Merge Master from aws/aws-cdk v1.68.0 #2
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Because of a limitation of the CodeBuild Service API and its CloudFormation implementation, it is not possible to disable the encryption key used to encrypt uploaded artifacts after having deployed a Project once that uses a key (the update back to "no key" is ignored). Work around this by explicitly always selecting the default `alias/aws/s3` key. This is the same one CodeBuild would have used if no key was given, except it doesn't suffer from the "property cannot be made empty" problem. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
The feature to support importing secrets by name (#10309) failed to handle scenarios where the secret ARN is a token, due to parsing the ARN to retrieve the secret name. fixes #10520 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Apply stack tags to the stacks deployed using CDK Pipelines. Taking this opportunity to make tags easier to work with -- move them from metadata into cloud artifact properties. Fixes #9260. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Configure the `jsii` targets for Python so that the `Framework :: AWS CDK` and `Framework :: AWS CDK :: 1` trove classifiers are present on the package metadata, for easier discovery in PyPI. See: https://pypi.org/search/?q=&o=&c=Framework+%3A%3A+AWS+CDK Fixes aws/cdk-ops#393 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
The Metadata resource used to be added by the CLI, which led to a bug. The better, less error-prone way to do it is to have the framework add the metadata resource to the stack template upon synthesis. The resources need to be added just-in-time (before synthesis), because if we do it in the constructor `node.setContext()` will stop working (for the `Stack` already having children). We only add the Metadata resource if we're running via the CLI. If we did not do this, all unit tests everywhere that use `toMatchTemplate()`/`toExactlyMatchTemplate()`/`toMatch()` will break. There are hundreds alone in our codebase, nevermind however many other ones are out there. The consequences of this are that we [still] will not record users who are doing in-memory synthesis. The CLI only does the work when the `runtimeInfo` field of the assembly is filled, which we just never do anymore. However, the code cannot be removed from the CLI because old versions of the framework might still set that field and expect the resource to be added to the template. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
When generating a new module, add `junit.xml` to `.npmignore` and `.gitignore`, this is required by `aws-lint` rule. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
This commits expands on a previous [commit]. A few CDK modules have been migrated to use the `Construct` and `IConstruct` from the "constructs" module instead of the "@aws-cdk/core" module. Migrating modules to use the "constructs" module, prevents merge conflicts from arising in these files when the construct compatibility layer in "@aws-cdk/core" module is removed in the v2 branch. [commit]: c179699 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
… arrays (#10538) Validate that `States.ALL` is not combined with other errors in `Retry` and `Catch` arrays and sort those arrays so that `States.ALL` appears last. Closes #10530 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…, CreateEndpointConfig, CreateModel, and UpdateEndpoint (#10187) **Implementation** Update package `@aws-cdk/aws-stepfunctions-tasks` to include support for SageMaker **CreateEndpoint**, **CreateEndpointConfig**, **CreateModel**, **UpdateEndpoint** API as per documentation here: https://docs.aws.amazon.com/step-functions/latest/dg/connect-sagemaker.html Includes support for the following Amazon SageMaker API calls: * `CreateEndpoint` * `CreateEndpointConfig` * `CreateModel` * `UpdateEndpoint` Closes #6572
…10587) The switch `versionReporting` was renamed to `analyticsReporting` in the framework in order to be more generic. However, this rename was carried through in parts of the CLI as well, especially in parts of the settings handling. This part is however not strongly typed but *stringly* typed (remember that settings are also read from `cdk.json`) and it's rather tricky to change there. Undo this change as it's breaking the integration tests; for now, the switch will still be called `versionReporting` in the CLI. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Fix JsonPath not supporting array paths closes #9403 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
KMS keys for cross-account actions used to be created automatically, but incur a $1/month charge for every region, adding a charge you don't need if you don't plan to deploy in to cross-account destinations. Add the option `crossAccountKeys: false` to allow users to switch off the KMS keys and avoid the charge if they don't need it. Relates to #10115. Must not be merged before #10474. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…ECS (#10129) This PR implements [RFC 219](https://github.com/nathanpeck/aws-cdk-rfcs/blob/master/text/0219-ecs-service-extensions.md) It adds a new module called "@aws-containers/aws-ecs-builder" (Name proposed but not final) with following new constructs: - `Environment` - A deploy environment for a service which by default supplies its own VPC, and ECS cluster with Fargate capacity - `Service` - An ECS service And supporting classes: - `ServiceDescription` - Defines the application to run as a service, and any features it needs - `ServiceExtension` - Defines an optional extension that may be added to a service to enhance it with new capabilities or connect it to other ECS adjacent features This PR comes with a `ServiceExtension` for each of the following ECS adjacent features: - AppMesh - X-Ray - CloudWatch Agent - Application Load Balancer - FireLens Developers can use this new extendable `Service` class to build a `ServiceDescription` that defines their application and as many optional service extensions as they want. The `ServiceDescription` is used to build out a `Service` inside an `Environment` ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…words for Cluster, Instance, DatabaseSecret
Change the default excludeCharacters for Cluster,
Instance and DatabaseSecret to the character set ``" %+~`#$&*()|[]{}:;<>?!'/@\"\\"``,
as the previous set (`'"@/\\'`)
had a tendency to generate problematic passwords that wouldn't work in the shell,
or with services like DMS.
Do the same for single- and multi-user rotations in Cluster and Instance as well.
Also allow passing a custom excludeCharacters for Credentials and SnapshotCredentials,
and also in addSingleUserRotation and addMultiUserRotation.
Fixes #4144
BREAKING CHANGE: the default generated password exclude characters set for Instance, Cluster and `DatabaseSecret` is now ``" %+~`#$&*()|[]{}:;<>?!'/@\"\\"``
* **rds**: the default generated password exclude characters for `addSingleUserRotation()` and `addMultiUserRotation()` in Cluster and Instance is now ``" %+~`#$&*()|[]{}:;<>?!'/@\"\\"``
* **rds**: `Instance.addSingleUserRotation()` now takes options object as the first argument, instead of just `Duration`
* **rds**: `Cluster.addSingleUserRotation()` now takes options object as the first argument, instead of just `Duration`
* **rds**: `SnapshotCredentials.fromGeneratedPassword()` now takes an option object as the second argument, instead of just `IKey`
----
*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Removing an extra closing parenthesis `)`. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Graduate the module to *Developer Preview*. This PR also includes some last minute API changes we feel make it a little more semantically clear. In addition, the README was restructured to be more coherent. See [rendered version](https://github.com/aws/aws-cdk/blob/epolon/10364-eks-dev-preview/packages/%40aws-cdk/aws-eks/README.md). Happy to break this down to multiple PR's if you find it hard to review. BREAKING CHANGE: `cluster.addChart` renamed to `cluster.addHelmChart` * **eks:** `NodegroupOptions.launchTemplate` renamed to `NodegroupOptions.launchTemplateSpec` * **eks:** `cluster.addAutoScalingGroup` renamed to `cluster.connectAutoScalingGroupCapacity` * **eks:** `cluster.addNodegroup` renamed to `cluster.addNoedgroupCapacity` * **eks:** `cluster.addCapacity` renamed to `cluster.addAutoScalingGroupCapacity` * **eks:** `CapacityOptions` renamed to `AutoScalingGroupCapacityOptions`. Resolves #10364 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
`syn-nodejs-2.0` is the latest runtime. See https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch_Synthetics_Canaries_Library.html BREAKING CHANGE: the default runtime is now `syn-nodejs-2.0` ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…#10552) Adding support for [additional S3 notification event types](https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html#supported-notification-event-types), including 's3:ObjectRestore:Completed' recently raised by @mauricioharley as a feature request. Closes #10498 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
According to the CloudFront docs, the logging bucket should be specified as the bucket domain name. #2554 updated origin buckets to use the regional bucket domain names -- which is correct -- but also incorrectly updated the logging bucket specifications as well. This has a minor impact of being unable to navigate to the logging bucket from the CloudFront console, but otherwise the logs are stored correctly. fixes #10512 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
We are currently on a pre-release version, and `ncu` will "upgrade" to the nightly builds, which is undesirable. Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
…10539) Any CloudFormation resource that defines a single boolean property set to false is not rendered to the CloudFormation template. The bug is in implementation of `_toCloudFormation()` API in `CfnResource`. It treated `false` and `undefined` the same way. fixes #10455 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Adding support for [EC2 C6g](https://aws.amazon.com/ec2/instance-types/c6/) instance classes. Closes #10372 --- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Fixes listing same stack multiple times fails for cdk commands closes #9667 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…nitionName` (#10448) Add `fromJobDefinitionName` for `JobDefinition` construct. Ref: https://stackoverflow.com/a/55031183 closes #7172 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Add fromDomainName import helper to UserPoolDomain construct closes #9988 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…ns event source (#10567) This change allows `SnsEventSource` to be configured in the same way as its reverse construct, `LambdaSubscription`. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…user pool clients (#10588) When the `UserPoolClient` property `disableOAuth` is set, callback URLs should not be rendered as it represents a list of allowed redirects for identity providers. Added in a condition that only renders the callback URL default of `https://example.com` if OAuth is enabled. Closes #10311 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
refreshToken always allowed when authFlows present in UserPoolClient BREAKING CHANGE: `refreshToken` property is now removed from UserPoolClient. It will be included if any other `authFlow` is enabled. closes #7625 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
The default value was incorrectly documented as 10000, while in fact, it is infinite. Ref: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-maximumretryattempts closes #10486 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
In #10458, we started to default the master user name to 'admin'. As it turns out, that actually doesn't work with PostgreSQL, as 'admin' is a reserved word there. Add a new optional property to IEngine called defaultUsername that allows overriding the global 'admin' default on a per-Engine basis. Set it to 'adminuser' for the Aurora Postgres Cluster engine and the Postgres Instance engine. Fixes #10579 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
* feat: cloudformation spec v18.7.0 * updated .npmignore for timestream and codeartifact modules * update deps for cloudformation-include and aws-cdk-lib * update deps for monocdk to include added libraries Co-authored-by: AWS CDK Team <aws-cdk@amazon.com> Co-authored-by: Shiv Lakshminarayan <shivlaks@amazon.com> Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
…n-only (#10880) L2 constructs were introduced last month in #9702 for slack channel configuration. marking the module as experimental to reflect that the module is no longer cfn-only. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…ource (#10631) This action does not support resource ARN patterns, only `*`. Reference: https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazondynamodb.html Fixes #9511 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Resolves #10487 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Closes: #10816 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Support `KubernetesVersion` 1.18 Fixed: #10853 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
The problem is that the shell conditional added returns a non-zero exit code when the branch is not 'master'. Switch strategies so that the environment variable comparison is actually done at deploy time and sets a final environment variable. Corresponding change: https://github.com/aws/cdk-ops/pull/758 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Added support for Google in cognito user pool identity. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Build is failing with: "/bin/bash: ./bump-candidate.sh: No such file or directory" Failure caused by script move in #10868. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Create a merge PR three times a week (M/W/F) to forward merge master onto 'v2-main'. Mergify configuration to automatically merge the PR if there are no conflicts and the sanity build succeeds.
This check breaks the release pipeline, and isn't _strictly_ necessary for the master pipeline either.
following guidance from GHSA-269g-pwp5-87pp Affected versions include junit < 4.13.1 verification: created java init projects and ensured they successfully run tests using `mvn package` and deployed them to CloudFormation. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
>This is a fix for the README in the Kinesis event source example. This removes the undeclared variable `queue` from the example and replaces it with the `stream`. This is a simple typo pointing to a variable that was not declared in the example for Kinesis. The motivation for this change is: - To ensure developers have accurate documentation. - To ensure developers have a good experience when attempting to understand the features of the CDK from the documentation. There is a convention in the README's to refer to variables outside the scope of the example e.g. ```ts myFunction.addEventSource( //etc ``` Where `myFunction` is not declared in the scope of the example. This fix prevents the assumption that a `queue` resource has also been created outside the scope of the example. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Allows setting the description for HttpAPI. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
This will be moved to cdk-ops as a CodeBuild job. The benefits are that (a) we can add alarms when this job fails, (b) it doesn't run (and fail) on customers' Github forks and, (c) besides the scheduled runs it can also be manually triggered.
Because of concurrent running of integration tests, the account cache (which is supposed to be a JSON file) can be read in a state where it's empty or incompletely written, which fails the JSON parse. If that happens, ignore the error and pretend the cache is empty. Fixes sporadic concurrency issues in the integration tests. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Closes: #10906 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license