diff --git a/allowed-breaking-changes.txt b/allowed-breaking-changes.txt index 9e6a6a73b521a..a0ea6f3e517b4 100644 --- a/allowed-breaking-changes.txt +++ b/allowed-breaking-changes.txt @@ -966,6 +966,3 @@ removed:aws-cdk-lib.lambda_layer_kubectl.KubectlLayer # Fixing the JsonSchema interface to be consistent with JSON Schema spec changed-type:aws-cdk-lib.aws_apigateway.JsonSchema.additionalItems strengthened:aws-cdk-lib.aws_apigateway.JsonSchema - -# Revert a failing change -strengthened:aws-cdk-lib.aws_stepfunctions.StateMachineProps diff --git a/package.json b/package.json index 615503b11a4eb..d6ef88c2e2a1f 100644 --- a/package.json +++ b/package.json @@ -26,9 +26,9 @@ "fs-extra": "^9.1.0", "graceful-fs": "^4.2.11", "jest-junit": "^13.2.0", - "jsii-diff": "1.116.0", - "jsii-pacmak": "1.116.0", - "jsii-reflect": "1.116.0", + "jsii-diff": "1.118.0", + "jsii-pacmak": "1.118.0", + "jsii-reflect": "1.118.0", "lerna": "^8.2.4", "nx": "^20", "semver": "^7.7.2", diff --git a/packages/aws-cdk-lib/aws-stepfunctions/lib/state-machine.ts b/packages/aws-cdk-lib/aws-stepfunctions/lib/state-machine.ts index 86ad7dde6bec6..5f6dd860b2626 100644 --- a/packages/aws-cdk-lib/aws-stepfunctions/lib/state-machine.ts +++ b/packages/aws-cdk-lib/aws-stepfunctions/lib/state-machine.ts @@ -117,7 +117,7 @@ export interface StateMachineProps { * * @default A role is automatically created */ - readonly role?: iam.IRole; + readonly role?: iam.IRoleRef & iam.IGrantable; /** * Maximum run time for this state machine @@ -427,11 +427,6 @@ export class StateMachine extends StateMachineBase { */ public static readonly PROPERTY_INJECTION_ID: string = 'aws-cdk-lib.aws-stepfunctions.StateMachine'; - /** - * Execution role of this state machine - */ - public readonly role: iam.IRole; - /** * The name of the state machine * @attribute @@ -455,6 +450,11 @@ export class StateMachine extends StateMachineBase { */ public readonly stateMachineRevisionId: string; + /** + * Execution role of this state machine + */ + private readonly _role: iam.IRoleRef & iam.IGrantable; + constructor(scope: Construct, id: string, props: StateMachineProps) { super(scope, id, { physicalName: props.stateMachineName, @@ -476,7 +476,7 @@ export class StateMachine extends StateMachineBase { this.validateLogOptions(props.logs); } - this.role = props.role || new iam.Role(this, 'Role', { + this._role = props.role || new iam.Role(this, 'Role', { assumedBy: new iam.ServicePrincipal('states.amazonaws.com'), }); @@ -494,7 +494,7 @@ export class StateMachine extends StateMachineBase { } if (props.encryptionConfiguration instanceof CustomerManagedEncryptionConfiguration) { - this.role.addToPrincipalPolicy(new iam.PolicyStatement({ + this._role.grantPrincipal.addToPrincipalPolicy(new iam.PolicyStatement({ effect: iam.Effect.ALLOW, actions: [ 'kms:Decrypt', 'kms:GenerateDataKey', @@ -513,7 +513,7 @@ export class StateMachine extends StateMachineBase { })); if (props.logs && props.logs.level !== LogLevel.OFF) { - this.role.addToPrincipalPolicy(new iam.PolicyStatement({ + this._role.grantPrincipal.addToPrincipalPolicy(new iam.PolicyStatement({ effect: iam.Effect.ALLOW, actions: [ 'kms:GenerateDataKey', @@ -540,10 +540,10 @@ export class StateMachine extends StateMachineBase { const resource = new CfnStateMachine(this, 'Resource', { stateMachineName: this.physicalName, stateMachineType: props.stateMachineType ?? undefined, - roleArn: this.role.roleArn, + roleArn: this._role.roleRef.roleArn, loggingConfiguration: props.logs ? this.buildLoggingConfiguration(props.logs) : undefined, tracingConfiguration: this.buildTracingConfiguration(props.tracingEnabled), - ...definitionBody.bind(this, this.role, props, graph), + ...definitionBody.bind(this, this._role.grantPrincipal, props, graph), definitionSubstitutions: props.definitionSubstitutions, encryptionConfiguration: buildEncryptionConfiguration(props.encryptionConfiguration), }); @@ -569,7 +569,19 @@ export class StateMachine extends StateMachineBase { * The principal this state machine is running as */ public get grantPrincipal() { - return this.role.grantPrincipal; + return this._role.grantPrincipal; + } + + /** + * Execution role of this state machine + * + * Will throw if the Role object that was given does not implement IRole + */ + public get role(): iam.IRole { + if (!isIRole(this._role)) { + throw new ValidationError(`The role given to this StateMachine is not an IRole, but ${this._role.constructor.name}`, this); + } + return this._role; } /** @@ -577,7 +589,7 @@ export class StateMachine extends StateMachineBase { */ @MethodMetadata() public addToRolePolicy(statement: iam.PolicyStatement) { - this.role.addToPrincipalPolicy(statement); + this._role.grantPrincipal.addToPrincipalPolicy(statement); } private validateStateMachineName(stateMachineName: string) { @@ -846,3 +858,9 @@ export class ChainDefinitionBody extends DefinitionBody { }; } } + +function isIRole(x: iam.IRoleRef): x is iam.IRole { + const xx = x as iam.IRole; + return (!!xx.addManagedPolicy && !!xx.addToPrincipalPolicy && !!xx.assumeRoleAction && !!xx.attachInlinePolicy + && !!xx.grant && !!xx.policyFragment); +} diff --git a/packages/awslint/bin/awslint.ts b/packages/awslint/bin/awslint.ts index 2f6e71da6c532..639b4f85521fb 100644 --- a/packages/awslint/bin/awslint.ts +++ b/packages/awslint/bin/awslint.ts @@ -2,12 +2,15 @@ /* eslint-disable no-console */ import * as child_process from 'child_process'; import * as path from 'path'; +import { JsiiFeature } from '@jsii/spec'; import * as chalk from 'chalk'; import * as fs from 'fs-extra'; import * as reflect from 'jsii-reflect'; import * as yargs from 'yargs'; import { ALL_RULES_LINTER, DiagnosticLevel, RuleFilterSet } from '../lib'; +const FEATURES: JsiiFeature[] = ['intersection-types']; + let stackTrace = false; async function main() { @@ -247,7 +250,7 @@ main().catch(e => { async function loadModule(dir: string) { const ts = new reflect.TypeSystem(); - await ts.load(dir, { validate: false }); // Don't validate to save 66% of execution time (20s vs 1min). + await ts.load(dir, { validate: false, supportedFeatures: FEATURES }); // Don't validate to save 66% of execution time (20s vs 1min). // We run 'awslint' during build time, assemblies are guaranteed to be ok. // We won't load any more assemblies. Lock the typesystem to benefit from performance improvements. diff --git a/packages/awslint/lib/rules/api.ts b/packages/awslint/lib/rules/api.ts index 7eb98711bfbf2..6b7d857308f0f 100644 --- a/packages/awslint/lib/rules/api.ts +++ b/packages/awslint/lib/rules/api.ts @@ -139,6 +139,11 @@ apiLinter.add({ return; } + if (type.intersectionOfTypes) { + // Type intersections are okay + return; + } + throw new Error(`invalid type reference: ${type.toString()}`); } }, diff --git a/scripts/run-rosetta.sh b/scripts/run-rosetta.sh index d5d8c8b32a2b3..1b6d83d3f21d9 100755 --- a/scripts/run-rosetta.sh +++ b/scripts/run-rosetta.sh @@ -73,7 +73,7 @@ time $ROSETTA extract \ if $infuse; then echo "💎 Generating synthetic examples for the remainder" >&2 - time npx cdk-generate-synthetic-examples@^0.1.292 \ + time npx cdk-generate-synthetic-examples \ $(cat $jsii_pkgs_file) time $ROSETTA extract \ diff --git a/tools/@aws-cdk/cdk-build-tools/package.json b/tools/@aws-cdk/cdk-build-tools/package.json index 548ebd85c030f..59beeefda39aa 100644 --- a/tools/@aws-cdk/cdk-build-tools/package.json +++ b/tools/@aws-cdk/cdk-build-tools/package.json @@ -63,8 +63,8 @@ "jest-junit": "^13.2.0", "jsii": "~5.9.8", "jsii-rosetta": "~5.9.9", - "jsii-pacmak": "1.116.0", - "jsii-reflect": "1.116.0", + "jsii-pacmak": "1.118.0", + "jsii-reflect": "1.118.0", "markdownlint-cli": "^0.45.0", "nyc": "^15.1.0", "semver": "^7.7.2", diff --git a/yarn.lock b/yarn.lock index d40ef2a60ddf4..9ccfb5ba65617 100644 --- a/yarn.lock +++ b/yarn.lock @@ -3518,6 +3518,14 @@ chalk "^4.1.2" semver "^7.7.2" +"@jsii/check-node@1.118.0": + version "1.118.0" + resolved "https://registry.npmjs.org/@jsii/check-node/-/check-node-1.118.0.tgz#0be4fef43c7058764e3b4d146c6fbc80306de6bd" + integrity sha512-8IaXtUO6oq3Dmi9rxXqsBRnKxqbe0OARGt4tw46Li7kR5/GXE/DBGPKZ2rOvi2CekOh8b3VGBU+wd84RQciTAA== + dependencies: + chalk "^4.1.2" + semver "^7.7.2" + "@jsii/spec@1.114.1": version "1.114.1" resolved "https://registry.npmjs.org/@jsii/spec/-/spec-1.114.1.tgz#9c064d57f062d913bcfda25b5496bdf4c9c95c46" @@ -3539,6 +3547,13 @@ dependencies: ajv "^8.17.1" +"@jsii/spec@1.118.0": + version "1.118.0" + resolved "https://registry.npmjs.org/@jsii/spec/-/spec-1.118.0.tgz#66d6da3089e002ee3ee89dcc6e9d284a039acf94" + integrity sha512-aVe535/sN1EW88DYiEO3r0gqkKJ7ob0yfWC8+c1GVEayAecuvBjmwzzc7oDIIOthZ7PT3OBJ2xPqGqtbCyR3Uw== + dependencies: + ajv "^8.17.1" + "@lerna/create@8.2.4": version "8.2.4" resolved "https://registry.npmjs.org/@lerna/create/-/create-8.2.4.tgz#59a050f58681e9236db38cc5bcc6986ae79d1389" @@ -6654,10 +6669,10 @@ code-block-writer@^13.0.3: resolved "https://registry.npmjs.org/code-block-writer/-/code-block-writer-13.0.3.tgz#90f8a84763a5012da7af61319dd638655ae90b5b" integrity sha512-Oofo0pq3IKnsFtuHqSF7TqBfr71aeyZDVJ0HpmqB7FBM2qEigL0iPONSCZSO9pE9dZTAxANe5XHG9Uy0YMv8cg== -codemaker@^1.116.0: - version "1.116.0" - resolved "https://registry.npmjs.org/codemaker/-/codemaker-1.116.0.tgz#1fccbcb720f987ac3d21b0fb92ad6e749eedb6b3" - integrity sha512-o23BKz+Y0Yam/czEbe3UAXVqSY4HFKgUYTffx3YW6yPtAVSX0d50BgIU0RxCUGIWmFD9Go3tXqraRDpo7TxMLg== +codemaker@^1.118.0: + version "1.118.0" + resolved "https://registry.npmjs.org/codemaker/-/codemaker-1.118.0.tgz#2587611d167bdece0beff9f2748b2baae04c655b" + integrity sha512-d6ddG2oKNwkYBRJtsdEaKbJLBaxZJO0ImSG89wi6j5y549olTB3ERsqGGRZ47HlRuaVpkbOXnG/kb8I6ELxtMA== dependencies: camelcase "^6.3.0" decamelize "^5.0.1" @@ -10064,37 +10079,37 @@ jsesc@^3.0.2: resolved "https://registry.npmjs.org/jsesc/-/jsesc-3.1.0.tgz#74d335a234f67ed19907fdadfac7ccf9d409825d" integrity sha512-/sM3dO2FOzXjKQhJuo0Q173wf2KOo8t4I8vHy6lF9poUp7bKT0/NHE8fPX23PwfhnykfqnC2xRxOnVw5XuGIaA== -jsii-diff@1.116.0: - version "1.116.0" - resolved "https://registry.npmjs.org/jsii-diff/-/jsii-diff-1.116.0.tgz#0445d7492e42f7b27c7c7e08703181a3cbcca5cf" - integrity sha512-6t7MJe9gWo/vnkQrHNLlOdOO7ZRnqqGoC2uk8M1C2Gc/Yc8mBuyQhF9Fj0+hPmChURI5cqHsFatFce9P79fS0Q== +jsii-diff@1.118.0: + version "1.118.0" + resolved "https://registry.npmjs.org/jsii-diff/-/jsii-diff-1.118.0.tgz#d91be0448a29dc0aacca0b2350d20186dfb1243d" + integrity sha512-Po0jJU5ib3G7IZ411OZbILyTFcJ1veb1O1NK1OSg2iejquhEnViNhrZSwEgbCWIZyfu+BKTgrW7rG3KYgPgAhA== dependencies: - "@jsii/check-node" "1.116.0" - "@jsii/spec" "1.116.0" + "@jsii/check-node" "1.118.0" + "@jsii/spec" "1.118.0" fs-extra "^10.1.0" - jsii-reflect "^1.116.0" + jsii-reflect "^1.118.0" log4js "^6.9.1" yargs "^17.7.2" -jsii-pacmak@1.116.0: - version "1.116.0" - resolved "https://registry.npmjs.org/jsii-pacmak/-/jsii-pacmak-1.116.0.tgz#c94d0141d56dbd4f3e9c0d6a5234a9a72ab28215" - integrity sha512-X3UQouUnp05/CbtZzORrBIDQBb26ChX6Ms5q3dXxsJyk5/DEJaCkd6pAnU3wiya7Tsrd8K09mSiuseMzxFvs8Q== +jsii-pacmak@1.118.0: + version "1.118.0" + resolved "https://registry.npmjs.org/jsii-pacmak/-/jsii-pacmak-1.118.0.tgz#a4ad053535ffc4142a544c797272082e98289801" + integrity sha512-RY7l//WI8G3IN2u1R8S6rFDT2jcNwjiR3RWyWu6NtcPchn+V/8aqX+8j1PmyRGfop8qAKcPc0AL3rAx2OmcmAw== dependencies: - "@jsii/check-node" "1.116.0" - "@jsii/spec" "1.116.0" + "@jsii/check-node" "1.118.0" + "@jsii/spec" "1.118.0" clone "^2.1.2" - codemaker "^1.116.0" + codemaker "^1.118.0" commonmark "^0.31.2" escape-string-regexp "^4.0.0" fs-extra "^10.1.0" - jsii-reflect "^1.116.0" + jsii-reflect "^1.118.0" semver "^7.7.2" spdx-license-list "^6.10.0" xmlbuilder "^15.1.1" yargs "^17.7.2" -jsii-reflect@1.116.0, jsii-reflect@^1.116.0: +jsii-reflect@1.116.0: version "1.116.0" resolved "https://registry.npmjs.org/jsii-reflect/-/jsii-reflect-1.116.0.tgz#2dda056b311b9b7eed49ac27c45743f64f0057d7" integrity sha512-ZIHznFUMHQinqNLu48JibrnB0O0EeINCUgtkgV+SqEN7wsM1kxT3SBLHEbCQqPzB5ZsQzrdl9JW1vMi14/YqGA== @@ -10106,6 +10121,18 @@ jsii-reflect@1.116.0, jsii-reflect@^1.116.0: oo-ascii-tree "^1.116.0" yargs "^17.7.2" +jsii-reflect@1.118.0, jsii-reflect@^1.118.0: + version "1.118.0" + resolved "https://registry.npmjs.org/jsii-reflect/-/jsii-reflect-1.118.0.tgz#ff33ffba10090e5903dd9ddb2a5c6252c1fbf1c3" + integrity sha512-P3iASRGS8j87uT66MZ2jQvxPZRLdXBMoSEBECn3+krKCauaZntymXm/iQmWCgTnpt43cwz+eYkY1D3KA1sGjzA== + dependencies: + "@jsii/check-node" "1.118.0" + "@jsii/spec" "1.118.0" + chalk "^4" + fs-extra "^10.1.0" + oo-ascii-tree "^1.118.0" + yargs "^17.7.2" + jsii-reflect@^1.115.0: version "1.115.0" resolved "https://registry.npmjs.org/jsii-reflect/-/jsii-reflect-1.115.0.tgz#debe523fa2de0ba020d54d41a2f7b0e0bc8ef048" @@ -11752,6 +11779,11 @@ oo-ascii-tree@^1.116.0: resolved "https://registry.npmjs.org/oo-ascii-tree/-/oo-ascii-tree-1.116.0.tgz#2bd95d7de16b842289e01bd83e29f93ea463eaf5" integrity sha512-GI0n8coDIoZPywmZp5l2qPO1tqZxN40/tFPYBxWD2vpPeciKiB/nxZ7blDjp97ejxtmdkNouvAmtg4nCYgZihg== +oo-ascii-tree@^1.118.0: + version "1.118.0" + resolved "https://registry.npmjs.org/oo-ascii-tree/-/oo-ascii-tree-1.118.0.tgz#1d222c348358f96362c6b65f766f2af39a42bb9c" + integrity sha512-ATGzZ+AxeHuGdNlniQNn9xvaVDo8IfET84Xep0XS33KXr19EZum7VpzBuKtcfNM/NQ7uk1d4ePXMqyiHeA9Dxw== + open@^8.4.0: version "8.4.2" resolved "https://registry.npmjs.org/open/-/open-8.4.2.tgz#5b5ffe2a8f793dcd2aad73e550cb87b59cb084f9"