From 064302007e902a1521ccc6948a5691cd777afc15 Mon Sep 17 00:00:00 2001 From: Kaizen Conroy <36202692+kaizencc@users.noreply.github.com> Date: Fri, 19 May 2023 14:25:21 -0400 Subject: [PATCH 01/33] feat(cli): logging can be corked (#25644) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 🍾 This PR extends #25536 by fixing issues with logging. - Asset building and publishing are now completely separate tasks, so there is never a need for the "Building and Publishing" message in cdk-assets. I've removed a good chunk of unnecessary private props in `AssetPublisher` and now we simply print `Building` when building an asset and `Publishing` when publishing an asset. No combos anymore. - Asset build/publish can now happen concurrently with stack deployments when there are no dependencies between the two, but if `--require-approval` is set (which it is by default), sensitive stack deployments prompt the user for a `y/n` response before deployment. Additional asset related messages may come in at this time, cluttering the log. The solution here is to implement a cork that is turned on when prompting the user and turned off after user input. When using the helper function `withCorkedLogging(callback)`, logs will instead be stored in memory and released when the cork is popped. Testing: There's not a great way to test these changes in code since they should only affect logging. Instead, I hope the following photos suffice: Before the lock change, logging looked like this: Screen Shot 2023-05-18 at 4 59 35 PM Now it looks like this in the same scenario: Screen Shot 2023-05-18 at 4 49 39 PM The screenshots also show the logs that say `Building` and `Publishing` separately rather than `Building and Publishing` as it did before. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- packages/aws-cdk/lib/cdk-toolkit.ts | 37 +++++++-------- packages/aws-cdk/lib/logging.ts | 38 ++++++++++++++- packages/cdk-assets/lib/publishing.ts | 46 ++++--------------- .../cdk-assets/test/docker-images.test.ts | 2 +- 4 files changed, 66 insertions(+), 57 deletions(-) diff --git a/packages/aws-cdk/lib/cdk-toolkit.ts b/packages/aws-cdk/lib/cdk-toolkit.ts index 8e56480e9f4c5..7cf0ccc6b42f1 100644 --- a/packages/aws-cdk/lib/cdk-toolkit.ts +++ b/packages/aws-cdk/lib/cdk-toolkit.ts @@ -17,7 +17,7 @@ import { CloudWatchLogEventMonitor } from './api/logs/logs-monitor'; import { StackActivityProgress } from './api/util/cloudformation/stack-activity-monitor'; import { printSecurityDiff, printStackDiff, RequireApproval } from './diff'; import { ResourceImporter } from './import'; -import { data, debug, error, highlight, print, success, warning } from './logging'; +import { data, debug, error, highlight, print, success, warning, withCorkedLogging } from './logging'; import { deserializeStructure, serializeStructure } from './serialize'; import { Configuration, PROJECT_CONFIG } from './settings'; import { numberFromBool, partition } from './util'; @@ -238,23 +238,24 @@ export class CdkToolkit { if (requireApproval !== RequireApproval.Never) { const currentTemplate = await this.props.deployments.readCurrentTemplate(stack); if (printSecurityDiff(currentTemplate, stack, requireApproval)) { - - // only talk to user if STDIN is a terminal (otherwise, fail) - if (!process.stdin.isTTY) { - throw new Error( - '"--require-approval" is enabled and stack includes security-sensitive updates, ' + - 'but terminal (TTY) is not attached so we are unable to get a confirmation from the user'); - } - - // only talk to user if concurrency is 1 (otherwise, fail) - if (concurrency > 1) { - throw new Error( - '"--require-approval" is enabled and stack includes security-sensitive updates, ' + - 'but concurrency is greater than 1 so we are unable to get a confirmation from the user'); - } - - const confirmed = await promptly.confirm('Do you wish to deploy these changes (y/n)?'); - if (!confirmed) { throw new Error('Aborted by user'); } + await withCorkedLogging(async () => { + // only talk to user if STDIN is a terminal (otherwise, fail) + if (!process.stdin.isTTY) { + throw new Error( + '"--require-approval" is enabled and stack includes security-sensitive updates, ' + + 'but terminal (TTY) is not attached so we are unable to get a confirmation from the user'); + } + + // only talk to user if concurrency is 1 (otherwise, fail) + if (concurrency > 1) { + throw new Error( + '"--require-approval" is enabled and stack includes security-sensitive updates, ' + + 'but concurrency is greater than 1 so we are unable to get a confirmation from the user'); + } + + const confirmed = await promptly.confirm('Do you wish to deploy these changes (y/n)?'); + if (!confirmed) { throw new Error('Aborted by user'); } + }); } } diff --git a/packages/aws-cdk/lib/logging.ts b/packages/aws-cdk/lib/logging.ts index ceade56caed6d..50f739f185216 100644 --- a/packages/aws-cdk/lib/logging.ts +++ b/packages/aws-cdk/lib/logging.ts @@ -7,6 +7,34 @@ const { stdout, stderr } = process; type WritableFactory = () => Writable; +export async function withCorkedLogging(block: () => Promise): Promise { + corkLogging(); + try { + return await block(); + } finally { + uncorkLogging(); + } +} + +let CORK_COUNTER = 0; +const logBuffer: [Writable, string][] = []; + +function corked() { + return CORK_COUNTER !== 0; +} + +function corkLogging() { + CORK_COUNTER += 1; +} + +function uncorkLogging() { + CORK_COUNTER -= 1; + if (!corked()) { + logBuffer.forEach(([stream, str]) => stream.write(str + '\n')); + logBuffer.splice(0); + } +} + const logger = (stream: Writable | WritableFactory, styles?: StyleFn[], timestamp?: boolean) => (fmt: string, ...args: unknown[]) => { const ts = timestamp ? `[${formatTime(new Date())}] ` : ''; @@ -15,11 +43,19 @@ const logger = (stream: Writable | WritableFactory, styles?: StyleFn[], timestam str = styles.reduce((a, style) => style(a), str); } - const realStream = typeof stream === 'function' ? stream() : stream; + + // Logger is currently corked, so we store the message to be printed + // later when we are uncorked. + if (corked()) { + logBuffer.push([realStream, str]); + return; + } + realStream.write(str + '\n'); }; + function formatTime(d: Date) { return `${lpad(d.getHours(), 2)}:${lpad(d.getMinutes(), 2)}:${lpad(d.getSeconds(), 2)}`; diff --git a/packages/cdk-assets/lib/publishing.ts b/packages/cdk-assets/lib/publishing.ts index c35a0254e55ed..9e38308cd7e66 100644 --- a/packages/cdk-assets/lib/publishing.ts +++ b/packages/cdk-assets/lib/publishing.ts @@ -82,9 +82,6 @@ export class AssetPublishing implements IPublishProgress { private readonly publishInParallel: boolean; private readonly buildAssets: boolean; private readonly publishAssets: boolean; - private readonly startMessagePrefix: string; - private readonly successMessagePrefix: string; - private readonly errorMessagePrefix: string; private readonly handlerCache = new Map(); constructor(private readonly manifest: AssetManifest, private readonly options: AssetPublishingOptions) { @@ -94,34 +91,6 @@ export class AssetPublishing implements IPublishProgress { this.buildAssets = options.buildAssets ?? true; this.publishAssets = options.publishAssets ?? true; - const getMessages = () => { - if (this.buildAssets && this.publishAssets) { - return { - startMessagePrefix: 'Building and publishing', - successMessagePrefix: 'Built and published', - errorMessagePrefix: 'Error building and publishing', - }; - } else if (this.buildAssets) { - return { - startMessagePrefix: 'Building', - successMessagePrefix: 'Built', - errorMessagePrefix: 'Error building', - }; - } else { - return { - startMessagePrefix: 'Publishing', - successMessagePrefix: 'Published', - errorMessagePrefix: 'Error publishing', - }; - } - }; - - const messages = getMessages(); - - this.startMessagePrefix = messages.startMessagePrefix; - this.successMessagePrefix = messages.successMessagePrefix; - this.errorMessagePrefix = messages.errorMessagePrefix; - const self = this; this.handlerHost = { aws: this.options.aws, @@ -146,7 +115,7 @@ export class AssetPublishing implements IPublishProgress { } if ((this.options.throwOnError ?? true) && this.failures.length > 0) { - throw new Error(`${this.errorMessagePrefix}: ${this.failures.map(e => e.error.message)}`); + throw new Error(`Error publishing: ${this.failures.map(e => e.error.message)}`); } } @@ -155,7 +124,7 @@ export class AssetPublishing implements IPublishProgress { */ public async buildEntry(asset: IManifestEntry) { try { - if (this.progressEvent(EventType.START, `${this.startMessagePrefix} ${asset.id}`)) { return false; } + if (this.progressEvent(EventType.START, `Building ${asset.id}`)) { return false; } const handler = this.assetHandler(asset); await handler.build(); @@ -163,6 +132,9 @@ export class AssetPublishing implements IPublishProgress { if (this.aborted) { throw new Error('Aborted'); } + + this.completedOperations++; + if (this.progressEvent(EventType.SUCCESS, `Built ${asset.id}`)) { return false; } } catch (e: any) { this.failures.push({ asset, error: e }); this.completedOperations++; @@ -177,7 +149,7 @@ export class AssetPublishing implements IPublishProgress { */ public async publishEntry(asset: IManifestEntry) { try { - if (this.progressEvent(EventType.UPLOAD, `${this.startMessagePrefix} ${asset.id}`)) { return false; } + if (this.progressEvent(EventType.START, `Publishing ${asset.id}`)) { return false; } const handler = this.assetHandler(asset); await handler.publish(); @@ -187,7 +159,7 @@ export class AssetPublishing implements IPublishProgress { } this.completedOperations++; - if (this.progressEvent(EventType.SUCCESS, `${this.successMessagePrefix} ${asset.id}`)) { return false; } + if (this.progressEvent(EventType.SUCCESS, `Published ${asset.id}`)) { return false; } } catch (e: any) { this.failures.push({ asset, error: e }); this.completedOperations++; @@ -212,7 +184,7 @@ export class AssetPublishing implements IPublishProgress { */ private async publishAsset(asset: IManifestEntry) { try { - if (this.progressEvent(EventType.START, `${this.startMessagePrefix} ${asset.id}`)) { return false; } + if (this.progressEvent(EventType.START, `Publishing ${asset.id}`)) { return false; } const handler = this.assetHandler(asset); @@ -229,7 +201,7 @@ export class AssetPublishing implements IPublishProgress { } this.completedOperations++; - if (this.progressEvent(EventType.SUCCESS, `${this.successMessagePrefix} ${asset.id}`)) { return false; } + if (this.progressEvent(EventType.SUCCESS, `Published ${asset.id}`)) { return false; } } catch (e: any) { this.failures.push({ asset, error: e }); this.completedOperations++; diff --git a/packages/cdk-assets/test/docker-images.test.ts b/packages/cdk-assets/test/docker-images.test.ts index 688828a68c021..18b713947c365 100644 --- a/packages/cdk-assets/test/docker-images.test.ts +++ b/packages/cdk-assets/test/docker-images.test.ts @@ -247,7 +247,7 @@ describe('with a complete manifest', () => { test('Displays an error if the ECR repository cannot be found', async () => { aws.mockEcr.describeImages = mockedApiFailure('RepositoryNotFoundException', 'Repository not Found'); - await expect(pub.publish()).rejects.toThrow('Error building and publishing: Repository not Found'); + await expect(pub.publish()).rejects.toThrow('Error publishing: Repository not Found'); }); test('successful run does not need to query account ID', async () => { From 890c3b9d043afa9f185993ce0dbeec325cbcd941 Mon Sep 17 00:00:00 2001 From: AWS CDK Team Date: Fri, 19 May 2023 18:48:12 +0000 Subject: [PATCH 02/33] chore(release): 2.80.0 --- CHANGELOG.v2.alpha.md | 2 ++ CHANGELOG.v2.md | 25 +++++++++++++++++++++++++ version.v2.json | 4 ++-- 3 files changed, 29 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.v2.alpha.md b/CHANGELOG.v2.alpha.md index 7aed20c525d1b..4cc0a991fd01f 100644 --- a/CHANGELOG.v2.alpha.md +++ b/CHANGELOG.v2.alpha.md @@ -2,6 +2,8 @@ All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines. +## [2.80.0-alpha.0](https://github.com/aws/aws-cdk/compare/v2.79.1-alpha.0...v2.80.0-alpha.0) (2023-05-19) + ## [2.79.1-alpha.0](https://github.com/aws/aws-cdk/compare/v2.79.0-alpha.0...v2.79.1-alpha.0) (2023-05-11) ## [2.79.0-alpha.0](https://github.com/aws/aws-cdk/compare/v2.78.0-alpha.0...v2.79.0-alpha.0) (2023-05-10) diff --git a/CHANGELOG.v2.md b/CHANGELOG.v2.md index 25804a11a91a1..751cd4cb27cd0 100644 --- a/CHANGELOG.v2.md +++ b/CHANGELOG.v2.md @@ -2,6 +2,31 @@ All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines. +## [2.80.0](https://github.com/aws/aws-cdk/compare/v2.79.1...v2.80.0) (2023-05-19) + + +### ⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES + +* **eks:** A masters role is no longer provisioned by default. Use the `mastersRole` property to explicitly pass a role that needs cluster access. In addition, the creation role no longer allows any identity (with the appropriate `sts:AssumeRole` permissions) to assume it. + +### Features + +* **appmesh:** access log format support for app mesh ([#25229](https://github.com/aws/aws-cdk/issues/25229)) ([c4b00be](https://github.com/aws/aws-cdk/commit/c4b00bee9a2ada024c8d838ba083549bc69889f8)) +* **appsync:** Add Private API support when creating a GraphqlApi ([#25569](https://github.com/aws/aws-cdk/issues/25569)) ([d7e263d](https://github.com/aws/aws-cdk/commit/d7e263d5d175f5f189f3ea3d1a5501b975a26281)) +* **cfnspec:** cloudformation spec v122.0.0 ([#25555](https://github.com/aws/aws-cdk/issues/25555)) ([5ccc569](https://github.com/aws/aws-cdk/commit/5ccc56975c323ea19fd0917def51184e13f440d9)) +* **cli:** assets can now depend on stacks ([#25536](https://github.com/aws/aws-cdk/issues/25536)) ([25d5d60](https://github.com/aws/aws-cdk/commit/25d5d60fd0ed852b1817d749b65c68d5279b38a3)) +* **cli:** logging can be corked ([#25644](https://github.com/aws/aws-cdk/issues/25644)) ([0643020](https://github.com/aws/aws-cdk/commit/064302007e902a1521ccc6948a5691cd777afc15)), closes [#25536](https://github.com/aws/aws-cdk/issues/25536) +* **codepipeline-actions:** add KMSEncryptionKeyARN for S3DeployAction ([#24536](https://github.com/aws/aws-cdk/issues/24536)) ([b60876f](https://github.com/aws/aws-cdk/commit/b60876f7bd973f88e965c7e6204ced11c55c55a3)), closes [#24535](https://github.com/aws/aws-cdk/issues/24535) +* **eks:** alb controller include versions 2.4.2 - 2.5.1 ([#25330](https://github.com/aws/aws-cdk/issues/25330)) ([83c4c36](https://github.com/aws/aws-cdk/commit/83c4c36e56917be248bdee1bc11516982d50b17a)), closes [#25307](https://github.com/aws/aws-cdk/issues/25307) +* **msk:** Kafka version 3.4.0 ([#25557](https://github.com/aws/aws-cdk/issues/25557)) ([6317518](https://github.com/aws/aws-cdk/commit/6317518e5d68e5659237b676668fd69bfbd2f42f)), closes [#25522](https://github.com/aws/aws-cdk/issues/25522) +* **scheduler:** schedule expression construct ([#25422](https://github.com/aws/aws-cdk/issues/25422)) ([97a698e](https://github.com/aws/aws-cdk/commit/97a698ee9e1e47ffb4af5d7d06cd309ddd3a2732)) + + +### Bug Fixes + +* **bootstrap:** bootstrap doesn't work in non-aws partitions anymore (revert security hub finding fix) ([#25540](https://github.com/aws/aws-cdk/issues/25540)) ([8854739](https://github.com/aws/aws-cdk/commit/8854739a6b4cdd33dc0da3b76b634b5ab151437b)), closes [/github.com/aws/aws-cdk/issues/19380#issuecomment-1512009270](https://github.com/aws//github.com/aws/aws-cdk/issues/19380/issues/issuecomment-1512009270) [#25272](https://github.com/aws/aws-cdk/issues/25272) [#25273](https://github.com/aws/aws-cdk/issues/25273) [#25507](https://github.com/aws/aws-cdk/issues/25507) +* **eks:** overly permissive trust policies ([#25473](https://github.com/aws/aws-cdk/issues/25473)) ([51f0193](https://github.com/aws/aws-cdk/commit/51f0193bf34cca8254743561a1176e3ca5d83a74)) + ## [2.79.1](https://github.com/aws/aws-cdk/compare/v2.79.0...v2.79.1) (2023-05-11) diff --git a/version.v2.json b/version.v2.json index 5bfe47ffc5615..123906fe7ce30 100644 --- a/version.v2.json +++ b/version.v2.json @@ -1,4 +1,4 @@ { - "version": "2.79.1", - "alphaVersion": "2.79.1-alpha.0" + "version": "2.80.0", + "alphaVersion": "2.80.0-alpha.0" } \ No newline at end of file From ecb59fda50078e29d579b7b0ee82600f553aec75 Mon Sep 17 00:00:00 2001 From: Otavio Macedo <288203+otaviomacedo@users.noreply.github.com> Date: Fri, 19 May 2023 19:57:20 +0100 Subject: [PATCH 03/33] feat(apigateway): add grantExecute to API Methods (#25630) To grant permission to a user: ```ts const books = api.root.addResource('books'); books.grantExecute(user); ``` Closes https://github.com/aws/aws-cdk/issues/5198. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- .../GrantExecute.assets.json | 19 + .../GrantExecute.template.json | 179 +++++++++ ...efaultTestDeployAssertA66B6F20.assets.json | 19 + ...aultTestDeployAssertA66B6F20.template.json | 36 ++ .../cdk.out | 1 + .../integ.json | 12 + .../manifest.json | 153 ++++++++ .../tree.json | 355 ++++++++++++++++++ .../test/integ.method-grant-execute.ts | 19 + packages/aws-cdk-lib/aws-apigateway/README.md | 8 + .../aws-cdk-lib/aws-apigateway/lib/method.ts | 14 + .../aws-apigateway/test/method.test.ts | 48 +++ 12 files changed, 863 insertions(+) create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/integ.method-grant-execute.js.snapshot/GrantExecute.assets.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/integ.method-grant-execute.js.snapshot/GrantExecute.template.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/integ.method-grant-execute.js.snapshot/GrantExecuteTestDefaultTestDeployAssertA66B6F20.assets.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/integ.method-grant-execute.js.snapshot/GrantExecuteTestDefaultTestDeployAssertA66B6F20.template.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/integ.method-grant-execute.js.snapshot/cdk.out create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/integ.method-grant-execute.js.snapshot/integ.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/integ.method-grant-execute.js.snapshot/manifest.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/integ.method-grant-execute.js.snapshot/tree.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/integ.method-grant-execute.ts diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/integ.method-grant-execute.js.snapshot/GrantExecute.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/integ.method-grant-execute.js.snapshot/GrantExecute.assets.json new file mode 100644 index 0000000000000..0b10c220d7fac --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/integ.method-grant-execute.js.snapshot/GrantExecute.assets.json @@ -0,0 +1,19 @@ +{ + "version": "31.0.0", + "files": { + "454874b4674a38a5eb7ede0bc79fe77dcbf5062acaeb3b4424c7919758ae5191": { + "source": { + "path": "GrantExecute.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "454874b4674a38a5eb7ede0bc79fe77dcbf5062acaeb3b4424c7919758ae5191.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/integ.method-grant-execute.js.snapshot/GrantExecute.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/integ.method-grant-execute.js.snapshot/GrantExecute.template.json new file mode 100644 index 0000000000000..186a0e205a3f9 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/integ.method-grant-execute.js.snapshot/GrantExecute.template.json @@ -0,0 +1,179 @@ +{ + "Resources": { + "user2C2B57AE": { + "Type": "AWS::IAM::User" + }, + "userDefaultPolicy083DF682": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": "execute-api:Invoke", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":execute-api:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":", + { + "Ref": "testapiD6451F70" + }, + "/", + { + "Ref": "testapiDeploymentStageprod5C9E92A4" + }, + "/GET/pets" + ] + ] + } + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "userDefaultPolicy083DF682", + "Users": [ + { + "Ref": "user2C2B57AE" + } + ] + } + }, + "testapiD6451F70": { + "Type": "AWS::ApiGateway::RestApi", + "Properties": { + "Name": "test-api" + } + }, + "testapiDeployment356D2C358af14d7f8fefbad1c57a65ea01cc6136": { + "Type": "AWS::ApiGateway::Deployment", + "Properties": { + "RestApiId": { + "Ref": "testapiD6451F70" + }, + "Description": "Automatically created by the RestApi construct" + }, + "DependsOn": [ + "testapipetsGET25A78130", + "testapipets981F319E" + ] + }, + "testapiDeploymentStageprod5C9E92A4": { + "Type": "AWS::ApiGateway::Stage", + "Properties": { + "RestApiId": { + "Ref": "testapiD6451F70" + }, + "DeploymentId": { + "Ref": "testapiDeployment356D2C358af14d7f8fefbad1c57a65ea01cc6136" + }, + "StageName": "prod" + } + }, + "testapipets981F319E": { + "Type": "AWS::ApiGateway::Resource", + "Properties": { + "ParentId": { + "Fn::GetAtt": [ + "testapiD6451F70", + "RootResourceId" + ] + }, + "PathPart": "pets", + "RestApiId": { + "Ref": "testapiD6451F70" + } + } + }, + "testapipetsGET25A78130": { + "Type": "AWS::ApiGateway::Method", + "Properties": { + "HttpMethod": "GET", + "ResourceId": { + "Ref": "testapipets981F319E" + }, + "RestApiId": { + "Ref": "testapiD6451F70" + }, + "AuthorizationType": "NONE", + "Integration": { + "Type": "MOCK" + } + } + } + }, + "Outputs": { + "testapiEndpoint4AE34D29": { + "Value": { + "Fn::Join": [ + "", + [ + "https://", + { + "Ref": "testapiD6451F70" + }, + ".execute-api.", + { + "Ref": "AWS::Region" + }, + ".", + { + "Ref": "AWS::URLSuffix" + }, + "/", + { + "Ref": "testapiDeploymentStageprod5C9E92A4" + }, + "/" + ] + ] + } + } + }, + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/integ.method-grant-execute.js.snapshot/GrantExecuteTestDefaultTestDeployAssertA66B6F20.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/integ.method-grant-execute.js.snapshot/GrantExecuteTestDefaultTestDeployAssertA66B6F20.assets.json new file mode 100644 index 0000000000000..316bd7d581d68 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/integ.method-grant-execute.js.snapshot/GrantExecuteTestDefaultTestDeployAssertA66B6F20.assets.json @@ -0,0 +1,19 @@ +{ + "version": "31.0.0", + "files": { + "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { + "source": { + "path": "GrantExecuteTestDefaultTestDeployAssertA66B6F20.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/integ.method-grant-execute.js.snapshot/GrantExecuteTestDefaultTestDeployAssertA66B6F20.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/integ.method-grant-execute.js.snapshot/GrantExecuteTestDefaultTestDeployAssertA66B6F20.template.json new file mode 100644 index 0000000000000..ad9d0fb73d1dd --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/integ.method-grant-execute.js.snapshot/GrantExecuteTestDefaultTestDeployAssertA66B6F20.template.json @@ -0,0 +1,36 @@ +{ + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/integ.method-grant-execute.js.snapshot/cdk.out b/packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/integ.method-grant-execute.js.snapshot/cdk.out new file mode 100644 index 0000000000000..7925065efbcc4 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/integ.method-grant-execute.js.snapshot/cdk.out @@ -0,0 +1 @@ +{"version":"31.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/integ.method-grant-execute.js.snapshot/integ.json b/packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/integ.method-grant-execute.js.snapshot/integ.json new file mode 100644 index 0000000000000..3806bee2a2e3c --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/integ.method-grant-execute.js.snapshot/integ.json @@ -0,0 +1,12 @@ +{ + "version": "31.0.0", + "testCases": { + "GrantExecuteTest/DefaultTest": { + "stacks": [ + "GrantExecute" + ], + "assertionStack": "GrantExecuteTest/DefaultTest/DeployAssert", + "assertionStackName": "GrantExecuteTestDefaultTestDeployAssertA66B6F20" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/integ.method-grant-execute.js.snapshot/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/integ.method-grant-execute.js.snapshot/manifest.json new file mode 100644 index 0000000000000..06817f21c13a9 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/integ.method-grant-execute.js.snapshot/manifest.json @@ -0,0 +1,153 @@ +{ + "version": "31.0.0", + "artifacts": { + "GrantExecute.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "GrantExecute.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "GrantExecute": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "GrantExecute.template.json", + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/454874b4674a38a5eb7ede0bc79fe77dcbf5062acaeb3b4424c7919758ae5191.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "GrantExecute.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "GrantExecute.assets" + ], + "metadata": { + "/GrantExecute/user/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "user2C2B57AE" + } + ], + "/GrantExecute/user/DefaultPolicy/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "userDefaultPolicy083DF682" + } + ], + "/GrantExecute/test-api/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "testapiD6451F70" + } + ], + "/GrantExecute/test-api/Deployment/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "testapiDeployment356D2C358af14d7f8fefbad1c57a65ea01cc6136" + } + ], + "/GrantExecute/test-api/DeploymentStage.prod/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "testapiDeploymentStageprod5C9E92A4" + } + ], + "/GrantExecute/test-api/Endpoint": [ + { + "type": "aws:cdk:logicalId", + "data": "testapiEndpoint4AE34D29" + } + ], + "/GrantExecute/test-api/Default/pets/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "testapipets981F319E" + } + ], + "/GrantExecute/test-api/Default/pets/GET/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "testapipetsGET25A78130" + } + ], + "/GrantExecute/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/GrantExecute/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "GrantExecute" + }, + "GrantExecuteTestDefaultTestDeployAssertA66B6F20.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "GrantExecuteTestDefaultTestDeployAssertA66B6F20.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "GrantExecuteTestDefaultTestDeployAssertA66B6F20": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "GrantExecuteTestDefaultTestDeployAssertA66B6F20.template.json", + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "GrantExecuteTestDefaultTestDeployAssertA66B6F20.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "GrantExecuteTestDefaultTestDeployAssertA66B6F20.assets" + ], + "metadata": { + "/GrantExecuteTest/DefaultTest/DeployAssert/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/GrantExecuteTest/DefaultTest/DeployAssert/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "GrantExecuteTest/DefaultTest/DeployAssert" + }, + "Tree": { + "type": "cdk:tree", + "properties": { + "file": "tree.json" + } + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/integ.method-grant-execute.js.snapshot/tree.json b/packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/integ.method-grant-execute.js.snapshot/tree.json new file mode 100644 index 0000000000000..07fd5007601fd --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/integ.method-grant-execute.js.snapshot/tree.json @@ -0,0 +1,355 @@ +{ + "version": "tree-0.1", + "tree": { + "id": "App", + "path": "", + "children": { + "GrantExecute": { + "id": "GrantExecute", + "path": "GrantExecute", + "children": { + "user": { + "id": "user", + "path": "GrantExecute/user", + "children": { + "Resource": { + "id": "Resource", + "path": "GrantExecute/user/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::User", + "aws:cdk:cloudformation:props": {} + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnUser", + "version": "0.0.0" + } + }, + "DefaultPolicy": { + "id": "DefaultPolicy", + "path": "GrantExecute/user/DefaultPolicy", + "children": { + "Resource": { + "id": "Resource", + "path": "GrantExecute/user/DefaultPolicy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Policy", + "aws:cdk:cloudformation:props": { + "policyDocument": { + "Statement": [ + { + "Action": "execute-api:Invoke", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":execute-api:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":", + { + "Ref": "testapiD6451F70" + }, + "/", + { + "Ref": "testapiDeploymentStageprod5C9E92A4" + }, + "/GET/pets" + ] + ] + } + } + ], + "Version": "2012-10-17" + }, + "policyName": "userDefaultPolicy083DF682", + "users": [ + { + "Ref": "user2C2B57AE" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Policy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.User", + "version": "0.0.0" + } + }, + "test-api": { + "id": "test-api", + "path": "GrantExecute/test-api", + "children": { + "Resource": { + "id": "Resource", + "path": "GrantExecute/test-api/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::ApiGateway::RestApi", + "aws:cdk:cloudformation:props": { + "name": "test-api" + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_apigateway.CfnRestApi", + "version": "0.0.0" + } + }, + "Deployment": { + "id": "Deployment", + "path": "GrantExecute/test-api/Deployment", + "children": { + "Resource": { + "id": "Resource", + "path": "GrantExecute/test-api/Deployment/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::ApiGateway::Deployment", + "aws:cdk:cloudformation:props": { + "restApiId": { + "Ref": "testapiD6451F70" + }, + "description": "Automatically created by the RestApi construct" + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_apigateway.CfnDeployment", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_apigateway.Deployment", + "version": "0.0.0" + } + }, + "DeploymentStage.prod": { + "id": "DeploymentStage.prod", + "path": "GrantExecute/test-api/DeploymentStage.prod", + "children": { + "Resource": { + "id": "Resource", + "path": "GrantExecute/test-api/DeploymentStage.prod/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::ApiGateway::Stage", + "aws:cdk:cloudformation:props": { + "restApiId": { + "Ref": "testapiD6451F70" + }, + "deploymentId": { + "Ref": "testapiDeployment356D2C358af14d7f8fefbad1c57a65ea01cc6136" + }, + "stageName": "prod" + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_apigateway.CfnStage", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_apigateway.Stage", + "version": "0.0.0" + } + }, + "Endpoint": { + "id": "Endpoint", + "path": "GrantExecute/test-api/Endpoint", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnOutput", + "version": "0.0.0" + } + }, + "Default": { + "id": "Default", + "path": "GrantExecute/test-api/Default", + "children": { + "pets": { + "id": "pets", + "path": "GrantExecute/test-api/Default/pets", + "children": { + "Resource": { + "id": "Resource", + "path": "GrantExecute/test-api/Default/pets/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::ApiGateway::Resource", + "aws:cdk:cloudformation:props": { + "parentId": { + "Fn::GetAtt": [ + "testapiD6451F70", + "RootResourceId" + ] + }, + "pathPart": "pets", + "restApiId": { + "Ref": "testapiD6451F70" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_apigateway.CfnResource", + "version": "0.0.0" + } + }, + "GET": { + "id": "GET", + "path": "GrantExecute/test-api/Default/pets/GET", + "children": { + "Resource": { + "id": "Resource", + "path": "GrantExecute/test-api/Default/pets/GET/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::ApiGateway::Method", + "aws:cdk:cloudformation:props": { + "httpMethod": "GET", + "resourceId": { + "Ref": "testapipets981F319E" + }, + "restApiId": { + "Ref": "testapiD6451F70" + }, + "authorizationType": "NONE", + "integration": { + "type": "MOCK" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_apigateway.CfnMethod", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_apigateway.Method", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_apigateway.Resource", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_apigateway.ResourceBase", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_apigateway.RestApi", + "version": "0.0.0" + } + }, + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "GrantExecute/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "GrantExecute/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + }, + "GrantExecuteTest": { + "id": "GrantExecuteTest", + "path": "GrantExecuteTest", + "children": { + "DefaultTest": { + "id": "DefaultTest", + "path": "GrantExecuteTest/DefaultTest", + "children": { + "Default": { + "id": "Default", + "path": "GrantExecuteTest/DefaultTest/Default", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.2.25" + } + }, + "DeployAssert": { + "id": "DeployAssert", + "path": "GrantExecuteTest/DefaultTest/DeployAssert", + "children": { + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "GrantExecuteTest/DefaultTest/DeployAssert/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "GrantExecuteTest/DefaultTest/DeployAssert/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTestCase", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTest", + "version": "0.0.0" + } + }, + "Tree": { + "id": "Tree", + "path": "Tree", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.2.25" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.App", + "version": "0.0.0" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/integ.method-grant-execute.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/integ.method-grant-execute.ts new file mode 100644 index 0000000000000..9960bd3fde900 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/integ.method-grant-execute.ts @@ -0,0 +1,19 @@ +import * as iam from 'aws-cdk-lib/aws-iam'; +import * as cdk from 'aws-cdk-lib'; +import * as integ from '@aws-cdk/integ-tests-alpha'; +import * as apigw from 'aws-cdk-lib/aws-apigateway'; + + +const app = new cdk.App(); +const stack = new cdk.Stack(app, 'GrantExecute'); + +const user = new iam.User(stack, 'user'); +const api = new apigw.RestApi(stack, 'test-api'); +const method = api.root.addResource('pets').addMethod('GET'); +method.grantExecute(user); + +new integ.IntegTest(app, 'GrantExecuteTest', { + testCases: [stack], +}); + +app.synth(); diff --git a/packages/aws-cdk-lib/aws-apigateway/README.md b/packages/aws-cdk-lib/aws-apigateway/README.md index 9acadea42b75b..3008ba27848b3 100644 --- a/packages/aws-cdk-lib/aws-apigateway/README.md +++ b/packages/aws-cdk-lib/aws-apigateway/README.md @@ -60,6 +60,14 @@ book.addMethod('GET'); book.addMethod('DELETE'); ``` +To give an IAM User or Role permission to invoke a method, use `grantExecute`: + +```ts +declare user: iam.User; +const books = api.root.addResource('books'); +books.grantExecute(user); +``` + ## AWS Lambda-backed APIs A very common practice is to use Amazon API Gateway with AWS Lambda as the diff --git a/packages/aws-cdk-lib/aws-apigateway/lib/method.ts b/packages/aws-cdk-lib/aws-apigateway/lib/method.ts index 7a2850babbd4d..53f4b44eeed03 100644 --- a/packages/aws-cdk-lib/aws-apigateway/lib/method.ts +++ b/packages/aws-cdk-lib/aws-apigateway/lib/method.ts @@ -12,6 +12,7 @@ import { IRestApi, RestApi, RestApiBase } from './restapi'; import { IStage } from './stage'; import { validateHttpMethod } from './util'; import * as cloudwatch from '../../aws-cloudwatch'; +import * as iam from '../../aws-iam'; import { ArnFormat, FeatureFlags, Lazy, Names, Resource, Stack } from '../../core'; import { APIGATEWAY_REQUEST_VALIDATOR_UNIQUE_ID } from '../../cx-api'; @@ -455,6 +456,19 @@ export class Method extends Resource { return this.cannedMetric(ApiGatewayMetrics.latencyAverage, stage, props); } + /** + * Grants an IAM principal permission to invoke this method. + * + * @param grantee the principal + */ + public grantExecute(grantee: iam.IGrantable): iam.Grant { + return iam.Grant.addToPrincipal({ + grantee, + actions: ['execute-api:Invoke'], + resourceArns: [this.methodArn], + }); + } + private cannedMetric(fn: (dims: { ApiName: string; Method: string; diff --git a/packages/aws-cdk-lib/aws-apigateway/test/method.test.ts b/packages/aws-cdk-lib/aws-apigateway/test/method.test.ts index 81cd18ef8b0bb..1772c509ff3c4 100644 --- a/packages/aws-cdk-lib/aws-apigateway/test/method.test.ts +++ b/packages/aws-cdk-lib/aws-apigateway/test/method.test.ts @@ -1073,5 +1073,53 @@ describe('method', () => { expect(metric.color).toEqual(color); expect(metric.dimensions).toEqual({ ApiName: 'test-api', Method: 'GET', Resource: '/pets', Stage: api.deploymentStage.stageName }); }); + + test('grantExecute', () => { + // GIVEN + const stack = new cdk.Stack(); + const user = new iam.User(stack, 'user'); + + // WHEN + const api = new apigw.RestApi(stack, 'test-api'); + const method = api.root.addResource('pets').addMethod('GET'); + method.grantExecute(user); + + // THEN + Template.fromStack(stack).hasResourceProperties('AWS::IAM::Policy', { + PolicyDocument: { + Statement: [ + { + Action: 'execute-api:Invoke', + Effect: 'Allow', + Resource: { + 'Fn::Join': [ + '', + [ + 'arn:', + { + Ref: 'AWS::Partition', + }, + ':execute-api:', + { + Ref: 'AWS::Region', + }, + ':', + { Ref: 'AWS::AccountId' }, + ':', + { Ref: 'testapiD6451F70' }, + '/', + { Ref: 'testapiDeploymentStageprod5C9E92A4' }, + '/GET/pets', + ], + ], + }, + }, + ], + }, + Users: [{ + Ref: 'user2C2B57AE', + }], + }); + }); }); }); From 3288feeee84c7cb157d67754201ed53bb17dadbb Mon Sep 17 00:00:00 2001 From: AWS CDK Team Date: Fri, 19 May 2023 19:31:49 +0000 Subject: [PATCH 04/33] chore(release): 2.80.0 --- CHANGELOG.v2.alpha.md | 2 ++ CHANGELOG.v2.md | 26 ++++++++++++++++++++++++++ version.v2.json | 4 ++-- 3 files changed, 30 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.v2.alpha.md b/CHANGELOG.v2.alpha.md index 7aed20c525d1b..4cc0a991fd01f 100644 --- a/CHANGELOG.v2.alpha.md +++ b/CHANGELOG.v2.alpha.md @@ -2,6 +2,8 @@ All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines. +## [2.80.0-alpha.0](https://github.com/aws/aws-cdk/compare/v2.79.1-alpha.0...v2.80.0-alpha.0) (2023-05-19) + ## [2.79.1-alpha.0](https://github.com/aws/aws-cdk/compare/v2.79.0-alpha.0...v2.79.1-alpha.0) (2023-05-11) ## [2.79.0-alpha.0](https://github.com/aws/aws-cdk/compare/v2.78.0-alpha.0...v2.79.0-alpha.0) (2023-05-10) diff --git a/CHANGELOG.v2.md b/CHANGELOG.v2.md index 25804a11a91a1..09625d5b64b17 100644 --- a/CHANGELOG.v2.md +++ b/CHANGELOG.v2.md @@ -2,6 +2,32 @@ All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines. +## [2.80.0](https://github.com/aws/aws-cdk/compare/v2.79.1...v2.80.0) (2023-05-19) + + +### ⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES + +* **eks:** A masters role is no longer provisioned by default. Use the `mastersRole` property to explicitly pass a role that needs cluster access. In addition, the creation role no longer allows any identity (with the appropriate `sts:AssumeRole` permissions) to assume it. + +### Features + +* **apigateway:** add grantExecute to API Methods ([#25630](https://github.com/aws/aws-cdk/issues/25630)) ([ecb59fd](https://github.com/aws/aws-cdk/commit/ecb59fda50078e29d579b7b0ee82600f553aec75)) +* **appmesh:** access log format support for app mesh ([#25229](https://github.com/aws/aws-cdk/issues/25229)) ([c4b00be](https://github.com/aws/aws-cdk/commit/c4b00bee9a2ada024c8d838ba083549bc69889f8)) +* **appsync:** Add Private API support when creating a GraphqlApi ([#25569](https://github.com/aws/aws-cdk/issues/25569)) ([d7e263d](https://github.com/aws/aws-cdk/commit/d7e263d5d175f5f189f3ea3d1a5501b975a26281)) +* **cfnspec:** cloudformation spec v122.0.0 ([#25555](https://github.com/aws/aws-cdk/issues/25555)) ([5ccc569](https://github.com/aws/aws-cdk/commit/5ccc56975c323ea19fd0917def51184e13f440d9)) +* **cli:** assets can now depend on stacks ([#25536](https://github.com/aws/aws-cdk/issues/25536)) ([25d5d60](https://github.com/aws/aws-cdk/commit/25d5d60fd0ed852b1817d749b65c68d5279b38a3)) +* **cli:** logging can be corked ([#25644](https://github.com/aws/aws-cdk/issues/25644)) ([0643020](https://github.com/aws/aws-cdk/commit/064302007e902a1521ccc6948a5691cd777afc15)), closes [#25536](https://github.com/aws/aws-cdk/issues/25536) +* **codepipeline-actions:** add KMSEncryptionKeyARN for S3DeployAction ([#24536](https://github.com/aws/aws-cdk/issues/24536)) ([b60876f](https://github.com/aws/aws-cdk/commit/b60876f7bd973f88e965c7e6204ced11c55c55a3)), closes [#24535](https://github.com/aws/aws-cdk/issues/24535) +* **eks:** alb controller include versions 2.4.2 - 2.5.1 ([#25330](https://github.com/aws/aws-cdk/issues/25330)) ([83c4c36](https://github.com/aws/aws-cdk/commit/83c4c36e56917be248bdee1bc11516982d50b17a)), closes [#25307](https://github.com/aws/aws-cdk/issues/25307) +* **msk:** Kafka version 3.4.0 ([#25557](https://github.com/aws/aws-cdk/issues/25557)) ([6317518](https://github.com/aws/aws-cdk/commit/6317518e5d68e5659237b676668fd69bfbd2f42f)), closes [#25522](https://github.com/aws/aws-cdk/issues/25522) +* **scheduler:** schedule expression construct ([#25422](https://github.com/aws/aws-cdk/issues/25422)) ([97a698e](https://github.com/aws/aws-cdk/commit/97a698ee9e1e47ffb4af5d7d06cd309ddd3a2732)) + + +### Bug Fixes + +* **bootstrap:** bootstrap doesn't work in non-aws partitions anymore (revert security hub finding fix) ([#25540](https://github.com/aws/aws-cdk/issues/25540)) ([8854739](https://github.com/aws/aws-cdk/commit/8854739a6b4cdd33dc0da3b76b634b5ab151437b)), closes [/github.com/aws/aws-cdk/issues/19380#issuecomment-1512009270](https://github.com/aws//github.com/aws/aws-cdk/issues/19380/issues/issuecomment-1512009270) [#25272](https://github.com/aws/aws-cdk/issues/25272) [#25273](https://github.com/aws/aws-cdk/issues/25273) [#25507](https://github.com/aws/aws-cdk/issues/25507) +* **eks:** overly permissive trust policies ([#25473](https://github.com/aws/aws-cdk/issues/25473)) ([51f0193](https://github.com/aws/aws-cdk/commit/51f0193bf34cca8254743561a1176e3ca5d83a74)) + ## [2.79.1](https://github.com/aws/aws-cdk/compare/v2.79.0...v2.79.1) (2023-05-11) diff --git a/version.v2.json b/version.v2.json index 5bfe47ffc5615..123906fe7ce30 100644 --- a/version.v2.json +++ b/version.v2.json @@ -1,4 +1,4 @@ { - "version": "2.79.1", - "alphaVersion": "2.79.1-alpha.0" + "version": "2.80.0", + "alphaVersion": "2.80.0-alpha.0" } \ No newline at end of file From ae21ecc2a72be14ececdf0c5b8649e49dc456b0c Mon Sep 17 00:00:00 2001 From: Kaizen Conroy <36202692+kaizencc@users.noreply.github.com> Date: Fri, 19 May 2023 17:20:48 -0400 Subject: [PATCH 05/33] feat: new synthesizer separates assets out per CDK application (#24430) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This PR introduces a new synthesizer inside the module `app-staging-synthesizer-alpha`. This new synthesizer produces staging resources alongside the CDK application and assets will be stored there. It removes the need for running `cdk bootstrap` before deploying a CDK app in a new account/region. Under the new synthesizer, assets between different CDK applications will be separated which means they can be cleaned up and lifecycle controlled independently. To get started, add the following to your CDK application: ```ts const app = new App({ defaultStackSynthesizer: AppStagingSynthesizer.defaultResources({ appId: 'my-app-id', // put a unique id here }), }); ``` The new format of staging resources will look something like this: ```text β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” β”‚ β”‚β”‚ β”‚β”‚ β”‚ β”‚ β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” β”‚β”‚ β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” β”‚β”‚ β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” β”‚ β”‚ β”‚Bootstrap Stackβ”‚ β”‚β”‚ β”‚ CDK App 1 β”‚ β”‚β”‚ β”‚ CDK App 2 β”‚ β”‚ β”‚ β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ β”‚β”‚ β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ β”‚β”‚ β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ β”‚ β”‚ β”‚β”‚β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” β”‚β”‚β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” β”‚ β”‚ β”‚β”‚β”‚ β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” β”‚ β”‚β”‚β”‚ β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” β”‚ β”‚ β”‚ β”‚β”‚β”‚ β”‚Staging Stack β”‚ β”‚ β”‚β”‚β”‚ β”‚Staging Stack β”‚ β”‚ β”‚ β”‚ β”‚β”‚β”‚ β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ β”‚ β”‚β”‚β”‚ β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ β”‚ β”‚ β”‚ β”‚β”‚β”‚ β”‚ β”‚β”‚β”‚ β”‚ β”‚ β”‚ β”‚β”‚β”‚ β”‚ β”‚β”‚β”‚ β”‚ β”‚ β”‚ β”‚β”‚β”‚β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”β”‚ β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”β”‚β”‚β”‚β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”β”‚ β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”β”‚ β”‚ β”‚β”‚β”‚β”‚ IAM Role for β”‚β”‚ β”Œβ”€β”€β”€β”‚ S3 Asset β”‚β”‚β”‚β”‚β”‚ IAM Role for β”‚β”‚ β”Œβ”€β”€β”€β”‚ S3 Asset β”‚β”‚ β”‚ β”‚β”‚β”‚β”‚File Publishing β”‚β”‚ β”‚ β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜β”‚β”‚β”‚β”‚File Publishing β”‚β”‚ β”‚ β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜β”‚ β”‚ β”‚β”‚β”‚β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜β”‚ β”‚ β”‚β”‚β”‚β”‚ IAM Role for β”‚β”‚ β”‚ β”‚ β”‚ β”‚β”‚β”‚ β”‚ β”‚ β”‚β”‚β”‚β”‚Image Publishingβ”‚β”‚ β”‚ β”‚ β”‚β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”β”‚β”‚β”‚ β”‚ β”‚ β”‚β”‚β”‚β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜β”‚ β”‚ β”‚ β”‚β”‚IAM Role for CFN execution β”‚β”‚β”‚β”‚ β”‚ β”‚ β”‚β”‚β”‚ β”‚ β”‚ β”‚ β”‚β”‚ IAM Role for lookup β”‚β”‚β”‚β”‚ β”‚ β”‚ β”‚β”‚β”‚ β”‚ β”‚ β”‚ β”‚β”‚ IAM Role for deployment β”‚β”‚β”‚β”‚β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”β”‚ β”‚ β”‚β”‚β”‚β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”β”‚ β”‚ β”‚ β”‚β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜β”‚β”‚β”‚β”‚ S3 Bucket for β”‚β”‚ β”‚ β”‚β”‚β”‚β”‚ S3 Bucket for β”‚β”‚ β”‚ β”‚ β”‚ β”‚β”‚β”‚β”‚ Staging Assets β”‚β—€β”€β”˜ β”‚β”‚β”‚β”‚ Staging Assets β”‚β—€β”€β”˜ β”‚ β”‚ β”‚β”‚β”‚β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜β”‚ β”‚β”‚β”‚β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜β”‚ β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”β”‚ β”‚ β”‚β”‚β”‚ β”‚ β”‚β”‚β”‚ β”‚ β”Œβ”€β”€β”€β”‚ ECR Asset β”‚β”‚ β”‚ β”‚β”‚β”‚ β”‚ β”‚β”‚β”‚β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”β”‚ β”‚ β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜β”‚ β”‚ β”‚β”‚β”‚ β”‚ β”‚β”‚β”‚β”‚ ECR Repository β”‚β”‚ β”‚ β”‚ β”‚ β”‚β”‚β”‚ β”‚ β”‚β”‚β”‚β”‚ for Staging β”‚β—€β”€β”€β”˜ β”‚ β”‚ β”‚β”‚β”‚ β”‚ β”‚β”‚β”‚β”‚ Assets β”‚β”‚ β”‚ β”‚ β”‚β”‚β”‚ β”‚ β”‚β”‚β”‚β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜β”‚ β”‚ β”‚ β”‚β”‚β”‚ β”‚ β”‚β”‚β”‚ β”‚ β”‚ β”‚ β”‚β”‚β”‚ β”‚ β”‚β”‚β”‚ β”‚ β”‚ β”‚ β”‚β”‚β”‚ β”‚ β”‚β”‚β”‚ β”‚ β”‚ β”‚ β”‚β”‚β”‚ β”‚ β”‚β”‚β”‚ β”‚ β”‚ β”‚ β”‚β”‚β”‚ β”‚ β”‚β”‚β”‚ β”‚ β”‚ β”‚ β”‚β”‚β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ β”‚β”‚β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ β”‚ β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ ``` This feature is heavily experimental and the API may break in the future. It does not work with CDK Pipelines yet. Depended on #25536. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- .../.eslintrc.js | 4 + .../app-staging-synthesizer-alpha/.gitignore | 22 + .../app-staging-synthesizer-alpha/.npmignore | 14 + .../app-staging-synthesizer-alpha/LICENSE | 201 +++ .../app-staging-synthesizer-alpha/NOTICE | 2 + .../app-staging-synthesizer-alpha/README.md | 389 ++++++ .../adr/resource-names.md | 30 + .../jest.config.js | 4 + .../lib/app-staging-synthesizer.ts | 372 +++++ .../lib/bootstrap-roles.ts | 130 ++ .../lib/default-staging-stack.ts | 425 ++++++ .../lib/index.ts | 4 + .../lib/per-env-staging-factory.ts | 32 + .../lib/private/app-global.ts | 33 + .../lib/private/no-tokens.ts | 9 + .../lib/staging-stack.ts | 120 ++ .../package.json | 101 ++ .../rosetta/default.ts-fixture | 22 + .../rosetta/with-custom-staging.ts-fixture | 44 + .../test/app-staging-synthesizer.test.ts | 493 +++++++ .../test/assets/Dockerfile | 2 + .../test/assets/index.py | 1 + .../test/bootstrap-roles.test.ts | 189 +++ .../test/default-staging-stack.test.ts | 44 + .../test/evaluate-cfn.ts | 114 ++ ...ult-resources-ACCOUNT-REGION.template.json | 472 +++++++ .../Dockerfile | 2 + .../index.py | 1 + .../Dockerfile | 2 + .../index.py | 1 + .../cdk.out | 1 + .../integ.json | 12 + ...efaultTestDeployAssert44C8D370.assets.json | 19 + ...aultTestDeployAssert44C8D370.template.json | 36 + .../manifest.json | 213 +++ .../synthesize-default-resources.assets.json | 57 + ...synthesize-default-resources.template.json | 210 +++ .../tree.json | 1225 +++++++++++++++++ .../test/integ.synth-default-resources.ts | 51 + .../test/per-env-staging-factory.test.ts | 79 ++ .../test/util.ts | 16 + .../aws-ecr-assets/lib/image-asset.ts | 20 +- .../aws-cdk-lib/aws-s3-assets/lib/asset.ts | 16 + packages/aws-cdk-lib/core/lib/assets.ts | 26 +- .../core/lib/helpers-internal/index.ts | 1 + .../helpers-internal/string-specializer.ts | 93 ++ .../core/lib/stack-synthesizers/_shared.ts | 45 - .../asset-manifest-builder.ts | 7 +- .../bootstrapless-synthesizer.ts | 2 +- .../cli-credentials-synthesizer.ts | 3 +- .../stack-synthesizers/default-synthesizer.ts | 3 +- .../stack-synthesizers/stack-synthesizer.ts | 4 +- packages/aws-cdk-lib/core/lib/stack.ts | 2 +- .../string-specializer.test.ts | 15 + .../aws-cdk/lib/api/aws-auth/sdk-provider.ts | 4 +- packages/aws-cdk/lib/util/asset-publishing.ts | 3 +- packages/cdk-assets/lib/aws.ts | 1 + .../lib/private/handlers/container-images.ts | 16 +- .../cdk-assets/lib/private/handlers/files.ts | 5 +- 59 files changed, 5403 insertions(+), 61 deletions(-) create mode 100644 packages/@aws-cdk/app-staging-synthesizer-alpha/.eslintrc.js create mode 100644 packages/@aws-cdk/app-staging-synthesizer-alpha/.gitignore create mode 100644 packages/@aws-cdk/app-staging-synthesizer-alpha/.npmignore create mode 100644 packages/@aws-cdk/app-staging-synthesizer-alpha/LICENSE create mode 100644 packages/@aws-cdk/app-staging-synthesizer-alpha/NOTICE create mode 100644 packages/@aws-cdk/app-staging-synthesizer-alpha/README.md create mode 100644 packages/@aws-cdk/app-staging-synthesizer-alpha/adr/resource-names.md create mode 100644 packages/@aws-cdk/app-staging-synthesizer-alpha/jest.config.js create mode 100644 packages/@aws-cdk/app-staging-synthesizer-alpha/lib/app-staging-synthesizer.ts create mode 100644 packages/@aws-cdk/app-staging-synthesizer-alpha/lib/bootstrap-roles.ts create mode 100644 packages/@aws-cdk/app-staging-synthesizer-alpha/lib/default-staging-stack.ts create mode 100644 packages/@aws-cdk/app-staging-synthesizer-alpha/lib/index.ts create mode 100644 packages/@aws-cdk/app-staging-synthesizer-alpha/lib/per-env-staging-factory.ts create mode 100644 packages/@aws-cdk/app-staging-synthesizer-alpha/lib/private/app-global.ts create mode 100644 packages/@aws-cdk/app-staging-synthesizer-alpha/lib/private/no-tokens.ts create mode 100644 packages/@aws-cdk/app-staging-synthesizer-alpha/lib/staging-stack.ts create mode 100644 packages/@aws-cdk/app-staging-synthesizer-alpha/package.json create mode 100644 packages/@aws-cdk/app-staging-synthesizer-alpha/rosetta/default.ts-fixture create mode 100644 packages/@aws-cdk/app-staging-synthesizer-alpha/rosetta/with-custom-staging.ts-fixture create mode 100644 packages/@aws-cdk/app-staging-synthesizer-alpha/test/app-staging-synthesizer.test.ts create mode 100644 packages/@aws-cdk/app-staging-synthesizer-alpha/test/assets/Dockerfile create mode 100644 packages/@aws-cdk/app-staging-synthesizer-alpha/test/assets/index.py create mode 100644 packages/@aws-cdk/app-staging-synthesizer-alpha/test/bootstrap-roles.test.ts create mode 100644 packages/@aws-cdk/app-staging-synthesizer-alpha/test/default-staging-stack.test.ts create mode 100644 packages/@aws-cdk/app-staging-synthesizer-alpha/test/evaluate-cfn.ts create mode 100644 packages/@aws-cdk/app-staging-synthesizer-alpha/test/integ.synth-default-resources.js.snapshot/StagingStack-default-resources-ACCOUNT-REGION.template.json create mode 100644 packages/@aws-cdk/app-staging-synthesizer-alpha/test/integ.synth-default-resources.js.snapshot/asset.16624c2a162b07c5cc0e2c59c484f638bac238ca558ccbdc2aa0e0535df3e622/Dockerfile create mode 100644 packages/@aws-cdk/app-staging-synthesizer-alpha/test/integ.synth-default-resources.js.snapshot/asset.16624c2a162b07c5cc0e2c59c484f638bac238ca558ccbdc2aa0e0535df3e622/index.py create mode 100644 packages/@aws-cdk/app-staging-synthesizer-alpha/test/integ.synth-default-resources.js.snapshot/asset.68539effc3f7ad46fff9765606c2a01b7f7965833643ab37e62799f19a37f650/Dockerfile create mode 100644 packages/@aws-cdk/app-staging-synthesizer-alpha/test/integ.synth-default-resources.js.snapshot/asset.68539effc3f7ad46fff9765606c2a01b7f7965833643ab37e62799f19a37f650/index.py create mode 100644 packages/@aws-cdk/app-staging-synthesizer-alpha/test/integ.synth-default-resources.js.snapshot/cdk.out create mode 100644 packages/@aws-cdk/app-staging-synthesizer-alpha/test/integ.synth-default-resources.js.snapshot/integ.json create mode 100644 packages/@aws-cdk/app-staging-synthesizer-alpha/test/integ.synth-default-resources.js.snapshot/integtestsDefaultTestDeployAssert44C8D370.assets.json create mode 100644 packages/@aws-cdk/app-staging-synthesizer-alpha/test/integ.synth-default-resources.js.snapshot/integtestsDefaultTestDeployAssert44C8D370.template.json create mode 100644 packages/@aws-cdk/app-staging-synthesizer-alpha/test/integ.synth-default-resources.js.snapshot/manifest.json create mode 100644 packages/@aws-cdk/app-staging-synthesizer-alpha/test/integ.synth-default-resources.js.snapshot/synthesize-default-resources.assets.json create mode 100644 packages/@aws-cdk/app-staging-synthesizer-alpha/test/integ.synth-default-resources.js.snapshot/synthesize-default-resources.template.json create mode 100644 packages/@aws-cdk/app-staging-synthesizer-alpha/test/integ.synth-default-resources.js.snapshot/tree.json create mode 100644 packages/@aws-cdk/app-staging-synthesizer-alpha/test/integ.synth-default-resources.ts create mode 100644 packages/@aws-cdk/app-staging-synthesizer-alpha/test/per-env-staging-factory.test.ts create mode 100644 packages/@aws-cdk/app-staging-synthesizer-alpha/test/util.ts create mode 100644 packages/aws-cdk-lib/core/lib/helpers-internal/string-specializer.ts create mode 100644 packages/aws-cdk-lib/core/test/helpers-internal/string-specializer.test.ts diff --git a/packages/@aws-cdk/app-staging-synthesizer-alpha/.eslintrc.js b/packages/@aws-cdk/app-staging-synthesizer-alpha/.eslintrc.js new file mode 100644 index 0000000000000..c6b0adb2216b1 --- /dev/null +++ b/packages/@aws-cdk/app-staging-synthesizer-alpha/.eslintrc.js @@ -0,0 +1,4 @@ +const baseConfig = require('@aws-cdk/cdk-build-tools/config/eslintrc'); +baseConfig.ignorePatterns.push('resources/**/*'); +baseConfig.parserOptions.project = __dirname + '/tsconfig.json'; +module.exports = baseConfig; \ No newline at end of file diff --git a/packages/@aws-cdk/app-staging-synthesizer-alpha/.gitignore b/packages/@aws-cdk/app-staging-synthesizer-alpha/.gitignore new file mode 100644 index 0000000000000..1272e8254630e --- /dev/null +++ b/packages/@aws-cdk/app-staging-synthesizer-alpha/.gitignore @@ -0,0 +1,22 @@ +*.js +*.d.ts +tsconfig.json +*.generated.ts +*.js.map +dist +coverage +.nyc_output +.jsii + +.LAST_BUILD +nyc.config.js +.LAST_PACKAGE +*.snk +!.eslintrc.js + +junit.xml +!jest.config.js +!**/*.snapshot/**/asset.*/*.js +!**/*.snapshot/**/asset.*/*.d.ts + +!**/*.snapshot/**/asset.*/** diff --git a/packages/@aws-cdk/app-staging-synthesizer-alpha/.npmignore b/packages/@aws-cdk/app-staging-synthesizer-alpha/.npmignore new file mode 100644 index 0000000000000..773d1bc0f120e --- /dev/null +++ b/packages/@aws-cdk/app-staging-synthesizer-alpha/.npmignore @@ -0,0 +1,14 @@ + +.LAST_BUILD +*.snk +junit.xml +*.ts +!*.d.ts +!*.js +!*.lit.ts +coverage +.nyc_output +*.tgz +.eslintrc.js +# exclude cdk artifacts +**/cdk.out \ No newline at end of file diff --git a/packages/@aws-cdk/app-staging-synthesizer-alpha/LICENSE b/packages/@aws-cdk/app-staging-synthesizer-alpha/LICENSE new file mode 100644 index 0000000000000..9b722c65c5481 --- /dev/null +++ b/packages/@aws-cdk/app-staging-synthesizer-alpha/LICENSE @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright 2018-2023 Amazon.com, Inc. or its affiliates. All Rights Reserved. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/packages/@aws-cdk/app-staging-synthesizer-alpha/NOTICE b/packages/@aws-cdk/app-staging-synthesizer-alpha/NOTICE new file mode 100644 index 0000000000000..a27b7dd317649 --- /dev/null +++ b/packages/@aws-cdk/app-staging-synthesizer-alpha/NOTICE @@ -0,0 +1,2 @@ +AWS Cloud Development Kit (AWS CDK) +Copyright 2018-2023 Amazon.com, Inc. or its affiliates. All Rights Reserved. diff --git a/packages/@aws-cdk/app-staging-synthesizer-alpha/README.md b/packages/@aws-cdk/app-staging-synthesizer-alpha/README.md new file mode 100644 index 0000000000000..9d9c9e372f7a0 --- /dev/null +++ b/packages/@aws-cdk/app-staging-synthesizer-alpha/README.md @@ -0,0 +1,389 @@ +# App Staging Synthesizer + + +--- + +![cdk-constructs: Experimental](https://img.shields.io/badge/cdk--constructs-experimental-important.svg?style=for-the-badge) + +> The APIs of higher level constructs in this module are experimental and under active development. +> They are subject to non-backward compatible changes or removal in any future version. These are +> not subject to the [Semantic Versioning](https://semver.org/) model and breaking changes will be +> announced in the release notes. This means that while you may use them, you may need to update +> your source code when upgrading to a newer version of this package. + +--- + + + +This library includes constructs aimed at replacing the current model of bootstrapping and providing +greater control of the bootstrap experience to the CDK user. The important constructs in this library +are as follows: + +- the `IStagingResources` interface: a framework for an app-level bootstrap stack that handles + file assets and docker assets. +- the `DefaultStagingStack`, which is a works-out-of-the-box implementation of the `IStagingResources` + interface. +- the `AppStagingSynthesizer`, a new CDK synthesizer that will synthesize CDK applications with + the staging resources provided. + +> Currently this module does not support CDK Pipelines. You must deploy CDK Apps using this +> synthesizer via `cdk deploy`. + +To get started, update your CDK App with a new `defaultStackSynthesizer`: + +```ts +const app = new App({ + defaultStackSynthesizer: AppStagingSynthesizer.defaultResources({ + appId: 'my-app-id', // put a unique id here + }), +}); +``` + +This will introduce a `DefaultStagingStack` in your CDK App and staging assets of your App +will live in the resources from that stack rather than the CDK Bootstrap stack. + +If you are migrating from a different version of synthesis your updated CDK App will target +the resources in the `DefaultStagingStack` and no longer be tied to the bootstrapped resources +in your account. + +## Bootstrap Model + +Our current bootstrap model looks like this, when you run `cdk bootstrap aws:///` : + +```text +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ β”‚β”‚ β”‚β”‚ β”‚ +β”‚ β”‚β”‚ β”‚β”‚ β”‚ +β”‚ β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” β”‚β”‚ β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” β”‚β”‚ β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” β”‚ +β”‚ β”‚Bootstrap Stackβ”‚ β”‚β”‚ β”‚ CDK App 1 β”‚ β”‚β”‚ β”‚ CDK App 2 β”‚ β”‚ +β”‚ β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ β”‚β”‚ β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ β”‚β”‚ β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ β”‚ +β”‚ β”‚β”‚ β”‚β”‚ β”‚ +β”‚ β”‚β”‚ β”‚β”‚ β”‚ +β”‚ β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” β”‚β”‚ β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” β”‚β”‚ β”‚ +β”‚ β”‚IAM Role for CFN execution β”‚ β”‚β”‚β”Œβ”€β”€β”€β”€β”‚ S3 Asset β”‚ β”‚β”‚ β”‚ +β”‚ β”‚ IAM Role for lookup β”‚ β”‚β”‚β”‚ β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ β”‚β”‚ β”‚ +β”‚ β”‚ IAM Role for deployment β”‚ β”‚β”‚β”‚ β”‚β”‚ β”‚ +β”‚ β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ β”‚β”‚β”‚ β”‚β”‚ β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” β”‚ +β”‚ β”‚β”‚β”‚ β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”Όβ”€β”€β”€β”€β”€β”‚ S3 Asset β”‚ β”‚ +β”‚ β”‚β”‚β”‚ β”‚ β”‚β”‚ β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ β”‚ +β”‚ β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” β”‚β”‚β”‚ β”‚ β”‚β”‚ β”‚ +β”‚ β”‚ IAM Role for File Publishing β”‚ β”‚β”‚β”‚ β”‚ β”‚β”‚ β”‚ +β”‚ β”‚ IAM Role for Image Publishing β”‚ β”‚β”‚β”‚ β”‚ β”‚β”‚ β”‚ +β”‚ β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ β”‚β”‚β”‚ β”‚ β”‚β”‚ β”‚ +β”‚ β”‚β”‚β”‚ β”‚ β”‚β”‚ β”‚ +β”‚ β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” β”‚β”‚β”‚ β”‚ β”‚β”‚ β”‚ +β”‚ β”‚S3 Bucket for Staging Assets β”‚ β”‚β”‚β”‚ β”‚ β”‚β”‚ β”‚ +β”‚ β”‚ KMS Key encryption β”‚β—€β”€β”Όβ”Όβ”΄β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ β”‚β”‚ β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” β”‚ +β”‚ β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ β”‚β”‚ β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”Όβ”€β”€β”€β”€β”€ β”‚ ECR Asset β”‚ β”‚ +β”‚ β”‚β”‚ β”‚ β”‚β”‚ β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ β”‚ +β”‚ β”‚β”‚ β”‚ β”‚β”‚ β”‚ +β”‚β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”β”‚β”‚ β”‚ β”‚β”‚ β”‚ +β”‚β”‚ECR Repository for Staging Assetsβ—€β”Όβ”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ β”‚β”‚ β”‚ +β”‚β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜β”‚β”‚ β”‚β”‚ β”‚ +β”‚ β”‚β”‚ β”‚β”‚ β”‚ +β”‚ β”‚β”‚ β”‚β”‚ β”‚ +β”‚ β”‚β”‚ β”‚β”‚ β”‚ +β”‚ β”‚β”‚ β”‚β”‚ β”‚ +β”‚ β”‚β”‚ β”‚β”‚ β”‚ +β”‚ β”‚β”‚ β”‚β”‚ β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +``` + +Your CDK Application utilizes these resources when deploying. For example, if you have a file asset, +it gets uploaded to the S3 Staging Bucket using the File Publishing Role when you run `cdk deploy`. + +This library introduces an alternate model to bootstrapping, by splitting out essential CloudFormation IAM roles +and staging resources. There will still be a Bootstrap Stack, but this will only contain IAM roles necessary for +CloudFormation deployment. Each CDK App will instead be in charge of its own staging resources, including the +S3 Bucket, ECR Repositories, and associated IAM roles. It works like this: + +The Staging Stack will contain, on a per-need basis, + +- 1 S3 Bucket with KMS encryption for all file assets in the CDK App. +- An ECR Repository _per_ image (and its revisions). +- IAM roles with access to the Bucket and Repositories. + +```text +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ β”‚β”‚ β”‚β”‚ β”‚ +β”‚ β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” β”‚β”‚ β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” β”‚β”‚ β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” β”‚ +β”‚ β”‚Bootstrap Stackβ”‚ β”‚β”‚ β”‚ CDK App 1 β”‚ β”‚β”‚ β”‚ CDK App 2 β”‚ β”‚ +β”‚ β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ β”‚β”‚ β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ β”‚β”‚ β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ β”‚ +β”‚ β”‚β”‚β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” β”‚β”‚β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” β”‚ +β”‚ β”‚β”‚β”‚ β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” β”‚ β”‚β”‚β”‚ β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” β”‚ β”‚ +β”‚ β”‚β”‚β”‚ β”‚Staging Stack β”‚ β”‚ β”‚β”‚β”‚ β”‚Staging Stack β”‚ β”‚ β”‚ +β”‚ β”‚β”‚β”‚ β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ β”‚ β”‚β”‚β”‚ β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ β”‚ β”‚ +β”‚ β”‚β”‚β”‚ β”‚ β”‚β”‚β”‚ β”‚ β”‚ +β”‚ β”‚β”‚β”‚ β”‚ β”‚β”‚β”‚ β”‚ β”‚ +β”‚ β”‚β”‚β”‚β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”β”‚ β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”β”‚β”‚β”‚β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”β”‚ β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”β”‚ +β”‚ β”‚β”‚β”‚β”‚ IAM Role for β”‚β”‚ β”Œβ”€β”€β”€β”‚ S3 Asset β”‚β”‚β”‚β”‚β”‚ IAM Role for β”‚β”‚ β”Œβ”€β”€β”€β”‚ S3 Asset β”‚β”‚ +β”‚ β”‚β”‚β”‚β”‚File Publishing β”‚β”‚ β”‚ β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜β”‚β”‚β”‚β”‚File Publishing β”‚β”‚ β”‚ β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜β”‚ +β”‚ β”‚β”‚β”‚β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜β”‚ β”‚ β”‚β”‚β”‚β”‚ IAM Role for β”‚β”‚ β”‚ β”‚ +β”‚ β”‚β”‚β”‚ β”‚ β”‚ β”‚β”‚β”‚β”‚Image Publishingβ”‚β”‚ β”‚ β”‚ +β”‚β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”β”‚β”‚β”‚ β”‚ β”‚ β”‚β”‚β”‚β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜β”‚ β”‚ β”‚ +β”‚β”‚IAM Role for CFN execution β”‚β”‚β”‚β”‚ β”‚ β”‚ β”‚β”‚β”‚ β”‚ β”‚ β”‚ +β”‚β”‚ IAM Role for lookup β”‚β”‚β”‚β”‚ β”‚ β”‚ β”‚β”‚β”‚ β”‚ β”‚ β”‚ +β”‚β”‚ IAM Role for deployment β”‚β”‚β”‚β”‚β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”β”‚ β”‚ β”‚β”‚β”‚β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”β”‚ β”‚ β”‚ +β”‚β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜β”‚β”‚β”‚β”‚ S3 Bucket for β”‚β”‚ β”‚ β”‚β”‚β”‚β”‚ S3 Bucket for β”‚β”‚ β”‚ β”‚ +β”‚ β”‚β”‚β”‚β”‚ Staging Assets β”‚β—€β”€β”˜ β”‚β”‚β”‚β”‚ Staging Assets β”‚β—€β”€β”˜ β”‚ +β”‚ β”‚β”‚β”‚β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜β”‚ β”‚β”‚β”‚β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜β”‚ β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”β”‚ +β”‚ β”‚β”‚β”‚ β”‚ β”‚β”‚β”‚ β”‚ β”Œβ”€β”€β”€β”‚ ECR Asset β”‚β”‚ +β”‚ β”‚β”‚β”‚ β”‚ β”‚β”‚β”‚β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”β”‚ β”‚ β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜β”‚ +β”‚ β”‚β”‚β”‚ β”‚ β”‚β”‚β”‚β”‚ ECR Repository β”‚β”‚ β”‚ β”‚ +β”‚ β”‚β”‚β”‚ β”‚ β”‚β”‚β”‚β”‚ for Staging β”‚β—€β”€β”€β”˜ β”‚ +β”‚ β”‚β”‚β”‚ β”‚ β”‚β”‚β”‚β”‚ Assets β”‚β”‚ β”‚ +β”‚ β”‚β”‚β”‚ β”‚ β”‚β”‚β”‚β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜β”‚ β”‚ +β”‚ β”‚β”‚β”‚ β”‚ β”‚β”‚β”‚ β”‚ β”‚ +β”‚ β”‚β”‚β”‚ β”‚ β”‚β”‚β”‚ β”‚ β”‚ +β”‚ β”‚β”‚β”‚ β”‚ β”‚β”‚β”‚ β”‚ β”‚ +β”‚ β”‚β”‚β”‚ β”‚ β”‚β”‚β”‚ β”‚ β”‚ +β”‚ β”‚β”‚β”‚ β”‚ β”‚β”‚β”‚ β”‚ β”‚ +β”‚ β”‚β”‚β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ β”‚β”‚β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +``` + +This allows staging resources to be created when needed next to the CDK App. It has the following +benefits: + +- Resources between separate CDK Apps are separated so they can be cleaned up and lifecycle +controlled individually. +- Users have a familiar way to customize staging resources in the CDK Application. + +> As this library is `experimental`, the accompanying Bootstrap Stack is not yet implemented. To use this +> library right now, you must reuse roles that have been traditionally bootstrapped. + +## Using the Default Staging Stack per Environment + +The most common use case will be to use the built-in default resources. In this scenario, the +synthesizer will create a new Staging Stack in each environment the CDK App is deployed to store +its staging resources. To use this kind of synthesizer, use `AppStagingSynthesizer.defaultResources()`. + +```ts +const app = new App({ + defaultStackSynthesizer: AppStagingSynthesizer.defaultResources({ + appId: 'my-app-id', + }), +}); +``` + +Every CDK App that uses the `DefaultStagingStack` must include an `appId`. This should +be an identifier unique to the app and is used to differentiate staging resources associated +with the app. + +### Default Staging Stack + +The Default Staging Stack includes all the staging resources necessary for CDK Assets. The below example +is of a CDK App using the `AppStagingSynthesizer` and creating a file asset for the Lambda Function +source code. As part of the `DefaultStagingStack`, an S3 bucket and IAM role will be created that will be +used to upload the asset to S3. + +```ts +const app = new App({ + defaultStackSynthesizer: AppStagingSynthesizer.defaultResources({ appId: 'my-app-id' }), +}); + +const stack = new Stack(app, 'my-stack'); + +new lambda.Function(stack, 'lambda', { + code: lambda.AssetCode.fromAsset(path.join(__dirname, 'assets')), + handler: 'index.handler', + runtime: lambda.Runtime.PYTHON_3_9, +}); + +app.synth(); +``` + +### Custom Roles + +You can customize some or all of the roles you'd like to use in the synthesizer as well, +if all you need is to supply custom roles (and not change anything else in the `DefaultStagingStack`): + +```ts +const app = new App({ + defaultStackSynthesizer: AppStagingSynthesizer.defaultResources({ + appId: 'my-app-id', + deploymentIdentities: DeploymentIdentities.specifyRoles({ + cloudFormationExecutionRole: BootstrapRole.fromRoleArn('arn:aws:iam::123456789012:role/Execute'), + deploymentRole: BootstrapRole.fromRoleArn('arn:aws:iam::123456789012:role/Deploy'), + lookupRole: BootstrapRole.fromRoleArn('arn:aws:iam::123456789012:role/Lookup'), + }), + }), +}); +``` + +Or, you can ask to use the CLI credentials that exist at deploy-time. +These credentials must have the ability to perform CloudFormation calls, +lookup resources in your account, and perform CloudFormation deployment. +For a full list of what is necessary, see `LookupRole`, `DeploymentActionRole`, +and `CloudFormationExecutionRole` in the +[bootstrap template](https://github.com/aws/aws-cdk/blob/main/packages/aws-cdk/lib/api/bootstrap/bootstrap-template.yaml). + +```ts +const app = new App({ + defaultStackSynthesizer: AppStagingSynthesizer.defaultResources({ + appId: 'my-app-id', + deploymentIdentities: DeploymentIdentities.cliCredentials(), + }), +}); +``` + +The default staging stack will create roles to publish to the S3 bucket and ECR repositories, +assumable by the deployment role. You can also specify an existing IAM role for the +`fileAssetPublishingRole` or `imageAssetPublishingRole`: + +```ts +const app = new App({ + defaultStackSynthesizer: AppStagingSynthesizer.defaultResources({ + appId: 'my-app-id', + fileAssetPublishingRole: BootstrapRole.fromRoleArn('arn:aws:iam::123456789012:role/S3Access'), + imageAssetPublishingRole: BootstrapRole.fromRoleArn('arn:aws:iam::123456789012:role/ECRAccess'), + }), +}); +``` + +### Deploy Time S3 Assets + +There are two types of assets: + +- Assets used only during deployment. These are used to hand off a large piece of data to another +service, that will make a private copy of that data. After deployment, the asset is only necessary for +a potential future rollback. +- Assets accessed throughout the running life time of the application. + +Examples of assets that are only used at deploy time are CloudFormation Templates and Lambda Code +bundles. Examples of assets accessed throughout the life time of the application are script files +downloaded to run in a CodeBuild Project, or on EC2 instance startup. ECR images are always application +life-time assets. S3 deploy time assets are stored with a `deploy-time/` prefix, and a lifecycle rule will collect them after a configurable number of days. + +Lambda assets are by default marked as deploy time assets: + +```ts +declare const stack: Stack; +new lambda.Function(stack, 'lambda', { + code: lambda.AssetCode.fromAsset(path.join(__dirname, 'assets')), // lambda marks deployTime = true + handler: 'index.handler', + runtime: lambda.Runtime.PYTHON_3_9, +}); +``` + +Or, if you want to create your own deploy time asset: + +```ts +import { Asset } from 'aws-cdk-lib/aws-s3-assets'; + +declare const stack: Stack; +const asset = new Asset(stack, 'deploy-time-asset', { + deployTime: true, + path: path.join(__dirname, './deploy-time-asset'), +}); +``` + +By default, we store deploy time assets for 30 days, but you can change this number by specifying +`deployTimeFileAssetLifetime`. The number you specify here is how long you will be able to roll back +to a previous version of an application just by doing a CloudFormation deployment with the old +template, without rebuilding and republishing assets. + +```ts +const app = new App({ + defaultStackSynthesizer: AppStagingSynthesizer.defaultResources({ + appId: 'my-app-id', + deployTimeFileAssetLifetime: Duration.days(100), + }), +}); +``` + +### Lifecycle Rules on ECR Repositories + +By default, we store a maximum of 3 revisions of a particular docker image asset. This allows +for smooth faciliation of rollback scenarios where we may reference previous versions of an +image. When more than 3 revisions of an asset exist in the ECR repository, the oldest one is +purged. + +To change the number of revisions stored, use `imageAssetVersionCount`: + +```ts +const app = new App({ + defaultStackSynthesizer: AppStagingSynthesizer.defaultResources({ + appId: 'my-app-id', + imageAssetVersionCount: 10, + }), +}); +``` + +## Using a Custom Staging Stack per Environment + +If you want to customize some behavior that is not configurable via properties, +you can implement your own class that implements `IStagingResources`. To get a head start, +you can subclass `DefaultStagingStack`. + +```ts +interface CustomStagingStackOptions extends DefaultStagingStackOptions {} + +class CustomStagingStack extends DefaultStagingStack { +} +``` + +Or you can roll your own staging resources from scratch, as long as it implements `IStagingResources`. + +```ts +interface CustomStagingStackProps extends StackProps {} + +class CustomStagingStack extends Stack implements IStagingResources { + public constructor(scope: Construct, id: string, props: CustomStagingStackProps) { + super(scope, id, props); + } + + public addFile(asset: FileAssetSource): FileStagingLocation { + return { + bucketName: 'myBucket', + assumeRoleArn: 'myArn', + dependencyStack: this, + }; + } + + public addDockerImage(asset: DockerImageAssetSource): ImageStagingLocation { + return { + repoName: 'myRepo', + assumeRoleArn: 'myArn', + dependencyStack: this, + }; + } +} +``` + +Using your custom staging resources means implementing a `CustomFactory` class and calling the +`AppStagingSynthesizer.customFactory()` static method. This has the benefit of providing a +custom Staging Stack that can be created in every environment the CDK App is deployed to. + +```ts fixture=with-custom-staging +class CustomFactory implements IStagingResourcesFactory { + public obtainStagingResources(stack: Stack, context: ObtainStagingResourcesContext) { + const myApp = App.of(stack); + + return new CustomStagingStack(myApp!, `CustomStagingStack-${context.environmentString}`, {}); + } +} + +const app = new App({ + defaultStackSynthesizer: AppStagingSynthesizer.customFactory({ + factory: new CustomFactory(), + oncePerEnv: true, // by default + }), +}); +``` + +## Using an Existing Staging Stack + +Use `AppStagingSynthesizer.customResources()` to supply an existing stack as the Staging Stack. +Make sure that the custom stack you provide implements `IStagingResources`. + +```ts fixture=with-custom-staging +const resourceApp = new App(); +const resources = new CustomStagingStack(resourceApp, 'CustomStagingStack', {}); + +const app = new App({ + defaultStackSynthesizer: AppStagingSynthesizer.customResources({ + resources, + }), +}); +``` diff --git a/packages/@aws-cdk/app-staging-synthesizer-alpha/adr/resource-names.md b/packages/@aws-cdk/app-staging-synthesizer-alpha/adr/resource-names.md new file mode 100644 index 0000000000000..f718afc5ca0e6 --- /dev/null +++ b/packages/@aws-cdk/app-staging-synthesizer-alpha/adr/resource-names.md @@ -0,0 +1,30 @@ +# Staging Stack Resource Names + +The Staging Stack can produce the following types of resources, depending on what is needed for the app: + +- iam role (file publishing role and asset publishing role) +- s3 bucket (one per app) +- ecr repository (one per image asset family) + +These resources need to be named unique to their scope to avoid CloudFormation errors when trying to create +a resource with an existing name. The resource specific limitations are as follows: + +- iam role names: must be unique to their account +- s3 bucket names: must be globally unique +- ecr repository names: must be unique to their account/region + +The attributes we can use to name our resources are as follows: + +- account number (i.e. `123456789012`) +- region name (i.e. `us-east-1`) +- app id (a user-specified id that should be unique to the app) +- image id (a user-specified id added on image assets) + +This information can be distilled into the following table, which shows what identifiers are necessary to +make each resource name unique: + +| Resource | Account | Region | App Id | Image Id | +| --------- | ------- | ------ | ------ | -------- | +| iam roles | | βœ”οΈ | βœ”οΈ | | +| s3 bucket | βœ”οΈ | βœ”οΈ | βœ”οΈ ️️ | | +| ecr repos | | | βœ”οΈ | βœ”οΈ | diff --git a/packages/@aws-cdk/app-staging-synthesizer-alpha/jest.config.js b/packages/@aws-cdk/app-staging-synthesizer-alpha/jest.config.js new file mode 100644 index 0000000000000..87e3ed1d7117c --- /dev/null +++ b/packages/@aws-cdk/app-staging-synthesizer-alpha/jest.config.js @@ -0,0 +1,4 @@ +const baseConfig = require('@aws-cdk/cdk-build-tools/config/jest.config'); +module.exports = { + ...baseConfig, +}; diff --git a/packages/@aws-cdk/app-staging-synthesizer-alpha/lib/app-staging-synthesizer.ts b/packages/@aws-cdk/app-staging-synthesizer-alpha/lib/app-staging-synthesizer.ts new file mode 100644 index 0000000000000..21f7290d19f4b --- /dev/null +++ b/packages/@aws-cdk/app-staging-synthesizer-alpha/lib/app-staging-synthesizer.ts @@ -0,0 +1,372 @@ +import { + AssetManifestBuilder, + BOOTSTRAP_QUALIFIER_CONTEXT, + DockerImageAssetLocation, + DockerImageAssetSource, + FileAssetLocation, + FileAssetSource, + IBoundStackSynthesizer as IBoundAppStagingSynthesizer, + IReusableStackSynthesizer, + ISynthesisSession, + Stack, + StackSynthesizer, + Token, +} from 'aws-cdk-lib'; +import { StringSpecializer, translateCfnTokenToAssetToken } from 'aws-cdk-lib/core/lib/helpers-internal'; +import { BootstrapRole, BootstrapRoles, DeploymentIdentities } from './bootstrap-roles'; +import { DefaultStagingStack, DefaultStagingStackOptions } from './default-staging-stack'; +import { PerEnvironmentStagingFactory as PerEnvironmentStagingFactory } from './per-env-staging-factory'; +import { AppScopedGlobal } from './private/app-global'; +import { validateNoTokens } from './private/no-tokens'; +import { IStagingResources, IStagingResourcesFactory, ObtainStagingResourcesContext } from './staging-stack'; + +const AGNOSTIC_STACKS = new AppScopedGlobal(() => new Set()); +const ENV_AWARE_STACKS = new AppScopedGlobal(() => new Set()); + +/** + * Options that apply to all AppStagingSynthesizer variants + */ +export interface AppStagingSynthesizerOptions { + /** + * What roles to use to deploy applications + * + * These are the roles that have permissions to interact with CloudFormation + * on your behalf. By default these are the standard bootstrapped CDK roles, + * but you can customize them or turn them off and use the CLI credentials + * to deploy. + * + * @default - The standard bootstrapped CDK roles + */ + readonly deploymentIdentities?: DeploymentIdentities; + + /** + * Qualifier to disambiguate multiple bootstrapped environments in the same account + * + * This qualifier is only used to reference bootstrapped resources. It will not + * be used in the creation of app-specific staging resources: `appId` is used for that + * instead. + * + * @default - Value of context key '@aws-cdk/core:bootstrapQualifier' if set, otherwise `DEFAULT_QUALIFIER` + */ + readonly bootstrapQualifier?: string; +} + +/** + * Properties for stackPerEnv static method + */ +export interface DefaultResourcesOptions extends AppStagingSynthesizerOptions, DefaultStagingStackOptions {} + +/** + * Properties for customFactory static method + */ +export interface CustomFactoryOptions extends AppStagingSynthesizerOptions { + /** + * The factory that will be used to return staging resources for each stack + */ + readonly factory: IStagingResourcesFactory; + + /** + * Reuse the answer from the factory for stacks in the same environment + * + * @default true + */ + readonly oncePerEnv?: boolean; +} + +/** + * Properties for customResources static method + */ +export interface CustomResourcesOptions extends AppStagingSynthesizerOptions { + /** + * Use these exact staging resources for every stack that this synthesizer is used for + */ + readonly resources: IStagingResources; +} + +/** + * Internal properties for AppStagingSynthesizer + */ +interface AppStagingSynthesizerProps extends AppStagingSynthesizerOptions { + /** + * A factory method that creates an IStagingStack when given the stack the + * synthesizer is binding. + */ + readonly factory: IStagingResourcesFactory; +} + +/** + * App Staging Synthesizer + */ +export class AppStagingSynthesizer extends StackSynthesizer implements IReusableStackSynthesizer { + /** + * Default ARN qualifier + */ + public static readonly DEFAULT_QUALIFIER = 'hnb659fds'; + + /** + * Default CloudFormation role ARN. + */ + public static readonly DEFAULT_CLOUDFORMATION_ROLE_ARN = 'arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-${Qualifier}-cfn-exec-role-${AWS::AccountId}-${AWS::Region}'; + + /** + * Default deploy role ARN. + */ + public static readonly DEFAULT_DEPLOY_ROLE_ARN = 'arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-${Qualifier}-deploy-role-${AWS::AccountId}-${AWS::Region}'; + + /** + * Default lookup role ARN for missing values. + */ + public static readonly DEFAULT_LOOKUP_ROLE_ARN = 'arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-${Qualifier}-lookup-role-${AWS::AccountId}-${AWS::Region}'; + + /** + * Use the Default Staging Resources, creating a single stack per environment this app is deployed in + */ + public static defaultResources(options: DefaultResourcesOptions) { + validateNoTokens(options, 'AppStagingSynthesizer'); + + return AppStagingSynthesizer.customFactory({ + factory: DefaultStagingStack.factory(options), + deploymentIdentities: options.deploymentIdentities, + bootstrapQualifier: options.bootstrapQualifier, + oncePerEnv: true, + }); + } + + /** + * Use these exact staging resources for every stack that this synthesizer is used for + */ + public static customResources(options: CustomResourcesOptions) { + return AppStagingSynthesizer.customFactory({ + deploymentIdentities: options.deploymentIdentities, + bootstrapQualifier: options.bootstrapQualifier, + oncePerEnv: false, + factory: { + obtainStagingResources() { + return options.resources; + }, + }, + }); + } + + /** + * Supply your own stagingStackFactory method for creating an IStagingStack when + * a stack is bound to the synthesizer. + * + * By default, `oncePerEnv = true`, which means that a new instance of the IStagingStack + * will be created in new environments. Set `oncePerEnv = false` to turn off that behavior. + */ + public static customFactory(options: CustomFactoryOptions) { + const oncePerEnv = options.oncePerEnv ?? true; + const factory = oncePerEnv ? new PerEnvironmentStagingFactory(options.factory) : options.factory; + + return new AppStagingSynthesizer({ + factory, + bootstrapQualifier: options.bootstrapQualifier, + deploymentIdentities: options.deploymentIdentities, + }); + } + + private readonly roles: Required; + + private constructor(private readonly props: AppStagingSynthesizerProps) { + super(); + + this.roles = { + deploymentRole: props.deploymentIdentities?.roles.deploymentRole ?? + BootstrapRole.fromRoleArn(AppStagingSynthesizer.DEFAULT_DEPLOY_ROLE_ARN), + cloudFormationExecutionRole: props.deploymentIdentities?.roles.cloudFormationExecutionRole ?? + BootstrapRole.fromRoleArn(AppStagingSynthesizer.DEFAULT_CLOUDFORMATION_ROLE_ARN), + lookupRole: this.props.deploymentIdentities?.roles.lookupRole ?? + BootstrapRole.fromRoleArn(AppStagingSynthesizer.DEFAULT_LOOKUP_ROLE_ARN), + }; + } + + /** + * Returns a version of the synthesizer bound to a stack. + */ + public reusableBind(stack: Stack): IBoundAppStagingSynthesizer { + this.checkEnvironmentGnosticism(stack); + const qualifier = this.props.bootstrapQualifier ?? + stack.node.tryGetContext(BOOTSTRAP_QUALIFIER_CONTEXT) ?? + AppStagingSynthesizer.DEFAULT_QUALIFIER; + const spec = new StringSpecializer(stack, qualifier); + + const deployRole = this.roles.deploymentRole._specialize(spec); + + const context: ObtainStagingResourcesContext = { + environmentString: [ + Token.isUnresolved(stack.account) ? 'ACCOUNT' : stack.account, + Token.isUnresolved(stack.region) ? 'REGION' : stack.region, + ].join('-'), + deployRoleArn: deployRole._arnForCloudFormation(), + qualifier, + }; + + return new BoundAppStagingSynthesizer(stack, { + stagingResources: this.props.factory.obtainStagingResources(stack, context), + deployRole, + cloudFormationExecutionRole: this.roles.cloudFormationExecutionRole._specialize(spec), + lookupRole: this.roles.lookupRole._specialize(spec), + qualifier, + }); + } + + /** + * Implemented for legacy purposes; this will never be called. + */ + public bind(_stack: Stack) { + throw new Error('This is a legacy API, call reusableBind instead'); + } + + /** + * Implemented for legacy purposes; this will never be called. + */ + public synthesize(_session: ISynthesisSession): void { + throw new Error('This is a legacy API, call reusableBind instead'); + } + + /** + * Implemented for legacy purposes; this will never be called. + */ + public addFileAsset(_asset: FileAssetSource): FileAssetLocation { + throw new Error('This is a legacy API, call reusableBind instead'); + } + + /** + * Implemented for legacy purposes; this will never be called. + */ + public addDockerImageAsset(_asset: DockerImageAssetSource): DockerImageAssetLocation { + throw new Error('This is a legacy API, call reusableBind instead'); + } + + /** + * Check that we're only being used for exclusively gnostic or agnostic stacks. + * + * We can think about whether to loosen this requirement later. + */ + private checkEnvironmentGnosticism(stack: Stack) { + const isAgnostic = Token.isUnresolved(stack.account) || Token.isUnresolved(stack.region); + const agnosticStacks = AGNOSTIC_STACKS.for(stack); + const envAwareStacks = ENV_AWARE_STACKS.for(stack); + + (isAgnostic ? agnosticStacks : envAwareStacks).add(stack); + if (agnosticStacks.size > 0 && envAwareStacks.size > 0) { + + const describeStacks = (xs: Set) => Array.from(xs).map(s => s.node.path).join(', '); + + throw new Error([ + 'It is not safe to use AppStagingSynthesizer for both environment-agnostic and environment-aware stacks at the same time.', + 'Please either specify environments for all stacks or no stacks in the CDK App.', + `Stacks with environment: ${describeStacks(agnosticStacks)}.`, + `Stacks without environment: ${describeStacks(envAwareStacks)}.`, + ].join(' ')); + } + } +} + +/** + * Internal properties for BoundAppStagingSynthesizer + */ +interface BoundAppStagingSynthesizerProps { + /** + * The bootstrap qualifier + */ + readonly qualifier: string; + + /** + * The resources we end up using for this synthesizer + */ + readonly stagingResources: IStagingResources; + + /** + * The deploy role + */ + readonly deployRole: BootstrapRole; + + /** + * CloudFormation Execution Role + */ + readonly cloudFormationExecutionRole: BootstrapRole; + + /** + * Lookup Role + */ + readonly lookupRole: BootstrapRole; +} + +class BoundAppStagingSynthesizer extends StackSynthesizer implements IBoundAppStagingSynthesizer { + private readonly stagingStack: IStagingResources; + private readonly assetManifest = new AssetManifestBuilder(); + private readonly qualifier: string; + private readonly dependencyStacks: Set = new Set(); + + constructor(stack: Stack, private readonly props: BoundAppStagingSynthesizerProps) { + super(); + super.bind(stack); + + this.qualifier = props.qualifier; + this.stagingStack = props.stagingResources; + } + /** + * The qualifier used to bootstrap this stack + */ + public get bootstrapQualifier(): string | undefined { + // Not sure why we need this. + return this.qualifier; + } + + public synthesize(session: ISynthesisSession): void { + const templateAssetSource = this.synthesizeTemplate(session, this.props.lookupRole?._arnForCloudAssembly()); + const templateAsset = this.addFileAsset(templateAssetSource); + + const dependencies = Array.from(this.dependencyStacks).flatMap((d) => d.artifactId); + const assetManifestId = this.assetManifest.emitManifest(this.boundStack, session, {}, dependencies); + + const lookupRoleArn = this.props.lookupRole?._arnForCloudAssembly(); + + this.emitArtifact(session, { + assumeRoleArn: this.props.deployRole?._arnForCloudAssembly(), + additionalDependencies: [assetManifestId], + stackTemplateAssetObjectUrl: templateAsset.s3ObjectUrlWithPlaceholders, + cloudFormationExecutionRoleArn: this.props.cloudFormationExecutionRole?._arnForCloudAssembly(), + lookupRole: lookupRoleArn ? { arn: lookupRoleArn } : undefined, + }); + } + + /** + * Add a file asset to the manifest. + */ + public addFileAsset(asset: FileAssetSource): FileAssetLocation { + const { bucketName, assumeRoleArn, prefix, dependencyStack } = this.stagingStack.addFile(asset); + const location = this.assetManifest.defaultAddFileAsset(this.boundStack, asset, { + bucketName: translateCfnTokenToAssetToken(bucketName), + bucketPrefix: prefix, + role: assumeRoleArn ? { assumeRoleArn: translateCfnTokenToAssetToken(assumeRoleArn) } : undefined, + }); + + if (dependencyStack) { + this.boundStack.addDependency(dependencyStack, 'stack depends on the staging stack for staging resources'); + this.dependencyStacks.add(dependencyStack); + } + + return this.cloudFormationLocationFromFileAsset(location); + } + + /** + * Add a docker image asset to the manifest. + */ + public addDockerImageAsset(asset: DockerImageAssetSource): DockerImageAssetLocation { + const { repoName, assumeRoleArn, dependencyStack } = this.stagingStack.addDockerImage(asset); + const location = this.assetManifest.defaultAddDockerImageAsset(this.boundStack, asset, { + repositoryName: translateCfnTokenToAssetToken(repoName), + role: assumeRoleArn ? { assumeRoleArn: translateCfnTokenToAssetToken(assumeRoleArn) } : undefined, + }); + + if (dependencyStack) { + this.boundStack.addDependency(dependencyStack, 'stack depends on the staging stack for staging resources'); + this.dependencyStacks.add(dependencyStack); + } + + return this.cloudFormationLocationFromDockerImageAsset(location); + } +} diff --git a/packages/@aws-cdk/app-staging-synthesizer-alpha/lib/bootstrap-roles.ts b/packages/@aws-cdk/app-staging-synthesizer-alpha/lib/bootstrap-roles.ts new file mode 100644 index 0000000000000..a5454ca51d021 --- /dev/null +++ b/packages/@aws-cdk/app-staging-synthesizer-alpha/lib/bootstrap-roles.ts @@ -0,0 +1,130 @@ +import { StringSpecializer, translateAssetTokenToCfnToken, translateCfnTokenToAssetToken } from 'aws-cdk-lib/core/lib/helpers-internal'; + +/** + * Bootstrapped role specifier. These roles must exist already. + * This class does not create new IAM Roles. + */ +export class BootstrapRole { + /** + * Use the currently assumed role/credentials + */ + public static cliCredentials() { + return new BootstrapRole(BootstrapRole.CLI_CREDS); + } + + /** + * Specify an existing IAM Role to assume + */ + public static fromRoleArn(arn: string) { + StringSpecializer.validateNoTokens(arn, 'BootstrapRole ARN'); + return new BootstrapRole(arn); + } + + private static CLI_CREDS = 'cli-credentials'; + + private constructor(private readonly roleArn: string) {} + + /** + * Whether or not this is object was created using BootstrapRole.cliCredentials() + */ + public isCliCredentials() { + return this.roleArn === BootstrapRole.CLI_CREDS; + } + + /** + * @internal + */ + public _arnForCloudFormation() { + return this.isCliCredentials() ? undefined : translateAssetTokenToCfnToken(this.roleArn); + } + + /** + * @internal + */ + public _arnForCloudAssembly() { + return this.isCliCredentials() ? undefined : translateCfnTokenToAssetToken(this.roleArn); + } + + /** + * @internal + */ + public _specialize(spec: StringSpecializer) { + return new BootstrapRole(spec.specialize(this.roleArn)); + } +} + +/** + * Deployment identities are the class of roles to be assumed by the CDK + * when deploying the App. + */ +export class DeploymentIdentities { + /** + * Use CLI credentials for all deployment identities. + */ + public static cliCredentials(): DeploymentIdentities { + return new DeploymentIdentities({ + cloudFormationExecutionRole: BootstrapRole.cliCredentials(), + deploymentRole: BootstrapRole.cliCredentials(), + lookupRole: BootstrapRole.cliCredentials(), + }); + } + + /** + * Specify your own roles for all deployment identities. These roles + * must already exist. + */ + public static specifyRoles(roles: BootstrapRoles): DeploymentIdentities { + return new DeploymentIdentities(roles); + } + + private constructor( + /** roles that are bootstrapped to your account. */ + public readonly roles: BootstrapRoles, + ) {} +} + +/** + * Roles that are bootstrapped to your account. + */ +export interface BootstrapRoles { + /** + * CloudFormation Execution Role + * + * @default - use bootstrapped role + */ + readonly cloudFormationExecutionRole?: BootstrapRole; + + /** + * Deployment Action Role + * + * @default - use boostrapped role + */ + readonly deploymentRole?: BootstrapRole; + + /** + * Lookup Role + * + * @default - use bootstrapped role + */ + readonly lookupRole?: BootstrapRole; +} + +/** + * Roles that are included in the Staging Stack + * (for access to Staging Resources) + */ +export interface StagingRoles { + /** + * File Asset Publishing Role + * + * @default - staging stack creates a file asset publishing role + */ + readonly fileAssetPublishingRole?: BootstrapRole; + + /** + * Docker Asset Publishing Role + * + * @default - staging stack creates a docker asset publishing role + */ + readonly dockerAssetPublishingRole?: BootstrapRole; +} diff --git a/packages/@aws-cdk/app-staging-synthesizer-alpha/lib/default-staging-stack.ts b/packages/@aws-cdk/app-staging-synthesizer-alpha/lib/default-staging-stack.ts new file mode 100644 index 0000000000000..468323e0ec2c4 --- /dev/null +++ b/packages/@aws-cdk/app-staging-synthesizer-alpha/lib/default-staging-stack.ts @@ -0,0 +1,425 @@ +import * as fs from 'fs'; +import * as path from 'path'; +import { + App, + ArnFormat, + BootstraplessSynthesizer, + DockerImageAssetSource, + Duration, + FileAssetSource, + ISynthesisSession, + RemovalPolicy, + Stack, + StackProps, +} from 'aws-cdk-lib'; +import * as ecr from 'aws-cdk-lib/aws-ecr'; +import * as iam from 'aws-cdk-lib/aws-iam'; +import * as kms from 'aws-cdk-lib/aws-kms'; +import * as s3 from 'aws-cdk-lib/aws-s3'; +import { StringSpecializer } from 'aws-cdk-lib/core/lib/helpers-internal'; +import { BootstrapRole } from './bootstrap-roles'; +import { FileStagingLocation, IStagingResources, IStagingResourcesFactory, ImageStagingLocation } from './staging-stack'; + +export const DEPLOY_TIME_PREFIX = 'deploy-time/'; + +/** + * User configurable options to the DefaultStagingStack. + */ +export interface DefaultStagingStackOptions { + /** + * A unique identifier for the application that the staging stack belongs to. + * + * This identifier will be used in the name of staging resources + * created for this application, and should be unique across CDK apps. + * + * The identifier should include lowercase characters and dashes ('-') only + * and have a maximum of 20 characters. + */ + readonly appId: string; + + /** + * Explicit name for the staging bucket + * + * @default - a well-known name unique to this app/env. + */ + readonly stagingBucketName?: string; + + /** + * Pass in an existing role to be used as the file publishing role. + * + * @default - a new role will be created + */ + readonly fileAssetPublishingRole?: BootstrapRole; + + /** + * Pass in an existing role to be used as the image publishing role. + * + * @default - a new role will be created + */ + readonly imageAssetPublishingRole?: BootstrapRole; + + /** + * The lifetime for deploy time file assets. + * + * Assets that are only necessary at deployment time (for instance, + * CloudFormation templates and Lambda source code bundles) will be + * automatically deleted after this many days. Assets that may be + * read from the staging bucket during your application's run time + * will not be deleted. + * + * Set this to the length of time you wish to be able to roll back to + * previous versions of your application without having to do a new + * `cdk synth` and re-upload of assets. + * + * @default - Duration.days(30) + */ + readonly deployTimeFileAssetLifetime?: Duration; + + /** + * The maximum number of image versions to store in a repository. + * + * Previous versions of an image can be stored for rollback purposes. + * Once a repository has more than 3 image versions stored, the oldest + * version will be discarded. This allows for sensible garbage collection + * while maintaining a few previous versions for rollback scenarios. + * + * @default - up to 3 versions stored + */ + readonly imageAssetVersionCount?: number; +} + +/** + * Default Staging Stack Properties + */ +export interface DefaultStagingStackProps extends DefaultStagingStackOptions, StackProps { + /** + * The ARN of the deploy action role, if given + * + * This role will need permissions to read from to the staging resources. + * + * @default - The CLI credentials are assumed, no additional permissions are granted. + */ + readonly deployRoleArn?: string; + + /** + * The qualifier used to specialize strings + * + * Shouldn't be necessary but who knows what people might do. + */ + readonly qualifier: string; +} + +/** + * A default Staging Stack that implements IStagingResources. + */ +export class DefaultStagingStack extends Stack implements IStagingResources { + /** + * Return a factory that will create DefaultStagingStacks + */ + public static factory(options: DefaultStagingStackOptions): IStagingResourcesFactory { + const appId = options.appId.toLocaleLowerCase().replace(/[^a-z0-9-]/g, '-').slice(0, 20); + return { + obtainStagingResources(stack, context) { + const app = App.of(stack); + if (!App.isApp(app)) { + throw new Error(`Stack ${stack.stackName} must be part of an App`); + } + + const stackId = `StagingStack-${appId}-${context.environmentString}`; + return new DefaultStagingStack(app, stackId, { + ...options, + + // Does not need to contain environment because stack names are unique inside an env anyway + stackName: `StagingStack-${appId}`, + env: { + account: stack.account, + region: stack.region, + }, + appId, + qualifier: context.qualifier, + deployRoleArn: context.deployRoleArn, + }); + }, + }; + } + + /** + * Default asset publishing role name for file (S3) assets. + */ + private get fileRoleName() { + // This role name can be a maximum of 64 letters. The reason why + // we slice the appId and not the entire name is because this.region + // can be a token and we don't want to accidentally cut it off. + return `cdk-${this.appId}-file-role-${this.region}`; + } + + /** + * Default asset publishing role name for docker (ECR) assets. + */ + private get imageRoleName() { + // This role name can be a maximum of 64 letters. The reason why + // we slice the appId and not the entire name is because this.region + // can be a token and we don't want to accidentally cut it off. + return `cdk-${this.appId}-image-role-${this.region}`; + } + + /** + * The app-scoped, evironment-keyed staging bucket. + */ + public readonly stagingBucket?: s3.Bucket; + + /** + * The app-scoped, environment-keyed ecr repositories associated with this app. + */ + public readonly stagingRepos: Record; + + /** + * The stack to add dependencies to. + */ + public readonly dependencyStack: Stack; + + private readonly appId: string; + private readonly stagingBucketName?: string; + + /** + * File publish role ARN in asset manifest format + */ + private readonly providedFileRole?: BootstrapRole; + private fileRole?: iam.IRole; + private fileRoleManifestArn?: string; + + /** + * Image publishing role ARN in asset manifest format + */ + private readonly providedImageRole?: BootstrapRole; + private imageRole?: iam.IRole; + private didImageRole = false; + private imageRoleManifestArn?: string; + + private readonly deployRoleArn?: string; + + constructor(scope: App, id: string, private readonly props: DefaultStagingStackProps) { + super(scope, id, { + ...props, + synthesizer: new BootstraplessSynthesizer(), + }); + + this.appId = this.validateAppId(props.appId); + this.dependencyStack = this; + + this.deployRoleArn = props.deployRoleArn; + this.stagingBucketName = props.stagingBucketName; + const specializer = new StringSpecializer(this, props.qualifier); + + this.providedFileRole = props.fileAssetPublishingRole?._specialize(specializer); + this.providedImageRole = props.imageAssetPublishingRole?._specialize(specializer); + this.stagingRepos = {}; + } + + private validateAppId(id: string) { + const errors = []; + if (id.length > 20) { + errors.push(`appId expected no more than 20 characters but got ${id.length} characters.`); + } + if (id !== id.toLocaleLowerCase()) { + errors.push('appId only accepts lowercase characters.'); + } + if (!/^[a-z0-9-]*$/.test(id)) { + errors.push('appId expects only letters, numbers, and dashes (\'-\')'); + } + + if (errors.length > 0) { + throw new Error([ + `appId ${id} has errors:`, + ...errors, + ].join('\n')); + } + return id; + } + + private ensureFileRole() { + if (this.providedFileRole) { + // Override + this.fileRoleManifestArn = this.providedFileRole._arnForCloudAssembly(); + const cfnArn = this.providedFileRole._arnForCloudFormation(); + this.fileRole = cfnArn ? iam.Role.fromRoleArn(this, 'CdkFileRole', cfnArn) : undefined; + return; + } + + const roleName = this.fileRoleName; + this.fileRole = new iam.Role(this, 'CdkFileRole', { + roleName, + assumedBy: new iam.AccountPrincipal(this.account), + }); + + this.fileRoleManifestArn = Stack.of(this).formatArn({ + partition: '${AWS::Partition}', + region: '', // iam is global + service: 'iam', + resource: 'role', + resourceName: roleName, + arnFormat: ArnFormat.SLASH_RESOURCE_NAME, + }); + } + + private ensureImageRole() { + // It may end up setting imageRole to undefined, but at least we tried + if (this.didImageRole) { + return; + } + this.didImageRole = true; + + if (this.providedImageRole) { + // Override + this.imageRoleManifestArn = this.providedImageRole._arnForCloudAssembly(); + const cfnArn = this.providedImageRole._arnForCloudFormation(); + this.imageRole = cfnArn ? iam.Role.fromRoleArn(this, 'CdkImageRole', cfnArn) : undefined; + return; + } + + const roleName = this.imageRoleName; + this.imageRole = new iam.Role(this, 'CdkImageRole', { + roleName, + assumedBy: new iam.AccountPrincipal(this.account), + }); + this.imageRoleManifestArn = Stack.of(this).formatArn({ + partition: '${AWS::Partition}', + region: '', // iam is global + service: 'iam', + resource: 'role', + resourceName: roleName, + arnFormat: ArnFormat.SLASH_RESOURCE_NAME, + }); + } + + private createBucketKey(): kms.IKey { + return new kms.Key(this, 'BucketKey', { + alias: `alias/cdk-${this.appId}-staging`, + admins: [new iam.AccountPrincipal(this.account)], + }); + } + + private getCreateBucket() { + const stagingBucketName = this.stagingBucketName ?? `cdk-${this.appId}-staging-${this.account}-${this.region}`; + const bucketId = 'CdkStagingBucket'; + const createdBucket = this.node.tryFindChild(bucketId) as s3.Bucket; + if (createdBucket) { + return stagingBucketName; + } + + this.ensureFileRole(); + const key = this.createBucketKey(); + + // Create the bucket once the dependencies have been created + const bucket = new s3.Bucket(this, bucketId, { + bucketName: stagingBucketName, + removalPolicy: RemovalPolicy.RETAIN, + encryption: s3.BucketEncryption.KMS, + encryptionKey: key, + + // Many AWS account safety checkers will complain when buckets aren't versioned + versioned: true, + // Many AWS account safety checkers will complain when SSL isn't enforced + enforceSSL: true, + }); + + if (this.fileRole) { + bucket.grantReadWrite(this.fileRole); + } + + if (this.deployRoleArn) { + bucket.addToResourcePolicy(new iam.PolicyStatement({ + actions: [ + 's3:GetObject*', + 's3:GetBucket*', + 's3:List*', + ], + resources: [bucket.bucketArn, bucket.arnForObjects('*')], + principals: [new iam.ArnPrincipal(this.deployRoleArn)], + })); + } + + // Objects should never be overwritten, but let's make sure we have a lifecycle policy + // for it anyway. + bucket.addLifecycleRule({ + noncurrentVersionExpiration: Duration.days(365), + }); + + bucket.addLifecycleRule({ + prefix: DEPLOY_TIME_PREFIX, + expiration: this.props.deployTimeFileAssetLifetime ?? Duration.days(30), + }); + + return stagingBucketName; + } + + /** + * Returns the well-known name of the repo + */ + private getCreateRepo(asset: DockerImageAssetSource): string { + if (!asset.assetName) { + throw new Error('Assets synthesized with AppScopedStagingSynthesizer must include an \'assetName\' in the asset source definition.'); + } + + // Create image publishing role if it doesn't exist + this.ensureImageRole(); + + const repoName = generateRepoName(`${this.appId}/${asset.assetName}`); + if (this.stagingRepos[asset.assetName] === undefined) { + this.stagingRepos[asset.assetName] = new ecr.Repository(this, repoName, { + repositoryName: repoName, + lifecycleRules: [{ + description: 'Garbage collect old image versions and keep the specified number of latest versions', + maxImageCount: this.props.imageAssetVersionCount ?? 3, + }], + }); + if (this.imageRole) { + this.stagingRepos[asset.assetName].grantPullPush(this.imageRole); + this.stagingRepos[asset.assetName].grantRead(this.imageRole); + } + } + return repoName; + + function generateRepoName(name: string): string { + return name.toLocaleLowerCase().replace('.', '-'); + } + } + + public addFile(asset: FileAssetSource): FileStagingLocation { + // Has side effects so must go first + const bucketName = this.getCreateBucket(); + + return { + bucketName, + assumeRoleArn: this.fileRoleManifestArn, + prefix: asset.deployTime ? DEPLOY_TIME_PREFIX : undefined, + dependencyStack: this, + }; + } + + public addDockerImage(asset: DockerImageAssetSource): ImageStagingLocation { + // Has side effects so must go first + const repoName = this.getCreateRepo(asset); + + return { + repoName, + assumeRoleArn: this.imageRoleManifestArn, + dependencyStack: this, + }; + } + + /** + * Synthesizes the cloudformation template into a cloud assembly. + * @internal + */ + public _synthesizeTemplate(session: ISynthesisSession, lookupRoleArn?: string | undefined): void { + super._synthesizeTemplate(session, lookupRoleArn); + + const builder = session.assembly; + const outPath = path.join(builder.outdir, this.templateFile); + const size = fs.statSync(outPath).size; + if (size > 51200) { + throw new Error(`Staging resource template cannot be greater than 51200 bytes, but got ${size} bytes`); + } + } +} diff --git a/packages/@aws-cdk/app-staging-synthesizer-alpha/lib/index.ts b/packages/@aws-cdk/app-staging-synthesizer-alpha/lib/index.ts new file mode 100644 index 0000000000000..2a5055670e09d --- /dev/null +++ b/packages/@aws-cdk/app-staging-synthesizer-alpha/lib/index.ts @@ -0,0 +1,4 @@ +export * from './default-staging-stack'; +export * from './app-staging-synthesizer'; +export * from './bootstrap-roles'; +export * from './staging-stack'; diff --git a/packages/@aws-cdk/app-staging-synthesizer-alpha/lib/per-env-staging-factory.ts b/packages/@aws-cdk/app-staging-synthesizer-alpha/lib/per-env-staging-factory.ts new file mode 100644 index 0000000000000..3d3c8fd5c50b2 --- /dev/null +++ b/packages/@aws-cdk/app-staging-synthesizer-alpha/lib/per-env-staging-factory.ts @@ -0,0 +1,32 @@ +import { Stack } from 'aws-cdk-lib'; +import { AppScopedGlobal } from './private/app-global'; +import { IStagingResources, IStagingResourcesFactory, ObtainStagingResourcesContext } from './staging-stack'; + +/** + * Per-environment cache + * + * This is a global because we might have multiple instances of this class + * in the app, but we want to cache across all of them. + */ +const ENVIRONMENT_CACHE = new AppScopedGlobal(() => new Map()); + +/** + * Wraps another IStagingResources factory, and caches the result on a per-environment basis. + */ +export class PerEnvironmentStagingFactory implements IStagingResourcesFactory { + constructor(private readonly wrapped: IStagingResourcesFactory) { } + + public obtainStagingResources(stack: Stack, context: ObtainStagingResourcesContext): IStagingResources { + const cacheKey = context.environmentString; + + const cache = ENVIRONMENT_CACHE.for(stack); + const existing = cache.get(cacheKey); + if (existing) { + return existing; + } + + const result = this.wrapped.obtainStagingResources(stack, context); + cache.set(cacheKey, result); + return result; + } +} diff --git a/packages/@aws-cdk/app-staging-synthesizer-alpha/lib/private/app-global.ts b/packages/@aws-cdk/app-staging-synthesizer-alpha/lib/private/app-global.ts new file mode 100644 index 0000000000000..2cd36d0264a5b --- /dev/null +++ b/packages/@aws-cdk/app-staging-synthesizer-alpha/lib/private/app-global.ts @@ -0,0 +1,33 @@ +import { App } from 'aws-cdk-lib'; +import { IConstruct } from 'constructs'; + +/** + * Hold an App-wide global variable + * + * This is a replacement for a `static` variable, but does the right thing in case people + * instantiate multiple Apps in the same process space (for example, in unit tests or + * people using `cli-lib` in advanced configurations). + * + * This class assumes that the global you're going to be storing is a mutable object. + */ +export class AppScopedGlobal { + private readonly map = new WeakMap(); + + constructor(private readonly factory: () => A) { + } + + public for(ctr: IConstruct): A { + const app = App.of(ctr); + if (!App.isApp(app)) { + throw new Error(`Construct ${ctr.node.path} must be part of an App`); + } + + const existing = this.map.get(app); + if (existing) { + return existing; + } + const instance = this.factory(); + this.map.set(app, instance); + return instance; + } +} diff --git a/packages/@aws-cdk/app-staging-synthesizer-alpha/lib/private/no-tokens.ts b/packages/@aws-cdk/app-staging-synthesizer-alpha/lib/private/no-tokens.ts new file mode 100644 index 0000000000000..befb88fc8f4de --- /dev/null +++ b/packages/@aws-cdk/app-staging-synthesizer-alpha/lib/private/no-tokens.ts @@ -0,0 +1,9 @@ +import { StringSpecializer } from 'aws-cdk-lib/core/lib/helpers-internal'; + +export function validateNoTokens(props: A, context: string) { + for (const [key, value] of Object.entries(props)) { + if (typeof value === 'string') { + StringSpecializer.validateNoTokens(value, `${context} property '${key}'`); + } + } +} diff --git a/packages/@aws-cdk/app-staging-synthesizer-alpha/lib/staging-stack.ts b/packages/@aws-cdk/app-staging-synthesizer-alpha/lib/staging-stack.ts new file mode 100644 index 0000000000000..9cc24dbb3bce5 --- /dev/null +++ b/packages/@aws-cdk/app-staging-synthesizer-alpha/lib/staging-stack.ts @@ -0,0 +1,120 @@ +import { DockerImageAssetSource, FileAssetSource, Stack } from 'aws-cdk-lib'; +import { IConstruct } from 'constructs'; + +/** + * Information returned by the Staging Stack for each file asset. + */ +export interface FileStagingLocation { + /** + * The name of the staging bucket + */ + readonly bucketName: string; + + /** + * A prefix to add to the keys + * + * @default '' + */ + readonly prefix?: string; + + /** + * The ARN to assume to write files to this bucket + * + * @default - Don't assume a role + */ + readonly assumeRoleArn?: string; + + /** + * The stack that creates this bucket (leads to dependencies on it) + * + * @default - Don't add dependencies + */ + readonly dependencyStack?: Stack; +} + +/** + * Information returned by the Staging Stack for each image asset + */ +export interface ImageStagingLocation { + /** + * The name of the staging repository + */ + readonly repoName: string; + + /** + * The arn to assume to write files to this repository + * + * @default - Don't assume a role + */ + readonly assumeRoleArn?: string; + + /** + * The stack that creates this repository (leads to dependencies on it) + * + * @default - Don't add dependencies + */ + readonly dependencyStack?: Stack; +} + +/** + * Staging Resource interface. + */ +export interface IStagingResources extends IConstruct { + /** + * Return staging resource information for a file asset. + */ + addFile(asset: FileAssetSource): FileStagingLocation; + + /** + * Return staging resource information for a docker asset. + */ + addDockerImage(asset: DockerImageAssetSource): ImageStagingLocation; +} + +/** + * Staging Resource Factory interface. + * + * The function included in this class will be called by the synthesizer + * to create or reference an IStagingResources construct that has the necessary + * staging resources for the stack. + */ +export interface IStagingResourcesFactory { + /** + * Return an object that will manage staging resources for the given stack + * + * This is called whenever the the `AppStagingSynthesizer` binds to a specific + * stack, and allows selecting where the staging resources go. + * + * This method can choose to either create a new construct (perhaps a stack) + * and return it, or reference an existing construct. + * + * @param stack - stack to return an appropriate IStagingStack for + */ + obtainStagingResources(stack: Stack, context: ObtainStagingResourcesContext): IStagingResources; +} + +/** + * Context parameters for the 'obtainStagingResources' function + */ +export interface ObtainStagingResourcesContext { + /** + * A unique string describing the environment that is guaranteed not to have tokens in it + */ + readonly environmentString: string; + + /** + * The ARN of the deploy action role, if given + * + * This role will need permissions to read from to the staging resources. + * + * @default - Deploy role ARN is unknown + */ + readonly deployRoleArn?: string; + + /** + * The qualifier passed to the synthesizer + * + * The staging stack shouldn't need this, but it might. + */ + readonly qualifier: string; +} diff --git a/packages/@aws-cdk/app-staging-synthesizer-alpha/package.json b/packages/@aws-cdk/app-staging-synthesizer-alpha/package.json new file mode 100644 index 0000000000000..7b5e5e9ef5dee --- /dev/null +++ b/packages/@aws-cdk/app-staging-synthesizer-alpha/package.json @@ -0,0 +1,101 @@ +{ + "name": "@aws-cdk/app-staging-synthesizer-alpha", + "private": true, + "version": "0.0.0", + "description": "Cdk synthesizer for with app-scoped staging stack", + "main": "lib/index.js", + "types": "lib/index.d.ts", + "jsii": { + "outdir": "dist", + "projectReferences": true, + "metadata": { + "jsii": { + "rosetta": { + "strict": true + } + } + }, + "targets": { + "java": { + "maven": { + "groupId": "software.amazon.awscdk", + "artifactId": "cdk-app-staging-synthesizer-alpha" + }, + "package": "software.amazon.awscdk.app.staging.synthesizer.alpha" + }, + "python": { + "distName": "aws-cdk.app-staging-synthesizer-alpha", + "module": "aws_cdk.app_staging_synthesizer_alpha", + "classifiers": [ + "Framework :: AWS CDK", + "Framework :: AWS CDK :: 2" + ] + }, + "dotnet": { + "namespace": "Amazon.CDK.App.Staging.Synthesizer.Alpha", + "iconUrl": "https://raw.githubusercontent.com/aws/aws-cdk/main/logo/default-256-dark.png" + } + } + }, + "repository": { + "type": "git", + "url": "https://github.com/aws/aws-cdk.git", + "directory": "packages/@aws-cdk/app-staging-synthesizer-alpha" + }, + "scripts": { + "build": "cdk-build", + "watch": "cdk-watch", + "lint": "cdk-lint", + "test": "cdk-test", + "integ": "integ-runner", + "pkglint": "pkglint -f", + "package": "cdk-package", + "awslint": "cdk-awslint", + "build+test": "yarn build && yarn test", + "build+test+package": "yarn build+test && yarn package", + "compat": "cdk-compat", + "rosetta:extract": "yarn --silent jsii-rosetta extract", + "build+extract": "yarn build && yarn rosetta:extract", + "build+test+extract": "yarn build+test && yarn rosetta:extract" + }, + "keywords": [ + "aws", + "cdk" + ], + "author": { + "name": "Amazon Web Services", + "url": "https://aws.amazon.com", + "organization": true + }, + "license": "Apache-2.0", + "homepage": "https://github.com/aws/aws-cdk", + "engines": { + "node": ">= 14.15.0" + }, + "stability": "experimental", + "maturity": "experimental", + "awscdkio": { + "announce": false + }, + "cdk-build": { + "env": { + "AWSLINT_BASE_CONSTRUCT": true + } + }, + "dependencies": { + "aws-cdk-lib": "0.0.0", + "constructs": "^10.0.0" + }, + "devDependencies": { + "aws-cdk-lib": "0.0.0", + "@aws-cdk/integ-runner": "0.0.0", + "@aws-cdk/integ-tests-alpha": "0.0.0", + "constructs": "^10.0.0", + "@aws-cdk/cdk-build-tools": "0.0.0", + "@aws-cdk/pkglint": "0.0.0" + }, + "peerDependencies": { + "aws-cdk-lib": "0.0.0", + "constructs": "^10.0.0" + } +} diff --git a/packages/@aws-cdk/app-staging-synthesizer-alpha/rosetta/default.ts-fixture b/packages/@aws-cdk/app-staging-synthesizer-alpha/rosetta/default.ts-fixture new file mode 100644 index 0000000000000..150cd4c706021 --- /dev/null +++ b/packages/@aws-cdk/app-staging-synthesizer-alpha/rosetta/default.ts-fixture @@ -0,0 +1,22 @@ +// Fixture with packages imported, but nothing else +import { App, Stack, StackProps, Duration, DockerImageAssetSource, FileAssetSource } from 'aws-cdk-lib'; +import { Construct } from 'constructs'; +import * as lambda from 'aws-cdk-lib/aws-lambda'; +import { + AppStagingSynthesizer, + BootstrapRole, + DefaultStagingStack, + DefaultStagingStackOptions, + IStagingResources, + FileStagingLocation, + ImageStagingLocation, + DeploymentIdentities, +} from '@aws-cdk/app-staging-synthesizer-alpha'; +import * as path from 'path'; + +class Fixture extends Stack { + constructor(scope: Construct, id: string) { + super(scope, id); + /// here + } +} diff --git a/packages/@aws-cdk/app-staging-synthesizer-alpha/rosetta/with-custom-staging.ts-fixture b/packages/@aws-cdk/app-staging-synthesizer-alpha/rosetta/with-custom-staging.ts-fixture new file mode 100644 index 0000000000000..981f76ecbbac1 --- /dev/null +++ b/packages/@aws-cdk/app-staging-synthesizer-alpha/rosetta/with-custom-staging.ts-fixture @@ -0,0 +1,44 @@ +// Fixture with packages imported, but nothing else +import { App, Stack, StackProps, DockerImageAssetSource, FileAssetSource } from 'aws-cdk-lib'; +import { Construct } from 'constructs'; +import { + AppStagingSynthesizer, + DefaultStagingStack, + BootstrapRole, + FileStagingLocation, + ImageStagingLocation, + ObtainStagingResourcesContext, + IStagingResourcesFactory, + IStagingResources, +} from '@aws-cdk/app-staging-synthesizer-alpha'; + +interface CustomStagingStackProps extends StackProps {} + +class CustomStagingStack extends Stack implements IStagingResources { + public constructor(scope: Construct, id: string, props: CustomStagingStackProps) { + super(scope, id, props); + } + + public addFile(asset: FileAssetSource): FileStagingLocation { + return { + bucketName: 'myBucket', + assumeRoleArn: 'myArn', + dependencyStack: this, + }; + } + + public addDockerImage(asset: DockerImageAssetSource): ImageStagingLocation { + return { + repoName: 'myRepo', + assumeRoleArn: 'myArn', + dependencyStack: this, + }; + } +} + +class Fixture extends Stack { + constructor(scope: Construct, id: string) { + super(scope, id); + /// here + } +} diff --git a/packages/@aws-cdk/app-staging-synthesizer-alpha/test/app-staging-synthesizer.test.ts b/packages/@aws-cdk/app-staging-synthesizer-alpha/test/app-staging-synthesizer.test.ts new file mode 100644 index 0000000000000..d6a47ba76c65e --- /dev/null +++ b/packages/@aws-cdk/app-staging-synthesizer-alpha/test/app-staging-synthesizer.test.ts @@ -0,0 +1,493 @@ +import * as fs from 'fs'; +import { App, Stack, CfnResource, FileAssetPackaging, Token, Lazy, Duration } from 'aws-cdk-lib'; +import { Match, Template } from 'aws-cdk-lib/assertions'; +import * as cxschema from 'aws-cdk-lib/cloud-assembly-schema'; +import { CloudAssembly } from 'aws-cdk-lib/cx-api'; +import { evaluateCFN } from './evaluate-cfn'; +import { APP_ID, CFN_CONTEXT, isAssetManifest, last } from './util'; +import { AppStagingSynthesizer, DEPLOY_TIME_PREFIX } from '../lib'; + +describe(AppStagingSynthesizer, () => { + let app: App; + let stack: Stack; + + beforeEach(() => { + app = new App({ + defaultStackSynthesizer: AppStagingSynthesizer.defaultResources({ appId: APP_ID }), + }); + stack = new Stack(app, 'Stack', { + env: { + account: '000000000000', + region: 'us-east-1', + }, + }); + }); + + test('stack template is in asset manifest', () => { + // GIVEN + new CfnResource(stack, 'Resource', { + type: 'Some::Resource', + }); + + // WHEN + const asm = app.synth(); + + // THEN -- the S3 url is advertised on the stack artifact + const stackArtifact = asm.getStackArtifact('Stack'); + + const templateObjectKey = `${DEPLOY_TIME_PREFIX}${last(stackArtifact.stackTemplateAssetObjectUrl?.split('/'))}`; + expect(stackArtifact.stackTemplateAssetObjectUrl).toEqual(`s3://cdk-${APP_ID}-staging-000000000000-us-east-1/${templateObjectKey}`); + + // THEN - the template is in the asset manifest + const manifestArtifact = asm.artifacts.filter(isAssetManifest)[0]; + expect(manifestArtifact).toBeDefined(); + const manifest: cxschema.AssetManifest = JSON.parse(fs.readFileSync(manifestArtifact.file, { encoding: 'utf-8' })); + + const firstFile = (manifest.files ? manifest.files[Object.keys(manifest.files)[0]] : undefined) ?? {}; + + expect(firstFile).toEqual({ + source: { path: 'Stack.template.json', packaging: 'file' }, + destinations: { + '000000000000-us-east-1': { + bucketName: `cdk-${APP_ID}-staging-000000000000-us-east-1`, + objectKey: templateObjectKey, + region: 'us-east-1', + assumeRoleArn: `arn:\${AWS::Partition}:iam::000000000000:role/cdk-${APP_ID}-file-role-us-east-1`, + }, + }, + }); + }); + + test('stack template is in the asset manifest - environment tokens', () => { + const app2 = new App({ + defaultStackSynthesizer: AppStagingSynthesizer.defaultResources({ appId: APP_ID }), + }); + const accountToken = Token.asString('111111111111'); + const regionToken = Token.asString('us-east-2'); + const stack2 = new Stack(app2, 'Stack2', { + env: { + account: accountToken, + region: regionToken, + }, + }); + + // GIVEN + new CfnResource(stack2, 'Resource', { + type: 'Some::Resource', + }); + + // WHEN + const asm = app2.synth(); + + // THEN -- the S3 url is advertised on the stack artifact + const stackArtifact = asm.getStackArtifact('Stack2'); + + const templateObjectKey = `${DEPLOY_TIME_PREFIX}${last(stackArtifact.stackTemplateAssetObjectUrl?.split('/'))}`; + expect(stackArtifact.stackTemplateAssetObjectUrl).toEqual(`s3://cdk-${APP_ID}-staging-${accountToken}-${regionToken}/${templateObjectKey}`); + + // THEN - the template is in the asset manifest + const manifestArtifact = asm.artifacts.filter(isAssetManifest)[0]; + expect(manifestArtifact).toBeDefined(); + const manifest: cxschema.AssetManifest = JSON.parse(fs.readFileSync(manifestArtifact.file, { encoding: 'utf-8' })); + + const firstFile = (manifest.files ? manifest.files[Object.keys(manifest.files)[0]] : undefined) ?? {}; + + expect(firstFile).toEqual({ + source: { path: 'Stack2.template.json', packaging: 'file' }, + destinations: { + '111111111111-us-east-2': { + bucketName: `cdk-${APP_ID}-staging-111111111111-us-east-2`, + objectKey: templateObjectKey, + region: 'us-east-2', + assumeRoleArn: `arn:\${AWS::Partition}:iam::111111111111:role/cdk-${APP_ID}-file-role-us-east-2`, + }, + }, + }); + }); + + test('stack depends on staging stack', () => { + // WHEN + stack.synthesizer.addFileAsset({ + fileName: __filename, + packaging: FileAssetPackaging.FILE, + sourceHash: 'abcdef', + }); + + // THEN - we have a stack dependency on the staging stack + expect(stack.dependencies.length).toEqual(1); + const depStack = stack.dependencies[0]; + expect(depStack.stackName).toEqual(`StagingStack-${APP_ID}`); + }); + + test('add file asset', () => { + // WHEN + const location = stack.synthesizer.addFileAsset({ + fileName: __filename, + packaging: FileAssetPackaging.FILE, + sourceHash: 'abcdef', + }); + + // THEN - we have a fixed asset location + expect(evalCFN(location.bucketName)).toEqual(`cdk-${APP_ID}-staging-000000000000-us-east-1`); + expect(evalCFN(location.httpUrl)).toEqual(`https://s3.us-east-1.domain.aws/cdk-${APP_ID}-staging-000000000000-us-east-1/abcdef.js`); + + // THEN - object key contains source hash somewhere + expect(location.objectKey.indexOf('abcdef')).toBeGreaterThan(-1); + }); + + test('file asset depends on staging stack', () => { + // WHEN + stack.synthesizer.addFileAsset({ + fileName: __filename, + packaging: FileAssetPackaging.FILE, + sourceHash: 'abcdef', + }); + + const asm = app.synth(); + + // THEN - the template is in the asset manifest + const manifestArtifact = asm.artifacts.filter(isAssetManifest)[0]; + expect(manifestArtifact).toBeDefined(); + expect(manifestArtifact.manifest.dependencies).toEqual([`StagingStack-${APP_ID}-000000000000-us-east-1`]); + }); + + test('adding multiple files only creates one bucket', () => { + // WHEN + const location1 = stack.synthesizer.addFileAsset({ + fileName: __filename, + packaging: FileAssetPackaging.FILE, + sourceHash: 'abcdef', + }); + const location2 = stack.synthesizer.addFileAsset({ + fileName: __filename, + packaging: FileAssetPackaging.FILE, + sourceHash: 'zyxwvu', + }); + + // THEN - assets have the same location + expect(evalCFN(location1.bucketName)).toEqual(evalCFN(location2.bucketName)); + }); + + describe('deploy time assets', () => { + test('have the \'deploy-time/\' prefix', () => { + // WHEN + const location = stack.synthesizer.addFileAsset({ + fileName: __filename, + packaging: FileAssetPackaging.FILE, + sourceHash: 'abcdef', + deployTime: true, + }); + + // THEN - asset has bucket prefix + expect(evalCFN(location.objectKey)).toEqual(`${DEPLOY_TIME_PREFIX}abcdef.js`); + }); + + test('do not get specified bucketPrefix', () => { + // GIVEN + app = new App({ + defaultStackSynthesizer: AppStagingSynthesizer.defaultResources({ appId: APP_ID }), + }); + stack = new Stack(app, 'Stack', { + env: { + account: '000000000000', + region: 'us-west-2', + }, + }); + + // WHEN + const location = stack.synthesizer.addFileAsset({ + fileName: __filename, + packaging: FileAssetPackaging.FILE, + sourceHash: 'abcdef', + deployTime: true, + }); + + // THEN - asset has bucket prefix + expect(evalCFN(location.objectKey)).toEqual(`${DEPLOY_TIME_PREFIX}abcdef.js`); + }); + + test('have s3 bucket has lifecycle rule by default', () => { + // GIVEN + new CfnResource(stack, 'Resource', { + type: 'Some::Resource', + }); + + // WHEN + const asm = app.synth(); + + // THEN + Template.fromJSON(getStagingResourceStack(asm).template).hasResourceProperties('AWS::S3::Bucket', { + LifecycleConfiguration: { + Rules: Match.arrayWith([{ + ExpirationInDays: 30, + Prefix: DEPLOY_TIME_PREFIX, + Status: 'Enabled', + }]), + }, + }); + }); + + test('can have customized lifecycle rules', () => { + // GIVEN + app = new App({ + defaultStackSynthesizer: AppStagingSynthesizer.defaultResources({ + appId: APP_ID, + deployTimeFileAssetLifetime: Duration.days(1), + }), + }); + stack = new Stack(app, 'Stack', { + env: { + account: '000000000000', + region: 'us-west-2', + }, + }); + new CfnResource(stack, 'Resource', { + type: 'Some::Resource', + }); + + // WHEN + const asm = app.synth(); + + // THEN + const stagingStackArtifact = asm.getStackArtifact(`StagingStack-${APP_ID}-000000000000-us-west-2`); + + Template.fromJSON(stagingStackArtifact.template).hasResourceProperties('AWS::S3::Bucket', { + LifecycleConfiguration: { + Rules: Match.arrayWith([{ + ExpirationInDays: 1, + Prefix: DEPLOY_TIME_PREFIX, + Status: 'Enabled', + }]), + }, + }); + }); + }); + + test('bucket has policy referring to deploymentrolearn', () => { + new CfnResource(stack, 'Resource', { + type: 'Some::Resource', + }); + + // WHEN + const asm = app.synth(); + + // THEN + const stagingStackArtifact = asm.getStackArtifact(`StagingStack-${APP_ID}-000000000000-us-east-1`); + + Template.fromJSON(stagingStackArtifact.template).hasResourceProperties('AWS::S3::BucketPolicy', { + PolicyDocument: { + Statement: Match.arrayWith([ + Match.objectLike({ + Effect: 'Allow', + Principal: { + AWS: Match.anyValue(), + }, + Action: [ + 's3:GetObject*', + 's3:GetBucket*', + 's3:List*', + ], + }), + ]), + }, + }); + }); + + test('add docker image asset', () => { + // WHEN + const assetName = 'abcdef'; + const location = stack.synthesizer.addDockerImageAsset({ + directoryName: '.', + sourceHash: 'abcdef', + assetName, + }); + + // THEN - we have a fixed asset location + const repo = `${APP_ID}/${assetName}`; + expect(evalCFN(location.repositoryName)).toEqual(repo); + expect(evalCFN(location.imageUri)).toEqual(`000000000000.dkr.ecr.us-east-1.domain.aws/${repo}:abcdef`); + }); + + test('throws with docker image asset without assetName', () => { + expect(() => stack.synthesizer.addDockerImageAsset({ + directoryName: '.', + sourceHash: 'abcdef', + })).toThrowError('Assets synthesized with AppScopedStagingSynthesizer must include an \'assetName\' in the asset source definition.'); + }); + + test('docker image asset depends on staging stack', () => { + // WHEN + const assetName = 'abcdef'; + stack.synthesizer.addDockerImageAsset({ + directoryName: '.', + sourceHash: 'abcdef', + assetName, + }); + + const asm = app.synth(); + + // THEN - the template is in the asset manifest + const manifestArtifact = asm.artifacts.filter(isAssetManifest)[0]; + expect(manifestArtifact).toBeDefined(); + expect(manifestArtifact.manifest.dependencies).toEqual([`StagingStack-${APP_ID}-000000000000-us-east-1`]); + }); + + test('docker image assets with different assetName have separate repos', () => { + // WHEN + const location1 = stack.synthesizer.addDockerImageAsset({ + directoryName: '.', + sourceHash: 'abcdef', + assetName: 'firstAsset', + }); + + const location2 = stack.synthesizer.addDockerImageAsset({ + directoryName: './hello', + sourceHash: 'abcdef', + assetName: 'secondAsset', + }); + + // THEN - images have different asset locations + expect(evalCFN(location1.repositoryName)).not.toEqual(evalCFN(location2.repositoryName)); + }); + + test('docker image assets with same assetName live in same repos', () => { + // WHEN + const assetName = 'abcdef'; + const location1 = stack.synthesizer.addDockerImageAsset({ + directoryName: '.', + sourceHash: 'abcdef', + assetName, + }); + + const location2 = stack.synthesizer.addDockerImageAsset({ + directoryName: './hello', + sourceHash: 'abcdefg', + assetName, + }); + + // THEN - images share same ecr repo + expect(evalCFN(location1.repositoryName)).toEqual(`${APP_ID}/${assetName}`); + expect(evalCFN(location1.repositoryName)).toEqual(evalCFN(location2.repositoryName)); + }); + + test('docker image repositories have lifecycle rule - default', () => { + // GIVEN + const assetName = 'abcdef'; + stack.synthesizer.addDockerImageAsset({ + directoryName: '.', + sourceHash: 'abcdef', + assetName, + }); + + // WHEN + const asm = app.synth(); + + // THEN + Template.fromJSON(getStagingResourceStack(asm).template).hasResourceProperties('AWS::ECR::Repository', { + LifecyclePolicy: { + LifecyclePolicyText: Match.serializedJson({ + rules: Match.arrayWith([ + Match.objectLike({ + selection: Match.objectLike({ + countType: 'imageCountMoreThan', + countNumber: 3, + }), + }), + ]), + }), + }, + RepositoryName: `${APP_ID}/${assetName}`, + }); + }); + + test('docker image repositories have lifecycle rule - specified', () => { + // GIVEN + app = new App({ + defaultStackSynthesizer: AppStagingSynthesizer.defaultResources({ + appId: APP_ID, + imageAssetVersionCount: 1, + }), + }); + stack = new Stack(app, 'Stack', { + env: { + account: '000000000000', + region: 'us-east-1', + }, + }); + + const assetName = 'abcdef'; + stack.synthesizer.addDockerImageAsset({ + directoryName: '.', + sourceHash: 'abcdef', + assetName, + }); + + // WHEN + const asm = app.synth(); + + // THEN + Template.fromJSON(getStagingResourceStack(asm).template).hasResourceProperties('AWS::ECR::Repository', { + LifecyclePolicy: { + LifecyclePolicyText: Match.serializedJson({ + rules: Match.arrayWith([ + Match.objectLike({ + selection: Match.objectLike({ + countType: 'imageCountMoreThan', + countNumber: 1, + }), + }), + ]), + }), + }, + RepositoryName: `${APP_ID}/${assetName}`, + }); + }); + + describe('environment specifics', () => { + test('throws if App includes env-agnostic and specific env stacks', () => { + // GIVEN - App with Stack with specific environment + + // THEN - Expect environment agnostic stack to fail + expect(() => new Stack(app, 'NoEnvStack')).toThrowError(/It is not safe to use AppStagingSynthesizer/); + }); + }); + + test('throws if synthesizer props have tokens', () => { + expect(() => new App({ + defaultStackSynthesizer: AppStagingSynthesizer.defaultResources({ + appId: Lazy.string({ produce: () => 'appId' }), + }), + })).toThrowError(/AppStagingSynthesizer property 'appId' may not contain tokens;/); + }); + + test('throws when staging resource stack is too large', () => { + // WHEN + const assetName = 'abcdef'; + for (let i = 0; i < 100; i++) { + stack.synthesizer.addDockerImageAsset({ + directoryName: '.', + sourceHash: 'abcdef', + assetName: assetName + i, + }); + } + + // THEN + expect(() => app.synth()).toThrowError(/Staging resource template cannot be greater than 51200 bytes/); + }); + + /** + * Evaluate a possibly string-containing value the same way CFN would do + * + * (Be invariant to the specific Fn::Sub or Fn::Join we would output) + */ + function evalCFN(value: any) { + return evaluateCFN(stack.resolve(value), CFN_CONTEXT); + } + + /** + * Return the staging resource stack that is generated as part of the assembly + */ + function getStagingResourceStack(asm: CloudAssembly) { + return asm.getStackArtifact(`StagingStack-${APP_ID}-000000000000-us-east-1`); + } +}); diff --git a/packages/@aws-cdk/app-staging-synthesizer-alpha/test/assets/Dockerfile b/packages/@aws-cdk/app-staging-synthesizer-alpha/test/assets/Dockerfile new file mode 100644 index 0000000000000..4a015204a5983 --- /dev/null +++ b/packages/@aws-cdk/app-staging-synthesizer-alpha/test/assets/Dockerfile @@ -0,0 +1,2 @@ +FROM public.ecr.aws/lambda/python:3.10 +CMD echo hello world \ No newline at end of file diff --git a/packages/@aws-cdk/app-staging-synthesizer-alpha/test/assets/index.py b/packages/@aws-cdk/app-staging-synthesizer-alpha/test/assets/index.py new file mode 100644 index 0000000000000..ed0f110e2e61e --- /dev/null +++ b/packages/@aws-cdk/app-staging-synthesizer-alpha/test/assets/index.py @@ -0,0 +1 @@ +print('hello') \ No newline at end of file diff --git a/packages/@aws-cdk/app-staging-synthesizer-alpha/test/bootstrap-roles.test.ts b/packages/@aws-cdk/app-staging-synthesizer-alpha/test/bootstrap-roles.test.ts new file mode 100644 index 0000000000000..a46e1807f8c97 --- /dev/null +++ b/packages/@aws-cdk/app-staging-synthesizer-alpha/test/bootstrap-roles.test.ts @@ -0,0 +1,189 @@ +import * as fs from 'fs'; +import { App, Stack, CfnResource } from 'aws-cdk-lib'; +import * as cxschema from 'aws-cdk-lib/cloud-assembly-schema'; +import { APP_ID, isAssetManifest } from './util'; +import { AppStagingSynthesizer, BootstrapRole, DeploymentIdentities } from '../lib'; + +const CLOUDFORMATION_EXECUTION_ROLE = 'cloudformation-execution-role'; +const DEPLOY_ACTION_ROLE = 'deploy-action-role'; +const LOOKUP_ROLE = 'lookup-role'; + +describe('Boostrap Roles', () => { + test('default bootstrap role name is always under 64 characters', () => { + // GIVEN + const app = new App({ + defaultStackSynthesizer: AppStagingSynthesizer.defaultResources({ + appId: 'super long app id that needs to be cut', + }), + }); + const stack = new Stack(app, 'Stack', { + env: { + account: '000000000000', + region: 'us-east-1', + }, + }); + new CfnResource(stack, 'Resource', { + type: 'Some::Resource', + }); + + // WHEN + const asm = app.synth(); + + // THEN + const manifestArtifact = asm.artifacts.filter(isAssetManifest)[0]; + expect(manifestArtifact).toBeDefined(); + const manifest: cxschema.AssetManifest = JSON.parse(fs.readFileSync(manifestArtifact.file, { encoding: 'utf-8' })); + const firstFile: any = (manifest.files ? manifest.files[Object.keys(manifest.files)[0]] : undefined) ?? {}; + expect(firstFile.destinations['000000000000-us-east-1'].assumeRoleArn).toEqual('arn:${AWS::Partition}:iam::000000000000:role/cdk-super-long-app-id-th-file-role-us-east-1'); + }); + + test('can supply existing arns for bootstrapped roles', () => { + // GIVEN + const app = new App({ + defaultStackSynthesizer: AppStagingSynthesizer.defaultResources({ + appId: APP_ID, + deploymentIdentities: DeploymentIdentities.specifyRoles({ + cloudFormationExecutionRole: BootstrapRole.fromRoleArn(CLOUDFORMATION_EXECUTION_ROLE), + lookupRole: BootstrapRole.fromRoleArn(LOOKUP_ROLE), + deploymentRole: BootstrapRole.fromRoleArn(DEPLOY_ACTION_ROLE), + }), + }), + }); + const stack = new Stack(app, 'Stack', { + env: { + account: '000000000000', + region: 'us-east-1', + }, + }); + new CfnResource(stack, 'Resource', { + type: 'Some::Resource', + }); + + // WHEN + const asm = app.synth(); + + // THEN + const stackArtifact = asm.getStackArtifact('Stack'); + + // Bootstrapped roles are as advertised + expect(stackArtifact.cloudFormationExecutionRoleArn).toEqual(CLOUDFORMATION_EXECUTION_ROLE); + expect(stackArtifact.lookupRole).toEqual({ arn: LOOKUP_ROLE }); + expect(stackArtifact.assumeRoleArn).toEqual(DEPLOY_ACTION_ROLE); + }); + + test('can supply existing arn for bucket staging role', () => { + // GIVEN + const app = new App({ + defaultStackSynthesizer: AppStagingSynthesizer.defaultResources({ + appId: APP_ID, + fileAssetPublishingRole: BootstrapRole.fromRoleArn('arn:aws:iam::123456789012:role/S3Access'), + }), + }); + const stack = new Stack(app, 'Stack', { + env: { + account: '000000000000', + region: 'us-east-1', + }, + }); + new CfnResource(stack, 'Resource', { + type: 'Some::Resource', + }); + + // WHEN + const asm = app.synth(); + + // THEN + // Staging role is as advertised + const manifestArtifact = asm.artifacts.filter(isAssetManifest)[0]; + expect(manifestArtifact).toBeDefined(); + const manifest: cxschema.AssetManifest = JSON.parse(fs.readFileSync(manifestArtifact.file, { encoding: 'utf-8' })); + const firstFile: any = (manifest.files ? manifest.files[Object.keys(manifest.files)[0]] : undefined) ?? {}; + expect(firstFile.destinations['000000000000-us-east-1'].assumeRoleArn).toEqual('arn:aws:iam::123456789012:role/S3Access'); + }); + + test('can provide existing arn for image staging role', () => { + // GIVEN + const app = new App({ + defaultStackSynthesizer: AppStagingSynthesizer.defaultResources({ + appId: APP_ID, + imageAssetPublishingRole: BootstrapRole.fromRoleArn('arn:aws:iam::123456789012:role/ECRAccess'), + }), + }); + const stack = new Stack(app, 'Stack', { + env: { + account: '000000000000', + region: 'us-east-1', + }, + }); + stack.synthesizer.addDockerImageAsset({ + directoryName: '.', + sourceHash: 'abcdef', + assetName: 'myDockerAsset', + }); + + // WHEN + const asm = app.synth(); + + // THEN + // Image role is as advertised + const manifestArtifact = asm.artifacts.filter(isAssetManifest)[0]; + expect(manifestArtifact).toBeDefined(); + const manifest: cxschema.AssetManifest = JSON.parse(fs.readFileSync(manifestArtifact.file, { encoding: 'utf-8' })); + const firstFile: any = (manifest.dockerImages ? manifest.dockerImages[Object.keys(manifest.dockerImages)[0]] : undefined) ?? {}; + expect(firstFile.destinations['000000000000-us-east-1'].assumeRoleArn).toEqual('arn:aws:iam::123456789012:role/ECRAccess'); + }); + + test('bootstrap roles can be specified as current cli credentials instead', () => { + // GIVEN + const app = new App({ + defaultStackSynthesizer: AppStagingSynthesizer.defaultResources({ + appId: APP_ID, + deploymentIdentities: DeploymentIdentities.cliCredentials(), + }), + }); + const stack = new Stack(app, 'Stack', { + env: { + account: '000000000000', + region: 'us-east-1', + }, + }); + new CfnResource(stack, 'Resource', { + type: 'Some::Resource', + }); + + // WHEN + const asm = app.synth(); + + // THEN + const stackArtifact = asm.getStackArtifact('Stack'); + + // Bootstrapped roles are undefined, which means current credentials are used + expect(stackArtifact.cloudFormationExecutionRoleArn).toBeUndefined(); + expect(stackArtifact.lookupRole).toBeUndefined(); + expect(stackArtifact.assumeRoleArn).toBeUndefined(); + }); + + test('qualifier is resolved in the synthesizer', () => { + const app = new App({ + defaultStackSynthesizer: AppStagingSynthesizer.defaultResources({ + bootstrapQualifier: 'abcdef', + appId: APP_ID, + }), + }); + new Stack(app, 'Stack', { + env: { + account: '000000000000', + region: 'us-east-1', + }, + }); + + // WHEN + const asm = app.synth(); + + // THEN + const stackArtifact = asm.getStackArtifact('Stack'); + + // Bootstrapped role's asset manifest tokens are resolved, where possible + expect(stackArtifact.cloudFormationExecutionRoleArn).toEqual('arn:${AWS::Partition}:iam::000000000000:role/cdk-abcdef-cfn-exec-role-000000000000-us-east-1'); + }); +}); diff --git a/packages/@aws-cdk/app-staging-synthesizer-alpha/test/default-staging-stack.test.ts b/packages/@aws-cdk/app-staging-synthesizer-alpha/test/default-staging-stack.test.ts new file mode 100644 index 0000000000000..d711195d4ca25 --- /dev/null +++ b/packages/@aws-cdk/app-staging-synthesizer-alpha/test/default-staging-stack.test.ts @@ -0,0 +1,44 @@ +import { App } from 'aws-cdk-lib'; +import { DefaultStagingStack } from '../lib'; + +describe('default staging stack', () => { + describe('appId fails', () => { + test('when appId > 20 characters', () => { + const app = new App(); + expect(() => new DefaultStagingStack(app, 'stack', { + appId: 'a'.repeat(21), + qualifier: 'qualifier', + })).toThrowError(/appId expected no more than 20 characters but got 21 characters./); + }); + + test('when uppercase characters are used', () => { + const app = new App(); + expect(() => new DefaultStagingStack(app, 'stack', { + appId: 'ABCDEF', + qualifier: 'qualifier', + })).toThrowError(/appId only accepts lowercase characters./); + }); + + test('when symbols are used', () => { + const app = new App(); + expect(() => new DefaultStagingStack(app, 'stack', { + appId: 'ca$h', + qualifier: 'qualifier', + })).toThrowError(/appId expects only letters, numbers, and dashes \('-'\)/); + }); + + test('when multiple rules broken at once', () => { + const app = new App(); + const appId = 'AB&C'.repeat(10); + expect(() => new DefaultStagingStack(app, 'stack', { + appId, + qualifier: 'qualifier', + })).toThrowError([ + `appId ${appId} has errors:`, + 'appId expected no more than 20 characters but got 40 characters.', + 'appId only accepts lowercase characters.', + 'appId expects only letters, numbers, and dashes (\'-\')', + ].join('\n')); + }); + }); +}); \ No newline at end of file diff --git a/packages/@aws-cdk/app-staging-synthesizer-alpha/test/evaluate-cfn.ts b/packages/@aws-cdk/app-staging-synthesizer-alpha/test/evaluate-cfn.ts new file mode 100644 index 0000000000000..917ffb6646195 --- /dev/null +++ b/packages/@aws-cdk/app-staging-synthesizer-alpha/test/evaluate-cfn.ts @@ -0,0 +1,114 @@ +/** + * Simple function to evaluate CloudFormation intrinsics. + * + * Note that this function is not production quality, it exists to support tests. + */ +export function evaluateCFN(object: any, context: {[key: string]: string} = {}): any { + const intrinsicFns: any = { + 'Fn::Join'(separator: string, args: string[]) { + if (typeof separator !== 'string') { + // CFN does not support expressions here! + throw new Error('\'separator\' argument of { Fn::Join } must be a string literal'); + } + return evaluate(args).map(evaluate).join(separator); + }, + + 'Fn::Split'(separator: string, args: any) { + if (typeof separator !== 'string') { + // CFN does not support expressions here! + throw new Error('\'separator\' argument of { Fn::Split } must be a string literal'); + } + return evaluate(args).split(separator); + }, + + 'Fn::Select'(index: number, args: any) { + return evaluate(args).map(evaluate)[index]; + }, + + 'Ref'(logicalId: string) { + if (!(logicalId in context)) { + throw new Error(`Trying to evaluate Ref of '${logicalId}' but not in context!`); + } + return context[logicalId]; + }, + + 'Fn::GetAtt'(logicalId: string, attributeName: string) { + const key = `${logicalId}.${attributeName}`; + if (!(key in context)) { + throw new Error(`Trying to evaluate Fn::GetAtt of '${logicalId}.${attributeName}' but not in context!`); + } + return context[key]; + }, + + 'Fn::Sub'(template: string, explicitPlaceholders?: Record) { + const placeholders = explicitPlaceholders ? evaluate(explicitPlaceholders) : context; + + if (typeof template !== 'string') { + throw new Error('The first argument to {Fn::Sub} must be a string literal (cannot be the result of an expression)'); + } + + return template.replace(/\$\{([a-zA-Z0-9.:-]*)\}/g, (_: string, key: string) => { + if (key in placeholders) { return placeholders[key]; } + throw new Error(`Unknown placeholder in Fn::Sub: ${key}`); + }); + }, + }; + + return evaluate(object); + + function evaluate(obj: any): any { + if (Array.isArray(obj)) { + return obj.map(evaluate); + } + + if (typeof obj === 'object') { + const intrinsic = parseIntrinsic(obj); + if (intrinsic) { + return evaluateIntrinsic(intrinsic); + } + + const ret: {[key: string]: any} = {}; + for (const key of Object.keys(obj)) { + ret[key] = evaluate(obj[key]); + } + return ret; + } + + return obj; + } + + function evaluateIntrinsic(intrinsic: Intrinsic) { + if (!(intrinsic.name in intrinsicFns)) { + throw new Error(`Intrinsic ${intrinsic.name} not supported here`); + } + + const argsAsArray = Array.isArray(intrinsic.args) ? intrinsic.args : [intrinsic.args]; + + return intrinsicFns[intrinsic.name].apply(intrinsicFns, argsAsArray); + } +} + +interface Intrinsic { + readonly name: string; + readonly args: any; +} + +function parseIntrinsic(x: any): Intrinsic | undefined { + if (typeof x !== 'object' || x === null) { return undefined; } + const keys = Object.keys(x); + if (keys.length === 1 && (isNameOfCloudFormationIntrinsic(keys[0]) || keys[0] === 'Ref')) { + return { + name: keys[0], + args: x[keys[0]], + }; + } + return undefined; +} + +function isNameOfCloudFormationIntrinsic(name: string): boolean { + if (!name.startsWith('Fn::')) { + return false; + } + // these are 'fake' intrinsics, only usable inside the parameter overrides of a CFN CodePipeline Action + return name !== 'Fn::GetArtifactAtt' && name !== 'Fn::GetParam'; +} \ No newline at end of file diff --git a/packages/@aws-cdk/app-staging-synthesizer-alpha/test/integ.synth-default-resources.js.snapshot/StagingStack-default-resources-ACCOUNT-REGION.template.json b/packages/@aws-cdk/app-staging-synthesizer-alpha/test/integ.synth-default-resources.js.snapshot/StagingStack-default-resources-ACCOUNT-REGION.template.json new file mode 100644 index 0000000000000..fae319dc47641 --- /dev/null +++ b/packages/@aws-cdk/app-staging-synthesizer-alpha/test/integ.synth-default-resources.js.snapshot/StagingStack-default-resources-ACCOUNT-REGION.template.json @@ -0,0 +1,472 @@ +{ + "Resources": { + "CdkFileRoleE26CEABA": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" + ] + ] + } + } + } + ], + "Version": "2012-10-17" + }, + "RoleName": { + "Fn::Join": [ + "", + [ + "cdk-default-resources-file-role-", + { + "Ref": "AWS::Region" + } + ] + ] + } + } + }, + "CdkFileRoleDefaultPolicy621C7E5B": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "s3:Abort*", + "s3:DeleteObject*", + "s3:GetBucket*", + "s3:GetObject*", + "s3:List*", + "s3:PutObject", + "s3:PutObjectLegalHold", + "s3:PutObjectRetention", + "s3:PutObjectTagging", + "s3:PutObjectVersionTagging" + ], + "Effect": "Allow", + "Resource": [ + { + "Fn::GetAtt": [ + "CdkStagingBucket1636058C", + "Arn" + ] + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "CdkStagingBucket1636058C", + "Arn" + ] + }, + "/*" + ] + ] + } + ] + }, + { + "Action": [ + "kms:Decrypt", + "kms:DescribeKey", + "kms:Encrypt", + "kms:GenerateDataKey*", + "kms:ReEncrypt*" + ], + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "BucketKey7092080A", + "Arn" + ] + } + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "CdkFileRoleDefaultPolicy621C7E5B", + "Roles": [ + { + "Ref": "CdkFileRoleE26CEABA" + } + ] + } + }, + "BucketKey7092080A": { + "Type": "AWS::KMS::Key", + "Properties": { + "KeyPolicy": { + "Statement": [ + { + "Action": "kms:*", + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" + ] + ] + } + }, + "Resource": "*" + }, + { + "Action": [ + "kms:CancelKeyDeletion", + "kms:Create*", + "kms:Delete*", + "kms:Describe*", + "kms:Disable*", + "kms:Enable*", + "kms:Get*", + "kms:List*", + "kms:Put*", + "kms:Revoke*", + "kms:ScheduleKeyDeletion", + "kms:TagResource", + "kms:UntagResource", + "kms:Update*" + ], + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" + ] + ] + } + }, + "Resource": "*" + } + ], + "Version": "2012-10-17" + } + }, + "UpdateReplacePolicy": "Retain", + "DeletionPolicy": "Retain" + }, + "BucketKeyAlias69A0886F": { + "Type": "AWS::KMS::Alias", + "Properties": { + "AliasName": "alias/cdk-default-resources-staging", + "TargetKeyId": { + "Fn::GetAtt": [ + "BucketKey7092080A", + "Arn" + ] + } + } + }, + "CdkStagingBucket1636058C": { + "Type": "AWS::S3::Bucket", + "Properties": { + "BucketEncryption": { + "ServerSideEncryptionConfiguration": [ + { + "ServerSideEncryptionByDefault": { + "KMSMasterKeyID": { + "Fn::GetAtt": [ + "BucketKey7092080A", + "Arn" + ] + }, + "SSEAlgorithm": "aws:kms" + } + } + ] + }, + "BucketName": { + "Fn::Join": [ + "", + [ + "cdk-default-resources-staging-", + { + "Ref": "AWS::AccountId" + }, + "-", + { + "Ref": "AWS::Region" + } + ] + ] + }, + "LifecycleConfiguration": { + "Rules": [ + { + "NoncurrentVersionExpiration": { + "NoncurrentDays": 365 + }, + "Status": "Enabled" + }, + { + "ExpirationInDays": 30, + "Prefix": "deploy-time/", + "Status": "Enabled" + } + ] + }, + "VersioningConfiguration": { + "Status": "Enabled" + } + }, + "UpdateReplacePolicy": "Retain", + "DeletionPolicy": "Retain" + }, + "CdkStagingBucketPolicy42BD1F92": { + "Type": "AWS::S3::BucketPolicy", + "Properties": { + "Bucket": { + "Ref": "CdkStagingBucket1636058C" + }, + "PolicyDocument": { + "Statement": [ + { + "Action": "s3:*", + "Condition": { + "Bool": { + "aws:SecureTransport": "false" + } + }, + "Effect": "Deny", + "Principal": { + "AWS": "*" + }, + "Resource": [ + { + "Fn::GetAtt": [ + "CdkStagingBucket1636058C", + "Arn" + ] + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "CdkStagingBucket1636058C", + "Arn" + ] + }, + "/*" + ] + ] + } + ] + }, + { + "Action": [ + "s3:GetBucket*", + "s3:GetObject*", + "s3:List*" + ], + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":role/cdk-hnb659fds-deploy-role-", + { + "Ref": "AWS::AccountId" + }, + "-", + { + "Ref": "AWS::Region" + } + ] + ] + } + }, + "Resource": [ + { + "Fn::GetAtt": [ + "CdkStagingBucket1636058C", + "Arn" + ] + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "CdkStagingBucket1636058C", + "Arn" + ] + }, + "/*" + ] + ] + } + ] + } + ], + "Version": "2012-10-17" + } + } + }, + "CdkImageRoleF1394AC3": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" + ] + ] + } + } + } + ], + "Version": "2012-10-17" + }, + "RoleName": { + "Fn::Join": [ + "", + [ + "cdk-default-resources-image-role-", + { + "Ref": "AWS::Region" + } + ] + ] + } + } + }, + "CdkImageRoleDefaultPolicy4A1572DE": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "ecr:BatchCheckLayerAvailability", + "ecr:BatchGetImage", + "ecr:CompleteLayerUpload", + "ecr:DescribeImages", + "ecr:DescribeRepositories", + "ecr:GetDownloadUrlForLayer", + "ecr:InitiateLayerUpload", + "ecr:PutImage", + "ecr:UploadLayerPart" + ], + "Effect": "Allow", + "Resource": [ + { + "Fn::GetAtt": [ + "defaultresourcesecrasset2FBE6B8A9", + "Arn" + ] + }, + { + "Fn::GetAtt": [ + "defaultresourcesecrasset9191BD6E", + "Arn" + ] + } + ] + }, + { + "Action": "ecr:GetAuthorizationToken", + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "CdkImageRoleDefaultPolicy4A1572DE", + "Roles": [ + { + "Ref": "CdkImageRoleF1394AC3" + } + ] + } + }, + "defaultresourcesecrasset9191BD6E": { + "Type": "AWS::ECR::Repository", + "Properties": { + "LifecyclePolicy": { + "LifecyclePolicyText": "{\"rules\":[{\"rulePriority\":1,\"description\":\"Garbage collect old image versions and keep the specified number of latest versions\",\"selection\":{\"tagStatus\":\"any\",\"countType\":\"imageCountMoreThan\",\"countNumber\":3},\"action\":{\"type\":\"expire\"}}]}" + }, + "RepositoryName": "default-resources/ecr-asset" + }, + "UpdateReplacePolicy": "Retain", + "DeletionPolicy": "Retain" + }, + "defaultresourcesecrasset2FBE6B8A9": { + "Type": "AWS::ECR::Repository", + "Properties": { + "LifecyclePolicy": { + "LifecyclePolicyText": "{\"rules\":[{\"rulePriority\":1,\"description\":\"Garbage collect old image versions and keep the specified number of latest versions\",\"selection\":{\"tagStatus\":\"any\",\"countType\":\"imageCountMoreThan\",\"countNumber\":3},\"action\":{\"type\":\"expire\"}}]}" + }, + "RepositoryName": "default-resources/ecr-asset-2" + }, + "UpdateReplacePolicy": "Retain", + "DeletionPolicy": "Retain" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/app-staging-synthesizer-alpha/test/integ.synth-default-resources.js.snapshot/asset.16624c2a162b07c5cc0e2c59c484f638bac238ca558ccbdc2aa0e0535df3e622/Dockerfile b/packages/@aws-cdk/app-staging-synthesizer-alpha/test/integ.synth-default-resources.js.snapshot/asset.16624c2a162b07c5cc0e2c59c484f638bac238ca558ccbdc2aa0e0535df3e622/Dockerfile new file mode 100644 index 0000000000000..4a015204a5983 --- /dev/null +++ b/packages/@aws-cdk/app-staging-synthesizer-alpha/test/integ.synth-default-resources.js.snapshot/asset.16624c2a162b07c5cc0e2c59c484f638bac238ca558ccbdc2aa0e0535df3e622/Dockerfile @@ -0,0 +1,2 @@ +FROM public.ecr.aws/lambda/python:3.10 +CMD echo hello world \ No newline at end of file diff --git a/packages/@aws-cdk/app-staging-synthesizer-alpha/test/integ.synth-default-resources.js.snapshot/asset.16624c2a162b07c5cc0e2c59c484f638bac238ca558ccbdc2aa0e0535df3e622/index.py b/packages/@aws-cdk/app-staging-synthesizer-alpha/test/integ.synth-default-resources.js.snapshot/asset.16624c2a162b07c5cc0e2c59c484f638bac238ca558ccbdc2aa0e0535df3e622/index.py new file mode 100644 index 0000000000000..ed0f110e2e61e --- /dev/null +++ b/packages/@aws-cdk/app-staging-synthesizer-alpha/test/integ.synth-default-resources.js.snapshot/asset.16624c2a162b07c5cc0e2c59c484f638bac238ca558ccbdc2aa0e0535df3e622/index.py @@ -0,0 +1 @@ +print('hello') \ No newline at end of file diff --git a/packages/@aws-cdk/app-staging-synthesizer-alpha/test/integ.synth-default-resources.js.snapshot/asset.68539effc3f7ad46fff9765606c2a01b7f7965833643ab37e62799f19a37f650/Dockerfile b/packages/@aws-cdk/app-staging-synthesizer-alpha/test/integ.synth-default-resources.js.snapshot/asset.68539effc3f7ad46fff9765606c2a01b7f7965833643ab37e62799f19a37f650/Dockerfile new file mode 100644 index 0000000000000..4a015204a5983 --- /dev/null +++ b/packages/@aws-cdk/app-staging-synthesizer-alpha/test/integ.synth-default-resources.js.snapshot/asset.68539effc3f7ad46fff9765606c2a01b7f7965833643ab37e62799f19a37f650/Dockerfile @@ -0,0 +1,2 @@ +FROM public.ecr.aws/lambda/python:3.10 +CMD echo hello world \ No newline at end of file diff --git a/packages/@aws-cdk/app-staging-synthesizer-alpha/test/integ.synth-default-resources.js.snapshot/asset.68539effc3f7ad46fff9765606c2a01b7f7965833643ab37e62799f19a37f650/index.py b/packages/@aws-cdk/app-staging-synthesizer-alpha/test/integ.synth-default-resources.js.snapshot/asset.68539effc3f7ad46fff9765606c2a01b7f7965833643ab37e62799f19a37f650/index.py new file mode 100644 index 0000000000000..ed0f110e2e61e --- /dev/null +++ b/packages/@aws-cdk/app-staging-synthesizer-alpha/test/integ.synth-default-resources.js.snapshot/asset.68539effc3f7ad46fff9765606c2a01b7f7965833643ab37e62799f19a37f650/index.py @@ -0,0 +1 @@ +print('hello') \ No newline at end of file diff --git a/packages/@aws-cdk/app-staging-synthesizer-alpha/test/integ.synth-default-resources.js.snapshot/cdk.out b/packages/@aws-cdk/app-staging-synthesizer-alpha/test/integ.synth-default-resources.js.snapshot/cdk.out new file mode 100644 index 0000000000000..7925065efbcc4 --- /dev/null +++ b/packages/@aws-cdk/app-staging-synthesizer-alpha/test/integ.synth-default-resources.js.snapshot/cdk.out @@ -0,0 +1 @@ +{"version":"31.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk/app-staging-synthesizer-alpha/test/integ.synth-default-resources.js.snapshot/integ.json b/packages/@aws-cdk/app-staging-synthesizer-alpha/test/integ.synth-default-resources.js.snapshot/integ.json new file mode 100644 index 0000000000000..9eeaef0dfe700 --- /dev/null +++ b/packages/@aws-cdk/app-staging-synthesizer-alpha/test/integ.synth-default-resources.js.snapshot/integ.json @@ -0,0 +1,12 @@ +{ + "version": "31.0.0", + "testCases": { + "integ-tests/DefaultTest": { + "stacks": [ + "synthesize-default-resources" + ], + "assertionStack": "integ-tests/DefaultTest/DeployAssert", + "assertionStackName": "integtestsDefaultTestDeployAssert44C8D370" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/app-staging-synthesizer-alpha/test/integ.synth-default-resources.js.snapshot/integtestsDefaultTestDeployAssert44C8D370.assets.json b/packages/@aws-cdk/app-staging-synthesizer-alpha/test/integ.synth-default-resources.js.snapshot/integtestsDefaultTestDeployAssert44C8D370.assets.json new file mode 100644 index 0000000000000..7526fee9ff76c --- /dev/null +++ b/packages/@aws-cdk/app-staging-synthesizer-alpha/test/integ.synth-default-resources.js.snapshot/integtestsDefaultTestDeployAssert44C8D370.assets.json @@ -0,0 +1,19 @@ +{ + "version": "31.0.0", + "files": { + "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { + "source": { + "path": "integtestsDefaultTestDeployAssert44C8D370.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk/app-staging-synthesizer-alpha/test/integ.synth-default-resources.js.snapshot/integtestsDefaultTestDeployAssert44C8D370.template.json b/packages/@aws-cdk/app-staging-synthesizer-alpha/test/integ.synth-default-resources.js.snapshot/integtestsDefaultTestDeployAssert44C8D370.template.json new file mode 100644 index 0000000000000..ad9d0fb73d1dd --- /dev/null +++ b/packages/@aws-cdk/app-staging-synthesizer-alpha/test/integ.synth-default-resources.js.snapshot/integtestsDefaultTestDeployAssert44C8D370.template.json @@ -0,0 +1,36 @@ +{ + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/app-staging-synthesizer-alpha/test/integ.synth-default-resources.js.snapshot/manifest.json b/packages/@aws-cdk/app-staging-synthesizer-alpha/test/integ.synth-default-resources.js.snapshot/manifest.json new file mode 100644 index 0000000000000..e9ac382233e75 --- /dev/null +++ b/packages/@aws-cdk/app-staging-synthesizer-alpha/test/integ.synth-default-resources.js.snapshot/manifest.json @@ -0,0 +1,213 @@ +{ + "version": "31.0.0", + "artifacts": { + "synthesize-default-resources.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "synthesize-default-resources.assets.json" + }, + "dependencies": [ + "StagingStack-default-resources-ACCOUNT-REGION" + ] + }, + "synthesize-default-resources": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "synthesize-default-resources.template.json", + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "additionalDependencies": [ + "synthesize-default-resources.assets" + ], + "stackTemplateAssetObjectUrl": "s3://cdk-default-resources-staging-${AWS::AccountId}-${AWS::Region}/deploy-time/e21d11bec65be920861a56a86066cc88a0241d5cbe8324d0692ca982420e4cb0.json", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}" + } + }, + "dependencies": [ + "StagingStack-default-resources-ACCOUNT-REGION", + "synthesize-default-resources.assets" + ], + "metadata": { + "/synthesize-default-resources/lambda-s3/ServiceRole/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "lambdas3ServiceRoleC9EDE33A" + } + ], + "/synthesize-default-resources/lambda-s3/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "lambdas342CE2BBD" + } + ], + "/synthesize-default-resources/lambda-ecr-1/ServiceRole/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "lambdaecr1ServiceRoleA6BBC49F" + } + ], + "/synthesize-default-resources/lambda-ecr-1/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "lambdaecr1B33A3D15" + } + ], + "/synthesize-default-resources/lambda-ecr-1-copy/ServiceRole/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "lambdaecr1copyServiceRole2A9FAF5F" + } + ], + "/synthesize-default-resources/lambda-ecr-1-copy/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "lambdaecr1copyD39CDE9B" + } + ], + "/synthesize-default-resources/lambda-ecr-2/ServiceRole/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "lambdaecr2ServiceRole2EA363D2" + } + ], + "/synthesize-default-resources/lambda-ecr-2/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "lambdaecr2615DAF68" + } + ] + }, + "displayName": "synthesize-default-resources" + }, + "StagingStack-default-resources-ACCOUNT-REGION": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "StagingStack-default-resources-ACCOUNT-REGION.template.json", + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackName": "StagingStack-default-resources" + }, + "metadata": { + "/StagingStack-default-resources-ACCOUNT-REGION/CdkFileRole/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "CdkFileRoleE26CEABA" + } + ], + "/StagingStack-default-resources-ACCOUNT-REGION/CdkFileRole/DefaultPolicy/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "CdkFileRoleDefaultPolicy621C7E5B" + } + ], + "/StagingStack-default-resources-ACCOUNT-REGION/BucketKey/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "BucketKey7092080A" + } + ], + "/StagingStack-default-resources-ACCOUNT-REGION/BucketKey/Alias/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "BucketKeyAlias69A0886F" + } + ], + "/StagingStack-default-resources-ACCOUNT-REGION/CdkStagingBucket/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "CdkStagingBucket1636058C" + } + ], + "/StagingStack-default-resources-ACCOUNT-REGION/CdkStagingBucket/Policy/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "CdkStagingBucketPolicy42BD1F92" + } + ], + "/StagingStack-default-resources-ACCOUNT-REGION/CdkImageRole/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "CdkImageRoleF1394AC3" + } + ], + "/StagingStack-default-resources-ACCOUNT-REGION/CdkImageRole/DefaultPolicy/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "CdkImageRoleDefaultPolicy4A1572DE" + } + ], + "/StagingStack-default-resources-ACCOUNT-REGION/default-resources--ecr-asset/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "defaultresourcesecrasset9191BD6E" + } + ], + "/StagingStack-default-resources-ACCOUNT-REGION/default-resources--ecr-asset-2/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "defaultresourcesecrasset2FBE6B8A9" + } + ] + }, + "displayName": "StagingStack-default-resources-ACCOUNT-REGION" + }, + "integtestsDefaultTestDeployAssert44C8D370.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "integtestsDefaultTestDeployAssert44C8D370.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "integtestsDefaultTestDeployAssert44C8D370": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "integtestsDefaultTestDeployAssert44C8D370.template.json", + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "integtestsDefaultTestDeployAssert44C8D370.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "integtestsDefaultTestDeployAssert44C8D370.assets" + ], + "metadata": { + "/integ-tests/DefaultTest/DeployAssert/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/integ-tests/DefaultTest/DeployAssert/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "integ-tests/DefaultTest/DeployAssert" + }, + "Tree": { + "type": "cdk:tree", + "properties": { + "file": "tree.json" + } + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/app-staging-synthesizer-alpha/test/integ.synth-default-resources.js.snapshot/synthesize-default-resources.assets.json b/packages/@aws-cdk/app-staging-synthesizer-alpha/test/integ.synth-default-resources.js.snapshot/synthesize-default-resources.assets.json new file mode 100644 index 0000000000000..c17a6ccdaa514 --- /dev/null +++ b/packages/@aws-cdk/app-staging-synthesizer-alpha/test/integ.synth-default-resources.js.snapshot/synthesize-default-resources.assets.json @@ -0,0 +1,57 @@ +{ + "version": "31.0.0", + "files": { + "68539effc3f7ad46fff9765606c2a01b7f7965833643ab37e62799f19a37f650": { + "source": { + "path": "asset.68539effc3f7ad46fff9765606c2a01b7f7965833643ab37e62799f19a37f650", + "packaging": "zip" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-default-resources-staging-${AWS::AccountId}-${AWS::Region}", + "objectKey": "68539effc3f7ad46fff9765606c2a01b7f7965833643ab37e62799f19a37f650.zip", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-default-resources-file-role-${AWS::Region}" + } + } + }, + "e21d11bec65be920861a56a86066cc88a0241d5cbe8324d0692ca982420e4cb0": { + "source": { + "path": "synthesize-default-resources.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-default-resources-staging-${AWS::AccountId}-${AWS::Region}", + "objectKey": "deploy-time/e21d11bec65be920861a56a86066cc88a0241d5cbe8324d0692ca982420e4cb0.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-default-resources-file-role-${AWS::Region}" + } + } + } + }, + "dockerImages": { + "ecr-asset-16624c2a162b07c5cc0e2c59c484f638bac238ca558ccbdc2aa0e0535df3e622": { + "source": { + "directory": "asset.16624c2a162b07c5cc0e2c59c484f638bac238ca558ccbdc2aa0e0535df3e622" + }, + "destinations": { + "current_account-current_region": { + "repositoryName": "default-resources/ecr-asset", + "imageTag": "16624c2a162b07c5cc0e2c59c484f638bac238ca558ccbdc2aa0e0535df3e622", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-default-resources-image-role-${AWS::Region}" + } + } + }, + "ecr-asset-2-16624c2a162b07c5cc0e2c59c484f638bac238ca558ccbdc2aa0e0535df3e622": { + "source": { + "directory": "asset.16624c2a162b07c5cc0e2c59c484f638bac238ca558ccbdc2aa0e0535df3e622" + }, + "destinations": { + "current_account-current_region": { + "repositoryName": "default-resources/ecr-asset-2", + "imageTag": "16624c2a162b07c5cc0e2c59c484f638bac238ca558ccbdc2aa0e0535df3e622", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-default-resources-image-role-${AWS::Region}" + } + } + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/app-staging-synthesizer-alpha/test/integ.synth-default-resources.js.snapshot/synthesize-default-resources.template.json b/packages/@aws-cdk/app-staging-synthesizer-alpha/test/integ.synth-default-resources.js.snapshot/synthesize-default-resources.template.json new file mode 100644 index 0000000000000..05ac9636afd0b --- /dev/null +++ b/packages/@aws-cdk/app-staging-synthesizer-alpha/test/integ.synth-default-resources.js.snapshot/synthesize-default-resources.template.json @@ -0,0 +1,210 @@ +{ + "Resources": { + "lambdas3ServiceRoleC9EDE33A": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "ManagedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ] + ] + } + ] + } + }, + "lambdas342CE2BBD": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "S3Bucket": { + "Fn::Sub": "cdk-default-resources-staging-${AWS::AccountId}-${AWS::Region}" + }, + "S3Key": "68539effc3f7ad46fff9765606c2a01b7f7965833643ab37e62799f19a37f650.zip" + }, + "Role": { + "Fn::GetAtt": [ + "lambdas3ServiceRoleC9EDE33A", + "Arn" + ] + }, + "Handler": "index.handler", + "Runtime": "python3.10" + }, + "DependsOn": [ + "lambdas3ServiceRoleC9EDE33A" + ] + }, + "lambdaecr1ServiceRoleA6BBC49F": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "ManagedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ] + ] + } + ] + } + }, + "lambdaecr1B33A3D15": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "ImageUri": { + "Fn::Sub": "${AWS::AccountId}.dkr.ecr.${AWS::Region}.${AWS::URLSuffix}/default-resources/ecr-asset:16624c2a162b07c5cc0e2c59c484f638bac238ca558ccbdc2aa0e0535df3e622" + } + }, + "Role": { + "Fn::GetAtt": [ + "lambdaecr1ServiceRoleA6BBC49F", + "Arn" + ] + }, + "PackageType": "Image" + }, + "DependsOn": [ + "lambdaecr1ServiceRoleA6BBC49F" + ] + }, + "lambdaecr1copyServiceRole2A9FAF5F": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "ManagedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ] + ] + } + ] + } + }, + "lambdaecr1copyD39CDE9B": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "ImageUri": { + "Fn::Sub": "${AWS::AccountId}.dkr.ecr.${AWS::Region}.${AWS::URLSuffix}/default-resources/ecr-asset:16624c2a162b07c5cc0e2c59c484f638bac238ca558ccbdc2aa0e0535df3e622" + } + }, + "Role": { + "Fn::GetAtt": [ + "lambdaecr1copyServiceRole2A9FAF5F", + "Arn" + ] + }, + "PackageType": "Image" + }, + "DependsOn": [ + "lambdaecr1copyServiceRole2A9FAF5F" + ] + }, + "lambdaecr2ServiceRole2EA363D2": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "ManagedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ] + ] + } + ] + } + }, + "lambdaecr2615DAF68": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "ImageUri": { + "Fn::Sub": "${AWS::AccountId}.dkr.ecr.${AWS::Region}.${AWS::URLSuffix}/default-resources/ecr-asset-2:16624c2a162b07c5cc0e2c59c484f638bac238ca558ccbdc2aa0e0535df3e622" + } + }, + "Role": { + "Fn::GetAtt": [ + "lambdaecr2ServiceRole2EA363D2", + "Arn" + ] + }, + "PackageType": "Image" + }, + "DependsOn": [ + "lambdaecr2ServiceRole2EA363D2" + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/app-staging-synthesizer-alpha/test/integ.synth-default-resources.js.snapshot/tree.json b/packages/@aws-cdk/app-staging-synthesizer-alpha/test/integ.synth-default-resources.js.snapshot/tree.json new file mode 100644 index 0000000000000..4a76ae37e2e0d --- /dev/null +++ b/packages/@aws-cdk/app-staging-synthesizer-alpha/test/integ.synth-default-resources.js.snapshot/tree.json @@ -0,0 +1,1225 @@ +{ + "version": "tree-0.1", + "tree": { + "id": "App", + "path": "", + "children": { + "synthesize-default-resources": { + "id": "synthesize-default-resources", + "path": "synthesize-default-resources", + "children": { + "lambda-s3": { + "id": "lambda-s3", + "path": "synthesize-default-resources/lambda-s3", + "children": { + "ServiceRole": { + "id": "ServiceRole", + "path": "synthesize-default-resources/lambda-s3/ServiceRole", + "children": { + "ImportServiceRole": { + "id": "ImportServiceRole", + "path": "synthesize-default-resources/lambda-s3/ServiceRole/ImportServiceRole", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "synthesize-default-resources/lambda-s3/ServiceRole/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "managedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ] + ] + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "0.0.0" + } + }, + "Code": { + "id": "Code", + "path": "synthesize-default-resources/lambda-s3/Code", + "children": { + "Stage": { + "id": "Stage", + "path": "synthesize-default-resources/lambda-s3/Code/Stage", + "constructInfo": { + "fqn": "aws-cdk-lib.AssetStaging", + "version": "0.0.0" + } + }, + "AssetBucket": { + "id": "AssetBucket", + "path": "synthesize-default-resources/lambda-s3/Code/AssetBucket", + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3.BucketBase", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3_assets.Asset", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "synthesize-default-resources/lambda-s3/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Lambda::Function", + "aws:cdk:cloudformation:props": { + "code": { + "s3Bucket": { + "Fn::Sub": "cdk-default-resources-staging-${AWS::AccountId}-${AWS::Region}" + }, + "s3Key": "68539effc3f7ad46fff9765606c2a01b7f7965833643ab37e62799f19a37f650.zip" + }, + "role": { + "Fn::GetAtt": [ + "lambdas3ServiceRoleC9EDE33A", + "Arn" + ] + }, + "handler": "index.handler", + "runtime": "python3.10" + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_lambda.CfnFunction", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_lambda.Function", + "version": "0.0.0" + } + }, + "lambda-ecr-1": { + "id": "lambda-ecr-1", + "path": "synthesize-default-resources/lambda-ecr-1", + "children": { + "ServiceRole": { + "id": "ServiceRole", + "path": "synthesize-default-resources/lambda-ecr-1/ServiceRole", + "children": { + "ImportServiceRole": { + "id": "ImportServiceRole", + "path": "synthesize-default-resources/lambda-ecr-1/ServiceRole/ImportServiceRole", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "synthesize-default-resources/lambda-ecr-1/ServiceRole/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "managedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ] + ] + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "0.0.0" + } + }, + "AssetImage": { + "id": "AssetImage", + "path": "synthesize-default-resources/lambda-ecr-1/AssetImage", + "children": { + "Staging": { + "id": "Staging", + "path": "synthesize-default-resources/lambda-ecr-1/AssetImage/Staging", + "constructInfo": { + "fqn": "aws-cdk-lib.AssetStaging", + "version": "0.0.0" + } + }, + "Repository": { + "id": "Repository", + "path": "synthesize-default-resources/lambda-ecr-1/AssetImage/Repository", + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ecr.RepositoryBase", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ecr_assets.DockerImageAsset", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "synthesize-default-resources/lambda-ecr-1/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Lambda::Function", + "aws:cdk:cloudformation:props": { + "code": { + "imageUri": { + "Fn::Sub": "${AWS::AccountId}.dkr.ecr.${AWS::Region}.${AWS::URLSuffix}/default-resources/ecr-asset:16624c2a162b07c5cc0e2c59c484f638bac238ca558ccbdc2aa0e0535df3e622" + } + }, + "role": { + "Fn::GetAtt": [ + "lambdaecr1ServiceRoleA6BBC49F", + "Arn" + ] + }, + "packageType": "Image" + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_lambda.CfnFunction", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_lambda.Function", + "version": "0.0.0" + } + }, + "lambda-ecr-1-copy": { + "id": "lambda-ecr-1-copy", + "path": "synthesize-default-resources/lambda-ecr-1-copy", + "children": { + "ServiceRole": { + "id": "ServiceRole", + "path": "synthesize-default-resources/lambda-ecr-1-copy/ServiceRole", + "children": { + "ImportServiceRole": { + "id": "ImportServiceRole", + "path": "synthesize-default-resources/lambda-ecr-1-copy/ServiceRole/ImportServiceRole", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "synthesize-default-resources/lambda-ecr-1-copy/ServiceRole/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "managedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ] + ] + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "0.0.0" + } + }, + "AssetImage": { + "id": "AssetImage", + "path": "synthesize-default-resources/lambda-ecr-1-copy/AssetImage", + "children": { + "Staging": { + "id": "Staging", + "path": "synthesize-default-resources/lambda-ecr-1-copy/AssetImage/Staging", + "constructInfo": { + "fqn": "aws-cdk-lib.AssetStaging", + "version": "0.0.0" + } + }, + "Repository": { + "id": "Repository", + "path": "synthesize-default-resources/lambda-ecr-1-copy/AssetImage/Repository", + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ecr.RepositoryBase", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ecr_assets.DockerImageAsset", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "synthesize-default-resources/lambda-ecr-1-copy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Lambda::Function", + "aws:cdk:cloudformation:props": { + "code": { + "imageUri": { + "Fn::Sub": "${AWS::AccountId}.dkr.ecr.${AWS::Region}.${AWS::URLSuffix}/default-resources/ecr-asset:16624c2a162b07c5cc0e2c59c484f638bac238ca558ccbdc2aa0e0535df3e622" + } + }, + "role": { + "Fn::GetAtt": [ + "lambdaecr1copyServiceRole2A9FAF5F", + "Arn" + ] + }, + "packageType": "Image" + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_lambda.CfnFunction", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_lambda.Function", + "version": "0.0.0" + } + }, + "lambda-ecr-2": { + "id": "lambda-ecr-2", + "path": "synthesize-default-resources/lambda-ecr-2", + "children": { + "ServiceRole": { + "id": "ServiceRole", + "path": "synthesize-default-resources/lambda-ecr-2/ServiceRole", + "children": { + "ImportServiceRole": { + "id": "ImportServiceRole", + "path": "synthesize-default-resources/lambda-ecr-2/ServiceRole/ImportServiceRole", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "synthesize-default-resources/lambda-ecr-2/ServiceRole/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "managedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ] + ] + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "0.0.0" + } + }, + "AssetImage": { + "id": "AssetImage", + "path": "synthesize-default-resources/lambda-ecr-2/AssetImage", + "children": { + "Staging": { + "id": "Staging", + "path": "synthesize-default-resources/lambda-ecr-2/AssetImage/Staging", + "constructInfo": { + "fqn": "aws-cdk-lib.AssetStaging", + "version": "0.0.0" + } + }, + "Repository": { + "id": "Repository", + "path": "synthesize-default-resources/lambda-ecr-2/AssetImage/Repository", + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ecr.RepositoryBase", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ecr_assets.DockerImageAsset", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "synthesize-default-resources/lambda-ecr-2/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Lambda::Function", + "aws:cdk:cloudformation:props": { + "code": { + "imageUri": { + "Fn::Sub": "${AWS::AccountId}.dkr.ecr.${AWS::Region}.${AWS::URLSuffix}/default-resources/ecr-asset-2:16624c2a162b07c5cc0e2c59c484f638bac238ca558ccbdc2aa0e0535df3e622" + } + }, + "role": { + "Fn::GetAtt": [ + "lambdaecr2ServiceRole2EA363D2", + "Arn" + ] + }, + "packageType": "Image" + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_lambda.CfnFunction", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_lambda.Function", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + }, + "StagingStack-default-resources-ACCOUNT-REGION": { + "id": "StagingStack-default-resources-ACCOUNT-REGION", + "path": "StagingStack-default-resources-ACCOUNT-REGION", + "children": { + "CdkFileRole": { + "id": "CdkFileRole", + "path": "StagingStack-default-resources-ACCOUNT-REGION/CdkFileRole", + "children": { + "ImportCdkFileRole": { + "id": "ImportCdkFileRole", + "path": "StagingStack-default-resources-ACCOUNT-REGION/CdkFileRole/ImportCdkFileRole", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "StagingStack-default-resources-ACCOUNT-REGION/CdkFileRole/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" + ] + ] + } + } + } + ], + "Version": "2012-10-17" + }, + "roleName": { + "Fn::Join": [ + "", + [ + "cdk-default-resources-file-role-", + { + "Ref": "AWS::Region" + } + ] + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "0.0.0" + } + }, + "DefaultPolicy": { + "id": "DefaultPolicy", + "path": "StagingStack-default-resources-ACCOUNT-REGION/CdkFileRole/DefaultPolicy", + "children": { + "Resource": { + "id": "Resource", + "path": "StagingStack-default-resources-ACCOUNT-REGION/CdkFileRole/DefaultPolicy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Policy", + "aws:cdk:cloudformation:props": { + "policyDocument": { + "Statement": [ + { + "Action": [ + "s3:Abort*", + "s3:DeleteObject*", + "s3:GetBucket*", + "s3:GetObject*", + "s3:List*", + "s3:PutObject", + "s3:PutObjectLegalHold", + "s3:PutObjectRetention", + "s3:PutObjectTagging", + "s3:PutObjectVersionTagging" + ], + "Effect": "Allow", + "Resource": [ + { + "Fn::GetAtt": [ + "CdkStagingBucket1636058C", + "Arn" + ] + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "CdkStagingBucket1636058C", + "Arn" + ] + }, + "/*" + ] + ] + } + ] + }, + { + "Action": [ + "kms:Decrypt", + "kms:DescribeKey", + "kms:Encrypt", + "kms:GenerateDataKey*", + "kms:ReEncrypt*" + ], + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "BucketKey7092080A", + "Arn" + ] + } + } + ], + "Version": "2012-10-17" + }, + "policyName": "CdkFileRoleDefaultPolicy621C7E5B", + "roles": [ + { + "Ref": "CdkFileRoleE26CEABA" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Policy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "0.0.0" + } + }, + "BucketKey": { + "id": "BucketKey", + "path": "StagingStack-default-resources-ACCOUNT-REGION/BucketKey", + "children": { + "Resource": { + "id": "Resource", + "path": "StagingStack-default-resources-ACCOUNT-REGION/BucketKey/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::KMS::Key", + "aws:cdk:cloudformation:props": { + "keyPolicy": { + "Statement": [ + { + "Action": "kms:*", + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" + ] + ] + } + }, + "Resource": "*" + }, + { + "Action": [ + "kms:CancelKeyDeletion", + "kms:Create*", + "kms:Delete*", + "kms:Describe*", + "kms:Disable*", + "kms:Enable*", + "kms:Get*", + "kms:List*", + "kms:Put*", + "kms:Revoke*", + "kms:ScheduleKeyDeletion", + "kms:TagResource", + "kms:UntagResource", + "kms:Update*" + ], + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" + ] + ] + } + }, + "Resource": "*" + } + ], + "Version": "2012-10-17" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_kms.CfnKey", + "version": "0.0.0" + } + }, + "Alias": { + "id": "Alias", + "path": "StagingStack-default-resources-ACCOUNT-REGION/BucketKey/Alias", + "children": { + "Resource": { + "id": "Resource", + "path": "StagingStack-default-resources-ACCOUNT-REGION/BucketKey/Alias/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::KMS::Alias", + "aws:cdk:cloudformation:props": { + "aliasName": "alias/cdk-default-resources-staging", + "targetKeyId": { + "Fn::GetAtt": [ + "BucketKey7092080A", + "Arn" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_kms.CfnAlias", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_kms.Alias", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_kms.Key", + "version": "0.0.0" + } + }, + "CdkStagingBucket": { + "id": "CdkStagingBucket", + "path": "StagingStack-default-resources-ACCOUNT-REGION/CdkStagingBucket", + "children": { + "Resource": { + "id": "Resource", + "path": "StagingStack-default-resources-ACCOUNT-REGION/CdkStagingBucket/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::S3::Bucket", + "aws:cdk:cloudformation:props": { + "bucketEncryption": { + "serverSideEncryptionConfiguration": [ + { + "serverSideEncryptionByDefault": { + "sseAlgorithm": "aws:kms", + "kmsMasterKeyId": { + "Fn::GetAtt": [ + "BucketKey7092080A", + "Arn" + ] + } + } + } + ] + }, + "bucketName": { + "Fn::Join": [ + "", + [ + "cdk-default-resources-staging-", + { + "Ref": "AWS::AccountId" + }, + "-", + { + "Ref": "AWS::Region" + } + ] + ] + }, + "lifecycleConfiguration": { + "rules": [ + { + "noncurrentVersionExpiration": { + "noncurrentDays": 365 + }, + "status": "Enabled" + }, + { + "expirationInDays": 30, + "prefix": "deploy-time/", + "status": "Enabled" + } + ] + }, + "versioningConfiguration": { + "status": "Enabled" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3.CfnBucket", + "version": "0.0.0" + } + }, + "Policy": { + "id": "Policy", + "path": "StagingStack-default-resources-ACCOUNT-REGION/CdkStagingBucket/Policy", + "children": { + "Resource": { + "id": "Resource", + "path": "StagingStack-default-resources-ACCOUNT-REGION/CdkStagingBucket/Policy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::S3::BucketPolicy", + "aws:cdk:cloudformation:props": { + "bucket": { + "Ref": "CdkStagingBucket1636058C" + }, + "policyDocument": { + "Statement": [ + { + "Action": "s3:*", + "Condition": { + "Bool": { + "aws:SecureTransport": "false" + } + }, + "Effect": "Deny", + "Principal": { + "AWS": "*" + }, + "Resource": [ + { + "Fn::GetAtt": [ + "CdkStagingBucket1636058C", + "Arn" + ] + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "CdkStagingBucket1636058C", + "Arn" + ] + }, + "/*" + ] + ] + } + ] + }, + { + "Action": [ + "s3:GetBucket*", + "s3:GetObject*", + "s3:List*" + ], + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":role/cdk-hnb659fds-deploy-role-", + { + "Ref": "AWS::AccountId" + }, + "-", + { + "Ref": "AWS::Region" + } + ] + ] + } + }, + "Resource": [ + { + "Fn::GetAtt": [ + "CdkStagingBucket1636058C", + "Arn" + ] + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "CdkStagingBucket1636058C", + "Arn" + ] + }, + "/*" + ] + ] + } + ] + } + ], + "Version": "2012-10-17" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3.CfnBucketPolicy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3.BucketPolicy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3.Bucket", + "version": "0.0.0" + } + }, + "CdkImageRole": { + "id": "CdkImageRole", + "path": "StagingStack-default-resources-ACCOUNT-REGION/CdkImageRole", + "children": { + "ImportCdkImageRole": { + "id": "ImportCdkImageRole", + "path": "StagingStack-default-resources-ACCOUNT-REGION/CdkImageRole/ImportCdkImageRole", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "StagingStack-default-resources-ACCOUNT-REGION/CdkImageRole/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" + ] + ] + } + } + } + ], + "Version": "2012-10-17" + }, + "roleName": { + "Fn::Join": [ + "", + [ + "cdk-default-resources-image-role-", + { + "Ref": "AWS::Region" + } + ] + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "0.0.0" + } + }, + "DefaultPolicy": { + "id": "DefaultPolicy", + "path": "StagingStack-default-resources-ACCOUNT-REGION/CdkImageRole/DefaultPolicy", + "children": { + "Resource": { + "id": "Resource", + "path": "StagingStack-default-resources-ACCOUNT-REGION/CdkImageRole/DefaultPolicy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Policy", + "aws:cdk:cloudformation:props": { + "policyDocument": { + "Statement": [ + { + "Action": [ + "ecr:BatchCheckLayerAvailability", + "ecr:BatchGetImage", + "ecr:CompleteLayerUpload", + "ecr:DescribeImages", + "ecr:DescribeRepositories", + "ecr:GetDownloadUrlForLayer", + "ecr:InitiateLayerUpload", + "ecr:PutImage", + "ecr:UploadLayerPart" + ], + "Effect": "Allow", + "Resource": [ + { + "Fn::GetAtt": [ + "defaultresourcesecrasset2FBE6B8A9", + "Arn" + ] + }, + { + "Fn::GetAtt": [ + "defaultresourcesecrasset9191BD6E", + "Arn" + ] + } + ] + }, + { + "Action": "ecr:GetAuthorizationToken", + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "policyName": "CdkImageRoleDefaultPolicy4A1572DE", + "roles": [ + { + "Ref": "CdkImageRoleF1394AC3" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Policy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "0.0.0" + } + }, + "default-resources--ecr-asset": { + "id": "default-resources--ecr-asset", + "path": "StagingStack-default-resources-ACCOUNT-REGION/default-resources--ecr-asset", + "children": { + "Resource": { + "id": "Resource", + "path": "StagingStack-default-resources-ACCOUNT-REGION/default-resources--ecr-asset/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::ECR::Repository", + "aws:cdk:cloudformation:props": { + "lifecyclePolicy": { + "lifecyclePolicyText": "{\"rules\":[{\"rulePriority\":1,\"description\":\"Garbage collect old image versions and keep the specified number of latest versions\",\"selection\":{\"tagStatus\":\"any\",\"countType\":\"imageCountMoreThan\",\"countNumber\":3},\"action\":{\"type\":\"expire\"}}]}" + }, + "repositoryName": "default-resources/ecr-asset" + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ecr.CfnRepository", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ecr.Repository", + "version": "0.0.0" + } + }, + "default-resources--ecr-asset-2": { + "id": "default-resources--ecr-asset-2", + "path": "StagingStack-default-resources-ACCOUNT-REGION/default-resources--ecr-asset-2", + "children": { + "Resource": { + "id": "Resource", + "path": "StagingStack-default-resources-ACCOUNT-REGION/default-resources--ecr-asset-2/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::ECR::Repository", + "aws:cdk:cloudformation:props": { + "lifecyclePolicy": { + "lifecyclePolicyText": "{\"rules\":[{\"rulePriority\":1,\"description\":\"Garbage collect old image versions and keep the specified number of latest versions\",\"selection\":{\"tagStatus\":\"any\",\"countType\":\"imageCountMoreThan\",\"countNumber\":3},\"action\":{\"type\":\"expire\"}}]}" + }, + "repositoryName": "default-resources/ecr-asset-2" + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ecr.CfnRepository", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ecr.Repository", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/app-staging-synthesizer-alpha.DefaultStagingStack", + "version": "0.0.0" + } + }, + "integ-tests": { + "id": "integ-tests", + "path": "integ-tests", + "children": { + "DefaultTest": { + "id": "DefaultTest", + "path": "integ-tests/DefaultTest", + "children": { + "Default": { + "id": "Default", + "path": "integ-tests/DefaultTest/Default", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.2.26" + } + }, + "DeployAssert": { + "id": "DeployAssert", + "path": "integ-tests/DefaultTest/DeployAssert", + "children": { + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "integ-tests/DefaultTest/DeployAssert/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "integ-tests/DefaultTest/DeployAssert/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTestCase", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTest", + "version": "0.0.0" + } + }, + "Tree": { + "id": "Tree", + "path": "Tree", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.2.26" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.App", + "version": "0.0.0" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/app-staging-synthesizer-alpha/test/integ.synth-default-resources.ts b/packages/@aws-cdk/app-staging-synthesizer-alpha/test/integ.synth-default-resources.ts new file mode 100644 index 0000000000000..e8f9aa1e27682 --- /dev/null +++ b/packages/@aws-cdk/app-staging-synthesizer-alpha/test/integ.synth-default-resources.ts @@ -0,0 +1,51 @@ +import * as path from 'path'; +import * as integ from '@aws-cdk/integ-tests-alpha'; +import { App, Stack } from 'aws-cdk-lib'; +import * as lambda from 'aws-cdk-lib/aws-lambda'; +import { AppStagingSynthesizer } from '../lib'; + +const app = new App(); + +const stack = new Stack(app, 'synthesize-default-resources', { + synthesizer: AppStagingSynthesizer.defaultResources({ + appId: 'default-resources', + }), +}); + +new lambda.Function(stack, 'lambda-s3', { + code: lambda.AssetCode.fromAsset(path.join(__dirname, 'assets')), + handler: 'index.handler', + runtime: lambda.Runtime.PYTHON_3_10, +}); + +new lambda.Function(stack, 'lambda-ecr-1', { + code: lambda.EcrImageCode.fromAssetImage(path.join(__dirname, 'assets'), { + assetName: 'ecr-asset', + }), + handler: lambda.Handler.FROM_IMAGE, + runtime: lambda.Runtime.FROM_IMAGE, +}); + +// This lambda will share the same published asset as lambda-ecr-1 +new lambda.Function(stack, 'lambda-ecr-1-copy', { + code: lambda.EcrImageCode.fromAssetImage(path.join(__dirname, 'assets'), { + assetName: 'ecr-asset', + }), + handler: lambda.Handler.FROM_IMAGE, + runtime: lambda.Runtime.FROM_IMAGE, +}); + +// This lambda will use a different published asset as lambda-ecr-1 +new lambda.Function(stack, 'lambda-ecr-2', { + code: lambda.EcrImageCode.fromAssetImage(path.join(__dirname, 'assets'), { + assetName: 'ecr-asset-2', + }), + handler: lambda.Handler.FROM_IMAGE, + runtime: lambda.Runtime.FROM_IMAGE, +}); + +new integ.IntegTest(app, 'integ-tests', { + testCases: [stack], +}); + +app.synth(); diff --git a/packages/@aws-cdk/app-staging-synthesizer-alpha/test/per-env-staging-factory.test.ts b/packages/@aws-cdk/app-staging-synthesizer-alpha/test/per-env-staging-factory.test.ts new file mode 100644 index 0000000000000..a5001aaa9f2f4 --- /dev/null +++ b/packages/@aws-cdk/app-staging-synthesizer-alpha/test/per-env-staging-factory.test.ts @@ -0,0 +1,79 @@ +import { App, Stack } from 'aws-cdk-lib'; +import { APP_ID } from './util'; +import { AppStagingSynthesizer } from '../lib'; + +describe('per environment cache', () => { + test('same app, same env', () => { + // GIVEN + const app = new App({ + defaultStackSynthesizer: AppStagingSynthesizer.defaultResources({ + appId: APP_ID, + }), + }); + new Stack(app, 'Stack1', { + env: { + account: '000000000000', + region: 'us-east-1', + }, + }); + new Stack(app, 'Stack2', { + env: { + account: '000000000000', + region: 'us-east-1', + }, + }); + + // THEN + // stacks share the same staging resources + const asm = app.synth(); + expect(asm.stacks.length).toEqual(3); + const stagingResources = asm.stacks.filter((s) => s.displayName.startsWith('StagingStack')); + expect(stagingResources.length).toEqual(1); + }); + + test('same app, different envs', () => { + // GIVEN + const app = new App({ + defaultStackSynthesizer: AppStagingSynthesizer.defaultResources({ + appId: APP_ID, + }), + }); + new Stack(app, 'Stack1', { + env: { + account: '000000000000', + region: 'us-east-1', + }, + }); + new Stack(app, 'Stack2', { + env: { + account: '000000000000', + region: 'us-west-2', + }, + }); + + // THEN + // separate stacks for staging resources + const asm = app.synth(); + expect(asm.stacks.length).toEqual(4); + const stagingResources = asm.stacks.filter((s) => s.displayName.startsWith('StagingStack')); + expect(stagingResources.length).toEqual(2); + }); + + test('apps must be gnostic', () => { + // GIVEN + const app = new App({ + defaultStackSynthesizer: AppStagingSynthesizer.defaultResources({ + appId: APP_ID, + }), + }); + new Stack(app, 'Stack1', { + env: { + account: '000000000000', + region: 'us-east-1', + }, + }); + + // THEN + expect(() => new Stack(app, 'Stack2')).toThrowError(/It is not safe to use AppStagingSynthesizer for both environment-agnostic and environment-aware stacks at the same time./); + }); +}); diff --git a/packages/@aws-cdk/app-staging-synthesizer-alpha/test/util.ts b/packages/@aws-cdk/app-staging-synthesizer-alpha/test/util.ts new file mode 100644 index 0000000000000..b90fbbe98b7e7 --- /dev/null +++ b/packages/@aws-cdk/app-staging-synthesizer-alpha/test/util.ts @@ -0,0 +1,16 @@ +import * as cxapi from 'aws-cdk-lib/cx-api'; + +export const CFN_CONTEXT = { + 'AWS::Region': 'the_region', + 'AWS::AccountId': 'the_account', + 'AWS::URLSuffix': 'domain.aws', +}; +export const APP_ID = 'appid'; + +export function isAssetManifest(x: cxapi.CloudArtifact): x is cxapi.AssetManifestArtifact { + return x instanceof cxapi.AssetManifestArtifact; +} + +export function last(xs?: A[]): A | undefined { + return xs ? xs[xs.length - 1] : undefined; +} diff --git a/packages/aws-cdk-lib/aws-ecr-assets/lib/image-asset.ts b/packages/aws-cdk-lib/aws-ecr-assets/lib/image-asset.ts index 3ca82c7194cb8..a626c596c814a 100644 --- a/packages/aws-cdk-lib/aws-ecr-assets/lib/image-asset.ts +++ b/packages/aws-cdk-lib/aws-ecr-assets/lib/image-asset.ts @@ -266,6 +266,14 @@ export interface DockerImageAssetOptions extends FingerprintOptions, FileFingerp */ readonly outputs?: string[]; + /** + * Unique identifier of the docker image asset and its potential revisions. + * Required if using AppScopedStagingSynthesizer. + * + * @default - no asset name + */ + readonly assetName?: string; + /** * Cache from options to pass to the `docker build` command. * @@ -361,6 +369,14 @@ export class DockerImageAsset extends Construct implements IAsset { */ private readonly dockerOutputs?: string[]; + /** + * Unique identifier of the docker image asset and its potential revisions. + * Required if using AppScopedStagingSynthesizer. + * + * @default - no asset name + */ + private readonly assetName?: string; + /** * Cache from options to pass to the `docker build` command. */ @@ -453,11 +469,12 @@ export class DockerImageAsset extends Construct implements IAsset { : JSON.stringify(extraHash), }); - this.sourceHash = staging.assetHash; this.assetHash = staging.assetHash; + this.sourceHash = this.assetHash; const stack = Stack.of(this); this.assetPath = staging.relativeStagedPath(stack); + this.assetName = props.assetName; this.dockerBuildArgs = props.buildArgs; this.dockerBuildSecrets = props.buildSecrets; this.dockerBuildTarget = props.target; @@ -467,6 +484,7 @@ export class DockerImageAsset extends Construct implements IAsset { const location = stack.synthesizer.addDockerImageAsset({ directoryName: this.assetPath, + assetName: this.assetName, dockerBuildArgs: this.dockerBuildArgs, dockerBuildSecrets: this.dockerBuildSecrets, dockerBuildTarget: this.dockerBuildTarget, diff --git a/packages/aws-cdk-lib/aws-s3-assets/lib/asset.ts b/packages/aws-cdk-lib/aws-s3-assets/lib/asset.ts index a5b5f58e38d12..d20059505d674 100644 --- a/packages/aws-cdk-lib/aws-s3-assets/lib/asset.ts +++ b/packages/aws-cdk-lib/aws-s3-assets/lib/asset.ts @@ -34,6 +34,21 @@ export interface AssetOptions extends CopyOptions, cdk.FileCopyOptions, cdk.Asse * @deprecated see `assetHash` and `assetHashType` */ readonly sourceHash?: string; + + /** + * Whether or not the asset needs to exist beyond deployment time; i.e. + * are copied over to a different location and not needed afterwards. + * Setting this property to true has an impact on the lifecycle of the asset, + * because we will assume that it is safe to delete after the CloudFormation + * deployment succeeds. + * + * For example, Lambda Function assets are copied over to Lambda during + * deployment. Therefore, it is not necessary to store the asset in S3, so + * we consider those deployTime assets. + * + * @default false + */ + readonly deployTime?: boolean; } export interface AssetProps extends AssetOptions { @@ -147,6 +162,7 @@ export class Asset extends Construct implements cdk.IAsset { packaging: staging.packaging, sourceHash: this.sourceHash, fileName: this.assetPath, + deployTime: props.deployTime, }); this.s3BucketName = location.bucketName; diff --git a/packages/aws-cdk-lib/core/lib/assets.ts b/packages/aws-cdk-lib/core/lib/assets.ts index 99c9202b968ca..d4243b6f7a7b7 100644 --- a/packages/aws-cdk-lib/core/lib/assets.ts +++ b/packages/aws-cdk-lib/core/lib/assets.ts @@ -131,6 +131,21 @@ export interface FileAssetSource { * @default - Required if `fileName` is specified. */ readonly packaging?: FileAssetPackaging; + + /** + * Whether or not the asset needs to exist beyond deployment time; i.e. + * are copied over to a different location and not needed afterwards. + * Setting this property to true has an impact on the lifecycle of the asset, + * because we will assume that it is safe to delete after the CloudFormation + * deployment succeeds. + * + * For example, Lambda Function assets are copied over to Lambda during + * deployment. Therefore, it is not necessary to store the asset in S3, so + * we consider those deployTime assets. + * + * @default false + */ + readonly deployTime?: boolean; } export interface DockerImageAssetSource { @@ -242,18 +257,27 @@ export interface DockerImageAssetSource { */ readonly dockerOutputs?: string[]; + /** + * Unique identifier of the docker image asset and its potential revisions. + * Required if using AppScopedStagingSynthesizer. + * + * @default - no asset name + */ + readonly assetName?: string; + /** * Cache from options to pass to the `docker build` command. + * * @default - no cache from args are passed */ readonly dockerCacheFrom?: DockerCacheOption[]; /** * Cache to options to pass to the `docker build` command. + * * @default - no cache to args are passed */ readonly dockerCacheTo?: DockerCacheOption; - } /** diff --git a/packages/aws-cdk-lib/core/lib/helpers-internal/index.ts b/packages/aws-cdk-lib/core/lib/helpers-internal/index.ts index 9a36222b224cf..bc3f28e0107bb 100644 --- a/packages/aws-cdk-lib/core/lib/helpers-internal/index.ts +++ b/packages/aws-cdk-lib/core/lib/helpers-internal/index.ts @@ -2,3 +2,4 @@ export * from './cfn-parse'; // Other libraries are going to need this as well export { md5hash } from '../private/md5'; export * from './customize-roles'; +export * from './string-specializer'; \ No newline at end of file diff --git a/packages/aws-cdk-lib/core/lib/helpers-internal/string-specializer.ts b/packages/aws-cdk-lib/core/lib/helpers-internal/string-specializer.ts new file mode 100644 index 0000000000000..052cd2dafcd8a --- /dev/null +++ b/packages/aws-cdk-lib/core/lib/helpers-internal/string-specializer.ts @@ -0,0 +1,93 @@ +import * as cxapi from '../../../cx-api'; +import { Aws } from '../cfn-pseudo'; +import { Stack } from '../stack'; +import { Token } from '../token'; + +/** + * A "replace-all" function that doesn't require us escaping a literal string to a regex + */ +function replaceAll(s: string, search: string, replace: string) { + return s.split(search).join(replace); +} + +export class StringSpecializer { + /** + * Validate that the given string does not contain tokens + */ + public static validateNoTokens(s: string, what: string) { + if (Token.isUnresolved(s)) { + throw new Error(`${what} may not contain tokens; only the following literal placeholder strings are allowed: ` + [ + '${Qualifier}', + cxapi.EnvironmentPlaceholders.CURRENT_REGION, + cxapi.EnvironmentPlaceholders.CURRENT_ACCOUNT, + cxapi.EnvironmentPlaceholders.CURRENT_PARTITION, + ].join(', ') + `. Got: ${s}`); + } + } + + constructor(private readonly stack: Stack, private readonly qualifier: string) { } + + /** + * Function to replace placeholders in the input string as much as possible + * + * We replace: + * - ${Qualifier}: always + * - ${AWS::AccountId}, ${AWS::Region}: only if we have the actual values available + * - ${AWS::Partition}: never, since we never have the actual partition value. + */ + public specialize(s: string): string { + s = replaceAll(s, '${Qualifier}', this.qualifier); + return cxapi.EnvironmentPlaceholders.replace(s, { + region: resolvedOr(this.stack.region, cxapi.EnvironmentPlaceholders.CURRENT_REGION), + accountId: resolvedOr(this.stack.account, cxapi.EnvironmentPlaceholders.CURRENT_ACCOUNT), + partition: cxapi.EnvironmentPlaceholders.CURRENT_PARTITION, + }); + } + + /** + * Specialize the given string, make sure it doesn't contain tokens + */ + public specializeNoTokens(s: string, what: string): string { + StringSpecializer.validateNoTokens(s, what); + return this.specialize(s); + } + + /** + * Specialize only the qualifier + */ + public qualifierOnly(s: string): string { + return replaceAll(s, '${Qualifier}', this.qualifier); + } +} + +/** + * Return the given value if resolved or fall back to a default + */ +export function resolvedOr(x: string, def: A): string | A { + return Token.isUnresolved(x) ? def : x; +} + +const ASSET_TOKENS = ['${AWS::Partition}', '${AWS::Region}', '${AWS::AccountId}']; +const CFN_TOKENS = [Aws.PARTITION, Aws.REGION, Aws.ACCOUNT_ID]; + +/** + * Replaces CloudFormation Tokens (i.e. 'Aws.PARTITION') with corresponding + * Asset Tokens (i.e. '${AWS::Partition}'). + */ +export function translateCfnTokenToAssetToken(arn: string) { + for (let i = 0; i < CFN_TOKENS.length; i++) { + arn = replaceAll(arn, CFN_TOKENS[i], ASSET_TOKENS[i]); + } + return arn; +} + +/** + * Replaces Asset Tokens (i.e. '${AWS::Partition}') with corresponding + * CloudFormation Tokens (i.e. 'Aws.PARTITION'). + */ +export function translateAssetTokenToCfnToken(arn: string) { + for (let i = 0; i < ASSET_TOKENS.length; i++) { + arn = replaceAll(arn, ASSET_TOKENS[i], CFN_TOKENS[i]); + } + return arn; +} diff --git a/packages/aws-cdk-lib/core/lib/stack-synthesizers/_shared.ts b/packages/aws-cdk-lib/core/lib/stack-synthesizers/_shared.ts index a9c882dcb1fa1..1017f172a850e 100644 --- a/packages/aws-cdk-lib/core/lib/stack-synthesizers/_shared.ts +++ b/packages/aws-cdk-lib/core/lib/stack-synthesizers/_shared.ts @@ -2,9 +2,7 @@ import * as crypto from 'crypto'; import { Node, IConstruct } from 'constructs'; import { ISynthesisSession } from './types'; import * as cxschema from '../../../cloud-assembly-schema'; -import * as cxapi from '../../../cx-api'; import { Stack } from '../stack'; -import { Token } from '../token'; /** * Shared logic of writing stack artifact to the Cloud Assembly @@ -126,46 +124,3 @@ export function assertBound(x: A | undefined): asserts x is NonNullable { function nonEmptyDict(xs: Record) { return Object.keys(xs).length > 0 ? xs : undefined; } - -/** - * A "replace-all" function that doesn't require us escaping a literal string to a regex - */ -function replaceAll(s: string, search: string, replace: string) { - return s.split(search).join(replace); -} - -export class StringSpecializer { - constructor(private readonly stack: Stack, private readonly qualifier: string) { - } - - /** - * Function to replace placeholders in the input string as much as possible - * - * We replace: - * - ${Qualifier}: always - * - ${AWS::AccountId}, ${AWS::Region}: only if we have the actual values available - * - ${AWS::Partition}: never, since we never have the actual partition value. - */ - public specialize(s: string): string { - s = replaceAll(s, '${Qualifier}', this.qualifier); - return cxapi.EnvironmentPlaceholders.replace(s, { - region: resolvedOr(this.stack.region, cxapi.EnvironmentPlaceholders.CURRENT_REGION), - accountId: resolvedOr(this.stack.account, cxapi.EnvironmentPlaceholders.CURRENT_ACCOUNT), - partition: cxapi.EnvironmentPlaceholders.CURRENT_PARTITION, - }); - } - - /** - * Specialize only the qualifier - */ - public qualifierOnly(s: string): string { - return replaceAll(s, '${Qualifier}', this.qualifier); - } -} - -/** - * Return the given value if resolved or fall back to a default - */ -export function resolvedOr(x: string, def: A): string | A { - return Token.isUnresolved(x) ? def : x; -} diff --git a/packages/aws-cdk-lib/core/lib/stack-synthesizers/asset-manifest-builder.ts b/packages/aws-cdk-lib/core/lib/stack-synthesizers/asset-manifest-builder.ts index da10ef7e247d0..4ad800e23ba88 100644 --- a/packages/aws-cdk-lib/core/lib/stack-synthesizers/asset-manifest-builder.ts +++ b/packages/aws-cdk-lib/core/lib/stack-synthesizers/asset-manifest-builder.ts @@ -1,9 +1,9 @@ import * as fs from 'fs'; import * as path from 'path'; -import { resolvedOr } from './_shared'; import { ISynthesisSession } from './types'; import * as cxschema from '../../../cloud-assembly-schema'; import { FileAssetSource, FileAssetPackaging, DockerImageAssetSource } from '../assets'; +import { resolvedOr } from '../helpers-internal/string-specializer'; import { Stack } from '../stack'; /** @@ -61,7 +61,8 @@ export class AssetManifestBuilder { const imageTag = `${target.dockerTagPrefix ?? ''}${asset.sourceHash}`; // Add to manifest - return this.addDockerImageAsset(stack, asset.sourceHash, { + const sourceHash = asset.assetName ? `${asset.assetName}-${asset.sourceHash}` : asset.sourceHash; + return this.addDockerImageAsset(stack, sourceHash, { executable: asset.executable, directory: asset.directoryName, dockerBuildArgs: asset.dockerBuildArgs, @@ -131,6 +132,7 @@ export class AssetManifestBuilder { stack: Stack, session: ISynthesisSession, options: cxschema.AssetManifestOptions = {}, + dependencies: string[] = [], ): string { const artifactId = `${stack.artifactId}.assets`; const manifestFile = `${artifactId}.json`; @@ -150,6 +152,7 @@ export class AssetManifestBuilder { file: manifestFile, ...options, }, + dependencies: dependencies.length > 0 ? dependencies : undefined, }); return artifactId; diff --git a/packages/aws-cdk-lib/core/lib/stack-synthesizers/bootstrapless-synthesizer.ts b/packages/aws-cdk-lib/core/lib/stack-synthesizers/bootstrapless-synthesizer.ts index ac1095c81f4ee..f9d949ff712b6 100644 --- a/packages/aws-cdk-lib/core/lib/stack-synthesizers/bootstrapless-synthesizer.ts +++ b/packages/aws-cdk-lib/core/lib/stack-synthesizers/bootstrapless-synthesizer.ts @@ -41,7 +41,7 @@ export interface BootstraplessSynthesizerProps { * synthesizer directly. */ export class BootstraplessSynthesizer extends DefaultStackSynthesizer { - constructor(props: BootstraplessSynthesizerProps) { + constructor(props: BootstraplessSynthesizerProps = {}) { super({ deployRoleArn: props.deployRoleArn, cloudFormationExecutionRole: props.cloudFormationExecutionRoleArn, diff --git a/packages/aws-cdk-lib/core/lib/stack-synthesizers/cli-credentials-synthesizer.ts b/packages/aws-cdk-lib/core/lib/stack-synthesizers/cli-credentials-synthesizer.ts index d56604a35f21c..982530c851296 100644 --- a/packages/aws-cdk-lib/core/lib/stack-synthesizers/cli-credentials-synthesizer.ts +++ b/packages/aws-cdk-lib/core/lib/stack-synthesizers/cli-credentials-synthesizer.ts @@ -1,10 +1,11 @@ -import { assertBound, StringSpecializer } from './_shared'; +import { assertBound } from './_shared'; import { AssetManifestBuilder } from './asset-manifest-builder'; import { BOOTSTRAP_QUALIFIER_CONTEXT, DefaultStackSynthesizer } from './default-synthesizer'; import { StackSynthesizer } from './stack-synthesizer'; import { ISynthesisSession, IReusableStackSynthesizer, IBoundStackSynthesizer } from './types'; import * as cxapi from '../../../cx-api'; import { DockerImageAssetLocation, DockerImageAssetSource, FileAssetLocation, FileAssetSource } from '../assets'; +import { StringSpecializer } from '../helpers-internal/string-specializer'; import { Stack } from '../stack'; import { Token } from '../token'; diff --git a/packages/aws-cdk-lib/core/lib/stack-synthesizers/default-synthesizer.ts b/packages/aws-cdk-lib/core/lib/stack-synthesizers/default-synthesizer.ts index 7140b7bffbfa5..2bfc7f6989a21 100644 --- a/packages/aws-cdk-lib/core/lib/stack-synthesizers/default-synthesizer.ts +++ b/packages/aws-cdk-lib/core/lib/stack-synthesizers/default-synthesizer.ts @@ -1,9 +1,10 @@ -import { assertBound, StringSpecializer } from './_shared'; +import { assertBound } from './_shared'; import { AssetManifestBuilder } from './asset-manifest-builder'; import { StackSynthesizer } from './stack-synthesizer'; import { ISynthesisSession, IReusableStackSynthesizer, IBoundStackSynthesizer } from './types'; import * as cxapi from '../../../cx-api'; import { DockerImageAssetLocation, DockerImageAssetSource, FileAssetLocation, FileAssetSource } from '../assets'; +import { StringSpecializer } from '../helpers-internal/string-specializer'; import { Stack } from '../stack'; import { Token } from '../token'; diff --git a/packages/aws-cdk-lib/core/lib/stack-synthesizers/stack-synthesizer.ts b/packages/aws-cdk-lib/core/lib/stack-synthesizers/stack-synthesizer.ts index 444643eb04ff3..f8d5bb30ef344 100644 --- a/packages/aws-cdk-lib/core/lib/stack-synthesizers/stack-synthesizer.ts +++ b/packages/aws-cdk-lib/core/lib/stack-synthesizers/stack-synthesizer.ts @@ -1,6 +1,6 @@ import * as fs from 'fs'; import * as path from 'path'; -import { addStackArtifactToAssembly, contentHash, resolvedOr } from './_shared'; +import { addStackArtifactToAssembly, contentHash } from './_shared'; import { IStackSynthesizer, ISynthesisSession } from './types'; import * as cxschema from '../../../cloud-assembly-schema'; import * as cxapi from '../../../cx-api'; @@ -8,6 +8,7 @@ import { DockerImageAssetLocation, DockerImageAssetSource, FileAssetLocation, Fi import { Fn } from '../cfn-fn'; import { CfnParameter } from '../cfn-parameter'; import { CfnRule } from '../cfn-rule'; +import { resolvedOr } from '../helpers-internal/string-specializer'; import { Stack } from '../stack'; /** @@ -291,6 +292,7 @@ function stackTemplateFileAsset(stack: Stack, session: ISynthesisSession): FileA fileName: stack.templateFile, packaging: FileAssetPackaging.FILE, sourceHash, + deployTime: true, }; } diff --git a/packages/aws-cdk-lib/core/lib/stack.ts b/packages/aws-cdk-lib/core/lib/stack.ts index cb25807207a07..113c4ccd2bc9e 100644 --- a/packages/aws-cdk-lib/core/lib/stack.ts +++ b/packages/aws-cdk-lib/core/lib/stack.ts @@ -1726,7 +1726,7 @@ import { Names } from './names'; import { Reference } from './reference'; import { IResolvable } from './resolvable'; import { DefaultStackSynthesizer, IStackSynthesizer, ISynthesisSession, LegacyStackSynthesizer, BOOTSTRAP_QUALIFIER_CONTEXT, isReusableStackSynthesizer } from './stack-synthesizers'; -import { StringSpecializer } from './stack-synthesizers/_shared'; +import { StringSpecializer } from './helpers-internal/string-specializer'; import { Stage } from './stage'; import { ITaggable, TagManager } from './tag-manager'; import { Token, Tokenization } from './token'; diff --git a/packages/aws-cdk-lib/core/test/helpers-internal/string-specializer.test.ts b/packages/aws-cdk-lib/core/test/helpers-internal/string-specializer.test.ts new file mode 100644 index 0000000000000..382b3d268b148 --- /dev/null +++ b/packages/aws-cdk-lib/core/test/helpers-internal/string-specializer.test.ts @@ -0,0 +1,15 @@ +import { Aws } from '../../lib'; +import { translateAssetTokenToCfnToken, translateCfnTokenToAssetToken } from '../../lib/helpers-internal'; + +describe('translations between token kinds', () => { + const CfnTokenArn = `arn:${Aws.PARTITION}:resource:${Aws.REGION}:${Aws.ACCOUNT_ID}:name`; + const AssetTokenArn = 'arn:${AWS::Partition}:resource:${AWS::Region}:${AWS::AccountId}:name'; + + test('translateAssetTokenToCfnToken', () => { + expect(translateAssetTokenToCfnToken(AssetTokenArn)).toEqual(CfnTokenArn); + }); + + test('translateCfnTokenToAssetToken', () => { + expect(translateCfnTokenToAssetToken(CfnTokenArn)).toEqual(AssetTokenArn); + }); +}); \ No newline at end of file diff --git a/packages/aws-cdk/lib/api/aws-auth/sdk-provider.ts b/packages/aws-cdk/lib/api/aws-auth/sdk-provider.ts index e77fefa61083b..9eeebb0347c8d 100644 --- a/packages/aws-cdk/lib/api/aws-auth/sdk-provider.ts +++ b/packages/aws-cdk/lib/api/aws-auth/sdk-provider.ts @@ -174,6 +174,7 @@ export class SdkProvider { environment: cxapi.Environment, mode: Mode, options?: CredentialsOptions, + quiet = false, ): Promise { const env = await this.resolveEnvironment(environment); @@ -213,7 +214,8 @@ export class SdkProvider { // but if we can't then let's just try with available credentials anyway. if (baseCreds.source === 'correctDefault' || baseCreds.source === 'plugin') { debug(e.message); - warning(`${fmtObtainedCredentials(baseCreds)} could not be used to assume '${options.assumeRoleArn}', but are for the right account. Proceeding anyway.`); + const logger = quiet ? debug : warning; + logger(`${fmtObtainedCredentials(baseCreds)} could not be used to assume '${options.assumeRoleArn}', but are for the right account. Proceeding anyway.`); return { sdk: new SDK(baseCreds.credentials, env.region, this.sdkOptions), didAssumeRole: false }; } diff --git a/packages/aws-cdk/lib/util/asset-publishing.ts b/packages/aws-cdk/lib/util/asset-publishing.ts index c94c9bab94a94..7b4c4f943d9ff 100644 --- a/packages/aws-cdk/lib/util/asset-publishing.ts +++ b/packages/aws-cdk/lib/util/asset-publishing.ts @@ -169,6 +169,7 @@ export class PublishingAws implements cdk_assets.IAws { env, // region, name, account assumeRuleArn: options.assumeRoleArn, assumeRoleExternalId: options.assumeRoleExternalId, + quiet: options.quiet, }); const maybeSdk = this.sdkCache.get(cacheKey); @@ -179,7 +180,7 @@ export class PublishingAws implements cdk_assets.IAws { const sdk = (await this.aws.forEnvironment(env, Mode.ForWriting, { assumeRoleArn: options.assumeRoleArn, assumeRoleExternalId: options.assumeRoleExternalId, - })).sdk; + }, options.quiet)).sdk; this.sdkCache.set(cacheKey, sdk); return sdk; diff --git a/packages/cdk-assets/lib/aws.ts b/packages/cdk-assets/lib/aws.ts index 02bb67d41916c..4d9e731692d4e 100644 --- a/packages/cdk-assets/lib/aws.ts +++ b/packages/cdk-assets/lib/aws.ts @@ -18,6 +18,7 @@ export interface ClientOptions { region?: string; assumeRoleArn?: string; assumeRoleExternalId?: string; + quiet?: boolean; } /** diff --git a/packages/cdk-assets/lib/private/handlers/container-images.ts b/packages/cdk-assets/lib/private/handlers/container-images.ts index 0537c788970c9..670c813dd8b20 100644 --- a/packages/cdk-assets/lib/private/handlers/container-images.ts +++ b/packages/cdk-assets/lib/private/handlers/container-images.ts @@ -46,8 +46,13 @@ export class ContainerImageAssetHandler implements IAssetHandler { } public async isPublished(): Promise { - const initOnce = await this.initOnce(); - return initOnce.destinationAlreadyExists; + try { + const initOnce = await this.initOnce({ quiet: true }); + return initOnce.destinationAlreadyExists; + } catch (e: any) { + this.host.emitMessage(EventType.DEBUG, `${e.message}`); + } + return false; } public async publish(): Promise { @@ -68,13 +73,16 @@ export class ContainerImageAssetHandler implements IAssetHandler { await dockerForPushing.push(initOnce.imageUri); } - private async initOnce(): Promise { + private async initOnce(options: { quiet?: boolean } = {}): Promise { if (this.init) { return this.init; } const destination = await replaceAwsPlaceholders(this.asset.destination, this.host.aws); - const ecr = await this.host.aws.ecrClient(destination); + const ecr = await this.host.aws.ecrClient({ + ...destination, + quiet: options.quiet, + }); const account = async () => (await this.host.aws.discoverCurrentAccount())?.accountId; const repoUri = await repositoryUri(ecr, destination.repositoryName); diff --git a/packages/cdk-assets/lib/private/handlers/files.ts b/packages/cdk-assets/lib/private/handlers/files.ts index edc2addd61ada..fc538a82c95d0 100644 --- a/packages/cdk-assets/lib/private/handlers/files.ts +++ b/packages/cdk-assets/lib/private/handlers/files.ts @@ -33,7 +33,10 @@ export class FileAssetHandler implements IAssetHandler { const destination = await replaceAwsPlaceholders(this.asset.destination, this.host.aws); const s3Url = `s3://${destination.bucketName}/${destination.objectKey}`; try { - const s3 = await this.host.aws.s3Client(destination); + const s3 = await this.host.aws.s3Client({ + ...destination, + quiet: true, + }); this.host.emitMessage(EventType.CHECK, `Check ${s3Url}`); if (await objectExists(s3, destination.bucketName, destination.objectKey)) { From 48a45243c5cdb2127045172662d20a30ccf658d0 Mon Sep 17 00:00:00 2001 From: watany <76135106+watany-dev@users.noreply.github.com> Date: Sun, 21 May 2023 17:46:49 +0900 Subject: [PATCH 06/33] chore: update nodejs to 18 in gitpod (#25426) I love using Gitpod! I saw that node18 support is needed at https://github.com/aws/aws-cdk/pull/25381 and understood the situation. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- .gitpod.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitpod.yml b/.gitpod.yml index dc1055dfa7926..4c55d36b6d0d3 100644 --- a/.gitpod.yml +++ b/.gitpod.yml @@ -3,7 +3,7 @@ github: pullRequestsFromForks: true addComment: true -image: jsii/superchain:1-buster-slim-node16 +image: public.ecr.aws/jsii/superchain:1-buster-slim-node18 tasks: - init: | From fa983ce841740b73bf5dfcfceabbc2b9962dde51 Mon Sep 17 00:00:00 2001 From: AWS CDK Automation <43080478+aws-cdk-automation@users.noreply.github.com> Date: Mon, 22 May 2023 05:29:02 -0400 Subject: [PATCH 07/33] docs(cfnspec): update CloudFormation documentation (#25666) --- .../spec-source/cfn-docs/cfn-docs.json | 407 +++++++++++++++--- 1 file changed, 359 insertions(+), 48 deletions(-) diff --git a/packages/@aws-cdk/cfnspec/spec-source/cfn-docs/cfn-docs.json b/packages/@aws-cdk/cfnspec/spec-source/cfn-docs/cfn-docs.json index 46239f9a73d9c..b32c301caa505 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/cfn-docs/cfn-docs.json +++ b/packages/@aws-cdk/cfnspec/spec-source/cfn-docs/cfn-docs.json @@ -2437,6 +2437,8 @@ "AccessToken": "The credentials used to access protected Salesforce resources.", "ClientCredentialsArn": "The secret manager ARN, which contains the client ID and client secret of the connected app.", "ConnectorOAuthRequest": "Used by select connectors for which the OAuth workflow is supported, such as Salesforce, Google Analytics, Marketo, Zendesk, and Slack.", + "JwtToken": "", + "OAuth2GrantType": "", "RefreshToken": "The credentials used to acquire new access tokens." } }, @@ -2558,6 +2560,7 @@ "Description": "A user-entered description of the flow.", "DestinationFlowConfigList": "The configuration that controls how Amazon AppFlow places data in the destination connector.", "FlowName": "The specified name of the flow. Spaces are not allowed. Use underscores (_) or hyphens (-) only.", + "FlowStatus": "Indicates the current status of the flow.", "KMSArn": "The ARN (Amazon Resource Name) of the Key Management Service (KMS) key you provide for encryption. This is required if you do not want to use the Amazon AppFlow-managed KMS key. If you don't provide anything here, Amazon AppFlow uses the Amazon AppFlow-managed KMS key.", "MetadataCatalogConfig": "", "SourceFlowConfig": "Contains information about the configuration of the source connector used in the flow.", @@ -2957,7 +2960,6 @@ "attributes": {}, "description": "The trigger settings that determine how and when Amazon AppFlow runs the specified flow.", "properties": { - "ActivateFlowOnCreate": "", "TriggerProperties": "Specifies the configuration details of a schedule-triggered flow as defined by the user. Currently, these settings only apply to the `Scheduled` trigger type.", "TriggerType": "Specifies the type of flow trigger. This can be `OnDemand` , `Scheduled` , or `Event` ." } @@ -11264,6 +11266,20 @@ "Type": "The type of phone number." } }, + "AWS::Connect::Prompt": { + "attributes": { + "PromptArn": "The Amazon Resource Name (ARN) of the prompt.", + "Ref": "`Ref` returns the quick rule name. For example:\n\n`{ \"Ref\": \"myPromptName\" }`" + }, + "description": "Creates a prompt for the specified Amazon Connect instance.", + "properties": { + "Description": "The description of the prompt.", + "InstanceArn": "The identifier of the Amazon Connect instance.", + "Name": "The name of the prompt.", + "S3Uri": "The URI for the S3 bucket where the prompt is stored.", + "Tags": "The tags used to organize, track, or control access for this resource. For example, { \"tags\": {\"key1\":\"value1\", \"key2\":\"value2\"} }." + } + }, "AWS::Connect::QuickConnect": { "attributes": { "QuickConnectArn": "The Amazon Resource Name (ARN) of the quick connect.", @@ -11421,11 +11437,11 @@ }, "AWS::Connect::TaskTemplate.Constraints": { "attributes": {}, - "description": "", + "description": "Describes constraints that apply to the template fields.", "properties": { - "InvisibleFields": "", - "ReadOnlyFields": "", - "RequiredFields": "" + "InvisibleFields": "Lists the fields that are invisible to agents.", + "ReadOnlyFields": "Lists the fields that are read-only to agents, and cannot be edited.", + "RequiredFields": "Lists the fields that are required to be filled by agents." } }, "AWS::Connect::TaskTemplate.DefaultFieldValue": { @@ -13424,7 +13440,7 @@ "AgentArns": "Specifies the Amazon Resource Names (ARNs) of the DataSync agents that can securely connect with your location.", "BucketName": "Specifies the name of the object storage bucket involved in the transfer.", "SecretKey": "Specifies the secret key (for example, a password) if credentials are required to authenticate with the object storage server.", - "ServerCertificate": "Specifies a certificate to authenticate with an object storage system that uses a private or self-signed certificate authority (CA). You must specify a Base64-encoded `.pem` file (for example, `file:///home/user/.ssh/storage_sys_certificate.pem` ). The certificate can be up to 32768 bytes (before Base64 encoding).\n\nTo use this parameter, configure `ServerProtocol` to `HTTPS` .", + "ServerCertificate": "Specifies a file with the certificates that are used to sign the object storage server's certificate (for example, `file:///home/user/.ssh/storage_sys_certificate.pem` ). The file you specify must include the following:\n\n- The certificate of the signing certificate authority (CA)\n- Any intermediate certificates\n- base64 encoding\n- A `.pem` extension\n\nThe file can be up to 32768 bytes (before base64 encoding).\n\nTo use this parameter, configure `ServerProtocol` to `HTTPS` .", "ServerHostname": "Specifies the domain name or IP address of the object storage server. A DataSync agent uses this hostname to mount the object storage server in a network.", "ServerPort": "Specifies the port that your object storage server accepts inbound network traffic on (for example, port 443).", "ServerProtocol": "Specifies the protocol that your object storage server uses to communicate.", @@ -14317,8 +14333,8 @@ "EndDate": "The date and time at which the Capacity Reservation Fleet expires. When the Capacity Reservation Fleet expires, its state changes to `expired` and all of the Capacity Reservations in the Fleet expire.\n\nThe Capacity Reservation Fleet expires within an hour after the specified time. For example, if you specify `5/31/2019` , `13:30:55` , the Capacity Reservation Fleet is guaranteed to expire between `13:30:55` and `14:30:55` on `5/31/2019` .", "InstanceMatchCriteria": "Indicates the type of instance launches that the Capacity Reservation Fleet accepts. All Capacity Reservations in the Fleet inherit this instance matching criteria.\n\nCurrently, Capacity Reservation Fleets support `open` instance matching criteria only. This means that instances that have matching attributes (instance type, platform, and Availability Zone) run in the Capacity Reservations automatically. Instances do not need to explicitly target a Capacity Reservation Fleet to use its reserved capacity.", "InstanceTypeSpecifications": "Information about the instance types for which to reserve the capacity.", - "NoRemoveEndDate": "", - "RemoveEndDate": "", + "NoRemoveEndDate": "Used to add an end date to a Capacity Reservation Fleet that has no end date and time. To add an end date to a Capacity Reservation Fleet, specify `true` for this paramater and specify the end date and time (in UTC time format) for the *EndDate* parameter.", + "RemoveEndDate": "Used to remove an end date from a Capacity Reservation Fleet that is configured to end automatically at a specific date and time. To remove the end date from a Capacity Reservation Fleet, specify `true` for this paramater and omit the *EndDate* parameter.", "TagSpecifications": "The tags to assign to the Capacity Reservation Fleet. The tags are automatically assigned to the Capacity Reservations in the Fleet.", "Tenancy": "Indicates the tenancy of the Capacity Reservation Fleet. All Capacity Reservations in the Fleet inherit this tenancy. The Capacity Reservation Fleet can have one of the following tenancy settings:\n\n- `default` - The Capacity Reservation Fleet is created on hardware that is shared with other AWS accounts .\n- `dedicated` - The Capacity Reservations are created on single-tenant hardware that is dedicated to a single AWS account .", "TotalTargetCapacity": "The total number of capacity units to be reserved by the Capacity Reservation Fleet. This value, together with the instance type weights that you assign to each instance type used by the Fleet determine the number of instances for which the Fleet reserves capacity. Both values are based on units that make sense for your workload. For more information, see [Total target capacity](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/crfleet-concepts.html#target-capacity) in the Amazon EC2 User Guide." @@ -14856,6 +14872,7 @@ "PrivateDefaultScopeId": "The ID of the IPAM's default private scope.", "PublicDefaultScopeId": "The ID of the IPAM's default public scope.", "Ref": "`Ref` returns the IPAM ID.", + "ResourceDiscoveryAssociationCount": "", "ScopeCount": "The number of scopes in the IPAM. The scope quota is 5." }, "description": "IPAM is a VPC feature that you can use to automate your IP address management workflows including assigning, tracking, troubleshooting, and auditing IP addresses across AWS Regions and accounts throughout your AWS Organization. For more information, see [What is IPAM?](https://docs.aws.amazon.com//vpc/latest/ipam/what-is-it-ipam.html) in the *Amazon VPC IPAM User Guide* .", @@ -14864,7 +14881,6 @@ "DefaultResourceDiscoveryId": "The IPAM's default resource discovery ID.", "Description": "The description for the IPAM.", "OperatingRegions": "The operating Regions for an IPAM. Operating Regions are AWS Regions where the IPAM is allowed to manage IP address CIDRs. IPAM only discovers and monitors resources in the AWS Regions you select as operating Regions.\n\nFor more information about operating Regions, see [Create an IPAM](https://docs.aws.amazon.com//vpc/latest/ipam/create-ipam.html) in the *Amazon VPC IPAM User Guide* .", - "ResourceDiscoveryAssociationCount": "The IPAM's resource discovery association count.", "Tags": "The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key `Owner` and the value `TeamA` , specify `tag:Owner` for the filter name and `TeamA` for the filter value." } }, @@ -15299,7 +15315,7 @@ "attributes": {}, "description": "Specifies the CPU options for an instance. For more information, see [Optimize CPU options](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-optimize-cpu.html) in the *Amazon Elastic Compute Cloud User Guide* .\n\n`CpuOptions` is a property of [AWS::EC2::LaunchTemplate LaunchTemplateData](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-launchtemplate-launchtemplatedata.html) .", "properties": { - "AmdSevSnp": "Indicates whether to enable the instance for AMD SEV-SNP. AMD SEV-SNP is supported with M6a, R6a, and C6a instance types only.", + "AmdSevSnp": "Indicates whether to enable the instance for AMD SEV-SNP. AMD SEV-SNP is supported with M6a, R6a, and C6a instance types only. For more information, see [AMD SEV-SNP](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/sev-snp.html) .", "CoreCount": "The number of CPU cores for the instance.", "ThreadsPerCore": "The number of threads per CPU core. To disable multithreading for the instance, specify a value of `1` . Otherwise, specify the default value of `2` ." } @@ -16679,6 +16695,7 @@ }, "AWS::EC2::SubnetCidrBlock": { "attributes": { + "Id": "The ID of the association.", "Ref": "`Ref` returns the association ID for the subnet\u2019s IPv6 CIDR block." }, "description": "Associates a CIDR block with your subnet. You can associate a single IPv6 CIDR block with your subnet. An IPv6 CIDR block must have a prefix length of /64.", @@ -22040,19 +22057,19 @@ "properties": { "Name": "A descriptive label that is associated with a build. Build names do not need to be unique.", "OperatingSystem": "The operating system that your game server binaries run on. This value determines the type of fleet resources that you use for this build. If your game build contains multiple executables, they all must run on the same operating system. You must specify a valid operating system in this request. There is no default value. You can't change a build's operating system later.\n\n> If you have active fleets using the Windows Server 2012 operating system, you can continue to create new builds using this OS until October 10, 2023, when Microsoft ends its support. All others must use Windows Server 2016 when creating new Windows-based builds.", - "ServerSdkVersion": "The Amazon GameLift Server SDK version used to develop your game server.", + "ServerSdkVersion": "A server SDK version you used when integrating your game server build with Amazon GameLift. For more information see [Integrate games with custom game servers](https://docs.aws.amazon.com/gamelift/latest/developerguide/integration-custom-intro.html) . By default Amazon GameLift sets this value to `4.0.2` .", "StorageLocation": "Information indicating where your game build files are stored. Use this parameter only when creating a build with files stored in an Amazon S3 bucket that you own. The storage location must specify an Amazon S3 bucket name and key. The location must also specify a role ARN that you set up to allow Amazon GameLift to access your Amazon S3 bucket. The S3 bucket and your new build must be in the same Region.\n\nIf a `StorageLocation` is specified, the size of your file can be found in your Amazon S3 bucket. Amazon GameLift will report a `SizeOnDisk` of 0.", "Version": "Version information that is associated with this build. Version strings do not need to be unique." } }, "AWS::GameLift::Build.StorageLocation": { "attributes": {}, - "description": "", + "description": "The location in Amazon S3 where build or script files are stored for access by Amazon GameLift.", "properties": { - "Bucket": "", - "Key": "", - "ObjectVersion": "", - "RoleArn": "" + "Bucket": "An Amazon S3 bucket identifier. Thename of the S3 bucket.\n\n> Amazon GameLift doesn't support uploading from Amazon S3 buckets with names that contain a dot (.).", + "Key": "The name of the zip file that contains the build files or script files.", + "ObjectVersion": "The version of the file, if object versioning is turned on for the bucket. Amazon GameLift uses this information when retrieving files from your S3 bucket. To retrieve a specific version of the file, provide an object version. To retrieve the latest version of the file, do not set this parameter.", + "RoleArn": "The Amazon Resource Name ( [ARN](https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-arn-format.html) ) for an IAM role that allows Amazon GameLift to access the S3 bucket." } }, "AWS::GameLift::Fleet": { @@ -23301,10 +23318,10 @@ }, "AWS::Grafana::Workspace.NetworkAccessControl": { "attributes": {}, - "description": "The configuration settings for in-bound network access to your workspace.\n\nWhen this is configured, only listed IP addresses and VPC endpoints will be able to access your workspace. Standard Grafana authentication and authorization will still be required.\n\nIf this is not configured, or is removed, then all IP addresses and VPC endpoints will be allowed. Standard Grafana authentication and authorization will still be required.", + "description": "The configuration settings for in-bound network access to your workspace.\n\nWhen this is configured, only listed IP addresses and VPC endpoints will be able to access your workspace. Standard Grafana authentication and authorization are still required.\n\nAccess is granted to a caller that is in either the IP address list or the VPC endpoint list - they do not need to be in both.\n\nIf this is not configured, or is removed, then all IP addresses and VPC endpoints are allowed. Standard Grafana authentication and authorization are still required.\n\n> While both `prefixListIds` and `vpceIds` are required, you can pass in an empty array of strings for either parameter if you do not want to allow any of that type.\n> \n> If both are passed as empty arrays, no traffic is allowed to the workspace, because only *explicitly* allowed connections are accepted.", "properties": { - "PrefixListIds": "An array of prefix list IDs. A prefix list is a list of CIDR ranges of IP addresses. The IP addresses specified are allowed to access your workspace. If the list is not included in the configuration then no IP addresses will be allowed to access the workspace. You create a prefix list using the Amazon VPC console.\n\nPrefix list IDs have the format `pl- *1a2b3c4d*` .\n\nFor more information about prefix lists, see [Group CIDR blocks using managed prefix lists](https://docs.aws.amazon.com/vpc/latest/userguide/managed-prefix-lists.html) in the *Amazon Virtual Private Cloud User Guide* .", - "VpceIds": "An array of Amazon VPC endpoint IDs for the workspace. You can create VPC endpoints to your Amazon Managed Grafana workspace for access from within a VPC. If a `NetworkAccessConfiguration` is specified then only VPC endpoints specified here will be allowed to access the workspace.\n\nVPC endpoint IDs have the format `vpce- *1a2b3c4d*` .\n\nFor more information about creating an interface VPC endpoint, see [Interface VPC endpoints](https://docs.aws.amazon.com/grafana/latest/userguide/VPC-endpoints) in the *Amazon Managed Grafana User Guide* .\n\n> The only VPC endpoints that can be specified here are interface VPC endpoints for Grafana workspaces (using the `com.amazonaws.[region].grafana-workspace` service endpoint). Other VPC endpoints will be ignored." + "PrefixListIds": "An array of prefix list IDs. A prefix list is a list of CIDR ranges of IP addresses. The IP addresses specified are allowed to access your workspace. If the list is not included in the configuration (passed an empty array) then no IP addresses are allowed to access the workspace. You create a prefix list using the Amazon VPC console.\n\nPrefix list IDs have the format `pl- *1a2b3c4d*` .\n\nFor more information about prefix lists, see [Group CIDR blocks using managed prefix lists](https://docs.aws.amazon.com/vpc/latest/userguide/managed-prefix-lists.html) in the *Amazon Virtual Private Cloud User Guide* .", + "VpceIds": "An array of Amazon VPC endpoint IDs for the workspace. You can create VPC endpoints to your Amazon Managed Grafana workspace for access from within a VPC. If a `NetworkAccessConfiguration` is specified then only VPC endpoints specified here are allowed to access the workspace. If you pass in an empty array of strings, then no VPCs are allowed to access the workspace.\n\nVPC endpoint IDs have the format `vpce- *1a2b3c4d*` .\n\nFor more information about creating an interface VPC endpoint, see [Interface VPC endpoints](https://docs.aws.amazon.com/grafana/latest/userguide/VPC-endpoints) in the *Amazon Managed Grafana User Guide* .\n\n> The only VPC endpoints that can be specified here are interface VPC endpoints for Grafana workspaces (using the `com.amazonaws.[region].grafana-workspace` service endpoint). Other VPC endpoints are ignored." } }, "AWS::Grafana::Workspace.RoleValues": { @@ -31811,7 +31828,7 @@ "FunctionName": "The name of the Lambda function, up to 64 characters in length. If you don't specify a name, AWS CloudFormation generates one.\n\nIf you specify a name, you cannot perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name.", "Handler": "The name of the method within your code that Lambda calls to run your function. Handler is required if the deployment package is a .zip file archive. The format includes the file name. It can also include namespaces and other qualifiers, depending on the runtime. For more information, see [Lambda programming model](https://docs.aws.amazon.com/lambda/latest/dg/foundation-progmodel.html) .", "ImageConfig": "Configuration values that override the container image Dockerfile settings. For more information, see [Container image settings](https://docs.aws.amazon.com/lambda/latest/dg/images-create.html#images-parms) .", - "KmsKeyArn": "The ARN of the AWS Key Management Service ( AWS KMS ) customer managed key that's used to encrypt your function's [environment variables](https://docs.aws.amazon.com/lambda/latest/dg/configuration-envvars.html#configuration-envvars-encryption) . When [Lambda SnapStart](https://docs.aws.amazon.com/lambda/latest/dg/snapstart-security.html) is activated, this key is also used to encrypt your function's snapshot. If you don't provide a customer managed key, Lambda uses a default service key.", + "KmsKeyArn": "The ARN of the AWS Key Management Service ( AWS KMS ) customer managed key that's used to encrypt your function's [environment variables](https://docs.aws.amazon.com/lambda/latest/dg/configuration-envvars.html#configuration-envvars-encryption) . When [Lambda SnapStart](https://docs.aws.amazon.com/lambda/latest/dg/snapstart-security.html) is activated, Lambda also uses this key is to encrypt your function's snapshot. If you deploy your function using a container image, Lambda also uses this key to encrypt your function when it's deployed. Note that this is not the same key that's used to protect your container image in the Amazon Elastic Container Registry (Amazon ECR).\nIf you don't provide a customer managed key, Lambda uses a default service key.", "Layers": "A list of [function layers](https://docs.aws.amazon.com/lambda/latest/dg/configuration-layers.html) to add to the function's execution environment. Specify each layer by its ARN, including the version.", "MemorySize": "The amount of [memory available to the function](https://docs.aws.amazon.com/lambda/latest/dg/configuration-function-common.html#configuration-memory-console) at runtime. Increasing the function memory also increases its CPU allocation. The default value is 128 MB. The value can be any multiple of 1 MB.", "PackageType": "The type of deployment package. Set to `Image` for container image and set `Zip` for .zip file archive.", @@ -37293,8 +37310,10 @@ "AssociatedRoles": "Provides a list of the Amazon Identity and Access Management (IAM) roles that are associated with the DB cluster. IAM roles that are associated with a DB cluster grant permission for the DB cluster to access other Amazon services on your behalf.", "AvailabilityZones": "Provides the list of EC2 Availability Zones that instances in the DB cluster can be created in.", "BackupRetentionPeriod": "Specifies the number of days for which automatic DB snapshots are retained.\n\nAn update may require some interruption. See [ModifyDBInstance](https://docs.aws.amazon.com/neptune/latest/userguide/api-instances.html#ModifyDBInstance) in the Amazon Neptune User Guide for more information.", + "CopyTagsToSnapshot": "*If set to `true` , tags are copied to any snapshot of the DB cluster that is created.*", "DBClusterIdentifier": "Contains a user-supplied DB cluster identifier. This identifier is the unique key that identifies a DB cluster.", "DBClusterParameterGroupName": "Provides the name of the DB cluster parameter group.\n\nAn update may require some interruption. See [ModifyDBInstance](https://docs.aws.amazon.com/neptune/latest/userguide/api-instances.html#ModifyDBInstance) in the Amazon Neptune User Guide for more information.", + "DBInstanceParameterGroupName": "The name of the DB parameter group to apply to all instances of the DB cluster. Used only in case of a major engine version upgrade request\n\nNote that when you apply a parameter group using `DBInstanceParameterGroupName` , parameter changes are applied immediately, not during the next maintenance window.\n\n**Constraints** - The DB parameter group must be in the same DB parameter group family as the target DB cluster version.\n- The `DBInstanceParameterGroupName` parameter is only valid for major engine version upgrades.", "DBSubnetGroupName": "Specifies information on the subnet group associated with the DB cluster, including the name, description, and subnets in the subnet group.", "DeletionProtection": "Indicates whether or not the DB cluster has deletion protection enabled. The database can't be deleted when deletion protection is enabled.", "EnableCloudwatchLogsExports": "Specifies a list of log types that are enabled for export to CloudWatch Logs.", @@ -37305,6 +37324,7 @@ "PreferredMaintenanceWindow": "Specifies the weekly time range during which system maintenance can occur, in Universal Coordinated Time (UTC).", "RestoreToTime": "Creates a new DB cluster from a DB snapshot or DB cluster snapshot.\n\nIf a DB snapshot is specified, the target DB cluster is created from the source DB snapshot with a default configuration and default security group.\n\nIf a DB cluster snapshot is specified, the target DB cluster is created from the source DB cluster restore point with the same configuration as the original source DB cluster, except that the new DB cluster is created with the default security group.", "RestoreType": "Creates a new DB cluster from a DB snapshot or DB cluster snapshot.\n\nIf a DB snapshot is specified, the target DB cluster is created from the source DB snapshot with a default configuration and default security group.\n\nIf a DB cluster snapshot is specified, the target DB cluster is created from the source DB cluster restore point with the same configuration as the original source DB cluster, except that the new DB cluster is created with the default security group.", + "ServerlessScalingConfiguration": "", "SnapshotIdentifier": "Specifies the identifier for a DB cluster snapshot. Must match the identifier of an existing snapshot.\n\nAfter you restore a DB cluster using a `SnapshotIdentifier` , you must specify the same `SnapshotIdentifier` for any future updates to the DB cluster. When you specify this property for an update, the DB cluster is not restored from the snapshot again, and the data in the database is not changed.\n\nHowever, if you don't specify the `SnapshotIdentifier` , an empty DB cluster is created, and the original DB cluster is deleted. If you specify a property that is different from the previous snapshot restore property, the DB cluster is restored from the snapshot specified by the `SnapshotIdentifier` , and the original DB cluster is deleted.", "SourceDBClusterIdentifier": "Creates a new DB cluster from a DB snapshot or DB cluster snapshot.\n\nIf a DB snapshot is specified, the target DB cluster is created from the source DB snapshot with a default configuration and default security group.\n\nIf a DB cluster snapshot is specified, the target DB cluster is created from the source DB cluster restore point with the same configuration as the original source DB cluster, except that the new DB cluster is created with the default security group.", "StorageEncrypted": "Indicates whether the DB cluster is encrypted.\n\nIf you specify the `DBClusterIdentifier` , `DBSnapshotIdentifier` , or `SourceDBInstanceIdentifier` property, don't specify this property. The value is inherited from the cluster, snapshot, or source DB instance. If you specify the `KmsKeyId` property, you must enable encryption.\n\nIf you specify the `KmsKeyId` , you must enable encryption by setting `StorageEncrypted` to true.", @@ -37321,6 +37341,14 @@ "RoleArn": "The Amazon Resource Name (ARN) of the IAM role that is associated with the DB cluster." } }, + "AWS::Neptune::DBCluster.ServerlessScalingConfiguration": { + "attributes": {}, + "description": "", + "properties": { + "MaxCapacity": "", + "MinCapacity": "" + } + }, "AWS::Neptune::DBClusterParameterGroup": { "attributes": { "Ref": "`Ref` returns the resource name." @@ -54533,14 +54561,296 @@ "WarningForeground": "The foreground color that applies to any text or other elements that appear over the warning color." } }, + "AWS::QuickSight::Topic": { + "attributes": { + "Arn": "The Amazon Resource Name (ARN) of the topic.", + "Ref": "" + }, + "description": "Creates a new Q topic.", + "properties": { + "AwsAccountId": "The ID of the AWS account that you want to create a topic in.", + "DataSets": "The data sets that the topic is associated with.", + "Description": "The description of the topic.", + "Name": "The name of the topic.", + "TopicId": "The ID for the topic. This ID is unique per AWS Region for each AWS account." + } + }, + "AWS::QuickSight::Topic.CellValueSynonym": { + "attributes": {}, + "description": "A structure that represents the cell value synonym.", + "properties": { + "CellValue": "The cell value.", + "Synonyms": "Other names or aliases for the cell value." + } + }, + "AWS::QuickSight::Topic.CollectiveConstant": { + "attributes": {}, + "description": "A structure that represents a collective constant.", + "properties": { + "ValueList": "A list of values for the collective constant." + } + }, + "AWS::QuickSight::Topic.ComparativeOrder": { + "attributes": {}, + "description": "The order in which data is displayed for the column when it's used in a comparative context.", + "properties": { + "SpecifedOrder": "The list of columns to be used in the ordering.", + "TreatUndefinedSpecifiedValues": "The treat of undefined specified values. Valid values for this structure are `LEAST` and `MOST` .", + "UseOrdering": "The ordering type for a column. Valid values for this structure are `GREATER_IS_BETTER` , `LESSER_IS_BETTER` and `SPECIFIED` ." + } + }, + "AWS::QuickSight::Topic.DataAggregation": { + "attributes": {}, + "description": "The definition of a data aggregation.", + "properties": { + "DatasetRowDateGranularity": "The level of time precision that is used to aggregate `DateTime` values.", + "DefaultDateColumnName": "The column name for the default date." + } + }, + "AWS::QuickSight::Topic.DatasetMetadata": { + "attributes": {}, + "description": "A structure that represents a dataset.", + "properties": { + "CalculatedFields": "The list of calculated field definitions.", + "Columns": "The list of column definitions.", + "DataAggregation": "The definition of a data aggregation.", + "DatasetArn": "The Amazon Resource Name (ARN) of the dataset.", + "DatasetDescription": "The description of the dataset.", + "DatasetName": "The name of the dataset.", + "Filters": "The list of filter definitions.", + "NamedEntities": "The list of named entities definitions." + } + }, + "AWS::QuickSight::Topic.DefaultFormatting": { + "attributes": {}, + "description": "A structure that represents a default formatting definition.", + "properties": { + "DisplayFormat": "The display format. Valid values for this structure are `AUTO` , `PERCENT` , `CURRENCY` , `NUMBER` , `DATE` , and `STRING` .", + "DisplayFormatOptions": "The additional options for display formatting." + } + }, + "AWS::QuickSight::Topic.DisplayFormatOptions": { + "attributes": {}, + "description": "A structure that represents additional options for display formatting.", + "properties": { + "BlankCellFormat": "Determines the blank cell format.", + "CurrencySymbol": "The currency symbol, such as `USD` .", + "DateFormat": "Determines the `DateTime` format.", + "DecimalSeparator": "Determines the decimal separator.", + "FractionDigits": "Determines the number of fraction digits.", + "GroupingSeparator": "Determines the grouping separator.", + "NegativeFormat": "The negative format.", + "Prefix": "The prefix value for a display format.", + "Suffix": "The suffix value for a display format.", + "UnitScaler": "The unit scaler. Valid values for this structure are: `NONE` , `AUTO` , `THOUSANDS` , `MILLIONS` , `BILLIONS` , and `TRILLIONS` .", + "UseBlankCellFormat": "A Boolean value that indicates whether to use blank cell format.", + "UseGrouping": "A Boolean value that indicates whether to use grouping." + } + }, + "AWS::QuickSight::Topic.NamedEntityDefinition": { + "attributes": {}, + "description": "A structure that represents a named entity.", + "properties": { + "FieldName": "The name of the entity.", + "Metric": "The definition of a metric.", + "PropertyName": "The property name to be used for the named entity.", + "PropertyRole": "The property role. Valid values for this structure are `PRIMARY` and `ID` .", + "PropertyUsage": "The property usage. Valid values for this structure are `INHERIT` , `DIMENSION` , and `MEASURE` ." + } + }, + "AWS::QuickSight::Topic.NamedEntityDefinitionMetric": { + "attributes": {}, + "description": "A structure that represents a metric.", + "properties": { + "Aggregation": "The aggregation of a named entity. Valid values for this structure are `SUM` , `MIN` , `MAX` , `COUNT` , `AVERAGE` , `DISTINCT_COUNT` , `STDEV` , `STDEVP` , `VAR` , `VARP` , `PERCENTILE` , `MEDIAN` , and `CUSTOM` .", + "AggregationFunctionParameters": "The additional parameters for an aggregation function." + } + }, + "AWS::QuickSight::Topic.NegativeFormat": { + "attributes": {}, + "description": "A structure that represents a negative format.", + "properties": { + "Prefix": "The prefix for a negative format.", + "Suffix": "The suffix for a negative format." + } + }, + "AWS::QuickSight::Topic.RangeConstant": { + "attributes": {}, + "description": "The value of the constant that is used to specify the endpoints of a range filter.", + "properties": { + "Maximum": "The maximum value for a range constant.", + "Minimum": "The minimum value for a range constant." + } + }, + "AWS::QuickSight::Topic.SemanticEntityType": { + "attributes": {}, + "description": "A structure that represents a semantic entity type.", + "properties": { + "SubTypeName": "The semantic entity sub type name.", + "TypeName": "The semantic entity type name.", + "TypeParameters": "The semantic entity type parameters." + } + }, + "AWS::QuickSight::Topic.SemanticType": { + "attributes": {}, + "description": "A structure that represents a semantic type.", + "properties": { + "FalseyCellValue": "The semantic type falsey cell value.", + "FalseyCellValueSynonyms": "The other names or aliases for the false cell value.", + "SubTypeName": "The semantic type sub type name.", + "TruthyCellValue": "The semantic type truthy cell value.", + "TruthyCellValueSynonyms": "The other names or aliases for the true cell value.", + "TypeName": "The semantic type name.", + "TypeParameters": "The semantic type parameters." + } + }, + "AWS::QuickSight::Topic.TopicCalculatedField": { + "attributes": {}, + "description": "A structure that represents a calculated field.", + "properties": { + "Aggregation": "The default aggregation. Valid values for this structure are `SUM` , `MAX` , `MIN` , `COUNT` , `DISTINCT_COUNT` , and `AVERAGE` .", + "AllowedAggregations": "The list of aggregation types that are allowed for the calculated field. Valid values for this structure are `COUNT` , `DISTINCT_COUNT` , `MIN` , `MAX` , `MEDIAN` , `SUM` , `AVERAGE` , `STDEV` , `STDEVP` , `VAR` , `VARP` , and `PERCENTILE` .", + "CalculatedFieldDescription": "The calculated field description.", + "CalculatedFieldName": "The calculated field name.", + "CalculatedFieldSynonyms": "The other names or aliases for the calculated field.", + "CellValueSynonyms": "The other names or aliases for the calculated field cell value.", + "ColumnDataRole": "The column data role for a calculated field. Valid values for this structure are `DIMENSION` and `MEASURE` .", + "ComparativeOrder": "The order in which data is displayed for the calculated field when it's used in a comparative context.", + "DefaultFormatting": "The default formatting definition.", + "Expression": "The calculated field expression.", + "IsIncludedInTopic": "A boolean value that indicates if a calculated field is included in the topic.", + "NeverAggregateInFilter": "A Boolean value that indicates whether to never aggregate calculated field in filters.", + "NotAllowedAggregations": "The list of aggregation types that are not allowed for the calculated field. Valid values for this structure are `COUNT` , `DISTINCT_COUNT` , `MIN` , `MAX` , `MEDIAN` , `SUM` , `AVERAGE` , `STDEV` , `STDEVP` , `VAR` , `VARP` , and `PERCENTILE` .", + "SemanticType": "The semantic type.", + "TimeGranularity": "The level of time precision that is used to aggregate `DateTime` values." + } + }, + "AWS::QuickSight::Topic.TopicCategoryFilter": { + "attributes": {}, + "description": "A structure that represents a category filter.", + "properties": { + "CategoryFilterFunction": "The category filter function. Valid values for this structure are `EXACT` and `CONTAINS` .", + "CategoryFilterType": "The category filter type. This element is used to specify whether a filter is a simple category filter or an inverse category filter.", + "Constant": "The constant used in a category filter.", + "Inverse": "A Boolean value that indicates if the filter is inverse." + } + }, + "AWS::QuickSight::Topic.TopicCategoryFilterConstant": { + "attributes": {}, + "description": "A constant used in a category filter.", + "properties": { + "CollectiveConstant": "A collective constant used in a category filter. This element is used to specify a list of values for the constant.", + "ConstantType": "The type of category filter constant. This element is used to specify whether a constant is a singular or collective. Valid values are `SINGULAR` and `COLLECTIVE` .", + "SingularConstant": "A singular constant used in a category filter. This element is used to specify a single value for the constant." + } + }, + "AWS::QuickSight::Topic.TopicColumn": { + "attributes": {}, + "description": "Represents a column in a dataset.", + "properties": { + "Aggregation": "The type of aggregation that is performed on the column data when it's queried. Valid values for this structure are `SUM` , `MAX` , `MIN` , `COUNT` , `DISTINCT_COUNT` , and `AVERAGE` .", + "AllowedAggregations": "The list of aggregation types that are allowed for the column. Valid values for this structure are `COUNT` , `DISTINCT_COUNT` , `MIN` , `MAX` , `MEDIAN` , `SUM` , `AVERAGE` , `STDEV` , `STDEVP` , `VAR` , `VARP` , and `PERCENTILE` .", + "CellValueSynonyms": "The other names or aliases for the column cell value.", + "ColumnDataRole": "The role of the column in the data. Valid values are `DIMENSION` and `MEASURE` .", + "ColumnDescription": "A description of the column and its contents.", + "ColumnFriendlyName": "A user-friendly name for the column.", + "ColumnName": "The name of the column.", + "ColumnSynonyms": "The other names or aliases for the column.", + "ComparativeOrder": "The order in which data is displayed for the column when it's used in a comparative context.", + "DefaultFormatting": "The default formatting used for values in the column.", + "IsIncludedInTopic": "A Boolean value that indicates whether the column is included in the query results.", + "NeverAggregateInFilter": "A Boolean value that indicates whether to aggregate the column data when it's used in a filter context.", + "NotAllowedAggregations": "The list of aggregation types that are not allowed for the column. Valid values for this structure are `COUNT` , `DISTINCT_COUNT` , `MIN` , `MAX` , `MEDIAN` , `SUM` , `AVERAGE` , `STDEV` , `STDEVP` , `VAR` , `VARP` , and `PERCENTILE` .", + "SemanticType": "The semantic type of data contained in the column.", + "TimeGranularity": "The level of time precision that is used to aggregate `DateTime` values." + } + }, + "AWS::QuickSight::Topic.TopicDateRangeFilter": { + "attributes": {}, + "description": "A filter used to restrict data based on a range of dates or times.", + "properties": { + "Constant": "The constant used in a date range filter.", + "Inclusive": "A Boolean value that indicates whether the date range filter should include the boundary values. If set to true, the filter includes the start and end dates. If set to false, the filter excludes them." + } + }, + "AWS::QuickSight::Topic.TopicFilter": { + "attributes": {}, + "description": "A structure that represents a filter used to select items for a topic.", + "properties": { + "CategoryFilter": "The category filter that is associated with this filter.", + "DateRangeFilter": "The date range filter.", + "FilterClass": "The class of the filter. Valid values for this structure are `ENFORCED_VALUE_FILTER` , `CONDITIONAL_VALUE_FILTER` , and `NAMED_VALUE_FILTER` .", + "FilterDescription": "A description of the filter used to select items for a topic.", + "FilterName": "The name of the filter.", + "FilterSynonyms": "The other names or aliases for the filter.", + "FilterType": "The type of the filter. Valid values for this structure are `CATEGORY_FILTER` , `NUMERIC_EQUALITY_FILTER` , `NUMERIC_RANGE_FILTER` , `DATE_RANGE_FILTER` , and `RELATIVE_DATE_FILTER` .", + "NumericEqualityFilter": "The numeric equality filter.", + "NumericRangeFilter": "The numeric range filter.", + "OperandFieldName": "The name of the field that the filter operates on.", + "RelativeDateFilter": "The relative date filter." + } + }, + "AWS::QuickSight::Topic.TopicNamedEntity": { + "attributes": {}, + "description": "A structure that represents a named entity.", + "properties": { + "Definition": "The definition of a named entity.", + "EntityDescription": "The description of the named entity.", + "EntityName": "The name of the named entity.", + "EntitySynonyms": "The other names or aliases for the named entity.", + "SemanticEntityType": "The type of named entity that a topic represents." + } + }, + "AWS::QuickSight::Topic.TopicNumericEqualityFilter": { + "attributes": {}, + "description": "A filter that filters topics based on the value of a numeric field. The filter includes only topics whose numeric field value matches the specified value.", + "properties": { + "Aggregation": "An aggregation function that specifies how to calculate the value of a numeric field for a topic. Valid values for this structure are `NO_AGGREGATION` , `SUM` , `AVERAGE` , `COUNT` , `DISTINCT_COUNT` , `MAX` , `MEDIAN` , `MIN` , `STDEV` , `STDEVP` , `VAR` , and `VARP` .", + "Constant": "The constant used in a numeric equality filter." + } + }, + "AWS::QuickSight::Topic.TopicNumericRangeFilter": { + "attributes": {}, + "description": "A filter that filters topics based on the value of a numeric field. The filter includes only topics whose numeric field value falls within the specified range.", + "properties": { + "Aggregation": "An aggregation function that specifies how to calculate the value of a numeric field for a topic, Valid values for this structure are `NO_AGGREGATION` , `SUM` , `AVERAGE` , `COUNT` , `DISTINCT_COUNT` , `MAX` , `MEDIAN` , `MIN` , `STDEV` , `STDEVP` , `VAR` , and `VARP` .", + "Constant": "The constant used in a numeric range filter.", + "Inclusive": "A Boolean value that indicates whether the endpoints of the numeric range are included in the filter. If set to true, topics whose numeric field value is equal to the endpoint values will be included in the filter. If set to false, topics whose numeric field value is equal to the endpoint values will be excluded from the filter." + } + }, + "AWS::QuickSight::Topic.TopicRangeFilterConstant": { + "attributes": {}, + "description": "A constant value that is used in a range filter to specify the endpoints of the range.", + "properties": { + "ConstantType": "The data type of the constant value that is used in a range filter. Valid values for this structure are `RANGE` .", + "RangeConstant": "The value of the constant that is used to specify the endpoints of a range filter." + } + }, + "AWS::QuickSight::Topic.TopicRelativeDateFilter": { + "attributes": {}, + "description": "A structure that represents a relative date filter.", + "properties": { + "Constant": "The constant used in a relative date filter.", + "RelativeDateFilterFunction": "The function to be used in a relative date filter to determine the range of dates to include in the results. Valid values for this structure are `BEFORE` , `AFTER` , and `BETWEEN` .", + "TimeGranularity": "The level of time precision that is used to aggregate `DateTime` values." + } + }, + "AWS::QuickSight::Topic.TopicSingularFilterConstant": { + "attributes": {}, + "description": "A structure that represents a singular filter constant, used in filters to specify a single value to match against.", + "properties": { + "ConstantType": "The type of the singular filter constant. Valid values for this structure are `SINGULAR` .", + "SingularConstant": "The value of the singular filter constant." + } + }, "AWS::QuickSight::VPCConnection": { "attributes": { - "Arn": "", - "CreatedTime": "", - "LastUpdatedTime": "", - "NetworkInterfaces": "", - "Status": "", - "VPCId": "" + "Arn": "The Amazon Resource Name (ARN) of the VPC connection.", + "CreatedTime": "The time that the VPC connection was created.", + "LastUpdatedTime": "The time that the VPC connection was last updated.", + "NetworkInterfaces": "A list of network interfaces.", + "Status": "The HTTP status of the request.", + "VPCId": "The ID of the VPC connection that you're creating. This ID is a unique identifier for each AWS Region in an AWS account." }, "description": "Creates a new VPC connection.", "properties": { @@ -56061,14 +56371,14 @@ "AWS::RolesAnywhere::CRL": { "attributes": { "CrlId": "The unique primary identifier of the Crl", - "Ref": "`Ref` returns `CrlId` ." + "Ref": "The name of the CRL." }, - "description": "Imports the certificate revocation list (CRL). A CRL is a list of certificates that have been revoked by the issuing certificate Authority (CA). IAM Roles Anywhere validates against the CRL before issuing credentials.\n\n*Required permissions:* `rolesanywhere:ImportCrl` .", + "description": "Creates a Crl.", "properties": { - "CrlData": "The x509 v3 specified certificate revocation list (CRL).", - "Enabled": "Specifies whether the certificate revocation list (CRL) is enabled.", - "Name": "The name of the certificate revocation list (CRL).", - "Tags": "A list of tags to attach to the certificate revocation list (CRL).", + "CrlData": "x509 v3 Certificate Revocation List to revoke auth for corresponding certificates presented in CreateSession operations", + "Enabled": "The enabled status of the resource.", + "Name": "The customer specified name of the resource.", + "Tags": "A list of Tags.", "TrustAnchorArn": "The ARN of the TrustAnchor the certificate revocation list (CRL) will provide revocation for." } }, @@ -56076,18 +56386,18 @@ "attributes": { "ProfileArn": "The ARN of the profile.", "ProfileId": "The unique primary identifier of the Profile", - "Ref": "`Ref` returns `ProfileId` ." + "Ref": "The name of the Profile" }, - "description": "Creates a *profile* , a list of the roles that Roles Anywhere service is trusted to assume. You use profiles to intersect permissions with IAM managed policies.\n\n*Required permissions:* `rolesanywhere:CreateProfile` .", + "description": "Creates a Profile.", "properties": { - "DurationSeconds": "Sets the maximum number of seconds that vended temporary credentials through [CreateSession](https://docs.aws.amazon.com/rolesanywhere/latest/userguide/authentication-create-session.html) will be valid for, between 900 and 3600.", - "Enabled": "Indicates whether the profile is enabled.", - "ManagedPolicyArns": "A list of managed policy ARNs that apply to the vended session credentials.", - "Name": "The name of the profile.", - "RequireInstanceProperties": "Specifies whether instance properties are required in temporary credential requests with this profile.", - "RoleArns": "A list of IAM role ARNs. During `CreateSession` , if a matching role ARN is provided, the properties in this profile will be applied to the intersection session policy.", - "SessionPolicy": "A session policy that applies to the trust boundary of the vended session credentials.", - "Tags": "The tags to attach to the profile." + "DurationSeconds": "The number of seconds vended session credentials will be valid for", + "Enabled": "The enabled status of the resource.", + "ManagedPolicyArns": "A list of managed policy ARNs. Managed policies identified by this list will be applied to the vended session credentials.", + "Name": "The customer specified name of the resource.", + "RequireInstanceProperties": "Specifies whether instance properties are required in CreateSession requests with this profile.", + "RoleArns": "A list of IAM role ARNs that can be assumed when this profile is specified in a CreateSession request.", + "SessionPolicy": "A session policy that will applied to the trust boundary of the vended session credentials.", + "Tags": "A list of Tags." } }, "AWS::RolesAnywhere::TrustAnchor": { @@ -56096,7 +56406,7 @@ "TrustAnchorArn": "The ARN of the trust anchor.", "TrustAnchorId": "The unique identifier of the trust anchor." }, - "description": "Creates a trust anchor to establish trust between IAM Roles Anywhere and your certificate authority (CA). You can define a trust anchor as a reference to an AWS Private Certificate Authority ( AWS Private CA ) or by uploading a CA certificate. Your AWS workloads can authenticate with the trust anchor using certificates issued by the CA in exchange for temporary AWS credentials.\n\n*Required permissions:* `rolesanywhere:CreateTrustAnchor` .", + "description": "Creates a TrustAnchor.", "properties": { "Enabled": "Indicates whether the trust anchor is enabled.", "Name": "The name of the trust anchor.", @@ -56106,15 +56416,15 @@ }, "AWS::RolesAnywhere::TrustAnchor.Source": { "attributes": {}, - "description": "The trust anchor type and its related certificate data.", + "description": "Object representing the TrustAnchor type and its related certificate data.", "properties": { - "SourceData": "The data field of the trust anchor depending on its type.", - "SourceType": "The type of the TrustAnchor.\n\n> `AWS_ACM_PCA` is not an allowed value in your region." + "SourceData": "A union object representing the data field of the TrustAnchor depending on its type", + "SourceType": "The type of the TrustAnchor." } }, "AWS::RolesAnywhere::TrustAnchor.SourceData": { "attributes": {}, - "description": "The data field of the trust anchor depending on its type.", + "description": "A union object representing the data field of the TrustAnchor depending on its type", "properties": { "AcmPcaArn": "The root certificate of the AWS Private Certificate Authority specified by this ARN is used in trust validation for temporary credential requests. Included for trust anchors of type `AWS_ACM_PCA` .\n\n> This field is not supported in your region.", "X509CertificateData": "The PEM-encoded data for the certificate anchor. Included for trust anchors of type `CERTIFICATE_BUNDLE` ." @@ -62937,6 +63247,7 @@ "DirectoryId": "The identifier of the AWS Directory Service directory that you want to stop sharing.", "Function": "The ARN for a Lambda function to use for the Identity provider.", "InvocationRole": "This parameter is only applicable if your `IdentityProviderType` is `API_GATEWAY` . Provides the type of `InvocationRole` used to authenticate the user account.", + "SftpAuthenticationMethods": "For SFTP-enabled servers, and for custom identity providers *only* , you can specify whether to authenticate using a password, SSH key pair, or both.\n\n- `PASSWORD` - users must provide their password to connect.\n- `PUBLIC_KEY` - users must provide their private key to connect.\n- `PUBLIC_KEY_OR_PASSWORD` - users can authenticate with either their password or their key. This is the default value.\n- `PUBLIC_KEY_AND_PASSWORD` - users must provide both their private key and their password to connect. The server checks the key first, and then if the key is valid, the system prompts for a password. If the private key provided does not match the public key that is stored, authentication fails.", "Url": "Provides the location of the service endpoint used to authenticate users." } }, @@ -62947,7 +63258,7 @@ }, "AWS::Transfer::Server.ProtocolDetails": { "attributes": {}, - "description": "Protocol settings that are configured for your server.", + "description": "The protocol settings that are configured for your server.", "properties": { "As2Transports": "List of `As2Transport` objects.", "PassiveIp": "Indicates passive mode, for FTP and FTPS protocols. Enter a single IPv4 address, such as the public IP address of a firewall, router, or load balancer. For example:\n\n`aws transfer update-server --protocol-details PassiveIp=0.0.0.0`\n\nReplace `0.0.0.0` in the example above with the actual IP address you want to use.\n\n> If you change the `PassiveIp` value, you must stop and then restart your Transfer Family server for the change to take effect. For details on using passive mode (PASV) in a NAT environment, see [Configuring your FTPS server behind a firewall or NAT with AWS Transfer Family](https://docs.aws.amazon.com/storage/configuring-your-ftps-server-behind-a-firewall-or-nat-with-aws-transfer-family/) . \n\n*Special values*\n\nThe `AUTO` and `0.0.0.0` are special values for the `PassiveIp` parameter. The value `PassiveIp=AUTO` is assigned by default to FTP and FTPS type servers. In this case, the server automatically responds with one of the endpoint IPs within the PASV response. `PassiveIp=0.0.0.0` has a more unique application for its usage. For example, if you have a High Availability (HA) Network Load Balancer (NLB) environment, where you have 3 subnets, you can only specify a single IP address using the `PassiveIp` parameter. This reduces the effectiveness of having High Availability. In this case, you can specify `PassiveIp=0.0.0.0` . This tells the client to use the same IP address as the Control connection and utilize all AZs for their connections. Note, however, that not all FTP clients support the `PassiveIp=0.0.0.0` response. FileZilla and WinSCP do support it. If you are using other clients, check to see if your client supports the `PassiveIp=0.0.0.0` response.", From c6f9fb63ba96101f9e4930230ac131f507eeaf61 Mon Sep 17 00:00:00 2001 From: Calvin Combs <66279577+comcalvi@users.noreply.github.com> Date: Mon, 22 May 2023 09:08:27 -0700 Subject: [PATCH 08/33] chore(batch-alpha): make batch dev-preview (#25619) Makes `aws-batch-alpha` developer preview ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- packages/@aws-cdk/aws-batch-alpha/README.md | 12 ++++++------ packages/@aws-cdk/aws-batch-alpha/package.json | 2 +- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/packages/@aws-cdk/aws-batch-alpha/README.md b/packages/@aws-cdk/aws-batch-alpha/README.md index 806befb9edad4..343b76fa4ce64 100644 --- a/packages/@aws-cdk/aws-batch-alpha/README.md +++ b/packages/@aws-cdk/aws-batch-alpha/README.md @@ -3,13 +3,13 @@ --- -![cdk-constructs: Experimental](https://img.shields.io/badge/cdk--constructs-experimental-important.svg?style=for-the-badge) +![cdk-constructs: Developer Preview](https://img.shields.io/badge/cdk--constructs-developer--preview-informational.svg?style=for-the-badge) -> The APIs of higher level constructs in this module are experimental and under active development. -> They are subject to non-backward compatible changes or removal in any future version. These are -> not subject to the [Semantic Versioning](https://semver.org/) model and breaking changes will be -> announced in the release notes. This means that while you may use them, you may need to update -> your source code when upgrading to a newer version of this package. +> The APIs of higher level constructs in this module are in **developer preview** before they +> become stable. We will only make breaking changes to address unforeseen API issues. Therefore, +> these APIs are not subject to [Semantic Versioning](https://semver.org/), and breaking changes +> will be announced in release notes. This means that while you may use them, you may need to +> update your source code when upgrading to a newer version of this package. --- diff --git a/packages/@aws-cdk/aws-batch-alpha/package.json b/packages/@aws-cdk/aws-batch-alpha/package.json index f4dddc3d042e2..c6d2d3f68094c 100644 --- a/packages/@aws-cdk/aws-batch-alpha/package.json +++ b/packages/@aws-cdk/aws-batch-alpha/package.json @@ -144,7 +144,7 @@ ] }, "stability": "experimental", - "maturity": "experimental", + "maturity": "developer-preview", "awscdkio": { "announce": false }, From f05ed21ecbce4fd25309cb5fc2c2c49a9fc35030 Mon Sep 17 00:00:00 2001 From: "Miguel A. Calles" <44813512+miguel-a-calles-mba@users.noreply.github.com> Date: Mon, 22 May 2023 11:12:42 -0700 Subject: [PATCH 09/33] chore(cdk): Speed up typescript app compile time (#25089) > REPLACE THIS TEXT BLOCK > > Describe the reason for this change, what the solution is, and any > important design decisions you made. > > Remember to follow the [CONTRIBUTING GUIDE] and [DESIGN GUIDELINES] for any > code you submit. > > [CONTRIBUTING GUIDE]: https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md > [DESIGN GUIDELINES]: https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md Closes #None. The cdk init command can generate a typescript cdk app. The cdk app uses ts-node for things like cdk deploys. As a developer, it seems to take forever for the ts-node to start the cdk deploy process. Adding SWC to the tsconfig file allows ts-node to use a rust-based transpiler when doing a cdk deploy. The SWC speeds up the cdk deploy time by a lot. I have not noticed any type checking issues in vscode nor any transpile issues in deployed lambda functions. Ref: https://typestrong.org/ts-node/docs/swc/ Ref: https://aws.plainenglish.io/speed-up-aws-cdk-deploys-up-to-80-c47afad1c18c ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- packages/aws-cdk/README.md | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/packages/aws-cdk/README.md b/packages/aws-cdk/README.md index 1cec94c57507e..2574f5a143a21 100644 --- a/packages/aws-cdk/README.md +++ b/packages/aws-cdk/README.md @@ -811,3 +811,25 @@ The following environment variables affect aws-cdk: The CLI will attempt to detect whether it is being run in CI by looking for the presence of an environment variable `CI=true`. This can be forced by passing the `--ci` flag. By default the CLI sends most of its logs to `stderr`, but when `ci=true` it will send the logs to `stdout` instead. + +### Changing the default TypeScript transpiler + +The ts-node package used to synthesize and deploy CDK apps supports an alternate transpiler that might improve transpile times. The SWC transpiler is written in Rust and has no type checking. The SWC transpiler should be enabled by experienced TypeScript developers. + +To enable the SWC transpiler, install the package in the CDK app. + +```sh +npm i -D @swc/core @swc/helpers regenerator-runtime +``` + +And, update the `tsconfig.json` file to add the `ts-node` property. + +```json +{ + "ts-node": { + "swc": true + } +} +``` + +The documentation may be found at From a799531a8fdb6ce2341932386441623b692c8dd2 Mon Sep 17 00:00:00 2001 From: Markus Lindqvist Date: Mon, 22 May 2023 21:56:11 +0300 Subject: [PATCH 10/33] chore(core): Explain usage of '--fail' in 'cdk diff' (#25638) Explain usage of '--fail' in 'cdk diff'. See https://stackoverflow.com/questions/69574034/what-are-the-returned-status-code-of-cdk-diff ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- packages/aws-cdk/README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/aws-cdk/README.md b/packages/aws-cdk/README.md index 2574f5a143a21..8c54bdf563369 100644 --- a/packages/aws-cdk/README.md +++ b/packages/aws-cdk/README.md @@ -146,8 +146,8 @@ See the [CDK reference documentation](https://docs.aws.amazon.com/cdk/api/latest ### `cdk diff` Computes differences between the infrastructure specified in the current state of the CDK app and the currently -deployed application (or a user-specified CloudFormation template). This command returns non-zero if any differences are -found. +deployed application (or a user-specified CloudFormation template). If you need the command to return a non-zero if any differences are +found you need to use the `--fail` command line option. ```console $ # Diff against the currently deployed stack From dc4bbec03741eea5bb5b69caa22dbaf18f727262 Mon Sep 17 00:00:00 2001 From: Kaizen Conroy <36202692+kaizencc@users.noreply.github.com> Date: Mon, 22 May 2023 17:13:26 -0400 Subject: [PATCH 11/33] chore: update eslint rule to allow max 1 empty line (#25600) There should be no reason to have back-to-back new lines which our current eslint rules allow. I made the rule stricter and fixed instances where we were breaking the stricter rule. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- .../@aws-cdk-testing/cli-integ/lib/aws.ts | 1 - .../@aws-cdk-testing/cli-integ/lib/files.ts | 1 - .../cli-integ/lib/staging/parallel-shell.ts | 1 - .../cli-integ/lib/with-sam.ts | 1 - .../cli-integ/test/xpmutex.test.ts | 1 - .../init-csharp/init-csharp.integtest.ts | 1 - .../authorizers/integ.token-authorizer.ts | 1 - .../aws-apigateway/test/integ.domain-name.ts | 3 - .../test/integ.method-grant-execute.ts | 1 - .../aws-appsync/test/integ.graphql-iam.ts | 1 - .../aws-appsync/test/integ.log-retention.ts | 1 - .../test/integ.queue-hook.ts | 1 - .../integ.core-cross-region-references.ts | 1 - .../integ.cloudfront-cross-region-cert.ts | 1 - .../test/integ.distribution-logbucket.ts | 1 - .../test/integ.cloudtrail-insight.ts | 1 - .../test/integ.ssm-incident-alarm-action.ts | 1 - .../test/integ.asset-build-spec.ts | 1 - .../test/lambda/integ.deployment-group.ts | 1 - .../test/integ.pipeline-s3-deploy.ts | 1 - .../test/integ.pipeline-with-replication.ts | 2 - .../test/integ.user-pool-idp.google.ts | 1 - .../test/aws-config/test/integ.rule.ts | 1 - .../test/integ.global-replicas-provisioned.ts | 1 - .../test/import-certificates-handler/index.ts | 1 - .../index.ts | 1 - .../aws-ec2/test/integ.launch-template.ts | 1 - .../test/aws-ec2/test/integ.machine-image.ts | 2 - .../test/aws-ec2/test/integ.prefix-list.ts | 2 - .../test/integ.vpc-flow-logs-customformat.ts | 2 - .../test/integ.vpc-flow-logs-interval.ts | 2 - .../test/aws-ec2/test/integ.vpc-ipam.ts | 1 - ...e-network-load-balanced-fargate-service.ts | 1 - ...eue-processing-fargate-service-isolated.ts | 1 - ...plication-load-balanced-fargate-service.ts | 1 - .../ec2/integ.default-capacity-provider.ts | 1 - .../test/fargate/integ.fargate-with-efs.ts | 1 - .../aws-ecs/test/fargate/integ.runtime.ts | 1 - .../cluster.ts | 1 - .../cluster.ts | 1 - .../cluster.ts | 1 - .../cluster.ts | 1 - .../integ.eks-cluster-private-endpoint.ts | 1 - .../cluster.ts | 1 - .../test/aws-eks/test/integ.eks-cluster.ts | 1 - .../cluster.ts | 1 - .../cluster.ts | 1 - .../cluster.ts | 1 - .../integ.eks-service-account-sdk-call.ts | 1 - .../cluster.ts | 1 - .../cluster.ts | 1 - .../test/integ.alb.dualstack.ts | 1 - .../test/integ.alb.ts | 1 - .../test/integ.connection-termination.nlb.ts | 1 - .../test/lambda/integ.events.ts | 1 - .../test/aws-events/test/integ.rule.ts | 1 - .../test/integ.principal-with-conditions.ts | 1 - .../test/aws-kms/test/integ.key-hmac.ts | 1 - .../integ-handlers/ts-decorator-handler.ts | 1 - .../test/integ.dependencies-pnpm.ts | 1 - .../test/integ.lambda.filesystem.ts | 1 - .../test/integ.runtime.fromasset.ts | 1 - .../test/integ.runtime.inlinecode.ts | 1 - .../test/integ.kinesis.ts | 1 - .../test/integ.rolling-instance-updates.ts | 1 - .../test/integ.assets.bundling.docker-opts.ts | 1 - ...integ.bucket-deployment-deployed-bucket.ts | 1 - .../test/sqs/integ.bucket-notifications.ts | 1 - .../test/integ.bucket-intelligent-tiering.ts | 1 - .../test/integ.sns-lambda.ts | 2 - .../test/aws-ssm/test/integ.list-parameter.ts | 3 - .../test/athena/integ.get-query-execution.ts | 1 - .../test/athena/integ.get-query-results.ts | 1 - .../athena/integ.start-query-execution.ts | 2 - .../test/athena/integ.stop-query-execution.ts | 1 - .../cluster.ts | 1 - .../cluster.ts | 1 - .../cluster.ts | 1 - .../integ.job-submission-workflow.ts | 1 - .../cluster.ts | 1 - .../test/eventbridge/integ.put-events.ts | 1 - .../test/sagemaker/integ.call-sagemaker.ts | 2 - ...eline-with-stack-outputs-in-custom-step.ts | 1 - .../test/integ.pipeline-without-prepare.ts | 1 - .../@aws-cdk/aws-amplify-alpha/lib/app.ts | 1 - .../asset-deployment-handler/index.test.ts | 1 - .../aws-apigatewayv2-alpha/lib/common/base.ts | 1 - .../lib/http/vpc-link.ts | 1 - .../lib/websocket/api.ts | 1 - .../test/http/api.test.ts | 1 - .../test/http/vpc-link.test.ts | 1 - .../test/websocket/route.test.ts | 2 - .../test/http/integ.lambda.ts | 1 - .../lib/http/private/integration.ts | 1 - .../test/websocket/lambda.test.ts | 1 - .../test/websocket/mock.test.ts | 1 - .../aws-apprunner-alpha/lib/service.ts | 1 - .../test/integ.service-ecr-public.ts | 1 - .../test/integ.service-ecr.ts | 2 - .../test/integ.service-vpc-connector.ts | 1 - .../aws-apprunner-alpha/test/service.test.ts | 3 - .../lib/compute-environment-base.ts | 1 - .../lib/ecs-container-definition.ts | 1 - .../lib/eks-container-definition.ts | 1 - .../lib/job-definition-base.ts | 2 - .../aws-batch-alpha/lib/linux-parameters.ts | 1 - .../lib/managed-compute-environment.ts | 1 - .../lib/multinode-job-definition.ts | 1 - .../aws-batch-alpha/lib/scheduling-policy.ts | 1 - .../lib/unmanaged-compute-environment.ts | 1 - .../test/aws-events-targets/batch.test.ts | 1 - .../test/ecs-job-definition.test.ts | 1 - .../test/eks-container-definition.test.ts | 1 - .../test/eks-job-definition.test.ts | 1 - .../test/integ.eks-job-definition.ts | 2 - .../aws-batch-alpha/test/integ.job-queue.ts | 1 - .../aws-batch-alpha/test/job-queue.test.ts | 1 - .../test/managed-compute-environment.test.ts | 1 - .../test/multinode-job-definition.test.ts | 1 - .../test/scheduling-policy.test.ts | 1 - .../aws-cloud9-alpha/lib/environment.ts | 1 - .../aws-gamelift-alpha/lib/build-fleet.ts | 1 - .../@aws-cdk/aws-gamelift-alpha/lib/build.ts | 2 - .../aws-gamelift-alpha/lib/content.ts | 1 - .../aws-gamelift-alpha/lib/fleet-base.ts | 1 - .../lib/game-server-group.ts | 1 - .../lib/matchmaking-configuration.ts | 2 - .../lib/matchmaking-ruleset.ts | 3 - .../test/build-fleet.test.ts | 1 - .../aws-gamelift-alpha/test/build.test.ts | 1 - .../test/game-session-queue.test.ts | 1 - .../queued-matchmaking-configuration.test.ts | 5 +- .../aws-gamelift-alpha/test/script.test.ts | 2 - ...andalone-matchmaking-configuration.test.ts | 1 - packages/@aws-cdk/aws-glue-alpha/lib/job.ts | 1 - .../@aws-cdk/aws-glue-alpha/test/job.test.ts | 2 - .../lib/firehose-put-record-action.ts | 1 - .../dynamodbv2-put-item-action.test.ts | 1 - .../iot/iotevents-put-message-action.test.ts | 1 - .../integ.firehose-put-record-action.ts | 1 - .../@aws-cdk/aws-ivs-alpha/test/integ.ivs.ts | 1 - .../lib/application.ts | 1 - .../aws-lambda-go-alpha/test/bundling.test.ts | 2 - .../aws-lambda-go-alpha/test/util.test.ts | 1 - .../aws-lambda-python-alpha/lib/function.ts | 1 - .../aws-lambda-python-alpha/lib/types.ts | 1 - .../aws-location-alpha/lib/place-index.ts | 1 - .../aws-neptune-alpha/lib/parameter-group.ts | 1 - .../aws-neptune-alpha/test/cluster.test.ts | 1 - .../test/integ.cluster-reboot.ts | 1 - .../lib/private/utils.ts | 1 - .../lib/target-application.ts | 1 - .../test/application.test.ts | 2 - ...ation-associator.all-stacks-association.ts | 1 - .../aws-synthetics-alpha/lib/runtime.ts | 1 - .../aws-synthetics-alpha/lib/schedule.ts | 1 - .../aws-synthetics-alpha/test/canary.test.ts | 1 - .../aws-synthetics-alpha/test/code.test.ts | 1 - .../cdk-cli-wrapper/lib/commands/common.ts | 1 - .../@aws-cdk/cfnspec/build-tools/patch-set.ts | 1 - .../canned-metrics/canned-metrics-schema.ts | 1 - packages/@aws-cdk/cfnspec/lib/index.ts | 1 - .../@aws-cdk/cli-lib-alpha/test/cli.test.ts | 1 - .../cli-lib-alpha/test/commands.test.ts | 4 -- packages/@aws-cdk/integ-runner/lib/cli.ts | 2 - .../lib/runner/integ-test-suite.ts | 2 - .../integ-runner/lib/runner/runner-base.ts | 1 - packages/@aws-cdk/integ-runner/lib/utils.ts | 1 - .../integ-runner/lib/workers/common.ts | 1 - .../@aws-cdk/integ-runner/test/cli.test.ts | 1 - .../@aws-cdk/integ-runner/test/helpers.ts | 1 - .../test/runner/integ-test-runner.test.ts | 1 - .../test/runner/integration-tests.test.ts | 1 - .../test/workers/mock-extract_worker.ts | 1 - .../lib/assertions/private/deploy-assert.ts | 1 - .../providers/lambda-handler/assertion.ts | 1 - .../providers/lambda-handler/sdk.ts | 2 - .../test/assertions/deploy-assert.test.ts | 2 - .../providers/lambda-handler/base.test.ts | 1 - .../providers/lambda-handler/sdk.test.ts | 3 - .../assertions/lib/private/cyclic.ts | 2 - .../assertions/lib/private/resources.ts | 1 - .../aws-apigateway/lib/authorizers/lambda.ts | 1 - .../aws-apigateway/lib/domain-name.ts | 1 - .../aws-cdk-lib/aws-apigateway/lib/stage.ts | 1 - .../aws-apigateway/test/api-key.test.ts | 2 - .../test/authorizers/lambda.test.ts | 1 - .../aws-apigateway/test/deployment.test.ts | 1 - .../aws-apigateway/test/method.test.ts | 27 --------- .../aws-apigateway/test/resource.test.ts | 5 -- .../aws-apigateway/test/restapi.test.ts | 1 - .../aws-apigateway/test/usage-plan.test.ts | 1 - .../test/step-scaling-policy.test.ts | 9 --- .../test/target-tracking.test.ts | 3 - .../aws-appmesh/lib/health-checks.ts | 1 - .../aws-appmesh/lib/shared-interfaces.ts | 1 - .../aws-appmesh/lib/virtual-node.ts | 1 - .../aws-appsync/lib/graphqlapi-base.ts | 1 - .../aws-appsync/test/appsync-auth.test.ts | 1 - .../aws-appsync/test/appsync-http.test.ts | 1 - .../test/hooks.test.ts | 1 - .../aws-autoscaling/lib/auto-scaling-group.ts | 3 - .../test/auto-scaling-group.test.ts | 1 - packages/aws-cdk-lib/aws-backup/lib/vault.ts | 1 - .../test/certificate.test.ts | 1 - .../test/dns-validated-certificate.test.ts | 1 - .../lib/experimental/edge-function.ts | 1 - .../aws-cloudfront/lib/function.ts | 1 - .../aws-cdk-lib/aws-cloudfront/lib/origin.ts | 1 - .../aws-cloudfront/test/origin-groups.test.ts | 1 - .../aws-cloudfront/test/origin.test.ts | 4 -- .../test/web-distribution.test.ts | 23 -------- .../aws-cloudtrail/test/cloudtrail.test.ts | 1 - .../aws-cloudwatch-actions/test/ssm.test.ts | 1 - .../aws-cloudwatch/lib/alarm-status-widget.ts | 1 - .../test/composite-alarm.test.ts | 3 - .../test/cross-environment.test.ts | 4 -- .../aws-cloudwatch/test/dashboard.test.ts | 6 -- .../aws-cloudwatch/test/graphs.test.ts | 22 ------- .../aws-cloudwatch/test/layout.test.ts | 8 --- .../aws-cloudwatch/test/metric-math.test.ts | 17 ------ .../aws-cloudwatch/test/metrics.test.ts | 11 ---- .../aws-cloudwatch/test/stats.test.ts | 1 - .../lib/linux-gpu-build-image.ts | 1 - .../aws-codecommit/test/codecommit.test.ts | 7 --- .../test/notification-rule.test.ts | 1 - .../lambda/custom-deployment-config.test.ts | 1 - .../test/server/deployment-group.test.ts | 1 - .../lib/cloudformation/stackset-types.ts | 2 - .../bitbucket/bitbucket-source-action.test.ts | 3 - .../cloudformation-pipeline-actions.test.ts | 11 ---- .../cloudformation/pipeline-actions.test.ts | 2 - .../test/codebuild/codebuild-action.test.ts | 7 --- .../test/codedeploy/ecs-deploy-action.test.ts | 7 --- ...codestar-connections-source-action.test.ts | 3 - .../test/ecr/ecr-source-action.test.ts | 1 - .../test/ecs/ecs-deploy-action.test.ts | 8 --- .../test/github/github-source-action.test.ts | 4 -- .../test/manual-approval.test.ts | 4 -- .../test/pipeline.test.ts | 11 ---- .../test/s3/s3-source-action.test.ts | 5 -- ...servicecatalog-deploy-action-beta1.test.ts | 2 - .../stepfunctions-invoke-actions.test.ts | 3 - .../lib/custom-action-registration.ts | 1 - .../aws-cognito/lib/user-pool-attr.ts | 1 - .../aws-cognito/lib/user-pool-email.ts | 1 - .../lib/user-pool-resource-server.ts | 1 - .../lib/machine-image/amazon-linux-2023.ts | 1 - .../lib/machine-image/machine-image.ts | 3 - .../aws-ec2/lib/private/ebs-util.ts | 1 - .../aws-cdk-lib/aws-ec2/lib/vpc-flow-logs.ts | 1 - packages/aws-cdk-lib/aws-ec2/lib/vpc.ts | 1 - .../aws-ec2/test/bastion-host.test.ts | 5 -- .../aws-ec2/test/connections.test.ts | 9 --- .../test/import-certificates-handler/index.ts | 1 - .../aws-cdk-lib/aws-ec2/test/instance.test.ts | 9 --- .../aws-ec2/test/ip-addresses.test.ts | 1 - .../aws-ec2/test/placement-group.test.ts | 1 - .../aws-ec2/test/security-group.test.ts | 14 ----- .../aws-cdk-lib/aws-ec2/test/userdata.test.ts | 4 -- .../aws-ec2/test/vpc-endpoint-service.test.ts | 2 - .../aws-ec2/test/vpc-endpoint.test.ts | 23 -------- .../aws-ec2/test/vpc-flow-logs.test.ts | 1 - .../aws-ec2/test/vpc.from-lookup.test.ts | 5 -- packages/aws-cdk-lib/aws-ec2/test/vpc.test.ts | 21 ------- packages/aws-cdk-lib/aws-ec2/test/vpn.test.ts | 11 ---- .../aws-ecr-assets/test/tarball-asset.test.ts | 1 - .../lib/base/fargate-service-base.ts | 1 - .../aws-ecs-patterns/test/ec2/l3s-v2.test.ts | 1 - .../aws-ecs-patterns/test/ec2/l3s.test.ts | 1 - .../ec2/queue-processing-ecs-service.test.ts | 1 - .../load-balanced-fargate-service-v2.test.ts | 4 -- .../load-balanced-fargate-service.test.ts | 2 - packages/aws-cdk-lib/aws-ecs/lib/amis.ts | 1 - .../aws-ecs/lib/base/task-definition.ts | 2 - .../aws-ecs/lib/container-definition.ts | 4 -- .../aws-ecs/lib/runtime-platform.ts | 1 - .../test/app-mesh-proxy-configuration.test.ts | 1 - .../aws-ecs/test/aws-log-driver.test.ts | 2 - .../aws-cdk-lib/aws-ecs/test/cluster.test.ts | 50 ---------------- .../aws-ecs/test/container-definition.test.ts | 1 - .../aws-ecs/test/ec2/cross-stack.test.ts | 4 -- .../aws-ecs/test/ec2/ec2-service.test.ts | 58 ------------------- .../test/external/external-service.test.ts | 6 -- .../test/fargate/fargate-service.test.ts | 2 - .../fargate/fargate-task-definition.test.ts | 7 --- .../aws-ecs/test/firelens-log-driver.test.ts | 1 - .../aws-ecs/test/gelf-log-driver.test.ts | 1 - .../aws-ecs/test/json-file-log-driver.test.ts | 1 - .../aws-ecs/test/task-definition.test.ts | 4 -- .../lib/cluster-resource-handler/cluster.ts | 1 - packages/aws-cdk-lib/aws-eks/lib/cluster.ts | 1 - .../aws-eks/lib/managed-nodegroup.ts | 1 - .../lib/alb/application-target-group.ts | 3 - .../lib/nlb/network-listener.ts | 1 - .../test/alb/load-balancer.test.ts | 1 - .../test/nlb/listener.test.ts | 1 - .../aws-elasticsearch/lib/domain.ts | 6 -- .../aws-elasticsearch/test/domain.test.ts | 1 - .../lib/kinesis-firehose-stream.ts | 2 - .../aws-events-targets/lib/util.ts | 2 - .../api-destination/api-destination.test.ts | 1 - .../test/lambda/lambda.test.ts | 2 - .../test/logs/log-group.test.ts | 1 - .../aws-events-targets/test/sqs/sqs.test.ts | 1 - .../aws-cdk-lib/aws-events/lib/archive.ts | 1 - .../aws-events/lib/event-pattern.ts | 1 - packages/aws-cdk-lib/aws-events/lib/rule.ts | 1 - .../aws-events/test/api-destination.test.ts | 1 - .../aws-events/test/event-bus.test.ts | 1 - .../test/globalaccelerator.test.ts | 1 - .../aws-iam/lib/private/merge-statements.ts | 1 - .../private/postprocess-policy-document.ts | 1 - packages/aws-cdk-lib/aws-iam/lib/role.ts | 2 - .../aws-iam/test/managed-policy.test.ts | 1 - .../aws-iam/test/precreated-role.test.ts | 1 - .../aws-kinesis/test/stream.test.ts | 1 - packages/aws-cdk-lib/aws-kms/test/key.test.ts | 1 - .../aws-lambda-event-sources/test/api.test.ts | 3 - .../test/dynamo.test.ts | 22 ------- .../test/kafka.test.ts | 9 --- .../test/kinesis.test.ts | 7 --- .../aws-lambda-event-sources/test/sns.test.ts | 2 - .../aws-lambda-event-sources/test/sqs.test.ts | 11 ---- .../aws-lambda-nodejs/lib/types.ts | 1 - .../aws-cdk-lib/aws-lambda-nodejs/lib/util.ts | 1 - .../aws-lambda-nodejs/test/bundling.test.ts | 3 - .../aws-lambda-nodejs/test/function.test.ts | 1 - .../integ-handlers/ts-decorator-handler.ts | 1 - .../aws-lambda/lib/event-source-mapping.ts | 1 - .../aws-cdk-lib/aws-lambda/lib/function.ts | 1 - .../aws-lambda/lib/lambda-insights.ts | 1 - .../aws-cdk-lib/aws-lambda/lib/permission.ts | 1 - .../aws-cdk-lib/aws-lambda/lib/runtime.ts | 1 - .../aws-logs/lib/data-protection-policy.ts | 1 - .../aws-cdk-lib/aws-logs/lib/log-group.ts | 1 - .../aws-logs/lib/query-definition.ts | 1 - .../test/log-retention-provider.test.ts | 17 ------ .../aws-opensearchservice/lib/domain.ts | 7 --- .../aws-rds/lib/instance-engine.ts | 2 - .../aws-rds/lib/serverless-cluster.ts | 1 - .../aws-rds/test/serverless-cluster.test.ts | 1 - .../lib/global-accelerator-target.ts | 1 - ...astic-beanstalk-environment-target.test.ts | 1 - .../aws-s3-assets/test/asset.test.ts | 1 - .../lib/bucket-deployment.ts | 1 - packages/aws-cdk-lib/aws-s3/lib/bucket.ts | 3 - .../aws-cdk-lib/aws-s3/test/bucket.test.ts | 1 - .../test/secret-rotation.test.ts | 2 - .../test/instance.test.ts | 18 ------ .../test/namespace.test.ts | 3 - .../aws-servicediscovery/test/service.test.ts | 13 ----- .../aws-ses/test/receipt-filter.test.ts | 2 - .../aws-ses/test/receipt-rule-set.test.ts | 4 -- .../aws-ses/test/receipt-rule.test.ts | 4 -- packages/aws-cdk-lib/aws-sns/test/sns.test.ts | 15 ----- .../aws-sns/test/subscription.test.ts | 1 - packages/aws-cdk-lib/aws-ssm/lib/parameter.ts | 1 - .../test/athena/start-query-execution.test.ts | 1 - .../test/codebuild/start-build.test.ts | 1 - .../test/databrew/start-job-run.test.ts | 1 - .../test/dynamodb/shared-types.test.ts | 2 - .../test/emr/emr-create-cluster.test.ts | 1 - .../delete-virtual-cluster.test.ts | 1 - .../test/emrcontainers/start-job-run.test.ts | 1 - .../sagemaker/create-endpoint-config.test.ts | 1 - .../test/sagemaker/update-endpoint.test.ts | 1 - .../lib/private/intrinstics.ts | 1 - .../aws-stepfunctions/lib/state-machine.ts | 1 - .../aws-stepfunctions/lib/states/task-base.ts | 1 - .../aws-stepfunctions/test/condition.test.ts | 1 - .../test/private/intrinsics.test.ts | 1 - .../lib/integ-tests/commands/common.ts | 1 - packages/aws-cdk-lib/core/lib/cfn-element.ts | 2 - .../export-reader-provider.ts | 1 - .../custom-resource-provider.ts | 1 - packages/aws-cdk-lib/core/lib/lazy.ts | 1 - packages/aws-cdk-lib/core/lib/names.ts | 1 - .../core/lib/private/cloudformation-lang.ts | 1 - .../core/lib/private/prepare-app.ts | 1 - packages/aws-cdk-lib/core/lib/private/refs.ts | 2 - packages/aws-cdk-lib/core/lib/stack.ts | 1 - packages/aws-cdk-lib/core/lib/stage.ts | 2 - packages/aws-cdk-lib/core/lib/time-zone.ts | 1 - .../core/lib/validation/private/report.ts | 3 - .../aws-cdk-lib/core/test/bundling.test.ts | 1 - .../custom-resource-provider.test.ts | 1 - .../export-writer-provider.test.ts | 2 - .../aws-cdk-lib/core/test/fs/fs-copy.test.ts | 1 - packages/aws-cdk-lib/core/test/fs/fs.test.ts | 2 - .../private/physical-name-generator.test.ts | 10 ---- .../core/test/private/tree-metadata.test.ts | 2 - .../clicreds-synthesis.test.ts | 1 - .../new-style-synthesis.test.ts | 10 ---- packages/aws-cdk-lib/core/test/stack.test.ts | 1 - .../aws-cdk-lib/core/test/staging.test.ts | 1 - .../core/test/validation/validation.test.ts | 1 - .../aws-custom-resource.ts | 1 - .../aws-custom-resource-provider.test.ts | 1 - packages/aws-cdk-lib/cx-api/lib/cxapi.ts | 1 - packages/aws-cdk-lib/cx-api/lib/features.ts | 1 - .../cx-api/test/stack-artifact.test.ts | 1 - .../lib/codepipeline/codepipeline.ts | 4 -- .../codepipeline/private/codebuild-factory.ts | 1 - .../lib/helpers-internal/step-output.ts | 2 - .../legacy/actions/publish-assets-action.ts | 2 - .../pipelines/lib/legacy/pipeline.ts | 2 - .../aws-cdk-lib/pipelines/lib/legacy/stage.ts | 1 - .../pipelines/lib/private/identifiers.ts | 1 - .../pipelines/lib/private/javascript.ts | 1 - .../blueprint/helpers-internal/graph.test.ts | 1 - .../helpers-internal/pipeline-graph.test.ts | 1 - .../helpers-internal/pipeline-queries.test.ts | 1 - .../test/blueprint/helpers-internal/util.ts | 2 - .../blueprint/logicalid-stability.test.ts | 1 - .../test/blueprint/stack-deployment.test.ts | 1 - .../test/codepipeline/codepipeline.test.ts | 1 - .../pipelines/test/compliance/assets.test.ts | 3 - .../test/compliance/environments.test.ts | 1 - .../test/compliance/escape-hatching.test.ts | 1 - .../test/compliance/self-mutation.test.ts | 1 - .../pipelines/test/compliance/synths.test.ts | 2 - .../test/compliance/validations.test.ts | 2 - .../pipelines/test/testhelpers/compliance.ts | 1 - .../test/testhelpers/legacy-pipeline.ts | 1 - .../pipelines/test/testhelpers/test-app.ts | 1 - .../region-info/test/default.test.ts | 1 - .../region-info/test/region-info.test.ts | 1 - .../scripts/submodules/aws-events-targets.ts | 1 - .../aws-cdk-lib/scripts/submodules/index.ts | 1 - .../scripts/verify-imports-shielded.ts | 2 - .../scripts/verify-stripped-exp.ts | 1 - .../lib/api/aws-auth/aws-sdk-inifile.ts | 1 - .../lib/api/aws-auth/awscli-compatible.ts | 1 - .../aws-cdk/lib/api/aws-auth/sdk-provider.ts | 1 - .../api/bootstrap/bootstrap-environment.ts | 1 - .../aws-cdk/lib/api/cxapp/cloud-assembly.ts | 1 - .../cloudformation/stack-activity-monitor.ts | 3 - packages/aws-cdk/lib/init.ts | 1 - packages/aws-cdk/lib/logging.ts | 2 - .../aws-cdk/lib/util/work-graph-builder.ts | 1 - .../aws-cdk/test/api/cloud-executable.test.ts | 2 - packages/aws-cdk/test/api/exec.test.ts | 1 - .../test/api/stack-activity-monitor.test.ts | 3 - .../aws-cdk/test/api/toolkit-info.test.ts | 1 - .../aws-cdk/test/api/util/display.test.ts | 1 - packages/aws-cdk/test/cdk-toolkit.test.ts | 2 - .../test/commands/context-command.test.ts | 6 -- .../test/context-providers/keys.test.ts | 1 - .../aws-cdk/test/platform-warnings.test.ts | 1 - .../aws-cdk/test/util/stack-monitor.test.ts | 1 - packages/aws-cdk/test/work-graph.test.ts | 1 - packages/cdk-assets/lib/aws.ts | 1 - .../cdk-assets/lib/private/handlers/files.ts | 2 - .../cdk-assets/test/docker-images.test.ts | 1 - packages/cdk-assets/test/files.test.ts | 1 - .../cdk-build-tools/config/eslintrc.js | 2 +- .../cdk-build-tools/lib/package-info.ts | 1 - .../cdk-release/lib/private/run-exec-file.ts | 1 - .../cfn2ts/lib/canned-metrics-generator.ts | 1 - .../node-bundle/src/api/_attributions.ts | 1 - .../@aws-cdk/pkglint/lib/library-creation.ts | 1 - tools/@aws-cdk/pkglint/lib/rules.ts | 1 - tools/@aws-cdk/prlint/lint.ts | 3 - tools/@aws-cdk/prlint/test/lint.test.ts | 1 - 465 files changed, 2 insertions(+), 1121 deletions(-) diff --git a/packages/@aws-cdk-testing/cli-integ/lib/aws.ts b/packages/@aws-cdk-testing/cli-integ/lib/aws.ts index cc5e2015ffe7f..e43dcf498ccee 100644 --- a/packages/@aws-cdk-testing/cli-integ/lib/aws.ts +++ b/packages/@aws-cdk-testing/cli-integ/lib/aws.ts @@ -185,7 +185,6 @@ type AwsCallIO = type First = T extends [any, any] ? T[0] : never; type Second = T extends [any, any] ? T[1] : never; - export function isStackMissingError(e: Error) { return e.message.indexOf('does not exist') > -1; } diff --git a/packages/@aws-cdk-testing/cli-integ/lib/files.ts b/packages/@aws-cdk-testing/cli-integ/lib/files.ts index 186b1b0ff15f5..47fb538d548ae 100644 --- a/packages/@aws-cdk-testing/cli-integ/lib/files.ts +++ b/packages/@aws-cdk-testing/cli-integ/lib/files.ts @@ -45,7 +45,6 @@ export function findUp(name: string, directory: string = process.cwd()): string return findUp(name, path.dirname(absoluteDirectory)); } - /** * Docker-safe home directory */ diff --git a/packages/@aws-cdk-testing/cli-integ/lib/staging/parallel-shell.ts b/packages/@aws-cdk-testing/cli-integ/lib/staging/parallel-shell.ts index 53242e73a1239..09a7c98810ce9 100644 --- a/packages/@aws-cdk-testing/cli-integ/lib/staging/parallel-shell.ts +++ b/packages/@aws-cdk-testing/cli-integ/lib/staging/parallel-shell.ts @@ -2,7 +2,6 @@ import PQueue from 'p-queue'; import { sleep } from '../aws'; import { MemoryStream } from '../corking'; - export type ErrorResponse = 'fail' | 'skip' | 'retry'; /** diff --git a/packages/@aws-cdk-testing/cli-integ/lib/with-sam.ts b/packages/@aws-cdk-testing/cli-integ/lib/with-sam.ts index 1343494fba6bb..c5098ab820f0f 100644 --- a/packages/@aws-cdk-testing/cli-integ/lib/with-sam.ts +++ b/packages/@aws-cdk-testing/cli-integ/lib/with-sam.ts @@ -10,7 +10,6 @@ import { AwsContext, withAws } from './with-aws'; import { cloneDirectory, installNpmPackages, TestFixture, DEFAULT_TEST_TIMEOUT_S } from './with-cdk-app'; import { withTimeout } from './with-timeout'; - export interface ActionOutput { actionSucceeded?: boolean; actionOutput?: any; diff --git a/packages/@aws-cdk-testing/cli-integ/test/xpmutex.test.ts b/packages/@aws-cdk-testing/cli-integ/test/xpmutex.test.ts index 7adfbea8f4a4b..e7f14766d69a8 100644 --- a/packages/@aws-cdk-testing/cli-integ/test/xpmutex.test.ts +++ b/packages/@aws-cdk-testing/cli-integ/test/xpmutex.test.ts @@ -30,7 +30,6 @@ test('acquire waits', async () => { await secondProcess; }); - /** * Poll for some condition every 10ms */ diff --git a/packages/@aws-cdk-testing/cli-integ/tests/init-csharp/init-csharp.integtest.ts b/packages/@aws-cdk-testing/cli-integ/tests/init-csharp/init-csharp.integtest.ts index a36b1d628347e..192726470e43a 100644 --- a/packages/@aws-cdk-testing/cli-integ/tests/init-csharp/init-csharp.integtest.ts +++ b/packages/@aws-cdk-testing/cli-integ/tests/init-csharp/init-csharp.integtest.ts @@ -13,4 +13,3 @@ import { integTest, withTemporaryDirectory, ShellHelper, withPackages } from '.. }))); }); - diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/authorizers/integ.token-authorizer.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/authorizers/integ.token-authorizer.ts index 1a57e6f32ffca..2a7f4b201aa86 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/authorizers/integ.token-authorizer.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/authorizers/integ.token-authorizer.ts @@ -27,7 +27,6 @@ const restapi = new RestApi(stack, 'MyRestApi', { }, }); - restapi.root.addMethod('ANY', new MockIntegration({ integrationResponses: [ { statusCode: '200' }, diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/integ.domain-name.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/integ.domain-name.ts index 360ceb50e317b..29eb4b811df55 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/integ.domain-name.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/integ.domain-name.ts @@ -92,7 +92,6 @@ const api2 = new Api(testCase, 'IntegApi2', { path: 'items', }); - /** * Test 1 * @@ -151,7 +150,6 @@ secondDomain.addApiMapping(api2.restApi.deploymentStage, { basePath: 'orders/v2', }); - /** * Test 3 * @@ -177,7 +175,6 @@ thirdDomain.addBasePathMapping(api2.restApi, { basePath: 'v2', }); - /** * ------------------------------------------------------- * ------------------------- THEN ------------------------ diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/integ.method-grant-execute.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/integ.method-grant-execute.ts index 9960bd3fde900..291d1190892f1 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/integ.method-grant-execute.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/integ.method-grant-execute.ts @@ -3,7 +3,6 @@ import * as cdk from 'aws-cdk-lib'; import * as integ from '@aws-cdk/integ-tests-alpha'; import * as apigw from 'aws-cdk-lib/aws-apigateway'; - const app = new cdk.App(); const stack = new cdk.Stack(app, 'GrantExecute'); diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.graphql-iam.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.graphql-iam.ts index 7ca2f45db7801..15a14f71e1e0c 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.graphql-iam.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.graphql-iam.ts @@ -89,7 +89,6 @@ testDS.createResolver('MutationAddTest', { const lambdaIAM = new Role(stack, 'LambdaIAM', { assumedBy: new ServicePrincipal('lambda') }); - api.grant(lambdaIAM, IamResource.custom('types/Query/fields/getTests'), 'appsync:graphql'); api.grant(lambdaIAM, IamResource.ofType('test'), 'appsync:GraphQL'); api.grantMutation(lambdaIAM, 'addTest'); diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.log-retention.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.log-retention.ts index f28dabec7437a..b0674873fcef3 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.log-retention.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.log-retention.ts @@ -7,7 +7,6 @@ import { GraphqlApi, LogConfig, SchemaFile } from 'aws-cdk-lib/aws-appsync'; const app = new App(); const stack = new Stack(app, 'AppSyncIntegLogRetention'); - const retentionTime = RetentionDays.ONE_WEEK; const logConfig: LogConfig = { retention: retentionTime, diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-autoscaling-hooktargets/test/integ.queue-hook.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-autoscaling-hooktargets/test/integ.queue-hook.ts index 385208bf29664..36f2b9d4bbe32 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-autoscaling-hooktargets/test/integ.queue-hook.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-autoscaling-hooktargets/test/integ.queue-hook.ts @@ -53,7 +53,6 @@ const setDesired = integ.assertions.awsApiCall('AutoScaling', 'setDesiredCapacit DesiredCapacity: 1, }); - const message = integ.assertions.awsApiCall('SQS', 'receiveMessage', { QueueUrl: testCase.queueUrl, }); diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-cloudformation/test/integ.core-cross-region-references.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-cloudformation/test/integ.core-cross-region-references.ts index b3cd6fc6f69b8..e4323f25ba3c6 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-cloudformation/test/integ.core-cross-region-references.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-cloudformation/test/integ.core-cross-region-references.ts @@ -77,7 +77,6 @@ const integ = new IntegTest(app, 'cross-region-references', { stackUpdateWorkflow: false, }); - /** * Test that if the references are still in use, deleting the producer * stack will fail diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-cloudfront/test/integ.cloudfront-cross-region-cert.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-cloudfront/test/integ.cloudfront-cross-region-cert.ts index 0dedd1322c8a0..83843333d8f35 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-cloudfront/test/integ.cloudfront-cross-region-cert.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-cloudfront/test/integ.cloudfront-cross-region-cert.ts @@ -32,7 +32,6 @@ const cloudFrontStack = new cdk.Stack(app, 'integ-cloudfront-stack', { crossRegionReferences: true, }); - const hostedZone = route53.PublicHostedZone.fromHostedZoneAttributes(acmStack, 'HostedZone', { hostedZoneId, zoneName: hostedZoneName, diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-cloudfront/test/integ.distribution-logbucket.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-cloudfront/test/integ.distribution-logbucket.ts index ad2702497cec1..1396a9a4cd5f4 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-cloudfront/test/integ.distribution-logbucket.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-cloudfront/test/integ.distribution-logbucket.ts @@ -3,7 +3,6 @@ import { TestOrigin } from './test-origin'; import * as cloudfront from 'aws-cdk-lib/aws-cloudfront'; import * as integ from '@aws-cdk/integ-tests-alpha'; - const app = new cdk.App(); const stack = new cdk.Stack(app, 'integ-distribution-logbucket'); diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-cloudtrail/test/integ.cloudtrail-insight.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-cloudtrail/test/integ.cloudtrail-insight.ts index 886e7610e9448..168fe37ae329c 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-cloudtrail/test/integ.cloudtrail-insight.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-cloudtrail/test/integ.cloudtrail-insight.ts @@ -38,7 +38,6 @@ new cloudtrail.Trail(stack, 'Trail', { ], }); - new integ.IntegTest(app, 'aws-cdk-cloudtrail-inshights', { testCases: [stack], }); diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-cloudwatch-actions/test/integ.ssm-incident-alarm-action.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-cloudwatch-actions/test/integ.ssm-incident-alarm-action.ts index 31b2a1086191d..d13947afb9651 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-cloudwatch-actions/test/integ.ssm-incident-alarm-action.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-cloudwatch-actions/test/integ.ssm-incident-alarm-action.ts @@ -37,7 +37,6 @@ class SsmIncidentAlarmActionIntegrationTestStack extends Stack { responsePlan.node.addDependency(replicationSet); - const metric = new cloudwatch.Metric({ namespace: 'CDK/Test', metricName: 'Metric', diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-codebuild/test/integ.asset-build-spec.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-codebuild/test/integ.asset-build-spec.ts index 4635888952efb..84cb71f2a9051 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-codebuild/test/integ.asset-build-spec.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-codebuild/test/integ.asset-build-spec.ts @@ -28,7 +28,6 @@ getBuildProject.assertAtPath( ExpectedResult.stringLikeRegexp('.+'), ); - const getBuildProjectBuildSpecArn = getBuildProject.getAttString('projects.0.source.buildspec'); // Assert that the buildspec for the project is in fact an S3 object arn diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-codedeploy/test/lambda/integ.deployment-group.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-codedeploy/test/lambda/integ.deployment-group.ts index 6c0522d4f1d28..0c1d76fc9dc3b 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-codedeploy/test/lambda/integ.deployment-group.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-codedeploy/test/lambda/integ.deployment-group.ts @@ -4,7 +4,6 @@ import * as lambda from 'aws-cdk-lib/aws-lambda'; import * as cdk from 'aws-cdk-lib'; import * as codedeploy from 'aws-cdk-lib/aws-codedeploy'; - const app = new cdk.App(); const stack = new cdk.Stack(app, 'aws-cdk-codedeploy-lambda'); diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-s3-deploy.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-s3-deploy.ts index 879d96e92071f..e38f71d7b7613 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-s3-deploy.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-s3-deploy.ts @@ -92,7 +92,6 @@ getObjectCall.provider.addToRolePolicy({ Resource: ['*'], }); - const putObjectCall = integ.assertions.awsApiCall('S3', 'putObject', { Bucket: bucket.bucketName, Key: 'key', diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-with-replication.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-with-replication.ts index 8e1af38f77fb7..438e2846184f9 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-with-replication.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-with-replication.ts @@ -6,7 +6,6 @@ import { App, Stack, RemovalPolicy } from 'aws-cdk-lib'; import { IntegTest } from '@aws-cdk/integ-tests-alpha'; import { S3SourceAction, CodeBuildAction } from 'aws-cdk-lib/aws-codepipeline-actions'; - const app = new App({ treeMetadata: false, }); @@ -23,7 +22,6 @@ const stack2 = new Stack(app, 'integ-pipeline-consumer-stack', { crossRegionReferences: true, }); - const key = new Key(stack1, 'ReplicationKey'); const bucket = new Bucket(stack1, 'ReplicationBucket', { encryptionKey: key, diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-cognito/test/integ.user-pool-idp.google.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-cognito/test/integ.user-pool-idp.google.ts index e26f9bd5bcc48..1145a4fff3c19 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-cognito/test/integ.user-pool-idp.google.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-cognito/test/integ.user-pool-idp.google.ts @@ -2,7 +2,6 @@ import { Secret } from 'aws-cdk-lib/aws-secretsmanager'; import { App, CfnOutput, RemovalPolicy, Stack } from 'aws-cdk-lib'; import { ProviderAttribute, UserPool, UserPoolIdentityProviderGoogle } from 'aws-cdk-lib/aws-cognito'; - /* * Stack verification steps * * Visit the URL provided by stack output 'SignInLink' in a browser, and verify the 'Google' sign in link shows up. diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-config/test/integ.rule.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-config/test/integ.rule.ts index da57beed2a01f..b533e711e7936 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-config/test/integ.rule.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-config/test/integ.rule.ts @@ -32,7 +32,6 @@ driftRule.onComplianceChange('ComplianceChange', { target: new targets.SnsTopic(complianceTopic), }); - new integ.IntegTest(app, 'aws-cdk-config-rule-integ', { testCases: [stack], }); \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.global-replicas-provisioned.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.global-replicas-provisioned.ts index 599404625a1dc..c8b042ddef993 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.global-replicas-provisioned.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.global-replicas-provisioned.ts @@ -21,5 +21,4 @@ new IntegTest(app, 'aws-cdk-dynamodb-global-replicas-provisioned-test', { testCases: [stack], }); - app.synth(); diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/import-certificates-handler/index.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/import-certificates-handler/index.ts index 846af4be6bcc3..8d89d4c8d8b5f 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/import-certificates-handler/index.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/import-certificates-handler/index.ts @@ -24,7 +24,6 @@ export async function handler(event: AWSLambda.CloudFormationCustomResourceEvent }).promise(); } - return { Data: { ServerCertificateArn: serverImport?.CertificateArn, diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.client-vpn-endpoint.js.snapshot/asset.1ef463e71119677d383a964bbb0740f0c4de382c21d5a8d68be98334d514ae8a/index.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.client-vpn-endpoint.js.snapshot/asset.1ef463e71119677d383a964bbb0740f0c4de382c21d5a8d68be98334d514ae8a/index.ts index 846af4be6bcc3..8d89d4c8d8b5f 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.client-vpn-endpoint.js.snapshot/asset.1ef463e71119677d383a964bbb0740f0c4de382c21d5a8d68be98334d514ae8a/index.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.client-vpn-endpoint.js.snapshot/asset.1ef463e71119677d383a964bbb0740f0c4de382c21d5a8d68be98334d514ae8a/index.ts @@ -24,7 +24,6 @@ export async function handler(event: AWSLambda.CloudFormationCustomResourceEvent }).promise(); } - return { Data: { ServerCertificateArn: serverImport?.CertificateArn, diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.launch-template.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.launch-template.ts index 6aca1c8d76657..bef5bbb1ef323 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.launch-template.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.launch-template.ts @@ -2,7 +2,6 @@ import * as cdk from 'aws-cdk-lib'; import * as integ from '@aws-cdk/integ-tests-alpha'; import * as ec2 from 'aws-cdk-lib/aws-ec2'; - const app = new cdk.App(); const stack = new cdk.Stack(app, 'aws-cdk-ec2-lt-metadata-1'); diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.machine-image.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.machine-image.ts index 05ee3ea1a6beb..387584fd5d41a 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.machine-image.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.machine-image.ts @@ -8,7 +8,6 @@ import { import { Construct } from 'constructs'; import { EC2_RESTRICT_DEFAULT_SECURITY_GROUP } from 'aws-cdk-lib/cx-api'; - export class TestCase extends Stack { constructor(scope: Construct, id: string, props?: StackProps) { super(scope, id, props); @@ -32,7 +31,6 @@ export class TestCase extends Stack { } } - const app = new App(); new IntegTest(app, 'integ-test', { testCases: [new TestCase(app, 'integ-ec2-machine-image-test')], diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.prefix-list.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.prefix-list.ts index aa5a8ed82be69..a4b24d571241f 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.prefix-list.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.prefix-list.ts @@ -7,7 +7,6 @@ import { } from 'aws-cdk-lib'; import { Construct } from 'constructs'; - export class TestCase extends Stack { constructor(scope: Construct, id: string, props?: StackProps) { super(scope, id, props); @@ -20,7 +19,6 @@ export class TestCase extends Stack { } } - const app = new App(); new IntegTest(app, 'integ-test', { testCases: [new TestCase(app, 'integ-ec2-prefix-list-test')], diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-flow-logs-customformat.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-flow-logs-customformat.ts index 4fe18a87876b7..a248d4f6ca18b 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-flow-logs-customformat.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-flow-logs-customformat.ts @@ -6,7 +6,6 @@ import { EC2_RESTRICT_DEFAULT_SECURITY_GROUP } from 'aws-cdk-lib/cx-api'; const app = new App(); - class TestStack extends Stack { constructor(scope: App, id: string, props?: StackProps) { super(scope, id, props); @@ -70,7 +69,6 @@ class TestStack extends Stack { } } - new IntegTest(app, 'FlowLogs', { testCases: [ new TestStack(app, 'FlowLogsTestStack'), diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-flow-logs-interval.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-flow-logs-interval.ts index 5a17424f460b0..a4685e5677913 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-flow-logs-interval.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-flow-logs-interval.ts @@ -7,7 +7,6 @@ import { EC2_RESTRICT_DEFAULT_SECURITY_GROUP } from 'aws-cdk-lib/cx-api'; const app = new App(); - class TestStack extends Stack { constructor(scope: App, id: string, props?: StackProps) { super(scope, id, props); @@ -71,7 +70,6 @@ class TestStack extends Stack { } } - new IntegTest(app, 'FlowLogs', { testCases: [ new TestStack(app, 'FlowLogsTestStack'), diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-ipam.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-ipam.ts index aeb66674e1260..840372f255f8b 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-ipam.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-ipam.ts @@ -82,4 +82,3 @@ integ.assertions.awsApiCall('EC2', 'describeVpcs', { app.synth(); - diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.healthchecks-multiple-network-load-balanced-fargate-service.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.healthchecks-multiple-network-load-balanced-fargate-service.ts index c2f229a6a1957..4bab83097bcb1 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.healthchecks-multiple-network-load-balanced-fargate-service.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.healthchecks-multiple-network-load-balanced-fargate-service.ts @@ -50,7 +50,6 @@ networkMultipleTargetGroupsFargateService.targetGroups[0].configureHealthCheck({ networkMultipleTargetGroupsFargateService.targetGroups[1].configureHealthCheck({}); - new IntegTest(app, 'Integ', { testCases: [stack] }); app.synth(); diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service-isolated.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service-isolated.ts index 53e863f6045f4..0b51fe3f9325d 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service-isolated.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service-isolated.ts @@ -24,7 +24,6 @@ const vpc = new ec2.Vpc(stack, 'VPC', { ], }); - vpc.addS3Endpoint('S3Endpoint', [{ subnetType: ec2.SubnetType.PRIVATE_ISOLATED }]); const securityGroup = new ec2.SecurityGroup(stack, 'MyCustomSG', { diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.runtime-platform-application-load-balanced-fargate-service.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.runtime-platform-application-load-balanced-fargate-service.ts index 331164f797c32..e152f61d55d16 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.runtime-platform-application-load-balanced-fargate-service.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.runtime-platform-application-load-balanced-fargate-service.ts @@ -10,7 +10,6 @@ import { ScheduledFargateTask } from 'aws-cdk-lib/aws-ecs-patterns'; const app = new cdk.App(); const stack = new cdk.Stack(app, 'aws-ecs-runtime-integ'); - const vpc = new ec2.Vpc(stack, 'Vpc', { maxAzs: 1, restrictDefaultSecurityGroup: false }); const cluster = new ecs.Cluster(stack, 'FargateCluster', { vpc }); diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/ec2/integ.default-capacity-provider.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/ec2/integ.default-capacity-provider.ts index 8c2aa042e47b3..1e08bd6d990cb 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/ec2/integ.default-capacity-provider.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/ec2/integ.default-capacity-provider.ts @@ -39,7 +39,6 @@ cluster.addDefaultCapacityProviderStrategy([ { capacityProvider: 'FARGATE_SPOT', weight: 1 }, ]); - new ecs.Ec2Service(stack, 'EC2Service', { cluster, taskDefinition, diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/fargate/integ.fargate-with-efs.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/fargate/integ.fargate-with-efs.ts index 9ed2522cf9025..702fcdb996d4c 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/fargate/integ.fargate-with-efs.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/fargate/integ.fargate-with-efs.ts @@ -4,7 +4,6 @@ import * as cdk from 'aws-cdk-lib'; import { Construct } from 'constructs'; import * as ecs from 'aws-cdk-lib/aws-ecs'; - class FargateWithEfsStack extends cdk.Stack { constructor(scope: Construct, id: string, props?: cdk.StackProps) { super(scope, id, props); diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/fargate/integ.runtime.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/fargate/integ.runtime.ts index 1d2b8f11bf629..f3d1038e6c9ba 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/fargate/integ.runtime.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/fargate/integ.runtime.ts @@ -7,7 +7,6 @@ const stack = new cdk.Stack(app, 'aws-ecs-integ-runtime'); const vpc = new ec2.Vpc(stack, 'Vpc', { maxAzs: 2, restrictDefaultSecurityGroup: false }); - const cluster = new ecs.Cluster(stack, 'FargateCluster', { vpc, }); diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/asset.a21fb971385f0210c6b1c88a25f1b9986bae4e4e1bca8d4aa818c442e1878ddf/cluster.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/asset.a21fb971385f0210c6b1c88a25f1b9986bae4e4e1bca8d4aa818c442e1878ddf/cluster.ts index 558fbe9884428..c058e47b62c68 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/asset.a21fb971385f0210c6b1c88a25f1b9986bae4e4e1bca8d4aa818c442e1878ddf/cluster.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/asset.a21fb971385f0210c6b1c88a25f1b9986bae4e4e1bca8d4aa818c442e1878ddf/cluster.ts @@ -7,7 +7,6 @@ import { EksClient, ResourceEvent, ResourceHandler } from './common'; import { compareLoggingProps } from './compareLogging'; import { IsCompleteResponse, OnEventResponse } from '../../../custom-resources/lib/provider-framework/types'; - const MAX_CLUSTER_NAME_LEN = 100; export class ClusterResourceHandler extends ResourceHandler { diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-bottlerocket-ng.js.snapshot/asset.a21fb971385f0210c6b1c88a25f1b9986bae4e4e1bca8d4aa818c442e1878ddf/cluster.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-bottlerocket-ng.js.snapshot/asset.a21fb971385f0210c6b1c88a25f1b9986bae4e4e1bca8d4aa818c442e1878ddf/cluster.ts index 558fbe9884428..c058e47b62c68 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-bottlerocket-ng.js.snapshot/asset.a21fb971385f0210c6b1c88a25f1b9986bae4e4e1bca8d4aa818c442e1878ddf/cluster.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-bottlerocket-ng.js.snapshot/asset.a21fb971385f0210c6b1c88a25f1b9986bae4e4e1bca8d4aa818c442e1878ddf/cluster.ts @@ -7,7 +7,6 @@ import { EksClient, ResourceEvent, ResourceHandler } from './common'; import { compareLoggingProps } from './compareLogging'; import { IsCompleteResponse, OnEventResponse } from '../../../custom-resources/lib/provider-framework/types'; - const MAX_CLUSTER_NAME_LEN = 100; export class ClusterResourceHandler extends ResourceHandler { diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-cluster-handlers-vpc.js.snapshot/asset.a21fb971385f0210c6b1c88a25f1b9986bae4e4e1bca8d4aa818c442e1878ddf/cluster.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-cluster-handlers-vpc.js.snapshot/asset.a21fb971385f0210c6b1c88a25f1b9986bae4e4e1bca8d4aa818c442e1878ddf/cluster.ts index 558fbe9884428..c058e47b62c68 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-cluster-handlers-vpc.js.snapshot/asset.a21fb971385f0210c6b1c88a25f1b9986bae4e4e1bca8d4aa818c442e1878ddf/cluster.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-cluster-handlers-vpc.js.snapshot/asset.a21fb971385f0210c6b1c88a25f1b9986bae4e4e1bca8d4aa818c442e1878ddf/cluster.ts @@ -7,7 +7,6 @@ import { EksClient, ResourceEvent, ResourceHandler } from './common'; import { compareLoggingProps } from './compareLogging'; import { IsCompleteResponse, OnEventResponse } from '../../../custom-resources/lib/provider-framework/types'; - const MAX_CLUSTER_NAME_LEN = 100; export class ClusterResourceHandler extends ResourceHandler { diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-cluster-private-endpoint.js.snapshot/asset.a21fb971385f0210c6b1c88a25f1b9986bae4e4e1bca8d4aa818c442e1878ddf/cluster.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-cluster-private-endpoint.js.snapshot/asset.a21fb971385f0210c6b1c88a25f1b9986bae4e4e1bca8d4aa818c442e1878ddf/cluster.ts index 558fbe9884428..c058e47b62c68 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-cluster-private-endpoint.js.snapshot/asset.a21fb971385f0210c6b1c88a25f1b9986bae4e4e1bca8d4aa818c442e1878ddf/cluster.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-cluster-private-endpoint.js.snapshot/asset.a21fb971385f0210c6b1c88a25f1b9986bae4e4e1bca8d4aa818c442e1878ddf/cluster.ts @@ -7,7 +7,6 @@ import { EksClient, ResourceEvent, ResourceHandler } from './common'; import { compareLoggingProps } from './compareLogging'; import { IsCompleteResponse, OnEventResponse } from '../../../custom-resources/lib/provider-framework/types'; - const MAX_CLUSTER_NAME_LEN = 100; export class ClusterResourceHandler extends ResourceHandler { diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-cluster-private-endpoint.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-cluster-private-endpoint.ts index 8141ef371bbd3..a3d8dc970311f 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-cluster-private-endpoint.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-cluster-private-endpoint.ts @@ -42,7 +42,6 @@ class EksClusterStack extends Stack { } } - const app = new App(); const stack = new EksClusterStack(app, 'aws-cdk-eks-cluster-private-endpoint-test'); diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-cluster.js.snapshot/asset.a21fb971385f0210c6b1c88a25f1b9986bae4e4e1bca8d4aa818c442e1878ddf/cluster.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-cluster.js.snapshot/asset.a21fb971385f0210c6b1c88a25f1b9986bae4e4e1bca8d4aa818c442e1878ddf/cluster.ts index 558fbe9884428..c058e47b62c68 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-cluster.js.snapshot/asset.a21fb971385f0210c6b1c88a25f1b9986bae4e4e1bca8d4aa818c442e1878ddf/cluster.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-cluster.js.snapshot/asset.a21fb971385f0210c6b1c88a25f1b9986bae4e4e1bca8d4aa818c442e1878ddf/cluster.ts @@ -7,7 +7,6 @@ import { EksClient, ResourceEvent, ResourceHandler } from './common'; import { compareLoggingProps } from './compareLogging'; import { IsCompleteResponse, OnEventResponse } from '../../../custom-resources/lib/provider-framework/types'; - const MAX_CLUSTER_NAME_LEN = 100; export class ClusterResourceHandler extends ResourceHandler { diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-cluster.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-cluster.ts index 0510b7a4b076b..956652d4062aa 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-cluster.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-cluster.ts @@ -13,7 +13,6 @@ import * as hello from './hello-k8s'; import { getClusterVersionConfig } from './integ-tests-kubernetes-version'; import * as eks from 'aws-cdk-lib/aws-eks'; - class EksClusterStack extends Stack { private cluster: eks.Cluster; diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-helm-asset.js.snapshot/asset.a21fb971385f0210c6b1c88a25f1b9986bae4e4e1bca8d4aa818c442e1878ddf/cluster.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-helm-asset.js.snapshot/asset.a21fb971385f0210c6b1c88a25f1b9986bae4e4e1bca8d4aa818c442e1878ddf/cluster.ts index 558fbe9884428..c058e47b62c68 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-helm-asset.js.snapshot/asset.a21fb971385f0210c6b1c88a25f1b9986bae4e4e1bca8d4aa818c442e1878ddf/cluster.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-helm-asset.js.snapshot/asset.a21fb971385f0210c6b1c88a25f1b9986bae4e4e1bca8d4aa818c442e1878ddf/cluster.ts @@ -7,7 +7,6 @@ import { EksClient, ResourceEvent, ResourceHandler } from './common'; import { compareLoggingProps } from './compareLogging'; import { IsCompleteResponse, OnEventResponse } from '../../../custom-resources/lib/provider-framework/types'; - const MAX_CLUSTER_NAME_LEN = 100; export class ClusterResourceHandler extends ResourceHandler { diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-inference.js.snapshot/asset.a21fb971385f0210c6b1c88a25f1b9986bae4e4e1bca8d4aa818c442e1878ddf/cluster.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-inference.js.snapshot/asset.a21fb971385f0210c6b1c88a25f1b9986bae4e4e1bca8d4aa818c442e1878ddf/cluster.ts index 558fbe9884428..c058e47b62c68 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-inference.js.snapshot/asset.a21fb971385f0210c6b1c88a25f1b9986bae4e4e1bca8d4aa818c442e1878ddf/cluster.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-inference.js.snapshot/asset.a21fb971385f0210c6b1c88a25f1b9986bae4e4e1bca8d4aa818c442e1878ddf/cluster.ts @@ -7,7 +7,6 @@ import { EksClient, ResourceEvent, ResourceHandler } from './common'; import { compareLoggingProps } from './compareLogging'; import { IsCompleteResponse, OnEventResponse } from '../../../custom-resources/lib/provider-framework/types'; - const MAX_CLUSTER_NAME_LEN = 100; export class ClusterResourceHandler extends ResourceHandler { diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-service-account-sdk-call.js.snapshot/asset.a21fb971385f0210c6b1c88a25f1b9986bae4e4e1bca8d4aa818c442e1878ddf/cluster.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-service-account-sdk-call.js.snapshot/asset.a21fb971385f0210c6b1c88a25f1b9986bae4e4e1bca8d4aa818c442e1878ddf/cluster.ts index 558fbe9884428..c058e47b62c68 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-service-account-sdk-call.js.snapshot/asset.a21fb971385f0210c6b1c88a25f1b9986bae4e4e1bca8d4aa818c442e1878ddf/cluster.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-service-account-sdk-call.js.snapshot/asset.a21fb971385f0210c6b1c88a25f1b9986bae4e4e1bca8d4aa818c442e1878ddf/cluster.ts @@ -7,7 +7,6 @@ import { EksClient, ResourceEvent, ResourceHandler } from './common'; import { compareLoggingProps } from './compareLogging'; import { IsCompleteResponse, OnEventResponse } from '../../../custom-resources/lib/provider-framework/types'; - const MAX_CLUSTER_NAME_LEN = 100; export class ClusterResourceHandler extends ResourceHandler { diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-service-account-sdk-call.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-service-account-sdk-call.ts index 38ac3a687fccb..48f99a1698ec6 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-service-account-sdk-call.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-service-account-sdk-call.ts @@ -10,7 +10,6 @@ import { BucketPinger } from './bucket-pinger/bucket-pinger'; import * as eks from 'aws-cdk-lib/aws-eks'; import { getClusterVersionConfig } from './integ-tests-kubernetes-version'; - const app = new App(); const stack = new Stack(app, 'aws-eks-service-account-sdk-calls-test'); diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-windows-ng.js.snapshot/asset.a21fb971385f0210c6b1c88a25f1b9986bae4e4e1bca8d4aa818c442e1878ddf/cluster.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-windows-ng.js.snapshot/asset.a21fb971385f0210c6b1c88a25f1b9986bae4e4e1bca8d4aa818c442e1878ddf/cluster.ts index 558fbe9884428..c058e47b62c68 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-windows-ng.js.snapshot/asset.a21fb971385f0210c6b1c88a25f1b9986bae4e4e1bca8d4aa818c442e1878ddf/cluster.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-windows-ng.js.snapshot/asset.a21fb971385f0210c6b1c88a25f1b9986bae4e4e1bca8d4aa818c442e1878ddf/cluster.ts @@ -7,7 +7,6 @@ import { EksClient, ResourceEvent, ResourceHandler } from './common'; import { compareLoggingProps } from './compareLogging'; import { IsCompleteResponse, OnEventResponse } from '../../../custom-resources/lib/provider-framework/types'; - const MAX_CLUSTER_NAME_LEN = 100; export class ClusterResourceHandler extends ResourceHandler { diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.fargate-cluster.js.snapshot/asset.a21fb971385f0210c6b1c88a25f1b9986bae4e4e1bca8d4aa818c442e1878ddf/cluster.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.fargate-cluster.js.snapshot/asset.a21fb971385f0210c6b1c88a25f1b9986bae4e4e1bca8d4aa818c442e1878ddf/cluster.ts index 558fbe9884428..c058e47b62c68 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.fargate-cluster.js.snapshot/asset.a21fb971385f0210c6b1c88a25f1b9986bae4e4e1bca8d4aa818c442e1878ddf/cluster.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.fargate-cluster.js.snapshot/asset.a21fb971385f0210c6b1c88a25f1b9986bae4e4e1bca8d4aa818c442e1878ddf/cluster.ts @@ -7,7 +7,6 @@ import { EksClient, ResourceEvent, ResourceHandler } from './common'; import { compareLoggingProps } from './compareLogging'; import { IsCompleteResponse, OnEventResponse } from '../../../custom-resources/lib/provider-framework/types'; - const MAX_CLUSTER_NAME_LEN = 100; export class ClusterResourceHandler extends ResourceHandler { diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.dualstack.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.dualstack.ts index fc974d47c092d..2b5cd0bf49f26 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.dualstack.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.dualstack.ts @@ -44,7 +44,6 @@ const internetGateway = valueOrDie( new Error('Couldnt find an internet gateway'), ); - const lb = new elbv2.ApplicationLoadBalancer(stack, 'LB', { vpc, ipAddressType: elbv2.IpAddressType.DUAL_STACK, diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.ts index de81ae092522e..5a02b26222393 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.ts @@ -36,7 +36,6 @@ const group2 = listener.addTargets('ConditionalTarget', { slowStart: cdk.Duration.minutes(1), }); - group1.metricTargetResponseTime().createAlarm(stack, 'ResponseTimeHigh1', { threshold: 5, evaluationPeriods: 2, diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.connection-termination.nlb.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.connection-termination.nlb.ts index 892884c511864..d8a3332e5e308 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.connection-termination.nlb.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.connection-termination.nlb.ts @@ -5,7 +5,6 @@ import { Duration } from 'aws-cdk-lib'; import * as integ from '@aws-cdk/integ-tests-alpha'; import * as elbv2 from 'aws-cdk-lib/aws-elasticloadbalancingv2'; - const app = new cdk.App(); const stack = new cdk.Stack(app, 'aws-cdk-elbv2-integ'); diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-events-targets/test/lambda/integ.events.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-events-targets/test/lambda/integ.events.ts index f789f3254f4ed..ff83638cfbddf 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-events-targets/test/lambda/integ.events.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-events-targets/test/lambda/integ.events.ts @@ -24,7 +24,6 @@ const timer2 = new events.Rule(stack, 'Timer2', { }); timer2.addTarget(new targets.LambdaFunction(fn)); - const timer3 = new events.Rule(stack, 'Timer3', { schedule: events.Schedule.rate(cdk.Duration.minutes(2)), }); diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-events/test/integ.rule.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-events/test/integ.rule.ts index cf3b79622ef66..958e3d9d1694b 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-events/test/integ.rule.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-events/test/integ.rule.ts @@ -6,7 +6,6 @@ const app = new App(); const stack = new Stack(app, 'RuleStack'); - new Rule(stack, 'MyRule', { eventPattern: { account: ['account1', 'account2'], diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-iam/test/integ.principal-with-conditions.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-iam/test/integ.principal-with-conditions.ts index 7eab73dfd6326..517cfbd2a2645 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-iam/test/integ.principal-with-conditions.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-iam/test/integ.principal-with-conditions.ts @@ -16,7 +16,6 @@ new iam.Role(stack, 'TestRole', { assumedBy: principal, }); - new IntegTest(app, 'PrincipalWithCondition', { testCases: [stack], }); diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-kms/test/integ.key-hmac.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-kms/test/integ.key-hmac.ts index e16092506d2ae..69fd18ba9d49e 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-kms/test/integ.key-hmac.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-kms/test/integ.key-hmac.ts @@ -28,4 +28,3 @@ new IntegTest(app, 'HmacIntegTest', { app.synth(); - diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-lambda-nodejs/test/integ-handlers/ts-decorator-handler.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-lambda-nodejs/test/integ-handlers/ts-decorator-handler.ts index 99ca5ee8ceec1..3e31bfd38293f 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-lambda-nodejs/test/integ-handlers/ts-decorator-handler.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-lambda-nodejs/test/integ-handlers/ts-decorator-handler.ts @@ -16,7 +16,6 @@ class Greeter { } } - export async function handler(): Promise { const message = new Greeter('World').greet(); console.log(message); // eslint-disable-line no-console diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-lambda-nodejs/test/integ.dependencies-pnpm.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-lambda-nodejs/test/integ.dependencies-pnpm.ts index 5490987e9f6d0..6fa56bb33f322 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-lambda-nodejs/test/integ.dependencies-pnpm.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-lambda-nodejs/test/integ.dependencies-pnpm.ts @@ -27,7 +27,6 @@ const integ = new IntegTest(app, 'PnpmTest', { stackUpdateWorkflow: false, // this will tell the runner to not check in assets. }); - const response = integ.assertions.invokeFunction({ functionName: handler.functionName, }); diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.lambda.filesystem.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.lambda.filesystem.ts index d2214c5f33fd2..939ff3e4d087d 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.lambda.filesystem.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.lambda.filesystem.ts @@ -7,7 +7,6 @@ const app = new cdk.App(); const stack = new cdk.Stack(app, 'aws-cdk-lambda-1'); - const vpc = new ec2.Vpc(stack, 'Vpc', { maxAzs: 3, natGateways: 1, diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.runtime.fromasset.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.runtime.fromasset.ts index 53944edffb82d..765191c961f6c 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.runtime.fromasset.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.runtime.fromasset.ts @@ -25,7 +25,6 @@ invoke.expect(integ.ExpectedResult.objectLike({ app.synth(); - /* Code for the Lambda Function above: package com.mycompany.app; diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.runtime.inlinecode.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.runtime.inlinecode.ts index 2191a8860a673..2349e28041f96 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.runtime.inlinecode.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.runtime.inlinecode.ts @@ -43,7 +43,6 @@ const python310 = new Function(stack, 'PYTHON_3_10', { }); new CfnOutput(stack, 'PYTHON_3_10-functionName', { value: python310.functionName }); - const node14xfn = new Function(stack, 'NODEJS_14_X', { code: new InlineCode('exports.handler = async function(event) { return "success" }'), handler: 'index.handler', diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-logs-destinations/test/integ.kinesis.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-logs-destinations/test/integ.kinesis.ts index df5d2aec2360a..a48d7912edaee 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-logs-destinations/test/integ.kinesis.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-logs-destinations/test/integ.kinesis.ts @@ -5,7 +5,6 @@ import { IntegTest } from '@aws-cdk/integ-tests-alpha'; import * as constructs from 'constructs'; import * as dests from 'aws-cdk-lib/aws-logs-destinations'; - class KinesisEnv extends Stack { constructor(scope: constructs.Construct, id: string) { super(scope, id); diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.rolling-instance-updates.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.rolling-instance-updates.ts index a26502fed96d1..5a60a1b20a6ac 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.rolling-instance-updates.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.rolling-instance-updates.ts @@ -29,7 +29,6 @@ class RollingInstanceUpdateTestStack extends cdk.Stack { } } - // Beginning of the test suite const app = new cdk.App(); new integTests.IntegTest(app, 'InstanceUpdateBehaviorTests', { diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-s3-assets/test/integ.assets.bundling.docker-opts.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-s3-assets/test/integ.assets.bundling.docker-opts.ts index 49040039341b4..99ec8c1573e4e 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-s3-assets/test/integ.assets.bundling.docker-opts.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-s3-assets/test/integ.assets.bundling.docker-opts.ts @@ -3,7 +3,6 @@ import { App, DockerImage, Stack } from 'aws-cdk-lib'; import * as integ from '@aws-cdk/integ-tests-alpha'; import * as assets from 'aws-cdk-lib/aws-s3-assets'; - const app = new App(); const stack = new Stack(app, 'cdk-integ-assets-bundling-docker-opts'); diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-s3-deployment/test/integ.bucket-deployment-deployed-bucket.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-s3-deployment/test/integ.bucket-deployment-deployed-bucket.ts index 0f304389fd8b2..865e09d0b7974 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-s3-deployment/test/integ.bucket-deployment-deployed-bucket.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-s3-deployment/test/integ.bucket-deployment-deployed-bucket.ts @@ -31,7 +31,6 @@ class TestBucketDeployment extends cdk.Stack { const app = new cdk.App(); const testCase = new TestBucketDeployment(app, 'test-bucket-deployment-deployed-bucket'); - new integ.IntegTest(app, 'integ-test-bucket-deployments', { testCases: [testCase], }); diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-s3-notifications/test/sqs/integ.bucket-notifications.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-s3-notifications/test/sqs/integ.bucket-notifications.ts index 55d69fdc1a0ea..b04732bfa5d6d 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-s3-notifications/test/sqs/integ.bucket-notifications.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-s3-notifications/test/sqs/integ.bucket-notifications.ts @@ -24,7 +24,6 @@ bucket2.addObjectCreatedNotification(new s3n.SqsDestination(queue), { suffix: '. const encryptedQueue = new sqs.Queue(stack, 'EncryptedQueue', { encryption: sqs.QueueEncryption.KMS }); bucket1.addObjectRemovedNotification(new s3n.SqsDestination(encryptedQueue)); - const integTest = new integ.IntegTest(app, 'SQSBucketNotificationsTest', { testCases: [stack], }); diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-intelligent-tiering.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-intelligent-tiering.ts index c9f7acc108b6d..c056eb97266d8 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-intelligent-tiering.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-intelligent-tiering.ts @@ -16,7 +16,6 @@ new s3.Bucket(stack, 'MyBucket', { }], }); - new IntegTest(app, 'cdk-integ-intelligent-tiering', { testCases: [stack], }); diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-sns-subscriptions/test/integ.sns-lambda.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-sns-subscriptions/test/integ.sns-lambda.ts index 22dbd54abcd87..7bb71d89dff3a 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-sns-subscriptions/test/integ.sns-lambda.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-sns-subscriptions/test/integ.sns-lambda.ts @@ -1,5 +1,3 @@ - - import * as lambda from 'aws-cdk-lib/aws-lambda'; import * as sns from 'aws-cdk-lib/aws-sns'; import * as sqs from 'aws-cdk-lib/aws-sqs'; diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ssm/test/integ.list-parameter.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-ssm/test/integ.list-parameter.ts index bdf4b628669c4..0f22293f45189 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ssm/test/integ.list-parameter.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ssm/test/integ.list-parameter.ts @@ -17,7 +17,6 @@ class TestCaseBase extends cdk.Stack { } } - const app = new cdk.App({ treeMetadata: false, }); @@ -30,7 +29,6 @@ new cdk.CfnOutput(testCase, 'Output', { value: cdk.Fn.join(',', base.listParam.stringListValue), }); - /** * get the value from the `base` stack and then write it to a new parameter * We will then assert that the value that is written is the correct value @@ -58,7 +56,6 @@ const ssmVersionValue = new ssm.CfnParameter(testCase, 'version-value-test', { value: cdk.Fn.join(',', versionValue), }); - const integ = new IntegTest(app, 'ssm-string-param', { testCases: [ testCase, diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/athena/integ.get-query-execution.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/athena/integ.get-query-execution.ts index a8e1f44c8a2d3..152fb3b3bab35 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/athena/integ.get-query-execution.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/athena/integ.get-query-execution.ts @@ -38,5 +38,4 @@ new cdk.CfnOutput(stack, 'stateMachineArn', { value: sm.stateMachineArn, }); - app.synth(); diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/athena/integ.get-query-results.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/athena/integ.get-query-results.ts index be15b8e5a4fa6..058eab1625de3 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/athena/integ.get-query-results.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/athena/integ.get-query-results.ts @@ -47,5 +47,4 @@ new cdk.CfnOutput(stack, 'stateMachineArn', { value: sm.stateMachineArn, }); - app.synth(); diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/athena/integ.start-query-execution.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/athena/integ.start-query-execution.ts index fb07e283f3860..c91bd76b6b6ed 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/athena/integ.start-query-execution.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/athena/integ.start-query-execution.ts @@ -27,7 +27,6 @@ const startQueryExecutionJob = new AthenaStartQueryExecution(stack, 'Start Athen }, }); - const chain = sfn.Chain.start(startQueryExecutionJob); const sm = new sfn.StateMachine(stack, 'StateMachine', { @@ -39,5 +38,4 @@ new cdk.CfnOutput(stack, 'stateMachineArn', { value: sm.stateMachineArn, }); - app.synth(); diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/athena/integ.stop-query-execution.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/athena/integ.stop-query-execution.ts index d5bb2ee2d942d..ea150e53b978a 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/athena/integ.stop-query-execution.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/athena/integ.stop-query-execution.ts @@ -40,5 +40,4 @@ new cdk.CfnOutput(stack, 'stateMachineArn', { value: sm.stateMachineArn, }); - app.synth(); diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/eks/integ.call.js.snapshot/asset.68b8fc42fe6d1eb6e6c39212ce770fac02511440fecfc5b69a904fe8a19f6b8e/cluster.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/eks/integ.call.js.snapshot/asset.68b8fc42fe6d1eb6e6c39212ce770fac02511440fecfc5b69a904fe8a19f6b8e/cluster.ts index 7516298cbab1c..399865a98c225 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/eks/integ.call.js.snapshot/asset.68b8fc42fe6d1eb6e6c39212ce770fac02511440fecfc5b69a904fe8a19f6b8e/cluster.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/eks/integ.call.js.snapshot/asset.68b8fc42fe6d1eb6e6c39212ce770fac02511440fecfc5b69a904fe8a19f6b8e/cluster.ts @@ -7,7 +7,6 @@ import * as aws from 'aws-sdk'; import { EksClient, ResourceEvent, ResourceHandler } from './common'; import { compareLoggingProps } from './compareLogging'; - const MAX_CLUSTER_NAME_LEN = 100; export class ClusterResourceHandler extends ResourceHandler { diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/eks/integ.call.js.snapshot/asset.a21fb971385f0210c6b1c88a25f1b9986bae4e4e1bca8d4aa818c442e1878ddf/cluster.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/eks/integ.call.js.snapshot/asset.a21fb971385f0210c6b1c88a25f1b9986bae4e4e1bca8d4aa818c442e1878ddf/cluster.ts index 558fbe9884428..c058e47b62c68 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/eks/integ.call.js.snapshot/asset.a21fb971385f0210c6b1c88a25f1b9986bae4e4e1bca8d4aa818c442e1878ddf/cluster.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/eks/integ.call.js.snapshot/asset.a21fb971385f0210c6b1c88a25f1b9986bae4e4e1bca8d4aa818c442e1878ddf/cluster.ts @@ -7,7 +7,6 @@ import { EksClient, ResourceEvent, ResourceHandler } from './common'; import { compareLoggingProps } from './compareLogging'; import { IsCompleteResponse, OnEventResponse } from '../../../custom-resources/lib/provider-framework/types'; - const MAX_CLUSTER_NAME_LEN = 100; export class ClusterResourceHandler extends ResourceHandler { diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/emrcontainers/integ.job-submission-workflow.js.snapshot/asset.a21fb971385f0210c6b1c88a25f1b9986bae4e4e1bca8d4aa818c442e1878ddf/cluster.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/emrcontainers/integ.job-submission-workflow.js.snapshot/asset.a21fb971385f0210c6b1c88a25f1b9986bae4e4e1bca8d4aa818c442e1878ddf/cluster.ts index 558fbe9884428..c058e47b62c68 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/emrcontainers/integ.job-submission-workflow.js.snapshot/asset.a21fb971385f0210c6b1c88a25f1b9986bae4e4e1bca8d4aa818c442e1878ddf/cluster.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/emrcontainers/integ.job-submission-workflow.js.snapshot/asset.a21fb971385f0210c6b1c88a25f1b9986bae4e4e1bca8d4aa818c442e1878ddf/cluster.ts @@ -7,7 +7,6 @@ import { EksClient, ResourceEvent, ResourceHandler } from './common'; import { compareLoggingProps } from './compareLogging'; import { IsCompleteResponse, OnEventResponse } from '../../../custom-resources/lib/provider-framework/types'; - const MAX_CLUSTER_NAME_LEN = 100; export class ClusterResourceHandler extends ResourceHandler { diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/emrcontainers/integ.job-submission-workflow.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/emrcontainers/integ.job-submission-workflow.ts index a432438a4d5d9..125d2874a23a5 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/emrcontainers/integ.job-submission-workflow.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/emrcontainers/integ.job-submission-workflow.ts @@ -70,7 +70,6 @@ const startJobRun = new EmrContainersStartJobRun(stack, 'Start a Job Run', { resultPath: '$.job', }); - const deleteVirtualCluster = new EmrContainersDeleteVirtualCluster(stack, 'Delete a Virtual Cluster', { virtualClusterId: sfn.TaskInput.fromJsonPathAt('$.job.VirtualClusterId'), }); diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/emrcontainers/integ.start-job-run.js.snapshot/asset.a21fb971385f0210c6b1c88a25f1b9986bae4e4e1bca8d4aa818c442e1878ddf/cluster.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/emrcontainers/integ.start-job-run.js.snapshot/asset.a21fb971385f0210c6b1c88a25f1b9986bae4e4e1bca8d4aa818c442e1878ddf/cluster.ts index 558fbe9884428..c058e47b62c68 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/emrcontainers/integ.start-job-run.js.snapshot/asset.a21fb971385f0210c6b1c88a25f1b9986bae4e4e1bca8d4aa818c442e1878ddf/cluster.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/emrcontainers/integ.start-job-run.js.snapshot/asset.a21fb971385f0210c6b1c88a25f1b9986bae4e4e1bca8d4aa818c442e1878ddf/cluster.ts @@ -7,7 +7,6 @@ import { EksClient, ResourceEvent, ResourceHandler } from './common'; import { compareLoggingProps } from './compareLogging'; import { IsCompleteResponse, OnEventResponse } from '../../../custom-resources/lib/provider-framework/types'; - const MAX_CLUSTER_NAME_LEN = 100; export class ClusterResourceHandler extends ResourceHandler { diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/eventbridge/integ.put-events.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/eventbridge/integ.put-events.ts index 7f090e487d074..7eaf38cdf150b 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/eventbridge/integ.put-events.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/eventbridge/integ.put-events.ts @@ -40,7 +40,6 @@ const sm = new sfn.StateMachine(stack, 'StateMachine', { timeout: cdk.Duration.seconds(30), }); - const testCase = new IntegTest(app, 'PutEvents', { testCases: [stack], }); diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/sagemaker/integ.call-sagemaker.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/sagemaker/integ.call-sagemaker.ts index 2134028d79e76..dd4a40cb35893 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/sagemaker/integ.call-sagemaker.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/sagemaker/integ.call-sagemaker.ts @@ -5,7 +5,6 @@ import * as sfn from 'aws-cdk-lib/aws-stepfunctions'; import * as cdk from 'aws-cdk-lib'; import * as tasks from 'aws-cdk-lib/aws-stepfunctions-tasks'; - /* * Creates a state machine with a task states needed to deploy the SageMaker Endpoint * @@ -20,7 +19,6 @@ import * as tasks from 'aws-cdk-lib/aws-stepfunctions-tasks'; * -- aws stepfunctions describe-execution --execution-arn returns a status of `Succeeded` */ - class CallSageMakerStack extends cdk.Stack { constructor(scope: cdk.App, id: string, props: cdk.StackProps = {}) { super(scope, id, props); diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-stack-outputs-in-custom-step.ts b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-stack-outputs-in-custom-step.ts index 98d4be41ed3c4..45313cf5d2e96 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-stack-outputs-in-custom-step.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-stack-outputs-in-custom-step.ts @@ -9,7 +9,6 @@ import { Construct } from 'constructs'; import * as pipelines from 'aws-cdk-lib/pipelines'; import { ICodePipelineActionFactory, Step } from 'aws-cdk-lib/pipelines'; - class CustomStep extends Step implements ICodePipelineActionFactory { constructor(private readonly stackOutput: CfnOutput) { super('CustomStep'); diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-without-prepare.ts b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-without-prepare.ts index 0288eb79268d5..81d01ce6045c1 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-without-prepare.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-without-prepare.ts @@ -20,7 +20,6 @@ export class BucketStack extends Stack { } } - export class PlainStackApp extends Stage { constructor(scope: Construct, id: string, props?: StageProps) { super(scope, id, props); diff --git a/packages/@aws-cdk/aws-amplify-alpha/lib/app.ts b/packages/@aws-cdk/aws-amplify-alpha/lib/app.ts index a4238b39608ce..e4d2df3fcb657 100644 --- a/packages/@aws-cdk/aws-amplify-alpha/lib/app.ts +++ b/packages/@aws-cdk/aws-amplify-alpha/lib/app.ts @@ -118,7 +118,6 @@ export interface AppProps { */ readonly buildSpec?: codebuild.BuildSpec; - /** * The custom HTTP response headers for an Amplify app. * diff --git a/packages/@aws-cdk/aws-amplify-alpha/test/asset-deployment-handler/index.test.ts b/packages/@aws-cdk/aws-amplify-alpha/test/asset-deployment-handler/index.test.ts index ad40018672e23..95e9e6a259940 100644 --- a/packages/@aws-cdk/aws-amplify-alpha/test/asset-deployment-handler/index.test.ts +++ b/packages/@aws-cdk/aws-amplify-alpha/test/asset-deployment-handler/index.test.ts @@ -705,7 +705,6 @@ describe('handler', () => { PhysicalResourceId: 'physicalResourceIdValue', })).rejects.toThrow('Unsupported resource type "Custom::BadResourceType"'); - // THEN expect(getJobRequest).not.toHaveBeenCalled(); expect(getJobResponse).not.toHaveBeenCalled(); diff --git a/packages/@aws-cdk/aws-apigatewayv2-alpha/lib/common/base.ts b/packages/@aws-cdk/aws-apigatewayv2-alpha/lib/common/base.ts index ce507e806a818..6d2924568d2bc 100644 --- a/packages/@aws-cdk/aws-apigatewayv2-alpha/lib/common/base.ts +++ b/packages/@aws-cdk/aws-apigatewayv2-alpha/lib/common/base.ts @@ -22,7 +22,6 @@ export abstract class ApiBase extends Resource implements IApi { } } - /** * Base class representing a Stage * @internal diff --git a/packages/@aws-cdk/aws-apigatewayv2-alpha/lib/http/vpc-link.ts b/packages/@aws-cdk/aws-apigatewayv2-alpha/lib/http/vpc-link.ts index dd986ca540bd8..74929a4e4b3a0 100644 --- a/packages/@aws-cdk/aws-apigatewayv2-alpha/lib/http/vpc-link.ts +++ b/packages/@aws-cdk/aws-apigatewayv2-alpha/lib/http/vpc-link.ts @@ -63,7 +63,6 @@ export interface VpcLinkAttributes { readonly vpc: ec2.IVpc; } - /** * Define a new VPC Link * Specifies an API Gateway VPC link for a HTTP API to access resources in an Amazon Virtual Private Cloud (VPC). diff --git a/packages/@aws-cdk/aws-apigatewayv2-alpha/lib/websocket/api.ts b/packages/@aws-cdk/aws-apigatewayv2-alpha/lib/websocket/api.ts index 652f2eeb2c6e5..c015cee597e1f 100644 --- a/packages/@aws-cdk/aws-apigatewayv2-alpha/lib/websocket/api.ts +++ b/packages/@aws-cdk/aws-apigatewayv2-alpha/lib/websocket/api.ts @@ -101,7 +101,6 @@ export interface WebSocketApiAttributes { readonly apiEndpoint?: string; } - /** * Create a new API Gateway WebSocket API endpoint. * @resource AWS::ApiGatewayV2::Api diff --git a/packages/@aws-cdk/aws-apigatewayv2-alpha/test/http/api.test.ts b/packages/@aws-cdk/aws-apigatewayv2-alpha/test/http/api.test.ts index 5e81d92f5be5e..40eec4fdf5f5a 100644 --- a/packages/@aws-cdk/aws-apigatewayv2-alpha/test/http/api.test.ts +++ b/packages/@aws-cdk/aws-apigatewayv2-alpha/test/http/api.test.ts @@ -396,7 +396,6 @@ describe('HttpApi', () => { }); }); - describe('default authorization settings', () => { test('can add default authorizer', () => { const stack = new Stack(); diff --git a/packages/@aws-cdk/aws-apigatewayv2-alpha/test/http/vpc-link.test.ts b/packages/@aws-cdk/aws-apigatewayv2-alpha/test/http/vpc-link.test.ts index 6ff88392b6fa3..b5b2cc4317dbf 100644 --- a/packages/@aws-cdk/aws-apigatewayv2-alpha/test/http/vpc-link.test.ts +++ b/packages/@aws-cdk/aws-apigatewayv2-alpha/test/http/vpc-link.test.ts @@ -128,7 +128,6 @@ describe('VpcLink', () => { const sg2 = new ec2.SecurityGroup(stack, 'SG2', { vpc }); const sg3 = new ec2.SecurityGroup(stack, 'SG3', { vpc }); - // WHEN const vpcLink = new VpcLink(stack, 'VpcLink', { vpc, diff --git a/packages/@aws-cdk/aws-apigatewayv2-alpha/test/websocket/route.test.ts b/packages/@aws-cdk/aws-apigatewayv2-alpha/test/websocket/route.test.ts index 680878a3e7020..1c6518bc585be 100644 --- a/packages/@aws-cdk/aws-apigatewayv2-alpha/test/websocket/route.test.ts +++ b/packages/@aws-cdk/aws-apigatewayv2-alpha/test/websocket/route.test.ts @@ -80,7 +80,6 @@ describe('WebSocketRoute', () => { }); }); - test('integration cannot be used across WebSocketApis', () => { // GIVEN const integration = new DummyIntegration(); @@ -166,7 +165,6 @@ describe('WebSocketRoute', () => { }); }); - class DummyIntegration extends WebSocketRouteIntegration { constructor(name?: string) { super(name ?? 'DummyIntegration'); diff --git a/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.lambda.ts b/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.lambda.ts index 30e2ba74916e6..53202ce6c3307 100644 --- a/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.lambda.ts +++ b/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.lambda.ts @@ -23,7 +23,6 @@ const authHandler = new lambda.Function(stack, 'auth-function', { code: lambda.Code.fromAsset(path.join(__dirname, '../auth-handler')), }); - const authorizer = new HttpLambdaAuthorizer('LambdaAuthorizer', authHandler, { authorizerName: 'my-simple-authorizer', identitySource: ['$request.header.X-API-Key'], diff --git a/packages/@aws-cdk/aws-apigatewayv2-integrations-alpha/lib/http/private/integration.ts b/packages/@aws-cdk/aws-apigatewayv2-integrations-alpha/lib/http/private/integration.ts index 416733cbb3835..f3c27d4410b51 100644 --- a/packages/@aws-cdk/aws-apigatewayv2-integrations-alpha/lib/http/private/integration.ts +++ b/packages/@aws-cdk/aws-apigatewayv2-integrations-alpha/lib/http/private/integration.ts @@ -10,7 +10,6 @@ import { } from '@aws-cdk/aws-apigatewayv2-alpha'; import * as ec2 from 'aws-cdk-lib/aws-ec2'; - /** * Options required to use an existing vpcLink or configure a new one * diff --git a/packages/@aws-cdk/aws-apigatewayv2-integrations-alpha/test/websocket/lambda.test.ts b/packages/@aws-cdk/aws-apigatewayv2-integrations-alpha/test/websocket/lambda.test.ts index 7bf6cd9c1094b..bd74acb0e7971 100644 --- a/packages/@aws-cdk/aws-apigatewayv2-integrations-alpha/test/websocket/lambda.test.ts +++ b/packages/@aws-cdk/aws-apigatewayv2-integrations-alpha/test/websocket/lambda.test.ts @@ -4,7 +4,6 @@ import { Code, Function, Runtime } from 'aws-cdk-lib/aws-lambda'; import { Stack } from 'aws-cdk-lib'; import { WebSocketLambdaIntegration } from '../../lib'; - describe('LambdaWebSocketIntegration', () => { test('default', () => { // GIVEN diff --git a/packages/@aws-cdk/aws-apigatewayv2-integrations-alpha/test/websocket/mock.test.ts b/packages/@aws-cdk/aws-apigatewayv2-integrations-alpha/test/websocket/mock.test.ts index 8515294e3d4f4..ffa2252b10f04 100644 --- a/packages/@aws-cdk/aws-apigatewayv2-integrations-alpha/test/websocket/mock.test.ts +++ b/packages/@aws-cdk/aws-apigatewayv2-integrations-alpha/test/websocket/mock.test.ts @@ -3,7 +3,6 @@ import { WebSocketApi } from '@aws-cdk/aws-apigatewayv2-alpha'; import { Stack } from 'aws-cdk-lib'; import { WebSocketMockIntegration } from '../../lib'; - describe('MockWebSocketIntegration', () => { test('default', () => { // GIVEN diff --git a/packages/@aws-cdk/aws-apprunner-alpha/lib/service.ts b/packages/@aws-cdk/aws-apprunner-alpha/lib/service.ts index 1f5d3679508f7..7f9ff49462982 100644 --- a/packages/@aws-cdk/aws-apprunner-alpha/lib/service.ts +++ b/packages/@aws-cdk/aws-apprunner-alpha/lib/service.ts @@ -70,7 +70,6 @@ export class Cpu { private constructor(public readonly unit: string) {} } - /** * The amount of memory reserved for each instance of your App Runner service. */ diff --git a/packages/@aws-cdk/aws-apprunner-alpha/test/integ.service-ecr-public.ts b/packages/@aws-cdk/aws-apprunner-alpha/test/integ.service-ecr-public.ts index e5df18bad4b7f..e956fb30ba790 100644 --- a/packages/@aws-cdk/aws-apprunner-alpha/test/integ.service-ecr-public.ts +++ b/packages/@aws-cdk/aws-apprunner-alpha/test/integ.service-ecr-public.ts @@ -1,7 +1,6 @@ import * as cdk from 'aws-cdk-lib'; import { Service, Source } from '../lib'; - const app = new cdk.App(); const stack = new cdk.Stack(app, 'integ-apprunner-ecr-public'); diff --git a/packages/@aws-cdk/aws-apprunner-alpha/test/integ.service-ecr.ts b/packages/@aws-cdk/aws-apprunner-alpha/test/integ.service-ecr.ts index c828632d66df8..d6e7d10b692ac 100644 --- a/packages/@aws-cdk/aws-apprunner-alpha/test/integ.service-ecr.ts +++ b/packages/@aws-cdk/aws-apprunner-alpha/test/integ.service-ecr.ts @@ -3,12 +3,10 @@ import * as assets from 'aws-cdk-lib/aws-ecr-assets'; import * as cdk from 'aws-cdk-lib'; import { Service, Source } from '../lib'; - const app = new cdk.App(); const stack = new cdk.Stack(app, 'integ-apprunner'); - // Scenario 3: Create the service from local code assets const imageAsset = new assets.DockerImageAsset(stack, 'ImageAssets', { directory: path.join(__dirname, './docker.assets'), diff --git a/packages/@aws-cdk/aws-apprunner-alpha/test/integ.service-vpc-connector.ts b/packages/@aws-cdk/aws-apprunner-alpha/test/integ.service-vpc-connector.ts index ad348e6c2856d..6a9ba28aafccb 100644 --- a/packages/@aws-cdk/aws-apprunner-alpha/test/integ.service-vpc-connector.ts +++ b/packages/@aws-cdk/aws-apprunner-alpha/test/integ.service-vpc-connector.ts @@ -2,7 +2,6 @@ import * as ec2 from 'aws-cdk-lib/aws-ec2'; import * as cdk from 'aws-cdk-lib'; import { Service, Source, VpcConnector } from '../lib'; - const app = new cdk.App(); const stack = new cdk.Stack(app, 'integ-apprunner'); diff --git a/packages/@aws-cdk/aws-apprunner-alpha/test/service.test.ts b/packages/@aws-cdk/aws-apprunner-alpha/test/service.test.ts index 73d2f4c068993..cd4bc5d2b3379 100644 --- a/packages/@aws-cdk/aws-apprunner-alpha/test/service.test.ts +++ b/packages/@aws-cdk/aws-apprunner-alpha/test/service.test.ts @@ -627,7 +627,6 @@ test('create a service with local assets(image repository type: ECR)', () => { }); }); - test('create a service with github repository', () => { // GIVEN const app = new cdk.App(); @@ -781,7 +780,6 @@ test('create a service with github repository - buildCommand, environment and st }); }); - test('import from service name', () => { // GIVEN const app = new cdk.App(); @@ -811,7 +809,6 @@ test('import from service attributes', () => { expect(svc).toHaveProperty('serviceUrl'); }); - test('undefined imageConfiguration port is allowed', () => { // GIVEN const app = new cdk.App(); diff --git a/packages/@aws-cdk/aws-batch-alpha/lib/compute-environment-base.ts b/packages/@aws-cdk/aws-batch-alpha/lib/compute-environment-base.ts index ac3002c457bee..1a308ef8cd442 100644 --- a/packages/@aws-cdk/aws-batch-alpha/lib/compute-environment-base.ts +++ b/packages/@aws-cdk/aws-batch-alpha/lib/compute-environment-base.ts @@ -2,7 +2,6 @@ import * as iam from 'aws-cdk-lib/aws-iam'; import { IResource, Resource } from 'aws-cdk-lib'; import { Construct } from 'constructs'; - /** * Represents a ComputeEnvironment */ diff --git a/packages/@aws-cdk/aws-batch-alpha/lib/ecs-container-definition.ts b/packages/@aws-cdk/aws-batch-alpha/lib/ecs-container-definition.ts index c36b94f2876d0..959058f709338 100644 --- a/packages/@aws-cdk/aws-batch-alpha/lib/ecs-container-definition.ts +++ b/packages/@aws-cdk/aws-batch-alpha/lib/ecs-container-definition.ts @@ -24,7 +24,6 @@ export interface EcsVolumeOptions { */ readonly containerPath: string; - /** * if set, the container will have readonly access to the volume * diff --git a/packages/@aws-cdk/aws-batch-alpha/lib/eks-container-definition.ts b/packages/@aws-cdk/aws-batch-alpha/lib/eks-container-definition.ts index 8886df16d9b2f..d37905d78650a 100644 --- a/packages/@aws-cdk/aws-batch-alpha/lib/eks-container-definition.ts +++ b/packages/@aws-cdk/aws-batch-alpha/lib/eks-container-definition.ts @@ -7,7 +7,6 @@ const EMPTY_DIR_VOLUME_SYMBOL = Symbol.for('aws-cdk-lib/aws-batch/lib/eks-contai const HOST_PATH_VOLUME_SYMBOL = Symbol.for('aws-cdk-lib/aws-batch/lib/eks-container-definition.HostPathVolume'); const SECRET_PATH_VOLUME_SYMBOL = Symbol.for('aws-cdk-lib/aws-batch/lib/eks-container-definition.SecretVolume'); - /** * A container that can be run with EKS orchestration on EC2 resources */ diff --git a/packages/@aws-cdk/aws-batch-alpha/lib/job-definition-base.ts b/packages/@aws-cdk/aws-batch-alpha/lib/job-definition-base.ts index d003c24d4f79d..4361db9377810 100644 --- a/packages/@aws-cdk/aws-batch-alpha/lib/job-definition-base.ts +++ b/packages/@aws-cdk/aws-batch-alpha/lib/job-definition-base.ts @@ -2,7 +2,6 @@ import { Duration, IResource, Lazy, Resource } from 'aws-cdk-lib'; import { Construct } from 'constructs'; import { CfnJobDefinitionProps } from 'aws-cdk-lib/aws-batch'; - /** * Represents a JobDefinition */ @@ -65,7 +64,6 @@ export interface IJobDefinition extends IResource { */ readonly timeout?: Duration; - /** * Add a RetryStrategy to this JobDefinition */ diff --git a/packages/@aws-cdk/aws-batch-alpha/lib/linux-parameters.ts b/packages/@aws-cdk/aws-batch-alpha/lib/linux-parameters.ts index d78cc79acfcae..fd176526e8942 100644 --- a/packages/@aws-cdk/aws-batch-alpha/lib/linux-parameters.ts +++ b/packages/@aws-cdk/aws-batch-alpha/lib/linux-parameters.ts @@ -121,7 +121,6 @@ export class LinuxParameters extends Construct { this.tmpfs.push(...tmpfs); } - /** * Renders the Linux parameters to the Batch version of this resource, * which does not have 'capabilities' and requires tmpfs.containerPath to be defined. diff --git a/packages/@aws-cdk/aws-batch-alpha/lib/managed-compute-environment.ts b/packages/@aws-cdk/aws-batch-alpha/lib/managed-compute-environment.ts index 8077e716ae08a..35b5d9d7328a5 100644 --- a/packages/@aws-cdk/aws-batch-alpha/lib/managed-compute-environment.ts +++ b/packages/@aws-cdk/aws-batch-alpha/lib/managed-compute-environment.ts @@ -7,7 +7,6 @@ import { Construct } from 'constructs'; import { CfnComputeEnvironment } from 'aws-cdk-lib/aws-batch'; import { IComputeEnvironment, ComputeEnvironmentBase, ComputeEnvironmentProps } from './compute-environment-base'; - /** * Represents a Managed ComputeEnvironment. Batch will provision EC2 Instances to * meet the requirements of the jobs executing in this ComputeEnvironment. diff --git a/packages/@aws-cdk/aws-batch-alpha/lib/multinode-job-definition.ts b/packages/@aws-cdk/aws-batch-alpha/lib/multinode-job-definition.ts index f59ed19fcb61f..449ba68922918 100644 --- a/packages/@aws-cdk/aws-batch-alpha/lib/multinode-job-definition.ts +++ b/packages/@aws-cdk/aws-batch-alpha/lib/multinode-job-definition.ts @@ -6,7 +6,6 @@ import { IEcsContainerDefinition } from './ecs-container-definition'; import { Compatibility } from './ecs-job-definition'; import { baseJobDefinitionProperties, IJobDefinition, JobDefinitionBase, JobDefinitionProps } from './job-definition-base'; - interface IMultiNodeJobDefinition extends IJobDefinition { /** * The containers that this multinode job will run. diff --git a/packages/@aws-cdk/aws-batch-alpha/lib/scheduling-policy.ts b/packages/@aws-cdk/aws-batch-alpha/lib/scheduling-policy.ts index ac8e414265c60..49475e1950344 100644 --- a/packages/@aws-cdk/aws-batch-alpha/lib/scheduling-policy.ts +++ b/packages/@aws-cdk/aws-batch-alpha/lib/scheduling-policy.ts @@ -2,7 +2,6 @@ import { ArnFormat, Duration, IResource, Lazy, Resource, Stack } from 'aws-cdk-l import { Construct } from 'constructs'; import { CfnSchedulingPolicy } from 'aws-cdk-lib/aws-batch'; - /** * Represents a Scheduling Policy. Scheduling Policies tell the Batch * Job Scheduler how to schedule incoming jobs. diff --git a/packages/@aws-cdk/aws-batch-alpha/lib/unmanaged-compute-environment.ts b/packages/@aws-cdk/aws-batch-alpha/lib/unmanaged-compute-environment.ts index ea7b48488d0d5..877215d2a34a6 100644 --- a/packages/@aws-cdk/aws-batch-alpha/lib/unmanaged-compute-environment.ts +++ b/packages/@aws-cdk/aws-batch-alpha/lib/unmanaged-compute-environment.ts @@ -4,7 +4,6 @@ import { Construct } from 'constructs'; import { CfnComputeEnvironment } from 'aws-cdk-lib/aws-batch'; import { IComputeEnvironment, ComputeEnvironmentBase, ComputeEnvironmentProps } from './compute-environment-base'; - /** * Represents an UnmanagedComputeEnvironment. Batch will not provision instances on your behalf * in this ComputeEvironment. diff --git a/packages/@aws-cdk/aws-batch-alpha/test/aws-events-targets/batch.test.ts b/packages/@aws-cdk/aws-batch-alpha/test/aws-events-targets/batch.test.ts index f477664093c46..a054df02738dc 100644 --- a/packages/@aws-cdk/aws-batch-alpha/test/aws-events-targets/batch.test.ts +++ b/packages/@aws-cdk/aws-batch-alpha/test/aws-events-targets/batch.test.ts @@ -11,7 +11,6 @@ describe('Batch job event target', () => { let jobQueue: batch.IJobQueue; let jobDefinition: batch.IJobDefinition; - beforeEach(() => { stack = new Stack(); jobQueue = new batch.JobQueue(stack, 'MyQueue', { diff --git a/packages/@aws-cdk/aws-batch-alpha/test/ecs-job-definition.test.ts b/packages/@aws-cdk/aws-batch-alpha/test/ecs-job-definition.test.ts index 80b24f4f3e501..8cf3711e76b6c 100644 --- a/packages/@aws-cdk/aws-batch-alpha/test/ecs-job-definition.test.ts +++ b/packages/@aws-cdk/aws-batch-alpha/test/ecs-job-definition.test.ts @@ -3,7 +3,6 @@ import * as ecs from 'aws-cdk-lib/aws-ecs'; import { DefaultTokenResolver, Size, StringConcat, Stack, Tokenization } from 'aws-cdk-lib'; import { Compatibility, EcsEc2ContainerDefinition, EcsFargateContainerDefinition, EcsJobDefinition } from '../lib'; - test('EcsJobDefinition respects propagateTags', () => { // GIVEN const stack = new Stack(); diff --git a/packages/@aws-cdk/aws-batch-alpha/test/eks-container-definition.test.ts b/packages/@aws-cdk/aws-batch-alpha/test/eks-container-definition.test.ts index 06fa26ec26436..aad8c169664ad 100644 --- a/packages/@aws-cdk/aws-batch-alpha/test/eks-container-definition.test.ts +++ b/packages/@aws-cdk/aws-batch-alpha/test/eks-container-definition.test.ts @@ -5,7 +5,6 @@ import { capitalizePropertyNames } from './utils'; import { EksContainerDefinitionProps, EksContainerDefinition, EksJobDefinition, ImagePullPolicy, EksVolume, EmptyDirMediumType } from '../lib'; import { CfnJobDefinitionProps } from 'aws-cdk-lib/aws-batch'; - // GIVEN const defaultContainerProps: EksContainerDefinitionProps = { image: ecs.ContainerImage.fromRegistry('amazon/amazon-ecs-sample'), diff --git a/packages/@aws-cdk/aws-batch-alpha/test/eks-job-definition.test.ts b/packages/@aws-cdk/aws-batch-alpha/test/eks-job-definition.test.ts index 4906980623460..53e543b0d613a 100644 --- a/packages/@aws-cdk/aws-batch-alpha/test/eks-job-definition.test.ts +++ b/packages/@aws-cdk/aws-batch-alpha/test/eks-job-definition.test.ts @@ -3,7 +3,6 @@ import * as ecs from 'aws-cdk-lib/aws-ecs'; import { Stack } from 'aws-cdk-lib'; import { DnsPolicy, EksContainerDefinition, EksJobDefinition } from '../lib'; - test('EcsJobDefinition respects dnsPolicy', () => { // GIVEN const stack = new Stack(); diff --git a/packages/@aws-cdk/aws-batch-alpha/test/integ.eks-job-definition.ts b/packages/@aws-cdk/aws-batch-alpha/test/integ.eks-job-definition.ts index 8f2a92da7da14..4c585b7d1e656 100644 --- a/packages/@aws-cdk/aws-batch-alpha/test/integ.eks-job-definition.ts +++ b/packages/@aws-cdk/aws-batch-alpha/test/integ.eks-job-definition.ts @@ -3,7 +3,6 @@ import { App, Stack, Size } from 'aws-cdk-lib'; import * as integ from '@aws-cdk/integ-tests-alpha'; import * as batch from '../lib'; - const app = new App(); const stack = new Stack(app, 'stack'); @@ -48,7 +47,6 @@ new batch.EksJobDefinition(stack, 'EksJobDefn', { }), }); - new integ.IntegTest(app, 'BatchEcsJobDefinitionTest', { testCases: [stack], }); diff --git a/packages/@aws-cdk/aws-batch-alpha/test/integ.job-queue.ts b/packages/@aws-cdk/aws-batch-alpha/test/integ.job-queue.ts index 4801401714836..b44b035998bd9 100644 --- a/packages/@aws-cdk/aws-batch-alpha/test/integ.job-queue.ts +++ b/packages/@aws-cdk/aws-batch-alpha/test/integ.job-queue.ts @@ -4,7 +4,6 @@ import * as integ from '@aws-cdk/integ-tests-alpha'; import * as batch from '../lib'; import { ManagedEc2EcsComputeEnvironment } from '../lib'; - const app = new App(); const stack = new Stack(app, 'stack'); const vpc = new Vpc(stack, 'vpc', { restrictDefaultSecurityGroup: false }); diff --git a/packages/@aws-cdk/aws-batch-alpha/test/job-queue.test.ts b/packages/@aws-cdk/aws-batch-alpha/test/job-queue.test.ts index 35532913c6a92..d8793b5629c55 100644 --- a/packages/@aws-cdk/aws-batch-alpha/test/job-queue.test.ts +++ b/packages/@aws-cdk/aws-batch-alpha/test/job-queue.test.ts @@ -3,7 +3,6 @@ import { DefaultTokenResolver, Stack, StringConcat, Tokenization } from 'aws-cdk import * as ec2 from 'aws-cdk-lib/aws-ec2'; import { FairshareSchedulingPolicy, JobQueue, ManagedEc2EcsComputeEnvironment } from '../lib'; - test('JobQueue respects computeEnvironments', () => { // GIVEN const stack = new Stack(); diff --git a/packages/@aws-cdk/aws-batch-alpha/test/managed-compute-environment.test.ts b/packages/@aws-cdk/aws-batch-alpha/test/managed-compute-environment.test.ts index a92ba6b69a896..687666dd6947e 100644 --- a/packages/@aws-cdk/aws-batch-alpha/test/managed-compute-environment.test.ts +++ b/packages/@aws-cdk/aws-batch-alpha/test/managed-compute-environment.test.ts @@ -8,7 +8,6 @@ import * as batch from '../lib'; import { AllocationStrategy, ManagedEc2EcsComputeEnvironment, ManagedEc2EcsComputeEnvironmentProps, ManagedEc2EksComputeEnvironment, ManagedEc2EksComputeEnvironmentProps } from '../lib'; import { CfnComputeEnvironmentProps } from 'aws-cdk-lib/aws-batch'; - const defaultExpectedEcsProps: CfnComputeEnvironmentProps = { type: 'managed', computeEnvironmentName: undefined, diff --git a/packages/@aws-cdk/aws-batch-alpha/test/multinode-job-definition.test.ts b/packages/@aws-cdk/aws-batch-alpha/test/multinode-job-definition.test.ts index fdb8a1f20a3e4..89f1d7775ea11 100644 --- a/packages/@aws-cdk/aws-batch-alpha/test/multinode-job-definition.test.ts +++ b/packages/@aws-cdk/aws-batch-alpha/test/multinode-job-definition.test.ts @@ -4,7 +4,6 @@ import * as ecs from 'aws-cdk-lib/aws-ecs'; import { Size, Stack } from 'aws-cdk-lib'; import { Compatibility, EcsEc2ContainerDefinition, MultiNodeJobDefinition } from '../lib'; - test('MultiNodeJobDefinition respects mainNode', () => { // GIVEN const stack = new Stack(); diff --git a/packages/@aws-cdk/aws-batch-alpha/test/scheduling-policy.test.ts b/packages/@aws-cdk/aws-batch-alpha/test/scheduling-policy.test.ts index 3d1220c3dc6f4..d3b11b41fef5f 100644 --- a/packages/@aws-cdk/aws-batch-alpha/test/scheduling-policy.test.ts +++ b/packages/@aws-cdk/aws-batch-alpha/test/scheduling-policy.test.ts @@ -2,7 +2,6 @@ import { Template } from 'aws-cdk-lib/assertions'; import { Duration, Stack } from 'aws-cdk-lib/core'; import { FairshareSchedulingPolicy } from '../lib'; - test('empty fairshare policy', () => { // GIVEN const stack = new Stack(); diff --git a/packages/@aws-cdk/aws-cloud9-alpha/lib/environment.ts b/packages/@aws-cdk/aws-cloud9-alpha/lib/environment.ts index 75631762da5d8..45afc095f20ff 100644 --- a/packages/@aws-cdk/aws-cloud9-alpha/lib/environment.ts +++ b/packages/@aws-cdk/aws-cloud9-alpha/lib/environment.ts @@ -246,7 +246,6 @@ export class Owner { return { ownerArn: user.userArn }; } - /** * Make the Account Root User the environment owner (not recommended) * diff --git a/packages/@aws-cdk/aws-gamelift-alpha/lib/build-fleet.ts b/packages/@aws-cdk/aws-gamelift-alpha/lib/build-fleet.ts index cc3d79cc9c83f..66ac42c2799e2 100644 --- a/packages/@aws-cdk/aws-gamelift-alpha/lib/build-fleet.ts +++ b/packages/@aws-cdk/aws-gamelift-alpha/lib/build-fleet.ts @@ -122,7 +122,6 @@ export class BuildFleet extends FleetBase implements IBuildFleet { } (props.locations || []).forEach(this.addInternalLocation.bind(this)); - // Add all Ingress rules if (props.ingressRules && props.ingressRules?.length > 50) { throw new Error(`No more than 50 ingress rules are allowed per fleet, given ${props.ingressRules.length}`); diff --git a/packages/@aws-cdk/aws-gamelift-alpha/lib/build.ts b/packages/@aws-cdk/aws-gamelift-alpha/lib/build.ts index e7e11b6c7ec51..6ef687da25e6f 100644 --- a/packages/@aws-cdk/aws-gamelift-alpha/lib/build.ts +++ b/packages/@aws-cdk/aws-gamelift-alpha/lib/build.ts @@ -57,7 +57,6 @@ export enum OperatingSystem { WINDOWS_2012 = 'WINDOWS_2012' } - /** * Represents a Build content defined outside of this stack. */ @@ -277,5 +276,4 @@ export class Build extends BuildBase { }); } - } diff --git a/packages/@aws-cdk/aws-gamelift-alpha/lib/content.ts b/packages/@aws-cdk/aws-gamelift-alpha/lib/content.ts index dc149c5bab280..de3dd80773691 100644 --- a/packages/@aws-cdk/aws-gamelift-alpha/lib/content.ts +++ b/packages/@aws-cdk/aws-gamelift-alpha/lib/content.ts @@ -19,7 +19,6 @@ export abstract class Content { return new S3Content(bucket, key, objectVersion); } - /** * Loads the game content from a local disk path. * diff --git a/packages/@aws-cdk/aws-gamelift-alpha/lib/fleet-base.ts b/packages/@aws-cdk/aws-gamelift-alpha/lib/fleet-base.ts index 76abb2808d9ea..b97b3fe26121c 100644 --- a/packages/@aws-cdk/aws-gamelift-alpha/lib/fleet-base.ts +++ b/packages/@aws-cdk/aws-gamelift-alpha/lib/fleet-base.ts @@ -8,7 +8,6 @@ import { IGameSessionQueueDestination } from './game-session-queue'; import { GameLiftMetrics } from 'aws-cdk-lib/aws-gamelift/lib/gamelift-canned-metrics.generated'; import { CfnFleet } from 'aws-cdk-lib/aws-gamelift'; - /** * Current resource capacity settings in a specified fleet or location. * The location value might refer to a fleet's remote location or its home Region. diff --git a/packages/@aws-cdk/aws-gamelift-alpha/lib/game-server-group.ts b/packages/@aws-cdk/aws-gamelift-alpha/lib/game-server-group.ts index 5b525c4e95e83..f6990156105fc 100644 --- a/packages/@aws-cdk/aws-gamelift-alpha/lib/game-server-group.ts +++ b/packages/@aws-cdk/aws-gamelift-alpha/lib/game-server-group.ts @@ -5,7 +5,6 @@ import * as cdk from 'aws-cdk-lib'; import { Construct } from 'constructs'; import { CfnGameServerGroup } from 'aws-cdk-lib/aws-gamelift'; - /** * Configuration settings for intelligent automatic scaling that uses target tracking. * After the Auto Scaling group is created, all updates to Auto Scaling policies, including changing this policy and adding or removing other policies, is done directly on the Auto Scaling group. diff --git a/packages/@aws-cdk/aws-gamelift-alpha/lib/matchmaking-configuration.ts b/packages/@aws-cdk/aws-gamelift-alpha/lib/matchmaking-configuration.ts index e35f66eb55570..5ffa172aa259c 100644 --- a/packages/@aws-cdk/aws-gamelift-alpha/lib/matchmaking-configuration.ts +++ b/packages/@aws-cdk/aws-gamelift-alpha/lib/matchmaking-configuration.ts @@ -48,7 +48,6 @@ export interface IMatchmakingConfiguration extends cdk.IResource { */ readonly notificationTarget?: sns.ITopic; - /** * Return the given named metric for this matchmaking configuration. */ @@ -195,7 +194,6 @@ export interface MatchmakingConfigurationProps { */ export abstract class MatchmakingConfigurationBase extends cdk.Resource implements IMatchmakingConfiguration { - /** * Import an existing matchmaking configuration from its attributes. */ diff --git a/packages/@aws-cdk/aws-gamelift-alpha/lib/matchmaking-ruleset.ts b/packages/@aws-cdk/aws-gamelift-alpha/lib/matchmaking-ruleset.ts index d11ab19acd69e..f54fa01783c5d 100644 --- a/packages/@aws-cdk/aws-gamelift-alpha/lib/matchmaking-ruleset.ts +++ b/packages/@aws-cdk/aws-gamelift-alpha/lib/matchmaking-ruleset.ts @@ -4,7 +4,6 @@ import { Construct } from 'constructs'; import { CfnMatchmakingRuleSet } from 'aws-cdk-lib/aws-gamelift'; import { RuleSetContent } from './matchmaking-ruleset-body'; - /** * Represents a Gamelift matchmaking ruleset */ @@ -35,7 +34,6 @@ export interface IMatchmakingRuleSet extends cdk.IResource { */ metricRuleEvaluationsPassed(props?: cloudwatch.MetricOptions): cloudwatch.Metric; - /** * Rule evaluations during matchmaking that failed since the last report. * @@ -224,5 +222,4 @@ export class MatchmakingRuleSet extends MatchmakingRuleSetBase { }); } - } \ No newline at end of file diff --git a/packages/@aws-cdk/aws-gamelift-alpha/test/build-fleet.test.ts b/packages/@aws-cdk/aws-gamelift-alpha/test/build-fleet.test.ts index 38346150e5ee8..ecb9f03e9d83c 100644 --- a/packages/@aws-cdk/aws-gamelift-alpha/test/build-fleet.test.ts +++ b/packages/@aws-cdk/aws-gamelift-alpha/test/build-fleet.test.ts @@ -680,5 +680,4 @@ describe('build fleet', () => { }); }); - }); \ No newline at end of file diff --git a/packages/@aws-cdk/aws-gamelift-alpha/test/build.test.ts b/packages/@aws-cdk/aws-gamelift-alpha/test/build.test.ts index e781baa0740aa..8a1efed138682 100644 --- a/packages/@aws-cdk/aws-gamelift-alpha/test/build.test.ts +++ b/packages/@aws-cdk/aws-gamelift-alpha/test/build.test.ts @@ -273,4 +273,3 @@ describe('build', () => { }); }); - diff --git a/packages/@aws-cdk/aws-gamelift-alpha/test/game-session-queue.test.ts b/packages/@aws-cdk/aws-gamelift-alpha/test/game-session-queue.test.ts index 75be39283237c..f2f4015c99e77 100644 --- a/packages/@aws-cdk/aws-gamelift-alpha/test/game-session-queue.test.ts +++ b/packages/@aws-cdk/aws-gamelift-alpha/test/game-session-queue.test.ts @@ -485,7 +485,6 @@ describe('gameSessionQueue', () => { }); }); - }); describe('test import methods', () => { diff --git a/packages/@aws-cdk/aws-gamelift-alpha/test/queued-matchmaking-configuration.test.ts b/packages/@aws-cdk/aws-gamelift-alpha/test/queued-matchmaking-configuration.test.ts index 0cded8cbadee5..65e445c13c6c6 100644 --- a/packages/@aws-cdk/aws-gamelift-alpha/test/queued-matchmaking-configuration.test.ts +++ b/packages/@aws-cdk/aws-gamelift-alpha/test/queued-matchmaking-configuration.test.ts @@ -5,7 +5,6 @@ import { Duration } from 'aws-cdk-lib'; import * as gamelift from '../lib'; describe('queuedMatchmakingConfiguration', () => { - describe('new', () => { let stack: cdk.Stack; const ruleSetBody = JSON.stringify('{}'); @@ -439,8 +438,6 @@ describe('queuedMatchmakingConfiguration', () => { }, }); }); - - }); describe('test import methods', () => { @@ -528,4 +525,4 @@ describe('queuedMatchmakingConfiguration', () => { }); }); }); -}); \ No newline at end of file +}); diff --git a/packages/@aws-cdk/aws-gamelift-alpha/test/script.test.ts b/packages/@aws-cdk/aws-gamelift-alpha/test/script.test.ts index 26ed682189961..9fdfc83a7838e 100644 --- a/packages/@aws-cdk/aws-gamelift-alpha/test/script.test.ts +++ b/packages/@aws-cdk/aws-gamelift-alpha/test/script.test.ts @@ -226,5 +226,3 @@ describe('script', () => { }); }); }); - - diff --git a/packages/@aws-cdk/aws-gamelift-alpha/test/standalone-matchmaking-configuration.test.ts b/packages/@aws-cdk/aws-gamelift-alpha/test/standalone-matchmaking-configuration.test.ts index 7841f014d71dc..21adef01fa146 100644 --- a/packages/@aws-cdk/aws-gamelift-alpha/test/standalone-matchmaking-configuration.test.ts +++ b/packages/@aws-cdk/aws-gamelift-alpha/test/standalone-matchmaking-configuration.test.ts @@ -243,7 +243,6 @@ describe('standaloneMatchmakingConfiguration', () => { }); }); - }); describe('test import methods', () => { diff --git a/packages/@aws-cdk/aws-glue-alpha/lib/job.ts b/packages/@aws-cdk/aws-glue-alpha/lib/job.ts index 2bcb7907bd0ed..329d797277233 100644 --- a/packages/@aws-cdk/aws-glue-alpha/lib/job.ts +++ b/packages/@aws-cdk/aws-glue-alpha/lib/job.ts @@ -800,7 +800,6 @@ function metricRule(rule: events.IRule, props?: cloudwatch.MetricOptions): cloud }).attachTo(rule); } - /** * Returns the job arn * @param scope diff --git a/packages/@aws-cdk/aws-glue-alpha/test/job.test.ts b/packages/@aws-cdk/aws-glue-alpha/test/job.test.ts index 9c467e1ddc002..2911df0705d53 100644 --- a/packages/@aws-cdk/aws-glue-alpha/test/job.test.ts +++ b/packages/@aws-cdk/aws-glue-alpha/test/job.test.ts @@ -56,7 +56,6 @@ describe('Job', () => { }); }); - describe('new', () => { const className = 'com.amazon.test.ClassName'; const codeBucketName = 'bucketname'; @@ -635,7 +634,6 @@ describe('Job', () => { }); }); - test('etl job with all props should synthesize correctly', () => { new glue.Job(stack, 'Job', { executable: glue.JobExecutable.pythonEtl({ diff --git a/packages/@aws-cdk/aws-iot-actions-alpha/lib/firehose-put-record-action.ts b/packages/@aws-cdk/aws-iot-actions-alpha/lib/firehose-put-record-action.ts index 343819924f3b1..d8786c9e69a1a 100644 --- a/packages/@aws-cdk/aws-iot-actions-alpha/lib/firehose-put-record-action.ts +++ b/packages/@aws-cdk/aws-iot-actions-alpha/lib/firehose-put-record-action.ts @@ -51,7 +51,6 @@ export interface FirehosePutRecordActionProps extends CommonActionProps { readonly recordSeparator?: FirehoseRecordSeparator; } - /** * The action to put the record from an MQTT message to the Kinesis Data Firehose stream. */ diff --git a/packages/@aws-cdk/aws-iot-actions-alpha/test/dynamodbv2/dynamodbv2-put-item-action.test.ts b/packages/@aws-cdk/aws-iot-actions-alpha/test/dynamodbv2/dynamodbv2-put-item-action.test.ts index 351bcb68a060e..afeb12321276e 100644 --- a/packages/@aws-cdk/aws-iot-actions-alpha/test/dynamodbv2/dynamodbv2-put-item-action.test.ts +++ b/packages/@aws-cdk/aws-iot-actions-alpha/test/dynamodbv2/dynamodbv2-put-item-action.test.ts @@ -67,7 +67,6 @@ test('Default dynamoDBv2 action', () => { }); }); - test('can set role', () => { // GIVEN const stack = new cdk.Stack(); diff --git a/packages/@aws-cdk/aws-iot-actions-alpha/test/iot/iotevents-put-message-action.test.ts b/packages/@aws-cdk/aws-iot-actions-alpha/test/iot/iotevents-put-message-action.test.ts index 0f8bb18395b72..91928b8d7cf4b 100644 --- a/packages/@aws-cdk/aws-iot-actions-alpha/test/iot/iotevents-put-message-action.test.ts +++ b/packages/@aws-cdk/aws-iot-actions-alpha/test/iot/iotevents-put-message-action.test.ts @@ -17,7 +17,6 @@ beforeEach(() => { input = iotevents.Input.fromInputName(stack, 'MyInput', 'my_input'); }); - test('Default IoT Events input action', () => { // WHEN topicRule.addAction( diff --git a/packages/@aws-cdk/aws-iot-actions-alpha/test/kinesis-firehose/integ.firehose-put-record-action.ts b/packages/@aws-cdk/aws-iot-actions-alpha/test/kinesis-firehose/integ.firehose-put-record-action.ts index 5f86a41d2a600..d506a2d78e8f0 100644 --- a/packages/@aws-cdk/aws-iot-actions-alpha/test/kinesis-firehose/integ.firehose-put-record-action.ts +++ b/packages/@aws-cdk/aws-iot-actions-alpha/test/kinesis-firehose/integ.firehose-put-record-action.ts @@ -5,7 +5,6 @@ import * as s3 from 'aws-cdk-lib/aws-s3'; import * as cdk from 'aws-cdk-lib'; import * as actions from '../../lib'; - const app = new cdk.App(); class TestStack extends cdk.Stack { diff --git a/packages/@aws-cdk/aws-ivs-alpha/test/integ.ivs.ts b/packages/@aws-cdk/aws-ivs-alpha/test/integ.ivs.ts index 794b66dea9e33..c11518ed87ddc 100644 --- a/packages/@aws-cdk/aws-ivs-alpha/test/integ.ivs.ts +++ b/packages/@aws-cdk/aws-ivs-alpha/test/integ.ivs.ts @@ -49,7 +49,6 @@ EPtPtOm1s0GR9k1ydU5hkI++f9CoZ5lM } } - /* * Creates a channel, playback key pair and stream key * diff --git a/packages/@aws-cdk/aws-kinesisanalytics-flink-alpha/lib/application.ts b/packages/@aws-cdk/aws-kinesisanalytics-flink-alpha/lib/application.ts index 345207b9908a7..fb45ce19661f1 100644 --- a/packages/@aws-cdk/aws-kinesisanalytics-flink-alpha/lib/application.ts +++ b/packages/@aws-cdk/aws-kinesisanalytics-flink-alpha/lib/application.ts @@ -406,7 +406,6 @@ abstract class ApplicationBase extends core.Resource implements IApplication { return this.metric('KPUs', { statistic: 'Average', ...props }); } - /** * The time elapsed during an outage for failing/recovering jobs. * diff --git a/packages/@aws-cdk/aws-lambda-go-alpha/test/bundling.test.ts b/packages/@aws-cdk/aws-lambda-go-alpha/test/bundling.test.ts index dd16aca2cd8e1..eafc7807da3ec 100644 --- a/packages/@aws-cdk/aws-lambda-go-alpha/test/bundling.test.ts +++ b/packages/@aws-cdk/aws-lambda-go-alpha/test/bundling.test.ts @@ -222,7 +222,6 @@ test('Incorrect go version', () => { expect(tryBundle).toBe(false); }); - test('Custom bundling docker image', () => { Bundling.bundle({ entry, @@ -305,7 +304,6 @@ test('AssetHashType can be specified', () => { }); }); - test('with command hooks', () => { Bundling.bundle({ entry, diff --git a/packages/@aws-cdk/aws-lambda-go-alpha/test/util.test.ts b/packages/@aws-cdk/aws-lambda-go-alpha/test/util.test.ts index 4763f1139eae0..e3a803cf166b4 100644 --- a/packages/@aws-cdk/aws-lambda-go-alpha/test/util.test.ts +++ b/packages/@aws-cdk/aws-lambda-go-alpha/test/util.test.ts @@ -7,7 +7,6 @@ beforeEach(() => { jest.clearAllMocks(); }); - describe('findUp', () => { test('Starting at process.cwd()', () => { expect(findUp('README.md')).toMatch(/aws-lambda-go-alpha\/README.md$/); diff --git a/packages/@aws-cdk/aws-lambda-python-alpha/lib/function.ts b/packages/@aws-cdk/aws-lambda-python-alpha/lib/function.ts index 4ccd611e1814f..0b67d86c6e3e1 100644 --- a/packages/@aws-cdk/aws-lambda-python-alpha/lib/function.ts +++ b/packages/@aws-cdk/aws-lambda-python-alpha/lib/function.ts @@ -15,7 +15,6 @@ export interface PythonFunctionProps extends FunctionOptions { */ readonly entry: string; - /** * The runtime environment. Only runtimes of the Python family are * supported. diff --git a/packages/@aws-cdk/aws-lambda-python-alpha/lib/types.ts b/packages/@aws-cdk/aws-lambda-python-alpha/lib/types.ts index 78e37c7c67259..d5f92006df1eb 100644 --- a/packages/@aws-cdk/aws-lambda-python-alpha/lib/types.ts +++ b/packages/@aws-cdk/aws-lambda-python-alpha/lib/types.ts @@ -1,6 +1,5 @@ import { AssetHashType, BundlingFileAccess, DockerImage, DockerRunOptions } from 'aws-cdk-lib'; - /** * Options for bundling */ diff --git a/packages/@aws-cdk/aws-location-alpha/lib/place-index.ts b/packages/@aws-cdk/aws-location-alpha/lib/place-index.ts index e4af4bd9c50d0..681a8726d2f96 100644 --- a/packages/@aws-cdk/aws-location-alpha/lib/place-index.ts +++ b/packages/@aws-cdk/aws-location-alpha/lib/place-index.ts @@ -174,7 +174,6 @@ export class PlaceIndex extends PlaceIndexBase { */ public readonly placeIndexUpdateTime: string; - constructor(scope: Construct, id: string, props: PlaceIndexProps = {}) { if (props.placeIndexName && !Token.isUnresolved(props.placeIndexName) && !/^[-.\w]{1,100}$/.test(props.placeIndexName)) { throw new Error(`Invalid place index name. The place index name must be between 1 and 100 characters and contain only alphanumeric characters, hyphens, periods and underscores. Received: ${props.placeIndexName}`); diff --git a/packages/@aws-cdk/aws-neptune-alpha/lib/parameter-group.ts b/packages/@aws-cdk/aws-neptune-alpha/lib/parameter-group.ts index 08dc90b04d236..28f878173c5dd 100644 --- a/packages/@aws-cdk/aws-neptune-alpha/lib/parameter-group.ts +++ b/packages/@aws-cdk/aws-neptune-alpha/lib/parameter-group.ts @@ -81,7 +81,6 @@ export interface IClusterParameterGroup extends IResource { readonly clusterParameterGroupName: string; } - /** * A cluster parameter group * diff --git a/packages/@aws-cdk/aws-neptune-alpha/test/cluster.test.ts b/packages/@aws-cdk/aws-neptune-alpha/test/cluster.test.ts index 79f7a2be65e06..f3887b37bede0 100644 --- a/packages/@aws-cdk/aws-neptune-alpha/test/cluster.test.ts +++ b/packages/@aws-cdk/aws-neptune-alpha/test/cluster.test.ts @@ -142,7 +142,6 @@ describe('DatabaseCluster', () => { }); }); - test('can create a cluster with imported vpc and security group', () => { // GIVEN const stack = testStack(); diff --git a/packages/@aws-cdk/aws-redshift-alpha/test/integ.cluster-reboot.ts b/packages/@aws-cdk/aws-redshift-alpha/test/integ.cluster-reboot.ts index 30193f2f63876..bde5aacd23716 100644 --- a/packages/@aws-cdk/aws-redshift-alpha/test/integ.cluster-reboot.ts +++ b/packages/@aws-cdk/aws-redshift-alpha/test/integ.cluster-reboot.ts @@ -16,7 +16,6 @@ import * as redshift from '../lib'; const app = new cdk.App(); - interface RedshiftRebootStackProps extends cdk.StackProps { parameterGroupParams: { [name: string]: string }, } diff --git a/packages/@aws-cdk/aws-servicecatalogappregistry-alpha/lib/private/utils.ts b/packages/@aws-cdk/aws-servicecatalogappregistry-alpha/lib/private/utils.ts index 897ac49ccce67..395bcae4dd55c 100644 --- a/packages/@aws-cdk/aws-servicecatalogappregistry-alpha/lib/private/utils.ts +++ b/packages/@aws-cdk/aws-servicecatalogappregistry-alpha/lib/private/utils.ts @@ -1,6 +1,5 @@ import { Token } from 'aws-cdk-lib'; - /** * Verifies if application or the visited node is region agnostic. * diff --git a/packages/@aws-cdk/aws-servicecatalogappregistry-alpha/lib/target-application.ts b/packages/@aws-cdk/aws-servicecatalogappregistry-alpha/lib/target-application.ts index 02bd6654b4c83..6d5b8ce9dfcbf 100644 --- a/packages/@aws-cdk/aws-servicecatalogappregistry-alpha/lib/target-application.ts +++ b/packages/@aws-cdk/aws-servicecatalogappregistry-alpha/lib/target-application.ts @@ -25,7 +25,6 @@ export interface TargetApplicationCommonOptions extends cdk.StackProps { readonly associateCrossAccountStacks?: boolean; } - /** * Properties used to define New TargetApplication. */ diff --git a/packages/@aws-cdk/aws-servicecatalogappregistry-alpha/test/application.test.ts b/packages/@aws-cdk/aws-servicecatalogappregistry-alpha/test/application.test.ts index 7bf61b5d60c1f..92b17ea416764 100644 --- a/packages/@aws-cdk/aws-servicecatalogappregistry-alpha/test/application.test.ts +++ b/packages/@aws-cdk/aws-servicecatalogappregistry-alpha/test/application.test.ts @@ -435,7 +435,6 @@ describe('Scope based Associations with Application within Same Account', () => }); }); - test('Associate Stack in same account will associate allStacks Inside it', () => { const application = new appreg.Application(stack, 'MyApplication', { applicationName: 'MyApplication', @@ -548,7 +547,6 @@ describe('Conditional nested stack Associations with Application within Same Acc }); - class AppRegistrySampleStack extends cdk.Stack { public constructor(scope: Construct, id: string, props?: cdk.StackProps) { super(scope, id, props); diff --git a/packages/@aws-cdk/aws-servicecatalogappregistry-alpha/test/integ.application-associator.all-stacks-association.ts b/packages/@aws-cdk/aws-servicecatalogappregistry-alpha/test/integ.application-associator.all-stacks-association.ts index 2a875cd62dd98..9ce525f35d5ad 100644 --- a/packages/@aws-cdk/aws-servicecatalogappregistry-alpha/test/integ.application-associator.all-stacks-association.ts +++ b/packages/@aws-cdk/aws-servicecatalogappregistry-alpha/test/integ.application-associator.all-stacks-association.ts @@ -5,7 +5,6 @@ import * as appreg from '../lib'; const app = new cdk.App(); const stack = new cdk.Stack(app, 'integ-servicecatalogappregistry-application'); - new appreg.ApplicationAssociator(app, 'RegisterCdkApplication', { applications: [appreg.TargetApplication.createApplicationStack({ applicationName: 'AppRegistryAssociatedApplication', diff --git a/packages/@aws-cdk/aws-synthetics-alpha/lib/runtime.ts b/packages/@aws-cdk/aws-synthetics-alpha/lib/runtime.ts index 50386015de142..2a69ded0881be 100644 --- a/packages/@aws-cdk/aws-synthetics-alpha/lib/runtime.ts +++ b/packages/@aws-cdk/aws-synthetics-alpha/lib/runtime.ts @@ -51,7 +51,6 @@ export class Runtime { */ public static readonly SYNTHETICS_NODEJS_2_0 = new Runtime('syn-nodejs-2.0', RuntimeFamily.NODEJS); - /** * **Deprecated by AWS Synthetics. You can't create canaries with deprecated runtimes.** * diff --git a/packages/@aws-cdk/aws-synthetics-alpha/lib/schedule.ts b/packages/@aws-cdk/aws-synthetics-alpha/lib/schedule.ts index 8ff2ee7c8165e..9b8df232d0490 100644 --- a/packages/@aws-cdk/aws-synthetics-alpha/lib/schedule.ts +++ b/packages/@aws-cdk/aws-synthetics-alpha/lib/schedule.ts @@ -71,7 +71,6 @@ export class Schedule { public readonly expressionString: string) {} } - /** * Options to configure a cron expression * diff --git a/packages/@aws-cdk/aws-synthetics-alpha/test/canary.test.ts b/packages/@aws-cdk/aws-synthetics-alpha/test/canary.test.ts index 3b62968514e29..2ca2104ef7430 100644 --- a/packages/@aws-cdk/aws-synthetics-alpha/test/canary.test.ts +++ b/packages/@aws-cdk/aws-synthetics-alpha/test/canary.test.ts @@ -333,7 +333,6 @@ test('Schedule can be set with Cron', () => { }); }); - test('Schedule can be set with Expression', () => { // GIVEN const stack = new Stack(); diff --git a/packages/@aws-cdk/aws-synthetics-alpha/test/code.test.ts b/packages/@aws-cdk/aws-synthetics-alpha/test/code.test.ts index ed07eb37cceff..9eef5059c9ad6 100644 --- a/packages/@aws-cdk/aws-synthetics-alpha/test/code.test.ts +++ b/packages/@aws-cdk/aws-synthetics-alpha/test/code.test.ts @@ -169,7 +169,6 @@ describe(synthetics.Code.fromAsset, () => { }); }); - describe(synthetics.Code.fromBucket, () => { test('fromBucket works', () => { // GIVEN diff --git a/packages/@aws-cdk/cdk-cli-wrapper/lib/commands/common.ts b/packages/@aws-cdk/cdk-cli-wrapper/lib/commands/common.ts index 01ab969b63098..8bfbad998ea5d 100644 --- a/packages/@aws-cdk/cdk-cli-wrapper/lib/commands/common.ts +++ b/packages/@aws-cdk/cdk-cli-wrapper/lib/commands/common.ts @@ -50,7 +50,6 @@ export interface DefaultCdkOptions { */ readonly app?: string; - /** * Role to pass to CloudFormation for deployment * diff --git a/packages/@aws-cdk/cfnspec/build-tools/patch-set.ts b/packages/@aws-cdk/cfnspec/build-tools/patch-set.ts index 490a3a31a180c..c80c91788ba4a 100644 --- a/packages/@aws-cdk/cfnspec/build-tools/patch-set.ts +++ b/packages/@aws-cdk/cfnspec/build-tools/patch-set.ts @@ -248,7 +248,6 @@ function findPatches(data: any, patchSource: any): Patch[] { } } - /** * Run this file as a CLI tool, to apply a patch set from the command line */ diff --git a/packages/@aws-cdk/cfnspec/lib/canned-metrics/canned-metrics-schema.ts b/packages/@aws-cdk/cfnspec/lib/canned-metrics/canned-metrics-schema.ts index 1cc1dac632166..d3d6d7ace8b35 100644 --- a/packages/@aws-cdk/cfnspec/lib/canned-metrics/canned-metrics-schema.ts +++ b/packages/@aws-cdk/cfnspec/lib/canned-metrics/canned-metrics-schema.ts @@ -18,7 +18,6 @@ export interface MetricInfoGroup { readonly metricTemplates: MetricTemplate[]; } - export interface MetricTemplate { /** * CloudFormation resource name diff --git a/packages/@aws-cdk/cfnspec/lib/index.ts b/packages/@aws-cdk/cfnspec/lib/index.ts index 36fbce9f3c2c0..91d0a0ee76f2b 100644 --- a/packages/@aws-cdk/cfnspec/lib/index.ts +++ b/packages/@aws-cdk/cfnspec/lib/index.ts @@ -29,7 +29,6 @@ export function docs(): schema.CloudFormationDocsFile { return require('../spec/cfn-docs.json'); } - /** * Return the resource specification for the given typename * diff --git a/packages/@aws-cdk/cli-lib-alpha/test/cli.test.ts b/packages/@aws-cdk/cli-lib-alpha/test/cli.test.ts index 4a152794eaed2..803d92fb7655c 100644 --- a/packages/@aws-cdk/cli-lib-alpha/test/cli.test.ts +++ b/packages/@aws-cdk/cli-lib-alpha/test/cli.test.ts @@ -68,7 +68,6 @@ describe('fromCloudAssemblyDirectoryProducer', () => { }); }); - describe('fromDirectory', () => { const cdk = AwsCdkCli.fromCdkAppDirectory(join(__dirname, 'test-app')); diff --git a/packages/@aws-cdk/cli-lib-alpha/test/commands.test.ts b/packages/@aws-cdk/cli-lib-alpha/test/commands.test.ts index 9c97f8873ba3d..4bcb558323628 100644 --- a/packages/@aws-cdk/cli-lib-alpha/test/commands.test.ts +++ b/packages/@aws-cdk/cli-lib-alpha/test/commands.test.ts @@ -32,7 +32,6 @@ describe('deploy', () => { ); }); - test('deploy with all arguments', async () => { // WHEN await await cdk.deploy({ @@ -119,7 +118,6 @@ describe('deploy', () => { ); }); - test('can parse boolean arguments', async () => { // WHEN await await cdk.deploy({ @@ -164,7 +162,6 @@ describe('deploy', () => { ); }); - test('can parse context', async () => { // WHEN await cdk.deploy({ @@ -285,7 +282,6 @@ describe('destroy', () => { }); }); - describe('list', () => { test('default list', async () => { // WHEN diff --git a/packages/@aws-cdk/integ-runner/lib/cli.ts b/packages/@aws-cdk/integ-runner/lib/cli.ts index 3c1865a5d6b5a..eb1a0134192a5 100644 --- a/packages/@aws-cdk/integ-runner/lib/cli.ts +++ b/packages/@aws-cdk/integ-runner/lib/cli.ts @@ -91,7 +91,6 @@ export function parseCliArgs(args: string[] = []) { }; } - export async function main(args: string[]) { const options = parseCliArgs(args); @@ -145,7 +144,6 @@ export async function main(args: string[]) { }); testsSucceeded = success; - if (options.clean === false) { logger.warning('Not cleaning up stacks since "--no-clean" was used'); } diff --git a/packages/@aws-cdk/integ-runner/lib/runner/integ-test-suite.ts b/packages/@aws-cdk/integ-runner/lib/runner/integ-test-suite.ts index 60fe524bf1d7b..65037f481cb98 100644 --- a/packages/@aws-cdk/integ-runner/lib/runner/integ-test-suite.ts +++ b/packages/@aws-cdk/integ-runner/lib/runner/integ-test-suite.ts @@ -45,7 +45,6 @@ export class IntegTestSuite { public readonly synthContext?: { [name: string]: string }, ) {} - /** * Returns a list of stacks that have stackUpdateWorkflow disabled */ @@ -182,7 +181,6 @@ export class LegacyIntegTestSuite extends IntegTestSuite { }; } - /** * Reads stack names from the "!cdk-integ" pragma. * diff --git a/packages/@aws-cdk/integ-runner/lib/runner/runner-base.ts b/packages/@aws-cdk/integ-runner/lib/runner/runner-base.ts index 5fc2de51fec1c..7347060a77790 100644 --- a/packages/@aws-cdk/integ-runner/lib/runner/runner-base.ts +++ b/packages/@aws-cdk/integ-runner/lib/runner/runner-base.ts @@ -384,7 +384,6 @@ export abstract class IntegRunner { } } - // Default context we run all integ tests with, so they don't depend on the // account of the exercising user. export const DEFAULT_SYNTH_OPTIONS = { diff --git a/packages/@aws-cdk/integ-runner/lib/utils.ts b/packages/@aws-cdk/integ-runner/lib/utils.ts index d6b373e3f16f8..47584b6a35ebf 100644 --- a/packages/@aws-cdk/integ-runner/lib/utils.ts +++ b/packages/@aws-cdk/integ-runner/lib/utils.ts @@ -49,7 +49,6 @@ export function chunks(command: string): string[] { return result ?? []; } - /** * A class holding a set of items which are being crossed off in time * diff --git a/packages/@aws-cdk/integ-runner/lib/workers/common.ts b/packages/@aws-cdk/integ-runner/lib/workers/common.ts index 8a91212226548..b42fc9da81360 100644 --- a/packages/@aws-cdk/integ-runner/lib/workers/common.ts +++ b/packages/@aws-cdk/integ-runner/lib/workers/common.ts @@ -57,7 +57,6 @@ export interface DestructiveChange { readonly impact: ResourceImpact; } - /** * Represents integration tests metrics for a given worker */ diff --git a/packages/@aws-cdk/integ-runner/test/cli.test.ts b/packages/@aws-cdk/integ-runner/test/cli.test.ts index 8edc4b69d663a..124c3a70fcd1b 100644 --- a/packages/@aws-cdk/integ-runner/test/cli.test.ts +++ b/packages/@aws-cdk/integ-runner/test/cli.test.ts @@ -96,7 +96,6 @@ describe('Test discovery', () => { ]]); }); - test('cannot use --test-regex by itself with more than one language preset', async () => { await expect(() => main([ '--list', diff --git a/packages/@aws-cdk/integ-runner/test/helpers.ts b/packages/@aws-cdk/integ-runner/test/helpers.ts index 6e97997dcf51e..7db689642694a 100644 --- a/packages/@aws-cdk/integ-runner/test/helpers.ts +++ b/packages/@aws-cdk/integ-runner/test/helpers.ts @@ -48,7 +48,6 @@ export class MockCdkProvider { return this.mocks as Required; } - /** * Run a test of the testSnapshot method * @param integTestFile This name is used to determined the expected (committed) snapshot diff --git a/packages/@aws-cdk/integ-runner/test/runner/integ-test-runner.test.ts b/packages/@aws-cdk/integ-runner/test/runner/integ-test-runner.test.ts index fa9f247390353..8ffb8c6172e64 100644 --- a/packages/@aws-cdk/integ-runner/test/runner/integ-test-runner.test.ts +++ b/packages/@aws-cdk/integ-runner/test/runner/integ-test-runner.test.ts @@ -554,7 +554,6 @@ describe('IntegTest runIntegTests', () => { ]); }); - test.each` verbosity | verbose | debug ${0} | ${undefined} | ${undefined} diff --git a/packages/@aws-cdk/integ-runner/test/runner/integration-tests.test.ts b/packages/@aws-cdk/integ-runner/test/runner/integration-tests.test.ts index 11c5af79756e5..d44589fc07d58 100644 --- a/packages/@aws-cdk/integ-runner/test/runner/integration-tests.test.ts +++ b/packages/@aws-cdk/integ-runner/test/runner/integration-tests.test.ts @@ -68,7 +68,6 @@ describe('IntegrationTests Discovery', () => { expect(integTests[0].fileName).toEqual(expect.stringMatching(namedTest)); }); - test('test not found', async () => { const integTests = await tests.fromCliOptions({ ...cliOptions, tests: [`test-data/${namedTest}`.replace('test1', 'test42')] }); diff --git a/packages/@aws-cdk/integ-runner/test/workers/mock-extract_worker.ts b/packages/@aws-cdk/integ-runner/test/workers/mock-extract_worker.ts index f761b5a2a4429..5c6874c5ee40c 100644 --- a/packages/@aws-cdk/integ-runner/test/workers/mock-extract_worker.ts +++ b/packages/@aws-cdk/integ-runner/test/workers/mock-extract_worker.ts @@ -2,7 +2,6 @@ import * as workerpool from 'workerpool'; import { IntegTestInfo } from '../../lib/runner'; import { IntegTestBatchRequest } from '../../lib/workers/integ-test-worker'; - function integTestWorker(request: IntegTestBatchRequest): IntegTestInfo[] { return request.tests; } diff --git a/packages/@aws-cdk/integ-tests-alpha/lib/assertions/private/deploy-assert.ts b/packages/@aws-cdk/integ-tests-alpha/lib/assertions/private/deploy-assert.ts index 8a5bbb3b98ddc..55342380f7b0e 100644 --- a/packages/@aws-cdk/integ-tests-alpha/lib/assertions/private/deploy-assert.ts +++ b/packages/@aws-cdk/integ-tests-alpha/lib/assertions/private/deploy-assert.ts @@ -7,7 +7,6 @@ import { md5hash } from '../private/hash'; import { AwsApiCall, LambdaInvokeFunction, LambdaInvokeFunctionProps } from '../sdk'; import { IDeployAssert } from '../types'; - const DEPLOY_ASSERT_SYMBOL = Symbol.for('@aws-cdk/integ-tests.DeployAssert'); /** diff --git a/packages/@aws-cdk/integ-tests-alpha/lib/assertions/providers/lambda-handler/assertion.ts b/packages/@aws-cdk/integ-tests-alpha/lib/assertions/providers/lambda-handler/assertion.ts index 354344c43633f..88a14904e0de0 100644 --- a/packages/@aws-cdk/integ-tests-alpha/lib/assertions/providers/lambda-handler/assertion.ts +++ b/packages/@aws-cdk/integ-tests-alpha/lib/assertions/providers/lambda-handler/assertion.ts @@ -37,7 +37,6 @@ export class AssertionHandler extends CustomResourceHandler { protected async processEvent(request: AwsApiCallRequest): Promise { // eslint-disable-next-line const AWS: any = require('aws-sdk'); console.log(`AWS SDK VERSION: ${AWS.VERSION}`); - if (!Object.prototype.hasOwnProperty.call(AWS, request.service)) { throw Error(`Service ${request.service} does not exist in AWS SDK version ${AWS.VERSION}.`); } diff --git a/packages/@aws-cdk/integ-tests-alpha/test/assertions/deploy-assert.test.ts b/packages/@aws-cdk/integ-tests-alpha/test/assertions/deploy-assert.test.ts index f196afc3b1e2f..4e2f149c9cbb5 100644 --- a/packages/@aws-cdk/integ-tests-alpha/test/assertions/deploy-assert.test.ts +++ b/packages/@aws-cdk/integ-tests-alpha/test/assertions/deploy-assert.test.ts @@ -122,7 +122,6 @@ describe('DeployAssert', () => { // WHEN deplossert.awsApiCall('MyService', 'MyApi'); - // THEN Template.fromStack(deplossert.scope).hasResourceProperties('Custom::DeployAssert@SdkCallMyServiceMyApi', { api: 'MyApi', @@ -139,7 +138,6 @@ describe('DeployAssert', () => { deplossert.awsApiCall('MyService', 'MyApi1'); deplossert.awsApiCall('MyService', 'MyApi2'); - // THEN const template = Template.fromStack(deplossert.scope); template.resourceCountIs('AWS::Lambda::Function', 1); diff --git a/packages/@aws-cdk/integ-tests-alpha/test/assertions/providers/lambda-handler/base.test.ts b/packages/@aws-cdk/integ-tests-alpha/test/assertions/providers/lambda-handler/base.test.ts index dbdca434564e3..9ab8eda463f84 100644 --- a/packages/@aws-cdk/integ-tests-alpha/test/assertions/providers/lambda-handler/base.test.ts +++ b/packages/@aws-cdk/integ-tests-alpha/test/assertions/providers/lambda-handler/base.test.ts @@ -18,7 +18,6 @@ interface CloudFormationResponse extends Omit { diff --git a/packages/@aws-cdk/integ-tests-alpha/test/assertions/providers/lambda-handler/sdk.test.ts b/packages/@aws-cdk/integ-tests-alpha/test/assertions/providers/lambda-handler/sdk.test.ts index c6208cd4ca466..3f7eb24e826b0 100644 --- a/packages/@aws-cdk/integ-tests-alpha/test/assertions/providers/lambda-handler/sdk.test.ts +++ b/packages/@aws-cdk/integ-tests-alpha/test/assertions/providers/lambda-handler/sdk.test.ts @@ -56,7 +56,6 @@ describe('SdkHandler', () => { // WHEN const response: AwsApiCallResult = await handler.processEvent(request); - // THEN expect(response.apiCallResponse).toEqual(expectedResponse); }); @@ -78,7 +77,6 @@ describe('SdkHandler', () => { // WHEN await handler.processEvent(request); - // THEN sinon.assert.calledWith(fake, { DryRun: true }); }); @@ -99,7 +97,6 @@ describe('SdkHandler', () => { // WHEN await handler.processEvent(request); - // THEN sinon.assert.calledWith(fake, { DryRun: false }); }); diff --git a/packages/aws-cdk-lib/assertions/lib/private/cyclic.ts b/packages/aws-cdk-lib/assertions/lib/private/cyclic.ts index 5f9a36da5278c..109434cc14a8e 100644 --- a/packages/aws-cdk-lib/assertions/lib/private/cyclic.ts +++ b/packages/aws-cdk-lib/assertions/lib/private/cyclic.ts @@ -104,7 +104,6 @@ function logicalIdsInSubString(x: string): string[] { }); } - function analyzeSubPattern(pattern: string): SubFragment[] { const ret: SubFragment[] = []; let start = 0; @@ -150,7 +149,6 @@ type SubFragment = | { readonly type: 'ref'; readonly logicalId: string } | { readonly type: 'getatt'; readonly logicalId: string; readonly attr: string }; - function intersect(xs: Set, ys: Set): Set { return new Set(Array.from(xs).filter(x => ys.has(x))); } diff --git a/packages/aws-cdk-lib/assertions/lib/private/resources.ts b/packages/aws-cdk-lib/assertions/lib/private/resources.ts index 96ac1dd408840..33824f85e66d4 100644 --- a/packages/aws-cdk-lib/assertions/lib/private/resources.ts +++ b/packages/aws-cdk-lib/assertions/lib/private/resources.ts @@ -49,7 +49,6 @@ export function allResourcesProperties(template: Template, type: string, props: } - export function hasResource(template: Template, type: string, props: any): string | void { const section = template.Resources ?? {}; const result = matchSection(filterType(section, type), props); diff --git a/packages/aws-cdk-lib/aws-apigateway/lib/authorizers/lambda.ts b/packages/aws-cdk-lib/aws-apigateway/lib/authorizers/lambda.ts index c6e998d45a864..b321a2d355fca 100644 --- a/packages/aws-cdk-lib/aws-apigateway/lib/authorizers/lambda.ts +++ b/packages/aws-cdk-lib/aws-apigateway/lib/authorizers/lambda.ts @@ -7,7 +7,6 @@ import { CfnAuthorizer, CfnAuthorizerProps } from '../apigateway.generated'; import { Authorizer, IAuthorizer } from '../authorizer'; import { IRestApi } from '../restapi'; - /** * Base properties for all lambda authorizers */ diff --git a/packages/aws-cdk-lib/aws-apigateway/lib/domain-name.ts b/packages/aws-cdk-lib/aws-apigateway/lib/domain-name.ts index 9ebf2976f4cbb..4f4ae930983b1 100644 --- a/packages/aws-cdk-lib/aws-apigateway/lib/domain-name.ts +++ b/packages/aws-cdk-lib/aws-apigateway/lib/domain-name.ts @@ -167,7 +167,6 @@ export class DomainName extends Resource implements IDomainName { ? resource.attrDistributionHostedZoneId : resource.attrRegionalHostedZoneId; - const multiLevel = this.validateBasePath(props.basePath); if (props.mapping && !multiLevel) { this.addBasePathMapping(props.mapping, { diff --git a/packages/aws-cdk-lib/aws-apigateway/lib/stage.ts b/packages/aws-cdk-lib/aws-apigateway/lib/stage.ts index 80ae9f4c1cbf1..f7b37ef0a2a39 100644 --- a/packages/aws-cdk-lib/aws-apigateway/lib/stage.ts +++ b/packages/aws-cdk-lib/aws-apigateway/lib/stage.ts @@ -436,7 +436,6 @@ export class Stage extends StageBase { } } - private renderMethodSettings(props: StageProps): CfnStage.MethodSettingProperty[] | undefined { const settings = new Array(); const self = this; diff --git a/packages/aws-cdk-lib/aws-apigateway/test/api-key.test.ts b/packages/aws-cdk-lib/aws-apigateway/test/api-key.test.ts index bda72146c18c3..a40fad8839a55 100644 --- a/packages/aws-cdk-lib/aws-apigateway/test/api-key.test.ts +++ b/packages/aws-cdk-lib/aws-apigateway/test/api-key.test.ts @@ -32,7 +32,6 @@ describe('api key', () => { }).toThrow(/Cannot add an ApiKey to a RestApi that does not contain a "deploymentStage"/); }); - test('enabled flag is respected', () => { // GIVEN const stack = new cdk.Stack(); @@ -50,7 +49,6 @@ describe('api key', () => { }); }); - testDeprecated('specify props for apiKey', () => { // GIVEN const stack = new cdk.Stack(); diff --git a/packages/aws-cdk-lib/aws-apigateway/test/authorizers/lambda.test.ts b/packages/aws-cdk-lib/aws-apigateway/test/authorizers/lambda.test.ts index ab8c6c71b2ff3..5bfd5b9efefa7 100644 --- a/packages/aws-cdk-lib/aws-apigateway/test/authorizers/lambda.test.ts +++ b/packages/aws-cdk-lib/aws-apigateway/test/authorizers/lambda.test.ts @@ -151,7 +151,6 @@ describe('lambda authorizer', () => { expect(auth.authorizerArn.endsWith(`/authorizers/${auth.authorizerId}`)).toBeTruthy(); - }); test('invalid request authorizer config', () => { diff --git a/packages/aws-cdk-lib/aws-apigateway/test/deployment.test.ts b/packages/aws-cdk-lib/aws-apigateway/test/deployment.test.ts index 07bfbc6333da9..e82ff90112518 100644 --- a/packages/aws-cdk-lib/aws-apigateway/test/deployment.test.ts +++ b/packages/aws-cdk-lib/aws-apigateway/test/deployment.test.ts @@ -190,7 +190,6 @@ describe('deployment', () => { ], }); - }); test('integration change invalidates deployment', () => { diff --git a/packages/aws-cdk-lib/aws-apigateway/test/method.test.ts b/packages/aws-cdk-lib/aws-apigateway/test/method.test.ts index 1772c509ff3c4..17ad07afbb9fe 100644 --- a/packages/aws-cdk-lib/aws-apigateway/test/method.test.ts +++ b/packages/aws-cdk-lib/aws-apigateway/test/method.test.ts @@ -31,7 +31,6 @@ describe('method', () => { }, }); - }); test('method options can be specified', () => { @@ -55,7 +54,6 @@ describe('method', () => { OperationName: 'MyOperation', }); - }); test('integration can be set via a property', () => { @@ -87,7 +85,6 @@ describe('method', () => { }, }); - }); test('integration can be set for a service in the provided region', () => { @@ -138,7 +135,6 @@ describe('method', () => { }, }); - }); test('use default integration from api', () => { @@ -165,7 +161,6 @@ describe('method', () => { }, }); - }); test('"methodArn" returns the ARN execute-api ARN for this method in the current stage', () => { @@ -199,7 +194,6 @@ describe('method', () => { ], }); - }); test('"testMethodArn" returns the ARN of the "test-invoke-stage" stage (console UI)', () => { @@ -231,7 +225,6 @@ describe('method', () => { ], }); - }); test('"methodArn" returns an arn with "*" as its stage when deploymentStage is not set', () => { @@ -260,7 +253,6 @@ describe('method', () => { ], }); - }); test('"methodArn" and "testMethodArn" replace path parameters with asterisks', () => { @@ -306,7 +298,6 @@ describe('method', () => { ], }); - }); test('integration "credentialsRole" can be used to assume a role when calling backend', () => { @@ -406,7 +397,6 @@ describe('method', () => { }], }); - }); test('multiple integration responses can be used', () => { // @see https://github.com/aws/aws-cdk/issues/1608 @@ -505,7 +495,6 @@ describe('method', () => { }, }); - }); test('methodResponse has a mix of response modes', () => { @@ -570,7 +559,6 @@ describe('method', () => { }], }); - }); test('method has a request validator', () => { @@ -601,7 +589,6 @@ describe('method', () => { ValidateRequestParameters: false, }); - }); test('use default requestParameters', () => { @@ -632,7 +619,6 @@ describe('method', () => { }, }); - }); test('authorizer is bound correctly', () => { @@ -649,7 +635,6 @@ describe('method', () => { AuthorizerId: DUMMY_AUTHORIZER.authorizerId, }); - }); test('authorizer via default method options', () => { @@ -679,7 +664,6 @@ describe('method', () => { RestApiId: stack.resolve(restApi.restApiId), }); - }); test('fails when authorization type does not match the authorizer', () => { @@ -694,7 +678,6 @@ describe('method', () => { }); }).toThrow(/Authorization type is set to AWS_IAM which is different from what is required by the authorizer/); - }); test('fails when authorization type does not match the authorizer in default method options', () => { @@ -712,7 +695,6 @@ describe('method', () => { }); }).toThrow(/Authorization type is set to NONE which is different from what is required by the authorizer/); - }); test('method has Auth Scopes', () => { @@ -736,7 +718,6 @@ describe('method', () => { AuthorizationScopes: ['AuthScope1', 'AuthScope2'], }); - }); test('use default Auth Scopes', () => { @@ -765,7 +746,6 @@ describe('method', () => { AuthorizationScopes: ['DefaultAuth'], }); - }); test('Method options Auth Scopes is picked up', () => { @@ -795,7 +775,6 @@ describe('method', () => { AuthorizationScopes: ['MethodAuthScope'], }); - }); test('Auth Scopes absent', () => { @@ -821,7 +800,6 @@ describe('method', () => { AuthorizationScopes: Match.absent(), }); - }); test('method has a request validator with provided properties', () => { @@ -850,7 +828,6 @@ describe('method', () => { Name: 'test-validator', }); - }); test('method does not have a request validator', () => { @@ -869,7 +846,6 @@ describe('method', () => { RequestValidatorId: Match.absent(), }); - }); test('method does not support both request validator and request validator options', () => { @@ -899,7 +875,6 @@ describe('method', () => { expect(() => new apigw.Method(stack, 'method', methodProps)) .toThrow(/Only one of 'requestValidator' or 'requestValidatorOptions' must be specified./); - }); testDeprecated('"restApi" and "api" properties return the RestApi correctly', () => { @@ -915,7 +890,6 @@ describe('method', () => { expect(method.api).toBeDefined(); expect(stack.resolve(method.api.restApiId)).toEqual(stack.resolve(method.restApi.restApiId)); - }); testDeprecated('"restApi" throws an error on imported while "api" returns correctly', () => { @@ -933,7 +907,6 @@ describe('method', () => { expect(() => method.restApi).toThrow(/not available on Resource not connected to an instance of RestApi/); expect(method.api).toBeDefined(); - }); describe('Metrics', () => { diff --git a/packages/aws-cdk-lib/aws-apigateway/test/resource.test.ts b/packages/aws-cdk-lib/aws-apigateway/test/resource.test.ts index 7a09170a44f58..2860f67252c22 100644 --- a/packages/aws-cdk-lib/aws-apigateway/test/resource.test.ts +++ b/packages/aws-cdk-lib/aws-apigateway/test/resource.test.ts @@ -44,7 +44,6 @@ describe('resource', () => { }, }); - }); test('if "anyMethod" is false, then an ANY method will not be defined', () => { @@ -65,7 +64,6 @@ describe('resource', () => { Template.fromStack(stack).hasResourceProperties('AWS::ApiGateway::Method', { 'HttpMethod': 'GET' }); Template.fromStack(stack).hasResourceProperties('AWS::ApiGateway::Method', Match.not({ 'HttpMethod': 'ANY' })); - }); test('addProxy can be used on any resource to attach a proxy from that route', () => { @@ -133,7 +131,6 @@ describe('resource', () => { }, }); - }); test('if proxy is added to root, proxy methods are automatically duplicated (with integration and options)', () => { @@ -175,7 +172,6 @@ describe('resource', () => { OperationName: 'DeleteMe', }); - }); test('if proxy is added to root, proxy methods are only added if they are not defined already on the root resource', () => { @@ -368,7 +364,6 @@ describe('resource', () => { expect(child.getResource('hello')).toEqual(r1); expect(child.getResource('outside-world')).toEqual(r2); - }); }); diff --git a/packages/aws-cdk-lib/aws-apigateway/test/restapi.test.ts b/packages/aws-cdk-lib/aws-apigateway/test/restapi.test.ts index 36b7f73573a09..dc88e8062d5dc 100644 --- a/packages/aws-cdk-lib/aws-apigateway/test/restapi.test.ts +++ b/packages/aws-cdk-lib/aws-apigateway/test/restapi.test.ts @@ -933,7 +933,6 @@ describe('restapi', () => { }); }); - describe('Import', () => { test('fromRestApiId()', () => { // GIVEN diff --git a/packages/aws-cdk-lib/aws-apigateway/test/usage-plan.test.ts b/packages/aws-cdk-lib/aws-apigateway/test/usage-plan.test.ts index a24521ee0a8a4..4aab5a5885c5b 100644 --- a/packages/aws-cdk-lib/aws-apigateway/test/usage-plan.test.ts +++ b/packages/aws-cdk-lib/aws-apigateway/test/usage-plan.test.ts @@ -224,7 +224,6 @@ describe('usage plan', () => { }); }); - test('imported', () => { // GIVEN const stack = new cdk.Stack(); diff --git a/packages/aws-cdk-lib/aws-applicationautoscaling/test/step-scaling-policy.test.ts b/packages/aws-cdk-lib/aws-applicationautoscaling/test/step-scaling-policy.test.ts index 358e4ef1e00c9..2e53e9062c6ef 100644 --- a/packages/aws-cdk-lib/aws-applicationautoscaling/test/step-scaling-policy.test.ts +++ b/packages/aws-cdk-lib/aws-applicationautoscaling/test/step-scaling-policy.test.ts @@ -23,7 +23,6 @@ describe('step scaling policy', () => { }, )); - }); test('generated step intervals are valid intervals', () => { @@ -39,7 +38,6 @@ describe('step scaling policy', () => { }, )); - }); test('generated step intervals are nonoverlapping', () => { @@ -60,7 +58,6 @@ describe('step scaling policy', () => { }, ), { verbose: true }); - }); test('all template intervals occur in input array', () => { @@ -82,7 +79,6 @@ describe('step scaling policy', () => { }, )); - }); test('lower alarm uses lower policy', () => { @@ -97,7 +93,6 @@ describe('step scaling policy', () => { }, )); - }); test('upper alarm uses upper policy', () => { @@ -112,7 +107,6 @@ describe('step scaling policy', () => { }, )); - }); test('test step scaling on metric', () => { @@ -149,7 +143,6 @@ describe('step scaling policy', () => { }); - }); test('step scaling from percentile metric', () => { @@ -187,7 +180,6 @@ describe('step scaling policy', () => { Threshold: 100, }); - }); test('step scaling with evaluation period configured', () => { @@ -224,7 +216,6 @@ describe('step scaling policy', () => { Threshold: 100, }); - }); test('step scaling with evaluation period & data points to alarm configured', () => { diff --git a/packages/aws-cdk-lib/aws-applicationautoscaling/test/target-tracking.test.ts b/packages/aws-cdk-lib/aws-applicationautoscaling/test/target-tracking.test.ts index d3d5409ac469a..ca117a8406a2f 100644 --- a/packages/aws-cdk-lib/aws-applicationautoscaling/test/target-tracking.test.ts +++ b/packages/aws-cdk-lib/aws-applicationautoscaling/test/target-tracking.test.ts @@ -26,7 +26,6 @@ describe('target tracking', () => { }); - }); test('test setup target tracking on predefined metric for lambda', () => { @@ -50,7 +49,6 @@ describe('target tracking', () => { }); - }); test('test setup target tracking on predefined metric for DYNAMODB_WRITE_CAPACITY_UTILIZATION', () => { @@ -98,6 +96,5 @@ describe('target tracking', () => { }); - }); }); diff --git a/packages/aws-cdk-lib/aws-appmesh/lib/health-checks.ts b/packages/aws-cdk-lib/aws-appmesh/lib/health-checks.ts index 60692abbb705b..8ebdd50e81bc2 100644 --- a/packages/aws-cdk-lib/aws-appmesh/lib/health-checks.ts +++ b/packages/aws-cdk-lib/aws-appmesh/lib/health-checks.ts @@ -89,7 +89,6 @@ export interface HealthCheckBindOptions { readonly defaultPort?: number; } - /** * Contains static factory methods for creating health checks for different protocols */ diff --git a/packages/aws-cdk-lib/aws-appmesh/lib/shared-interfaces.ts b/packages/aws-cdk-lib/aws-appmesh/lib/shared-interfaces.ts index 717b701a20da8..05e295e312d80 100644 --- a/packages/aws-cdk-lib/aws-appmesh/lib/shared-interfaces.ts +++ b/packages/aws-cdk-lib/aws-appmesh/lib/shared-interfaces.ts @@ -288,7 +288,6 @@ export interface BackendConfig { readonly virtualServiceBackend: CfnVirtualNode.BackendProperty; } - /** * Contains static factory methods to create backends */ diff --git a/packages/aws-cdk-lib/aws-appmesh/lib/virtual-node.ts b/packages/aws-cdk-lib/aws-appmesh/lib/virtual-node.ts index 214b77ab91c2b..0e6b6f6ddb3d0 100644 --- a/packages/aws-cdk-lib/aws-appmesh/lib/virtual-node.ts +++ b/packages/aws-cdk-lib/aws-appmesh/lib/virtual-node.ts @@ -52,7 +52,6 @@ export interface VirtualNodeBaseProps { */ readonly virtualNodeName?: string; - /** * Defines how upstream clients will discover this VirtualNode * diff --git a/packages/aws-cdk-lib/aws-appsync/lib/graphqlapi-base.ts b/packages/aws-cdk-lib/aws-appsync/lib/graphqlapi-base.ts index 5455e8e69444a..b34151df7f665 100644 --- a/packages/aws-cdk-lib/aws-appsync/lib/graphqlapi-base.ts +++ b/packages/aws-cdk-lib/aws-appsync/lib/graphqlapi-base.ts @@ -97,7 +97,6 @@ export interface IGraphqlApi extends IResource { */ addHttpDataSource(id: string, endpoint: string, options?: HttpDataSourceOptions): HttpDataSource; - /** * Add an EventBridge data source to this api * @param id The data source's id diff --git a/packages/aws-cdk-lib/aws-appsync/test/appsync-auth.test.ts b/packages/aws-cdk-lib/aws-appsync/test/appsync-auth.test.ts index a6600c2912083..a6a6f0a2b41f0 100644 --- a/packages/aws-cdk-lib/aws-appsync/test/appsync-auth.test.ts +++ b/packages/aws-cdk-lib/aws-appsync/test/appsync-auth.test.ts @@ -681,7 +681,6 @@ describe('AppSync Lambda Authorization', () => { }, }); - }); test('Attach Lambda Authorization to two or more graphql api', () => { diff --git a/packages/aws-cdk-lib/aws-appsync/test/appsync-http.test.ts b/packages/aws-cdk-lib/aws-appsync/test/appsync-http.test.ts index 305dc31d47b50..5e81aabe14749 100644 --- a/packages/aws-cdk-lib/aws-appsync/test/appsync-http.test.ts +++ b/packages/aws-cdk-lib/aws-appsync/test/appsync-http.test.ts @@ -101,7 +101,6 @@ describe('Http Data Source configuration', () => { }); machine.grantRead(ds); - // THEN Template.fromStack(stack).hasResourceProperties('AWS::IAM::Policy', { PolicyDocument: { diff --git a/packages/aws-cdk-lib/aws-autoscaling-hooktargets/test/hooks.test.ts b/packages/aws-cdk-lib/aws-autoscaling-hooktargets/test/hooks.test.ts index 7fe8a81f21ecc..e208befc8ec6b 100644 --- a/packages/aws-cdk-lib/aws-autoscaling-hooktargets/test/hooks.test.ts +++ b/packages/aws-cdk-lib/aws-autoscaling-hooktargets/test/hooks.test.ts @@ -9,7 +9,6 @@ import * as sqs from '../../aws-sqs'; import { Stack } from '../../core'; import * as hooks from '../lib'; - describe('given an AutoScalingGroup and no role', () => { let stack: Stack; let asg: autoscaling.AutoScalingGroup; diff --git a/packages/aws-cdk-lib/aws-autoscaling/lib/auto-scaling-group.ts b/packages/aws-cdk-lib/aws-autoscaling/lib/auto-scaling-group.ts index 602273347de5a..a44ebd0d6ff16 100644 --- a/packages/aws-cdk-lib/aws-autoscaling/lib/auto-scaling-group.ts +++ b/packages/aws-cdk-lib/aws-autoscaling/lib/auto-scaling-group.ts @@ -1800,7 +1800,6 @@ export class AutoScalingGroup extends AutoScalingGroupBase implements } } - private validateTargetGroup(): string[] { const errors = new Array(); if (this.hasCalledScaleOnRequestCount && this.targetGroupArns.length > 1) { @@ -1986,7 +1985,6 @@ export class ScalingEvents { */ public static readonly TERMINATION_EVENTS = new ScalingEvents(ScalingEvent.INSTANCE_TERMINATE, ScalingEvent.INSTANCE_TERMINATE_ERROR); - /** * @internal */ @@ -2261,7 +2259,6 @@ function synthesizeBlockDeviceMappings(construct: Construct, blockDevices: Block } } - if (!iops) { if (volumeType === EbsDeviceVolumeType.IO1) { throw new Error('iops property is required with volumeType: EbsDeviceVolumeType.IO1'); diff --git a/packages/aws-cdk-lib/aws-autoscaling/test/auto-scaling-group.test.ts b/packages/aws-cdk-lib/aws-autoscaling/test/auto-scaling-group.test.ts index 3e5b8a9fc030c..9f7a0e0598b73 100644 --- a/packages/aws-cdk-lib/aws-autoscaling/test/auto-scaling-group.test.ts +++ b/packages/aws-cdk-lib/aws-autoscaling/test/auto-scaling-group.test.ts @@ -1365,7 +1365,6 @@ describe('auto scaling group', () => { }); - test('Can protect new instances from scale-in via constructor property', () => { // GIVEN const stack = new cdk.Stack(); diff --git a/packages/aws-cdk-lib/aws-backup/lib/vault.ts b/packages/aws-cdk-lib/aws-backup/lib/vault.ts index 4f52ba937a2b4..ac530bafab2f1 100644 --- a/packages/aws-cdk-lib/aws-backup/lib/vault.ts +++ b/packages/aws-cdk-lib/aws-backup/lib/vault.ts @@ -220,7 +220,6 @@ abstract class BackupVaultBase extends Resource implements IBackupVault { } } - /** * A backup vault */ diff --git a/packages/aws-cdk-lib/aws-certificatemanager/test/certificate.test.ts b/packages/aws-cdk-lib/aws-certificatemanager/test/certificate.test.ts index cd5752e67a0f3..baf03efaa0de4 100644 --- a/packages/aws-cdk-lib/aws-certificatemanager/test/certificate.test.ts +++ b/packages/aws-cdk-lib/aws-certificatemanager/test/certificate.test.ts @@ -407,7 +407,6 @@ describe('Transparency logging settings', () => { }); }); - describe('Certifcate Name setting', () => { test('the Name tag is defaulted to path', () => { const stack = new Stack(undefined, 'TestStack'); diff --git a/packages/aws-cdk-lib/aws-certificatemanager/test/dns-validated-certificate.test.ts b/packages/aws-cdk-lib/aws-certificatemanager/test/dns-validated-certificate.test.ts index 830e3399e200a..b039a32dd68b3 100644 --- a/packages/aws-cdk-lib/aws-certificatemanager/test/dns-validated-certificate.test.ts +++ b/packages/aws-cdk-lib/aws-certificatemanager/test/dns-validated-certificate.test.ts @@ -244,7 +244,6 @@ testDeprecated('works with imported role', () => { }); }); - testDeprecated('throws when domain name is longer than 64 characters', () => { const stack = new Stack(); diff --git a/packages/aws-cdk-lib/aws-cloudfront/lib/experimental/edge-function.ts b/packages/aws-cdk-lib/aws-cloudfront/lib/experimental/edge-function.ts index fadd4c5630bf8..f8170d6cf0d96 100644 --- a/packages/aws-cdk-lib/aws-cloudfront/lib/experimental/edge-function.ts +++ b/packages/aws-cdk-lib/aws-cloudfront/lib/experimental/edge-function.ts @@ -17,7 +17,6 @@ import { Token, } from '../../../core'; - /** * Properties for creating a Lambda@Edge function */ diff --git a/packages/aws-cdk-lib/aws-cloudfront/lib/function.ts b/packages/aws-cdk-lib/aws-cloudfront/lib/function.ts index 899c3967649f4..d4dd19e98a18b 100644 --- a/packages/aws-cdk-lib/aws-cloudfront/lib/function.ts +++ b/packages/aws-cdk-lib/aws-cloudfront/lib/function.ts @@ -56,7 +56,6 @@ class InlineCode extends FunctionCode { } } - /** * Represents the function's source code loaded from an external file */ diff --git a/packages/aws-cdk-lib/aws-cloudfront/lib/origin.ts b/packages/aws-cdk-lib/aws-cloudfront/lib/origin.ts index ccddceb0318d6..2044cbc5fe489 100644 --- a/packages/aws-cdk-lib/aws-cloudfront/lib/origin.ts +++ b/packages/aws-cdk-lib/aws-cloudfront/lib/origin.ts @@ -121,7 +121,6 @@ export interface OriginBindOptions { readonly originId: string; } - /** * Represents a distribution origin, that describes the Amazon S3 bucket, HTTP server (for example, a web server), * Amazon MediaStore, or other server from which CloudFront gets your files. diff --git a/packages/aws-cdk-lib/aws-cloudfront/test/origin-groups.test.ts b/packages/aws-cdk-lib/aws-cloudfront/test/origin-groups.test.ts index 614431cc98b12..849726e1ce95c 100644 --- a/packages/aws-cdk-lib/aws-cloudfront/test/origin-groups.test.ts +++ b/packages/aws-cdk-lib/aws-cloudfront/test/origin-groups.test.ts @@ -223,6 +223,5 @@ describe('origin group', () => { }, }); - }); }); diff --git a/packages/aws-cdk-lib/aws-cloudfront/test/origin.test.ts b/packages/aws-cdk-lib/aws-cloudfront/test/origin.test.ts index 5669e5e6ffccf..9c607c6c2fadc 100644 --- a/packages/aws-cdk-lib/aws-cloudfront/test/origin.test.ts +++ b/packages/aws-cdk-lib/aws-cloudfront/test/origin.test.ts @@ -53,7 +53,6 @@ test.each(['api', '/api', '/api/', 'api/']) expect(originBindConfig.originProperty?.originPath).toEqual('/api'); }); - test.each(['us-east-1', 'ap-southeast-2', 'eu-west-3', 'me-south-1']) ('ensures that originShieldRegion is a valid aws region', (originShieldRegion) => { const origin = new TestOrigin('www.example.com', { @@ -67,7 +66,6 @@ test.each(['us-east-1', 'ap-southeast-2', 'eu-west-3', 'me-south-1']) }); }); - test('ensures originShield doesnt return false if undefined', () => { const origin = new TestOrigin('www.example.com', { @@ -77,7 +75,6 @@ test('ensures originShield doesnt return false if undefined', () => { expect(originBindConfig.originProperty?.originShield).toBeUndefined(); }); - test('ensures originShield is disabled if originShieldEnabled equals false', () => { const origin = new TestOrigin('www.example.com', { originShieldEnabled: false, @@ -89,7 +86,6 @@ test('ensures originShield is disabled if originShieldEnabled equals false', () }); }); - test('throw an error if Custom Headers keys are not permitted', () => { // case sensitive expect(() => { diff --git a/packages/aws-cdk-lib/aws-cloudfront/test/web-distribution.test.ts b/packages/aws-cdk-lib/aws-cloudfront/test/web-distribution.test.ts index 370d9670bd91f..360870588324c 100644 --- a/packages/aws-cdk-lib/aws-cloudfront/test/web-distribution.test.ts +++ b/packages/aws-cdk-lib/aws-cloudfront/test/web-distribution.test.ts @@ -127,7 +127,6 @@ describe('web distribution', () => { }, ); - }); test('most basic distribution', () => { @@ -407,10 +406,8 @@ added the ellipsis so a user would know there was more to r...`, }, }); - }); - testDeprecated('distribution with trusted signers on default distribution', () => { const stack = new cdk.Stack(); const sourceBucket = new s3.Bucket(stack, 'Bucket'); @@ -831,7 +828,6 @@ added the ellipsis so a user would know there was more to r...`, }, }); - }); test('distribution with resolvable lambda-association', () => { @@ -880,7 +876,6 @@ added the ellipsis so a user would know there was more to r...`, }, }); - }); test('associate a lambda with removable env vars', () => { @@ -918,7 +913,6 @@ added the ellipsis so a user would know there was more to r...`, Environment: Match.absent(), }); - }); test('throws when associating a lambda with incompatible env vars', () => { @@ -956,7 +950,6 @@ added the ellipsis so a user would know there was more to r...`, expect(() => app.synth()).toThrow(/KEY/); - }); test('throws when associating a lambda with includeBody and a response event type', () => { @@ -988,7 +981,6 @@ added the ellipsis so a user would know there was more to r...`, }); }).toThrow(/'includeBody' can only be true for ORIGIN_REQUEST or VIEWER_REQUEST event types./); - }); test('distribution has a defaultChild', () => { @@ -1080,7 +1072,6 @@ added the ellipsis so a user would know there was more to r...`, }, }); - }); test('imported certificate fromCertificateArn', () => { const stack = new cdk.Stack(); @@ -1108,7 +1099,6 @@ added the ellipsis so a user would know there was more to r...`, }, }); - }); test('advanced usage', () => { const stack = new cdk.Stack(); @@ -1143,7 +1133,6 @@ added the ellipsis so a user would know there was more to r...`, }, }); - }); }); describe('iamCertificate', () => { @@ -1169,7 +1158,6 @@ added the ellipsis so a user would know there was more to r...`, }, }); - }); test('advanced usage', () => { const stack = new cdk.Stack(); @@ -1198,7 +1186,6 @@ added the ellipsis so a user would know there was more to r...`, }, }); - }); }); describe('cloudFrontDefaultCertificate', () => { @@ -1223,7 +1210,6 @@ added the ellipsis so a user would know there was more to r...`, }, }); - }); test('aliases are set', () => { const stack = new cdk.Stack(); @@ -1246,7 +1232,6 @@ added the ellipsis so a user would know there was more to r...`, }, }); - }); }); describe('errors', () => { @@ -1265,7 +1250,6 @@ added the ellipsis so a user would know there was more to r...`, }); }).toThrow(/You cannot set both aliasConfiguration and viewerCertificate properties/); - }); test('throws if invalid security policy for SSL method', () => { const stack = new cdk.Stack(); @@ -1284,7 +1268,6 @@ added the ellipsis so a user would know there was more to r...`, }); }).toThrow(/TLSv1.1_2016 is not compabtible with sslMethod vip./); - }); // FIXME https://github.com/aws/aws-cdk/issues/4724 test('does not throw if acmCertificate explicitly not in us-east-1', () => { @@ -1313,7 +1296,6 @@ added the ellipsis so a user would know there was more to r...`, }, }); - }); }); }); @@ -1480,7 +1462,6 @@ added the ellipsis so a user would know there was more to r...`, }, }); - }); test('denylist', () => { const stack = new cdk.Stack(); @@ -1556,7 +1537,6 @@ added the ellipsis so a user would know there was more to r...`, }, }); - }); }); describe('error', () => { @@ -1569,7 +1549,6 @@ added the ellipsis so a user would know there was more to r...`, GeoRestriction.denylist(); }).toThrow(/Should provide at least 1 location/); - }); test('throws if locations format is wrong', () => { expect(() => { @@ -1580,7 +1559,6 @@ added the ellipsis so a user would know there was more to r...`, GeoRestriction.denylist('us'); }).toThrow(/Invalid location format for location: us, location should be two-letter and uppercase country ISO 3166-1-alpha-2 code/); - }); }); }); @@ -1745,7 +1723,6 @@ added the ellipsis so a user would know there was more to r...`, expect(dist.distributionDomainName).toEqual('d111111abcdef8.cloudfront.net'); expect(dist.distributionId).toEqual('012345ABCDEF'); - }); }); diff --git a/packages/aws-cdk-lib/aws-cloudtrail/test/cloudtrail.test.ts b/packages/aws-cdk-lib/aws-cloudtrail/test/cloudtrail.test.ts index 36646f5ee0518..826f46e21bab7 100644 --- a/packages/aws-cdk-lib/aws-cloudtrail/test/cloudtrail.test.ts +++ b/packages/aws-cdk-lib/aws-cloudtrail/test/cloudtrail.test.ts @@ -137,7 +137,6 @@ describe('cloudtrail', () => { const stack = getTestStack(); const topic = new sns.Topic(stack, 'Topic'); - new Trail(stack, 'Trail', { snsTopic: topic }); Template.fromStack(stack).resourceCountIs('AWS::CloudTrail::Trail', 1); diff --git a/packages/aws-cdk-lib/aws-cloudwatch-actions/test/ssm.test.ts b/packages/aws-cdk-lib/aws-cloudwatch-actions/test/ssm.test.ts index 27136bbe9c856..0c1d6b976bea7 100644 --- a/packages/aws-cdk-lib/aws-cloudwatch-actions/test/ssm.test.ts +++ b/packages/aws-cdk-lib/aws-cloudwatch-actions/test/ssm.test.ts @@ -45,7 +45,6 @@ test('can use ssm with critical severity and performance category as alarm actio }); }); - test('can use ssm with medium severity and no category as alarm action', () => { // GIVEN const stack = new Stack(); diff --git a/packages/aws-cdk-lib/aws-cloudwatch/lib/alarm-status-widget.ts b/packages/aws-cdk-lib/aws-cloudwatch/lib/alarm-status-widget.ts index 852fe4051ac5f..8e307b27bdf2e 100644 --- a/packages/aws-cdk-lib/aws-cloudwatch/lib/alarm-status-widget.ts +++ b/packages/aws-cdk-lib/aws-cloudwatch/lib/alarm-status-widget.ts @@ -2,7 +2,6 @@ import { IAlarm } from './alarm-base'; import { AlarmState } from './alarm-rule'; import { ConcreteWidget } from './widget'; - /** * The sort possibilities for AlarmStatusWidgets */ diff --git a/packages/aws-cdk-lib/aws-cloudwatch/test/composite-alarm.test.ts b/packages/aws-cdk-lib/aws-cloudwatch/test/composite-alarm.test.ts index 1490af4f43f6c..a6a8d1f21e6c0 100644 --- a/packages/aws-cdk-lib/aws-cloudwatch/test/composite-alarm.test.ts +++ b/packages/aws-cdk-lib/aws-cloudwatch/test/composite-alarm.test.ts @@ -106,7 +106,6 @@ describe('CompositeAlarm', () => { }, }); - }); test('test action suppressor translates to a correct CFN properties', () => { @@ -123,7 +122,6 @@ describe('CompositeAlarm', () => { evaluationPeriods: 3, }); - const alarmRule = AlarmRule.fromBoolean(true); new CompositeAlarm(stack, 'CompositeAlarm', { @@ -174,7 +172,6 @@ describe('CompositeAlarm', () => { evaluationPeriods: 3, }); - const alarmRule = AlarmRule.fromBoolean(true); new CompositeAlarm(stack, 'CompositeAlarm', { diff --git a/packages/aws-cdk-lib/aws-cloudwatch/test/cross-environment.test.ts b/packages/aws-cdk-lib/aws-cloudwatch/test/cross-environment.test.ts index 0f64902c64a65..14a68d64355fd 100644 --- a/packages/aws-cdk-lib/aws-cloudwatch/test/cross-environment.test.ts +++ b/packages/aws-cdk-lib/aws-cloudwatch/test/cross-environment.test.ts @@ -30,7 +30,6 @@ describe('cross environment', () => { ['Test', 'ACount'], ]); - }); test('metric attached to stack1 will render region and account in stack2', () => { @@ -46,7 +45,6 @@ describe('cross environment', () => { ['Test', 'ACount', { region: 'pluto', accountId: '1234' }], ]); - }); test('metric with explicit account and region will render in environment agnostic stack', () => { @@ -62,7 +60,6 @@ describe('cross environment', () => { ['Test', 'ACount', { accountId: '1234', region: 'us-north-5' }], ]); - }); test('metric attached to agnostic stack will not render in agnostic stack', () => { @@ -78,7 +75,6 @@ describe('cross environment', () => { ['Test', 'ACount'], ]); - }); test('math expressions with explicit account and region will render in environment agnostic stack', () => { diff --git a/packages/aws-cdk-lib/aws-cloudwatch/test/dashboard.test.ts b/packages/aws-cdk-lib/aws-cloudwatch/test/dashboard.test.ts index 2390de1520bb2..8ffd7c62488b9 100644 --- a/packages/aws-cdk-lib/aws-cloudwatch/test/dashboard.test.ts +++ b/packages/aws-cdk-lib/aws-cloudwatch/test/dashboard.test.ts @@ -37,7 +37,6 @@ describe('Dashboard', () => { { type: 'text', width: 4, height: 1, x: 0, y: 6, properties: { markdown: 'third' } }, ]); - }); test('widgets in same add are laid out next to each other', () => { @@ -74,7 +73,6 @@ describe('Dashboard', () => { { type: 'text', width: 4, height: 1, x: 11, y: 0, properties: { markdown: 'third' } }, ]); - }); test('tokens in widgets are retained', () => { @@ -98,7 +96,6 @@ describe('Dashboard', () => { }, }); - }); test('dashboard body includes non-widget fields', () => { @@ -128,7 +125,6 @@ describe('Dashboard', () => { }, }); - }); test('defaultInterval test', () => { @@ -171,7 +167,6 @@ describe('Dashboard', () => { DashboardName: 'MyCustomDashboardName', }); - }); test('DashboardName is not generated if not provided', () => { @@ -185,7 +180,6 @@ describe('Dashboard', () => { // THEN Template.fromStack(stack).hasResourceProperties('AWS::CloudWatch::Dashboard', {}); - }); test('throws if DashboardName is not valid', () => { diff --git a/packages/aws-cdk-lib/aws-cloudwatch/test/graphs.test.ts b/packages/aws-cdk-lib/aws-cloudwatch/test/graphs.test.ts index 7973c2cd1761c..3d8d32c668f39 100644 --- a/packages/aws-cdk-lib/aws-cloudwatch/test/graphs.test.ts +++ b/packages/aws-cdk-lib/aws-cloudwatch/test/graphs.test.ts @@ -24,7 +24,6 @@ describe('Graphs', () => { }, }]); - }); test('add metrics to graphs on either axis', () => { @@ -57,7 +56,6 @@ describe('Graphs', () => { }, }]); - }); test('add metrics to graphs on either axis lazily', () => { @@ -86,7 +84,6 @@ describe('Graphs', () => { }, }]); - }); test('label and color are respected in constructor', () => { @@ -111,7 +108,6 @@ describe('Graphs', () => { }, }]); - }); test('bar view', () => { @@ -135,7 +131,6 @@ describe('Graphs', () => { }, }]); - }); test('singlevalue widget', () => { @@ -162,7 +157,6 @@ describe('Graphs', () => { }, }]); - }); test('query result widget', () => { @@ -191,7 +185,6 @@ describe('Graphs', () => { }, }]); - }); test('query result widget - bar', () => { @@ -221,7 +214,6 @@ describe('Graphs', () => { }, }]); - }); test('query result widget - pie', () => { @@ -251,7 +243,6 @@ describe('Graphs', () => { }, }]); - }); test('query result widget - line', () => { @@ -282,7 +273,6 @@ describe('Graphs', () => { }, }]); - }); test('query result widget - stackedarea', () => { @@ -313,7 +303,6 @@ describe('Graphs', () => { }, }]); - }); test('alarm widget', () => { @@ -345,7 +334,6 @@ describe('Graphs', () => { }, }]); - }); test('custom widget basic', () => { @@ -454,7 +442,6 @@ describe('Graphs', () => { }, }]); - }); test('convert alarm to annotation', () => { @@ -497,7 +484,6 @@ describe('Graphs', () => { }, }]); - }); test('add yAxis to graph', () => { @@ -542,7 +528,6 @@ describe('Graphs', () => { }, }]); - }); test('specify liveData property on graph', () => { @@ -573,7 +558,6 @@ describe('Graphs', () => { }, }]); - }); test('can use imported alarm with graph', () => { @@ -589,7 +573,6 @@ describe('Graphs', () => { // THEN: Compiles - }); test('add setPeriodToTimeRange to singleValueWidget', () => { @@ -618,7 +601,6 @@ describe('Graphs', () => { }, }]); - }); test('add sparkline to singleValueWidget', () => { @@ -647,7 +629,6 @@ describe('Graphs', () => { }, }]); - }); test('throws if setPeriodToTimeRange and sparkline is set on singleValueWidget', () => { @@ -694,7 +675,6 @@ describe('Graphs', () => { }, }]); - }); test('allows overriding custom values of dashboard widgets', () => { @@ -717,7 +697,6 @@ describe('Graphs', () => { expect(stack.resolve(widget.toJson())[0].properties.metrics[0]) .toEqual(['CDK', 'Test', { visible: false }]); - }); test('GraphColor is correctly converted into the correct hexcode', () => { @@ -766,7 +745,6 @@ describe('Graphs', () => { }, }]); - }); test('add setPeriodToTimeRange to GraphWidget', () => { diff --git a/packages/aws-cdk-lib/aws-cloudwatch/test/layout.test.ts b/packages/aws-cdk-lib/aws-cloudwatch/test/layout.test.ts index b90768e31e90a..10613fbede058 100644 --- a/packages/aws-cdk-lib/aws-cloudwatch/test/layout.test.ts +++ b/packages/aws-cdk-lib/aws-cloudwatch/test/layout.test.ts @@ -12,7 +12,6 @@ describe('Layout', () => { expect(4).toEqual(row.height); expect(20).toEqual(row.width); - }); test('spacer has default height and width', () => { @@ -23,7 +22,6 @@ describe('Layout', () => { expect(1).toEqual(spacer.height); expect(1).toEqual(spacer.width); - }); test('column has the width of the tallest element', () => { @@ -37,7 +35,6 @@ describe('Layout', () => { expect(4).toEqual(col.width); expect(5).toEqual(col.height); - }); test('row wraps to width of 24, taking tallest widget into account while wrapping', () => { @@ -71,7 +68,6 @@ describe('Layout', () => { assertWidgetPos(1000, 1004, widgets[3]); } - }); test('row can fit exactly 3 8-wide widgets without wrapping', () => { @@ -89,7 +85,6 @@ describe('Layout', () => { expect(4).toEqual(row.height); } - }); test('add a widget to the row', () => { @@ -99,7 +94,6 @@ describe('Layout', () => { row.addWidget(new Spacer({ width: 3 })); expect(row.width).toEqual(4); - }); test('add a widget to the column', () => { @@ -113,7 +107,6 @@ describe('Layout', () => { expect(column.height).toEqual(4); expect(column.width).toEqual(3); - }); test('row wraps when adding widgets', () => { @@ -128,6 +121,5 @@ describe('Layout', () => { expect(row.width).toEqual(20); expect(row.height).toEqual(3); - }); }); diff --git a/packages/aws-cdk-lib/aws-cloudwatch/test/metric-math.test.ts b/packages/aws-cdk-lib/aws-cloudwatch/test/metric-math.test.ts index 1dcb184e40f5d..0311f05d0b057 100644 --- a/packages/aws-cdk-lib/aws-cloudwatch/test/metric-math.test.ts +++ b/packages/aws-cdk-lib/aws-cloudwatch/test/metric-math.test.ts @@ -24,7 +24,6 @@ describe('Metric Math', () => { }); }).toThrow(/Invalid variable names in expression/); - }); test('cannot reuse variable names in nested MathExpressions', () => { @@ -42,7 +41,6 @@ describe('Metric Math', () => { }); }).toThrow(/The ID 'a' used for two metrics in the expression: 'BCount' and 'ACount'. Rename one/); - }); test('can not use invalid period in MathExpression', () => { @@ -54,7 +52,6 @@ describe('Metric Math', () => { }); }).toThrow(/'period' must be 1, 5, 10, 30, or a multiple of 60 seconds, received 20/); - }); test('MathExpression optimization: "with" with the same period returns the same object', () => { @@ -133,7 +130,6 @@ describe('Metric Math', () => { ['Test', 'BCount', { visible: false, id: 'b' }], ]); - }); test('can nest MathExpressions in a graph', () => { @@ -162,7 +158,6 @@ describe('Metric Math', () => { ['Test', 'CCount', { visible: false, id: 'c' }], ]); - }); test('can add the same metric under different ids', () => { @@ -189,7 +184,6 @@ describe('Metric Math', () => { ['Test', 'CCount', { visible: false, id: 'c' }], ]); - }); test('passing an empty string as the label of a MathExpressions does not emit a label', () => { @@ -210,7 +204,6 @@ describe('Metric Math', () => { ['Test', 'ACount', { visible: false, id: 'a' }], ]); - }); test('can reuse identifiers in MathExpressions if metrics are the same', () => { @@ -237,7 +230,6 @@ describe('Metric Math', () => { ['Test', 'CCount', { visible: false, id: 'c' }], ]); - }); test('MathExpression and its constituent metrics can both be added to a graph', () => { @@ -352,7 +344,6 @@ describe('Metric Math', () => { ['Test', 'BCount', { visible: false, id: 'b99', stat: 'p99' }], ]); - }); test('can reuse the same metric between left and right axes', () => { @@ -379,7 +370,6 @@ describe('Metric Math', () => { [{ label: 'a + 2', expression: 'a + 2', yAxis: 'right' }], ]); - }); test('detect name conflicts between left and right axes', () => { @@ -404,7 +394,6 @@ describe('Metric Math', () => { graphMetricsAre(graph, []); }).toThrow(/Cannot have two different metrics share the same id \('m1'\)/); - }); }); @@ -453,7 +442,6 @@ describe('Metric Math', () => { ]); - }); test('can nest MathExpressions in an alarm', () => { @@ -522,7 +510,6 @@ describe('Metric Math', () => { }, ]); - }); test('MathExpression controls period of metrics transitively used in it with alarms', () => { @@ -593,7 +580,6 @@ describe('Metric Math', () => { }, ]); - }); test('MathExpression without inner metrics emits its own period', () => { @@ -616,7 +602,6 @@ describe('Metric Math', () => { }, ]); - }); test('annotation for a mathexpression alarm is calculated based upon constituent metrics', () => { @@ -637,7 +622,6 @@ describe('Metric Math', () => { // THEN expect(alarmLabel).toEqual('a + b >= 1 for 1 datapoints within 10 minutes'); - }); test('can use percentiles in expression metrics in alarms', () => { @@ -683,7 +667,6 @@ describe('Metric Math', () => { }, ]); - }); }); }); diff --git a/packages/aws-cdk-lib/aws-cloudwatch/test/metrics.test.ts b/packages/aws-cdk-lib/aws-cloudwatch/test/metrics.test.ts index d8f3ed065ad23..ac0d0186ea014 100644 --- a/packages/aws-cdk-lib/aws-cloudwatch/test/metrics.test.ts +++ b/packages/aws-cdk-lib/aws-cloudwatch/test/metrics.test.ts @@ -30,7 +30,6 @@ describe('Metrics', () => { }, }); - }); test('can not use invalid period in Metric', () => { @@ -38,7 +37,6 @@ describe('Metrics', () => { new Metric({ namespace: 'Test', metricName: 'ACount', period: cdk.Duration.seconds(20) }); }).toThrow(/'period' must be 1, 5, 10, 30, or a multiple of 60 seconds, received 20/); - }); test('Metric optimization: "with" with the same period returns the same object', () => { @@ -50,7 +48,6 @@ describe('Metrics', () => { expect(m.with({ period: cdk.Duration.minutes(5) })).not.toEqual(m); - }); testDeprecated('cannot use null dimension value', () => { @@ -65,7 +62,6 @@ describe('Metrics', () => { }); }).toThrow(/Dimension value of 'null' is invalid/); - }); testDeprecated('cannot use undefined dimension value', () => { @@ -80,7 +76,6 @@ describe('Metrics', () => { }); }).toThrow(/Dimension value of 'undefined' is invalid/); - }); testDeprecated('cannot use long dimension values', () => { @@ -98,7 +93,6 @@ describe('Metrics', () => { }); }).toThrow(`Dimension value must be at least 1 and no more than 255 characters; received ${invalidDimensionValue}`); - }); test('cannot use long dimension values in dimensionsMap', () => { @@ -116,7 +110,6 @@ describe('Metrics', () => { }); }).toThrow(`Dimension value must be at least 1 and no more than 255 characters; received ${invalidDimensionValue}`); - }); testDeprecated('throws error when there are more than 10 dimensions', () => { @@ -141,7 +134,6 @@ describe('Metrics', () => { } ); }).toThrow(/The maximum number of dimensions is 10, received 11/); - }); test('throws error when there are more than 10 dimensions in dimensionsMap', () => { @@ -166,7 +158,6 @@ describe('Metrics', () => { } ); }).toThrow(/The maximum number of dimensions is 10, received 11/); - }); test('can create metric with dimensionsMap property', () => { @@ -207,7 +198,6 @@ describe('Metrics', () => { EvaluationPeriods: 1, }); - }); test('"with" with a different dimensions property', () => { @@ -230,7 +220,6 @@ describe('Metrics', () => { dimensionsMap: newDims, }).dimensions).toEqual(newDims); - }); test('metric accepts a variety of statistics', () => { diff --git a/packages/aws-cdk-lib/aws-cloudwatch/test/stats.test.ts b/packages/aws-cdk-lib/aws-cloudwatch/test/stats.test.ts index a7739fac1739e..0a65ae2e143de 100644 --- a/packages/aws-cdk-lib/aws-cloudwatch/test/stats.test.ts +++ b/packages/aws-cdk-lib/aws-cloudwatch/test/stats.test.ts @@ -6,7 +6,6 @@ test('spot check some constants', () => { expect(cloudwatch.Stats.SAMPLE_COUNT).toEqual('SampleCount'); }); - test('spot check percentiles', () => { expect(cloudwatch.Stats.p(99)).toEqual('p99'); expect(cloudwatch.Stats.p(99.9)).toEqual('p99.9'); diff --git a/packages/aws-cdk-lib/aws-codebuild/lib/linux-gpu-build-image.ts b/packages/aws-cdk-lib/aws-codebuild/lib/linux-gpu-build-image.ts index af46b6f2776e0..a31678a5a6567 100644 --- a/packages/aws-cdk-lib/aws-codebuild/lib/linux-gpu-build-image.ts +++ b/packages/aws-cdk-lib/aws-codebuild/lib/linux-gpu-build-image.ts @@ -86,7 +86,6 @@ export class LinuxGpuBuildImage implements IBindableBuildImage { return new LinuxGpuBuildImage(repositoryName, tag, account); } - /** * Returns a GPU image running Linux from an ECR repository. * diff --git a/packages/aws-cdk-lib/aws-codecommit/test/codecommit.test.ts b/packages/aws-cdk-lib/aws-codecommit/test/codecommit.test.ts index 0f13b2790e046..99d1676660404 100644 --- a/packages/aws-cdk-lib/aws-codecommit/test/codecommit.test.ts +++ b/packages/aws-cdk-lib/aws-codecommit/test/codecommit.test.ts @@ -39,7 +39,6 @@ describe('codecommit', () => { }, }); - }); test('fails when triggers have duplicate names', () => { @@ -51,7 +50,6 @@ describe('codecommit', () => { expect(() => myRepository.notify('myTrigger')).toThrow(); - }); test('can be imported using a Repository ARN', () => { @@ -66,7 +64,6 @@ describe('codecommit', () => { expect(stack.resolve(repo.repositoryArn)).toEqual(repositoryArn); expect(stack.resolve(repo.repositoryName)).toEqual('my-repo'); - }); test('Repository can be initialized with contents from a ZIP file', () => { @@ -199,7 +196,6 @@ describe('codecommit', () => { expect(repo.env.account).toEqual('585695036304'); expect(repo.env.region).toEqual('us-west-2'); - }); test('can be imported using just a Repository name (the ARN is deduced)', () => { @@ -248,7 +244,6 @@ describe('codecommit', () => { ], }); - }); test('grant push', () => { @@ -293,7 +288,6 @@ describe('codecommit', () => { }, }); - }); test('HTTPS (GRC) clone URL', () => { @@ -315,7 +309,6 @@ describe('codecommit', () => { ], }); - }); }); }); diff --git a/packages/aws-cdk-lib/aws-codecommit/test/notification-rule.test.ts b/packages/aws-cdk-lib/aws-codecommit/test/notification-rule.test.ts index 04df254493023..210123bf76630 100644 --- a/packages/aws-cdk-lib/aws-codecommit/test/notification-rule.test.ts +++ b/packages/aws-cdk-lib/aws-codecommit/test/notification-rule.test.ts @@ -60,6 +60,5 @@ describe('notification rule', () => { ], }); - }); }); \ No newline at end of file diff --git a/packages/aws-cdk-lib/aws-codedeploy/test/lambda/custom-deployment-config.test.ts b/packages/aws-cdk-lib/aws-codedeploy/test/lambda/custom-deployment-config.test.ts index 8c98cc2e0c0a5..53b38730d608a 100644 --- a/packages/aws-cdk-lib/aws-codedeploy/test/lambda/custom-deployment-config.test.ts +++ b/packages/aws-cdk-lib/aws-codedeploy/test/lambda/custom-deployment-config.test.ts @@ -30,7 +30,6 @@ beforeEach(() => { alias = mockAlias(stack); }); - testDeprecated('custom resource created', () => { // WHEN const config = new codedeploy.CustomLambdaDeploymentConfig(stack, 'CustomConfig', { diff --git a/packages/aws-cdk-lib/aws-codedeploy/test/server/deployment-group.test.ts b/packages/aws-cdk-lib/aws-codedeploy/test/server/deployment-group.test.ts index 5054b968922eb..89c97c5003a73 100644 --- a/packages/aws-cdk-lib/aws-codedeploy/test/server/deployment-group.test.ts +++ b/packages/aws-cdk-lib/aws-codedeploy/test/server/deployment-group.test.ts @@ -464,7 +464,6 @@ describe('CodeDeploy Server Deployment Group', () => { }); }); - test('can be used with an imported ALB Target Group as the load balancer', () => { const stack = new cdk.Stack(); diff --git a/packages/aws-cdk-lib/aws-codepipeline-actions/lib/cloudformation/stackset-types.ts b/packages/aws-cdk-lib/aws-codepipeline-actions/lib/cloudformation/stackset-types.ts index bc0b2835f3613..3493c71cc99f9 100644 --- a/packages/aws-cdk-lib/aws-codepipeline-actions/lib/cloudformation/stackset-types.ts +++ b/packages/aws-cdk-lib/aws-codepipeline-actions/lib/cloudformation/stackset-types.ts @@ -178,7 +178,6 @@ export abstract class StackInstances { }(); } - /** * The artifacts referenced by the properties of this deployment target * @@ -470,7 +469,6 @@ export enum StackSetOrganizationsAutoDeployment { ENABLED_WITH_STACK_RETENTION = 'EnabledWithStackRetention' } - /** * Properties for configuring self-managed permissions */ diff --git a/packages/aws-cdk-lib/aws-codepipeline-actions/test/bitbucket/bitbucket-source-action.test.ts b/packages/aws-cdk-lib/aws-codepipeline-actions/test/bitbucket/bitbucket-source-action.test.ts index 79b8c33c6d05c..01bda19a8b9fe 100644 --- a/packages/aws-cdk-lib/aws-codepipeline-actions/test/bitbucket/bitbucket-source-action.test.ts +++ b/packages/aws-cdk-lib/aws-codepipeline-actions/test/bitbucket/bitbucket-source-action.test.ts @@ -46,7 +46,6 @@ describeDeprecated('BitBucket source Action', () => { ], }); - }); }); @@ -80,7 +79,6 @@ describeDeprecated('BitBucket source Action', () => { }, }); - }); test('grant s3 putObjectACL to the following CodeBuild Project', () => { const stack = new Stack(); @@ -154,7 +152,6 @@ describeDeprecated('BitBucket source Action', () => { ], }); - }); }); diff --git a/packages/aws-cdk-lib/aws-codepipeline-actions/test/cloudformation/cloudformation-pipeline-actions.test.ts b/packages/aws-cdk-lib/aws-codepipeline-actions/test/cloudformation/cloudformation-pipeline-actions.test.ts index 7ab75177217ae..9d75c0279720a 100644 --- a/packages/aws-cdk-lib/aws-codepipeline-actions/test/cloudformation/cloudformation-pipeline-actions.test.ts +++ b/packages/aws-cdk-lib/aws-codepipeline-actions/test/cloudformation/cloudformation-pipeline-actions.test.ts @@ -195,7 +195,6 @@ describe('CloudFormation Pipeline Actions', () => { }], }); - }); test('fullPermissions leads to admin role and full IAM capabilities with pipeline bucket+key read permissions', () => { @@ -265,7 +264,6 @@ describe('CloudFormation Pipeline Actions', () => { Roles: [{ Ref: roleId }], }); - }); test('outputFileName leads to creation of output artifact', () => { @@ -297,7 +295,6 @@ describe('CloudFormation Pipeline Actions', () => { ], }); - }); test('replaceOnFailure switches action type', () => { @@ -331,7 +328,6 @@ describe('CloudFormation Pipeline Actions', () => { ], }); - }); test('parameterOverrides are serialized as a string', () => { @@ -373,7 +369,6 @@ describe('CloudFormation Pipeline Actions', () => { ], }); - }); test('Action service role is passed to template', () => { @@ -424,7 +419,6 @@ describe('CloudFormation Pipeline Actions', () => { ], }); - }); test('Single capability is passed to template', () => { @@ -467,7 +461,6 @@ describe('CloudFormation Pipeline Actions', () => { ], }); - }); test('Multiple capabilities are passed to template', () => { @@ -511,7 +504,6 @@ describe('CloudFormation Pipeline Actions', () => { ], }); - }); test('Empty capabilities is not passed to template', () => { @@ -553,7 +545,6 @@ describe('CloudFormation Pipeline Actions', () => { ], }); - }); test('can use CfnCapabilities from the core module', () => { @@ -595,7 +586,6 @@ describe('CloudFormation Pipeline Actions', () => { ], }); - }); describe('cross-account CFN Pipeline', () => { @@ -720,7 +710,6 @@ describe('CloudFormation Pipeline Actions', () => { 'RoleName': 'pipelinestack-support-123fndeploymentrole4668d9b5a30ce3dc4508', }); - }); }); }); diff --git a/packages/aws-cdk-lib/aws-codepipeline-actions/test/cloudformation/pipeline-actions.test.ts b/packages/aws-cdk-lib/aws-codepipeline-actions/test/cloudformation/pipeline-actions.test.ts index 2341aff4f681f..b12d0f105c910 100644 --- a/packages/aws-cdk-lib/aws-codepipeline-actions/test/cloudformation/pipeline-actions.test.ts +++ b/packages/aws-cdk-lib/aws-codepipeline-actions/test/cloudformation/pipeline-actions.test.ts @@ -106,7 +106,6 @@ describe('Pipeline Actions', () => { ], ); - }); }); @@ -179,7 +178,6 @@ describe('Pipeline Actions', () => { ], ); - }); }); diff --git a/packages/aws-cdk-lib/aws-codepipeline-actions/test/codebuild/codebuild-action.test.ts b/packages/aws-cdk-lib/aws-codepipeline-actions/test/codebuild/codebuild-action.test.ts index 7abf5c80c7e20..7154fafe7ecb8 100644 --- a/packages/aws-cdk-lib/aws-codepipeline-actions/test/codebuild/codebuild-action.test.ts +++ b/packages/aws-cdk-lib/aws-codepipeline-actions/test/codebuild/codebuild-action.test.ts @@ -64,7 +64,6 @@ describe('CodeBuild Action', () => { buildStage.addAction(buildAction2); }).toThrow(/https:\/\/github\.com\/aws\/aws-cdk\/issues\/4169/); - }); }); @@ -120,7 +119,6 @@ describe('CodeBuild Action', () => { ], }); - }); test('exposes variables for other actions to consume', () => { @@ -199,7 +197,6 @@ describe('CodeBuild Action', () => { ], }); - }); test('sets the BatchEnabled configuration', () => { @@ -254,7 +251,6 @@ describe('CodeBuild Action', () => { ], }); - }); test('sets the CombineArtifacts configuration', () => { @@ -311,7 +307,6 @@ describe('CodeBuild Action', () => { ], }); - }); describe('environment variables', () => { @@ -353,7 +348,6 @@ describe('CodeBuild Action', () => { buildStage.addAction(buildAction); }).toThrow(/Plaintext environment variable 'X' contains a secret value!/); - }); test("should allow opting out of the 'secret value in a plaintext variable' validation", () => { @@ -389,7 +383,6 @@ describe('CodeBuild Action', () => { ], }); - }); }); }); diff --git a/packages/aws-cdk-lib/aws-codepipeline-actions/test/codedeploy/ecs-deploy-action.test.ts b/packages/aws-cdk-lib/aws-codepipeline-actions/test/codedeploy/ecs-deploy-action.test.ts index ca700e4e6ac0b..cdf5248c665b4 100644 --- a/packages/aws-cdk-lib/aws-codepipeline-actions/test/codedeploy/ecs-deploy-action.test.ts +++ b/packages/aws-cdk-lib/aws-codepipeline-actions/test/codedeploy/ecs-deploy-action.test.ts @@ -28,7 +28,6 @@ describe('CodeDeploy ECS Deploy Action', () => { }); }).toThrow(/Action cannot have more than 4 container image inputs, got: 5/); - }); test('throws an exception if both appspec artifact input and file are specified', () => { @@ -47,7 +46,6 @@ describe('CodeDeploy ECS Deploy Action', () => { }); }).toThrow(/Exactly one of 'appSpecTemplateInput' or 'appSpecTemplateFile' can be provided in the ECS CodeDeploy Action/); - }); test('throws an exception if neither appspec artifact input nor file are specified', () => { @@ -63,7 +61,6 @@ describe('CodeDeploy ECS Deploy Action', () => { }); }).toThrow(/Specifying one of 'appSpecTemplateInput' or 'appSpecTemplateFile' is required for the ECS CodeDeploy Action/); - }); test('throws an exception if both task definition artifact input and file are specified', () => { @@ -82,7 +79,6 @@ describe('CodeDeploy ECS Deploy Action', () => { }); }).toThrow(/Exactly one of 'taskDefinitionTemplateInput' or 'taskDefinitionTemplateFile' can be provided in the ECS CodeDeploy Action/); - }); test('throws an exception if neither task definition artifact input nor file are specified', () => { @@ -98,7 +94,6 @@ describe('CodeDeploy ECS Deploy Action', () => { }); }).toThrow(/Specifying one of 'taskDefinitionTemplateInput' or 'taskDefinitionTemplateFile' is required for the ECS CodeDeploy Action/); - }); test('defaults task definition and appspec template paths', () => { @@ -139,7 +134,6 @@ describe('CodeDeploy ECS Deploy Action', () => { ], }); - }); test('defaults task definition placeholder string', () => { @@ -194,7 +188,6 @@ describe('CodeDeploy ECS Deploy Action', () => { ], }); - }); }); diff --git a/packages/aws-cdk-lib/aws-codepipeline-actions/test/codestar-connections/codestar-connections-source-action.test.ts b/packages/aws-cdk-lib/aws-codepipeline-actions/test/codestar-connections/codestar-connections-source-action.test.ts index 131d533059fe1..a985871e289a4 100644 --- a/packages/aws-cdk-lib/aws-codepipeline-actions/test/codestar-connections/codestar-connections-source-action.test.ts +++ b/packages/aws-cdk-lib/aws-codepipeline-actions/test/codestar-connections/codestar-connections-source-action.test.ts @@ -45,7 +45,6 @@ describe('CodeStar Connections source Action', () => { ], }); - }); }); @@ -79,7 +78,6 @@ describe('CodeStar Connections source Action', () => { }, }); - }); test('grant s3 putObjectACL to the following CodeBuild Project', () => { @@ -109,7 +107,6 @@ describe('CodeStar Connections source Action', () => { }, }); - }); test('setting triggerOnPush=false reflects in the configuration', () => { diff --git a/packages/aws-cdk-lib/aws-codepipeline-actions/test/ecr/ecr-source-action.test.ts b/packages/aws-cdk-lib/aws-codepipeline-actions/test/ecr/ecr-source-action.test.ts index 0de297c56a2dc..8a950af04c9a9 100644 --- a/packages/aws-cdk-lib/aws-codepipeline-actions/test/ecr/ecr-source-action.test.ts +++ b/packages/aws-cdk-lib/aws-codepipeline-actions/test/ecr/ecr-source-action.test.ts @@ -59,7 +59,6 @@ describe('ecr source action', () => { ]), }); - Template.fromStack(stack).hasResourceProperties('AWS::Events::Rule', { 'EventPattern': { 'detail': { diff --git a/packages/aws-cdk-lib/aws-codepipeline-actions/test/ecs/ecs-deploy-action.test.ts b/packages/aws-cdk-lib/aws-codepipeline-actions/test/ecs/ecs-deploy-action.test.ts index 0517cd47b4245..2a6684e3a5c67 100644 --- a/packages/aws-cdk-lib/aws-codepipeline-actions/test/ecs/ecs-deploy-action.test.ts +++ b/packages/aws-cdk-lib/aws-codepipeline-actions/test/ecs/ecs-deploy-action.test.ts @@ -18,7 +18,6 @@ describe('ecs deploy action', () => { }); }).toThrow(/one of 'input' or 'imageFile' is required/); - }); test('can be created just by specifying the inputArtifact', () => { @@ -33,7 +32,6 @@ describe('ecs deploy action', () => { }); }).not.toThrow(); - }); test('can be created just by specifying the imageFile', () => { @@ -48,7 +46,6 @@ describe('ecs deploy action', () => { }); }).not.toThrow(); - }); test('throws an exception if both inputArtifact and imageFile were provided', () => { @@ -64,7 +61,6 @@ describe('ecs deploy action', () => { }); }).toThrow(/one of 'input' or 'imageFile' can be provided/); - }); test('can be created with deploymentTimeout between 1-60 minutes', () => { @@ -80,7 +76,6 @@ describe('ecs deploy action', () => { }); }).not.toThrow(); - }); test('throws an exception if deploymentTimeout is out of bounds', () => { @@ -114,7 +109,6 @@ describe('ecs deploy action', () => { }); }).toThrow(/cannot be converted into a whole number/); - }); test("sets the target service as the action's backing resource", () => { @@ -129,7 +123,6 @@ describe('ecs deploy action', () => { expect(action.actionProperties.resource).toEqual(service); - }); test('can be created by existing service', () => { @@ -194,7 +187,6 @@ describe('ecs deploy action', () => { ], }); - }); test('can be created by existing service with cluster ARN format', () => { diff --git a/packages/aws-cdk-lib/aws-codepipeline-actions/test/github/github-source-action.test.ts b/packages/aws-cdk-lib/aws-codepipeline-actions/test/github/github-source-action.test.ts index 7fbd567c9a09c..f8e210682a7d5 100644 --- a/packages/aws-cdk-lib/aws-codepipeline-actions/test/github/github-source-action.test.ts +++ b/packages/aws-cdk-lib/aws-codepipeline-actions/test/github/github-source-action.test.ts @@ -60,7 +60,6 @@ describe('Github source action', () => { ], }); - }); test('always renders the customer-supplied namespace, even if none of the variables are used', () => { @@ -111,7 +110,6 @@ describe('Github source action', () => { ], }); - }); test('fails if a variable from an action without a namespace set that is not part of a pipeline is referenced', () => { @@ -158,7 +156,6 @@ describe('Github source action', () => { App.of(stack)!.synth(); }).toThrow(/Cannot reference variables of action 'Source2', as that action was never added to a pipeline/); - }); test('fails if a variable from an action with a namespace set that is not part of a pipeline is referenced', () => { @@ -206,7 +203,6 @@ describe('Github source action', () => { App.of(stack)!.synth(); }).toThrow(/Cannot reference variables of action 'Source2', as that action was never added to a pipeline/); - }); }); }); diff --git a/packages/aws-cdk-lib/aws-codepipeline-actions/test/manual-approval.test.ts b/packages/aws-cdk-lib/aws-codepipeline-actions/test/manual-approval.test.ts index a1c19633cbf2b..133471cc24881 100644 --- a/packages/aws-cdk-lib/aws-codepipeline-actions/test/manual-approval.test.ts +++ b/packages/aws-cdk-lib/aws-codepipeline-actions/test/manual-approval.test.ts @@ -22,7 +22,6 @@ describe('manual approval', () => { expect(manualApprovalAction.notificationTopic).toEqual(topic); - }); test('allows granting manual approval permissions to role', () => { @@ -110,7 +109,6 @@ describe('manual approval', () => { ], }); - }); test('rejects granting manual approval permissions before binding action to stage', () => { @@ -124,7 +122,6 @@ describe('manual approval', () => { manualApprovalAction.grantManualApproval(role); }).toThrow('Cannot grant permissions before binding action to a stage'); - }); test('renders CustomData and ExternalEntityLink even if notificationTopic was not passed', () => { @@ -174,7 +171,6 @@ describe('manual approval', () => { ], }); - }); }); }); diff --git a/packages/aws-cdk-lib/aws-codepipeline-actions/test/pipeline.test.ts b/packages/aws-cdk-lib/aws-codepipeline-actions/test/pipeline.test.ts index 488eb8e786018..9c2bdedf5310c 100644 --- a/packages/aws-cdk-lib/aws-codepipeline-actions/test/pipeline.test.ts +++ b/packages/aws-cdk-lib/aws-codepipeline-actions/test/pipeline.test.ts @@ -83,7 +83,6 @@ describe('pipeline', () => { }, }); - }); test('pipeline with GitHub source with poll trigger', () => { @@ -142,7 +141,6 @@ describe('pipeline', () => { ], }); - }); test('pipeline with GitHub source without triggers', () => { @@ -201,7 +199,6 @@ describe('pipeline', () => { ], }); - }); test('github action uses ThirdParty owner', () => { @@ -420,7 +417,6 @@ describe('pipeline', () => { }, }); - }); }); }); @@ -550,7 +546,6 @@ describe('pipeline', () => { ], }); - }); describe('cross-region Pipeline', () => { @@ -673,7 +668,6 @@ describe('pipeline', () => { expect(usEast1Support.stack.account).toEqual(pipelineAccount); expect(usEast1Support.stack.node.id.indexOf('us-east-1')).not.toEqual(-1); - }); test('allows specifying only one of artifactBucket and crossRegionReplicationBuckets', () => { @@ -745,7 +739,6 @@ describe('pipeline', () => { ], }); - }); test('allows providing a resource-backed action from a different region directly', () => { @@ -833,7 +826,6 @@ describe('pipeline', () => { 'BucketName': 'replicationstackeplicationbucket2464cd5c33b386483b66', }); - }); }); @@ -977,7 +969,6 @@ describe('pipeline', () => { }, }); - }); test('adds a dependency on the Stack containing a new action Role', () => { @@ -1062,7 +1053,6 @@ describe('pipeline', () => { expect(pipelineStack.dependencies.length).toEqual(1); - }); test('does not add a dependency on the Stack containing an imported action Role', () => { @@ -1140,7 +1130,6 @@ describe('pipeline', () => { expect(pipelineStack.dependencies.length).toEqual(0); - }); }); }); diff --git a/packages/aws-cdk-lib/aws-codepipeline-actions/test/s3/s3-source-action.test.ts b/packages/aws-cdk-lib/aws-codepipeline-actions/test/s3/s3-source-action.test.ts index 3bc96810347ea..1624947404731 100644 --- a/packages/aws-cdk-lib/aws-codepipeline-actions/test/s3/s3-source-action.test.ts +++ b/packages/aws-cdk-lib/aws-codepipeline-actions/test/s3/s3-source-action.test.ts @@ -30,7 +30,6 @@ describe('S3 source Action', () => { Template.fromStack(stack).resourceCountIs('AWS::Events::Rule', 0); - }); test('does not poll for source changes and uses Events for S3Trigger.EVENTS', () => { @@ -55,7 +54,6 @@ describe('S3 source Action', () => { Template.fromStack(stack).resourceCountIs('AWS::Events::Rule', 1); - }); test('polls for source changes and does not use Events for S3Trigger.POLL', () => { @@ -80,7 +78,6 @@ describe('S3 source Action', () => { Template.fromStack(stack).resourceCountIs('AWS::Events::Rule', 0); - }); test('does not poll for source changes and does not use Events for S3Trigger.NONE', () => { @@ -118,7 +115,6 @@ describe('S3 source Action', () => { }); }).toThrow(/Property bucketKey cannot be an empty string/); - }); test('allows using the same bucket with events trigger mutliple times with different bucket paths', () => { @@ -138,7 +134,6 @@ describe('S3 source Action', () => { output: new codepipeline.Artifact(), })); - }); test('throws an error if the same bucket and path with trigger = Events are added to the same pipeline twice', () => { diff --git a/packages/aws-cdk-lib/aws-codepipeline-actions/test/servicecatalog/servicecatalog-deploy-action-beta1.test.ts b/packages/aws-cdk-lib/aws-codepipeline-actions/test/servicecatalog/servicecatalog-deploy-action-beta1.test.ts index 5077d549752bb..cee8f139e117f 100644 --- a/packages/aws-cdk-lib/aws-codepipeline-actions/test/servicecatalog/servicecatalog-deploy-action-beta1.test.ts +++ b/packages/aws-cdk-lib/aws-codepipeline-actions/test/servicecatalog/servicecatalog-deploy-action-beta1.test.ts @@ -51,7 +51,6 @@ describe('ServiceCatalog Deploy Action', () => { ]), }); - }); test('deployment without a description works successfully', () => { // GIVEN @@ -95,7 +94,6 @@ describe('ServiceCatalog Deploy Action', () => { ]), }); - }); }); diff --git a/packages/aws-cdk-lib/aws-codepipeline-actions/test/stepfunctions/stepfunctions-invoke-actions.test.ts b/packages/aws-cdk-lib/aws-codepipeline-actions/test/stepfunctions/stepfunctions-invoke-actions.test.ts index 2ceb9b0305586..636e6472a8779 100644 --- a/packages/aws-cdk-lib/aws-codepipeline-actions/test/stepfunctions/stepfunctions-invoke-actions.test.ts +++ b/packages/aws-cdk-lib/aws-codepipeline-actions/test/stepfunctions/stepfunctions-invoke-actions.test.ts @@ -59,7 +59,6 @@ describe('StepFunctions Invoke Action', () => { ], })); - }); test('Allows the pipeline to invoke this stepfunction', () => { @@ -84,7 +83,6 @@ describe('StepFunctions Invoke Action', () => { Template.fromStack(stack).resourceCountIs('AWS::IAM::Role', 4); - }); test('Allows the pipeline to describe this stepfunction execution', () => { @@ -140,7 +138,6 @@ describe('StepFunctions Invoke Action', () => { Template.fromStack(stack).resourceCountIs('AWS::IAM::Role', 4); - }); }); diff --git a/packages/aws-cdk-lib/aws-codepipeline/lib/custom-action-registration.ts b/packages/aws-cdk-lib/aws-codepipeline/lib/custom-action-registration.ts index cff4919f6c3b3..428fcbd65fc80 100644 --- a/packages/aws-cdk-lib/aws-codepipeline/lib/custom-action-registration.ts +++ b/packages/aws-cdk-lib/aws-codepipeline/lib/custom-action-registration.ts @@ -2,7 +2,6 @@ import { Construct } from 'constructs'; import { ActionCategory, ActionArtifactBounds } from './action'; import { CfnCustomActionType } from './codepipeline.generated'; - /** * The creation attributes used for defining a configuration property * of a custom Action. diff --git a/packages/aws-cdk-lib/aws-cognito/lib/user-pool-attr.ts b/packages/aws-cdk-lib/aws-cognito/lib/user-pool-attr.ts index 1418681fe6f9f..0546223838dbc 100644 --- a/packages/aws-cdk-lib/aws-cognito/lib/user-pool-attr.ts +++ b/packages/aws-cdk-lib/aws-cognito/lib/user-pool-attr.ts @@ -480,7 +480,6 @@ export interface StandardAttributesMask { readonly phoneNumberVerified?: boolean; } - /** * A set of attributes, useful to set Read and Write attributes */ diff --git a/packages/aws-cdk-lib/aws-cognito/lib/user-pool-email.ts b/packages/aws-cdk-lib/aws-cognito/lib/user-pool-email.ts index f605a9c84c32e..6b4eedfb0f6ef 100644 --- a/packages/aws-cdk-lib/aws-cognito/lib/user-pool-email.ts +++ b/packages/aws-cdk-lib/aws-cognito/lib/user-pool-email.ts @@ -128,7 +128,6 @@ export abstract class UserPoolEmail { return new SESEmail(options); } - /** * Returns the email configuration for a Cognito UserPool * that controls how Cognito will send emails diff --git a/packages/aws-cdk-lib/aws-cognito/lib/user-pool-resource-server.ts b/packages/aws-cdk-lib/aws-cognito/lib/user-pool-resource-server.ts index 992cd469e5191..8ec01eb4a6597 100644 --- a/packages/aws-cdk-lib/aws-cognito/lib/user-pool-resource-server.ts +++ b/packages/aws-cdk-lib/aws-cognito/lib/user-pool-resource-server.ts @@ -49,7 +49,6 @@ export class ResourceServerScope { } } - /** * Options to create a UserPoolResourceServer */ diff --git a/packages/aws-cdk-lib/aws-ec2/lib/machine-image/amazon-linux-2023.ts b/packages/aws-cdk-lib/aws-ec2/lib/machine-image/amazon-linux-2023.ts index 538ccc1a14e8e..d00bad8d84c96 100644 --- a/packages/aws-cdk-lib/aws-ec2/lib/machine-image/amazon-linux-2023.ts +++ b/packages/aws-cdk-lib/aws-ec2/lib/machine-image/amazon-linux-2023.ts @@ -47,7 +47,6 @@ export interface AmazonLinux2023ImageSsmParameterProps extends AmazonLinuxImageS readonly kernel?: AmazonLinux2023Kernel; } - /** * A SSM Parameter that contains the AMI ID for Amazon Linux 2023 */ diff --git a/packages/aws-cdk-lib/aws-ec2/lib/machine-image/machine-image.ts b/packages/aws-cdk-lib/aws-ec2/lib/machine-image/machine-image.ts index c5064c4dbd10b..48c617f7e51df 100644 --- a/packages/aws-cdk-lib/aws-ec2/lib/machine-image/machine-image.ts +++ b/packages/aws-cdk-lib/aws-ec2/lib/machine-image/machine-image.ts @@ -11,7 +11,6 @@ import * as cxapi from '../../../cx-api'; import { UserData } from '../user-data'; import { WindowsVersion } from '../windows-versions'; - /** * Factory functions for standard Amazon Machine Image objects. */ @@ -329,7 +328,6 @@ export class WindowsImage extends GenericSSMParameterImage { } } - /** * Amazon Linux image properties */ @@ -476,7 +474,6 @@ export class AmazonLinuxImage extends GenericSSMParameterImage { } } - /** * Amazon Linux Kernel */ diff --git a/packages/aws-cdk-lib/aws-ec2/lib/private/ebs-util.ts b/packages/aws-cdk-lib/aws-ec2/lib/private/ebs-util.ts index a443f2bf99191..3152fdb26974a 100644 --- a/packages/aws-cdk-lib/aws-ec2/lib/private/ebs-util.ts +++ b/packages/aws-cdk-lib/aws-ec2/lib/private/ebs-util.ts @@ -51,7 +51,6 @@ function synthesizeBlockDeviceMappings(construct: Construct, blockDevic finalEbs = undefined; } - const noDevice = mappingEnabled === false ? noDeviceValue : undefined; return { deviceName, ebs: finalEbs, virtualName, noDevice } as any; }); diff --git a/packages/aws-cdk-lib/aws-ec2/lib/vpc-flow-logs.ts b/packages/aws-cdk-lib/aws-ec2/lib/vpc-flow-logs.ts index 0f08bd85f59fc..ac74548f8742b 100644 --- a/packages/aws-cdk-lib/aws-ec2/lib/vpc-flow-logs.ts +++ b/packages/aws-cdk-lib/aws-ec2/lib/vpc-flow-logs.ts @@ -151,7 +151,6 @@ export interface S3DestinationOptions { */ export interface DestinationOptions extends S3DestinationOptions { } - /** * The destination type for the flow log */ diff --git a/packages/aws-cdk-lib/aws-ec2/lib/vpc.ts b/packages/aws-cdk-lib/aws-ec2/lib/vpc.ts index 4d545840a63cd..66bf4ae09ab98 100644 --- a/packages/aws-cdk-lib/aws-ec2/lib/vpc.ts +++ b/packages/aws-cdk-lib/aws-ec2/lib/vpc.ts @@ -1468,7 +1468,6 @@ export class Vpc extends VpcBase { this.availabilityZones.push(FAKE_AZ_NAME); } - this.vpcId = this.resource.ref; this.vpcArn = Arn.format({ service: 'ec2', diff --git a/packages/aws-cdk-lib/aws-ec2/test/bastion-host.test.ts b/packages/aws-cdk-lib/aws-ec2/test/bastion-host.test.ts index 887c1761bcaa3..51f9faff2ef41 100644 --- a/packages/aws-cdk-lib/aws-ec2/test/bastion-host.test.ts +++ b/packages/aws-cdk-lib/aws-ec2/test/bastion-host.test.ts @@ -19,7 +19,6 @@ describe('bastion host', () => { SubnetId: { Ref: 'VPCPrivateSubnet1Subnet8BCA10E0' }, }); - }); test('default instance is created in isolated vpc', () => { // GIVEN @@ -44,7 +43,6 @@ describe('bastion host', () => { SubnetId: { Ref: 'VPCIsolatedSubnet1SubnetEBD00FC6' }, }); - }); test('ebs volume is encrypted', () => { // GIVEN @@ -82,7 +80,6 @@ describe('bastion host', () => { ], }); - }); test('x86-64 instances use x86-64 image by default', () => { // GIVEN @@ -101,7 +98,6 @@ describe('bastion host', () => { }, }); - }); test('arm instances use arm image by default', () => { // GIVEN @@ -121,7 +117,6 @@ describe('bastion host', () => { }, }); - }); test('add CloudFormation Init to instance', () => { diff --git a/packages/aws-cdk-lib/aws-ec2/test/connections.test.ts b/packages/aws-cdk-lib/aws-ec2/test/connections.test.ts index adb3b1b71a65c..ef8bdba0e3dda 100644 --- a/packages/aws-cdk-lib/aws-ec2/test/connections.test.ts +++ b/packages/aws-cdk-lib/aws-ec2/test/connections.test.ts @@ -60,7 +60,6 @@ describe('connections', () => { ToPort: 65535, }); - }); test('security groups added to connections after rule still gets rule', () => { @@ -102,7 +101,6 @@ describe('connections', () => { ], }); - }); test('when security groups are added to target they also get the rule', () => { @@ -135,7 +133,6 @@ describe('connections', () => { ToPort: 88, }); - }); test('multiple security groups allows internally between them', () => { @@ -165,7 +162,6 @@ describe('connections', () => { ToPort: 88, }); - }); test('can establish cross stack Security Group connections - allowFrom', () => { @@ -196,7 +192,6 @@ describe('connections', () => { DestinationSecurityGroupId: { 'Fn::GetAtt': ['SecurityGroupDD263621', 'GroupId'] }, }); - }); test('can establish cross stack Security Group connections - allowTo', () => { @@ -227,7 +222,6 @@ describe('connections', () => { DestinationSecurityGroupId: { 'Fn::ImportValue': 'Stack1:ExportsOutputFnGetAttSecurityGroupDD263621GroupIdDF6F8B09' }, }); - }); test('can establish multiple cross-stack SGs', () => { @@ -260,7 +254,6 @@ describe('connections', () => { DestinationSecurityGroupId: { 'Fn::GetAtt': ['SecurityGroupDD263621', 'GroupId'] }, }); - }); test('Imported SecurityGroup does not create egress rule', () => { // GIVEN @@ -287,7 +280,6 @@ describe('connections', () => { // THEN: rule to imported security group to allow connections from generated Template.fromStack(stack).resourceCountIs('AWS::EC2::SecurityGroupEgress', 0); - }); test('Imported SecurityGroup with allowAllOutbound: false DOES create egress rule', () => { // GIVEN @@ -323,7 +315,6 @@ describe('connections', () => { ToPort: 65535, }); - }); }); diff --git a/packages/aws-cdk-lib/aws-ec2/test/import-certificates-handler/index.ts b/packages/aws-cdk-lib/aws-ec2/test/import-certificates-handler/index.ts index 846af4be6bcc3..8d89d4c8d8b5f 100644 --- a/packages/aws-cdk-lib/aws-ec2/test/import-certificates-handler/index.ts +++ b/packages/aws-cdk-lib/aws-ec2/test/import-certificates-handler/index.ts @@ -24,7 +24,6 @@ export async function handler(event: AWSLambda.CloudFormationCustomResourceEvent }).promise(); } - return { Data: { ServerCertificateArn: serverImport?.CertificateArn, diff --git a/packages/aws-cdk-lib/aws-ec2/test/instance.test.ts b/packages/aws-cdk-lib/aws-ec2/test/instance.test.ts index 8684d5d403fd6..16ccd3bd75f21 100644 --- a/packages/aws-cdk-lib/aws-ec2/test/instance.test.ts +++ b/packages/aws-cdk-lib/aws-ec2/test/instance.test.ts @@ -44,7 +44,6 @@ describe('instance', () => { SourceDestCheck: false, }); - }); test('instance is grantable', () => { // GIVEN @@ -99,7 +98,6 @@ describe('instance', () => { }, }); - }); test('instance architecture is correctly discerned for arm instances', () => { // GIVEN @@ -116,7 +114,6 @@ describe('instance', () => { expect(instanceType.architecture).toBe(InstanceArchitecture.ARM_64); } - }); test('instance architecture is correctly discerned for x86-64 instance', () => { // GIVEN @@ -130,7 +127,6 @@ describe('instance', () => { expect(instanceType.architecture).toBe(InstanceArchitecture.X86_64); } - }); test('instances with local NVME drive are correctly named', () => { @@ -174,7 +170,6 @@ describe('instance', () => { expect(() => instanceType.architecture).toThrow('Malformed instance type identifier'); } - }); test('can propagate EBS volume tags', () => { // WHEN @@ -296,7 +291,6 @@ describe('instance', () => { ], }); - }); test('throws if ephemeral volumeIndex < 0', () => { @@ -313,7 +307,6 @@ describe('instance', () => { }); }).toThrow(/volumeIndex must be a number starting from 0/); - }); test('throws if volumeType === IO1 without iops', () => { @@ -409,7 +402,6 @@ describe('instance', () => { PrivateIpAddress: '10.0.0.2', }); - }); test('instance requires IMDSv2', () => { @@ -643,7 +635,6 @@ test('sameInstanceClassAs compares InstanceTypes correctly regardless of size', expect(largerInstanceType.sameInstanceClassAs(comparitor)).toBeTruthy(); }); - test('sameInstanceClassAs compares different InstanceTypes correctly', () => { // GIVEN const comparitor = InstanceType.of(InstanceClass.C4, InstanceSize.LARGE); diff --git a/packages/aws-cdk-lib/aws-ec2/test/ip-addresses.test.ts b/packages/aws-cdk-lib/aws-ec2/test/ip-addresses.test.ts index 9ab1bd60b5911..e443f5fddd670 100644 --- a/packages/aws-cdk-lib/aws-ec2/test/ip-addresses.test.ts +++ b/packages/aws-cdk-lib/aws-ec2/test/ip-addresses.test.ts @@ -289,7 +289,6 @@ describe('AwsIpam Vpc Integration', () => { }); }); - test('AwsIpam provides the correct Subnet allocation to the Vpc', () => { const stack = new Stack(); diff --git a/packages/aws-cdk-lib/aws-ec2/test/placement-group.test.ts b/packages/aws-cdk-lib/aws-ec2/test/placement-group.test.ts index 4f6d4261c39e9..c286974f7aab1 100644 --- a/packages/aws-cdk-lib/aws-ec2/test/placement-group.test.ts +++ b/packages/aws-cdk-lib/aws-ec2/test/placement-group.test.ts @@ -2,7 +2,6 @@ import { Template } from '../../assertions'; import { Stack } from '../../core'; import { PlacementGroup, PlacementGroupSpreadLevel, PlacementGroupStrategy } from '../lib'; - test('can configure empty placement group', () => { // GIVEN const stack = new Stack(); diff --git a/packages/aws-cdk-lib/aws-ec2/test/security-group.test.ts b/packages/aws-cdk-lib/aws-ec2/test/security-group.test.ts index 2248e818f35a0..1fc998a758617 100644 --- a/packages/aws-cdk-lib/aws-ec2/test/security-group.test.ts +++ b/packages/aws-cdk-lib/aws-ec2/test/security-group.test.ts @@ -100,7 +100,6 @@ describe('security group', () => { ], }); - }); test('security group disallow outbound traffic by default', () => { @@ -124,7 +123,6 @@ describe('security group', () => { ], }); - }); test('bogus outbound rule disappears if another rule is added', () => { @@ -267,7 +265,6 @@ describe('security group', () => { // THEN -- no crash - }); test('can add multiple rules using tokens on same security group', () => { @@ -321,7 +318,6 @@ describe('security group', () => { expect(range.canInlineRule).toEqual(false); } - }); describe('Peer IP CIDR validation', () => { @@ -334,7 +330,6 @@ describe('security group', () => { expect(Peer.ipv4(cidrIp).uniqueId).toEqual(cidrIp); } - }); test('passes with unresolved IP CIDR token', () => { @@ -343,7 +338,6 @@ describe('security group', () => { // THEN: don't throw - }); test('throws if invalid IPv4 CIDR block', () => { @@ -352,7 +346,6 @@ describe('security group', () => { Peer.ipv4('invalid'); }).toThrow(/Invalid IPv4 CIDR/); - }); test('throws if missing mask in IPv4 CIDR block', () => { @@ -360,7 +353,6 @@ describe('security group', () => { Peer.ipv4('0.0.0.0'); }).toThrow(/CIDR mask is missing in IPv4/); - }); test('passes with valid IPv6 CIDR block', () => { @@ -377,7 +369,6 @@ describe('security group', () => { expect(Peer.ipv6(cidrIp).uniqueId).toEqual(cidrIp); } - }); test('throws if invalid IPv6 CIDR block', () => { @@ -386,7 +377,6 @@ describe('security group', () => { Peer.ipv6('invalid'); }).toThrow(/Invalid IPv6 CIDR/); - }); test('throws if missing mask in IPv6 CIDR block', () => { @@ -394,7 +384,6 @@ describe('security group', () => { Peer.ipv6('::'); }).toThrow(/IDR mask is missing in IPv6/); - }); }); @@ -440,7 +429,6 @@ describe('security group', () => { Peer.securityGroupId('invalid'); }).toThrow(/Invalid security group ID/); - }); test('throws if invalid source security group id', () => { @@ -803,7 +791,6 @@ function testRulesAreInlined(contextDisableInlineRules: boolean | undefined | nu Template.fromStack(stack).resourceCountIs('AWS::EC2::SecurityGroupIngress', 0); Template.fromStack(stack).resourceCountIs('AWS::EC2::SecurityGroupIngress', 0); - }); test('addEgressRule rule will add a new inline egress rule and remove the denyAllTraffic rule', () => { // GIVEN @@ -877,7 +864,6 @@ function testRulesAreInlined(contextDisableInlineRules: boolean | undefined | nu }; - function testRulesAreNotInlined(contextDisableInlineRules: boolean | undefined | null, optionsDisableInlineRules: boolean | undefined) { describe('When allowAllOutbound', () => { diff --git a/packages/aws-cdk-lib/aws-ec2/test/userdata.test.ts b/packages/aws-cdk-lib/aws-ec2/test/userdata.test.ts index c9e7932e6ffa7..5ec5432e81edd 100644 --- a/packages/aws-cdk-lib/aws-ec2/test/userdata.test.ts +++ b/packages/aws-cdk-lib/aws-ec2/test/userdata.test.ts @@ -443,7 +443,6 @@ describe('user data', () => { { 'Fn::Base64': '#!/bin/bash\necho \"Hello world\"' }, ]); - }); test('Default parts separator used, if not specified', () => { @@ -469,7 +468,6 @@ describe('user data', () => { '', ].join('\n')); - }); test('Non-default parts separator used, if not specified', () => { @@ -497,7 +495,6 @@ describe('user data', () => { '', ].join('\n')); - }); test('Multipart separator validation', () => { @@ -513,7 +510,6 @@ describe('user data', () => { }); }).toThrow(/Invalid characters in separator/)); - }); test('Multipart user data throws when adding on exit commands', () => { diff --git a/packages/aws-cdk-lib/aws-ec2/test/vpc-endpoint-service.test.ts b/packages/aws-cdk-lib/aws-ec2/test/vpc-endpoint-service.test.ts index 1785f80bf1b9a..fc6efed5f22fe 100644 --- a/packages/aws-cdk-lib/aws-ec2/test/vpc-endpoint-service.test.ts +++ b/packages/aws-cdk-lib/aws-ec2/test/vpc-endpoint-service.test.ts @@ -72,7 +72,6 @@ describe('vpc endpoint service', () => { AllowedPrincipals: ['arn:aws:iam::123456789012:root'], }); - }); test('with acceptance requried', () => { @@ -100,7 +99,6 @@ describe('vpc endpoint service', () => { AllowedPrincipals: ['arn:aws:iam::123456789012:root'], }); - }); }); }); diff --git a/packages/aws-cdk-lib/aws-ec2/test/vpc-endpoint.test.ts b/packages/aws-cdk-lib/aws-ec2/test/vpc-endpoint.test.ts index 898cecb1d2fba..dc7265357dc9c 100644 --- a/packages/aws-cdk-lib/aws-ec2/test/vpc-endpoint.test.ts +++ b/packages/aws-cdk-lib/aws-ec2/test/vpc-endpoint.test.ts @@ -46,7 +46,6 @@ describe('vpc endpoint', () => { VpcEndpointType: 'Gateway', }); - }); test('routing on private and public subnets', () => { @@ -104,7 +103,6 @@ describe('vpc endpoint', () => { VpcEndpointType: 'Gateway', }); - }); test('add statements to policy', () => { @@ -140,7 +138,6 @@ describe('vpc endpoint', () => { }, }); - }); test('throws when adding a statement without a principal', () => { @@ -157,7 +154,6 @@ describe('vpc endpoint', () => { resources: ['*'], }))).toThrow(/`Principal`/); - }); test('import/export', () => { @@ -192,7 +188,6 @@ describe('vpc endpoint', () => { VpcEndpointType: 'Gateway', }); - }); test('throws with an imported vpc without route tables ids', () => { @@ -206,7 +201,6 @@ describe('vpc endpoint', () => { expect(() => vpc.addGatewayEndpoint('Gateway', { service: GatewayVpcEndpointAwsService.S3 })).toThrow(/route table/); - }); }); @@ -265,7 +259,6 @@ describe('vpc endpoint', () => { }, }); - }); describe('interface endpoint retains service name in shortName property', () => { @@ -293,7 +286,6 @@ describe('vpc endpoint', () => { }); }); - test('import/export', () => { // GIVEN const stack2 = new Stack(); @@ -312,7 +304,6 @@ describe('vpc endpoint', () => { }); expect(importedEndpoint.vpcEndpointId).toEqual('vpc-endpoint-id'); - }); test('import/export without security group', () => { @@ -330,7 +321,6 @@ describe('vpc endpoint', () => { expect(importedEndpoint.vpcEndpointId).toEqual('vpc-endpoint-id'); expect(importedEndpoint.connections.securityGroups.length).toEqual(0); - }); test('with existing security groups', () => { @@ -349,7 +339,6 @@ describe('vpc endpoint', () => { SecurityGroupIds: ['existing-id'], }); - }); test('with existing security groups for efs', () => { // GIVEN @@ -367,7 +356,6 @@ describe('vpc endpoint', () => { SecurityGroupIds: ['existing-id'], }); - }); test('security group has ingress by default', () => { // GIVEN @@ -391,7 +379,6 @@ describe('vpc endpoint', () => { ], }); - }); test('non-AWS service interface endpoint', () => { // GIVEN @@ -409,7 +396,6 @@ describe('vpc endpoint', () => { PrivateDnsEnabled: false, }); - }); test('marketplace partner service interface endpoint', () => { // GIVEN @@ -431,7 +417,6 @@ describe('vpc endpoint', () => { PrivateDnsEnabled: true, }); - }); test('test endpoint service context azs discovered', () => { // GIVEN @@ -477,7 +462,6 @@ describe('vpc endpoint', () => { ], }); - }); test('endpoint service setup with stack AZ context but no endpoint context', () => { // GIVEN @@ -517,7 +501,6 @@ describe('vpc endpoint', () => { ], }); - }); test('test endpoint service context with aws service', () => { // GIVEN @@ -560,7 +543,6 @@ describe('vpc endpoint', () => { ], }); - }); test('lookupSupportedAzs fails if account is unresolved', () => { // GIVEN @@ -647,7 +629,6 @@ describe('vpc endpoint', () => { ServiceName: 'cn.com.amazonaws.cn-north-1.ecr.api', }); - }); test('test vpc interface endpoint with cn.com.amazonaws prefix can be created correctly in cn-northwest-1', () => { //GIVEN @@ -664,7 +645,6 @@ describe('vpc endpoint', () => { ServiceName: 'cn.com.amazonaws.cn-northwest-1.lambda', }); - }); test('test vpc interface endpoint without cn.com.amazonaws prefix can be created correctly in cn-north-1', () => { //GIVEN @@ -681,7 +661,6 @@ describe('vpc endpoint', () => { ServiceName: 'com.amazonaws.cn-north-1.ecs', }); - }); test('test vpc interface endpoint without cn.com.amazonaws prefix can be created correctly in cn-northwest-1', () => { //GIVEN @@ -698,7 +677,6 @@ describe('vpc endpoint', () => { ServiceName: 'com.amazonaws.cn-northwest-1.glue', }); - }); test('test vpc interface endpoint for transcribe can be created correctly in non-china regions', () => { //GIVEN @@ -715,7 +693,6 @@ describe('vpc endpoint', () => { ServiceName: 'com.amazonaws.us-east-1.transcribe', }); - }); test.each([ ['transcribe', InterfaceVpcEndpointAwsService.TRANSCRIBE], diff --git a/packages/aws-cdk-lib/aws-ec2/test/vpc-flow-logs.test.ts b/packages/aws-cdk-lib/aws-ec2/test/vpc-flow-logs.test.ts index 715b3a2f3974a..3a167aa302d65 100644 --- a/packages/aws-cdk-lib/aws-ec2/test/vpc-flow-logs.test.ts +++ b/packages/aws-cdk-lib/aws-ec2/test/vpc-flow-logs.test.ts @@ -621,7 +621,6 @@ test('with custom log format set empty, it not creates with cloudwatch log desti }); - function getTestStack(): Stack { return new Stack(undefined, 'TestStack', { env: { account: '123456789012', region: 'us-east-1' }, diff --git a/packages/aws-cdk-lib/aws-ec2/test/vpc.from-lookup.test.ts b/packages/aws-cdk-lib/aws-ec2/test/vpc.from-lookup.test.ts index 148a63ed6692b..5baa495cb0c5d 100644 --- a/packages/aws-cdk-lib/aws-ec2/test/vpc.from-lookup.test.ts +++ b/packages/aws-cdk-lib/aws-ec2/test/vpc.from-lookup.test.ts @@ -17,7 +17,6 @@ describe('vpc from lookup', () => { }).toThrow('All arguments to Vpc.fromLookup() must be concrete'); - }); test('selecting subnets by name from a looked-up VPC does not throw', () => { @@ -32,7 +31,6 @@ describe('vpc from lookup', () => { // THEN: no exception - }); test('accepts asymmetric subnets', () => { @@ -187,7 +185,6 @@ describe('vpc from lookup', () => { // THEN expect(subnets.subnets.length).toEqual(2); - }); test('don\'t crash when using subnetgroup name in lookup VPC', () => { @@ -207,7 +204,6 @@ describe('vpc from lookup', () => { // THEN -- no exception occurred - }); test('subnets in imported VPC has all expected attributes', () => { const previous = mockVpcContextProviderWith({ @@ -246,7 +242,6 @@ describe('vpc from lookup', () => { expect(subnet.routeTable.routeTableId).toEqual('rt-123'); expect(subnet.ipv4CidrBlock).toEqual('10.100.0.0/24'); - restoreContextProvider(previous); }); diff --git a/packages/aws-cdk-lib/aws-ec2/test/vpc.test.ts b/packages/aws-cdk-lib/aws-ec2/test/vpc.test.ts index 3dc4aa91b644f..fef26c113a68a 100644 --- a/packages/aws-cdk-lib/aws-ec2/test/vpc.test.ts +++ b/packages/aws-cdk-lib/aws-ec2/test/vpc.test.ts @@ -194,7 +194,6 @@ describe('vpc', () => { describe('dns getters correspond to CFN properties', () => { - const inputs = [ { dnsSupport: false, dnsHostnames: false }, // {dnsSupport: false, dnsHostnames: true} - this configuration is illegal so its not part of the permutations. @@ -224,11 +223,9 @@ describe('vpc', () => { expect(input.dnsSupport).toEqual(vpc.dnsSupportEnabled); expect(input.dnsHostnames).toEqual(vpc.dnsHostnamesEnabled); - }); } - }); test('contains the correct number of subnets', () => { @@ -798,7 +795,6 @@ describe('vpc', () => { }); }).toThrow(/make sure you don't configure any PRIVATE/); - }); test('natGateways = 0 succeeds if PRIVATE_WITH_EGRESS subnets configured', () => { @@ -953,7 +949,6 @@ describe('vpc', () => { }, }); - }); test('with a vpn gateway and route propagation on isolated subnets', () => { const stack = getTestStack(); @@ -987,7 +982,6 @@ describe('vpc', () => { }, }); - }); test('with a vpn gateway and route propagation on private and isolated subnets', () => { const stack = getTestStack(); @@ -1034,7 +1028,6 @@ describe('vpc', () => { }, }); - }); test('route propagation defaults to isolated subnets when there are no private subnets', () => { const stack = getTestStack(); @@ -1063,7 +1056,6 @@ describe('vpc', () => { }, }); - }); test('route propagation defaults to public subnets when there are no private/isolated subnets', () => { const stack = getTestStack(); @@ -1091,7 +1083,6 @@ describe('vpc', () => { }, }); - }); test('fails when specifying vpnConnections with vpnGateway set to false', () => { // GIVEN @@ -1107,7 +1098,6 @@ describe('vpc', () => { }, })).toThrow(/`vpnConnections`.+`vpnGateway`.+false/); - }); test('fails when specifying vpnGatewayAsn with vpnGateway set to false', () => { // GIVEN @@ -1118,7 +1108,6 @@ describe('vpc', () => { vpnGatewayAsn: 65000, })).toThrow(/`vpnGatewayAsn`.+`vpnGateway`.+false/); - }); test('Subnets have a defaultChild', () => { @@ -1202,7 +1191,6 @@ describe('vpc', () => { NetworkInterfaceId: 'router-1', }); - }); test('Can add an IPv4 route', () => { // GIVEN @@ -1436,7 +1424,6 @@ describe('vpc', () => { ], }); - }); test('natGateways controls amount of NAT instances', () => { @@ -1495,7 +1482,6 @@ describe('vpc', () => { ], }); - }); test('can configure Security Groups of NAT instances with defaultAllowAll INBOUND_AND_OUTBOUND', () => { @@ -1532,7 +1518,6 @@ describe('vpc', () => { ], }); - }); test('can configure Security Groups of NAT instances with defaultAllowAll OUTBOUND_ONLY', () => { @@ -1562,7 +1547,6 @@ describe('vpc', () => { ], }); - }); test('can configure Security Groups of NAT instances with defaultAllowAll NONE', () => { @@ -1594,7 +1578,6 @@ describe('vpc', () => { ], }); - }); }); @@ -1730,7 +1713,6 @@ describe('vpc', () => { // THEN expect(subnetIds).toEqual(vpc.publicSubnets.map(s => s.subnetId)); - }); test('can select isolated subnets', () => { @@ -1749,7 +1731,6 @@ describe('vpc', () => { // THEN expect(subnetIds).toEqual(vpc.isolatedSubnets.map(s => s.subnetId)); - }); test('can select subnets by name', () => { @@ -1835,7 +1816,6 @@ describe('vpc', () => { vpc.selectSubnets({ subnetGroupName: 'Toot' }); }).toThrow(/There are no subnet groups with name 'Toot' in this VPC. Available names: Public,Private/); - }); test('select subnets with az restriction', () => { @@ -1921,7 +1901,6 @@ describe('vpc', () => { ], }); - }); test('select explicitly defined subnets', () => { diff --git a/packages/aws-cdk-lib/aws-ec2/test/vpn.test.ts b/packages/aws-cdk-lib/aws-ec2/test/vpn.test.ts index 2d0c188169db3..040bd14bb0f11 100644 --- a/packages/aws-cdk-lib/aws-ec2/test/vpn.test.ts +++ b/packages/aws-cdk-lib/aws-ec2/test/vpn.test.ts @@ -36,7 +36,6 @@ describe('vpn', () => { StaticRoutesOnly: false, }); - }); test('with static routing', () => { @@ -82,7 +81,6 @@ describe('vpn', () => { }, }); - }); test('with tunnel options, using secret value', () => { @@ -165,7 +163,6 @@ describe('vpn', () => { }, })).toThrow(/`ip`.+IPv4/); - }); test('fails when specifying more than two tunnel options', () => { @@ -191,7 +188,6 @@ describe('vpn', () => { }, })).toThrow(/two.+`tunnelOptions`/); - }); test('fails with duplicate tunnel inside cidr', () => { @@ -214,7 +210,6 @@ describe('vpn', () => { }, })).toThrow(/`tunnelInsideCidr`.+both tunnels/); - }); testDeprecated('fails when specifying an invalid pre-shared key', () => { @@ -234,7 +229,6 @@ describe('vpn', () => { }, })).toThrow(/`preSharedKey`/); - }); test('fails when specifying a reserved tunnel inside cidr', () => { @@ -254,7 +248,6 @@ describe('vpn', () => { }, })).toThrow(/`tunnelInsideCidr`.+reserved/); - }); test('fails when specifying an invalid tunnel inside cidr', () => { @@ -274,7 +267,6 @@ describe('vpn', () => { }, })).toThrow(/`tunnelInsideCidr`.+size/); - }); test('can use metricTunnelState on a vpn connection', () => { @@ -298,7 +290,6 @@ describe('vpn', () => { statistic: 'Average', }); - }); test('can import a vpn connection from attributes', () => { @@ -355,7 +346,6 @@ describe('vpn', () => { statistic: 'Sum', }); - }); test('fails when enabling vpnGateway without having subnets', () => { @@ -367,7 +357,6 @@ describe('vpn', () => { subnetConfiguration: [], })).toThrow(/VPN gateway/); - }); test('can add a vpn connection later to a vpc that initially had no subnets', () => { diff --git a/packages/aws-cdk-lib/aws-ecr-assets/test/tarball-asset.test.ts b/packages/aws-cdk-lib/aws-ecr-assets/test/tarball-asset.test.ts index 539225661f54b..27620c2580e97 100644 --- a/packages/aws-cdk-lib/aws-ecr-assets/test/tarball-asset.test.ts +++ b/packages/aws-cdk-lib/aws-ecr-assets/test/tarball-asset.test.ts @@ -9,7 +9,6 @@ import { TarballImageAsset } from '../lib'; /* eslint-disable quote-props */ - describe('image asset', () => { const tarballFile = path.join(__dirname, 'demo-tarball', 'empty.tar'); test('test instantiating Asset Image', () => { diff --git a/packages/aws-cdk-lib/aws-ecs-patterns/lib/base/fargate-service-base.ts b/packages/aws-cdk-lib/aws-ecs-patterns/lib/base/fargate-service-base.ts index 618f556744800..823640674fd59 100644 --- a/packages/aws-cdk-lib/aws-ecs-patterns/lib/base/fargate-service-base.ts +++ b/packages/aws-cdk-lib/aws-ecs-patterns/lib/base/fargate-service-base.ts @@ -1,6 +1,5 @@ import { FargatePlatformVersion, FargateTaskDefinition, RuntimePlatform } from '../../../aws-ecs'; - export interface FargateServiceBaseProps { /** * The task definition to use for tasks in the service. TaskDefinition or TaskImageOptions must be specified, but not both. diff --git a/packages/aws-cdk-lib/aws-ecs-patterns/test/ec2/l3s-v2.test.ts b/packages/aws-cdk-lib/aws-ecs-patterns/test/ec2/l3s-v2.test.ts index a6ae25547b32f..25afeb033eebf 100644 --- a/packages/aws-cdk-lib/aws-ecs-patterns/test/ec2/l3s-v2.test.ts +++ b/packages/aws-cdk-lib/aws-ecs-patterns/test/ec2/l3s-v2.test.ts @@ -965,7 +965,6 @@ describe('When Network Load Balancer', () => { }); }); - test('Assert EnableExecuteCommand is missing if not set', () => { // GIVEN const stack = new Stack(); diff --git a/packages/aws-cdk-lib/aws-ecs-patterns/test/ec2/l3s.test.ts b/packages/aws-cdk-lib/aws-ecs-patterns/test/ec2/l3s.test.ts index 799ba8a210449..74dd37aea2f5c 100644 --- a/packages/aws-cdk-lib/aws-ecs-patterns/test/ec2/l3s.test.ts +++ b/packages/aws-cdk-lib/aws-ecs-patterns/test/ec2/l3s.test.ts @@ -1112,7 +1112,6 @@ test('idletime is undefined when not set for multiAlbService', () => { }); }); - test('test Fargate loadbalanced construct with optional log driver input', () => { // GIVEN const stack = new cdk.Stack(); diff --git a/packages/aws-cdk-lib/aws-ecs-patterns/test/ec2/queue-processing-ecs-service.test.ts b/packages/aws-cdk-lib/aws-ecs-patterns/test/ec2/queue-processing-ecs-service.test.ts index b0f79d178a404..7be7e67aa95c5 100644 --- a/packages/aws-cdk-lib/aws-ecs-patterns/test/ec2/queue-processing-ecs-service.test.ts +++ b/packages/aws-cdk-lib/aws-ecs-patterns/test/ec2/queue-processing-ecs-service.test.ts @@ -188,7 +188,6 @@ test('test ECS queue worker service construct - with ECS Exec', () => { enableExecuteCommand: true, }); - // THEN // ECS Exec Template.fromStack(stack).hasResourceProperties('AWS::ECS::Service', { diff --git a/packages/aws-cdk-lib/aws-ecs-patterns/test/fargate/load-balanced-fargate-service-v2.test.ts b/packages/aws-cdk-lib/aws-ecs-patterns/test/fargate/load-balanced-fargate-service-v2.test.ts index 509cb09502939..a84159c14dbee 100644 --- a/packages/aws-cdk-lib/aws-ecs-patterns/test/fargate/load-balanced-fargate-service-v2.test.ts +++ b/packages/aws-cdk-lib/aws-ecs-patterns/test/fargate/load-balanced-fargate-service-v2.test.ts @@ -6,7 +6,6 @@ import { CompositePrincipal, Role, ServicePrincipal } from '../../../aws-iam'; import { Duration, Stack } from '../../../core'; import { ApplicationLoadBalancedFargateService, ApplicationMultipleTargetGroupsFargateService, NetworkLoadBalancedFargateService, NetworkMultipleTargetGroupsFargateService } from '../../lib'; - const enableExecuteCommandPermissions = { Statement: [ { @@ -588,7 +587,6 @@ describe('When Network Load Balancer', () => { ServiceName: 'myService', }); - Template.fromStack(stack).hasResourceProperties('AWS::ECS::TaskDefinition', { ContainerDefinitions: [ { @@ -708,7 +706,6 @@ describe('When Network Load Balancer', () => { ], }); - // ECS Exec Template.fromStack(stack).hasResourceProperties('AWS::IAM::Policy', { PolicyDocument: enableExecuteCommandPermissions, @@ -811,7 +808,6 @@ describe('When Network Load Balancer', () => { }, }); - new NetworkMultipleTargetGroupsFargateService(stack, 'NLBService', { cluster: cluster, memoryLimitMiB: 1024, diff --git a/packages/aws-cdk-lib/aws-ecs-patterns/test/fargate/load-balanced-fargate-service.test.ts b/packages/aws-cdk-lib/aws-ecs-patterns/test/fargate/load-balanced-fargate-service.test.ts index a11f62b59544c..cf1425bb5fa3e 100644 --- a/packages/aws-cdk-lib/aws-ecs-patterns/test/fargate/load-balanced-fargate-service.test.ts +++ b/packages/aws-cdk-lib/aws-ecs-patterns/test/fargate/load-balanced-fargate-service.test.ts @@ -698,7 +698,6 @@ test('setting ALB record type to NONE correctly omits the recordset', () => { Template.fromStack(stack).resourceCountIs('AWS::Route53::RecordSet', 0); }); - test('setting NLB cname option correctly sets the recordset type', () => { // GIVEN const stack = new cdk.Stack(); @@ -1164,7 +1163,6 @@ test('ApplicationLoadBalancedFargateService multiple capacity provider strategie }); }); - test('NetworkLoadBalancedFargateService multiple capacity provider strategies are set', () => { // GIVEN const stack = new cdk.Stack(); diff --git a/packages/aws-cdk-lib/aws-ecs/lib/amis.ts b/packages/aws-cdk-lib/aws-ecs/lib/amis.ts index 54c5aa12fc5fb..7069cf43644c5 100644 --- a/packages/aws-cdk-lib/aws-ecs/lib/amis.ts +++ b/packages/aws-cdk-lib/aws-ecs/lib/amis.ts @@ -27,7 +27,6 @@ export enum AmiHardwareType { ARM = 'ARM64', } - /** * ECS-optimized Windows version list */ diff --git a/packages/aws-cdk-lib/aws-ecs/lib/base/task-definition.ts b/packages/aws-cdk-lib/aws-ecs/lib/base/task-definition.ts index 3e595c907dd63..78fd14f3ce95e 100644 --- a/packages/aws-cdk-lib/aws-ecs/lib/base/task-definition.ts +++ b/packages/aws-cdk-lib/aws-ecs/lib/base/task-definition.ts @@ -46,7 +46,6 @@ export interface ITaskDefinition extends IResource { */ readonly isExternalCompatible: boolean; - /** * The networking mode to use for the containers in the task. */ @@ -757,7 +756,6 @@ export class TaskDefinition extends TaskDefinitionBase { } }); - return ret; } diff --git a/packages/aws-cdk-lib/aws-ecs/lib/container-definition.ts b/packages/aws-cdk-lib/aws-ecs/lib/container-definition.ts index 7b92134619b3b..ab7a5f88f3ef2 100644 --- a/packages/aws-cdk-lib/aws-ecs/lib/container-definition.ts +++ b/packages/aws-cdk-lib/aws-ecs/lib/container-definition.ts @@ -705,7 +705,6 @@ export class ContainerDefinition extends Construct { this._namedPorts.set(pm.name, pm); } - /** * Set HostPort to 0 When netowork mode is Brdige */ @@ -719,7 +718,6 @@ export class ContainerDefinition extends Construct { return newPM; } - /** * Whether this container definition references a specific JSON field of a secret * stored in Secrets Manager. @@ -1172,7 +1170,6 @@ export class PortMap { } - /** * ServiceConnect ValueObjectClass having by ContainerDefinition */ @@ -1244,7 +1241,6 @@ export enum Protocol { UDP = 'udp', } - /** * Service connect app protocol. */ diff --git a/packages/aws-cdk-lib/aws-ecs/lib/runtime-platform.ts b/packages/aws-cdk-lib/aws-ecs/lib/runtime-platform.ts index 84e9b896b01a0..2b454ebd33ceb 100644 --- a/packages/aws-cdk-lib/aws-ecs/lib/runtime-platform.ts +++ b/packages/aws-cdk-lib/aws-ecs/lib/runtime-platform.ts @@ -90,7 +90,6 @@ export class OperatingSystemFamily { private constructor(public readonly _operatingSystemFamily: string) { } } - /** * The interface for Runtime Platform. */ diff --git a/packages/aws-cdk-lib/aws-ecs/test/app-mesh-proxy-configuration.test.ts b/packages/aws-cdk-lib/aws-ecs/test/app-mesh-proxy-configuration.test.ts index 8fc44a55cc19c..203ad1365591b 100644 --- a/packages/aws-cdk-lib/aws-ecs/test/app-mesh-proxy-configuration.test.ts +++ b/packages/aws-cdk-lib/aws-ecs/test/app-mesh-proxy-configuration.test.ts @@ -201,6 +201,5 @@ describe('app mesh proxy configuration', () => { }); }).toThrow(/At least one of ignoredUID or ignoredGID should be specified./); - }); }); diff --git a/packages/aws-cdk-lib/aws-ecs/test/aws-log-driver.test.ts b/packages/aws-cdk-lib/aws-ecs/test/aws-log-driver.test.ts index 8c8a4edf8a46a..dbe8613b854f6 100644 --- a/packages/aws-cdk-lib/aws-ecs/test/aws-log-driver.test.ts +++ b/packages/aws-cdk-lib/aws-ecs/test/aws-log-driver.test.ts @@ -12,7 +12,6 @@ describe('aws log driver', () => { stack = new cdk.Stack(); td = new ecs.FargateTaskDefinition(stack, 'TaskDefinition'); - }); test('create an aws log driver', () => { @@ -145,7 +144,6 @@ describe('aws log driver', () => { streamPrefix: 'hello', })).toThrow(/`logGroup`.*`logRetentionDays`/); - }); test('allows cross-region log group', () => { diff --git a/packages/aws-cdk-lib/aws-ecs/test/cluster.test.ts b/packages/aws-cdk-lib/aws-ecs/test/cluster.test.ts index 714a8a34e7e5d..9494ef243d1b7 100644 --- a/packages/aws-cdk-lib/aws-ecs/test/cluster.test.ts +++ b/packages/aws-cdk-lib/aws-ecs/test/cluster.test.ts @@ -378,7 +378,6 @@ describe('cluster', () => { }, }); - }); testDeprecated('multiple clusters with default capacity', () => { @@ -394,7 +393,6 @@ describe('cluster', () => { }); } - }); testDeprecated('lifecycle hook is automatically added', () => { @@ -533,7 +531,6 @@ describe('cluster', () => { ], }); - }); testDeprecated('lifecycle hook with encrypted SNS is added correctly', () => { @@ -561,7 +558,6 @@ describe('cluster', () => { }, }); - }); testDeprecated('with capacity and cloudmap namespace properties set', () => { @@ -742,7 +738,6 @@ describe('cluster', () => { }, }); - }); }); @@ -761,7 +756,6 @@ describe('cluster', () => { InstanceType: 'm3.large', }); - }); testDeprecated('allows specifying cluster size', () => { @@ -780,7 +774,6 @@ describe('cluster', () => { MaxSize: '3', }); - }); testDeprecated('configures userdata with powershell if windows machine image is specified', () => { @@ -833,7 +826,6 @@ describe('cluster', () => { }, }); - }); /* @@ -869,7 +861,6 @@ describe('cluster', () => { }, }); - }); testDeprecated('errors if amazon linux given with special HW type', () => { @@ -890,7 +881,6 @@ describe('cluster', () => { }); }).toThrow(/Amazon Linux does not support special hardware type/); - }); testDeprecated('allows specifying windows image', () => { @@ -917,7 +907,6 @@ describe('cluster', () => { }, }); - }); testDeprecated('errors if windows given with special HW type', () => { @@ -938,7 +927,6 @@ describe('cluster', () => { }); }).toThrow(/Windows Server does not support special hardware type/); - }); testDeprecated('errors if windowsVersion and linux generation are set', () => { @@ -959,7 +947,6 @@ describe('cluster', () => { }); }).toThrow(/"windowsVersion" and Linux image "generation" cannot be both set/); - }); testDeprecated('allows returning the correct image for windows for EcsOptimizedAmi', () => { @@ -971,7 +958,6 @@ describe('cluster', () => { expect(ami.getImage(stack).osType).toEqual(ec2.OperatingSystemType.WINDOWS); - }); testDeprecated('allows returning the correct image for linux for EcsOptimizedAmi', () => { @@ -983,7 +969,6 @@ describe('cluster', () => { expect(ami.getImage(stack).osType).toEqual(ec2.OperatingSystemType.LINUX); - }); testDeprecated('allows returning the correct image for linux 2 for EcsOptimizedAmi', () => { @@ -995,7 +980,6 @@ describe('cluster', () => { expect(ami.getImage(stack).osType).toEqual(ec2.OperatingSystemType.LINUX); - }); test('allows returning the correct image for linux for EcsOptimizedImage', () => { @@ -1005,7 +989,6 @@ describe('cluster', () => { expect(ecs.EcsOptimizedImage.amazonLinux().getImage(stack).osType).toEqual( ec2.OperatingSystemType.LINUX); - }); test('allows returning the correct image for linux 2 for EcsOptimizedImage', () => { @@ -1015,7 +998,6 @@ describe('cluster', () => { expect(ecs.EcsOptimizedImage.amazonLinux2().getImage(stack).osType).toEqual( ec2.OperatingSystemType.LINUX); - }); test('allows returning the correct image for linux 2 for EcsOptimizedImage with ARM hardware', () => { @@ -1025,10 +1007,8 @@ describe('cluster', () => { expect(ecs.EcsOptimizedImage.amazonLinux2(ecs.AmiHardwareType.ARM).getImage(stack).osType).toEqual( ec2.OperatingSystemType.LINUX); - }); - test('allows returning the correct image for windows for EcsOptimizedImage', () => { // GIVEN const stack = new cdk.Stack(); @@ -1036,7 +1016,6 @@ describe('cluster', () => { expect(ecs.EcsOptimizedImage.windows(ecs.WindowsOptimizedVersion.SERVER_2019).getImage(stack).osType).toEqual( ec2.OperatingSystemType.WINDOWS); - }); test('allows setting cluster ServiceConnectDefaults.Namespace property when useAsServiceConnectDefault is true', () => { @@ -1102,7 +1081,6 @@ describe('cluster', () => { }, }); - }); testDeprecated('allows specifying Amazon Linux v1 AMI', () => { @@ -1133,7 +1111,6 @@ describe('cluster', () => { }, }); - }); testDeprecated('allows specifying windows image v2', () => { @@ -1158,7 +1135,6 @@ describe('cluster', () => { }, }); - }); testDeprecated('allows specifying spot fleet', () => { @@ -1177,7 +1153,6 @@ describe('cluster', () => { SpotPrice: '0.31', }); - }); testDeprecated('allows specifying drain time', () => { @@ -1196,7 +1171,6 @@ describe('cluster', () => { HeartbeatTimeout: 60, }); - }); testDeprecated('allows specifying automated spot draining', () => { @@ -1229,7 +1203,6 @@ describe('cluster', () => { }, }); - }); testDeprecated('allows containers access to instance metadata service', () => { @@ -1261,7 +1234,6 @@ describe('cluster', () => { }, }); - }); testDeprecated('allows adding default service discovery namespace', () => { @@ -1287,7 +1259,6 @@ describe('cluster', () => { }, }); - }); testDeprecated('allows adding public service discovery namespace', () => { @@ -1313,7 +1284,6 @@ describe('cluster', () => { expect(cluster.defaultCloudMapNamespace!.type).toEqual(cloudmap.NamespaceType.DNS_PUBLIC); - }); testDeprecated('throws if default service discovery namespace added more than once', () => { @@ -1338,10 +1308,8 @@ describe('cluster', () => { }); }).toThrow(/Can only add default namespace once./); - }); - test('export/import of a cluster with a namespace', () => { // GIVEN const stack1 = new cdk.Stack(); @@ -1372,7 +1340,6 @@ describe('cluster', () => { // Can retrieve subnets from VPC - will throw 'There are no 'Private' subnets in this VPC. Use a different VPC subnet selection.' if broken. cluster2.vpc.selectSubnets(); - }); test('imported cluster with imported security groups honors allowAllOutbound', () => { @@ -1399,7 +1366,6 @@ describe('cluster', () => { Template.fromStack(stack).resourceCountIs('AWS::EC2::SecurityGroupEgress', 1); - }); test('Metric', () => { @@ -1440,7 +1406,6 @@ describe('cluster', () => { statistic: 'Average', }); - }); testDeprecated('ASG with a public VPC without NAT Gateways', () => { @@ -1578,7 +1543,6 @@ describe('cluster', () => { ], }); - }); test('disable container insights', () => { @@ -1598,7 +1562,6 @@ describe('cluster', () => { ], }); - }); test('default container insights is undefined', () => { @@ -1618,7 +1581,6 @@ describe('cluster', () => { template.Resources.EcsCluster97242B84.Properties.ClusterSettings === undefined, ).toEqual(true); - }); test('BottleRocketImage() returns correct AMI', () => { @@ -1954,7 +1916,6 @@ describe('cluster', () => { CapacityProviders: ['FARGATE_SPOT'], }); - }); test('allows specifying Fargate capacityProviders', () => { @@ -1976,7 +1937,6 @@ describe('cluster', () => { CapacityProviders: ['FARGATE', 'FARGATE_SPOT'], }); - }); test('allows specifying capacityProviders (alternate method)', () => { @@ -1997,7 +1957,6 @@ describe('cluster', () => { CapacityProviders: ['FARGATE', 'FARGATE_SPOT'], }); - }); testDeprecated('allows adding capacityProviders post-construction (deprecated)', () => { @@ -2019,7 +1978,6 @@ describe('cluster', () => { CapacityProviders: ['FARGATE'], }); - }); testDeprecated('allows adding capacityProviders post-construction', () => { @@ -2041,7 +1999,6 @@ describe('cluster', () => { CapacityProviders: ['FARGATE'], }); - }); testDeprecated('throws for unsupported capacity providers', () => { @@ -2055,7 +2012,6 @@ describe('cluster', () => { cluster.addCapacityProvider('HONK'); }).toThrow(/CapacityProvider not supported/); - }); test('creates ASG capacity providers with expected defaults', () => { @@ -2522,7 +2478,6 @@ describe('cluster', () => { }, }); - }); test('throws when no log configuration is provided when logging is set to OVERRIDE', () => { @@ -2539,7 +2494,6 @@ describe('cluster', () => { }); }).toThrow(/Execute command log configuration must only be specified when logging is OVERRIDE./); - }); test('throws when log configuration provided but logging is set to DEFAULT', () => { @@ -2561,7 +2515,6 @@ describe('cluster', () => { }); }).toThrow(/Execute command log configuration must only be specified when logging is OVERRIDE./); - }); test('throws when CloudWatchEncryptionEnabled without providing CloudWatch Logs log group name', () => { @@ -2581,7 +2534,6 @@ describe('cluster', () => { }); }).toThrow(/You must specify a CloudWatch log group in the execute command log configuration to enable CloudWatch encryption./); - }); test('throws when S3EncryptionEnabled without providing S3 Bucket name', () => { @@ -2601,7 +2553,6 @@ describe('cluster', () => { }); }).toThrow(/You must specify an S3 bucket name in the execute command log configuration to enable S3 encryption./); - }); test('When importing ECS Cluster via Arn', () => { @@ -2669,7 +2620,6 @@ test('can add ASG capacity via Capacity Provider by not specifying machineImageT // Add Bottlerocket ASG Capacity Provider cluster.addAsgCapacityProvider(capacityProviderBottlerocket); - // THEN Bottlerocket LaunchConfiguration Template.fromStack(stack).hasResourceProperties('AWS::AutoScaling::LaunchConfiguration', { ImageId: { diff --git a/packages/aws-cdk-lib/aws-ecs/test/container-definition.test.ts b/packages/aws-cdk-lib/aws-ecs/test/container-definition.test.ts index b260f3473ebf6..ca23735204d5f 100644 --- a/packages/aws-cdk-lib/aws-ecs/test/container-definition.test.ts +++ b/packages/aws-cdk-lib/aws-ecs/test/container-definition.test.ts @@ -2161,7 +2161,6 @@ describe('container definition', () => { // THEN expect(taskDefinition.defaultContainer).toEqual( container); - }); test('when the props passed in is not an essential container', () => { diff --git a/packages/aws-cdk-lib/aws-ecs/test/ec2/cross-stack.test.ts b/packages/aws-cdk-lib/aws-ecs/test/ec2/cross-stack.test.ts index 5eb00f13856ca..6670284aaae0a 100644 --- a/packages/aws-cdk-lib/aws-ecs/test/ec2/cross-stack.test.ts +++ b/packages/aws-cdk-lib/aws-ecs/test/ec2/cross-stack.test.ts @@ -37,7 +37,6 @@ describe('cross stack', () => { taskDefinition, }); - }); test('ALB next to Service', () => { @@ -54,7 +53,6 @@ describe('cross stack', () => { expectIngress(stack2); - }); test('ALB next to Cluster', () => { @@ -70,7 +68,6 @@ describe('cross stack', () => { Template.fromStack(stack2).resourceCountIs('AWS::ECS::Service', 1); expectIngress(stack2); - }); test('ALB in its own stack', () => { @@ -87,7 +84,6 @@ describe('cross stack', () => { Template.fromStack(stack2).resourceCountIs('AWS::ECS::Service', 1); expectIngress(stack2); - }); }); diff --git a/packages/aws-cdk-lib/aws-ecs/test/ec2/ec2-service.test.ts b/packages/aws-cdk-lib/aws-ecs/test/ec2/ec2-service.test.ts index 170e8399ff4aa..60a8968adb5a1 100644 --- a/packages/aws-cdk-lib/aws-ecs/test/ec2/ec2-service.test.ts +++ b/packages/aws-cdk-lib/aws-ecs/test/ec2/ec2-service.test.ts @@ -55,7 +55,6 @@ describe('ec2 service', () => { expect(service.node.defaultChild).toBeDefined(); - }); test('allows setting enable execute command', () => { @@ -133,7 +132,6 @@ describe('ec2 service', () => { ], }); - }); test('no logging enabled when logging field is set to NONE', () => { @@ -193,7 +191,6 @@ describe('ec2 service', () => { ], }); - }); test('enables execute command logging when logging field is set to OVERRIDE', () => { @@ -318,7 +315,6 @@ describe('ec2 service', () => { ], }); - }); test('enables only execute command session encryption', () => { @@ -490,7 +486,6 @@ describe('ec2 service', () => { }, }); - }); test('enables encryption for execute command logging', () => { @@ -737,7 +732,6 @@ describe('ec2 service', () => { }, }); - }); test('with custom cloudmap namespace', () => { @@ -805,7 +799,6 @@ describe('ec2 service', () => { }, }); - }); test('with all properties set', () => { @@ -924,7 +917,6 @@ describe('ec2 service', () => { ], }); - }); test('with autoscaling group capacity provider', () => { @@ -1090,7 +1082,6 @@ describe('ec2 service', () => { }, }); - }); test('sets task definition to family when CODE_DEPLOY deployment controller is specified', () => { @@ -1171,7 +1162,6 @@ describe('ec2 service', () => { }); }).toThrow(/Only one of SecurityGroup or SecurityGroups can be populated./); - }); test('throws when task definition is not EC2 compatible', () => { @@ -1196,7 +1186,6 @@ describe('ec2 service', () => { }); }).toThrow(/Supplied TaskDefinition is not configured for compatibility with EC2/); - }); test('ignore task definition and launch type if deployment controller is set to be EXTERNAL', () => { @@ -1234,7 +1223,6 @@ describe('ec2 service', () => { EnableECSManagedTags: false, }); - }); test('add warning to annotations if circuitBreaker is specified with a non-ECS DeploymentControllerType', () => { @@ -1287,7 +1275,6 @@ describe('ec2 service', () => { }); }).toThrow(/Don't supply desiredCount/); - }); test('errors if daemon and maximumPercent not 100', () => { @@ -1312,7 +1299,6 @@ describe('ec2 service', () => { }); }).toThrow(/Maximum percent must be 100 for daemon mode./); - }); test('errors if minimum not less than maximum', () => { @@ -1338,7 +1324,6 @@ describe('ec2 service', () => { }); }).toThrow(/Minimum healthy percent must be less than maximum healthy percent./); - }); test('errors if no container definitions', () => { @@ -1359,7 +1344,6 @@ describe('ec2 service', () => { Template.fromStack(stack); }).toThrow(/one essential container/); - }); test('allows adding the default container after creating the service', () => { @@ -1419,7 +1403,6 @@ describe('ec2 service', () => { }, }); - }); describe('with a TaskDefinition with Bridge network mode', () => { @@ -1621,7 +1604,6 @@ describe('ec2 service', () => { }, }); - }); test('it allows vpcSubnets', () => { @@ -1678,7 +1660,6 @@ describe('ec2 service', () => { }], }); - }); test('with memberOf placement constraints', () => { @@ -1709,7 +1690,6 @@ describe('ec2 service', () => { }], }); - }); test('with spreadAcross container instances strategy', () => { @@ -1741,7 +1721,6 @@ describe('ec2 service', () => { }], }); - }); test('with spreadAcross placement strategy', () => { @@ -1772,7 +1751,6 @@ describe('ec2 service', () => { }], }); - }); test('can turn PlacementStrategy into json format', () => { @@ -1782,7 +1760,6 @@ describe('ec2 service', () => { field: 'attribute:ecs.availability-zone', }]); - }); test('can turn PlacementConstraints into json format', () => { @@ -1791,7 +1768,6 @@ describe('ec2 service', () => { type: 'distinctInstance', }]); - }); test('errors when spreadAcross with no input', () => { @@ -1817,7 +1793,6 @@ describe('ec2 service', () => { service.addPlacementStrategies(PlacementStrategy.spreadAcross()); }).toThrow('spreadAcross: give at least one field to spread by'); - }); test('errors with spreadAcross placement strategy if daemon specified', () => { @@ -1844,7 +1819,6 @@ describe('ec2 service', () => { service.addPlacementStrategies(PlacementStrategy.spreadAcross(ecs.BuiltInAttributes.AVAILABILITY_ZONE)); }); - }); test('with no placement constraints', () => { @@ -1947,7 +1921,6 @@ describe('ec2 service', () => { }], }); - }); test('errors with random placement strategy if daemon specified', () => { @@ -1974,7 +1947,6 @@ describe('ec2 service', () => { service.addPlacementStrategies(PlacementStrategy.randomly()); }).toThrow(); - }); test('with packedbyCpu placement strategy', () => { @@ -2005,7 +1977,6 @@ describe('ec2 service', () => { }], }); - }); test('with packedbyMemory placement strategy', () => { @@ -2036,7 +2007,6 @@ describe('ec2 service', () => { }], }); - }); test('with packedBy placement strategy', () => { @@ -2067,7 +2037,6 @@ describe('ec2 service', () => { }], }); - }); test('errors with packedBy placement strategy if daemon specified', () => { @@ -2163,7 +2132,6 @@ describe('ec2 service', () => { const lb = new elb.LoadBalancer(stack, 'LB', { vpc }); service.attachToClassicLB(lb); - }); test('allows network mode of task definition to be bridge', () => { @@ -2187,7 +2155,6 @@ describe('ec2 service', () => { const lb = new elb.LoadBalancer(stack, 'LB', { vpc }); service.attachToClassicLB(lb); - }); test('throws when network mode of task definition is AwsVpc', () => { @@ -2213,7 +2180,6 @@ describe('ec2 service', () => { service.attachToClassicLB(lb); }).toThrow(/Cannot use a Classic Load Balancer if NetworkMode is AwsVpc. Use Host or Bridge instead./); - }); test('throws when network mode of task definition is none', () => { @@ -2239,7 +2205,6 @@ describe('ec2 service', () => { service.attachToClassicLB(lb); }).toThrow(/Cannot use a Classic Load Balancer if NetworkMode is None. Use Host or Bridge instead./); - }); }); @@ -2269,7 +2234,6 @@ describe('ec2 service', () => { // THEN service.attachToApplicationTargetGroup(targetGroup); - }); test('throws when network mode of task definition is none', () => { @@ -2299,7 +2263,6 @@ describe('ec2 service', () => { service.attachToApplicationTargetGroup(targetGroup); }).toThrow(/Cannot use a load balancer if NetworkMode is None. Use Bridge, Host or AwsVpc instead./); - }); describe('correctly setting ingress and egress port', () => { @@ -2349,7 +2312,6 @@ describe('ec2 service', () => { }); }); - }); test('with bridge/NAT network mode and host port other than 0', () => { @@ -2397,7 +2359,6 @@ describe('ec2 service', () => { }); }); - }); test('with host network mode', () => { @@ -2443,7 +2404,6 @@ describe('ec2 service', () => { ToPort: 8001, }); - }); test('with aws_vpc network mode', () => { @@ -2489,7 +2449,6 @@ describe('ec2 service', () => { ToPort: 8001, }); - }); }); }); @@ -2520,7 +2479,6 @@ describe('ec2 service', () => { // THEN service.attachToNetworkTargetGroup(targetGroup); - }); test('throws when network mode of task definition is none', () => { @@ -2550,7 +2508,6 @@ describe('ec2 service', () => { service.attachToNetworkTargetGroup(targetGroup); }).toThrow(/Cannot use a load balancer if NetworkMode is None. Use Bridge, Host or AwsVpc instead./); - }); }); @@ -2593,7 +2550,6 @@ describe('ec2 service', () => { HealthCheckGracePeriodSeconds: 60, }); - }); test('can attach any container and port as a target', () => { @@ -2632,7 +2588,6 @@ describe('ec2 service', () => { ], }); - }); }); @@ -2663,7 +2618,6 @@ describe('ec2 service', () => { }); }).toThrow(/Cannot enable service discovery if a Cloudmap Namespace has not been created in the cluster./); - }); test('fails to enable Service Discovery with HTTP defaultCloudmapNamespace', () => { @@ -2694,7 +2648,6 @@ describe('ec2 service', () => { }); }).toThrow(/Cannot enable DNS service discovery for HTTP Cloudmap Namespace./); - }); test('throws if network mode is none', () => { @@ -2725,7 +2678,6 @@ describe('ec2 service', () => { }); }).toThrow(/Cannot use a service discovery if NetworkMode is None. Use Bridge, Host or AwsVpc instead./); - }); test('creates AWS Cloud Map service for Private DNS namespace with bridge network mode', () => { @@ -2801,7 +2753,6 @@ describe('ec2 service', () => { }, }); - }); test('creates AWS Cloud Map service for Private DNS namespace with host network mode', () => { @@ -2878,7 +2829,6 @@ describe('ec2 service', () => { }, }); - }); test('throws if wrong DNS record type specified with bridge network mode', () => { @@ -2912,7 +2862,6 @@ describe('ec2 service', () => { }); }).toThrow(/SRV records must be used when network mode is Bridge or Host./); - }); test('creates AWS Cloud Map service for Private DNS namespace with AwsVpc network mode', () => { @@ -2987,7 +2936,6 @@ describe('ec2 service', () => { }, }); - }); test('creates AWS Cloud Map service for Private DNS namespace with AwsVpc network mode with SRV records', () => { @@ -3065,7 +3013,6 @@ describe('ec2 service', () => { }, }); - }); test('user can select any container and port', () => { @@ -3284,7 +3231,6 @@ describe('ec2 service', () => { }); }).toThrow(/another task definition/i); - }); test('throws if SRV and the container port is not mapped', () => { @@ -3319,7 +3265,6 @@ describe('ec2 service', () => { }); }).toThrow(/container port.*not.*mapped/i); - }); }); @@ -3363,7 +3308,6 @@ describe('ec2 service', () => { statistic: 'Average', }); - }); describe('When import an EC2 Service', () => { @@ -3681,7 +3625,6 @@ describe('ec2 service', () => { }); }).toThrow(/only specify either serviceArn or serviceName/); - }); test('throws an exception if neither serviceArn nor serviceName were provided for fromEc2ServiceAttributes', () => { @@ -3695,7 +3638,6 @@ describe('ec2 service', () => { }); }).toThrow(/only specify either serviceArn or serviceName/); - }); }); }); diff --git a/packages/aws-cdk-lib/aws-ecs/test/external/external-service.test.ts b/packages/aws-cdk-lib/aws-ecs/test/external/external-service.test.ts index 3044c9ebf0dc0..68327328ce9f3 100644 --- a/packages/aws-cdk-lib/aws-ecs/test/external/external-service.test.ts +++ b/packages/aws-cdk-lib/aws-ecs/test/external/external-service.test.ts @@ -95,7 +95,6 @@ describe('external service', () => { ServiceName: 'bonjour', }); - }); test('with cloudmap set on cluster, throw error', () => { @@ -128,7 +127,6 @@ describe('external service', () => { serviceName: 'bonjour', })).toThrow('Cloud map integration is not supported for External service' ); - }); test('with multiple security groups, it correctly updates the cfn template', () => { @@ -203,7 +201,6 @@ describe('external service', () => { ], }); - }); test('throws when task definition is not External compatible', () => { @@ -225,7 +222,6 @@ describe('external service', () => { taskDefinition, })).toThrow('Supplied TaskDefinition is not configured for compatibility with ECS Anywhere cluster'); - }); test('errors if minimum not less than maximum', () => { @@ -248,7 +244,6 @@ describe('external service', () => { maxHealthyPercent: 100, })).toThrow('Minimum healthy percent must be less than maximum healthy percent.'); - }); test('error if cloudmap options provided with external service', () => { @@ -520,7 +515,6 @@ describe('external service', () => { containerPort: 8000, })).toThrow('Cloud map service association is not supported for an external service'); - }); test('add warning to annotations if circuitBreaker is specified with a non-ECS DeploymentControllerType', () => { diff --git a/packages/aws-cdk-lib/aws-ecs/test/fargate/fargate-service.test.ts b/packages/aws-cdk-lib/aws-ecs/test/fargate/fargate-service.test.ts index 79a66a928292a..ca6c7409239fd 100644 --- a/packages/aws-cdk-lib/aws-ecs/test/fargate/fargate-service.test.ts +++ b/packages/aws-cdk-lib/aws-ecs/test/fargate/fargate-service.test.ts @@ -572,7 +572,6 @@ describe('fargate service', () => { }); }).toThrow(/Supplied TaskDefinition is not configured for compatibility with Fargate/); - }); test('throws whith secret json field on unsupported platform version', () => { @@ -658,7 +657,6 @@ describe('fargate service', () => { }); }); - test('add warning to annotations if circuitBreaker is specified with a non-ECS DeploymentControllerType', () => { // GIVEN const stack = new cdk.Stack(); diff --git a/packages/aws-cdk-lib/aws-ecs/test/fargate/fargate-task-definition.test.ts b/packages/aws-cdk-lib/aws-ecs/test/fargate/fargate-task-definition.test.ts index 32ee9fe90b084..eb1c280ec69c8 100644 --- a/packages/aws-cdk-lib/aws-ecs/test/fargate/fargate-task-definition.test.ts +++ b/packages/aws-cdk-lib/aws-ecs/test/fargate/fargate-task-definition.test.ts @@ -19,7 +19,6 @@ describe('fargate task definition', () => { Memory: '512', }); - }); test('support lazy cpu and memory values', () => { @@ -37,7 +36,6 @@ describe('fargate task definition', () => { Memory: '1024', }); - }); test('with all properties set', () => { @@ -109,7 +107,6 @@ describe('fargate task definition', () => { ], }); - }); test('throws when adding placement constraint', () => { @@ -122,7 +119,6 @@ describe('fargate task definition', () => { taskDefinition.addPlacementConstraint(ecs.PlacementConstraint.memberOf('attribute:ecs.instance-type =~ t2.*')); }).toThrow(/Cannot set placement constraints on tasks that run on Fargate/); - }); test('throws when adding inference accelerators', () => { @@ -140,7 +136,6 @@ describe('fargate task definition', () => { taskDefinition.addInferenceAccelerator(inferenceAccelerator); }).toThrow(/Cannot use inference accelerators on tasks that run on Fargate/); - }); test('throws when ephemeral storage request is too high', () => { @@ -211,7 +206,6 @@ describe('fargate task definition', () => { expect(taskDefinition.taskRole).toEqual(expectTaskRole); expect(taskDefinition.executionRole).toEqual(expectExecutionRole); - }); test('returns a Fargate TaskDefinition that will throw an error when trying to access its networkMode but its networkMode is undefined', () => { @@ -234,7 +228,6 @@ describe('fargate task definition', () => { }).toThrow('This operation requires the networkMode in ImportedTaskDefinition to be defined. ' + 'Add the \'networkMode\' in ImportedTaskDefinitionProps to instantiate ImportedTaskDefinition'); - }); test('returns a Fargate TaskDefinition that will throw an error when trying to access its taskRole but its taskRole is undefined', () => { diff --git a/packages/aws-cdk-lib/aws-ecs/test/firelens-log-driver.test.ts b/packages/aws-cdk-lib/aws-ecs/test/firelens-log-driver.test.ts index 0d02dc4528cae..8b348bc37a083 100644 --- a/packages/aws-cdk-lib/aws-ecs/test/firelens-log-driver.test.ts +++ b/packages/aws-cdk-lib/aws-ecs/test/firelens-log-driver.test.ts @@ -13,7 +13,6 @@ describe('firelens log driver', () => { stack = new cdk.Stack(); td = new ecs.Ec2TaskDefinition(stack, 'TaskDefinition'); - }); test('create a firelens log driver with default options', () => { // WHEN diff --git a/packages/aws-cdk-lib/aws-ecs/test/gelf-log-driver.test.ts b/packages/aws-cdk-lib/aws-ecs/test/gelf-log-driver.test.ts index 06bbfcb8bd268..0752a84ac39c1 100644 --- a/packages/aws-cdk-lib/aws-ecs/test/gelf-log-driver.test.ts +++ b/packages/aws-cdk-lib/aws-ecs/test/gelf-log-driver.test.ts @@ -11,7 +11,6 @@ describe('gelf log driver', () => { stack = new cdk.Stack(); td = new ecs.Ec2TaskDefinition(stack, 'TaskDefinition'); - }); test('create a gelf log driver with minimum options', () => { diff --git a/packages/aws-cdk-lib/aws-ecs/test/json-file-log-driver.test.ts b/packages/aws-cdk-lib/aws-ecs/test/json-file-log-driver.test.ts index 57dcdfa08f1f7..b8a47e9306a84 100644 --- a/packages/aws-cdk-lib/aws-ecs/test/json-file-log-driver.test.ts +++ b/packages/aws-cdk-lib/aws-ecs/test/json-file-log-driver.test.ts @@ -11,7 +11,6 @@ describe('json file log driver', () => { stack = new cdk.Stack(); td = new ecs.Ec2TaskDefinition(stack, 'TaskDefinition'); - }); test('create a json-file log driver with options', () => { diff --git a/packages/aws-cdk-lib/aws-ecs/test/task-definition.test.ts b/packages/aws-cdk-lib/aws-ecs/test/task-definition.test.ts index f94a1fa17745b..5f50ffe44a59b 100644 --- a/packages/aws-cdk-lib/aws-ecs/test/task-definition.test.ts +++ b/packages/aws-cdk-lib/aws-ecs/test/task-definition.test.ts @@ -291,7 +291,6 @@ describe('task definition', () => { expect(taskDefinition.compatibility).toEqual(ecs.Compatibility.EC2_AND_FARGATE); expect(taskDefinition.executionRole).toEqual(undefined); - }); test('can import a Task Definition using attributes', () => { @@ -323,7 +322,6 @@ describe('task definition', () => { expect(taskDefinition.networkMode).toEqual(expectNetworkMode); expect(taskDefinition.taskRole).toEqual(expectTaskRole); - }); test('returns an imported TaskDefinition that will throw an error when trying to access its yet to defined networkMode', () => { @@ -348,7 +346,6 @@ describe('task definition', () => { }).toThrow('This operation requires the networkMode in ImportedTaskDefinition to be defined. ' + 'Add the \'networkMode\' in ImportedTaskDefinitionProps to instantiate ImportedTaskDefinition'); - }); test('returns an imported TaskDefinition that will throw an error when trying to access its yet to defined taskRole', () => { @@ -371,7 +368,6 @@ describe('task definition', () => { }).toThrow('This operation requires the taskRole in ImportedTaskDefinition to be defined. ' + 'Add the \'taskRole\' in ImportedTaskDefinitionProps to instantiate ImportedTaskDefinition'); - }); }); diff --git a/packages/aws-cdk-lib/aws-eks/lib/cluster-resource-handler/cluster.ts b/packages/aws-cdk-lib/aws-eks/lib/cluster-resource-handler/cluster.ts index 558fbe9884428..c058e47b62c68 100644 --- a/packages/aws-cdk-lib/aws-eks/lib/cluster-resource-handler/cluster.ts +++ b/packages/aws-cdk-lib/aws-eks/lib/cluster-resource-handler/cluster.ts @@ -7,7 +7,6 @@ import { EksClient, ResourceEvent, ResourceHandler } from './common'; import { compareLoggingProps } from './compareLogging'; import { IsCompleteResponse, OnEventResponse } from '../../../custom-resources/lib/provider-framework/types'; - const MAX_CLUSTER_NAME_LEN = 100; export class ClusterResourceHandler extends ResourceHandler { diff --git a/packages/aws-cdk-lib/aws-eks/lib/cluster.ts b/packages/aws-cdk-lib/aws-eks/lib/cluster.ts index 3032d24a2d606..b3ca31040afaf 100644 --- a/packages/aws-cdk-lib/aws-eks/lib/cluster.ts +++ b/packages/aws-cdk-lib/aws-eks/lib/cluster.ts @@ -729,7 +729,6 @@ export class EndpointAccess { } } - /** * Restrict public access to specific CIDR blocks. * If public access is disabled, this method will result in an error. diff --git a/packages/aws-cdk-lib/aws-eks/lib/managed-nodegroup.ts b/packages/aws-cdk-lib/aws-eks/lib/managed-nodegroup.ts index 4d675795505fe..70b279d822607 100644 --- a/packages/aws-cdk-lib/aws-eks/lib/managed-nodegroup.ts +++ b/packages/aws-cdk-lib/aws-eks/lib/managed-nodegroup.ts @@ -493,7 +493,6 @@ const windowsAmiTypes: NodegroupAmiType[] = [NodegroupAmiType.WINDOWS_CORE_2019_ NodegroupAmiType.WINDOWS_FULL_2022_X86_64]; const gpuAmiTypes: NodegroupAmiType[] = [NodegroupAmiType.AL2_X86_64_GPU]; - /** * This function check if the instanceType is GPU instance. * @param instanceType The EC2 instance type diff --git a/packages/aws-cdk-lib/aws-elasticloadbalancingv2/lib/alb/application-target-group.ts b/packages/aws-cdk-lib/aws-elasticloadbalancingv2/lib/alb/application-target-group.ts index 253c29ad4b129..85ee5a2146c88 100644 --- a/packages/aws-cdk-lib/aws-elasticloadbalancingv2/lib/alb/application-target-group.ts +++ b/packages/aws-cdk-lib/aws-elasticloadbalancingv2/lib/alb/application-target-group.ts @@ -108,7 +108,6 @@ export interface IApplicationTargetGroupMetrics { */ custom(metricName: string, props?: cloudwatch.MetricOptions): cloudwatch.Metric; - /** * The number of IPv6 requests received by the target group * @@ -181,7 +180,6 @@ export interface IApplicationTargetGroupMetrics { targetTLSNegotiationErrorCount(props?: cloudwatch.MetricOptions): cloudwatch.Metric; } - /** * The metrics for a Application Load Balancer. */ @@ -208,7 +206,6 @@ class ApplicationTargetGroupMetrics implements IApplicationTargetGroupMetrics { }).attachTo(this.scope); } - public ipv6RequestCount(props?: cloudwatch.MetricOptions) { return this.cannedMetric(ApplicationELBMetrics.iPv6RequestCountSum, props); } diff --git a/packages/aws-cdk-lib/aws-elasticloadbalancingv2/lib/nlb/network-listener.ts b/packages/aws-cdk-lib/aws-elasticloadbalancingv2/lib/nlb/network-listener.ts index d15f730ed8851..191a9251d4ff9 100644 --- a/packages/aws-cdk-lib/aws-elasticloadbalancingv2/lib/nlb/network-listener.ts +++ b/packages/aws-cdk-lib/aws-elasticloadbalancingv2/lib/nlb/network-listener.ts @@ -67,7 +67,6 @@ export interface BaseNetworkListenerProps { */ readonly sslPolicy?: SslPolicy; - /** * Application-Layer Protocol Negotiation (ALPN) is a TLS extension that is sent on the initial TLS handshake hello messages. * ALPN enables the application layer to negotiate which protocols should be used over a secure connection, such as HTTP/1 and HTTP/2. diff --git a/packages/aws-cdk-lib/aws-elasticloadbalancingv2/test/alb/load-balancer.test.ts b/packages/aws-cdk-lib/aws-elasticloadbalancingv2/test/alb/load-balancer.test.ts index 08732ba83ce77..4035d0a7d5105 100644 --- a/packages/aws-cdk-lib/aws-elasticloadbalancingv2/test/alb/load-balancer.test.ts +++ b/packages/aws-cdk-lib/aws-elasticloadbalancingv2/test/alb/load-balancer.test.ts @@ -5,7 +5,6 @@ import * as s3 from '../../../aws-s3'; import * as cdk from '../../../core'; import * as elbv2 from '../../lib'; - describe('tests', () => { test('Trivial construction: internet facing', () => { // GIVEN diff --git a/packages/aws-cdk-lib/aws-elasticloadbalancingv2/test/nlb/listener.test.ts b/packages/aws-cdk-lib/aws-elasticloadbalancingv2/test/nlb/listener.test.ts index b9a5a3a4b2875..cc45b21d129d2 100644 --- a/packages/aws-cdk-lib/aws-elasticloadbalancingv2/test/nlb/listener.test.ts +++ b/packages/aws-cdk-lib/aws-elasticloadbalancingv2/test/nlb/listener.test.ts @@ -461,7 +461,6 @@ describe('tests', () => { importedCertificate(stack, 'cert2'), ]); - // THEN Template.fromStack(stack).hasResourceProperties('AWS::ElasticLoadBalancingV2::Listener', { Protocol: 'TLS', diff --git a/packages/aws-cdk-lib/aws-elasticsearch/lib/domain.ts b/packages/aws-cdk-lib/aws-elasticsearch/lib/domain.ts index 3080bfeea5d34..34f6defd52d9b 100644 --- a/packages/aws-cdk-lib/aws-elasticsearch/lib/domain.ts +++ b/packages/aws-cdk-lib/aws-elasticsearch/lib/domain.ts @@ -15,7 +15,6 @@ import * as route53 from '../../aws-route53'; import * as secretsmanager from '../../aws-secretsmanager'; import * as cdk from '../../core'; - /** * Elasticsearch version */ @@ -943,7 +942,6 @@ export interface IDomain extends cdk.IResource { metricIndexingLatency(props?: MetricOptions): Metric; } - /** * A new or imported domain. */ @@ -1327,7 +1325,6 @@ abstract class DomainBase extends cdk.Resource implements IDomain { } - /** * Reference to an Elasticsearch domain. * @@ -1349,7 +1346,6 @@ export interface DomainAttributes { readonly domainEndpoint: string; } - /** * Provides an Elasticsearch domain. * @@ -1459,7 +1455,6 @@ export class Domain extends DomainBase implements IDomain, ec2.IConnectable { */ public readonly masterUserPassword?: cdk.SecretValue; - private readonly domain: CfnDomain; private accessPolicy?: ElasticsearchAccessPolicy @@ -1497,7 +1492,6 @@ export class Domain extends DomainBase implements IDomain, ec2.IConnectable { props.zoneAwareness?.enabled ?? props.zoneAwareness?.availabilityZoneCount != null; - let securityGroups: ec2.ISecurityGroup[] | undefined; let subnets: ec2.ISubnet[] | undefined; diff --git a/packages/aws-cdk-lib/aws-elasticsearch/test/domain.test.ts b/packages/aws-cdk-lib/aws-elasticsearch/test/domain.test.ts index 451ae9f564961..5880d269c0c07 100644 --- a/packages/aws-cdk-lib/aws-elasticsearch/test/domain.test.ts +++ b/packages/aws-cdk-lib/aws-elasticsearch/test/domain.test.ts @@ -262,7 +262,6 @@ testDeprecated('can set a self-referencing custom policy', () => { }); }); - describe('UltraWarm instances', () => { testDeprecated('can enable UltraWarm instances', () => { diff --git a/packages/aws-cdk-lib/aws-events-targets/lib/kinesis-firehose-stream.ts b/packages/aws-cdk-lib/aws-events-targets/lib/kinesis-firehose-stream.ts index f5c6d64b9039b..182ad2b277943 100644 --- a/packages/aws-cdk-lib/aws-events-targets/lib/kinesis-firehose-stream.ts +++ b/packages/aws-cdk-lib/aws-events-targets/lib/kinesis-firehose-stream.ts @@ -17,7 +17,6 @@ export interface KinesisFirehoseStreamProps { readonly message?: events.RuleTargetInput; } - /** * Customize the Firehose Stream Event Target */ @@ -37,7 +36,6 @@ export class KinesisFirehoseStream implements events.IRuleTarget { resources: [this.stream.attrArn], })); - return { arn: this.stream.attrArn, role, diff --git a/packages/aws-cdk-lib/aws-events-targets/lib/util.ts b/packages/aws-cdk-lib/aws-events-targets/lib/util.ts index 5e3e74a8b1ef3..c42e8942df31c 100644 --- a/packages/aws-cdk-lib/aws-events-targets/lib/util.ts +++ b/packages/aws-cdk-lib/aws-events-targets/lib/util.ts @@ -60,7 +60,6 @@ export function bindBaseTargetConfig(props: TargetBaseProps) { }; } - /** * Obtain the Role for the EventBridge event * @@ -138,7 +137,6 @@ export function addToDeadLetterQueueResourcePolicy(rule: events.IRule, queue: sq } } - /** * Whether two string probably contain the same environment dimension (region or account) * diff --git a/packages/aws-cdk-lib/aws-events-targets/test/api-destination/api-destination.test.ts b/packages/aws-cdk-lib/aws-events-targets/test/api-destination/api-destination.test.ts index 04a8e08de3c4f..16afc7c49acea 100644 --- a/packages/aws-cdk-lib/aws-events-targets/test/api-destination/api-destination.test.ts +++ b/packages/aws-cdk-lib/aws-events-targets/test/api-destination/api-destination.test.ts @@ -4,7 +4,6 @@ import * as iam from '../../../aws-iam'; import { Duration, SecretValue, Stack } from '../../../core'; import * as targets from '../../lib'; - describe('with basic auth connection', () => { let stack: Stack; let connection: events.Connection; diff --git a/packages/aws-cdk-lib/aws-events-targets/test/lambda/lambda.test.ts b/packages/aws-cdk-lib/aws-events-targets/test/lambda/lambda.test.ts index ec010011ba9b0..31eabbba22b9b 100644 --- a/packages/aws-cdk-lib/aws-events-targets/test/lambda/lambda.test.ts +++ b/packages/aws-cdk-lib/aws-events-targets/test/lambda/lambda.test.ts @@ -257,7 +257,6 @@ test('throw an error when using a Dead Letter Queue for the rule target in a dif schedule: events.Schedule.rate(cdk.Duration.minutes(1)), }); - expect(() => { rule.addTarget(new targets.LambdaFunction(fn, { deadLetterQueue: queue, @@ -330,7 +329,6 @@ test('must display a warning when using a Dead Letter Queue from another account })); }); - test('specifying retry policy', () => { // GIVEN const app = new cdk.App(); diff --git a/packages/aws-cdk-lib/aws-events-targets/test/logs/log-group.test.ts b/packages/aws-cdk-lib/aws-events-targets/test/logs/log-group.test.ts index b1b8ba789fedf..37021be8db1c8 100644 --- a/packages/aws-cdk-lib/aws-events-targets/test/logs/log-group.test.ts +++ b/packages/aws-cdk-lib/aws-events-targets/test/logs/log-group.test.ts @@ -73,7 +73,6 @@ testDeprecated('use log group as an event rule target with rule target input', ( }), })); - // THEN expect(() => { app.synth(); diff --git a/packages/aws-cdk-lib/aws-events-targets/test/sqs/sqs.test.ts b/packages/aws-cdk-lib/aws-events-targets/test/sqs/sqs.test.ts index c59ae2ae57d7c..3c979d1b0fe49 100644 --- a/packages/aws-cdk-lib/aws-events-targets/test/sqs/sqs.test.ts +++ b/packages/aws-cdk-lib/aws-events-targets/test/sqs/sqs.test.ts @@ -168,7 +168,6 @@ test('Encrypted queues result in a policy statement with aws:sourceAccount condi encryptionMasterKey: kms.Key.fromKeyArn(queueStack, 'key', 'arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab'), }); - // WHEN rule.addTarget(new targets.SqsQueue(queue)); diff --git a/packages/aws-cdk-lib/aws-events/lib/archive.ts b/packages/aws-cdk-lib/aws-events/lib/archive.ts index 005b667eaf1e8..bbdababa38f87 100644 --- a/packages/aws-cdk-lib/aws-events/lib/archive.ts +++ b/packages/aws-cdk-lib/aws-events/lib/archive.ts @@ -32,7 +32,6 @@ export interface BaseArchiveProps { readonly retention?: Duration; } - /** * The event archive properties */ diff --git a/packages/aws-cdk-lib/aws-events/lib/event-pattern.ts b/packages/aws-cdk-lib/aws-events/lib/event-pattern.ts index 1842f74fda608..93076c7b51726 100644 --- a/packages/aws-cdk-lib/aws-events/lib/event-pattern.ts +++ b/packages/aws-cdk-lib/aws-events/lib/event-pattern.ts @@ -231,7 +231,6 @@ export class Match implements IResolvable { } } - /** * Events in Amazon CloudWatch Events are represented as JSON objects. For more * information about JSON objects, see RFC 7159. diff --git a/packages/aws-cdk-lib/aws-events/lib/rule.ts b/packages/aws-cdk-lib/aws-events/lib/rule.ts index a228ee6ecbbe5..4b4c60f7a3517 100644 --- a/packages/aws-cdk-lib/aws-events/lib/rule.ts +++ b/packages/aws-cdk-lib/aws-events/lib/rule.ts @@ -439,7 +439,6 @@ export class Rule extends Resource implements IRule { return role; } - /** * Whether two string probably contain the same environment dimension (region or account) * diff --git a/packages/aws-cdk-lib/aws-events/test/api-destination.test.ts b/packages/aws-cdk-lib/aws-events/test/api-destination.test.ts index 71b70d30130f0..8bdbe396c5a04 100644 --- a/packages/aws-cdk-lib/aws-events/test/api-destination.test.ts +++ b/packages/aws-cdk-lib/aws-events/test/api-destination.test.ts @@ -2,7 +2,6 @@ import { Template } from '../../assertions'; import { Stack, SecretValue } from '../../core'; import * as events from '../lib'; - test('creates an api destination for an EventBus', () => { // GIVEN const stack = new Stack(); diff --git a/packages/aws-cdk-lib/aws-events/test/event-bus.test.ts b/packages/aws-cdk-lib/aws-events/test/event-bus.test.ts index f657aa6cf0565..70ab0fa14e71d 100644 --- a/packages/aws-cdk-lib/aws-events/test/event-bus.test.ts +++ b/packages/aws-cdk-lib/aws-events/test/event-bus.test.ts @@ -586,7 +586,6 @@ describe('event bus', () => { const stack = new Stack(app, 'Stack'); const bus = new EventBus(stack, 'Bus'); - const statement = new iam.PolicyStatement({ effect: Effect.ALLOW, principals: [new iam.ArnPrincipal('arn')], diff --git a/packages/aws-cdk-lib/aws-globalaccelerator/test/globalaccelerator.test.ts b/packages/aws-cdk-lib/aws-globalaccelerator/test/globalaccelerator.test.ts index e06a60a1ae8f7..8ab34df895e7e 100644 --- a/packages/aws-cdk-lib/aws-globalaccelerator/test/globalaccelerator.test.ts +++ b/packages/aws-cdk-lib/aws-globalaccelerator/test/globalaccelerator.test.ts @@ -189,7 +189,6 @@ test('addEndpoint', () => { ], }); - listener.addEndpointGroup('Group', { endpoints: [ new ga.RawEndpoint({ diff --git a/packages/aws-cdk-lib/aws-iam/lib/private/merge-statements.ts b/packages/aws-cdk-lib/aws-iam/lib/private/merge-statements.ts index 03ba1059afec2..ee7249017a1c3 100644 --- a/packages/aws-cdk-lib/aws-iam/lib/private/merge-statements.ts +++ b/packages/aws-cdk-lib/aws-iam/lib/private/merge-statements.ts @@ -9,7 +9,6 @@ import { PolicyStatement, EstimateSizeOptions, deriveEstimateSizeOptions } from import { IPrincipal } from '../principals'; import { LITERAL_STRING_KEY } from '../util'; - /* * Don't produce any merged statements larger than this. * diff --git a/packages/aws-cdk-lib/aws-iam/lib/private/postprocess-policy-document.ts b/packages/aws-cdk-lib/aws-iam/lib/private/postprocess-policy-document.ts index b91e375450493..acddeb6005093 100644 --- a/packages/aws-cdk-lib/aws-iam/lib/private/postprocess-policy-document.ts +++ b/packages/aws-cdk-lib/aws-iam/lib/private/postprocess-policy-document.ts @@ -72,7 +72,6 @@ export interface StatementSchema { Condition?: unknown; } - export function normalizeStatement(s: StatementSchema) { return noUndef({ Action: _norm(s.Action, { unique: true }), diff --git a/packages/aws-cdk-lib/aws-iam/lib/role.ts b/packages/aws-cdk-lib/aws-iam/lib/role.ts index d039deda413a0..0e7d451341eda 100644 --- a/packages/aws-cdk-lib/aws-iam/lib/role.ts +++ b/packages/aws-cdk-lib/aws-iam/lib/role.ts @@ -293,7 +293,6 @@ export class Role extends Resource implements IRole { ...options, }); - // we only return an immutable Role if both accounts were explicitly provided, and different return options.mutable !== false && equalOrAnyUnresolved ? importedRole @@ -307,7 +306,6 @@ export class Role extends Resource implements IRole { return x !== null && typeof(x) === 'object' && IAM_ROLE_SYMBOL in x; } - /** * Import an external role by name. * diff --git a/packages/aws-cdk-lib/aws-iam/test/managed-policy.test.ts b/packages/aws-cdk-lib/aws-iam/test/managed-policy.test.ts index 6e2837d270b2b..e9d3f5891dab2 100644 --- a/packages/aws-cdk-lib/aws-iam/test/managed-policy.test.ts +++ b/packages/aws-cdk-lib/aws-iam/test/managed-policy.test.ts @@ -569,7 +569,6 @@ describe('managed policy', () => { expect(() => app.synth()).toThrow(/A PolicyStatement used in an identity-based policy must specify at least one resource/); }); - test('fails if policy document specifies principals', () => { new ManagedPolicy(stack, 'MyManagedPolicy', { statements: [ diff --git a/packages/aws-cdk-lib/aws-iam/test/precreated-role.test.ts b/packages/aws-cdk-lib/aws-iam/test/precreated-role.test.ts index b07c115a9b2fd..b173a63e55c04 100644 --- a/packages/aws-cdk-lib/aws-iam/test/precreated-role.test.ts +++ b/packages/aws-cdk-lib/aws-iam/test/precreated-role.test.ts @@ -266,7 +266,6 @@ describe('precreatedRole report created', () => { })], }); - // THEN const assembly = otherApp.synth(); const filePath = path.join(assembly.directory, 'iam-policy-report'); diff --git a/packages/aws-cdk-lib/aws-kinesis/test/stream.test.ts b/packages/aws-cdk-lib/aws-kinesis/test/stream.test.ts index 3cef41d9874bb..8b3198e83f033 100644 --- a/packages/aws-cdk-lib/aws-kinesis/test/stream.test.ts +++ b/packages/aws-cdk-lib/aws-kinesis/test/stream.test.ts @@ -1008,7 +1008,6 @@ describe('Kinesis data streams', () => { 'Fn::Or': [ { - 'Fn::Equals': [ { Ref: 'AWS::Region', diff --git a/packages/aws-cdk-lib/aws-kms/test/key.test.ts b/packages/aws-cdk-lib/aws-kms/test/key.test.ts index e2272278702cb..db5d5e39c69db 100644 --- a/packages/aws-cdk-lib/aws-kms/test/key.test.ts +++ b/packages/aws-cdk-lib/aws-kms/test/key.test.ts @@ -1209,7 +1209,6 @@ describe('SM2', () => { }); }); - function generateInvalidKeySpecKeyUsageCombinations() { // Copied from Key class const denyLists = { diff --git a/packages/aws-cdk-lib/aws-lambda-event-sources/test/api.test.ts b/packages/aws-cdk-lib/aws-lambda-event-sources/test/api.test.ts index b6479f8fcc3b3..8d9f57704dd04 100644 --- a/packages/aws-cdk-lib/aws-lambda-event-sources/test/api.test.ts +++ b/packages/aws-cdk-lib/aws-lambda-event-sources/test/api.test.ts @@ -27,7 +27,6 @@ describe('ApiEventSource', () => { ResourceId: { Ref: 'MyFuncApiEventSourceA7A86A4FfooCA6F87E4' }, }); - }); test('disjoint routes', () => { @@ -64,7 +63,6 @@ describe('ApiEventSource', () => { ResourceId: { Ref: 'MyFuncApiEventSourceA7A86A4FbarDFB0F21B' }, }); - }); test('tree of routes', () => { @@ -102,6 +100,5 @@ describe('ApiEventSource', () => { ResourceId: { Ref: 'MyFuncApiEventSourceA7A86A4Ffoobar028FFFDE' }, }); - }); }); diff --git a/packages/aws-cdk-lib/aws-lambda-event-sources/test/dynamo.test.ts b/packages/aws-cdk-lib/aws-lambda-event-sources/test/dynamo.test.ts index d022717094425..2488202ba37bb 100644 --- a/packages/aws-cdk-lib/aws-lambda-event-sources/test/dynamo.test.ts +++ b/packages/aws-cdk-lib/aws-lambda-event-sources/test/dynamo.test.ts @@ -72,7 +72,6 @@ describe('DynamoEventSource', () => { 'StartingPosition': 'TRIM_HORIZON', }); - }); test('specific tumblingWindow', () => { @@ -99,7 +98,6 @@ describe('DynamoEventSource', () => { TumblingWindowInSeconds: 60, }); - }); test('specific batch size', () => { @@ -135,7 +133,6 @@ describe('DynamoEventSource', () => { 'StartingPosition': 'LATEST', }); - }); test('pass validation if batchsize is token', () => { @@ -178,7 +175,6 @@ describe('DynamoEventSource', () => { 'StartingPosition': 'LATEST', }); - }); test('fails if streaming not enabled on table', () => { @@ -198,7 +194,6 @@ describe('DynamoEventSource', () => { startingPosition: lambda.StartingPosition.LATEST, }))).toThrow(/DynamoDB Streams must be enabled on the table Default\/T/); - }); test('fails if batch size < 1', () => { @@ -219,7 +214,6 @@ describe('DynamoEventSource', () => { startingPosition: lambda.StartingPosition.LATEST, }))).toThrow(/Maximum batch size must be between 1 and 10000 inclusive \(given 0\)/); - }); test('fails if batch size > 10000', () => { @@ -240,7 +234,6 @@ describe('DynamoEventSource', () => { startingPosition: lambda.StartingPosition.LATEST, }))).toThrow(/Maximum batch size must be between 1 and 10000 inclusive \(given 10001\)/); - }); test('adding filter criteria', () => { @@ -327,7 +320,6 @@ describe('DynamoEventSource', () => { 'StartingPosition': 'LATEST', }); - }); test('throws if maxBatchingWindow > 300 seconds', () => { @@ -349,7 +341,6 @@ describe('DynamoEventSource', () => { startingPosition: lambda.StartingPosition.LATEST, }))).toThrow(/maxBatchingWindow cannot be over 300 seconds/); - }); test('contains eventSourceMappingId after lambda binding', () => { @@ -469,7 +460,6 @@ describe('DynamoEventSource', () => { 'StartingPosition': 'LATEST', }); - }); test('fails if retryAttempts < 0', () => { @@ -491,7 +481,6 @@ describe('DynamoEventSource', () => { startingPosition: lambda.StartingPosition.LATEST, }))).toThrow(/retryAttempts must be between 0 and 10000 inclusive, got -1/); - }); test('fails if retryAttempts > 10000', () => { @@ -513,7 +502,6 @@ describe('DynamoEventSource', () => { startingPosition: lambda.StartingPosition.LATEST, }))).toThrow(/retryAttempts must be between 0 and 10000 inclusive, got 10001/); - }); test('specific bisectBatchOnFunctionError', () => { @@ -549,7 +537,6 @@ describe('DynamoEventSource', () => { 'StartingPosition': 'LATEST', }); - }); test('specific parallelizationFactor', () => { @@ -585,7 +572,6 @@ describe('DynamoEventSource', () => { 'StartingPosition': 'LATEST', }); - }); test('fails if parallelizationFactor < 1', () => { @@ -607,7 +593,6 @@ describe('DynamoEventSource', () => { startingPosition: lambda.StartingPosition.LATEST, }))).toThrow(/parallelizationFactor must be between 1 and 10 inclusive, got 0/); - }); test('fails if parallelizationFactor > 10', () => { @@ -629,7 +614,6 @@ describe('DynamoEventSource', () => { startingPosition: lambda.StartingPosition.LATEST, }))).toThrow(/parallelizationFactor must be between 1 and 10 inclusive, got 11/); - }); test('specific maxRecordAge', () => { @@ -665,7 +649,6 @@ describe('DynamoEventSource', () => { 'StartingPosition': 'LATEST', }); - }); test('fails if maxRecordAge < 60 seconds', () => { @@ -687,7 +670,6 @@ describe('DynamoEventSource', () => { startingPosition: lambda.StartingPosition.LATEST, }))).toThrow(/maxRecordAge must be between 60 seconds and 7 days inclusive/); - }); test('fails if maxRecordAge > 7 days', () => { @@ -709,7 +691,6 @@ describe('DynamoEventSource', () => { startingPosition: lambda.StartingPosition.LATEST, }))).toThrow(/maxRecordAge must be between 60 seconds and 7 days inclusive/); - }); test('specific destinationConfig', () => { @@ -756,7 +737,6 @@ describe('DynamoEventSource', () => { 'StartingPosition': 'LATEST', }); - }); test('specific functionResponseTypes', () => { @@ -792,7 +772,6 @@ describe('DynamoEventSource', () => { 'FunctionResponseTypes': ['ReportBatchItemFailures'], }); - }); test('event source disabled', () => { @@ -818,6 +797,5 @@ describe('DynamoEventSource', () => { 'Enabled': false, }); - }); }); diff --git a/packages/aws-cdk-lib/aws-lambda-event-sources/test/kafka.test.ts b/packages/aws-cdk-lib/aws-lambda-event-sources/test/kafka.test.ts index 12f896c00c3fb..1e3f8db271b02 100644 --- a/packages/aws-cdk-lib/aws-lambda-event-sources/test/kafka.test.ts +++ b/packages/aws-cdk-lib/aws-lambda-event-sources/test/kafka.test.ts @@ -59,7 +59,6 @@ describe('KafkaEventSource', () => { ], }); - }); test('with secret', () => { // GIVEN @@ -132,7 +131,6 @@ describe('KafkaEventSource', () => { ], }); - }); }); @@ -203,7 +201,6 @@ describe('KafkaEventSource', () => { ], }); - }); test('without vpc, secret must be set', () => { const stack = new cdk.Stack(); @@ -220,7 +217,6 @@ describe('KafkaEventSource', () => { })); }).toThrow(/secret must be set/); - }); describe('vpc', () => { @@ -280,7 +276,6 @@ describe('KafkaEventSource', () => { ], }); - }); test('with secret', () => { // GIVEN @@ -369,7 +364,6 @@ describe('KafkaEventSource', () => { ], }); - }); test('setting vpc requires vpcSubnets to be set', () => { const stack = new cdk.Stack(); @@ -392,7 +386,6 @@ describe('KafkaEventSource', () => { })); }).toThrow(/vpcSubnets must be set/); - }); test('setting vpc requires securityGroup to be set', () => { @@ -415,7 +408,6 @@ describe('KafkaEventSource', () => { })); }).toThrow(/securityGroup must be set/); - }); }); @@ -670,7 +662,6 @@ describe('KafkaEventSource', () => { const kafkaTopic = 'some-topic'; const consumerGroupId = 'my-consumer-group-id'; - const mskEventMapping = new sources.ManagedKafkaEventSource( { clusterArn, diff --git a/packages/aws-cdk-lib/aws-lambda-event-sources/test/kinesis.test.ts b/packages/aws-cdk-lib/aws-lambda-event-sources/test/kinesis.test.ts index 71b8c8da70e59..bd509bc530c19 100644 --- a/packages/aws-cdk-lib/aws-lambda-event-sources/test/kinesis.test.ts +++ b/packages/aws-cdk-lib/aws-lambda-event-sources/test/kinesis.test.ts @@ -75,7 +75,6 @@ describe('KinesisEventSource', () => { 'StartingPosition': 'TRIM_HORIZON', }); - }); test('specific tumblingWindowInSeconds', () => { @@ -107,7 +106,6 @@ describe('KinesisEventSource', () => { 'TumblingWindowInSeconds': 60, }); - }); test('specific batch size', () => { @@ -137,7 +135,6 @@ describe('KinesisEventSource', () => { 'StartingPosition': 'LATEST', }); - }); test('fails if batch size < 1', () => { @@ -152,7 +149,6 @@ describe('KinesisEventSource', () => { startingPosition: lambda.StartingPosition.LATEST, }))).toThrow(/Maximum batch size must be between 1 and 10000 inclusive \(given 0\)/); - }); test('fails if batch size > 10000', () => { @@ -167,7 +163,6 @@ describe('KinesisEventSource', () => { startingPosition: lambda.StartingPosition.LATEST, }))).toThrow(/Maximum batch size must be between 1 and 10000 inclusive \(given 10001\)/); - }); test('accepts if batch size is a token', () => { @@ -182,7 +177,6 @@ describe('KinesisEventSource', () => { startingPosition: lambda.StartingPosition.LATEST, })); - }); test('specific maxBatchingWindow', () => { @@ -212,7 +206,6 @@ describe('KinesisEventSource', () => { 'StartingPosition': 'LATEST', }); - }); test('contains eventSourceMappingId after lambda binding', () => { diff --git a/packages/aws-cdk-lib/aws-lambda-event-sources/test/sns.test.ts b/packages/aws-cdk-lib/aws-lambda-event-sources/test/sns.test.ts index 430d4a336aa35..28e8a48119e86 100644 --- a/packages/aws-cdk-lib/aws-lambda-event-sources/test/sns.test.ts +++ b/packages/aws-cdk-lib/aws-lambda-event-sources/test/sns.test.ts @@ -45,7 +45,6 @@ describe('SNSEventSource', () => { }, }); - }); test('props are passed to subscription', () => { @@ -108,6 +107,5 @@ describe('SNSEventSource', () => { }, }); - }); }); diff --git a/packages/aws-cdk-lib/aws-lambda-event-sources/test/sqs.test.ts b/packages/aws-cdk-lib/aws-lambda-event-sources/test/sqs.test.ts index f03445287bf4a..48e09e24bbf8b 100644 --- a/packages/aws-cdk-lib/aws-lambda-event-sources/test/sqs.test.ts +++ b/packages/aws-cdk-lib/aws-lambda-event-sources/test/sqs.test.ts @@ -56,7 +56,6 @@ describe('SQSEventSource', () => { }, }); - }); test('specific batch size', () => { @@ -84,7 +83,6 @@ describe('SQSEventSource', () => { 'BatchSize': 5, }); - }); test('unresolved batch size', () => { @@ -108,7 +106,6 @@ describe('SQSEventSource', () => { 'BatchSize': 500, }); - }); test('fails if batch size is < 1', () => { @@ -122,7 +119,6 @@ describe('SQSEventSource', () => { batchSize: 0, }))).toThrow(/Maximum batch size must be between 1 and 10 inclusive \(given 0\) when batching window is not specified\./); - }); test('fails if batch size is > 10', () => { @@ -136,7 +132,6 @@ describe('SQSEventSource', () => { batchSize: 11, }))).toThrow(/Maximum batch size must be between 1 and 10 inclusive \(given 11\) when batching window is not specified\./); - }); test('batch size is > 10 and batch window is defined', () => { @@ -157,7 +152,6 @@ describe('SQSEventSource', () => { 'MaximumBatchingWindowInSeconds': 300, }); - }); test('fails if batch size is > 10000 and batch window is defined', () => { @@ -172,7 +166,6 @@ describe('SQSEventSource', () => { maxBatchingWindow: cdk.Duration.minutes(5), }))).toThrow(/Maximum batch size must be between 1 and 10000 inclusive/i); - }); test('specific batch window', () => { @@ -191,7 +184,6 @@ describe('SQSEventSource', () => { 'MaximumBatchingWindowInSeconds': 300, }); - }); test('fails if batch window defined for FIFO queue', () => { @@ -207,7 +199,6 @@ describe('SQSEventSource', () => { maxBatchingWindow: cdk.Duration.minutes(5), }))).toThrow(/Batching window is not supported for FIFO queues/); - }); test('fails if batch window is > 5', () => { @@ -221,7 +212,6 @@ describe('SQSEventSource', () => { maxBatchingWindow: cdk.Duration.minutes(7), }))).toThrow(/Maximum batching window must be 300 seconds or less/i); - }); test('contains eventSourceMappingId after lambda binding', () => { @@ -292,7 +282,6 @@ describe('SQSEventSource', () => { 'Enabled': false, }); - }); test('reportBatchItemFailures', () => { diff --git a/packages/aws-cdk-lib/aws-lambda-nodejs/lib/types.ts b/packages/aws-cdk-lib/aws-lambda-nodejs/lib/types.ts index 726ea66b89ac7..c522d088edc24 100644 --- a/packages/aws-cdk-lib/aws-lambda-nodejs/lib/types.ts +++ b/packages/aws-cdk-lib/aws-lambda-nodejs/lib/types.ts @@ -382,7 +382,6 @@ export enum LogLevel { SILENT = 'silent', } - /** * SourceMap mode for esbuild * @see https://esbuild.github.io/api/#sourcemap diff --git a/packages/aws-cdk-lib/aws-lambda-nodejs/lib/util.ts b/packages/aws-cdk-lib/aws-lambda-nodejs/lib/util.ts index fafac54e9a60e..1923846c3ad19 100644 --- a/packages/aws-cdk-lib/aws-lambda-nodejs/lib/util.ts +++ b/packages/aws-cdk-lib/aws-lambda-nodejs/lib/util.ts @@ -192,7 +192,6 @@ export function getTsconfigCompilerOptions(tsconfigPath: string): string { return compilerOptionsString.trim(); } - function extractTsConfig(tsconfigPath: string, previousCompilerOptions?: Record): Record | undefined { // eslint-disable-next-line @typescript-eslint/no-require-imports const { extends: extendedConfig, compilerOptions } = require(tsconfigPath); diff --git a/packages/aws-cdk-lib/aws-lambda-nodejs/test/bundling.test.ts b/packages/aws-cdk-lib/aws-lambda-nodejs/test/bundling.test.ts index 875413dca4c1f..cf5ead0f917c0 100644 --- a/packages/aws-cdk-lib/aws-lambda-nodejs/test/bundling.test.ts +++ b/packages/aws-cdk-lib/aws-lambda-nodejs/test/bundling.test.ts @@ -10,7 +10,6 @@ import { PackageInstallation } from '../lib/package-installation'; import { Charset, LogLevel, OutputFormat, SourceMapMode } from '../lib/types'; import * as util from '../lib/util'; - let detectPackageInstallationMock: jest.SpyInstance; beforeEach(() => { jest.clearAllMocks(); @@ -501,7 +500,6 @@ test('Local bundling', () => { spawnSyncMock.mockRestore(); }); - test('Incorrect esbuild version', () => { detectPackageInstallationMock.mockReturnValueOnce({ isLocal: true, @@ -751,7 +749,6 @@ test('Custom bundling volumesFrom', () => { }); }); - test('Custom bundling workingDirectory', () => { Bundling.bundle({ entry, diff --git a/packages/aws-cdk-lib/aws-lambda-nodejs/test/function.test.ts b/packages/aws-cdk-lib/aws-lambda-nodejs/test/function.test.ts index ea93c393a74d8..982b090c039f0 100644 --- a/packages/aws-cdk-lib/aws-lambda-nodejs/test/function.test.ts +++ b/packages/aws-cdk-lib/aws-lambda-nodejs/test/function.test.ts @@ -91,7 +91,6 @@ test.skip('NodejsFunction with .mjs handler', () => { // WHEN new NodejsFunction(stack, 'handler3'); - // THEN expect(Bundling.bundle).toHaveBeenCalledWith(expect.objectContaining({ entry: expect.stringContaining('function.test.handler3.mjs'), // Automatically finds .mjs handler file diff --git a/packages/aws-cdk-lib/aws-lambda-nodejs/test/integ-handlers/ts-decorator-handler.ts b/packages/aws-cdk-lib/aws-lambda-nodejs/test/integ-handlers/ts-decorator-handler.ts index 99ca5ee8ceec1..3e31bfd38293f 100644 --- a/packages/aws-cdk-lib/aws-lambda-nodejs/test/integ-handlers/ts-decorator-handler.ts +++ b/packages/aws-cdk-lib/aws-lambda-nodejs/test/integ-handlers/ts-decorator-handler.ts @@ -16,7 +16,6 @@ class Greeter { } } - export async function handler(): Promise { const message = new Greeter('World').greet(); console.log(message); // eslint-disable-line no-console diff --git a/packages/aws-cdk-lib/aws-lambda/lib/event-source-mapping.ts b/packages/aws-cdk-lib/aws-lambda/lib/event-source-mapping.ts index e0c0d7c63c889..f166d27cf6d43 100644 --- a/packages/aws-cdk-lib/aws-lambda/lib/event-source-mapping.ts +++ b/packages/aws-cdk-lib/aws-lambda/lib/event-source-mapping.ts @@ -235,7 +235,6 @@ export interface EventSourceMappingOptions { */ readonly kafkaConsumerGroupId?: string - /** * Specific settings like the authentication protocol or the VPC components to secure access to your event source. * @see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-sourceaccessconfiguration.html diff --git a/packages/aws-cdk-lib/aws-lambda/lib/function.ts b/packages/aws-cdk-lib/aws-lambda/lib/function.ts index d8f3ee4cc245d..1018433fcfaac 100644 --- a/packages/aws-cdk-lib/aws-lambda/lib/function.ts +++ b/packages/aws-cdk-lib/aws-lambda/lib/function.ts @@ -1202,7 +1202,6 @@ Environment variables can be marked for removal when used in Lambda@Edge by sett return undefined; } - if (props.securityGroup && props.allowAllOutbound !== undefined) { throw new Error('Configure \'allowAllOutbound\' directly on the supplied SecurityGroup.'); } diff --git a/packages/aws-cdk-lib/aws-lambda/lib/lambda-insights.ts b/packages/aws-cdk-lib/aws-lambda/lib/lambda-insights.ts index 7b2e4151b311f..b61c3463cb3a6 100644 --- a/packages/aws-cdk-lib/aws-lambda/lib/lambda-insights.ts +++ b/packages/aws-cdk-lib/aws-lambda/lib/lambda-insights.ts @@ -4,7 +4,6 @@ import { IFunction } from './function-base'; import { Lazy, Stack, Token } from '../../core'; import { FactName, RegionInfo } from '../../region-info'; - /** * Config returned from `LambdaInsightsVersion._bind` */ diff --git a/packages/aws-cdk-lib/aws-lambda/lib/permission.ts b/packages/aws-cdk-lib/aws-lambda/lib/permission.ts index ea11c2d72953b..ecd6e066aa289 100644 --- a/packages/aws-cdk-lib/aws-lambda/lib/permission.ts +++ b/packages/aws-cdk-lib/aws-lambda/lib/permission.ts @@ -2,7 +2,6 @@ import { Construct } from 'constructs'; import { FunctionUrlAuthType } from './function-url'; import * as iam from '../../aws-iam'; - /** * Represents a permission statement that can be added to a Lambda function's * resource policy via the `addPermission()` method. diff --git a/packages/aws-cdk-lib/aws-lambda/lib/runtime.ts b/packages/aws-cdk-lib/aws-lambda/lib/runtime.ts index a4a900218ff40..e2e82571c1297 100644 --- a/packages/aws-cdk-lib/aws-lambda/lib/runtime.ts +++ b/packages/aws-cdk-lib/aws-lambda/lib/runtime.ts @@ -141,7 +141,6 @@ export class Runtime { supportsCodeGuruProfiling: true, }); - /** * The Java 8 runtime (java8) */ diff --git a/packages/aws-cdk-lib/aws-logs/lib/data-protection-policy.ts b/packages/aws-cdk-lib/aws-logs/lib/data-protection-policy.ts index c32a88e59e25c..bd8104bf7dec4 100644 --- a/packages/aws-cdk-lib/aws-logs/lib/data-protection-policy.ts +++ b/packages/aws-cdk-lib/aws-logs/lib/data-protection-policy.ts @@ -171,7 +171,6 @@ export interface DataProtectionPolicyProps { readonly deliveryStreamNameAuditDestination?: string; } - /** * A data protection identifier. If an identifier is supported but not in this class, it can be passed in the constructor instead. */ diff --git a/packages/aws-cdk-lib/aws-logs/lib/log-group.ts b/packages/aws-cdk-lib/aws-logs/lib/log-group.ts index 81a130f83d03a..268c719397f56 100644 --- a/packages/aws-cdk-lib/aws-logs/lib/log-group.ts +++ b/packages/aws-cdk-lib/aws-logs/lib/log-group.ts @@ -100,7 +100,6 @@ abstract class LogGroupBase extends Resource implements ILogGroup { */ public abstract readonly logGroupName: string; - private policy?: ResourcePolicy; /** diff --git a/packages/aws-cdk-lib/aws-logs/lib/query-definition.ts b/packages/aws-cdk-lib/aws-logs/lib/query-definition.ts index b29a3c8f1bcb0..502e2950c19a7 100644 --- a/packages/aws-cdk-lib/aws-logs/lib/query-definition.ts +++ b/packages/aws-cdk-lib/aws-logs/lib/query-definition.ts @@ -3,7 +3,6 @@ import { CfnQueryDefinition } from '.'; import { ILogGroup } from './log-group'; import { Resource } from '../../core'; - /** * Properties for a QueryString */ diff --git a/packages/aws-cdk-lib/aws-logs/test/log-retention-provider.test.ts b/packages/aws-cdk-lib/aws-logs/test/log-retention-provider.test.ts index fa85fc44ea292..45122faac781a 100644 --- a/packages/aws-cdk-lib/aws-logs/test/log-retention-provider.test.ts +++ b/packages/aws-cdk-lib/aws-logs/test/log-retention-provider.test.ts @@ -94,7 +94,6 @@ describe('log retention provider', () => { expect(request.isDone()).toEqual(true); - }); test('update event with new log retention', async () => { @@ -141,7 +140,6 @@ describe('log retention provider', () => { expect(request.isDone()).toEqual(true); - }); test('update event with log retention undefined', async () => { @@ -185,7 +183,6 @@ describe('log retention provider', () => { expect(request.isDone()).toEqual(true); - }); test('delete event', async () => { @@ -219,7 +216,6 @@ describe('log retention provider', () => { expect(request.isDone()).toEqual(true); - }); test('delete event with RemovalPolicy', async () => { @@ -260,7 +256,6 @@ describe('log retention provider', () => { expect(request.isDone()).toEqual(true); - }); test('responds with FAILED on error', async () => { @@ -284,7 +279,6 @@ describe('log retention provider', () => { expect(request.isDone()).toEqual(true); - }); test('succeeds when createLogGroup for provider log group returns OperationAbortedException twice', async () => { @@ -326,7 +320,6 @@ describe('log retention provider', () => { expect(request.isDone()).toEqual(true); - }); test('succeeds when createLogGroup for CDK lambda log group returns OperationAbortedException twice', async () => { @@ -368,7 +361,6 @@ describe('log retention provider', () => { expect(request.isDone()).toEqual(true); - }); test('fails when createLogGroup for CDK lambda log group fails with OperationAbortedException indefinitely', async () => { @@ -404,7 +396,6 @@ describe('log retention provider', () => { expect(request.isDone()).toEqual(true); - }); test('succeeds when putRetentionPolicy for provider log group returns OperationAbortedException twice', async () => { @@ -446,7 +437,6 @@ describe('log retention provider', () => { expect(request.isDone()).toEqual(true); - }); test('succeeds when putRetentionPolicy for CDK lambda log group returns OperationAbortedException twice', async () => { @@ -488,7 +478,6 @@ describe('log retention provider', () => { expect(request.isDone()).toEqual(true); - }); test('fails when putRetentionPolicy for CDK lambda log group fails with OperationAbortedException indefinitely', async () => { @@ -524,7 +513,6 @@ describe('log retention provider', () => { expect(request.isDone()).toEqual(true); - }); test('succeeds when deleteRetentionPolicy for provider log group returns OperationAbortedException twice', async () => { @@ -566,7 +554,6 @@ describe('log retention provider', () => { expect(request.isDone()).toEqual(true); - }); test('fails when deleteRetentionPolicy for provider log group fails with OperationAbortedException indefinitely', async () => { @@ -602,7 +589,6 @@ describe('log retention provider', () => { expect(request.isDone()).toEqual(true); - }); test('response data contains the log group name', async () => { @@ -634,7 +620,6 @@ describe('log retention provider', () => { await withOperation('Update'); await withOperation('Delete'); - }); test('custom log retention retry options', async () => { @@ -671,7 +656,6 @@ describe('log retention provider', () => { expect(request.isDone()).toEqual(true); - }); test('custom log retention region', async () => { @@ -701,7 +685,6 @@ describe('log retention provider', () => { expect(request.isDone()).toEqual(true); - }); }); diff --git a/packages/aws-cdk-lib/aws-opensearchservice/lib/domain.ts b/packages/aws-cdk-lib/aws-opensearchservice/lib/domain.ts index d7e4a6b5649fb..966998e40360b 100644 --- a/packages/aws-cdk-lib/aws-opensearchservice/lib/domain.ts +++ b/packages/aws-cdk-lib/aws-opensearchservice/lib/domain.ts @@ -16,7 +16,6 @@ import * as route53 from '../../aws-route53'; import * as secretsmanager from '../../aws-secretsmanager'; import * as cdk from '../../core'; - /** * Configures the capacity of the cluster such as the instance type and the * number of instances. @@ -726,7 +725,6 @@ export interface IDomain extends cdk.IResource { metricIndexingLatency(props?: MetricOptions): Metric; } - /** * A new or imported domain. */ @@ -1085,7 +1083,6 @@ abstract class DomainBase extends cdk.Resource implements IDomain { } - /** * Reference to an Amazon OpenSearch Service domain. */ @@ -1101,7 +1098,6 @@ export interface DomainAttributes { readonly domainEndpoint: string; } - /** * Provides an Amazon OpenSearch Service domain. */ @@ -1192,7 +1188,6 @@ export class Domain extends DomainBase implements IDomain, ec2.IConnectable { */ public readonly masterUserPassword?: cdk.SecretValue; - private readonly domain: CfnDomain; private accessPolicy?: OpenSearchAccessPolicy @@ -1231,7 +1226,6 @@ export class Domain extends DomainBase implements IDomain, ec2.IConnectable { props.zoneAwareness?.enabled ?? props.zoneAwareness?.availabilityZoneCount != null; - let securityGroups: ec2.ISecurityGroup[] | undefined; let subnets: ec2.ISubnet[] | undefined; @@ -1689,7 +1683,6 @@ export class Domain extends DomainBase implements IDomain, ec2.IConnectable { return this._connections; } - /** * Add policy statements to the domain access policy */ diff --git a/packages/aws-cdk-lib/aws-rds/lib/instance-engine.ts b/packages/aws-cdk-lib/aws-rds/lib/instance-engine.ts index dfa3b36fff9fd..695c976135460 100644 --- a/packages/aws-cdk-lib/aws-rds/lib/instance-engine.ts +++ b/packages/aws-cdk-lib/aws-rds/lib/instance-engine.ts @@ -375,7 +375,6 @@ export class MariaDbEngineVersion { /** Version "10.6.12". */ public static readonly VER_10_6_12 = MariaDbEngineVersion.of('10.6.12', '10.6'); - /** * Create a new MariaDbEngineVersion with an arbitrary version. * @@ -1768,7 +1767,6 @@ export class SqlServerEngineVersion { /** Version "15.00.4236.7.v1". */ public static readonly VER_15_00_4236_7_V1 = SqlServerEngineVersion.of('15.00.4236.7.v1', '15.00'); - /** * Create a new SqlServerEngineVersion with an arbitrary version. * diff --git a/packages/aws-cdk-lib/aws-rds/lib/serverless-cluster.ts b/packages/aws-cdk-lib/aws-rds/lib/serverless-cluster.ts index 1317f9454c8e8..ca2662b84e3ed 100644 --- a/packages/aws-cdk-lib/aws-rds/lib/serverless-cluster.ts +++ b/packages/aws-cdk-lib/aws-rds/lib/serverless-cluster.ts @@ -414,7 +414,6 @@ abstract class ServerlessClusterNew extends ServerlessClusterBase { const clusterParameterGroup = props.parameterGroup ?? clusterEngineBindConfig.parameterGroup; const clusterParameterGroupConfig = clusterParameterGroup?.bindToCluster({}); - const clusterIdentifier = FeatureFlags.of(this).isEnabled(cxapi.RDS_LOWERCASE_DB_IDENTIFIER) ? props.clusterIdentifier?.toLowerCase() : props.clusterIdentifier; diff --git a/packages/aws-cdk-lib/aws-rds/test/serverless-cluster.test.ts b/packages/aws-cdk-lib/aws-rds/test/serverless-cluster.test.ts index 0cc1566e93464..cae4e4a84b886 100644 --- a/packages/aws-cdk-lib/aws-rds/test/serverless-cluster.test.ts +++ b/packages/aws-cdk-lib/aws-rds/test/serverless-cluster.test.ts @@ -689,7 +689,6 @@ describe('serverless cluster', () => { }); const user = new iam.User(stack, 'User'); - // WHEN cluster.grantDataApiAccess(user); diff --git a/packages/aws-cdk-lib/aws-route53-targets/lib/global-accelerator-target.ts b/packages/aws-cdk-lib/aws-route53-targets/lib/global-accelerator-target.ts index 45161e5549b4b..8934035456f20 100644 --- a/packages/aws-cdk-lib/aws-route53-targets/lib/global-accelerator-target.ts +++ b/packages/aws-cdk-lib/aws-route53-targets/lib/global-accelerator-target.ts @@ -1,7 +1,6 @@ import * as globalaccelerator from '../../aws-globalaccelerator'; import * as route53 from '../../aws-route53'; - /** * Use a Global Accelerator domain name as an alias record target. */ diff --git a/packages/aws-cdk-lib/aws-route53-targets/test/elastic-beanstalk-environment-target.test.ts b/packages/aws-cdk-lib/aws-route53-targets/test/elastic-beanstalk-environment-target.test.ts index 52b5367e3d653..011658dd77e39 100644 --- a/packages/aws-cdk-lib/aws-route53-targets/test/elastic-beanstalk-environment-target.test.ts +++ b/packages/aws-cdk-lib/aws-route53-targets/test/elastic-beanstalk-environment-target.test.ts @@ -24,7 +24,6 @@ test('use EBS environment as record target', () => { }); }); - test('support 4-levels subdomain URLs for EBS environments', () => { // GIVEN const stack = new Stack(); diff --git a/packages/aws-cdk-lib/aws-s3-assets/test/asset.test.ts b/packages/aws-cdk-lib/aws-s3-assets/test/asset.test.ts index 4f9ec6f535e67..4aa70b59bf24d 100644 --- a/packages/aws-cdk-lib/aws-s3-assets/test/asset.test.ts +++ b/packages/aws-cdk-lib/aws-s3-assets/test/asset.test.ts @@ -300,7 +300,6 @@ test('nested assemblies share assets: default synth edition', () => { } }); - describe('staging', () => { test('copy file assets under /${fingerprint}.ext', () => { const tempdir = mkdtempSync(); diff --git a/packages/aws-cdk-lib/aws-s3-deployment/lib/bucket-deployment.ts b/packages/aws-cdk-lib/aws-s3-deployment/lib/bucket-deployment.ts index eb79ba01b458e..aff3e31af65e1 100644 --- a/packages/aws-cdk-lib/aws-s3-deployment/lib/bucket-deployment.ts +++ b/packages/aws-cdk-lib/aws-s3-deployment/lib/bucket-deployment.ts @@ -106,7 +106,6 @@ export interface BucketDeploymentProps { */ readonly distributionPaths?: string[]; - /** * The number of days that the lambda function's log events are kept in CloudWatch Logs. * diff --git a/packages/aws-cdk-lib/aws-s3/lib/bucket.ts b/packages/aws-cdk-lib/aws-s3/lib/bucket.ts index 761b18be57b82..9ed54f3c07311 100644 --- a/packages/aws-cdk-lib/aws-s3/lib/bucket.ts +++ b/packages/aws-cdk-lib/aws-s3/lib/bucket.ts @@ -371,7 +371,6 @@ export interface IBucket extends IResource { */ addObjectRemovedNotification(dest: IBucketNotificationDestination, ...filters: NotificationKeyFilter[]): void; - /** * Enables event bridge notification, causing all events below to be sent to EventBridge: * @@ -1306,7 +1305,6 @@ export interface IntelligentTieringConfiguration { */ readonly name: string; - /** * Add a filter to limit the scope of this configuration to a single prefix. * @@ -1589,7 +1587,6 @@ export interface BucketProps { readonly intelligentTieringConfigurations?: IntelligentTieringConfiguration[]; } - /** * Tag */ diff --git a/packages/aws-cdk-lib/aws-s3/test/bucket.test.ts b/packages/aws-cdk-lib/aws-s3/test/bucket.test.ts index c186ccc89a3ea..bf81401c0849c 100644 --- a/packages/aws-cdk-lib/aws-s3/test/bucket.test.ts +++ b/packages/aws-cdk-lib/aws-s3/test/bucket.test.ts @@ -1093,7 +1093,6 @@ describe('bucket', () => { expect(bucket.bucketWebsiteUrl).toEqual('http://mybucket.s3-website.cn-north-1.amazonaws.com.cn'); }); - testDeprecated('new bucketWebsiteUrl format with explicit bucketWebsiteNewUrlFormat', () => { const stack = new cdk.Stack(undefined, undefined, { env: { region: 'us-east-1' }, diff --git a/packages/aws-cdk-lib/aws-secretsmanager/test/secret-rotation.test.ts b/packages/aws-cdk-lib/aws-secretsmanager/test/secret-rotation.test.ts index 62c9ac980ccb4..074658d96b70d 100644 --- a/packages/aws-cdk-lib/aws-secretsmanager/test/secret-rotation.test.ts +++ b/packages/aws-cdk-lib/aws-secretsmanager/test/secret-rotation.test.ts @@ -19,7 +19,6 @@ beforeEach(() => { }); }); - test('secret rotation single user', () => { // GIVEN const excludeCharacters = ' ;+%{}' + '@\'"`/\\#'; // DMS and BASH problem chars @@ -350,7 +349,6 @@ test('rotation function name does not exceed 64 chars', () => { }); }); - test('with interface vpc endpoint', () => { // GIVEN const endpoint = new ec2.InterfaceVpcEndpoint(stack, 'SecretsManagerEndpoint', { diff --git a/packages/aws-cdk-lib/aws-servicediscovery/test/instance.test.ts b/packages/aws-cdk-lib/aws-servicediscovery/test/instance.test.ts index c9db253947495..dd122a9dba2dc 100644 --- a/packages/aws-cdk-lib/aws-servicediscovery/test/instance.test.ts +++ b/packages/aws-cdk-lib/aws-servicediscovery/test/instance.test.ts @@ -39,7 +39,6 @@ describe('instance', () => { InstanceId: 'MyNamespaceMyServiceIpInstanceBACEB9D2', }); - }); test('IpInstance for service in PublicDnsNamespace', () => { @@ -77,7 +76,6 @@ describe('instance', () => { InstanceId: 'MyNamespaceMyServiceIpInstanceBACEB9D2', }); - }); test('IpInstance for service in PrivateDnsNamespace', () => { @@ -117,7 +115,6 @@ describe('instance', () => { InstanceId: 'MyNamespaceMyServiceIpInstanceBACEB9D2', }); - }); test('Registering IpInstance throws when omitting port for a service using SRV', () => { @@ -140,7 +137,6 @@ describe('instance', () => { }); }).toThrow(/A `port` must be specified for a service using a `SRV` record./); - }); test('Registering IpInstance throws when omitting ipv4 and ipv6 for a service using SRV', () => { @@ -163,7 +159,6 @@ describe('instance', () => { }); }).toThrow(/At least `ipv4` or `ipv6` must be specified for a service using a `SRV` record./); - }); test('Registering IpInstance throws when omitting ipv4 for a service using A records', () => { @@ -186,7 +181,6 @@ describe('instance', () => { }); }).toThrow(/An `ipv4` must be specified for a service using a `A` record./); - }); test('Registering IpInstance throws when omitting ipv6 for a service using AAAA records', () => { @@ -209,7 +203,6 @@ describe('instance', () => { }); }).toThrow(/An `ipv6` must be specified for a service using a `AAAA` record./); - }); test('Registering IpInstance throws with wrong DNS record type', () => { @@ -232,7 +225,6 @@ describe('instance', () => { }); }).toThrow(/Service must support `A`, `AAAA` or `SRV` records to register this instance type./); - }); test('Registering AliasTargetInstance', () => { @@ -275,7 +267,6 @@ describe('instance', () => { InstanceId: 'MyNamespaceMyServiceLoadbalancerD1112A76', }); - }); test('Throws when registering AliasTargetInstance with Http Namespace', () => { @@ -298,7 +289,6 @@ describe('instance', () => { service.registerLoadBalancer('Loadbalancer', alb); }).toThrow(/Namespace associated with Service must be a DNS Namespace./); - }); // TODO shouldn't be allowed to do this if loadbalancer on ServiceProps is not set to true. @@ -322,7 +312,6 @@ describe('instance', () => { service.registerLoadBalancer('Loadbalancer', alb); }).toThrow(/Service must use `WEIGHTED` routing policy./); - }); test('Register CnameInstance', () => { @@ -357,7 +346,6 @@ describe('instance', () => { InstanceId: 'MyNamespaceMyServiceCnameInstance0EB1C98D', }); - }); test('Throws when registering CnameInstance for an HTTP namespace', () => { @@ -379,7 +367,6 @@ describe('instance', () => { }); }).toThrow(/Namespace associated with Service must be a DNS Namespace/); - }); test('Register NonIpInstance', () => { @@ -410,7 +397,6 @@ describe('instance', () => { InstanceId: 'MyNamespaceMyServiceNonIpInstance7EFD703A', }); - }); test('Register NonIpInstance, DNS Namespace, API Only service', () => { @@ -463,7 +449,6 @@ describe('instance', () => { }); }).toThrow(/This type of instance can only be registered for HTTP namespaces./); - }); test('Throws when no custom attribues specified for NonIpInstance', () => { @@ -483,7 +468,6 @@ describe('instance', () => { }); }).toThrow(/You must specify at least one custom attribute for this instance type./); - }); test('Throws when custom attribues are emptyfor NonIpInstance', () => { @@ -504,7 +488,6 @@ describe('instance', () => { }); }).toThrow(/You must specify at least one custom attribute for this instance type./); - }); test('Register multiple instances on the same service', () => { @@ -529,6 +512,5 @@ describe('instance', () => { // THEN Template.fromStack(stack).resourceCountIs('AWS::ServiceDiscovery::Instance', 2); - }); }); diff --git a/packages/aws-cdk-lib/aws-servicediscovery/test/namespace.test.ts b/packages/aws-cdk-lib/aws-servicediscovery/test/namespace.test.ts index af5fef6827318..f7f150b2ded12 100644 --- a/packages/aws-cdk-lib/aws-servicediscovery/test/namespace.test.ts +++ b/packages/aws-cdk-lib/aws-servicediscovery/test/namespace.test.ts @@ -23,7 +23,6 @@ describe('namespace', () => { }, }); - }); test('Public DNS namespace', () => { @@ -44,7 +43,6 @@ describe('namespace', () => { }, }); - }); test('Private DNS namespace', () => { @@ -63,7 +61,6 @@ describe('namespace', () => { }, }); - }); test('CloudFormation attributes', () => { diff --git a/packages/aws-cdk-lib/aws-servicediscovery/test/service.test.ts b/packages/aws-cdk-lib/aws-servicediscovery/test/service.test.ts index 7e41f99d86f39..b8a9ec1016496 100644 --- a/packages/aws-cdk-lib/aws-servicediscovery/test/service.test.ts +++ b/packages/aws-cdk-lib/aws-servicediscovery/test/service.test.ts @@ -49,7 +49,6 @@ describe('service', () => { }, }); - }); test('Service for HTTP namespace with health check', () => { @@ -99,7 +98,6 @@ describe('service', () => { }, }); - }); test('Service for Public DNS namespace', () => { @@ -161,7 +159,6 @@ describe('service', () => { }, }); - }); test('Service for Public DNS namespace with A and AAAA records', () => { @@ -218,7 +215,6 @@ describe('service', () => { }, }); - }); test('Defaults to WEIGHTED routing policy for CNAME', () => { @@ -271,7 +267,6 @@ describe('service', () => { }, }); - }); test('Throws when specifying both healthCheckConfig and healthCheckCustomConfig on PublicDnsNamespace', () => { @@ -294,7 +289,6 @@ describe('service', () => { }); }).toThrow(/`healthCheckConfig`.+`healthCheckCustomConfig`/); - }); test('Throws when specifying healthCheckConfig on PrivateDnsNamespace', () => { @@ -319,7 +313,6 @@ describe('service', () => { }); }).toThrow(/`healthCheckConfig`.+`healthCheckCustomConfig`/); - }); test('Throws when using CNAME and Multivalue routing policy', () => { @@ -339,7 +332,6 @@ describe('service', () => { }); }).toThrow(/Cannot use `CNAME` record when routing policy is `Multivalue`./); - }); test('Throws when specifying resourcePath with TCP', () => { @@ -361,7 +353,6 @@ describe('service', () => { }); }).toThrow(/`resourcePath`.+`TCP`/); - }); test('Throws when specifying loadbalancer with wrong DnsRecordType', () => { @@ -380,7 +371,6 @@ describe('service', () => { }); }).toThrow(/Must support `A` or `AAAA` records to register loadbalancers/); - }); test('Throws when specifying loadbalancer with Multivalue routing Policy', () => { @@ -399,7 +389,6 @@ describe('service', () => { }); }).toThrow(/Cannot register loadbalancers when routing policy is `Multivalue`./); - }); test('Throws when specifying discovery type of DNS within a HttpNamespace', () => { @@ -418,7 +407,6 @@ describe('service', () => { }); }).toThrow(/Cannot specify `discoveryType` of DNS_AND_API when using an HTTP namespace./); - }); test('Service for Private DNS namespace', () => { @@ -467,7 +455,6 @@ describe('service', () => { }, }); - }); test('Service for DNS namespace with API only discovery', () => { diff --git a/packages/aws-cdk-lib/aws-ses/test/receipt-filter.test.ts b/packages/aws-cdk-lib/aws-ses/test/receipt-filter.test.ts index 0d5a7492306fa..0adfeb9773d99 100644 --- a/packages/aws-cdk-lib/aws-ses/test/receipt-filter.test.ts +++ b/packages/aws-cdk-lib/aws-ses/test/receipt-filter.test.ts @@ -34,7 +34,6 @@ describe('receipt filter', () => { }, }); - }); test('can create an allow list filter', () => { @@ -88,6 +87,5 @@ describe('receipt filter', () => { }, }); - }); }); diff --git a/packages/aws-cdk-lib/aws-ses/test/receipt-rule-set.test.ts b/packages/aws-cdk-lib/aws-ses/test/receipt-rule-set.test.ts index 5a580020ec25d..8c9b10586d573 100644 --- a/packages/aws-cdk-lib/aws-ses/test/receipt-rule-set.test.ts +++ b/packages/aws-cdk-lib/aws-ses/test/receipt-rule-set.test.ts @@ -19,7 +19,6 @@ describe('receipt rule set', () => { RuleSetName: 'MyRuleSet', }); - }); test('can create a receipt rule set with drop spam', () => { @@ -54,7 +53,6 @@ describe('receipt rule set', () => { Template.fromStack(stack).resourceCountIs('AWS::Lambda::Function', 1); - }); test('drop spam rule should always appear first', () => { @@ -89,7 +87,6 @@ describe('receipt rule set', () => { Template.fromStack(stack).resourceCountIs('AWS::Lambda::Function', 1); - }); test('import receipt rule set', () => { @@ -116,6 +113,5 @@ describe('receipt rule set', () => { }, }); - }); }); diff --git a/packages/aws-cdk-lib/aws-ses/test/receipt-rule.test.ts b/packages/aws-cdk-lib/aws-ses/test/receipt-rule.test.ts index c2135efb07270..fd3c71fbfab45 100644 --- a/packages/aws-cdk-lib/aws-ses/test/receipt-rule.test.ts +++ b/packages/aws-cdk-lib/aws-ses/test/receipt-rule.test.ts @@ -66,7 +66,6 @@ describe('receipt rule', () => { }, }); - }); test('import receipt rule', () => { @@ -102,7 +101,6 @@ describe('receipt rule', () => { }, }); - }); test('can add actions in rule props', () => { @@ -140,7 +138,6 @@ describe('receipt rule', () => { }, }); - }); test('can add action with addAction', () => { @@ -175,6 +172,5 @@ describe('receipt rule', () => { }, }); - }); }); diff --git a/packages/aws-cdk-lib/aws-sns/test/sns.test.ts b/packages/aws-cdk-lib/aws-sns/test/sns.test.ts index aa14cdc2694b3..4acac2267bf31 100644 --- a/packages/aws-cdk-lib/aws-sns/test/sns.test.ts +++ b/packages/aws-cdk-lib/aws-sns/test/sns.test.ts @@ -28,7 +28,6 @@ describe('Topic', () => { 'TopicName': 'topicName', }); - }); test('specify displayName', () => { @@ -42,7 +41,6 @@ describe('Topic', () => { 'DisplayName': 'displayName', }); - }); test('specify kmsMasterKey', () => { @@ -57,7 +55,6 @@ describe('Topic', () => { 'KmsMasterKeyId': { 'Fn::GetAtt': ['CustomKey1E6D0D07', 'Arn'] }, }); - }); test('specify displayName and topicName', () => { @@ -73,7 +70,6 @@ describe('Topic', () => { 'TopicName': 'topicName', }); - }); test('Adds .fifo suffix when no topicName is passed', () => { @@ -103,7 +99,6 @@ describe('Topic', () => { 'TopicName': 'topicName.fifo', }); - }); test('specify fifo with .fifo suffix in topicName', () => { @@ -119,7 +114,6 @@ describe('Topic', () => { 'TopicName': 'topicName.fifo', }); - }); test('specify fifo without contentBasedDeduplication', () => { @@ -135,7 +129,6 @@ describe('Topic', () => { 'TopicName': 'topicName.fifo', }); - }); test('specify fifo with contentBasedDeduplication', () => { @@ -153,7 +146,6 @@ describe('Topic', () => { 'TopicName': 'topicName.fifo', }); - }); test('throw with contentBasedDeduplication on non-fifo topic', () => { @@ -163,7 +155,6 @@ describe('Topic', () => { contentBasedDeduplication: true, })).toThrow(/Content based deduplication can only be enabled for FIFO SNS topics./); - }); }); @@ -193,7 +184,6 @@ describe('Topic', () => { }, }); - }); test('give publishing permissions', () => { @@ -219,7 +209,6 @@ describe('Topic', () => { }, }); - }); test('TopicPolicy passed document', () => { @@ -254,7 +243,6 @@ describe('Topic', () => { ], }); - }); test('Add statements to policy', () => { @@ -332,7 +320,6 @@ describe('Topic', () => { ], }); - }); test('fromTopicArn', () => { @@ -384,7 +371,6 @@ describe('Topic', () => { statistic: 'Average', }); - }); test('subscription is created under the topic scope by default', () => { @@ -494,6 +480,5 @@ describe('Topic', () => { }], }); - }); }); diff --git a/packages/aws-cdk-lib/aws-sns/test/subscription.test.ts b/packages/aws-cdk-lib/aws-sns/test/subscription.test.ts index 51354fb7d55af..6723a7fef79ea 100644 --- a/packages/aws-cdk-lib/aws-sns/test/subscription.test.ts +++ b/packages/aws-cdk-lib/aws-sns/test/subscription.test.ts @@ -261,7 +261,6 @@ describe('Subscription', () => { }); - test.each( [ SubscriptionProtocol.LAMBDA, diff --git a/packages/aws-cdk-lib/aws-ssm/lib/parameter.ts b/packages/aws-cdk-lib/aws-ssm/lib/parameter.ts index 03303e44eb7c5..5bb4f6cc5d9b9 100644 --- a/packages/aws-cdk-lib/aws-ssm/lib/parameter.ts +++ b/packages/aws-cdk-lib/aws-ssm/lib/parameter.ts @@ -698,7 +698,6 @@ export class StringListParameter extends ParameterBase implements IStringListPar return this.fromListParameterAttributes(stack, id, { parameterName, elementType: type, version }).stringListValue; } - public readonly parameterArn: string; public readonly parameterName: string; public readonly parameterType: string; diff --git a/packages/aws-cdk-lib/aws-stepfunctions-tasks/test/athena/start-query-execution.test.ts b/packages/aws-cdk-lib/aws-stepfunctions-tasks/test/athena/start-query-execution.test.ts index f1b82866521df..22e5316ee9985 100644 --- a/packages/aws-cdk-lib/aws-stepfunctions-tasks/test/athena/start-query-execution.test.ts +++ b/packages/aws-cdk-lib/aws-stepfunctions-tasks/test/athena/start-query-execution.test.ts @@ -171,7 +171,6 @@ describe('Start Query Execution', () => { }, }); - // THEN expect(stack.resolve(task.toStateJson())).not.toHaveProperty('Parameters.QueryExecutionContext'); }); diff --git a/packages/aws-cdk-lib/aws-stepfunctions-tasks/test/codebuild/start-build.test.ts b/packages/aws-cdk-lib/aws-stepfunctions-tasks/test/codebuild/start-build.test.ts index 62630a6532f91..756c173454362 100644 --- a/packages/aws-cdk-lib/aws-stepfunctions-tasks/test/codebuild/start-build.test.ts +++ b/packages/aws-cdk-lib/aws-stepfunctions-tasks/test/codebuild/start-build.test.ts @@ -144,7 +144,6 @@ test('supports tokens', () => { }); }); - test('Task throws if WAIT_FOR_TASK_TOKEN is supplied as service integration pattern', () => { expect(() => { new CodeBuildStartBuild(stack, 'Task', { diff --git a/packages/aws-cdk-lib/aws-stepfunctions-tasks/test/databrew/start-job-run.test.ts b/packages/aws-cdk-lib/aws-stepfunctions-tasks/test/databrew/start-job-run.test.ts index 37da51a96bea2..790005fd56c07 100644 --- a/packages/aws-cdk-lib/aws-stepfunctions-tasks/test/databrew/start-job-run.test.ts +++ b/packages/aws-cdk-lib/aws-stepfunctions-tasks/test/databrew/start-job-run.test.ts @@ -98,7 +98,6 @@ describe('Start Job Run', () => { }); }); - test('wait_for_task_token integrationPattern throws an error', () => { // GIVEN const stack = new cdk.Stack(); diff --git a/packages/aws-cdk-lib/aws-stepfunctions-tasks/test/dynamodb/shared-types.test.ts b/packages/aws-cdk-lib/aws-stepfunctions-tasks/test/dynamodb/shared-types.test.ts index 5462f2285da9b..899acbb397533 100644 --- a/packages/aws-cdk-lib/aws-stepfunctions-tasks/test/dynamodb/shared-types.test.ts +++ b/packages/aws-cdk-lib/aws-stepfunctions-tasks/test/dynamodb/shared-types.test.ts @@ -250,7 +250,6 @@ describe('DynamoAttributeValue', () => { }); }); - test('from invalid boolean with json path', () => { // GIVEN const m = 'invalid'; @@ -262,7 +261,6 @@ describe('DynamoAttributeValue', () => { }); - test('from boolean with json path', () => { // GIVEN const m = '$.path'; diff --git a/packages/aws-cdk-lib/aws-stepfunctions-tasks/test/emr/emr-create-cluster.test.ts b/packages/aws-cdk-lib/aws-stepfunctions-tasks/test/emr/emr-create-cluster.test.ts index 31195ba5c4776..55f86de6f0b25 100644 --- a/packages/aws-cdk-lib/aws-stepfunctions-tasks/test/emr/emr-create-cluster.test.ts +++ b/packages/aws-cdk-lib/aws-stepfunctions-tasks/test/emr/emr-create-cluster.test.ts @@ -725,7 +725,6 @@ test('Create Cluster with AmazonElasticMapReduceRole managed policies', () => { }); }); - test('Create Cluster with AmazonEMRServicePolicy_v2 managed policies', () => { // WHEN const app = new cdk.App({ context: { [ENABLE_EMR_SERVICE_POLICY_V2]: true } }); diff --git a/packages/aws-cdk-lib/aws-stepfunctions-tasks/test/emrcontainers/delete-virtual-cluster.test.ts b/packages/aws-cdk-lib/aws-stepfunctions-tasks/test/emrcontainers/delete-virtual-cluster.test.ts index 91e23714f5695..4f29217158029 100644 --- a/packages/aws-cdk-lib/aws-stepfunctions-tasks/test/emrcontainers/delete-virtual-cluster.test.ts +++ b/packages/aws-cdk-lib/aws-stepfunctions-tasks/test/emrcontainers/delete-virtual-cluster.test.ts @@ -217,7 +217,6 @@ describe('Valid policy statements and resources are passed ', () => { }); }); - test('Task throws if WAIT_FOR_TASK_TOKEN is supplied as service integration pattern', () => { expect(() => { new EmrContainersDeleteVirtualCluster(stack, 'EMR Containers DeleteVirtualCluster Job', { diff --git a/packages/aws-cdk-lib/aws-stepfunctions-tasks/test/emrcontainers/start-job-run.test.ts b/packages/aws-cdk-lib/aws-stepfunctions-tasks/test/emrcontainers/start-job-run.test.ts index 3941e354fee7f..5c96170ba76a5 100644 --- a/packages/aws-cdk-lib/aws-stepfunctions-tasks/test/emrcontainers/start-job-run.test.ts +++ b/packages/aws-cdk-lib/aws-stepfunctions-tasks/test/emrcontainers/start-job-run.test.ts @@ -108,7 +108,6 @@ describe('Invoke EMR Containers Start Job Run with ', () => { }); }); - test('Application Configuration', () => { // WHEN const task = new EmrContainersStartJobRun(stack, 'EMR Containers Start Job Run', { diff --git a/packages/aws-cdk-lib/aws-stepfunctions-tasks/test/sagemaker/create-endpoint-config.test.ts b/packages/aws-cdk-lib/aws-stepfunctions-tasks/test/sagemaker/create-endpoint-config.test.ts index 261afad00bc6c..690be09acda74 100644 --- a/packages/aws-cdk-lib/aws-stepfunctions-tasks/test/sagemaker/create-endpoint-config.test.ts +++ b/packages/aws-cdk-lib/aws-stepfunctions-tasks/test/sagemaker/create-endpoint-config.test.ts @@ -145,4 +145,3 @@ test('Task throws if WAIT_FOR_TASK_TOKEN is supplied as service integration patt .toThrowError(/Unsupported service integration pattern. Supported Patterns: REQUEST_RESPONSE. Received: WAIT_FOR_TASK_TOKEN/i); }); - diff --git a/packages/aws-cdk-lib/aws-stepfunctions-tasks/test/sagemaker/update-endpoint.test.ts b/packages/aws-cdk-lib/aws-stepfunctions-tasks/test/sagemaker/update-endpoint.test.ts index 7b402d0650b90..501a5b6757758 100644 --- a/packages/aws-cdk-lib/aws-stepfunctions-tasks/test/sagemaker/update-endpoint.test.ts +++ b/packages/aws-cdk-lib/aws-stepfunctions-tasks/test/sagemaker/update-endpoint.test.ts @@ -70,7 +70,6 @@ test('pass parameters to update endpoint', () => { }); }); - test('Task throws if WAIT_FOR_TASK_TOKEN is supplied as service integration pattern', () => { expect(() => { new tasks.SageMakerUpdateEndpoint(stack, 'UpdateSagemaker', { diff --git a/packages/aws-cdk-lib/aws-stepfunctions/lib/private/intrinstics.ts b/packages/aws-cdk-lib/aws-stepfunctions/lib/private/intrinstics.ts index f10c81ffb115b..84fb9e96481a5 100644 --- a/packages/aws-cdk-lib/aws-stepfunctions/lib/private/intrinstics.ts +++ b/packages/aws-cdk-lib/aws-stepfunctions/lib/private/intrinstics.ts @@ -17,7 +17,6 @@ export interface FnCallExpression { readonly arguments: IntrinsicExpression[]; } - /** * LL(1) parser for StepFunctions intrinsics * diff --git a/packages/aws-cdk-lib/aws-stepfunctions/lib/state-machine.ts b/packages/aws-cdk-lib/aws-stepfunctions/lib/state-machine.ts index b017d4fb59758..1a46d90c49eba 100644 --- a/packages/aws-cdk-lib/aws-stepfunctions/lib/state-machine.ts +++ b/packages/aws-cdk-lib/aws-stepfunctions/lib/state-machine.ts @@ -268,7 +268,6 @@ abstract class StateMachineBase extends Resource implements IStateMachine { }); } - /** * Return the given named metric for this State Machine's executions * diff --git a/packages/aws-cdk-lib/aws-stepfunctions/lib/states/task-base.ts b/packages/aws-cdk-lib/aws-stepfunctions/lib/states/task-base.ts index f9a8e1e9f3a57..f64dad6b799b0 100644 --- a/packages/aws-cdk-lib/aws-stepfunctions/lib/states/task-base.ts +++ b/packages/aws-cdk-lib/aws-stepfunctions/lib/states/task-base.ts @@ -9,7 +9,6 @@ import { StateGraph } from '../state-graph'; import { Credentials } from '../task-credentials'; import { CatchProps, IChainable, INextable, RetryProps } from '../types'; - /** * Props that are common to all tasks */ diff --git a/packages/aws-cdk-lib/aws-stepfunctions/test/condition.test.ts b/packages/aws-cdk-lib/aws-stepfunctions/test/condition.test.ts index 2af4fa09e66ab..96f694e02d94a 100644 --- a/packages/aws-cdk-lib/aws-stepfunctions/test/condition.test.ts +++ b/packages/aws-cdk-lib/aws-stepfunctions/test/condition.test.ts @@ -72,7 +72,6 @@ describe('Condition Variables', () => { [stepfunctions.Condition.numberGreaterThanEqualsJsonPath('$.a', '$.b'), { Variable: '$.a', NumericGreaterThanEqualsPath: '$.b' }], ]; - for (const [cond, expected] of cases) { assertRendersTo(cond, expected); } diff --git a/packages/aws-cdk-lib/aws-stepfunctions/test/private/intrinsics.test.ts b/packages/aws-cdk-lib/aws-stepfunctions/test/private/intrinsics.test.ts index 5534ad5509b20..c1aa87bbacb61 100644 --- a/packages/aws-cdk-lib/aws-stepfunctions/test/private/intrinsics.test.ts +++ b/packages/aws-cdk-lib/aws-stepfunctions/test/private/intrinsics.test.ts @@ -1,6 +1,5 @@ import { IntrinsicParser } from '../../lib/private/intrinstics'; - test('parse JSON path', () => { expect(parse('$.Path')).toEqual({ type: 'path', path: '$.Path' }); expect(parse('$[\'complex\'].Path')).toEqual({ type: 'path', path: '$[\'complex\'].Path' }); diff --git a/packages/aws-cdk-lib/cloud-assembly-schema/lib/integ-tests/commands/common.ts b/packages/aws-cdk-lib/cloud-assembly-schema/lib/integ-tests/commands/common.ts index 01ab969b63098..8bfbad998ea5d 100644 --- a/packages/aws-cdk-lib/cloud-assembly-schema/lib/integ-tests/commands/common.ts +++ b/packages/aws-cdk-lib/cloud-assembly-schema/lib/integ-tests/commands/common.ts @@ -50,7 +50,6 @@ export interface DefaultCdkOptions { */ readonly app?: string; - /** * Role to pass to CloudFormation for deployment * diff --git a/packages/aws-cdk-lib/core/lib/cfn-element.ts b/packages/aws-cdk-lib/core/lib/cfn-element.ts index 142efb19c04b9..230ed20376662 100644 --- a/packages/aws-cdk-lib/core/lib/cfn-element.ts +++ b/packages/aws-cdk-lib/core/lib/cfn-element.ts @@ -52,7 +52,6 @@ export abstract class CfnElement extends Construct { */ private _logicalIdLocked?: boolean; - /** * Creates an entity and binds it to a tree. * Note that the root of the tree must be a Stack object (not just any Root). @@ -204,7 +203,6 @@ function notTooLong(x: string) { return x.slice(0, 47) + '...' + x.slice(-47); } - // These imports have to be at the end to prevent circular imports import { CfnReference } from './private/cfn-reference'; import { Stack } from './stack'; diff --git a/packages/aws-cdk-lib/core/lib/custom-resource-provider/cross-region-export-providers/export-reader-provider.ts b/packages/aws-cdk-lib/core/lib/custom-resource-provider/cross-region-export-providers/export-reader-provider.ts index e1e6fcd7f7424..b091bc75aadbc 100644 --- a/packages/aws-cdk-lib/core/lib/custom-resource-provider/cross-region-export-providers/export-reader-provider.ts +++ b/packages/aws-cdk-lib/core/lib/custom-resource-provider/cross-region-export-providers/export-reader-provider.ts @@ -8,7 +8,6 @@ import { Intrinsic } from '../../private/intrinsic'; import { Stack } from '../../stack'; import { builtInCustomResourceProviderNodeRuntime, CustomResourceProvider } from '../custom-resource-provider'; - /** * Properties for an ExportReader */ diff --git a/packages/aws-cdk-lib/core/lib/custom-resource-provider/custom-resource-provider.ts b/packages/aws-cdk-lib/core/lib/custom-resource-provider/custom-resource-provider.ts index e53d215c19841..f3cabc65842e5 100644 --- a/packages/aws-cdk-lib/core/lib/custom-resource-provider/custom-resource-provider.ts +++ b/packages/aws-cdk-lib/core/lib/custom-resource-provider/custom-resource-provider.ts @@ -293,7 +293,6 @@ export class CustomResourceProvider extends Construct { this.roleArn = Token.asString(this._role.getAtt('Arn')); } - const timeout = props.timeout ?? Duration.minutes(15); const memory = props.memorySize ?? Size.mebibytes(128); diff --git a/packages/aws-cdk-lib/core/lib/lazy.ts b/packages/aws-cdk-lib/core/lib/lazy.ts index 0529d18c7f2b2..d0ce41fdb9dc8 100644 --- a/packages/aws-cdk-lib/core/lib/lazy.ts +++ b/packages/aws-cdk-lib/core/lib/lazy.ts @@ -326,7 +326,6 @@ export class Lazy { } } - interface ILazyProducer { produce(context: IResolveContext): A | undefined; } diff --git a/packages/aws-cdk-lib/core/lib/names.ts b/packages/aws-cdk-lib/core/lib/names.ts index 057ec37d3201c..df6674c327b19 100644 --- a/packages/aws-cdk-lib/core/lib/names.ts +++ b/packages/aws-cdk-lib/core/lib/names.ts @@ -4,7 +4,6 @@ import { makeUniqueResourceName } from './private/unique-resource-name'; import { makeUniqueId } from './private/uniqueid'; import { Stack } from './stack'; - /** * Options for creating a unique resource name. */ diff --git a/packages/aws-cdk-lib/core/lib/private/cloudformation-lang.ts b/packages/aws-cdk-lib/core/lib/private/cloudformation-lang.ts index 6d787582c582b..152e587dde80c 100644 --- a/packages/aws-cdk-lib/core/lib/private/cloudformation-lang.ts +++ b/packages/aws-cdk-lib/core/lib/private/cloudformation-lang.ts @@ -371,7 +371,6 @@ function isConcatable(obj: any): boolean { return ['string', 'number'].includes(typeof obj) && !Token.isUnresolved(obj); } - /** * Return whether the given value represents a CloudFormation intrinsic */ diff --git a/packages/aws-cdk-lib/core/lib/private/prepare-app.ts b/packages/aws-cdk-lib/core/lib/private/prepare-app.ts index 8672fa78e4403..4848094eb7ab9 100644 --- a/packages/aws-cdk-lib/core/lib/private/prepare-app.ts +++ b/packages/aws-cdk-lib/core/lib/private/prepare-app.ts @@ -127,7 +127,6 @@ function findTransitiveDeps(root: IConstruct): Dependency[] { return ret; } - interface Dependency { readonly source: IConstruct; readonly target: IConstruct; diff --git a/packages/aws-cdk-lib/core/lib/private/refs.ts b/packages/aws-cdk-lib/core/lib/private/refs.ts index 0da1eb3f22c42..f122a7425f784 100644 --- a/packages/aws-cdk-lib/core/lib/private/refs.ts +++ b/packages/aws-cdk-lib/core/lib/private/refs.ts @@ -37,7 +37,6 @@ export function resolveReferences(scope: IConstruct): void { } } - /** * Resolves the value for `reference` in the context of `consumer`. */ @@ -65,7 +64,6 @@ function resolveValue(consumer: Stack, reference: CfnReference): IResolvable { 'Cross stack references are only supported for stacks deployed to the same account or between nested stacks and their parent stack'); } - // Stacks are in the same account, but different regions if (producerRegion !== consumerRegion && !consumer._crossRegionReferences) { throw new Error( diff --git a/packages/aws-cdk-lib/core/lib/stack.ts b/packages/aws-cdk-lib/core/lib/stack.ts index 113c4ccd2bc9e..2980f3464b7be 100644 --- a/packages/aws-cdk-lib/core/lib/stack.ts +++ b/packages/aws-cdk-lib/core/lib/stack.ts @@ -1098,7 +1098,6 @@ export class Stack extends Construct implements ITaggable { return deployTimeLookup(this, factName, lookupMap, defaultValue); } - /** * Create a CloudFormation Export for a string value * diff --git a/packages/aws-cdk-lib/core/lib/stage.ts b/packages/aws-cdk-lib/core/lib/stage.ts index def57f2a32f8d..80264b754cb71 100644 --- a/packages/aws-cdk-lib/core/lib/stage.ts +++ b/packages/aws-cdk-lib/core/lib/stage.ts @@ -154,7 +154,6 @@ export class Stage extends Construct { */ public readonly policyValidationBeta1: IPolicyValidationPluginBeta1[] = []; - constructor(scope: Construct, id: string, props: StageProps = {}) { super(scope, id); @@ -169,7 +168,6 @@ export class Stage extends Construct { this.region = props.env?.region ?? this.parentStage?.region; this.account = props.env?.account ?? this.parentStage?.account; - props.permissionsBoundary?._bind(this); this._assemblyBuilder = this.createBuilder(props.outdir); diff --git a/packages/aws-cdk-lib/core/lib/time-zone.ts b/packages/aws-cdk-lib/core/lib/time-zone.ts index d3685ce7a551a..85cc83d9d464c 100644 --- a/packages/aws-cdk-lib/core/lib/time-zone.ts +++ b/packages/aws-cdk-lib/core/lib/time-zone.ts @@ -1078,5 +1078,4 @@ export class TimeZone { private constructor(public readonly timezoneName: string) { } - } \ No newline at end of file diff --git a/packages/aws-cdk-lib/core/lib/validation/private/report.ts b/packages/aws-cdk-lib/core/lib/validation/private/report.ts index 7a26dede3eb6b..9c19808fabe4a 100644 --- a/packages/aws-cdk-lib/core/lib/validation/private/report.ts +++ b/packages/aws-cdk-lib/core/lib/validation/private/report.ts @@ -103,7 +103,6 @@ export interface NamedValidationPluginReport extends report.PolicyValidationPlug readonly pluginName: string; } - /** * The report emitted by the plugin after evaluation. */ @@ -113,7 +112,6 @@ export class PolicyValidationReportFormatter { this.reportTrace = new ReportTrace(tree); } - public formatPrettyPrinted(reps: NamedValidationPluginReport[]): string { const json = this.formatJson(reps); const output = [json.title]; @@ -227,7 +225,6 @@ export class PolicyValidationReportFormatter { } } - function reset(s: string) { return `${s}\x1b[0m`; } diff --git a/packages/aws-cdk-lib/core/test/bundling.test.ts b/packages/aws-cdk-lib/core/test/bundling.test.ts index e922dde439603..90793758844db 100644 --- a/packages/aws-cdk-lib/core/test/bundling.test.ts +++ b/packages/aws-cdk-lib/core/test/bundling.test.ts @@ -161,7 +161,6 @@ describe('bundling', () => { }); - test('throws in case of spawnSync error', () => { sinon.stub(child_process, 'spawnSync').returns({ status: 0, diff --git a/packages/aws-cdk-lib/core/test/custom-resource-provider/custom-resource-provider.test.ts b/packages/aws-cdk-lib/core/test/custom-resource-provider/custom-resource-provider.test.ts index 5ad7d5530ab91..81a6ad56b8594 100644 --- a/packages/aws-cdk-lib/core/test/custom-resource-provider/custom-resource-provider.test.ts +++ b/packages/aws-cdk-lib/core/test/custom-resource-provider/custom-resource-provider.test.ts @@ -334,7 +334,6 @@ describe('custom resource provider', () => { throw new Error(`Asset filename must be a relative path, got: ${assetFilename}`); } - }); test('policyStatements can be used to add statements to the inline policy', () => { diff --git a/packages/aws-cdk-lib/core/test/custom-resource-provider/export-writer-provider.test.ts b/packages/aws-cdk-lib/core/test/custom-resource-provider/export-writer-provider.test.ts index 55b51fa98eb4d..1eec87e7c6223 100644 --- a/packages/aws-cdk-lib/core/test/custom-resource-provider/export-writer-provider.test.ts +++ b/packages/aws-cdk-lib/core/test/custom-resource-provider/export-writer-provider.test.ts @@ -2,7 +2,6 @@ import { App, Stack, AssetStaging, CfnResource, NestedStack } from '../../lib'; import { ExportWriter } from '../../lib/custom-resource-provider/cross-region-export-providers/export-writer-provider'; import { toCloudFormation } from '../util'; - describe('export writer provider', () => { test('basic configuration', () => { // GIVEN @@ -485,7 +484,6 @@ describe('export writer provider', () => { }, }); - // THEN app.synth(); const cfn = toCloudFormation(stack); diff --git a/packages/aws-cdk-lib/core/test/fs/fs-copy.test.ts b/packages/aws-cdk-lib/core/test/fs/fs-copy.test.ts index 77e62d7dc58c6..61af772b801ed 100644 --- a/packages/aws-cdk-lib/core/test/fs/fs-copy.test.ts +++ b/packages/aws-cdk-lib/core/test/fs/fs-copy.test.ts @@ -97,7 +97,6 @@ describe('fs copy', () => { 'normal-file.txt', ]); - }); test('exclude', () => { diff --git a/packages/aws-cdk-lib/core/test/fs/fs.test.ts b/packages/aws-cdk-lib/core/test/fs/fs.test.ts index 22260f3ec6e27..0b57dde2bc2c3 100644 --- a/packages/aws-cdk-lib/core/test/fs/fs.test.ts +++ b/packages/aws-cdk-lib/core/test/fs/fs.test.ts @@ -33,7 +33,6 @@ describe('fs', () => { fs.unlinkSync(p); fs.unlinkSync(symlinkTmp); - }); test('mkdtemp creates a temporary directory in the system temp', () => { @@ -44,6 +43,5 @@ describe('fs', () => { fs.rmdirSync(tmpdir); - }); }); diff --git a/packages/aws-cdk-lib/core/test/private/physical-name-generator.test.ts b/packages/aws-cdk-lib/core/test/private/physical-name-generator.test.ts index 87412c7074188..e594674e305fc 100644 --- a/packages/aws-cdk-lib/core/test/private/physical-name-generator.test.ts +++ b/packages/aws-cdk-lib/core/test/private/physical-name-generator.test.ts @@ -13,7 +13,6 @@ describe('physical name generator', () => { expect(generatePhysicalName(testResourceA)).toEqual('teststackteststackaa164c141d59b37c1b663'); expect(generatePhysicalName(testResourceB)).toEqual('teststackteststackab27595cd34d8188283a1f'); - }); test('generates different names in different accounts', () => { @@ -27,7 +26,6 @@ describe('physical name generator', () => { expect(generatePhysicalName(resourceA)).not.toEqual(generatePhysicalName(resourceB)); - }); test('generates different names in different regions', () => { @@ -41,7 +39,6 @@ describe('physical name generator', () => { expect(generatePhysicalName(resourceA)).not.toEqual(generatePhysicalName(resourceB)); - }); test('fails when the region is an unresolved token', () => { @@ -52,7 +49,6 @@ describe('physical name generator', () => { expect(() => generatePhysicalName(testResource)).toThrow( /Cannot generate a physical name for TestStack\/A, because the region is un-resolved or missing/); - }); test('fails when the region is not provided', () => { @@ -63,7 +59,6 @@ describe('physical name generator', () => { expect(() => generatePhysicalName(testResource)).toThrow( /Cannot generate a physical name for TestStack\/A, because the region is un-resolved or missing/); - }); test('fails when the account is an unresolved token', () => { @@ -74,7 +69,6 @@ describe('physical name generator', () => { expect(() => generatePhysicalName(testResource)).toThrow( /Cannot generate a physical name for TestStack\/A, because the account is un-resolved or missing/); - }); test('fails when the account is not provided', () => { @@ -85,7 +79,6 @@ describe('physical name generator', () => { expect(() => generatePhysicalName(testResource)).toThrow( /Cannot generate a physical name for TestStack\/A, because the account is un-resolved or missing/); - }); }); @@ -96,7 +89,6 @@ describe('physical name generator', () => { expect(isGeneratedWhenNeededMarker(asString)).toEqual(true); - }); test('throws when resolved', () => { @@ -105,7 +97,6 @@ describe('physical name generator', () => { expect(() => new Stack().resolve(asString)).toThrow(/Use "this.physicalName" instead/); - }); }); @@ -114,7 +105,6 @@ describe('physical name generator', () => { expect(isGeneratedWhenNeededMarker('this is not even a token!')).toEqual(false); expect(isGeneratedWhenNeededMarker(Lazy.string({ produce: () => 'Bazinga!' }))).toEqual(false); - }); }); }); diff --git a/packages/aws-cdk-lib/core/test/private/tree-metadata.test.ts b/packages/aws-cdk-lib/core/test/private/tree-metadata.test.ts index c3497bbb4137b..482cc6301b833 100644 --- a/packages/aws-cdk-lib/core/test/private/tree-metadata.test.ts +++ b/packages/aws-cdk-lib/core/test/private/tree-metadata.test.ts @@ -184,7 +184,6 @@ describe('tree metadata', () => { }), }); - }); test('token resolution & cfn parameter', () => { @@ -394,7 +393,6 @@ describe('tree metadata', () => { }), }); - }); }); diff --git a/packages/aws-cdk-lib/core/test/stack-synthesis/clicreds-synthesis.test.ts b/packages/aws-cdk-lib/core/test/stack-synthesis/clicreds-synthesis.test.ts index 32b79089443a7..07f9b8bb10db8 100644 --- a/packages/aws-cdk-lib/core/test/stack-synthesis/clicreds-synthesis.test.ts +++ b/packages/aws-cdk-lib/core/test/stack-synthesis/clicreds-synthesis.test.ts @@ -81,7 +81,6 @@ describe('CLI creds synthesis', () => { expect(evalCFN(location.repositoryName)).toEqual('cdk-hnb659fds-container-assets-the_account-the_region'); expect(evalCFN(location.imageUri)).toEqual('the_account.dkr.ecr.the_region.domain.aws/cdk-hnb659fds-container-assets-the_account-the_region:abcdef'); - }); test('synthesis', () => { diff --git a/packages/aws-cdk-lib/core/test/stack-synthesis/new-style-synthesis.test.ts b/packages/aws-cdk-lib/core/test/stack-synthesis/new-style-synthesis.test.ts index b36f96b5897ee..7aa933eadfe21 100644 --- a/packages/aws-cdk-lib/core/test/stack-synthesis/new-style-synthesis.test.ts +++ b/packages/aws-cdk-lib/core/test/stack-synthesis/new-style-synthesis.test.ts @@ -60,7 +60,6 @@ describe('new style synthesis', () => { }, }); - }); test('version check is added to both template and manifest artifact', () => { @@ -103,7 +102,6 @@ describe('new style synthesis', () => { const template = app.synth().getStackByName('Stack2').template; expect(template?.Rules?.CheckBootstrapVersion).toEqual(undefined); - }); test('customize version parameter', () => { @@ -135,7 +133,6 @@ describe('new style synthesis', () => { // GIVEN class BootstraplessStackSynthesizer extends DefaultStackSynthesizer { - /** * Synthesize the associated bootstrap stack to the session. */ @@ -188,7 +185,6 @@ describe('new style synthesis', () => { const assembly = app.synth(); expect(assembly.manifest.missing![0].props.lookupRoleArn).toEqual('arn:${AWS::Partition}:iam::111111111111:role/cdk-hnb659fds-lookup-role-111111111111-us-east-1'); - }); test('add file asset', () => { @@ -206,7 +202,6 @@ describe('new style synthesis', () => { // THEN - object key contains source hash somewhere expect(location.objectKey.indexOf('abcdef')).toBeGreaterThan(-1); - }); test('add docker image asset', () => { @@ -220,7 +215,6 @@ describe('new style synthesis', () => { expect(evalCFN(location.repositoryName)).toEqual('cdk-hnb659fds-container-assets-the_account-the_region'); expect(evalCFN(location.imageUri)).toEqual('the_account.dkr.ecr.the_region.domain.aws/cdk-hnb659fds-container-assets-the_account-the_region:abcdef'); - }); test('dockerBuildArgs or dockerBuildSecrets without directoryName', () => { @@ -282,7 +276,6 @@ describe('new style synthesis', () => { } } - }); test('customize publishing resources', () => { @@ -331,7 +324,6 @@ describe('new style synthesis', () => { assumeRoleExternalId: 'image-external-id', }); - }); test('customize deploy role externalId', () => { @@ -351,7 +343,6 @@ describe('new style synthesis', () => { const stackArtifact = asm.getStackByName(mystack.stackName); expect(stackArtifact.assumeRoleExternalId).toEqual('deploy-external-id'); - }); test('synthesis with bucketPrefix', () => { @@ -395,7 +386,6 @@ describe('new style synthesis', () => { expect(stackArtifact.stackTemplateAssetObjectUrl).toEqual(`s3://file-asset-bucket/000000000000/${templateHash}`); - }); test('synthesis with dockerPrefix', () => { diff --git a/packages/aws-cdk-lib/core/test/stack.test.ts b/packages/aws-cdk-lib/core/test/stack.test.ts index dc53c437ad787..7373502dc1cbf 100644 --- a/packages/aws-cdk-lib/core/test/stack.test.ts +++ b/packages/aws-cdk-lib/core/test/stack.test.ts @@ -1899,7 +1899,6 @@ describe('stack', () => { ]); }); - test('allows using the same stack name for two stacks (i.e. in different regions)', () => { // WHEN const app = new App(); diff --git a/packages/aws-cdk-lib/core/test/staging.test.ts b/packages/aws-cdk-lib/core/test/staging.test.ts index ae53d6a6c0b12..95644eb9cb52c 100644 --- a/packages/aws-cdk-lib/core/test/staging.test.ts +++ b/packages/aws-cdk-lib/core/test/staging.test.ts @@ -31,7 +31,6 @@ const ARCHIVE_TARBALL_TEST_HASH = '3e948ff54a277d6001e2452fdbc4a9ef61f916ff662ba const userInfo = os.userInfo(); const USER_ARG = `-u ${userInfo.uid}:${userInfo.gid}`; - describe('staging', () => { beforeAll(() => { // this is a way to provide a custom "docker" command for staging. diff --git a/packages/aws-cdk-lib/core/test/validation/validation.test.ts b/packages/aws-cdk-lib/core/test/validation/validation.test.ts index 4ecec41b329d4..fec0464668614 100644 --- a/packages/aws-cdk-lib/core/test/validation/validation.test.ts +++ b/packages/aws-cdk-lib/core/test/validation/validation.test.ts @@ -6,7 +6,6 @@ import { table } from 'table'; import * as core from '../../lib'; import { PolicyValidationPluginReportBeta1, PolicyViolationBeta1 } from '../../lib'; - let consoleErrorMock: jest.SpyInstance; let consoleLogMock: jest.SpyInstance; beforeEach(() => { diff --git a/packages/aws-cdk-lib/custom-resources/lib/aws-custom-resource/aws-custom-resource.ts b/packages/aws-cdk-lib/custom-resources/lib/aws-custom-resource/aws-custom-resource.ts index 6f3b05ceed747..7a7ca269dc8e9 100644 --- a/packages/aws-cdk-lib/custom-resources/lib/aws-custom-resource/aws-custom-resource.ts +++ b/packages/aws-cdk-lib/custom-resources/lib/aws-custom-resource/aws-custom-resource.ts @@ -11,7 +11,6 @@ import { Annotations } from '../../../core'; import * as cxapi from '../../../cx-api'; import { FactName } from '../../../region-info'; - /** * The lambda runtime used by default for aws-cdk vended custom resources. Can change * based on region. diff --git a/packages/aws-cdk-lib/custom-resources/test/aws-custom-resource/aws-custom-resource-provider.test.ts b/packages/aws-cdk-lib/custom-resources/test/aws-custom-resource/aws-custom-resource-provider.test.ts index aa8a9589d1fdb..2fdd122128ef3 100644 --- a/packages/aws-cdk-lib/custom-resources/test/aws-custom-resource/aws-custom-resource-provider.test.ts +++ b/packages/aws-cdk-lib/custom-resources/test/aws-custom-resource/aws-custom-resource-provider.test.ts @@ -6,7 +6,6 @@ import * as sinon from 'sinon'; import { AwsSdkCall, PhysicalResourceId } from '../../lib'; import { flatten, handler, forceSdkInstallation } from '../../lib/aws-custom-resource/runtime'; - // This test performs an 'npm install' which may take longer than the default // 5s timeout jest.setTimeout(60_000); diff --git a/packages/aws-cdk-lib/cx-api/lib/cxapi.ts b/packages/aws-cdk-lib/cx-api/lib/cxapi.ts index 8137dcf3907f6..d4982e33a2f8d 100644 --- a/packages/aws-cdk-lib/cx-api/lib/cxapi.ts +++ b/packages/aws-cdk-lib/cx-api/lib/cxapi.ts @@ -38,7 +38,6 @@ export const CLI_VERSION_ENV = 'CDK_CLI_VERSION'; */ export const PROVIDER_ERROR_KEY = '$providerError'; - /** * This SSM parameter does not invalidate the template * diff --git a/packages/aws-cdk-lib/cx-api/lib/features.ts b/packages/aws-cdk-lib/cx-api/lib/features.ts index 01addbbded55c..5349e28610f13 100644 --- a/packages/aws-cdk-lib/cx-api/lib/features.ts +++ b/packages/aws-cdk-lib/cx-api/lib/features.ts @@ -41,7 +41,6 @@ import { FlagInfo, FlagType } from './private/flag-modeling'; // See https://github.com/aws/aws-cdk-rfcs/blob/master/text/0055-feature-flags.md // -------------------------------------------------------------------------------- - export const ENABLE_STACK_NAME_DUPLICATES_CONTEXT = '@aws-cdk/core:enableStackNameDuplicates'; export const ENABLE_DIFF_NO_FAIL_CONTEXT = 'aws-cdk:enableDiffNoFail'; /** @deprecated use `ENABLE_DIFF_NO_FAIL_CONTEXT` */ diff --git a/packages/aws-cdk-lib/cx-api/test/stack-artifact.test.ts b/packages/aws-cdk-lib/cx-api/test/stack-artifact.test.ts index 900367f4b0dda..85009cedd7c23 100644 --- a/packages/aws-cdk-lib/cx-api/test/stack-artifact.test.ts +++ b/packages/aws-cdk-lib/cx-api/test/stack-artifact.test.ts @@ -108,7 +108,6 @@ test('already uppercased stack tags get left alone', () => { ]); }); - test('read tags from stack metadata', () => { // Backwards compatibility test // GIVEN diff --git a/packages/aws-cdk-lib/pipelines/lib/codepipeline/codepipeline.ts b/packages/aws-cdk-lib/pipelines/lib/codepipeline/codepipeline.ts index 5c463ebfeb60e..83e9e7528327d 100644 --- a/packages/aws-cdk-lib/pipelines/lib/codepipeline/codepipeline.ts +++ b/packages/aws-cdk-lib/pipelines/lib/codepipeline/codepipeline.ts @@ -29,7 +29,6 @@ import { actionName, stackVariableNamespace } from '../private/identifiers'; import { enumerate, flatten, maybeSuffix, noUndefined } from '../private/javascript'; import { writeTemplateConfiguration } from '../private/template-configuration'; - /** * Properties for a `CodePipeline` */ @@ -335,7 +334,6 @@ export interface CodeBuildOptions { readonly logging?: cb.LoggingOptions; } - /** * A CDK Pipeline that uses CodePipeline to deploy CDK apps * @@ -425,7 +423,6 @@ export class CodePipeline extends PipelineBase { return this._pipeline; } - protected doBuildPipeline(): void { if (this._pipeline) { throw new Error('Pipeline already created'); @@ -1036,7 +1033,6 @@ function chunkTranches(n: number, xss: A[][]): A[][][] { ret.push(tranches); } - return ret; } diff --git a/packages/aws-cdk-lib/pipelines/lib/codepipeline/private/codebuild-factory.ts b/packages/aws-cdk-lib/pipelines/lib/codepipeline/private/codebuild-factory.ts index 9c172ee112990..c06c9b9d8ef2a 100644 --- a/packages/aws-cdk-lib/pipelines/lib/codepipeline/private/codebuild-factory.ts +++ b/packages/aws-cdk-lib/pipelines/lib/codepipeline/private/codebuild-factory.ts @@ -331,7 +331,6 @@ export class CodeBuildFactory implements ICodePipelineActionFactory { ? { _PROJECT_CONFIG_HASH: projectConfigHash } : {}; - // Start all CodeBuild projects from a single (shared) Action Role, so that we don't have to generate an Action Role for each // individual CodeBuild Project and blow out the pipeline policy size (and potentially # of resources in the stack). const actionRoleCid = 'CodeBuildActionRole'; diff --git a/packages/aws-cdk-lib/pipelines/lib/helpers-internal/step-output.ts b/packages/aws-cdk-lib/pipelines/lib/helpers-internal/step-output.ts index 0c9bb2c646084..7e94c73ff8f61 100644 --- a/packages/aws-cdk-lib/pipelines/lib/helpers-internal/step-output.ts +++ b/packages/aws-cdk-lib/pipelines/lib/helpers-internal/step-output.ts @@ -1,12 +1,10 @@ import { IResolvable, IResolveContext, Token, Tokenization } from '../../../core'; import { Step } from '../blueprint/step'; - const STEP_OUTPUT_SYM = Symbol.for('@aws-cdk/pipelines.StepOutput'); const PRODUCED_OUTPUTS_SYM = Symbol.for('@aws-cdk/pipelines.outputs'); - /** * A symbolic reference to a value produced by another step * diff --git a/packages/aws-cdk-lib/pipelines/lib/legacy/actions/publish-assets-action.ts b/packages/aws-cdk-lib/pipelines/lib/legacy/actions/publish-assets-action.ts index 52b1c36c7a153..89bd087101972 100644 --- a/packages/aws-cdk-lib/pipelines/lib/legacy/actions/publish-assets-action.ts +++ b/packages/aws-cdk-lib/pipelines/lib/legacy/actions/publish-assets-action.ts @@ -77,7 +77,6 @@ export interface PublishAssetsActionProps { */ readonly subnetSelection?: ec2.SubnetSelection; - /** * Custom BuildSpec that is merged with generated one * @@ -181,7 +180,6 @@ export class PublishAssetsAction extends Construct implements codepipeline.IActi } } - /** * Add a single publishing command * diff --git a/packages/aws-cdk-lib/pipelines/lib/legacy/pipeline.ts b/packages/aws-cdk-lib/pipelines/lib/legacy/pipeline.ts index 276fc8c9455fe..b1f23e2e22788 100644 --- a/packages/aws-cdk-lib/pipelines/lib/legacy/pipeline.ts +++ b/packages/aws-cdk-lib/pipelines/lib/legacy/pipeline.ts @@ -87,7 +87,6 @@ export interface CdkPipelineProps { readonly crossAccountKeys?: boolean; // @deprecated(v2): switch to default false - /** * Enables KMS key rotation for cross-account keys. * @@ -99,7 +98,6 @@ export interface CdkPipelineProps { */ readonly enableKeyRotation?: boolean; - /** * CDK CLI version to use in pipeline * diff --git a/packages/aws-cdk-lib/pipelines/lib/legacy/stage.ts b/packages/aws-cdk-lib/pipelines/lib/legacy/stage.ts index 25f4bf97d8081..79f224b87e583 100644 --- a/packages/aws-cdk-lib/pipelines/lib/legacy/stage.ts +++ b/packages/aws-cdk-lib/pipelines/lib/legacy/stage.ts @@ -62,7 +62,6 @@ export interface CdkStageProps { readonly securityNotificationTopic?: sns.ITopic; } - /** * Stage in a CdkPipeline * diff --git a/packages/aws-cdk-lib/pipelines/lib/private/identifiers.ts b/packages/aws-cdk-lib/pipelines/lib/private/identifiers.ts index 7de1d3ef0744e..b41fa88ffe30d 100644 --- a/packages/aws-cdk-lib/pipelines/lib/private/identifiers.ts +++ b/packages/aws-cdk-lib/pipelines/lib/private/identifiers.ts @@ -45,7 +45,6 @@ function sanitizeName(x: string): string { return x.replace(/[^A-Za-z0-9.@\-_]/g, '_'); } - /** * Makes sure the given identifier length does not exceed N characters * diff --git a/packages/aws-cdk-lib/pipelines/lib/private/javascript.ts b/packages/aws-cdk-lib/pipelines/lib/private/javascript.ts index 6330389ee661c..00bb6b50eba7f 100644 --- a/packages/aws-cdk-lib/pipelines/lib/private/javascript.ts +++ b/packages/aws-cdk-lib/pipelines/lib/private/javascript.ts @@ -25,7 +25,6 @@ export function* enumerate(xs: Iterable): IterableIterator<[number, A]> { } } - export function expectProp(obj: A, key: B): NonNullable { if (!obj[key]) { throw new Error(`Expecting '${String(key)}' to be set!`); } return obj[key] as any; diff --git a/packages/aws-cdk-lib/pipelines/test/blueprint/helpers-internal/graph.test.ts b/packages/aws-cdk-lib/pipelines/test/blueprint/helpers-internal/graph.test.ts index b3bbc83e25626..54d698c61e5b7 100644 --- a/packages/aws-cdk-lib/pipelines/test/blueprint/helpers-internal/graph.test.ts +++ b/packages/aws-cdk-lib/pipelines/test/blueprint/helpers-internal/graph.test.ts @@ -2,7 +2,6 @@ import { mkGraph } from './util'; import { GraphNode } from '../../../lib/helpers-internal'; import { flatten } from '../../../lib/private/javascript'; - test('"uniqueId" renders a graph-wide unique id for each node', () => { const g = mkGraph('MyGraph', G => { G.graph('g1', [], G1 => { diff --git a/packages/aws-cdk-lib/pipelines/test/blueprint/helpers-internal/pipeline-graph.test.ts b/packages/aws-cdk-lib/pipelines/test/blueprint/helpers-internal/pipeline-graph.test.ts index f473d4e0cf001..b8d4dc53957af 100644 --- a/packages/aws-cdk-lib/pipelines/test/blueprint/helpers-internal/pipeline-graph.test.ts +++ b/packages/aws-cdk-lib/pipelines/test/blueprint/helpers-internal/pipeline-graph.test.ts @@ -292,7 +292,6 @@ describe('options for other engines', () => { }); }); - describe('with app with output', () => { let blueprint: Blueprint; let myApp: AppWithOutput; diff --git a/packages/aws-cdk-lib/pipelines/test/blueprint/helpers-internal/pipeline-queries.test.ts b/packages/aws-cdk-lib/pipelines/test/blueprint/helpers-internal/pipeline-queries.test.ts index e18806b38c6bf..fd7e6ab9d1ccc 100644 --- a/packages/aws-cdk-lib/pipelines/test/blueprint/helpers-internal/pipeline-queries.test.ts +++ b/packages/aws-cdk-lib/pipelines/test/blueprint/helpers-internal/pipeline-queries.test.ts @@ -91,7 +91,6 @@ describe('pipeline-queries', () => { }); }); - class Blueprint extends cdkp.PipelineBase { protected doBuildPipeline(): void { } diff --git a/packages/aws-cdk-lib/pipelines/test/blueprint/helpers-internal/util.ts b/packages/aws-cdk-lib/pipelines/test/blueprint/helpers-internal/util.ts index 61e899aef71ce..9a1948e586713 100644 --- a/packages/aws-cdk-lib/pipelines/test/blueprint/helpers-internal/util.ts +++ b/packages/aws-cdk-lib/pipelines/test/blueprint/helpers-internal/util.ts @@ -21,13 +21,11 @@ export function mkGraph(name: string, block: (b: GraphBuilder) => void) { return graph; } - interface GraphBuilder { graph(name: string, deps: GraphNode[], block: (b: GraphBuilder) => void): Graph; node(name: string, deps?: GraphNode[]): GraphNode; } - export function nodeNames(n: GraphNode): string; export function nodeNames(ns: GraphNode[]): string[]; export function nodeNames(ns: GraphNode[][]): string[][]; diff --git a/packages/aws-cdk-lib/pipelines/test/blueprint/logicalid-stability.test.ts b/packages/aws-cdk-lib/pipelines/test/blueprint/logicalid-stability.test.ts index 4f12ae53a3542..cce5bd87ae81e 100644 --- a/packages/aws-cdk-lib/pipelines/test/blueprint/logicalid-stability.test.ts +++ b/packages/aws-cdk-lib/pipelines/test/blueprint/logicalid-stability.test.ts @@ -83,7 +83,6 @@ describeDeprecated('logical id stability', () => { }); }); - const STATEFUL_TYPES = [ // Holds state 'AWS::S3::Bucket', diff --git a/packages/aws-cdk-lib/pipelines/test/blueprint/stack-deployment.test.ts b/packages/aws-cdk-lib/pipelines/test/blueprint/stack-deployment.test.ts index 6d116e5b8ee38..29b997d6e4e3f 100644 --- a/packages/aws-cdk-lib/pipelines/test/blueprint/stack-deployment.test.ts +++ b/packages/aws-cdk-lib/pipelines/test/blueprint/stack-deployment.test.ts @@ -48,7 +48,6 @@ describe('templateUrl', () => { }); - test('"requiredAssets" contain only assets that are not the template', () => { // GIVEN const stage = new Stage(new TestApp(), 'MyStage'); diff --git a/packages/aws-cdk-lib/pipelines/test/codepipeline/codepipeline.test.ts b/packages/aws-cdk-lib/pipelines/test/codepipeline/codepipeline.test.ts index 054583de68e5d..302ffaca2119b 100644 --- a/packages/aws-cdk-lib/pipelines/test/codepipeline/codepipeline.test.ts +++ b/packages/aws-cdk-lib/pipelines/test/codepipeline/codepipeline.test.ts @@ -216,7 +216,6 @@ test('CodePipeline throws when key rotation is enabled without enabling cross ac }).buildPipeline()).toThrowError('Setting \'enableKeyRotation\' to true also requires \'crossAccountKeys\' to be enabled'); }); - test('CodePipeline enables key rotation on cross account keys', ()=>{ const pipelineStack = new cdk.Stack(app, 'PipelineStack', { env: PIPELINE_ENV }); const repo = new ccommit.Repository(pipelineStack, 'Repo', { diff --git a/packages/aws-cdk-lib/pipelines/test/compliance/assets.test.ts b/packages/aws-cdk-lib/pipelines/test/compliance/assets.test.ts index 5effeabeb95b7..047963afb84ec 100644 --- a/packages/aws-cdk-lib/pipelines/test/compliance/assets.test.ts +++ b/packages/aws-cdk-lib/pipelines/test/compliance/assets.test.ts @@ -838,7 +838,6 @@ describe('pipeline with single asset publisher', () => { }); }); - describe('pipeline with custom asset publisher BuildSpec', () => { behavior('custom buildspec is merged correctly', (suite) => { @@ -884,7 +883,6 @@ describe('pipeline with custom asset publisher BuildSpec', () => { THEN_codePipelineExpectation(); }); - function THEN_codePipelineExpectation() { const buildSpecName = new Capture(stringLike('buildspec-*')); @@ -970,7 +968,6 @@ function expectedAssetRolePolicy(assumeRolePattern: string | string[], attachedR }; } - behavior('necessary secrets manager permissions get added to asset roles', suite => { // Not possible to configure this for legacy pipelines suite.doesNotApply.legacy(); diff --git a/packages/aws-cdk-lib/pipelines/test/compliance/environments.test.ts b/packages/aws-cdk-lib/pipelines/test/compliance/environments.test.ts index d543769de4262..777ffb83a0d2c 100644 --- a/packages/aws-cdk-lib/pipelines/test/compliance/environments.test.ts +++ b/packages/aws-cdk-lib/pipelines/test/compliance/environments.test.ts @@ -366,7 +366,6 @@ behavior('action has right settings for cross-account/cross-region deployment', } }); - function agnosticRole(roleName: string) { return { 'Fn::Join': ['', [ diff --git a/packages/aws-cdk-lib/pipelines/test/compliance/escape-hatching.test.ts b/packages/aws-cdk-lib/pipelines/test/compliance/escape-hatching.test.ts index 8d83ed80526f6..a6bf349aee638 100644 --- a/packages/aws-cdk-lib/pipelines/test/compliance/escape-hatching.test.ts +++ b/packages/aws-cdk-lib/pipelines/test/compliance/escape-hatching.test.ts @@ -221,7 +221,6 @@ behavior('can add another action to an existing stage', (suite) => { } }); - behavior('assets stage inserted after existing pipeline actions', (suite) => { let existingCodePipeline: cp.Pipeline; beforeEach(() => { diff --git a/packages/aws-cdk-lib/pipelines/test/compliance/self-mutation.test.ts b/packages/aws-cdk-lib/pipelines/test/compliance/self-mutation.test.ts index ba0a532653426..98828dc57eb47 100644 --- a/packages/aws-cdk-lib/pipelines/test/compliance/self-mutation.test.ts +++ b/packages/aws-cdk-lib/pipelines/test/compliance/self-mutation.test.ts @@ -241,7 +241,6 @@ behavior('self-update project role uses tagged bootstrap-role permissions', (sui } }); - behavior('self-mutation stage can be customized with BuildSpec', (suite) => { suite.legacy(() => { new LegacyTestGitHubNpmPipeline(pipelineStack, 'Cdk', { diff --git a/packages/aws-cdk-lib/pipelines/test/compliance/synths.test.ts b/packages/aws-cdk-lib/pipelines/test/compliance/synths.test.ts index 46024a653d0cf..30cbed9db1faf 100644 --- a/packages/aws-cdk-lib/pipelines/test/compliance/synths.test.ts +++ b/packages/aws-cdk-lib/pipelines/test/compliance/synths.test.ts @@ -752,7 +752,6 @@ behavior('Synth CodeBuild project role can be granted permissions', (suite) => { bucket = s3.Bucket.fromBucketArn(pipelineStack, 'Bucket', 'arn:aws:s3:::this-particular-bucket'); }); - suite.legacy(() => { // GIVEN const synthAction = cdkp.SimpleSynthAction.standardNpmSynth({ @@ -994,7 +993,6 @@ behavior('Can easily switch on privileged mode for synth', (suite) => { }); }); - behavior('can provide custom BuildSpec that is merged with generated one', (suite) => { suite.legacy(() => { new LegacyTestGitHubNpmPipeline(pipelineStack, 'Cdk', { diff --git a/packages/aws-cdk-lib/pipelines/test/compliance/validations.test.ts b/packages/aws-cdk-lib/pipelines/test/compliance/validations.test.ts index 13d5777602b53..f1a560fdae911 100644 --- a/packages/aws-cdk-lib/pipelines/test/compliance/validations.test.ts +++ b/packages/aws-cdk-lib/pipelines/test/compliance/validations.test.ts @@ -86,7 +86,6 @@ behavior('can add steps to wave', (suite) => { }); }); - behavior('script validation steps can use stack outputs as environment variables', (suite) => { suite.legacy(() => { // GIVEN @@ -777,7 +776,6 @@ behavior('can run scripts with magic environment variables', (suite) => { } }); - /** * Some shared setup for legacy API tests */ diff --git a/packages/aws-cdk-lib/pipelines/test/testhelpers/compliance.ts b/packages/aws-cdk-lib/pipelines/test/testhelpers/compliance.ts index 9856797c2bd13..2d3c4ebed35ba 100644 --- a/packages/aws-cdk-lib/pipelines/test/testhelpers/compliance.ts +++ b/packages/aws-cdk-lib/pipelines/test/testhelpers/compliance.ts @@ -30,7 +30,6 @@ export function behavior(name: string, cb: (suite: Suite) => void) { unwritten.delete(flavor); } - cb({ legacy: (testFn) => { scratchOff('legacy'); diff --git a/packages/aws-cdk-lib/pipelines/test/testhelpers/legacy-pipeline.ts b/packages/aws-cdk-lib/pipelines/test/testhelpers/legacy-pipeline.ts index a909fe3833e0f..cc5340b74e7c8 100644 --- a/packages/aws-cdk-lib/pipelines/test/testhelpers/legacy-pipeline.ts +++ b/packages/aws-cdk-lib/pipelines/test/testhelpers/legacy-pipeline.ts @@ -33,7 +33,6 @@ export class LegacyTestGitHubNpmPipeline extends cdkp.CdkPipeline { } } - export class TestGitHubAction extends codepipeline_actions.GitHubSourceAction { constructor(sourceArtifact: codepipeline.Artifact) { super({ diff --git a/packages/aws-cdk-lib/pipelines/test/testhelpers/test-app.ts b/packages/aws-cdk-lib/pipelines/test/testhelpers/test-app.ts index e6dc89dd68340..89332e69c056c 100644 --- a/packages/aws-cdk-lib/pipelines/test/testhelpers/test-app.ts +++ b/packages/aws-cdk-lib/pipelines/test/testhelpers/test-app.ts @@ -130,7 +130,6 @@ export class BucketStack extends Stack { } } - /** * rm -rf reimplementation, don't want to depend on an NPM package for this */ diff --git a/packages/aws-cdk-lib/region-info/test/default.test.ts b/packages/aws-cdk-lib/region-info/test/default.test.ts index 7c5a0e64ec9ac..27e053acc77f8 100644 --- a/packages/aws-cdk-lib/region-info/test/default.test.ts +++ b/packages/aws-cdk-lib/region-info/test/default.test.ts @@ -55,7 +55,6 @@ describe('servicePrincipal', () => { } }); - describe('spot-check some service principals', () => { test('ssm', () => { // SSM has advertised in its documentation that it is regional after a certain point, but that diff --git a/packages/aws-cdk-lib/region-info/test/region-info.test.ts b/packages/aws-cdk-lib/region-info/test/region-info.test.ts index ef2d92e4cd8a8..b242325bbda7a 100644 --- a/packages/aws-cdk-lib/region-info/test/region-info.test.ts +++ b/packages/aws-cdk-lib/region-info/test/region-info.test.ts @@ -54,7 +54,6 @@ test('limitedRegionMap only returns information for certain regions', () => { expect(map2['cn-north-1']).toBeDefined(); }); - test.each([ ['us-east-1', false], ['me-south-1', true], diff --git a/packages/aws-cdk-lib/scripts/submodules/aws-events-targets.ts b/packages/aws-cdk-lib/scripts/submodules/aws-events-targets.ts index fe6efe077e7b1..97c44290ae979 100644 --- a/packages/aws-cdk-lib/scripts/submodules/aws-events-targets.ts +++ b/packages/aws-cdk-lib/scripts/submodules/aws-events-targets.ts @@ -8,7 +8,6 @@ import { ModuleMap } from '@aws-cdk/cfn2ts'; import * as sdkMetadata from 'aws-sdk/apis/metadata.json'; import * as packageInfo from 'aws-sdk/package.json'; - export default async function awsEventsTargets(_moduleMap: ModuleMap, outPath: string) { fs.writeFileSync( path.resolve(outPath, 'aws-events-targets', 'lib', 'sdk-api-metadata.generated.ts'), diff --git a/packages/aws-cdk-lib/scripts/submodules/index.ts b/packages/aws-cdk-lib/scripts/submodules/index.ts index 1475fb1cb43ac..8b8c29cb533e6 100644 --- a/packages/aws-cdk-lib/scripts/submodules/index.ts +++ b/packages/aws-cdk-lib/scripts/submodules/index.ts @@ -5,7 +5,6 @@ import * as fs from 'fs-extra'; import awsEventsTargets from './aws-events-targets'; import cloudformationInclude from './cloudformation-include'; - export default async function submodulesGen(modules: ModuleMap, outPath: string) { for (const submodule of Object.values(modules)) { if (submodule.name === 'core') { diff --git a/packages/aws-cdk-lib/scripts/verify-imports-shielded.ts b/packages/aws-cdk-lib/scripts/verify-imports-shielded.ts index 79d136663e6a6..337e4497b4e93 100644 --- a/packages/aws-cdk-lib/scripts/verify-imports-shielded.ts +++ b/packages/aws-cdk-lib/scripts/verify-imports-shielded.ts @@ -39,7 +39,6 @@ async function main() { }); } - export async function withTemporaryDirectory(callback: (dir: string) => Promise): Promise { const tmpdir = await fs.mkdtemp(path.join(os.tmpdir(), path.basename(__filename))); try { @@ -49,7 +48,6 @@ export async function withTemporaryDirectory(callback: (dir: string) => Promi } } - main().catch((e) => { // eslint-disable-next-line no-console console.error(e); diff --git a/packages/aws-cdk-lib/scripts/verify-stripped-exp.ts b/packages/aws-cdk-lib/scripts/verify-stripped-exp.ts index 6398852975c05..cba39a6b07bfd 100644 --- a/packages/aws-cdk-lib/scripts/verify-stripped-exp.ts +++ b/packages/aws-cdk-lib/scripts/verify-stripped-exp.ts @@ -82,7 +82,6 @@ main(tempDir).then( }, ); - /** * Spawn sync with error handling */ diff --git a/packages/aws-cdk/lib/api/aws-auth/aws-sdk-inifile.ts b/packages/aws-cdk/lib/api/aws-auth/aws-sdk-inifile.ts index b6c5f1c837ceb..7ff3a840a6cbc 100644 --- a/packages/aws-cdk/lib/api/aws-auth/aws-sdk-inifile.ts +++ b/packages/aws-cdk/lib/api/aws-auth/aws-sdk-inifile.ts @@ -1,6 +1,5 @@ import * as AWS from 'aws-sdk'; - /** * Hack-fix * diff --git a/packages/aws-cdk/lib/api/aws-auth/awscli-compatible.ts b/packages/aws-cdk/lib/api/aws-auth/awscli-compatible.ts index 30776e915151d..143109c1bc9ca 100644 --- a/packages/aws-cdk/lib/api/aws-auth/awscli-compatible.ts +++ b/packages/aws-cdk/lib/api/aws-auth/awscli-compatible.ts @@ -215,7 +215,6 @@ async function isEc2Instance() { return isEc2InstanceCache; } - let isEc2InstanceCache: boolean | undefined = undefined; /** diff --git a/packages/aws-cdk/lib/api/aws-auth/sdk-provider.ts b/packages/aws-cdk/lib/api/aws-auth/sdk-provider.ts index 9eeebb0347c8d..283bc9cd10e89 100644 --- a/packages/aws-cdk/lib/api/aws-auth/sdk-provider.ts +++ b/packages/aws-cdk/lib/api/aws-auth/sdk-provider.ts @@ -13,7 +13,6 @@ import { ISDK, SDK, isUnrecoverableAwsError } from './sdk'; import { rootDir } from '../../util/directories'; import { traceMethods } from '../../util/tracing'; - // Some configuration that can only be achieved by setting // environment variables. process.env.AWS_STS_REGIONAL_ENDPOINTS = 'regional'; diff --git a/packages/aws-cdk/lib/api/bootstrap/bootstrap-environment.ts b/packages/aws-cdk/lib/api/bootstrap/bootstrap-environment.ts index 7fa684a5953d9..f4a1b22729831 100644 --- a/packages/aws-cdk/lib/api/bootstrap/bootstrap-environment.ts +++ b/packages/aws-cdk/lib/api/bootstrap/bootstrap-environment.ts @@ -17,7 +17,6 @@ export type BootstrapSource = | { source: 'default' } | { source: 'custom'; templateFile: string }; - export class Bootstrapper { constructor(private readonly source: BootstrapSource) { } diff --git a/packages/aws-cdk/lib/api/cxapp/cloud-assembly.ts b/packages/aws-cdk/lib/api/cxapp/cloud-assembly.ts index 7f9b802c53e86..84cfa775e0cf7 100644 --- a/packages/aws-cdk/lib/api/cxapp/cloud-assembly.ts +++ b/packages/aws-cdk/lib/api/cxapp/cloud-assembly.ts @@ -6,7 +6,6 @@ import { error, print, warning } from '../../logging'; import { flatten } from '../../util'; import { versionNumber } from '../../version'; - export enum DefaultSelection { /** * Returns an empty selection in case there are no selectors. diff --git a/packages/aws-cdk/lib/api/util/cloudformation/stack-activity-monitor.ts b/packages/aws-cdk/lib/api/util/cloudformation/stack-activity-monitor.ts index 1a91247ec39cb..5247ac25f8297 100644 --- a/packages/aws-cdk/lib/api/util/cloudformation/stack-activity-monitor.ts +++ b/packages/aws-cdk/lib/api/util/cloudformation/stack-activity-monitor.ts @@ -398,7 +398,6 @@ abstract class ActivityPrinterBase implements IActivityPrinter { protected readonly failures = new Array(); - protected hookFailureMap = new Map>(); protected readonly stream: NodeJS.WriteStream; @@ -755,7 +754,6 @@ function hasErrorMessage(status: string) { return status.endsWith('_FAILED') || status === 'ROLLBACK_IN_PROGRESS' || status === 'UPDATE_ROLLBACK_IN_PROGRESS'; } - function colorFromStatusResult(status?: string) { if (!status) { return chalk.reset; @@ -806,4 +804,3 @@ function shorten(maxWidth: number, p: string) { const TIMESTAMP_WIDTH = 12; const STATUS_WIDTH = 20; - diff --git a/packages/aws-cdk/lib/init.ts b/packages/aws-cdk/lib/init.ts index b4fcedaaf83d4..4c695e3198cb2 100644 --- a/packages/aws-cdk/lib/init.ts +++ b/packages/aws-cdk/lib/init.ts @@ -8,7 +8,6 @@ import { error, print, warning } from './logging'; import { cdkHomeDir, rootDir } from './util/directories'; import { rangeFromSemver } from './util/version-range'; - /* eslint-disable @typescript-eslint/no-var-requires */ // Packages don't have @types module // eslint-disable-next-line @typescript-eslint/no-require-imports const camelCase = require('camelcase'); diff --git a/packages/aws-cdk/lib/logging.ts b/packages/aws-cdk/lib/logging.ts index 50f739f185216..8ad1fbb1d0ddd 100644 --- a/packages/aws-cdk/lib/logging.ts +++ b/packages/aws-cdk/lib/logging.ts @@ -55,7 +55,6 @@ const logger = (stream: Writable | WritableFactory, styles?: StyleFn[], timestam realStream.write(str + '\n'); }; - function formatTime(d: Date) { return `${lpad(d.getHours(), 2)}:${lpad(d.getMinutes(), 2)}:${lpad(d.getSeconds(), 2)}`; @@ -74,7 +73,6 @@ export enum LogLevel { TRACE = 2 } - export let logLevel = LogLevel.DEFAULT; export let CI = false; diff --git a/packages/aws-cdk/lib/util/work-graph-builder.ts b/packages/aws-cdk/lib/util/work-graph-builder.ts index ac3bd04a2d401..de51ce3c281ef 100644 --- a/packages/aws-cdk/lib/util/work-graph-builder.ts +++ b/packages/aws-cdk/lib/util/work-graph-builder.ts @@ -3,7 +3,6 @@ import { AssetManifest, IManifestEntry } from 'cdk-assets'; import { WorkGraph } from './work-graph'; import { DeploymentState, AssetBuildNode, WorkNode } from './work-graph-types'; - export class WorkGraphBuilder { /** * Default priorities for nodes diff --git a/packages/aws-cdk/test/api/cloud-executable.test.ts b/packages/aws-cdk/test/api/cloud-executable.test.ts index 3d7bc6c5cedbb..598303b724be5 100644 --- a/packages/aws-cdk/test/api/cloud-executable.test.ts +++ b/packages/aws-cdk/test/api/cloud-executable.test.ts @@ -109,7 +109,6 @@ test('fails if lookups are disabled and missing context is synthesized', async ( await expect(cloudExecutable.synthesize()).rejects.toThrow(/Context lookups have been disabled/); }); - async function testCloudExecutable({ env, versionReporting = true }: { env?: string, versionReporting?: boolean } = {}) { const cloudExec = new MockCloudExecutable({ stacks: [{ @@ -136,7 +135,6 @@ async function testCloudExecutable({ env, versionReporting = true }: { env?: str return cloudExec; } - async function withFakeCurrentCxVersion(version: string, block: () => Promise): Promise { const currentVersionFn = cxschema.Manifest.version; cxschema.Manifest.version = () => version; diff --git a/packages/aws-cdk/test/api/exec.test.ts b/packages/aws-cdk/test/api/exec.test.ts index e8ecd3d766f0f..5dd74d131eb8e 100644 --- a/packages/aws-cdk/test/api/exec.test.ts +++ b/packages/aws-cdk/test/api/exec.test.ts @@ -234,7 +234,6 @@ test('cli does not throw when the `build` script succeeds', async () => { await lock.release(); }, TEN_SECOND_TIMEOUT); - function writeOutputAssembly() { const asm = testAssembly({ stacks: [], diff --git a/packages/aws-cdk/test/api/stack-activity-monitor.test.ts b/packages/aws-cdk/test/api/stack-activity-monitor.test.ts index 16c1321d061da..6c5eddc7dd75e 100644 --- a/packages/aws-cdk/test/api/stack-activity-monitor.test.ts +++ b/packages/aws-cdk/test/api/stack-activity-monitor.test.ts @@ -11,7 +11,6 @@ beforeAll(() => { HUMAN_TIME = new Date(TIMESTAMP).toLocaleTimeString(); }); - test('prints 0/4 progress report, when addActivity is called with an "IN_PROGRESS" ResourceStatus', () => { const historyActivityPrinter = new HistoryActivityPrinter({ resourceTypeColumnWidth: 23, @@ -84,7 +83,6 @@ test('prints 1/4 progress report, when addActivity is called with an "UPDATE_COM expect(output[0].trim()).toStrictEqual(`stack-name | 1/4 | ${HUMAN_TIME} | ${green('UPDATE_COMPLETE_CLEA')} | AWS::CloudFormation::Stack | ${green(bold('stack1'))}`); }); - test('prints 1/4 progress report, when addActivity is called with an "ROLLBACK_COMPLETE_CLEAN_IN_PROGRESS" ResourceStatus', () => { const historyActivityPrinter = new HistoryActivityPrinter({ resourceTypeColumnWidth: 23, @@ -133,7 +131,6 @@ test('prints 0/4 progress report, when addActivity is called with an "UPDATE_FAI expect(output[0].trim()).toStrictEqual(`stack-name | 0/4 | ${HUMAN_TIME} | ${red('UPDATE_FAILED ')} | AWS::CloudFormation::Stack | ${red(bold('stack1'))}`); }); - test('does not print "Failed Resources:" list, when all deployments are successful', () => { const historyActivityPrinter = new HistoryActivityPrinter({ resourceTypeColumnWidth: 23, diff --git a/packages/aws-cdk/test/api/toolkit-info.test.ts b/packages/aws-cdk/test/api/toolkit-info.test.ts index f88bcc855fe0d..0c74db1763477 100644 --- a/packages/aws-cdk/test/api/toolkit-info.test.ts +++ b/packages/aws-cdk/test/api/toolkit-info.test.ts @@ -2,7 +2,6 @@ import { ToolkitInfo } from '../../lib/api'; import { errorWithCode, mockBootstrapStack, MockSdk } from '../util/mock-sdk'; - let mockSdk: MockSdk; beforeEach(() => { mockSdk = new MockSdk(); diff --git a/packages/aws-cdk/test/api/util/display.test.ts b/packages/aws-cdk/test/api/util/display.test.ts index 09fe52dea6416..2473bb8914d96 100644 --- a/packages/aws-cdk/test/api/util/display.test.ts +++ b/packages/aws-cdk/test/api/util/display.test.ts @@ -2,7 +2,6 @@ import { RewritableBlock } from '../../../lib/api/util/display'; import { stderr } from '../console-listener'; - describe('Rewritable Block Tests', () => { let block: RewritableBlock; beforeEach(() => { diff --git a/packages/aws-cdk/test/cdk-toolkit.test.ts b/packages/aws-cdk/test/cdk-toolkit.test.ts index c87a796b085fc..518c1e926b8f7 100644 --- a/packages/aws-cdk/test/cdk-toolkit.test.ts +++ b/packages/aws-cdk/test/cdk-toolkit.test.ts @@ -460,7 +460,6 @@ describe('deploy', () => { }); }); - test('with one stack specified', async () => { // GIVEN const toolkit = defaultToolkitSetup(); @@ -762,7 +761,6 @@ describe('watch', () => { expect(cdkDeployMock).toBeCalledWith(expect.objectContaining({ hotswap: HotswapMode.FALL_BACK })); }); - test('respects HotswapMode.FULL_DEPLOYMENT', async () => { cloudExecutable.configuration.settings.set(['watch'], {}); const toolkit = defaultToolkitSetup(); diff --git a/packages/aws-cdk/test/commands/context-command.test.ts b/packages/aws-cdk/test/commands/context-command.test.ts index 542da7dce863f..71c24dda4e638 100644 --- a/packages/aws-cdk/test/commands/context-command.test.ts +++ b/packages/aws-cdk/test/commands/context-command.test.ts @@ -67,7 +67,6 @@ describe('context --reset', () => { }); }); - test('can reset matched pattern', async () => { // GIVEN const configuration = new Configuration(); @@ -93,7 +92,6 @@ describe('context --reset', () => { }); }); - test('prefers an exact match', async () => { // GIVEN const configuration = new Configuration(); @@ -117,7 +115,6 @@ describe('context --reset', () => { }); }); - test('doesn\'t throw when at least one match is reset', async () => { // GIVEN const configuration = new Configuration(); @@ -173,7 +170,6 @@ describe('context --reset', () => { } as any)); }); - test('throws when no key of index found', async () => { // GIVEN const configuration = new Configuration(); @@ -190,7 +186,6 @@ describe('context --reset', () => { } as any)).rejects.toThrow(/No context key with number/); }); - test('throws when resetting read-only values', async () => { // GIVEN const configuration = new Configuration(); @@ -210,7 +205,6 @@ describe('context --reset', () => { } as any)).rejects.toThrow(/Cannot reset readonly context value with key/); }); - test('throws when no matches could be reset', async () => { // GIVEN const configuration = new Configuration(); diff --git a/packages/aws-cdk/test/context-providers/keys.test.ts b/packages/aws-cdk/test/context-providers/keys.test.ts index cb6dbe77f2097..2503110745963 100644 --- a/packages/aws-cdk/test/context-providers/keys.test.ts +++ b/packages/aws-cdk/test/context-providers/keys.test.ts @@ -79,7 +79,6 @@ test('looks up the requested Key - multiple results', async () => { }); }); - test('looks up the requested Key - multiple results with pagination', async () => { // GIVEN const provider = new KeyContextProviderPlugin(mockSDK); diff --git a/packages/aws-cdk/test/platform-warnings.test.ts b/packages/aws-cdk/test/platform-warnings.test.ts index 8fbf9e5815228..e8052b6b6d7ef 100644 --- a/packages/aws-cdk/test/platform-warnings.test.ts +++ b/packages/aws-cdk/test/platform-warnings.test.ts @@ -1,7 +1,6 @@ /* eslint-disable import/order */ import { isVersionBetween } from '../lib/platform-warnings'; - test.each([ ['2.1', false], ['2.2', true], diff --git a/packages/aws-cdk/test/util/stack-monitor.test.ts b/packages/aws-cdk/test/util/stack-monitor.test.ts index 26d9beeff806c..ecdedcc4381d2 100644 --- a/packages/aws-cdk/test/util/stack-monitor.test.ts +++ b/packages/aws-cdk/test/util/stack-monitor.test.ts @@ -146,7 +146,6 @@ async function testMonitorWithEventCalls( await monitor.stop(); } - class FakePrinter implements IActivityPrinter { public updateSleep: number = 0; public readonly activities: StackActivity[] = []; diff --git a/packages/aws-cdk/test/work-graph.test.ts b/packages/aws-cdk/test/work-graph.test.ts index 07d8c2405a328..015ccca4152fc 100644 --- a/packages/aws-cdk/test/work-graph.test.ts +++ b/packages/aws-cdk/test/work-graph.test.ts @@ -249,7 +249,6 @@ describe('WorkGraph', () => { expect(actionedAssets).toEqual(['a-build', 'a-publish', 'A']); }); - // Failure test.each([ // Concurrency 1 diff --git a/packages/cdk-assets/lib/aws.ts b/packages/cdk-assets/lib/aws.ts index 4d9e731692d4e..d78e29f24cc3e 100644 --- a/packages/cdk-assets/lib/aws.ts +++ b/packages/cdk-assets/lib/aws.ts @@ -58,7 +58,6 @@ export class DefaultAwsClient implements IAws { // our customer don't need to be bothered with this. process.env.AWS_SDK_JS_SUPPRESS_MAINTENANCE_MODE_MESSAGE = '1'; - // We need to set the environment before we load this library for the first time. // eslint-disable-next-line @typescript-eslint/no-require-imports this.AWS = require('aws-sdk'); diff --git a/packages/cdk-assets/lib/private/handlers/files.ts b/packages/cdk-assets/lib/private/handlers/files.ts index fc538a82c95d0..f9a928dd69727 100644 --- a/packages/cdk-assets/lib/private/handlers/files.ts +++ b/packages/cdk-assets/lib/private/handlers/files.ts @@ -193,7 +193,6 @@ async function objectExists(s3: AWS.S3, bucket: string, key: string) { ); } - /** * A packaged asset which can be uploaded (either a single file or directory) */ @@ -211,7 +210,6 @@ interface PackagedFileAsset { readonly contentType?: string; } - /** * Cache for bucket information, so we don't have to keep doing the same calls again and again * diff --git a/packages/cdk-assets/test/docker-images.test.ts b/packages/cdk-assets/test/docker-images.test.ts index 18b713947c365..561e37c823916 100644 --- a/packages/cdk-assets/test/docker-images.test.ts +++ b/packages/cdk-assets/test/docker-images.test.ts @@ -8,7 +8,6 @@ import { mockSpawn } from './mock-child_process'; import { AssetManifest, AssetPublishing } from '../lib'; import * as dockercreds from '../lib/private/docker-credentials'; - let aws: ReturnType; const absoluteDockerPath = '/simple/cdk.out/dockerdir'; beforeEach(() => { diff --git a/packages/cdk-assets/test/files.test.ts b/packages/cdk-assets/test/files.test.ts index 3aa73a7b38f46..83af51717bea6 100644 --- a/packages/cdk-assets/test/files.test.ts +++ b/packages/cdk-assets/test/files.test.ts @@ -135,7 +135,6 @@ test('tiny file does not count as cache hit', async () => { expect(aws.mockS3.upload).toHaveBeenCalled(); }); - test('upload file if new (list returns other key)', async () => { const pub = new AssetPublishing(AssetManifest.fromPath('/simple/cdk.out'), { aws }); diff --git a/tools/@aws-cdk/cdk-build-tools/config/eslintrc.js b/tools/@aws-cdk/cdk-build-tools/config/eslintrc.js index fd608ef934d79..4eef922ecae44 100644 --- a/tools/@aws-cdk/cdk-build-tools/config/eslintrc.js +++ b/tools/@aws-cdk/cdk-build-tools/config/eslintrc.js @@ -116,7 +116,7 @@ module.exports = { 'quote-props': ['error', 'consistent-as-needed'], // No multiple empty lines - 'no-multiple-empty-lines': ['error'], + 'no-multiple-empty-lines': ['error', { 'max': 1 }], // Max line lengths 'max-len': ['error', { diff --git a/tools/@aws-cdk/cdk-build-tools/lib/package-info.ts b/tools/@aws-cdk/cdk-build-tools/lib/package-info.ts index 6a06b00ac71a5..025c0101aa1f9 100644 --- a/tools/@aws-cdk/cdk-build-tools/lib/package-info.ts +++ b/tools/@aws-cdk/cdk-build-tools/lib/package-info.ts @@ -119,7 +119,6 @@ export function genScript(): string | undefined { return currentPackageJson().scripts?.gen; } - export interface CDKBuildOptions { /** * What CloudFormation scope to generate resources for, if any diff --git a/tools/@aws-cdk/cdk-release/lib/private/run-exec-file.ts b/tools/@aws-cdk/cdk-release/lib/private/run-exec-file.ts index 6f9fc8a99e0dc..e32784c93f613 100644 --- a/tools/@aws-cdk/cdk-release/lib/private/run-exec-file.ts +++ b/tools/@aws-cdk/cdk-release/lib/private/run-exec-file.ts @@ -16,7 +16,6 @@ export async function runExecFile(args: RunOptions, cmd: string, cmdArgs: string return streams.stdout.toString('utf-8'); } - function fmtCommandArgs(cmd: string, cmdArgs: string[]) { return `${cmd} ${cmdArgs.map(cmdArg => cmdArg.match(/\s/) ? `"${cmdArg}"` : cmdArg).join(' ')}`.trim(); } \ No newline at end of file diff --git a/tools/@aws-cdk/cfn2ts/lib/canned-metrics-generator.ts b/tools/@aws-cdk/cfn2ts/lib/canned-metrics-generator.ts index 93bed92b35e65..1a958845e8bd3 100644 --- a/tools/@aws-cdk/cfn2ts/lib/canned-metrics-generator.ts +++ b/tools/@aws-cdk/cfn2ts/lib/canned-metrics-generator.ts @@ -1,7 +1,6 @@ import * as cfnspec from '@aws-cdk/cfnspec'; import { CodeMaker, toCamelCase } from 'codemaker'; - /** * Generate default prop sets for canned metric * diff --git a/tools/@aws-cdk/node-bundle/src/api/_attributions.ts b/tools/@aws-cdk/node-bundle/src/api/_attributions.ts index 9e4caf033264f..06a9d0f4a24af 100644 --- a/tools/@aws-cdk/node-bundle/src/api/_attributions.ts +++ b/tools/@aws-cdk/node-bundle/src/api/_attributions.ts @@ -5,7 +5,6 @@ import { shell } from './_shell'; import type { Package } from './bundle'; import { Violation, ViolationType, ViolationsReport } from './violation'; - const ATTRIBUTION_SEPARATOR = '\n----------------\n'; /** diff --git a/tools/@aws-cdk/pkglint/lib/library-creation.ts b/tools/@aws-cdk/pkglint/lib/library-creation.ts index 44c0a878c9615..c035ce168c7e0 100644 --- a/tools/@aws-cdk/pkglint/lib/library-creation.ts +++ b/tools/@aws-cdk/pkglint/lib/library-creation.ts @@ -58,7 +58,6 @@ export function createModuleDefinitionFromCfnNamespace(namespace: string): Modul }; } - export async function createLibraryReadme(namespace: string, readmePath: string, alphaPackageName?: string) { const module = createModuleDefinitionFromCfnNamespace(namespace); diff --git a/tools/@aws-cdk/pkglint/lib/rules.ts b/tools/@aws-cdk/pkglint/lib/rules.ts index 436312a9f23b8..3490185fcaf34 100644 --- a/tools/@aws-cdk/pkglint/lib/rules.ts +++ b/tools/@aws-cdk/pkglint/lib/rules.ts @@ -1614,7 +1614,6 @@ export class JestSetup extends ValidationRule { }); } - } } diff --git a/tools/@aws-cdk/prlint/lint.ts b/tools/@aws-cdk/prlint/lint.ts index 31e3cdd533f9b..49013c7472f38 100644 --- a/tools/@aws-cdk/prlint/lint.ts +++ b/tools/@aws-cdk/prlint/lint.ts @@ -8,7 +8,6 @@ import { Endpoints } from "@octokit/types"; export type GitHubPr = Endpoints["GET /repos/{owner}/{repo}/pulls/{pull_number}"]["response"]["data"]; - export const CODE_BUILD_CONTEXT = 'AWS CodeBuild us-east-1 (AutoBuildv2Project1C6BFA3F-wQm2hXv2jqQv)'; /** @@ -206,7 +205,6 @@ export class PullRequestLinter { private readonly prParams: { owner: string, repo: string, pull_number: number }; private readonly issueParams: { owner: string, repo: string, issue_number: number }; - constructor(private readonly props: PullRequestLinterProps) { this.client = props.client; this.prParams = { owner: props.owner, repo: props.repo, pull_number: props.number }; @@ -534,7 +532,6 @@ function fixContainsIntegTest(pr: GitHubPr, files: GitHubFile[]): TestResult { return result; }; - function shouldExemptReadme(pr: GitHubPr): boolean { return hasLabel(pr, Exemption.README); }; diff --git a/tools/@aws-cdk/prlint/test/lint.test.ts b/tools/@aws-cdk/prlint/test/lint.test.ts index 0ba2dd2331dc5..b621d5f9c6eca 100644 --- a/tools/@aws-cdk/prlint/test/lint.test.ts +++ b/tools/@aws-cdk/prlint/test/lint.test.ts @@ -716,7 +716,6 @@ describe('integration tests required on features', () => { }); }); - function configureMock(pr: Subset, prFiles?: linter.GitHubFile[]): linter.PullRequestLinter { const pullsClient = { get(_props: { _owner: string, _repo: string, _pull_number: number, _user: { _login: string} }) { From 4119f9d3726e7e8aadf05da8d11525c6d72d1c83 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 23 May 2023 03:33:58 +0000 Subject: [PATCH 12/33] chore(deps): bump requests from 2.26.0 to 2.31.0 in /packages/aws-cdk-lib/aws-lambda/test/python-lambda-handler (#25683) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [requests](https://github.com/psf/requests) from 2.26.0 to 2.31.0.
Release notes

Sourced from requests's releases.

v2.31.0

2.31.0 (2023-05-22)

Security

v2.30.0

2.30.0 (2023-05-03)

Dependencies

v2.29.0

2.29.0 (2023-04-26)

Improvements

... (truncated)

Changelog

Sourced from requests's changelog.

2.31.0 (2023-05-22)

Security

2.30.0 (2023-05-03)

Dependencies

2.29.0 (2023-04-26)

Improvements

2.28.2 (2023-01-12)

... (truncated)

Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=requests&package-manager=pip&previous-version=2.26.0&new-version=2.31.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/aws/aws-cdk/network/alerts).
--- .../aws-lambda/test/python-lambda-handler/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/aws-cdk-lib/aws-lambda/test/python-lambda-handler/requirements.txt b/packages/aws-cdk-lib/aws-lambda/test/python-lambda-handler/requirements.txt index a8ed785e41af0..2c24336eb3167 100644 --- a/packages/aws-cdk-lib/aws-lambda/test/python-lambda-handler/requirements.txt +++ b/packages/aws-cdk-lib/aws-lambda/test/python-lambda-handler/requirements.txt @@ -1 +1 @@ -requests==2.26.0 +requests==2.31.0 From 68d31047aff1cab5b40a5c906eed6ee07536441c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 23 May 2023 04:00:20 +0000 Subject: [PATCH 13/33] chore(deps): bump requests from 2.26.0 to 2.31.0 in /packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/python-lambda-handler (#25684) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [requests](https://github.com/psf/requests) from 2.26.0 to 2.31.0.
Release notes

Sourced from requests's releases.

v2.31.0

2.31.0 (2023-05-22)

Security

v2.30.0

2.30.0 (2023-05-03)

Dependencies

v2.29.0

2.29.0 (2023-04-26)

Improvements

... (truncated)

Changelog

Sourced from requests's changelog.

2.31.0 (2023-05-22)

Security

2.30.0 (2023-05-03)

Dependencies

2.29.0 (2023-04-26)

Improvements

2.28.2 (2023-01-12)

... (truncated)

Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=requests&package-manager=pip&previous-version=2.26.0&new-version=2.31.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/aws/aws-cdk/network/alerts).
--- .../test/aws-lambda/test/python-lambda-handler/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/python-lambda-handler/requirements.txt b/packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/python-lambda-handler/requirements.txt index a8ed785e41af0..2c24336eb3167 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/python-lambda-handler/requirements.txt +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/python-lambda-handler/requirements.txt @@ -1 +1 @@ -requests==2.26.0 +requests==2.31.0 From d62a71f39e1f1406e6b4f7687a6b7c0e7475f104 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 23 May 2023 04:27:20 +0000 Subject: [PATCH 14/33] chore(deps): bump requests from 2.26.0 to 2.31.0 in /packages/@aws-cdk/aws-lambda-python-alpha/test/lambda-handler-project/lambda (#25685) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [requests](https://github.com/psf/requests) from 2.26.0 to 2.31.0.
Release notes

Sourced from requests's releases.

v2.31.0

2.31.0 (2023-05-22)

Security

v2.30.0

2.30.0 (2023-05-03)

Dependencies

v2.29.0

2.29.0 (2023-04-26)

Improvements

... (truncated)

Changelog

Sourced from requests's changelog.

2.31.0 (2023-05-22)

Security

2.30.0 (2023-05-03)

Dependencies

2.29.0 (2023-04-26)

Improvements

2.28.2 (2023-01-12)

... (truncated)

Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=requests&package-manager=pip&previous-version=2.26.0&new-version=2.31.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/aws/aws-cdk/network/alerts).
--- .../test/lambda-handler-project/lambda/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/@aws-cdk/aws-lambda-python-alpha/test/lambda-handler-project/lambda/requirements.txt b/packages/@aws-cdk/aws-lambda-python-alpha/test/lambda-handler-project/lambda/requirements.txt index d9a8c0518bf37..dba0fdef7cc68 100644 --- a/packages/@aws-cdk/aws-lambda-python-alpha/test/lambda-handler-project/lambda/requirements.txt +++ b/packages/@aws-cdk/aws-lambda-python-alpha/test/lambda-handler-project/lambda/requirements.txt @@ -4,4 +4,4 @@ chardet==3.0.4 idna==2.10 urllib3==1.26.7 # Requests used by this lambda -requests==2.26.0 +requests==2.31.0 From ac1f6ff4eea4e7ac81cc8469ef0946a0459e5430 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 23 May 2023 04:53:18 +0000 Subject: [PATCH 15/33] chore(deps): bump requests from 2.26.0 to 2.31.0 in /packages/@aws-cdk/aws-lambda-python-alpha/test/lambda-handler-custom-build (#25686) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [requests](https://github.com/psf/requests) from 2.26.0 to 2.31.0.
Release notes

Sourced from requests's releases.

v2.31.0

2.31.0 (2023-05-22)

Security

v2.30.0

2.30.0 (2023-05-03)

Dependencies

v2.29.0

2.29.0 (2023-04-26)

Improvements

... (truncated)

Changelog

Sourced from requests's changelog.

2.31.0 (2023-05-22)

Security

2.30.0 (2023-05-03)

Dependencies

2.29.0 (2023-04-26)

Improvements

2.28.2 (2023-01-12)

... (truncated)

Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=requests&package-manager=pip&previous-version=2.26.0&new-version=2.31.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/aws/aws-cdk/network/alerts).
--- .../test/lambda-handler-custom-build/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/@aws-cdk/aws-lambda-python-alpha/test/lambda-handler-custom-build/requirements.txt b/packages/@aws-cdk/aws-lambda-python-alpha/test/lambda-handler-custom-build/requirements.txt index d9a8c0518bf37..dba0fdef7cc68 100644 --- a/packages/@aws-cdk/aws-lambda-python-alpha/test/lambda-handler-custom-build/requirements.txt +++ b/packages/@aws-cdk/aws-lambda-python-alpha/test/lambda-handler-custom-build/requirements.txt @@ -4,4 +4,4 @@ chardet==3.0.4 idna==2.10 urllib3==1.26.7 # Requests used by this lambda -requests==2.26.0 +requests==2.31.0 From b82140513fc85acef6e05d2d7c831ff142fd64d8 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 23 May 2023 05:19:21 +0000 Subject: [PATCH 16/33] chore(deps): bump requests from 2.26.0 to 2.31.0 in /packages/@aws-cdk/aws-lambda-python-alpha/test/lambda-handler (#25687) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [requests](https://github.com/psf/requests) from 2.26.0 to 2.31.0.
Release notes

Sourced from requests's releases.

v2.31.0

2.31.0 (2023-05-22)

Security

v2.30.0

2.30.0 (2023-05-03)

Dependencies

v2.29.0

2.29.0 (2023-04-26)

Improvements

... (truncated)

Changelog

Sourced from requests's changelog.

2.31.0 (2023-05-22)

Security

2.30.0 (2023-05-03)

Dependencies

2.29.0 (2023-04-26)

Improvements

2.28.2 (2023-01-12)

... (truncated)

Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=requests&package-manager=pip&previous-version=2.26.0&new-version=2.31.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/aws/aws-cdk/network/alerts).
--- .../test/lambda-handler/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/@aws-cdk/aws-lambda-python-alpha/test/lambda-handler/requirements.txt b/packages/@aws-cdk/aws-lambda-python-alpha/test/lambda-handler/requirements.txt index d9a8c0518bf37..dba0fdef7cc68 100644 --- a/packages/@aws-cdk/aws-lambda-python-alpha/test/lambda-handler/requirements.txt +++ b/packages/@aws-cdk/aws-lambda-python-alpha/test/lambda-handler/requirements.txt @@ -4,4 +4,4 @@ chardet==3.0.4 idna==2.10 urllib3==1.26.7 # Requests used by this lambda -requests==2.26.0 +requests==2.31.0 From 2acf14963681cfbc91e57bbc592e5b278d6d61c0 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 23 May 2023 05:45:46 +0000 Subject: [PATCH 17/33] chore(deps): bump requests from 2.26.0 to 2.31.0 in /packages/@aws-cdk/aws-lambda-python-alpha/test/lambda-handler-dockercopy (#25690) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [requests](https://github.com/psf/requests) from 2.26.0 to 2.31.0.
Release notes

Sourced from requests's releases.

v2.31.0

2.31.0 (2023-05-22)

Security

v2.30.0

2.30.0 (2023-05-03)

Dependencies

v2.29.0

2.29.0 (2023-04-26)

Improvements

... (truncated)

Changelog

Sourced from requests's changelog.

2.31.0 (2023-05-22)

Security

2.30.0 (2023-05-03)

Dependencies

2.29.0 (2023-04-26)

Improvements

2.28.2 (2023-01-12)

... (truncated)

Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=requests&package-manager=pip&previous-version=2.26.0&new-version=2.31.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/aws/aws-cdk/network/alerts).
--- .../test/lambda-handler-dockercopy/Pipfile | 2 +- .../lambda-handler-dockercopy/Pipfile.lock | 107 +++++++++++++++--- 2 files changed, 91 insertions(+), 18 deletions(-) diff --git a/packages/@aws-cdk/aws-lambda-python-alpha/test/lambda-handler-dockercopy/Pipfile b/packages/@aws-cdk/aws-lambda-python-alpha/test/lambda-handler-dockercopy/Pipfile index 78d783bc4b9b0..0fab938a535f4 100644 --- a/packages/@aws-cdk/aws-lambda-python-alpha/test/lambda-handler-dockercopy/Pipfile +++ b/packages/@aws-cdk/aws-lambda-python-alpha/test/lambda-handler-dockercopy/Pipfile @@ -4,4 +4,4 @@ url = "https://pypi.org/simple" verify_ssl = true [packages] -requests = "==2.26.0" +requests = "==2.31.0" diff --git a/packages/@aws-cdk/aws-lambda-python-alpha/test/lambda-handler-dockercopy/Pipfile.lock b/packages/@aws-cdk/aws-lambda-python-alpha/test/lambda-handler-dockercopy/Pipfile.lock index 1a9abf9618a62..48aa3122d7770 100644 --- a/packages/@aws-cdk/aws-lambda-python-alpha/test/lambda-handler-dockercopy/Pipfile.lock +++ b/packages/@aws-cdk/aws-lambda-python-alpha/test/lambda-handler-dockercopy/Pipfile.lock @@ -1,7 +1,7 @@ { "_meta": { "hash": { - "sha256": "6cfaa5a495be5cf47942a14b04d50e639f14743101e621684e86449dbac8da61" + "sha256": "09535b2c80bf51574bb5186192ca9c8daac60752580f99bba70f11e9fb257c64" }, "pipfile-spec": 6, "requires": {}, @@ -16,43 +16,116 @@ "default": { "certifi": { "hashes": [ - "sha256:35824b4c3a97115964b408844d64aa14db1cc518f6562e8d7261699d1350a9e3", - "sha256:4ad3232f5e926d6718ec31cfc1fcadfde020920e278684144551c91769c7bc18" + "sha256:0f0d56dc5a6ad56fd4ba36484d6cc34451e1c6548c61daad8c320169f91eddc7", + "sha256:c6c2e98f5c7869efca1f8916fed228dd91539f9f1b444c314c06eef02980c716" ], - "index": "pypi", - "version": "==2022.12.7" + "markers": "python_version >= '3.6'", + "version": "==2023.5.7" }, "charset-normalizer": { "hashes": [ - "sha256:2857e29ff0d34db842cd7ca3230549d1a697f96ee6d3fb071cfa6c7393832597", - "sha256:6881edbebdb17b39b4eaaa821b438bf6eddffb4468cf344f09f89def34a8b1df" + "sha256:04afa6387e2b282cf78ff3dbce20f0cc071c12dc8f685bd40960cc68644cfea6", + "sha256:04eefcee095f58eaabe6dc3cc2262f3bcd776d2c67005880894f447b3f2cb9c1", + "sha256:0be65ccf618c1e7ac9b849c315cc2e8a8751d9cfdaa43027d4f6624bd587ab7e", + "sha256:0c95f12b74681e9ae127728f7e5409cbbef9cd914d5896ef238cc779b8152373", + "sha256:0ca564606d2caafb0abe6d1b5311c2649e8071eb241b2d64e75a0d0065107e62", + "sha256:10c93628d7497c81686e8e5e557aafa78f230cd9e77dd0c40032ef90c18f2230", + "sha256:11d117e6c63e8f495412d37e7dc2e2fff09c34b2d09dbe2bee3c6229577818be", + "sha256:11d3bcb7be35e7b1bba2c23beedac81ee893ac9871d0ba79effc7fc01167db6c", + "sha256:12a2b561af122e3d94cdb97fe6fb2bb2b82cef0cdca131646fdb940a1eda04f0", + "sha256:12d1a39aa6b8c6f6248bb54550efcc1c38ce0d8096a146638fd4738e42284448", + "sha256:1435ae15108b1cb6fffbcea2af3d468683b7afed0169ad718451f8db5d1aff6f", + "sha256:1c60b9c202d00052183c9be85e5eaf18a4ada0a47d188a83c8f5c5b23252f649", + "sha256:1e8fcdd8f672a1c4fc8d0bd3a2b576b152d2a349782d1eb0f6b8e52e9954731d", + "sha256:20064ead0717cf9a73a6d1e779b23d149b53daf971169289ed2ed43a71e8d3b0", + "sha256:21fa558996782fc226b529fdd2ed7866c2c6ec91cee82735c98a197fae39f706", + "sha256:22908891a380d50738e1f978667536f6c6b526a2064156203d418f4856d6e86a", + "sha256:3160a0fd9754aab7d47f95a6b63ab355388d890163eb03b2d2b87ab0a30cfa59", + "sha256:322102cdf1ab682ecc7d9b1c5eed4ec59657a65e1c146a0da342b78f4112db23", + "sha256:34e0a2f9c370eb95597aae63bf85eb5e96826d81e3dcf88b8886012906f509b5", + "sha256:3573d376454d956553c356df45bb824262c397c6e26ce43e8203c4c540ee0acb", + "sha256:3747443b6a904001473370d7810aa19c3a180ccd52a7157aacc264a5ac79265e", + "sha256:38e812a197bf8e71a59fe55b757a84c1f946d0ac114acafaafaf21667a7e169e", + "sha256:3a06f32c9634a8705f4ca9946d667609f52cf130d5548881401f1eb2c39b1e2c", + "sha256:3a5fc78f9e3f501a1614a98f7c54d3969f3ad9bba8ba3d9b438c3bc5d047dd28", + "sha256:3d9098b479e78c85080c98e1e35ff40b4a31d8953102bb0fd7d1b6f8a2111a3d", + "sha256:3dc5b6a8ecfdc5748a7e429782598e4f17ef378e3e272eeb1340ea57c9109f41", + "sha256:4155b51ae05ed47199dc5b2a4e62abccb274cee6b01da5b895099b61b1982974", + "sha256:49919f8400b5e49e961f320c735388ee686a62327e773fa5b3ce6721f7e785ce", + "sha256:53d0a3fa5f8af98a1e261de6a3943ca631c526635eb5817a87a59d9a57ebf48f", + "sha256:5f008525e02908b20e04707a4f704cd286d94718f48bb33edddc7d7b584dddc1", + "sha256:628c985afb2c7d27a4800bfb609e03985aaecb42f955049957814e0491d4006d", + "sha256:65ed923f84a6844de5fd29726b888e58c62820e0769b76565480e1fdc3d062f8", + "sha256:6734e606355834f13445b6adc38b53c0fd45f1a56a9ba06c2058f86893ae8017", + "sha256:6baf0baf0d5d265fa7944feb9f7451cc316bfe30e8df1a61b1bb08577c554f31", + "sha256:6f4f4668e1831850ebcc2fd0b1cd11721947b6dc7c00bf1c6bd3c929ae14f2c7", + "sha256:6f5c2e7bc8a4bf7c426599765b1bd33217ec84023033672c1e9a8b35eaeaaaf8", + "sha256:6f6c7a8a57e9405cad7485f4c9d3172ae486cfef1344b5ddd8e5239582d7355e", + "sha256:7381c66e0561c5757ffe616af869b916c8b4e42b367ab29fedc98481d1e74e14", + "sha256:73dc03a6a7e30b7edc5b01b601e53e7fc924b04e1835e8e407c12c037e81adbd", + "sha256:74db0052d985cf37fa111828d0dd230776ac99c740e1a758ad99094be4f1803d", + "sha256:75f2568b4189dda1c567339b48cba4ac7384accb9c2a7ed655cd86b04055c795", + "sha256:78cacd03e79d009d95635e7d6ff12c21eb89b894c354bd2b2ed0b4763373693b", + "sha256:80d1543d58bd3d6c271b66abf454d437a438dff01c3e62fdbcd68f2a11310d4b", + "sha256:830d2948a5ec37c386d3170c483063798d7879037492540f10a475e3fd6f244b", + "sha256:891cf9b48776b5c61c700b55a598621fdb7b1e301a550365571e9624f270c203", + "sha256:8f25e17ab3039b05f762b0a55ae0b3632b2e073d9c8fc88e89aca31a6198e88f", + "sha256:9a3267620866c9d17b959a84dd0bd2d45719b817245e49371ead79ed4f710d19", + "sha256:a04f86f41a8916fe45ac5024ec477f41f886b3c435da2d4e3d2709b22ab02af1", + "sha256:aaf53a6cebad0eae578f062c7d462155eada9c172bd8c4d250b8c1d8eb7f916a", + "sha256:abc1185d79f47c0a7aaf7e2412a0eb2c03b724581139193d2d82b3ad8cbb00ac", + "sha256:ac0aa6cd53ab9a31d397f8303f92c42f534693528fafbdb997c82bae6e477ad9", + "sha256:ac3775e3311661d4adace3697a52ac0bab17edd166087d493b52d4f4f553f9f0", + "sha256:b06f0d3bf045158d2fb8837c5785fe9ff9b8c93358be64461a1089f5da983137", + "sha256:b116502087ce8a6b7a5f1814568ccbd0e9f6cfd99948aa59b0e241dc57cf739f", + "sha256:b82fab78e0b1329e183a65260581de4375f619167478dddab510c6c6fb04d9b6", + "sha256:bd7163182133c0c7701b25e604cf1611c0d87712e56e88e7ee5d72deab3e76b5", + "sha256:c36bcbc0d5174a80d6cccf43a0ecaca44e81d25be4b7f90f0ed7bcfbb5a00909", + "sha256:c3af8e0f07399d3176b179f2e2634c3ce9c1301379a6b8c9c9aeecd481da494f", + "sha256:c84132a54c750fda57729d1e2599bb598f5fa0344085dbde5003ba429a4798c0", + "sha256:cb7b2ab0188829593b9de646545175547a70d9a6e2b63bf2cd87a0a391599324", + "sha256:cca4def576f47a09a943666b8f829606bcb17e2bc2d5911a46c8f8da45f56755", + "sha256:cf6511efa4801b9b38dc5546d7547d5b5c6ef4b081c60b23e4d941d0eba9cbeb", + "sha256:d16fd5252f883eb074ca55cb622bc0bee49b979ae4e8639fff6ca3ff44f9f854", + "sha256:d2686f91611f9e17f4548dbf050e75b079bbc2a82be565832bc8ea9047b61c8c", + "sha256:d7fc3fca01da18fbabe4625d64bb612b533533ed10045a2ac3dd194bfa656b60", + "sha256:dd5653e67b149503c68c4018bf07e42eeed6b4e956b24c00ccdf93ac79cdff84", + "sha256:de5695a6f1d8340b12a5d6d4484290ee74d61e467c39ff03b39e30df62cf83a0", + "sha256:e0ac8959c929593fee38da1c2b64ee9778733cdf03c482c9ff1d508b6b593b2b", + "sha256:e1b25e3ad6c909f398df8921780d6a3d120d8c09466720226fc621605b6f92b1", + "sha256:e633940f28c1e913615fd624fcdd72fdba807bf53ea6925d6a588e84e1151531", + "sha256:e89df2958e5159b811af9ff0f92614dabf4ff617c03a4c1c6ff53bf1c399e0e1", + "sha256:ea9f9c6034ea2d93d9147818f17c2a0860d41b71c38b9ce4d55f21b6f9165a11", + "sha256:f645caaf0008bacf349875a974220f1f1da349c5dbe7c4ec93048cdc785a3326", + "sha256:f8303414c7b03f794347ad062c0516cee0e15f7a612abd0ce1e25caf6ceb47df", + "sha256:fca62a8301b605b954ad2e9c3666f9d97f63872aa4efcae5492baca2056b74ab" ], - "markers": "python_version >= '3'", - "version": "==2.0.12" + "markers": "python_full_version >= '3.7.0'", + "version": "==3.1.0" }, "idna": { "hashes": [ "sha256:814f528e8dead7d329833b91c5faa87d60bf71824cd12a7530b5526063d02cb4", "sha256:90b77e79eaa3eba6de819a0c442c0b4ceefc341a7a2ab77d7562bf49f425c5c2" ], - "markers": "python_version >= '3'", + "markers": "python_version >= '3.5'", "version": "==3.4" }, "requests": { "hashes": [ - "sha256:6c1246513ecd5ecd4528a0906f910e8f0f9c6b8ec72030dc9fd154dc1a6efd24", - "sha256:b8aa58f8cf793ffd8782d3d8cb19e66ef36f7aba4353eec859e74678b01b07a7" + "sha256:58cd2187c01e70e6e26505bca751777aa9f2ee0b7f4300988b709f44e013003f", + "sha256:942c5a758f98d790eaed1a29cb6eefc7ffb0d1cf7af05c3d2791656dbd6ad1e1" ], "index": "pypi", - "version": "==2.26.0" + "version": "==2.31.0" }, "urllib3": { "hashes": [ - "sha256:47cc05d99aaa09c9e72ed5809b60e7ba354e64b59c9c173ac3018642d8bb41fc", - "sha256:c083dd0dce68dbfbe1129d5271cb90f9447dea7d52097c6e0126120c521ddea8" + "sha256:61717a1095d7e155cdb737ac7bb2f4324a858a1e2e6466f6d03ff630ca68d3cc", + "sha256:d055c2f9d38dc53c808f6fdc8eab7360b6fdbbde02340ed25cfbcd817c62469e" ], - "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4, 3.5'", - "version": "==1.26.13" + "markers": "python_full_version >= '3.7.0'", + "version": "==2.0.2" } }, "develop": {} From 59be8811937fed0a70f618a0975d9b199ed08e00 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 23 May 2023 06:11:51 +0000 Subject: [PATCH 18/33] chore(deps): bump requests from 2.26.0 to 2.31.0 in /packages/@aws-cdk/aws-lambda-python-alpha/test/lambda-handler-pipenv (#25689) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [requests](https://github.com/psf/requests) from 2.26.0 to 2.31.0.
Release notes

Sourced from requests's releases.

v2.31.0

2.31.0 (2023-05-22)

Security

v2.30.0

2.30.0 (2023-05-03)

Dependencies

v2.29.0

2.29.0 (2023-04-26)

Improvements

... (truncated)

Changelog

Sourced from requests's changelog.

2.31.0 (2023-05-22)

Security

2.30.0 (2023-05-03)

Dependencies

2.29.0 (2023-04-26)

Improvements

2.28.2 (2023-01-12)

... (truncated)

Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=requests&package-manager=pip&previous-version=2.26.0&new-version=2.31.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/aws/aws-cdk/network/alerts).
--- .../test/lambda-handler-pipenv/Pipfile | 2 +- .../test/lambda-handler-pipenv/Pipfile.lock | 107 +++++++++++++++--- 2 files changed, 91 insertions(+), 18 deletions(-) diff --git a/packages/@aws-cdk/aws-lambda-python-alpha/test/lambda-handler-pipenv/Pipfile b/packages/@aws-cdk/aws-lambda-python-alpha/test/lambda-handler-pipenv/Pipfile index 78d783bc4b9b0..0fab938a535f4 100644 --- a/packages/@aws-cdk/aws-lambda-python-alpha/test/lambda-handler-pipenv/Pipfile +++ b/packages/@aws-cdk/aws-lambda-python-alpha/test/lambda-handler-pipenv/Pipfile @@ -4,4 +4,4 @@ url = "https://pypi.org/simple" verify_ssl = true [packages] -requests = "==2.26.0" +requests = "==2.31.0" diff --git a/packages/@aws-cdk/aws-lambda-python-alpha/test/lambda-handler-pipenv/Pipfile.lock b/packages/@aws-cdk/aws-lambda-python-alpha/test/lambda-handler-pipenv/Pipfile.lock index 1a9abf9618a62..f8f28f47f0d1b 100644 --- a/packages/@aws-cdk/aws-lambda-python-alpha/test/lambda-handler-pipenv/Pipfile.lock +++ b/packages/@aws-cdk/aws-lambda-python-alpha/test/lambda-handler-pipenv/Pipfile.lock @@ -1,7 +1,7 @@ { "_meta": { "hash": { - "sha256": "6cfaa5a495be5cf47942a14b04d50e639f14743101e621684e86449dbac8da61" + "sha256": "09535b2c80bf51574bb5186192ca9c8daac60752580f99bba70f11e9fb257c64" }, "pipfile-spec": 6, "requires": {}, @@ -16,43 +16,116 @@ "default": { "certifi": { "hashes": [ - "sha256:35824b4c3a97115964b408844d64aa14db1cc518f6562e8d7261699d1350a9e3", - "sha256:4ad3232f5e926d6718ec31cfc1fcadfde020920e278684144551c91769c7bc18" + "sha256:0f0d56dc5a6ad56fd4ba36484d6cc34451e1c6548c61daad8c320169f91eddc7", + "sha256:c6c2e98f5c7869efca1f8916fed228dd91539f9f1b444c314c06eef02980c716" ], - "index": "pypi", - "version": "==2022.12.7" + "markers": "python_version >= '3.6'", + "version": "==2023.5.7" }, "charset-normalizer": { "hashes": [ - "sha256:2857e29ff0d34db842cd7ca3230549d1a697f96ee6d3fb071cfa6c7393832597", - "sha256:6881edbebdb17b39b4eaaa821b438bf6eddffb4468cf344f09f89def34a8b1df" + "sha256:04afa6387e2b282cf78ff3dbce20f0cc071c12dc8f685bd40960cc68644cfea6", + "sha256:04eefcee095f58eaabe6dc3cc2262f3bcd776d2c67005880894f447b3f2cb9c1", + "sha256:0be65ccf618c1e7ac9b849c315cc2e8a8751d9cfdaa43027d4f6624bd587ab7e", + "sha256:0c95f12b74681e9ae127728f7e5409cbbef9cd914d5896ef238cc779b8152373", + "sha256:0ca564606d2caafb0abe6d1b5311c2649e8071eb241b2d64e75a0d0065107e62", + "sha256:10c93628d7497c81686e8e5e557aafa78f230cd9e77dd0c40032ef90c18f2230", + "sha256:11d117e6c63e8f495412d37e7dc2e2fff09c34b2d09dbe2bee3c6229577818be", + "sha256:11d3bcb7be35e7b1bba2c23beedac81ee893ac9871d0ba79effc7fc01167db6c", + "sha256:12a2b561af122e3d94cdb97fe6fb2bb2b82cef0cdca131646fdb940a1eda04f0", + "sha256:12d1a39aa6b8c6f6248bb54550efcc1c38ce0d8096a146638fd4738e42284448", + "sha256:1435ae15108b1cb6fffbcea2af3d468683b7afed0169ad718451f8db5d1aff6f", + "sha256:1c60b9c202d00052183c9be85e5eaf18a4ada0a47d188a83c8f5c5b23252f649", + "sha256:1e8fcdd8f672a1c4fc8d0bd3a2b576b152d2a349782d1eb0f6b8e52e9954731d", + "sha256:20064ead0717cf9a73a6d1e779b23d149b53daf971169289ed2ed43a71e8d3b0", + "sha256:21fa558996782fc226b529fdd2ed7866c2c6ec91cee82735c98a197fae39f706", + "sha256:22908891a380d50738e1f978667536f6c6b526a2064156203d418f4856d6e86a", + "sha256:3160a0fd9754aab7d47f95a6b63ab355388d890163eb03b2d2b87ab0a30cfa59", + "sha256:322102cdf1ab682ecc7d9b1c5eed4ec59657a65e1c146a0da342b78f4112db23", + "sha256:34e0a2f9c370eb95597aae63bf85eb5e96826d81e3dcf88b8886012906f509b5", + "sha256:3573d376454d956553c356df45bb824262c397c6e26ce43e8203c4c540ee0acb", + "sha256:3747443b6a904001473370d7810aa19c3a180ccd52a7157aacc264a5ac79265e", + "sha256:38e812a197bf8e71a59fe55b757a84c1f946d0ac114acafaafaf21667a7e169e", + "sha256:3a06f32c9634a8705f4ca9946d667609f52cf130d5548881401f1eb2c39b1e2c", + "sha256:3a5fc78f9e3f501a1614a98f7c54d3969f3ad9bba8ba3d9b438c3bc5d047dd28", + "sha256:3d9098b479e78c85080c98e1e35ff40b4a31d8953102bb0fd7d1b6f8a2111a3d", + "sha256:3dc5b6a8ecfdc5748a7e429782598e4f17ef378e3e272eeb1340ea57c9109f41", + "sha256:4155b51ae05ed47199dc5b2a4e62abccb274cee6b01da5b895099b61b1982974", + "sha256:49919f8400b5e49e961f320c735388ee686a62327e773fa5b3ce6721f7e785ce", + "sha256:53d0a3fa5f8af98a1e261de6a3943ca631c526635eb5817a87a59d9a57ebf48f", + "sha256:5f008525e02908b20e04707a4f704cd286d94718f48bb33edddc7d7b584dddc1", + "sha256:628c985afb2c7d27a4800bfb609e03985aaecb42f955049957814e0491d4006d", + "sha256:65ed923f84a6844de5fd29726b888e58c62820e0769b76565480e1fdc3d062f8", + "sha256:6734e606355834f13445b6adc38b53c0fd45f1a56a9ba06c2058f86893ae8017", + "sha256:6baf0baf0d5d265fa7944feb9f7451cc316bfe30e8df1a61b1bb08577c554f31", + "sha256:6f4f4668e1831850ebcc2fd0b1cd11721947b6dc7c00bf1c6bd3c929ae14f2c7", + "sha256:6f5c2e7bc8a4bf7c426599765b1bd33217ec84023033672c1e9a8b35eaeaaaf8", + "sha256:6f6c7a8a57e9405cad7485f4c9d3172ae486cfef1344b5ddd8e5239582d7355e", + "sha256:7381c66e0561c5757ffe616af869b916c8b4e42b367ab29fedc98481d1e74e14", + "sha256:73dc03a6a7e30b7edc5b01b601e53e7fc924b04e1835e8e407c12c037e81adbd", + "sha256:74db0052d985cf37fa111828d0dd230776ac99c740e1a758ad99094be4f1803d", + "sha256:75f2568b4189dda1c567339b48cba4ac7384accb9c2a7ed655cd86b04055c795", + "sha256:78cacd03e79d009d95635e7d6ff12c21eb89b894c354bd2b2ed0b4763373693b", + "sha256:80d1543d58bd3d6c271b66abf454d437a438dff01c3e62fdbcd68f2a11310d4b", + "sha256:830d2948a5ec37c386d3170c483063798d7879037492540f10a475e3fd6f244b", + "sha256:891cf9b48776b5c61c700b55a598621fdb7b1e301a550365571e9624f270c203", + "sha256:8f25e17ab3039b05f762b0a55ae0b3632b2e073d9c8fc88e89aca31a6198e88f", + "sha256:9a3267620866c9d17b959a84dd0bd2d45719b817245e49371ead79ed4f710d19", + "sha256:a04f86f41a8916fe45ac5024ec477f41f886b3c435da2d4e3d2709b22ab02af1", + "sha256:aaf53a6cebad0eae578f062c7d462155eada9c172bd8c4d250b8c1d8eb7f916a", + "sha256:abc1185d79f47c0a7aaf7e2412a0eb2c03b724581139193d2d82b3ad8cbb00ac", + "sha256:ac0aa6cd53ab9a31d397f8303f92c42f534693528fafbdb997c82bae6e477ad9", + "sha256:ac3775e3311661d4adace3697a52ac0bab17edd166087d493b52d4f4f553f9f0", + "sha256:b06f0d3bf045158d2fb8837c5785fe9ff9b8c93358be64461a1089f5da983137", + "sha256:b116502087ce8a6b7a5f1814568ccbd0e9f6cfd99948aa59b0e241dc57cf739f", + "sha256:b82fab78e0b1329e183a65260581de4375f619167478dddab510c6c6fb04d9b6", + "sha256:bd7163182133c0c7701b25e604cf1611c0d87712e56e88e7ee5d72deab3e76b5", + "sha256:c36bcbc0d5174a80d6cccf43a0ecaca44e81d25be4b7f90f0ed7bcfbb5a00909", + "sha256:c3af8e0f07399d3176b179f2e2634c3ce9c1301379a6b8c9c9aeecd481da494f", + "sha256:c84132a54c750fda57729d1e2599bb598f5fa0344085dbde5003ba429a4798c0", + "sha256:cb7b2ab0188829593b9de646545175547a70d9a6e2b63bf2cd87a0a391599324", + "sha256:cca4def576f47a09a943666b8f829606bcb17e2bc2d5911a46c8f8da45f56755", + "sha256:cf6511efa4801b9b38dc5546d7547d5b5c6ef4b081c60b23e4d941d0eba9cbeb", + "sha256:d16fd5252f883eb074ca55cb622bc0bee49b979ae4e8639fff6ca3ff44f9f854", + "sha256:d2686f91611f9e17f4548dbf050e75b079bbc2a82be565832bc8ea9047b61c8c", + "sha256:d7fc3fca01da18fbabe4625d64bb612b533533ed10045a2ac3dd194bfa656b60", + "sha256:dd5653e67b149503c68c4018bf07e42eeed6b4e956b24c00ccdf93ac79cdff84", + "sha256:de5695a6f1d8340b12a5d6d4484290ee74d61e467c39ff03b39e30df62cf83a0", + "sha256:e0ac8959c929593fee38da1c2b64ee9778733cdf03c482c9ff1d508b6b593b2b", + "sha256:e1b25e3ad6c909f398df8921780d6a3d120d8c09466720226fc621605b6f92b1", + "sha256:e633940f28c1e913615fd624fcdd72fdba807bf53ea6925d6a588e84e1151531", + "sha256:e89df2958e5159b811af9ff0f92614dabf4ff617c03a4c1c6ff53bf1c399e0e1", + "sha256:ea9f9c6034ea2d93d9147818f17c2a0860d41b71c38b9ce4d55f21b6f9165a11", + "sha256:f645caaf0008bacf349875a974220f1f1da349c5dbe7c4ec93048cdc785a3326", + "sha256:f8303414c7b03f794347ad062c0516cee0e15f7a612abd0ce1e25caf6ceb47df", + "sha256:fca62a8301b605b954ad2e9c3666f9d97f63872aa4efcae5492baca2056b74ab" ], - "markers": "python_version >= '3'", - "version": "==2.0.12" + "markers": "python_version >= '3.7'", + "version": "==3.1.0" }, "idna": { "hashes": [ "sha256:814f528e8dead7d329833b91c5faa87d60bf71824cd12a7530b5526063d02cb4", "sha256:90b77e79eaa3eba6de819a0c442c0b4ceefc341a7a2ab77d7562bf49f425c5c2" ], - "markers": "python_version >= '3'", + "markers": "python_version >= '3.5'", "version": "==3.4" }, "requests": { "hashes": [ - "sha256:6c1246513ecd5ecd4528a0906f910e8f0f9c6b8ec72030dc9fd154dc1a6efd24", - "sha256:b8aa58f8cf793ffd8782d3d8cb19e66ef36f7aba4353eec859e74678b01b07a7" + "sha256:58cd2187c01e70e6e26505bca751777aa9f2ee0b7f4300988b709f44e013003f", + "sha256:942c5a758f98d790eaed1a29cb6eefc7ffb0d1cf7af05c3d2791656dbd6ad1e1" ], "index": "pypi", - "version": "==2.26.0" + "version": "==2.31.0" }, "urllib3": { "hashes": [ - "sha256:47cc05d99aaa09c9e72ed5809b60e7ba354e64b59c9c173ac3018642d8bb41fc", - "sha256:c083dd0dce68dbfbe1129d5271cb90f9447dea7d52097c6e0126120c521ddea8" + "sha256:61717a1095d7e155cdb737ac7bb2f4324a858a1e2e6466f6d03ff630ca68d3cc", + "sha256:d055c2f9d38dc53c808f6fdc8eab7360b6fdbbde02340ed25cfbcd817c62469e" ], - "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4, 3.5'", - "version": "==1.26.13" + "markers": "python_version >= '3.7'", + "version": "==2.0.2" } }, "develop": {} From 11353560be08e86cd1604cd043657948038f0944 Mon Sep 17 00:00:00 2001 From: Masashi Tomooka Date: Tue, 23 May 2023 19:01:55 +0900 Subject: [PATCH 19/33] fix(core): allow override with cross-stack references (#24920) closes #18882 The problem is described in the original issue, and below is what I found as the root cause and how it can be fixed. --- Previously when we used a cross-stack reference in override, it was not resolved as an `Fn::ImportValue`. To make it an `Fn::ImportValue`, we need to get every token in an app and find _references_ (tokens that references resources outside of its stack) from them. The related code is here: https://github.com/aws/aws-cdk/blob/810d736a8d20638e778c5773507f0edb12733a49/packages/%40aws-cdk/core/lib/private/refs.ts#L139-L140 To get all the tokens in an app, we use `RememberingTokenResolver`, which _remembers_ every token it has found during resolution. So basically this resolver must be used on every resolution to find all the tokens. https://github.com/aws/aws-cdk/blob/810d736a8d20638e778c5773507f0edb12733a49/packages/%40aws-cdk/core/lib/private/resolve.ts#L270-L276 However, the resolver is not used specifically when we resolve tokens in **raw overrides**. Actually the current interface of `postProcess` function of `PostResolveToken` class makes It difficult to use an external resolver. https://github.com/aws/aws-cdk/blob/810d736a8d20638e778c5773507f0edb12733a49/packages/%40aws-cdk/core/lib/cfn-resource.ts#L374-L380 That is why, in this PR, we move the resolution process outside of the `postProcess`, allowing to resolve tokens in raw overrides with the `RememberingTokenResolver` resolver. This change also simplifies the current implementation of deepMerge as a side product. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- packages/aws-cdk-lib/core/lib/cfn-resource.ts | 8 ++--- packages/aws-cdk-lib/core/lib/resolvable.ts | 7 +++++ packages/aws-cdk-lib/core/lib/util.ts | 6 ++-- .../aws-cdk-lib/core/test/resource.test.ts | 30 +++++++++++++++++++ packages/aws-cdk-lib/core/test/stack.test.ts | 2 +- 5 files changed, 43 insertions(+), 10 deletions(-) diff --git a/packages/aws-cdk-lib/core/lib/cfn-resource.ts b/packages/aws-cdk-lib/core/lib/cfn-resource.ts index d1796b3411bd7..490dd5b646f81 100644 --- a/packages/aws-cdk-lib/core/lib/cfn-resource.ts +++ b/packages/aws-cdk-lib/core/lib/cfn-resource.ts @@ -7,11 +7,9 @@ import { CfnCreationPolicy, CfnDeletionPolicy, CfnUpdatePolicy } from './cfn-res import { Construct, IConstruct, Node } from 'constructs'; import { addDependency, obtainDependencies, removeDependency } from './deps'; import { CfnReference } from './private/cfn-reference'; -import { CLOUDFORMATION_TOKEN_RESOLVER } from './private/cloudformation-lang'; import { Reference } from './reference'; import { RemovalPolicy, RemovalPolicyOptions } from './removal-policy'; import { TagManager } from './tag-manager'; -import { Tokenization } from './token'; import { capitalizePropertyNames, ignoreEmpty, PostResolveToken } from './util'; import { FeatureFlags } from './feature-flags'; import { ResolutionTypeHint } from './type-hints'; @@ -432,15 +430,13 @@ export class CfnResource extends CfnRefElement { Description: this.cfnOptions.description, Metadata: ignoreEmpty(this.cfnOptions.metadata), Condition: this.cfnOptions.condition && this.cfnOptions.condition.logicalId, - }, resourceDef => { + }, (resourceDef, context) => { const renderedProps = this.renderProperties(resourceDef.Properties || {}); if (renderedProps) { const hasDefined = Object.values(renderedProps).find(v => v !== undefined); resourceDef.Properties = hasDefined !== undefined ? renderedProps : undefined; } - const resolvedRawOverrides = Tokenization.resolve(this.rawOverrides, { - scope: this, - resolver: CLOUDFORMATION_TOKEN_RESOLVER, + const resolvedRawOverrides = context.resolve(this.rawOverrides, { // we need to preserve the empty elements here, // as that's how removing overrides are represented as removeEmpty: false, diff --git a/packages/aws-cdk-lib/core/lib/resolvable.ts b/packages/aws-cdk-lib/core/lib/resolvable.ts index 3feb37383a378..fe41ee78d20a1 100644 --- a/packages/aws-cdk-lib/core/lib/resolvable.ts +++ b/packages/aws-cdk-lib/core/lib/resolvable.ts @@ -44,6 +44,13 @@ export interface ResolveChangeContextOptions { * @default - Unchanged */ readonly allowIntrinsicKeys?: boolean; + + /** + * Whether to remove undefined elements from arrays and objects when resolving. + * + * @default - Unchanged + */ + readonly removeEmpty?: boolean; } /** diff --git a/packages/aws-cdk-lib/core/lib/util.ts b/packages/aws-cdk-lib/core/lib/util.ts index 499ca5e5eb660..c536cf535d45c 100644 --- a/packages/aws-cdk-lib/core/lib/util.ts +++ b/packages/aws-cdk-lib/core/lib/util.ts @@ -79,7 +79,7 @@ export function filterUndefined(obj: any): any { * A Token that applies a function AFTER resolve resolution */ export class PostResolveToken extends Intrinsic implements IPostProcessor { - constructor(value: any, private readonly processor: (x: any) => any) { + constructor(value: any, private readonly processor: (x: any, context: IResolveContext) => any) { super(value, { stackTrace: false }); } @@ -88,8 +88,8 @@ export class PostResolveToken extends Intrinsic implements IPostProcessor { return super.resolve(context); } - public postProcess(o: any, _context: IResolveContext): any { - return this.processor(o); + public postProcess(o: any, context: IResolveContext): any { + return this.processor(o, context); } } diff --git a/packages/aws-cdk-lib/core/test/resource.test.ts b/packages/aws-cdk-lib/core/test/resource.test.ts index 5212314043f7d..f32acba97d324 100644 --- a/packages/aws-cdk-lib/core/test/resource.test.ts +++ b/packages/aws-cdk-lib/core/test/resource.test.ts @@ -821,6 +821,36 @@ describe('resource', () => { }); }); + test('overrides allow cross-stack references', () => { + // GIVEN + const app = new App(); + const stack1 = new Stack(app, 'Stack1'); + const stack2 = new Stack(app, 'Stack2'); + const res1 = new CfnResource(stack1, 'SomeResource1', { + type: 'Some::Resource1', + }); + const res2 = new CfnResource(stack2, 'SomeResource2', { + type: 'Some::Resource2', + }); + + // WHEN + res2.addPropertyOverride('Key', res1.getAtt('Value')); + + // THEN + expect( + app.synth().getStackByName(stack2.stackName).template?.Resources, + ).toEqual({ + SomeResource2: { + Properties: { + Key: { + 'Fn::ImportValue': 'Stack1:ExportsOutputFnGetAttSomeResource1Value50DD3EF0', + }, + }, + Type: 'Some::Resource2', + }, + }); + }); + describe('using mutable properties', () => { test('can be used by derived classes to specify overrides before render()', () => { const stack = new Stack(); diff --git a/packages/aws-cdk-lib/core/test/stack.test.ts b/packages/aws-cdk-lib/core/test/stack.test.ts index 7373502dc1cbf..0c1943d5f970a 100644 --- a/packages/aws-cdk-lib/core/test/stack.test.ts +++ b/packages/aws-cdk-lib/core/test/stack.test.ts @@ -1498,7 +1498,7 @@ describe('stack', () => { public _toCloudFormation() { return new PostResolveToken({ xoo: 1234, - }, props => { + }, (props, _context) => { validateString(props).assertSuccess(); }); } From 69d3977056e0df742a5e480bc345908ac3f83526 Mon Sep 17 00:00:00 2001 From: Momo Kornher Date: Tue, 23 May 2023 12:16:16 +0100 Subject: [PATCH 20/33] chore(aws-cdk-lib): fix new submodule gen only works when relative paths are provided (#25695) This should work even when absolute paths are provided. Which is what happens in our new code gen. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- packages/aws-cdk-lib/scripts/submodules/index.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/aws-cdk-lib/scripts/submodules/index.ts b/packages/aws-cdk-lib/scripts/submodules/index.ts index 8b8c29cb533e6..870421ab448b2 100644 --- a/packages/aws-cdk-lib/scripts/submodules/index.ts +++ b/packages/aws-cdk-lib/scripts/submodules/index.ts @@ -38,7 +38,7 @@ async function ensureSubmodule(submodule: ModuleMapEntry, modulePath: string) { const sourcePath = path.join(modulePath, 'lib'); if (!fs.existsSync(path.join(sourcePath, 'index.ts'))) { const lines = submodule.scopes.map((s: string) => `// ${s} Cloudformation Resources`); - lines.push(...submodule.files.map((f) => `export * from './${f.replace('.ts', '')}';`)); + lines.push(...submodule.files.map((f) => `export * from './${path.relative(sourcePath, f).replace('.ts', '')}';`)); await fs.writeFile(path.join(sourcePath, 'index.ts'), lines.join('\n') + '\n'); } From 3893da585af9a30877a9de900130c4905e4dfed8 Mon Sep 17 00:00:00 2001 From: jwoehrle <14852794+jwoehrle@users.noreply.github.com> Date: Tue, 23 May 2023 14:16:59 +0200 Subject: [PATCH 21/33] chore(ec2): add AppSync endpoint constant (#25694) On May 3rd AppSync announced Private API support: https://aws.amazon.com/about-aws/whats-new/2023/05/aws-appsync-graphql-apis-private-api-support/ This PR adds the interface endpoint constant for AppSync. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- packages/aws-cdk-lib/aws-ec2/lib/vpc-endpoint.ts | 1 + 1 file changed, 1 insertion(+) diff --git a/packages/aws-cdk-lib/aws-ec2/lib/vpc-endpoint.ts b/packages/aws-cdk-lib/aws-ec2/lib/vpc-endpoint.ts index c3a8c2d506d00..715b7a67bf4dc 100644 --- a/packages/aws-cdk-lib/aws-ec2/lib/vpc-endpoint.ts +++ b/packages/aws-cdk-lib/aws-ec2/lib/vpc-endpoint.ts @@ -266,6 +266,7 @@ export class InterfaceVpcEndpointAwsService implements IInterfaceVpcEndpointServ public static readonly APP_MESH = new InterfaceVpcEndpointAwsService('appmesh-envoy-management'); public static readonly APP_RUNNER = new InterfaceVpcEndpointAwsService('apprunner'); public static readonly APP_RUNNER_REQUESTS = new InterfaceVpcEndpointAwsService('apprunner.requests'); + public static readonly APP_SYNC = new InterfaceVpcEndpointAwsService('appsync-api'); public static readonly APPLICATION_MIGRATION_SERVICE = new InterfaceVpcEndpointAwsService('mgn'); public static readonly APPSTREAM_API = new InterfaceVpcEndpointAwsService('appstream.api'); public static readonly APPSTREAM_STREAMING = new InterfaceVpcEndpointAwsService('appstream.streaming'); From d43834d441ae8eb0192df45c1cfa0101e5533e4e Mon Sep 17 00:00:00 2001 From: Colin Francis <131073567+colifran@users.noreply.github.com> Date: Tue, 23 May 2023 05:43:36 -0700 Subject: [PATCH 22/33] feat(ec2): added support for network interfaces on ec2 instances by providing an associatePublicIpAddress property (#25441) ## Motivation When creating and launching an EC2 instance, a public IPv4 address will be assigned by default for any instances being launched into a default public subnet. Conversely, any EC2 instance being launched into a nondefault public subnet will not be automatically assigned a public IPv4 address. The decision to automatically assign or not assign a public IPv4 address is based on a subnet property which is true by default for default public subnets and false by default for nondefault public subnets. This property can be controlled by specifying that the 'associatePublicIpAddress' be true for an EC2 instance. This property can be exposed via the 'networkInterfaces' property on the underlying L1 CfnInstance construct. Furthermore, any network interface that has an 'associatePublicIpAddress' set to true must also be the primary network interface for the EC2 instance and a primary network interface will always have a device index of 0. The work in this PR will allow a user to automatically have a public IPv4 address assigned to an EC2 instance that they are launching into a nondefault public subnet or stop the default subnet behavior of automatically assigning a public IPv4 address. ## Important Changes The changes made in this PR start by exposing the 'networkInterfaces' property on the underlying L1 CfnInstance. Next, I added 'associatePublicIpAddress' as an optional boolean property that is part of the 'InstanceProps' interface. Importantly, if 'associatePublicIpAddress' is set to true or false, then this means we need to launch the EC2 instance with a configured primary network interface. If 'associatePublicIpAddress' is set to true or false, a network interfaces array is created with the specified network interface configuration for the primary network interface. The subnetId and securityGroupIds are also configured for the network interface since they must be defined on the network interface level when launching an EC2 instance with a configured network interface. I updated the L1 CfnInstance to set subnetId and securityGroupIds to undefined in the event that the network interfaces array is defined. Closes #17127 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- .../integ.instance-public.js.snapshot/cdk.out | 1 + ...efaultTestDeployAssert5516EAF1.assets.json | 19 + ...aultTestDeployAssert5516EAF1.template.json | 36 + .../integ-ec2-instance.assets.json | 19 + .../integ-ec2-instance.template.json | 362 ++++++++++ .../integ.json | 12 + .../manifest.json | 207 ++++++ .../tree.json | 645 ++++++++++++++++++ .../aws-ec2/test/integ.instance-public.ts | 57 ++ packages/aws-cdk-lib/aws-ec2/README.md | 28 + packages/aws-cdk-lib/aws-ec2/lib/instance.ts | 31 +- .../aws-cdk-lib/aws-ec2/test/instance.test.ts | 93 +++ 12 files changed, 1507 insertions(+), 3 deletions(-) create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.instance-public.js.snapshot/cdk.out create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.instance-public.js.snapshot/instancetestDefaultTestDeployAssert5516EAF1.assets.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.instance-public.js.snapshot/instancetestDefaultTestDeployAssert5516EAF1.template.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.instance-public.js.snapshot/integ-ec2-instance.assets.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.instance-public.js.snapshot/integ-ec2-instance.template.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.instance-public.js.snapshot/integ.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.instance-public.js.snapshot/manifest.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.instance-public.js.snapshot/tree.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.instance-public.ts diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.instance-public.js.snapshot/cdk.out b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.instance-public.js.snapshot/cdk.out new file mode 100644 index 0000000000000..7925065efbcc4 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.instance-public.js.snapshot/cdk.out @@ -0,0 +1 @@ +{"version":"31.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.instance-public.js.snapshot/instancetestDefaultTestDeployAssert5516EAF1.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.instance-public.js.snapshot/instancetestDefaultTestDeployAssert5516EAF1.assets.json new file mode 100644 index 0000000000000..92c11858a9333 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.instance-public.js.snapshot/instancetestDefaultTestDeployAssert5516EAF1.assets.json @@ -0,0 +1,19 @@ +{ + "version": "31.0.0", + "files": { + "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { + "source": { + "path": "instancetestDefaultTestDeployAssert5516EAF1.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.instance-public.js.snapshot/instancetestDefaultTestDeployAssert5516EAF1.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.instance-public.js.snapshot/instancetestDefaultTestDeployAssert5516EAF1.template.json new file mode 100644 index 0000000000000..ad9d0fb73d1dd --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.instance-public.js.snapshot/instancetestDefaultTestDeployAssert5516EAF1.template.json @@ -0,0 +1,36 @@ +{ + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.instance-public.js.snapshot/integ-ec2-instance.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.instance-public.js.snapshot/integ-ec2-instance.assets.json new file mode 100644 index 0000000000000..24fa7fa28b059 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.instance-public.js.snapshot/integ-ec2-instance.assets.json @@ -0,0 +1,19 @@ +{ + "version": "31.0.0", + "files": { + "488d9cf540c6790fc09af871e06438e043f47d03101ef192131f1dafbbb434cb": { + "source": { + "path": "integ-ec2-instance.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "488d9cf540c6790fc09af871e06438e043f47d03101ef192131f1dafbbb434cb.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.instance-public.js.snapshot/integ-ec2-instance.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.instance-public.js.snapshot/integ-ec2-instance.template.json new file mode 100644 index 0000000000000..4026ad159f736 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.instance-public.js.snapshot/integ-ec2-instance.template.json @@ -0,0 +1,362 @@ +{ + "Resources": { + "VPCB9E5F0B4": { + "Type": "AWS::EC2::VPC", + "Properties": { + "CidrBlock": "10.0.0.0/16", + "EnableDnsHostnames": true, + "EnableDnsSupport": true, + "InstanceTenancy": "default", + "Tags": [ + { + "Key": "Name", + "Value": "integ-ec2-instance/VPC" + } + ] + } + }, + "VPCpublicsubnet1Subnet1Subnet39B927A0": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "VpcId": { + "Ref": "VPCB9E5F0B4" + }, + "AvailabilityZone": { + "Fn::Select": [ + 0, + { + "Fn::GetAZs": "" + } + ] + }, + "CidrBlock": "10.0.0.0/24", + "MapPublicIpOnLaunch": true, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "public-subnet-1" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Public" + }, + { + "Key": "Name", + "Value": "integ-ec2-instance/VPC/public-subnet-1Subnet1" + } + ] + } + }, + "VPCpublicsubnet1Subnet1RouteTable1127E157": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Ref": "VPCB9E5F0B4" + }, + "Tags": [ + { + "Key": "Name", + "Value": "integ-ec2-instance/VPC/public-subnet-1Subnet1" + } + ] + } + }, + "VPCpublicsubnet1Subnet1RouteTableAssociation99DE76A6": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "VPCpublicsubnet1Subnet1RouteTable1127E157" + }, + "SubnetId": { + "Ref": "VPCpublicsubnet1Subnet1Subnet39B927A0" + } + } + }, + "VPCpublicsubnet1Subnet1DefaultRouteEFD0DA69": { + "Type": "AWS::EC2::Route", + "Properties": { + "RouteTableId": { + "Ref": "VPCpublicsubnet1Subnet1RouteTable1127E157" + }, + "DestinationCidrBlock": "0.0.0.0/0", + "GatewayId": { + "Ref": "VPCIGWB7E252D3" + } + }, + "DependsOn": [ + "VPCVPCGW99B986DC" + ] + }, + "VPCpublicsubnet1Subnet2Subnet1B74FFEC": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "VpcId": { + "Ref": "VPCB9E5F0B4" + }, + "AvailabilityZone": { + "Fn::Select": [ + 1, + { + "Fn::GetAZs": "" + } + ] + }, + "CidrBlock": "10.0.1.0/24", + "MapPublicIpOnLaunch": true, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "public-subnet-1" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Public" + }, + { + "Key": "Name", + "Value": "integ-ec2-instance/VPC/public-subnet-1Subnet2" + } + ] + } + }, + "VPCpublicsubnet1Subnet2RouteTable6613D6DE": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Ref": "VPCB9E5F0B4" + }, + "Tags": [ + { + "Key": "Name", + "Value": "integ-ec2-instance/VPC/public-subnet-1Subnet2" + } + ] + } + }, + "VPCpublicsubnet1Subnet2RouteTableAssociation4859253B": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "VPCpublicsubnet1Subnet2RouteTable6613D6DE" + }, + "SubnetId": { + "Ref": "VPCpublicsubnet1Subnet2Subnet1B74FFEC" + } + } + }, + "VPCpublicsubnet1Subnet2DefaultRoute3D53F956": { + "Type": "AWS::EC2::Route", + "Properties": { + "RouteTableId": { + "Ref": "VPCpublicsubnet1Subnet2RouteTable6613D6DE" + }, + "DestinationCidrBlock": "0.0.0.0/0", + "GatewayId": { + "Ref": "VPCIGWB7E252D3" + } + }, + "DependsOn": [ + "VPCVPCGW99B986DC" + ] + }, + "VPCIGWB7E252D3": { + "Type": "AWS::EC2::InternetGateway", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "integ-ec2-instance/VPC" + } + ] + } + }, + "VPCVPCGW99B986DC": { + "Type": "AWS::EC2::VPCGatewayAttachment", + "Properties": { + "VpcId": { + "Ref": "VPCB9E5F0B4" + }, + "InternetGatewayId": { + "Ref": "VPCIGWB7E252D3" + } + } + }, + "IntegSg68DC2C7E": { + "Type": "AWS::EC2::SecurityGroup", + "Properties": { + "GroupDescription": "integ-ec2-instance/IntegSg", + "SecurityGroupEgress": [ + { + "CidrIp": "0.0.0.0/0", + "Description": "Allow all outbound traffic by default", + "IpProtocol": "-1" + }, + { + "CidrIpv6": "::/0", + "Description": "Allow all outbound ipv6 traffic by default", + "IpProtocol": "-1" + } + ], + "SecurityGroupIngress": [ + { + "CidrIp": "0.0.0.0/0", + "Description": "from 0.0.0.0/0:ICMP Type 8", + "FromPort": 8, + "IpProtocol": "icmp", + "ToPort": -1 + } + ], + "VpcId": { + "Ref": "VPCB9E5F0B4" + } + } + }, + "InstanceInstanceRoleE9785DE5": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "ec2.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "Tags": [ + { + "Key": "Name", + "Value": "integ-ec2-instance/Instance" + } + ] + } + }, + "InstanceInstanceRoleDefaultPolicy4ACE9290": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": "ssm:*", + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "InstanceInstanceRoleDefaultPolicy4ACE9290", + "Roles": [ + { + "Ref": "InstanceInstanceRoleE9785DE5" + } + ] + } + }, + "InstanceInstanceProfileAB5AEF02": { + "Type": "AWS::IAM::InstanceProfile", + "Properties": { + "Roles": [ + { + "Ref": "InstanceInstanceRoleE9785DE5" + } + ] + } + }, + "InstanceC1063A87": { + "Type": "AWS::EC2::Instance", + "Properties": { + "AvailabilityZone": { + "Fn::Select": [ + 0, + { + "Fn::GetAZs": "" + } + ] + }, + "IamInstanceProfile": { + "Ref": "InstanceInstanceProfileAB5AEF02" + }, + "ImageId": { + "Ref": "SsmParameterValueawsserviceamiamazonlinuxlatestamzn2amihvmx8664gp2C96584B6F00A464EAD1953AFF4B05118Parameter" + }, + "InstanceType": "t3.nano", + "Monitoring": true, + "NetworkInterfaces": [ + { + "AssociatePublicIpAddress": true, + "DeviceIndex": "0", + "GroupSet": [ + { + "Fn::GetAtt": [ + "IntegSg68DC2C7E", + "GroupId" + ] + } + ], + "SubnetId": { + "Ref": "VPCpublicsubnet1Subnet1Subnet39B927A0" + } + } + ], + "Tags": [ + { + "Key": "Name", + "Value": "integ-ec2-instance/Instance" + } + ], + "UserData": { + "Fn::Base64": "#!/bin/bash\nyum install -y" + } + }, + "DependsOn": [ + "InstanceInstanceRoleDefaultPolicy4ACE9290", + "InstanceInstanceRoleE9785DE5", + "VPCpublicsubnet1Subnet1DefaultRouteEFD0DA69", + "VPCpublicsubnet1Subnet1RouteTableAssociation99DE76A6", + "VPCpublicsubnet1Subnet2DefaultRoute3D53F956", + "VPCpublicsubnet1Subnet2RouteTableAssociation4859253B" + ] + } + }, + "Parameters": { + "SsmParameterValueawsserviceamiamazonlinuxlatestamzn2amihvmx8664gp2C96584B6F00A464EAD1953AFF4B05118Parameter": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2" + }, + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.instance-public.js.snapshot/integ.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.instance-public.js.snapshot/integ.json new file mode 100644 index 0000000000000..f7b474f3d5a35 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.instance-public.js.snapshot/integ.json @@ -0,0 +1,12 @@ +{ + "version": "31.0.0", + "testCases": { + "instance-test/DefaultTest": { + "stacks": [ + "integ-ec2-instance" + ], + "assertionStack": "instance-test/DefaultTest/DeployAssert", + "assertionStackName": "instancetestDefaultTestDeployAssert5516EAF1" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.instance-public.js.snapshot/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.instance-public.js.snapshot/manifest.json new file mode 100644 index 0000000000000..aa23896e254e6 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.instance-public.js.snapshot/manifest.json @@ -0,0 +1,207 @@ +{ + "version": "31.0.0", + "artifacts": { + "integ-ec2-instance.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "integ-ec2-instance.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "integ-ec2-instance": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "integ-ec2-instance.template.json", + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/488d9cf540c6790fc09af871e06438e043f47d03101ef192131f1dafbbb434cb.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "integ-ec2-instance.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "integ-ec2-instance.assets" + ], + "metadata": { + "/integ-ec2-instance/VPC/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCB9E5F0B4" + } + ], + "/integ-ec2-instance/VPC/public-subnet-1Subnet1/Subnet": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCpublicsubnet1Subnet1Subnet39B927A0" + } + ], + "/integ-ec2-instance/VPC/public-subnet-1Subnet1/RouteTable": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCpublicsubnet1Subnet1RouteTable1127E157" + } + ], + "/integ-ec2-instance/VPC/public-subnet-1Subnet1/RouteTableAssociation": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCpublicsubnet1Subnet1RouteTableAssociation99DE76A6" + } + ], + "/integ-ec2-instance/VPC/public-subnet-1Subnet1/DefaultRoute": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCpublicsubnet1Subnet1DefaultRouteEFD0DA69" + } + ], + "/integ-ec2-instance/VPC/public-subnet-1Subnet2/Subnet": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCpublicsubnet1Subnet2Subnet1B74FFEC" + } + ], + "/integ-ec2-instance/VPC/public-subnet-1Subnet2/RouteTable": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCpublicsubnet1Subnet2RouteTable6613D6DE" + } + ], + "/integ-ec2-instance/VPC/public-subnet-1Subnet2/RouteTableAssociation": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCpublicsubnet1Subnet2RouteTableAssociation4859253B" + } + ], + "/integ-ec2-instance/VPC/public-subnet-1Subnet2/DefaultRoute": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCpublicsubnet1Subnet2DefaultRoute3D53F956" + } + ], + "/integ-ec2-instance/VPC/IGW": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCIGWB7E252D3" + } + ], + "/integ-ec2-instance/VPC/VPCGW": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCVPCGW99B986DC" + } + ], + "/integ-ec2-instance/IntegSg/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "IntegSg68DC2C7E" + } + ], + "/integ-ec2-instance/Instance/InstanceRole/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "InstanceInstanceRoleE9785DE5" + } + ], + "/integ-ec2-instance/Instance/InstanceRole/DefaultPolicy/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "InstanceInstanceRoleDefaultPolicy4ACE9290" + } + ], + "/integ-ec2-instance/Instance/InstanceProfile": [ + { + "type": "aws:cdk:logicalId", + "data": "InstanceInstanceProfileAB5AEF02" + } + ], + "/integ-ec2-instance/Instance/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "InstanceC1063A87" + } + ], + "/integ-ec2-instance/SsmParameterValue:--aws--service--ami-amazon-linux-latest--amzn2-ami-hvm-x86_64-gp2:C96584B6-F00A-464E-AD19-53AFF4B05118.Parameter": [ + { + "type": "aws:cdk:logicalId", + "data": "SsmParameterValueawsserviceamiamazonlinuxlatestamzn2amihvmx8664gp2C96584B6F00A464EAD1953AFF4B05118Parameter" + } + ], + "/integ-ec2-instance/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/integ-ec2-instance/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "integ-ec2-instance" + }, + "instancetestDefaultTestDeployAssert5516EAF1.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "instancetestDefaultTestDeployAssert5516EAF1.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "instancetestDefaultTestDeployAssert5516EAF1": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "instancetestDefaultTestDeployAssert5516EAF1.template.json", + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "instancetestDefaultTestDeployAssert5516EAF1.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "instancetestDefaultTestDeployAssert5516EAF1.assets" + ], + "metadata": { + "/instance-test/DefaultTest/DeployAssert/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/instance-test/DefaultTest/DeployAssert/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "instance-test/DefaultTest/DeployAssert" + }, + "Tree": { + "type": "cdk:tree", + "properties": { + "file": "tree.json" + } + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.instance-public.js.snapshot/tree.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.instance-public.js.snapshot/tree.json new file mode 100644 index 0000000000000..87142e2d428c9 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.instance-public.js.snapshot/tree.json @@ -0,0 +1,645 @@ +{ + "version": "tree-0.1", + "tree": { + "id": "App", + "path": "", + "children": { + "integ-ec2-instance": { + "id": "integ-ec2-instance", + "path": "integ-ec2-instance", + "children": { + "VPC": { + "id": "VPC", + "path": "integ-ec2-instance/VPC", + "children": { + "Resource": { + "id": "Resource", + "path": "integ-ec2-instance/VPC/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::VPC", + "aws:cdk:cloudformation:props": { + "cidrBlock": "10.0.0.0/16", + "enableDnsHostnames": true, + "enableDnsSupport": true, + "instanceTenancy": "default", + "tags": [ + { + "key": "Name", + "value": "integ-ec2-instance/VPC" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnVPC", + "version": "0.0.0" + } + }, + "public-subnet-1Subnet1": { + "id": "public-subnet-1Subnet1", + "path": "integ-ec2-instance/VPC/public-subnet-1Subnet1", + "children": { + "Subnet": { + "id": "Subnet", + "path": "integ-ec2-instance/VPC/public-subnet-1Subnet1/Subnet", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", + "aws:cdk:cloudformation:props": { + "vpcId": { + "Ref": "VPCB9E5F0B4" + }, + "availabilityZone": { + "Fn::Select": [ + 0, + { + "Fn::GetAZs": "" + } + ] + }, + "cidrBlock": "10.0.0.0/24", + "mapPublicIpOnLaunch": true, + "tags": [ + { + "key": "aws-cdk:subnet-name", + "value": "public-subnet-1" + }, + { + "key": "aws-cdk:subnet-type", + "value": "Public" + }, + { + "key": "Name", + "value": "integ-ec2-instance/VPC/public-subnet-1Subnet1" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", + "version": "0.0.0" + } + }, + "Acl": { + "id": "Acl", + "path": "integ-ec2-instance/VPC/public-subnet-1Subnet1/Acl", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "RouteTable": { + "id": "RouteTable", + "path": "integ-ec2-instance/VPC/public-subnet-1Subnet1/RouteTable", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", + "aws:cdk:cloudformation:props": { + "vpcId": { + "Ref": "VPCB9E5F0B4" + }, + "tags": [ + { + "key": "Name", + "value": "integ-ec2-instance/VPC/public-subnet-1Subnet1" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", + "version": "0.0.0" + } + }, + "RouteTableAssociation": { + "id": "RouteTableAssociation", + "path": "integ-ec2-instance/VPC/public-subnet-1Subnet1/RouteTableAssociation", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Ref": "VPCpublicsubnet1Subnet1RouteTable1127E157" + }, + "subnetId": { + "Ref": "VPCpublicsubnet1Subnet1Subnet39B927A0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", + "version": "0.0.0" + } + }, + "DefaultRoute": { + "id": "DefaultRoute", + "path": "integ-ec2-instance/VPC/public-subnet-1Subnet1/DefaultRoute", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Route", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Ref": "VPCpublicsubnet1Subnet1RouteTable1127E157" + }, + "destinationCidrBlock": "0.0.0.0/0", + "gatewayId": { + "Ref": "VPCIGWB7E252D3" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRoute", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.PublicSubnet", + "version": "0.0.0" + } + }, + "public-subnet-1Subnet2": { + "id": "public-subnet-1Subnet2", + "path": "integ-ec2-instance/VPC/public-subnet-1Subnet2", + "children": { + "Subnet": { + "id": "Subnet", + "path": "integ-ec2-instance/VPC/public-subnet-1Subnet2/Subnet", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", + "aws:cdk:cloudformation:props": { + "vpcId": { + "Ref": "VPCB9E5F0B4" + }, + "availabilityZone": { + "Fn::Select": [ + 1, + { + "Fn::GetAZs": "" + } + ] + }, + "cidrBlock": "10.0.1.0/24", + "mapPublicIpOnLaunch": true, + "tags": [ + { + "key": "aws-cdk:subnet-name", + "value": "public-subnet-1" + }, + { + "key": "aws-cdk:subnet-type", + "value": "Public" + }, + { + "key": "Name", + "value": "integ-ec2-instance/VPC/public-subnet-1Subnet2" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", + "version": "0.0.0" + } + }, + "Acl": { + "id": "Acl", + "path": "integ-ec2-instance/VPC/public-subnet-1Subnet2/Acl", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "RouteTable": { + "id": "RouteTable", + "path": "integ-ec2-instance/VPC/public-subnet-1Subnet2/RouteTable", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", + "aws:cdk:cloudformation:props": { + "vpcId": { + "Ref": "VPCB9E5F0B4" + }, + "tags": [ + { + "key": "Name", + "value": "integ-ec2-instance/VPC/public-subnet-1Subnet2" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", + "version": "0.0.0" + } + }, + "RouteTableAssociation": { + "id": "RouteTableAssociation", + "path": "integ-ec2-instance/VPC/public-subnet-1Subnet2/RouteTableAssociation", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Ref": "VPCpublicsubnet1Subnet2RouteTable6613D6DE" + }, + "subnetId": { + "Ref": "VPCpublicsubnet1Subnet2Subnet1B74FFEC" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", + "version": "0.0.0" + } + }, + "DefaultRoute": { + "id": "DefaultRoute", + "path": "integ-ec2-instance/VPC/public-subnet-1Subnet2/DefaultRoute", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Route", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Ref": "VPCpublicsubnet1Subnet2RouteTable6613D6DE" + }, + "destinationCidrBlock": "0.0.0.0/0", + "gatewayId": { + "Ref": "VPCIGWB7E252D3" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRoute", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.PublicSubnet", + "version": "0.0.0" + } + }, + "IGW": { + "id": "IGW", + "path": "integ-ec2-instance/VPC/IGW", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::InternetGateway", + "aws:cdk:cloudformation:props": { + "tags": [ + { + "key": "Name", + "value": "integ-ec2-instance/VPC" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnInternetGateway", + "version": "0.0.0" + } + }, + "VPCGW": { + "id": "VPCGW", + "path": "integ-ec2-instance/VPC/VPCGW", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::VPCGatewayAttachment", + "aws:cdk:cloudformation:props": { + "vpcId": { + "Ref": "VPCB9E5F0B4" + }, + "internetGatewayId": { + "Ref": "VPCIGWB7E252D3" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnVPCGatewayAttachment", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.Vpc", + "version": "0.0.0" + } + }, + "IntegSg": { + "id": "IntegSg", + "path": "integ-ec2-instance/IntegSg", + "children": { + "Resource": { + "id": "Resource", + "path": "integ-ec2-instance/IntegSg/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SecurityGroup", + "aws:cdk:cloudformation:props": { + "groupDescription": "integ-ec2-instance/IntegSg", + "securityGroupEgress": [ + { + "cidrIp": "0.0.0.0/0", + "description": "Allow all outbound traffic by default", + "ipProtocol": "-1" + }, + { + "ipProtocol": "-1", + "cidrIpv6": "::/0", + "description": "Allow all outbound ipv6 traffic by default" + } + ], + "securityGroupIngress": [ + { + "cidrIp": "0.0.0.0/0", + "ipProtocol": "icmp", + "fromPort": 8, + "toPort": -1, + "description": "from 0.0.0.0/0:ICMP Type 8" + } + ], + "vpcId": { + "Ref": "VPCB9E5F0B4" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSecurityGroup", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.SecurityGroup", + "version": "0.0.0" + } + }, + "Instance": { + "id": "Instance", + "path": "integ-ec2-instance/Instance", + "children": { + "InstanceRole": { + "id": "InstanceRole", + "path": "integ-ec2-instance/Instance/InstanceRole", + "children": { + "ImportInstanceRole": { + "id": "ImportInstanceRole", + "path": "integ-ec2-instance/Instance/InstanceRole/ImportInstanceRole", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "integ-ec2-instance/Instance/InstanceRole/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "ec2.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "tags": [ + { + "key": "Name", + "value": "integ-ec2-instance/Instance" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "0.0.0" + } + }, + "DefaultPolicy": { + "id": "DefaultPolicy", + "path": "integ-ec2-instance/Instance/InstanceRole/DefaultPolicy", + "children": { + "Resource": { + "id": "Resource", + "path": "integ-ec2-instance/Instance/InstanceRole/DefaultPolicy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Policy", + "aws:cdk:cloudformation:props": { + "policyDocument": { + "Statement": [ + { + "Action": "ssm:*", + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "policyName": "InstanceInstanceRoleDefaultPolicy4ACE9290", + "roles": [ + { + "Ref": "InstanceInstanceRoleE9785DE5" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Policy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "0.0.0" + } + }, + "InstanceProfile": { + "id": "InstanceProfile", + "path": "integ-ec2-instance/Instance/InstanceProfile", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::InstanceProfile", + "aws:cdk:cloudformation:props": { + "roles": [ + { + "Ref": "InstanceInstanceRoleE9785DE5" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnInstanceProfile", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "integ-ec2-instance/Instance/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Instance", + "aws:cdk:cloudformation:props": { + "availabilityZone": { + "Fn::Select": [ + 0, + { + "Fn::GetAZs": "" + } + ] + }, + "iamInstanceProfile": { + "Ref": "InstanceInstanceProfileAB5AEF02" + }, + "imageId": { + "Ref": "SsmParameterValueawsserviceamiamazonlinuxlatestamzn2amihvmx8664gp2C96584B6F00A464EAD1953AFF4B05118Parameter" + }, + "instanceType": "t3.nano", + "monitoring": true, + "networkInterfaces": [ + { + "deviceIndex": "0", + "associatePublicIpAddress": true, + "subnetId": { + "Ref": "VPCpublicsubnet1Subnet1Subnet39B927A0" + }, + "groupSet": [ + { + "Fn::GetAtt": [ + "IntegSg68DC2C7E", + "GroupId" + ] + } + ] + } + ], + "tags": [ + { + "key": "Name", + "value": "integ-ec2-instance/Instance" + } + ], + "userData": { + "Fn::Base64": "#!/bin/bash\nyum install -y" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnInstance", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.Instance", + "version": "0.0.0" + } + }, + "SsmParameterValue:--aws--service--ami-amazon-linux-latest--amzn2-ami-hvm-x86_64-gp2:C96584B6-F00A-464E-AD19-53AFF4B05118.Parameter": { + "id": "SsmParameterValue:--aws--service--ami-amazon-linux-latest--amzn2-ami-hvm-x86_64-gp2:C96584B6-F00A-464E-AD19-53AFF4B05118.Parameter", + "path": "integ-ec2-instance/SsmParameterValue:--aws--service--ami-amazon-linux-latest--amzn2-ami-hvm-x86_64-gp2:C96584B6-F00A-464E-AD19-53AFF4B05118.Parameter", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "SsmParameterValue:--aws--service--ami-amazon-linux-latest--amzn2-ami-hvm-x86_64-gp2:C96584B6-F00A-464E-AD19-53AFF4B05118": { + "id": "SsmParameterValue:--aws--service--ami-amazon-linux-latest--amzn2-ami-hvm-x86_64-gp2:C96584B6-F00A-464E-AD19-53AFF4B05118", + "path": "integ-ec2-instance/SsmParameterValue:--aws--service--ami-amazon-linux-latest--amzn2-ami-hvm-x86_64-gp2:C96584B6-F00A-464E-AD19-53AFF4B05118", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "integ-ec2-instance/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "integ-ec2-instance/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + }, + "instance-test": { + "id": "instance-test", + "path": "instance-test", + "children": { + "DefaultTest": { + "id": "DefaultTest", + "path": "instance-test/DefaultTest", + "children": { + "Default": { + "id": "Default", + "path": "instance-test/DefaultTest/Default", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.2.9" + } + }, + "DeployAssert": { + "id": "DeployAssert", + "path": "instance-test/DefaultTest/DeployAssert", + "children": { + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "instance-test/DefaultTest/DeployAssert/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "instance-test/DefaultTest/DeployAssert/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTestCase", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTest", + "version": "0.0.0" + } + }, + "Tree": { + "id": "Tree", + "path": "Tree", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.2.9" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.App", + "version": "0.0.0" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.instance-public.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.instance-public.ts new file mode 100644 index 0000000000000..63b910e6e4fbd --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.instance-public.ts @@ -0,0 +1,57 @@ +import { PolicyStatement } from 'aws-cdk-lib/aws-iam'; +import * as cdk from 'aws-cdk-lib'; +import { IntegTest } from '@aws-cdk/integ-tests-alpha'; +import * as ec2 from 'aws-cdk-lib/aws-ec2'; +import { EC2_RESTRICT_DEFAULT_SECURITY_GROUP } from 'aws-cdk-lib/cx-api'; + +const app = new cdk.App(); + +class TestStack extends cdk.Stack { + constructor(scope: cdk.App, id: string, props?: cdk.StackProps) { + super(scope, id, props); + this.node.setContext(EC2_RESTRICT_DEFAULT_SECURITY_GROUP, false); + + const vpc = new ec2.Vpc(this, 'VPC', { + cidr: '10.0.0.0/16', + natGateways: 0, + maxAzs: 3, + subnetConfiguration: [ + { + name: 'public-subnet-1', + subnetType: ec2.SubnetType.PUBLIC, + cidrMask: 24, + }, + ], + }); + + const securityGroup = new ec2.SecurityGroup(this, 'IntegSg', { + vpc, + allowAllIpv6Outbound: true, + }); + + const instance = new ec2.Instance(this, 'Instance', { + vpc, + vpcSubnets: { subnetGroupName: 'public-subnet-1' }, + securityGroup, + instanceType: ec2.InstanceType.of(ec2.InstanceClass.T3, ec2.InstanceSize.NANO), + machineImage: new ec2.AmazonLinuxImage({ generation: ec2.AmazonLinuxGeneration.AMAZON_LINUX_2 }), + detailedMonitoring: true, + associatePublicIpAddress: true, + }); + + instance.addToRolePolicy(new PolicyStatement({ + actions: ['ssm:*'], + resources: ['*'], + })); + + instance.connections.allowFromAnyIpv4(ec2.Port.icmpPing()); + + instance.addUserData('yum install -y'); + } +} + +const testCase = new TestStack(app, 'integ-ec2-instance'); + +new IntegTest(app, 'instance-test', { + testCases: [testCase], +}); diff --git a/packages/aws-cdk-lib/aws-ec2/README.md b/packages/aws-cdk-lib/aws-ec2/README.md index 84a4b63436246..4dde61bfa3fa8 100644 --- a/packages/aws-cdk-lib/aws-ec2/README.md +++ b/packages/aws-cdk-lib/aws-ec2/README.md @@ -1553,6 +1553,34 @@ const aspect = new ec2.InstanceRequireImdsv2Aspect(); Aspects.of(this).add(aspect); ``` +### Associating a Public IP Address with an Instance + +All subnets have an attribute that determines whether instances launched into that subnet are assigned a public IPv4 address. This attribute is set to true by default for default public subnets. Thus, an EC2 instance launched into a default public subnet will be assigned a public IPv4 address. Nondefault public subnets have this attribute set to false by default and any EC2 instance launched into a nondefault public subnet will not be assigned a public IPv4 address automatically. To automatically assign a public IPv4 address to an instance launched into a nondefault public subnet, you can set the `associatePublicIpAddress` property on the `Instance` construct to true. Alternatively, to not automatically assign a public IPv4 address to an instance launched into a default public subnet, you can set `associatePublicIpAddress` to false. Including this property, removing this property, or updating the value of this property on an existing instance will result in replacement of the instance. + +```ts +const vpc = new ec2.Vpc(this, 'VPC', { + cidr: '10.0.0.0/16', + natGateways: 0, + maxAzs: 3, + subnetConfiguration: [ + { + name: 'public-subnet-1', + subnetType: ec2.SubnetType.PUBLIC, + cidrMask: 24, + }, + ], +}); + +const instance = new ec2.Instance(this, 'Instance', { + vpc, + vpcSubnets: { subnetGroupName: 'public-subnet-1' }, + instanceType: ec2.InstanceType.of(ec2.InstanceClass.T3, ec2.InstanceSize.NANO), + machineImage: new ec2.AmazonLinuxImage({ generation: ec2.AmazonLinuxGeneration.AMAZON_LINUX_2 }), + detailedMonitoring: true, + associatePublicIpAddress: true, +}); +``` + ## VPC Flow Logs VPC Flow Logs is a feature that enables you to capture information about the IP traffic going to and from network interfaces in your VPC. Flow log data can be published to Amazon CloudWatch Logs and Amazon S3. After you've created a flow log, you can retrieve and view its data in the chosen destination. (). diff --git a/packages/aws-cdk-lib/aws-ec2/lib/instance.ts b/packages/aws-cdk-lib/aws-ec2/lib/instance.ts index e9f877cff1558..b18911161a0ee 100644 --- a/packages/aws-cdk-lib/aws-ec2/lib/instance.ts +++ b/packages/aws-cdk-lib/aws-ec2/lib/instance.ts @@ -271,6 +271,13 @@ export interface InstanceProps { * @default false */ readonly ssmSessionPermissions?: boolean; + + /** + * Whether to associate a public IP address to the primary network interface attached to this instance. + * + * @default - public IP address is automatically assigned based on default behavior + */ + readonly associatePublicIpAddress?: boolean; } /** @@ -373,7 +380,7 @@ export class Instance extends Resource implements IInstance { const userDataToken = Lazy.string({ produce: () => Fn.base64(this.userData.render()) }); const securityGroupsToken = Lazy.list({ produce: () => this.securityGroups.map(sg => sg.securityGroupId) }); - const { subnets } = props.vpc.selectSubnets(props.vpcSubnets); + const { subnets, hasPublic } = props.vpc.selectSubnets(props.vpcSubnets); let subnet; if (props.availabilityZone) { const selected = subnets.filter(sn => sn.availabilityZone === props.availabilityZone); @@ -398,14 +405,22 @@ export class Instance extends Resource implements IInstance { }); } + // network interfaces array is set to configure the primary network interface if associatePublicIpAddress is true or false + const networkInterfaces = props.associatePublicIpAddress !== undefined + ? [{ deviceIndex: '0', associatePublicIpAddress: props.associatePublicIpAddress, subnetId: subnet.subnetId, groupSet: securityGroupsToken }] + : undefined; + + // if network interfaces array is configured then subnetId and securityGroupIds are configured on the network interface + // level and there is no need to configure them on the instance level this.instance = new CfnInstance(this, 'Resource', { imageId: imageConfig.imageId, keyName: props.keyName, instanceType: props.instanceType.toString(), - securityGroupIds: securityGroupsToken, + subnetId: networkInterfaces ? undefined : subnet.subnetId, + securityGroupIds: networkInterfaces ? undefined : securityGroupsToken, + networkInterfaces, iamInstanceProfile: iamProfile.ref, userData: userDataToken, - subnetId: subnet.subnetId, availabilityZone: subnet.availabilityZone, sourceDestCheck: props.sourceDestCheck, blockDeviceMappings: props.blockDevices !== undefined ? instanceBlockDeviceMappings(this, props.blockDevices) : undefined, @@ -415,6 +430,16 @@ export class Instance extends Resource implements IInstance { }); this.instance.node.addDependency(this.role); + // if associatePublicIpAddress is true, then there must be a dependency on internet connectivity + if (props.associatePublicIpAddress !== undefined && props.associatePublicIpAddress) { + const internetConnected = props.vpc.selectSubnets(props.vpcSubnets).internetConnectivityEstablished; + this.instance.node.addDependency(internetConnected); + } + + if (!hasPublic && props.associatePublicIpAddress) { + throw new Error("To set 'associatePublicIpAddress: true' you must select Public subnets (vpcSubnets: { subnetType: SubnetType.PUBLIC })"); + } + this.osType = imageConfig.osType; this.node.defaultChild = this.instance; diff --git a/packages/aws-cdk-lib/aws-ec2/test/instance.test.ts b/packages/aws-cdk-lib/aws-ec2/test/instance.test.ts index 16ccd3bd75f21..42de157891c8c 100644 --- a/packages/aws-cdk-lib/aws-ec2/test/instance.test.ts +++ b/packages/aws-cdk-lib/aws-ec2/test/instance.test.ts @@ -19,6 +19,8 @@ import { LaunchTemplate, UserData, Vpc, + SubnetType, + SecurityGroup, } from '../lib'; let stack: Stack; @@ -644,3 +646,94 @@ test('sameInstanceClassAs compares different InstanceTypes correctly', () => { expect(instanceType.sameInstanceClassAs(comparitor)).toBeFalsy(); }); +test('associate public IP address with instance', () => { + // GIVEN + const securityGroup = new SecurityGroup(stack, 'SecurityGroup', { vpc }); + + // WHEN + new Instance(stack, 'Instance', { + vpc, + vpcSubnets: { subnetType: SubnetType.PUBLIC }, + securityGroup, + machineImage: new AmazonLinuxImage(), + instanceType: InstanceType.of(InstanceClass.T3, InstanceSize.LARGE), + sourceDestCheck: false, + associatePublicIpAddress: true, + }); + + // THEN + Template.fromStack(stack).hasResource('AWS::EC2::Instance', { + Properties: { + NetworkInterfaces: [{ + AssociatePublicIpAddress: true, + DeviceIndex: '0', + GroupSet: [ + { + 'Fn::GetAtt': [ + 'SecurityGroupDD263621', + 'GroupId', + ], + }, + ], + SubnetId: { + Ref: 'VPCPublicSubnet1SubnetB4246D30', + }, + }], + }, + DependsOn: [ + 'InstanceInstanceRoleE9785DE5', + 'VPCPublicSubnet1DefaultRoute91CEF279', + 'VPCPublicSubnet1RouteTableAssociation0B0896DC', + 'VPCPublicSubnet2DefaultRouteB7481BBA', + 'VPCPublicSubnet2RouteTableAssociation5A808732', + ], + }); +}); + +test('do not associate public IP address with instance', () => { + // GIVEN + const securityGroup = new SecurityGroup(stack, 'SecurityGroup', { vpc }); + + // WHEN + new Instance(stack, 'Instance', { + vpc, + vpcSubnets: { subnetType: SubnetType.PUBLIC }, + securityGroup, + machineImage: new AmazonLinuxImage(), + instanceType: InstanceType.of(InstanceClass.T3, InstanceSize.LARGE), + sourceDestCheck: false, + associatePublicIpAddress: false, + }); + + // THEN + Template.fromStack(stack).hasResourceProperties('AWS::EC2::Instance', { + NetworkInterfaces: [{ + AssociatePublicIpAddress: false, + DeviceIndex: '0', + GroupSet: [ + { + 'Fn::GetAtt': [ + 'SecurityGroupDD263621', + 'GroupId', + ], + }, + ], + SubnetId: { + Ref: 'VPCPublicSubnet1SubnetB4246D30', + }, + }], + }); +}); + +test('associate public IP address with instance and no public subnet', () => { + // WHEN/THEN + expect(() => { + new Instance(stack, 'Instance', { + vpc, + machineImage: new AmazonLinuxImage(), + instanceType: InstanceType.of(InstanceClass.T3, InstanceSize.LARGE), + sourceDestCheck: false, + associatePublicIpAddress: true, + }); + }).toThrow("To set 'associatePublicIpAddress: true' you must select Public subnets (vpcSubnets: { subnetType: SubnetType.PUBLIC })"); +}); From e724385a2068255078d34bbfbb9705a987d4a673 Mon Sep 17 00:00:00 2001 From: Robert Djurasaj Date: Tue, 23 May 2023 07:10:51 -0600 Subject: [PATCH 23/33] chore(eks): deprecate k8s 1.21 and 1.22 (#25575) ``` Hello, Amazon EKS has deprecated Kubernetes version 1.22 and this version will no longer be supported on June 4, 2023. Starting that day, you will no longer be able to create new 1.22 clusters, and all EKS clusters running Kubernetes version 1.22 will be updated to the latest available platform version of Kubernetes version 1.23. You are receiving this message because you currently have 1 or more EKS cluster(s) running with Kubernetes version 1.22, listed as follows: arn:aws:eks:us-east-1:123456789012:cluster/dev-clsuter We recommend that you update your 1.22 clusters to Kubernetes version 1.23 or higher. You can minimize the frequency at which you need to perform version upgrades by updating your cluster up to the latest supported Kubernetes version, which is version 1.26. To learn more on Kubernetes version support, see the Amazon EKS service documentation on Amazon EKS Kubernetes versions [1]. For instructions on how to update your cluster(s), see the Amazon EKS service documentation on Updating an Amazon EKS cluster Kubernetes version [2]. If you have questions or concerns, please reach out to AWS Support [3]. Sincerely, Amazon Web Services ``` ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- packages/aws-cdk-lib/aws-eks/README.md | 10 +++++----- packages/aws-cdk-lib/aws-eks/lib/cluster.ts | 2 ++ 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/packages/aws-cdk-lib/aws-eks/README.md b/packages/aws-cdk-lib/aws-eks/README.md index 37e46bdff0a1e..aa1ce397b06a6 100644 --- a/packages/aws-cdk-lib/aws-eks/README.md +++ b/packages/aws-cdk-lib/aws-eks/README.md @@ -339,7 +339,7 @@ The following code defines an Amazon EKS cluster with a default Fargate Profile ```ts const cluster = new eks.FargateCluster(this, 'MyCluster', { - version: eks.KubernetesVersion.V1_21, + version: eks.KubernetesVersion.V1_26, }); ``` @@ -416,7 +416,7 @@ You can also configure the cluster to use an auto-scaling group as the default c ```ts const cluster = new eks.Cluster(this, 'HelloEKS', { - version: eks.KubernetesVersion.V1_21, + version: eks.KubernetesVersion.V1_26, defaultCapacityType: eks.DefaultCapacityType.EC2, }); ``` @@ -509,7 +509,7 @@ You can configure the [cluster endpoint access](https://docs.aws.amazon.com/eks/ ```ts const cluster = new eks.Cluster(this, 'hello-eks', { - version: eks.KubernetesVersion.V1_21, + version: eks.KubernetesVersion.V1_26, endpointAccess: eks.EndpointAccess.PRIVATE, // No access outside of your VPC. }); ``` @@ -672,8 +672,8 @@ the `@aws-cdk/lambda-layer-awscli` and `@aws-cdk/lambda-layer-kubectl` modules. The version of kubectl used must be compatible with the Kubernetes version of the cluster. kubectl is supported within one minor version (older or newer) of Kubernetes (see [Kubernetes version skew policy](https://kubernetes.io/releases/version-skew-policy/#kubectl)). -Only version 1.20 of kubectl is available in `aws-cdk-lib`. If you need a different -version, you will need to use one of the `@aws-cdk/lambda-layer-kubectl-vXY` packages. +Depending on which version of kubernetes you're targeting, you will need to use one of +the `@aws-cdk/lambda-layer-kubectl-vXY` packages. ```ts import { KubectlV26Layer } from '@aws-cdk/lambda-layer-kubectl-v26'; diff --git a/packages/aws-cdk-lib/aws-eks/lib/cluster.ts b/packages/aws-cdk-lib/aws-eks/lib/cluster.ts index b3ca31040afaf..5267f59915f4a 100644 --- a/packages/aws-cdk-lib/aws-eks/lib/cluster.ts +++ b/packages/aws-cdk-lib/aws-eks/lib/cluster.ts @@ -845,11 +845,13 @@ export class KubernetesVersion { /** * Kubernetes version 1.21 + * @deprecated Use newer version of EKS */ public static readonly V1_21 = KubernetesVersion.of('1.21'); /** * Kubernetes version 1.22 + * @deprecated Use newer version of EKS * * When creating a `Cluster` with this version, you need to also specify the * `kubectlLayer` property with a `KubectlV22Layer` from From cdafcc52ad4aea3ef7f1446da7521fb504cb33b9 Mon Sep 17 00:00:00 2001 From: Colin Francis <131073567+colifran@users.noreply.github.com> Date: Tue, 23 May 2023 06:37:21 -0700 Subject: [PATCH 24/33] feat(secretsmanager): add support for rotateImmediatelyOnUpdate for secret rotation schedule (#25652) When adding a rotation schedule to a secret, you can specify whether or not the secret should be rotated immediately. This is optional, and by default, the secret will be rotated immediately if rotateImmediatelyOnUpdate is undefined. This PR exposes the rotateImmediatelyOnUpdate property enabling the user to configure this as false if they do not want the secret to be rotated immediately. Configuring this property as being explicitly true will result in the secret being rotated immediately, which is the default behavior. Closes #25365 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- ...k-integ-secret-hosted-rotation.assets.json | 6 +- ...integ-secret-hosted-rotation.template.json | 1 + .../integ.hosted-rotation.js.snapshot/cdk.out | 2 +- .../integ.json | 2 +- .../manifest.json | 16 ++--- .../tree.json | 63 ++++++++++++------- .../test/integ.hosted-rotation.ts | 1 + .../aws-cdk-lib/aws-secretsmanager/README.md | 1 + .../lib/rotation-schedule.ts | 9 +++ .../test/rotation-schedule.test.ts | 28 +++++++++ 10 files changed, 93 insertions(+), 36 deletions(-) diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-secretsmanager/test/integ.hosted-rotation.js.snapshot/cdk-integ-secret-hosted-rotation.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-secretsmanager/test/integ.hosted-rotation.js.snapshot/cdk-integ-secret-hosted-rotation.assets.json index 6804fe656f48f..7561a484f8de2 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-secretsmanager/test/integ.hosted-rotation.js.snapshot/cdk-integ-secret-hosted-rotation.assets.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-secretsmanager/test/integ.hosted-rotation.js.snapshot/cdk-integ-secret-hosted-rotation.assets.json @@ -1,7 +1,7 @@ { - "version": "20.0.0", + "version": "31.0.0", "files": { - "80e7147ae17e29a7810c1890b8caa90a140f0089dcb2dce470bd13d88e5acc41": { + "68111103cf6a45cb34025acaab5488606270170cf3e4bccee5883433fe58e704": { "source": { "path": "cdk-integ-secret-hosted-rotation.template.json", "packaging": "file" @@ -9,7 +9,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "80e7147ae17e29a7810c1890b8caa90a140f0089dcb2dce470bd13d88e5acc41.json", + "objectKey": "68111103cf6a45cb34025acaab5488606270170cf3e4bccee5883433fe58e704.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-secretsmanager/test/integ.hosted-rotation.js.snapshot/cdk-integ-secret-hosted-rotation.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-secretsmanager/test/integ.hosted-rotation.js.snapshot/cdk-integ-secret-hosted-rotation.template.json index 2f661337010e5..100dd501b3c01 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-secretsmanager/test/integ.hosted-rotation.js.snapshot/cdk-integ-secret-hosted-rotation.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-secretsmanager/test/integ.hosted-rotation.js.snapshot/cdk-integ-secret-hosted-rotation.template.json @@ -82,6 +82,7 @@ "ExcludeCharacters": "&@/", "RotationType": "MySQLSingleUser" }, + "RotateImmediatelyOnUpdate": false, "RotationRules": { "AutomaticallyAfterDays": 30 } diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-secretsmanager/test/integ.hosted-rotation.js.snapshot/cdk.out b/packages/@aws-cdk-testing/framework-integ/test/aws-secretsmanager/test/integ.hosted-rotation.js.snapshot/cdk.out index 588d7b269d34f..7925065efbcc4 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-secretsmanager/test/integ.hosted-rotation.js.snapshot/cdk.out +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-secretsmanager/test/integ.hosted-rotation.js.snapshot/cdk.out @@ -1 +1 @@ -{"version":"20.0.0"} \ No newline at end of file +{"version":"31.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-secretsmanager/test/integ.hosted-rotation.js.snapshot/integ.json b/packages/@aws-cdk-testing/framework-integ/test/aws-secretsmanager/test/integ.hosted-rotation.js.snapshot/integ.json index 1a8e6dc204e86..a81244af673a1 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-secretsmanager/test/integ.hosted-rotation.js.snapshot/integ.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-secretsmanager/test/integ.hosted-rotation.js.snapshot/integ.json @@ -1,5 +1,5 @@ { - "version": "20.0.0", + "version": "31.0.0", "testCases": { "integ.hosted-rotation": { "stacks": [ diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-secretsmanager/test/integ.hosted-rotation.js.snapshot/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/aws-secretsmanager/test/integ.hosted-rotation.js.snapshot/manifest.json index c0a8e248ba99f..bc1b5e28f4a97 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-secretsmanager/test/integ.hosted-rotation.js.snapshot/manifest.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-secretsmanager/test/integ.hosted-rotation.js.snapshot/manifest.json @@ -1,12 +1,6 @@ { - "version": "20.0.0", + "version": "31.0.0", "artifacts": { - "Tree": { - "type": "cdk:tree", - "properties": { - "file": "tree.json" - } - }, "cdk-integ-secret-hosted-rotation.assets": { "type": "cdk:asset-manifest", "properties": { @@ -23,7 +17,7 @@ "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/80e7147ae17e29a7810c1890b8caa90a140f0089dcb2dce470bd13d88e5acc41.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/68111103cf6a45cb34025acaab5488606270170cf3e4bccee5883433fe58e704.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ @@ -89,6 +83,12 @@ ] }, "displayName": "cdk-integ-secret-hosted-rotation" + }, + "Tree": { + "type": "cdk:tree", + "properties": { + "file": "tree.json" + } } } } \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-secretsmanager/test/integ.hosted-rotation.js.snapshot/tree.json b/packages/@aws-cdk-testing/framework-integ/test/aws-secretsmanager/test/integ.hosted-rotation.js.snapshot/tree.json index 2b151e47b7a18..8376f334fd4f0 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-secretsmanager/test/integ.hosted-rotation.js.snapshot/tree.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-secretsmanager/test/integ.hosted-rotation.js.snapshot/tree.json @@ -4,14 +4,6 @@ "id": "App", "path": "", "children": { - "Tree": { - "id": "Tree", - "path": "Tree", - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.1.85" - } - }, "cdk-integ-secret-hosted-rotation": { "id": "cdk-integ-secret-hosted-rotation", "path": "cdk-integ-secret-hosted-rotation", @@ -30,7 +22,7 @@ } }, "constructInfo": { - "fqn": "@aws-cdk/aws-secretsmanager.CfnSecret", + "fqn": "aws-cdk-lib.aws_secretsmanager.CfnSecret", "version": "0.0.0" } }, @@ -57,13 +49,13 @@ } }, "constructInfo": { - "fqn": "@aws-cdk/aws-secretsmanager.CfnRotationSchedule", + "fqn": "aws-cdk-lib.aws_secretsmanager.CfnRotationSchedule", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-secretsmanager.RotationSchedule", + "fqn": "aws-cdk-lib.aws_secretsmanager.RotationSchedule", "version": "0.0.0" } }, @@ -111,19 +103,19 @@ } }, "constructInfo": { - "fqn": "@aws-cdk/aws-secretsmanager.CfnResourcePolicy", + "fqn": "aws-cdk-lib.aws_secretsmanager.CfnResourcePolicy", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-secretsmanager.ResourcePolicy", + "fqn": "aws-cdk-lib.aws_secretsmanager.ResourcePolicy", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-secretsmanager.Secret", + "fqn": "aws-cdk-lib.aws_secretsmanager.Secret", "version": "0.0.0" } }, @@ -143,7 +135,7 @@ } }, "constructInfo": { - "fqn": "@aws-cdk/aws-secretsmanager.CfnSecret", + "fqn": "aws-cdk-lib.aws_secretsmanager.CfnSecret", "version": "0.0.0" } }, @@ -164,19 +156,20 @@ "rotationType": "MySQLSingleUser", "excludeCharacters": "&@/" }, + "rotateImmediatelyOnUpdate": false, "rotationRules": { "automaticallyAfterDays": 30 } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-secretsmanager.CfnRotationSchedule", + "fqn": "aws-cdk-lib.aws_secretsmanager.CfnRotationSchedule", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-secretsmanager.RotationSchedule", + "fqn": "aws-cdk-lib.aws_secretsmanager.RotationSchedule", "version": "0.0.0" } }, @@ -224,32 +217,56 @@ } }, "constructInfo": { - "fqn": "@aws-cdk/aws-secretsmanager.CfnResourcePolicy", + "fqn": "aws-cdk-lib.aws_secretsmanager.CfnResourcePolicy", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-secretsmanager.ResourcePolicy", + "fqn": "aws-cdk-lib.aws_secretsmanager.ResourcePolicy", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-secretsmanager.Secret", + "fqn": "aws-cdk-lib.aws_secretsmanager.Secret", + "version": "0.0.0" + } + }, + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "cdk-integ-secret-hosted-rotation/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "cdk-integ-secret-hosted-rotation/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", "version": "0.0.0" } } }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + }, + "Tree": { + "id": "Tree", + "path": "Tree", "constructInfo": { "fqn": "constructs.Construct", - "version": "10.1.85" + "version": "10.2.26" } } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.1.85" + "fqn": "aws-cdk-lib.App", + "version": "0.0.0" } } } \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-secretsmanager/test/integ.hosted-rotation.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-secretsmanager/test/integ.hosted-rotation.ts index a5ec40c9ecc37..0812c00e2bd0f 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-secretsmanager/test/integ.hosted-rotation.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-secretsmanager/test/integ.hosted-rotation.ts @@ -17,6 +17,7 @@ class TestStack extends cdk.Stack { }); customSecret.addRotationSchedule('Schedule', { hostedRotation: secretsmanager.HostedRotation.mysqlSingleUser(), + rotateImmediatelyOnUpdate: false, }); } } diff --git a/packages/aws-cdk-lib/aws-secretsmanager/README.md b/packages/aws-cdk-lib/aws-secretsmanager/README.md index c17bc84edf357..989da6bf614d4 100644 --- a/packages/aws-cdk-lib/aws-secretsmanager/README.md +++ b/packages/aws-cdk-lib/aws-secretsmanager/README.md @@ -124,6 +124,7 @@ const secret = new secretsmanager.Secret(this, 'Secret'); secret.addRotationSchedule('RotationSchedule', { hostedRotation: secretsmanager.HostedRotation.mysqlSingleUser(), + rotateImmediatelyOnUpdate: false, // by default, Secrets Manager rotates the secret immediately }); ``` diff --git a/packages/aws-cdk-lib/aws-secretsmanager/lib/rotation-schedule.ts b/packages/aws-cdk-lib/aws-secretsmanager/lib/rotation-schedule.ts index 11a0e17ab3d0d..736bf715ee435 100644 --- a/packages/aws-cdk-lib/aws-secretsmanager/lib/rotation-schedule.ts +++ b/packages/aws-cdk-lib/aws-secretsmanager/lib/rotation-schedule.ts @@ -42,6 +42,14 @@ export interface RotationScheduleOptions { * @default Duration.days(30) */ readonly automaticallyAfter?: Duration; + + /** + * Specifies whether to rotate the secret immediately or wait until the next + * scheduled rotation window. + * + * @default - secret is rotated immediately + */ + readonly rotateImmediatelyOnUpdate?: boolean; } /** @@ -132,6 +140,7 @@ export class RotationSchedule extends Resource { rotationLambdaArn: props.rotationLambda?.functionArn, hostedRotationLambda: props.hostedRotation?.bind(props.secret, this), rotationRules, + rotateImmediatelyOnUpdate: props.rotateImmediatelyOnUpdate, }); // Prevent secrets deletions when rotation is in place diff --git a/packages/aws-cdk-lib/aws-secretsmanager/test/rotation-schedule.test.ts b/packages/aws-cdk-lib/aws-secretsmanager/test/rotation-schedule.test.ts index 1fd2e7cd3268d..2452c751c7830 100644 --- a/packages/aws-cdk-lib/aws-secretsmanager/test/rotation-schedule.test.ts +++ b/packages/aws-cdk-lib/aws-secretsmanager/test/rotation-schedule.test.ts @@ -43,6 +43,34 @@ test('create a rotation schedule with a rotation Lambda', () => { }); }); +test('create a rotation schedule without immediate rotation', () => { + // GIVEN + const secret = new secretsmanager.Secret(stack, 'Secret'); + const rotationLambda = new lambda.Function(stack, 'Lambda', { + runtime: lambda.Runtime.NODEJS_14_X, + code: lambda.Code.fromInline('export.handler = event => event;'), + handler: 'index.handler', + }); + + // WHEN + new secretsmanager.RotationSchedule(stack, 'RotationSchedule', { + secret, + rotationLambda, + rotateImmediatelyOnUpdate: false, + }); + + // THEN + Template.fromStack(stack).hasResourceProperties('AWS::SecretsManager::RotationSchedule', { + SecretId: { + Ref: 'SecretA720EF05', + }, + RotationRules: { + AutomaticallyAfterDays: 30, + }, + RotateImmediatelyOnUpdate: false, + }); +}); + test('assign permissions for rotation schedule with a rotation Lambda', () => { // GIVEN const secret = new secretsmanager.Secret(stack, 'Secret'); From 2cafb728ae8b75b3e37df0b270098cced5a3d6b6 Mon Sep 17 00:00:00 2001 From: Kaizen Conroy <36202692+kaizencc@users.noreply.github.com> Date: Wed, 24 May 2023 04:06:03 -0400 Subject: [PATCH 25/33] chore: update cloud assembly schema version (#25706) Bump schema version to accompany #24430 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- .../cloud-assembly-schema/schema/cloud-assembly.version.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/aws-cdk-lib/cloud-assembly-schema/schema/cloud-assembly.version.json b/packages/aws-cdk-lib/cloud-assembly-schema/schema/cloud-assembly.version.json index 0d5aff521d3a2..f0b901e7c06e5 100644 --- a/packages/aws-cdk-lib/cloud-assembly-schema/schema/cloud-assembly.version.json +++ b/packages/aws-cdk-lib/cloud-assembly-schema/schema/cloud-assembly.version.json @@ -1 +1 @@ -{"version":"31.0.0"} +{"version":"32.0.0"} \ No newline at end of file From 2c1c54eac91ca4fa6f36012f2e47bddec8e82703 Mon Sep 17 00:00:00 2001 From: Kaizen Conroy <36202692+kaizencc@users.noreply.github.com> Date: Wed, 24 May 2023 05:00:52 -0400 Subject: [PATCH 26/33] docs(app-staging-synthesizer): document known limitations (#25707) Adds more information in the readme. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- .../app-staging-synthesizer-alpha/README.md | 22 ++++++++++++++----- 1 file changed, 17 insertions(+), 5 deletions(-) diff --git a/packages/@aws-cdk/app-staging-synthesizer-alpha/README.md b/packages/@aws-cdk/app-staging-synthesizer-alpha/README.md index 9d9c9e372f7a0..44a6447b415e2 100644 --- a/packages/@aws-cdk/app-staging-synthesizer-alpha/README.md +++ b/packages/@aws-cdk/app-staging-synthesizer-alpha/README.md @@ -26,8 +26,8 @@ are as follows: - the `AppStagingSynthesizer`, a new CDK synthesizer that will synthesize CDK applications with the staging resources provided. -> Currently this module does not support CDK Pipelines. You must deploy CDK Apps using this -> synthesizer via `cdk deploy`. +> As this library is `experimental`, there are features that are not yet implemented. Please look +> at the list of [Known Limitations](#known-limitations) before getting started. To get started, update your CDK App with a new `defaultStackSynthesizer`: @@ -149,9 +149,6 @@ benefits: controlled individually. - Users have a familiar way to customize staging resources in the CDK Application. -> As this library is `experimental`, the accompanying Bootstrap Stack is not yet implemented. To use this -> library right now, you must reuse roles that have been traditionally bootstrapped. - ## Using the Default Staging Stack per Environment The most common use case will be to use the built-in default resources. In this scenario, the @@ -387,3 +384,18 @@ const app = new App({ }), }); ``` + +## Known Limitations + +Since this module is experimental, there are some known limitations: + +- Currently this module does not support CDK Pipelines. You must deploy CDK Apps using this + synthesizer via `cdk deploy`. +- This synthesizer only needs a bootstrap stack with Roles, without staging resources. We + haven't written such a bootstrap stack yet; at the moment you can use the existing modern + bootstrap stack, the staging resources in them will just go unused. +- Due to limitations on the CloudFormation template size, CDK Applications can have + at most 38 independent ECR images. +- When you run `cdk destroy` (for example during testing), the staging bucket and ECR + repositories will be left behind because CloudFormation cannot clean up non-empty resources. + You must deploy those resources manually if you want to redeploy again using the same `appId`. From a86b919ca2f92e9956f4cd677cc6d58a5fdc6b90 Mon Sep 17 00:00:00 2001 From: AWS CDK Automation <43080478+aws-cdk-automation@users.noreply.github.com> Date: Wed, 24 May 2023 05:30:21 -0400 Subject: [PATCH 27/33] docs(cfnspec): update CloudFormation documentation (#25716) --- .../spec-source/cfn-docs/cfn-docs.json | 22 +++++++++---------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/packages/@aws-cdk/cfnspec/spec-source/cfn-docs/cfn-docs.json b/packages/@aws-cdk/cfnspec/spec-source/cfn-docs/cfn-docs.json index b32c301caa505..642ee28a3bada 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/cfn-docs/cfn-docs.json +++ b/packages/@aws-cdk/cfnspec/spec-source/cfn-docs/cfn-docs.json @@ -16214,16 +16214,16 @@ }, "description": "Specifies a route in a route table.\n\nYou must specify either `DestinationCidrBlock` or `DestinationIpv6CidrBlock` , plus the ID of one of the target resources.\n\nIf you create a route that references a transit gateway in the same template where you create the transit gateway, you must declare a dependency on the transit gateway attachment. The route table cannot use the transit gateway until it has successfully attached to the VPC. Add a [DependsOn Attribute](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-dependson.html) in the `AWS::EC2::Route` resource to explicitly declare a dependency on the `AWS::EC2::TransitGatewayAttachment` resource.", "properties": { - "CarrierGatewayId": "The ID of the carrier gateway.", - "DestinationCidrBlock": "The IPv4 CIDR block used for the destination match.", - "DestinationIpv6CidrBlock": "The IPv6 CIDR block used for the destination match.", - "EgressOnlyInternetGatewayId": "The ID of the egress-only internet gateway.", + "CarrierGatewayId": "The ID of the carrier gateway.\n\nYou can only use this option when the VPC contains a subnet which is associated with a Wavelength Zone.", + "DestinationCidrBlock": "The IPv4 CIDR address block used for the destination match. Routing decisions are based on the most specific match. We modify the specified CIDR block to its canonical form; for example, if you specify `100.68.0.18/18` , we modify it to `100.68.0.0/18` .", + "DestinationIpv6CidrBlock": "The IPv6 CIDR block used for the destination match. Routing decisions are based on the most specific match.", + "EgressOnlyInternetGatewayId": "[IPv6 traffic only] The ID of an egress-only internet gateway.", "GatewayId": "The ID of an internet gateway or virtual private gateway attached to your VPC.", - "InstanceId": "The ID of a NAT instance in your VPC.", + "InstanceId": "The ID of a NAT instance in your VPC. The operation fails if you specify an instance ID unless exactly one network interface is attached.", "LocalGatewayId": "The ID of the local gateway.", - "NatGatewayId": "The ID of a NAT gateway.", - "NetworkInterfaceId": "The ID of the network interface.", - "RouteTableId": "The ID of the route table. The routing table must be associated with the same VPC that the virtual private gateway is attached to.", + "NatGatewayId": "[IPv4 traffic only] The ID of a NAT gateway.", + "NetworkInterfaceId": "The ID of a network interface.", + "RouteTableId": "The ID of the route table for the route.", "TransitGatewayId": "The ID of a transit gateway.", "VpcEndpointId": "The ID of a VPC endpoint. Supported for Gateway Load Balancer endpoints only.", "VpcPeeringConnectionId": "The ID of a VPC peering connection." @@ -41544,7 +41544,7 @@ "attributes": {}, "description": "The cluster marker configuration of the geospatial map selected point style.", "properties": { - "ClusterMarker": "The cluster marker that is a part of the cluster marker configuration" + "ClusterMarker": "The cluster marker that is a part of the cluster marker configuration." } }, "AWS::QuickSight::Analysis.ColorScale": { @@ -45726,7 +45726,7 @@ "attributes": {}, "description": "The cluster marker configuration of the geospatial map selected point style.", "properties": { - "ClusterMarker": "The cluster marker that is a part of the cluster marker configuration" + "ClusterMarker": "The cluster marker that is a part of the cluster marker configuration." } }, "AWS::QuickSight::Dashboard.ColorScale": { @@ -50617,7 +50617,7 @@ "attributes": {}, "description": "The cluster marker configuration of the geospatial map selected point style.", "properties": { - "ClusterMarker": "The cluster marker that is a part of the cluster marker configuration" + "ClusterMarker": "The cluster marker that is a part of the cluster marker configuration." } }, "AWS::QuickSight::Template.ColorScale": { From 1e4ffcd83c10c9fb17dafc20c03ee9dff30d7e3e Mon Sep 17 00:00:00 2001 From: Jason Date: Wed, 24 May 2023 19:57:13 +0930 Subject: [PATCH 28/33] feat(glue): Add G.4X and G.8X worker types for AWS Glue (#25637) Adds new worker types for Glue announced in: https://aws.amazon.com/about-aws/whats-new/2023/05/aws-glue-large-instance-types-generally-available/ ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- packages/@aws-cdk/aws-glue-alpha/README.md | 1 + packages/@aws-cdk/aws-glue-alpha/lib/job.ts | 10 ++++++++++ .../integ.job.js.snapshot/aws-glue-job.template.json | 6 +++--- .../test/integ.job.js.snapshot/tree.json | 6 +++--- packages/@aws-cdk/aws-glue-alpha/test/integ.job.ts | 2 +- packages/@aws-cdk/aws-glue-alpha/test/job.test.ts | 4 ++++ 6 files changed, 22 insertions(+), 7 deletions(-) diff --git a/packages/@aws-cdk/aws-glue-alpha/README.md b/packages/@aws-cdk/aws-glue-alpha/README.md index 7abbe48aa0b2f..d1fd381446dfb 100644 --- a/packages/@aws-cdk/aws-glue-alpha/README.md +++ b/packages/@aws-cdk/aws-glue-alpha/README.md @@ -44,6 +44,7 @@ new glue.Job(this, 'ScalaSparkEtlJob', { className: 'com.example.HelloWorld', extraJars: [glue.Code.fromBucket(bucket, 'jars/HelloWorld.jar')], }), + workerType: glue.WorkerType.G_8X, description: 'an example Scala ETL job', }); ``` diff --git a/packages/@aws-cdk/aws-glue-alpha/lib/job.ts b/packages/@aws-cdk/aws-glue-alpha/lib/job.ts index 329d797277233..4f7c87344749b 100644 --- a/packages/@aws-cdk/aws-glue-alpha/lib/job.ts +++ b/packages/@aws-cdk/aws-glue-alpha/lib/job.ts @@ -32,6 +32,16 @@ export class WorkerType { */ public static readonly G_2X = new WorkerType('G.2X'); + /** + * Each worker maps to 4 DPU (16 vCPU, 64 GB of memory, 256 GB disk), and provides 1 executor per worker. We recommend this worker type for jobs whose workloads contain your most demanding transforms, aggregations, joins, and queries. This worker type is available only for AWS Glue version 3.0 or later jobs. + */ + public static readonly G_4X = new WorkerType('G.4X'); + + /** + * Each worker maps to 8 DPU (32 vCPU, 128 GB of memory, 512 GB disk), and provides 1 executor per worker. We recommend this worker type for jobs whose workloads contain your most demanding transforms, aggregations, joins, and queries. This worker type is available only for AWS Glue version 3.0 or later jobs. + */ + public static readonly G_8X = new WorkerType('G.8X'); + /** * Each worker maps to 0.25 DPU (2 vCPU, 4 GB of memory, 64 GB disk), and provides 1 executor per worker. Suitable for low volume streaming jobs. */ diff --git a/packages/@aws-cdk/aws-glue-alpha/test/integ.job.js.snapshot/aws-glue-job.template.json b/packages/@aws-cdk/aws-glue-alpha/test/integ.job.js.snapshot/aws-glue-job.template.json index 06115404e2a3c..f8dc5203f4bba 100644 --- a/packages/@aws-cdk/aws-glue-alpha/test/integ.job.js.snapshot/aws-glue-job.template.json +++ b/packages/@aws-cdk/aws-glue-alpha/test/integ.job.js.snapshot/aws-glue-job.template.json @@ -190,7 +190,7 @@ "key": "value" }, "Timeout": 5, - "WorkerType": "G.2X" + "WorkerType": "G.1X" } }, "EtlJob20SuccessMetricRule1759F889": { @@ -547,7 +547,7 @@ "key": "value" }, "Timeout": 5, - "WorkerType": "G.2X" + "WorkerType": "G.1X" } }, "EtlJob30SuccessMetricRuleF8870F8A": { @@ -904,7 +904,7 @@ "key": "value" }, "Timeout": 5, - "WorkerType": "G.2X" + "WorkerType": "G.1X" } }, "EtlJob40SuccessMetricRule00D3EF34": { diff --git a/packages/@aws-cdk/aws-glue-alpha/test/integ.job.js.snapshot/tree.json b/packages/@aws-cdk/aws-glue-alpha/test/integ.job.js.snapshot/tree.json index e641a09da50d7..78899d534c9a9 100644 --- a/packages/@aws-cdk/aws-glue-alpha/test/integ.job.js.snapshot/tree.json +++ b/packages/@aws-cdk/aws-glue-alpha/test/integ.job.js.snapshot/tree.json @@ -292,7 +292,7 @@ "key": "value" }, "timeout": 5, - "workerType": "G.2X" + "workerType": "G.1X" } }, "constructInfo": { @@ -808,7 +808,7 @@ "key": "value" }, "timeout": 5, - "workerType": "G.2X" + "workerType": "G.1X" } }, "constructInfo": { @@ -1324,7 +1324,7 @@ "key": "value" }, "timeout": 5, - "workerType": "G.2X" + "workerType": "G.1X" } }, "constructInfo": { diff --git a/packages/@aws-cdk/aws-glue-alpha/test/integ.job.ts b/packages/@aws-cdk/aws-glue-alpha/test/integ.job.ts index 752f31e30fcb5..5b00c70ab126e 100644 --- a/packages/@aws-cdk/aws-glue-alpha/test/integ.job.ts +++ b/packages/@aws-cdk/aws-glue-alpha/test/integ.job.ts @@ -31,7 +31,7 @@ const script = glue.Code.fromAsset(path.join(__dirname, 'job-script/hello_world. glueVersion, script, }), - workerType: glue.WorkerType.G_2X, + workerType: glue.WorkerType.G_1X, workerCount: 10, maxConcurrentRuns: 2, maxRetries: 2, diff --git a/packages/@aws-cdk/aws-glue-alpha/test/job.test.ts b/packages/@aws-cdk/aws-glue-alpha/test/job.test.ts index 2911df0705d53..5816f2428e603 100644 --- a/packages/@aws-cdk/aws-glue-alpha/test/job.test.ts +++ b/packages/@aws-cdk/aws-glue-alpha/test/job.test.ts @@ -14,6 +14,10 @@ describe('WorkerType', () => { test('.G_2X should set the name correctly', () => expect(glue.WorkerType.G_2X.name).toEqual('G.2X')); + test('.G_4X should set the name correctly', () => expect(glue.WorkerType.G_4X.name).toEqual('G.4X')); + + test('.G_8X should set the name correctly', () => expect(glue.WorkerType.G_8X.name).toEqual('G.8X')); + test('.G_025X should set the name correctly', () => expect(glue.WorkerType.G_025X.name).toEqual('G.025X')); test('.Z_2X should set the name correctly', () => expect(glue.WorkerType.Z_2X.name).toEqual('Z.2X')); From e5748453191953782ef9a52694cf1a107cbad33e Mon Sep 17 00:00:00 2001 From: Pat Myron Date: Wed, 24 May 2023 08:11:15 -0400 Subject: [PATCH 29/33] chore(region-info): ROUTE_53_BUCKET_WEBSITE_ZONE_IDS (#25471) https://docs.aws.amazon.com/general/latest/gr/s3.html#s3_region *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- .../aws-route53-targets/test/bucket-website-target.test.ts | 4 ++-- packages/aws-cdk-lib/region-info/build-tools/fact-tables.ts | 2 ++ 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/packages/aws-cdk-lib/aws-route53-targets/test/bucket-website-target.test.ts b/packages/aws-cdk-lib/aws-route53-targets/test/bucket-website-target.test.ts index 7345f877aec3c..2a584b9864705 100644 --- a/packages/aws-cdk-lib/aws-route53-targets/test/bucket-website-target.test.ts +++ b/packages/aws-cdk-lib/aws-route53-targets/test/bucket-website-target.test.ts @@ -74,10 +74,10 @@ test('throws if region agnostic', () => { }).toThrow(/Cannot use an S3 record alias in region-agnostic stacks/); }); -test('throws if bucket website hosting is unavailable (cn-north-1)', () => { +test('throws if bucket website hosting is unavailable (us-iso-east-1)', () => { // GIVEN const app = new App(); - const stack = new Stack(app, 'test', { env: { region: 'cn-north-1' } }); + const stack = new Stack(app, 'test', { env: { region: 'us-iso-east-1' } }); const bucketWebsite = new s3.Bucket(stack, 'Bucket'); diff --git a/packages/aws-cdk-lib/region-info/build-tools/fact-tables.ts b/packages/aws-cdk-lib/region-info/build-tools/fact-tables.ts index 62c8159dc0d3d..0f4830a3b6414 100644 --- a/packages/aws-cdk-lib/region-info/build-tools/fact-tables.ts +++ b/packages/aws-cdk-lib/region-info/build-tools/fact-tables.ts @@ -49,7 +49,9 @@ export const ROUTE_53_BUCKET_WEBSITE_ZONE_IDS: { [region: string]: string } = { 'ap-southeast-1': 'Z3O0J2DXBE1FTB', 'ap-southeast-2': 'Z1WCIGYICN2BYD', 'ap-southeast-3': 'Z01846753K324LI26A3VV', + // 'ap-southeast-4': 'Z0312387243XT5FE14WFO', 'ca-central-1': 'Z1QDHH18159H29', + 'cn-north-1': 'Z5CN8UMXT92WN', 'cn-northwest-1': 'Z282HJ1KT0DH03', 'eu-central-1': 'Z21DNDUVLTQW6Q', 'eu-central-2': 'Z030506016YDQGETNASS', From bdfdd400aa3bec828b5ea74bb9d71ea100c880b3 Mon Sep 17 00:00:00 2001 From: Pat Myron Date: Wed, 24 May 2023 08:40:52 -0400 Subject: [PATCH 30/33] chore(region-info): ap-southeast-3 (Jakarta) EBS_ENV_ENDPOINT_HOSTED_ZONE_ID (#25472) https://docs.aws.amazon.com/general/latest/gr/elasticbeanstalk.html#elasticbeanstalk_region *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- packages/aws-cdk-lib/region-info/build-tools/fact-tables.ts | 1 + 1 file changed, 1 insertion(+) diff --git a/packages/aws-cdk-lib/region-info/build-tools/fact-tables.ts b/packages/aws-cdk-lib/region-info/build-tools/fact-tables.ts index 0f4830a3b6414..8a05cf4f52f7f 100644 --- a/packages/aws-cdk-lib/region-info/build-tools/fact-tables.ts +++ b/packages/aws-cdk-lib/region-info/build-tools/fact-tables.ts @@ -86,6 +86,7 @@ export const EBS_ENV_ENDPOINT_HOSTED_ZONE_IDS: { [region: string]: string } = { 'ap-south-1': 'Z18NTBI3Y7N9TZ', 'ap-southeast-1': 'Z16FZ9L249IFLT', 'ap-southeast-2': 'Z2PCDNR3VC2G1N', + 'ap-southeast-3': 'Z05913172VM7EAZB40TA8', 'ca-central-1': 'ZJFCZL7SSZB5I', 'eu-central-1': 'Z1FRNW7UH4DEZJ', 'eu-north-1': 'Z23GO28BZ5AETM', From 8a6b3761adc4c4513bdf894ec5bfa1339b975c1f Mon Sep 17 00:00:00 2001 From: Kaizen Conroy <36202692+kaizencc@users.noreply.github.com> Date: Wed, 24 May 2023 09:50:16 -0400 Subject: [PATCH 31/33] feat(lambda): lambda code assets are marked as deploy time assets (#25705) Mark lambda assets as deploy time assets. This has no functionality for default synthesis, but if used in conjunction with the `AppStagingSynthesizer`, lambda assets will be marked with the `deploy-time/` prefix in the staging bucket and subject to lifecycle policies. This is because for lambda code, the s3 staging bucket is an intermediate step and the code is copied to lambda immediately. The code in s3 is no longer referenced after deploy, except when in a rollback scenario. Since this is a no-op for normal synthesis, the only test that can be done is in `app-staging-synthesizer-alpha`. Also I've deleted a duplicate test I found in `app-staging-synthesizer-alpha`. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- .../test/app-staging-synthesizer.test.ts | 53 ++++++++++++------- .../manifest.json | 2 +- .../synthesize-default-resources.assets.json | 6 +-- ...synthesize-default-resources.template.json | 2 +- .../tree.json | 4 +- packages/aws-cdk-lib/aws-lambda/lib/code.ts | 1 + 6 files changed, 41 insertions(+), 27 deletions(-) diff --git a/packages/@aws-cdk/app-staging-synthesizer-alpha/test/app-staging-synthesizer.test.ts b/packages/@aws-cdk/app-staging-synthesizer-alpha/test/app-staging-synthesizer.test.ts index d6a47ba76c65e..28ea67de70ef0 100644 --- a/packages/@aws-cdk/app-staging-synthesizer-alpha/test/app-staging-synthesizer.test.ts +++ b/packages/@aws-cdk/app-staging-synthesizer-alpha/test/app-staging-synthesizer.test.ts @@ -1,6 +1,8 @@ import * as fs from 'fs'; +import * as path from 'path'; import { App, Stack, CfnResource, FileAssetPackaging, Token, Lazy, Duration } from 'aws-cdk-lib'; import { Match, Template } from 'aws-cdk-lib/assertions'; +import * as lambda from 'aws-cdk-lib/aws-lambda'; import * as cxschema from 'aws-cdk-lib/cloud-assembly-schema'; import { CloudAssembly } from 'aws-cdk-lib/cx-api'; import { evaluateCFN } from './evaluate-cfn'; @@ -178,32 +180,43 @@ describe(AppStagingSynthesizer, () => { deployTime: true, }); - // THEN - asset has bucket prefix + // THEN - asset has deploy time prefix expect(evalCFN(location.objectKey)).toEqual(`${DEPLOY_TIME_PREFIX}abcdef.js`); }); - test('do not get specified bucketPrefix', () => { - // GIVEN - app = new App({ - defaultStackSynthesizer: AppStagingSynthesizer.defaultResources({ appId: APP_ID }), - }); - stack = new Stack(app, 'Stack', { - env: { - account: '000000000000', - region: 'us-west-2', - }, - }); - + test('lambda assets are by default deploy time assets', () => { // WHEN - const location = stack.synthesizer.addFileAsset({ - fileName: __filename, - packaging: FileAssetPackaging.FILE, - sourceHash: 'abcdef', - deployTime: true, + new lambda.Function(stack, 'Lambda', { + handler: 'index.handler', + code: lambda.Code.fromAsset(path.join(__dirname, 'assets')), + runtime: lambda.Runtime.PYTHON_3_10, }); - // THEN - asset has bucket prefix - expect(evalCFN(location.objectKey)).toEqual(`${DEPLOY_TIME_PREFIX}abcdef.js`); + // THEN - lambda asset has deploy time prefix + const asm = app.synth(); + + const manifestArtifact = asm.artifacts.filter(isAssetManifest)[0]; + expect(manifestArtifact).toBeDefined(); + const manifest: cxschema.AssetManifest = JSON.parse(fs.readFileSync(manifestArtifact.file, { encoding: 'utf-8' })); + + expect(manifest.files).toBeDefined(); + expect(Object.keys(manifest.files!).length).toEqual(2); + const firstFile = manifest.files![Object.keys(manifest.files!)[0]]; + const assetHash = '68539effc3f7ad46fff9765606c2a01b7f7965833643ab37e62799f19a37f650'; + expect(firstFile).toEqual({ + source: { + packaging: 'zip', + path: `asset.${assetHash}`, + }, + destinations: { + '000000000000-us-east-1': { + bucketName: `cdk-${APP_ID}-staging-000000000000-us-east-1`, + objectKey: `${DEPLOY_TIME_PREFIX}${assetHash}.zip`, + region: 'us-east-1', + assumeRoleArn: `arn:\${AWS::Partition}:iam::000000000000:role/cdk-${APP_ID}-file-role-us-east-1`, + }, + }, + }); }); test('have s3 bucket has lifecycle rule by default', () => { diff --git a/packages/@aws-cdk/app-staging-synthesizer-alpha/test/integ.synth-default-resources.js.snapshot/manifest.json b/packages/@aws-cdk/app-staging-synthesizer-alpha/test/integ.synth-default-resources.js.snapshot/manifest.json index e9ac382233e75..95fbe49a0ecb9 100644 --- a/packages/@aws-cdk/app-staging-synthesizer-alpha/test/integ.synth-default-resources.js.snapshot/manifest.json +++ b/packages/@aws-cdk/app-staging-synthesizer-alpha/test/integ.synth-default-resources.js.snapshot/manifest.json @@ -20,7 +20,7 @@ "additionalDependencies": [ "synthesize-default-resources.assets" ], - "stackTemplateAssetObjectUrl": "s3://cdk-default-resources-staging-${AWS::AccountId}-${AWS::Region}/deploy-time/e21d11bec65be920861a56a86066cc88a0241d5cbe8324d0692ca982420e4cb0.json", + "stackTemplateAssetObjectUrl": "s3://cdk-default-resources-staging-${AWS::AccountId}-${AWS::Region}/deploy-time/dc7275f639c45accfa2abc4842978bcb3b0c5f0b83fcde22015e344b2e008f26.json", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", "lookupRole": { "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}" diff --git a/packages/@aws-cdk/app-staging-synthesizer-alpha/test/integ.synth-default-resources.js.snapshot/synthesize-default-resources.assets.json b/packages/@aws-cdk/app-staging-synthesizer-alpha/test/integ.synth-default-resources.js.snapshot/synthesize-default-resources.assets.json index c17a6ccdaa514..7fb937ee99e39 100644 --- a/packages/@aws-cdk/app-staging-synthesizer-alpha/test/integ.synth-default-resources.js.snapshot/synthesize-default-resources.assets.json +++ b/packages/@aws-cdk/app-staging-synthesizer-alpha/test/integ.synth-default-resources.js.snapshot/synthesize-default-resources.assets.json @@ -9,12 +9,12 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-default-resources-staging-${AWS::AccountId}-${AWS::Region}", - "objectKey": "68539effc3f7ad46fff9765606c2a01b7f7965833643ab37e62799f19a37f650.zip", + "objectKey": "deploy-time/68539effc3f7ad46fff9765606c2a01b7f7965833643ab37e62799f19a37f650.zip", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-default-resources-file-role-${AWS::Region}" } } }, - "e21d11bec65be920861a56a86066cc88a0241d5cbe8324d0692ca982420e4cb0": { + "dc7275f639c45accfa2abc4842978bcb3b0c5f0b83fcde22015e344b2e008f26": { "source": { "path": "synthesize-default-resources.template.json", "packaging": "file" @@ -22,7 +22,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-default-resources-staging-${AWS::AccountId}-${AWS::Region}", - "objectKey": "deploy-time/e21d11bec65be920861a56a86066cc88a0241d5cbe8324d0692ca982420e4cb0.json", + "objectKey": "deploy-time/dc7275f639c45accfa2abc4842978bcb3b0c5f0b83fcde22015e344b2e008f26.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-default-resources-file-role-${AWS::Region}" } } diff --git a/packages/@aws-cdk/app-staging-synthesizer-alpha/test/integ.synth-default-resources.js.snapshot/synthesize-default-resources.template.json b/packages/@aws-cdk/app-staging-synthesizer-alpha/test/integ.synth-default-resources.js.snapshot/synthesize-default-resources.template.json index 05ac9636afd0b..baf698ba4c29d 100644 --- a/packages/@aws-cdk/app-staging-synthesizer-alpha/test/integ.synth-default-resources.js.snapshot/synthesize-default-resources.template.json +++ b/packages/@aws-cdk/app-staging-synthesizer-alpha/test/integ.synth-default-resources.js.snapshot/synthesize-default-resources.template.json @@ -38,7 +38,7 @@ "S3Bucket": { "Fn::Sub": "cdk-default-resources-staging-${AWS::AccountId}-${AWS::Region}" }, - "S3Key": "68539effc3f7ad46fff9765606c2a01b7f7965833643ab37e62799f19a37f650.zip" + "S3Key": "deploy-time/68539effc3f7ad46fff9765606c2a01b7f7965833643ab37e62799f19a37f650.zip" }, "Role": { "Fn::GetAtt": [ diff --git a/packages/@aws-cdk/app-staging-synthesizer-alpha/test/integ.synth-default-resources.js.snapshot/tree.json b/packages/@aws-cdk/app-staging-synthesizer-alpha/test/integ.synth-default-resources.js.snapshot/tree.json index 4a76ae37e2e0d..cafa81ab2083c 100644 --- a/packages/@aws-cdk/app-staging-synthesizer-alpha/test/integ.synth-default-resources.js.snapshot/tree.json +++ b/packages/@aws-cdk/app-staging-synthesizer-alpha/test/integ.synth-default-resources.js.snapshot/tree.json @@ -105,7 +105,7 @@ "s3Bucket": { "Fn::Sub": "cdk-default-resources-staging-${AWS::AccountId}-${AWS::Region}" }, - "s3Key": "68539effc3f7ad46fff9765606c2a01b7f7965833643ab37e62799f19a37f650.zip" + "s3Key": "deploy-time/68539effc3f7ad46fff9765606c2a01b7f7965833643ab37e62799f19a37f650.zip" }, "role": { "Fn::GetAtt": [ @@ -1150,7 +1150,7 @@ } }, "constructInfo": { - "fqn": "@aws-cdk/app-staging-synthesizer-alpha.DefaultStagingStack", + "fqn": "aws-cdk-lib.Stack", "version": "0.0.0" } }, diff --git a/packages/aws-cdk-lib/aws-lambda/lib/code.ts b/packages/aws-cdk-lib/aws-lambda/lib/code.ts index e7d4974fdb967..5b3102f3ce8b1 100644 --- a/packages/aws-cdk-lib/aws-lambda/lib/code.ts +++ b/packages/aws-cdk-lib/aws-lambda/lib/code.ts @@ -277,6 +277,7 @@ export class AssetCode extends Code { if (!this.asset) { this.asset = new s3_assets.Asset(scope, 'Code', { path: this.path, + deployTime: true, ...this.options, }); } else if (cdk.Stack.of(this.asset) !== cdk.Stack.of(scope)) { From 4f8aae50884b9238b3e0862874bcca6daea72a31 Mon Sep 17 00:00:00 2001 From: Vinayak Kukreja <78971045+vinayak-kukreja@users.noreply.github.com> Date: Wed, 24 May 2023 11:00:39 -0400 Subject: [PATCH 32/33] feat(logs): filterName property in MetricFilter (#25246) This PR is recreating and adding to https://github.com/robertd PR: https://github.com/aws/aws-cdk/pull/23053 Here, `filterName` property is being added for `MetricFilter` And, also adding an existing integ test: `integ.expose-metric.ts` with the `IntegTest` construct. Closes https://github.com/aws/aws-cdk/issues/17626 Co-authored-by: Robert Djurasaj(https://github.com/robertd) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- .../framework-integ/.gitignore | 2 ++ .../test/aws-logs/test/integ.expose-metric.ts | 8 ++++++- .../aws-cdk-metricfilter-integ.assets.json | 6 +++--- .../aws-cdk-metricfilter-integ.template.json | 3 ++- .../cdk.out | 2 +- .../integ.json | 2 +- .../manifest.json | 9 +++++--- .../tree.json | 21 ++++++++++--------- .../aws-logs/test/integ.metricfilter.lit.ts | 1 + .../aws-cdk-lib/aws-logs/lib/log-group.ts | 7 +++++++ .../aws-cdk-lib/aws-logs/lib/metric-filter.ts | 10 ++++++--- .../aws-logs/test/metricfilter.test.ts | 4 +++- 12 files changed, 51 insertions(+), 24 deletions(-) diff --git a/packages/@aws-cdk-testing/framework-integ/.gitignore b/packages/@aws-cdk-testing/framework-integ/.gitignore index edcbb5e03d23d..8ef66112140d5 100644 --- a/packages/@aws-cdk-testing/framework-integ/.gitignore +++ b/packages/@aws-cdk-testing/framework-integ/.gitignore @@ -13,3 +13,5 @@ nyc.config.js !**/*.snapshot/**/asset.*/*.d.ts !**/*.snapshot/**/asset.*/** + +**/*.ts.snapshot \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-logs/test/integ.expose-metric.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-logs/test/integ.expose-metric.ts index d7b7bc173045c..924198a206d88 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-logs/test/integ.expose-metric.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-logs/test/integ.expose-metric.ts @@ -1,6 +1,7 @@ import { Alarm } from 'aws-cdk-lib/aws-cloudwatch'; import { App, RemovalPolicy, Stack, StackProps } from 'aws-cdk-lib'; import { FilterPattern, LogGroup, MetricFilter } from 'aws-cdk-lib/aws-logs'; +import { IntegTest } from '@aws-cdk/integ-tests-alpha'; /* * Stack verification steps: @@ -37,5 +38,10 @@ class ExposeMetricIntegStack extends Stack { } const app = new App(); -new ExposeMetricIntegStack(app, 'aws-cdk-expose-metric-integ'); +const stack = new ExposeMetricIntegStack(app, 'aws-cdk-expose-metric-integ'); + +new IntegTest(app, 'LambdaTest', { + testCases: [stack], +}); + app.synth(); \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-logs/test/integ.metricfilter.lit.js.snapshot/aws-cdk-metricfilter-integ.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-logs/test/integ.metricfilter.lit.js.snapshot/aws-cdk-metricfilter-integ.assets.json index eb9812ecf68e0..c7136915b369f 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-logs/test/integ.metricfilter.lit.js.snapshot/aws-cdk-metricfilter-integ.assets.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-logs/test/integ.metricfilter.lit.js.snapshot/aws-cdk-metricfilter-integ.assets.json @@ -1,7 +1,7 @@ { - "version": "22.0.0", + "version": "31.0.0", "files": { - "3447b1b7683bf722256f63f808f8ac3a927c270228f18c1ff0245b4d5fc3f919": { + "02ed2687a3e340ff22289dcacf3e4ed024865b2aae1c13bf6bf5c995590480ac": { "source": { "path": "aws-cdk-metricfilter-integ.template.json", "packaging": "file" @@ -9,7 +9,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "3447b1b7683bf722256f63f808f8ac3a927c270228f18c1ff0245b4d5fc3f919.json", + "objectKey": "02ed2687a3e340ff22289dcacf3e4ed024865b2aae1c13bf6bf5c995590480ac.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-logs/test/integ.metricfilter.lit.js.snapshot/aws-cdk-metricfilter-integ.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-logs/test/integ.metricfilter.lit.js.snapshot/aws-cdk-metricfilter-integ.template.json index 112650733cb57..32f6577f1b0f2 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-logs/test/integ.metricfilter.lit.js.snapshot/aws-cdk-metricfilter-integ.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-logs/test/integ.metricfilter.lit.js.snapshot/aws-cdk-metricfilter-integ.template.json @@ -21,7 +21,8 @@ "MetricNamespace": "MyApp", "MetricValue": "$.latency" } - ] + ], + "FilterName": "MyFilterName" } } }, diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-logs/test/integ.metricfilter.lit.js.snapshot/cdk.out b/packages/@aws-cdk-testing/framework-integ/test/aws-logs/test/integ.metricfilter.lit.js.snapshot/cdk.out index 145739f539580..7925065efbcc4 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-logs/test/integ.metricfilter.lit.js.snapshot/cdk.out +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-logs/test/integ.metricfilter.lit.js.snapshot/cdk.out @@ -1 +1 @@ -{"version":"22.0.0"} \ No newline at end of file +{"version":"31.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-logs/test/integ.metricfilter.lit.js.snapshot/integ.json b/packages/@aws-cdk-testing/framework-integ/test/aws-logs/test/integ.metricfilter.lit.js.snapshot/integ.json index 3d96a42caad9a..f654b92e278bb 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-logs/test/integ.metricfilter.lit.js.snapshot/integ.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-logs/test/integ.metricfilter.lit.js.snapshot/integ.json @@ -1,5 +1,5 @@ { - "version": "22.0.0", + "version": "31.0.0", "testCases": { "integ.metricfilter.lit": { "stacks": [ diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-logs/test/integ.metricfilter.lit.js.snapshot/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/aws-logs/test/integ.metricfilter.lit.js.snapshot/manifest.json index 1ea63fa73c136..58451ddb771d8 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-logs/test/integ.metricfilter.lit.js.snapshot/manifest.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-logs/test/integ.metricfilter.lit.js.snapshot/manifest.json @@ -1,5 +1,5 @@ { - "version": "22.0.0", + "version": "31.0.0", "artifacts": { "aws-cdk-metricfilter-integ.assets": { "type": "cdk:asset-manifest", @@ -17,7 +17,7 @@ "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/3447b1b7683bf722256f63f808f8ac3a927c270228f18c1ff0245b4d5fc3f919.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/02ed2687a3e340ff22289dcacf3e4ed024865b2aae1c13bf6bf5c995590480ac.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ @@ -42,7 +42,10 @@ "/aws-cdk-metricfilter-integ/MetricFilter/Resource": [ { "type": "aws:cdk:logicalId", - "data": "MetricFilter1B93B6E5" + "data": "MetricFilter1B93B6E5", + "trace": [ + "!!DESTRUCTIVE_CHANGES: WILL_REPLACE" + ] } ], "/aws-cdk-metricfilter-integ/BootstrapVersion": [ diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-logs/test/integ.metricfilter.lit.js.snapshot/tree.json b/packages/@aws-cdk-testing/framework-integ/test/aws-logs/test/integ.metricfilter.lit.js.snapshot/tree.json index 8969855872b25..8099a46d02f57 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-logs/test/integ.metricfilter.lit.js.snapshot/tree.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-logs/test/integ.metricfilter.lit.js.snapshot/tree.json @@ -22,13 +22,13 @@ } }, "constructInfo": { - "fqn": "@aws-cdk/aws-logs.CfnLogGroup", + "fqn": "aws-cdk-lib.aws_logs.CfnLogGroup", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-logs.LogGroup", + "fqn": "aws-cdk-lib.aws_logs.LogGroup", "version": "0.0.0" } }, @@ -52,17 +52,18 @@ "metricName": "Latency", "metricValue": "$.latency" } - ] + ], + "filterName": "MyFilterName" } }, "constructInfo": { - "fqn": "@aws-cdk/aws-logs.CfnMetricFilter", + "fqn": "aws-cdk-lib.aws_logs.CfnMetricFilter", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-logs.MetricFilter", + "fqn": "aws-cdk-lib.aws_logs.MetricFilter", "version": "0.0.0" } }, @@ -70,7 +71,7 @@ "id": "BootstrapVersion", "path": "aws-cdk-metricfilter-integ/BootstrapVersion", "constructInfo": { - "fqn": "@aws-cdk/core.CfnParameter", + "fqn": "aws-cdk-lib.CfnParameter", "version": "0.0.0" } }, @@ -78,13 +79,13 @@ "id": "CheckBootstrapVersion", "path": "aws-cdk-metricfilter-integ/CheckBootstrapVersion", "constructInfo": { - "fqn": "@aws-cdk/core.CfnRule", + "fqn": "aws-cdk-lib.CfnRule", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/core.Stack", + "fqn": "aws-cdk-lib.Stack", "version": "0.0.0" } }, @@ -93,12 +94,12 @@ "path": "Tree", "constructInfo": { "fqn": "constructs.Construct", - "version": "10.1.189" + "version": "10.1.270" } } }, "constructInfo": { - "fqn": "@aws-cdk/core.App", + "fqn": "aws-cdk-lib.App", "version": "0.0.0" } } diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-logs/test/integ.metricfilter.lit.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-logs/test/integ.metricfilter.lit.ts index a8bdc885961d1..b06259887204d 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-logs/test/integ.metricfilter.lit.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-logs/test/integ.metricfilter.lit.ts @@ -14,6 +14,7 @@ class MetricFilterIntegStack extends Stack { logGroup, metricNamespace: 'MyApp', metricName: 'Latency', + filterName: 'MyFilterName', filterPattern: FilterPattern.exists('$.latency'), metricValue: '$.latency', }); diff --git a/packages/aws-cdk-lib/aws-logs/lib/log-group.ts b/packages/aws-cdk-lib/aws-logs/lib/log-group.ts index 268c719397f56..6dcda58ed48cb 100644 --- a/packages/aws-cdk-lib/aws-logs/lib/log-group.ts +++ b/packages/aws-cdk-lib/aws-logs/lib/log-group.ts @@ -584,4 +584,11 @@ export interface MetricFilterOptions { * @default - No unit attached to metrics. */ readonly unit?: cloudwatch.Unit; + + /** + * The name of the metric filter. + * + * @default - Cloudformation generated name. + */ + readonly filterName?: string; } diff --git a/packages/aws-cdk-lib/aws-logs/lib/metric-filter.ts b/packages/aws-cdk-lib/aws-logs/lib/metric-filter.ts index 04a85b0af03e6..ba9f0dfe9171f 100644 --- a/packages/aws-cdk-lib/aws-logs/lib/metric-filter.ts +++ b/packages/aws-cdk-lib/aws-logs/lib/metric-filter.ts @@ -23,13 +23,16 @@ export class MetricFilter extends Resource { private readonly metricNamespace: string; constructor(scope: Construct, id: string, props: MetricFilterProps) { - super(scope, id); + super(scope, id, { + physicalName: props.filterName, + }); this.metricName = props.metricName; this.metricNamespace = props.metricNamespace; - if (Object.keys(props.dimensions ?? {}).length > 3) { - throw new Error('MetricFilter only supports a maximum of 3 Dimensions'); + const numberOfDimensions = Object.keys(props.dimensions ?? {}).length; + if (numberOfDimensions > 3) { + throw new Error(`MetricFilter only supports a maximum of 3 dimensions but received ${numberOfDimensions}.`); } // It looks odd to map this object to a singleton list, but that's how @@ -42,6 +45,7 @@ export class MetricFilter extends Resource { // https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-logs-metricfilter.html new CfnMetricFilter(this, 'Resource', { logGroupName: props.logGroup.logGroupName, + filterName: this.physicalName, filterPattern: props.filterPattern.logPatternString, metricTransformations: [{ metricNamespace: props.metricNamespace, diff --git a/packages/aws-cdk-lib/aws-logs/test/metricfilter.test.ts b/packages/aws-cdk-lib/aws-logs/test/metricfilter.test.ts index 0821d0a201003..93753d3ace8ab 100644 --- a/packages/aws-cdk-lib/aws-logs/test/metricfilter.test.ts +++ b/packages/aws-cdk-lib/aws-logs/test/metricfilter.test.ts @@ -14,6 +14,7 @@ describe('metric filter', () => { logGroup, metricNamespace: 'AWS/Test', metricName: 'Latency', + filterName: 'FooBazBar', metricValue: '$.latency', filterPattern: FilterPattern.exists('$.latency'), }); @@ -27,6 +28,7 @@ describe('metric filter', () => { }], FilterPattern: '{ $.latency = "*" }', LogGroupName: { Ref: 'LogGroupF5B46931' }, + FilterName: 'FooBazBar', }); }); @@ -83,7 +85,7 @@ describe('metric filter', () => { Baz: 'Qux', Qux: 'Quux', }, - })).toThrow(/MetricFilter only supports a maximum of 3 Dimensions/); + })).toThrow(/MetricFilter only supports a maximum of 3 dimensions but received/); }); test('metric filter exposes metric', () => { From 6c5b67ed3174bfd27a473e1468dc18917c3d7bba Mon Sep 17 00:00:00 2001 From: zdf Date: Wed, 24 May 2023 09:13:36 -0700 Subject: [PATCH 33/33] fix(s3): KMS encryption works fine for server access logging target buckets (#25350) The previous changes(https://github.com/aws/aws-cdk/pull/23514 & https://github.com/aws/aws-cdk/pull/23385) about failing early when certain encryption type being used is not correct. In fact, KMS encryption works fine for server access logging target buckets with proper permission being setup. So this change is removing the condition failing for the SSE-KMS with customized encryption key case. However, it is not possible to know which encryption type for the server access logging bucket, so the only checking can be applied after this change merged is failing when logging to self case using BucketEncryption.KMS_MANAGED. After this fix, the only condition would be failed pre-checking is __Log to self and using KMS_MANAGED encryption type__ This change only fix the checking condition, so this change won't affect snapshot at all. Hence, Exemption Request. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- ...efaultTestDeployAssertB937C102.assets.json | 19 + ...aultTestDeployAssertB937C102.template.json | 36 ++ ...-s3-server-access-logs-sse-kms.assets.json | 32 ++ ...3-server-access-logs-sse-kms.template.json | 395 +++++++++++++++++ .../cdk.out | 1 + .../integ.json | 12 + .../manifest.json | 153 +++++++ .../tree.json | 404 ++++++++++++++++++ ...integ.bucket-server-access-logs-sse-kms.ts | 24 ++ packages/aws-cdk-lib/aws-s3/lib/bucket.ts | 19 +- .../aws-cdk-lib/aws-s3/test/bucket.test.ts | 30 +- 11 files changed, 1099 insertions(+), 26 deletions(-) create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-server-access-logs-sse-kms.js.snapshot/ServerAccessLogsSseKmsTestDefaultTestDeployAssertB937C102.assets.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-server-access-logs-sse-kms.js.snapshot/ServerAccessLogsSseKmsTestDefaultTestDeployAssertB937C102.template.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-server-access-logs-sse-kms.js.snapshot/aws-cdk-s3-server-access-logs-sse-kms.assets.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-server-access-logs-sse-kms.js.snapshot/aws-cdk-s3-server-access-logs-sse-kms.template.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-server-access-logs-sse-kms.js.snapshot/cdk.out create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-server-access-logs-sse-kms.js.snapshot/integ.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-server-access-logs-sse-kms.js.snapshot/manifest.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-server-access-logs-sse-kms.js.snapshot/tree.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-server-access-logs-sse-kms.ts diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-server-access-logs-sse-kms.js.snapshot/ServerAccessLogsSseKmsTestDefaultTestDeployAssertB937C102.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-server-access-logs-sse-kms.js.snapshot/ServerAccessLogsSseKmsTestDefaultTestDeployAssertB937C102.assets.json new file mode 100644 index 0000000000000..f66cdffe3270a --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-server-access-logs-sse-kms.js.snapshot/ServerAccessLogsSseKmsTestDefaultTestDeployAssertB937C102.assets.json @@ -0,0 +1,19 @@ +{ + "version": "31.0.0", + "files": { + "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { + "source": { + "path": "ServerAccessLogsSseKmsTestDefaultTestDeployAssertB937C102.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-server-access-logs-sse-kms.js.snapshot/ServerAccessLogsSseKmsTestDefaultTestDeployAssertB937C102.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-server-access-logs-sse-kms.js.snapshot/ServerAccessLogsSseKmsTestDefaultTestDeployAssertB937C102.template.json new file mode 100644 index 0000000000000..ad9d0fb73d1dd --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-server-access-logs-sse-kms.js.snapshot/ServerAccessLogsSseKmsTestDefaultTestDeployAssertB937C102.template.json @@ -0,0 +1,36 @@ +{ + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-server-access-logs-sse-kms.js.snapshot/aws-cdk-s3-server-access-logs-sse-kms.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-server-access-logs-sse-kms.js.snapshot/aws-cdk-s3-server-access-logs-sse-kms.assets.json new file mode 100644 index 0000000000000..1b2f22aa6da67 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-server-access-logs-sse-kms.js.snapshot/aws-cdk-s3-server-access-logs-sse-kms.assets.json @@ -0,0 +1,32 @@ +{ + "version": "31.0.0", + "files": { + "40aa87cdf43c4095cec18bc443965f22ab2f8c1ace47e482a0ba4e35d83b0cc9": { + "source": { + "path": "asset.40aa87cdf43c4095cec18bc443965f22ab2f8c1ace47e482a0ba4e35d83b0cc9", + "packaging": "zip" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "40aa87cdf43c4095cec18bc443965f22ab2f8c1ace47e482a0ba4e35d83b0cc9.zip", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + }, + "a2b5b863d9f5b680816a4fb9864f0f6813798b7bbdd9fe1fcf001e106175a199": { + "source": { + "path": "aws-cdk-s3-server-access-logs-sse-kms.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "a2b5b863d9f5b680816a4fb9864f0f6813798b7bbdd9fe1fcf001e106175a199.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-server-access-logs-sse-kms.js.snapshot/aws-cdk-s3-server-access-logs-sse-kms.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-server-access-logs-sse-kms.js.snapshot/aws-cdk-s3-server-access-logs-sse-kms.template.json new file mode 100644 index 0000000000000..afb92ede77d02 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-server-access-logs-sse-kms.js.snapshot/aws-cdk-s3-server-access-logs-sse-kms.template.json @@ -0,0 +1,395 @@ +{ + "Resources": { + "ServerAccessLogsBucketKey95B7E326": { + "Type": "AWS::KMS::Key", + "Properties": { + "KeyPolicy": { + "Statement": [ + { + "Action": "kms:*", + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" + ] + ] + } + }, + "Resource": "*" + }, + { + "Action": [ + "kms:Decrypt", + "kms:Encrypt", + "kms:GenerateDataKey*", + "kms:ReEncrypt*" + ], + "Effect": "Allow", + "Principal": { + "Service": "logging.s3.amazonaws.com" + }, + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "Description": "Created by aws-cdk-s3-server-access-logs-sse-kms/ServerAccessLogsBucket" + }, + "UpdateReplacePolicy": "Retain", + "DeletionPolicy": "Retain" + }, + "ServerAccessLogsBucket05F29982": { + "Type": "AWS::S3::Bucket", + "Properties": { + "BucketEncryption": { + "ServerSideEncryptionConfiguration": [ + { + "ServerSideEncryptionByDefault": { + "KMSMasterKeyID": { + "Fn::GetAtt": [ + "ServerAccessLogsBucketKey95B7E326", + "Arn" + ] + }, + "SSEAlgorithm": "aws:kms" + } + } + ] + }, + "Tags": [ + { + "Key": "aws-cdk:auto-delete-objects", + "Value": "true" + } + ] + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "ServerAccessLogsBucketPolicy947BE3EE": { + "Type": "AWS::S3::BucketPolicy", + "Properties": { + "Bucket": { + "Ref": "ServerAccessLogsBucket05F29982" + }, + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "s3:DeleteObject*", + "s3:GetBucket*", + "s3:List*" + ], + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::GetAtt": [ + "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092", + "Arn" + ] + } + }, + "Resource": [ + { + "Fn::GetAtt": [ + "ServerAccessLogsBucket05F29982", + "Arn" + ] + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "ServerAccessLogsBucket05F29982", + "Arn" + ] + }, + "/*" + ] + ] + } + ] + }, + { + "Action": "s3:PutObject", + "Condition": { + "ArnLike": { + "aws:SourceArn": { + "Fn::GetAtt": [ + "Bucket83908E77", + "Arn" + ] + } + }, + "StringEquals": { + "aws:SourceAccount": { + "Ref": "AWS::AccountId" + } + } + }, + "Effect": "Allow", + "Principal": { + "Service": "logging.s3.amazonaws.com" + }, + "Resource": { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "ServerAccessLogsBucket05F29982", + "Arn" + ] + }, + "/example*" + ] + ] + } + } + ], + "Version": "2012-10-17" + } + } + }, + "ServerAccessLogsBucketAutoDeleteObjectsCustomResourceDA32BBFB": { + "Type": "Custom::S3AutoDeleteObjects", + "Properties": { + "ServiceToken": { + "Fn::GetAtt": [ + "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F", + "Arn" + ] + }, + "BucketName": { + "Ref": "ServerAccessLogsBucket05F29982" + } + }, + "DependsOn": [ + "ServerAccessLogsBucketPolicy947BE3EE" + ], + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ] + }, + "ManagedPolicyArns": [ + { + "Fn::Sub": "arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + } + ] + } + }, + "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "S3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "S3Key": "40aa87cdf43c4095cec18bc443965f22ab2f8c1ace47e482a0ba4e35d83b0cc9.zip" + }, + "Timeout": 900, + "MemorySize": 128, + "Handler": "__entrypoint__.handler", + "Role": { + "Fn::GetAtt": [ + "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092", + "Arn" + ] + }, + "Runtime": "nodejs16.x", + "Description": { + "Fn::Join": [ + "", + [ + "Lambda function for auto-deleting objects in ", + { + "Ref": "ServerAccessLogsBucket05F29982" + }, + " S3 bucket." + ] + ] + } + }, + "DependsOn": [ + "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092" + ] + }, + "Bucket83908E77": { + "Type": "AWS::S3::Bucket", + "Properties": { + "LoggingConfiguration": { + "DestinationBucketName": { + "Ref": "ServerAccessLogsBucket05F29982" + }, + "LogFilePrefix": "example" + } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + } + }, + "Mappings": { + "DefaultCrNodeVersionMap": { + "af-south-1": { + "value": "nodejs16.x" + }, + "ap-east-1": { + "value": "nodejs16.x" + }, + "ap-northeast-1": { + "value": "nodejs16.x" + }, + "ap-northeast-2": { + "value": "nodejs16.x" + }, + "ap-northeast-3": { + "value": "nodejs16.x" + }, + "ap-south-1": { + "value": "nodejs16.x" + }, + "ap-south-2": { + "value": "nodejs16.x" + }, + "ap-southeast-1": { + "value": "nodejs16.x" + }, + "ap-southeast-2": { + "value": "nodejs16.x" + }, + "ap-southeast-3": { + "value": "nodejs16.x" + }, + "ca-central-1": { + "value": "nodejs16.x" + }, + "cn-north-1": { + "value": "nodejs16.x" + }, + "cn-northwest-1": { + "value": "nodejs16.x" + }, + "eu-central-1": { + "value": "nodejs16.x" + }, + "eu-central-2": { + "value": "nodejs16.x" + }, + "eu-north-1": { + "value": "nodejs16.x" + }, + "eu-south-1": { + "value": "nodejs16.x" + }, + "eu-south-2": { + "value": "nodejs16.x" + }, + "eu-west-1": { + "value": "nodejs16.x" + }, + "eu-west-2": { + "value": "nodejs16.x" + }, + "eu-west-3": { + "value": "nodejs16.x" + }, + "me-central-1": { + "value": "nodejs16.x" + }, + "me-south-1": { + "value": "nodejs16.x" + }, + "sa-east-1": { + "value": "nodejs16.x" + }, + "us-east-1": { + "value": "nodejs16.x" + }, + "us-east-2": { + "value": "nodejs16.x" + }, + "us-gov-east-1": { + "value": "nodejs16.x" + }, + "us-gov-west-1": { + "value": "nodejs16.x" + }, + "us-iso-east-1": { + "value": "nodejs14.x" + }, + "us-iso-west-1": { + "value": "nodejs14.x" + }, + "us-isob-east-1": { + "value": "nodejs14.x" + }, + "us-west-1": { + "value": "nodejs16.x" + }, + "us-west-2": { + "value": "nodejs16.x" + } + } + }, + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-server-access-logs-sse-kms.js.snapshot/cdk.out b/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-server-access-logs-sse-kms.js.snapshot/cdk.out new file mode 100644 index 0000000000000..7925065efbcc4 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-server-access-logs-sse-kms.js.snapshot/cdk.out @@ -0,0 +1 @@ +{"version":"31.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-server-access-logs-sse-kms.js.snapshot/integ.json b/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-server-access-logs-sse-kms.js.snapshot/integ.json new file mode 100644 index 0000000000000..13e49a9e69d4c --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-server-access-logs-sse-kms.js.snapshot/integ.json @@ -0,0 +1,12 @@ +{ + "version": "31.0.0", + "testCases": { + "ServerAccessLogsSseKmsTest/DefaultTest": { + "stacks": [ + "aws-cdk-s3-server-access-logs-sse-kms" + ], + "assertionStack": "ServerAccessLogsSseKmsTest/DefaultTest/DeployAssert", + "assertionStackName": "ServerAccessLogsSseKmsTestDefaultTestDeployAssertB937C102" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-server-access-logs-sse-kms.js.snapshot/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-server-access-logs-sse-kms.js.snapshot/manifest.json new file mode 100644 index 0000000000000..a7977003d35e7 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-server-access-logs-sse-kms.js.snapshot/manifest.json @@ -0,0 +1,153 @@ +{ + "version": "31.0.0", + "artifacts": { + "aws-cdk-s3-server-access-logs-sse-kms.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "aws-cdk-s3-server-access-logs-sse-kms.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "aws-cdk-s3-server-access-logs-sse-kms": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "aws-cdk-s3-server-access-logs-sse-kms.template.json", + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/a2b5b863d9f5b680816a4fb9864f0f6813798b7bbdd9fe1fcf001e106175a199.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "aws-cdk-s3-server-access-logs-sse-kms.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "aws-cdk-s3-server-access-logs-sse-kms.assets" + ], + "metadata": { + "/aws-cdk-s3-server-access-logs-sse-kms/ServerAccessLogsBucket/Key/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "ServerAccessLogsBucketKey95B7E326" + } + ], + "/aws-cdk-s3-server-access-logs-sse-kms/ServerAccessLogsBucket/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "ServerAccessLogsBucket05F29982" + } + ], + "/aws-cdk-s3-server-access-logs-sse-kms/ServerAccessLogsBucket/Policy/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "ServerAccessLogsBucketPolicy947BE3EE" + } + ], + "/aws-cdk-s3-server-access-logs-sse-kms/ServerAccessLogsBucket/AutoDeleteObjectsCustomResource/Default": [ + { + "type": "aws:cdk:logicalId", + "data": "ServerAccessLogsBucketAutoDeleteObjectsCustomResourceDA32BBFB" + } + ], + "/aws-cdk-s3-server-access-logs-sse-kms/DefaultCrNodeVersionMap": [ + { + "type": "aws:cdk:logicalId", + "data": "DefaultCrNodeVersionMap" + } + ], + "/aws-cdk-s3-server-access-logs-sse-kms/Custom::S3AutoDeleteObjectsCustomResourceProvider/Role": [ + { + "type": "aws:cdk:logicalId", + "data": "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092" + } + ], + "/aws-cdk-s3-server-access-logs-sse-kms/Custom::S3AutoDeleteObjectsCustomResourceProvider/Handler": [ + { + "type": "aws:cdk:logicalId", + "data": "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F" + } + ], + "/aws-cdk-s3-server-access-logs-sse-kms/Bucket/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "Bucket83908E77" + } + ], + "/aws-cdk-s3-server-access-logs-sse-kms/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/aws-cdk-s3-server-access-logs-sse-kms/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "aws-cdk-s3-server-access-logs-sse-kms" + }, + "ServerAccessLogsSseKmsTestDefaultTestDeployAssertB937C102.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "ServerAccessLogsSseKmsTestDefaultTestDeployAssertB937C102.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "ServerAccessLogsSseKmsTestDefaultTestDeployAssertB937C102": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "ServerAccessLogsSseKmsTestDefaultTestDeployAssertB937C102.template.json", + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "ServerAccessLogsSseKmsTestDefaultTestDeployAssertB937C102.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "ServerAccessLogsSseKmsTestDefaultTestDeployAssertB937C102.assets" + ], + "metadata": { + "/ServerAccessLogsSseKmsTest/DefaultTest/DeployAssert/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/ServerAccessLogsSseKmsTest/DefaultTest/DeployAssert/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "ServerAccessLogsSseKmsTest/DefaultTest/DeployAssert" + }, + "Tree": { + "type": "cdk:tree", + "properties": { + "file": "tree.json" + } + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-server-access-logs-sse-kms.js.snapshot/tree.json b/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-server-access-logs-sse-kms.js.snapshot/tree.json new file mode 100644 index 0000000000000..d0a0498e601ec --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-server-access-logs-sse-kms.js.snapshot/tree.json @@ -0,0 +1,404 @@ +{ + "version": "tree-0.1", + "tree": { + "id": "App", + "path": "", + "children": { + "aws-cdk-s3-server-access-logs-sse-kms": { + "id": "aws-cdk-s3-server-access-logs-sse-kms", + "path": "aws-cdk-s3-server-access-logs-sse-kms", + "children": { + "ServerAccessLogsBucket": { + "id": "ServerAccessLogsBucket", + "path": "aws-cdk-s3-server-access-logs-sse-kms/ServerAccessLogsBucket", + "children": { + "Key": { + "id": "Key", + "path": "aws-cdk-s3-server-access-logs-sse-kms/ServerAccessLogsBucket/Key", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-s3-server-access-logs-sse-kms/ServerAccessLogsBucket/Key/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::KMS::Key", + "aws:cdk:cloudformation:props": { + "keyPolicy": { + "Statement": [ + { + "Action": "kms:*", + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" + ] + ] + } + }, + "Resource": "*" + }, + { + "Action": [ + "kms:Decrypt", + "kms:Encrypt", + "kms:GenerateDataKey*", + "kms:ReEncrypt*" + ], + "Effect": "Allow", + "Principal": { + "Service": "logging.s3.amazonaws.com" + }, + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "description": "Created by aws-cdk-s3-server-access-logs-sse-kms/ServerAccessLogsBucket" + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_kms.CfnKey", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_kms.Key", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "aws-cdk-s3-server-access-logs-sse-kms/ServerAccessLogsBucket/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::S3::Bucket", + "aws:cdk:cloudformation:props": { + "bucketEncryption": { + "serverSideEncryptionConfiguration": [ + { + "serverSideEncryptionByDefault": { + "sseAlgorithm": "aws:kms", + "kmsMasterKeyId": { + "Fn::GetAtt": [ + "ServerAccessLogsBucketKey95B7E326", + "Arn" + ] + } + } + } + ] + }, + "tags": [ + { + "key": "aws-cdk:auto-delete-objects", + "value": "true" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3.CfnBucket", + "version": "0.0.0" + } + }, + "Policy": { + "id": "Policy", + "path": "aws-cdk-s3-server-access-logs-sse-kms/ServerAccessLogsBucket/Policy", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-s3-server-access-logs-sse-kms/ServerAccessLogsBucket/Policy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::S3::BucketPolicy", + "aws:cdk:cloudformation:props": { + "bucket": { + "Ref": "ServerAccessLogsBucket05F29982" + }, + "policyDocument": { + "Statement": [ + { + "Action": [ + "s3:DeleteObject*", + "s3:GetBucket*", + "s3:List*" + ], + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::GetAtt": [ + "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092", + "Arn" + ] + } + }, + "Resource": [ + { + "Fn::GetAtt": [ + "ServerAccessLogsBucket05F29982", + "Arn" + ] + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "ServerAccessLogsBucket05F29982", + "Arn" + ] + }, + "/*" + ] + ] + } + ] + }, + { + "Action": "s3:PutObject", + "Condition": { + "ArnLike": { + "aws:SourceArn": { + "Fn::GetAtt": [ + "Bucket83908E77", + "Arn" + ] + } + }, + "StringEquals": { + "aws:SourceAccount": { + "Ref": "AWS::AccountId" + } + } + }, + "Effect": "Allow", + "Principal": { + "Service": "logging.s3.amazonaws.com" + }, + "Resource": { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "ServerAccessLogsBucket05F29982", + "Arn" + ] + }, + "/example*" + ] + ] + } + } + ], + "Version": "2012-10-17" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3.CfnBucketPolicy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3.BucketPolicy", + "version": "0.0.0" + } + }, + "AutoDeleteObjectsCustomResource": { + "id": "AutoDeleteObjectsCustomResource", + "path": "aws-cdk-s3-server-access-logs-sse-kms/ServerAccessLogsBucket/AutoDeleteObjectsCustomResource", + "children": { + "Default": { + "id": "Default", + "path": "aws-cdk-s3-server-access-logs-sse-kms/ServerAccessLogsBucket/AutoDeleteObjectsCustomResource/Default", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnResource", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.CustomResource", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3.Bucket", + "version": "0.0.0" + } + }, + "DefaultCrNodeVersionMap": { + "id": "DefaultCrNodeVersionMap", + "path": "aws-cdk-s3-server-access-logs-sse-kms/DefaultCrNodeVersionMap", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnMapping", + "version": "0.0.0" + } + }, + "Custom::S3AutoDeleteObjectsCustomResourceProvider": { + "id": "Custom::S3AutoDeleteObjectsCustomResourceProvider", + "path": "aws-cdk-s3-server-access-logs-sse-kms/Custom::S3AutoDeleteObjectsCustomResourceProvider", + "children": { + "Staging": { + "id": "Staging", + "path": "aws-cdk-s3-server-access-logs-sse-kms/Custom::S3AutoDeleteObjectsCustomResourceProvider/Staging", + "constructInfo": { + "fqn": "aws-cdk-lib.AssetStaging", + "version": "0.0.0" + } + }, + "Role": { + "id": "Role", + "path": "aws-cdk-s3-server-access-logs-sse-kms/Custom::S3AutoDeleteObjectsCustomResourceProvider/Role", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnResource", + "version": "0.0.0" + } + }, + "Handler": { + "id": "Handler", + "path": "aws-cdk-s3-server-access-logs-sse-kms/Custom::S3AutoDeleteObjectsCustomResourceProvider/Handler", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnResource", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.CustomResourceProvider", + "version": "0.0.0" + } + }, + "Bucket": { + "id": "Bucket", + "path": "aws-cdk-s3-server-access-logs-sse-kms/Bucket", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-s3-server-access-logs-sse-kms/Bucket/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::S3::Bucket", + "aws:cdk:cloudformation:props": { + "loggingConfiguration": { + "destinationBucketName": { + "Ref": "ServerAccessLogsBucket05F29982" + }, + "logFilePrefix": "example" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3.CfnBucket", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3.Bucket", + "version": "0.0.0" + } + }, + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "aws-cdk-s3-server-access-logs-sse-kms/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "aws-cdk-s3-server-access-logs-sse-kms/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + }, + "ServerAccessLogsSseKmsTest": { + "id": "ServerAccessLogsSseKmsTest", + "path": "ServerAccessLogsSseKmsTest", + "children": { + "DefaultTest": { + "id": "DefaultTest", + "path": "ServerAccessLogsSseKmsTest/DefaultTest", + "children": { + "Default": { + "id": "Default", + "path": "ServerAccessLogsSseKmsTest/DefaultTest/Default", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.2.9" + } + }, + "DeployAssert": { + "id": "DeployAssert", + "path": "ServerAccessLogsSseKmsTest/DefaultTest/DeployAssert", + "children": { + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "ServerAccessLogsSseKmsTest/DefaultTest/DeployAssert/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "ServerAccessLogsSseKmsTest/DefaultTest/DeployAssert/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTestCase", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTest", + "version": "0.0.0" + } + }, + "Tree": { + "id": "Tree", + "path": "Tree", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.2.9" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.App", + "version": "0.0.0" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-server-access-logs-sse-kms.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-server-access-logs-sse-kms.ts new file mode 100644 index 0000000000000..30ca9d473f77a --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-server-access-logs-sse-kms.ts @@ -0,0 +1,24 @@ +#!/usr/bin/env node +import * as cdk from 'aws-cdk-lib'; +import * as integ from '@aws-cdk/integ-tests-alpha'; +import * as s3 from 'aws-cdk-lib/aws-s3'; + +const app = new cdk.App(); + +const stack = new cdk.Stack(app, 'aws-cdk-s3-server-access-logs-sse-kms'); + +const accessLogBucket = new s3.Bucket(stack, 'ServerAccessLogsBucket', { + autoDeleteObjects: true, + removalPolicy: cdk.RemovalPolicy.DESTROY, + encryption: s3.BucketEncryption.KMS, +}); + +new s3.Bucket(stack, 'Bucket', { + serverAccessLogsBucket: accessLogBucket, + serverAccessLogsPrefix: 'example', + removalPolicy: cdk.RemovalPolicy.DESTROY, +}); + +new integ.IntegTest(app, 'ServerAccessLogsSseKmsTest', { + testCases: [stack], +}); diff --git a/packages/aws-cdk-lib/aws-s3/lib/bucket.ts b/packages/aws-cdk-lib/aws-s3/lib/bucket.ts index 9ed54f3c07311..d220e220082bb 100644 --- a/packages/aws-cdk-lib/aws-s3/lib/bucket.ts +++ b/packages/aws-cdk-lib/aws-s3/lib/bucket.ts @@ -2123,17 +2123,14 @@ export class Bucket extends BucketBase { return undefined; } - if ( - // KMS can't be used for logging since the logging service can't use the key - logs don't write - // KMS_MANAGED can't be used for logging since the account can't access the logging service key - account can't read logs - (!props.serverAccessLogsBucket && ( - props.encryptionKey || - props.encryption === BucketEncryption.KMS_MANAGED || - props.encryption === BucketEncryption.KMS )) || - // Another bucket is being used that is configured for default SSE-KMS - props.serverAccessLogsBucket?.encryptionKey - ) { - throw new Error('SSE-S3 is the only supported default bucket encryption for Server Access Logging target buckets'); + // KMS_MANAGED can't be used for logging since the account can't access the logging service key - account can't read logs + if (!props.serverAccessLogsBucket && props.encryption === BucketEncryption.KMS_MANAGED) { + throw new Error('Default bucket encryption with KMS managed key is not supported for Server Access Logging target buckets'); + } + + // When there is an encryption key exists for the server access logs bucket, grant permission to the S3 logging SP. + if (props.serverAccessLogsBucket?.encryptionKey) { + props.serverAccessLogsBucket.encryptionKey.grantEncryptDecrypt(new iam.ServicePrincipal('logging.s3.amazonaws.com')); } return { diff --git a/packages/aws-cdk-lib/aws-s3/test/bucket.test.ts b/packages/aws-cdk-lib/aws-s3/test/bucket.test.ts index bf81401c0849c..b59ec5f1d8160 100644 --- a/packages/aws-cdk-lib/aws-s3/test/bucket.test.ts +++ b/packages/aws-cdk-lib/aws-s3/test/bucket.test.ts @@ -383,30 +383,30 @@ describe('bucket', () => { const stack = new cdk.Stack(); expect(() => { new s3.Bucket(stack, 'MyBucket', { encryption: s3.BucketEncryption.KMS_MANAGED, serverAccessLogsPrefix: 'test' }); - }).toThrow(/SSE-S3 is the only supported default bucket encryption for Server Access Logging target buckets/); + }).toThrow(/Default bucket encryption with KMS managed key is not supported for Server Access Logging target buckets/); }); - test('logs to self, KMS encryption without key throws error', () => { + test('logs to self, KMS encryption without key does not throw error', () => { const stack = new cdk.Stack(); expect(() => { new s3.Bucket(stack, 'MyBucket', { encryption: s3.BucketEncryption.KMS, serverAccessLogsPrefix: 'test' }); - }).toThrow(/SSE-S3 is the only supported default bucket encryption for Server Access Logging target buckets/); + }).not.toThrowError(); }); - test('logs to self, KMS encryption with key throws error', () => { + test('logs to self, KMS encryption with key does not throw error', () => { const stack = new cdk.Stack(); const key = new kms.Key(stack, 'TestKey'); expect(() => { new s3.Bucket(stack, 'MyBucket', { encryptionKey: key, encryption: s3.BucketEncryption.KMS, serverAccessLogsPrefix: 'test' }); - }).toThrow(/SSE-S3 is the only supported default bucket encryption for Server Access Logging target buckets/); + }).not.toThrowError(); }); - test('logs to self, KMS key with no specific encryption specified throws error', () => { + test('logs to self, KMS key with no specific encryption specified does not throw error', () => { const stack = new cdk.Stack(); const key = new kms.Key(stack, 'TestKey'); expect(() => { new s3.Bucket(stack, 'MyBucket', { encryptionKey: key, serverAccessLogsPrefix: 'test' }); - }).toThrow(/SSE-S3 is the only supported default bucket encryption for Server Access Logging target buckets/); + }).not.toThrowError(); }); testDeprecated('logs to separate bucket, UNENCRYPTED does not throw error', () => { @@ -426,40 +426,40 @@ describe('bucket', () => { }); // When provided an external bucket (as an IBucket), we cannot detect KMS_MANAGED encryption. Since this - // check is impossible, we skip thist test. + // check is impossible, we skip this test. // eslint-disable-next-line jest/no-disabled-tests test.skip('logs to separate bucket, KMS_MANAGED encryption throws error', () => { const stack = new cdk.Stack(); const logBucket = new s3.Bucket(stack, 'testLogBucket', { encryption: s3.BucketEncryption.KMS_MANAGED }); expect(() => { new s3.Bucket(stack, 'MyBucket', { serverAccessLogsBucket: logBucket }); - }).toThrow(/SSE-S3 is the only supported default bucket encryption for Server Access Logging target buckets/); + }).toThrow(/Default bucket encryption with KMS managed key is not supported for Server Access Logging target buckets/); }); - test('logs to separate bucket, KMS encryption without key throws error', () => { + test('logs to separate bucket, KMS encryption without key does not throw error', () => { const stack = new cdk.Stack(); const logBucket = new s3.Bucket(stack, 'testLogBucket', { encryption: s3.BucketEncryption.KMS }); expect(() => { new s3.Bucket(stack, 'MyBucket', { serverAccessLogsBucket: logBucket }); - }).toThrow(/SSE-S3 is the only supported default bucket encryption for Server Access Logging target buckets/); + }).not.toThrowError(); }); - test('logs to separate bucket, KMS encryption with key throws error', () => { + test('logs to separate bucket, KMS encryption with key does not throw error', () => { const stack = new cdk.Stack(); const key = new kms.Key(stack, 'TestKey'); const logBucket = new s3.Bucket(stack, 'testLogBucket', { encryptionKey: key, encryption: s3.BucketEncryption.KMS }); expect(() => { new s3.Bucket(stack, 'MyBucket', { serverAccessLogsBucket: logBucket }); - }).toThrow(/SSE-S3 is the only supported default bucket encryption for Server Access Logging target buckets/); + }).not.toThrowError(); }); - test('logs to separate bucket, KMS key with no specific encryption specified throws error', () => { + test('logs to separate bucket, KMS key with no specific encryption specified does not throw error', () => { const stack = new cdk.Stack(); const key = new kms.Key(stack, 'TestKey'); const logBucket = new s3.Bucket(stack, 'testLogBucket', { encryptionKey: key }); expect(() => { new s3.Bucket(stack, 'MyBucket', { serverAccessLogsBucket: logBucket }); - }).toThrow(/SSE-S3 is the only supported default bucket encryption for Server Access Logging target buckets/); + }).not.toThrowError(); }); test('bucket with versioning turned on', () => {