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/asset.b8426d60bacb99593213adedd37997b7d83efb99683ef98c85e692a82056e829/common.js deleted file mode 100644 index 925276513e92e..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/asset.b8426d60bacb99593213adedd37997b7d83efb99683ef98c85e692a82056e829/common.js +++ /dev/null @@ -1,43 +0,0 @@ -"use strict"; -Object.defineProperty(exports, "__esModule", { value: true }); -exports.ResourceHandler = void 0; -class ResourceHandler { - constructor(eks, event) { - this.eks = eks; - this.requestType = event.RequestType; - this.requestId = event.RequestId; - this.logicalResourceId = event.LogicalResourceId; - this.physicalResourceId = event.PhysicalResourceId; - this.event = event; - const roleToAssume = event.ResourceProperties.AssumeRoleArn; - if (!roleToAssume) { - throw new Error('AssumeRoleArn must be provided'); - } - eks.configureAssumeRole({ - RoleArn: roleToAssume, - RoleSessionName: `AWSCDK.EKSCluster.${this.requestType}.${this.requestId}`, - }); - } - onEvent() { - switch (this.requestType) { - case 'Create': return this.onCreate(); - case 'Update': return this.onUpdate(); - case 'Delete': return this.onDelete(); - } - throw new Error(`Invalid request type ${this.requestType}`); - } - isComplete() { - switch (this.requestType) { - case 'Create': return this.isCreateComplete(); - case 'Update': return this.isUpdateComplete(); - case 'Delete': return this.isDeleteComplete(); - } - throw new Error(`Invalid request type ${this.requestType}`); - } - log(x) { - // eslint-disable-next-line no-console - console.log(JSON.stringify(x, undefined, 2)); - } -} -exports.ResourceHandler = ResourceHandler; -//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiY29tbW9uLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiY29tbW9uLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7OztBQW1CQSxNQUFzQixlQUFlO0lBT25DLFlBQStCLEdBQWMsRUFBRSxLQUFvQjtRQUFwQyxRQUFHLEdBQUgsR0FBRyxDQUFXO1FBQzNDLElBQUksQ0FBQyxXQUFXLEdBQUcsS0FBSyxDQUFDLFdBQVcsQ0FBQztRQUNyQyxJQUFJLENBQUMsU0FBUyxHQUFHLEtBQUssQ0FBQyxTQUFTLENBQUM7UUFDakMsSUFBSSxDQUFDLGlCQUFpQixHQUFHLEtBQUssQ0FBQyxpQkFBaUIsQ0FBQztRQUNqRCxJQUFJLENBQUMsa0JBQWtCLEdBQUksS0FBYSxDQUFDLGtCQUFrQixDQUFDO1FBQzVELElBQUksQ0FBQyxLQUFLLEdBQUcsS0FBSyxDQUFDO1FBRW5CLE1BQU0sWUFBWSxHQUFHLEtBQUssQ0FBQyxrQkFBa0IsQ0FBQyxhQUFhLENBQUM7UUFDNUQsSUFBSSxDQUFDLFlBQVksRUFBRTtZQUNqQixNQUFNLElBQUksS0FBSyxDQUFDLGdDQUFnQyxDQUFDLENBQUM7U0FDbkQ7UUFFRCxHQUFHLENBQUMsbUJBQW1CLENBQUM7WUFDdEIsT0FBTyxFQUFFLFlBQVk7WUFDckIsZUFBZSxFQUFFLHFCQUFxQixJQUFJLENBQUMsV0FBVyxJQUFJLElBQUksQ0FBQyxTQUFTLEVBQUU7U0FDM0UsQ0FBQyxDQUFDO0tBQ0o7SUFFTSxPQUFPO1FBQ1osUUFBUSxJQUFJLENBQUMsV0FBVyxFQUFFO1lBQ3hCLEtBQUssUUFBUSxDQUFDLENBQUMsT0FBTyxJQUFJLENBQUMsUUFBUSxFQUFFLENBQUM7WUFDdEMsS0FBSyxRQUFRLENBQUMsQ0FBQyxPQUFPLElBQUksQ0FBQyxRQUFRLEVBQUUsQ0FBQztZQUN0QyxLQUFLLFFBQVEsQ0FBQyxDQUFDLE9BQU8sSUFBSSxDQUFDLFFBQVEsRUFBRSxDQUFDO1NBQ3ZDO1FBRUQsTUFBTSxJQUFJLEtBQUssQ0FBQyx3QkFBd0IsSUFBSSxDQUFDLFdBQVcsRUFBRSxDQUFDLENBQUM7S0FDN0Q7SUFFTSxVQUFVO1FBQ2YsUUFBUSxJQUFJLENBQUMsV0FBVyxFQUFFO1lBQ3hCLEtBQUssUUFBUSxDQUFDLENBQUMsT0FBTyxJQUFJLENBQUMsZ0JBQWdCLEVBQUUsQ0FBQztZQUM5QyxLQUFLLFFBQVEsQ0FBQyxDQUFDLE9BQU8sSUFBSSxDQUFDLGdCQUFnQixFQUFFLENBQUM7WUFDOUMsS0FBSyxRQUFRLENBQUMsQ0FBQyxPQUFPLElBQUksQ0FBQyxnQkFBZ0IsRUFBRSxDQUFDO1NBQy9DO1FBRUQsTUFBTSxJQUFJLEtBQUssQ0FBQyx3QkFBd0IsSUFBSSxDQUFDLFdBQVcsRUFBRSxDQUFDLENBQUM7S0FDN0Q7SUFFUyxHQUFHLENBQUMsQ0FBTTtRQUNsQixzQ0FBc0M7UUFDdEMsT0FBTyxDQUFDLEdBQUcsQ0FBQyxJQUFJLENBQUMsU0FBUyxDQUFDLENBQUMsRUFBRSxTQUFTLEVBQUUsQ0FBQyxDQUFDLENBQUMsQ0FBQztLQUM5QztDQVFGO0FBeERELDBDQXdEQyIsInNvdXJjZXNDb250ZW50IjpbIi8vIGVzbGludC1kaXNhYmxlLW5leHQtbGluZSBpbXBvcnQvbm8tZXh0cmFuZW91cy1kZXBlbmRlbmNpZXNcbmltcG9ydCAqIGFzIF9la3MgZnJvbSAnQGF3cy1zZGsvY2xpZW50LWVrcyc7XG4vLyBlc2xpbnQtZGlzYWJsZS1uZXh0LWxpbmUgaW1wb3J0L25vLWV4dHJhbmVvdXMtZGVwZW5kZW5jaWVzXG5pbXBvcnQgKiBhcyBzdHMgZnJvbSAnQGF3cy1zZGsvY2xpZW50LXN0cyc7XG5pbXBvcnQgeyBJc0NvbXBsZXRlUmVzcG9uc2UsIE9uRXZlbnRSZXNwb25zZSB9IGZyb20gJy4uLy4uLy4uL2N1c3RvbS1yZXNvdXJjZXMvbGliL3Byb3ZpZGVyLWZyYW1ld29yay90eXBlcyc7XG5cbi8vIGVzbGludC1kaXNhYmxlLW5leHQtbGluZSBpbXBvcnQvbm8tZXh0cmFuZW91cy1kZXBlbmRlbmNpZXNcblxuZXhwb3J0IGludGVyZmFjZSBFa3NVcGRhdGVJZCB7XG4gIC8qKlxuICAgKiBJZiB0aGlzIGZpZWxkIGlzIGluY2x1ZGVkIGluIGFuIGV2ZW50IHBhc3NlZCB0byBcIklzQ29tcGxldGVcIiwgaXQgbWVhbnMgd2VcbiAgICogaW5pdGlhdGVkIGFuIEVLUyB1cGRhdGUgdGhhdCBzaG91bGQgYmUgbW9uaXRvcmVkIHVzaW5nIGVrczpEZXNjcmliZVVwZGF0ZVxuICAgKiBpbnN0ZWFkIG9mIGp1c3QgbG9va2luZyBhdCB0aGUgY2x1c3RlciBzdGF0dXMuXG4gICAqL1xuICBFa3NVcGRhdGVJZD86IHN0cmluZ1xufVxuXG5leHBvcnQgdHlwZSBSZXNvdXJjZUV2ZW50ID0gQVdTTGFtYmRhLkNsb3VkRm9ybWF0aW9uQ3VzdG9tUmVzb3VyY2VFdmVudCAmIEVrc1VwZGF0ZUlkO1xuXG5leHBvcnQgYWJzdHJhY3QgY2xhc3MgUmVzb3VyY2VIYW5kbGVyIHtcbiAgcHJvdGVjdGVkIHJlYWRvbmx5IHJlcXVlc3RJZDogc3RyaW5nO1xuICBwcm90ZWN0ZWQgcmVhZG9ubHkgbG9naWNhbFJlc291cmNlSWQ6IHN0cmluZztcbiAgcHJvdGVjdGVkIHJlYWRvbmx5IHJlcXVlc3RUeXBlOiAnQ3JlYXRlJyB8ICdVcGRhdGUnIHwgJ0RlbGV0ZSc7XG4gIHByb3RlY3RlZCByZWFkb25seSBwaHlzaWNhbFJlc291cmNlSWQ/OiBzdHJpbmc7XG4gIHByb3RlY3RlZCByZWFkb25seSBldmVudDogUmVzb3VyY2VFdmVudDtcblxuICBjb25zdHJ1Y3Rvcihwcm90ZWN0ZWQgcmVhZG9ubHkgZWtzOiBFa3NDbGllbnQsIGV2ZW50OiBSZXNvdXJjZUV2ZW50KSB7XG4gICAgdGhpcy5yZXF1ZXN0VHlwZSA9IGV2ZW50LlJlcXVlc3RUeXBlO1xuICAgIHRoaXMucmVxdWVzdElkID0gZXZlbnQuUmVxdWVzdElkO1xuICAgIHRoaXMubG9naWNhbFJlc291cmNlSWQgPSBldmVudC5Mb2dpY2FsUmVzb3VyY2VJZDtcbiAgICB0aGlzLnBoeXNpY2FsUmVzb3VyY2VJZCA9IChldmVudCBhcyBhbnkpLlBoeXNpY2FsUmVzb3VyY2VJZDtcbiAgICB0aGlzLmV2ZW50ID0gZXZlbnQ7XG5cbiAgICBjb25zdCByb2xlVG9Bc3N1bWUgPSBldmVudC5SZXNvdXJjZVByb3BlcnRpZXMuQXNzdW1lUm9sZUFybjtcbiAgICBpZiAoIXJvbGVUb0Fzc3VtZSkge1xuICAgICAgdGhyb3cgbmV3IEVycm9yKCdBc3N1bWVSb2xlQXJuIG11c3QgYmUgcHJvdmlkZWQnKTtcbiAgICB9XG5cbiAgICBla3MuY29uZmlndXJlQXNzdW1lUm9sZSh7XG4gICAgICBSb2xlQXJuOiByb2xlVG9Bc3N1bWUsXG4gICAgICBSb2xlU2Vzc2lvbk5hbWU6IGBBV1NDREsuRUtTQ2x1c3Rlci4ke3RoaXMucmVxdWVzdFR5cGV9LiR7dGhpcy5yZXF1ZXN0SWR9YCxcbiAgICB9KTtcbiAgfVxuXG4gIHB1YmxpYyBvbkV2ZW50KCkge1xuICAgIHN3aXRjaCAodGhpcy5yZXF1ZXN0VHlwZSkge1xuICAgICAgY2FzZSAnQ3JlYXRlJzogcmV0dXJuIHRoaXMub25DcmVhdGUoKTtcbiAgICAgIGNhc2UgJ1VwZGF0ZSc6IHJldHVybiB0aGlzLm9uVXBkYXRlKCk7XG4gICAgICBjYXNlICdEZWxldGUnOiByZXR1cm4gdGhpcy5vbkRlbGV0ZSgpO1xuICAgIH1cblxuICAgIHRocm93IG5ldyBFcnJvcihgSW52YWxpZCByZXF1ZXN0IHR5cGUgJHt0aGlzLnJlcXVlc3RUeXBlfWApO1xuICB9XG5cbiAgcHVibGljIGlzQ29tcGxldGUoKSB7XG4gICAgc3dpdGNoICh0aGlzLnJlcXVlc3RUeXBlKSB7XG4gICAgICBjYXNlICdDcmVhdGUnOiByZXR1cm4gdGhpcy5pc0NyZWF0ZUNvbXBsZXRlKCk7XG4gICAgICBjYXNlICdVcGRhdGUnOiByZXR1cm4gdGhpcy5pc1VwZGF0ZUNvbXBsZXRlKCk7XG4gICAgICBjYXNlICdEZWxldGUnOiByZXR1cm4gdGhpcy5pc0RlbGV0ZUNvbXBsZXRlKCk7XG4gICAgfVxuXG4gICAgdGhyb3cgbmV3IEVycm9yKGBJbnZhbGlkIHJlcXVlc3QgdHlwZSAke3RoaXMucmVxdWVzdFR5cGV9YCk7XG4gIH1cblxuICBwcm90ZWN0ZWQgbG9nKHg6IGFueSkge1xuICAgIC8vIGVzbGludC1kaXNhYmxlLW5leHQtbGluZSBuby1jb25zb2xlXG4gICAgY29uc29sZS5sb2coSlNPTi5zdHJpbmdpZnkoeCwgdW5kZWZpbmVkLCAyKSk7XG4gIH1cblxuICBwcm90ZWN0ZWQgYWJzdHJhY3Qgb25DcmVhdGUoKTogUHJvbWlzZTxPbkV2ZW50UmVzcG9uc2U+O1xuICBwcm90ZWN0ZWQgYWJzdHJhY3Qgb25EZWxldGUoKTogUHJvbWlzZTxPbkV2ZW50UmVzcG9uc2UgfCB2b2lkPjtcbiAgcHJvdGVjdGVkIGFic3RyYWN0IG9uVXBkYXRlKCk6IFByb21pc2U8KE9uRXZlbnRSZXNwb25zZSAmIEVrc1VwZGF0ZUlkKSB8IHZvaWQ+O1xuICBwcm90ZWN0ZWQgYWJzdHJhY3QgaXNDcmVhdGVDb21wbGV0ZSgpOiBQcm9taXNlPElzQ29tcGxldGVSZXNwb25zZT47XG4gIHByb3RlY3RlZCBhYnN0cmFjdCBpc0RlbGV0ZUNvbXBsZXRlKCk6IFByb21pc2U8SXNDb21wbGV0ZVJlc3BvbnNlPjtcbiAgcHJvdGVjdGVkIGFic3RyYWN0IGlzVXBkYXRlQ29tcGxldGUoKTogUHJvbWlzZTxJc0NvbXBsZXRlUmVzcG9uc2U+O1xufVxuXG5leHBvcnQgaW50ZXJmYWNlIEVrc0NsaWVudCB7XG4gIGNvbmZpZ3VyZUFzc3VtZVJvbGUocmVxdWVzdDogc3RzLkFzc3VtZVJvbGVDb21tYW5kSW5wdXQpOiB2b2lkO1xuICBjcmVhdGVDbHVzdGVyKHJlcXVlc3Q6IF9la3MuQ3JlYXRlQ2x1c3RlckNvbW1hbmRJbnB1dCk6IFByb21pc2U8X2Vrcy5DcmVhdGVDbHVzdGVyQ29tbWFuZE91dHB1dD47XG4gIGRlbGV0ZUNsdXN0ZXIocmVxdWVzdDogX2Vrcy5EZWxldGVDbHVzdGVyQ29tbWFuZElucHV0KTogUHJvbWlzZTxfZWtzLkRlbGV0ZUNsdXN0ZXJDb21tYW5kT3V0cHV0PjtcbiAgZGVzY3JpYmVDbHVzdGVyKHJlcXVlc3Q6IF9la3MuRGVzY3JpYmVDbHVzdGVyQ29tbWFuZElucHV0KTogUHJvbWlzZTxfZWtzLkRlc2NyaWJlQ2x1c3RlckNvbW1hbmRPdXRwdXQ+O1xuICB1cGRhdGVDbHVzdGVyQ29uZmlnKHJlcXVlc3Q6IF9la3MuVXBkYXRlQ2x1c3RlckNvbmZpZ0NvbW1hbmRJbnB1dCk6IFByb21pc2U8X2Vrcy5VcGRhdGVDbHVzdGVyQ29uZmlnQ29tbWFuZE91dHB1dD47XG4gIHVwZGF0ZUNsdXN0ZXJWZXJzaW9uKHJlcXVlc3Q6IF9la3MuVXBkYXRlQ2x1c3RlclZlcnNpb25Db21tYW5kSW5wdXQpOiBQcm9taXNlPF9la3MuVXBkYXRlQ2x1c3RlclZlcnNpb25Db21tYW5kT3V0cHV0PjtcbiAgZGVzY3JpYmVVcGRhdGUocmVxOiBfZWtzLkRlc2NyaWJlVXBkYXRlQ29tbWFuZElucHV0KTogUHJvbWlzZTxfZWtzLkRlc2NyaWJlVXBkYXRlQ29tbWFuZE91dHB1dD47XG4gIGNyZWF0ZUZhcmdhdGVQcm9maWxlKHJlcXVlc3Q6IF9la3MuQ3JlYXRlRmFyZ2F0ZVByb2ZpbGVDb21tYW5kSW5wdXQpOiBQcm9taXNlPF9la3MuQ3JlYXRlRmFyZ2F0ZVByb2ZpbGVDb21tYW5kT3V0cHV0PjtcbiAgZGVzY3JpYmVGYXJnYXRlUHJvZmlsZShyZXF1ZXN0OiBfZWtzLkRlc2NyaWJlRmFyZ2F0ZVByb2ZpbGVDb21tYW5kSW5wdXQpOiBQcm9taXNlPF9la3MuRGVzY3JpYmVGYXJnYXRlUHJvZmlsZUNvbW1hbmRPdXRwdXQ+O1xuICBkZWxldGVGYXJnYXRlUHJvZmlsZShyZXF1ZXN0OiBfZWtzLkRlbGV0ZUZhcmdhdGVQcm9maWxlQ29tbWFuZElucHV0KTogUHJvbWlzZTxfZWtzLkRlbGV0ZUZhcmdhdGVQcm9maWxlQ29tbWFuZE91dHB1dD47XG59XG4iXX0= \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/asset.b8426d60bacb99593213adedd37997b7d83efb99683ef98c85e692a82056e829/compareLogging.js b/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/asset.b8426d60bacb99593213adedd37997b7d83efb99683ef98c85e692a82056e829/compareLogging.js deleted file mode 100644 index c46b17200589b..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/asset.b8426d60bacb99593213adedd37997b7d83efb99683ef98c85e692a82056e829/compareLogging.js +++ /dev/null @@ -1,38 +0,0 @@ -"use strict"; -Object.defineProperty(exports, "__esModule", { value: true }); -exports.compareLoggingProps = void 0; -function compareLoggingProps(oldProps, newProps) { - const result = { logging: {} }; - let enabledTypes = []; - let disabledTypes = []; - if (newProps.logging?.clusterLogging === undefined && oldProps.logging?.clusterLogging === undefined) { - return newProps; - } - // if newProps containes LogSetup - if (newProps.logging && newProps.logging.clusterLogging && newProps.logging.clusterLogging.length > 0) { - enabledTypes = newProps.logging.clusterLogging[0].types; - // if oldProps contains LogSetup with enabled:true - if (oldProps.logging && oldProps.logging.clusterLogging && oldProps.logging.clusterLogging.length > 0) { - // LogType in oldProp but not in newProp should be considered disabled(enabled:false) - disabledTypes = oldProps.logging.clusterLogging[0].types.filter(t => !newProps.logging.clusterLogging[0].types.includes(t)); - } - } - else { - // all enabled:true in oldProps will be enabled:false - disabledTypes = oldProps.logging.clusterLogging[0].types; - } - if (enabledTypes.length > 0 || disabledTypes.length > 0) { - result.logging = { clusterLogging: [] }; - } - // append the enabled:false LogSetup to the result - if (enabledTypes.length > 0) { - result.logging.clusterLogging.push({ types: enabledTypes, enabled: true }); - } - // append the enabled:false LogSetup to the result - if (disabledTypes.length > 0) { - result.logging.clusterLogging.push({ types: disabledTypes, enabled: false }); - } - return result; -} -exports.compareLoggingProps = compareLoggingProps; -//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiY29tcGFyZUxvZ2dpbmcuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyJjb21wYXJlTG9nZ2luZy50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7QUFXQSxTQUFnQixtQkFBbUIsQ0FBQyxRQUFnRCxFQUNsRixRQUFnRDtJQUNoRCxNQUFNLE1BQU0sR0FBMkMsRUFBRSxPQUFPLEVBQUUsRUFBRSxFQUFFLENBQUM7SUFDdkUsSUFBSSxZQUFZLEdBQTZCLEVBQUUsQ0FBQztJQUNoRCxJQUFJLGFBQWEsR0FBNkIsRUFBRSxDQUFDO0lBRWpELElBQUksUUFBUSxDQUFDLE9BQU8sRUFBRSxjQUFjLEtBQUssU0FBUyxJQUFJLFFBQVEsQ0FBQyxPQUFPLEVBQUUsY0FBYyxLQUFLLFNBQVMsRUFBRTtRQUNwRyxPQUFPLFFBQVEsQ0FBQztLQUNqQjtJQUNELGlDQUFpQztJQUNqQyxJQUFJLFFBQVEsQ0FBQyxPQUFPLElBQUksUUFBUSxDQUFDLE9BQU8sQ0FBQyxjQUFjLElBQUksUUFBUSxDQUFDLE9BQU8sQ0FBQyxjQUFjLENBQUMsTUFBTSxHQUFHLENBQUMsRUFBRTtRQUNyRyxZQUFZLEdBQUcsUUFBUSxDQUFDLE9BQU8sQ0FBQyxjQUFjLENBQUMsQ0FBQyxDQUFDLENBQUMsS0FBTSxDQUFDO1FBQ3pELGtEQUFrRDtRQUNsRCxJQUFJLFFBQVEsQ0FBQyxPQUFPLElBQUksUUFBUSxDQUFDLE9BQU8sQ0FBQyxjQUFjLElBQUksUUFBUSxDQUFDLE9BQU8sQ0FBQyxjQUFjLENBQUMsTUFBTSxHQUFHLENBQUMsRUFBRTtZQUNyRyxxRkFBcUY7WUFDckYsYUFBYSxHQUFHLFFBQVEsQ0FBQyxPQUFRLENBQUMsY0FBZSxDQUFDLENBQUMsQ0FBQyxDQUFDLEtBQU0sQ0FBQyxNQUFNLENBQUMsQ0FBQyxDQUFDLEVBQUUsQ0FBQyxDQUFDLFFBQVEsQ0FBQyxPQUFRLENBQUMsY0FBZSxDQUFDLENBQUMsQ0FBQyxDQUFDLEtBQU0sQ0FBQyxRQUFRLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQztTQUNuSTtLQUNGO1NBQU07UUFDTCxxREFBcUQ7UUFDckQsYUFBYSxHQUFHLFFBQVEsQ0FBQyxPQUFRLENBQUMsY0FBZSxDQUFDLENBQUMsQ0FBQyxDQUFDLEtBQU0sQ0FBQztLQUM3RDtJQUVELElBQUksWUFBWSxDQUFDLE1BQU0sR0FBRyxDQUFDLElBQUksYUFBYSxDQUFDLE1BQU0sR0FBRyxDQUFDLEVBQUU7UUFDdkQsTUFBTSxDQUFDLE9BQU8sR0FBRyxFQUFFLGNBQWMsRUFBRSxFQUFFLEVBQUUsQ0FBQztLQUN6QztJQUVELGtEQUFrRDtJQUNsRCxJQUFJLFlBQVksQ0FBQyxNQUFNLEdBQUcsQ0FBQyxFQUFFO1FBQzNCLE1BQU0sQ0FBQyxPQUFRLENBQUMsY0FBZSxDQUFDLElBQUksQ0FBQyxFQUFFLEtBQUssRUFBRSxZQUFZLEVBQUUsT0FBTyxFQUFFLElBQUksRUFBRSxDQUFDLENBQUM7S0FDOUU7SUFDRCxrREFBa0Q7SUFDbEQsSUFBSSxhQUFhLENBQUMsTUFBTSxHQUFHLENBQUMsRUFBRTtRQUM1QixNQUFNLENBQUMsT0FBUSxDQUFDLGNBQWUsQ0FBQyxJQUFJLENBQUMsRUFBRSxLQUFLLEVBQUUsYUFBYSxFQUFFLE9BQU8sRUFBRSxLQUFLLEVBQUUsQ0FBQyxDQUFDO0tBQ2hGO0lBQ0QsT0FBTyxNQUFNLENBQUM7QUFDaEIsQ0FBQztBQW5DRCxrREFtQ0MiLCJzb3VyY2VzQ29udGVudCI6WyIvKipcbiAqIFRoaXMgZnVuY3Rpb24gY29tcGFyZXMgdGhlIGxvZ2dpbmcgY29uZmlndXJhdGlvbiBmcm9tIG9sZFByb3BzIGFuZCBuZXdQcm9wcyBhbmQgcmV0dXJuc1xuICogdGhlIHJlc3VsdCB0aGF0IGNvbnRhaW5zIExvZ1NldHVwIHdpdGggZW5hYmxlZDpmYWxzZSBpZiBhbnkuXG4gKlxuICogQHBhcmFtIG9sZFByb3BzIG9sZCBwcm9wZXJ0aWVzXG4gKiBAcGFyYW0gbmV3UHJvcHMgbmV3IHByb3BlcnRpZXNcbiAqIEByZXR1cm5zIHJlc3VsdCB3aXRoIExvZ1NldCB3aXRoIGVuYWJsZWQ6ZmFsc2UgaWYgYW55XG4gKi9cbi8vIGVzbGludC1kaXNhYmxlLW5leHQtbGluZSBpbXBvcnQvbm8tZXh0cmFuZW91cy1kZXBlbmRlbmNpZXNcbmltcG9ydCAqIGFzIEVLUyBmcm9tICdAYXdzLXNkay9jbGllbnQtZWtzJztcblxuZXhwb3J0IGZ1bmN0aW9uIGNvbXBhcmVMb2dnaW5nUHJvcHMob2xkUHJvcHM6IFBhcnRpYWw8RUtTLkNyZWF0ZUNsdXN0ZXJDb21tYW5kSW5wdXQ+LFxuICBuZXdQcm9wczogUGFydGlhbDxFS1MuQ3JlYXRlQ2x1c3RlckNvbW1hbmRJbnB1dD4pOiBQYXJ0aWFsPEVLUy5DcmVhdGVDbHVzdGVyQ29tbWFuZElucHV0PiB7XG4gIGNvbnN0IHJlc3VsdDogUGFydGlhbDxFS1MuQ3JlYXRlQ2x1c3RlckNvbW1hbmRJbnB1dD4gPSB7IGxvZ2dpbmc6IHt9IH07XG4gIGxldCBlbmFibGVkVHlwZXM6IChFS1MuTG9nVHlwZSB8IHN0cmluZylbXSA9IFtdO1xuICBsZXQgZGlzYWJsZWRUeXBlczogKEVLUy5Mb2dUeXBlIHwgc3RyaW5nKVtdID0gW107XG5cbiAgaWYgKG5ld1Byb3BzLmxvZ2dpbmc/LmNsdXN0ZXJMb2dnaW5nID09PSB1bmRlZmluZWQgJiYgb2xkUHJvcHMubG9nZ2luZz8uY2x1c3RlckxvZ2dpbmcgPT09IHVuZGVmaW5lZCkge1xuICAgIHJldHVybiBuZXdQcm9wcztcbiAgfVxuICAvLyBpZiBuZXdQcm9wcyBjb250YWluZXMgTG9nU2V0dXBcbiAgaWYgKG5ld1Byb3BzLmxvZ2dpbmcgJiYgbmV3UHJvcHMubG9nZ2luZy5jbHVzdGVyTG9nZ2luZyAmJiBuZXdQcm9wcy5sb2dnaW5nLmNsdXN0ZXJMb2dnaW5nLmxlbmd0aCA+IDApIHtcbiAgICBlbmFibGVkVHlwZXMgPSBuZXdQcm9wcy5sb2dnaW5nLmNsdXN0ZXJMb2dnaW5nWzBdLnR5cGVzITtcbiAgICAvLyBpZiBvbGRQcm9wcyBjb250YWlucyBMb2dTZXR1cCB3aXRoIGVuYWJsZWQ6dHJ1ZVxuICAgIGlmIChvbGRQcm9wcy5sb2dnaW5nICYmIG9sZFByb3BzLmxvZ2dpbmcuY2x1c3RlckxvZ2dpbmcgJiYgb2xkUHJvcHMubG9nZ2luZy5jbHVzdGVyTG9nZ2luZy5sZW5ndGggPiAwKSB7XG4gICAgICAvLyBMb2dUeXBlIGluIG9sZFByb3AgYnV0IG5vdCBpbiBuZXdQcm9wIHNob3VsZCBiZSBjb25zaWRlcmVkIGRpc2FibGVkKGVuYWJsZWQ6ZmFsc2UpXG4gICAgICBkaXNhYmxlZFR5cGVzID0gb2xkUHJvcHMubG9nZ2luZyEuY2x1c3RlckxvZ2dpbmchWzBdLnR5cGVzIS5maWx0ZXIodCA9PiAhbmV3UHJvcHMubG9nZ2luZyEuY2x1c3RlckxvZ2dpbmchWzBdLnR5cGVzIS5pbmNsdWRlcyh0KSk7XG4gICAgfVxuICB9IGVsc2Uge1xuICAgIC8vIGFsbCBlbmFibGVkOnRydWUgaW4gb2xkUHJvcHMgd2lsbCBiZSBlbmFibGVkOmZhbHNlXG4gICAgZGlzYWJsZWRUeXBlcyA9IG9sZFByb3BzLmxvZ2dpbmchLmNsdXN0ZXJMb2dnaW5nIVswXS50eXBlcyE7XG4gIH1cblxuICBpZiAoZW5hYmxlZFR5cGVzLmxlbmd0aCA+IDAgfHwgZGlzYWJsZWRUeXBlcy5sZW5ndGggPiAwKSB7XG4gICAgcmVzdWx0LmxvZ2dpbmcgPSB7IGNsdXN0ZXJMb2dnaW5nOiBbXSB9O1xuICB9XG5cbiAgLy8gYXBwZW5kIHRoZSBlbmFibGVkOmZhbHNlIExvZ1NldHVwIHRvIHRoZSByZXN1bHRcbiAgaWYgKGVuYWJsZWRUeXBlcy5sZW5ndGggPiAwKSB7XG4gICAgcmVzdWx0LmxvZ2dpbmchLmNsdXN0ZXJMb2dnaW5nIS5wdXNoKHsgdHlwZXM6IGVuYWJsZWRUeXBlcywgZW5hYmxlZDogdHJ1ZSB9KTtcbiAgfVxuICAvLyBhcHBlbmQgdGhlIGVuYWJsZWQ6ZmFsc2UgTG9nU2V0dXAgdG8gdGhlIHJlc3VsdFxuICBpZiAoZGlzYWJsZWRUeXBlcy5sZW5ndGggPiAwKSB7XG4gICAgcmVzdWx0LmxvZ2dpbmchLmNsdXN0ZXJMb2dnaW5nIS5wdXNoKHsgdHlwZXM6IGRpc2FibGVkVHlwZXMsIGVuYWJsZWQ6IGZhbHNlIH0pO1xuICB9XG4gIHJldHVybiByZXN1bHQ7XG59XG4iXX0= \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/asset.b8426d60bacb99593213adedd37997b7d83efb99683ef98c85e692a82056e829/consts.js b/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/asset.b8426d60bacb99593213adedd37997b7d83efb99683ef98c85e692a82056e829/consts.js deleted file mode 100644 index 679526725fb11..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/asset.b8426d60bacb99593213adedd37997b7d83efb99683ef98c85e692a82056e829/consts.js +++ /dev/null @@ -1,6 +0,0 @@ -"use strict"; -Object.defineProperty(exports, "__esModule", { value: true }); -exports.FARGATE_PROFILE_RESOURCE_TYPE = exports.CLUSTER_RESOURCE_TYPE = void 0; -exports.CLUSTER_RESOURCE_TYPE = 'Custom::AWSCDK-EKS-Cluster'; -exports.FARGATE_PROFILE_RESOURCE_TYPE = 'Custom::AWSCDK-EKS-FargateProfile'; -//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiY29uc3RzLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiY29uc3RzLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7OztBQUFhLFFBQUEscUJBQXFCLEdBQUcsNEJBQTRCLENBQUM7QUFDckQsUUFBQSw2QkFBNkIsR0FBRyxtQ0FBbUMsQ0FBQyIsInNvdXJjZXNDb250ZW50IjpbImV4cG9ydCBjb25zdCBDTFVTVEVSX1JFU09VUkNFX1RZUEUgPSAnQ3VzdG9tOjpBV1NDREstRUtTLUNsdXN0ZXInO1xuZXhwb3J0IGNvbnN0IEZBUkdBVEVfUFJPRklMRV9SRVNPVVJDRV9UWVBFID0gJ0N1c3RvbTo6QVdTQ0RLLUVLUy1GYXJnYXRlUHJvZmlsZSc7Il19 \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/asset.b8426d60bacb99593213adedd37997b7d83efb99683ef98c85e692a82056e829/fargate.js b/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/asset.b8426d60bacb99593213adedd37997b7d83efb99683ef98c85e692a82056e829/fargate.js deleted file mode 100644 index e946d9384b98f..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/asset.b8426d60bacb99593213adedd37997b7d83efb99683ef98c85e692a82056e829/fargate.js +++ /dev/null @@ -1,102 +0,0 @@ -"use strict"; -Object.defineProperty(exports, "__esModule", { value: true }); -exports.FargateProfileResourceHandler = void 0; -const common_1 = require("./common"); -const MAX_NAME_LEN = 63; -class FargateProfileResourceHandler extends common_1.ResourceHandler { - async onCreate() { - const fargateProfileName = this.event.ResourceProperties.Config.fargateProfileName ?? this.generateProfileName(); - const createFargateProfile = { - fargateProfileName, - ...this.event.ResourceProperties.Config, - }; - this.log({ createFargateProfile }); - const createFargateProfileResponse = await this.eks.createFargateProfile(createFargateProfile); - this.log({ createFargateProfileResponse }); - if (!createFargateProfileResponse.fargateProfile) { - throw new Error('invalid CreateFargateProfile response'); - } - return { - PhysicalResourceId: createFargateProfileResponse.fargateProfile.fargateProfileName, - Data: { - fargateProfileArn: createFargateProfileResponse.fargateProfile.fargateProfileArn, - }, - }; - } - async onDelete() { - if (!this.physicalResourceId) { - throw new Error('Cannot delete a profile without a physical id'); - } - const deleteFargateProfile = { - clusterName: this.event.ResourceProperties.Config.clusterName, - fargateProfileName: this.physicalResourceId, - }; - this.log({ deleteFargateProfile }); - const deleteFargateProfileResponse = await this.eks.deleteFargateProfile(deleteFargateProfile); - this.log({ deleteFargateProfileResponse }); - return; - } - async onUpdate() { - // all updates require a replacement. as long as name is generated, we are - // good. if name is explicit, update will fail, which is common when trying - // to replace cfn resources with explicit physical names - return this.onCreate(); - } - async isCreateComplete() { - return this.isUpdateComplete(); - } - async isUpdateComplete() { - const status = await this.queryStatus(); - return { - IsComplete: status === 'ACTIVE', - }; - } - async isDeleteComplete() { - const status = await this.queryStatus(); - return { - IsComplete: status === 'NOT_FOUND', - }; - } - /** - * Generates a fargate profile name. - */ - generateProfileName() { - const suffix = this.requestId.replace(/-/g, ''); // 32 chars - const offset = MAX_NAME_LEN - suffix.length - 1; - const prefix = this.logicalResourceId.slice(0, offset > 0 ? offset : 0); - return `${prefix}-${suffix}`; - } - /** - * Queries the Fargate profile's current status and returns the status or - * NOT_FOUND if the profile doesn't exist (i.e. it has been deleted). - */ - async queryStatus() { - if (!this.physicalResourceId) { - throw new Error('Unable to determine status for fargate profile without a resource name'); - } - const describeFargateProfile = { - clusterName: this.event.ResourceProperties.Config.clusterName, - fargateProfileName: this.physicalResourceId, - }; - try { - this.log({ describeFargateProfile }); - const describeFargateProfileResponse = await this.eks.describeFargateProfile(describeFargateProfile); - this.log({ describeFargateProfileResponse }); - const status = describeFargateProfileResponse.fargateProfile?.status; - if (status === 'CREATE_FAILED' || status === 'DELETE_FAILED') { - throw new Error(status); - } - return status; - } - catch (describeFargateProfileError) { - if (describeFargateProfileError.name === 'ResourceNotFoundException') { - this.log('received ResourceNotFoundException, this means the profile has been deleted (or never existed)'); - return 'NOT_FOUND'; - } - this.log({ describeFargateProfileError }); - throw describeFargateProfileError; - } - } -} -exports.FargateProfileResourceHandler = FargateProfileResourceHandler; -//# sourceMappingURL=data:application/json;base64, \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/asset.b8426d60bacb99593213adedd37997b7d83efb99683ef98c85e692a82056e829/index.js b/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/asset.b8426d60bacb99593213adedd37997b7d83efb99683ef98c85e692a82056e829/index.js deleted file mode 100644 index a53ec4c9cde7a..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/asset.b8426d60bacb99593213adedd37997b7d83efb99683ef98c85e692a82056e829/index.js +++ /dev/null @@ -1,68 +0,0 @@ -"use strict"; -Object.defineProperty(exports, "__esModule", { value: true }); -exports.isComplete = exports.onEvent = void 0; -/* eslint-disable no-console */ -// eslint-disable-next-line import/no-extraneous-dependencies -const client_eks_1 = require("@aws-sdk/client-eks"); -// eslint-disable-next-line import/no-extraneous-dependencies -const credential_providers_1 = require("@aws-sdk/credential-providers"); -// eslint-disable-next-line import/no-extraneous-dependencies -const node_http_handler_1 = require("@aws-sdk/node-http-handler"); -// eslint-disable-next-line import/no-extraneous-dependencies -const proxy_agent_1 = require("proxy-agent"); -const cluster_1 = require("./cluster"); -const consts = require("./consts"); -const fargate_1 = require("./fargate"); -const proxyAgent = new proxy_agent_1.ProxyAgent(); -const awsConfig = { - logger: console, - requestHandler: new node_http_handler_1.NodeHttpHandler({ - httpAgent: proxyAgent, - httpsAgent: proxyAgent, - }), -}; -let eks; -const defaultEksClient = { - createCluster: req => getEksClient().createCluster(req), - deleteCluster: req => getEksClient().deleteCluster(req), - describeCluster: req => getEksClient().describeCluster(req), - describeUpdate: req => getEksClient().describeUpdate(req), - updateClusterConfig: req => getEksClient().updateClusterConfig(req), - updateClusterVersion: req => getEksClient().updateClusterVersion(req), - createFargateProfile: req => getEksClient().createFargateProfile(req), - deleteFargateProfile: req => getEksClient().deleteFargateProfile(req), - describeFargateProfile: req => getEksClient().describeFargateProfile(req), - configureAssumeRole: (req) => { - eks = new client_eks_1.EKS({ - ...awsConfig, - credentials: (0, credential_providers_1.fromTemporaryCredentials)({ - params: req, - }), - }); - }, -}; -function getEksClient() { - if (!eks) { - throw new Error('EKS client not initialized (call "configureAssumeRole")'); - } - return eks; -} -async function onEvent(event) { - const provider = createResourceHandler(event); - return provider.onEvent(); -} -exports.onEvent = onEvent; -async function isComplete(event) { - const provider = createResourceHandler(event); - return provider.isComplete(); -} -exports.isComplete = isComplete; -function createResourceHandler(event) { - switch (event.ResourceType) { - case consts.CLUSTER_RESOURCE_TYPE: return new cluster_1.ClusterResourceHandler(defaultEksClient, event); - case consts.FARGATE_PROFILE_RESOURCE_TYPE: return new fargate_1.FargateProfileResourceHandler(defaultEksClient, event); - default: - throw new Error(`Unsupported resource type "${event.ResourceType}`); - } -} -//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyJpbmRleC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7QUFBQSwrQkFBK0I7QUFDL0IsNkRBQTZEO0FBQzdELG9EQUEwQztBQUMxQyw2REFBNkQ7QUFDN0Qsd0VBQXlFO0FBQ3pFLDZEQUE2RDtBQUM3RCxrRUFBNkQ7QUFDN0QsNkRBQTZEO0FBQzdELDZDQUF5QztBQUN6Qyx1Q0FBbUQ7QUFFbkQsbUNBQW1DO0FBQ25DLHVDQUEwRDtBQUcxRCxNQUFNLFVBQVUsR0FBRyxJQUFJLHdCQUFVLEVBQUUsQ0FBQztBQUNwQyxNQUFNLFNBQVMsR0FBRztJQUNoQixNQUFNLEVBQUUsT0FBTztJQUNmLGNBQWMsRUFBRSxJQUFJLG1DQUFlLENBQUM7UUFDbEMsU0FBUyxFQUFFLFVBQVU7UUFDckIsVUFBVSxFQUFFLFVBQVU7S0FDdkIsQ0FBQztDQUNILENBQUM7QUFFRixJQUFJLEdBQW9CLENBQUM7QUFFekIsTUFBTSxnQkFBZ0IsR0FBYztJQUNsQyxhQUFhLEVBQUUsR0FBRyxDQUFDLEVBQUUsQ0FBQyxZQUFZLEVBQUUsQ0FBQyxhQUFhLENBQUMsR0FBRyxDQUFDO0lBQ3ZELGFBQWEsRUFBRSxHQUFHLENBQUMsRUFBRSxDQUFDLFlBQVksRUFBRSxDQUFDLGFBQWEsQ0FBQyxHQUFHLENBQUM7SUFDdkQsZUFBZSxFQUFFLEdBQUcsQ0FBQyxFQUFFLENBQUMsWUFBWSxFQUFFLENBQUMsZUFBZSxDQUFDLEdBQUcsQ0FBQztJQUMzRCxjQUFjLEVBQUUsR0FBRyxDQUFDLEVBQUUsQ0FBQyxZQUFZLEVBQUUsQ0FBQyxjQUFjLENBQUMsR0FBRyxDQUFDO0lBQ3pELG1CQUFtQixFQUFFLEdBQUcsQ0FBQyxFQUFFLENBQUMsWUFBWSxFQUFFLENBQUMsbUJBQW1CLENBQUMsR0FBRyxDQUFDO0lBQ25FLG9CQUFvQixFQUFFLEdBQUcsQ0FBQyxFQUFFLENBQUMsWUFBWSxFQUFFLENBQUMsb0JBQW9CLENBQUMsR0FBRyxDQUFDO0lBQ3JFLG9CQUFvQixFQUFFLEdBQUcsQ0FBQyxFQUFFLENBQUMsWUFBWSxFQUFFLENBQUMsb0JBQW9CLENBQUMsR0FBRyxDQUFDO0lBQ3JFLG9CQUFvQixFQUFFLEdBQUcsQ0FBQyxFQUFFLENBQUMsWUFBWSxFQUFFLENBQUMsb0JBQW9CLENBQUMsR0FBRyxDQUFDO0lBQ3JFLHNCQUFzQixFQUFFLEdBQUcsQ0FBQyxFQUFFLENBQUMsWUFBWSxFQUFFLENBQUMsc0JBQXNCLENBQUMsR0FBRyxDQUFDO0lBQ3pFLG1CQUFtQixFQUFFLENBQUMsR0FBRyxFQUFFLEVBQUU7UUFDM0IsR0FBRyxHQUFHLElBQUksZ0JBQUcsQ0FBQztZQUNaLEdBQUcsU0FBUztZQUNaLFdBQVcsRUFBRSxJQUFBLCtDQUF3QixFQUFDO2dCQUNwQyxNQUFNLEVBQUUsR0FBRzthQUNaLENBQUM7U0FDSCxDQUFDLENBQUM7SUFDTCxDQUFDO0NBQ0YsQ0FBQztBQUVGLFNBQVMsWUFBWTtJQUNuQixJQUFJLENBQUMsR0FBRyxFQUFFO1FBQ1IsTUFBTSxJQUFJLEtBQUssQ0FBQyx5REFBeUQsQ0FBQyxDQUFDO0tBQzVFO0lBRUQsT0FBTyxHQUFHLENBQUM7QUFDYixDQUFDO0FBRU0sS0FBSyxVQUFVLE9BQU8sQ0FBQyxLQUFrRDtJQUM5RSxNQUFNLFFBQVEsR0FBRyxxQkFBcUIsQ0FBQyxLQUFLLENBQUMsQ0FBQztJQUM5QyxPQUFPLFFBQVEsQ0FBQyxPQUFPLEVBQUUsQ0FBQztBQUM1QixDQUFDO0FBSEQsMEJBR0M7QUFFTSxLQUFLLFVBQVUsVUFBVSxDQUFDLEtBQWtEO0lBQ2pGLE1BQU0sUUFBUSxHQUFHLHFCQUFxQixDQUFDLEtBQUssQ0FBQyxDQUFDO0lBQzlDLE9BQU8sUUFBUSxDQUFDLFVBQVUsRUFBRSxDQUFDO0FBQy9CLENBQUM7QUFIRCxnQ0FHQztBQUVELFNBQVMscUJBQXFCLENBQUMsS0FBa0Q7SUFDL0UsUUFBUSxLQUFLLENBQUMsWUFBWSxFQUFFO1FBQzFCLEtBQUssTUFBTSxDQUFDLHFCQUFxQixDQUFDLENBQUMsT0FBTyxJQUFJLGdDQUFzQixDQUFDLGdCQUFnQixFQUFFLEtBQUssQ0FBQyxDQUFDO1FBQzlGLEtBQUssTUFBTSxDQUFDLDZCQUE2QixDQUFDLENBQUMsT0FBTyxJQUFJLHVDQUE2QixDQUFDLGdCQUFnQixFQUFFLEtBQUssQ0FBQyxDQUFDO1FBQzdHO1lBQ0UsTUFBTSxJQUFJLEtBQUssQ0FBQyw4QkFBOEIsS0FBSyxDQUFDLFlBQVksRUFBRSxDQUFDLENBQUM7S0FDdkU7QUFDSCxDQUFDIiwic291cmNlc0NvbnRlbnQiOlsiLyogZXNsaW50LWRpc2FibGUgbm8tY29uc29sZSAqL1xuLy8gZXNsaW50LWRpc2FibGUtbmV4dC1saW5lIGltcG9ydC9uby1leHRyYW5lb3VzLWRlcGVuZGVuY2llc1xuaW1wb3J0IHsgRUtTIH0gZnJvbSAnQGF3cy1zZGsvY2xpZW50LWVrcyc7XG4vLyBlc2xpbnQtZGlzYWJsZS1uZXh0LWxpbmUgaW1wb3J0L25vLWV4dHJhbmVvdXMtZGVwZW5kZW5jaWVzXG5pbXBvcnQgeyBmcm9tVGVtcG9yYXJ5Q3JlZGVudGlhbHMgfSBmcm9tICdAYXdzLXNkay9jcmVkZW50aWFsLXByb3ZpZGVycyc7XG4vLyBlc2xpbnQtZGlzYWJsZS1uZXh0LWxpbmUgaW1wb3J0L25vLWV4dHJhbmVvdXMtZGVwZW5kZW5jaWVzXG5pbXBvcnQgeyBOb2RlSHR0cEhhbmRsZXIgfSBmcm9tICdAYXdzLXNkay9ub2RlLWh0dHAtaGFuZGxlcic7XG4vLyBlc2xpbnQtZGlzYWJsZS1uZXh0LWxpbmUgaW1wb3J0L25vLWV4dHJhbmVvdXMtZGVwZW5kZW5jaWVzXG5pbXBvcnQgeyBQcm94eUFnZW50IH0gZnJvbSAncHJveHktYWdlbnQnO1xuaW1wb3J0IHsgQ2x1c3RlclJlc291cmNlSGFuZGxlciB9IGZyb20gJy4vY2x1c3Rlcic7XG5pbXBvcnQgeyBFa3NDbGllbnQgfSBmcm9tICcuL2NvbW1vbic7XG5pbXBvcnQgKiBhcyBjb25zdHMgZnJvbSAnLi9jb25zdHMnO1xuaW1wb3J0IHsgRmFyZ2F0ZVByb2ZpbGVSZXNvdXJjZUhhbmRsZXIgfSBmcm9tICcuL2ZhcmdhdGUnO1xuaW1wb3J0IHsgSXNDb21wbGV0ZVJlc3BvbnNlIH0gZnJvbSAnLi4vLi4vLi4vY3VzdG9tLXJlc291cmNlcy9saWIvcHJvdmlkZXItZnJhbWV3b3JrL3R5cGVzJztcblxuY29uc3QgcHJveHlBZ2VudCA9IG5ldyBQcm94eUFnZW50KCk7XG5jb25zdCBhd3NDb25maWcgPSB7XG4gIGxvZ2dlcjogY29uc29sZSxcbiAgcmVxdWVzdEhhbmRsZXI6IG5ldyBOb2RlSHR0cEhhbmRsZXIoe1xuICAgIGh0dHBBZ2VudDogcHJveHlBZ2VudCxcbiAgICBodHRwc0FnZW50OiBwcm94eUFnZW50LFxuICB9KSxcbn07XG5cbmxldCBla3M6IEVLUyB8IHVuZGVmaW5lZDtcblxuY29uc3QgZGVmYXVsdEVrc0NsaWVudDogRWtzQ2xpZW50ID0ge1xuICBjcmVhdGVDbHVzdGVyOiByZXEgPT4gZ2V0RWtzQ2xpZW50KCkuY3JlYXRlQ2x1c3RlcihyZXEpLFxuICBkZWxldGVDbHVzdGVyOiByZXEgPT4gZ2V0RWtzQ2xpZW50KCkuZGVsZXRlQ2x1c3RlcihyZXEpLFxuICBkZXNjcmliZUNsdXN0ZXI6IHJlcSA9PiBnZXRFa3NDbGllbnQoKS5kZXNjcmliZUNsdXN0ZXIocmVxKSxcbiAgZGVzY3JpYmVVcGRhdGU6IHJlcSA9PiBnZXRFa3NDbGllbnQoKS5kZXNjcmliZVVwZGF0ZShyZXEpLFxuICB1cGRhdGVDbHVzdGVyQ29uZmlnOiByZXEgPT4gZ2V0RWtzQ2xpZW50KCkudXBkYXRlQ2x1c3RlckNvbmZpZyhyZXEpLFxuICB1cGRhdGVDbHVzdGVyVmVyc2lvbjogcmVxID0+IGdldEVrc0NsaWVudCgpLnVwZGF0ZUNsdXN0ZXJWZXJzaW9uKHJlcSksXG4gIGNyZWF0ZUZhcmdhdGVQcm9maWxlOiByZXEgPT4gZ2V0RWtzQ2xpZW50KCkuY3JlYXRlRmFyZ2F0ZVByb2ZpbGUocmVxKSxcbiAgZGVsZXRlRmFyZ2F0ZVByb2ZpbGU6IHJlcSA9PiBnZXRFa3NDbGllbnQoKS5kZWxldGVGYXJnYXRlUHJvZmlsZShyZXEpLFxuICBkZXNjcmliZUZhcmdhdGVQcm9maWxlOiByZXEgPT4gZ2V0RWtzQ2xpZW50KCkuZGVzY3JpYmVGYXJnYXRlUHJvZmlsZShyZXEpLFxuICBjb25maWd1cmVBc3N1bWVSb2xlOiAocmVxKSA9PiB7XG4gICAgZWtzID0gbmV3IEVLUyh7XG4gICAgICAuLi5hd3NDb25maWcsXG4gICAgICBjcmVkZW50aWFsczogZnJvbVRlbXBvcmFyeUNyZWRlbnRpYWxzKHtcbiAgICAgICAgcGFyYW1zOiByZXEsXG4gICAgICB9KSxcbiAgICB9KTtcbiAgfSxcbn07XG5cbmZ1bmN0aW9uIGdldEVrc0NsaWVudCgpIHtcbiAgaWYgKCFla3MpIHtcbiAgICB0aHJvdyBuZXcgRXJyb3IoJ0VLUyBjbGllbnQgbm90IGluaXRpYWxpemVkIChjYWxsIFwiY29uZmlndXJlQXNzdW1lUm9sZVwiKScpO1xuICB9XG5cbiAgcmV0dXJuIGVrcztcbn1cblxuZXhwb3J0IGFzeW5jIGZ1bmN0aW9uIG9uRXZlbnQoZXZlbnQ6IEFXU0xhbWJkYS5DbG91ZEZvcm1hdGlvbkN1c3RvbVJlc291cmNlRXZlbnQpIHtcbiAgY29uc3QgcHJvdmlkZXIgPSBjcmVhdGVSZXNvdXJjZUhhbmRsZXIoZXZlbnQpO1xuICByZXR1cm4gcHJvdmlkZXIub25FdmVudCgpO1xufVxuXG5leHBvcnQgYXN5bmMgZnVuY3Rpb24gaXNDb21wbGV0ZShldmVudDogQVdTTGFtYmRhLkNsb3VkRm9ybWF0aW9uQ3VzdG9tUmVzb3VyY2VFdmVudCk6IFByb21pc2U8SXNDb21wbGV0ZVJlc3BvbnNlPiB7XG4gIGNvbnN0IHByb3ZpZGVyID0gY3JlYXRlUmVzb3VyY2VIYW5kbGVyKGV2ZW50KTtcbiAgcmV0dXJuIHByb3ZpZGVyLmlzQ29tcGxldGUoKTtcbn1cblxuZnVuY3Rpb24gY3JlYXRlUmVzb3VyY2VIYW5kbGVyKGV2ZW50OiBBV1NMYW1iZGEuQ2xvdWRGb3JtYXRpb25DdXN0b21SZXNvdXJjZUV2ZW50KSB7XG4gIHN3aXRjaCAoZXZlbnQuUmVzb3VyY2VUeXBlKSB7XG4gICAgY2FzZSBjb25zdHMuQ0xVU1RFUl9SRVNPVVJDRV9UWVBFOiByZXR1cm4gbmV3IENsdXN0ZXJSZXNvdXJjZUhhbmRsZXIoZGVmYXVsdEVrc0NsaWVudCwgZXZlbnQpO1xuICAgIGNhc2UgY29uc3RzLkZBUkdBVEVfUFJPRklMRV9SRVNPVVJDRV9UWVBFOiByZXR1cm4gbmV3IEZhcmdhdGVQcm9maWxlUmVzb3VyY2VIYW5kbGVyKGRlZmF1bHRFa3NDbGllbnQsIGV2ZW50KTtcbiAgICBkZWZhdWx0OlxuICAgICAgdGhyb3cgbmV3IEVycm9yKGBVbnN1cHBvcnRlZCByZXNvdXJjZSB0eXBlIFwiJHtldmVudC5SZXNvdXJjZVR5cGV9YCk7XG4gIH1cbn1cbiJdfQ== \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/aws-cdk-eks-cluster-alb-controller-test.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/aws-cdk-eks-cluster-alb-controller-test.assets.json index ccf6faeb98ad1..b1023a126689c 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/aws-cdk-eks-cluster-alb-controller-test.assets.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/aws-cdk-eks-cluster-alb-controller-test.assets.json @@ -27,15 +27,15 @@ } } }, - "b8426d60bacb99593213adedd37997b7d83efb99683ef98c85e692a82056e829": { + "9efb96d8186dd343e3f84c72cfbcaaf16aa5579bbac0c02c60d4f19f4300d832": { "source": { - "path": "asset.b8426d60bacb99593213adedd37997b7d83efb99683ef98c85e692a82056e829", + "path": "asset.9efb96d8186dd343e3f84c72cfbcaaf16aa5579bbac0c02c60d4f19f4300d832", "packaging": "zip" }, "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "b8426d60bacb99593213adedd37997b7d83efb99683ef98c85e692a82056e829.zip", + "objectKey": "9efb96d8186dd343e3f84c72cfbcaaf16aa5579bbac0c02c60d4f19f4300d832.zip", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } @@ -53,15 +53,15 @@ } } }, - "7ee709fdaf72d4a95dabe6f431ed4176b1dbcb78127986bf956f0ed8cad04779": { + "0f19e51d1e47290d7a33e0b67405e4722942dee4b92b9d29425fccf0d99017c3": { "source": { - "path": "asset.7ee709fdaf72d4a95dabe6f431ed4176b1dbcb78127986bf956f0ed8cad04779", + "path": "asset.0f19e51d1e47290d7a33e0b67405e4722942dee4b92b9d29425fccf0d99017c3", "packaging": "zip" }, "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "7ee709fdaf72d4a95dabe6f431ed4176b1dbcb78127986bf956f0ed8cad04779.zip", + "objectKey": "0f19e51d1e47290d7a33e0b67405e4722942dee4b92b9d29425fccf0d99017c3.zip", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } @@ -118,7 +118,7 @@ } } }, - "01f7a717a95eec3eff0cfeaaf9148889a50eccdc02d44fed2434c766959f9dca": { + "9d0346ca56ef0830ce154713a78d870b493d752d7a27dd6aaf5fb97a28f9452d": { "source": { "path": "awscdkeksclusteralbcontrollertestawscdkawseksClusterResourceProvider5DBBAFBB.nested.template.json", "packaging": "file" @@ -126,12 +126,12 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "01f7a717a95eec3eff0cfeaaf9148889a50eccdc02d44fed2434c766959f9dca.json", + "objectKey": "9d0346ca56ef0830ce154713a78d870b493d752d7a27dd6aaf5fb97a28f9452d.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } }, - "3c364d391f151eee1816d80713eb687a1d2894a12246a3d8fdc82d0e6d53895c": { + "ac0d7f3f3fc435a68f41ae3f51b765e80b83d02a1a6c6fe850dd4e00c45f5629": { "source": { "path": "awscdkeksclusteralbcontrollertestawscdkawseksKubectlProviderA1AC28D1.nested.template.json", "packaging": "file" @@ -139,12 +139,12 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "3c364d391f151eee1816d80713eb687a1d2894a12246a3d8fdc82d0e6d53895c.json", + "objectKey": "ac0d7f3f3fc435a68f41ae3f51b765e80b83d02a1a6c6fe850dd4e00c45f5629.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } }, - "d414b05e241fc7469c27b49287dd0a5dfaaced983c2e6f118ad109a28f0e1d5e": { + "52199953735e9aa47b49e21673f58bee3c7ed612d8048603207149b1256e0899": { "source": { "path": "aws-cdk-eks-cluster-alb-controller-test.template.json", "packaging": "file" @@ -152,7 +152,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "d414b05e241fc7469c27b49287dd0a5dfaaced983c2e6f118ad109a28f0e1d5e.json", + "objectKey": "52199953735e9aa47b49e21673f58bee3c7ed612d8048603207149b1256e0899.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/aws-cdk-eks-cluster-alb-controller-test.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/aws-cdk-eks-cluster-alb-controller-test.template.json index 1b2e761596a51..f98962106a499 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/aws-cdk-eks-cluster-alb-controller-test.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/aws-cdk-eks-cluster-alb-controller-test.template.json @@ -1055,7 +1055,7 @@ { "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" }, - "/01f7a717a95eec3eff0cfeaaf9148889a50eccdc02d44fed2434c766959f9dca.json" + "/9d0346ca56ef0830ce154713a78d870b493d752d7a27dd6aaf5fb97a28f9452d.json" ] ] } @@ -1105,7 +1105,7 @@ { "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" }, - "/3c364d391f151eee1816d80713eb687a1d2894a12246a3d8fdc82d0e6d53895c.json" + "/ac0d7f3f3fc435a68f41ae3f51b765e80b83d02a1a6c6fe850dd4e00c45f5629.json" ] ] } @@ -1289,7 +1289,18 @@ } }, "Effect": "Allow", - "Resource": "arn:aws:ec2:*:*:security-group/*" + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":ec2:*:*:security-group/*" + ] + ] + } }, { "Action": [ @@ -1303,7 +1314,18 @@ } }, "Effect": "Allow", - "Resource": "arn:aws:ec2:*:*:security-group/*" + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":ec2:*:*:security-group/*" + ] + ] + } }, { "Action": [ @@ -1353,9 +1375,42 @@ }, "Effect": "Allow", "Resource": [ - "arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*/*", - "arn:aws:elasticloadbalancing:*:*:loadbalancer/net/*/*", - "arn:aws:elasticloadbalancing:*:*:targetgroup/*/*" + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":elasticloadbalancing:*:*:loadbalancer/app/*/*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":elasticloadbalancing:*:*:loadbalancer/net/*/*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":elasticloadbalancing:*:*:targetgroup/*/*" + ] + ] + } ] }, { @@ -1365,10 +1420,54 @@ ], "Effect": "Allow", "Resource": [ - "arn:aws:elasticloadbalancing:*:*:listener-rule/app/*/*/*", - "arn:aws:elasticloadbalancing:*:*:listener-rule/net/*/*/*", - "arn:aws:elasticloadbalancing:*:*:listener/app/*/*/*", - "arn:aws:elasticloadbalancing:*:*:listener/net/*/*/*" + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":elasticloadbalancing:*:*:listener-rule/app/*/*/*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":elasticloadbalancing:*:*:listener-rule/net/*/*/*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":elasticloadbalancing:*:*:listener/app/*/*/*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":elasticloadbalancing:*:*:listener/net/*/*/*" + ] + ] + } ] }, { @@ -1386,9 +1485,42 @@ }, "Effect": "Allow", "Resource": [ - "arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*/*", - "arn:aws:elasticloadbalancing:*:*:loadbalancer/net/*/*", - "arn:aws:elasticloadbalancing:*:*:targetgroup/*/*" + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":elasticloadbalancing:*:*:loadbalancer/app/*/*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":elasticloadbalancing:*:*:loadbalancer/net/*/*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":elasticloadbalancing:*:*:targetgroup/*/*" + ] + ] + } ] }, { @@ -1397,7 +1529,18 @@ "elasticloadbalancing:RegisterTargets" ], "Effect": "Allow", - "Resource": "arn:aws:elasticloadbalancing:*:*:targetgroup/*/*" + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":elasticloadbalancing:*:*:targetgroup/*/*" + ] + ] + } } ], "Version": "2012-10-17" diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/awscdkeksclusteralbcontrollertestawscdkawseksClusterResourceProvider5DBBAFBB.nested.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/awscdkeksclusteralbcontrollertestawscdkawseksClusterResourceProvider5DBBAFBB.nested.template.json index 03fbb91faf0b9..208827aa8f31d 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/awscdkeksclusteralbcontrollertestawscdkawseksClusterResourceProvider5DBBAFBB.nested.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/awscdkeksclusteralbcontrollertestawscdkawseksClusterResourceProvider5DBBAFBB.nested.template.json @@ -50,7 +50,7 @@ "S3Bucket": { "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" }, - "S3Key": "b8426d60bacb99593213adedd37997b7d83efb99683ef98c85e692a82056e829.zip" + "S3Key": "9efb96d8186dd343e3f84c72cfbcaaf16aa5579bbac0c02c60d4f19f4300d832.zip" }, "Description": "onEvent handler for EKS cluster resource provider", "Environment": { @@ -115,7 +115,7 @@ "S3Bucket": { "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" }, - "S3Key": "b8426d60bacb99593213adedd37997b7d83efb99683ef98c85e692a82056e829.zip" + "S3Key": "9efb96d8186dd343e3f84c72cfbcaaf16aa5579bbac0c02c60d4f19f4300d832.zip" }, "Description": "isComplete handler for EKS cluster resource provider", "Environment": { diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/awscdkeksclusteralbcontrollertestawscdkawseksKubectlProviderA1AC28D1.nested.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/awscdkeksclusteralbcontrollertestawscdkawseksKubectlProviderA1AC28D1.nested.template.json index 80c4b1f4eae97..3982e2c7a1205 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/awscdkeksclusteralbcontrollertestawscdkawseksKubectlProviderA1AC28D1.nested.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/awscdkeksclusteralbcontrollertestawscdkawseksKubectlProviderA1AC28D1.nested.template.json @@ -7,7 +7,7 @@ "S3Bucket": { "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" }, - "S3Key": "7ee709fdaf72d4a95dabe6f431ed4176b1dbcb78127986bf956f0ed8cad04779.zip" + "S3Key": "0f19e51d1e47290d7a33e0b67405e4722942dee4b92b9d29425fccf0d99017c3.zip" }, "Description": "onEvent handler for EKS kubectl resource provider", "Handler": "index.handler", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/manifest.json index 704a4d4591dfc..06bdc125a08df 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/manifest.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/manifest.json @@ -18,7 +18,7 @@ "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/d414b05e241fc7469c27b49287dd0a5dfaaced983c2e6f118ad109a28f0e1d5e.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/52199953735e9aa47b49e21673f58bee3c7ed612d8048603207149b1256e0899.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/tree.json b/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/tree.json index 411ba797b901d..d9b5c2b7df5fb 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/tree.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/tree.json @@ -1563,7 +1563,7 @@ "s3Bucket": { "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" }, - "s3Key": "b8426d60bacb99593213adedd37997b7d83efb99683ef98c85e692a82056e829.zip" + "s3Key": "9efb96d8186dd343e3f84c72cfbcaaf16aa5579bbac0c02c60d4f19f4300d832.zip" }, "description": "onEvent handler for EKS cluster resource provider", "environment": { @@ -1695,7 +1695,7 @@ "s3Bucket": { "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" }, - "s3Key": "b8426d60bacb99593213adedd37997b7d83efb99683ef98c85e692a82056e829.zip" + "s3Key": "9efb96d8186dd343e3f84c72cfbcaaf16aa5579bbac0c02c60d4f19f4300d832.zip" }, "description": "isComplete handler for EKS cluster resource provider", "environment": { @@ -2601,7 +2601,7 @@ { "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" }, - "/01f7a717a95eec3eff0cfeaaf9148889a50eccdc02d44fed2434c766959f9dca.json" + "/9d0346ca56ef0830ce154713a78d870b493d752d7a27dd6aaf5fb97a28f9452d.json" ] ] } @@ -2662,7 +2662,7 @@ "s3Bucket": { "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" }, - "s3Key": "7ee709fdaf72d4a95dabe6f431ed4176b1dbcb78127986bf956f0ed8cad04779.zip" + "s3Key": "0f19e51d1e47290d7a33e0b67405e4722942dee4b92b9d29425fccf0d99017c3.zip" }, "description": "onEvent handler for EKS kubectl resource provider", "handler": "index.handler", @@ -3112,7 +3112,7 @@ { "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" }, - "/3c364d391f151eee1816d80713eb687a1d2894a12246a3d8fdc82d0e6d53895c.json" + "/ac0d7f3f3fc435a68f41ae3f51b765e80b83d02a1a6c6fe850dd4e00c45f5629.json" ] ] } @@ -3303,7 +3303,18 @@ } }, "Effect": "Allow", - "Resource": "arn:aws:ec2:*:*:security-group/*" + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":ec2:*:*:security-group/*" + ] + ] + } }, { "Action": [ @@ -3317,7 +3328,18 @@ } }, "Effect": "Allow", - "Resource": "arn:aws:ec2:*:*:security-group/*" + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":ec2:*:*:security-group/*" + ] + ] + } }, { "Action": [ @@ -3367,9 +3389,42 @@ }, "Effect": "Allow", "Resource": [ - "arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*/*", - "arn:aws:elasticloadbalancing:*:*:loadbalancer/net/*/*", - "arn:aws:elasticloadbalancing:*:*:targetgroup/*/*" + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":elasticloadbalancing:*:*:loadbalancer/app/*/*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":elasticloadbalancing:*:*:loadbalancer/net/*/*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":elasticloadbalancing:*:*:targetgroup/*/*" + ] + ] + } ] }, { @@ -3379,10 +3434,54 @@ ], "Effect": "Allow", "Resource": [ - "arn:aws:elasticloadbalancing:*:*:listener-rule/app/*/*/*", - "arn:aws:elasticloadbalancing:*:*:listener-rule/net/*/*/*", - "arn:aws:elasticloadbalancing:*:*:listener/app/*/*/*", - "arn:aws:elasticloadbalancing:*:*:listener/net/*/*/*" + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":elasticloadbalancing:*:*:listener-rule/app/*/*/*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":elasticloadbalancing:*:*:listener-rule/net/*/*/*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":elasticloadbalancing:*:*:listener/app/*/*/*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":elasticloadbalancing:*:*:listener/net/*/*/*" + ] + ] + } ] }, { @@ -3400,9 +3499,42 @@ }, "Effect": "Allow", "Resource": [ - "arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*/*", - "arn:aws:elasticloadbalancing:*:*:loadbalancer/net/*/*", - "arn:aws:elasticloadbalancing:*:*:targetgroup/*/*" + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":elasticloadbalancing:*:*:loadbalancer/app/*/*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":elasticloadbalancing:*:*:loadbalancer/net/*/*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":elasticloadbalancing:*:*:targetgroup/*/*" + ] + ] + } ] }, { @@ -3411,7 +3543,18 @@ "elasticloadbalancing:RegisterTargets" ], "Effect": "Allow", - "Resource": "arn:aws:elasticloadbalancing:*:*:targetgroup/*/*" + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":elasticloadbalancing:*:*:targetgroup/*/*" + ] + ] + } } ], "Version": "2012-10-17" From cca7630f3dbbfa76204e7ea79957d04262ca9e7d Mon Sep 17 00:00:00 2001 From: Sumu Date: Tue, 17 Oct 2023 16:36:29 -0400 Subject: [PATCH 3/3] update snapshots for integ.eks-inference.js test Signed-off-by: Sumu --- ...cdk-eks-cluster-inference-test.assets.json | 4 +- ...k-eks-cluster-inference-test.template.json | 169 ++++++++++++++++-- .../manifest.json | 2 +- .../integ.eks-inference.js.snapshot/tree.json | 169 ++++++++++++++++-- 4 files changed, 315 insertions(+), 29 deletions(-) diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-inference.js.snapshot/aws-cdk-eks-cluster-inference-test.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-inference.js.snapshot/aws-cdk-eks-cluster-inference-test.assets.json index 69fabc5111bb5..288e970c67953 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-inference.js.snapshot/aws-cdk-eks-cluster-inference-test.assets.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-inference.js.snapshot/aws-cdk-eks-cluster-inference-test.assets.json @@ -131,7 +131,7 @@ } } }, - "5e1c74336659461029f179b5637738c474e81cf42316c86d535418bee085357c": { + "9318a0207c046764ae3958cc1da60e297167447b1c46899210ba387fc38f60e0": { "source": { "path": "aws-cdk-eks-cluster-inference-test.template.json", "packaging": "file" @@ -139,7 +139,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "5e1c74336659461029f179b5637738c474e81cf42316c86d535418bee085357c.json", + "objectKey": "9318a0207c046764ae3958cc1da60e297167447b1c46899210ba387fc38f60e0.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-inference.js.snapshot/aws-cdk-eks-cluster-inference-test.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-inference.js.snapshot/aws-cdk-eks-cluster-inference-test.template.json index c30efc17f237d..f1bd51db99510 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-inference.js.snapshot/aws-cdk-eks-cluster-inference-test.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-inference.js.snapshot/aws-cdk-eks-cluster-inference-test.template.json @@ -2394,7 +2394,18 @@ } }, "Effect": "Allow", - "Resource": "arn:aws:ec2:*:*:security-group/*" + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":ec2:*:*:security-group/*" + ] + ] + } }, { "Action": [ @@ -2408,7 +2419,18 @@ } }, "Effect": "Allow", - "Resource": "arn:aws:ec2:*:*:security-group/*" + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":ec2:*:*:security-group/*" + ] + ] + } }, { "Action": [ @@ -2458,9 +2480,42 @@ }, "Effect": "Allow", "Resource": [ - "arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*/*", - "arn:aws:elasticloadbalancing:*:*:loadbalancer/net/*/*", - "arn:aws:elasticloadbalancing:*:*:targetgroup/*/*" + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":elasticloadbalancing:*:*:loadbalancer/app/*/*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":elasticloadbalancing:*:*:loadbalancer/net/*/*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":elasticloadbalancing:*:*:targetgroup/*/*" + ] + ] + } ] }, { @@ -2470,10 +2525,54 @@ ], "Effect": "Allow", "Resource": [ - "arn:aws:elasticloadbalancing:*:*:listener-rule/app/*/*/*", - "arn:aws:elasticloadbalancing:*:*:listener-rule/net/*/*/*", - "arn:aws:elasticloadbalancing:*:*:listener/app/*/*/*", - "arn:aws:elasticloadbalancing:*:*:listener/net/*/*/*" + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":elasticloadbalancing:*:*:listener-rule/app/*/*/*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":elasticloadbalancing:*:*:listener-rule/net/*/*/*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":elasticloadbalancing:*:*:listener/app/*/*/*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":elasticloadbalancing:*:*:listener/net/*/*/*" + ] + ] + } ] }, { @@ -2491,9 +2590,42 @@ }, "Effect": "Allow", "Resource": [ - "arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*/*", - "arn:aws:elasticloadbalancing:*:*:loadbalancer/net/*/*", - "arn:aws:elasticloadbalancing:*:*:targetgroup/*/*" + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":elasticloadbalancing:*:*:loadbalancer/app/*/*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":elasticloadbalancing:*:*:loadbalancer/net/*/*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":elasticloadbalancing:*:*:targetgroup/*/*" + ] + ] + } ] }, { @@ -2502,7 +2634,18 @@ "elasticloadbalancing:RegisterTargets" ], "Effect": "Allow", - "Resource": "arn:aws:elasticloadbalancing:*:*:targetgroup/*/*" + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":elasticloadbalancing:*:*:targetgroup/*/*" + ] + ] + } } ], "Version": "2012-10-17" diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-inference.js.snapshot/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-inference.js.snapshot/manifest.json index d7a75b4094b0b..f91e45f8e7727 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-inference.js.snapshot/manifest.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-inference.js.snapshot/manifest.json @@ -18,7 +18,7 @@ "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/5e1c74336659461029f179b5637738c474e81cf42316c86d535418bee085357c.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/9318a0207c046764ae3958cc1da60e297167447b1c46899210ba387fc38f60e0.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-inference.js.snapshot/tree.json b/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-inference.js.snapshot/tree.json index ec59ab314b370..fa6a78967cfd8 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-inference.js.snapshot/tree.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-inference.js.snapshot/tree.json @@ -4741,7 +4741,18 @@ } }, "Effect": "Allow", - "Resource": "arn:aws:ec2:*:*:security-group/*" + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":ec2:*:*:security-group/*" + ] + ] + } }, { "Action": [ @@ -4755,7 +4766,18 @@ } }, "Effect": "Allow", - "Resource": "arn:aws:ec2:*:*:security-group/*" + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":ec2:*:*:security-group/*" + ] + ] + } }, { "Action": [ @@ -4805,9 +4827,42 @@ }, "Effect": "Allow", "Resource": [ - "arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*/*", - "arn:aws:elasticloadbalancing:*:*:loadbalancer/net/*/*", - "arn:aws:elasticloadbalancing:*:*:targetgroup/*/*" + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":elasticloadbalancing:*:*:loadbalancer/app/*/*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":elasticloadbalancing:*:*:loadbalancer/net/*/*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":elasticloadbalancing:*:*:targetgroup/*/*" + ] + ] + } ] }, { @@ -4817,10 +4872,54 @@ ], "Effect": "Allow", "Resource": [ - "arn:aws:elasticloadbalancing:*:*:listener-rule/app/*/*/*", - "arn:aws:elasticloadbalancing:*:*:listener-rule/net/*/*/*", - "arn:aws:elasticloadbalancing:*:*:listener/app/*/*/*", - "arn:aws:elasticloadbalancing:*:*:listener/net/*/*/*" + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":elasticloadbalancing:*:*:listener-rule/app/*/*/*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":elasticloadbalancing:*:*:listener-rule/net/*/*/*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":elasticloadbalancing:*:*:listener/app/*/*/*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":elasticloadbalancing:*:*:listener/net/*/*/*" + ] + ] + } ] }, { @@ -4838,9 +4937,42 @@ }, "Effect": "Allow", "Resource": [ - "arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*/*", - "arn:aws:elasticloadbalancing:*:*:loadbalancer/net/*/*", - "arn:aws:elasticloadbalancing:*:*:targetgroup/*/*" + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":elasticloadbalancing:*:*:loadbalancer/app/*/*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":elasticloadbalancing:*:*:loadbalancer/net/*/*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":elasticloadbalancing:*:*:targetgroup/*/*" + ] + ] + } ] }, { @@ -4849,7 +4981,18 @@ "elasticloadbalancing:RegisterTargets" ], "Effect": "Allow", - "Resource": "arn:aws:elasticloadbalancing:*:*:targetgroup/*/*" + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":elasticloadbalancing:*:*:targetgroup/*/*" + ] + ] + } } ], "Version": "2012-10-17"