Merge #16
Merged
Merge #16
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
change `fooBoo`'s type from `string` to `string[]`. `fooBoo` is string array in this example. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
In order to make migrating from hyper-modular CDK to Mono-CDK easier, align the .NET and Java base namespace/package to match the ones set on the `@aws-cdk/core` library, as those types will be hoisted to the root of the Mono-CDK packaging. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
MonoCDK was previously using a special packaging process, but this was changed to use the standard packaging process used by any other CDK library. It is thus no longer necessary to apply those exceptions which risk making the build slower. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Bumps [ts-jest](https://github.com/kulshekhar/ts-jest) from 26.0.0 to 26.1.0. - [Release notes](https://github.com/kulshekhar/ts-jest/releases) - [Changelog](https://github.com/kulshekhar/ts-jest/blob/master/CHANGELOG.md) - [Commits](kulshekhar/ts-jest@v26.0.0...v26.1.0) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
The example of EFS doc is using older naming of EFS L2 API, which can not be compiled any more. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Elastic Load Balancer's ApplicationListener.addAction does not pass on conditions array to ApplicationListenerRule. This PR adds a line that passes on the conditions in the addAction function. fixes #8328 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
The conventional CDK name for properties that hold KMS Keys is 'encryptionKey', not 'kmsKey' (we don't use the service name as part of the class or property name). BREAKING CHANGE: DatabaseClusterProps.kmsKey has been renamed to storageEncryptionKey * **rds**: DatabaseInstanceNewProps.performanceInsightKmsKey has been renamed to performanceInsightEncryptionKey * **rds**: DatabaseInstanceSourceProps.secretKmsKey has been renamed to masterUserPasswordEncryptionKey * **rds**: DatabaseInstanceProps.kmsKey has been renamed to storageEncryptionKey * **rds**: DatabaseInstanceReadReplicaProps.kmsKey has been renamed to storageEncryptionKey * **rds**: Login.kmsKey has been renamed to encryptionKey ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Fixes #6669 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…rmissions (#8409) `Secret.grantRead()` now gives permission for `secretmanager:DescribeSecret` and `secretmanager:GetSecretValue`, instead of only `secretmanager:GetSecretValue`. Fixes #6444 Fixes #7953 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
No new tests or expectations added. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
For security purposes, we decided that it would be lower risk to assume a different role when we publish S3 assets and when we publish ECR assets. The reason is that ECR publishers execute `docker build` which can potentially execute 3rd party code (via a base docker image). This change modifies the conventional name for the publishing roles as well as adds a set of properties to the `DefaultStackSynthesizer` to allow customization as needed. This is a resubmission of #8319. That one was failing backwards regression tests... and for good reason! However in this case, the regression was intended (and deemed acceptable since we haven't officially "released" the feature we're breaking yet). Unfortunately the mechanism to skip integration tests during the regression tests has been broken recently, so had to be reintroduced here. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Adds recognition of tokens for all validations that validate the content in some form. fixes #8314 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
The PR #8403 changed the "IAM stack" to use the default environment and forgot to update the expected output (which now does not contain a token for the URL suffix).
Stages are self-contained application units that synthesize as a cloud assembly. This change centralizes prepare + synthesis logic into the stage level and changes `App` to extend `Stage`. Once `stage.synth()` is called, the stage becomes (practically) immutable. This means that subsequent synths will return the same output. The cloud assembly produced by stages is nested as an artifact inside another cloud assembly (either the App's top-level assembly) or a child. Authors: @rix0rrr, @eladb ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Bumps [aws-sdk](https://github.com/aws/aws-sdk-js) from 2.689.0 to 2.691.0. - [Release notes](https://github.com/aws/aws-sdk-js/releases) - [Changelog](https://github.com/aws/aws-sdk-js/blob/master/CHANGELOG.md) - [Commits](aws/aws-sdk-js@v2.689.0...v2.691.0) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
…ks (#8206) Path parameters in API Gateway allows for paths to contain the resource id, such as `/pets/{petId}/comments/{commentId}`. When generating the ARN for a Method to this Resource, the path parameters should be placed with asterisks, such as `/pets/*/comments/*`. fixes #8036 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Was missing arguments to `addTargets()`. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
I've taken the liberty to implement a preview, refer to #7752 Any feedback is welcome! BREAKING CHANGE: `requiredAttributes` on `UserPool` construct is now replaced with `standardAttributes` with a slightly modified signature. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
The permissions required to clean up old DynamoDB Global Tables replicas were set up in such a way that removing a replication region, or dropping replication entirely (or when causing a table replacement), they were removed before CloudFormation gets to the `CLEAN_UP` phase, causing a clean up failure (and old tables would remain there). This changes the way permissions are granted to the replication handler resource so that they are added using a separate `iam.Policy` resource, so that deleted permissions are also removed during the `CLEAN_UP` phase after the resources depending on them have been deleted. The tradeoff is that two additional resources are added to the stack that defines the DynamoDB Global Tables, where previously those permissions were mastered in the nested stack that holds the replication handler. Unofrtunately, the nested stack gets it's `CLEAN_UP` phase executed as part of the nested stack resource update, not during it's parent stack's `CLEAN_UP` phase. Fixes #7189 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Both the aws-s3-deployment and aws-codepipeline-actions CacheControl class uses "s-max-age" instead of the correct "s-maxage". This change fixes to the correct header value. fixes #6292 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Packages that are not containers of L1 libraries (`Cfn~` classes) have no point in having a `cfn2ts` script registered. This causes problems when trying to generate L1s across the whole repository using `lerna run cfn2ts`. This adds a `pkglint` rule that mandates the `cfn2ts` script is only present when the related other metadata is also required to be present. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 10.17.21 to 10.17.25. - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
In order to write better assertions on complex resource structs that
only test what we're interested in (and not properties that may
accidentally change as part of unrelated refactors), add more powerful
matchers that can express things like:
- `objectLike()`
- `arrayWith()`
- `stringContaining()` (not implemented by default but easy to add now)
We can now write:
```ts
expect(stack).toHaveResourceLike('AWS::S3::BucketPolicy', {
PolicyDocument: {
Statement: arrayWith(objectLike({
Action: arrayWith('s3:GetObject*', 's3:GetBucket*', 's3:List*'),
Principal: {
AWS: {
'Fn::Sub': stringContaining('-deploy-role-')
}
}
}))
}
});
```
And be invariant to things like the order of elements in the arrays,
and default role name qualifiers.
Refactor the old assertions to be epxressed in terms of the new
matchers.
NOTE: Matchers are now functions, which won't translate into
jsii in the future. It will be easy enough to make them single-method
objects in the future when we move this library (or a similar
one to jsii). For now, I did not want to let that impact the design.
----
*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
When a Fargate Profile is added to the cluster, we need to make sure the aws-auth config map is updated from within the CDK app. EKS will do that behind the scenes if it's not done manually, but this means that it would be an out-of-band update of the config map and will be overridden by the CDK if the config map is updated manually. Fixes #7981 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Improve the reliability of `@monocdk-experiment/rewrite-imports` by making it use the TypeScript compiler to locate import statements that need re-writing, and performing the relevant surgery on the source code based on the findings. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Get the last 64 chars of the `uniqueId`. See #7885 (comment). Closes #7885 Closes #8442 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
---- AutoScalingGroup [notificationconfigurations](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-as-group.html#cfn-as-group-notificationconfigurations) property allows configuring autoscaling to send notifications about fleet scaling events to one or more SNS topics. The current AutoScalingGroup API expose a `notificationsTopic` property which only allows configuring a single topic, and does not allows configuring which events will trigger a notification but instead configures all notifications, which can be rather noisy. This PR deprecates the `notificationsTopic` property and introduce a `notifications` property which allows configuring multiple `NotificationConfiguration`, each with is own SNS topic and a custom list of events which will trigger a notification. closes #8053 *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Adds a DependsOn Fargate profile resources when more than one Fargate profiles exists on the same cluster. fixes #6084 ---- Tested via: ```ts const vpc = new Vpc(this, 'VPC', {maxAzs: 2}); const cluster = new FargateCluster(this, 'Cluster', { clusterName: 'my-app', mastersRole: new Role(this, 'ClusterAdminRole', { assumedBy: new AccountRootPrincipal()} ), vpc, }); const profile1 = cluster.addFargateProfile('MyCustomFargateProfile1', { fargateProfileName: 'my-app', selectors: [ {namespace: 'my-app'} ], vpc }); const profile2 = cluster.addFargateProfile('MyCustomFargateProfile2', { fargateProfileName: 'my-app2', selectors: [ {namespace: 'my-app2'} ], vpc }); ``` ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
chore: mergify team update and stale review rule update
…#8317) This PR will have the EKS Cluster construct expose [**ClusterSecurityGroupId**](https://docs.aws.amazon.com/eks/latest/APIReference/API_VpcConfigResponse.html#AmazonEKS-Type-VpcConfigResponse-clusterSecurityGroupId) (ID of Security group that was created by Amazon EKS for the cluster) and [**EncryptionConfigKeyArn**](https://docs.aws.amazon.com/eks/latest/APIReference/API_Provider.html#AmazonEKS-Type-Provider-keyArn) (ARN of the customer master key used in the encryption configuration for the cluster) attributes for both custom resource and native CloudFormation option. This also fixes #8276 in the following way: if a custom resource returns an attribute with an "undefined" value, CFN will fail with a "vendor response doesn't contain key" error. To avoid this, we return empty strings in case an attribute is undefined. This is also true for when adding new attributes, in which case updating to the new version will fail on previously deployed clusters with the same error. To mitigate this (and fix #8276 along the way), we add a fake property called "AttributesRevision" with a number that needs to be manually incremented every time new attributes are introduced. This will cause old clusters to be updated and the new attributes returned. Closes #8236 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Bumps [nyc](https://github.com/istanbuljs/nyc) from 15.0.1 to 15.1.0. - [Release notes](https://github.com/istanbuljs/nyc/releases) - [Changelog](https://github.com/istanbuljs/nyc/blob/master/CHANGELOG.md) - [Commits](istanbuljs/nyc@v15.0.1...v15.1.0) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
Bumps [lerna](https://github.com/lerna/lerna/tree/HEAD/core/lerna) from 3.22.0 to 3.22.1. - [Release notes](https://github.com/lerna/lerna/releases) - [Changelog](https://github.com/lerna/lerna/blob/master/core/lerna/CHANGELOG.md) - [Commits](https://github.com/lerna/lerna/commits/v3.22.1/core/lerna) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
The `os.tmpdir()` built-in doesn't return the real path when the returned path is a symlink. Add a `FileSystem.tmpdir` that wraps `os.tmpdir()` in a `fs.realpathSync()` and caches the result. Add a `FileSystem.mkdtemp()` to create temp directories in the system temp directory. Fixes #8465 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
### Commit Message feat(appsync): enhances and completes auth config - Enhances auth config system with strongly-typed interfaces. - Adds support for `AWS_IAM` and `OPENID_CONNECT` authorization. - Fixes issue with `API_KEY` default authorization which caused CDK to not create new API Key upon not finding `apiKeyDesc` (the intended behavior was creation of new API key when no auth config was present). BREAKING CHANGE: Changes way of auth config even for existing supported methods viz., User Pools and API Key. ### End Commit Message ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Adding @aws-solutions-constructs to the list of WHITELIST_SCOPES for Metadata version reporting, due to the name change of AWS Solutions Konstruk to AWS Solutions Constructs ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
This creates an additional option called `timeout` that will be passed down whenever deploying helm chart to an EKS cluster. In order to allow the timeout parameter to work while performing helm commands, the provider framework has to honor the maximum timeout of 15 minutes from target process (lambda in this case). closes #8215 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
In order to support environments in which docker cannot be executed or has a unique location, we added an environment variable `CDK_DOCKER` which is used instead of `docker` if defined. Resolves #8460 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Get `uid` and `gid` of current user and pass it to `docker run` to avoid running the container as `root`. On Windows, use `1000:1000` as default. Add `user` to `BundlingOptions`. Fixes #8489 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Gives users the option to choose between detailed and basic monitoring. Defaults to detailed when not specified, maintaining current behavior. Fixes #8212 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
) Added some infos regarding how to put credentials into gitpod as persisting environment variables. Setting up the CDK dev environment is pretty tough compared to other OSS projects no matter which way you go. Every infos making it easier should be made available. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
) Otherwise, the build fails in some environments (for example, Gitpod) with the error: ERROR: Can not combine '--user' and '--prefix' as they imply different installation locations Fixes #8102 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license