From d5b8594f133b532f5fd8f39ad3df23dffbe6ba85 Mon Sep 17 00:00:00 2001 From: Matthias Gubler Date: Mon, 1 Apr 2024 16:04:05 -0600 Subject: [PATCH 01/14] feat(stepfunction): add enableExecuteCommand to sfn ECSRunTask (#29638) ### Issue #29637 Closes #29637 ### Reason for this change Allow setting the enableExecuteCommand for ECSRunTask in sfn ### Description of changes Add the enableExecuteCommand property to the EcsRunTaskProps, to start the task from step functions with execution command enabled. ### Description of how you validated changes Unit-test added. Existing ones passed. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- .../aws-sfn-tasks-ecs-run-task.assets.json | 4 +- .../aws-sfn-tasks-ecs-run-task.template.json | 2 +- .../manifest.json | 2 +- .../integ.ec2-run-task.js.snapshot/tree.json | 406 +++++++++--------- .../test/ecs/integ.ec2-run-task.ts | 1 + .../aws-stepfunctions-tasks/README.md | 28 ++ .../lib/ecs/run-task.ts | 12 +- .../test/ecs/run-tasks.test.ts | 49 ++- 8 files changed, 295 insertions(+), 209 deletions(-) diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/ecs/integ.ec2-run-task.js.snapshot/aws-sfn-tasks-ecs-run-task.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/ecs/integ.ec2-run-task.js.snapshot/aws-sfn-tasks-ecs-run-task.assets.json index 9e4c6412a37b2..e4a7c7b822ca8 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/ecs/integ.ec2-run-task.js.snapshot/aws-sfn-tasks-ecs-run-task.assets.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/ecs/integ.ec2-run-task.js.snapshot/aws-sfn-tasks-ecs-run-task.assets.json @@ -1,7 +1,7 @@ { "version": "36.0.0", "files": { - "95e3c66ed03d4b413dbfdca27bdc41c19f0035e7aab4e92a1fa335f02cd8b768": { + "a2ab39fe0d946767a488ce04eb51fffb041276b29879387f4fe7dcad7f577c37": { "source": { "path": "aws-sfn-tasks-ecs-run-task.template.json", "packaging": "file" @@ -9,7 +9,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "95e3c66ed03d4b413dbfdca27bdc41c19f0035e7aab4e92a1fa335f02cd8b768.json", + "objectKey": "a2ab39fe0d946767a488ce04eb51fffb041276b29879387f4fe7dcad7f577c37.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/ecs/integ.ec2-run-task.js.snapshot/aws-sfn-tasks-ecs-run-task.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/ecs/integ.ec2-run-task.js.snapshot/aws-sfn-tasks-ecs-run-task.template.json index 69fd4e4190aeb..b805e97be7941 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/ecs/integ.ec2-run-task.js.snapshot/aws-sfn-tasks-ecs-run-task.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/ecs/integ.ec2-run-task.js.snapshot/aws-sfn-tasks-ecs-run-task.template.json @@ -1379,7 +1379,7 @@ "Arn" ] }, - "\",\"TaskDefinition\":\"awssfntasksecsruntaskTaskDef75140181\",\"Overrides\":{\"ContainerOverrides\":[{\"Name\":\"Container\",\"Environment\":[{\"Name\":\"SOME_KEY\",\"Value.$\":\"$.SomeKey\"}]}]},\"LaunchType\":\"EC2\"}}}}" + "\",\"TaskDefinition\":\"awssfntasksecsruntaskTaskDef75140181\",\"Overrides\":{\"ContainerOverrides\":[{\"Name\":\"Container\",\"Environment\":[{\"Name\":\"SOME_KEY\",\"Value.$\":\"$.SomeKey\"}]}]},\"LaunchType\":\"EC2\",\"EnableExecuteCommand\":true}}}}" ] ] }, diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/ecs/integ.ec2-run-task.js.snapshot/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/ecs/integ.ec2-run-task.js.snapshot/manifest.json index 380a0942b6701..2106df50715cf 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/ecs/integ.ec2-run-task.js.snapshot/manifest.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/ecs/integ.ec2-run-task.js.snapshot/manifest.json @@ -18,7 +18,7 @@ "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/95e3c66ed03d4b413dbfdca27bdc41c19f0035e7aab4e92a1fa335f02cd8b768.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/a2ab39fe0d946767a488ce04eb51fffb041276b29879387f4fe7dcad7f577c37.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/ecs/integ.ec2-run-task.js.snapshot/tree.json b/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/ecs/integ.ec2-run-task.js.snapshot/tree.json index 9ecf86d3d0921..35d22c14f4287 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/ecs/integ.ec2-run-task.js.snapshot/tree.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/ecs/integ.ec2-run-task.js.snapshot/tree.json @@ -20,8 +20,8 @@ "aws:cdk:cloudformation:props": {} }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" + "fqn": "aws-cdk-lib.aws_ecs.CfnCluster", + "version": "0.0.0" } }, "Vpc": { @@ -47,8 +47,8 @@ } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" + "fqn": "aws-cdk-lib.aws_ec2.CfnVPC", + "version": "0.0.0" } }, "PublicSubnet1": { @@ -91,16 +91,16 @@ } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", + "version": "0.0.0" } }, "Acl": { "id": "Acl", "path": "aws-sfn-tasks-ecs-run-task/Ec2Cluster/Vpc/PublicSubnet1/Acl", "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" } }, "RouteTable": { @@ -121,8 +121,8 @@ } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" + "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", + "version": "0.0.0" } }, "RouteTableAssociation": { @@ -140,8 +140,8 @@ } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", + "version": "0.0.0" } }, "DefaultRoute": { @@ -160,8 +160,8 @@ } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" + "fqn": "aws-cdk-lib.aws_ec2.CfnRoute", + "version": "0.0.0" } }, "EIP": { @@ -180,8 +180,8 @@ } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" + "fqn": "aws-cdk-lib.aws_ec2.CfnEIP", + "version": "0.0.0" } }, "NATGateway": { @@ -208,14 +208,14 @@ } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" + "fqn": "aws-cdk-lib.aws_ec2.CfnNatGateway", + "version": "0.0.0" } } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" + "fqn": "aws-cdk-lib.aws_ec2.PublicSubnet", + "version": "0.0.0" } }, "PublicSubnet2": { @@ -258,16 +258,16 @@ } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", + "version": "0.0.0" } }, "Acl": { "id": "Acl", "path": "aws-sfn-tasks-ecs-run-task/Ec2Cluster/Vpc/PublicSubnet2/Acl", "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" } }, "RouteTable": { @@ -288,8 +288,8 @@ } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" + "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", + "version": "0.0.0" } }, "RouteTableAssociation": { @@ -307,8 +307,8 @@ } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", + "version": "0.0.0" } }, "DefaultRoute": { @@ -327,8 +327,8 @@ } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" + "fqn": "aws-cdk-lib.aws_ec2.CfnRoute", + "version": "0.0.0" } }, "EIP": { @@ -347,8 +347,8 @@ } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" + "fqn": "aws-cdk-lib.aws_ec2.CfnEIP", + "version": "0.0.0" } }, "NATGateway": { @@ -375,14 +375,14 @@ } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" + "fqn": "aws-cdk-lib.aws_ec2.CfnNatGateway", + "version": "0.0.0" } } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" + "fqn": "aws-cdk-lib.aws_ec2.PublicSubnet", + "version": "0.0.0" } }, "PrivateSubnet1": { @@ -425,16 +425,16 @@ } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", + "version": "0.0.0" } }, "Acl": { "id": "Acl", "path": "aws-sfn-tasks-ecs-run-task/Ec2Cluster/Vpc/PrivateSubnet1/Acl", "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" } }, "RouteTable": { @@ -455,8 +455,8 @@ } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" + "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", + "version": "0.0.0" } }, "RouteTableAssociation": { @@ -474,8 +474,8 @@ } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", + "version": "0.0.0" } }, "DefaultRoute": { @@ -494,14 +494,14 @@ } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" + "fqn": "aws-cdk-lib.aws_ec2.CfnRoute", + "version": "0.0.0" } } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" + "fqn": "aws-cdk-lib.aws_ec2.PrivateSubnet", + "version": "0.0.0" } }, "PrivateSubnet2": { @@ -544,16 +544,16 @@ } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", + "version": "0.0.0" } }, "Acl": { "id": "Acl", "path": "aws-sfn-tasks-ecs-run-task/Ec2Cluster/Vpc/PrivateSubnet2/Acl", "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" } }, "RouteTable": { @@ -574,8 +574,8 @@ } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" + "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", + "version": "0.0.0" } }, "RouteTableAssociation": { @@ -593,8 +593,8 @@ } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", + "version": "0.0.0" } }, "DefaultRoute": { @@ -613,14 +613,14 @@ } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" + "fqn": "aws-cdk-lib.aws_ec2.CfnRoute", + "version": "0.0.0" } } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" + "fqn": "aws-cdk-lib.aws_ec2.PrivateSubnet", + "version": "0.0.0" } }, "IGW": { @@ -638,8 +638,8 @@ } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" + "fqn": "aws-cdk-lib.aws_ec2.CfnInternetGateway", + "version": "0.0.0" } }, "VPCGW": { @@ -657,14 +657,14 @@ } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" + "fqn": "aws-cdk-lib.aws_ec2.CfnVPCGatewayAttachment", + "version": "0.0.0" } } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" + "fqn": "aws-cdk-lib.aws_ec2.Vpc", + "version": "0.0.0" } }, "DefaultAutoScalingGroup": { @@ -701,14 +701,14 @@ } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" + "fqn": "aws-cdk-lib.aws_ec2.CfnSecurityGroup", + "version": "0.0.0" } } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" + "fqn": "aws-cdk-lib.aws_ec2.SecurityGroup", + "version": "0.0.0" } }, "InstanceRole": { @@ -719,8 +719,8 @@ "id": "ImportInstanceRole", "path": "aws-sfn-tasks-ecs-run-task/Ec2Cluster/DefaultAutoScalingGroup/InstanceRole/ImportInstanceRole", "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" } }, "Resource": { @@ -750,8 +750,8 @@ } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "0.0.0" } }, "DefaultPolicy": { @@ -820,20 +820,20 @@ } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" + "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", + "version": "0.0.0" } } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" + "fqn": "aws-cdk-lib.aws_iam.Policy", + "version": "0.0.0" } } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "0.0.0" } }, "InstanceProfile": { @@ -850,16 +850,16 @@ } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" + "fqn": "aws-cdk-lib.aws_iam.CfnInstanceProfile", + "version": "0.0.0" } }, "ImportedInstanceProfile": { "id": "ImportedInstanceProfile", "path": "aws-sfn-tasks-ecs-run-task/Ec2Cluster/DefaultAutoScalingGroup/ImportedInstanceProfile", "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" } }, "LaunchTemplate": { @@ -945,14 +945,14 @@ } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" + "fqn": "aws-cdk-lib.aws_ec2.CfnLaunchTemplate", + "version": "0.0.0" } } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" + "fqn": "aws-cdk-lib.aws_ec2.LaunchTemplate", + "version": "0.0.0" } }, "ASG": { @@ -992,8 +992,8 @@ } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" + "fqn": "aws-cdk-lib.aws_autoscaling.CfnAutoScalingGroup", + "version": "0.0.0" } }, "DrainECSHook": { @@ -1012,8 +1012,8 @@ "id": "ImportServiceRole", "path": "aws-sfn-tasks-ecs-run-task/Ec2Cluster/DefaultAutoScalingGroup/DrainECSHook/Function/ServiceRole/ImportServiceRole", "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" } }, "Resource": { @@ -1057,8 +1057,8 @@ } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "0.0.0" } }, "DefaultPolicy": { @@ -1156,20 +1156,20 @@ } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" + "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", + "version": "0.0.0" } } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" + "fqn": "aws-cdk-lib.aws_iam.Policy", + "version": "0.0.0" } } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "0.0.0" } }, "Resource": { @@ -1206,8 +1206,8 @@ } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" + "fqn": "aws-cdk-lib.aws_lambda.CfnFunction", + "version": "0.0.0" } }, "AllowInvoke:awssfntasksecsruntaskEc2ClusterDefaultAutoScalingGroupLifecycleHookDrainHookTopicF7B5DFDE": { @@ -1230,8 +1230,8 @@ } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" + "fqn": "aws-cdk-lib.aws_lambda.CfnPermission", + "version": "0.0.0" } }, "Topic": { @@ -1257,20 +1257,20 @@ } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" + "fqn": "aws-cdk-lib.aws_sns.CfnSubscription", + "version": "0.0.0" } } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" + "fqn": "aws-cdk-lib.aws_sns.Subscription", + "version": "0.0.0" } } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" + "fqn": "aws-cdk-lib.aws_lambda.Function", + "version": "0.0.0" } } }, @@ -1302,14 +1302,14 @@ } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" + "fqn": "aws-cdk-lib.aws_sns.CfnTopic", + "version": "0.0.0" } } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" + "fqn": "aws-cdk-lib.aws_sns.Topic", + "version": "0.0.0" } }, "Role": { @@ -1320,8 +1320,8 @@ "id": "ImportRole", "path": "aws-sfn-tasks-ecs-run-task/Ec2Cluster/DefaultAutoScalingGroup/LifecycleHookDrainHook/Role/ImportRole", "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" } }, "Resource": { @@ -1351,8 +1351,8 @@ } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "0.0.0" } }, "DefaultPolicy": { @@ -1386,20 +1386,20 @@ } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" + "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", + "version": "0.0.0" } } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" + "fqn": "aws-cdk-lib.aws_iam.Policy", + "version": "0.0.0" } } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "0.0.0" } }, "Resource": { @@ -1426,42 +1426,42 @@ } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" + "fqn": "aws-cdk-lib.aws_autoscaling.CfnLifecycleHook", + "version": "0.0.0" } } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" + "fqn": "aws-cdk-lib.aws_autoscaling.LifecycleHook", + "version": "0.0.0" } } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" + "fqn": "aws-cdk-lib.aws_autoscaling.AutoScalingGroup", + "version": "0.0.0" } } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" + "fqn": "aws-cdk-lib.aws_ecs.Cluster", + "version": "0.0.0" } }, "SsmParameterValue:--aws--service--ecs--optimized-ami--amazon-linux-2--recommended--image_id:C96584B6-F00A-464E-AD19-53AFF4B05118.Parameter": { "id": "SsmParameterValue:--aws--service--ecs--optimized-ami--amazon-linux-2--recommended--image_id:C96584B6-F00A-464E-AD19-53AFF4B05118.Parameter", "path": "aws-sfn-tasks-ecs-run-task/SsmParameterValue:--aws--service--ecs--optimized-ami--amazon-linux-2--recommended--image_id:C96584B6-F00A-464E-AD19-53AFF4B05118.Parameter", "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" } }, "SsmParameterValue:--aws--service--ecs--optimized-ami--amazon-linux-2--recommended--image_id:C96584B6-F00A-464E-AD19-53AFF4B05118": { "id": "SsmParameterValue:--aws--service--ecs--optimized-ami--amazon-linux-2--recommended--image_id:C96584B6-F00A-464E-AD19-53AFF4B05118", "path": "aws-sfn-tasks-ecs-run-task/SsmParameterValue:--aws--service--ecs--optimized-ami--amazon-linux-2--recommended--image_id:C96584B6-F00A-464E-AD19-53AFF4B05118", "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" } }, "TaskDef": { @@ -1476,8 +1476,8 @@ "id": "ImportTaskRole", "path": "aws-sfn-tasks-ecs-run-task/TaskDef/TaskRole/ImportTaskRole", "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" } }, "Resource": { @@ -1501,14 +1501,14 @@ } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "0.0.0" } } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "0.0.0" } }, "Resource": { @@ -1559,8 +1559,8 @@ } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" + "fqn": "aws-cdk-lib.aws_ecs.CfnTaskDefinition", + "version": "0.0.0" } }, "Container": { @@ -1575,22 +1575,22 @@ "id": "Staging", "path": "aws-sfn-tasks-ecs-run-task/TaskDef/Container/AssetImage/Staging", "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" + "fqn": "aws-cdk-lib.AssetStaging", + "version": "0.0.0" } }, "Repository": { "id": "Repository", "path": "aws-sfn-tasks-ecs-run-task/TaskDef/Container/AssetImage/Repository", "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" + "fqn": "aws-cdk-lib.aws_ecr.RepositoryBase", + "version": "0.0.0" } } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" + "fqn": "aws-cdk-lib.aws_ecr_assets.DockerImageAsset", + "version": "0.0.0" } }, "LogGroup": { @@ -1605,20 +1605,20 @@ "aws:cdk:cloudformation:props": {} }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" + "fqn": "aws-cdk-lib.aws_logs.CfnLogGroup", + "version": "0.0.0" } } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" + "fqn": "aws-cdk-lib.aws_logs.LogGroup", + "version": "0.0.0" } } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" + "fqn": "aws-cdk-lib.aws_ecs.ContainerDefinition", + "version": "0.0.0" } }, "ExecutionRole": { @@ -1629,8 +1629,8 @@ "id": "ImportExecutionRole", "path": "aws-sfn-tasks-ecs-run-task/TaskDef/ExecutionRole/ImportExecutionRole", "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" } }, "Resource": { @@ -1654,8 +1654,8 @@ } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "0.0.0" } }, "DefaultPolicy": { @@ -1731,42 +1731,42 @@ } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" + "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", + "version": "0.0.0" } } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" + "fqn": "aws-cdk-lib.aws_iam.Policy", + "version": "0.0.0" } } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "0.0.0" } } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" + "fqn": "aws-cdk-lib.aws_ecs.Ec2TaskDefinition", + "version": "0.0.0" } }, "Start": { "id": "Start", "path": "aws-sfn-tasks-ecs-run-task/Start", "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" + "fqn": "aws-cdk-lib.aws_stepfunctions.Pass", + "version": "0.0.0" } }, "Run": { "id": "Run", "path": "aws-sfn-tasks-ecs-run-task/Run", "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" + "fqn": "aws-cdk-lib.aws_stepfunctions_tasks.EcsRunTask", + "version": "0.0.0" } }, "StateMachine": { @@ -1781,8 +1781,8 @@ "id": "ImportRole", "path": "aws-sfn-tasks-ecs-run-task/StateMachine/Role/ImportRole", "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" } }, "Resource": { @@ -1806,8 +1806,8 @@ } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "0.0.0" } }, "DefaultPolicy": { @@ -2117,20 +2117,20 @@ } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" + "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", + "version": "0.0.0" } } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" + "fqn": "aws-cdk-lib.aws_iam.Policy", + "version": "0.0.0" } } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "0.0.0" } }, "Resource": { @@ -2154,7 +2154,7 @@ "Arn" ] }, - "\",\"TaskDefinition\":\"awssfntasksecsruntaskTaskDef75140181\",\"Overrides\":{\"ContainerOverrides\":[{\"Name\":\"Container\",\"Environment\":[{\"Name\":\"SOME_KEY\",\"Value.$\":\"$.SomeKey\"}]}]},\"LaunchType\":\"EC2\"}}}}" + "\",\"TaskDefinition\":\"awssfntasksecsruntaskTaskDef75140181\",\"Overrides\":{\"ContainerOverrides\":[{\"Name\":\"Container\",\"Environment\":[{\"Name\":\"SOME_KEY\",\"Value.$\":\"$.SomeKey\"}]}]},\"LaunchType\":\"EC2\",\"EnableExecuteCommand\":true}}}}" ] ] }, @@ -2167,44 +2167,44 @@ } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" + "fqn": "aws-cdk-lib.aws_stepfunctions.CfnStateMachine", + "version": "0.0.0" } } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" + "fqn": "aws-cdk-lib.aws_stepfunctions.StateMachine", + "version": "0.0.0" } }, "stateMachineArn": { "id": "stateMachineArn", "path": "aws-sfn-tasks-ecs-run-task/stateMachineArn", "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" + "fqn": "aws-cdk-lib.CfnOutput", + "version": "0.0.0" } }, "BootstrapVersion": { "id": "BootstrapVersion", "path": "aws-sfn-tasks-ecs-run-task/BootstrapVersion", "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" } }, "CheckBootstrapVersion": { "id": "CheckBootstrapVersion", "path": "aws-sfn-tasks-ecs-run-task/CheckBootstrapVersion", "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" } } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" } }, "SfnTasksEcsEc2RunTaskTest": { @@ -2231,22 +2231,22 @@ "id": "BootstrapVersion", "path": "SfnTasksEcsEc2RunTaskTest/DefaultTest/DeployAssert/BootstrapVersion", "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" } }, "CheckBootstrapVersion": { "id": "CheckBootstrapVersion", "path": "SfnTasksEcsEc2RunTaskTest/DefaultTest/DeployAssert/CheckBootstrapVersion", "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" } } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" } } }, @@ -2271,8 +2271,8 @@ } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" + "fqn": "aws-cdk-lib.App", + "version": "0.0.0" } } } \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/ecs/integ.ec2-run-task.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/ecs/integ.ec2-run-task.ts index 5c2fd6afd0ebd..05cb571dbd3d7 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/ecs/integ.ec2-run-task.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/ecs/integ.ec2-run-task.ts @@ -55,6 +55,7 @@ const definition = new sfn.Pass(stack, 'Start', { }, ], launchTarget: new tasks.EcsEc2LaunchTarget(), + enableExecuteCommand: true, }), ); diff --git a/packages/aws-cdk-lib/aws-stepfunctions-tasks/README.md b/packages/aws-cdk-lib/aws-stepfunctions-tasks/README.md index 789529547b6d6..c733bda61610f 100644 --- a/packages/aws-cdk-lib/aws-stepfunctions-tasks/README.md +++ b/packages/aws-cdk-lib/aws-stepfunctions-tasks/README.md @@ -606,6 +606,34 @@ const runTask = new tasks.EcsRunTask(this, 'RunFargate', { }); ``` +#### ECS enable Exec + +By setting the property [`enableExecuteCommand`](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_RunTask.html#ECS-RunTask-request-enableExecuteCommand) to `true`, you can enable the [ECS Exec feature](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-exec.html) for the task for either Fargate or EC2 launch types. + +```ts +const vpc = ec2.Vpc.fromLookup(this, 'Vpc', { + isDefault: true, +}); +const cluster = new ecs.Cluster(this, 'ECSCluster', { vpc }); + +const taskDefinition = new ecs.TaskDefinition(this, 'TD', { + compatibility: ecs.Compatibility.EC2, +}); + +taskDefinition.addContainer('TheContainer', { + image: ecs.ContainerImage.fromRegistry('foo/bar'), + memoryLimitMiB: 256, +}); + +const runTask = new tasks.EcsRunTask(this, 'Run', { + integrationPattern: sfn.IntegrationPattern.RUN_JOB, + cluster, + taskDefinition, + launchTarget: new tasks.EcsEc2LaunchTarget(), + enableExecuteCommand: true, +}); +``` + ## EMR Step Functions supports Amazon EMR through the service integration pattern. diff --git a/packages/aws-cdk-lib/aws-stepfunctions-tasks/lib/ecs/run-task.ts b/packages/aws-cdk-lib/aws-stepfunctions-tasks/lib/ecs/run-task.ts index 303468707ea54..72c0da31a447b 100644 --- a/packages/aws-cdk-lib/aws-stepfunctions-tasks/lib/ecs/run-task.ts +++ b/packages/aws-cdk-lib/aws-stepfunctions-tasks/lib/ecs/run-task.ts @@ -28,7 +28,7 @@ export interface EcsRunTaskProps extends sfn.TaskStateBaseProps { readonly taskDefinition: ecs.TaskDefinition; /** - * The revision number of ECS task definiton family + * The revision number of ECS task definition family * * @default - '$latest' */ @@ -81,6 +81,15 @@ export interface EcsRunTaskProps extends sfn.TaskStateBaseProps { * @default - No tags are propagated. */ readonly propagatedTagSource?: ecs.PropagatedTagSource; + + /** + * Whether ECS Exec should be enabled + * + * @see https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_RunTask.html#ECS-RunTask-request-enableExecuteCommand + * + * @default false + */ + readonly enableExecuteCommand?: boolean; } /** @@ -304,6 +313,7 @@ export class EcsRunTask extends sfn.TaskStateBase implements ec2.IConnectable { Overrides: renderOverrides(this.props.containerOverrides), PropagateTags: this.props.propagatedTagSource, ...this.props.launchTarget.bind(this, { taskDefinition: this.props.taskDefinition, cluster: this.props.cluster }).parameters, + EnableExecuteCommand: this.props.enableExecuteCommand, }), }; } diff --git a/packages/aws-cdk-lib/aws-stepfunctions-tasks/test/ecs/run-tasks.test.ts b/packages/aws-cdk-lib/aws-stepfunctions-tasks/test/ecs/run-tasks.test.ts index 928e7486eb02f..d7a0ad00510b9 100644 --- a/packages/aws-cdk-lib/aws-stepfunctions-tasks/test/ecs/run-tasks.test.ts +++ b/packages/aws-cdk-lib/aws-stepfunctions-tasks/test/ecs/run-tasks.test.ts @@ -686,7 +686,7 @@ test('Running a task with WAIT_FOR_TASK_TOKEN and task token in environment', () })).not.toThrow(); }); -test('Set revision number of ECS task denition family', () => { +test('Set revision number of ECS task definition family', () => { // When const taskDefinition = new ecs.TaskDefinition(stack, 'TD', { memoryMiB: '512', @@ -754,3 +754,50 @@ test('Set revision number of ECS task denition family', () => { }, ); }); + +test('set enableExecuteCommand', () => { + const taskDefinition = new ecs.TaskDefinition(stack, 'TD', { + compatibility: ecs.Compatibility.EC2, + }); + taskDefinition.addContainer('TheContainer', { + image: ecs.ContainerImage.fromRegistry('foo/bar'), + memoryLimitMiB: 256, + }); + + // WHEN + const runTask = new tasks.EcsRunTask(stack, 'Run', { + integrationPattern: sfn.IntegrationPattern.RUN_JOB, + launchTarget: new tasks.EcsEc2LaunchTarget(), + cluster, + taskDefinition, + enableExecuteCommand: true, + }); + + new sfn.StateMachine(stack, 'SM', { + definitionBody: sfn.DefinitionBody.fromChainable(runTask), + }); + + // THEN + expect(stack.resolve(runTask.toStateJson())).toEqual({ + End: true, + Parameters: { + Cluster: { 'Fn::GetAtt': ['ClusterEB0386A7', 'Arn'] }, + LaunchType: 'EC2', + TaskDefinition: 'TD', + EnableExecuteCommand: true, + }, + Resource: { + 'Fn::Join': [ + '', + [ + 'arn:', + { + Ref: 'AWS::Partition', + }, + ':states:::ecs:runTask.sync', + ], + ], + }, + Type: 'Task', + }); +}); From 10357c0ab6be105e0d988b9045bcfe99faf69cbd Mon Sep 17 00:00:00 2001 From: yynakanoyy <63993206+yynakanoyy@users.noreply.github.com> Date: Tue, 2 Apr 2024 07:32:18 +0900 Subject: [PATCH 02/14] fix(pipelines): codeStar connection accepts nested repository (#29631) ### Issue # (if applicable) Closes #27504 ### Reason for this change The current validation of `repoString` in constructor of `CodeStarConnectionSource` does not support nested repository that can appear in GitLab. ### Description of changes The validation is fixed to accept nested repository. ### Description of how you validated changes I added unit tests and confirmed all tests passed. ### Checklist - [X] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- .../PipelineStack.assets.json | 19 + .../PipelineStack.template.json | 1088 +++++++++++ ...efaultTestDeployAssertA8A39C70.assets.json | 19 + ...aultTestDeployAssertA8A39C70.template.json | 36 + .../PipelineStackPipeline9DB740AF.dot | 37 + ...ipelineStackBetaStack1E6541489.assets.json | 19 + ...elineStackBetaStack1E6541489.template.json | 43 + .../assembly-PipelineStack-Beta/cdk.out | 1 + .../assembly-PipelineStack-Beta/manifest.json | 60 + .../cdk.out | 1 + .../integ.json | 12 + .../manifest.json | 204 ++ .../tree.json | 1659 +++++++++++++++++ ...eg.newpipeline-with-codestar-connection.ts | 52 + .../lib/codepipeline/codepipeline-source.ts | 28 +- .../codepipeline/codepipeline-sources.test.ts | 43 + 16 files changed, 3317 insertions(+), 4 deletions(-) create mode 100644 packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.newpipeline-with-codestar-connection.js.snapshot/PipelineStack.assets.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.newpipeline-with-codestar-connection.js.snapshot/PipelineStack.template.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.newpipeline-with-codestar-connection.js.snapshot/PipelineStackIntegDefaultTestDeployAssertA8A39C70.assets.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.newpipeline-with-codestar-connection.js.snapshot/PipelineStackIntegDefaultTestDeployAssertA8A39C70.template.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.newpipeline-with-codestar-connection.js.snapshot/PipelineStackPipeline9DB740AF.dot create mode 100644 packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.newpipeline-with-codestar-connection.js.snapshot/assembly-PipelineStack-Beta/PipelineStackBetaStack1E6541489.assets.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.newpipeline-with-codestar-connection.js.snapshot/assembly-PipelineStack-Beta/PipelineStackBetaStack1E6541489.template.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.newpipeline-with-codestar-connection.js.snapshot/assembly-PipelineStack-Beta/cdk.out create mode 100644 packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.newpipeline-with-codestar-connection.js.snapshot/assembly-PipelineStack-Beta/manifest.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.newpipeline-with-codestar-connection.js.snapshot/cdk.out create mode 100644 packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.newpipeline-with-codestar-connection.js.snapshot/integ.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.newpipeline-with-codestar-connection.js.snapshot/manifest.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.newpipeline-with-codestar-connection.js.snapshot/tree.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.newpipeline-with-codestar-connection.ts diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.newpipeline-with-codestar-connection.js.snapshot/PipelineStack.assets.json b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.newpipeline-with-codestar-connection.js.snapshot/PipelineStack.assets.json new file mode 100644 index 0000000000000..7d2e712e3684e --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.newpipeline-with-codestar-connection.js.snapshot/PipelineStack.assets.json @@ -0,0 +1,19 @@ +{ + "version": "36.0.0", + "files": { + "0a05e633e930b15979b0f60716eb0af4d8fba02809d07dd69714c7a2c1a3591d": { + "source": { + "path": "PipelineStack.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "0a05e633e930b15979b0f60716eb0af4d8fba02809d07dd69714c7a2c1a3591d.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.newpipeline-with-codestar-connection.js.snapshot/PipelineStack.template.json b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.newpipeline-with-codestar-connection.js.snapshot/PipelineStack.template.json new file mode 100644 index 0000000000000..cee616a408014 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.newpipeline-with-codestar-connection.js.snapshot/PipelineStack.template.json @@ -0,0 +1,1088 @@ +{ + "Resources": { + "PipelineArtifactsBucketAEA9A052": { + "Type": "AWS::S3::Bucket", + "Properties": { + "BucketEncryption": { + "ServerSideEncryptionConfiguration": [ + { + "ServerSideEncryptionByDefault": { + "SSEAlgorithm": "aws:kms" + } + } + ] + }, + "PublicAccessBlockConfiguration": { + "BlockPublicAcls": true, + "BlockPublicPolicy": true, + "IgnorePublicAcls": true, + "RestrictPublicBuckets": true + } + }, + "UpdateReplacePolicy": "Retain", + "DeletionPolicy": "Retain" + }, + "PipelineArtifactsBucketPolicyF53CCC52": { + "Type": "AWS::S3::BucketPolicy", + "Properties": { + "Bucket": { + "Ref": "PipelineArtifactsBucketAEA9A052" + }, + "PolicyDocument": { + "Statement": [ + { + "Action": "s3:*", + "Condition": { + "Bool": { + "aws:SecureTransport": "false" + } + }, + "Effect": "Deny", + "Principal": { + "AWS": "*" + }, + "Resource": [ + { + "Fn::GetAtt": [ + "PipelineArtifactsBucketAEA9A052", + "Arn" + ] + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "PipelineArtifactsBucketAEA9A052", + "Arn" + ] + }, + "/*" + ] + ] + } + ] + }, + { + "Action": [ + "s3:GetBucket*", + "s3:GetObject*", + "s3:List*" + ], + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":role/cdk-hnb659fds-deploy-role-", + { + "Ref": "AWS::AccountId" + }, + "-", + { + "Ref": "AWS::Region" + } + ] + ] + } + }, + "Resource": [ + { + "Fn::GetAtt": [ + "PipelineArtifactsBucketAEA9A052", + "Arn" + ] + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "PipelineArtifactsBucketAEA9A052", + "Arn" + ] + }, + "/*" + ] + ] + } + ] + } + ], + "Version": "2012-10-17" + } + } + }, + "PipelineRoleB27FAA37": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "codepipeline.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "PipelineRoleDefaultPolicy7BDC1ABB": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "s3:Abort*", + "s3:DeleteObject*", + "s3:GetBucket*", + "s3:GetObject*", + "s3:List*", + "s3:PutObject", + "s3:PutObjectLegalHold", + "s3:PutObjectRetention", + "s3:PutObjectTagging", + "s3:PutObjectVersionTagging" + ], + "Effect": "Allow", + "Resource": [ + { + "Fn::GetAtt": [ + "PipelineArtifactsBucketAEA9A052", + "Arn" + ] + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "PipelineArtifactsBucketAEA9A052", + "Arn" + ] + }, + "/*" + ] + ] + } + ] + }, + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Resource": [ + { + "Fn::GetAtt": [ + "PipelineCodeBuildActionRole226DB0CB", + "Arn" + ] + }, + { + "Fn::GetAtt": [ + "PipelineSourceownergrouprepoCodePipelineActionRole290DB4C9", + "Arn" + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":role/cdk-hnb659fds-deploy-role-", + { + "Ref": "AWS::AccountId" + }, + "-", + { + "Ref": "AWS::Region" + } + ] + ] + } + ] + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "PipelineRoleDefaultPolicy7BDC1ABB", + "Roles": [ + { + "Ref": "PipelineRoleB27FAA37" + } + ] + } + }, + "Pipeline9850B417": { + "Type": "AWS::CodePipeline::Pipeline", + "Properties": { + "ArtifactStore": { + "Location": { + "Ref": "PipelineArtifactsBucketAEA9A052" + }, + "Type": "S3" + }, + "PipelineType": "V1", + "RestartExecutionOnUpdate": true, + "RoleArn": { + "Fn::GetAtt": [ + "PipelineRoleB27FAA37", + "Arn" + ] + }, + "Stages": [ + { + "Actions": [ + { + "ActionTypeId": { + "Category": "Source", + "Owner": "AWS", + "Provider": "CodeStarSourceConnection", + "Version": "1" + }, + "Configuration": { + "ConnectionArn": "arn:aws:codestar-connections:us-east-1:111111111111:connection/184ba85d-b626-48ef-960f-b377c9c01a76", + "FullRepositoryId": "owner/group/repo", + "BranchName": "master" + }, + "Name": "owner_group_repo", + "OutputArtifacts": [ + { + "Name": "owner_group_repo_Source" + } + ], + "RoleArn": { + "Fn::GetAtt": [ + "PipelineSourceownergrouprepoCodePipelineActionRole290DB4C9", + "Arn" + ] + }, + "RunOrder": 1 + } + ], + "Name": "Source" + }, + { + "Actions": [ + { + "ActionTypeId": { + "Category": "Build", + "Owner": "AWS", + "Provider": "CodeBuild", + "Version": "1" + }, + "Configuration": { + "ProjectName": { + "Ref": "PipelineBuildSynthCdkBuildProject6BEFA8E6" + }, + "EnvironmentVariables": "[{\"name\":\"_PROJECT_CONFIG_HASH\",\"type\":\"PLAINTEXT\",\"value\":\"9846e726ec481ed25679c0170187f40b4920586fd0e7314d24f56620d9f53f5b\"}]" + }, + "InputArtifacts": [ + { + "Name": "owner_group_repo_Source" + } + ], + "Name": "Synth", + "OutputArtifacts": [ + { + "Name": "Synth_Output" + } + ], + "RoleArn": { + "Fn::GetAtt": [ + "PipelineCodeBuildActionRole226DB0CB", + "Arn" + ] + }, + "RunOrder": 1 + } + ], + "Name": "Build" + }, + { + "Actions": [ + { + "ActionTypeId": { + "Category": "Build", + "Owner": "AWS", + "Provider": "CodeBuild", + "Version": "1" + }, + "Configuration": { + "ProjectName": { + "Ref": "PipelineUpdatePipelineSelfMutationDAA41400" + }, + "EnvironmentVariables": "[{\"name\":\"_PROJECT_CONFIG_HASH\",\"type\":\"PLAINTEXT\",\"value\":\"167eef1378d6e6ad8c4c8da3461f900d6e066cd0916052ee812a8d94b87ad38c\"}]" + }, + "InputArtifacts": [ + { + "Name": "Synth_Output" + } + ], + "Name": "SelfMutate", + "RoleArn": { + "Fn::GetAtt": [ + "PipelineCodeBuildActionRole226DB0CB", + "Arn" + ] + }, + "RunOrder": 1 + } + ], + "Name": "UpdatePipeline" + }, + { + "Actions": [ + { + "ActionTypeId": { + "Category": "Deploy", + "Owner": "AWS", + "Provider": "CloudFormation", + "Version": "1" + }, + "Configuration": { + "StackName": "Beta-Stack1", + "Capabilities": "CAPABILITY_NAMED_IAM,CAPABILITY_AUTO_EXPAND", + "RoleArn": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":role/cdk-hnb659fds-cfn-exec-role-", + { + "Ref": "AWS::AccountId" + }, + "-", + { + "Ref": "AWS::Region" + } + ] + ] + }, + "ActionMode": "CHANGE_SET_REPLACE", + "ChangeSetName": "PipelineChange", + "TemplatePath": "Synth_Output::assembly-PipelineStack-Beta/PipelineStackBetaStack1E6541489.template.json" + }, + "InputArtifacts": [ + { + "Name": "Synth_Output" + } + ], + "Name": "Prepare", + "RoleArn": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":role/cdk-hnb659fds-deploy-role-", + { + "Ref": "AWS::AccountId" + }, + "-", + { + "Ref": "AWS::Region" + } + ] + ] + }, + "RunOrder": 1 + }, + { + "ActionTypeId": { + "Category": "Deploy", + "Owner": "AWS", + "Provider": "CloudFormation", + "Version": "1" + }, + "Configuration": { + "StackName": "Beta-Stack1", + "ActionMode": "CHANGE_SET_EXECUTE", + "ChangeSetName": "PipelineChange" + }, + "Name": "Deploy", + "RoleArn": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":role/cdk-hnb659fds-deploy-role-", + { + "Ref": "AWS::AccountId" + }, + "-", + { + "Ref": "AWS::Region" + } + ] + ] + }, + "RunOrder": 2 + } + ], + "Name": "Beta" + } + ] + }, + "DependsOn": [ + "PipelineRoleDefaultPolicy7BDC1ABB", + "PipelineRoleB27FAA37" + ] + }, + "PipelineSourceownergrouprepoCodePipelineActionRole290DB4C9": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" + ] + ] + } + } + } + ], + "Version": "2012-10-17" + } + } + }, + "PipelineSourceownergrouprepoCodePipelineActionRoleDefaultPolicy8A6030B0": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": "codestar-connections:UseConnection", + "Effect": "Allow", + "Resource": "arn:aws:codestar-connections:us-east-1:111111111111:connection/184ba85d-b626-48ef-960f-b377c9c01a76" + }, + { + "Action": [ + "s3:Abort*", + "s3:DeleteObject*", + "s3:GetBucket*", + "s3:GetObject*", + "s3:List*", + "s3:PutObject", + "s3:PutObjectLegalHold", + "s3:PutObjectRetention", + "s3:PutObjectTagging", + "s3:PutObjectVersionTagging" + ], + "Effect": "Allow", + "Resource": [ + { + "Fn::GetAtt": [ + "PipelineArtifactsBucketAEA9A052", + "Arn" + ] + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "PipelineArtifactsBucketAEA9A052", + "Arn" + ] + }, + "/*" + ] + ] + } + ] + }, + { + "Action": [ + "s3:PutObjectAcl", + "s3:PutObjectVersionAcl" + ], + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "PipelineArtifactsBucketAEA9A052", + "Arn" + ] + }, + "/*" + ] + ] + } + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "PipelineSourceownergrouprepoCodePipelineActionRoleDefaultPolicy8A6030B0", + "Roles": [ + { + "Ref": "PipelineSourceownergrouprepoCodePipelineActionRole290DB4C9" + } + ] + } + }, + "PipelineBuildSynthCdkBuildProjectRole231EEA2A": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "codebuild.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "PipelineBuildSynthCdkBuildProjectRoleDefaultPolicyFB6C941C": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "logs:CreateLogGroup", + "logs:CreateLogStream", + "logs:PutLogEvents" + ], + "Effect": "Allow", + "Resource": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":log-group:/aws/codebuild/", + { + "Ref": "PipelineBuildSynthCdkBuildProject6BEFA8E6" + }, + ":*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":log-group:/aws/codebuild/", + { + "Ref": "PipelineBuildSynthCdkBuildProject6BEFA8E6" + } + ] + ] + } + ] + }, + { + "Action": [ + "codebuild:BatchPutCodeCoverages", + "codebuild:BatchPutTestCases", + "codebuild:CreateReport", + "codebuild:CreateReportGroup", + "codebuild:UpdateReport" + ], + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":codebuild:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":report-group/", + { + "Ref": "PipelineBuildSynthCdkBuildProject6BEFA8E6" + }, + "-*" + ] + ] + } + }, + { + "Action": [ + "s3:Abort*", + "s3:DeleteObject*", + "s3:GetBucket*", + "s3:GetObject*", + "s3:List*", + "s3:PutObject", + "s3:PutObjectLegalHold", + "s3:PutObjectRetention", + "s3:PutObjectTagging", + "s3:PutObjectVersionTagging" + ], + "Effect": "Allow", + "Resource": [ + { + "Fn::GetAtt": [ + "PipelineArtifactsBucketAEA9A052", + "Arn" + ] + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "PipelineArtifactsBucketAEA9A052", + "Arn" + ] + }, + "/*" + ] + ] + } + ] + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "PipelineBuildSynthCdkBuildProjectRoleDefaultPolicyFB6C941C", + "Roles": [ + { + "Ref": "PipelineBuildSynthCdkBuildProjectRole231EEA2A" + } + ] + } + }, + "PipelineBuildSynthCdkBuildProject6BEFA8E6": { + "Type": "AWS::CodeBuild::Project", + "Properties": { + "Artifacts": { + "Type": "CODEPIPELINE" + }, + "Cache": { + "Type": "NO_CACHE" + }, + "Description": "Pipeline step PipelineStack/Pipeline/Build/Synth", + "EncryptionKey": "alias/aws/s3", + "Environment": { + "ComputeType": "BUILD_GENERAL1_SMALL", + "Image": "aws/codebuild/standard:7.0", + "ImagePullCredentialsType": "CODEBUILD", + "PrivilegedMode": false, + "Type": "LINUX_CONTAINER" + }, + "ServiceRole": { + "Fn::GetAtt": [ + "PipelineBuildSynthCdkBuildProjectRole231EEA2A", + "Arn" + ] + }, + "Source": { + "BuildSpec": "{\n \"version\": \"0.2\",\n \"phases\": {\n \"build\": {\n \"commands\": [\n \"npm ci\",\n \"npm run build\",\n \"npx cdk synth\"\n ]\n }\n },\n \"artifacts\": {\n \"base-directory\": \"cdk.out\",\n \"files\": \"**/*\"\n }\n}", + "Type": "CODEPIPELINE" + } + } + }, + "PipelineCodeBuildActionRole226DB0CB": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::GetAtt": [ + "PipelineRoleB27FAA37", + "Arn" + ] + } + } + } + ], + "Version": "2012-10-17" + } + } + }, + "PipelineCodeBuildActionRoleDefaultPolicy1D62A6FE": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "codebuild:BatchGetBuilds", + "codebuild:StartBuild", + "codebuild:StopBuild" + ], + "Effect": "Allow", + "Resource": [ + { + "Fn::GetAtt": [ + "PipelineBuildSynthCdkBuildProject6BEFA8E6", + "Arn" + ] + }, + { + "Fn::GetAtt": [ + "PipelineUpdatePipelineSelfMutationDAA41400", + "Arn" + ] + } + ] + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "PipelineCodeBuildActionRoleDefaultPolicy1D62A6FE", + "Roles": [ + { + "Ref": "PipelineCodeBuildActionRole226DB0CB" + } + ] + } + }, + "PipelineUpdatePipelineSelfMutationRole57E559E8": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "codebuild.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "PipelineUpdatePipelineSelfMutationRoleDefaultPolicyA225DA4E": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "logs:CreateLogGroup", + "logs:CreateLogStream", + "logs:PutLogEvents" + ], + "Effect": "Allow", + "Resource": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":log-group:/aws/codebuild/", + { + "Ref": "PipelineUpdatePipelineSelfMutationDAA41400" + }, + ":*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":log-group:/aws/codebuild/", + { + "Ref": "PipelineUpdatePipelineSelfMutationDAA41400" + } + ] + ] + } + ] + }, + { + "Action": [ + "codebuild:BatchPutCodeCoverages", + "codebuild:BatchPutTestCases", + "codebuild:CreateReport", + "codebuild:CreateReportGroup", + "codebuild:UpdateReport" + ], + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":codebuild:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":report-group/", + { + "Ref": "PipelineUpdatePipelineSelfMutationDAA41400" + }, + "-*" + ] + ] + } + }, + { + "Action": "sts:AssumeRole", + "Condition": { + "ForAnyValue:StringEquals": { + "iam:ResourceTag/aws-cdk:bootstrap-role": [ + "image-publishing", + "file-publishing", + "deploy" + ] + } + }, + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:*:iam::", + { + "Ref": "AWS::AccountId" + }, + ":role/*" + ] + ] + } + }, + { + "Action": [ + "cloudformation:DescribeStacks", + "s3:ListBucket" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "s3:GetBucket*", + "s3:GetObject*", + "s3:List*" + ], + "Effect": "Allow", + "Resource": [ + { + "Fn::GetAtt": [ + "PipelineArtifactsBucketAEA9A052", + "Arn" + ] + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "PipelineArtifactsBucketAEA9A052", + "Arn" + ] + }, + "/*" + ] + ] + } + ] + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "PipelineUpdatePipelineSelfMutationRoleDefaultPolicyA225DA4E", + "Roles": [ + { + "Ref": "PipelineUpdatePipelineSelfMutationRole57E559E8" + } + ] + } + }, + "PipelineUpdatePipelineSelfMutationDAA41400": { + "Type": "AWS::CodeBuild::Project", + "Properties": { + "Artifacts": { + "Type": "CODEPIPELINE" + }, + "Cache": { + "Type": "NO_CACHE" + }, + "Description": "Pipeline step PipelineStack/Pipeline/UpdatePipeline/SelfMutate", + "EncryptionKey": "alias/aws/s3", + "Environment": { + "ComputeType": "BUILD_GENERAL1_SMALL", + "Image": "aws/codebuild/standard:7.0", + "ImagePullCredentialsType": "CODEBUILD", + "PrivilegedMode": false, + "Type": "LINUX_CONTAINER" + }, + "ServiceRole": { + "Fn::GetAtt": [ + "PipelineUpdatePipelineSelfMutationRole57E559E8", + "Arn" + ] + }, + "Source": { + "BuildSpec": "{\n \"version\": \"0.2\",\n \"phases\": {\n \"install\": {\n \"commands\": [\n \"npm install -g aws-cdk@2\"\n ]\n },\n \"build\": {\n \"commands\": [\n \"cdk -a . deploy PipelineStack --require-approval=never --verbose\"\n ]\n }\n }\n}", + "Type": "CODEPIPELINE" + } + } + } + }, + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.newpipeline-with-codestar-connection.js.snapshot/PipelineStackIntegDefaultTestDeployAssertA8A39C70.assets.json b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.newpipeline-with-codestar-connection.js.snapshot/PipelineStackIntegDefaultTestDeployAssertA8A39C70.assets.json new file mode 100644 index 0000000000000..3655d340d976b --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.newpipeline-with-codestar-connection.js.snapshot/PipelineStackIntegDefaultTestDeployAssertA8A39C70.assets.json @@ -0,0 +1,19 @@ +{ + "version": "36.0.0", + "files": { + "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { + "source": { + "path": "PipelineStackIntegDefaultTestDeployAssertA8A39C70.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.newpipeline-with-codestar-connection.js.snapshot/PipelineStackIntegDefaultTestDeployAssertA8A39C70.template.json b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.newpipeline-with-codestar-connection.js.snapshot/PipelineStackIntegDefaultTestDeployAssertA8A39C70.template.json new file mode 100644 index 0000000000000..ad9d0fb73d1dd --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.newpipeline-with-codestar-connection.js.snapshot/PipelineStackIntegDefaultTestDeployAssertA8A39C70.template.json @@ -0,0 +1,36 @@ +{ + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.newpipeline-with-codestar-connection.js.snapshot/PipelineStackPipeline9DB740AF.dot b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.newpipeline-with-codestar-connection.js.snapshot/PipelineStackPipeline9DB740AF.dot new file mode 100644 index 0000000000000..8df404183ab6f --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.newpipeline-with-codestar-connection.js.snapshot/PipelineStackPipeline9DB740AF.dot @@ -0,0 +1,37 @@ +digraph G { + # Arrows represent an "unlocks" relationship (opposite of dependency). So chosen + # because the layout looks more natural that way. + # To represent subgraph dependencies, subgraphs are represented by BEGIN/END nodes. + # To render: `dot -Tsvg PipelineStackPipeline9DB740AF.dot > graph.svg`, open in a browser. + node [shape="box"]; +"BEGIN Build" [shape="cds", style="filled", fillcolor="#b7deff"]; +"END Build" [shape="cds", style="filled", fillcolor="#b7deff"]; +"Build.Synth"; +"Source.owner/group/repo" -> "Build.Synth"; +"BEGIN Build" -> "Build.Synth"; +"Build.Synth" -> "END Build"; +"BEGIN UpdatePipeline" [shape="cds", style="filled", fillcolor="#b7deff"]; +"END UpdatePipeline" [shape="cds", style="filled", fillcolor="#b7deff"]; +"UpdatePipeline.SelfMutate"; +"Build.Synth" -> "UpdatePipeline.SelfMutate"; +"BEGIN UpdatePipeline" -> "UpdatePipeline.SelfMutate"; +"UpdatePipeline.SelfMutate" -> "END UpdatePipeline"; +"BEGIN Beta" [shape="cds", style="filled", fillcolor="#b7deff"]; +"END Beta" [shape="cds", style="filled", fillcolor="#b7deff"]; +"UpdatePipeline.SelfMutate" -> "BEGIN Beta"; +"BEGIN Beta.Stack1" [shape="cds", style="filled", fillcolor="#b7deff"]; +"END Beta.Stack1" [shape="cds", style="filled", fillcolor="#b7deff"]; +"Beta.Stack1.Deploy"; +"Beta.Stack1.Prepare" -> "Beta.Stack1.Deploy"; +"Beta.Stack1.Prepare"; +"Build.Synth" -> "Beta.Stack1.Prepare"; +"BEGIN Beta.Stack1" -> "Beta.Stack1.Prepare"; +"Beta.Stack1.Deploy" -> "END Beta.Stack1"; +"BEGIN Beta" -> "BEGIN Beta.Stack1"; +"END Beta.Stack1" -> "END Beta"; +"BEGIN Source" [shape="cds", style="filled", fillcolor="#b7deff"]; +"END Source" [shape="cds", style="filled", fillcolor="#b7deff"]; +"Source.owner/group/repo"; +"BEGIN Source" -> "Source.owner/group/repo"; +"Source.owner/group/repo" -> "END Source"; +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.newpipeline-with-codestar-connection.js.snapshot/assembly-PipelineStack-Beta/PipelineStackBetaStack1E6541489.assets.json b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.newpipeline-with-codestar-connection.js.snapshot/assembly-PipelineStack-Beta/PipelineStackBetaStack1E6541489.assets.json new file mode 100644 index 0000000000000..29d94cb7ae7fd --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.newpipeline-with-codestar-connection.js.snapshot/assembly-PipelineStack-Beta/PipelineStackBetaStack1E6541489.assets.json @@ -0,0 +1,19 @@ +{ + "version": "36.0.0", + "files": { + "0cb2dea76b65bd66a374af57914e8583b3c20712b5758474102ef97620d68ec5": { + "source": { + "path": "PipelineStackBetaStack1E6541489.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "0cb2dea76b65bd66a374af57914e8583b3c20712b5758474102ef97620d68ec5.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.newpipeline-with-codestar-connection.js.snapshot/assembly-PipelineStack-Beta/PipelineStackBetaStack1E6541489.template.json b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.newpipeline-with-codestar-connection.js.snapshot/assembly-PipelineStack-Beta/PipelineStackBetaStack1E6541489.template.json new file mode 100644 index 0000000000000..132b710b85c15 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.newpipeline-with-codestar-connection.js.snapshot/assembly-PipelineStack-Beta/PipelineStackBetaStack1E6541489.template.json @@ -0,0 +1,43 @@ +{ + "Resources": { + "Queue4A7E3555": { + "Type": "AWS::SQS::Queue", + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + } + }, + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.newpipeline-with-codestar-connection.js.snapshot/assembly-PipelineStack-Beta/cdk.out b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.newpipeline-with-codestar-connection.js.snapshot/assembly-PipelineStack-Beta/cdk.out new file mode 100644 index 0000000000000..1f0068d32659a --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.newpipeline-with-codestar-connection.js.snapshot/assembly-PipelineStack-Beta/cdk.out @@ -0,0 +1 @@ +{"version":"36.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.newpipeline-with-codestar-connection.js.snapshot/assembly-PipelineStack-Beta/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.newpipeline-with-codestar-connection.js.snapshot/assembly-PipelineStack-Beta/manifest.json new file mode 100644 index 0000000000000..9aeab9b0bab9c --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.newpipeline-with-codestar-connection.js.snapshot/assembly-PipelineStack-Beta/manifest.json @@ -0,0 +1,60 @@ +{ + "version": "36.0.0", + "artifacts": { + "PipelineStackBetaStack1E6541489.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "PipelineStackBetaStack1E6541489.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "PipelineStackBetaStack1E6541489": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "PipelineStackBetaStack1E6541489.template.json", + "terminationProtection": false, + "validateOnSynth": true, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/0cb2dea76b65bd66a374af57914e8583b3c20712b5758474102ef97620d68ec5.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "PipelineStackBetaStack1E6541489.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + }, + "stackName": "Beta-Stack1" + }, + "dependencies": [ + "PipelineStackBetaStack1E6541489.assets" + ], + "metadata": { + "/PipelineStack/Beta/Stack1/Queue/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "Queue4A7E3555" + } + ], + "/PipelineStack/Beta/Stack1/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/PipelineStack/Beta/Stack1/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "PipelineStack/Beta/Stack1" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.newpipeline-with-codestar-connection.js.snapshot/cdk.out b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.newpipeline-with-codestar-connection.js.snapshot/cdk.out new file mode 100644 index 0000000000000..1f0068d32659a --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.newpipeline-with-codestar-connection.js.snapshot/cdk.out @@ -0,0 +1 @@ +{"version":"36.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.newpipeline-with-codestar-connection.js.snapshot/integ.json b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.newpipeline-with-codestar-connection.js.snapshot/integ.json new file mode 100644 index 0000000000000..5da15f70d5b33 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.newpipeline-with-codestar-connection.js.snapshot/integ.json @@ -0,0 +1,12 @@ +{ + "version": "36.0.0", + "testCases": { + "PipelineStackInteg/DefaultTest": { + "stacks": [ + "PipelineStack" + ], + "assertionStack": "PipelineStackInteg/DefaultTest/DeployAssert", + "assertionStackName": "PipelineStackIntegDefaultTestDeployAssertA8A39C70" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.newpipeline-with-codestar-connection.js.snapshot/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.newpipeline-with-codestar-connection.js.snapshot/manifest.json new file mode 100644 index 0000000000000..bac0d816be485 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.newpipeline-with-codestar-connection.js.snapshot/manifest.json @@ -0,0 +1,204 @@ +{ + "version": "36.0.0", + "artifacts": { + "assembly-PipelineStack-Beta": { + "type": "cdk:cloud-assembly", + "properties": { + "directoryName": "assembly-PipelineStack-Beta", + "displayName": "PipelineStack/Beta" + } + }, + "PipelineStack.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "PipelineStack.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "PipelineStack": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "PipelineStack.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/0a05e633e930b15979b0f60716eb0af4d8fba02809d07dd69714c7a2c1a3591d.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "PipelineStack.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "PipelineStack.assets" + ], + "metadata": { + "/PipelineStack/Pipeline/Pipeline/ArtifactsBucket/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "PipelineArtifactsBucketAEA9A052" + } + ], + "/PipelineStack/Pipeline/Pipeline/ArtifactsBucket/Policy/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "PipelineArtifactsBucketPolicyF53CCC52" + } + ], + "/PipelineStack/Pipeline/Pipeline/Role/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "PipelineRoleB27FAA37" + } + ], + "/PipelineStack/Pipeline/Pipeline/Role/DefaultPolicy/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "PipelineRoleDefaultPolicy7BDC1ABB" + } + ], + "/PipelineStack/Pipeline/Pipeline/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "Pipeline9850B417" + } + ], + "/PipelineStack/Pipeline/Pipeline/Source/owner_group_repo/CodePipelineActionRole/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "PipelineSourceownergrouprepoCodePipelineActionRole290DB4C9" + } + ], + "/PipelineStack/Pipeline/Pipeline/Source/owner_group_repo/CodePipelineActionRole/DefaultPolicy/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "PipelineSourceownergrouprepoCodePipelineActionRoleDefaultPolicy8A6030B0" + } + ], + "/PipelineStack/Pipeline/Pipeline/Build/Synth/CdkBuildProject/Role/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "PipelineBuildSynthCdkBuildProjectRole231EEA2A" + } + ], + "/PipelineStack/Pipeline/Pipeline/Build/Synth/CdkBuildProject/Role/DefaultPolicy/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "PipelineBuildSynthCdkBuildProjectRoleDefaultPolicyFB6C941C" + } + ], + "/PipelineStack/Pipeline/Pipeline/Build/Synth/CdkBuildProject/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "PipelineBuildSynthCdkBuildProject6BEFA8E6" + } + ], + "/PipelineStack/Pipeline/CodeBuildActionRole/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "PipelineCodeBuildActionRole226DB0CB" + } + ], + "/PipelineStack/Pipeline/CodeBuildActionRole/DefaultPolicy/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "PipelineCodeBuildActionRoleDefaultPolicy1D62A6FE" + } + ], + "/PipelineStack/Pipeline/UpdatePipeline/SelfMutation/Role/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "PipelineUpdatePipelineSelfMutationRole57E559E8" + } + ], + "/PipelineStack/Pipeline/UpdatePipeline/SelfMutation/Role/DefaultPolicy/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "PipelineUpdatePipelineSelfMutationRoleDefaultPolicyA225DA4E" + } + ], + "/PipelineStack/Pipeline/UpdatePipeline/SelfMutation/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "PipelineUpdatePipelineSelfMutationDAA41400" + } + ], + "/PipelineStack/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/PipelineStack/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "PipelineStack" + }, + "PipelineStackIntegDefaultTestDeployAssertA8A39C70.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "PipelineStackIntegDefaultTestDeployAssertA8A39C70.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "PipelineStackIntegDefaultTestDeployAssertA8A39C70": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "PipelineStackIntegDefaultTestDeployAssertA8A39C70.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "PipelineStackIntegDefaultTestDeployAssertA8A39C70.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "PipelineStackIntegDefaultTestDeployAssertA8A39C70.assets" + ], + "metadata": { + "/PipelineStackInteg/DefaultTest/DeployAssert/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/PipelineStackInteg/DefaultTest/DeployAssert/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "PipelineStackInteg/DefaultTest/DeployAssert" + }, + "Tree": { + "type": "cdk:tree", + "properties": { + "file": "tree.json" + } + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.newpipeline-with-codestar-connection.js.snapshot/tree.json b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.newpipeline-with-codestar-connection.js.snapshot/tree.json new file mode 100644 index 0000000000000..546267e9a788f --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.newpipeline-with-codestar-connection.js.snapshot/tree.json @@ -0,0 +1,1659 @@ +{ + "version": "tree-0.1", + "tree": { + "id": "App", + "path": "", + "children": { + "PipelineStack": { + "id": "PipelineStack", + "path": "PipelineStack", + "children": { + "Pipeline": { + "id": "Pipeline", + "path": "PipelineStack/Pipeline", + "children": { + "Pipeline": { + "id": "Pipeline", + "path": "PipelineStack/Pipeline/Pipeline", + "children": { + "ArtifactsBucket": { + "id": "ArtifactsBucket", + "path": "PipelineStack/Pipeline/Pipeline/ArtifactsBucket", + "children": { + "Resource": { + "id": "Resource", + "path": "PipelineStack/Pipeline/Pipeline/ArtifactsBucket/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::S3::Bucket", + "aws:cdk:cloudformation:props": { + "bucketEncryption": { + "serverSideEncryptionConfiguration": [ + { + "serverSideEncryptionByDefault": { + "sseAlgorithm": "aws:kms" + } + } + ] + }, + "publicAccessBlockConfiguration": { + "blockPublicAcls": true, + "blockPublicPolicy": true, + "ignorePublicAcls": true, + "restrictPublicBuckets": true + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3.CfnBucket", + "version": "0.0.0" + } + }, + "Policy": { + "id": "Policy", + "path": "PipelineStack/Pipeline/Pipeline/ArtifactsBucket/Policy", + "children": { + "Resource": { + "id": "Resource", + "path": "PipelineStack/Pipeline/Pipeline/ArtifactsBucket/Policy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::S3::BucketPolicy", + "aws:cdk:cloudformation:props": { + "bucket": { + "Ref": "PipelineArtifactsBucketAEA9A052" + }, + "policyDocument": { + "Statement": [ + { + "Action": "s3:*", + "Condition": { + "Bool": { + "aws:SecureTransport": "false" + } + }, + "Effect": "Deny", + "Principal": { + "AWS": "*" + }, + "Resource": [ + { + "Fn::GetAtt": [ + "PipelineArtifactsBucketAEA9A052", + "Arn" + ] + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "PipelineArtifactsBucketAEA9A052", + "Arn" + ] + }, + "/*" + ] + ] + } + ] + }, + { + "Action": [ + "s3:GetBucket*", + "s3:GetObject*", + "s3:List*" + ], + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":role/cdk-hnb659fds-deploy-role-", + { + "Ref": "AWS::AccountId" + }, + "-", + { + "Ref": "AWS::Region" + } + ] + ] + } + }, + "Resource": [ + { + "Fn::GetAtt": [ + "PipelineArtifactsBucketAEA9A052", + "Arn" + ] + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "PipelineArtifactsBucketAEA9A052", + "Arn" + ] + }, + "/*" + ] + ] + } + ] + } + ], + "Version": "2012-10-17" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3.CfnBucketPolicy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3.BucketPolicy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3.Bucket", + "version": "0.0.0" + } + }, + "Role": { + "id": "Role", + "path": "PipelineStack/Pipeline/Pipeline/Role", + "children": { + "ImportRole": { + "id": "ImportRole", + "path": "PipelineStack/Pipeline/Pipeline/Role/ImportRole", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "PipelineStack/Pipeline/Pipeline/Role/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "codepipeline.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "0.0.0" + } + }, + "DefaultPolicy": { + "id": "DefaultPolicy", + "path": "PipelineStack/Pipeline/Pipeline/Role/DefaultPolicy", + "children": { + "Resource": { + "id": "Resource", + "path": "PipelineStack/Pipeline/Pipeline/Role/DefaultPolicy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Policy", + "aws:cdk:cloudformation:props": { + "policyDocument": { + "Statement": [ + { + "Action": [ + "s3:Abort*", + "s3:DeleteObject*", + "s3:GetBucket*", + "s3:GetObject*", + "s3:List*", + "s3:PutObject", + "s3:PutObjectLegalHold", + "s3:PutObjectRetention", + "s3:PutObjectTagging", + "s3:PutObjectVersionTagging" + ], + "Effect": "Allow", + "Resource": [ + { + "Fn::GetAtt": [ + "PipelineArtifactsBucketAEA9A052", + "Arn" + ] + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "PipelineArtifactsBucketAEA9A052", + "Arn" + ] + }, + "/*" + ] + ] + } + ] + }, + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Resource": [ + { + "Fn::GetAtt": [ + "PipelineCodeBuildActionRole226DB0CB", + "Arn" + ] + }, + { + "Fn::GetAtt": [ + "PipelineSourceownergrouprepoCodePipelineActionRole290DB4C9", + "Arn" + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":role/cdk-hnb659fds-deploy-role-", + { + "Ref": "AWS::AccountId" + }, + "-", + { + "Ref": "AWS::Region" + } + ] + ] + } + ] + } + ], + "Version": "2012-10-17" + }, + "policyName": "PipelineRoleDefaultPolicy7BDC1ABB", + "roles": [ + { + "Ref": "PipelineRoleB27FAA37" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Policy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "PipelineStack/Pipeline/Pipeline/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::CodePipeline::Pipeline", + "aws:cdk:cloudformation:props": { + "artifactStore": { + "type": "S3", + "location": { + "Ref": "PipelineArtifactsBucketAEA9A052" + } + }, + "pipelineType": "V1", + "restartExecutionOnUpdate": true, + "roleArn": { + "Fn::GetAtt": [ + "PipelineRoleB27FAA37", + "Arn" + ] + }, + "stages": [ + { + "name": "Source", + "actions": [ + { + "name": "owner_group_repo", + "outputArtifacts": [ + { + "name": "owner_group_repo_Source" + } + ], + "actionTypeId": { + "category": "Source", + "version": "1", + "owner": "AWS", + "provider": "CodeStarSourceConnection" + }, + "configuration": { + "ConnectionArn": "arn:aws:codestar-connections:us-east-1:111111111111:connection/184ba85d-b626-48ef-960f-b377c9c01a76", + "FullRepositoryId": "owner/group/repo", + "BranchName": "master" + }, + "runOrder": 1, + "roleArn": { + "Fn::GetAtt": [ + "PipelineSourceownergrouprepoCodePipelineActionRole290DB4C9", + "Arn" + ] + } + } + ] + }, + { + "name": "Build", + "actions": [ + { + "name": "Synth", + "inputArtifacts": [ + { + "name": "owner_group_repo_Source" + } + ], + "outputArtifacts": [ + { + "name": "Synth_Output" + } + ], + "actionTypeId": { + "category": "Build", + "version": "1", + "owner": "AWS", + "provider": "CodeBuild" + }, + "configuration": { + "ProjectName": { + "Ref": "PipelineBuildSynthCdkBuildProject6BEFA8E6" + }, + "EnvironmentVariables": "[{\"name\":\"_PROJECT_CONFIG_HASH\",\"type\":\"PLAINTEXT\",\"value\":\"9846e726ec481ed25679c0170187f40b4920586fd0e7314d24f56620d9f53f5b\"}]" + }, + "runOrder": 1, + "roleArn": { + "Fn::GetAtt": [ + "PipelineCodeBuildActionRole226DB0CB", + "Arn" + ] + } + } + ] + }, + { + "name": "UpdatePipeline", + "actions": [ + { + "name": "SelfMutate", + "inputArtifacts": [ + { + "name": "Synth_Output" + } + ], + "actionTypeId": { + "category": "Build", + "version": "1", + "owner": "AWS", + "provider": "CodeBuild" + }, + "configuration": { + "ProjectName": { + "Ref": "PipelineUpdatePipelineSelfMutationDAA41400" + }, + "EnvironmentVariables": "[{\"name\":\"_PROJECT_CONFIG_HASH\",\"type\":\"PLAINTEXT\",\"value\":\"167eef1378d6e6ad8c4c8da3461f900d6e066cd0916052ee812a8d94b87ad38c\"}]" + }, + "runOrder": 1, + "roleArn": { + "Fn::GetAtt": [ + "PipelineCodeBuildActionRole226DB0CB", + "Arn" + ] + } + } + ] + }, + { + "name": "Beta", + "actions": [ + { + "name": "Prepare", + "inputArtifacts": [ + { + "name": "Synth_Output" + } + ], + "actionTypeId": { + "category": "Deploy", + "version": "1", + "owner": "AWS", + "provider": "CloudFormation" + }, + "configuration": { + "StackName": "Beta-Stack1", + "Capabilities": "CAPABILITY_NAMED_IAM,CAPABILITY_AUTO_EXPAND", + "RoleArn": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":role/cdk-hnb659fds-cfn-exec-role-", + { + "Ref": "AWS::AccountId" + }, + "-", + { + "Ref": "AWS::Region" + } + ] + ] + }, + "ActionMode": "CHANGE_SET_REPLACE", + "ChangeSetName": "PipelineChange", + "TemplatePath": "Synth_Output::assembly-PipelineStack-Beta/PipelineStackBetaStack1E6541489.template.json" + }, + "runOrder": 1, + "roleArn": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":role/cdk-hnb659fds-deploy-role-", + { + "Ref": "AWS::AccountId" + }, + "-", + { + "Ref": "AWS::Region" + } + ] + ] + } + }, + { + "name": "Deploy", + "actionTypeId": { + "category": "Deploy", + "version": "1", + "owner": "AWS", + "provider": "CloudFormation" + }, + "configuration": { + "StackName": "Beta-Stack1", + "ActionMode": "CHANGE_SET_EXECUTE", + "ChangeSetName": "PipelineChange" + }, + "runOrder": 2, + "roleArn": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":role/cdk-hnb659fds-deploy-role-", + { + "Ref": "AWS::AccountId" + }, + "-", + { + "Ref": "AWS::Region" + } + ] + ] + } + } + ] + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_codepipeline.CfnPipeline", + "version": "0.0.0" + } + }, + "Source": { + "id": "Source", + "path": "PipelineStack/Pipeline/Pipeline/Source", + "children": { + "owner_group_repo": { + "id": "owner_group_repo", + "path": "PipelineStack/Pipeline/Pipeline/Source/owner_group_repo", + "children": { + "CodePipelineActionRole": { + "id": "CodePipelineActionRole", + "path": "PipelineStack/Pipeline/Pipeline/Source/owner_group_repo/CodePipelineActionRole", + "children": { + "ImportCodePipelineActionRole": { + "id": "ImportCodePipelineActionRole", + "path": "PipelineStack/Pipeline/Pipeline/Source/owner_group_repo/CodePipelineActionRole/ImportCodePipelineActionRole", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "PipelineStack/Pipeline/Pipeline/Source/owner_group_repo/CodePipelineActionRole/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" + ] + ] + } + } + } + ], + "Version": "2012-10-17" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "0.0.0" + } + }, + "DefaultPolicy": { + "id": "DefaultPolicy", + "path": "PipelineStack/Pipeline/Pipeline/Source/owner_group_repo/CodePipelineActionRole/DefaultPolicy", + "children": { + "Resource": { + "id": "Resource", + "path": "PipelineStack/Pipeline/Pipeline/Source/owner_group_repo/CodePipelineActionRole/DefaultPolicy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Policy", + "aws:cdk:cloudformation:props": { + "policyDocument": { + "Statement": [ + { + "Action": "codestar-connections:UseConnection", + "Effect": "Allow", + "Resource": "arn:aws:codestar-connections:us-east-1:111111111111:connection/184ba85d-b626-48ef-960f-b377c9c01a76" + }, + { + "Action": [ + "s3:Abort*", + "s3:DeleteObject*", + "s3:GetBucket*", + "s3:GetObject*", + "s3:List*", + "s3:PutObject", + "s3:PutObjectLegalHold", + "s3:PutObjectRetention", + "s3:PutObjectTagging", + "s3:PutObjectVersionTagging" + ], + "Effect": "Allow", + "Resource": [ + { + "Fn::GetAtt": [ + "PipelineArtifactsBucketAEA9A052", + "Arn" + ] + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "PipelineArtifactsBucketAEA9A052", + "Arn" + ] + }, + "/*" + ] + ] + } + ] + }, + { + "Action": [ + "s3:PutObjectAcl", + "s3:PutObjectVersionAcl" + ], + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "PipelineArtifactsBucketAEA9A052", + "Arn" + ] + }, + "/*" + ] + ] + } + } + ], + "Version": "2012-10-17" + }, + "policyName": "PipelineSourceownergrouprepoCodePipelineActionRoleDefaultPolicy8A6030B0", + "roles": [ + { + "Ref": "PipelineSourceownergrouprepoCodePipelineActionRole290DB4C9" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Policy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "Build": { + "id": "Build", + "path": "PipelineStack/Pipeline/Pipeline/Build", + "children": { + "Synth": { + "id": "Synth", + "path": "PipelineStack/Pipeline/Pipeline/Build/Synth", + "children": { + "CdkBuildProject": { + "id": "CdkBuildProject", + "path": "PipelineStack/Pipeline/Pipeline/Build/Synth/CdkBuildProject", + "children": { + "Role": { + "id": "Role", + "path": "PipelineStack/Pipeline/Pipeline/Build/Synth/CdkBuildProject/Role", + "children": { + "ImportRole": { + "id": "ImportRole", + "path": "PipelineStack/Pipeline/Pipeline/Build/Synth/CdkBuildProject/Role/ImportRole", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "PipelineStack/Pipeline/Pipeline/Build/Synth/CdkBuildProject/Role/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "codebuild.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "0.0.0" + } + }, + "DefaultPolicy": { + "id": "DefaultPolicy", + "path": "PipelineStack/Pipeline/Pipeline/Build/Synth/CdkBuildProject/Role/DefaultPolicy", + "children": { + "Resource": { + "id": "Resource", + "path": "PipelineStack/Pipeline/Pipeline/Build/Synth/CdkBuildProject/Role/DefaultPolicy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Policy", + "aws:cdk:cloudformation:props": { + "policyDocument": { + "Statement": [ + { + "Action": [ + "logs:CreateLogGroup", + "logs:CreateLogStream", + "logs:PutLogEvents" + ], + "Effect": "Allow", + "Resource": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":log-group:/aws/codebuild/", + { + "Ref": "PipelineBuildSynthCdkBuildProject6BEFA8E6" + }, + ":*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":log-group:/aws/codebuild/", + { + "Ref": "PipelineBuildSynthCdkBuildProject6BEFA8E6" + } + ] + ] + } + ] + }, + { + "Action": [ + "codebuild:BatchPutCodeCoverages", + "codebuild:BatchPutTestCases", + "codebuild:CreateReport", + "codebuild:CreateReportGroup", + "codebuild:UpdateReport" + ], + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":codebuild:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":report-group/", + { + "Ref": "PipelineBuildSynthCdkBuildProject6BEFA8E6" + }, + "-*" + ] + ] + } + }, + { + "Action": [ + "s3:Abort*", + "s3:DeleteObject*", + "s3:GetBucket*", + "s3:GetObject*", + "s3:List*", + "s3:PutObject", + "s3:PutObjectLegalHold", + "s3:PutObjectRetention", + "s3:PutObjectTagging", + "s3:PutObjectVersionTagging" + ], + "Effect": "Allow", + "Resource": [ + { + "Fn::GetAtt": [ + "PipelineArtifactsBucketAEA9A052", + "Arn" + ] + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "PipelineArtifactsBucketAEA9A052", + "Arn" + ] + }, + "/*" + ] + ] + } + ] + } + ], + "Version": "2012-10-17" + }, + "policyName": "PipelineBuildSynthCdkBuildProjectRoleDefaultPolicyFB6C941C", + "roles": [ + { + "Ref": "PipelineBuildSynthCdkBuildProjectRole231EEA2A" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Policy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "PipelineStack/Pipeline/Pipeline/Build/Synth/CdkBuildProject/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::CodeBuild::Project", + "aws:cdk:cloudformation:props": { + "artifacts": { + "type": "CODEPIPELINE" + }, + "cache": { + "type": "NO_CACHE" + }, + "description": "Pipeline step PipelineStack/Pipeline/Build/Synth", + "encryptionKey": "alias/aws/s3", + "environment": { + "type": "LINUX_CONTAINER", + "image": "aws/codebuild/standard:7.0", + "imagePullCredentialsType": "CODEBUILD", + "privilegedMode": false, + "computeType": "BUILD_GENERAL1_SMALL" + }, + "serviceRole": { + "Fn::GetAtt": [ + "PipelineBuildSynthCdkBuildProjectRole231EEA2A", + "Arn" + ] + }, + "source": { + "type": "CODEPIPELINE", + "buildSpec": "{\n \"version\": \"0.2\",\n \"phases\": {\n \"build\": {\n \"commands\": [\n \"npm ci\",\n \"npm run build\",\n \"npx cdk synth\"\n ]\n }\n },\n \"artifacts\": {\n \"base-directory\": \"cdk.out\",\n \"files\": \"**/*\"\n }\n}" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_codebuild.CfnProject", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_codebuild.PipelineProject", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "UpdatePipeline": { + "id": "UpdatePipeline", + "path": "PipelineStack/Pipeline/Pipeline/UpdatePipeline", + "children": { + "SelfMutate": { + "id": "SelfMutate", + "path": "PipelineStack/Pipeline/Pipeline/UpdatePipeline/SelfMutate", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "Beta": { + "id": "Beta", + "path": "PipelineStack/Pipeline/Pipeline/Beta", + "children": { + "Prepare": { + "id": "Prepare", + "path": "PipelineStack/Pipeline/Pipeline/Beta/Prepare", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "Deploy": { + "id": "Deploy", + "path": "PipelineStack/Pipeline/Pipeline/Beta/Deploy", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "MutableRolearn:${AWS::Partition}:iam::${AWS::AccountId}:role--cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}": { + "id": "MutableRolearn:${AWS::Partition}:iam::${AWS::AccountId}:role--cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "path": "PipelineStack/Pipeline/Pipeline/MutableRolearn:${AWS::Partition}:iam::${AWS::AccountId}:role--cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "arn:${AWS::Partition}:iam::${AWS::AccountId}:role--cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}": { + "id": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role--cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "path": "PipelineStack/Pipeline/Pipeline/arn:${AWS::Partition}:iam::${AWS::AccountId}:role--cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "children": { + "8389e75f-0810-4838-bf64-d6f85a95cf83": { + "id": "8389e75f-0810-4838-bf64-d6f85a95cf83", + "path": "PipelineStack/Pipeline/Pipeline/arn:${AWS::Partition}:iam::${AWS::AccountId}:role--cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}/8389e75f-0810-4838-bf64-d6f85a95cf83", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "MutableRolearn:${AWS::Partition}:iam::${AWS::AccountId}:role--cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}": { + "id": "MutableRolearn:${AWS::Partition}:iam::${AWS::AccountId}:role--cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "path": "PipelineStack/Pipeline/Pipeline/MutableRolearn:${AWS::Partition}:iam::${AWS::AccountId}:role--cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "arn:${AWS::Partition}:iam::${AWS::AccountId}:role--cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}": { + "id": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role--cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "path": "PipelineStack/Pipeline/Pipeline/arn:${AWS::Partition}:iam::${AWS::AccountId}:role--cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_codepipeline.Pipeline", + "version": "0.0.0" + } + }, + "CodeBuildActionRole": { + "id": "CodeBuildActionRole", + "path": "PipelineStack/Pipeline/CodeBuildActionRole", + "children": { + "ImportCodeBuildActionRole": { + "id": "ImportCodeBuildActionRole", + "path": "PipelineStack/Pipeline/CodeBuildActionRole/ImportCodeBuildActionRole", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "PipelineStack/Pipeline/CodeBuildActionRole/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::GetAtt": [ + "PipelineRoleB27FAA37", + "Arn" + ] + } + } + } + ], + "Version": "2012-10-17" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "0.0.0" + } + }, + "DefaultPolicy": { + "id": "DefaultPolicy", + "path": "PipelineStack/Pipeline/CodeBuildActionRole/DefaultPolicy", + "children": { + "Resource": { + "id": "Resource", + "path": "PipelineStack/Pipeline/CodeBuildActionRole/DefaultPolicy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Policy", + "aws:cdk:cloudformation:props": { + "policyDocument": { + "Statement": [ + { + "Action": [ + "codebuild:BatchGetBuilds", + "codebuild:StartBuild", + "codebuild:StopBuild" + ], + "Effect": "Allow", + "Resource": [ + { + "Fn::GetAtt": [ + "PipelineBuildSynthCdkBuildProject6BEFA8E6", + "Arn" + ] + }, + { + "Fn::GetAtt": [ + "PipelineUpdatePipelineSelfMutationDAA41400", + "Arn" + ] + } + ] + } + ], + "Version": "2012-10-17" + }, + "policyName": "PipelineCodeBuildActionRoleDefaultPolicy1D62A6FE", + "roles": [ + { + "Ref": "PipelineCodeBuildActionRole226DB0CB" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Policy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "0.0.0" + } + }, + "UpdatePipeline": { + "id": "UpdatePipeline", + "path": "PipelineStack/Pipeline/UpdatePipeline", + "children": { + "SelfMutation": { + "id": "SelfMutation", + "path": "PipelineStack/Pipeline/UpdatePipeline/SelfMutation", + "children": { + "Role": { + "id": "Role", + "path": "PipelineStack/Pipeline/UpdatePipeline/SelfMutation/Role", + "children": { + "ImportRole": { + "id": "ImportRole", + "path": "PipelineStack/Pipeline/UpdatePipeline/SelfMutation/Role/ImportRole", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "PipelineStack/Pipeline/UpdatePipeline/SelfMutation/Role/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "codebuild.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "0.0.0" + } + }, + "DefaultPolicy": { + "id": "DefaultPolicy", + "path": "PipelineStack/Pipeline/UpdatePipeline/SelfMutation/Role/DefaultPolicy", + "children": { + "Resource": { + "id": "Resource", + "path": "PipelineStack/Pipeline/UpdatePipeline/SelfMutation/Role/DefaultPolicy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Policy", + "aws:cdk:cloudformation:props": { + "policyDocument": { + "Statement": [ + { + "Action": [ + "logs:CreateLogGroup", + "logs:CreateLogStream", + "logs:PutLogEvents" + ], + "Effect": "Allow", + "Resource": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":log-group:/aws/codebuild/", + { + "Ref": "PipelineUpdatePipelineSelfMutationDAA41400" + }, + ":*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":log-group:/aws/codebuild/", + { + "Ref": "PipelineUpdatePipelineSelfMutationDAA41400" + } + ] + ] + } + ] + }, + { + "Action": [ + "codebuild:BatchPutCodeCoverages", + "codebuild:BatchPutTestCases", + "codebuild:CreateReport", + "codebuild:CreateReportGroup", + "codebuild:UpdateReport" + ], + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":codebuild:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":report-group/", + { + "Ref": "PipelineUpdatePipelineSelfMutationDAA41400" + }, + "-*" + ] + ] + } + }, + { + "Action": "sts:AssumeRole", + "Condition": { + "ForAnyValue:StringEquals": { + "iam:ResourceTag/aws-cdk:bootstrap-role": [ + "image-publishing", + "file-publishing", + "deploy" + ] + } + }, + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:*:iam::", + { + "Ref": "AWS::AccountId" + }, + ":role/*" + ] + ] + } + }, + { + "Action": [ + "cloudformation:DescribeStacks", + "s3:ListBucket" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "s3:GetBucket*", + "s3:GetObject*", + "s3:List*" + ], + "Effect": "Allow", + "Resource": [ + { + "Fn::GetAtt": [ + "PipelineArtifactsBucketAEA9A052", + "Arn" + ] + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "PipelineArtifactsBucketAEA9A052", + "Arn" + ] + }, + "/*" + ] + ] + } + ] + } + ], + "Version": "2012-10-17" + }, + "policyName": "PipelineUpdatePipelineSelfMutationRoleDefaultPolicyA225DA4E", + "roles": [ + { + "Ref": "PipelineUpdatePipelineSelfMutationRole57E559E8" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Policy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "PipelineStack/Pipeline/UpdatePipeline/SelfMutation/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::CodeBuild::Project", + "aws:cdk:cloudformation:props": { + "artifacts": { + "type": "CODEPIPELINE" + }, + "cache": { + "type": "NO_CACHE" + }, + "description": "Pipeline step PipelineStack/Pipeline/UpdatePipeline/SelfMutate", + "encryptionKey": "alias/aws/s3", + "environment": { + "type": "LINUX_CONTAINER", + "image": "aws/codebuild/standard:7.0", + "imagePullCredentialsType": "CODEBUILD", + "privilegedMode": false, + "computeType": "BUILD_GENERAL1_SMALL" + }, + "serviceRole": { + "Fn::GetAtt": [ + "PipelineUpdatePipelineSelfMutationRole57E559E8", + "Arn" + ] + }, + "source": { + "type": "CODEPIPELINE", + "buildSpec": "{\n \"version\": \"0.2\",\n \"phases\": {\n \"install\": {\n \"commands\": [\n \"npm install -g aws-cdk@2\"\n ]\n },\n \"build\": {\n \"commands\": [\n \"cdk -a . deploy PipelineStack --require-approval=never --verbose\"\n ]\n }\n }\n}" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_codebuild.CfnProject", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_codebuild.PipelineProject", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.pipelines.CodePipeline", + "version": "0.0.0" + } + }, + "Beta": { + "id": "Beta", + "path": "PipelineStack/Beta", + "children": { + "Stack1": { + "id": "Stack1", + "path": "PipelineStack/Beta/Stack1", + "children": { + "Queue": { + "id": "Queue", + "path": "PipelineStack/Beta/Stack1/Queue", + "children": { + "Resource": { + "id": "Resource", + "path": "PipelineStack/Beta/Stack1/Queue/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::SQS::Queue", + "aws:cdk:cloudformation:props": {} + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_sqs.CfnQueue", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_sqs.Queue", + "version": "0.0.0" + } + }, + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "PipelineStack/Beta/Stack1/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "PipelineStack/Beta/Stack1/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stage", + "version": "0.0.0" + } + }, + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "PipelineStack/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "PipelineStack/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + }, + "PipelineStackInteg": { + "id": "PipelineStackInteg", + "path": "PipelineStackInteg", + "children": { + "DefaultTest": { + "id": "DefaultTest", + "path": "PipelineStackInteg/DefaultTest", + "children": { + "Default": { + "id": "Default", + "path": "PipelineStackInteg/DefaultTest/Default", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "DeployAssert": { + "id": "DeployAssert", + "path": "PipelineStackInteg/DefaultTest/DeployAssert", + "children": { + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "PipelineStackInteg/DefaultTest/DeployAssert/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "PipelineStackInteg/DefaultTest/DeployAssert/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTestCase", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTest", + "version": "0.0.0" + } + }, + "Tree": { + "id": "Tree", + "path": "Tree", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.App", + "version": "0.0.0" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.newpipeline-with-codestar-connection.ts b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.newpipeline-with-codestar-connection.ts new file mode 100644 index 0000000000000..a81719658a5c4 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.newpipeline-with-codestar-connection.ts @@ -0,0 +1,52 @@ +// eslint-disable-next-line import/no-extraneous-dependencies +/// !cdk-integ PipelineStack pragma:set-context:@aws-cdk/core:newStyleStackSynthesis=true +import * as sqs from 'aws-cdk-lib/aws-sqs'; +import { App, Stack, StackProps, Stage, StageProps } from 'aws-cdk-lib'; +import { Construct } from 'constructs'; +import * as pipelines from 'aws-cdk-lib/pipelines'; +import * as integ from '@aws-cdk/integ-tests-alpha'; + +class PipelineStack extends Stack { + constructor(scope: Construct, id: string, props?: StackProps) { + super(scope, id, props); + + const pipeline = new pipelines.CodePipeline(this, 'Pipeline', { + synth: new pipelines.ShellStep('Synth', { + input: pipelines.CodePipelineSource.connection( + 'owner/group/repo', 'master', { + // connectionArn is dummy as this test case just validates if pipeline is deployed successfully or not. + connectionArn: 'arn:aws:codestar-connections:us-east-1:111111111111:connection/184ba85d-b626-48ef-960f-b377c9c01a76', + }), + commands: [ + 'npm ci', + 'npm run build', + 'npx cdk synth', + ], + }), + }); + + pipeline.addStage(new AppStage(this, 'Beta')); + + } +} + +class AppStage extends Stage { + constructor(scope: Construct, id: string, props?: StageProps) { + super(scope, id, props); + + const stack1 = new Stack(this, 'Stack1'); + new sqs.Queue(stack1, 'Queue'); + } +} + +const app = new App({ + postCliContext: { + '@aws-cdk/core:newStyleStackSynthesis': '1', + '@aws-cdk/aws-codepipeline:defaultPipelineTypeToV2': false, + }, +}); +const stack = new PipelineStack(app, 'PipelineStack'); + +new integ.IntegTest(app, 'PipelineStackInteg', { + testCases: [stack], +}); \ No newline at end of file diff --git a/packages/aws-cdk-lib/pipelines/lib/codepipeline/codepipeline-source.ts b/packages/aws-cdk-lib/pipelines/lib/codepipeline/codepipeline-source.ts index 85e9c3702645c..ee954e493e3fd 100644 --- a/packages/aws-cdk-lib/pipelines/lib/codepipeline/codepipeline-source.ts +++ b/packages/aws-cdk-lib/pipelines/lib/codepipeline/codepipeline-source.ts @@ -424,15 +424,35 @@ class CodeStarConnectionSource extends CodePipelineSource { constructor(repoString: string, readonly branch: string, readonly props: ConnectionSourceOptions) { super(repoString); - const parts = repoString.split('/'); - if (Token.isUnresolved(repoString) || parts.length !== 2) { - throw new Error(`CodeStar repository name should be a resolved string like '/', got '${repoString}'`); + if (!this.isValidRepoString(repoString)) { + throw new Error(`CodeStar repository name should be a resolved string like '/' or '///.../', got '${repoString}'`); } + + const parts = repoString.split('/'); + this.owner = parts[0]; - this.repo = parts[1]; + this.repo = parts.slice(1).join('/'); this.configurePrimaryOutput(new FileSet('Source', this)); } + private isValidRepoString(repoString: string) { + if (Token.isUnresolved(repoString)) { + return false; + } + + const parts = repoString.split('/'); + + // minimum length is 2 (owner/repo) and + // maximum length is 22 (owner/parent group/twenty sub groups/repo). + // maximum length is based on limitation of GitLab, see https://docs.gitlab.com/ee/user/group/subgroups/ + if (parts.length < 2 || parts.length > 23) { + return false; + } + + // check if all element in parts is not empty + return parts.every(element => element !== ''); + } + protected getAction(output: Artifact, actionName: string, runOrder: number, variablesNamespace?: string) { return new cp_actions.CodeStarConnectionsSourceAction({ output, diff --git a/packages/aws-cdk-lib/pipelines/test/codepipeline/codepipeline-sources.test.ts b/packages/aws-cdk-lib/pipelines/test/codepipeline/codepipeline-sources.test.ts index d721b23a1c026..abdc2c904431a 100644 --- a/packages/aws-cdk-lib/pipelines/test/codepipeline/codepipeline-sources.test.ts +++ b/packages/aws-cdk-lib/pipelines/test/codepipeline/codepipeline-sources.test.ts @@ -193,6 +193,49 @@ test('Dashes in repo names are removed from artifact names', () => { }); }); +test.each([ + 'owner/repo', + 'owner/group1/group2/groupN/repo', + 'owner/p1/s1/s2/s3/s4/s5/s6/s7/s8/s9/s10/s11/s12/s13/s14/s15/s16/s17/s18/s19/s20/repo', +])('CodeStar connection honors all valid properties', (repoString) => { + const connectionArn = 'arn:aws:codestar-connections:us-east-1:123456789012:connection/12345678-abcd-12ab-34cdef5678gh'; + + new ModernTestGitHubNpmPipeline(pipelineStack, 'Pipeline', { + input: cdkp.CodePipelineSource.connection(repoString, 'main', { + connectionArn: connectionArn, + }), + }); + + Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', { + Stages: Match.arrayWith([{ + Name: 'Source', + Actions: [ + Match.objectLike({ + Configuration: Match.objectLike({ + FullRepositoryId: repoString, + BranchName: 'main', + ConnectionArn: connectionArn, + }), + Name: repoString.replace(/\//g, '_'), + }), + ], + }]), + }); +}); + +test.each([ + 'repo-only', + 'owner//duplicatedDash/repo', + 'owner/p1/s1/s2/s3/s4/s5/s6/s7/s8/s9/s10/s11/s12/s13/s14/s15/s16/s17/s18/s19/s20/s21/repo', +])('CodeStar connection does not accept ill-formatted identifiers', (repoString) => { + expect(() => { + new ModernTestGitHubNpmPipeline(pipelineStack, 'Pipeline', { + input: cdkp.CodePipelineSource.connection(repoString, 'main', + { connectionArn: 'arn:aws:codestar-connections:us-east-1:123456789012:connection/12345678-abcd-12ab-34cdef5678gh' }), + }); + }).toThrow(`CodeStar repository name should be a resolved string like \'/\' or \'///.../\', got \'${repoString}\'`); +}); + test('artifact names are never longer than 128 characters', () => { new ModernTestGitHubNpmPipeline(pipelineStack, 'Pipeline', { input: cdkp.CodePipelineSource.gitHub('owner/' + 'my-repo'.repeat(100), 'main'), From 70dc4e8e8ca94694a732989d9c8233ab14c83b00 Mon Sep 17 00:00:00 2001 From: Calvin Combs <66279577+comcalvi@users.noreply.github.com> Date: Tue, 2 Apr 2024 10:18:17 -0700 Subject: [PATCH 03/14] chore(CLI): add `--changeset` as an alias for `--change-set` (#29683) Some customers have typo'd `--no-changeset` where `--no-change-set` was expected. Make these two aliases of each other since they're easy to mix up, and this flag being valid changes the permissions used by diff, which will cause errors in certain environments. tested manually. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- packages/aws-cdk/lib/cli.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/aws-cdk/lib/cli.ts b/packages/aws-cdk/lib/cli.ts index 27530c59ff215..708f9f5783677 100644 --- a/packages/aws-cdk/lib/cli.ts +++ b/packages/aws-cdk/lib/cli.ts @@ -265,7 +265,7 @@ async function parseCommandLineArguments(args: string[]) { .option('fail', { type: 'boolean', desc: 'Fail with exit code 1 in case of diff' }) .option('processed', { type: 'boolean', desc: 'Whether to compare against the template with Transforms already processed', default: false }) .option('quiet', { type: 'boolean', alias: 'q', desc: 'Do not print stack name and default message when there is no diff to stdout', default: false }) - .option('change-set', { type: 'boolean', desc: 'Whether to create a changeset to analyze resource replacements. In this mode, diff will use the deploy role instead of the lookup role.', default: true })) + .option('change-set', { type: 'boolean', alias: 'changeset', desc: 'Whether to create a changeset to analyze resource replacements. In this mode, diff will use the deploy role instead of the lookup role.', default: true })) .command('metadata [STACK]', 'Returns all metadata associated with this stack') .command(['acknowledge [ID]', 'ack [ID]'], 'Acknowledge a notice so that it does not show up anymore') .command('notices', 'Returns a list of relevant notices') From a12887b593ef6796f63bf754a3d381676d2e5155 Mon Sep 17 00:00:00 2001 From: Matthew Morrison Date: Tue, 2 Apr 2024 15:47:27 -0500 Subject: [PATCH 04/14] fix(cloudwatch-actions): `LambdaAction` fails if added to multiple action types (#29515) Closes. #29514 ### Reason for this change Adding the same lambda as the action for multiple status changes (alarm, ok, insufficient data) causes an error because of logical id conflicts. ### Description of changes Before adding the `lambda:InvokeFunction` permission to the lambda's resource policy, it checks to see if one already exists. I considered not including this change under the `LAMBDA_PERMISSION_LOGICAL_ID_FOR_LAMBDA_ACTION` feature flag but, it breaks the `throws when multiple alarms are created for the same lambda if feature flag is set to false` test because it no longer throws. I understand that a major goal of the project is to keep behavior consistent however, it seems like it would be beneficial to fix an undesirable behavior without the need of configuring a feature flag. This is my first contribution so I am new to this, could my change warrant its own feature flag? ### Description of how you validated changes Expanded upon existing unit tests. ### Checklist - [X] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- ...larmActionIntegrationTestStack.assets.json | 4 +- ...rmActionIntegrationTestStack.template.json | 56 +++++++++++++++++++ ...rationTestStackWithFeatureFlag.assets.json | 4 +- ...tionTestStackWithFeatureFlag.template.json | 56 +++++++++++++++++++ .../manifest.json | 2 +- .../tree.json | 56 +++++++++++++++++++ .../test/integ.lambda-alarm-action.ts | 12 ++++ .../aws-cloudwatch-actions/lib/lambda.ts | 20 +++++-- .../test/lambda.test.ts | 45 ++++++++++++++- 9 files changed, 243 insertions(+), 12 deletions(-) diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-cloudwatch-actions/test/integ.lambda-alarm-action.js.snapshot/LambdaAlarmActionIntegrationTestStack.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-cloudwatch-actions/test/integ.lambda-alarm-action.js.snapshot/LambdaAlarmActionIntegrationTestStack.assets.json index 885823e5c7cdf..565a447c421aa 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-cloudwatch-actions/test/integ.lambda-alarm-action.js.snapshot/LambdaAlarmActionIntegrationTestStack.assets.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-cloudwatch-actions/test/integ.lambda-alarm-action.js.snapshot/LambdaAlarmActionIntegrationTestStack.assets.json @@ -1,7 +1,7 @@ { "version": "36.0.0", "files": { - "443cd498fca620868cfc5e66c6d03b3dcd2cc9d88b6eba24927a4e8d06ae7984": { + "db34b72b17af5b7d83e311e6552b5f6cc3c82caf16943655fcbabc28a5c9b826": { "source": { "path": "LambdaAlarmActionIntegrationTestStack.template.json", "packaging": "file" @@ -9,7 +9,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "443cd498fca620868cfc5e66c6d03b3dcd2cc9d88b6eba24927a4e8d06ae7984.json", + "objectKey": "db34b72b17af5b7d83e311e6552b5f6cc3c82caf16943655fcbabc28a5c9b826.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-cloudwatch-actions/test/integ.lambda-alarm-action.js.snapshot/LambdaAlarmActionIntegrationTestStack.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-cloudwatch-actions/test/integ.lambda-alarm-action.js.snapshot/LambdaAlarmActionIntegrationTestStack.template.json index c2fe3bad39eb1..d9b3e13120a6d 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-cloudwatch-actions/test/integ.lambda-alarm-action.js.snapshot/LambdaAlarmActionIntegrationTestStack.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-cloudwatch-actions/test/integ.lambda-alarm-action.js.snapshot/LambdaAlarmActionIntegrationTestStack.template.json @@ -79,8 +79,36 @@ } ], "EvaluationPeriods": 1, + "InsufficientDataActions": [ + { + "Ref": "alarmLambdaFeatureCurrentVersionCF39751979501d2f67eaf906b2ef0c378303873b" + }, + { + "Ref": "alarmLambdaFeatureAliasaliasName16F91D34" + }, + { + "Fn::GetAtt": [ + "alarmLambdaFeatureD560800F", + "Arn" + ] + } + ], "MetricName": "Errors", "Namespace": "AWS/Lambda", + "OKActions": [ + { + "Ref": "alarmLambdaFeatureCurrentVersionCF39751979501d2f67eaf906b2ef0c378303873b" + }, + { + "Ref": "alarmLambdaFeatureAliasaliasName16F91D34" + }, + { + "Fn::GetAtt": [ + "alarmLambdaFeatureD560800F", + "Arn" + ] + } + ], "Period": 60, "Statistic": "Sum", "Threshold": 1, @@ -309,8 +337,36 @@ } ], "EvaluationPeriods": 1, + "InsufficientDataActions": [ + { + "Ref": "alarmLambdaFeatureCurrentVersionCF39751979501d2f67eaf906b2ef0c378303873b" + }, + { + "Ref": "alarmLambdaFeatureAliasaliasName16F91D34" + }, + { + "Fn::GetAtt": [ + "alarmLambdaFeatureD560800F", + "Arn" + ] + } + ], "MetricName": "Errors", "Namespace": "AWS/Lambda", + "OKActions": [ + { + "Ref": "alarmLambdaFeatureCurrentVersionCF39751979501d2f67eaf906b2ef0c378303873b" + }, + { + "Ref": "alarmLambdaFeatureAliasaliasName16F91D34" + }, + { + "Fn::GetAtt": [ + "alarmLambdaFeatureD560800F", + "Arn" + ] + } + ], "Period": 60, "Statistic": "Sum", "Threshold": 1, diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-cloudwatch-actions/test/integ.lambda-alarm-action.js.snapshot/LambdaAlarmActionIntegrationTestStackWithFeatureFlag.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-cloudwatch-actions/test/integ.lambda-alarm-action.js.snapshot/LambdaAlarmActionIntegrationTestStackWithFeatureFlag.assets.json index edab5767ec4c1..f24eedcc75bd4 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-cloudwatch-actions/test/integ.lambda-alarm-action.js.snapshot/LambdaAlarmActionIntegrationTestStackWithFeatureFlag.assets.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-cloudwatch-actions/test/integ.lambda-alarm-action.js.snapshot/LambdaAlarmActionIntegrationTestStackWithFeatureFlag.assets.json @@ -1,7 +1,7 @@ { "version": "36.0.0", "files": { - "443cd498fca620868cfc5e66c6d03b3dcd2cc9d88b6eba24927a4e8d06ae7984": { + "db34b72b17af5b7d83e311e6552b5f6cc3c82caf16943655fcbabc28a5c9b826": { "source": { "path": "LambdaAlarmActionIntegrationTestStackWithFeatureFlag.template.json", "packaging": "file" @@ -9,7 +9,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "443cd498fca620868cfc5e66c6d03b3dcd2cc9d88b6eba24927a4e8d06ae7984.json", + "objectKey": "db34b72b17af5b7d83e311e6552b5f6cc3c82caf16943655fcbabc28a5c9b826.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-cloudwatch-actions/test/integ.lambda-alarm-action.js.snapshot/LambdaAlarmActionIntegrationTestStackWithFeatureFlag.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-cloudwatch-actions/test/integ.lambda-alarm-action.js.snapshot/LambdaAlarmActionIntegrationTestStackWithFeatureFlag.template.json index c2fe3bad39eb1..d9b3e13120a6d 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-cloudwatch-actions/test/integ.lambda-alarm-action.js.snapshot/LambdaAlarmActionIntegrationTestStackWithFeatureFlag.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-cloudwatch-actions/test/integ.lambda-alarm-action.js.snapshot/LambdaAlarmActionIntegrationTestStackWithFeatureFlag.template.json @@ -79,8 +79,36 @@ } ], "EvaluationPeriods": 1, + "InsufficientDataActions": [ + { + "Ref": "alarmLambdaFeatureCurrentVersionCF39751979501d2f67eaf906b2ef0c378303873b" + }, + { + "Ref": "alarmLambdaFeatureAliasaliasName16F91D34" + }, + { + "Fn::GetAtt": [ + "alarmLambdaFeatureD560800F", + "Arn" + ] + } + ], "MetricName": "Errors", "Namespace": "AWS/Lambda", + "OKActions": [ + { + "Ref": "alarmLambdaFeatureCurrentVersionCF39751979501d2f67eaf906b2ef0c378303873b" + }, + { + "Ref": "alarmLambdaFeatureAliasaliasName16F91D34" + }, + { + "Fn::GetAtt": [ + "alarmLambdaFeatureD560800F", + "Arn" + ] + } + ], "Period": 60, "Statistic": "Sum", "Threshold": 1, @@ -309,8 +337,36 @@ } ], "EvaluationPeriods": 1, + "InsufficientDataActions": [ + { + "Ref": "alarmLambdaFeatureCurrentVersionCF39751979501d2f67eaf906b2ef0c378303873b" + }, + { + "Ref": "alarmLambdaFeatureAliasaliasName16F91D34" + }, + { + "Fn::GetAtt": [ + "alarmLambdaFeatureD560800F", + "Arn" + ] + } + ], "MetricName": "Errors", "Namespace": "AWS/Lambda", + "OKActions": [ + { + "Ref": "alarmLambdaFeatureCurrentVersionCF39751979501d2f67eaf906b2ef0c378303873b" + }, + { + "Ref": "alarmLambdaFeatureAliasaliasName16F91D34" + }, + { + "Fn::GetAtt": [ + "alarmLambdaFeatureD560800F", + "Arn" + ] + } + ], "Period": 60, "Statistic": "Sum", "Threshold": 1, diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-cloudwatch-actions/test/integ.lambda-alarm-action.js.snapshot/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/aws-cloudwatch-actions/test/integ.lambda-alarm-action.js.snapshot/manifest.json index ef633b1f8a767..cb7ad58c6f4ed 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-cloudwatch-actions/test/integ.lambda-alarm-action.js.snapshot/manifest.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-cloudwatch-actions/test/integ.lambda-alarm-action.js.snapshot/manifest.json @@ -18,7 +18,7 @@ "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/443cd498fca620868cfc5e66c6d03b3dcd2cc9d88b6eba24927a4e8d06ae7984.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/db34b72b17af5b7d83e311e6552b5f6cc3c82caf16943655fcbabc28a5c9b826.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-cloudwatch-actions/test/integ.lambda-alarm-action.js.snapshot/tree.json b/packages/@aws-cdk-testing/framework-integ/test/aws-cloudwatch-actions/test/integ.lambda-alarm-action.js.snapshot/tree.json index 25a6b9b0b96f7..48b6babc0fda7 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-cloudwatch-actions/test/integ.lambda-alarm-action.js.snapshot/tree.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-cloudwatch-actions/test/integ.lambda-alarm-action.js.snapshot/tree.json @@ -135,8 +135,36 @@ } ], "evaluationPeriods": 1, + "insufficientDataActions": [ + { + "Ref": "alarmLambdaFeatureCurrentVersionCF39751979501d2f67eaf906b2ef0c378303873b" + }, + { + "Ref": "alarmLambdaFeatureAliasaliasName16F91D34" + }, + { + "Fn::GetAtt": [ + "alarmLambdaFeatureD560800F", + "Arn" + ] + } + ], "metricName": "Errors", "namespace": "AWS/Lambda", + "okActions": [ + { + "Ref": "alarmLambdaFeatureCurrentVersionCF39751979501d2f67eaf906b2ef0c378303873b" + }, + { + "Ref": "alarmLambdaFeatureAliasaliasName16F91D34" + }, + { + "Fn::GetAtt": [ + "alarmLambdaFeatureD560800F", + "Arn" + ] + } + ], "period": 60, "statistic": "Sum", "threshold": 1, @@ -516,8 +544,36 @@ } ], "evaluationPeriods": 1, + "insufficientDataActions": [ + { + "Ref": "alarmLambdaFeatureCurrentVersionCF39751979501d2f67eaf906b2ef0c378303873b" + }, + { + "Ref": "alarmLambdaFeatureAliasaliasName16F91D34" + }, + { + "Fn::GetAtt": [ + "alarmLambdaFeatureD560800F", + "Arn" + ] + } + ], "metricName": "Errors", "namespace": "AWS/Lambda", + "okActions": [ + { + "Ref": "alarmLambdaFeatureCurrentVersionCF39751979501d2f67eaf906b2ef0c378303873b" + }, + { + "Ref": "alarmLambdaFeatureAliasaliasName16F91D34" + }, + { + "Fn::GetAtt": [ + "alarmLambdaFeatureD560800F", + "Arn" + ] + } + ], "period": 60, "statistic": "Sum", "threshold": 1, diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-cloudwatch-actions/test/integ.lambda-alarm-action.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-cloudwatch-actions/test/integ.lambda-alarm-action.ts index 48e806f6f191b..2b0791695d849 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-cloudwatch-actions/test/integ.lambda-alarm-action.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-cloudwatch-actions/test/integ.lambda-alarm-action.ts @@ -40,6 +40,12 @@ class LambdaAlarmActionIntegrationTestStack extends Stack { alarm.addAlarmAction(new cloudwatchActions.LambdaAction(version)); alarm.addAlarmAction(new cloudwatchActions.LambdaAction(aliasName)); alarm.addAlarmAction(new cloudwatchActions.LambdaAction(alarmLambda)); + alarm.addOkAction(new cloudwatchActions.LambdaAction(version)); + alarm.addOkAction(new cloudwatchActions.LambdaAction(aliasName)); + alarm.addOkAction(new cloudwatchActions.LambdaAction(alarmLambda)); + alarm.addInsufficientDataAction(new cloudwatchActions.LambdaAction(version)); + alarm.addInsufficientDataAction(new cloudwatchActions.LambdaAction(aliasName)); + alarm.addInsufficientDataAction(new cloudwatchActions.LambdaAction(alarmLambda)); if (isFeature) { const alarm2 = new cloudwatch.Alarm(this, `Alarm${lambdaIdSuffix}`, { @@ -53,6 +59,12 @@ class LambdaAlarmActionIntegrationTestStack extends Stack { alarm2.addAlarmAction(new cloudwatchActions.LambdaAction(version)); alarm2.addAlarmAction(new cloudwatchActions.LambdaAction(aliasName)); alarm2.addAlarmAction(new cloudwatchActions.LambdaAction(alarmLambda)); + alarm2.addOkAction(new cloudwatchActions.LambdaAction(version)); + alarm2.addOkAction(new cloudwatchActions.LambdaAction(aliasName)); + alarm2.addOkAction(new cloudwatchActions.LambdaAction(alarmLambda)); + alarm2.addInsufficientDataAction(new cloudwatchActions.LambdaAction(version)); + alarm2.addInsufficientDataAction(new cloudwatchActions.LambdaAction(aliasName)); + alarm2.addInsufficientDataAction(new cloudwatchActions.LambdaAction(alarmLambda)); } } } diff --git a/packages/aws-cdk-lib/aws-cloudwatch-actions/lib/lambda.ts b/packages/aws-cdk-lib/aws-cloudwatch-actions/lib/lambda.ts index 13312dc51caa9..cbbe19fb83103 100644 --- a/packages/aws-cdk-lib/aws-cloudwatch-actions/lib/lambda.ts +++ b/packages/aws-cdk-lib/aws-cloudwatch-actions/lib/lambda.ts @@ -23,12 +23,20 @@ export class LambdaAction implements cloudwatch.IAlarmAction { */ bind(scope: Construct, alarm: cloudwatch.IAlarm): cloudwatch.AlarmActionConfig { const idPrefix = FeatureFlags.of(scope).isEnabled(LAMBDA_PERMISSION_LOGICAL_ID_FOR_LAMBDA_ACTION) ? alarm.node.id : ''; - this.lambdaFunction.addPermission(`${idPrefix}AlarmPermission`, { - sourceAccount: Stack.of(scope).account, - action: 'lambda:InvokeFunction', - sourceArn: alarm.alarmArn, - principal: new iam.ServicePrincipal('lambda.alarms.cloudwatch.amazonaws.com'), - }); + const permissionId = `${idPrefix}AlarmPermission`; + const permissionNode = this.lambdaFunction.permissionsNode.tryFindChild(permissionId) as lambda.CfnPermission | undefined; + + // If the Lambda permission has already been added to this function + // we skip adding it to avoid an exception being thrown + // see https://github.com/aws/aws-cdk/issues/29514 + if (permissionNode?.sourceArn !== alarm.alarmArn) { + this.lambdaFunction.addPermission(permissionId, { + sourceAccount: Stack.of(scope).account, + action: 'lambda:InvokeFunction', + sourceArn: alarm.alarmArn, + principal: new iam.ServicePrincipal('lambda.alarms.cloudwatch.amazonaws.com'), + }); + } return { alarmActionArn: this.lambdaFunction.functionArn, diff --git a/packages/aws-cdk-lib/aws-cloudwatch-actions/test/lambda.test.ts b/packages/aws-cdk-lib/aws-cloudwatch-actions/test/lambda.test.ts index 027dfcd3f17f6..3c32c3b3a1d75 100644 --- a/packages/aws-cdk-lib/aws-cloudwatch-actions/test/lambda.test.ts +++ b/packages/aws-cdk-lib/aws-cloudwatch-actions/test/lambda.test.ts @@ -139,7 +139,12 @@ def handler(event, context): handler: 'index.handler', }); alarm1.addAlarmAction(new actions.LambdaAction(alarmLambda)); + alarm1.addOkAction(new actions.LambdaAction(alarmLambda)); + alarm1.addInsufficientDataAction(new actions.LambdaAction(alarmLambda)); + alarm2.addAlarmAction(new actions.LambdaAction(alarmLambda)); + alarm2.addOkAction(new actions.LambdaAction(alarmLambda)); + alarm2.addInsufficientDataAction(new actions.LambdaAction(alarmLambda)); // THEN Template.fromStack(stack).resourceCountIs('AWS::CloudWatch::Alarm', 2); @@ -173,9 +178,47 @@ def handler(event, context): handler: 'index.handler', }); alarm1.addAlarmAction(new actions.LambdaAction(alarmLambda)); + alarm1.addOkAction(new actions.LambdaAction(alarmLambda)); + alarm1.addInsufficientDataAction(new actions.LambdaAction(alarmLambda)); // THEN expect(() => { alarm2.addAlarmAction(new actions.LambdaAction(alarmLambda)); }).toThrow(/There is already a Construct with name 'AlarmPermission' in Function \[alarmLambda\]/); -}); \ No newline at end of file +}); + +test('can use same lambda for same action multiple time', () => { + const stack = new Stack(); + const alarm = new cloudwatch.Alarm(stack, 'Alarm', { + metric: new cloudwatch.Metric({ namespace: 'AWS', metricName: 'Test' }), + evaluationPeriods: 3, + threshold: 100, + }); + + // WHEN + const alarmLambda = new lambda.Function(stack, 'alarmLambda', { + runtime: lambda.Runtime.PYTHON_3_12, + functionName: 'alarmLambda', + code: lambda.Code.fromInline(` +def handler(event, context): + print('event:', event) + print('.............................................') + print('context:', context)`), + handler: 'index.handler', + }); + alarm.addAlarmAction(new actions.LambdaAction(alarmLambda)); + alarm.addAlarmAction(new actions.LambdaAction(alarmLambda)); + + // THEN + Template.fromStack(stack).resourceCountIs('AWS::Lambda::Permission', 1); + Template.fromStack(stack).hasResourceProperties('AWS::CloudWatch::Alarm', { + AlarmActions: [ + { + 'Fn::GetAtt': ['alarmLambda131DB691', 'Arn'], + }, + { + 'Fn::GetAtt': ['alarmLambda131DB691', 'Arn'], + }, + ], + }); +}); From 36fd79d8714bd29527bb1184ec10cd504b83510d Mon Sep 17 00:00:00 2001 From: Kip <134538209+kishiel@users.noreply.github.com> Date: Tue, 2 Apr 2024 16:16:18 -0500 Subject: [PATCH 05/14] fix(iam): grantAssumeRole silently fails with service and account principals (#29452) ### Issue #24507 ### Reason for this change grantAssumeRole silently fails if a Service Principal or Account Principal is used which led me to a false assumption about the correctness of a role's permission scope ### Description of changes This change will throw an error if a Service Principal is used. I was unable to find a way to accomplish the same behavior for Account Principals. Documentation was updated to help guide a user to the appropriate function usage for Service and Account Principals. ### Description of how you validated changes * Added a unit test * This change required me to re-run two unrelated snapshot tests which were throwing errors outside of the scope of this change. *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- ...efaultTestDeployAssert27007DC6.assets.json | 2 +- .../aws-cdk-iam-managed-policy.assets.json | 2 +- .../integ.managed-policy.js.snapshot/cdk.out | 2 +- .../integ.json | 2 +- .../manifest.json | 11 ++- .../tree.json | 76 +++++++-------- .../test/aws-iam/test/integ.managed-policy.ts | 1 + ...efaultTestDeployAssert274BB918.assets.json | 2 +- .../aws-cdk-iam-policy.assets.json | 6 +- .../aws-cdk-iam-policy.template.json | 28 ++++-- .../test/integ.policy.js.snapshot/cdk.out | 2 +- .../test/integ.policy.js.snapshot/integ.json | 2 +- .../integ.policy.js.snapshot/manifest.json | 12 ++- .../test/integ.policy.js.snapshot/tree.json | 94 +++++++++++++------ .../test/aws-iam/test/integ.policy.ts | 3 +- packages/aws-cdk-lib/aws-iam/README.md | 33 +++++++ packages/aws-cdk-lib/aws-iam/lib/role.ts | 6 +- .../aws-cdk-lib/aws-iam/test/role.test.ts | 32 ++++++- 18 files changed, 226 insertions(+), 90 deletions(-) diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-iam/test/integ.managed-policy.js.snapshot/ManagedPolicyIntegDefaultTestDeployAssert27007DC6.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-iam/test/integ.managed-policy.js.snapshot/ManagedPolicyIntegDefaultTestDeployAssert27007DC6.assets.json index 8b1082c6e9e3e..7bd221a9030e9 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-iam/test/integ.managed-policy.js.snapshot/ManagedPolicyIntegDefaultTestDeployAssert27007DC6.assets.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-iam/test/integ.managed-policy.js.snapshot/ManagedPolicyIntegDefaultTestDeployAssert27007DC6.assets.json @@ -1,5 +1,5 @@ { - "version": "34.0.0", + "version": "36.0.0", "files": { "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { "source": { diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-iam/test/integ.managed-policy.js.snapshot/aws-cdk-iam-managed-policy.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-iam/test/integ.managed-policy.js.snapshot/aws-cdk-iam-managed-policy.assets.json index e3634a40bb81e..a8d7c77ea7ee9 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-iam/test/integ.managed-policy.js.snapshot/aws-cdk-iam-managed-policy.assets.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-iam/test/integ.managed-policy.js.snapshot/aws-cdk-iam-managed-policy.assets.json @@ -1,5 +1,5 @@ { - "version": "34.0.0", + "version": "36.0.0", "files": { "26f1836028ead2829dce663ff9f4b0c71fd9db149cb19a6c54ed9128e3e09120": { "source": { diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-iam/test/integ.managed-policy.js.snapshot/cdk.out b/packages/@aws-cdk-testing/framework-integ/test/aws-iam/test/integ.managed-policy.js.snapshot/cdk.out index 2313ab5436501..1f0068d32659a 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-iam/test/integ.managed-policy.js.snapshot/cdk.out +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-iam/test/integ.managed-policy.js.snapshot/cdk.out @@ -1 +1 @@ -{"version":"34.0.0"} \ No newline at end of file +{"version":"36.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-iam/test/integ.managed-policy.js.snapshot/integ.json b/packages/@aws-cdk-testing/framework-integ/test/aws-iam/test/integ.managed-policy.js.snapshot/integ.json index f9969fc9eec0c..16f5dbc2709ee 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-iam/test/integ.managed-policy.js.snapshot/integ.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-iam/test/integ.managed-policy.js.snapshot/integ.json @@ -1,5 +1,5 @@ { - "version": "34.0.0", + "version": "36.0.0", "testCases": { "ManagedPolicyInteg/DefaultTest": { "stacks": [ diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-iam/test/integ.managed-policy.js.snapshot/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/aws-iam/test/integ.managed-policy.js.snapshot/manifest.json index 002f00e8212b3..6f96e4a674236 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-iam/test/integ.managed-policy.js.snapshot/manifest.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-iam/test/integ.managed-policy.js.snapshot/manifest.json @@ -1,5 +1,5 @@ { - "version": "34.0.0", + "version": "36.0.0", "artifacts": { "aws-cdk-iam-managed-policy.assets": { "type": "cdk:asset-manifest", @@ -69,6 +69,15 @@ "type": "aws:cdk:logicalId", "data": "CheckBootstrapVersion" } + ], + "MyUserDefaultPolicy7B897426": [ + { + "type": "aws:cdk:logicalId", + "data": "MyUserDefaultPolicy7B897426", + "trace": [ + "!!DESTRUCTIVE_CHANGES: WILL_DESTROY" + ] + } ] }, "displayName": "aws-cdk-iam-managed-policy" diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-iam/test/integ.managed-policy.js.snapshot/tree.json b/packages/@aws-cdk-testing/framework-integ/test/aws-iam/test/integ.managed-policy.js.snapshot/tree.json index 09406ac7403d9..08230dd699706 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-iam/test/integ.managed-policy.js.snapshot/tree.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-iam/test/integ.managed-policy.js.snapshot/tree.json @@ -38,14 +38,14 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnUser", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.User", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "OneManagedPolicy": { @@ -56,8 +56,8 @@ "id": "ImportedOneManagedPolicy", "path": "aws-cdk-iam-managed-policy/OneManagedPolicy/ImportedOneManagedPolicy", "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "Resource": { @@ -102,14 +102,14 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnManagedPolicy", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.ManagedPolicy", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "TwoManagedPolicy": { @@ -120,8 +120,8 @@ "id": "ImportedTwoManagedPolicy", "path": "aws-cdk-iam-managed-policy/TwoManagedPolicy/ImportedTwoManagedPolicy", "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "Resource": { @@ -155,14 +155,14 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnManagedPolicy", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.ManagedPolicy", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "Role": { @@ -173,8 +173,8 @@ "id": "ImportRole", "path": "aws-cdk-iam-managed-policy/Role/ImportRole", "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "Resource": { @@ -213,44 +213,44 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnRole", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.Role", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "ImportedRole": { "id": "ImportedRole", "path": "aws-cdk-iam-managed-policy/ImportedRole", "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "BootstrapVersion": { "id": "BootstrapVersion", "path": "aws-cdk-iam-managed-policy/BootstrapVersion", "constructInfo": { - "fqn": "aws-cdk-lib.CfnParameter", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "CheckBootstrapVersion": { "id": "CheckBootstrapVersion", "path": "aws-cdk-iam-managed-policy/CheckBootstrapVersion", "constructInfo": { - "fqn": "aws-cdk-lib.CfnRule", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.Stack", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "ManagedPolicyInteg": { @@ -277,22 +277,22 @@ "id": "BootstrapVersion", "path": "ManagedPolicyInteg/DefaultTest/DeployAssert/BootstrapVersion", "constructInfo": { - "fqn": "aws-cdk-lib.CfnParameter", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "CheckBootstrapVersion": { "id": "CheckBootstrapVersion", "path": "ManagedPolicyInteg/DefaultTest/DeployAssert/CheckBootstrapVersion", "constructInfo": { - "fqn": "aws-cdk-lib.CfnRule", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.Stack", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, @@ -317,8 +317,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.App", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } } \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-iam/test/integ.managed-policy.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-iam/test/integ.managed-policy.ts index 09a466b8453b4..4633262a34cb7 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-iam/test/integ.managed-policy.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-iam/test/integ.managed-policy.ts @@ -25,6 +25,7 @@ user.addManagedPolicy(policy3); const role = new Role(stack, 'Role', { assumedBy: new AccountRootPrincipal() }); role.grantAssumeRole(policy.grantPrincipal); + Grant.addToPrincipal({ actions: ['iam:*'], resourceArns: [role.roleArn], grantee: policy2 }); policy.attachToRole(role); diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-iam/test/integ.policy.js.snapshot/PolicyIntegDefaultTestDeployAssert274BB918.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-iam/test/integ.policy.js.snapshot/PolicyIntegDefaultTestDeployAssert274BB918.assets.json index 1dea1009db69c..3466d1580639c 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-iam/test/integ.policy.js.snapshot/PolicyIntegDefaultTestDeployAssert274BB918.assets.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-iam/test/integ.policy.js.snapshot/PolicyIntegDefaultTestDeployAssert274BB918.assets.json @@ -1,5 +1,5 @@ { - "version": "30.0.0", + "version": "36.0.0", "files": { "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { "source": { diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-iam/test/integ.policy.js.snapshot/aws-cdk-iam-policy.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-iam/test/integ.policy.js.snapshot/aws-cdk-iam-policy.assets.json index cafe95b93a4e6..1eb3b6a6cab5f 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-iam/test/integ.policy.js.snapshot/aws-cdk-iam-policy.assets.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-iam/test/integ.policy.js.snapshot/aws-cdk-iam-policy.assets.json @@ -1,7 +1,7 @@ { - "version": "30.0.0", + "version": "36.0.0", "files": { - "d898a04332095cb0948a67a0182d64a7d0604bb19454a2ce9dcd09153e09bb59": { + "372105a2bc65630c0068c39309addd787e89ace7da989e014b511bd9d462be0a": { "source": { "path": "aws-cdk-iam-policy.template.json", "packaging": "file" @@ -9,7 +9,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "d898a04332095cb0948a67a0182d64a7d0604bb19454a2ce9dcd09153e09bb59.json", + "objectKey": "372105a2bc65630c0068c39309addd787e89ace7da989e014b511bd9d462be0a.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-iam/test/integ.policy.js.snapshot/aws-cdk-iam-policy.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-iam/test/integ.policy.js.snapshot/aws-cdk-iam-policy.template.json index 39d726b0bea03..1621257587ce3 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-iam/test/integ.policy.js.snapshot/aws-cdk-iam-policy.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-iam/test/integ.policy.js.snapshot/aws-cdk-iam-policy.template.json @@ -3,16 +3,11 @@ "MyUserDC45028B": { "Type": "AWS::IAM::User" }, - "HelloPolicyD59007DF": { + "MyUserDefaultPolicy7B897426": { "Type": "AWS::IAM::Policy", "Properties": { "PolicyDocument": { "Statement": [ - { - "Action": "sqs:SendMessage", - "Effect": "Allow", - "Resource": "*" - }, { "Action": "sts:AssumeRole", "Effect": "Allow", @@ -26,6 +21,27 @@ ], "Version": "2012-10-17" }, + "PolicyName": "MyUserDefaultPolicy7B897426", + "Users": [ + { + "Ref": "MyUserDC45028B" + } + ] + } + }, + "HelloPolicyD59007DF": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": "sqs:SendMessage", + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, "PolicyName": "Default", "Users": [ { diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-iam/test/integ.policy.js.snapshot/cdk.out b/packages/@aws-cdk-testing/framework-integ/test/aws-iam/test/integ.policy.js.snapshot/cdk.out index ae4b03c54e770..1f0068d32659a 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-iam/test/integ.policy.js.snapshot/cdk.out +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-iam/test/integ.policy.js.snapshot/cdk.out @@ -1 +1 @@ -{"version":"30.0.0"} \ No newline at end of file +{"version":"36.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-iam/test/integ.policy.js.snapshot/integ.json b/packages/@aws-cdk-testing/framework-integ/test/aws-iam/test/integ.policy.js.snapshot/integ.json index 9a843a137ca36..3c0a370f43539 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-iam/test/integ.policy.js.snapshot/integ.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-iam/test/integ.policy.js.snapshot/integ.json @@ -1,5 +1,5 @@ { - "version": "30.0.0", + "version": "36.0.0", "testCases": { "PolicyInteg/DefaultTest": { "stacks": [ diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-iam/test/integ.policy.js.snapshot/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/aws-iam/test/integ.policy.js.snapshot/manifest.json index 6bed1a5059a29..c3dd1773186d1 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-iam/test/integ.policy.js.snapshot/manifest.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-iam/test/integ.policy.js.snapshot/manifest.json @@ -1,5 +1,5 @@ { - "version": "30.0.0", + "version": "36.0.0", "artifacts": { "aws-cdk-iam-policy.assets": { "type": "cdk:asset-manifest", @@ -14,10 +14,11 @@ "environment": "aws://unknown-account/unknown-region", "properties": { "templateFile": "aws-cdk-iam-policy.template.json", + "terminationProtection": false, "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/d898a04332095cb0948a67a0182d64a7d0604bb19454a2ce9dcd09153e09bb59.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/372105a2bc65630c0068c39309addd787e89ace7da989e014b511bd9d462be0a.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ @@ -39,6 +40,12 @@ "data": "MyUserDC45028B" } ], + "/aws-cdk-iam-policy/MyUser/DefaultPolicy/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "MyUserDefaultPolicy7B897426" + } + ], "/aws-cdk-iam-policy/HelloPolicy/Resource": [ { "type": "aws:cdk:logicalId", @@ -85,6 +92,7 @@ "environment": "aws://unknown-account/unknown-region", "properties": { "templateFile": "PolicyIntegDefaultTestDeployAssert274BB918.template.json", + "terminationProtection": false, "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-iam/test/integ.policy.js.snapshot/tree.json b/packages/@aws-cdk-testing/framework-integ/test/aws-iam/test/integ.policy.js.snapshot/tree.json index 5de3aa0868731..0fbd0593a5d5d 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-iam/test/integ.policy.js.snapshot/tree.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-iam/test/integ.policy.js.snapshot/tree.json @@ -20,13 +20,57 @@ "aws:cdk:cloudformation:props": {} }, "constructInfo": { - "fqn": "@aws-cdk/aws-iam.CfnUser", + "fqn": "aws-cdk-lib.aws_iam.CfnUser", + "version": "0.0.0" + } + }, + "DefaultPolicy": { + "id": "DefaultPolicy", + "path": "aws-cdk-iam-policy/MyUser/DefaultPolicy", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-iam-policy/MyUser/DefaultPolicy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Policy", + "aws:cdk:cloudformation:props": { + "policyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "Role1ABCC5F0", + "Arn" + ] + } + } + ], + "Version": "2012-10-17" + }, + "policyName": "MyUserDefaultPolicy7B897426", + "users": [ + { + "Ref": "MyUserDC45028B" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Policy", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-iam.User", + "fqn": "aws-cdk-lib.aws_iam.User", "version": "0.0.0" } }, @@ -46,16 +90,6 @@ "Action": "sqs:SendMessage", "Effect": "Allow", "Resource": "*" - }, - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "Role1ABCC5F0", - "Arn" - ] - } } ], "Version": "2012-10-17" @@ -69,13 +103,13 @@ } }, "constructInfo": { - "fqn": "@aws-cdk/aws-iam.CfnPolicy", + "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-iam.Policy", + "fqn": "aws-cdk-lib.aws_iam.Policy", "version": "0.0.0" } }, @@ -118,13 +152,13 @@ } }, "constructInfo": { - "fqn": "@aws-cdk/aws-iam.CfnPolicy", + "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-iam.Policy", + "fqn": "aws-cdk-lib.aws_iam.Policy", "version": "0.0.0" } }, @@ -136,7 +170,7 @@ "id": "ImportRole", "path": "aws-cdk-iam-policy/Role/ImportRole", "constructInfo": { - "fqn": "@aws-cdk/core.Resource", + "fqn": "aws-cdk-lib.Resource", "version": "0.0.0" } }, @@ -176,13 +210,13 @@ } }, "constructInfo": { - "fqn": "@aws-cdk/aws-iam.CfnRole", + "fqn": "aws-cdk-lib.aws_iam.CfnRole", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-iam.Role", + "fqn": "aws-cdk-lib.aws_iam.Role", "version": "0.0.0" } }, @@ -190,7 +224,7 @@ "id": "BootstrapVersion", "path": "aws-cdk-iam-policy/BootstrapVersion", "constructInfo": { - "fqn": "@aws-cdk/core.CfnParameter", + "fqn": "aws-cdk-lib.CfnParameter", "version": "0.0.0" } }, @@ -198,13 +232,13 @@ "id": "CheckBootstrapVersion", "path": "aws-cdk-iam-policy/CheckBootstrapVersion", "constructInfo": { - "fqn": "@aws-cdk/core.CfnRule", + "fqn": "aws-cdk-lib.CfnRule", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/core.Stack", + "fqn": "aws-cdk-lib.Stack", "version": "0.0.0" } }, @@ -221,7 +255,7 @@ "path": "PolicyInteg/DefaultTest/Default", "constructInfo": { "fqn": "constructs.Construct", - "version": "10.1.249" + "version": "10.3.0" } }, "DeployAssert": { @@ -232,7 +266,7 @@ "id": "BootstrapVersion", "path": "PolicyInteg/DefaultTest/DeployAssert/BootstrapVersion", "constructInfo": { - "fqn": "@aws-cdk/core.CfnParameter", + "fqn": "aws-cdk-lib.CfnParameter", "version": "0.0.0" } }, @@ -240,25 +274,25 @@ "id": "CheckBootstrapVersion", "path": "PolicyInteg/DefaultTest/DeployAssert/CheckBootstrapVersion", "constructInfo": { - "fqn": "@aws-cdk/core.CfnRule", + "fqn": "aws-cdk-lib.CfnRule", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/core.Stack", + "fqn": "aws-cdk-lib.Stack", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/integ-tests.IntegTestCase", + "fqn": "@aws-cdk/integ-tests-alpha.IntegTestCase", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/integ-tests.IntegTest", + "fqn": "@aws-cdk/integ-tests-alpha.IntegTest", "version": "0.0.0" } }, @@ -267,12 +301,12 @@ "path": "Tree", "constructInfo": { "fqn": "constructs.Construct", - "version": "10.1.249" + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/core.App", + "fqn": "aws-cdk-lib.App", "version": "0.0.0" } } diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-iam/test/integ.policy.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-iam/test/integ.policy.ts index 0f98857c9f03e..68974890aded5 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-iam/test/integ.policy.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-iam/test/integ.policy.ts @@ -17,7 +17,8 @@ policy2.addStatements(new PolicyStatement({ resources: ['*'], actions: ['lambda: policy2.attachToUser(user); const role = new Role(stack, 'Role', { assumedBy: new AccountRootPrincipal() }); -role.grantAssumeRole(policy.grantPrincipal); +role.grantAssumeRole(user); + Grant.addToPrincipal({ actions: ['iam:*'], resourceArns: [role.roleArn], grantee: policy2 }); new IntegTest(app, 'PolicyInteg', { diff --git a/packages/aws-cdk-lib/aws-iam/README.md b/packages/aws-cdk-lib/aws-iam/README.md index 60daf55e5e8b2..b020dc7c55063 100644 --- a/packages/aws-cdk-lib/aws-iam/README.md +++ b/packages/aws-cdk-lib/aws-iam/README.md @@ -369,6 +369,39 @@ new iam.Role(this, 'Role', { }); ``` +### Granting a principal permission to assume a role + +A principal can be granted permission to assume a role using `grantAssumeRole`. + +Note that this does not apply to service principals or account principals as they must be added to the role trust policy via `assumeRolePolicy`. + +```ts +const user = new iam.User(this, 'user') +const role = new iam.Role(this, 'role', { + assumedBy: new iam.AccountPrincipal(this.account) +}); + +role.grantAssumeRole(user); +``` + +### Granting service and account principals permission to assume a role + +Service principals and account principals can be granted permission to assume a role using `assumeRolePolicy` which modifies the role trust policy. + +```ts +const role = new iam.Role(this, 'role', { + assumedBy: new iam.AccountPrincipal(this.account), +}); + +role.assumeRolePolicy?.addStatements(new iam.PolicyStatement({ + actions: ['sts:AssumeRole'], + principals: [ + new iam.AccountPrincipal('123456789'), + new iam.ServicePrincipal('beep-boop.amazonaws.com') + ], +})); +``` + ## Parsing JSON Policy Documents diff --git a/packages/aws-cdk-lib/aws-iam/lib/role.ts b/packages/aws-cdk-lib/aws-iam/lib/role.ts index b8937d7b951aa..c72a569e1214f 100644 --- a/packages/aws-cdk-lib/aws-iam/lib/role.ts +++ b/packages/aws-cdk-lib/aws-iam/lib/role.ts @@ -6,7 +6,7 @@ import { IManagedPolicy, ManagedPolicy } from './managed-policy'; import { Policy } from './policy'; import { PolicyDocument } from './policy-document'; import { PolicyStatement } from './policy-statement'; -import { AddToPrincipalPolicyResult, ArnPrincipal, IPrincipal, PrincipalPolicyFragment } from './principals'; +import { AccountPrincipal, AddToPrincipalPolicyResult, ArnPrincipal, IPrincipal, PrincipalPolicyFragment, ServicePrincipal } from './principals'; import { defaultAddPrincipalToAssumeRole } from './private/assume-role-policy'; import { ImmutableRole } from './private/immutable-role'; import { ImportedRole } from './private/imported-role'; @@ -594,6 +594,10 @@ export class Role extends Resource implements IRole { * Grant permissions to the given principal to assume this role. */ public grantAssumeRole(identity: IPrincipal) { + // Service and account principals must use assumeRolePolicy + if (identity instanceof ServicePrincipal || identity instanceof AccountPrincipal) { + throw new Error('Cannot use a service or account principal with grantAssumeRole, use assumeRolePolicy instead.'); + } return this.grant(identity, 'sts:AssumeRole'); } diff --git a/packages/aws-cdk-lib/aws-iam/test/role.test.ts b/packages/aws-cdk-lib/aws-iam/test/role.test.ts index 88ee4f2d6cbbc..1733b256400c1 100644 --- a/packages/aws-cdk-lib/aws-iam/test/role.test.ts +++ b/packages/aws-cdk-lib/aws-iam/test/role.test.ts @@ -2,7 +2,7 @@ import { testDeprecated } from '@aws-cdk/cdk-build-tools'; import { Construct } from 'constructs'; import { Template, Match, Annotations } from '../../assertions'; import { Duration, Stack, App, CfnResource, RemovalPolicy, Lazy, Stage, DefaultStackSynthesizer, CliCredentialsStackSynthesizer, PERMISSIONS_BOUNDARY_CONTEXT_KEY, PermissionsBoundary, Token } from '../../core'; -import { AnyPrincipal, ArnPrincipal, CompositePrincipal, FederatedPrincipal, ManagedPolicy, PolicyStatement, Role, ServicePrincipal, User, Policy, PolicyDocument, Effect } from '../lib'; +import { AccountPrincipal, AnyPrincipal, ArnPrincipal, CompositePrincipal, FederatedPrincipal, ManagedPolicy, PolicyStatement, Role, ServicePrincipal, User, Policy, PolicyDocument, Effect } from '../lib'; describe('isRole() returns', () => { test('true if given Role instance', () => { @@ -388,6 +388,36 @@ describe('IAM role', () => { }); }); + test('a role cannot grant AssumeRole permission to a Service Principal', () => { + // GIVEN + const stack = new Stack(); + + // WHEN + const user = new User(stack, 'User'); + const role = new Role(stack, 'MyRole', { + assumedBy: user, + }); + + // THEN + expect(() => role.grantAssumeRole(new ServicePrincipal('beep-boop.amazonaws.com'))) + .toThrow('Cannot use a service or account principal with grantAssumeRole, use assumeRolePolicy instead.'); + }); + + test('a role cannot grant AssumeRole permission to an Account Principal', () => { + // GIVEN + const stack = new Stack(); + + // WHEN + const user = new User(stack, 'User'); + const role = new Role(stack, 'MyRole', { + assumedBy: user, + }); + + // THEN + expect(() => role.grantAssumeRole(new AccountPrincipal('123456789'))) + .toThrow('Cannot use a service or account principal with grantAssumeRole, use assumeRolePolicy instead.'); + }); + testDeprecated('can supply externalId', () => { // GIVEN const stack = new Stack(); From 8e3848c4a91e7a32af91c01aad11540ef47abcc4 Mon Sep 17 00:00:00 2001 From: Andrew Hammond <445764+ahammond@users.noreply.github.com> Date: Wed, 3 Apr 2024 10:39:03 -0700 Subject: [PATCH 06/14] fix(elasticloadbalancerV2): logicalId supports switch from addTargetGroups (under feature flag) (#29513) ### Issue ELBv2 logicalId inconsistency of ApplicationListenerRule logicalIds Mitigates #29496 ### Reason for this change People using ALBs who need to migrate from the `addTargetGroups()` convenience method to the lower level `addAction()` method should not be blocked due to inconsistent logicalId's. Further, the logicalIds should be consistent going forward. ### Description of changes There are two feature flags, one which sets a migration compat mode and another which fixed the behaviour to be consistent. ### Description of how you validated changes Unit testing. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- CONTRIBUTING.md | 10 +++--- .../lib/alb/application-listener.ts | 11 ++++-- .../test/alb/listener.test.ts | 35 +++++++++++++++++++ packages/aws-cdk-lib/cx-api/FEATURE_FLAGS.md | 17 +++++++++ packages/aws-cdk-lib/cx-api/README.md | 26 ++++++++++++++ packages/aws-cdk-lib/cx-api/lib/features.ts | 22 ++++++++++++ 6 files changed, 114 insertions(+), 7 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 7644c072eb899..2b2025947dd1c 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -1196,18 +1196,18 @@ Adding a new flag looks as follows: with the name of the context key that enables this new feature (for example, `ENABLE_STACK_NAME_DUPLICATES`). The context key should be in the form `module.Type:feature` (e.g. `@aws-cdk/core:enableStackNameDuplicates`). +2. Add your feature flag to the `FLAGS` map in + [cx-api/lib/features.ts](https://github.com/aws/aws-cdk/blob/main/packages/aws-cdk-lib/cx-api/lib/features.ts). - Set `introducedIn.v2` to the literal string `'V2NEXT'`. - Double negatives should be avoided. If you want to add a flag that disables something that was previously enabled, set `default.v2` to `true` and the `recommendedValue` to `false`. You will need to update a test in `features.test.ts` -- this is okay if you have a good reason. -2. Use `FeatureFlags.of(construct).isEnabled(cxapi.ENABLE_XXX)` to check if this feature is enabled - in your code. If it is not defined, revert to the legacy behavior. -3. Add your feature flag to the `FLAGS` map in - [cx-api/lib/features.ts](https://github.com/aws/aws-cdk/blob/main/packages/aws-cdk-lib/cx-api/lib/features.ts). In - your description, be sure to cover the following: + In your description, be sure to cover the following: - Consciously pick the type of feature flag. Can the flag be removed in a future major version, or not? - Motivate why the feature flag exists. What is the change to existing infrastructure and why is it not safe? - In case of a "default change flag", describe what the user needs to do to restore the old behavior. +3. Use `FeatureFlags.of(construct).isEnabled(cxapi.ENABLE_XXX)` to check if this feature is enabled + in your code. If it is not defined, revert to the legacy behavior. 4. Add an entry for your feature flag in the [README](https://github.com/aws/aws-cdk/blob/main/packages/aws-cdk-lib/cx-api/README.md) file. 5. In your tests, ensure that you test your feature with and without the feature flag enabled. You can do this by passing the feature flag to the `context` property when instantiating an `App`. ```ts diff --git a/packages/aws-cdk-lib/aws-elasticloadbalancingv2/lib/alb/application-listener.ts b/packages/aws-cdk-lib/aws-elasticloadbalancingv2/lib/alb/application-listener.ts index bbb7d02f34214..6d6c269f6de48 100644 --- a/packages/aws-cdk-lib/aws-elasticloadbalancingv2/lib/alb/application-listener.ts +++ b/packages/aws-cdk-lib/aws-elasticloadbalancingv2/lib/alb/application-listener.ts @@ -7,7 +7,7 @@ import { ApplicationTargetGroup, IApplicationLoadBalancerTarget, IApplicationTar import { ListenerCondition } from './conditions'; import * as ec2 from '../../../aws-ec2'; import * as cxschema from '../../../cloud-assembly-schema'; -import { Duration, Lazy, Resource, Token } from '../../../core'; +import { Duration, FeatureFlags, Lazy, Resource, Token } from '../../../core'; import * as cxapi from '../../../cx-api'; import { BaseListener, BaseListenerLookupOptions, IListener } from '../shared/base-listener'; import { HealthCheck } from '../shared/base-target-group'; @@ -664,15 +664,22 @@ abstract class ExternalApplicationListener extends Resource implements IApplicat * It is not possible to add a default action to an imported IApplicationListener. * In order to add actions to an imported IApplicationListener a `priority` * must be provided. + * + * Warning, if you are attempting to migrate an existing `ListenerAction` + * which was declared by the {@link addTargetGroups} method, you will + * need to enable the + * `@aws-cdk/aws-elasticloadbalancingv2:ExternalApplicationListener-noRuleSuffixForAddAction` + * feature flag. */ public addAction(id: string, props: AddApplicationActionProps): void { checkAddRuleProps(props); if (props.priority !== undefined) { + const idSuffix = FeatureFlags.of(this).isEnabled(cxapi.ALBV2_EXTERNALAPPLICATIONLISTENER_SWITCH_FROM_ADDTARGETGROUP_TO_ADDACTION) ? '' : 'Rule'; // New rule // // TargetGroup.registerListener is called inside ApplicationListenerRule. - new ApplicationListenerRule(this, id + 'Rule', { + new ApplicationListenerRule(this, id + idSuffix, { listener: this, priority: props.priority, ...props, diff --git a/packages/aws-cdk-lib/aws-elasticloadbalancingv2/test/alb/listener.test.ts b/packages/aws-cdk-lib/aws-elasticloadbalancingv2/test/alb/listener.test.ts index 907cf8a20a683..0f1f949a2b82b 100644 --- a/packages/aws-cdk-lib/aws-elasticloadbalancingv2/test/alb/listener.test.ts +++ b/packages/aws-cdk-lib/aws-elasticloadbalancingv2/test/alb/listener.test.ts @@ -6,6 +6,7 @@ import { Metric } from '../../../aws-cloudwatch'; import * as ec2 from '../../../aws-ec2'; import * as cdk from '../../../core'; import { SecretValue } from '../../../core'; +import * as cxapi from '../../../cx-api'; import * as elbv2 from '../../lib'; import { FakeSelfRegisteringTarget } from '../helpers'; @@ -1681,6 +1682,40 @@ describe('tests', () => { }).toThrow(/specify only one/); }); + describe('ExternalApplicationListener logicalId support', () => { + + test('compatibility mode for addAction', () => { + // GIVEN + const context = { [cxapi.ALBV2_EXTERNALAPPLICATIONLISTENER_SWITCH_FROM_ADDTARGETGROUP_TO_ADDACTION]: true }; + const app = new cdk.App({ context }); + const stack = new cdk.Stack(app, 'stack', { + env: { + account: '123456789012', + region: 'us-west-2', + }, + }); + const vpc = new ec2.Vpc(stack, 'Stack'); + const targetGroup = new elbv2.ApplicationTargetGroup(stack, 'TargetGroup', { vpc, port: 80 }); + const listener = elbv2.ApplicationListener.fromLookup(stack, 'a', { + loadBalancerTags: { + some: 'tag', + }, + }); + // WHEN + const identifierToken = 'SuperMagicToken'; + listener.addAction(identifierToken, { + action: elbv2.ListenerAction.weightedForward([{ targetGroup, weight: 1 }]), + conditions: [elbv2.ListenerCondition.pathPatterns(['/fake'])], + priority: 42, + }); + + // THEN + const applicationListenerRule = listener.node.children.find((v)=> v.hasOwnProperty('conditions')); + expect(applicationListenerRule).toBeDefined(); + expect(applicationListenerRule!.node.id).toBe(identifierToken); // Should not have `Rule` suffix + }); + }); + test('not allowed to specify defaultTargetGroups and defaultAction together', () => { // GIVEN const stack = new cdk.Stack(); diff --git a/packages/aws-cdk-lib/cx-api/FEATURE_FLAGS.md b/packages/aws-cdk-lib/cx-api/FEATURE_FLAGS.md index e3688ae4b55ae..4999ca300cef0 100644 --- a/packages/aws-cdk-lib/cx-api/FEATURE_FLAGS.md +++ b/packages/aws-cdk-lib/cx-api/FEATURE_FLAGS.md @@ -67,6 +67,8 @@ Flags come in three types: | [@aws-cdk/aws-codepipeline:crossAccountKeysDefaultValueToFalse](#aws-cdkaws-codepipelinecrossaccountkeysdefaultvaluetofalse) | Enables Pipeline to set the default value for crossAccountKeys to false. | 2.127.0 | (default) | | [@aws-cdk/aws-codepipeline:defaultPipelineTypeToV2](#aws-cdkaws-codepipelinedefaultpipelinetypetov2) | Enables Pipeline to set the default pipeline type to V2. | 2.133.0 | (default) | | [@aws-cdk/aws-kms:reduceCrossAccountRegionPolicyScope](#aws-cdkaws-kmsreducecrossaccountregionpolicyscope) | When enabled, IAM Policy created from KMS key grant will reduce the resource scope to this key only. | 2.134.0 | (fix) | +| [@aws-cdk/aws-elasticloadbalancingv2:ExternalApplicationListener-noRuleSuffixForAddAction](#aws-cdkaws-elasticloadbalancingv2externalapplicationlistener-norulesuffixforaddaction) | When enabled, you can switch from the `addTargetGroups()` method of declaring a `ListenerRule` to the `addAction()` method, +without changing the logicalId and replacing your resource. | V2NEXT | (fix) | @@ -1265,4 +1267,19 @@ When this feature flag is enabled and calling KMS key grant method, the created | 2.134.0 | `false` | `true` | +### @aws-cdk/aws-elasticloadbalancingv2:ExternalApplicationListener-noRuleSuffixForAddAction + +*When enabled, you can switch from the `addTargetGroups()` method of declaring a `ListenerRule` to the `addAction()` method, +without changing the logicalId and replacing your resource.* (fix) + +Setting this feature flag will cause the `addAction()` method to not add the `Rule` suffix on the logicalId. +This allows you to switch from the `addTargetGroups()` method without having CloudFormation deadlock while attempting to replace the resource. + + +| Since | Default | Recommended | +| ----- | ----- | ----- | +| (not in v1) | | | +| V2NEXT | `false` | `false` | + + diff --git a/packages/aws-cdk-lib/cx-api/README.md b/packages/aws-cdk-lib/cx-api/README.md index cdbd86f3ae08e..c3ca349b65558 100644 --- a/packages/aws-cdk-lib/cx-api/README.md +++ b/packages/aws-cdk-lib/cx-api/README.md @@ -309,3 +309,29 @@ _cdk.json_ } } ``` + +* `@aws-cdk/aws-elasticloadbalancingv2:ExternalApplicationListener-noRuleSuffixForAddAction` + +Enable this feature flag if you have deployed a `ListenerRule` using the `addTargetGroups()` +convenience method against an `ExternalApplicationListener` and you need to migrate to +using the `addAction()` method for more complex rule configurations. +This will prevent `Rule` from being added as a suffix to the logicalId so that the logicalId will remain the same. + +Do not enable this if you have already deployed `ListenerRule` resources using the +`addAction()` method. +Instead consider the [cdk-logical-id-mapper](https://github.com/mbonig/cdk-logical-id-mapper), +possibly in conjunction with `@aws-cdk/aws-elasticloadbalancingv2:ExternalApplicationListener-addTargetGroupsConsistentLogicalId` (see below). + +* `@aws-cdk/aws-elasticloadbalancingv2:ExternalApplicationListener-addTargetGroupsConsistentLogicalId` + +Enable this feature flag to ensure that the logicalIds of `ListenerRule`s created +on a `ExternalApplicationListener` by the `addTargetGroups()` method are consistent +with logicalIds for `ListenerRules` generated by other methods. +This will allow you to migrate between the different methods +without causing a replacement of the `ListenerRule` resource. + +You should enable this on new apps, before creating any resources. +If you have already created resources with the previous behavior, +you may still enable this flag, but will need to use something like the +[cdk-logical-id-mapper](https://github.com/mbonig/cdk-logical-id-mapper). +Alternatively, do not enable this feature flag and instead consider the `@aws-cdk/aws-elasticloadbalancingv2:ExternalApplicationListener-noRuleSuffixForAddAction` as necessary. diff --git a/packages/aws-cdk-lib/cx-api/lib/features.ts b/packages/aws-cdk-lib/cx-api/lib/features.ts index 3787104072ee5..f3b7b142bd034 100644 --- a/packages/aws-cdk-lib/cx-api/lib/features.ts +++ b/packages/aws-cdk-lib/cx-api/lib/features.ts @@ -101,6 +101,7 @@ export const LAMBDA_PERMISSION_LOGICAL_ID_FOR_LAMBDA_ACTION = '@aws-cdk/aws-clou export const CODEPIPELINE_CROSS_ACCOUNT_KEYS_DEFAULT_VALUE_TO_FALSE = '@aws-cdk/aws-codepipeline:crossAccountKeysDefaultValueToFalse'; export const CODEPIPELINE_DEFAULT_PIPELINE_TYPE_TO_V2 = '@aws-cdk/aws-codepipeline:defaultPipelineTypeToV2'; export const KMS_REDUCE_CROSS_ACCOUNT_REGION_POLICY_SCOPE = '@aws-cdk/aws-kms:reduceCrossAccountRegionPolicyScope'; +export const ALBV2_EXTERNALAPPLICATIONLISTENER_SWITCH_FROM_ADDTARGETGROUP_TO_ADDACTION = '@aws-cdk/aws-elasticloadbalancingv2:ExternalApplicationListener-noRuleSuffixForAddAction'; export const FLAGS: Record = { ////////////////////////////////////////////////////////////////////// @@ -1034,6 +1035,27 @@ export const FLAGS: Record = { introducedIn: { v2: '2.134.0' }, recommendedValue: true, }, + + ////////////////////////////////////////////////////////////////////// + [ALBV2_EXTERNALAPPLICATIONLISTENER_SWITCH_FROM_ADDTARGETGROUP_TO_ADDACTION]: { + type: FlagType.VisibleContext, + summary: 'When enabled, you can switch from the \`addTargetGroups()\` method of declaring a \`ListenerRule\` to the \`addAction()\` method, without changing the logicalId and replacing your resource.', + detailsMd: ` + When switching from a less complex to a more complex use of ALB, + you will eventually need features not available in the \`addTargetGroups()\` convenience method. + In this case you will want to use the \`addAction()\` method. + Before this feature is enabled, switching over to \`addAction()\` from using \`addTargetGroups()\` + will add a \`Rule\` suffix to the logicalId of your \`ListenerRule\`, + causing CloudFormation to attempt to replace the resource. + Since \`ListenerRule\`s have a unique priority, + CloudFormation will always fail when generating the new \`ListenerRule\`. + + Setting this feature flag will cause the \`addAction()\` method to not add the \`Rule\` suffix on the logicalId. + This allows you to switch from the \`addTargetGroups()\` method without having CloudFormation deadlock while attempting to replace the resource. + `, + introducedIn: { v2: 'V2NEXT' }, + recommendedValue: false, + }, }; const CURRENT_MV = 'v2'; From b82320b08ebcda98b85be8ceb56a5a4b39511d4a Mon Sep 17 00:00:00 2001 From: Parker Scanlon <69879391+scanlonp@users.noreply.github.com> Date: Wed, 3 Apr 2024 17:49:11 -0700 Subject: [PATCH 07/14] revert: "fix(elasticloadbalancerV2): logicalId supports switch from addTargetGroups (under feature flag)" (#29716) Reverts aws/aws-cdk#29513 We will want to use a property to achieve the desired behavior instead of a feature flag since we are not changing the default behavior. --- CONTRIBUTING.md | 10 +++--- .../lib/alb/application-listener.ts | 11 ++---- .../test/alb/listener.test.ts | 35 ------------------- packages/aws-cdk-lib/cx-api/FEATURE_FLAGS.md | 17 --------- packages/aws-cdk-lib/cx-api/README.md | 26 -------------- packages/aws-cdk-lib/cx-api/lib/features.ts | 22 ------------ 6 files changed, 7 insertions(+), 114 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 2b2025947dd1c..7644c072eb899 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -1196,18 +1196,18 @@ Adding a new flag looks as follows: with the name of the context key that enables this new feature (for example, `ENABLE_STACK_NAME_DUPLICATES`). The context key should be in the form `module.Type:feature` (e.g. `@aws-cdk/core:enableStackNameDuplicates`). -2. Add your feature flag to the `FLAGS` map in - [cx-api/lib/features.ts](https://github.com/aws/aws-cdk/blob/main/packages/aws-cdk-lib/cx-api/lib/features.ts). - Set `introducedIn.v2` to the literal string `'V2NEXT'`. - Double negatives should be avoided. If you want to add a flag that disables something that was previously enabled, set `default.v2` to `true` and the `recommendedValue` to `false`. You will need to update a test in `features.test.ts` -- this is okay if you have a good reason. - In your description, be sure to cover the following: +2. Use `FeatureFlags.of(construct).isEnabled(cxapi.ENABLE_XXX)` to check if this feature is enabled + in your code. If it is not defined, revert to the legacy behavior. +3. Add your feature flag to the `FLAGS` map in + [cx-api/lib/features.ts](https://github.com/aws/aws-cdk/blob/main/packages/aws-cdk-lib/cx-api/lib/features.ts). In + your description, be sure to cover the following: - Consciously pick the type of feature flag. Can the flag be removed in a future major version, or not? - Motivate why the feature flag exists. What is the change to existing infrastructure and why is it not safe? - In case of a "default change flag", describe what the user needs to do to restore the old behavior. -3. Use `FeatureFlags.of(construct).isEnabled(cxapi.ENABLE_XXX)` to check if this feature is enabled - in your code. If it is not defined, revert to the legacy behavior. 4. Add an entry for your feature flag in the [README](https://github.com/aws/aws-cdk/blob/main/packages/aws-cdk-lib/cx-api/README.md) file. 5. In your tests, ensure that you test your feature with and without the feature flag enabled. You can do this by passing the feature flag to the `context` property when instantiating an `App`. ```ts diff --git a/packages/aws-cdk-lib/aws-elasticloadbalancingv2/lib/alb/application-listener.ts b/packages/aws-cdk-lib/aws-elasticloadbalancingv2/lib/alb/application-listener.ts index 6d6c269f6de48..bbb7d02f34214 100644 --- a/packages/aws-cdk-lib/aws-elasticloadbalancingv2/lib/alb/application-listener.ts +++ b/packages/aws-cdk-lib/aws-elasticloadbalancingv2/lib/alb/application-listener.ts @@ -7,7 +7,7 @@ import { ApplicationTargetGroup, IApplicationLoadBalancerTarget, IApplicationTar import { ListenerCondition } from './conditions'; import * as ec2 from '../../../aws-ec2'; import * as cxschema from '../../../cloud-assembly-schema'; -import { Duration, FeatureFlags, Lazy, Resource, Token } from '../../../core'; +import { Duration, Lazy, Resource, Token } from '../../../core'; import * as cxapi from '../../../cx-api'; import { BaseListener, BaseListenerLookupOptions, IListener } from '../shared/base-listener'; import { HealthCheck } from '../shared/base-target-group'; @@ -664,22 +664,15 @@ abstract class ExternalApplicationListener extends Resource implements IApplicat * It is not possible to add a default action to an imported IApplicationListener. * In order to add actions to an imported IApplicationListener a `priority` * must be provided. - * - * Warning, if you are attempting to migrate an existing `ListenerAction` - * which was declared by the {@link addTargetGroups} method, you will - * need to enable the - * `@aws-cdk/aws-elasticloadbalancingv2:ExternalApplicationListener-noRuleSuffixForAddAction` - * feature flag. */ public addAction(id: string, props: AddApplicationActionProps): void { checkAddRuleProps(props); if (props.priority !== undefined) { - const idSuffix = FeatureFlags.of(this).isEnabled(cxapi.ALBV2_EXTERNALAPPLICATIONLISTENER_SWITCH_FROM_ADDTARGETGROUP_TO_ADDACTION) ? '' : 'Rule'; // New rule // // TargetGroup.registerListener is called inside ApplicationListenerRule. - new ApplicationListenerRule(this, id + idSuffix, { + new ApplicationListenerRule(this, id + 'Rule', { listener: this, priority: props.priority, ...props, diff --git a/packages/aws-cdk-lib/aws-elasticloadbalancingv2/test/alb/listener.test.ts b/packages/aws-cdk-lib/aws-elasticloadbalancingv2/test/alb/listener.test.ts index 0f1f949a2b82b..907cf8a20a683 100644 --- a/packages/aws-cdk-lib/aws-elasticloadbalancingv2/test/alb/listener.test.ts +++ b/packages/aws-cdk-lib/aws-elasticloadbalancingv2/test/alb/listener.test.ts @@ -6,7 +6,6 @@ import { Metric } from '../../../aws-cloudwatch'; import * as ec2 from '../../../aws-ec2'; import * as cdk from '../../../core'; import { SecretValue } from '../../../core'; -import * as cxapi from '../../../cx-api'; import * as elbv2 from '../../lib'; import { FakeSelfRegisteringTarget } from '../helpers'; @@ -1682,40 +1681,6 @@ describe('tests', () => { }).toThrow(/specify only one/); }); - describe('ExternalApplicationListener logicalId support', () => { - - test('compatibility mode for addAction', () => { - // GIVEN - const context = { [cxapi.ALBV2_EXTERNALAPPLICATIONLISTENER_SWITCH_FROM_ADDTARGETGROUP_TO_ADDACTION]: true }; - const app = new cdk.App({ context }); - const stack = new cdk.Stack(app, 'stack', { - env: { - account: '123456789012', - region: 'us-west-2', - }, - }); - const vpc = new ec2.Vpc(stack, 'Stack'); - const targetGroup = new elbv2.ApplicationTargetGroup(stack, 'TargetGroup', { vpc, port: 80 }); - const listener = elbv2.ApplicationListener.fromLookup(stack, 'a', { - loadBalancerTags: { - some: 'tag', - }, - }); - // WHEN - const identifierToken = 'SuperMagicToken'; - listener.addAction(identifierToken, { - action: elbv2.ListenerAction.weightedForward([{ targetGroup, weight: 1 }]), - conditions: [elbv2.ListenerCondition.pathPatterns(['/fake'])], - priority: 42, - }); - - // THEN - const applicationListenerRule = listener.node.children.find((v)=> v.hasOwnProperty('conditions')); - expect(applicationListenerRule).toBeDefined(); - expect(applicationListenerRule!.node.id).toBe(identifierToken); // Should not have `Rule` suffix - }); - }); - test('not allowed to specify defaultTargetGroups and defaultAction together', () => { // GIVEN const stack = new cdk.Stack(); diff --git a/packages/aws-cdk-lib/cx-api/FEATURE_FLAGS.md b/packages/aws-cdk-lib/cx-api/FEATURE_FLAGS.md index 4999ca300cef0..e3688ae4b55ae 100644 --- a/packages/aws-cdk-lib/cx-api/FEATURE_FLAGS.md +++ b/packages/aws-cdk-lib/cx-api/FEATURE_FLAGS.md @@ -67,8 +67,6 @@ Flags come in three types: | [@aws-cdk/aws-codepipeline:crossAccountKeysDefaultValueToFalse](#aws-cdkaws-codepipelinecrossaccountkeysdefaultvaluetofalse) | Enables Pipeline to set the default value for crossAccountKeys to false. | 2.127.0 | (default) | | [@aws-cdk/aws-codepipeline:defaultPipelineTypeToV2](#aws-cdkaws-codepipelinedefaultpipelinetypetov2) | Enables Pipeline to set the default pipeline type to V2. | 2.133.0 | (default) | | [@aws-cdk/aws-kms:reduceCrossAccountRegionPolicyScope](#aws-cdkaws-kmsreducecrossaccountregionpolicyscope) | When enabled, IAM Policy created from KMS key grant will reduce the resource scope to this key only. | 2.134.0 | (fix) | -| [@aws-cdk/aws-elasticloadbalancingv2:ExternalApplicationListener-noRuleSuffixForAddAction](#aws-cdkaws-elasticloadbalancingv2externalapplicationlistener-norulesuffixforaddaction) | When enabled, you can switch from the `addTargetGroups()` method of declaring a `ListenerRule` to the `addAction()` method, -without changing the logicalId and replacing your resource. | V2NEXT | (fix) | @@ -1267,19 +1265,4 @@ When this feature flag is enabled and calling KMS key grant method, the created | 2.134.0 | `false` | `true` | -### @aws-cdk/aws-elasticloadbalancingv2:ExternalApplicationListener-noRuleSuffixForAddAction - -*When enabled, you can switch from the `addTargetGroups()` method of declaring a `ListenerRule` to the `addAction()` method, -without changing the logicalId and replacing your resource.* (fix) - -Setting this feature flag will cause the `addAction()` method to not add the `Rule` suffix on the logicalId. -This allows you to switch from the `addTargetGroups()` method without having CloudFormation deadlock while attempting to replace the resource. - - -| Since | Default | Recommended | -| ----- | ----- | ----- | -| (not in v1) | | | -| V2NEXT | `false` | `false` | - - diff --git a/packages/aws-cdk-lib/cx-api/README.md b/packages/aws-cdk-lib/cx-api/README.md index c3ca349b65558..cdbd86f3ae08e 100644 --- a/packages/aws-cdk-lib/cx-api/README.md +++ b/packages/aws-cdk-lib/cx-api/README.md @@ -309,29 +309,3 @@ _cdk.json_ } } ``` - -* `@aws-cdk/aws-elasticloadbalancingv2:ExternalApplicationListener-noRuleSuffixForAddAction` - -Enable this feature flag if you have deployed a `ListenerRule` using the `addTargetGroups()` -convenience method against an `ExternalApplicationListener` and you need to migrate to -using the `addAction()` method for more complex rule configurations. -This will prevent `Rule` from being added as a suffix to the logicalId so that the logicalId will remain the same. - -Do not enable this if you have already deployed `ListenerRule` resources using the -`addAction()` method. -Instead consider the [cdk-logical-id-mapper](https://github.com/mbonig/cdk-logical-id-mapper), -possibly in conjunction with `@aws-cdk/aws-elasticloadbalancingv2:ExternalApplicationListener-addTargetGroupsConsistentLogicalId` (see below). - -* `@aws-cdk/aws-elasticloadbalancingv2:ExternalApplicationListener-addTargetGroupsConsistentLogicalId` - -Enable this feature flag to ensure that the logicalIds of `ListenerRule`s created -on a `ExternalApplicationListener` by the `addTargetGroups()` method are consistent -with logicalIds for `ListenerRules` generated by other methods. -This will allow you to migrate between the different methods -without causing a replacement of the `ListenerRule` resource. - -You should enable this on new apps, before creating any resources. -If you have already created resources with the previous behavior, -you may still enable this flag, but will need to use something like the -[cdk-logical-id-mapper](https://github.com/mbonig/cdk-logical-id-mapper). -Alternatively, do not enable this feature flag and instead consider the `@aws-cdk/aws-elasticloadbalancingv2:ExternalApplicationListener-noRuleSuffixForAddAction` as necessary. diff --git a/packages/aws-cdk-lib/cx-api/lib/features.ts b/packages/aws-cdk-lib/cx-api/lib/features.ts index f3b7b142bd034..3787104072ee5 100644 --- a/packages/aws-cdk-lib/cx-api/lib/features.ts +++ b/packages/aws-cdk-lib/cx-api/lib/features.ts @@ -101,7 +101,6 @@ export const LAMBDA_PERMISSION_LOGICAL_ID_FOR_LAMBDA_ACTION = '@aws-cdk/aws-clou export const CODEPIPELINE_CROSS_ACCOUNT_KEYS_DEFAULT_VALUE_TO_FALSE = '@aws-cdk/aws-codepipeline:crossAccountKeysDefaultValueToFalse'; export const CODEPIPELINE_DEFAULT_PIPELINE_TYPE_TO_V2 = '@aws-cdk/aws-codepipeline:defaultPipelineTypeToV2'; export const KMS_REDUCE_CROSS_ACCOUNT_REGION_POLICY_SCOPE = '@aws-cdk/aws-kms:reduceCrossAccountRegionPolicyScope'; -export const ALBV2_EXTERNALAPPLICATIONLISTENER_SWITCH_FROM_ADDTARGETGROUP_TO_ADDACTION = '@aws-cdk/aws-elasticloadbalancingv2:ExternalApplicationListener-noRuleSuffixForAddAction'; export const FLAGS: Record = { ////////////////////////////////////////////////////////////////////// @@ -1035,27 +1034,6 @@ export const FLAGS: Record = { introducedIn: { v2: '2.134.0' }, recommendedValue: true, }, - - ////////////////////////////////////////////////////////////////////// - [ALBV2_EXTERNALAPPLICATIONLISTENER_SWITCH_FROM_ADDTARGETGROUP_TO_ADDACTION]: { - type: FlagType.VisibleContext, - summary: 'When enabled, you can switch from the \`addTargetGroups()\` method of declaring a \`ListenerRule\` to the \`addAction()\` method, without changing the logicalId and replacing your resource.', - detailsMd: ` - When switching from a less complex to a more complex use of ALB, - you will eventually need features not available in the \`addTargetGroups()\` convenience method. - In this case you will want to use the \`addAction()\` method. - Before this feature is enabled, switching over to \`addAction()\` from using \`addTargetGroups()\` - will add a \`Rule\` suffix to the logicalId of your \`ListenerRule\`, - causing CloudFormation to attempt to replace the resource. - Since \`ListenerRule\`s have a unique priority, - CloudFormation will always fail when generating the new \`ListenerRule\`. - - Setting this feature flag will cause the \`addAction()\` method to not add the \`Rule\` suffix on the logicalId. - This allows you to switch from the \`addTargetGroups()\` method without having CloudFormation deadlock while attempting to replace the resource. - `, - introducedIn: { v2: 'V2NEXT' }, - recommendedValue: false, - }, }; const CURRENT_MV = 'v2'; From a59b8adb0a531f4a3388d0b8adb0733f02685a2e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 4 Apr 2024 17:47:10 +0000 Subject: [PATCH 08/14] chore(deps): bump undici from 5.28.3 to 5.28.4 (#29727) Bumps [undici](https://github.com/nodejs/undici) from 5.28.3 to 5.28.4.
Release notes

Sourced from undici's releases.

v5.28.4

:warning: Security Release :warning:

Full Changelog: https://github.com/nodejs/undici/compare/v5.28.3...v5.28.4

Commits
  • fb98306 Bumped v5.28.4
  • 2b39440 Merge pull request from GHSA-9qxr-qj54-h672
  • 64e3402 Merge pull request from GHSA-m4v8-wqvr-p9f7
  • 723c4e7 Revert "build(deps-dev): bump formdata-node from 4.4.1 to 6.0.3 (#2389)"
  • 0e9d54b skip failing test due to Node.js changes
  • See full diff in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=undici&package-manager=npm_and_yarn&previous-version=5.28.3&new-version=5.28.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/aws/aws-cdk/network/alerts).
--- yarn.lock | 37 ++++++------------------------------- 1 file changed, 6 insertions(+), 31 deletions(-) diff --git a/yarn.lock b/yarn.lock index b51c53c485948..ed115bbb559ea 100644 --- a/yarn.lock +++ b/yarn.lock @@ -13957,16 +13957,7 @@ string-length@^4.0.1: char-regex "^1.0.2" strip-ansi "^6.0.0" -"string-width-cjs@npm:string-width@^4.2.0": - version "4.2.3" - resolved "https://registry.npmjs.org/string-width/-/string-width-4.2.3.tgz#269c7117d27b05ad2e536830a8ec895ef9c6d010" - integrity sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g== - dependencies: - emoji-regex "^8.0.0" - is-fullwidth-code-point "^3.0.0" - strip-ansi "^6.0.1" - -string-width@*, string-width@^1.0.1, "string-width@^1.0.2 || 2 || 3 || 4", string-width@^4.1.0, string-width@^4.2.0, string-width@^4.2.3, string-width@^5.0.1, string-width@^5.1.2: +"string-width-cjs@npm:string-width@^4.2.0", string-width@*, string-width@^1.0.1, "string-width@^1.0.2 || 2 || 3 || 4", string-width@^4.1.0, string-width@^4.2.0, string-width@^4.2.3, string-width@^5.0.1, string-width@^5.1.2: version "4.2.3" resolved "https://registry.npmjs.org/string-width/-/string-width-4.2.3.tgz#269c7117d27b05ad2e536830a8ec895ef9c6d010" integrity sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g== @@ -14044,7 +14035,7 @@ stringify-package@^1.0.1: resolved "https://registry.npmjs.org/stringify-package/-/stringify-package-1.0.1.tgz#e5aa3643e7f74d0f28628b72f3dad5cecfc3ba85" integrity sha512-sa4DUQsYciMP1xhKWGuFM04fB0LG/9DlluZoSVywUMRNvzid6XucHK0/90xGxRoHrAaROrcHK1aPKaijCtSrhg== -"strip-ansi-cjs@npm:strip-ansi@^6.0.1": +"strip-ansi-cjs@npm:strip-ansi@^6.0.1", strip-ansi@^6.0.0, strip-ansi@^6.0.1: version "6.0.1" resolved "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz#9e26c63d30f53443e9489495b2105d37b67a85d9" integrity sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A== @@ -14058,13 +14049,6 @@ strip-ansi@^3.0.1: dependencies: ansi-regex "^2.0.0" -strip-ansi@^6.0.0, strip-ansi@^6.0.1: - version "6.0.1" - resolved "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz#9e26c63d30f53443e9489495b2105d37b67a85d9" - integrity sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A== - dependencies: - ansi-regex "^5.0.1" - strip-ansi@^7.0.1, strip-ansi@^7.1.0: version "7.1.0" resolved "https://registry.npmjs.org/strip-ansi/-/strip-ansi-7.1.0.tgz#d5b6568ca689d8561370b0707685d22434faff45" @@ -14651,9 +14635,9 @@ undici-types@~5.26.4: integrity sha512-JlCMO+ehdEIKqlFxk6IfVoAUVmgz7cU7zD/h9XZ0qzeosSHmUJVOzSQvvYSYWXkFXC+IfLKSIffhv0sVZup6pA== undici@^5.25.4: - version "5.28.3" - resolved "https://registry.npmjs.org/undici/-/undici-5.28.3.tgz#a731e0eff2c3fcfd41c1169a869062be222d1e5b" - integrity sha512-3ItfzbrhDlINjaP0duwnNsKpDQk3acHI3gVJ1z4fmwMK31k5G9OVIAMLSIaP6w4FaGkaAkN6zaQO9LUvZ1t7VA== + version "5.28.4" + resolved "https://registry.npmjs.org/undici/-/undici-5.28.4.tgz#6b280408edb6a1a604a9b20340f45b422e373068" + integrity sha512-72RFADWFqKmUb2hmmvNODKL3p9hcB6Gt2DOQMis1SEBaV6a4MH8soBvzg+95CYhCKPFedut2JY9bMfrDl9D23g== dependencies: "@fastify/busboy" "^2.0.0" @@ -15023,7 +15007,7 @@ workerpool@^6.5.1: resolved "https://registry.npmjs.org/workerpool/-/workerpool-6.5.1.tgz#060f73b39d0caf97c6db64da004cd01b4c099544" integrity sha512-Fs4dNYcsdpYSAfVxhnl1L5zTksjvOJxtC5hzMNl+1t9B8hTJTdKDyZ5ju7ztgPy+ft9tBFXoOlDNiOT9WUXZlA== -"wrap-ansi-cjs@npm:wrap-ansi@^7.0.0": +"wrap-ansi-cjs@npm:wrap-ansi@^7.0.0", wrap-ansi@^7.0.0: version "7.0.0" resolved "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-7.0.0.tgz#67e145cff510a6a6984bdf1152911d69d2eb9e43" integrity sha512-YVGIj2kamLSTxw6NsZjoBxfSwsn0ycdesmc4p+Q21c5zPuZ1pl+NfxVdxPtdHvmNVOQ6XSYG4AUtyt/Fi7D16Q== @@ -15041,15 +15025,6 @@ wrap-ansi@^6.0.1, wrap-ansi@^6.2.0: string-width "^4.1.0" strip-ansi "^6.0.0" -wrap-ansi@^7.0.0: - version "7.0.0" - resolved "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-7.0.0.tgz#67e145cff510a6a6984bdf1152911d69d2eb9e43" - integrity sha512-YVGIj2kamLSTxw6NsZjoBxfSwsn0ycdesmc4p+Q21c5zPuZ1pl+NfxVdxPtdHvmNVOQ6XSYG4AUtyt/Fi7D16Q== - dependencies: - ansi-styles "^4.0.0" - string-width "^4.1.0" - strip-ansi "^6.0.0" - wrap-ansi@^8.1.0: version "8.1.0" resolved "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-8.1.0.tgz#56dc22368ee570face1b49819975d9b9a5ead214" From 069013ea1cdd0b8e0a95cf8f0870b4ae976a46a7 Mon Sep 17 00:00:00 2001 From: Michael Sambol Date: Thu, 4 Apr 2024 13:21:29 -0600 Subject: [PATCH 09/14] docs(elasticloadbalancingv2): set proper default for stickiness (#29726) By default, stickiness is disabled. The duration _is_ one day if stickiness is enabled, but we don't surface that option to users. If `stickinessCookieDuration` is not supplied, stickiness will not be enabled so the 1 day default doesn't make sense here. Closes #29725. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- .../lib/alb/application-target-group.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/aws-cdk-lib/aws-elasticloadbalancingv2/lib/alb/application-target-group.ts b/packages/aws-cdk-lib/aws-elasticloadbalancingv2/lib/alb/application-target-group.ts index 4f5f25568cd3d..68be7e820529c 100644 --- a/packages/aws-cdk-lib/aws-elasticloadbalancingv2/lib/alb/application-target-group.ts +++ b/packages/aws-cdk-lib/aws-elasticloadbalancingv2/lib/alb/application-target-group.ts @@ -60,7 +60,7 @@ export interface ApplicationTargetGroupProps extends BaseTargetGroupProps { * After this period, the cookie is considered stale. The minimum value is * 1 second and the maximum value is 7 days (604800 seconds). * - * @default Duration.days(1) + * @default - Stickiness is disabled */ readonly stickinessCookieDuration?: Duration; From 2814011fdbafad87af9f7a1cad143a19eae30a05 Mon Sep 17 00:00:00 2001 From: Jimmy Gaussen Date: Fri, 5 Apr 2024 01:13:36 +0200 Subject: [PATCH 10/14] fix(s3-assets): throw if path property is empty (#29425) ### Issue # (if applicable) Closes #29410. ### Reason for this change It was reported that a `Code.fromAsset('')` was creating an infinite loop by including itself through `cdk.out`. This is caused by the following line: https://github.com/aws/aws-cdk/blob/730fe63efc461c14f6e2b4aa9206c10f9b0f4cd9/packages/aws-cdk-lib/aws-s3-assets/lib/asset.ts#L145 If an empty string is given to `path.resolve()`, the current working directory is returned. ### Description of changes I've added a check that verifies that the given `path` property is not empty. ### Description of how you validated changes I've added a test for both the `aws-lambda` package, where the issue was originally reported, and `aws-s3-assets`, where the fix was implemented ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- packages/aws-cdk-lib/aws-lambda/test/code.test.ts | 14 ++++++++++++++ packages/aws-cdk-lib/aws-s3-assets/lib/asset.ts | 4 ++++ .../aws-cdk-lib/aws-s3-assets/test/asset.test.ts | 9 ++++++++- 3 files changed, 26 insertions(+), 1 deletion(-) diff --git a/packages/aws-cdk-lib/aws-lambda/test/code.test.ts b/packages/aws-cdk-lib/aws-lambda/test/code.test.ts index 7fcc937ed7ee3..cdd393c271987 100644 --- a/packages/aws-cdk-lib/aws-lambda/test/code.test.ts +++ b/packages/aws-cdk-lib/aws-lambda/test/code.test.ts @@ -16,6 +16,20 @@ describe('code', () => { }); describe('lambda.Code.fromAsset', () => { + test('fails if path is empty', () => { + // GIVEN + const fileAsset = lambda.Code.fromAsset(''); + + // THEN + expect(() => defineFunction(fileAsset)).toThrow(/Asset path cannot be empty/); + }); + test('fails if path does not exist', () => { + // GIVEN + const fileAsset = lambda.Code.fromAsset('/path/not/found/' + Math.random() * 999999); + + // THEN + expect(() => defineFunction(fileAsset)).toThrow(/Cannot find asset/); + }); test('fails if a non-zip asset is used', () => { // GIVEN const fileAsset = lambda.Code.fromAsset(path.join(__dirname, 'my-lambda-handler', 'index.py')); diff --git a/packages/aws-cdk-lib/aws-s3-assets/lib/asset.ts b/packages/aws-cdk-lib/aws-s3-assets/lib/asset.ts index d20059505d674..5993a9a2a06e9 100644 --- a/packages/aws-cdk-lib/aws-s3-assets/lib/asset.ts +++ b/packages/aws-cdk-lib/aws-s3-assets/lib/asset.ts @@ -137,6 +137,10 @@ export class Asset extends Construct implements cdk.IAsset { constructor(scope: Construct, id: string, props: AssetProps) { super(scope, id); + if (!props.path) { + throw new Error('Asset path cannot be empty'); + } + this.isBundled = props.bundling != null; // stage the asset source (conditionally). diff --git a/packages/aws-cdk-lib/aws-s3-assets/test/asset.test.ts b/packages/aws-cdk-lib/aws-s3-assets/test/asset.test.ts index 4aa70b59bf24d..77d174956393e 100644 --- a/packages/aws-cdk-lib/aws-s3-assets/test/asset.test.ts +++ b/packages/aws-cdk-lib/aws-s3-assets/test/asset.test.ts @@ -143,11 +143,18 @@ test('"readers" or "grantRead" can be used to grant read permissions on the asse }); }); +test('fails if path is empty', () => { + const stack = new cdk.Stack(); + expect(() => new Asset(stack, 'MyDirectory', { + path: '', + })).toThrow(/Asset path cannot be empty/); +}); + test('fails if directory not found', () => { const stack = new cdk.Stack(); expect(() => new Asset(stack, 'MyDirectory', { path: '/path/not/found/' + Math.random() * 999999, - })).toThrow(); + })).toThrow(/Cannot find asset/); }); test('multiple assets under the same parent', () => { From 615ee2de1cbf42770cd9d2d171196513f6602eb1 Mon Sep 17 00:00:00 2001 From: Konosh93 Date: Sat, 6 Apr 2024 03:18:46 +0900 Subject: [PATCH 11/14] feat(rds): specify PreferredMaintenanceWindow in reader or writer props (#29686) ### Issue #29687 Closes ##29687 ### Reason for this change Since `instanceProps` is deprecated it is better to allow setting `PreferredMaintenanceWindow` using writer and readers props. ### Description of changes Added optional preferredMaintenanceWindow field to ClusterInstanceOptions and added a unit test. ### Description of how you validated changes - Add a single unit test ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- ...dk-rds-integ-with-feature-flag.assets.json | 6 +- ...-rds-integ-with-feature-flag.template.json | 3 + .../aws-cdk-rds-integ.assets.json | 6 +- .../aws-cdk-rds-integ.template.json | 6 +- .../test/integ.cluster.js.snapshot/cdk.out | 2 +- .../test/integ.cluster.js.snapshot/integ.json | 2 +- .../integ.cluster.js.snapshot/manifest.json | 20 +- .../test/integ.cluster.js.snapshot/tree.json | 253 +++++++++--------- .../test/aws-rds/test/integ.cluster.ts | 3 +- packages/aws-cdk-lib/aws-rds/README.md | 14 + .../aws-rds/lib/aurora-cluster-instance.ts | 12 + .../aws-cdk-lib/aws-rds/test/cluster.test.ts | 51 ++++ 12 files changed, 237 insertions(+), 141 deletions(-) diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.cluster.js.snapshot/aws-cdk-rds-integ-with-feature-flag.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.cluster.js.snapshot/aws-cdk-rds-integ-with-feature-flag.assets.json index 45c13225ef815..0ec88897a5690 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.cluster.js.snapshot/aws-cdk-rds-integ-with-feature-flag.assets.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.cluster.js.snapshot/aws-cdk-rds-integ-with-feature-flag.assets.json @@ -1,7 +1,7 @@ { - "version": "34.0.0", + "version": "36.0.0", "files": { - "6ef7bb16723c1bb9cf7146bc933297a5225c070c914722f051953fcd6623a3f3": { + "1b82c3c46023a245fe7505b943253e15f3431b4cb0adbc63fbac9a9e5b4e3e9e": { "source": { "path": "aws-cdk-rds-integ-with-feature-flag.template.json", "packaging": "file" @@ -9,7 +9,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "6ef7bb16723c1bb9cf7146bc933297a5225c070c914722f051953fcd6623a3f3.json", + "objectKey": "1b82c3c46023a245fe7505b943253e15f3431b4cb0adbc63fbac9a9e5b4e3e9e.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.cluster.js.snapshot/aws-cdk-rds-integ-with-feature-flag.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.cluster.js.snapshot/aws-cdk-rds-integ-with-feature-flag.template.json index 3e3a32b92397e..d44dcaab152f0 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.cluster.js.snapshot/aws-cdk-rds-integ-with-feature-flag.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.cluster.js.snapshot/aws-cdk-rds-integ-with-feature-flag.template.json @@ -536,6 +536,7 @@ "Ref": "DatabaseSubnets56F17B9A" }, "Engine": "aurora-mysql", + "PreferredMaintenanceWindow": "Sat:22:15-Sat:22:45", "PubliclyAccessible": true }, "DependsOn": [ @@ -569,6 +570,7 @@ "Ref": "DatabaseSubnets56F17B9A" }, "Engine": "aurora-mysql", + "PreferredMaintenanceWindow": "Sat:22:15-Sat:22:45", "PubliclyAccessible": true }, "DependsOn": [ @@ -602,6 +604,7 @@ "Ref": "DatabaseSubnets56F17B9A" }, "Engine": "aurora-mysql", + "PreferredMaintenanceWindow": "Sat:22:15-Sat:22:45", "PubliclyAccessible": true }, "DependsOn": [ diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.cluster.js.snapshot/aws-cdk-rds-integ.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.cluster.js.snapshot/aws-cdk-rds-integ.assets.json index 47634f37f52bc..e26029fd804a1 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.cluster.js.snapshot/aws-cdk-rds-integ.assets.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.cluster.js.snapshot/aws-cdk-rds-integ.assets.json @@ -1,7 +1,7 @@ { - "version": "34.0.0", + "version": "36.0.0", "files": { - "c863658d0e268728186dc27ce3f510e5229991e4900b97bd41e8d8875becaefa": { + "a6fc606a796f0ed2530a3952ed638dbbb90c9f8ffe28671d86034103a4b61e44": { "source": { "path": "aws-cdk-rds-integ.template.json", "packaging": "file" @@ -9,7 +9,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "c863658d0e268728186dc27ce3f510e5229991e4900b97bd41e8d8875becaefa.json", + "objectKey": "a6fc606a796f0ed2530a3952ed638dbbb90c9f8ffe28671d86034103a4b61e44.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.cluster.js.snapshot/aws-cdk-rds-integ.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.cluster.js.snapshot/aws-cdk-rds-integ.template.json index 8b068e2c04e4d..410d6374693a5 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.cluster.js.snapshot/aws-cdk-rds-integ.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.cluster.js.snapshot/aws-cdk-rds-integ.template.json @@ -536,6 +536,7 @@ "Ref": "DatabaseSubnets56F17B9A" }, "Engine": "aurora-mysql", + "PreferredMaintenanceWindow": "Sat:22:15-Sat:22:45", "PubliclyAccessible": true }, "DependsOn": [ @@ -547,7 +548,7 @@ "UpdateReplacePolicy": "Delete", "DeletionPolicy": "Delete" }, - "DatabaseInstanceParameterGroup6968C5BF": { + "DatabaseInstance2WrapperInstanceParameterGroup61FBD67B": { "Type": "AWS::RDS::DBParameterGroup", "Properties": { "Description": "Parameter group for aurora-mysql8.0", @@ -563,12 +564,13 @@ }, "DBInstanceClass": "db.t3.medium", "DBParameterGroupName": { - "Ref": "DatabaseInstanceParameterGroup6968C5BF" + "Ref": "DatabaseInstance2WrapperInstanceParameterGroup61FBD67B" }, "DBSubnetGroupName": { "Ref": "DatabaseSubnets56F17B9A" }, "Engine": "aurora-mysql", + "PreferredMaintenanceWindow": "Sat:22:15-Sat:22:45", "PubliclyAccessible": true }, "DependsOn": [ diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.cluster.js.snapshot/cdk.out b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.cluster.js.snapshot/cdk.out index 2313ab5436501..1f0068d32659a 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.cluster.js.snapshot/cdk.out +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.cluster.js.snapshot/cdk.out @@ -1 +1 @@ -{"version":"34.0.0"} \ No newline at end of file +{"version":"36.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.cluster.js.snapshot/integ.json b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.cluster.js.snapshot/integ.json index 5b65fd80329e2..29ffb2fbfe635 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.cluster.js.snapshot/integ.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.cluster.js.snapshot/integ.json @@ -1,5 +1,5 @@ { - "version": "34.0.0", + "version": "36.0.0", "testCases": { "integ.cluster": { "stacks": [ diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.cluster.js.snapshot/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.cluster.js.snapshot/manifest.json index 9f114e9da4194..13f6197616ff9 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.cluster.js.snapshot/manifest.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.cluster.js.snapshot/manifest.json @@ -1,5 +1,5 @@ { - "version": "34.0.0", + "version": "36.0.0", "artifacts": { "aws-cdk-rds-integ-with-feature-flag.assets": { "type": "cdk:asset-manifest", @@ -14,10 +14,11 @@ "environment": "aws://unknown-account/unknown-region", "properties": { "templateFile": "aws-cdk-rds-integ-with-feature-flag.template.json", + "terminationProtection": false, "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/6ef7bb16723c1bb9cf7146bc933297a5225c070c914722f051953fcd6623a3f3.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/1b82c3c46023a245fe7505b943253e15f3431b4cb0adbc63fbac9a9e5b4e3e9e.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ @@ -210,7 +211,10 @@ "/aws-cdk-rds-integ-with-feature-flag/Database/Instance1": [ { "type": "aws:cdk:logicalId", - "data": "DatabaseInstance1844F58FD" + "data": "DatabaseInstance1844F58FD", + "trace": [ + "!!DESTRUCTIVE_CHANGES: MAY_REPLACE" + ] } ], "/aws-cdk-rds-integ-with-feature-flag/Database/Instance2Wrapper/InstanceParameterGroup/Resource": [ @@ -222,7 +226,10 @@ "/aws-cdk-rds-integ-with-feature-flag/Database/Instance2": [ { "type": "aws:cdk:logicalId", - "data": "DatabaseInstance2AA380DEE" + "data": "DatabaseInstance2AA380DEE", + "trace": [ + "!!DESTRUCTIVE_CHANGES: MAY_REPLACE" + ] } ], "/aws-cdk-rds-integ-with-feature-flag/Database/Instance3Wrapper/InstanceParameterGroup/Resource": [ @@ -234,7 +241,10 @@ "/aws-cdk-rds-integ-with-feature-flag/Database/Instance3": [ { "type": "aws:cdk:logicalId", - "data": "DatabaseInstance32FCBA185" + "data": "DatabaseInstance32FCBA185", + "trace": [ + "!!DESTRUCTIVE_CHANGES: MAY_REPLACE" + ] } ], "/aws-cdk-rds-integ-with-feature-flag/ClusterIamAccess/Resource": [ diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.cluster.js.snapshot/tree.json b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.cluster.js.snapshot/tree.json index bd3e7a0e31aa5..8e0ab8a090e55 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.cluster.js.snapshot/tree.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.cluster.js.snapshot/tree.json @@ -31,8 +31,8 @@ } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.aws_ec2.CfnVPC", + "version": "0.0.0" } }, "PublicSubnet1": { @@ -75,16 +75,16 @@ } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", + "version": "0.0.0" } }, "Acl": { "id": "Acl", "path": "aws-cdk-rds-integ-with-feature-flag/VPC/PublicSubnet1/Acl", "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" } }, "RouteTable": { @@ -105,8 +105,8 @@ } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", + "version": "0.0.0" } }, "RouteTableAssociation": { @@ -124,8 +124,8 @@ } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", + "version": "0.0.0" } }, "DefaultRoute": { @@ -144,8 +144,8 @@ } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.aws_ec2.CfnRoute", + "version": "0.0.0" } }, "EIP": { @@ -164,8 +164,8 @@ } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.aws_ec2.CfnEIP", + "version": "0.0.0" } }, "NATGateway": { @@ -192,14 +192,14 @@ } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.aws_ec2.CfnNatGateway", + "version": "0.0.0" } } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.aws_ec2.PublicSubnet", + "version": "0.0.0" } }, "PublicSubnet2": { @@ -242,16 +242,16 @@ } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", + "version": "0.0.0" } }, "Acl": { "id": "Acl", "path": "aws-cdk-rds-integ-with-feature-flag/VPC/PublicSubnet2/Acl", "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" } }, "RouteTable": { @@ -272,8 +272,8 @@ } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", + "version": "0.0.0" } }, "RouteTableAssociation": { @@ -291,8 +291,8 @@ } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", + "version": "0.0.0" } }, "DefaultRoute": { @@ -311,8 +311,8 @@ } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.aws_ec2.CfnRoute", + "version": "0.0.0" } }, "EIP": { @@ -331,8 +331,8 @@ } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.aws_ec2.CfnEIP", + "version": "0.0.0" } }, "NATGateway": { @@ -359,14 +359,14 @@ } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.aws_ec2.CfnNatGateway", + "version": "0.0.0" } } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.aws_ec2.PublicSubnet", + "version": "0.0.0" } }, "PrivateSubnet1": { @@ -409,16 +409,16 @@ } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", + "version": "0.0.0" } }, "Acl": { "id": "Acl", "path": "aws-cdk-rds-integ-with-feature-flag/VPC/PrivateSubnet1/Acl", "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" } }, "RouteTable": { @@ -439,8 +439,8 @@ } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", + "version": "0.0.0" } }, "RouteTableAssociation": { @@ -458,8 +458,8 @@ } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", + "version": "0.0.0" } }, "DefaultRoute": { @@ -478,14 +478,14 @@ } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.aws_ec2.CfnRoute", + "version": "0.0.0" } } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.aws_ec2.PrivateSubnet", + "version": "0.0.0" } }, "PrivateSubnet2": { @@ -528,16 +528,16 @@ } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", + "version": "0.0.0" } }, "Acl": { "id": "Acl", "path": "aws-cdk-rds-integ-with-feature-flag/VPC/PrivateSubnet2/Acl", "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" } }, "RouteTable": { @@ -558,8 +558,8 @@ } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", + "version": "0.0.0" } }, "RouteTableAssociation": { @@ -577,8 +577,8 @@ } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", + "version": "0.0.0" } }, "DefaultRoute": { @@ -597,14 +597,14 @@ } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.aws_ec2.CfnRoute", + "version": "0.0.0" } } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.aws_ec2.PrivateSubnet", + "version": "0.0.0" } }, "IGW": { @@ -622,8 +622,8 @@ } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.aws_ec2.CfnInternetGateway", + "version": "0.0.0" } }, "VPCGW": { @@ -641,14 +641,14 @@ } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.aws_ec2.CfnVPCGatewayAttachment", + "version": "0.0.0" } } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.aws_ec2.Vpc", + "version": "0.0.0" } }, "Params": { @@ -669,14 +669,14 @@ } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.aws_rds.CfnDBClusterParameterGroup", + "version": "0.0.0" } } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.aws_rds.ParameterGroup", + "version": "0.0.0" } }, "DbSecurity": { @@ -720,14 +720,14 @@ } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.aws_kms.CfnKey", + "version": "0.0.0" } } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.aws_kms.Key", + "version": "0.0.0" } }, "Database": { @@ -756,14 +756,14 @@ } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.aws_rds.CfnDBSubnetGroup", + "version": "0.0.0" } } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.aws_rds.SubnetGroup", + "version": "0.0.0" } }, "SecurityGroup": { @@ -790,8 +790,8 @@ } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.aws_ec2.CfnSecurityGroup", + "version": "0.0.0" } }, "from 0.0.0.0_0:{IndirectPort}": { @@ -824,14 +824,14 @@ } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.aws_ec2.CfnSecurityGroupIngress", + "version": "0.0.0" } } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.aws_ec2.SecurityGroup", + "version": "0.0.0" } }, "Resource": { @@ -869,16 +869,16 @@ } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.aws_rds.CfnDBCluster", + "version": "0.0.0" } }, "Instance1Wrapper": { "id": "Instance1Wrapper", "path": "aws-cdk-rds-integ-with-feature-flag/Database/Instance1Wrapper", "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" } }, "Instance1": { @@ -895,12 +895,13 @@ "Ref": "DatabaseSubnets56F17B9A" }, "engine": "aurora-mysql", + "preferredMaintenanceWindow": "Sat:22:15-Sat:22:45", "publiclyAccessible": true } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.aws_rds.CfnDBInstance", + "version": "0.0.0" } }, "Instance2Wrapper": { @@ -923,20 +924,20 @@ } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.aws_rds.CfnDBParameterGroup", + "version": "0.0.0" } } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.aws_rds.ParameterGroup", + "version": "0.0.0" } } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" } }, "Instance2": { @@ -956,12 +957,13 @@ "Ref": "DatabaseSubnets56F17B9A" }, "engine": "aurora-mysql", + "preferredMaintenanceWindow": "Sat:22:15-Sat:22:45", "publiclyAccessible": true } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.aws_rds.CfnDBInstance", + "version": "0.0.0" } }, "Instance3Wrapper": { @@ -984,20 +986,20 @@ } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.aws_rds.CfnDBParameterGroup", + "version": "0.0.0" } } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.aws_rds.ParameterGroup", + "version": "0.0.0" } } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" } }, "Instance3": { @@ -1017,18 +1019,19 @@ "Ref": "DatabaseSubnets56F17B9A" }, "engine": "aurora-mysql", + "preferredMaintenanceWindow": "Sat:22:15-Sat:22:45", "publiclyAccessible": true } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.aws_rds.CfnDBInstance", + "version": "0.0.0" } } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.aws_rds.DatabaseCluster", + "version": "0.0.0" } }, "ClusterIamAccess": { @@ -1039,8 +1042,8 @@ "id": "ImportClusterIamAccess", "path": "aws-cdk-rds-integ-with-feature-flag/ClusterIamAccess/ImportClusterIamAccess", "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" } }, "Resource": { @@ -1064,8 +1067,8 @@ } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "0.0.0" } }, "DefaultPolicy": { @@ -1123,42 +1126,42 @@ } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", + "version": "0.0.0" } } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.aws_iam.Policy", + "version": "0.0.0" } } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "0.0.0" } }, "BootstrapVersion": { "id": "BootstrapVersion", "path": "aws-cdk-rds-integ-with-feature-flag/BootstrapVersion", "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" } }, "CheckBootstrapVersion": { "id": "CheckBootstrapVersion", "path": "aws-cdk-rds-integ-with-feature-flag/CheckBootstrapVersion", "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" } } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" } }, "Tree": { @@ -1166,13 +1169,13 @@ "path": "Tree", "constructInfo": { "fqn": "constructs.Construct", - "version": "10.2.70" + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.App", + "version": "0.0.0" } } } \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.cluster.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.cluster.ts index 674e0377a0b48..9b9c93196296a 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.cluster.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.cluster.ts @@ -27,6 +27,7 @@ class TestStack extends cdk.Stack { const instanceProps = { instanceType: ec2.InstanceType.of(ec2.InstanceClass.BURSTABLE3, ec2.InstanceSize.MEDIUM), isFromLegacyInstanceProps: true, + preferredMaintenanceWindow: 'Sat:22:15-Sat:22:45', }; const readers = featureFlag @@ -91,4 +92,4 @@ const appWithFeatureFlag = new cdk.App({ context: { [AURORA_CLUSTER_CHANGE_SCOPE_OF_INSTANCE_PARAMETER_GROUP_WITH_EACH_PARAMETERS]: true }, }); new TestStack(appWithFeatureFlag, 'aws-cdk-rds-integ-with-feature-flag'); -appWithFeatureFlag.synth(); \ No newline at end of file +appWithFeatureFlag.synth(); diff --git a/packages/aws-cdk-lib/aws-rds/README.md b/packages/aws-cdk-lib/aws-rds/README.md index f1c677dc434da..f44921d277e47 100644 --- a/packages/aws-cdk-lib/aws-rds/README.md +++ b/packages/aws-cdk-lib/aws-rds/README.md @@ -1224,3 +1224,17 @@ new rds.DatabaseCluster(this, 'DatabaseCluster', { preferredMaintenanceWindow: 'Sat:22:15-Sat:22:45', }); ``` + +You can also set the preferred maintenance window via reader and writer props: + +```ts +declare const vpc: ec2.Vpc; +new rds.DatabaseCluster(this, 'DatabaseCluster', { + engine: rds.DatabaseClusterEngine.AURORA, + vpc: vpc, + writer: rds.ClusterInstance.provisioned('WriterInstance', { + preferredMaintenanceWindow: 'Sat:22:15-Sat:22:45', + }), + preferredMaintenanceWindow: 'Sat:22:15-Sat:22:45', +}); +``` diff --git a/packages/aws-cdk-lib/aws-rds/lib/aurora-cluster-instance.ts b/packages/aws-cdk-lib/aws-rds/lib/aurora-cluster-instance.ts index 5fc7348cba02e..bf7d467cf631a 100644 --- a/packages/aws-cdk-lib/aws-rds/lib/aurora-cluster-instance.ts +++ b/packages/aws-cdk-lib/aws-rds/lib/aurora-cluster-instance.ts @@ -223,6 +223,17 @@ export interface ClusterInstanceOptions { */ readonly publiclyAccessible?: boolean; + /** + * A preferred maintenance window day/time range. Should be specified as a range ddd:hh24:mi-ddd:hh24:mi (24H Clock UTC). + * + * Example: 'Sun:23:45-Mon:00:15' + * + * @default - 30-minute window selected at random from an 8-hour block of time for + * each AWS Region, occurring on a random day of the week. + * @see https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_UpgradeDBInstance.Maintenance.html#Concepts.DBMaintenance + */ + readonly preferredMaintenanceWindow?: string; + /** * The parameters in the DBParameterGroup to create automatically * @@ -499,6 +510,7 @@ class AuroraClusterInstance extends Resource implements IAuroraClusterInstance { // Instance properties dbInstanceClass: props.instanceType ? databaseInstanceType(instanceType) : undefined, publiclyAccessible, + preferredMaintenanceWindow: props.preferredMaintenanceWindow, enablePerformanceInsights: enablePerformanceInsights || props.enablePerformanceInsights, // fall back to undefined if not set performanceInsightsKmsKeyId: props.performanceInsightEncryptionKey?.keyArn, performanceInsightsRetentionPeriod: enablePerformanceInsights diff --git a/packages/aws-cdk-lib/aws-rds/test/cluster.test.ts b/packages/aws-cdk-lib/aws-rds/test/cluster.test.ts index b3a67928987b5..45bf7fedf6f49 100644 --- a/packages/aws-cdk-lib/aws-rds/test/cluster.test.ts +++ b/packages/aws-cdk-lib/aws-rds/test/cluster.test.ts @@ -226,6 +226,57 @@ describe('cluster new api', () => { }, }); + // THEN + const template = Template.fromStack(stack); + // maintenance window is set + template.hasResourceProperties('AWS::RDS::DBInstance', Match.objectLike({ + PreferredMaintenanceWindow: PREFERRED_MAINTENANCE_WINDOW, + })); + }); + test('preferredMaintenanceWindow provided in writer', () => { + // GIVEN + const stack = testStack(); + const vpc = new ec2.Vpc(stack, 'VPC'); + + const PREFERRED_MAINTENANCE_WINDOW: string = 'Sun:12:00-Sun:13:00'; + + // WHEN + new DatabaseCluster(stack, 'Database', { + engine: DatabaseClusterEngine.AURORA, + vpc: vpc, + writer: ClusterInstance.provisioned('Instance1', { + preferredMaintenanceWindow: PREFERRED_MAINTENANCE_WINDOW, + }), + }); + + // THEN + const template = Template.fromStack(stack); + // maintenance window is set + template.hasResourceProperties('AWS::RDS::DBInstance', Match.objectLike({ + PreferredMaintenanceWindow: PREFERRED_MAINTENANCE_WINDOW, + })); + }); + test('preferredMaintenanceWindow provided in readers', () => { + // GIVEN + const stack = testStack(); + const vpc = new ec2.Vpc(stack, 'VPC'); + + const PREFERRED_MAINTENANCE_WINDOW: string = 'Sun:12:00-Sun:13:00'; + + // WHEN + new DatabaseCluster(stack, 'Database', { + engine: DatabaseClusterEngine.AURORA, + vpc: vpc, + writer: ClusterInstance.provisioned('Instance1', { + // No preferredMaintenanceWindow set + }), + readers: [ + ClusterInstance.provisioned('Instance2', { + preferredMaintenanceWindow: PREFERRED_MAINTENANCE_WINDOW, + }), + ], + }); + // THEN const template = Template.fromStack(stack); // maintenance window is set From 21dba2194819ccb244fcdbc5007c055f3930b4e1 Mon Sep 17 00:00:00 2001 From: Parker Scanlon <69879391+scanlonp@users.noreply.github.com> Date: Fri, 5 Apr 2024 16:56:33 -0700 Subject: [PATCH 12/14] fix(cli): diff with changeset fails if deploy role cannot be assumed (#29718) Closes #29650 ### Description of changes This addresses the issue in two ways: 1. If the describeStacks call errors out, we now catch it and default to classic diff behavior. 2. The describeStacks call now tries to use the lookup role rather than the deploy role. ### Description of how you validated changes Manual testing with a user that could only assume lookup roles. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- packages/aws-cdk/lib/api/deployments.ts | 8 +- packages/aws-cdk/lib/cdk-toolkit.ts | 40 +++++--- packages/aws-cdk/test/diff.test.ts | 123 +++++++++++++++++++++++- 3 files changed, 158 insertions(+), 13 deletions(-) diff --git a/packages/aws-cdk/lib/api/deployments.ts b/packages/aws-cdk/lib/api/deployments.ts index b7bea90c56c28..f407ffd774776 100644 --- a/packages/aws-cdk/lib/api/deployments.ts +++ b/packages/aws-cdk/lib/api/deployments.ts @@ -265,6 +265,7 @@ export interface DestroyStackOptions { export interface StackExistsOptions { stack: cxapi.CloudFormationStackArtifact; deployName?: string; + tryLookupRole?: boolean; } export interface DeploymentsProps { @@ -430,7 +431,12 @@ export class Deployments { } public async stackExists(options: StackExistsOptions): Promise { - const { stackSdk } = await this.prepareSdkFor(options.stack, undefined, Mode.ForReading); + let stackSdk; + if (options.tryLookupRole) { + stackSdk = (await this.prepareSdkWithLookupOrDeployRole(options.stack)).stackSdk; + } else { + stackSdk = (await this.prepareSdkFor(options.stack, undefined, Mode.ForReading)).stackSdk; + } const stack = await CloudFormationStack.lookup(stackSdk.cloudFormation(), options.deployName ?? options.stack.stackName); return stack.exists; } diff --git a/packages/aws-cdk/lib/cdk-toolkit.ts b/packages/aws-cdk/lib/cdk-toolkit.ts index e2614a3710aad..e1c4571182999 100644 --- a/packages/aws-cdk/lib/cdk-toolkit.ts +++ b/packages/aws-cdk/lib/cdk-toolkit.ts @@ -139,10 +139,19 @@ export class CdkToolkit { let changeSet = undefined; if (options.changeSet) { - const stackExists = await this.props.deployments.stackExists({ - stack: stacks.firstStack, - deployName: stacks.firstStack.stackName, - }); + let stackExists = false; + try { + stackExists = await this.props.deployments.stackExists({ + stack: stacks.firstStack, + deployName: stacks.firstStack.stackName, + tryLookupRole: true, + }); + } catch (e: any) { + debug(e.message); + stream.write('Checking if the stack exists before creating the changeset has failed, will base the diff on template differences (run again with -v to see the reason)\n'); + stackExists = false; + } + if (stackExists) { changeSet = await createDiffChangeSet({ stack: stacks.firstStack, @@ -154,7 +163,7 @@ export class CdkToolkit { stream, }); } else { - debug(`the stack '${stacks.firstStack.stackName}' has not been deployed to CloudFormation, skipping changeset creation.`); + debug(`the stack '${stacks.firstStack.stackName}' has not been deployed to CloudFormation or describeStacks call failed, skipping changeset creation.`); } } @@ -183,11 +192,20 @@ export class CdkToolkit { let changeSet = undefined; if (options.changeSet) { - // only perform this check if we're going to make a changeset. This check requires permissions that --no-changeset users might not have. - const stackExists = await this.props.deployments.stackExists({ - stack: stack, - deployName: stack.stackName, - }); + + let stackExists = false; + try { + stackExists = await this.props.deployments.stackExists({ + stack, + deployName: stack.stackName, + tryLookupRole: true, + }); + } catch (e: any) { + debug(e.message); + stream.write('Checking if the stack exists before creating the changeset has failed, will base the diff on template differences (run again with -v to see the reason)\n'); + stackExists = false; + } + if (stackExists) { changeSet = await createDiffChangeSet({ stack, @@ -200,7 +218,7 @@ export class CdkToolkit { stream, }); } else { - debug(`the stack '${stack.stackName}' has not been deployed to CloudFormation, skipping changeset creation.`); + debug(`the stack '${stack.stackName}' has not been deployed to CloudFormation or describeStacks call failed, skipping changeset creation.`); } } diff --git a/packages/aws-cdk/test/diff.test.ts b/packages/aws-cdk/test/diff.test.ts index e120103390087..0678513c9736c 100644 --- a/packages/aws-cdk/test/diff.test.ts +++ b/packages/aws-cdk/test/diff.test.ts @@ -335,8 +335,86 @@ describe('non-nested stacks', () => { expect(buffer.data.trim()).not.toContain('There were no differences'); expect(exitCode).toBe(0); }); +}); + +describe('stack exists checks', () => { + beforeEach(() => { + + jest.resetAllMocks(); + + cloudExecutable = new MockCloudExecutable({ + stacks: [{ + stackName: 'A', + template: { resource: 'A' }, + }, + { + stackName: 'B', + depends: ['A'], + template: { resource: 'B' }, + }, + { + stackName: 'C', + depends: ['A'], + template: { resource: 'C' }, + metadata: { + '/resource': [ + { + type: cxschema.ArtifactMetadataEntryType.ERROR, + data: 'this is an error', + }, + ], + }, + }, + { + stackName: 'D', + template: { resource: 'D' }, + }], + }); + + cloudFormation = instanceMockFrom(Deployments); + + toolkit = new CdkToolkit({ + cloudExecutable, + deployments: cloudFormation, + configuration: cloudExecutable.configuration, + sdkProvider: cloudExecutable.sdkProvider, + }); - test('diff does not check for stack existence when --no-changeset is passed', async () => { + // Default implementations + cloudFormation.readCurrentTemplateWithNestedStacks.mockImplementation((stackArtifact: CloudFormationStackArtifact) => { + if (stackArtifact.stackName === 'D') { + return Promise.resolve({ + deployedRootTemplate: { resource: 'D' }, + nestedStacks: {}, + }); + } + return Promise.resolve({ + deployedRootTemplate: {}, + nestedStacks: {}, + }); + }); + cloudFormation.deployStack.mockImplementation((options) => Promise.resolve({ + noOp: true, + outputs: {}, + stackArn: '', + stackArtifact: options.stack, + })); + + jest.spyOn(cfn, 'createDiffChangeSet').mockImplementationOnce(async () => { + return { + Changes: [ + { + ResourceChange: { + Action: 'Dummy', + LogicalResourceId: 'Object', + }, + }, + ], + }; + }); + }); + + test('diff does not check for stack existence when --no-change-set is passed', async () => { // GIVEN const buffer = new StringWritable(); @@ -353,6 +431,49 @@ describe('non-nested stacks', () => { expect(exitCode).toBe(0); expect(cloudFormation.stackExists).not.toHaveBeenCalled(); }); + + test('diff falls back to classic diff when stack does not exist', async () => { + // GIVEN + const buffer = new StringWritable(); + cloudFormation.stackExists = jest.fn().mockReturnValue(Promise.resolve(false)); + + // WHEN + const exitCode = await toolkit.diff({ + stackNames: ['A', 'A'], + stream: buffer, + fail: false, + quiet: true, + changeSet: true, + }); + + // THEN + expect(exitCode).toBe(0); + expect(cloudFormation.stackExists).toHaveBeenCalled(); + expect(cfn.createDiffChangeSet).not.toHaveBeenCalled(); + }); + + test('diff falls back to classic diff when stackExists call fails', async () => { + // GIVEN + const buffer = new StringWritable(); + + cloudFormation.stackExists.mockImplementation(() => { + throw new Error('Fail fail fail'); + }); + + // WHEN + const exitCode = await toolkit.diff({ + stackNames: ['A', 'A'], + stream: buffer, + fail: false, + quiet: true, + changeSet: true, + }); + + // THEN + expect(exitCode).toBe(0); + expect(cloudFormation.stackExists).toHaveBeenCalled(); + expect(cfn.createDiffChangeSet).not.toHaveBeenCalled(); + }); }); describe('nested stacks', () => { From 455534475c92624766711fe669fb2864089d2644 Mon Sep 17 00:00:00 2001 From: AWS CDK Team Date: Sat, 6 Apr 2024 00:42:53 +0000 Subject: [PATCH 13/14] chore(release): 2.136.0 --- CHANGELOG.v2.alpha.md | 2 ++ CHANGELOG.v2.md | 23 +++++++++++++++++++++++ version.v2.json | 4 ++-- 3 files changed, 27 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.v2.alpha.md b/CHANGELOG.v2.alpha.md index 3d1dc287c5f0b..13e78a74e2e2a 100644 --- a/CHANGELOG.v2.alpha.md +++ b/CHANGELOG.v2.alpha.md @@ -2,6 +2,8 @@ All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines. +## [2.136.0-alpha.0](https://github.com/aws/aws-cdk/compare/v2.135.0-alpha.0...v2.136.0-alpha.0) (2024-04-06) + ## [2.135.0-alpha.0](https://github.com/aws/aws-cdk/compare/v2.134.0-alpha.0...v2.135.0-alpha.0) (2024-04-01) ## [2.134.0-alpha.0](https://github.com/aws/aws-cdk/compare/v2.133.0-alpha.0...v2.134.0-alpha.0) (2024-03-26) diff --git a/CHANGELOG.v2.md b/CHANGELOG.v2.md index b4cf5f6734f99..54e9bda9f8c21 100644 --- a/CHANGELOG.v2.md +++ b/CHANGELOG.v2.md @@ -2,6 +2,29 @@ All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines. +## [2.136.0](https://github.com/aws/aws-cdk/compare/v2.135.0...v2.136.0) (2024-04-06) + + +### Features + +* **rds:** specify PreferredMaintenanceWindow in reader or writer props ([#29686](https://github.com/aws/aws-cdk/issues/29686)) ([615ee2d](https://github.com/aws/aws-cdk/commit/615ee2de1cbf42770cd9d2d171196513f6602eb1)), closes [#29687](https://github.com/aws/aws-cdk/issues/29687) [#29687](https://github.com/aws/aws-cdk/issues/29687) +* **stepfunction:** add enableExecuteCommand to sfn ECSRunTask ([#29638](https://github.com/aws/aws-cdk/issues/29638)) ([d5b8594](https://github.com/aws/aws-cdk/commit/d5b8594f133b532f5fd8f39ad3df23dffbe6ba85)), closes [#29637](https://github.com/aws/aws-cdk/issues/29637) [#29637](https://github.com/aws/aws-cdk/issues/29637) + + +### Bug Fixes + +* **cli:** diff with changeset fails if deploy role cannot be assumed ([#29718](https://github.com/aws/aws-cdk/issues/29718)) ([21dba21](https://github.com/aws/aws-cdk/commit/21dba2194819ccb244fcdbc5007c055f3930b4e1)), closes [#29650](https://github.com/aws/aws-cdk/issues/29650) +* **cloudwatch-actions:** `LambdaAction` fails if added to multiple action types ([#29515](https://github.com/aws/aws-cdk/issues/29515)) ([a12887b](https://github.com/aws/aws-cdk/commit/a12887b593ef6796f63bf754a3d381676d2e5155)), closes [#29514](https://github.com/aws/aws-cdk/issues/29514) +* **elasticloadbalancerV2:** logicalId supports switch from addTargetGroups (under feature flag) ([#29513](https://github.com/aws/aws-cdk/issues/29513)) ([8e3848c](https://github.com/aws/aws-cdk/commit/8e3848c4a91e7a32af91c01aad11540ef47abcc4)), closes [#29496](https://github.com/aws/aws-cdk/issues/29496) +* **iam:** grantAssumeRole silently fails with service and account principals ([#29452](https://github.com/aws/aws-cdk/issues/29452)) ([36fd79d](https://github.com/aws/aws-cdk/commit/36fd79d8714bd29527bb1184ec10cd504b83510d)), closes [#24507](https://github.com/aws/aws-cdk/issues/24507) +* **pipelines:** codeStar connection accepts nested repository ([#29631](https://github.com/aws/aws-cdk/issues/29631)) ([10357c0](https://github.com/aws/aws-cdk/commit/10357c0ab6be105e0d988b9045bcfe99faf69cbd)), closes [#27504](https://github.com/aws/aws-cdk/issues/27504) +* **s3-assets:** throw if path property is empty ([#29425](https://github.com/aws/aws-cdk/issues/29425)) ([2814011](https://github.com/aws/aws-cdk/commit/2814011fdbafad87af9f7a1cad143a19eae30a05)), closes [#29410](https://github.com/aws/aws-cdk/issues/29410) [/github.com/aws/aws-cdk/blob/730fe63efc461c14f6e2b4aa9206c10f9b0f4cd9/packages/aws-cdk-lib/aws-s3-assets/lib/asset.ts#L145](https://github.com/aws//github.com/aws/aws-cdk/blob/730fe63efc461c14f6e2b4aa9206c10f9b0f4cd9/packages/aws-cdk-lib/aws-s3-assets/lib/asset.ts/issues/L145) + + +### Reverts + +* "fix(elasticloadbalancerV2): logicalId supports switch from addTargetGroups (under feature flag)" ([#29716](https://github.com/aws/aws-cdk/issues/29716)) ([b82320b](https://github.com/aws/aws-cdk/commit/b82320b08ebcda98b85be8ceb56a5a4b39511d4a)), closes [aws/aws-cdk#29513](https://github.com/aws/aws-cdk/issues/29513) + ## [2.135.0](https://github.com/aws/aws-cdk/compare/v2.134.0...v2.135.0) (2024-04-01) diff --git a/version.v2.json b/version.v2.json index 66daf6c133fa3..83ea9df62ce5e 100644 --- a/version.v2.json +++ b/version.v2.json @@ -1,4 +1,4 @@ { - "version": "2.135.0", - "alphaVersion": "2.135.0-alpha.0" + "version": "2.136.0", + "alphaVersion": "2.136.0-alpha.0" } \ No newline at end of file From fe966252b97a2effb1bf11d13bc9cc6533ff132a Mon Sep 17 00:00:00 2001 From: Parker Scanlon <69879391+scanlonp@users.noreply.github.com> Date: Fri, 5 Apr 2024 18:02:04 -0700 Subject: [PATCH 14/14] chore: clean changelog --- CHANGELOG.v2.md | 12 +++--------- 1 file changed, 3 insertions(+), 9 deletions(-) diff --git a/CHANGELOG.v2.md b/CHANGELOG.v2.md index 54e9bda9f8c21..c4f41fdefd694 100644 --- a/CHANGELOG.v2.md +++ b/CHANGELOG.v2.md @@ -7,23 +7,17 @@ All notable changes to this project will be documented in this file. See [standa ### Features -* **rds:** specify PreferredMaintenanceWindow in reader or writer props ([#29686](https://github.com/aws/aws-cdk/issues/29686)) ([615ee2d](https://github.com/aws/aws-cdk/commit/615ee2de1cbf42770cd9d2d171196513f6602eb1)), closes [#29687](https://github.com/aws/aws-cdk/issues/29687) [#29687](https://github.com/aws/aws-cdk/issues/29687) -* **stepfunction:** add enableExecuteCommand to sfn ECSRunTask ([#29638](https://github.com/aws/aws-cdk/issues/29638)) ([d5b8594](https://github.com/aws/aws-cdk/commit/d5b8594f133b532f5fd8f39ad3df23dffbe6ba85)), closes [#29637](https://github.com/aws/aws-cdk/issues/29637) [#29637](https://github.com/aws/aws-cdk/issues/29637) +* **rds:** specify PreferredMaintenanceWindow in reader or writer props ([#29686](https://github.com/aws/aws-cdk/issues/29686)) ([615ee2d](https://github.com/aws/aws-cdk/commit/615ee2de1cbf42770cd9d2d171196513f6602eb1)), closes [#29687](https://github.com/aws/aws-cdk/issues/29687) +* **stepfunction:** add enableExecuteCommand to sfn ECSRunTask ([#29638](https://github.com/aws/aws-cdk/issues/29638)) ([d5b8594](https://github.com/aws/aws-cdk/commit/d5b8594f133b532f5fd8f39ad3df23dffbe6ba85)), closes [#29637](https://github.com/aws/aws-cdk/issues/29637) ### Bug Fixes * **cli:** diff with changeset fails if deploy role cannot be assumed ([#29718](https://github.com/aws/aws-cdk/issues/29718)) ([21dba21](https://github.com/aws/aws-cdk/commit/21dba2194819ccb244fcdbc5007c055f3930b4e1)), closes [#29650](https://github.com/aws/aws-cdk/issues/29650) * **cloudwatch-actions:** `LambdaAction` fails if added to multiple action types ([#29515](https://github.com/aws/aws-cdk/issues/29515)) ([a12887b](https://github.com/aws/aws-cdk/commit/a12887b593ef6796f63bf754a3d381676d2e5155)), closes [#29514](https://github.com/aws/aws-cdk/issues/29514) -* **elasticloadbalancerV2:** logicalId supports switch from addTargetGroups (under feature flag) ([#29513](https://github.com/aws/aws-cdk/issues/29513)) ([8e3848c](https://github.com/aws/aws-cdk/commit/8e3848c4a91e7a32af91c01aad11540ef47abcc4)), closes [#29496](https://github.com/aws/aws-cdk/issues/29496) * **iam:** grantAssumeRole silently fails with service and account principals ([#29452](https://github.com/aws/aws-cdk/issues/29452)) ([36fd79d](https://github.com/aws/aws-cdk/commit/36fd79d8714bd29527bb1184ec10cd504b83510d)), closes [#24507](https://github.com/aws/aws-cdk/issues/24507) * **pipelines:** codeStar connection accepts nested repository ([#29631](https://github.com/aws/aws-cdk/issues/29631)) ([10357c0](https://github.com/aws/aws-cdk/commit/10357c0ab6be105e0d988b9045bcfe99faf69cbd)), closes [#27504](https://github.com/aws/aws-cdk/issues/27504) -* **s3-assets:** throw if path property is empty ([#29425](https://github.com/aws/aws-cdk/issues/29425)) ([2814011](https://github.com/aws/aws-cdk/commit/2814011fdbafad87af9f7a1cad143a19eae30a05)), closes [#29410](https://github.com/aws/aws-cdk/issues/29410) [/github.com/aws/aws-cdk/blob/730fe63efc461c14f6e2b4aa9206c10f9b0f4cd9/packages/aws-cdk-lib/aws-s3-assets/lib/asset.ts#L145](https://github.com/aws//github.com/aws/aws-cdk/blob/730fe63efc461c14f6e2b4aa9206c10f9b0f4cd9/packages/aws-cdk-lib/aws-s3-assets/lib/asset.ts/issues/L145) - - -### Reverts - -* "fix(elasticloadbalancerV2): logicalId supports switch from addTargetGroups (under feature flag)" ([#29716](https://github.com/aws/aws-cdk/issues/29716)) ([b82320b](https://github.com/aws/aws-cdk/commit/b82320b08ebcda98b85be8ceb56a5a4b39511d4a)), closes [aws/aws-cdk#29513](https://github.com/aws/aws-cdk/issues/29513) +* **s3-assets:** throw if path property is empty ([#29425](https://github.com/aws/aws-cdk/issues/29425)) ([2814011](https://github.com/aws/aws-cdk/commit/2814011fdbafad87af9f7a1cad143a19eae30a05)), closes [#29410](https://github.com/aws/aws-cdk/issues/29410) ## [2.135.0](https://github.com/aws/aws-cdk/compare/v2.134.0...v2.135.0) (2024-04-01)