From 561cbc5d2aa7205ffa70a1463369a10aa59c876f Mon Sep 17 00:00:00 2001 From: Hogan Bobertz Date: Wed, 28 Jun 2023 04:35:47 -0400 Subject: [PATCH 01/12] chore: build noctilucent WASM library in a container (#26123) Due to the addition of noctilucent to cdk, contributors needed to download rust/rustup to be able to build the cdk. This uses the pre-existing dependency on Docker/Finch to containerize the process in order to not incur any further dependencies for contributors to manage. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- CONTRIBUTING.md | 8 ++-- packages/aws-cdk/.gitignore | 3 -- packages/aws-cdk/.npmignore | 4 +- packages/aws-cdk/generate.sh | 44 +++++++------------ .../aws-cdk/lib/vendor/noctilucent/.gitignore | 4 ++ .../aws-cdk/lib/vendor/noctilucent/Dockerfile | 41 +++++++++++++++++ packages/aws-cdk/vendor/README.md | 13 ------ 7 files changed, 68 insertions(+), 49 deletions(-) create mode 100644 packages/aws-cdk/lib/vendor/noctilucent/.gitignore create mode 100644 packages/aws-cdk/lib/vendor/noctilucent/Dockerfile delete mode 100644 packages/aws-cdk/vendor/README.md diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index ee4493a63fe4c..1356abe3eb3e6 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -207,7 +207,7 @@ eval $(gp env -e) ### Amazon CodeCatalyst Dev Environments -Dev Environments are cloud-based development environments. +Dev Environments are cloud-based development environments. [Amazon CodeCatalyst](https://aws.amazon.com/codecatalyst/) allows you to checkout your linked Github repositories in your Dev Environments with your favorite local IDEs such as VSCode or JetBrains. @@ -220,7 +220,7 @@ $ NODE_OPTIONS=--max-old-space-size=8192 npx lerna run build --scope=aws-cdk-lib You may [configure your Dev Env](https://docs.aws.amazon.com/codecatalyst/latest/userguide/devenvironment-devfile.html) with the `devfile.yaml` to further customize your Dev Env for CDK development. -Read the links below for more details: +Read the links below for more details: - [Dev Environments in CodeCatalyst](https://docs.aws.amazon.com/codecatalyst/latest/userguide/devenvironment.html) - [Using GitHub repositories in CodeCatalyst](https://docs.aws.amazon.com/codecatalyst/latest/userguide/extensions-github.html) - [Setting up to use the AWS CLI with CodeCatalyst](https://docs.aws.amazon.com/codecatalyst/latest/userguide/set-up-cli.html) @@ -429,7 +429,7 @@ $ npx cdk -a test/aws-eks/test/sample.js deploy This allows you to iterate your development and ensure a minimal sample app would successfully deploy as you expect. You have the freedom to interact with it just as a common CDK app such as viewing differences with `npx cdk diff` -or pass context variables with `npx cdk deploy -c`. You can rapidly iterate your testing with repeated deployments +or pass context variables with `npx cdk deploy -c`. You can rapidly iterate your testing with repeated deployments by importing existing resource such as existing VPC. This can save a lot of time and help you focus on the core changes. ```ts @@ -439,7 +439,7 @@ const vpc = ec2.Vpc.fromLookup(stack, 'Vpc', { isDefault: true }); As this is for testing only, do not commit `sample.ts` and `sample.js` to your PR branch. Alternatively, you can write this test as a new integration test like `integ.my-test.ts` and deploy it -using `yarn integ --no-clean`. This may be useful when you need to publish a new +using `yarn integ --no-clean`. This may be useful when you need to publish a new integration test: ```console diff --git a/packages/aws-cdk/.gitignore b/packages/aws-cdk/.gitignore index 899d0fdac592b..86263e936e436 100644 --- a/packages/aws-cdk/.gitignore +++ b/packages/aws-cdk/.gitignore @@ -39,6 +39,3 @@ test/integ/cli/*.d.ts .DS_Store junit.xml - -# Exclude the noctilucent WASM package -lib/vendor/noctilucent/ diff --git a/packages/aws-cdk/.npmignore b/packages/aws-cdk/.npmignore index c1bf792f00614..a5f61214eee06 100644 --- a/packages/aws-cdk/.npmignore +++ b/packages/aws-cdk/.npmignore @@ -29,5 +29,5 @@ tsconfig.json **/cdk.out junit.xml -# exclude noctilucent source -/vendor/noctilucent/ +generate.sh +lib/vendor/noctilucent/Dockerfile diff --git a/packages/aws-cdk/generate.sh b/packages/aws-cdk/generate.sh index 036695896515e..aa3ef3136a431 100755 --- a/packages/aws-cdk/generate.sh +++ b/packages/aws-cdk/generate.sh @@ -15,30 +15,20 @@ cat > build-info.json </dev/null 2>/dev/null; then - echo "installing wasm-pack, this may take a while..." - cargo install wasm-pack - fi - - pkgroot=$(cd $(dirname -- "$0") && pwd) - - cd vendor/noctilucent - wasm-pack build --target nodejs \ - --out-dir="${pkgroot}/lib/vendor/noctilucent" \ - --out-name=index - - cd ../../lib/vendor/noctilucent - rm package.json -) +# Build noctilucent package in a Docker/Finch VM +NOCTILUCENT_GIT="https://github.com/iph/noctilucent.git" +NOCTILUCENT_COMMIT_ID="6da7c9fade55f8443bba7b8fdfcd4ebfe5208fb1" +if [ "$(cat lib/vendor/noctilucent/.version 2>/dev/null || echo '')" == "${NOCTILUCENT_GIT}:${NOCTILUCENT_COMMIT_ID}" ] +then + echo "⏭️ Noctilucent WASM binary is up-to date, skipping build..." + echo "ℹ️ Delete lib/vendor/noctilucent/.version to force a rebuild." +else + echo "⏳ Building Noctilucent WASM binary for embedding... This will take a while..." + ${CDK_DOCKER:-docker} build --rm \ + --build-arg NOCTILUCENT_GIT="${NOCTILUCENT_GIT}" \ + --build-arg NOCTILUCENT_COMMIT_ID="${NOCTILUCENT_COMMIT_ID}" \ + --file lib/vendor/noctilucent/Dockerfile \ + --target wasm \ + --output type=local,dest=lib/vendor/noctilucent \ + lib/vendor/noctilucent +fi diff --git a/packages/aws-cdk/lib/vendor/noctilucent/.gitignore b/packages/aws-cdk/lib/vendor/noctilucent/.gitignore new file mode 100644 index 0000000000000..2f2a446da42e4 --- /dev/null +++ b/packages/aws-cdk/lib/vendor/noctilucent/.gitignore @@ -0,0 +1,4 @@ +# Ignore all files in this directory except the Dockerfile +/* +!/.gitignore +!/Dockerfile diff --git a/packages/aws-cdk/lib/vendor/noctilucent/Dockerfile b/packages/aws-cdk/lib/vendor/noctilucent/Dockerfile new file mode 100644 index 0000000000000..b0071c6c2b0c9 --- /dev/null +++ b/packages/aws-cdk/lib/vendor/noctilucent/Dockerfile @@ -0,0 +1,41 @@ +FROM public.ecr.aws/debian/debian:buster-slim as build + +# Install basic pre-requisites +RUN apt-get update \ + && apt-get install -y build-essential curl git libssl-dev openssl pkg-config zsh + +# Make sure we use the correct shell going forward +SHELL ["/bin/zsh", "-c"] + +# Install Rustup +ENV RUSTUP_HOME=/usr/local/rustup +ENV CARGO_HOME=/usr/local/cargo +RUN set -eo pipefail \ + && curl -fSsL "https://sh.rustup.rs" | sh -s -- -y --no-modify-path --profile=minimal \ + && echo "source ${CARGO_HOME}/env" >> /etc/profile.d/cargo.sh \ + && chmod -R a+rw ${CARGO_HOME} +ENV PATH=$PATH:${CARGO_HOME}/bin + +# Install Node +RUN curl -fsSL https://deb.nodesource.com/setup_20.x | bash - \ + && apt-get install -y nodejs + +# Install wasm-pack +RUN cargo install wasm-opt wasm-pack + +ARG NOCTILUCENT_GIT +ARG NOCTILUCENT_COMMIT_ID + +# Check out noctilucent +RUN git clone "${NOCTILUCENT_GIT}" "${TMPDIR}/noctilucent" \ + && git -C "${TMPDIR}/noctilucent" checkout -b wasm "${NOCTILUCENT_COMMIT_ID}" + +# Build noctilucent to WASM +RUN cd "${TMPDIR}/noctilucent" \ + && wasm-pack build --target=nodejs --out-name=index --out-dir=/wasm-out \ + && rm --force /wasm-out/.gitignore /wasm-out/README.md /wasm-out/package.json \ + && echo "${NOCTILUCENT_GIT}:${NOCTILUCENT_COMMIT_ID}" > /wasm-out/.version + +#################################################################################################### +FROM scratch as wasm +COPY --from=build /wasm-out / diff --git a/packages/aws-cdk/vendor/README.md b/packages/aws-cdk/vendor/README.md deleted file mode 100644 index 1c9974a89f7e8..0000000000000 --- a/packages/aws-cdk/vendor/README.md +++ /dev/null @@ -1,13 +0,0 @@ -## Vendored-in dependencies - -The dependencies in this directory are checked out using the `gen` script. -This will fetch and clone the noctilucent crate and generate the wasm code if -that has not been done already, ensuring the dependencies are adequately -checked out. - -In order to update the notcilucent crate, run the ./generate.sh script. If you wish -to update to a different noctilucent commit hash instead of the one provided, modify -the hash in the generate.sh script and then rerun ./generate.sh - -The `THIRD_PARTY_LICENSES` file might need updating accordingly, which can be -automatically done by running `yarn pkglint`. From 72eb1e957afb9d1573445999eddd38b5c345fa7a Mon Sep 17 00:00:00 2001 From: AWS CDK Automation <43080478+aws-cdk-automation@users.noreply.github.com> Date: Wed, 28 Jun 2023 05:32:23 -0400 Subject: [PATCH 02/12] docs(cfnspec): update CloudFormation documentation (#26141) --- .../spec-source/cfn-docs/cfn-docs.json | 44 +++++++++---------- 1 file changed, 22 insertions(+), 22 deletions(-) diff --git a/packages/@aws-cdk/cfnspec/spec-source/cfn-docs/cfn-docs.json b/packages/@aws-cdk/cfnspec/spec-source/cfn-docs/cfn-docs.json index 4f61ebbb1cb9e..0b85d92108d14 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/cfn-docs/cfn-docs.json +++ b/packages/@aws-cdk/cfnspec/spec-source/cfn-docs/cfn-docs.json @@ -22432,19 +22432,19 @@ "properties": { "Name": "A descriptive label that is associated with a build. Build names do not need to be unique.", "OperatingSystem": "The operating system that your game server binaries run on. This value determines the type of fleet resources that you use for this build. If your game build contains multiple executables, they all must run on the same operating system. You must specify a valid operating system in this request. There is no default value. You can't change a build's operating system later.\n\n> If you have active fleets using the Windows Server 2012 operating system, you can continue to create new builds using this OS until October 10, 2023, when Microsoft ends its support. All others must use Windows Server 2016 when creating new Windows-based builds.", - "ServerSdkVersion": "A server SDK version you used when integrating your game server build with Amazon GameLift. For more information see [Integrate games with custom game servers](https://docs.aws.amazon.com/gamelift/latest/developerguide/integration-custom-intro.html) . By default Amazon GameLift sets this value to `4.0.2` .", + "ServerSdkVersion": "The Amazon GameLift Server SDK version used to develop your game server.", "StorageLocation": "Information indicating where your game build files are stored. Use this parameter only when creating a build with files stored in an Amazon S3 bucket that you own. The storage location must specify an Amazon S3 bucket name and key. The location must also specify a role ARN that you set up to allow Amazon GameLift to access your Amazon S3 bucket. The S3 bucket and your new build must be in the same Region.\n\nIf a `StorageLocation` is specified, the size of your file can be found in your Amazon S3 bucket. Amazon GameLift will report a `SizeOnDisk` of 0.", "Version": "Version information that is associated with this build. Version strings do not need to be unique." } }, "AWS::GameLift::Build.StorageLocation": { "attributes": {}, - "description": "The location in Amazon S3 where build or script files are stored for access by Amazon GameLift.", + "description": "", "properties": { - "Bucket": "An Amazon S3 bucket identifier. Thename of the S3 bucket.\n\n> Amazon GameLift doesn't support uploading from Amazon S3 buckets with names that contain a dot (.).", - "Key": "The name of the zip file that contains the build files or script files.", - "ObjectVersion": "The version of the file, if object versioning is turned on for the bucket. Amazon GameLift uses this information when retrieving files from your S3 bucket. To retrieve a specific version of the file, provide an object version. To retrieve the latest version of the file, do not set this parameter.", - "RoleArn": "The Amazon Resource Name ( [ARN](https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-arn-format.html) ) for an IAM role that allows Amazon GameLift to access the S3 bucket." + "Bucket": "", + "Key": "", + "ObjectVersion": "", + "RoleArn": "" } }, "AWS::GameLift::Fleet": { @@ -50356,9 +50356,9 @@ }, "AWS::QuickSight::DataSet.DataSetRefreshProperties": { "attributes": {}, - "description": "", + "description": "The refresh properties of a dataset.", "properties": { - "RefreshConfiguration": "" + "RefreshConfiguration": "The refresh configuration for a dataset." } }, "AWS::QuickSight::DataSet.DataSetUsageConfiguration": { @@ -50394,7 +50394,7 @@ "attributes": {}, "description": "", "properties": { - "StaticValues": "" + "StaticValues": "A list of static default values for a given date time parameter. The valid format for this property is `yyyy-MM-dd\u2019T\u2019HH:mm:ss\u2019Z\u2019` ." } }, "AWS::QuickSight::DataSet.DecimalDatasetParameter": { @@ -50440,9 +50440,9 @@ }, "AWS::QuickSight::DataSet.IncrementalRefresh": { "attributes": {}, - "description": "", + "description": "The incremental refresh configuration for a dataset.", "properties": { - "LookbackWindow": "" + "LookbackWindow": "The lookback window setup for an incremental refresh configuration." } }, "AWS::QuickSight::DataSet.IngestionWaitPolicy": { @@ -50517,18 +50517,18 @@ }, "AWS::QuickSight::DataSet.LookbackWindow": { "attributes": {}, - "description": "", + "description": "The lookback window setup of an incremental refresh configuration.", "properties": { - "ColumnName": "", - "Size": "", - "SizeUnit": "" + "ColumnName": "The name of the lookback window column.", + "Size": "The lookback window column size.", + "SizeUnit": "The size unit that is used for the lookback window column. Valid values for this structure are `HOUR` , `DAY` , and `WEEK` ." } }, "AWS::QuickSight::DataSet.NewDefaultValues": { "attributes": {}, "description": "", "properties": { - "DateTimeStaticValues": "", + "DateTimeStaticValues": "A list of static default values for a given date time parameter. The valid format for this property is `yyyy-MM-dd\u2019T\u2019HH:mm:ss\u2019Z\u2019` .", "DecimalStaticValues": "", "IntegerStaticValues": "", "StringStaticValues": "" @@ -50545,10 +50545,10 @@ }, "AWS::QuickSight::DataSet.OverrideDatasetParameterOperation": { "attributes": {}, - "description": "", + "description": "A transform operation that overrides the dataset parameter values that are defined in another dataset.", "properties": { - "NewDefaultValues": "", - "NewParameterName": "", + "NewDefaultValues": "The new default values for the parameter.", + "NewParameterName": "The new name for the parameter.", "ParameterName": "" } }, @@ -50570,9 +50570,9 @@ }, "AWS::QuickSight::DataSet.RefreshConfiguration": { "attributes": {}, - "description": "", + "description": "The refresh configuration of a dataset.", "properties": { - "IncrementalRefresh": "" + "IncrementalRefresh": "The incremental refresh for the dataset." } }, "AWS::QuickSight::DataSet.RelationalTable": { @@ -56920,7 +56920,7 @@ "AwsAccountId": "The AWS account that owns the physical resource.", "AwsRegion": "The AWS Region that the physical resource is located in.", "Identifier": "The identifier of the physical resource.", - "Type": "Specifies the type of physical resource identifier.\n\n- **Arn** - The resource identifier is an Amazon Resource Name (ARN) .\n- **Native** - The resource identifier is an AWS Resilience Hub -native identifier." + "Type": "Specifies the type of physical resource identifier.\n\n- **Arn** - The resource identifier is an Amazon Resource Name (ARN) and it can identify the following list of resources:\n\n- `AWS::ECS::Service`\n- `AWS::EFS::FileSystem`\n- `AWS::ElasticLoadBalancingV2::LoadBalancer`\n- `AWS::Lambda::Function`\n- `AWS::SNS::Topic`\n- **Native** - The resource identifier is an AWS Resilience Hub -native identifier and it can identify the following list of resources:\n\n- `AWS::ApiGateway::RestApi`\n- `AWS::ApiGatewayV2::Api`\n- `AWS::AutoScaling::AutoScalingGroup`\n- `AWS::DocDB::DBCluster`\n- `AWS::DocDB::DBGlobalCluster`\n- `AWS::DocDB::DBInstance`\n- `AWS::DynamoDB::GlobalTable`\n- `AWS::DynamoDB::Table`\n- `AWS::EC2::EC2Fleet`\n- `AWS::EC2::Instance`\n- `AWS::EC2::NatGateway`\n- `AWS::EC2::Volume`\n- `AWS::ElasticLoadBalancing::LoadBalancer`\n- `AWS::RDS::DBCluster`\n- `AWS::RDS::DBInstance`\n- `AWS::RDS::GlobalCluster`\n- `AWS::Route53::RecordSet`\n- `AWS::S3::Bucket`\n- `AWS::SQS::Queue`" } }, "AWS::ResilienceHub::App.ResourceMapping": { From ee3d41e674bc6b02cabd986de92075350017209b Mon Sep 17 00:00:00 2001 From: Hirotaka Tagawa / wafuwafu13 Date: Wed, 28 Jun 2023 18:04:41 +0100 Subject: [PATCH 03/12] fix(core): prevent the error when the condition is split into groups of 10 and 1 in `Fn.conditionAnd()` (#25999) Closes https://github.com/aws/aws-cdk/issues/25696#issuecomment-1561064092 Same solution as https://github.com/aws/aws-cdk/pull/25708 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- packages/aws-cdk-lib/core/lib/cfn-fn.ts | 5 +- .../aws-cdk-lib/core/test/condition.test.ts | 100 ++++++++++++++++++ 2 files changed, 104 insertions(+), 1 deletion(-) diff --git a/packages/aws-cdk-lib/core/lib/cfn-fn.ts b/packages/aws-cdk-lib/core/lib/cfn-fn.ts index 2441aaabe56a0..01b235a67d13b 100644 --- a/packages/aws-cdk-lib/core/lib/cfn-fn.ts +++ b/packages/aws-cdk-lib/core/lib/cfn-fn.ts @@ -275,7 +275,10 @@ export class Fn { if (conditions.length === 1) { return conditions[0] as ICfnRuleConditionExpression; } - return Fn.conditionAnd(..._inGroupsOf(conditions, 10).map(group => new FnAnd(...group))); + if (conditions.length <= 10) { + return new FnAnd(...conditions); + } + return Fn.conditionAnd(..._inGroupsOf(conditions, 10).map(group => Fn.conditionAnd(...group))); } /** diff --git a/packages/aws-cdk-lib/core/test/condition.test.ts b/packages/aws-cdk-lib/core/test/condition.test.ts index cfb5670394122..db7c8af4dfd10 100644 --- a/packages/aws-cdk-lib/core/test/condition.test.ts +++ b/packages/aws-cdk-lib/core/test/condition.test.ts @@ -60,6 +60,106 @@ describe('condition', () => { }); }); + test('condition length is 10n + 1 in Fn.conditionAnd', () => { + // GIVEN + const stack = new cdk.Stack(); + const expression = cdk.Fn.conditionAnd( + cdk.Fn.conditionEquals('a', '1'), + cdk.Fn.conditionEquals('b', '2'), + cdk.Fn.conditionEquals('c', '3'), + cdk.Fn.conditionEquals('d', '4'), + cdk.Fn.conditionEquals('e', '5'), + cdk.Fn.conditionEquals('f', '6'), + cdk.Fn.conditionEquals('g', '7'), + cdk.Fn.conditionEquals('h', '8'), + cdk.Fn.conditionEquals('i', '9'), + cdk.Fn.conditionEquals('j', '10'), + cdk.Fn.conditionEquals('k', '11'), + ); + + // WHEN + new cdk.CfnCondition(stack, 'Condition', { expression }); + + // THEN + expect(toCloudFormation(stack)).toEqual({ + Conditions: { + Condition: { + 'Fn::And': [ + { + 'Fn::And': [ + { 'Fn::Equals': ['a', '1'] }, + { 'Fn::Equals': ['b', '2'] }, + { 'Fn::Equals': ['c', '3'] }, + { 'Fn::Equals': ['d', '4'] }, + { 'Fn::Equals': ['e', '5'] }, + { 'Fn::Equals': ['f', '6'] }, + { 'Fn::Equals': ['g', '7'] }, + { 'Fn::Equals': ['h', '8'] }, + { 'Fn::Equals': ['i', '9'] }, + { 'Fn::Equals': ['j', '10'] }, + ], + }, + { + 'Fn::Equals': ['k', '11'], + }, + ], + }, + }, + }); + }); + + test('condition length is more than 10 in Fn.conditionAnd', () => { + // GIVEN + const stack = new cdk.Stack(); + const expression = cdk.Fn.conditionAnd( + cdk.Fn.conditionEquals('a', '1'), + cdk.Fn.conditionEquals('b', '2'), + cdk.Fn.conditionEquals('c', '3'), + cdk.Fn.conditionEquals('d', '4'), + cdk.Fn.conditionEquals('e', '5'), + cdk.Fn.conditionEquals('f', '6'), + cdk.Fn.conditionEquals('g', '7'), + cdk.Fn.conditionEquals('h', '8'), + cdk.Fn.conditionEquals('i', '9'), + cdk.Fn.conditionEquals('j', '10'), + cdk.Fn.conditionEquals('k', '11'), + cdk.Fn.conditionEquals('l', '12'), + ); + + // WHEN + new cdk.CfnCondition(stack, 'Condition', { expression }); + + // THEN + expect(toCloudFormation(stack)).toEqual({ + Conditions: { + Condition: { + 'Fn::And': [ + { + 'Fn::And': [ + { 'Fn::Equals': ['a', '1'] }, + { 'Fn::Equals': ['b', '2'] }, + { 'Fn::Equals': ['c', '3'] }, + { 'Fn::Equals': ['d', '4'] }, + { 'Fn::Equals': ['e', '5'] }, + { 'Fn::Equals': ['f', '6'] }, + { 'Fn::Equals': ['g', '7'] }, + { 'Fn::Equals': ['h', '8'] }, + { 'Fn::Equals': ['i', '9'] }, + { 'Fn::Equals': ['j', '10'] }, + ], + }, + { + 'Fn::And': [ + { 'Fn::Equals': ['k', '11'] }, + { 'Fn::Equals': ['l', '12'] }, + ], + }, + ], + }, + }, + }); + }); + test('condition length is 10n + 1 in Fn.conditionOr', () => { // GIVEN const stack = new cdk.Stack(); From 8056e38aae564644f283554318de3334c5a95252 Mon Sep 17 00:00:00 2001 From: Cory Hall <43035978+corymhall@users.noreply.github.com> Date: Wed, 28 Jun 2023 14:14:32 -0400 Subject: [PATCH 04/12] chore(integ-runner): add fsevents to optionalDependencies (#26151) This matches the behavior of [aws-cdk](https://github.com/aws/aws-cdk/blob/main/packages/aws-cdk/package.json#L31-L35) When `integ-runner` is installed on a mac, `fsevents` will be installed as well. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- packages/@aws-cdk/integ-runner/package.json | 3 +++ 1 file changed, 3 insertions(+) diff --git a/packages/@aws-cdk/integ-runner/package.json b/packages/@aws-cdk/integ-runner/package.json index e813abd0fe939..4112e216760f4 100644 --- a/packages/@aws-cdk/integ-runner/package.json +++ b/packages/@aws-cdk/integ-runner/package.json @@ -29,6 +29,9 @@ "lib/workers/extract/index.js" ], "externals": { + "optionalDependencies": [ + "fsevents" + ], "dependencies": [ "aws-cdk" ] From edad593db1882225936be64b5d7dbd4ac6a5094a Mon Sep 17 00:00:00 2001 From: Shailja Khurana <117320115+khushail@users.noreply.github.com> Date: Wed, 28 Jun 2023 11:48:48 -0700 Subject: [PATCH 05/12] chore: added write permissions in the stale-discussions workflow (#26154) Added write permission for github workflow action as required. This would eliminate the need for changing github repo settings as mentioned [here](https://github.com/aws-github-ops/handle-stale-discussions/blob/main/README.md#steps-to-enable-this-action-in-your-repository) > [CONTRIBUTING GUIDE]: https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md > [DESIGN GUIDELINES]: https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md Closes #. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- .github/workflows/handle-stale-discussions.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/handle-stale-discussions.yml b/.github/workflows/handle-stale-discussions.yml index acee0ec83e409..2b89f2da15f21 100644 --- a/.github/workflows/handle-stale-discussions.yml +++ b/.github/workflows/handle-stale-discussions.yml @@ -9,6 +9,8 @@ jobs: handle-stale-discussions: name: Handle stale discussions runs-on: ubuntu-latest + permissions: + discussions: write steps: - name: Stale discussions action uses: aws-github-ops/handle-stale-discussions@v1 From 43cf9ac43dd97a881435dec397b97d58beeab8c5 Mon Sep 17 00:00:00 2001 From: AWS CDK Team Date: Thu, 29 Jun 2023 00:26:44 +0000 Subject: [PATCH 06/12] chore(release): 2.86.0 --- CHANGELOG.v2.alpha.md | 14 ++++++++++++++ CHANGELOG.v2.md | 18 ++++++++++++++++++ version.v2.json | 4 ++-- 3 files changed, 34 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.v2.alpha.md b/CHANGELOG.v2.alpha.md index 199208e94d1bc..97f4597adef23 100644 --- a/CHANGELOG.v2.alpha.md +++ b/CHANGELOG.v2.alpha.md @@ -2,6 +2,20 @@ All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines. +## [2.86.0-alpha.0](https://github.com/aws/aws-cdk/compare/v2.85.0-alpha.0...v2.86.0-alpha.0) (2023-06-29) + + +### Features + +* **app-staging-synthesizer:** select different bootstrap region ([#26129](https://github.com/aws/aws-cdk/issues/26129)) ([2fec6a4](https://github.com/aws/aws-cdk/commit/2fec6a4cd09bd08b7183f1e67d5d7eb487e4ac29)) +* **integ-runner:** integ-runner --watch ([#26087](https://github.com/aws/aws-cdk/issues/26087)) ([1fe2f09](https://github.com/aws/aws-cdk/commit/1fe2f095a0bc0aafb6b2dbd0cdaae79cc2e59ddd)) +* **integ-tests:** new HttpApiCall method to easily make http calls ([#26102](https://github.com/aws/aws-cdk/issues/26102)) ([00b9c84](https://github.com/aws/aws-cdk/commit/00b9c84ecf17c05a4c794ba7b5bdc9d83b2fba16)) + + +### Bug Fixes + +* **batch-alpha:** cannot import FargateComputeEnvironment with fromFargateComputeEnvironmentArn ([#25985](https://github.com/aws/aws-cdk/issues/25985)) ([05810f4](https://github.com/aws/aws-cdk/commit/05810f44f3fa008c07c6fe39bacd2a00c52b32a0)), closes [40aws-cdk/aws-batch-alpha/lib/managed-compute-environment.ts#L1071](https://github.com/40aws-cdk/aws-batch-alpha/lib/managed-compute-environment.ts/issues/L1071) [40aws-cdk/aws-batch-alpha/lib/managed-compute-environment.ts#L1077-L1079](https://github.com/40aws-cdk/aws-batch-alpha/lib/managed-compute-environment.ts/issues/L1077-L1079) [#25979](https://github.com/aws/aws-cdk/issues/25979) + ## [2.85.0-alpha.0](https://github.com/aws/aws-cdk/compare/v2.84.0-alpha.0...v2.85.0-alpha.0) (2023-06-21) diff --git a/CHANGELOG.v2.md b/CHANGELOG.v2.md index 94cc13d3359f8..b756c11edd507 100644 --- a/CHANGELOG.v2.md +++ b/CHANGELOG.v2.md @@ -2,6 +2,24 @@ All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines. +## [2.86.0](https://github.com/aws/aws-cdk/compare/v2.85.0...v2.86.0) (2023-06-29) + + +### Features + +* **cfnspec:** cloudformation spec v128.1.0 ([#26096](https://github.com/aws/aws-cdk/issues/26096)) ([d71c040](https://github.com/aws/aws-cdk/commit/d71c0407e7091a240dbecfdc910dc632ed1b7bff)) + + +### Bug Fixes + +* **cdk-lib:** Pass lookupRoleArn to NestedStackSynthesizer ([#26116](https://github.com/aws/aws-cdk/issues/26116)) ([3c29223](https://github.com/aws/aws-cdk/commit/3c29223b178840368088b56aba2db9d2365bceed)) +* **core:** network option is not being propagated to Docker ([#26014](https://github.com/aws/aws-cdk/issues/26014)) ([341de48](https://github.com/aws/aws-cdk/commit/341de48e3637953514a009715dfdeeb061aad929)) +* **core:** prevent the error when the condition is split into groups of 10 and 1 in `Fn.conditionAnd()` ([#25999](https://github.com/aws/aws-cdk/issues/25999)) ([ee3d41e](https://github.com/aws/aws-cdk/commit/ee3d41e674bc6b02cabd986de92075350017209b)), closes [/github.com/aws/aws-cdk/issues/25696#issuecomment-1561064092](https://github.com/aws//github.com/aws/aws-cdk/issues/25696/issues/issuecomment-1561064092) +* **ecs:** potential race condition on TaskRole default policy update with CfnService ([#26070](https://github.com/aws/aws-cdk/issues/26070)) ([2d9078c](https://github.com/aws/aws-cdk/commit/2d9078c6afc77c0ef026d74168730bff2a167a60)), closes [#24880](https://github.com/aws/aws-cdk/issues/24880) +* **ecs:** validation for task definition fails when task-level memory is defined but container-level memory and memoryReservation are not defined with EC2 compatibility ([#26027](https://github.com/aws/aws-cdk/issues/26027)) ([0e251e6](https://github.com/aws/aws-cdk/commit/0e251e68bad90b2dd7cb3ef48dfe025695e4ab64)), closes [#25275](https://github.com/aws/aws-cdk/issues/25275) +* **elbv2:** correct wrong timeout validation ([#26031](https://github.com/aws/aws-cdk/issues/26031)) ([636841c](https://github.com/aws/aws-cdk/commit/636841c380ccc3a6da372117cf0317f351a75cff)), closes [#26023](https://github.com/aws/aws-cdk/issues/26023) +* **stepfunctions:** nested arrays are not serialized correctly ([#26055](https://github.com/aws/aws-cdk/issues/26055)) ([f9d4573](https://github.com/aws/aws-cdk/commit/f9d45738d7b1ad0c9ad9877fe961fe063f544224)), closes [#26045](https://github.com/aws/aws-cdk/issues/26045) + ## [2.85.0](https://github.com/aws/aws-cdk/compare/v2.84.0...v2.85.0) (2023-06-21) diff --git a/version.v2.json b/version.v2.json index bff29b1fafe02..ffbdc6f954234 100644 --- a/version.v2.json +++ b/version.v2.json @@ -1,4 +1,4 @@ { - "version": "2.85.0", - "alphaVersion": "2.85.0-alpha.0" + "version": "2.86.0", + "alphaVersion": "2.86.0-alpha.0" } \ No newline at end of file From dc6f120a0bf6c9335a82677e7b3c112245bf06ae Mon Sep 17 00:00:00 2001 From: Calvin Combs <66279577+comcalvi@users.noreply.github.com> Date: Thu, 29 Jun 2023 01:13:11 -0700 Subject: [PATCH 07/12] fix(batch): Allow ECS JobDefinition Containers to pass Secrets as Environment Variables & Enable Kubernetes Secret Volumes (#26126) Changes the type of `secrets` from `ISecret[]` to `{ [key: string]: ISecret }`. The `key` is the name of the environment variable to expose to the container. Also enables the specification of EKS Kubernetes volumes, which our README documented but wasn't actually supported because of a CFN issue that has since been fixed. Closes #25559. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- packages/@aws-cdk/aws-batch-alpha/README.md | 23 ++++ .../lib/ecs-container-definition.ts | 18 +-- .../lib/eks-container-definition.ts | 6 +- .../aws-batch-alpha/lib/eks-job-definition.ts | 3 +- .../test/ecs-container-definition.test.ts | 60 +-------- .../test/eks-container-definition.test.ts | 126 +++++++++++++++--- ...efaultTestDeployAssertE5BAAC9B.assets.json | 2 +- .../cdk.out | 2 +- .../integ.json | 2 +- .../manifest.json | 10 +- .../stack.assets.json | 6 +- .../stack.template.json | 16 +++ .../tree.json | 90 +++++++++---- .../test/integ.ecs-job-definition.ts | 4 + ...efaultTestDeployAssertE5BAAC9B.assets.json | 2 +- .../cdk.out | 2 +- .../integ.json | 2 +- .../manifest.json | 4 +- .../stack.assets.json | 6 +- .../stack.template.json | 22 +++ .../tree.json | 52 +++++--- .../test/integ.eks-job-definition.ts | 14 +- .../test/job-definition-base.test.ts | 12 -- 23 files changed, 317 insertions(+), 167 deletions(-) diff --git a/packages/@aws-cdk/aws-batch-alpha/README.md b/packages/@aws-cdk/aws-batch-alpha/README.md index 8ee8f6fb6c50c..434d108e303ae 100644 --- a/packages/@aws-cdk/aws-batch-alpha/README.md +++ b/packages/@aws-cdk/aws-batch-alpha/README.md @@ -495,6 +495,29 @@ jobDefn.container.addVolume(batch.EcsVolume.efs({ })); ``` +### Secrets + +You can expose SecretsManager Secret ARNs to your container as environment variables. +The following example defines the `MY_SECRET_ENV_VAR` environment variable that contains the +ARN of the Secret defined by `mySecret`: + +```ts +import * as cdk from 'aws-cdk-lib'; + +declare const mySecret: secretsmanager.ISecret; + +const jobDefn = new batch.EcsJobDefinition(this, 'JobDefn', { + container: new batch.EcsEc2ContainerDefinition(this, 'containerDefn', { + image: ecs.ContainerImage.fromRegistry('public.ecr.aws/amazonlinux/amazonlinux:latest'), + memory: cdk.Size.mebibytes(2048), + cpu: 256, + secrets: { + MY_SECRET_ENV_VAR: mySecret, + } + }), +}); +``` + ### Running Kubernetes Workflows Batch also supports running workflows on EKS. The following example creates a `JobDefinition` that runs on EKS: diff --git a/packages/@aws-cdk/aws-batch-alpha/lib/ecs-container-definition.ts b/packages/@aws-cdk/aws-batch-alpha/lib/ecs-container-definition.ts index 323798cd66cdf..c4b13e6829253 100644 --- a/packages/@aws-cdk/aws-batch-alpha/lib/ecs-container-definition.ts +++ b/packages/@aws-cdk/aws-batch-alpha/lib/ecs-container-definition.ts @@ -342,13 +342,14 @@ export interface IEcsContainerDefinition extends IConstruct { readonly readonlyRootFilesystem?: boolean; /** - * The secrets for the container. Can be referenced in your job definition. + * A map from environment variable names to the secrets for the container. Allows your job definitions + * to reference the secret by the environment variable name defined in this property. * * @see https://docs.aws.amazon.com/batch/latest/userguide/specifying-sensitive-data.html * * @default - no secrets */ - readonly secrets?: secretsmanager.ISecret[]; + readonly secrets?: { [envVarName: string]: secretsmanager.ISecret }; /** * The user name to use inside the container @@ -458,13 +459,14 @@ export interface EcsContainerDefinitionProps { readonly readonlyRootFilesystem?: boolean; /** - * The secrets for the container. Can be referenced in your job definition. + * A map from environment variable names to the secrets for the container. Allows your job definitions + * to reference the secret by the environment variable name defined in this property. * * @see https://docs.aws.amazon.com/batch/latest/userguide/specifying-sensitive-data.html * * @default - no secrets */ - readonly secrets?: secretsmanager.ISecret[]; + readonly secrets?: { [envVarName: string]: secretsmanager.ISecret }; /** * The user name to use inside the container @@ -495,7 +497,7 @@ abstract class EcsContainerDefinitionBase extends Construct implements IEcsConta public readonly linuxParameters?: LinuxParameters; public readonly logDriverConfig?: ecs.LogDriverConfig; public readonly readonlyRootFilesystem?: boolean; - public readonly secrets?: secretsmanager.ISecret[]; + public readonly secrets?: { [envVarName: string]: secretsmanager.ISecret }; public readonly user?: string; public readonly volumes: EcsVolume[]; @@ -553,12 +555,12 @@ abstract class EcsContainerDefinitionBase extends Construct implements IEcsConta logConfiguration: this.logDriverConfig, readonlyRootFilesystem: this.readonlyRootFilesystem, resourceRequirements: this._renderResourceRequirements(), - secrets: this.secrets?.map((secret) => { + secrets: this.secrets ? Object.entries(this.secrets).map(([name, secret]) => { return { - name: secret.secretName, + name, valueFrom: secret.secretArn, }; - }), + }) : undefined, mountPoints: Lazy.any({ produce: () => { if (this.volumes.length === 0) { diff --git a/packages/@aws-cdk/aws-batch-alpha/lib/eks-container-definition.ts b/packages/@aws-cdk/aws-batch-alpha/lib/eks-container-definition.ts index 446e85d416f3f..63b47a97b1951 100644 --- a/packages/@aws-cdk/aws-batch-alpha/lib/eks-container-definition.ts +++ b/packages/@aws-cdk/aws-batch-alpha/lib/eks-container-definition.ts @@ -647,9 +647,9 @@ export interface EksVolumeOptions { readonly name: string; /** - * The path on the container where the container is mounted. + * The path on the container where the volume is mounted. * - * @default - the container is not mounted + * @default - the volume is not mounted */ readonly mountPath?: string; @@ -902,7 +902,7 @@ export class SecretPathVolume extends EksVolume { constructor(options: SecretPathVolumeOptions) { super(options); this.secretName = options.secretName; - this.optional = options.optional; + this.optional = options.optional ?? true; } } diff --git a/packages/@aws-cdk/aws-batch-alpha/lib/eks-job-definition.ts b/packages/@aws-cdk/aws-batch-alpha/lib/eks-job-definition.ts index f5a58b482bf9c..3d84252dd52e0 100644 --- a/packages/@aws-cdk/aws-batch-alpha/lib/eks-job-definition.ts +++ b/packages/@aws-cdk/aws-batch-alpha/lib/eks-job-definition.ts @@ -192,14 +192,13 @@ export class EksJobDefinition extends JobDefinitionBase implements IEksJobDefini }; } if (SecretPathVolume.isSecretPathVolume(volume)) { - /*return { + return { name: volume.name, secret: { optional: volume.optional, secretName: volume.secretName, }, }; - */ } throw new Error('unknown volume type'); diff --git a/packages/@aws-cdk/aws-batch-alpha/test/ecs-container-definition.test.ts b/packages/@aws-cdk/aws-batch-alpha/test/ecs-container-definition.test.ts index c2eaa8705225a..9665a124136bf 100644 --- a/packages/@aws-cdk/aws-batch-alpha/test/ecs-container-definition.test.ts +++ b/packages/@aws-cdk/aws-batch-alpha/test/ecs-container-definition.test.ts @@ -255,9 +255,9 @@ describe.each([EcsEc2ContainerDefinition, EcsFargateContainerDefinition])('%p', new EcsJobDefinition(stack, 'ECSJobDefn', { container: new ContainerDefinition(stack, 'EcsContainer', { ...defaultContainerProps, - secrets: [ - new Secret(stack, 'testSecret'), - ], + secrets: { + envName: new Secret(stack, 'testSecret'), + }, }), }); @@ -268,59 +268,7 @@ describe.each([EcsEc2ContainerDefinition, EcsFargateContainerDefinition])('%p', ...pascalCaseExpectedProps.ContainerProperties, Secrets: [ { - Name: { - 'Fn::Join': [ - '-', - [ - { - 'Fn::Select': [ - 0, - { - 'Fn::Split': [ - '-', - { - 'Fn::Select': [ - 6, - { - 'Fn::Split': [ - ':', - { - Ref: 'testSecretB96AD12C', - }, - ], - }, - ], - }, - ], - }, - ], - }, - { - 'Fn::Select': [ - 1, - { - 'Fn::Split': [ - '-', - { - 'Fn::Select': [ - 6, - { - 'Fn::Split': [ - ':', - { - Ref: 'testSecretB96AD12C', - }, - ], - }, - ], - }, - ], - }, - ], - }, - ], - ], - }, + Name: 'envName', ValueFrom: { Ref: 'testSecretB96AD12C' }, }, ], diff --git a/packages/@aws-cdk/aws-batch-alpha/test/eks-container-definition.test.ts b/packages/@aws-cdk/aws-batch-alpha/test/eks-container-definition.test.ts index aad8c169664ad..6cb61084a0966 100644 --- a/packages/@aws-cdk/aws-batch-alpha/test/eks-container-definition.test.ts +++ b/packages/@aws-cdk/aws-batch-alpha/test/eks-container-definition.test.ts @@ -33,7 +33,7 @@ describe('eks container', () => { test('eks container defaults', () => { // WHEN - new EksJobDefinition(stack, 'ECSJobDefn', { + new EksJobDefinition(stack, 'EksJobDefn', { container: new EksContainerDefinition(stack, 'EcsEc2Container', { ...defaultContainerProps, }), @@ -47,7 +47,7 @@ describe('eks container', () => { test('respects args', () => { // WHEN - new EksJobDefinition(stack, 'ECSJobDefn', { + new EksJobDefinition(stack, 'EksJobDefn', { container: new EksContainerDefinition(stack, 'EcsEc2Container', { ...defaultContainerProps, args: ['arg1', 'arg2'], @@ -71,7 +71,7 @@ describe('eks container', () => { test('respects command', () => { // WHEN - new EksJobDefinition(stack, 'ECSJobDefn', { + new EksJobDefinition(stack, 'EksJobDefn', { container: new EksContainerDefinition(stack, 'EcsEc2Container', { ...defaultContainerProps, command: ['echo', 'bar'], @@ -95,7 +95,7 @@ describe('eks container', () => { test('respects cpuLimit', () => { // WHEN - new EksJobDefinition(stack, 'ECSJobDefn', { + new EksJobDefinition(stack, 'EksJobDefn', { container: new EksContainerDefinition(stack, 'EcsEc2Container', { ...defaultContainerProps, cpuLimit: 256, @@ -123,7 +123,7 @@ describe('eks container', () => { test('respects cpuReservation', () => { // WHEN - new EksJobDefinition(stack, 'ECSJobDefn', { + new EksJobDefinition(stack, 'EksJobDefn', { container: new EksContainerDefinition(stack, 'EcsEc2Container', { ...defaultContainerProps, cpuReservation: 256, @@ -151,7 +151,7 @@ describe('eks container', () => { test('respects memoryLimitMiB', () => { // WHEN - new EksJobDefinition(stack, 'ECSJobDefn', { + new EksJobDefinition(stack, 'EksJobDefn', { container: new EksContainerDefinition(stack, 'EcsEc2Container', { ...defaultContainerProps, memoryLimit: Size.mebibytes(2048), @@ -179,7 +179,7 @@ describe('eks container', () => { test('respects memoryReservation', () => { // WHEN - new EksJobDefinition(stack, 'ECSJobDefn', { + new EksJobDefinition(stack, 'EksJobDefn', { container: new EksContainerDefinition(stack, 'EcsEc2Container', { ...defaultContainerProps, memoryReservation: Size.mebibytes(2048), @@ -207,7 +207,7 @@ describe('eks container', () => { test('respects gpuLimit', () => { // WHEN - new EksJobDefinition(stack, 'ECSJobDefn', { + new EksJobDefinition(stack, 'EksJobDefn', { container: new EksContainerDefinition(stack, 'EcsEc2Container', { ...defaultContainerProps, gpuLimit: 20, @@ -235,7 +235,7 @@ describe('eks container', () => { test('respects gpuReservation', () => { // WHEN - new EksJobDefinition(stack, 'ECSJobDefn', { + new EksJobDefinition(stack, 'EksJobDefn', { container: new EksContainerDefinition(stack, 'EcsEc2Container', { ...defaultContainerProps, gpuReservation: 20, @@ -263,7 +263,7 @@ describe('eks container', () => { test('respects resource requests and limits', () => { // WHEN - new EksJobDefinition(stack, 'ECSJobDefn', { + new EksJobDefinition(stack, 'EksJobDefn', { container: new EksContainerDefinition(stack, 'EcsEc2Container', { ...defaultContainerProps, cpuLimit: 256, @@ -303,7 +303,7 @@ describe('eks container', () => { test('respects env', () => { // WHEN - new EksJobDefinition(stack, 'ECSJobDefn', { + new EksJobDefinition(stack, 'EksJobDefn', { container: new EksContainerDefinition(stack, 'EcsEc2Container', { ...defaultContainerProps, env: { @@ -339,7 +339,7 @@ describe('eks container', () => { test('respects imagePullPolicy', () => { // WHEN - new EksJobDefinition(stack, 'ECSJobDefn', { + new EksJobDefinition(stack, 'EksJobDefn', { container: new EksContainerDefinition(stack, 'EcsEc2Container', { ...defaultContainerProps, imagePullPolicy: ImagePullPolicy.NEVER, @@ -363,7 +363,7 @@ describe('eks container', () => { test('respects name', () => { // WHEN - new EksJobDefinition(stack, 'ECSJobDefn', { + new EksJobDefinition(stack, 'EksJobDefn', { container: new EksContainerDefinition(stack, 'EcsEc2Container', { ...defaultContainerProps, name: 'myContainerName', @@ -387,7 +387,7 @@ describe('eks container', () => { test('respects privileged', () => { // WHEN - new EksJobDefinition(stack, 'ECSJobDefn', { + new EksJobDefinition(stack, 'EksJobDefn', { container: new EksContainerDefinition(stack, 'EcsEc2Container', { ...defaultContainerProps, privileged: true, @@ -413,7 +413,7 @@ describe('eks container', () => { test('respects readonlyFileSystem', () => { // WHEN - new EksJobDefinition(stack, 'ECSJobDefn', { + new EksJobDefinition(stack, 'EksJobDefn', { container: new EksContainerDefinition(stack, 'EcsEc2Container', { ...defaultContainerProps, readonlyRootFilesystem: true, @@ -439,7 +439,7 @@ describe('eks container', () => { test('respects runAsGroup', () => { // WHEN - new EksJobDefinition(stack, 'ECSJobDefn', { + new EksJobDefinition(stack, 'EksJobDefn', { container: new EksContainerDefinition(stack, 'EcsEc2Container', { ...defaultContainerProps, runAsGroup: 1, @@ -465,7 +465,7 @@ describe('eks container', () => { test('respects runAsRoot', () => { // WHEN - new EksJobDefinition(stack, 'ECSJobDefn', { + new EksJobDefinition(stack, 'EksJobDefEksJobDefn', { container: new EksContainerDefinition(stack, 'EcsEc2Container', { ...defaultContainerProps, runAsRoot: true, @@ -491,7 +491,7 @@ describe('eks container', () => { test('respects runAsUser', () => { // WHEN - new EksJobDefinition(stack, 'ECSJobDefn', { + new EksJobDefinition(stack, 'EksJobDefn', { container: new EksContainerDefinition(stack, 'EcsEc2Container', { ...defaultContainerProps, runAsUser: 90, @@ -517,7 +517,7 @@ describe('eks container', () => { test('respects emptyDir volumes', () => { // WHEN - new EksJobDefinition(stack, 'ECSJobDefn', { + new EksJobDefinition(stack, 'EksJobDefn', { container: new EksContainerDefinition(stack, 'EcsEc2Container', { ...defaultContainerProps, volumes: [ @@ -560,7 +560,7 @@ describe('eks container', () => { test('respects hostPath volumes', () => { // WHEN - new EksJobDefinition(stack, 'ECSJobDefn', { + new EksJobDefinition(stack, 'EksJobDefn', { container: new EksContainerDefinition(stack, 'EcsEc2Container', { ...defaultContainerProps, volumes: [EksVolume.hostPath({ @@ -597,9 +597,48 @@ describe('eks container', () => { }); }); + test('respects secret volumes, and ensures optional defaults to true', () => { + // WHEN + new EksJobDefinition(stack, 'EksJobDefn', { + container: new EksContainerDefinition(stack, 'EcsEc2Container', { + ...defaultContainerProps, + volumes: [EksVolume.secret({ + name: 'secretVolumeName', + secretName: 'myKubeSecret', + mountPath: '/mount/path', + readonly: true, + })], + }), + }); + + // THEN + Template.fromStack(stack).hasResourceProperties('AWS::Batch::JobDefinition', { + ...pascalCaseExpectedProps, + EksProperties: { + PodProperties: { + ...pascalCaseExpectedProps.EksProperties.PodProperties, + Containers: [{ + ...pascalCaseExpectedProps.EksProperties.PodProperties.Containers[0], + VolumeMounts: [{ + MountPath: '/mount/path', + ReadOnly: true, + }], + }], + Volumes: [{ + Name: 'secretVolumeName', + Secret: { + SecretName: 'myKubeSecret', + Optional: true, + }, + }], + }, + }, + }); + }); + test('respects addVolume() with emptyDir volume', () => { // GIVEN - const jobDefn = new EksJobDefinition(stack, 'ECSJobDefn', { + const jobDefn = new EksJobDefinition(stack, 'EksJobDefn', { container: new EksContainerDefinition(stack, 'EcsEc2Container', { ...defaultContainerProps, }), @@ -642,7 +681,7 @@ describe('eks container', () => { test('respects addVolume() with hostPath volume', () => { // GIVEN - const jobDefn = new EksJobDefinition(stack, 'ECSJobDefn', { + const jobDefn = new EksJobDefinition(stack, 'EksJobDefn', { container: new EksContainerDefinition(stack, 'EcsEc2Container', { ...defaultContainerProps, }), @@ -680,4 +719,47 @@ describe('eks container', () => { }, }); }); + + test('respects addVolume() with secret volume (optional: false)', () => { + // GIVEN + const jobDefn = new EksJobDefinition(stack, 'EKSJobDefn', { + container: new EksContainerDefinition(stack, 'EcsEc2Container', { + ...defaultContainerProps, + }), + }); + + // WHEN + jobDefn.container.addVolume(EksVolume.secret({ + name: 'secretVolumeName', + secretName: 'secretName', + optional: false, + mountPath: '/mount/path', + readonly: true, + })); + + // THEN + Template.fromStack(stack).hasResourceProperties('AWS::Batch::JobDefinition', { + ...pascalCaseExpectedProps, + EksProperties: { + PodProperties: { + ...pascalCaseExpectedProps.EksProperties.PodProperties, + Containers: [{ + ...pascalCaseExpectedProps.EksProperties.PodProperties.Containers[0], + VolumeMounts: [{ + MountPath: '/mount/path', + Name: 'secretVolumeName', + ReadOnly: true, + }], + }], + Volumes: [{ + Name: 'secretVolumeName', + Secret: { + SecretName: 'secretName', + Optional: false, + }, + }], + }, + }, + }); + }); }); diff --git a/packages/@aws-cdk/aws-batch-alpha/test/integ.ecs-job-definition.js.snapshot/BatchEcsJobDefinitionTestDefaultTestDeployAssertE5BAAC9B.assets.json b/packages/@aws-cdk/aws-batch-alpha/test/integ.ecs-job-definition.js.snapshot/BatchEcsJobDefinitionTestDefaultTestDeployAssertE5BAAC9B.assets.json index 337b93a040095..e4db2badc242c 100644 --- a/packages/@aws-cdk/aws-batch-alpha/test/integ.ecs-job-definition.js.snapshot/BatchEcsJobDefinitionTestDefaultTestDeployAssertE5BAAC9B.assets.json +++ b/packages/@aws-cdk/aws-batch-alpha/test/integ.ecs-job-definition.js.snapshot/BatchEcsJobDefinitionTestDefaultTestDeployAssertE5BAAC9B.assets.json @@ -1,5 +1,5 @@ { - "version": "31.0.0", + "version": "32.0.0", "files": { "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { "source": { diff --git a/packages/@aws-cdk/aws-batch-alpha/test/integ.ecs-job-definition.js.snapshot/cdk.out b/packages/@aws-cdk/aws-batch-alpha/test/integ.ecs-job-definition.js.snapshot/cdk.out index 7925065efbcc4..f0b901e7c06e5 100644 --- a/packages/@aws-cdk/aws-batch-alpha/test/integ.ecs-job-definition.js.snapshot/cdk.out +++ b/packages/@aws-cdk/aws-batch-alpha/test/integ.ecs-job-definition.js.snapshot/cdk.out @@ -1 +1 @@ -{"version":"31.0.0"} \ No newline at end of file +{"version":"32.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-batch-alpha/test/integ.ecs-job-definition.js.snapshot/integ.json b/packages/@aws-cdk/aws-batch-alpha/test/integ.ecs-job-definition.js.snapshot/integ.json index 65cdb342d321b..6039a8d046450 100644 --- a/packages/@aws-cdk/aws-batch-alpha/test/integ.ecs-job-definition.js.snapshot/integ.json +++ b/packages/@aws-cdk/aws-batch-alpha/test/integ.ecs-job-definition.js.snapshot/integ.json @@ -1,5 +1,5 @@ { - "version": "31.0.0", + "version": "32.0.0", "testCases": { "BatchEcsJobDefinitionTest/DefaultTest": { "stacks": [ diff --git a/packages/@aws-cdk/aws-batch-alpha/test/integ.ecs-job-definition.js.snapshot/manifest.json b/packages/@aws-cdk/aws-batch-alpha/test/integ.ecs-job-definition.js.snapshot/manifest.json index 7647ac0d6cf43..765c5357a348f 100644 --- a/packages/@aws-cdk/aws-batch-alpha/test/integ.ecs-job-definition.js.snapshot/manifest.json +++ b/packages/@aws-cdk/aws-batch-alpha/test/integ.ecs-job-definition.js.snapshot/manifest.json @@ -1,5 +1,5 @@ { - "version": "31.0.0", + "version": "32.0.0", "artifacts": { "stack.assets": { "type": "cdk:asset-manifest", @@ -17,7 +17,7 @@ "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/7eabaa659955f076359ed72f88d929cfe7651a904b6038ae0f3b3215ab36ac6c.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/dbfcc646c8225dd32d69798b87a8a94086dd89a2b3137bdf4e0ec96d79cdd4cb.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ @@ -195,6 +195,12 @@ "data": "myFileSystemEfsMountTarget2E187D733" } ], + "/stack/mySecret/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "mySecretE4D0A59C" + } + ], "/stack/myContainer/ExecutionRole/Resource": [ { "type": "aws:cdk:logicalId", diff --git a/packages/@aws-cdk/aws-batch-alpha/test/integ.ecs-job-definition.js.snapshot/stack.assets.json b/packages/@aws-cdk/aws-batch-alpha/test/integ.ecs-job-definition.js.snapshot/stack.assets.json index a7e4620dbd902..d33d36502bf5f 100644 --- a/packages/@aws-cdk/aws-batch-alpha/test/integ.ecs-job-definition.js.snapshot/stack.assets.json +++ b/packages/@aws-cdk/aws-batch-alpha/test/integ.ecs-job-definition.js.snapshot/stack.assets.json @@ -1,7 +1,7 @@ { - "version": "31.0.0", + "version": "32.0.0", "files": { - "7eabaa659955f076359ed72f88d929cfe7651a904b6038ae0f3b3215ab36ac6c": { + "dbfcc646c8225dd32d69798b87a8a94086dd89a2b3137bdf4e0ec96d79cdd4cb": { "source": { "path": "stack.template.json", "packaging": "file" @@ -9,7 +9,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "7eabaa659955f076359ed72f88d929cfe7651a904b6038ae0f3b3215ab36ac6c.json", + "objectKey": "dbfcc646c8225dd32d69798b87a8a94086dd89a2b3137bdf4e0ec96d79cdd4cb.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/packages/@aws-cdk/aws-batch-alpha/test/integ.ecs-job-definition.js.snapshot/stack.template.json b/packages/@aws-cdk/aws-batch-alpha/test/integ.ecs-job-definition.js.snapshot/stack.template.json index 5bff5ac49c8a5..00e64916fd22c 100644 --- a/packages/@aws-cdk/aws-batch-alpha/test/integ.ecs-job-definition.js.snapshot/stack.template.json +++ b/packages/@aws-cdk/aws-batch-alpha/test/integ.ecs-job-definition.js.snapshot/stack.template.json @@ -465,6 +465,14 @@ } } }, + "mySecretE4D0A59C": { + "Type": "AWS::SecretsManager::Secret", + "Properties": { + "GenerateSecretString": {} + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, "myContainerExecutionRoleEBACF86C": { "Type": "AWS::IAM::Role", "Properties": { @@ -525,6 +533,14 @@ "Value": "12" } ], + "Secrets": [ + { + "Name": "MY_SECRET_ENV_VAR", + "ValueFrom": { + "Ref": "mySecretE4D0A59C" + } + } + ], "Ulimits": [ { "HardLimit": 50, diff --git a/packages/@aws-cdk/aws-batch-alpha/test/integ.ecs-job-definition.js.snapshot/tree.json b/packages/@aws-cdk/aws-batch-alpha/test/integ.ecs-job-definition.js.snapshot/tree.json index e536fd05d3c4a..041b6d0faa434 100644 --- a/packages/@aws-cdk/aws-batch-alpha/test/integ.ecs-job-definition.js.snapshot/tree.json +++ b/packages/@aws-cdk/aws-batch-alpha/test/integ.ecs-job-definition.js.snapshot/tree.json @@ -775,6 +775,30 @@ "version": "0.0.0" } }, + "mySecret": { + "id": "mySecret", + "path": "stack/mySecret", + "children": { + "Resource": { + "id": "Resource", + "path": "stack/mySecret/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::SecretsManager::Secret", + "aws:cdk:cloudformation:props": { + "generateSecretString": {} + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_secretsmanager.CfnSecret", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_secretsmanager.Secret", + "version": "0.0.0" + } + }, "myContainer": { "id": "myContainer", "path": "stack/myContainer", @@ -824,8 +848,8 @@ } }, "constructInfo": { - "fqn": "@aws-cdk/aws-batch-alpha.EcsEc2ContainerDefinition", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.52" } }, "ECSJobDefn": { @@ -868,6 +892,14 @@ "value": "12" } ], + "secrets": [ + { + "name": "MY_SECRET_ENV_VAR", + "valueFrom": { + "Ref": "mySecretE4D0A59C" + } + } + ], "mountPoints": [ { "containerPath": "ahhh", @@ -916,7 +948,7 @@ } }, "constructInfo": { - "fqn": "@aws-cdk/aws-batch-alpha.EcsJobDefinition", + "fqn": "aws-cdk-lib.Resource", "version": "0.0.0" } }, @@ -969,8 +1001,8 @@ } }, "constructInfo": { - "fqn": "@aws-cdk/aws-batch-alpha.EcsFargateContainerDefinition", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.52" } }, "ECSFargateJobDefn": { @@ -1054,7 +1086,7 @@ } }, "constructInfo": { - "fqn": "@aws-cdk/aws-batch-alpha.EcsJobDefinition", + "fqn": "aws-cdk-lib.Resource", "version": "0.0.0" } }, @@ -1066,22 +1098,22 @@ "id": "Staging", "path": "stack/dockerImageAsset/Staging", "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.1.270" + "fqn": "aws-cdk-lib.AssetStaging", + "version": "0.0.0" } }, "Repository": { "id": "Repository", "path": "stack/dockerImageAsset/Repository", "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.1.270" + "fqn": "aws-cdk-lib.aws_ecr.RepositoryBase", + "version": "0.0.0" } } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.1.270" + "fqn": "aws-cdk-lib.aws_ecr_assets.DockerImageAsset", + "version": "0.0.0" } }, "EcsDockerContainer": { @@ -1096,8 +1128,8 @@ "id": "ImportExecutionRole", "path": "stack/EcsDockerContainer/ExecutionRole/ImportExecutionRole", "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.1.270" + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" } }, "Resource": { @@ -1121,8 +1153,8 @@ } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.1.270" + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "0.0.0" } }, "DefaultPolicy": { @@ -1185,26 +1217,26 @@ } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.1.270" + "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", + "version": "0.0.0" } } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.1.270" + "fqn": "aws-cdk-lib.aws_iam.Policy", + "version": "0.0.0" } } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.1.270" + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "0.0.0" } } }, "constructInfo": { "fqn": "constructs.Construct", - "version": "10.1.270" + "version": "10.2.52" } }, "ECSDockerJobDefn": { @@ -1249,14 +1281,14 @@ } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.1.270" + "fqn": "aws-cdk-lib.aws_batch.CfnJobDefinition", + "version": "0.0.0" } } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.1.270" + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" } }, "BootstrapVersion": { @@ -1294,7 +1326,7 @@ "path": "BatchEcsJobDefinitionTest/DefaultTest/Default", "constructInfo": { "fqn": "constructs.Construct", - "version": "10.2.9" + "version": "10.2.52" } }, "DeployAssert": { @@ -1340,7 +1372,7 @@ "path": "Tree", "constructInfo": { "fqn": "constructs.Construct", - "version": "10.2.9" + "version": "10.2.52" } } }, diff --git a/packages/@aws-cdk/aws-batch-alpha/test/integ.ecs-job-definition.ts b/packages/@aws-cdk/aws-batch-alpha/test/integ.ecs-job-definition.ts index 2c18122d740af..7dcf064a36cf8 100644 --- a/packages/@aws-cdk/aws-batch-alpha/test/integ.ecs-job-definition.ts +++ b/packages/@aws-cdk/aws-batch-alpha/test/integ.ecs-job-definition.ts @@ -7,6 +7,7 @@ import * as integ from '@aws-cdk/integ-tests-alpha'; import * as batch from '../lib'; import { DockerImageAsset } from 'aws-cdk-lib/aws-ecr-assets'; import * as path from 'path'; +import { Secret } from 'aws-cdk-lib/aws-secretsmanager'; const app = new App(); const stack = new Stack(app, 'stack'); @@ -40,6 +41,9 @@ new batch.EcsJobDefinition(stack, 'ECSJobDefn', { name: batch.UlimitName.CORE, softLimit: 10, }], + secrets: { + MY_SECRET_ENV_VAR: new Secret(stack, 'mySecret'), + }, }), }); diff --git a/packages/@aws-cdk/aws-batch-alpha/test/integ.eks-job-definition.js.snapshot/BatchEcsJobDefinitionTestDefaultTestDeployAssertE5BAAC9B.assets.json b/packages/@aws-cdk/aws-batch-alpha/test/integ.eks-job-definition.js.snapshot/BatchEcsJobDefinitionTestDefaultTestDeployAssertE5BAAC9B.assets.json index 0f5545b944f8a..e4db2badc242c 100644 --- a/packages/@aws-cdk/aws-batch-alpha/test/integ.eks-job-definition.js.snapshot/BatchEcsJobDefinitionTestDefaultTestDeployAssertE5BAAC9B.assets.json +++ b/packages/@aws-cdk/aws-batch-alpha/test/integ.eks-job-definition.js.snapshot/BatchEcsJobDefinitionTestDefaultTestDeployAssertE5BAAC9B.assets.json @@ -1,5 +1,5 @@ { - "version": "30.1.0", + "version": "32.0.0", "files": { "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { "source": { diff --git a/packages/@aws-cdk/aws-batch-alpha/test/integ.eks-job-definition.js.snapshot/cdk.out b/packages/@aws-cdk/aws-batch-alpha/test/integ.eks-job-definition.js.snapshot/cdk.out index b72fef144f05c..f0b901e7c06e5 100644 --- a/packages/@aws-cdk/aws-batch-alpha/test/integ.eks-job-definition.js.snapshot/cdk.out +++ b/packages/@aws-cdk/aws-batch-alpha/test/integ.eks-job-definition.js.snapshot/cdk.out @@ -1 +1 @@ -{"version":"30.1.0"} \ No newline at end of file +{"version":"32.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-batch-alpha/test/integ.eks-job-definition.js.snapshot/integ.json b/packages/@aws-cdk/aws-batch-alpha/test/integ.eks-job-definition.js.snapshot/integ.json index 38e1bef264143..6039a8d046450 100644 --- a/packages/@aws-cdk/aws-batch-alpha/test/integ.eks-job-definition.js.snapshot/integ.json +++ b/packages/@aws-cdk/aws-batch-alpha/test/integ.eks-job-definition.js.snapshot/integ.json @@ -1,5 +1,5 @@ { - "version": "30.1.0", + "version": "32.0.0", "testCases": { "BatchEcsJobDefinitionTest/DefaultTest": { "stacks": [ diff --git a/packages/@aws-cdk/aws-batch-alpha/test/integ.eks-job-definition.js.snapshot/manifest.json b/packages/@aws-cdk/aws-batch-alpha/test/integ.eks-job-definition.js.snapshot/manifest.json index 68dbc42b8fe7b..3d1e44bd73cdf 100644 --- a/packages/@aws-cdk/aws-batch-alpha/test/integ.eks-job-definition.js.snapshot/manifest.json +++ b/packages/@aws-cdk/aws-batch-alpha/test/integ.eks-job-definition.js.snapshot/manifest.json @@ -1,5 +1,5 @@ { - "version": "30.1.0", + "version": "32.0.0", "artifacts": { "stack.assets": { "type": "cdk:asset-manifest", @@ -17,7 +17,7 @@ "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/213e7ea5ab99caf36ccb103cecea697bd723a4413a42b71cd94069791d3f146d.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/a8db080420a6ed60209e00bb93fe2579b81f60509f47e3a9723b2ba4b0c50b01.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ diff --git a/packages/@aws-cdk/aws-batch-alpha/test/integ.eks-job-definition.js.snapshot/stack.assets.json b/packages/@aws-cdk/aws-batch-alpha/test/integ.eks-job-definition.js.snapshot/stack.assets.json index 886ca8843dae2..1776ee6cd6e00 100644 --- a/packages/@aws-cdk/aws-batch-alpha/test/integ.eks-job-definition.js.snapshot/stack.assets.json +++ b/packages/@aws-cdk/aws-batch-alpha/test/integ.eks-job-definition.js.snapshot/stack.assets.json @@ -1,7 +1,7 @@ { - "version": "30.1.0", + "version": "32.0.0", "files": { - "213e7ea5ab99caf36ccb103cecea697bd723a4413a42b71cd94069791d3f146d": { + "a8db080420a6ed60209e00bb93fe2579b81f60509f47e3a9723b2ba4b0c50b01": { "source": { "path": "stack.template.json", "packaging": "file" @@ -9,7 +9,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "213e7ea5ab99caf36ccb103cecea697bd723a4413a42b71cd94069791d3f146d.json", + "objectKey": "a8db080420a6ed60209e00bb93fe2579b81f60509f47e3a9723b2ba4b0c50b01.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/packages/@aws-cdk/aws-batch-alpha/test/integ.eks-job-definition.js.snapshot/stack.template.json b/packages/@aws-cdk/aws-batch-alpha/test/integ.eks-job-definition.js.snapshot/stack.template.json index 1259f7bb6fb04..a5d5eca078cfd 100644 --- a/packages/@aws-cdk/aws-batch-alpha/test/integ.eks-job-definition.js.snapshot/stack.template.json +++ b/packages/@aws-cdk/aws-batch-alpha/test/integ.eks-job-definition.js.snapshot/stack.template.json @@ -48,6 +48,14 @@ "Name": "woah", "ReadOnly": true }, + { + "MountPath": "/secret/path", + "Name": "secretVolumeName" + }, + { + "MountPath": "/secret/path2", + "Name": "defaultOptionalSettingSecretVolume" + }, { "MountPath": "/fooasdfadfs", "Name": "hostPath" @@ -63,6 +71,20 @@ }, "Name": "woah" }, + { + "Name": "secretVolumeName", + "Secret": { + "Optional": false, + "SecretName": "secretName" + } + }, + { + "Name": "defaultOptionalSettingSecretVolume", + "Secret": { + "Optional": true, + "SecretName": "NewSecretName" + } + }, { "HostPath": { "Path": "/foo/bar" diff --git a/packages/@aws-cdk/aws-batch-alpha/test/integ.eks-job-definition.js.snapshot/tree.json b/packages/@aws-cdk/aws-batch-alpha/test/integ.eks-job-definition.js.snapshot/tree.json index e0399e670f2fe..fb73eb4052198 100644 --- a/packages/@aws-cdk/aws-batch-alpha/test/integ.eks-job-definition.js.snapshot/tree.json +++ b/packages/@aws-cdk/aws-batch-alpha/test/integ.eks-job-definition.js.snapshot/tree.json @@ -12,8 +12,8 @@ "id": "EksContainer", "path": "stack/EksContainer", "constructInfo": { - "fqn": "@aws-cdk/aws-batch.EksContainerDefinition", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.52" } }, "EksJobDefn": { @@ -71,6 +71,14 @@ "mountPath": "/mount/path", "readOnly": true }, + { + "name": "secretVolumeName", + "mountPath": "/secret/path" + }, + { + "name": "defaultOptionalSettingSecretVolume", + "mountPath": "/secret/path2" + }, { "name": "hostPath", "mountPath": "/fooasdfadfs" @@ -86,6 +94,20 @@ "sizeLimit": "2048Mi" } }, + { + "name": "secretVolumeName", + "secret": { + "optional": false, + "secretName": "secretName" + } + }, + { + "name": "defaultOptionalSettingSecretVolume", + "secret": { + "optional": true, + "secretName": "NewSecretName" + } + }, { "name": "hostPath", "hostPath": { @@ -100,13 +122,13 @@ } }, "constructInfo": { - "fqn": "@aws-cdk/aws-batch.CfnJobDefinition", + "fqn": "aws-cdk-lib.aws_batch.CfnJobDefinition", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-batch.EksJobDefinition", + "fqn": "aws-cdk-lib.Resource", "version": "0.0.0" } }, @@ -114,7 +136,7 @@ "id": "BootstrapVersion", "path": "stack/BootstrapVersion", "constructInfo": { - "fqn": "@aws-cdk/core.CfnParameter", + "fqn": "aws-cdk-lib.CfnParameter", "version": "0.0.0" } }, @@ -122,13 +144,13 @@ "id": "CheckBootstrapVersion", "path": "stack/CheckBootstrapVersion", "constructInfo": { - "fqn": "@aws-cdk/core.CfnRule", + "fqn": "aws-cdk-lib.CfnRule", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/core.Stack", + "fqn": "aws-cdk-lib.Stack", "version": "0.0.0" } }, @@ -145,7 +167,7 @@ "path": "BatchEcsJobDefinitionTest/DefaultTest/Default", "constructInfo": { "fqn": "constructs.Construct", - "version": "10.1.264" + "version": "10.2.52" } }, "DeployAssert": { @@ -156,7 +178,7 @@ "id": "BootstrapVersion", "path": "BatchEcsJobDefinitionTest/DefaultTest/DeployAssert/BootstrapVersion", "constructInfo": { - "fqn": "@aws-cdk/core.CfnParameter", + "fqn": "aws-cdk-lib.CfnParameter", "version": "0.0.0" } }, @@ -164,25 +186,25 @@ "id": "CheckBootstrapVersion", "path": "BatchEcsJobDefinitionTest/DefaultTest/DeployAssert/CheckBootstrapVersion", "constructInfo": { - "fqn": "@aws-cdk/core.CfnRule", + "fqn": "aws-cdk-lib.CfnRule", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/core.Stack", + "fqn": "aws-cdk-lib.Stack", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/integ-tests.IntegTestCase", + "fqn": "@aws-cdk/integ-tests-alpha.IntegTestCase", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/integ-tests.IntegTest", + "fqn": "@aws-cdk/integ-tests-alpha.IntegTest", "version": "0.0.0" } }, @@ -191,12 +213,12 @@ "path": "Tree", "constructInfo": { "fqn": "constructs.Construct", - "version": "10.1.264" + "version": "10.2.52" } } }, "constructInfo": { - "fqn": "@aws-cdk/core.App", + "fqn": "aws-cdk-lib.App", "version": "0.0.0" } } diff --git a/packages/@aws-cdk/aws-batch-alpha/test/integ.eks-job-definition.ts b/packages/@aws-cdk/aws-batch-alpha/test/integ.eks-job-definition.ts index 4c585b7d1e656..5b1138acce8e3 100644 --- a/packages/@aws-cdk/aws-batch-alpha/test/integ.eks-job-definition.ts +++ b/packages/@aws-cdk/aws-batch-alpha/test/integ.eks-job-definition.ts @@ -33,11 +33,17 @@ new batch.EksJobDefinition(stack, 'EksJobDefn', { readonly: true, sizeLimit: Size.mebibytes(2048), }), - /*batch.EksVolume.secret({ - name: 'foofoo', - secretName: 'foo', + batch.EksVolume.secret({ + name: 'secretVolumeName', + secretName: 'secretName', + mountPath: '/secret/path', + optional: false, + }), + batch.EksVolume.secret({ + name: 'defaultOptionalSettingSecretVolume', + secretName: 'NewSecretName', + mountPath: '/secret/path2', }), - */ batch.EksVolume.hostPath({ name: 'hostPath', hostPath: '/foo/bar', diff --git a/packages/@aws-cdk/aws-batch-alpha/test/job-definition-base.test.ts b/packages/@aws-cdk/aws-batch-alpha/test/job-definition-base.test.ts index 0662f8d5ab6ed..43334f08926f4 100644 --- a/packages/@aws-cdk/aws-batch-alpha/test/job-definition-base.test.ts +++ b/packages/@aws-cdk/aws-batch-alpha/test/job-definition-base.test.ts @@ -223,16 +223,4 @@ describe.each([batch.EcsJobDefinition, batch.EksJobDefinition, batch.MultiNodeJo }, }); }); - - /* - test('can be imported from name', () => { - // WHEN - const importedJob = JobDefinition.fromJobDefinitionName(stack, 'job-def-clone', 'job-def-name'); - - // THEN - expect(importedJob.jobDefinitionName).toEqual('job-def-name'); - expect(importedJob.jobDefinitionArn) - .toEqual(`arn:${Aws.PARTITION}:batch:${Aws.REGION}:${Aws.ACCOUNT_ID}:job-definition/job-def-name`); - }); - */ }); From 048d57985a526161e5def0ece255e964bdef96c1 Mon Sep 17 00:00:00 2001 From: AWS CDK Automation <43080478+aws-cdk-automation@users.noreply.github.com> Date: Thu, 29 Jun 2023 05:31:31 -0400 Subject: [PATCH 08/12] docs(cfnspec): update CloudFormation documentation (#26162) --- .../spec-source/cfn-docs/cfn-docs.json | 54 +++++++++---------- 1 file changed, 27 insertions(+), 27 deletions(-) diff --git a/packages/@aws-cdk/cfnspec/spec-source/cfn-docs/cfn-docs.json b/packages/@aws-cdk/cfnspec/spec-source/cfn-docs/cfn-docs.json index 0b85d92108d14..6477e6e44a456 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/cfn-docs/cfn-docs.json +++ b/packages/@aws-cdk/cfnspec/spec-source/cfn-docs/cfn-docs.json @@ -13774,16 +13774,16 @@ }, "description": "The `AWS::DataSync::LocationNFS` resource specifies a file system on a Network File System (NFS) server that can be read from or written to.", "properties": { - "MountOptions": "The NFS mount options that DataSync can use to mount your NFS share.", - "OnPremConfig": "Contains a list of Amazon Resource Names (ARNs) of agents that are used to connect to an NFS server.\n\nIf you are copying data to or from your AWS Snowcone device, see [NFS Server on AWS Snowcone](https://docs.aws.amazon.com/datasync/latest/userguide/create-nfs-location.html#nfs-on-snowcone) for more information.", - "ServerHostname": "The name of the NFS server. This value is the IP address or Domain Name Service (DNS) name of the NFS server. An agent that is installed on-premises uses this hostname to mount the NFS server in a network.\n\nIf you are copying data to or from your AWS Snowcone device, see [NFS Server on AWS Snowcone](https://docs.aws.amazon.com/datasync/latest/userguide/create-nfs-location.html#nfs-on-snowcone) for more information.\n\n> This name must either be DNS-compliant or must be an IP version 4 (IPv4) address.", - "Subdirectory": "The subdirectory in the NFS file system that is used to read data from the NFS source location or write data to the NFS destination. The NFS path should be a path that's exported by the NFS server, or a subdirectory of that path. The path should be such that it can be mounted by other NFS clients in your network.\n\nTo see all the paths exported by your NFS server, run \" `showmount -e nfs-server-name` \" from an NFS client that has access to your server. You can specify any directory that appears in the results, and any subdirectory of that directory. Ensure that the NFS export is accessible without Kerberos authentication.\n\nTo transfer all the data in the folder you specified, DataSync needs to have permissions to read all the data. To ensure this, either configure the NFS export with `no_root_squash,` or ensure that the permissions for all of the files that you want DataSync allow read access for all users. Doing either enables the agent to read the files. For the agent to access directories, you must additionally enable all execute access.\n\nIf you are copying data to or from your AWS Snowcone device, see [NFS Server on AWS Snowcone](https://docs.aws.amazon.com/datasync/latest/userguide/create-nfs-location.html#nfs-on-snowcone) for more information.\n\nFor information about NFS export configuration, see [18.7. The /etc/exports Configuration File](https://docs.aws.amazon.com/http://web.mit.edu/rhel-doc/5/RHEL-5-manual/Deployment_Guide-en-US/s1-nfs-server-config-exports.html) in the Red Hat Enterprise Linux documentation.", - "Tags": "The key-value pair that represents the tag that you want to add to the location. The value can be an empty string. We recommend using tags to name your resources." + "MountOptions": "Specifies the mount options that DataSync can use to mount your NFS share.", + "OnPremConfig": "Specifies the Amazon Resource Names (ARNs) of agents that DataSync uses to connect to your NFS file server.\n\nIf you are copying data to or from your AWS Snowcone device, see [NFS Server on AWS Snowcone](https://docs.aws.amazon.com/datasync/latest/userguide/create-nfs-location.html#nfs-on-snowcone) for more information.", + "ServerHostname": "Specifies the IP address or domain name of your NFS file server. An agent that is installed on-premises uses this hostname to mount the NFS server in a network.\n\nIf you are copying data to or from your AWS Snowcone device, see [NFS Server on AWS Snowcone](https://docs.aws.amazon.com/datasync/latest/userguide/create-nfs-location.html#nfs-on-snowcone) for more information.\n\n> You must specify be an IP version 4 address or Domain Name System (DNS)-compliant name.", + "Subdirectory": "Specifies the subdirectory in the NFS file server that DataSync transfers to or from. The NFS path should be a path that's exported by the NFS server, or a subdirectory of that path. The path should be such that it can be mounted by other NFS clients in your network.\n\nTo see all the paths exported by your NFS server, run \" `showmount -e nfs-server-name` \" from an NFS client that has access to your server. You can specify any directory that appears in the results, and any subdirectory of that directory. Ensure that the NFS export is accessible without Kerberos authentication.\n\nTo transfer all the data in the folder you specified, DataSync needs to have permissions to read all the data. To ensure this, either configure the NFS export with `no_root_squash,` or ensure that the permissions for all of the files that you want DataSync allow read access for all users. Doing either enables the agent to read the files. For the agent to access directories, you must additionally enable all execute access.\n\nIf you are copying data to or from your AWS Snowcone device, see [NFS Server on AWS Snowcone](https://docs.aws.amazon.com/datasync/latest/userguide/create-nfs-location.html#nfs-on-snowcone) for more information.", + "Tags": "Specifies labels that help you categorize, filter, and search for your AWS resources. We recommend creating at least a name tag for your location." } }, "AWS::DataSync::LocationNFS.MountOptions": { "attributes": {}, - "description": "The NFS mount options that DataSync can use to mount your NFS share.", + "description": "Specifies the mount options that DataSync can use to mount your NFS share.", "properties": { "Version": "Specifies the NFS version that you want DataSync to use when mounting your NFS share. If the server refuses to use the version specified, the task fails.\n\nYou can specify the following options:\n\n- `AUTOMATIC` (default): DataSync chooses NFS version 4.1.\n- `NFS3` : Stateless protocol version that allows for asynchronous writes on the server.\n- `NFSv4_0` : Stateful, firewall-friendly protocol version that supports delegations and pseudo file systems.\n- `NFSv4_1` : Stateful protocol version that supports sessions, directory delegations, and parallel data processing. NFS version 4.1 also includes all features available in version 4.0.\n\n> DataSync currently only supports NFS version 3 with Amazon FSx for NetApp ONTAP locations." } @@ -57199,14 +57199,14 @@ "AWS::RolesAnywhere::CRL": { "attributes": { "CrlId": "The unique primary identifier of the Crl", - "Ref": "`Ref` returns `CrlId` ." + "Ref": "The name of the CRL." }, - "description": "Imports the certificate revocation list (CRL). A CRL is a list of certificates that have been revoked by the issuing certificate Authority (CA). IAM Roles Anywhere validates against the CRL before issuing credentials.\n\n*Required permissions:* `rolesanywhere:ImportCrl` .", + "description": "Creates a Crl.", "properties": { - "CrlData": "The x509 v3 specified certificate revocation list (CRL).", - "Enabled": "Specifies whether the certificate revocation list (CRL) is enabled.", - "Name": "The name of the certificate revocation list (CRL).", - "Tags": "A list of tags to attach to the certificate revocation list (CRL).", + "CrlData": "x509 v3 Certificate Revocation List to revoke auth for corresponding certificates presented in CreateSession operations", + "Enabled": "The enabled status of the resource.", + "Name": "The customer specified name of the resource.", + "Tags": "A list of Tags.", "TrustAnchorArn": "The ARN of the TrustAnchor the certificate revocation list (CRL) will provide revocation for." } }, @@ -57214,18 +57214,18 @@ "attributes": { "ProfileArn": "The ARN of the profile.", "ProfileId": "The unique primary identifier of the Profile", - "Ref": "`Ref` returns `ProfileId` ." + "Ref": "The name of the Profile" }, - "description": "Creates a *profile* , a list of the roles that Roles Anywhere service is trusted to assume. You use profiles to intersect permissions with IAM managed policies.\n\n*Required permissions:* `rolesanywhere:CreateProfile` .", + "description": "Creates a Profile.", "properties": { - "DurationSeconds": "Sets the maximum number of seconds that vended temporary credentials through [CreateSession](https://docs.aws.amazon.com/rolesanywhere/latest/userguide/authentication-create-session.html) will be valid for, between 900 and 3600.", - "Enabled": "Indicates whether the profile is enabled.", - "ManagedPolicyArns": "A list of managed policy ARNs that apply to the vended session credentials.", - "Name": "The name of the profile.", - "RequireInstanceProperties": "Specifies whether instance properties are required in temporary credential requests with this profile.", - "RoleArns": "A list of IAM role ARNs. During `CreateSession` , if a matching role ARN is provided, the properties in this profile will be applied to the intersection session policy.", - "SessionPolicy": "A session policy that applies to the trust boundary of the vended session credentials.", - "Tags": "The tags to attach to the profile." + "DurationSeconds": "The number of seconds vended session credentials will be valid for", + "Enabled": "The enabled status of the resource.", + "ManagedPolicyArns": "A list of managed policy ARNs. Managed policies identified by this list will be applied to the vended session credentials.", + "Name": "The customer specified name of the resource.", + "RequireInstanceProperties": "Specifies whether instance properties are required in CreateSession requests with this profile.", + "RoleArns": "A list of IAM role ARNs that can be assumed when this profile is specified in a CreateSession request.", + "SessionPolicy": "A session policy that will applied to the trust boundary of the vended session credentials.", + "Tags": "A list of Tags." } }, "AWS::RolesAnywhere::TrustAnchor": { @@ -57234,7 +57234,7 @@ "TrustAnchorArn": "The ARN of the trust anchor.", "TrustAnchorId": "The unique identifier of the trust anchor." }, - "description": "Creates a trust anchor to establish trust between IAM Roles Anywhere and your certificate authority (CA). You can define a trust anchor as a reference to an AWS Private Certificate Authority ( AWS Private CA ) or by uploading a CA certificate. Your AWS workloads can authenticate with the trust anchor using certificates issued by the CA in exchange for temporary AWS credentials.\n\n*Required permissions:* `rolesanywhere:CreateTrustAnchor` .", + "description": "Creates a TrustAnchor.", "properties": { "Enabled": "Indicates whether the trust anchor is enabled.", "Name": "The name of the trust anchor.", @@ -57244,15 +57244,15 @@ }, "AWS::RolesAnywhere::TrustAnchor.Source": { "attributes": {}, - "description": "The trust anchor type and its related certificate data.", + "description": "Object representing the TrustAnchor type and its related certificate data.", "properties": { - "SourceData": "The data field of the trust anchor depending on its type.", - "SourceType": "The type of the TrustAnchor.\n\n> `AWS_ACM_PCA` is not an allowed value in your region." + "SourceData": "A union object representing the data field of the TrustAnchor depending on its type", + "SourceType": "The type of the TrustAnchor." } }, "AWS::RolesAnywhere::TrustAnchor.SourceData": { "attributes": {}, - "description": "The data field of the trust anchor depending on its type.", + "description": "A union object representing the data field of the TrustAnchor depending on its type", "properties": { "AcmPcaArn": "The root certificate of the AWS Private Certificate Authority specified by this ARN is used in trust validation for temporary credential requests. Included for trust anchors of type `AWS_ACM_PCA` .\n\n> This field is not supported in your region.", "X509CertificateData": "The PEM-encoded data for the certificate anchor. Included for trust anchors of type `CERTIFICATE_BUNDLE` ." From af913b3c5828d796d9e675c514611d0eac6dbb0a Mon Sep 17 00:00:00 2001 From: Sumu Pitchayan <35242245+sumupitchayan@users.noreply.github.com> Date: Thu, 29 Jun 2023 07:50:09 -0400 Subject: [PATCH 09/12] chore(region-info): register me-central-1 (#25571) Checks off some items from #24478 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- .../integ.instance-public.js.snapshot/cdk.out | 2 +- ...efaultTestDeployAssert5516EAF1.assets.json | 2 +- .../integ-ec2-instance.assets.json | 2 +- .../integ.json | 2 +- .../manifest.json | 7 +- .../tree.json | 4 +- .../manifest.json | 2 +- .../test-stack.assets.json | 4 +- .../test-stack.template.json | 3 + ...s-cdk-firehose-delivery-stream.assets.json | 4 +- ...cdk-firehose-delivery-stream.template.json | 3 + .../integ.delivery-stream.js.snapshot/cdk.out | 2 +- .../manifest.json | 2 +- ...-delivery-stream-source-stream.assets.json | 4 +- ...elivery-stream-source-stream.template.json | 3 + .../manifest.json | 2 +- ...ivery-stream-s3-all-properties.assets.json | 4 +- ...ery-stream-s3-all-properties.template.json | 3 + .../manifest.json | 2 +- packages/aws-cdk-lib/cx-api/FEATURE_FLAGS.md | 80 +++++++++++++++++++ .../region-info/build-tools/fact-tables.ts | 13 ++- .../__snapshots__/region-info.test.js.snap | 2 +- 22 files changed, 129 insertions(+), 23 deletions(-) diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.instance-public.js.snapshot/cdk.out b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.instance-public.js.snapshot/cdk.out index 7925065efbcc4..f0b901e7c06e5 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.instance-public.js.snapshot/cdk.out +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.instance-public.js.snapshot/cdk.out @@ -1 +1 @@ -{"version":"31.0.0"} \ No newline at end of file +{"version":"32.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.instance-public.js.snapshot/instancetestDefaultTestDeployAssert5516EAF1.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.instance-public.js.snapshot/instancetestDefaultTestDeployAssert5516EAF1.assets.json index 92c11858a9333..d1dae7710dbbb 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.instance-public.js.snapshot/instancetestDefaultTestDeployAssert5516EAF1.assets.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.instance-public.js.snapshot/instancetestDefaultTestDeployAssert5516EAF1.assets.json @@ -1,5 +1,5 @@ { - "version": "31.0.0", + "version": "32.0.0", "files": { "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { "source": { diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.instance-public.js.snapshot/integ-ec2-instance.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.instance-public.js.snapshot/integ-ec2-instance.assets.json index 24fa7fa28b059..d9dc293839126 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.instance-public.js.snapshot/integ-ec2-instance.assets.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.instance-public.js.snapshot/integ-ec2-instance.assets.json @@ -1,5 +1,5 @@ { - "version": "31.0.0", + "version": "32.0.0", "files": { "488d9cf540c6790fc09af871e06438e043f47d03101ef192131f1dafbbb434cb": { "source": { diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.instance-public.js.snapshot/integ.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.instance-public.js.snapshot/integ.json index f7b474f3d5a35..a1ec0058890fb 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.instance-public.js.snapshot/integ.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.instance-public.js.snapshot/integ.json @@ -1,5 +1,5 @@ { - "version": "31.0.0", + "version": "32.0.0", "testCases": { "instance-test/DefaultTest": { "stacks": [ diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.instance-public.js.snapshot/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.instance-public.js.snapshot/manifest.json index aa23896e254e6..55c2097297737 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.instance-public.js.snapshot/manifest.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.instance-public.js.snapshot/manifest.json @@ -1,5 +1,5 @@ { - "version": "31.0.0", + "version": "32.0.0", "artifacts": { "integ-ec2-instance.assets": { "type": "cdk:asset-manifest", @@ -126,7 +126,10 @@ "/integ-ec2-instance/Instance/Resource": [ { "type": "aws:cdk:logicalId", - "data": "InstanceC1063A87" + "data": "InstanceC1063A87", + "trace": [ + "!!DESTRUCTIVE_CHANGES: WILL_REPLACE" + ] } ], "/integ-ec2-instance/SsmParameterValue:--aws--service--ami-amazon-linux-latest--amzn2-ami-hvm-x86_64-gp2:C96584B6-F00A-464E-AD19-53AFF4B05118.Parameter": [ diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.instance-public.js.snapshot/tree.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.instance-public.js.snapshot/tree.json index 87142e2d428c9..81d4408da102e 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.instance-public.js.snapshot/tree.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.instance-public.js.snapshot/tree.json @@ -587,7 +587,7 @@ "path": "instance-test/DefaultTest/Default", "constructInfo": { "fqn": "constructs.Construct", - "version": "10.2.9" + "version": "10.2.26" } }, "DeployAssert": { @@ -633,7 +633,7 @@ "path": "Tree", "constructInfo": { "fqn": "constructs.Construct", - "version": "10.2.9" + "version": "10.2.26" } } }, diff --git a/packages/@aws-cdk/aws-iot-actions-alpha/test/kinesis-firehose/integ.firehose-put-record-action.js.snapshot/manifest.json b/packages/@aws-cdk/aws-iot-actions-alpha/test/kinesis-firehose/integ.firehose-put-record-action.js.snapshot/manifest.json index 41ea24ee3e629..82ee2aac7997a 100644 --- a/packages/@aws-cdk/aws-iot-actions-alpha/test/kinesis-firehose/integ.firehose-put-record-action.js.snapshot/manifest.json +++ b/packages/@aws-cdk/aws-iot-actions-alpha/test/kinesis-firehose/integ.firehose-put-record-action.js.snapshot/manifest.json @@ -17,7 +17,7 @@ "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/834a14d23abdedaf507b2c26f38b0b86c4251a2fec7fbf3eec4bf794f4d74650.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/ccba2c7f389f66409665f07bcb2666a07a8c23938ebc9b56a50efab196a77ed4.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ diff --git a/packages/@aws-cdk/aws-iot-actions-alpha/test/kinesis-firehose/integ.firehose-put-record-action.js.snapshot/test-stack.assets.json b/packages/@aws-cdk/aws-iot-actions-alpha/test/kinesis-firehose/integ.firehose-put-record-action.js.snapshot/test-stack.assets.json index 942de8c88ca01..424728eeb36e8 100644 --- a/packages/@aws-cdk/aws-iot-actions-alpha/test/kinesis-firehose/integ.firehose-put-record-action.js.snapshot/test-stack.assets.json +++ b/packages/@aws-cdk/aws-iot-actions-alpha/test/kinesis-firehose/integ.firehose-put-record-action.js.snapshot/test-stack.assets.json @@ -1,7 +1,7 @@ { "version": "32.0.0", "files": { - "834a14d23abdedaf507b2c26f38b0b86c4251a2fec7fbf3eec4bf794f4d74650": { + "ccba2c7f389f66409665f07bcb2666a07a8c23938ebc9b56a50efab196a77ed4": { "source": { "path": "test-stack.template.json", "packaging": "file" @@ -9,7 +9,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "834a14d23abdedaf507b2c26f38b0b86c4251a2fec7fbf3eec4bf794f4d74650.json", + "objectKey": "ccba2c7f389f66409665f07bcb2666a07a8c23938ebc9b56a50efab196a77ed4.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/packages/@aws-cdk/aws-iot-actions-alpha/test/kinesis-firehose/integ.firehose-put-record-action.js.snapshot/test-stack.template.json b/packages/@aws-cdk/aws-iot-actions-alpha/test/kinesis-firehose/integ.firehose-put-record-action.js.snapshot/test-stack.template.json index 34098024529f9..5dc2d8c7d7be7 100644 --- a/packages/@aws-cdk/aws-iot-actions-alpha/test/kinesis-firehose/integ.firehose-put-record-action.js.snapshot/test-stack.template.json +++ b/packages/@aws-cdk/aws-iot-actions-alpha/test/kinesis-firehose/integ.firehose-put-record-action.js.snapshot/test-stack.template.json @@ -293,6 +293,9 @@ "eu-west-3": { "FirehoseCidrBlock": "35.180.1.96/27" }, + "me-central-1": { + "FirehoseCidrBlock": "3.28.159.64/26/27" + }, "me-south-1": { "FirehoseCidrBlock": "15.185.91.0/27" }, diff --git a/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream.js.snapshot/aws-cdk-firehose-delivery-stream.assets.json b/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream.js.snapshot/aws-cdk-firehose-delivery-stream.assets.json index c655e6aae678c..2c82b5d43992b 100644 --- a/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream.js.snapshot/aws-cdk-firehose-delivery-stream.assets.json +++ b/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream.js.snapshot/aws-cdk-firehose-delivery-stream.assets.json @@ -1,7 +1,7 @@ { "version": "32.0.0", "files": { - "466a26e514989ad40188482bf23ec485ab4709d80aed97fd24ed168bb6c3c4b7": { + "67bc58d61807d4199cfee4e3648f547f9166e2cfd4daff09c30e062dc39836bb": { "source": { "path": "aws-cdk-firehose-delivery-stream.template.json", "packaging": "file" @@ -9,7 +9,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "466a26e514989ad40188482bf23ec485ab4709d80aed97fd24ed168bb6c3c4b7.json", + "objectKey": "67bc58d61807d4199cfee4e3648f547f9166e2cfd4daff09c30e062dc39836bb.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream.js.snapshot/aws-cdk-firehose-delivery-stream.template.json b/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream.js.snapshot/aws-cdk-firehose-delivery-stream.template.json index 730158ce746f5..86ed3d79505f1 100644 --- a/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream.js.snapshot/aws-cdk-firehose-delivery-stream.template.json +++ b/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream.js.snapshot/aws-cdk-firehose-delivery-stream.template.json @@ -256,6 +256,9 @@ "eu-west-3": { "FirehoseCidrBlock": "35.180.1.96/27" }, + "me-central-1": { + "FirehoseCidrBlock": "3.28.159.64/26/27" + }, "me-south-1": { "FirehoseCidrBlock": "15.185.91.0/27" }, diff --git a/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream.js.snapshot/cdk.out b/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream.js.snapshot/cdk.out index 7df7694e7a5a5..f0b901e7c06e5 100644 --- a/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream.js.snapshot/cdk.out +++ b/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream.js.snapshot/cdk.out @@ -1 +1 @@ -{"version":"32.0.0"} +{"version":"32.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream.js.snapshot/manifest.json b/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream.js.snapshot/manifest.json index f19888b6d563e..ebc72daf2a385 100644 --- a/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream.js.snapshot/manifest.json +++ b/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream.js.snapshot/manifest.json @@ -17,7 +17,7 @@ "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/466a26e514989ad40188482bf23ec485ab4709d80aed97fd24ed168bb6c3c4b7.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/67bc58d61807d4199cfee4e3648f547f9166e2cfd4daff09c30e062dc39836bb.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ diff --git a/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream.source-stream.js.snapshot/aws-cdk-firehose-delivery-stream-source-stream.assets.json b/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream.source-stream.js.snapshot/aws-cdk-firehose-delivery-stream-source-stream.assets.json index 0d8931500e9c9..e50765e67a8d6 100644 --- a/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream.source-stream.js.snapshot/aws-cdk-firehose-delivery-stream-source-stream.assets.json +++ b/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream.source-stream.js.snapshot/aws-cdk-firehose-delivery-stream-source-stream.assets.json @@ -1,7 +1,7 @@ { "version": "32.0.0", "files": { - "ae388a59961712b21cc8f9722482786c97ec2cbeeacf216f1429cdd0994ee931": { + "2cf7703fe55148d123cd83ca24670c1150ca46d90df2ee140e32782ad3fb1136": { "source": { "path": "aws-cdk-firehose-delivery-stream-source-stream.template.json", "packaging": "file" @@ -9,7 +9,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "ae388a59961712b21cc8f9722482786c97ec2cbeeacf216f1429cdd0994ee931.json", + "objectKey": "2cf7703fe55148d123cd83ca24670c1150ca46d90df2ee140e32782ad3fb1136.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream.source-stream.js.snapshot/aws-cdk-firehose-delivery-stream-source-stream.template.json b/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream.source-stream.js.snapshot/aws-cdk-firehose-delivery-stream-source-stream.template.json index d28a7e9e5b431..84880e2fffaf7 100644 --- a/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream.source-stream.js.snapshot/aws-cdk-firehose-delivery-stream-source-stream.template.json +++ b/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream.source-stream.js.snapshot/aws-cdk-firehose-delivery-stream-source-stream.template.json @@ -272,6 +272,9 @@ "eu-west-3": { "FirehoseCidrBlock": "35.180.1.96/27" }, + "me-central-1": { + "FirehoseCidrBlock": "3.28.159.64/26/27" + }, "me-south-1": { "FirehoseCidrBlock": "15.185.91.0/27" }, diff --git a/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream.source-stream.js.snapshot/manifest.json b/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream.source-stream.js.snapshot/manifest.json index 936ee321e3947..72c575c00b116 100644 --- a/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream.source-stream.js.snapshot/manifest.json +++ b/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream.source-stream.js.snapshot/manifest.json @@ -17,7 +17,7 @@ "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/ae388a59961712b21cc8f9722482786c97ec2cbeeacf216f1429cdd0994ee931.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/2cf7703fe55148d123cd83ca24670c1150ca46d90df2ee140e32782ad3fb1136.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ diff --git a/packages/@aws-cdk/aws-kinesisfirehose-destinations-alpha/test/integ.s3-bucket.lit.js.snapshot/aws-cdk-firehose-delivery-stream-s3-all-properties.assets.json b/packages/@aws-cdk/aws-kinesisfirehose-destinations-alpha/test/integ.s3-bucket.lit.js.snapshot/aws-cdk-firehose-delivery-stream-s3-all-properties.assets.json index 257cc00d1e577..bc1a3b1617343 100644 --- a/packages/@aws-cdk/aws-kinesisfirehose-destinations-alpha/test/integ.s3-bucket.lit.js.snapshot/aws-cdk-firehose-delivery-stream-s3-all-properties.assets.json +++ b/packages/@aws-cdk/aws-kinesisfirehose-destinations-alpha/test/integ.s3-bucket.lit.js.snapshot/aws-cdk-firehose-delivery-stream-s3-all-properties.assets.json @@ -27,7 +27,7 @@ } } }, - "48e1f2c8943aef3f2c0d9e632783b71b5aae97aee0ec7f626744261be0e01cab": { + "0654178c2e8d0b200d13e08bf7506131fee4d25b379a4bc18413f9af11f397f3": { "source": { "path": "aws-cdk-firehose-delivery-stream-s3-all-properties.template.json", "packaging": "file" @@ -35,7 +35,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "48e1f2c8943aef3f2c0d9e632783b71b5aae97aee0ec7f626744261be0e01cab.json", + "objectKey": "0654178c2e8d0b200d13e08bf7506131fee4d25b379a4bc18413f9af11f397f3.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/packages/@aws-cdk/aws-kinesisfirehose-destinations-alpha/test/integ.s3-bucket.lit.js.snapshot/aws-cdk-firehose-delivery-stream-s3-all-properties.template.json b/packages/@aws-cdk/aws-kinesisfirehose-destinations-alpha/test/integ.s3-bucket.lit.js.snapshot/aws-cdk-firehose-delivery-stream-s3-all-properties.template.json index 5b8c528b06805..9b7d3be16ce09 100644 --- a/packages/@aws-cdk/aws-kinesisfirehose-destinations-alpha/test/integ.s3-bucket.lit.js.snapshot/aws-cdk-firehose-delivery-stream-s3-all-properties.template.json +++ b/packages/@aws-cdk/aws-kinesisfirehose-destinations-alpha/test/integ.s3-bucket.lit.js.snapshot/aws-cdk-firehose-delivery-stream-s3-all-properties.template.json @@ -871,6 +871,9 @@ "eu-west-3": { "FirehoseCidrBlock": "35.180.1.96/27" }, + "me-central-1": { + "FirehoseCidrBlock": "3.28.159.64/26/27" + }, "me-south-1": { "FirehoseCidrBlock": "15.185.91.0/27" }, diff --git a/packages/@aws-cdk/aws-kinesisfirehose-destinations-alpha/test/integ.s3-bucket.lit.js.snapshot/manifest.json b/packages/@aws-cdk/aws-kinesisfirehose-destinations-alpha/test/integ.s3-bucket.lit.js.snapshot/manifest.json index 5f334aebecb52..e3d6fa021527a 100644 --- a/packages/@aws-cdk/aws-kinesisfirehose-destinations-alpha/test/integ.s3-bucket.lit.js.snapshot/manifest.json +++ b/packages/@aws-cdk/aws-kinesisfirehose-destinations-alpha/test/integ.s3-bucket.lit.js.snapshot/manifest.json @@ -17,7 +17,7 @@ "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/48e1f2c8943aef3f2c0d9e632783b71b5aae97aee0ec7f626744261be0e01cab.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/0654178c2e8d0b200d13e08bf7506131fee4d25b379a4bc18413f9af11f397f3.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ diff --git a/packages/aws-cdk-lib/cx-api/FEATURE_FLAGS.md b/packages/aws-cdk-lib/cx-api/FEATURE_FLAGS.md index 901042138a6ee..2acd23b556a2f 100644 --- a/packages/aws-cdk-lib/cx-api/FEATURE_FLAGS.md +++ b/packages/aws-cdk-lib/cx-api/FEATURE_FLAGS.md @@ -17,6 +17,10 @@ Flags come in three types: | Flag | Summary | Since | Type | | ----- | ----- | ----- | ----- | +| [@aws-cdk/aws-apigateway:requestValidatorUniqueId](#aws-cdkaws-apigatewayrequestvalidatoruniqueid) | Generate a unique id for each RequestValidator added to a method | V2·NEXT | (fix) | +| [@aws-cdk/aws-ec2:restrictDefaultSecurityGroup](#aws-cdkaws-ec2restrictdefaultsecuritygroup) | Restrict access to the VPC default security group | V2·NEXT | (default) | +| [@aws-cdk/aws-kms:aliasNameRef](#aws-cdkaws-kmsaliasnameref) | KMS Alias name and keyArn will have implicit reference to KMS Key | V2·NEXT | (fix) | +| [@aws-cdk/aws-route53-patters:useCertificate](#aws-cdkaws-route53-pattersusecertificate) | Use the official `Certificate` resource instead of `DnsValidatedCertificate` | V2·NEXT | (default) | | [@aws-cdk/core:newStyleStackSynthesis](#aws-cdkcorenewstylestacksynthesis) | Switch to new stack synthesis method which enables CI/CD | 2.0.0 | (fix) | | [@aws-cdk/core:stackRelativeExports](#aws-cdkcorestackrelativeexports) | Name exports based on the construct paths relative to the stack, rather than the global construct path | 2.0.0 | (fix) | | [@aws-cdk/aws-rds:lowercaseDbIdentifier](#aws-cdkaws-rdslowercasedbidentifier) | Force lowercasing of RDS Cluster names in CDK | 2.0.0 | (fix) | @@ -328,6 +332,82 @@ Encryption can also be configured explicitly using the `encrypted` property. **Compatibility with old behavior:** Pass the `encrypted: false` property to the `FileSystem` construct to disable encryption. +### @aws-cdk/aws-apigateway:requestValidatorUniqueId + +*Generate a unique id for each RequestValidator added to a method* (fix) + +This flag allows multiple RequestValidators to be added to a RestApi when +providing the `RequestValidatorOptions` in the `addMethod()` method. + +If the flag is not set then only a single RequestValidator can be added in this way. +Any additional RequestValidators have to be created directly with `new RequestValidator`. + + +| Since | Default | Recommended | +| ----- | ----- | ----- | +| (not in v1) | | | +| V2·NEXT | `false` | `true` | + + +### @aws-cdk/aws-ec2:restrictDefaultSecurityGroup + +*Restrict access to the VPC default security group* (default) + +Enable this feature flag to remove the default ingress/egress rules from the +VPC default security group. + +When a VPC is created, a default security group is created as well and this cannot +be deleted. The default security group is created with ingress/egress rules that allow +_all_ traffic. [AWS Security best practices recommend](https://docs.aws.amazon.com/securityhub/latest/userguide/ec2-controls.html#ec2-2) +removing these ingress/egress rules in order to restrict access to the default security group. + + +| Since | Default | Recommended | +| ----- | ----- | ----- | +| (not in v1) | | | +| V2·NEXT | `false` | `true` | + +**Compatibility with old behavior:** + To allow all ingress/egress traffic to the VPC default security group you + can set the `restrictDefaultSecurityGroup: false`. + + + +### @aws-cdk/aws-kms:aliasNameRef + +*KMS Alias name and keyArn will have implicit reference to KMS Key* (fix) + +This flag allows an implicit dependency to be created between KMS Alias and KMS Key +when referencing key.aliasName or key.keyArn. + +If the flag is not set then a raw string is passed as the Alias name and no +implicit dependencies will be set. + + +| Since | Default | Recommended | +| ----- | ----- | ----- | +| (not in v1) | | | +| V2·NEXT | `false` | `true` | + + +### @aws-cdk/aws-route53-patters:useCertificate + +*Use the official `Certificate` resource instead of `DnsValidatedCertificate`* (default) + +Enable this feature flag to use the official CloudFormation supported `Certificate` resource instead +of the deprecated `DnsValidatedCertificate` construct. If this flag is enabled and you are creating +the stack in a region other than us-east-1 then you must also set `crossRegionReferences=true` on the +stack. + + +| Since | Default | Recommended | +| ----- | ----- | ----- | +| (not in v1) | | | +| V2·NEXT | `false` | `true` | + +**Compatibility with old behavior:** Define a `DnsValidatedCertificate` explicitly and pass in the `certificate` property + + ### @aws-cdk/core:newStyleStackSynthesis *Switch to new stack synthesis method which enables CI/CD* (fix) diff --git a/packages/aws-cdk-lib/region-info/build-tools/fact-tables.ts b/packages/aws-cdk-lib/region-info/build-tools/fact-tables.ts index c53984246afde..82636eb4a7c02 100644 --- a/packages/aws-cdk-lib/region-info/build-tools/fact-tables.ts +++ b/packages/aws-cdk-lib/region-info/build-tools/fact-tables.ts @@ -231,7 +231,7 @@ export const CLOUDWATCH_LAMBDA_INSIGHTS_ARNS: { [key: string]: any } = { // Europe (Zurich) 'eu-central-2': 'arn:aws:lambda:eu-central-2:033019950311:layer:LambdaInsightsExtension:7', // Middle East (UAE) - 'me-central-1': 'arn:aws:lambda:me-central-1:732604637566:layer:LambdaInsightsExtension:6', + 'me-central-1': 'arn:aws:lambda:me-central-1:732604637566:layer:LambdaInsightsExtension:9', }, }, '1.0.143.0': { @@ -538,6 +538,7 @@ export const FIREHOSE_CIDR_BLOCKS: { [region: string]: string } = { 'eu-west-2': '18.130.1.96', 'eu-west-3': '35.180.1.96', 'me-south-1': '15.185.91.0', + 'me-central-1': '3.28.159.64/26', 'sa-east-1': '18.228.1.128', 'us-east-1': '52.70.63.192', 'us-east-2': '13.58.135.96', @@ -666,6 +667,7 @@ const ADOT_LAMBDA_LAYER_JAVA_SDK_ARNS: { [version: string]: { [arch: string]: { 'eu-west-1': 'arn:aws:lambda:eu-west-1:901920570463:layer:aws-otel-java-wrapper-amd64-ver-1-24-0:1', 'eu-west-2': 'arn:aws:lambda:eu-west-2:901920570463:layer:aws-otel-java-wrapper-amd64-ver-1-24-0:1', 'eu-west-3': 'arn:aws:lambda:eu-west-3:901920570463:layer:aws-otel-java-wrapper-amd64-ver-1-24-0:1', + 'ma-central-1': 'arn:aws:lambda:me-central-1:901920570463:layer:aws-otel-java-wrapper-amd64-ver-1-24-0:1', 'sa-east-1': 'arn:aws:lambda:sa-east-1:901920570463:layer:aws-otel-java-wrapper-amd64-ver-1-24-0:1', 'us-east-1': 'arn:aws:lambda:us-east-1:901920570463:layer:aws-otel-java-wrapper-amd64-ver-1-24-0:1', 'us-east-2': 'arn:aws:lambda:us-east-2:901920570463:layer:aws-otel-java-wrapper-amd64-ver-1-24-0:1', @@ -686,6 +688,7 @@ const ADOT_LAMBDA_LAYER_JAVA_SDK_ARNS: { [version: string]: { [arch: string]: { 'eu-west-1': 'arn:aws:lambda:eu-west-1:901920570463:layer:aws-otel-java-wrapper-arm64-ver-1-24-0:1', 'eu-west-2': 'arn:aws:lambda:eu-west-2:901920570463:layer:aws-otel-java-wrapper-arm64-ver-1-24-0:1', 'eu-west-3': 'arn:aws:lambda:eu-west-3:901920570463:layer:aws-otel-java-wrapper-arm64-ver-1-24-0:1', + 'me-central-1': 'arn:aws:lambda:me-central-1:901920570463:layer:aws-otel-java-wrapper-arm64-ver-1-24-0:1', 'sa-east-1': 'arn:aws:lambda:sa-east-1:901920570463:layer:aws-otel-java-wrapper-arm64-ver-1-24-0:1', 'us-east-1': 'arn:aws:lambda:us-east-1:901920570463:layer:aws-otel-java-wrapper-arm64-ver-1-24-0:1', 'us-east-2': 'arn:aws:lambda:us-east-2:901920570463:layer:aws-otel-java-wrapper-arm64-ver-1-24-0:1', @@ -907,6 +910,7 @@ const ADOT_LAMBDA_LAYER_JAVA_AUTO_INSTRUMENTATION_ARNS: { 'eu-west-1': 'arn:aws:lambda:eu-west-1:901920570463:layer:aws-otel-java-agent-amd64-ver-1-24-0:1', 'eu-west-2': 'arn:aws:lambda:eu-west-2:901920570463:layer:aws-otel-java-agent-amd64-ver-1-24-0:1', 'eu-west-3': 'arn:aws:lambda:eu-west-3:901920570463:layer:aws-otel-java-agent-amd64-ver-1-24-0:1', + 'me-central-1': 'arn:aws:lambda:me-central-1:901920570463:layer:aws-otel-java-agent-amd64-ver-1-24-0:1', 'sa-east-1': 'arn:aws:lambda:sa-east-1:901920570463:layer:aws-otel-java-agent-amd64-ver-1-24-0:1', 'us-east-1': 'arn:aws:lambda:us-east-1:901920570463:layer:aws-otel-java-agent-amd64-ver-1-24-0:1', 'us-east-2': 'arn:aws:lambda:us-east-2:901920570463:layer:aws-otel-java-agent-amd64-ver-1-24-0:1', @@ -927,6 +931,7 @@ const ADOT_LAMBDA_LAYER_JAVA_AUTO_INSTRUMENTATION_ARNS: { 'eu-west-1': 'arn:aws:lambda:eu-west-1:901920570463:layer:aws-otel-java-agent-arm64-ver-1-24-0:1', 'eu-west-2': 'arn:aws:lambda:eu-west-2:901920570463:layer:aws-otel-java-agent-arm64-ver-1-24-0:1', 'eu-west-3': 'arn:aws:lambda:eu-west-3:901920570463:layer:aws-otel-java-agent-arm64-ver-1-24-0:1', + 'me-central-1': 'arn:aws:lambda:me-central-1:901920570463:layer:aws-otel-java-agent-arm64-ver-1-24-0:1', 'sa-east-1': 'arn:aws:lambda:sa-east-1:901920570463:layer:aws-otel-java-agent-arm64-ver-1-24-0:1', 'us-east-1': 'arn:aws:lambda:us-east-1:901920570463:layer:aws-otel-java-agent-arm64-ver-1-24-0:1', 'us-east-2': 'arn:aws:lambda:us-east-2:901920570463:layer:aws-otel-java-agent-arm64-ver-1-24-0:1', @@ -1146,6 +1151,7 @@ const ADOT_LAMBDA_LAYER_JAVASCRIPT_SDK_ARNS: { [version: string]: { [arch: strin 'eu-west-1': 'arn:aws:lambda:eu-west-1:901920570463:layer:aws-otel-nodejs-amd64-ver-1-12-0:1', 'eu-west-2': 'arn:aws:lambda:eu-west-2:901920570463:layer:aws-otel-nodejs-amd64-ver-1-12-0:1', 'eu-west-3': 'arn:aws:lambda:eu-west-3:901920570463:layer:aws-otel-nodejs-amd64-ver-1-12-0:1', + 'me-central-1': 'arn:aws:lambda:me-central-1:901920570463:layer:aws-otel-nodejs-amd64-ver-1-12-0:1', 'sa-east-1': 'arn:aws:lambda:sa-east-1:901920570463:layer:aws-otel-nodejs-amd64-ver-1-12-0:1', 'us-east-1': 'arn:aws:lambda:us-east-1:901920570463:layer:aws-otel-nodejs-amd64-ver-1-12-0:1', 'us-east-2': 'arn:aws:lambda:us-east-2:901920570463:layer:aws-otel-nodejs-amd64-ver-1-12-0:1', @@ -1166,6 +1172,7 @@ const ADOT_LAMBDA_LAYER_JAVASCRIPT_SDK_ARNS: { [version: string]: { [arch: strin 'eu-west-1': 'arn:aws:lambda:eu-west-1:901920570463:layer:aws-otel-nodejs-arm64-ver-1-12-0:1', 'eu-west-2': 'arn:aws:lambda:eu-west-2:901920570463:layer:aws-otel-nodejs-arm64-ver-1-12-0:1', 'eu-west-3': 'arn:aws:lambda:eu-west-3:901920570463:layer:aws-otel-nodejs-arm64-ver-1-12-0:1', + 'me-central-1': 'arn:aws:lambda:me-central-1:901920570463:layer:aws-otel-nodejs-arm64-ver-1-12-0:1', 'sa-east-1': 'arn:aws:lambda:sa-east-1:901920570463:layer:aws-otel-nodejs-arm64-ver-1-12-0:1', 'us-east-1': 'arn:aws:lambda:us-east-1:901920570463:layer:aws-otel-nodejs-arm64-ver-1-12-0:1', 'us-east-2': 'arn:aws:lambda:us-east-2:901920570463:layer:aws-otel-nodejs-arm64-ver-1-12-0:1', @@ -1347,6 +1354,7 @@ const ADOT_LAMBDA_LAYER_PYTHON_SDK_ARNS: { [version: string]: { [arch: string]: 'eu-west-1': 'arn:aws:lambda:eu-west-1:901920570463:layer:aws-otel-python-amd64-ver-1-17-0:1', 'eu-west-2': 'arn:aws:lambda:eu-west-2:901920570463:layer:aws-otel-python-amd64-ver-1-17-0:1', 'eu-west-3': 'arn:aws:lambda:eu-west-3:901920570463:layer:aws-otel-python-amd64-ver-1-17-0:1', + 'me-central-1': 'arn:aws:lambda:me-central-1:901920570463:layer:aws-otel-python-amd64-ver-1-17-0:1', 'sa-east-1': 'arn:aws:lambda:sa-east-1:901920570463:layer:aws-otel-python-amd64-ver-1-17-0:1', 'us-east-1': 'arn:aws:lambda:us-east-1:901920570463:layer:aws-otel-python-amd64-ver-1-17-0:1', 'us-east-2': 'arn:aws:lambda:us-east-2:901920570463:layer:aws-otel-python-amd64-ver-1-17-0:1', @@ -1367,6 +1375,7 @@ const ADOT_LAMBDA_LAYER_PYTHON_SDK_ARNS: { [version: string]: { [arch: string]: 'eu-west-1': 'arn:aws:lambda:eu-west-1:901920570463:layer:aws-otel-python-arm64-ver-1-17-0:1', 'eu-west-2': 'arn:aws:lambda:eu-west-2:901920570463:layer:aws-otel-python-arm64-ver-1-17-0:1', 'eu-west-3': 'arn:aws:lambda:eu-west-3:901920570463:layer:aws-otel-python-arm64-ver-1-17-0:1', + 'me-central-1': 'arn:aws:lambda:me-central-1:901920570463:layer:aws-otel-python-arm64-ver-1-17-0:1', 'sa-east-1': 'arn:aws:lambda:sa-east-1:901920570463:layer:aws-otel-python-arm64-ver-1-17-0:1', 'us-east-1': 'arn:aws:lambda:us-east-1:901920570463:layer:aws-otel-python-arm64-ver-1-17-0:1', 'us-east-2': 'arn:aws:lambda:us-east-2:901920570463:layer:aws-otel-python-arm64-ver-1-17-0:1', @@ -1548,6 +1557,7 @@ const ADOT_LAMBDA_LAYER_GENERIC_ARNS: { [version: string]: { [arch: string]: { [ 'eu-west-1': 'arn:aws:lambda:eu-west-1:901920570463:layer:aws-otel-collector-amd64-ver-0-74-0:1', 'eu-west-2': 'arn:aws:lambda:eu-west-2:901920570463:layer:aws-otel-collector-amd64-ver-0-74-0:1', 'eu-west-3': 'arn:aws:lambda:eu-west-3:901920570463:layer:aws-otel-collector-amd64-ver-0-74-0:1', + 'me-central-1': 'arn:aws:lambda:me-central-1:901920570463:layer:aws-otel-collector-amd64-ver-0-74-0:1', 'sa-east-1': 'arn:aws:lambda:sa-east-1:901920570463:layer:aws-otel-collector-amd64-ver-0-74-0:1', 'us-east-1': 'arn:aws:lambda:us-east-1:901920570463:layer:aws-otel-collector-amd64-ver-0-74-0:1', 'us-east-2': 'arn:aws:lambda:us-east-2:901920570463:layer:aws-otel-collector-amd64-ver-0-74-0:1', @@ -1568,6 +1578,7 @@ const ADOT_LAMBDA_LAYER_GENERIC_ARNS: { [version: string]: { [arch: string]: { [ 'eu-west-1': 'arn:aws:lambda:eu-west-1:901920570463:layer:aws-otel-collector-arm64-ver-0-74-0:1', 'eu-west-2': 'arn:aws:lambda:eu-west-2:901920570463:layer:aws-otel-collector-arm64-ver-0-74-0:1', 'eu-west-3': 'arn:aws:lambda:eu-west-3:901920570463:layer:aws-otel-collector-arm64-ver-0-74-0:1', + 'me-central-1': 'arn:aws:lambda:me-central-1:901920570463:layer:aws-otel-collector-arm64-ver-0-74-0:1', 'sa-east-1': 'arn:aws:lambda:sa-east-1:901920570463:layer:aws-otel-collector-arm64-ver-0-74-0:1', 'us-east-1': 'arn:aws:lambda:us-east-1:901920570463:layer:aws-otel-collector-arm64-ver-0-74-0:1', 'us-east-2': 'arn:aws:lambda:us-east-2:901920570463:layer:aws-otel-collector-arm64-ver-0-74-0:1', diff --git a/packages/aws-cdk-lib/region-info/test/__snapshots__/region-info.test.js.snap b/packages/aws-cdk-lib/region-info/test/__snapshots__/region-info.test.js.snap index 5fb7028ef4901..53918ca020ea9 100644 --- a/packages/aws-cdk-lib/region-info/test/__snapshots__/region-info.test.js.snap +++ b/packages/aws-cdk-lib/region-info/test/__snapshots__/region-info.test.js.snap @@ -748,7 +748,7 @@ exports[`built-in data is correct 1`] = ` "1.0.119.0": undefined, "1.0.135.0": undefined, "1.0.143.0": undefined, - "1.0.178.0": "arn:aws:lambda:me-central-1:732604637566:layer:LambdaInsightsExtension:6", + "1.0.178.0": "arn:aws:lambda:me-central-1:732604637566:layer:LambdaInsightsExtension:9", "1.0.54.0": undefined, "1.0.86.0": undefined, "1.0.89.0": undefined, From 81532375a8745bc7ffb439e53d042b251a43e43e Mon Sep 17 00:00:00 2001 From: Noritaka Sekiyama Date: Thu, 29 Jun 2023 21:32:13 +0900 Subject: [PATCH 10/12] fix(glue): support Ray jobs with Runtime parameter (#25867) AWS Glue recently changed API and CloudFormation spec to require `Runtime` parameter for Ray jobs. To address the changes, I am submitting this PR. This PR is for fixing the issue #25787. ## Reference CloudFormation doc has been also updated for `Runtime` parameter. https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-glue-job-jobcommand.html#cfn-glue-job-jobcommand-runtime ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- packages/@aws-cdk/aws-glue-alpha/README.md | 1 + .../aws-glue-alpha/lib/job-executable.ts | 44 +++++ packages/@aws-cdk/aws-glue-alpha/lib/job.ts | 1 + .../aws-glue-job.assets.json | 6 +- .../aws-glue-job.template.json | 3 +- .../test/integ.job.js.snapshot/cdk.out | 2 +- .../test/integ.job.js.snapshot/integ.json | 2 +- .../test/integ.job.js.snapshot/manifest.json | 4 +- .../test/integ.job.js.snapshot/tree.json | 181 +++++++++--------- .../@aws-cdk/aws-glue-alpha/test/integ.job.ts | 4 +- .../test/job-executable.test.ts | 1 + .../@aws-cdk/aws-glue-alpha/test/job.test.ts | 14 ++ 12 files changed, 163 insertions(+), 100 deletions(-) diff --git a/packages/@aws-cdk/aws-glue-alpha/README.md b/packages/@aws-cdk/aws-glue-alpha/README.md index d1fd381446dfb..b07770c6666f7 100644 --- a/packages/@aws-cdk/aws-glue-alpha/README.md +++ b/packages/@aws-cdk/aws-glue-alpha/README.md @@ -94,6 +94,7 @@ new glue.Job(this, 'RayJob', { executable: glue.JobExecutable.pythonRay({ glueVersion: glue.GlueVersion.V4_0, pythonVersion: glue.PythonVersion.THREE_NINE, + runtime: glue.Runtime.RAY_TWO_FOUR, script: glue.Code.fromAsset(path.join(__dirname, 'job-script/hello_world.py')), }), workerType: glue.WorkerType.Z_2X, diff --git a/packages/@aws-cdk/aws-glue-alpha/lib/job-executable.ts b/packages/@aws-cdk/aws-glue-alpha/lib/job-executable.ts index 8ad29c1108b70..c121f69193b16 100644 --- a/packages/@aws-cdk/aws-glue-alpha/lib/job-executable.ts +++ b/packages/@aws-cdk/aws-glue-alpha/lib/job-executable.ts @@ -87,6 +87,34 @@ export enum PythonVersion { THREE_NINE = '3.9', } +/** + * AWS Glue runtime determines the runtime engine of the job. + * + */ +export class Runtime { + /** + * Runtime for a Glue for Ray 2.4. + */ + public static readonly RAY_TWO_FOUR = new Runtime('Ray2.4'); + + /** + * Custom runtime + * @param runtime custom runtime + */ + public static of(runtime: string): Runtime { + return new Runtime(runtime); + } + + /** + * The name of this Runtime. + */ + public readonly name: string; + + private constructor(name: string) { + this.name = name; + } +} + /** * The job type. * @@ -150,6 +178,12 @@ interface PythonExecutableProps { } interface SharedJobExecutableProps { + /** + * Runtime. It is required for Ray jobs. + * + */ + readonly runtime?: Runtime; + /** * Glue version. * @@ -347,6 +381,9 @@ export class JobExecutable { if (config.pythonVersion === PythonVersion.THREE && config.type === JobType.RAY) { throw new Error('Specified PythonVersion PythonVersion.THREE is not supported for Ray'); } + if (config.runtime === undefined && config.type === JobType.RAY) { + throw new Error('Runtime is required for Ray jobs.'); + } this.config = config; } @@ -388,6 +425,13 @@ export interface JobExecutableConfig { */ readonly pythonVersion?: PythonVersion; + /** + * The Runtime to use. + * + * @default - no runtime specified + */ + readonly runtime?: Runtime; + /** * The script that is executed by a job. */ diff --git a/packages/@aws-cdk/aws-glue-alpha/lib/job.ts b/packages/@aws-cdk/aws-glue-alpha/lib/job.ts index 76487882e3758..beace10bd8acc 100644 --- a/packages/@aws-cdk/aws-glue-alpha/lib/job.ts +++ b/packages/@aws-cdk/aws-glue-alpha/lib/job.ts @@ -685,6 +685,7 @@ export class Job extends JobBase { name: executable.type.name, scriptLocation: this.codeS3ObjectUrl(executable.script), pythonVersion: executable.pythonVersion, + runtime: executable.runtime ? executable.runtime.name : undefined, }, glueVersion: executable.glueVersion.name, workerType: props.workerType?.name, diff --git a/packages/@aws-cdk/aws-glue-alpha/test/integ.job.js.snapshot/aws-glue-job.assets.json b/packages/@aws-cdk/aws-glue-alpha/test/integ.job.js.snapshot/aws-glue-job.assets.json index 5519b93f322d2..ae93bf2c5f576 100644 --- a/packages/@aws-cdk/aws-glue-alpha/test/integ.job.js.snapshot/aws-glue-job.assets.json +++ b/packages/@aws-cdk/aws-glue-alpha/test/integ.job.js.snapshot/aws-glue-job.assets.json @@ -1,5 +1,5 @@ { - "version": "29.0.0", + "version": "32.0.0", "files": { "432033e3218068a915d2532fa9be7858a12b228a2ae6e5c10faccd9097b1e855": { "source": { @@ -14,7 +14,7 @@ } } }, - "b553fef631f82898c826f3c20e1de0d155dbd3a35339ef92d0893052a5be69ce": { + "e99fb38377ba41ea9e74da162cf01b6821baa17e8e3d003c711b03d822356b89": { "source": { "path": "aws-glue-job.template.json", "packaging": "file" @@ -22,7 +22,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "b553fef631f82898c826f3c20e1de0d155dbd3a35339ef92d0893052a5be69ce.json", + "objectKey": "e99fb38377ba41ea9e74da162cf01b6821baa17e8e3d003c711b03d822356b89.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/packages/@aws-cdk/aws-glue-alpha/test/integ.job.js.snapshot/aws-glue-job.template.json b/packages/@aws-cdk/aws-glue-alpha/test/integ.job.js.snapshot/aws-glue-job.template.json index f8dc5203f4bba..92ffc1c36ba4a 100644 --- a/packages/@aws-cdk/aws-glue-alpha/test/integ.job.js.snapshot/aws-glue-job.template.json +++ b/packages/@aws-cdk/aws-glue-alpha/test/integ.job.js.snapshot/aws-glue-job.template.json @@ -354,7 +354,7 @@ "Tags": { "key": "value" }, - "WorkerType": "G.025X" + "WorkerType": "G.1X" } }, "EtlJob30ServiceRole8E675579": { @@ -1415,6 +1415,7 @@ "Command": { "Name": "glueray", "PythonVersion": "3.9", + "Runtime": "Ray2.4", "ScriptLocation": { "Fn::Join": [ "", diff --git a/packages/@aws-cdk/aws-glue-alpha/test/integ.job.js.snapshot/cdk.out b/packages/@aws-cdk/aws-glue-alpha/test/integ.job.js.snapshot/cdk.out index d8b441d447f8a..f0b901e7c06e5 100644 --- a/packages/@aws-cdk/aws-glue-alpha/test/integ.job.js.snapshot/cdk.out +++ b/packages/@aws-cdk/aws-glue-alpha/test/integ.job.js.snapshot/cdk.out @@ -1 +1 @@ -{"version":"29.0.0"} \ No newline at end of file +{"version":"32.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-glue-alpha/test/integ.job.js.snapshot/integ.json b/packages/@aws-cdk/aws-glue-alpha/test/integ.job.js.snapshot/integ.json index fa2e902e93c44..3e404e817257e 100644 --- a/packages/@aws-cdk/aws-glue-alpha/test/integ.job.js.snapshot/integ.json +++ b/packages/@aws-cdk/aws-glue-alpha/test/integ.job.js.snapshot/integ.json @@ -1,5 +1,5 @@ { - "version": "29.0.0", + "version": "32.0.0", "testCases": { "integ.job": { "stacks": [ diff --git a/packages/@aws-cdk/aws-glue-alpha/test/integ.job.js.snapshot/manifest.json b/packages/@aws-cdk/aws-glue-alpha/test/integ.job.js.snapshot/manifest.json index e12d21e1befbd..17c822d1ad95a 100644 --- a/packages/@aws-cdk/aws-glue-alpha/test/integ.job.js.snapshot/manifest.json +++ b/packages/@aws-cdk/aws-glue-alpha/test/integ.job.js.snapshot/manifest.json @@ -1,5 +1,5 @@ { - "version": "29.0.0", + "version": "32.0.0", "artifacts": { "aws-glue-job.assets": { "type": "cdk:asset-manifest", @@ -17,7 +17,7 @@ "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/b553fef631f82898c826f3c20e1de0d155dbd3a35339ef92d0893052a5be69ce.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/e99fb38377ba41ea9e74da162cf01b6821baa17e8e3d003c711b03d822356b89.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ diff --git a/packages/@aws-cdk/aws-glue-alpha/test/integ.job.js.snapshot/tree.json b/packages/@aws-cdk/aws-glue-alpha/test/integ.job.js.snapshot/tree.json index 78899d534c9a9..3a1205674b7ac 100644 --- a/packages/@aws-cdk/aws-glue-alpha/test/integ.job.js.snapshot/tree.json +++ b/packages/@aws-cdk/aws-glue-alpha/test/integ.job.js.snapshot/tree.json @@ -20,7 +20,7 @@ "id": "ImportServiceRole", "path": "aws-glue-job/EtlJob2.0/ServiceRole/ImportServiceRole", "constructInfo": { - "fqn": "@aws-cdk/core.Resource", + "fqn": "aws-cdk-lib.Resource", "version": "0.0.0" } }, @@ -59,7 +59,7 @@ } }, "constructInfo": { - "fqn": "@aws-cdk/aws-iam.CfnRole", + "fqn": "aws-cdk-lib.aws_iam.CfnRole", "version": "0.0.0" } }, @@ -165,19 +165,19 @@ } }, "constructInfo": { - "fqn": "@aws-cdk/aws-iam.CfnPolicy", + "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-iam.Policy", + "fqn": "aws-cdk-lib.aws_iam.Policy", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-iam.Role", + "fqn": "aws-cdk-lib.aws_iam.Role", "version": "0.0.0" } }, @@ -193,39 +193,39 @@ "aws:cdk:cloudformation:props": {} }, "constructInfo": { - "fqn": "@aws-cdk/aws-s3.CfnBucket", + "fqn": "aws-cdk-lib.aws_s3.CfnBucket", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-s3.Bucket", + "fqn": "aws-cdk-lib.aws_s3.Bucket", "version": "0.0.0" } }, - "Codebeaf1c9f157c9b396ec6972f85317dbc": { - "id": "Codebeaf1c9f157c9b396ec6972f85317dbc", - "path": "aws-glue-job/EtlJob2.0/Codebeaf1c9f157c9b396ec6972f85317dbc", + "Code2fe0fc936e45d982e718ad516d9c48b5": { + "id": "Code2fe0fc936e45d982e718ad516d9c48b5", + "path": "aws-glue-job/EtlJob2.0/Code2fe0fc936e45d982e718ad516d9c48b5", "children": { "Stage": { "id": "Stage", - "path": "aws-glue-job/EtlJob2.0/Codebeaf1c9f157c9b396ec6972f85317dbc/Stage", + "path": "aws-glue-job/EtlJob2.0/Code2fe0fc936e45d982e718ad516d9c48b5/Stage", "constructInfo": { - "fqn": "@aws-cdk/core.AssetStaging", + "fqn": "aws-cdk-lib.AssetStaging", "version": "0.0.0" } }, "AssetBucket": { "id": "AssetBucket", - "path": "aws-glue-job/EtlJob2.0/Codebeaf1c9f157c9b396ec6972f85317dbc/AssetBucket", + "path": "aws-glue-job/EtlJob2.0/Code2fe0fc936e45d982e718ad516d9c48b5/AssetBucket", "constructInfo": { - "fqn": "@aws-cdk/aws-s3.BucketBase", + "fqn": "aws-cdk-lib.aws_s3.BucketBase", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-s3-assets.Asset", + "fqn": "aws-cdk-lib.aws_s3_assets.Asset", "version": "0.0.0" } }, @@ -296,7 +296,7 @@ } }, "constructInfo": { - "fqn": "@aws-cdk/aws-glue.CfnJob", + "fqn": "aws-cdk-lib.aws_glue.CfnJob", "version": "0.0.0" } }, @@ -345,19 +345,19 @@ } }, "constructInfo": { - "fqn": "@aws-cdk/aws-events.CfnRule", + "fqn": "aws-cdk-lib.aws_events.CfnRule", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-events.Rule", + "fqn": "aws-cdk-lib.aws_events.Rule", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-glue.Job", + "fqn": "@aws-cdk/aws-glue-alpha.Job", "version": "0.0.0" } }, @@ -373,7 +373,7 @@ "id": "ImportServiceRole", "path": "aws-glue-job/StreamingJob2.0/ServiceRole/ImportServiceRole", "constructInfo": { - "fqn": "@aws-cdk/core.Resource", + "fqn": "aws-cdk-lib.Resource", "version": "0.0.0" } }, @@ -412,7 +412,7 @@ } }, "constructInfo": { - "fqn": "@aws-cdk/aws-iam.CfnRole", + "fqn": "aws-cdk-lib.aws_iam.CfnRole", "version": "0.0.0" } }, @@ -481,19 +481,19 @@ } }, "constructInfo": { - "fqn": "@aws-cdk/aws-iam.CfnPolicy", + "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-iam.Policy", + "fqn": "aws-cdk-lib.aws_iam.Policy", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-iam.Role", + "fqn": "aws-cdk-lib.aws_iam.Role", "version": "0.0.0" } }, @@ -536,17 +536,17 @@ "tags": { "key": "value" }, - "workerType": "G.025X" + "workerType": "G.1X" } }, "constructInfo": { - "fqn": "@aws-cdk/aws-glue.CfnJob", + "fqn": "aws-cdk-lib.aws_glue.CfnJob", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-glue.Job", + "fqn": "@aws-cdk/aws-glue-alpha.Job", "version": "0.0.0" } }, @@ -562,7 +562,7 @@ "id": "ImportServiceRole", "path": "aws-glue-job/EtlJob3.0/ServiceRole/ImportServiceRole", "constructInfo": { - "fqn": "@aws-cdk/core.Resource", + "fqn": "aws-cdk-lib.Resource", "version": "0.0.0" } }, @@ -601,7 +601,7 @@ } }, "constructInfo": { - "fqn": "@aws-cdk/aws-iam.CfnRole", + "fqn": "aws-cdk-lib.aws_iam.CfnRole", "version": "0.0.0" } }, @@ -707,19 +707,19 @@ } }, "constructInfo": { - "fqn": "@aws-cdk/aws-iam.CfnPolicy", + "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-iam.Policy", + "fqn": "aws-cdk-lib.aws_iam.Policy", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-iam.Role", + "fqn": "aws-cdk-lib.aws_iam.Role", "version": "0.0.0" } }, @@ -735,13 +735,13 @@ "aws:cdk:cloudformation:props": {} }, "constructInfo": { - "fqn": "@aws-cdk/aws-s3.CfnBucket", + "fqn": "aws-cdk-lib.aws_s3.CfnBucket", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-s3.Bucket", + "fqn": "aws-cdk-lib.aws_s3.Bucket", "version": "0.0.0" } }, @@ -812,7 +812,7 @@ } }, "constructInfo": { - "fqn": "@aws-cdk/aws-glue.CfnJob", + "fqn": "aws-cdk-lib.aws_glue.CfnJob", "version": "0.0.0" } }, @@ -861,19 +861,19 @@ } }, "constructInfo": { - "fqn": "@aws-cdk/aws-events.CfnRule", + "fqn": "aws-cdk-lib.aws_events.CfnRule", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-events.Rule", + "fqn": "aws-cdk-lib.aws_events.Rule", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-glue.Job", + "fqn": "@aws-cdk/aws-glue-alpha.Job", "version": "0.0.0" } }, @@ -889,7 +889,7 @@ "id": "ImportServiceRole", "path": "aws-glue-job/StreamingJob3.0/ServiceRole/ImportServiceRole", "constructInfo": { - "fqn": "@aws-cdk/core.Resource", + "fqn": "aws-cdk-lib.Resource", "version": "0.0.0" } }, @@ -928,7 +928,7 @@ } }, "constructInfo": { - "fqn": "@aws-cdk/aws-iam.CfnRole", + "fqn": "aws-cdk-lib.aws_iam.CfnRole", "version": "0.0.0" } }, @@ -997,19 +997,19 @@ } }, "constructInfo": { - "fqn": "@aws-cdk/aws-iam.CfnPolicy", + "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-iam.Policy", + "fqn": "aws-cdk-lib.aws_iam.Policy", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-iam.Role", + "fqn": "aws-cdk-lib.aws_iam.Role", "version": "0.0.0" } }, @@ -1056,13 +1056,13 @@ } }, "constructInfo": { - "fqn": "@aws-cdk/aws-glue.CfnJob", + "fqn": "aws-cdk-lib.aws_glue.CfnJob", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-glue.Job", + "fqn": "@aws-cdk/aws-glue-alpha.Job", "version": "0.0.0" } }, @@ -1078,7 +1078,7 @@ "id": "ImportServiceRole", "path": "aws-glue-job/EtlJob4.0/ServiceRole/ImportServiceRole", "constructInfo": { - "fqn": "@aws-cdk/core.Resource", + "fqn": "aws-cdk-lib.Resource", "version": "0.0.0" } }, @@ -1117,7 +1117,7 @@ } }, "constructInfo": { - "fqn": "@aws-cdk/aws-iam.CfnRole", + "fqn": "aws-cdk-lib.aws_iam.CfnRole", "version": "0.0.0" } }, @@ -1223,19 +1223,19 @@ } }, "constructInfo": { - "fqn": "@aws-cdk/aws-iam.CfnPolicy", + "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-iam.Policy", + "fqn": "aws-cdk-lib.aws_iam.Policy", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-iam.Role", + "fqn": "aws-cdk-lib.aws_iam.Role", "version": "0.0.0" } }, @@ -1251,13 +1251,13 @@ "aws:cdk:cloudformation:props": {} }, "constructInfo": { - "fqn": "@aws-cdk/aws-s3.CfnBucket", + "fqn": "aws-cdk-lib.aws_s3.CfnBucket", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-s3.Bucket", + "fqn": "aws-cdk-lib.aws_s3.Bucket", "version": "0.0.0" } }, @@ -1328,7 +1328,7 @@ } }, "constructInfo": { - "fqn": "@aws-cdk/aws-glue.CfnJob", + "fqn": "aws-cdk-lib.aws_glue.CfnJob", "version": "0.0.0" } }, @@ -1377,19 +1377,19 @@ } }, "constructInfo": { - "fqn": "@aws-cdk/aws-events.CfnRule", + "fqn": "aws-cdk-lib.aws_events.CfnRule", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-events.Rule", + "fqn": "aws-cdk-lib.aws_events.Rule", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-glue.Job", + "fqn": "@aws-cdk/aws-glue-alpha.Job", "version": "0.0.0" } }, @@ -1405,7 +1405,7 @@ "id": "ImportServiceRole", "path": "aws-glue-job/StreamingJob4.0/ServiceRole/ImportServiceRole", "constructInfo": { - "fqn": "@aws-cdk/core.Resource", + "fqn": "aws-cdk-lib.Resource", "version": "0.0.0" } }, @@ -1444,7 +1444,7 @@ } }, "constructInfo": { - "fqn": "@aws-cdk/aws-iam.CfnRole", + "fqn": "aws-cdk-lib.aws_iam.CfnRole", "version": "0.0.0" } }, @@ -1513,19 +1513,19 @@ } }, "constructInfo": { - "fqn": "@aws-cdk/aws-iam.CfnPolicy", + "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-iam.Policy", + "fqn": "aws-cdk-lib.aws_iam.Policy", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-iam.Role", + "fqn": "aws-cdk-lib.aws_iam.Role", "version": "0.0.0" } }, @@ -1572,13 +1572,13 @@ } }, "constructInfo": { - "fqn": "@aws-cdk/aws-glue.CfnJob", + "fqn": "aws-cdk-lib.aws_glue.CfnJob", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-glue.Job", + "fqn": "@aws-cdk/aws-glue-alpha.Job", "version": "0.0.0" } }, @@ -1594,7 +1594,7 @@ "id": "ImportServiceRole", "path": "aws-glue-job/ShellJob/ServiceRole/ImportServiceRole", "constructInfo": { - "fqn": "@aws-cdk/core.Resource", + "fqn": "aws-cdk-lib.Resource", "version": "0.0.0" } }, @@ -1633,7 +1633,7 @@ } }, "constructInfo": { - "fqn": "@aws-cdk/aws-iam.CfnRole", + "fqn": "aws-cdk-lib.aws_iam.CfnRole", "version": "0.0.0" } }, @@ -1702,19 +1702,19 @@ } }, "constructInfo": { - "fqn": "@aws-cdk/aws-iam.CfnPolicy", + "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-iam.Policy", + "fqn": "aws-cdk-lib.aws_iam.Policy", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-iam.Role", + "fqn": "aws-cdk-lib.aws_iam.Role", "version": "0.0.0" } }, @@ -1759,13 +1759,13 @@ } }, "constructInfo": { - "fqn": "@aws-cdk/aws-glue.CfnJob", + "fqn": "aws-cdk-lib.aws_glue.CfnJob", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-glue.Job", + "fqn": "@aws-cdk/aws-glue-alpha.Job", "version": "0.0.0" } }, @@ -1781,7 +1781,7 @@ "id": "ImportServiceRole", "path": "aws-glue-job/ShellJob39/ServiceRole/ImportServiceRole", "constructInfo": { - "fqn": "@aws-cdk/core.Resource", + "fqn": "aws-cdk-lib.Resource", "version": "0.0.0" } }, @@ -1820,7 +1820,7 @@ } }, "constructInfo": { - "fqn": "@aws-cdk/aws-iam.CfnRole", + "fqn": "aws-cdk-lib.aws_iam.CfnRole", "version": "0.0.0" } }, @@ -1889,19 +1889,19 @@ } }, "constructInfo": { - "fqn": "@aws-cdk/aws-iam.CfnPolicy", + "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-iam.Policy", + "fqn": "aws-cdk-lib.aws_iam.Policy", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-iam.Role", + "fqn": "aws-cdk-lib.aws_iam.Role", "version": "0.0.0" } }, @@ -1946,13 +1946,13 @@ } }, "constructInfo": { - "fqn": "@aws-cdk/aws-glue.CfnJob", + "fqn": "aws-cdk-lib.aws_glue.CfnJob", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-glue.Job", + "fqn": "@aws-cdk/aws-glue-alpha.Job", "version": "0.0.0" } }, @@ -1968,7 +1968,7 @@ "id": "ImportServiceRole", "path": "aws-glue-job/RayJob/ServiceRole/ImportServiceRole", "constructInfo": { - "fqn": "@aws-cdk/core.Resource", + "fqn": "aws-cdk-lib.Resource", "version": "0.0.0" } }, @@ -2007,7 +2007,7 @@ } }, "constructInfo": { - "fqn": "@aws-cdk/aws-iam.CfnRole", + "fqn": "aws-cdk-lib.aws_iam.CfnRole", "version": "0.0.0" } }, @@ -2076,19 +2076,19 @@ } }, "constructInfo": { - "fqn": "@aws-cdk/aws-iam.CfnPolicy", + "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-iam.Policy", + "fqn": "aws-cdk-lib.aws_iam.Policy", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-iam.Role", + "fqn": "aws-cdk-lib.aws_iam.Role", "version": "0.0.0" } }, @@ -2112,7 +2112,8 @@ ] ] }, - "pythonVersion": "3.9" + "pythonVersion": "3.9", + "runtime": "Ray2.4" }, "role": { "Fn::GetAtt": [ @@ -2135,13 +2136,13 @@ } }, "constructInfo": { - "fqn": "@aws-cdk/aws-glue.CfnJob", + "fqn": "aws-cdk-lib.aws_glue.CfnJob", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-glue.Job", + "fqn": "@aws-cdk/aws-glue-alpha.Job", "version": "0.0.0" } }, @@ -2149,7 +2150,7 @@ "id": "BootstrapVersion", "path": "aws-glue-job/BootstrapVersion", "constructInfo": { - "fqn": "@aws-cdk/core.CfnParameter", + "fqn": "aws-cdk-lib.CfnParameter", "version": "0.0.0" } }, @@ -2157,13 +2158,13 @@ "id": "CheckBootstrapVersion", "path": "aws-glue-job/CheckBootstrapVersion", "constructInfo": { - "fqn": "@aws-cdk/core.CfnRule", + "fqn": "aws-cdk-lib.CfnRule", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/core.Stack", + "fqn": "aws-cdk-lib.Stack", "version": "0.0.0" } }, @@ -2172,12 +2173,12 @@ "path": "Tree", "constructInfo": { "fqn": "constructs.Construct", - "version": "10.1.209" + "version": "10.2.26" } } }, "constructInfo": { - "fqn": "@aws-cdk/core.App", + "fqn": "aws-cdk-lib.App", "version": "0.0.0" } } diff --git a/packages/@aws-cdk/aws-glue-alpha/test/integ.job.ts b/packages/@aws-cdk/aws-glue-alpha/test/integ.job.ts index 5b00c70ab126e..6ae1dd8074dad 100644 --- a/packages/@aws-cdk/aws-glue-alpha/test/integ.job.ts +++ b/packages/@aws-cdk/aws-glue-alpha/test/integ.job.ts @@ -55,7 +55,6 @@ const script = glue.Code.fromAsset(path.join(__dirname, 'job-script/hello_world. }, }); etlJob.metricSuccess(); - new glue.Job(stack, 'StreamingJob' + glueVersion.name, { jobName: 'StreamingJob' + glueVersion.name, executable: glue.JobExecutable.pythonStreaming({ @@ -63,7 +62,7 @@ const script = glue.Code.fromAsset(path.join(__dirname, 'job-script/hello_world. glueVersion, script, }), - workerType: glue.WorkerType.G_025X, + workerType: [glue.GlueVersion.V2_0].includes(glueVersion) ? glue.WorkerType.G_1X : glue.WorkerType.G_025X, workerCount: 10, defaultArguments: { arg1: 'value1', @@ -112,6 +111,7 @@ new glue.Job(stack, 'RayJob', { executable: glue.JobExecutable.pythonRay({ glueVersion: glue.GlueVersion.V4_0, pythonVersion: glue.PythonVersion.THREE_NINE, + runtime: glue.Runtime.RAY_TWO_FOUR, script, }), workerType: glue.WorkerType.Z_2X, diff --git a/packages/@aws-cdk/aws-glue-alpha/test/job-executable.test.ts b/packages/@aws-cdk/aws-glue-alpha/test/job-executable.test.ts index 50d890c594bfb..ea575f1a022d4 100644 --- a/packages/@aws-cdk/aws-glue-alpha/test/job-executable.test.ts +++ b/packages/@aws-cdk/aws-glue-alpha/test/job-executable.test.ts @@ -150,6 +150,7 @@ describe('JobExecutable', () => { glueVersion: glue.GlueVersion.V4_0, language: glue.JobLanguage.PYTHON, pythonVersion: glue.PythonVersion.THREE_NINE, + runtime: glue.Runtime.RAY_TWO_FOUR, script, })).toBeDefined(); }); diff --git a/packages/@aws-cdk/aws-glue-alpha/test/job.test.ts b/packages/@aws-cdk/aws-glue-alpha/test/job.test.ts index 5816f2428e603..171857e5b5668 100644 --- a/packages/@aws-cdk/aws-glue-alpha/test/job.test.ts +++ b/packages/@aws-cdk/aws-glue-alpha/test/job.test.ts @@ -617,6 +617,7 @@ describe('Job', () => { executable: glue.JobExecutable.pythonRay({ glueVersion: glue.GlueVersion.V3_0, pythonVersion: glue.PythonVersion.THREE_NINE, + runtime: glue.Runtime.RAY_TWO_FOUR, script, }), workerType: glue.WorkerType.Z_2X, @@ -629,6 +630,7 @@ describe('Job', () => { executable: glue.JobExecutable.pythonRay({ glueVersion: glue.GlueVersion.V4_0, pythonVersion: glue.PythonVersion.THREE_NINE, + runtime: glue.Runtime.RAY_TWO_FOUR, script, }), workerType: glue.WorkerType.Z_2X, @@ -636,6 +638,18 @@ describe('Job', () => { sparkUI: { enabled: true }, })).toThrow('Spark UI is not available for JobType.RAY'); }); + + test('without runtime should throw', () => { + expect(() => new glue.Job(stack, 'Job', { + executable: glue.JobExecutable.pythonRay({ + glueVersion: glue.GlueVersion.V4_0, + pythonVersion: glue.PythonVersion.THREE_NINE, + script, + }), + workerType: glue.WorkerType.Z_2X, + workerCount: 2, + })).toThrow('Runtime is required for Ray jobs.'); + }); }); test('etl job with all props should synthesize correctly', () => { From c7d73a7ddd06e894683e698e6ae5892aab4be8c9 Mon Sep 17 00:00:00 2001 From: "k.goto" <24818752+go-to-k@users.noreply.github.com> Date: Fri, 30 Jun 2023 00:46:24 +0900 Subject: [PATCH 11/12] docs(s3): fix docs for BucketProps (#26140) This PR fixes BucketProps documentation for S3 that is not so good. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- packages/aws-cdk-lib/aws-s3/lib/bucket.ts | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/packages/aws-cdk-lib/aws-s3/lib/bucket.ts b/packages/aws-cdk-lib/aws-s3/lib/bucket.ts index 09a36373baf83..c4129538a3edf 100644 --- a/packages/aws-cdk-lib/aws-s3/lib/bucket.ts +++ b/packages/aws-cdk-lib/aws-s3/lib/bucket.ts @@ -1344,18 +1344,18 @@ export interface BucketProps { * If you choose KMS, you can specify a KMS key via `encryptionKey`. If * encryption key is not specified, a key will automatically be created. * - * @default - `Kms` if `encryptionKey` is specified, or `Managed` otherwise. + * @default - `KMS` if `encryptionKey` is specified, or `UNENCRYPTED` otherwise. + * But if `UNENCRYPTED` is specified, the bucket will be encrypted as `S3_MANAGED` automatically. */ readonly encryption?: BucketEncryption; /** * External KMS key to use for bucket encryption. * - * The 'encryption' property must be either not specified or set to "Kms". - * An error will be emitted if encryption is set to "Unencrypted" or - * "Managed". + * The `encryption` property must be either not specified or set to `KMS` or `DSSE`. + * An error will be emitted if `encryption` is set to `UNENCRYPTED` or `S3_MANAGED`. * - * @default - If encryption is set to "Kms" and this property is undefined, + * @default - If `encryption` is set to `KMS` and this property is undefined, * a new KMS key will be created and associated with this bucket. */ readonly encryptionKey?: kms.IKey; From bc9f3de653248de5808f83b7fb8f3ed5f6fc554e Mon Sep 17 00:00:00 2001 From: Jacco Kulman Date: Thu, 29 Jun 2023 21:46:08 +0200 Subject: [PATCH 12/12] feat(scheduler): ScheduleTargetInput (#25663) This PR contains implementation of ScheduleTargetInput. While a schedule is the main resource in Amazon EventBridge Scheduler, this PR adds ScheduleTargetInput on which ScheduleTargetBase depends. Every Schedule has a target that determines what extra information is sent to the target when the schedule is triggered. Also 4 ContextAttributes can be used that will be resolved at trigger-time. To be able to create sensible unit tests, also the a start is made to add the `Schedule` and the `LambdaInvoke` target as described in the RFC. Implementation is based on RFC: https://github.com/aws/aws-cdk-rfcs/blob/master/text/0474-event-bridge-scheduler-l2.md Also added a small fix to 2 of the unit tests of the previous PR for this module. Advances https://github.com/aws/aws-cdk/issues/23394 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- .../@aws-cdk/aws-scheduler-alpha/README.md | 33 +++- .../@aws-cdk/aws-scheduler-alpha/lib/index.ts | 4 +- .../@aws-cdk/aws-scheduler-alpha/lib/input.ts | 122 +++++++++++++++ .../aws-scheduler-alpha/lib/private/index.ts | 2 + .../lib/private/schedule.ts | 57 +++++++ .../lib/private/targets.ts | 58 +++++++ .../aws-scheduler-alpha/lib/schedule.ts | 8 + .../rosetta/default.ts-fixture | 2 +- .../aws-scheduler-alpha/test/input.test.ts | 143 ++++++++++++++++++ 9 files changed, 425 insertions(+), 4 deletions(-) create mode 100644 packages/@aws-cdk/aws-scheduler-alpha/lib/input.ts create mode 100644 packages/@aws-cdk/aws-scheduler-alpha/lib/private/index.ts create mode 100644 packages/@aws-cdk/aws-scheduler-alpha/lib/private/schedule.ts create mode 100644 packages/@aws-cdk/aws-scheduler-alpha/lib/private/targets.ts create mode 100644 packages/@aws-cdk/aws-scheduler-alpha/lib/schedule.ts create mode 100644 packages/@aws-cdk/aws-scheduler-alpha/test/input.test.ts diff --git a/packages/@aws-cdk/aws-scheduler-alpha/README.md b/packages/@aws-cdk/aws-scheduler-alpha/README.md index 171cecdf66854..7cc01e45a962a 100644 --- a/packages/@aws-cdk/aws-scheduler-alpha/README.md +++ b/packages/@aws-cdk/aws-scheduler-alpha/README.md @@ -37,7 +37,15 @@ This module is part of the [AWS Cloud Development Kit](https://github.com/aws/aw ## Defining a schedule -TODO: Schedule is not yet implemented. See section in [L2 Event Bridge Scheduler RFC](https://github.com/aws/aws-cdk-rfcs/blob/master/text/0474-event-bridge-scheduler-l2.md) +TODO: Schedule is not yet fully implemented. See section in [L2 Event Bridge Scheduler RFC](https://github.com/aws/aws-cdk-rfcs/blob/master/text/0474-event-bridge-scheduler-l2.md) + +[comment]: <> (TODO: change for each PR that implements more functionality) + +Only an L2 class is created that wraps the L1 class and handles the following properties: + +- schedule +- target (only LambdaInvoke is supported for now) +- flexibleTimeWindow will be set to `{ mode: 'OFF' }` ### Schedule Expressions @@ -95,10 +103,31 @@ TODO: Group is not yet implemented. See section in [L2 Event Bridge Scheduler RF TODO: Scheduler Targets Module is not yet implemented. See section in [L2 Event Bridge Scheduler RFC](https://github.com/aws/aws-cdk-rfcs/blob/master/text/0474-event-bridge-scheduler-l2.md) +Only LambdaInvoke target is added for now. + ### Input -TODO: Target Input is not yet implemented. See section in [L2 Event Bridge Scheduler RFC](https://github.com/aws/aws-cdk-rfcs/blob/master/text/0474-event-bridge-scheduler-l2.md) +Target can be invoked with a custom input. Class `ScheduleTargetInput` supports free form text input and JSON-formatted object input: + +```ts +const input = ScheduleTargetInput.fromObject({ + 'QueueName': 'MyQueue' +}); +``` + +You can include context attributes in your target payload. EventBridge Scheduler will replace each keyword with +its respective value and deliver it to the target. See +[full list of supported context attributes](https://docs.aws.amazon.com/scheduler/latest/UserGuide/managing-schedule-context-attributes.html): +1. `ContextAttribute.scheduleArn()` – The ARN of the schedule. +2. `ContextAttribute.scheduledTime()` – The time you specified for the schedule to invoke its target, for example, 2022-03-22T18:59:43Z. +3. `ContextAttribute.executionId()` – The unique ID that EventBridge Scheduler assigns for each attempted invocation of a target, for example, d32c5kddcf5bb8c3. +4. `ContextAttribute.attemptNumber()` – A counter that identifies the attempt number for the current invocation, for example, 1. + +```ts +const text = `Attempt number: ${ContextAttribute.attemptNumber}`; +const input = ScheduleTargetInput.fromText(text); +``` ### Specifying Execution Role diff --git a/packages/@aws-cdk/aws-scheduler-alpha/lib/index.ts b/packages/@aws-cdk/aws-scheduler-alpha/lib/index.ts index c00ab258ae963..c2ff54e61f61b 100644 --- a/packages/@aws-cdk/aws-scheduler-alpha/lib/index.ts +++ b/packages/@aws-cdk/aws-scheduler-alpha/lib/index.ts @@ -1 +1,3 @@ -export * from './schedule-expression'; \ No newline at end of file +export * from './schedule-expression'; +export * from './input'; +export * from './schedule'; \ No newline at end of file diff --git a/packages/@aws-cdk/aws-scheduler-alpha/lib/input.ts b/packages/@aws-cdk/aws-scheduler-alpha/lib/input.ts new file mode 100644 index 0000000000000..682ce0687e374 --- /dev/null +++ b/packages/@aws-cdk/aws-scheduler-alpha/lib/input.ts @@ -0,0 +1,122 @@ +import { DefaultTokenResolver, IResolveContext, Stack, StringConcat, Token, Tokenization } from 'aws-cdk-lib'; +import { ISchedule } from './schedule'; + +/** + * The text, or well-formed JSON, passed to the target of the schedule. + */ +export abstract class ScheduleTargetInput { + /** + * Pass text to the target, it is possible to embed `ContextAttributes` + * that will be resolved to actual values while the CloudFormation is + * deployed or cdk Tokens that will be resolved when the CloudFormation + * templates are generated by CDK. + * + * The target input value will be a single string that you pass. + * For passing complex values like JSON object to a target use method + * `ScheduleTargetInput.fromObject()` instead. + * + * @param text Text to use as the input for the target + */ + public static fromText(text: string): ScheduleTargetInput { + return new FieldAwareEventInput(text); + } + + /** + * Pass a JSON object to the target, it is possible to embed `ContextAttributes` and other + * cdk references. + * + * @param obj object to use to convert to JSON to use as input for the target + */ + public static fromObject(obj: any): ScheduleTargetInput { + return new FieldAwareEventInput(obj); + } + + protected constructor() { + } + + /** + * Return the input properties for this input object + */ + public abstract bind(schedule: ISchedule): string; +} + +class FieldAwareEventInput extends ScheduleTargetInput { + constructor(private readonly input: any) { + super(); + } + + public bind(schedule: ISchedule): string { + class Replacer extends DefaultTokenResolver { + constructor() { + super(new StringConcat()); + } + + public resolveToken(t: Token, _context: IResolveContext) { + return Token.asString(t); + } + } + + const stack = Stack.of(schedule); + return stack.toJsonString(Tokenization.resolve(this.input, { + scope: schedule, + resolver: new Replacer(), + })); + } +} + +/** + * Represents a field in the event pattern + * + * @see https://docs.aws.amazon.com/scheduler/latest/UserGuide/managing-schedule-context-attributes.html + */ +export class ContextAttribute { + /** + * The ARN of the schedule. + */ + public static get scheduleArn(): string { + return this.fromName('schedule-arn'); + } + + /** + * The time you specified for the schedule to invoke its target, for example, + * 2022-03-22T18:59:43Z. + */ + public static get scheduledTime(): string { + return this.fromName('scheduled-time'); + } + + /** + * The unique ID that EventBridge Scheduler assigns for each attempted invocation of + * a target, for example, d32c5kddcf5bb8c3. + */ + public static get executionId(): string { + return this.fromName('execution-id'); + } + + /** + * A counter that identifies the attempt number for the current invocation, for + * example, 1. + */ + public static get attemptNumber(): string { + return this.fromName('attempt-number'); + } + + /** + * Escape hatch for other ContextAttribute that might be resolved in future. + * + * @param name - name will replace xxx in + */ + public static fromName(name: string): string { + return new ContextAttribute(name).toString(); + } + + private constructor(public readonly name: string) { + } + + /** + * Convert the path to the field in the event pattern to JSON + */ + public toString() { + return ``; + } +} diff --git a/packages/@aws-cdk/aws-scheduler-alpha/lib/private/index.ts b/packages/@aws-cdk/aws-scheduler-alpha/lib/private/index.ts new file mode 100644 index 0000000000000..acb4914fd0c93 --- /dev/null +++ b/packages/@aws-cdk/aws-scheduler-alpha/lib/private/index.ts @@ -0,0 +1,2 @@ +export * from './schedule'; +export * from './targets'; diff --git a/packages/@aws-cdk/aws-scheduler-alpha/lib/private/schedule.ts b/packages/@aws-cdk/aws-scheduler-alpha/lib/private/schedule.ts new file mode 100644 index 0000000000000..0e2b33742d18f --- /dev/null +++ b/packages/@aws-cdk/aws-scheduler-alpha/lib/private/schedule.ts @@ -0,0 +1,57 @@ +import { Resource } from 'aws-cdk-lib'; +import { CfnSchedule } from 'aws-cdk-lib/aws-scheduler'; +import { Construct } from 'constructs'; +import { ISchedule } from '../schedule'; +import { ScheduleExpression } from '../schedule-expression'; + +/** + * DISCLAIMER: WORK IN PROGRESS, INTERFACE MIGHT CHANGE + * + * This unit is not yet finished. Only rudimentary Schedule is implemented in order + * to be able to create some sensible unit tests + */ + +export interface IScheduleTarget { + bind(_schedule: ISchedule): CfnSchedule.TargetProperty; +} + +/** + * Construction properties for `Schedule`. + */ +export interface ScheduleProps { + /** + * The expression that defines when the schedule runs. Can be either a `at`, `rate` + * or `cron` expression. + */ + readonly schedule: ScheduleExpression; + + /** + * The schedule's target details. + */ + readonly target: IScheduleTarget; + + /** + * The description you specify for the schedule. + * + * @default - no value + */ + readonly description?: string; +} + +/** + * An EventBridge Schedule + */ +export class Schedule extends Resource implements ISchedule { + constructor(scope: Construct, id: string, props: ScheduleProps) { + super(scope, id); + + new CfnSchedule(this, 'Resource', { + flexibleTimeWindow: { mode: 'OFF' }, + scheduleExpression: props.schedule.expressionString, + scheduleExpressionTimezone: props.schedule.timeZone?.timezoneName, + target: { + ...props.target.bind(this), + }, + }); + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-scheduler-alpha/lib/private/targets.ts b/packages/@aws-cdk/aws-scheduler-alpha/lib/private/targets.ts new file mode 100644 index 0000000000000..1edff1b13db57 --- /dev/null +++ b/packages/@aws-cdk/aws-scheduler-alpha/lib/private/targets.ts @@ -0,0 +1,58 @@ +import * as iam from 'aws-cdk-lib/aws-iam'; +import * as lambda from 'aws-cdk-lib/aws-lambda'; +import { CfnSchedule } from 'aws-cdk-lib/aws-scheduler'; +import { ScheduleTargetInput } from '../input'; +import { ISchedule } from '../schedule'; + +/** + * DISCLAIMER: WORK IN PROGRESS, INTERFACE MIGHT CHANGE + * + * This unit is not yet finished. The LambaInvoke target is only implemented to be able + * to create some sensible unit tests. + */ + +export namespace targets { + export interface ScheduleTargetBaseProps { + readonly role?: iam.IRole; + readonly input?: ScheduleTargetInput; + } + + abstract class ScheduleTargetBase { + constructor( + private readonly baseProps: ScheduleTargetBaseProps, + protected readonly targetArn: string, + ) { + } + + protected abstract addTargetActionToRole(role: iam.IRole): void; + + protected bindBaseTargetConfig(_schedule: ISchedule): CfnSchedule.TargetProperty { + if (typeof this.baseProps.role === undefined) { + throw Error('A role is needed (for now)'); + } + this.addTargetActionToRole(this.baseProps.role!); + return { + arn: this.targetArn, + roleArn: this.baseProps.role!.roleArn, + input: this.baseProps.input?.bind(_schedule), + }; + } + + bind(schedule: ISchedule): CfnSchedule.TargetProperty { + return this.bindBaseTargetConfig(schedule); + } + } + + export class LambdaInvoke extends ScheduleTargetBase { + constructor( + baseProps: ScheduleTargetBaseProps, + private readonly func: lambda.IFunction, + ) { + super(baseProps, func.functionArn); + } + + protected addTargetActionToRole(role: iam.IRole): void { + this.func.grantInvoke(role); + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-scheduler-alpha/lib/schedule.ts b/packages/@aws-cdk/aws-scheduler-alpha/lib/schedule.ts new file mode 100644 index 0000000000000..23bcd9406c0d2 --- /dev/null +++ b/packages/@aws-cdk/aws-scheduler-alpha/lib/schedule.ts @@ -0,0 +1,8 @@ +import { IResource } from 'aws-cdk-lib'; + +/** + * Interface representing a created or an imported `Schedule`. + */ +export interface ISchedule extends IResource { + +} diff --git a/packages/@aws-cdk/aws-scheduler-alpha/rosetta/default.ts-fixture b/packages/@aws-cdk/aws-scheduler-alpha/rosetta/default.ts-fixture index 71131d04c63a3..776fd224ec9b1 100644 --- a/packages/@aws-cdk/aws-scheduler-alpha/rosetta/default.ts-fixture +++ b/packages/@aws-cdk/aws-scheduler-alpha/rosetta/default.ts-fixture @@ -7,7 +7,7 @@ import * as kms from 'aws-cdk-lib/aws-kms'; import * as sqs from 'aws-cdk-lib/aws-sqs'; import * as cloudwatch from 'aws-cdk-lib/aws-cloudwatch'; import { App, Stack, TimeZone, Duration } from 'aws-cdk-lib'; -import { ScheduleExpression } from '@aws-cdk/aws-scheduler-alpha'; +import { ScheduleExpression, ScheduleTargetInput, ContextAttribute } from '@aws-cdk/aws-scheduler-alpha'; class Fixture extends cdk.Stack { constructor(scope: Construct, id: string) { diff --git a/packages/@aws-cdk/aws-scheduler-alpha/test/input.test.ts b/packages/@aws-cdk/aws-scheduler-alpha/test/input.test.ts new file mode 100644 index 0000000000000..adb6042ba3879 --- /dev/null +++ b/packages/@aws-cdk/aws-scheduler-alpha/test/input.test.ts @@ -0,0 +1,143 @@ +import { Stack } from 'aws-cdk-lib'; +import { Template } from 'aws-cdk-lib/assertions'; +import * as iam from 'aws-cdk-lib/aws-iam'; +import * as lambda from 'aws-cdk-lib/aws-lambda'; +import { ContextAttribute, ScheduleExpression, ScheduleTargetInput } from '../lib'; +import { Schedule, targets } from '../lib/private'; + +describe('schedule target input', () => { + let stack: Stack; + let role: iam.IRole; + let func: lambda.IFunction; + const expr = ScheduleExpression.at(new Date(Date.UTC(1969, 10, 20, 0, 0, 0))); + + beforeEach(() => { + stack = new Stack(); + role = iam.Role.fromRoleArn(stack, 'Role', 'arn:aws:iam::123456789012:role/johndoe'); + func = lambda.Function.fromFunctionArn(stack, 'Function', 'arn:aws:lambda:us-east-1:123456789012:function/somefunc'); + }); + + test('create an input from text', () => { + new Schedule(stack, 'MyScheduleDummy', { + schedule: expr, + target: new targets.LambdaInvoke({ + role, + input: ScheduleTargetInput.fromText('test'), + }, func), + }); + Template.fromStack(stack).hasResource('AWS::Scheduler::Schedule', { + Properties: { + Target: { + Input: '"test"', + }, + }, + }); + }); + + test('create an input from text with a ref inside', () => { + new Schedule(stack, 'MyScheduleDummy', { + schedule: expr, + target: new targets.LambdaInvoke({ + role, + input: ScheduleTargetInput.fromText(stack.account), + }, func), + }); + Template.fromStack(stack).hasResource('AWS::Scheduler::Schedule', { + Properties: { + Target: { + Input: { + 'Fn::Join': ['', ['"', { Ref: 'AWS::AccountId' }, '"']], + }, + }, + }, + }); + }); + + test('create an input from object', () => { + new Schedule(stack, 'MyScheduleDummy', { + schedule: expr, + target: new targets.LambdaInvoke({ + role, + input: ScheduleTargetInput.fromObject({ + test: 'test', + }), + }, func), + }); + Template.fromStack(stack).hasResource('AWS::Scheduler::Schedule', { + Properties: { + Target: { + Input: '{"test":"test"}', + }, + }, + }); + }); + + test('create an input from object with a ref', () => { + new Schedule(stack, 'MyScheduleDummy', { + schedule: expr, + target: new targets.LambdaInvoke({ + role, + input: ScheduleTargetInput.fromObject({ + test: stack.account, + }), + }, func), + }); + Template.fromStack(stack).hasResource('AWS::Scheduler::Schedule', { + Properties: { + Target: { + Input: { + 'Fn::Join': ['', [ + '{"test":"', + { Ref: 'AWS::AccountId' }, + '"}', + ]], + }, + }, + }, + }); + }); + + test('create an input with fromText with ContextAttribute', () => { + new Schedule(stack, 'MyScheduleDummy', { + schedule: expr, + target: new targets.LambdaInvoke({ + role, + input: ScheduleTargetInput.fromText(`Test=${ContextAttribute.scheduleArn}`), + }, func), + }); + Template.fromStack(stack).hasResource('AWS::Scheduler::Schedule', { + Properties: { + Target: { + Input: '"Test="', + }, + }, + }); + }); + + test('create an input with fromObject with ContextAttribute', () => { + new Schedule(stack, 'MyScheduleDummy', { + schedule: expr, + target: new targets.LambdaInvoke({ + role, + input: ScheduleTargetInput.fromObject({ + arn: ContextAttribute.scheduleArn, + att: ContextAttribute.attemptNumber, + xid: ContextAttribute.executionId, + tim: ContextAttribute.scheduledTime, + cus: ContextAttribute.fromName('escapehatch'), + }), + }, func), + }); + Template.fromStack(stack).hasResource('AWS::Scheduler::Schedule', { + Properties: { + Target: { + Input: '{"arn":"",' + + '"att":"",' + + '"xid":"",' + + '"tim":"",' + + '"cus":""}', + }, + }, + }); + }); +});