From eb6b5da86c67607bfeb776934621ed0f8d18c2cd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=F0=9F=92=85=20=F0=9F=92=83=20=F0=9F=8C=88=20Miley?= Date: Thu, 31 May 2018 08:21:11 -0700 Subject: [PATCH 1/7] Minor usage imporvements! MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Adds `.DS_Store` to the `.gitignore` file - because mac * Exposes domainName and dualStackDomainName on the S3 L2 construct (because somtimes you need those) * Adds a "Canonical User Id" in the permissions lib - because there's so many ways to identify accounts! (We need it for CloudFront OAIs 🎉) --- .gitignore | 1 + packages/aws-cdk-s3/lib/bucket.ts | 4 ++++ .../aws-cdk/lib/cloudformation/permission.ts | 23 +++++++++++++++++++ 3 files changed, 28 insertions(+) diff --git a/.gitignore b/.gitignore index eae0b9ce55d21..23c4f66559b1e 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,4 @@ +.DS_Store node_modules lerna-debug.log *.js diff --git a/packages/aws-cdk-s3/lib/bucket.ts b/packages/aws-cdk-s3/lib/bucket.ts index c55ed3bc7f93e..59a4e755cac31 100644 --- a/packages/aws-cdk-s3/lib/bucket.ts +++ b/packages/aws-cdk-s3/lib/bucket.ts @@ -254,6 +254,8 @@ export interface BucketProps { export class Bucket extends BucketRef { public readonly bucketArn: s3.BucketArn; public readonly bucketName: BucketName; + public readonly domainName: s3.BucketDomainName; + public readonly dualstackDomainName: s3.BucketDualStackDomainName; public readonly encryptionKey?: kms.EncryptionKeyRef; protected policy?: BucketPolicy; protected autoCreatePolicy = true; @@ -281,6 +283,8 @@ export class Bucket extends BucketRef { this.encryptionKey = encryptionKey; this.bucketArn = resource.bucketArn; this.bucketName = resource.ref; + this.domainName = resource.bucketDomainName; + this.dualstackDomainName = resource.bucketDualStackDomainName; // Add all lifecycle rules (props.lifecycleRules || []).forEach(this.addLifecycleRule.bind(this)); diff --git a/packages/aws-cdk/lib/cloudformation/permission.ts b/packages/aws-cdk/lib/cloudformation/permission.ts index 5b4d1227d7e18..60f3dd8c322ef 100644 --- a/packages/aws-cdk/lib/cloudformation/permission.ts +++ b/packages/aws-cdk/lib/cloudformation/permission.ts @@ -72,6 +72,29 @@ export class ServicePrincipal extends PolicyPrincipal { } } +/** + * A policy prinicipal for canonicalUserIds - useful for S3 bucket policies that use + * Origin Access identities. + * + * See https://docs.aws.amazon.com/general/latest/gr/acct-identifiers.html + * + * and + * + * https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-restricting-access-to-s3.html + * + * for more details. + * + */ +export class CanonicalUserPrincipal extends PolicyPrincipal { + constructor(public readonly canonicalUserId: any) { + super(); + } + + public toJson(): any { + return { CanonicalUser: this.canonicalUserId }; + } +} + export class FederatedPrincipal extends PolicyPrincipal { constructor(public readonly federated: any) { super(); From f02c2c570258ea8a9e309f6b4f93a026841adbf5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=F0=9F=92=85=20=F0=9F=92=83=20=F0=9F=8C=88=20Miley?= Date: Thu, 31 May 2018 18:56:18 -0700 Subject: [PATCH 2/7] CR Feedback - adds tests, also .vscode to .gitignore --- .gitignore | 1 + .../aws-cdk/test/cloudformation/test.perms.ts | 15 ++++++++++++++- 2 files changed, 15 insertions(+), 1 deletion(-) diff --git a/.gitignore b/.gitignore index 23c4f66559b1e..f7e84da12cec4 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,4 @@ +.vscode .DS_Store node_modules lerna-debug.log diff --git a/packages/aws-cdk/test/cloudformation/test.perms.ts b/packages/aws-cdk/test/cloudformation/test.perms.ts index 998f1884f0f34..732e5f8646e44 100644 --- a/packages/aws-cdk/test/cloudformation/test.perms.ts +++ b/packages/aws-cdk/test/cloudformation/test.perms.ts @@ -1,5 +1,5 @@ import { Test } from 'nodeunit'; -import { FnConcat, PolicyDocument, PolicyStatement, resolve } from '../../lib'; +import { CanonicalUserPrincipal, FnConcat, PolicyDocument, PolicyStatement, resolve } from '../../lib'; export = { 'the Permission class is a programming model for iam'(test: Test) { @@ -91,6 +91,19 @@ export = { test.done(); }, + 'canonicalUserPrincipal adds a principal to a policy with the passed canonical user id'(test: Test) { + const p = new PolicyStatement(); + const canoncialUser = "averysuperduperlongstringfor"; + p.addPrincipal(new CanonicalUserPrincipal(canoncialUser)); + test.deepEqual(resolve(p), { + Effect: "Allow", + Principal: { + CanonicalUser: canoncialUser + } + }); + test.done(); + }, + 'addAccountRootPrincipal adds a principal with the current account root'(test: Test) { const p = new PolicyStatement(); p.addAccountRootPrincipal(); From 447d517c9b654ddd47581668d16b3a53ad219d67 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=F0=9F=91=A8=F0=9F=8F=BC=E2=80=8D=F0=9F=92=BB=20Romain=20M?= =?UTF-8?q?arcadier-Muller?= Date: Fri, 1 Jun 2018 12:00:26 +0200 Subject: [PATCH 3/7] Make lerna packages be packages/* Prevents lerna link from creating cyclic links in the aws-cdk-toolkit/lib/init-templates/typescript folder. --- lerna.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lerna.json b/lerna.json index 96a77b2f343f8..3f162fe9f34a7 100644 --- a/lerna.json +++ b/lerna.json @@ -1,7 +1,7 @@ { "lerna": "2.5.1", "packages": [ - "packages/**/*", + "packages/*", "examples" ], "rejectCycles": "true", From 14a00525840e7c7d37f690bd99fdf65ef3f7afe1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=F0=9F=91=A8=F0=9F=8F=BC=E2=80=8D=F0=9F=92=BB=20Romain=20M?= =?UTF-8?q?arcadier-Muller?= Date: Fri, 1 Jun 2018 15:00:47 +0200 Subject: [PATCH 4/7] Add missing declaration files enablement in aws-cdk-toolkit --- packages/aws-cdk-toolkit/tsconfig.json | 1 + 1 file changed, 1 insertion(+) diff --git a/packages/aws-cdk-toolkit/tsconfig.json b/packages/aws-cdk-toolkit/tsconfig.json index 26607f642a817..68f25759b6350 100644 --- a/packages/aws-cdk-toolkit/tsconfig.json +++ b/packages/aws-cdk-toolkit/tsconfig.json @@ -3,6 +3,7 @@ "target":"ES2018", "module": "commonjs", "lib": ["es2016", "es2017.object", "es2017.string"], + "declaration": true, "strict": true, "noImplicitAny": true, "strictNullChecks": true, From 511c4baa53ef6a5a16213635d76fbfbef78a7f5d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=F0=9F=91=A8=F0=9F=8F=BC=E2=80=8D=F0=9F=92=BB=20Romain=20M?= =?UTF-8?q?arcadier-Muller?= Date: Fri, 1 Jun 2018 15:35:05 +0200 Subject: [PATCH 5/7] Re-export CredentialProviderChain, so auth provider plug-ins can guarantee type compatibility regardless of AWS SDK version --- packages/aws-cdk-toolkit/lib/api/aws-auth/credentials.ts | 2 ++ 1 file changed, 2 insertions(+) diff --git a/packages/aws-cdk-toolkit/lib/api/aws-auth/credentials.ts b/packages/aws-cdk-toolkit/lib/api/aws-auth/credentials.ts index 9684bae6e1064..e36c42f03cc5c 100644 --- a/packages/aws-cdk-toolkit/lib/api/aws-auth/credentials.ts +++ b/packages/aws-cdk-toolkit/lib/api/aws-auth/credentials.ts @@ -1,5 +1,7 @@ import { CredentialProviderChain } from 'aws-sdk'; +export { CredentialProviderChain }; + export enum Mode { ForReading, ForWriting From 7ea639227478e5f6b14776e434dda062d8fbb579 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=F0=9F=91=A8=F0=9F=8F=BC=E2=80=8D=F0=9F=92=BB=20Romain=20M?= =?UTF-8?q?arcadier-Muller?= Date: Fri, 1 Jun 2018 15:56:35 +0200 Subject: [PATCH 6/7] Stop packaging documentation source & build gear --- packages/docs/.npmignore | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/packages/docs/.npmignore b/packages/docs/.npmignore index de10b2c44198a..533ce5ebcd29e 100644 --- a/packages/docs/.npmignore +++ b/packages/docs/.npmignore @@ -1,3 +1,3 @@ -# Don't include original .ts files when doing `npm pack` -*.ts -!*.d.ts +/* +!/dist/docs +/dist/staging From 32ccb48a2b51b807ec35344cfb6a903da745e027 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=F0=9F=91=A8=F0=9F=8F=BC=E2=80=8D=F0=9F=92=BB=20Romain=20M?= =?UTF-8?q?arcadier-Muller?= Date: Fri, 1 Jun 2018 15:57:42 +0200 Subject: [PATCH 7/7] [aws-cdk-java] Reduce npm package size, improve mvn package contents - Stop `npm pack`-ing generated source & build gear. - `mvn package` assembly.jsii with the class files. - Correct generated source path to be `mvn` compliant --- packages/aws-cdk-java/.npmignore | 7 ++++--- packages/aws-cdk-java/generate.sh | 2 +- packages/aws-cdk-java/pom.xml | 31 +++++++++++++++++++++++++++++++ 3 files changed, 36 insertions(+), 4 deletions(-) diff --git a/packages/aws-cdk-java/.npmignore b/packages/aws-cdk-java/.npmignore index de10b2c44198a..3df1aa245c37e 100644 --- a/packages/aws-cdk-java/.npmignore +++ b/packages/aws-cdk-java/.npmignore @@ -1,3 +1,4 @@ -# Don't include original .ts files when doing `npm pack` -*.ts -!*.d.ts +/* +!/target +/target/* +!/target/*.jar diff --git a/packages/aws-cdk-java/generate.sh b/packages/aws-cdk-java/generate.sh index 32954baac7bf1..9ae072444ae73 100755 --- a/packages/aws-cdk-java/generate.sh +++ b/packages/aws-cdk-java/generate.sh @@ -1,6 +1,6 @@ #!/bin/bash set -euo pipefail -outdir="src/main" +outdir="src/main/java" rm -fr "${outdir}" for p in $(find-jsii-packages -k jsii.names.java); do echo "Generating java code for module $p" diff --git a/packages/aws-cdk-java/pom.xml b/packages/aws-cdk-java/pom.xml index 515cc7d3fd792..9fb20be0e984f 100644 --- a/packages/aws-cdk-java/pom.xml +++ b/packages/aws-cdk-java/pom.xml @@ -9,6 +9,10 @@ aws-cdk 0.6 + + UTF-8 + + @@ -20,7 +24,34 @@ 1.8 + + + org.apache.maven.plugins + maven-source-plugin + 3.0.1 + + + attach-sources + + jar + + + + + + + + false + src/main/java + + **/assembly.jsii + + + **/*.java + + +