forked from aws/aws-cdk
-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[pull] master from aws:master #196
Merged
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
…onfig Latest spec update #7664 broke because the expectations are currently on the wrong file. Additionally we're missing the exclude from `.npmignore`
In CloudFormation, `{ Fn::GetAtt: [MyLogGroup, Arn] }` always returned the ARN with a `:*` appended, presumably so you could stick the returned value directly into an IAM policy and get the result you wanted (doing something to Log Groups usually entails doing something to the Log *Streams* inside them). The CDK construct did not do anything special, leading to imports done without a `:*` at the end having incorrect permissions. This change makes the behavior between imported and constructed Log Groups consistent. Fixes #7096.
Currently, we install the CLI in the integration tests by simply running `npm install aws-cdk`. We then make sure the version that gets installed is the version we have locally. This will fail immediately after the release of a new version, and before the merge back PR was merged with the following error: ```console | | ============================================================================================ | Expected CDK version: 1.36.0 | ============================================================================================ | Found CDK: /tmp/cdk-rundist/node_modules/.bin/cdk | Mismatched CDK version. Expected: 1.36.0, actual: 1.36.1 1.36.1 (build 4df7dac) ``` It happens because the verdaccio instance we have in the tests has an npm uplink configured, so the latest version as far as he is concerned is the latest published one, which doesn't match the version number we have locally since the merge back PR wasn't merged yet. This PR makes it so we always install the CLI version we want to test (i.e the local version).
Copy paste error. `local` cannot be used outside of a function.
See CHANGELOG
`MathExpression`s without submetrics (like for example, `INSIGHT_RULE_METRIC`) will end up without a `period`, which is not allowed. Add a `period` field to the schema (it's not in the upstream schema yet), and render it out when submetrics are missing. Fixes #7155.
A lot of our examples still used the TypeScript `import` = `require` style. This changes them to the standard ES6-style imports, which we now enforce in our code. Fixes #7554
This commit adds support for CodeBuild Artifacts to have names controlled by a buildspec file, allowing the use of shell scripting to sensibly name artifacts in CodeBuild projects generated from the CDK. The previosuly required field `name` in `S3ArtifactsProps` is now optional, and not providing it will set the `overrideArtifactName` on the underlying L1 to `true`. Fixes #5955
Bumps [jest](https://github.com/facebook/jest) from 25.5.2 to 25.5.3. - [Release notes](https://github.com/facebook/jest/releases) - [Changelog](https://github.com/facebook/jest/blob/master/CHANGELOG.md) - [Commits](jestjs/jest@v25.5.2...v25.5.3) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
Bumps [aws-sdk](https://github.com/aws/aws-sdk-js) from 2.666.0 to 2.667.0. - [Release notes](https://github.com/aws/aws-sdk-js/releases) - [Changelog](https://github.com/aws/aws-sdk-js/blob/master/CHANGELOG.md) - [Commits](aws/aws-sdk-js@v2.666.0...v2.667.0) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
- Currently `UserPool()` not support props of `signInType`. - We able to create authorization on AppSync without any props. Closes #7728
Two reasons: * The `CDK_HOME` variable wasn't being consistently honored. * Failing to write a cache file was a fatal error. Rectify both of these issues. Fixes #7530.
…dler * feat(lambda-nodejs): use docker instead of npm package for parcel-bundler * require version ^1 of parcel-bundler in Dockerfile Co-Authored-By: Jonathan Goldwasser <jogold@users.noreply.github.com> * update README: docker requirement * comment in Dockerfile, make node version a build ARG * add test for when docker not installed * add optional nodeDockerTag to props * Expose nodeDockerTag in NodejsFunctionProps and pass it to the Builder * cdk-build pre * chore(lambda-nodejs): remove dockerd pre directive * add missing closing parenthesis * fix linter errors * fix linter error * start docker daemon inside the container * Update buildspec.yaml * Fix docker location. * Update buildspec.yaml Co-authored-by: Jonathan Goldwasser <jogold@users.noreply.github.com> Co-authored-by: Elad Ben-Israel <benisrae@amazon.com> Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
According to the [document](https://docs.aws.amazon.com/eks/latest/userguide/eks-optimized-ami.html), the path should be /**aws/service/eks/optimized-ami/1.15/amazon-linux-2/recommended/image_id** Also fixes #6891
Fold the "assets" module, which includes the `Staging` construct that takes care of staging asset files into the cloud assembly during synthesis into "core". This is in order to allow implementing custom resources that leverage assets throughout the framework. NOTE: since interfaces in @aws-cdk/assets are used as based types for stable APIs, we are unable to fully deprecate this module within the codebase, so these types are left in tact and a compatibility layer was added. A subsequent commit will add a mini-framework for custom resources that leverages this capability.
When swallowing errors while writing the cache file, we should also gracefully handle a read-only file system error (`EROFS`).
Prior to April 16, 2020, `AmazonEKSServicePolicy` was required for EKS cluster IAM role. With the new `AWSServiceRoleForAmazonEKS` service-linked role, that policy is no longer required. This PR removes the `AmazonEKSServicePolicy` from the cluster role. Closes #7634
Bumps [aws-sdk](https://github.com/aws/aws-sdk-js) from 2.667.0 to 2.668.0. - [Release notes](https://github.com/aws/aws-sdk-js/releases) - [Changelog](https://github.com/aws/aws-sdk-js/blob/master/CHANGELOG.md) - [Commits](aws/aws-sdk-js@v2.667.0...v2.668.0) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
Users cannot go through our current contribution guide and successfully install the repo due to the `nock` dependency, which now needs a minimum of Node 10.13.0. Closes #7671
Bumps [jest](https://github.com/facebook/jest) from 25.5.3 to 25.5.4. - [Release notes](https://github.com/facebook/jest/releases) - [Changelog](https://github.com/facebook/jest/blob/master/CHANGELOG.md) - [Commits](jestjs/jest@v25.5.3...v25.5.4) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
Creating fargate profile without specifying `subnetSelection` will require extra iam policy to allow the iam role to describe subnets and route tables to select private subnets. This PR adds the required `ec2:DescribeRouteTables` for the cluster creation role. Closes #7614
Noticed this while massively updating integ test expectations for #7409. Seems like lots of expectation files were modified "by hand". Ensures cleaner diffs from now on. Methodology: * Comment out https://github.com/aws/aws-cdk/blob/d1b3b750cec3c514df6690e8baeffa7e9b260500/tools/cdk-integ-tools/bin/cdk-integ.ts#L38-L40 * `yarn lerna run integ --scope @aws-cdk/*`
Add a new imageScanOnPush property for the new repository creation. Fix #7471
Correctly handle the default for `prefix`. An empty string now maps to the domain root. Also add a `mapRoot` method. Closes #7590 BREAKING CHANGE: `mapSubDomain()` called with an empty string for `prefix` now maps to the domain root.
If an AppSync API is configured with the API key authorization mode, then export it so it can be consumed as a stack output. Signed-off-by: Duarte Nunes <duarte@uma.ni> Co-authored-by: Mitchell Valine <valinm@amazon.com>
Added 'kms:Decrypt' action to `grantSendMessages` Fixes: #6609
…8127) We did not have a test deploying an old-style synthesized stack to a new-style bootstrapping environment. Now we do. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Co-authored-by: AWS CDK Team <aws-cdk@amazon.com> Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
Motivation: Since the CLI leverages Node.js, it's a useful piece of information about the user's environment. It would be helpful in diagnosing and triaging issues. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Currently the `ServiceAccount`construct creates a role with no conditions to the trust relationship or assume role policy. Without this it is possible for other pods in the same namespace to assume the role. To tighten this security the conditions needs to be set. Documentation: https://docs.aws.amazon.com/eks/latest/userguide/create-service-account-iam-policy-and-role.html#create-service-account-iam-role - [x] Add condition to the policy document using a custom resource - [x] Add unit tests - [x] Add integration tests - [x] Adjust README and remove warning ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
fix(aws-eks): kubectlEnabled: false conflicts with addNodegroup This PR allows `cluster.addNodegroup()` when `kubectlEnabled` is `false` Closes: #7993 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…oles (#8041) ### Commit Message docs(lambda): document adding execution permissions to provided IAM roles If I am providing a Role for a Lambda function, it currently isn't given the basic execution permissions, so the function cannot log anything or, in the case of a VPC Lambda, it cannot create the network interfaces. The user has to add those permissions themselves, but it isn't clear from the documentation that that needs to happen. This commit adds documentation showing CDK users how to add the required permissions for execution. ### End Commit Message ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
added some missing tests for task, custom state, wait state ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…8143) replacement for the current implementation of `RunGlueJob` where service integration and state level properties are merged. Follows the new integration pattern. Notable differences from the `RunGlueJob` implementation: * `arguments` prop is now of type `sfn.TaskInput` Rationale: old implementation precluded using task input as the arguments directly. Added a test for this as well. Updated the README. Note that the other unit tests and integ test have been left verbatim. This is a light sanity test that expected templates have not changed. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
The Pass state supports JsonPath values in the `parameters` field to filter the state input and serve as input to the field. Added a method to render parameters which will generate the ASL JSON format if a path is used in a parameter. Closes #7181 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
We've been accumulating breaking change exceptions. Time to clear them out to make sure no future breakage accidentally slips through. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
….0 (#8135) Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 2.34.0 to 3.0.0. - [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases) - [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/master/packages/eslint-plugin/CHANGELOG.md) - [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v3.0.0/packages/eslint-plugin) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
Fixes one issue where the typechecker in 3.9 is stricter when matching type intersections. The particular issue was with a `string`-valued `enum` attempting to match against the `string` type. Added a better typed guard for this particular case fixed it. Additionally, the new incremental build support would cause certain `.json` files to not be `require`-able due to not being listed under `include` in the `tsconfig.json` file generated by `jsii`. Instead of copying the SDK metadata JSON document from the `aws-sdk` package, inlined the data in a `.generated.ts` module, which provides a cleaner type structure. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Fixing a number of small paper cuts in the CLI. Specifically: - When using `--cloudformation-execution-policies` or `--trust`, the positional argument that follows (typically an environment name) would be ignored, because of the way we configure yargs. Make it so that the options takes a single argument, and must be repeated for multiple arguments, making it a lot easier to use. - When a stack fails to create and is destroyed before being redeployed, the `deployStack()` routine would forget that the stack had been deleted and attempt to create a change set to update the stack, which would promptly fail. Remember we deleted the stack, so that we'll create a changeset to create a new one. - When a stack fails to create the first time, and the next deploy uses the same template, the "skip deploy" optimization we introduced to speed up deployment of stacks with nested stacks incorrectly skips the deployment. - Wrap the SDK objects, and when an AWS fails output information about the call that failed. Due to a lack of stack traces in NodeJS, it would otherwise be very hard to figure out where the error was happening. - Using the SDK wrapper, when the error looks like it's an error in assuming a role, replace it with an error message that describes the most probable cause: missing role/failure to bootstrap. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…8186) The validation for `nonKeyAttributes` count on the secondaryt indexes was incorrectly checked at `20`, while the real limit is `100` (it has been raised since the code was initially authored). Fixes #8095 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Not every `e.message` is a `string`, I guess. It turns out it can also be `undefined`? This commit fixes the integ tests. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Bumps [uuid](https://github.com/uuidjs/uuid) from 8.0.0 to 8.1.0. - [Release notes](https://github.com/uuidjs/uuid/releases) - [Changelog](https://github.com/uuidjs/uuid/blob/master/CHANGELOG.md) - [Commits](uuidjs/uuid@v8.0.0...v8.1.0) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
Fix grammar errors from "if **there** the construct is valid." to "if the construct is valid." ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Fix typo ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…8193) Allows to work with imported resources. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
fixes #6984 by creating L2 construct and functions to allow for policies to be assigned to execution roles. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
## Commit Message docs(rds): invalid master username (#5076) ## End Commit Message Fixes the following error that occurs when `username` is set to `admin`: ``` 5/9 | 10:13:25 AM | CREATE_FAILED | AWS::RDS::DBCluster | Database (DatabaseB269D8BB) MasterUsername admin cannot be used as it is a reserved word used by the engine (Service: AmazonRDS; Status Code: 400; Error Code: InvalidParameterValue; Request ID: 0ac76793-...) ```
When two services accounts are added to a single cluster it will throw an error on the resource name. This is because the service account resource name is not unique to the cluster regardless the unique service account name. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
) chore(aws-eks): update README with correct service account syntax `serviceAccountName` should be at `spec.serviceAccountName` and add a CfnOutput sample to demo how to get the IAM role of this service account. My working sample here https://twitter.com/pahudnet/status/1263286407092514817 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
added some more missing tests. now that we have increased coverage, use the base configuration. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
This is because the operations of [`path`](https://nodejs.org/api/path.html) are OS specific. But for the container working directory and inside the container we never want to use Windows style paths. Fixes #8107 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
see CHANGELOG
## Commit Message chore(cloudtrail): better typed event selector apis (#8097) The event selector APIs now take strongly typed `IFunction` and `IBucket` instead of a string that is expected to contain the ARN. Additionally, add APIs to log all S3 data events and to log all Lambda data events. Change the type of `snsTopic` from `string` to `ITopic`. BREAKING CHANGE: API signatures of `addS3EventSelectors` and `addLambdaEventSelectors` have changed. Their parameters are now strongly typed to accept `IBucket` and `IFunction` respectively. * **cloudtrail:** `addS3EventSelectors` and `addLambdaEventSelectors` can no longer be used to configure all S3 data events or all Lambda data events. Two new APIs `logAllS3DataEvents()` and `logAllLambdaDataEvents()` have been introduced to achieve this. * **cloudtrail:** The property `snsTopic` is now of the type `ITopic`. ## End Commit Message ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by pull[bot]. Want to support this open source service? Please star it : )