From 8da006ab551213ecbdb6dc26860fe90c1d2e95e2 Mon Sep 17 00:00:00 2001 From: Ahmed Mansour Date: Tue, 26 Apr 2022 21:38:18 -0700 Subject: [PATCH 1/5] feat(redshift): expose user.secret as property (#17520) (#20078) This change will expose Redshift User.secret as property and close #17520 ---- ### All Submissions: * [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/master/INTEGRATION_TESTS.md)? * [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- packages/@aws-cdk/aws-redshift/README.md | 39 ++++++++++--------- packages/@aws-cdk/aws-redshift/lib/user.ts | 8 ++++ .../@aws-cdk/aws-redshift/test/user.test.ts | 8 ++++ 3 files changed, 37 insertions(+), 18 deletions(-) diff --git a/packages/@aws-cdk/aws-redshift/README.md b/packages/@aws-cdk/aws-redshift/README.md index ce33c3d2f1d02..8f42386085396 100644 --- a/packages/@aws-cdk/aws-redshift/README.md +++ b/packages/@aws-cdk/aws-redshift/README.md @@ -60,24 +60,6 @@ The endpoint to access your database cluster will be available as the `.clusterE cluster.clusterEndpoint.socketAddress; // "HOSTNAME:PORT" ``` -## Rotating credentials - -When the master password is generated and stored in AWS Secrets Manager, it can be rotated automatically: - -```ts fixture=cluster -cluster.addRotationSingleUser(); // Will rotate automatically after 30 days -``` - -The multi user rotation scheme is also available: - -```ts fixture=cluster -import * as secretsmanager from '@aws-cdk/aws-secretsmanager'; - -cluster.addRotationMultiUser('MyUser', { - secret: secretsmanager.Secret.fromSecretNameV2(this, 'Imported Secret', 'my-secret'), -}); -``` - ## Database Resources This module allows for the creation of non-CloudFormation database resources such as users @@ -273,3 +255,24 @@ call to `grant` but the user does not have the specified permission. Note that this does not occur when duplicate privileges are granted within the same application, as such privileges are de-duplicated before any SQL query is submitted. + +## Rotating credentials + +When the master password is generated and stored in AWS Secrets Manager, it can be rotated automatically: + +```ts fixture=cluster +cluster.addRotationSingleUser(); // Will rotate automatically after 30 days +``` + +The multi user rotation scheme is also available: + +```ts fixture=cluster + +const user = new User(this, 'User', { + cluster: cluster, + databaseName: 'databaseName', +}); +cluster.addRotationMultiUser('MultiUserRotation', { + secret: user.secret, +}); +``` diff --git a/packages/@aws-cdk/aws-redshift/lib/user.ts b/packages/@aws-cdk/aws-redshift/lib/user.ts index 3b5c8d0829ef8..15ce396190cac 100644 --- a/packages/@aws-cdk/aws-redshift/lib/user.ts +++ b/packages/@aws-cdk/aws-redshift/lib/user.ts @@ -1,4 +1,5 @@ import * as kms from '@aws-cdk/aws-kms'; +import * as secretsmanager from '@aws-cdk/aws-secretsmanager'; import * as cdk from '@aws-cdk/core'; import { Construct } from 'constructs'; import { ICluster } from './cluster'; @@ -137,6 +138,12 @@ export class User extends UserBase { readonly databaseName: string; protected databaseProps: DatabaseOptions; + /** + * The Secrets Manager secret of the user. + * @attribute + */ + public readonly secret: secretsmanager.ISecret; + private resource: DatabaseQuery; constructor(scope: Construct, id: string, props: UserProps) { @@ -165,6 +172,7 @@ export class User extends UserBase { attachedSecret.grantRead(this.resource); this.username = this.resource.getAttString('username'); + this.secret = secret; } /** diff --git a/packages/@aws-cdk/aws-redshift/test/user.test.ts b/packages/@aws-cdk/aws-redshift/test/user.test.ts index 39b31345c7e33..79144d5c37cd3 100644 --- a/packages/@aws-cdk/aws-redshift/test/user.test.ts +++ b/packages/@aws-cdk/aws-redshift/test/user.test.ts @@ -90,6 +90,14 @@ describe('cluster user', () => { }); }); + it('secret property is exposed', () => { + const user = new redshift.User(stack, 'User', databaseOptions); + + expect(stack.resolve(user.secret.secretArn)).toStrictEqual({ + Ref: 'UserSecretE2C04A69', + }); + }); + it('uses username when provided', () => { const username = 'username'; From dad308959d2de93550c5f1d182748dc40e7d0b0a Mon Sep 17 00:00:00 2001 From: Rico Huijbers Date: Wed, 27 Apr 2022 11:52:46 +0200 Subject: [PATCH 2/5] chore: bring init-template package files under auto-upgrade control (#19893) The init template package manager files used to be named `package.template.json`, `pom.template.xml`, because they contained placeholders. This naming scheme makes Dependabot and `npm-check-updates` ignore them. Rename the files to their "official" names, do placeholder substitutions in a hook script instead. - Add Dependabot config to make it watch the non-NPM package manager files. - Add to our "Yarn upgrade" script for the NPM upgrades. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- .github/dependabot.yml | 23 ++++++++++ .github/workflows/yarn-upgrade.yml | 4 ++ packages/aws-cdk/.gitignore | 2 + .../init-templates/.no-packagejson-validator | 0 .../v1/app/java/{pom.template.xml => pom.xml} | 0 .../v1/app/java/sub-placeholders.hook.ts | 7 ++++ .../{package.template.json => package.json} | 2 +- .../app/javascript/sub-placeholders.hook.ts | 7 ++++ ...irements.template.txt => requirements.txt} | 0 .../v1/app/python/sub-placeholders.hook.ts | 7 ++++ .../{package.template.json => package.json} | 10 ++--- .../app/typescript/sub-placeholders.hook.ts | 7 ++++ .../{package.template.json => package.json} | 6 +-- .../lib/typescript/sub-placeholders.hook.ts | 7 ++++ .../java/{pom.template.xml => pom.xml} | 0 .../sample-app/java/sub-placeholders.hook.ts | 7 ++++ .../{package.template.json => package.json} | 2 +- .../javascript/sub-placeholders.hook.ts | 7 ++++ ...irements.template.txt => requirements.txt} | 0 .../python/sub-placeholders.hook.ts | 7 ++++ .../{package.template.json => package.json} | 8 ++-- .../typescript/sub-placeholders.hook.ts | 7 ++++ .../v2/app/java/{pom.template.xml => pom.xml} | 0 .../v2/app/java/sub-placeholders.hook.ts | 7 ++++ .../javascript/package.json} | 2 +- .../app/javascript/sub-placeholders.hook.ts | 7 ++++ ...irements.template.txt => requirements.txt} | 0 .../v2/app/python/sub-placeholders.hook.ts | 7 ++++ .../{package.template.json => package.json} | 10 ++--- .../app/typescript/sub-placeholders.hook.ts | 7 ++++ .../{package.template.json => package.json} | 6 +-- .../lib/typescript/sub-placeholders.hook.ts | 7 ++++ .../java/{pom.template.xml => pom.xml} | 0 .../sample-app/java/sub-placeholders.hook.ts | 7 ++++ .../javascript/package.json} | 2 +- .../javascript/sub-placeholders.hook.ts | 7 ++++ ...irements.template.txt => requirements.txt} | 0 .../python/sub-placeholders.hook.ts | 7 ++++ .../{package.template.json => package.json} | 8 ++-- .../typescript/sub-placeholders.hook.ts | 7 ++++ packages/aws-cdk/lib/init.ts | 42 +++++++++++++++---- packages/aws-cdk/tsconfig.json | 4 +- 42 files changed, 220 insertions(+), 37 deletions(-) create mode 100644 packages/aws-cdk/lib/init-templates/.no-packagejson-validator rename packages/aws-cdk/lib/init-templates/v1/app/java/{pom.template.xml => pom.xml} (100%) create mode 100644 packages/aws-cdk/lib/init-templates/v1/app/java/sub-placeholders.hook.ts rename packages/aws-cdk/lib/init-templates/v1/app/javascript/{package.template.json => package.json} (94%) create mode 100644 packages/aws-cdk/lib/init-templates/v1/app/javascript/sub-placeholders.hook.ts rename packages/aws-cdk/lib/init-templates/v1/app/python/{requirements.template.txt => requirements.txt} (100%) create mode 100644 packages/aws-cdk/lib/init-templates/v1/app/python/sub-placeholders.hook.ts rename packages/aws-cdk/lib/init-templates/v1/app/typescript/{package.template.json => package.json} (74%) create mode 100644 packages/aws-cdk/lib/init-templates/v1/app/typescript/sub-placeholders.hook.ts rename packages/aws-cdk/lib/init-templates/v1/lib/typescript/{package.template.json => package.json} (84%) create mode 100644 packages/aws-cdk/lib/init-templates/v1/lib/typescript/sub-placeholders.hook.ts rename packages/aws-cdk/lib/init-templates/v1/sample-app/java/{pom.template.xml => pom.xml} (100%) create mode 100644 packages/aws-cdk/lib/init-templates/v1/sample-app/java/sub-placeholders.hook.ts rename packages/aws-cdk/lib/init-templates/v1/sample-app/javascript/{package.template.json => package.json} (96%) create mode 100644 packages/aws-cdk/lib/init-templates/v1/sample-app/javascript/sub-placeholders.hook.ts rename packages/aws-cdk/lib/init-templates/v1/sample-app/python/{requirements.template.txt => requirements.txt} (100%) create mode 100644 packages/aws-cdk/lib/init-templates/v1/sample-app/python/sub-placeholders.hook.ts rename packages/aws-cdk/lib/init-templates/v1/sample-app/typescript/{package.template.json => package.json} (84%) create mode 100644 packages/aws-cdk/lib/init-templates/v1/sample-app/typescript/sub-placeholders.hook.ts rename packages/aws-cdk/lib/init-templates/v2/app/java/{pom.template.xml => pom.xml} (100%) create mode 100644 packages/aws-cdk/lib/init-templates/v2/app/java/sub-placeholders.hook.ts rename packages/aws-cdk/lib/init-templates/v2/{sample-app/javascript/package.template.json => app/javascript/package.json} (94%) create mode 100644 packages/aws-cdk/lib/init-templates/v2/app/javascript/sub-placeholders.hook.ts rename packages/aws-cdk/lib/init-templates/v2/app/python/{requirements.template.txt => requirements.txt} (100%) create mode 100644 packages/aws-cdk/lib/init-templates/v2/app/python/sub-placeholders.hook.ts rename packages/aws-cdk/lib/init-templates/v2/app/typescript/{package.template.json => package.json} (74%) create mode 100644 packages/aws-cdk/lib/init-templates/v2/app/typescript/sub-placeholders.hook.ts rename packages/aws-cdk/lib/init-templates/v2/lib/typescript/{package.template.json => package.json} (84%) create mode 100644 packages/aws-cdk/lib/init-templates/v2/lib/typescript/sub-placeholders.hook.ts rename packages/aws-cdk/lib/init-templates/v2/sample-app/java/{pom.template.xml => pom.xml} (100%) create mode 100644 packages/aws-cdk/lib/init-templates/v2/sample-app/java/sub-placeholders.hook.ts rename packages/aws-cdk/lib/init-templates/v2/{app/javascript/package.template.json => sample-app/javascript/package.json} (94%) create mode 100644 packages/aws-cdk/lib/init-templates/v2/sample-app/javascript/sub-placeholders.hook.ts rename packages/aws-cdk/lib/init-templates/v2/sample-app/python/{requirements.template.txt => requirements.txt} (100%) create mode 100644 packages/aws-cdk/lib/init-templates/v2/sample-app/python/sub-placeholders.hook.ts rename packages/aws-cdk/lib/init-templates/v2/sample-app/typescript/{package.template.json => package.json} (79%) create mode 100644 packages/aws-cdk/lib/init-templates/v2/sample-app/typescript/sub-placeholders.hook.ts diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 96c1345fa6c78..0fa6e48f1dd44 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -18,3 +18,26 @@ updates: labels: - "auto-approve" open-pull-requests-limit: 5 + + # Non-TypeScript init template dependency updates + - package-ecosystem: "pip" + directory: "/packages/aws-cdk/lib/init-templates" + schedule: + interval: "weekly" + labels: + - "auto-approve" + open-pull-requests-limit: 5 + - package-ecosystem: "maven" + directory: "/packages/aws-cdk/lib/init-templates" + schedule: + interval: "weekly" + labels: + - "auto-approve" + open-pull-requests-limit: 5 + - package-ecosystem: "nuget" + directory: "/packages/aws-cdk/lib/init-templates" + schedule: + interval: "weekly" + labels: + - "auto-approve" + open-pull-requests-limit: 5 diff --git a/.github/workflows/yarn-upgrade.yml b/.github/workflows/yarn-upgrade.yml index 52996af59f219..cb11fb0de614d 100644 --- a/.github/workflows/yarn-upgrade.yml +++ b/.github/workflows/yarn-upgrade.yml @@ -65,6 +65,10 @@ jobs: lerna exec --parallel ncu -- --upgrade --filter=@types/node,@types/fs-extra --target=minor lerna exec --parallel ncu -- --upgrade --filter=typescript --target=patch lerna exec --parallel ncu -- --upgrade --reject='@types/node,@types/fs-extra,constructs,typescript,aws-sdk,aws-sdk-mock,${{ steps.list-packages.outputs.list }}' --target=minor + # Upgrade package.jsons in init templates + for pj in $(find packages/aws-cdk/lib/init-templates -name package.json); do + (cd $(dirname $pj) && ncu --upgrade --reject='@types/node,@types/fs-extra,constructs,typescript,aws-sdk,aws-sdk-mock,${{ steps.list-packages.outputs.list }}') + done # This will ensure the current lockfile is up-to-date with the dependency specifications (necessary for "yarn update" to run) - name: Run "yarn install" diff --git a/packages/aws-cdk/.gitignore b/packages/aws-cdk/.gitignore index aa160438c3abf..86263e936e436 100644 --- a/packages/aws-cdk/.gitignore +++ b/packages/aws-cdk/.gitignore @@ -2,6 +2,8 @@ *.js.map *.d.ts !lib/init-templates/**/javascript/**/* +lib/init-templates/**/*.hook.js +lib/init-templates/**/*.hook.d.ts node_modules dist diff --git a/packages/aws-cdk/lib/init-templates/.no-packagejson-validator b/packages/aws-cdk/lib/init-templates/.no-packagejson-validator new file mode 100644 index 0000000000000..e69de29bb2d1d diff --git a/packages/aws-cdk/lib/init-templates/v1/app/java/pom.template.xml b/packages/aws-cdk/lib/init-templates/v1/app/java/pom.xml similarity index 100% rename from packages/aws-cdk/lib/init-templates/v1/app/java/pom.template.xml rename to packages/aws-cdk/lib/init-templates/v1/app/java/pom.xml diff --git a/packages/aws-cdk/lib/init-templates/v1/app/java/sub-placeholders.hook.ts b/packages/aws-cdk/lib/init-templates/v1/app/java/sub-placeholders.hook.ts new file mode 100644 index 0000000000000..98c27ef042b9c --- /dev/null +++ b/packages/aws-cdk/lib/init-templates/v1/app/java/sub-placeholders.hook.ts @@ -0,0 +1,7 @@ +import { InvokeHook } from '../../../../init'; + +export const invoke: InvokeHook = async (_, context) => { + // File cannot be named like regular template because it needs to be + // processed by dependency updaters. + await context.substitutePlaceholdersIn('pom.xml'); +}; diff --git a/packages/aws-cdk/lib/init-templates/v1/app/javascript/package.template.json b/packages/aws-cdk/lib/init-templates/v1/app/javascript/package.json similarity index 94% rename from packages/aws-cdk/lib/init-templates/v1/app/javascript/package.template.json rename to packages/aws-cdk/lib/init-templates/v1/app/javascript/package.json index abe1218b79d96..8643f0e069fe8 100644 --- a/packages/aws-cdk/lib/init-templates/v1/app/javascript/package.template.json +++ b/packages/aws-cdk/lib/init-templates/v1/app/javascript/package.json @@ -12,7 +12,7 @@ "devDependencies": { "@aws-cdk/assertions": "%cdk-version%", "aws-cdk": "%cdk-version%", - "jest": "^26.4.2" + "jest": "^27.5.1" }, "dependencies": { "@aws-cdk/core": "%cdk-version%" diff --git a/packages/aws-cdk/lib/init-templates/v1/app/javascript/sub-placeholders.hook.ts b/packages/aws-cdk/lib/init-templates/v1/app/javascript/sub-placeholders.hook.ts new file mode 100644 index 0000000000000..039bb00d6f43f --- /dev/null +++ b/packages/aws-cdk/lib/init-templates/v1/app/javascript/sub-placeholders.hook.ts @@ -0,0 +1,7 @@ +import { InvokeHook } from '../../../../init'; + +export const invoke: InvokeHook = async (_, context) => { + // File cannot be named like regular template because it needs to be + // processed by dependency updaters. + await context.substitutePlaceholdersIn('package.json'); +}; diff --git a/packages/aws-cdk/lib/init-templates/v1/app/python/requirements.template.txt b/packages/aws-cdk/lib/init-templates/v1/app/python/requirements.txt similarity index 100% rename from packages/aws-cdk/lib/init-templates/v1/app/python/requirements.template.txt rename to packages/aws-cdk/lib/init-templates/v1/app/python/requirements.txt diff --git a/packages/aws-cdk/lib/init-templates/v1/app/python/sub-placeholders.hook.ts b/packages/aws-cdk/lib/init-templates/v1/app/python/sub-placeholders.hook.ts new file mode 100644 index 0000000000000..67bf2a9c6e8f4 --- /dev/null +++ b/packages/aws-cdk/lib/init-templates/v1/app/python/sub-placeholders.hook.ts @@ -0,0 +1,7 @@ +import { InvokeHook } from '../../../../init'; + +export const invoke: InvokeHook = async (_, context) => { + // File cannot be named like regular template because it needs to be + // processed by dependency updaters. + await context.substitutePlaceholdersIn('requirements.txt'); +}; diff --git a/packages/aws-cdk/lib/init-templates/v1/app/typescript/package.template.json b/packages/aws-cdk/lib/init-templates/v1/app/typescript/package.json similarity index 74% rename from packages/aws-cdk/lib/init-templates/v1/app/typescript/package.template.json rename to packages/aws-cdk/lib/init-templates/v1/app/typescript/package.json index 94bbd07dae3ac..1251bde18dd46 100644 --- a/packages/aws-cdk/lib/init-templates/v1/app/typescript/package.template.json +++ b/packages/aws-cdk/lib/init-templates/v1/app/typescript/package.json @@ -12,16 +12,16 @@ }, "devDependencies": { "@aws-cdk/assertions": "%cdk-version%", - "@types/jest": "^26.0.10", + "@types/jest": "^27.4.1", "@types/node": "10.17.27", - "jest": "^26.4.2", - "ts-jest": "^26.2.0", + "jest": "^27.5.1", + "ts-jest": "^27.1.4", "aws-cdk": "%cdk-version%", - "ts-node": "^9.0.0", + "ts-node": "^10.7.0", "typescript": "~3.9.7" }, "dependencies": { "@aws-cdk/core": "%cdk-version%", - "source-map-support": "^0.5.16" + "source-map-support": "^0.5.21" } } diff --git a/packages/aws-cdk/lib/init-templates/v1/app/typescript/sub-placeholders.hook.ts b/packages/aws-cdk/lib/init-templates/v1/app/typescript/sub-placeholders.hook.ts new file mode 100644 index 0000000000000..039bb00d6f43f --- /dev/null +++ b/packages/aws-cdk/lib/init-templates/v1/app/typescript/sub-placeholders.hook.ts @@ -0,0 +1,7 @@ +import { InvokeHook } from '../../../../init'; + +export const invoke: InvokeHook = async (_, context) => { + // File cannot be named like regular template because it needs to be + // processed by dependency updaters. + await context.substitutePlaceholdersIn('package.json'); +}; diff --git a/packages/aws-cdk/lib/init-templates/v1/lib/typescript/package.template.json b/packages/aws-cdk/lib/init-templates/v1/lib/typescript/package.json similarity index 84% rename from packages/aws-cdk/lib/init-templates/v1/lib/typescript/package.template.json rename to packages/aws-cdk/lib/init-templates/v1/lib/typescript/package.json index 4e99fa16cbc8f..3a91a8c5e35c3 100644 --- a/packages/aws-cdk/lib/init-templates/v1/lib/typescript/package.template.json +++ b/packages/aws-cdk/lib/init-templates/v1/lib/typescript/package.json @@ -10,10 +10,10 @@ }, "devDependencies": { "@aws-cdk/assertions": "%cdk-version%", - "@types/jest": "^26.0.10", + "@types/jest": "^27.4.1", "@types/node": "10.17.27", - "jest": "^26.4.2", - "ts-jest": "^26.2.0", + "jest": "^27.5.1", + "ts-jest": "^27.1.4", "typescript": "~3.9.7" }, "peerDependencies": { diff --git a/packages/aws-cdk/lib/init-templates/v1/lib/typescript/sub-placeholders.hook.ts b/packages/aws-cdk/lib/init-templates/v1/lib/typescript/sub-placeholders.hook.ts new file mode 100644 index 0000000000000..039bb00d6f43f --- /dev/null +++ b/packages/aws-cdk/lib/init-templates/v1/lib/typescript/sub-placeholders.hook.ts @@ -0,0 +1,7 @@ +import { InvokeHook } from '../../../../init'; + +export const invoke: InvokeHook = async (_, context) => { + // File cannot be named like regular template because it needs to be + // processed by dependency updaters. + await context.substitutePlaceholdersIn('package.json'); +}; diff --git a/packages/aws-cdk/lib/init-templates/v1/sample-app/java/pom.template.xml b/packages/aws-cdk/lib/init-templates/v1/sample-app/java/pom.xml similarity index 100% rename from packages/aws-cdk/lib/init-templates/v1/sample-app/java/pom.template.xml rename to packages/aws-cdk/lib/init-templates/v1/sample-app/java/pom.xml diff --git a/packages/aws-cdk/lib/init-templates/v1/sample-app/java/sub-placeholders.hook.ts b/packages/aws-cdk/lib/init-templates/v1/sample-app/java/sub-placeholders.hook.ts new file mode 100644 index 0000000000000..98c27ef042b9c --- /dev/null +++ b/packages/aws-cdk/lib/init-templates/v1/sample-app/java/sub-placeholders.hook.ts @@ -0,0 +1,7 @@ +import { InvokeHook } from '../../../../init'; + +export const invoke: InvokeHook = async (_, context) => { + // File cannot be named like regular template because it needs to be + // processed by dependency updaters. + await context.substitutePlaceholdersIn('pom.xml'); +}; diff --git a/packages/aws-cdk/lib/init-templates/v1/sample-app/javascript/package.template.json b/packages/aws-cdk/lib/init-templates/v1/sample-app/javascript/package.json similarity index 96% rename from packages/aws-cdk/lib/init-templates/v1/sample-app/javascript/package.template.json rename to packages/aws-cdk/lib/init-templates/v1/sample-app/javascript/package.json index 43b6f94c6f314..c90acf364b381 100644 --- a/packages/aws-cdk/lib/init-templates/v1/sample-app/javascript/package.template.json +++ b/packages/aws-cdk/lib/init-templates/v1/sample-app/javascript/package.json @@ -12,7 +12,7 @@ "devDependencies": { "@aws-cdk/assertions": "%cdk-version%", "aws-cdk": "%cdk-version%", - "jest": "^26.4.2" + "jest": "^27.5.1" }, "dependencies": { "@aws-cdk/aws-sns": "%cdk-version%", diff --git a/packages/aws-cdk/lib/init-templates/v1/sample-app/javascript/sub-placeholders.hook.ts b/packages/aws-cdk/lib/init-templates/v1/sample-app/javascript/sub-placeholders.hook.ts new file mode 100644 index 0000000000000..039bb00d6f43f --- /dev/null +++ b/packages/aws-cdk/lib/init-templates/v1/sample-app/javascript/sub-placeholders.hook.ts @@ -0,0 +1,7 @@ +import { InvokeHook } from '../../../../init'; + +export const invoke: InvokeHook = async (_, context) => { + // File cannot be named like regular template because it needs to be + // processed by dependency updaters. + await context.substitutePlaceholdersIn('package.json'); +}; diff --git a/packages/aws-cdk/lib/init-templates/v1/sample-app/python/requirements.template.txt b/packages/aws-cdk/lib/init-templates/v1/sample-app/python/requirements.txt similarity index 100% rename from packages/aws-cdk/lib/init-templates/v1/sample-app/python/requirements.template.txt rename to packages/aws-cdk/lib/init-templates/v1/sample-app/python/requirements.txt diff --git a/packages/aws-cdk/lib/init-templates/v1/sample-app/python/sub-placeholders.hook.ts b/packages/aws-cdk/lib/init-templates/v1/sample-app/python/sub-placeholders.hook.ts new file mode 100644 index 0000000000000..67bf2a9c6e8f4 --- /dev/null +++ b/packages/aws-cdk/lib/init-templates/v1/sample-app/python/sub-placeholders.hook.ts @@ -0,0 +1,7 @@ +import { InvokeHook } from '../../../../init'; + +export const invoke: InvokeHook = async (_, context) => { + // File cannot be named like regular template because it needs to be + // processed by dependency updaters. + await context.substitutePlaceholdersIn('requirements.txt'); +}; diff --git a/packages/aws-cdk/lib/init-templates/v1/sample-app/typescript/package.template.json b/packages/aws-cdk/lib/init-templates/v1/sample-app/typescript/package.json similarity index 84% rename from packages/aws-cdk/lib/init-templates/v1/sample-app/typescript/package.template.json rename to packages/aws-cdk/lib/init-templates/v1/sample-app/typescript/package.json index 550691f4eb2c5..0590c99a9defc 100644 --- a/packages/aws-cdk/lib/init-templates/v1/sample-app/typescript/package.template.json +++ b/packages/aws-cdk/lib/init-templates/v1/sample-app/typescript/package.json @@ -13,11 +13,11 @@ "devDependencies": { "aws-cdk": "%cdk-version%", "@aws-cdk/assertions": "%cdk-version%", - "@types/jest": "^26.0.10", + "@types/jest": "^27.4.1", "@types/node": "10.17.27", - "jest": "^26.4.2", - "ts-jest": "^26.2.0", - "ts-node": "^9.0.0", + "jest": "^27.5.1", + "ts-jest": "^27.1.4", + "ts-node": "^10.7.0", "typescript": "~3.9.7" }, "dependencies": { diff --git a/packages/aws-cdk/lib/init-templates/v1/sample-app/typescript/sub-placeholders.hook.ts b/packages/aws-cdk/lib/init-templates/v1/sample-app/typescript/sub-placeholders.hook.ts new file mode 100644 index 0000000000000..039bb00d6f43f --- /dev/null +++ b/packages/aws-cdk/lib/init-templates/v1/sample-app/typescript/sub-placeholders.hook.ts @@ -0,0 +1,7 @@ +import { InvokeHook } from '../../../../init'; + +export const invoke: InvokeHook = async (_, context) => { + // File cannot be named like regular template because it needs to be + // processed by dependency updaters. + await context.substitutePlaceholdersIn('package.json'); +}; diff --git a/packages/aws-cdk/lib/init-templates/v2/app/java/pom.template.xml b/packages/aws-cdk/lib/init-templates/v2/app/java/pom.xml similarity index 100% rename from packages/aws-cdk/lib/init-templates/v2/app/java/pom.template.xml rename to packages/aws-cdk/lib/init-templates/v2/app/java/pom.xml diff --git a/packages/aws-cdk/lib/init-templates/v2/app/java/sub-placeholders.hook.ts b/packages/aws-cdk/lib/init-templates/v2/app/java/sub-placeholders.hook.ts new file mode 100644 index 0000000000000..98c27ef042b9c --- /dev/null +++ b/packages/aws-cdk/lib/init-templates/v2/app/java/sub-placeholders.hook.ts @@ -0,0 +1,7 @@ +import { InvokeHook } from '../../../../init'; + +export const invoke: InvokeHook = async (_, context) => { + // File cannot be named like regular template because it needs to be + // processed by dependency updaters. + await context.substitutePlaceholdersIn('pom.xml'); +}; diff --git a/packages/aws-cdk/lib/init-templates/v2/sample-app/javascript/package.template.json b/packages/aws-cdk/lib/init-templates/v2/app/javascript/package.json similarity index 94% rename from packages/aws-cdk/lib/init-templates/v2/sample-app/javascript/package.template.json rename to packages/aws-cdk/lib/init-templates/v2/app/javascript/package.json index 550e7544f9b44..065a5f226d93a 100644 --- a/packages/aws-cdk/lib/init-templates/v2/sample-app/javascript/package.template.json +++ b/packages/aws-cdk/lib/init-templates/v2/app/javascript/package.json @@ -11,7 +11,7 @@ }, "devDependencies": { "aws-cdk": "%cdk-version%", - "jest": "^26.4.2" + "jest": "^27.5.1" }, "dependencies": { "aws-cdk-lib": "%cdk-version%", diff --git a/packages/aws-cdk/lib/init-templates/v2/app/javascript/sub-placeholders.hook.ts b/packages/aws-cdk/lib/init-templates/v2/app/javascript/sub-placeholders.hook.ts new file mode 100644 index 0000000000000..039bb00d6f43f --- /dev/null +++ b/packages/aws-cdk/lib/init-templates/v2/app/javascript/sub-placeholders.hook.ts @@ -0,0 +1,7 @@ +import { InvokeHook } from '../../../../init'; + +export const invoke: InvokeHook = async (_, context) => { + // File cannot be named like regular template because it needs to be + // processed by dependency updaters. + await context.substitutePlaceholdersIn('package.json'); +}; diff --git a/packages/aws-cdk/lib/init-templates/v2/app/python/requirements.template.txt b/packages/aws-cdk/lib/init-templates/v2/app/python/requirements.txt similarity index 100% rename from packages/aws-cdk/lib/init-templates/v2/app/python/requirements.template.txt rename to packages/aws-cdk/lib/init-templates/v2/app/python/requirements.txt diff --git a/packages/aws-cdk/lib/init-templates/v2/app/python/sub-placeholders.hook.ts b/packages/aws-cdk/lib/init-templates/v2/app/python/sub-placeholders.hook.ts new file mode 100644 index 0000000000000..67bf2a9c6e8f4 --- /dev/null +++ b/packages/aws-cdk/lib/init-templates/v2/app/python/sub-placeholders.hook.ts @@ -0,0 +1,7 @@ +import { InvokeHook } from '../../../../init'; + +export const invoke: InvokeHook = async (_, context) => { + // File cannot be named like regular template because it needs to be + // processed by dependency updaters. + await context.substitutePlaceholdersIn('requirements.txt'); +}; diff --git a/packages/aws-cdk/lib/init-templates/v2/app/typescript/package.template.json b/packages/aws-cdk/lib/init-templates/v2/app/typescript/package.json similarity index 74% rename from packages/aws-cdk/lib/init-templates/v2/app/typescript/package.template.json rename to packages/aws-cdk/lib/init-templates/v2/app/typescript/package.json index a599c63f6ec35..edc16917ce553 100644 --- a/packages/aws-cdk/lib/init-templates/v2/app/typescript/package.template.json +++ b/packages/aws-cdk/lib/init-templates/v2/app/typescript/package.json @@ -11,17 +11,17 @@ "cdk": "cdk" }, "devDependencies": { - "@types/jest": "^26.0.10", + "@types/jest": "^27.4.1", "@types/node": "10.17.27", - "jest": "^26.4.2", - "ts-jest": "^26.2.0", + "jest": "^27.5.1", + "ts-jest": "^27.1.4", "aws-cdk": "%cdk-version%", - "ts-node": "^9.0.0", + "ts-node": "^10.7.0", "typescript": "~3.9.7" }, "dependencies": { "aws-cdk-lib": "%cdk-version%", "constructs": "%constructs-version%", - "source-map-support": "^0.5.16" + "source-map-support": "^0.5.21" } } diff --git a/packages/aws-cdk/lib/init-templates/v2/app/typescript/sub-placeholders.hook.ts b/packages/aws-cdk/lib/init-templates/v2/app/typescript/sub-placeholders.hook.ts new file mode 100644 index 0000000000000..039bb00d6f43f --- /dev/null +++ b/packages/aws-cdk/lib/init-templates/v2/app/typescript/sub-placeholders.hook.ts @@ -0,0 +1,7 @@ +import { InvokeHook } from '../../../../init'; + +export const invoke: InvokeHook = async (_, context) => { + // File cannot be named like regular template because it needs to be + // processed by dependency updaters. + await context.substitutePlaceholdersIn('package.json'); +}; diff --git a/packages/aws-cdk/lib/init-templates/v2/lib/typescript/package.template.json b/packages/aws-cdk/lib/init-templates/v2/lib/typescript/package.json similarity index 84% rename from packages/aws-cdk/lib/init-templates/v2/lib/typescript/package.template.json rename to packages/aws-cdk/lib/init-templates/v2/lib/typescript/package.json index b388f5270b769..e6a42592daca8 100644 --- a/packages/aws-cdk/lib/init-templates/v2/lib/typescript/package.template.json +++ b/packages/aws-cdk/lib/init-templates/v2/lib/typescript/package.json @@ -9,12 +9,12 @@ "test": "jest" }, "devDependencies": { - "@types/jest": "^26.0.10", + "@types/jest": "^27.4.1", "@types/node": "10.17.27", "aws-cdk-lib": "%cdk-version%", "constructs": "%constructs-version%", - "jest": "^26.4.2", - "ts-jest": "^26.2.0", + "jest": "^27.5.1", + "ts-jest": "^27.1.4", "typescript": "~3.9.7" }, "peerDependencies": { diff --git a/packages/aws-cdk/lib/init-templates/v2/lib/typescript/sub-placeholders.hook.ts b/packages/aws-cdk/lib/init-templates/v2/lib/typescript/sub-placeholders.hook.ts new file mode 100644 index 0000000000000..039bb00d6f43f --- /dev/null +++ b/packages/aws-cdk/lib/init-templates/v2/lib/typescript/sub-placeholders.hook.ts @@ -0,0 +1,7 @@ +import { InvokeHook } from '../../../../init'; + +export const invoke: InvokeHook = async (_, context) => { + // File cannot be named like regular template because it needs to be + // processed by dependency updaters. + await context.substitutePlaceholdersIn('package.json'); +}; diff --git a/packages/aws-cdk/lib/init-templates/v2/sample-app/java/pom.template.xml b/packages/aws-cdk/lib/init-templates/v2/sample-app/java/pom.xml similarity index 100% rename from packages/aws-cdk/lib/init-templates/v2/sample-app/java/pom.template.xml rename to packages/aws-cdk/lib/init-templates/v2/sample-app/java/pom.xml diff --git a/packages/aws-cdk/lib/init-templates/v2/sample-app/java/sub-placeholders.hook.ts b/packages/aws-cdk/lib/init-templates/v2/sample-app/java/sub-placeholders.hook.ts new file mode 100644 index 0000000000000..98c27ef042b9c --- /dev/null +++ b/packages/aws-cdk/lib/init-templates/v2/sample-app/java/sub-placeholders.hook.ts @@ -0,0 +1,7 @@ +import { InvokeHook } from '../../../../init'; + +export const invoke: InvokeHook = async (_, context) => { + // File cannot be named like regular template because it needs to be + // processed by dependency updaters. + await context.substitutePlaceholdersIn('pom.xml'); +}; diff --git a/packages/aws-cdk/lib/init-templates/v2/app/javascript/package.template.json b/packages/aws-cdk/lib/init-templates/v2/sample-app/javascript/package.json similarity index 94% rename from packages/aws-cdk/lib/init-templates/v2/app/javascript/package.template.json rename to packages/aws-cdk/lib/init-templates/v2/sample-app/javascript/package.json index 550e7544f9b44..065a5f226d93a 100644 --- a/packages/aws-cdk/lib/init-templates/v2/app/javascript/package.template.json +++ b/packages/aws-cdk/lib/init-templates/v2/sample-app/javascript/package.json @@ -11,7 +11,7 @@ }, "devDependencies": { "aws-cdk": "%cdk-version%", - "jest": "^26.4.2" + "jest": "^27.5.1" }, "dependencies": { "aws-cdk-lib": "%cdk-version%", diff --git a/packages/aws-cdk/lib/init-templates/v2/sample-app/javascript/sub-placeholders.hook.ts b/packages/aws-cdk/lib/init-templates/v2/sample-app/javascript/sub-placeholders.hook.ts new file mode 100644 index 0000000000000..039bb00d6f43f --- /dev/null +++ b/packages/aws-cdk/lib/init-templates/v2/sample-app/javascript/sub-placeholders.hook.ts @@ -0,0 +1,7 @@ +import { InvokeHook } from '../../../../init'; + +export const invoke: InvokeHook = async (_, context) => { + // File cannot be named like regular template because it needs to be + // processed by dependency updaters. + await context.substitutePlaceholdersIn('package.json'); +}; diff --git a/packages/aws-cdk/lib/init-templates/v2/sample-app/python/requirements.template.txt b/packages/aws-cdk/lib/init-templates/v2/sample-app/python/requirements.txt similarity index 100% rename from packages/aws-cdk/lib/init-templates/v2/sample-app/python/requirements.template.txt rename to packages/aws-cdk/lib/init-templates/v2/sample-app/python/requirements.txt diff --git a/packages/aws-cdk/lib/init-templates/v2/sample-app/python/sub-placeholders.hook.ts b/packages/aws-cdk/lib/init-templates/v2/sample-app/python/sub-placeholders.hook.ts new file mode 100644 index 0000000000000..67bf2a9c6e8f4 --- /dev/null +++ b/packages/aws-cdk/lib/init-templates/v2/sample-app/python/sub-placeholders.hook.ts @@ -0,0 +1,7 @@ +import { InvokeHook } from '../../../../init'; + +export const invoke: InvokeHook = async (_, context) => { + // File cannot be named like regular template because it needs to be + // processed by dependency updaters. + await context.substitutePlaceholdersIn('requirements.txt'); +}; diff --git a/packages/aws-cdk/lib/init-templates/v2/sample-app/typescript/package.template.json b/packages/aws-cdk/lib/init-templates/v2/sample-app/typescript/package.json similarity index 79% rename from packages/aws-cdk/lib/init-templates/v2/sample-app/typescript/package.template.json rename to packages/aws-cdk/lib/init-templates/v2/sample-app/typescript/package.json index d4d76c656ba2e..6dcc625bbfd8f 100644 --- a/packages/aws-cdk/lib/init-templates/v2/sample-app/typescript/package.template.json +++ b/packages/aws-cdk/lib/init-templates/v2/sample-app/typescript/package.json @@ -12,11 +12,11 @@ }, "devDependencies": { "aws-cdk": "%cdk-version%", - "@types/jest": "^26.0.10", + "@types/jest": "^27.4.1", "@types/node": "10.17.27", - "jest": "^26.4.2", - "ts-jest": "^26.2.0", - "ts-node": "^9.0.0", + "jest": "^27.5.1", + "ts-jest": "^27.1.4", + "ts-node": "^10.7.0", "typescript": "~3.9.7" }, "dependencies": { diff --git a/packages/aws-cdk/lib/init-templates/v2/sample-app/typescript/sub-placeholders.hook.ts b/packages/aws-cdk/lib/init-templates/v2/sample-app/typescript/sub-placeholders.hook.ts new file mode 100644 index 0000000000000..039bb00d6f43f --- /dev/null +++ b/packages/aws-cdk/lib/init-templates/v2/sample-app/typescript/sub-placeholders.hook.ts @@ -0,0 +1,7 @@ +import { InvokeHook } from '../../../../init'; + +export const invoke: InvokeHook = async (_, context) => { + // File cannot be named like regular template because it needs to be + // processed by dependency updaters. + await context.substitutePlaceholdersIn('package.json'); +}; diff --git a/packages/aws-cdk/lib/init.ts b/packages/aws-cdk/lib/init.ts index 0638c42e9d4e8..a1e6ea815c0c3 100644 --- a/packages/aws-cdk/lib/init.ts +++ b/packages/aws-cdk/lib/init.ts @@ -8,7 +8,22 @@ import { error, print, warning } from './logging'; import { cdkHomeDir, rootDir } from './util/directories'; import { versionNumber } from './version'; -export type InvokeHook = (targetDirectory: string) => Promise; + +export type SubstitutePlaceholders = (...fileNames: string[]) => Promise; + +/** + * Helpers passed to hook functions + */ +export interface HookContext { + /** + * Callback function to replace placeholders on arbitrary files + * + * This makes token substitution available to non-`.template` files. + */ + readonly substitutePlaceholdersIn: SubstitutePlaceholders; +} + +export type InvokeHook = (targetDirectory: string, context: HookContext) => Promise; /* eslint-disable @typescript-eslint/no-var-requires */ // Packages don't have @types module // eslint-disable-next-line @typescript-eslint/no-require-imports @@ -98,14 +113,27 @@ export class InitTemplate { + `(it supports: ${this.languages.map(l => chalk.blue(l)).join(', ')})`); throw new Error(`Unsupported language: ${language}`); } + + const projectInfo: ProjectInfo = { + name: decamelize(path.basename(path.resolve(targetDirectory))), + }; + + const hookContext: HookContext = { + substitutePlaceholdersIn: async (...fileNames: string[]) => { + for (const fileName of fileNames) { + const fullPath = path.join(targetDirectory, fileName); + const template = await fs.readFile(fullPath, { encoding: 'utf-8' }); + await fs.writeFile(fullPath, this.expand(template, projectInfo)); + } + }, + }; + const sourceDirectory = path.join(this.basePath, language); const hookTempDirectory = path.join(targetDirectory, 'tmp'); await fs.mkdir(hookTempDirectory); - await this.installFiles(sourceDirectory, targetDirectory, { - name: decamelize(path.basename(path.resolve(targetDirectory))), - }); + await this.installFiles(sourceDirectory, targetDirectory, projectInfo); await this.applyFutureFlags(targetDirectory); - await this.invokeHooks(hookTempDirectory, targetDirectory); + await this.invokeHooks(hookTempDirectory, targetDirectory, hookContext); await fs.remove(hookTempDirectory); } @@ -137,7 +165,7 @@ export class InitTemplate { * will be invoked, passing the target directory as the only argument. Hooks are invoked * in lexical order. */ - private async invokeHooks(sourceDirectory: string, targetDirectory: string) { + private async invokeHooks(sourceDirectory: string, targetDirectory: string, hookContext: HookContext) { const files = await fs.readdir(sourceDirectory); files.sort(); // Sorting allows template authors to control the order in which hooks are invoked. @@ -145,7 +173,7 @@ export class InitTemplate { if (file.match(/^.*\.hook\.js$/)) { // eslint-disable-next-line @typescript-eslint/no-require-imports const invoke: InvokeHook = require(path.join(sourceDirectory, file)).invoke; - await invoke(targetDirectory); + await invoke(targetDirectory, hookContext); } } } diff --git a/packages/aws-cdk/tsconfig.json b/packages/aws-cdk/tsconfig.json index b1de148db28b3..674269068d4c5 100644 --- a/packages/aws-cdk/tsconfig.json +++ b/packages/aws-cdk/tsconfig.json @@ -19,10 +19,10 @@ "include": [ "**/*.ts", "**/*.d.ts", - "lib/init-templates/**/add-project.hook.ts" + "lib/init-templates/**/*.hook.ts" ], "exclude": [ - "lib/init-templates/**/typescript/**/*.ts", + "lib/init-templates/**/typescript/*/*.ts", "test/integ/cli/sam_cdk_integ_app/**/*" ], "references": [ From 8bd6c59e44cf3e328ce19f706d4798eb7875caff Mon Sep 17 00:00:00 2001 From: Rico Huijbers Date: Wed, 27 Apr 2022 12:38:43 +0200 Subject: [PATCH 3/5] chore: minor test improvements (#20035) - Remove gross duplication in a test - Have objectMatcher tell us what keys ARE there instead of just what keys AREN'T there - Add a test to confirm that `addEventSourceMapping()` doesn't accidentally produce non-stable logical IDs ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- packages/@aws-cdk/assertions/lib/match.ts | 2 +- .../@aws-cdk/assertions/test/match.test.ts | 16 +- .../@aws-cdk/assertions/test/template.test.ts | 6 +- .../test/event-source-mapping.test.ts | 178 ++++-------------- 4 files changed, 46 insertions(+), 156 deletions(-) diff --git a/packages/@aws-cdk/assertions/lib/match.ts b/packages/@aws-cdk/assertions/lib/match.ts index dd03bba1950a2..9e53898ef37de 100644 --- a/packages/@aws-cdk/assertions/lib/match.ts +++ b/packages/@aws-cdk/assertions/lib/match.ts @@ -300,7 +300,7 @@ class ObjectMatch extends Matcher { result.recordFailure({ matcher: this, path: [`/${patternKey}`], - message: 'Missing key', + message: `Missing key '${patternKey}' among {${Object.keys(actual).join(',')}}`, }); continue; } diff --git a/packages/@aws-cdk/assertions/test/match.test.ts b/packages/@aws-cdk/assertions/test/match.test.ts index 92c3646e044a7..b0e6bd8a5eb78 100644 --- a/packages/@aws-cdk/assertions/test/match.test.ts +++ b/packages/@aws-cdk/assertions/test/match.test.ts @@ -39,7 +39,7 @@ describe('Matchers', () => { 'Expected fred but received flob at [1]/waldo', 'Expected flob but received fred at [1]/wobble', ]); - expectFailure(matcher, [{ foo: 'bar', baz: 'qux' }, { waldo: 'fred' }], [/Missing key at \[1\]\/wobble/]); + expectFailure(matcher, [{ foo: 'bar', baz: 'qux' }, { waldo: 'fred' }], [/Missing key.*at \[1\]\/wobble/]); }); test('objects', () => { @@ -49,7 +49,7 @@ describe('Matchers', () => { expectFailure(matcher, ['3', 5], [/Expected type object but received array/]); expectFailure(matcher, { baz: 'qux' }, [ 'Unexpected key at /baz', - 'Missing key at /foo', + /Missing key.*at \/foo/, ]); matcher = Match.exact({ foo: 'bar', baz: 5 }); @@ -59,8 +59,8 @@ describe('Matchers', () => { matcher = Match.exact({ foo: [2, 3], bar: 'baz' }); expectPass(matcher, { foo: [2, 3], bar: 'baz' }); expectFailure(matcher, {}, [ - 'Missing key at /foo', - 'Missing key at /bar', + /Missing key.*at \/foo/, + /Missing key.*at \/bar/, ]); expectFailure(matcher, { bar: [2, 3], foo: 'baz' }, [ 'Expected type array but received string at /foo', @@ -155,7 +155,7 @@ describe('Matchers', () => { expectPass(matcher, { foo: 'bar' }); expectFailure(matcher, { foo: 'baz' }, [/Expected bar but received baz at \/foo/]); expectFailure(matcher, { foo: ['bar'] }, [/Expected type string but received array at \/foo/]); - expectFailure(matcher, { bar: 'foo' }, [/Missing key at \/foo/]); + expectFailure(matcher, { bar: 'foo' }, [/Missing key.*at \/foo/]); expectPass(matcher, { foo: 'bar', baz: 'qux' }); }); @@ -338,7 +338,7 @@ describe('Matchers', () => { expectPass(matcher, { foo: [1, 2] }); expectFailure(matcher, { foo: null }, ['Expected a value but found none at /foo']); - expectFailure(matcher, {}, ['Missing key at /foo']); + expectFailure(matcher, {}, [/Missing key.*at \/foo/]); }); }); @@ -358,7 +358,7 @@ describe('Matchers', () => { expectFailure(matcher, '{ "Foo": 4 }', ['Expected type string but received number at (serializedJson)/Foo']); expectFailure(matcher, '{ "Bar": "Baz" }', [ 'Unexpected key at (serializedJson)/Bar', - 'Missing key at (serializedJson)/Foo', + /Missing key.*at \(serializedJson\)\/Foo/, ]); }); @@ -372,7 +372,7 @@ describe('Matchers', () => { expectPass(matcher, '{ "Foo": ["Bar", "Baz"], "Fred": "Waldo" }'); expectFailure(matcher, '{ "Foo": ["Baz"] }', ['Missing element [Bar] at pattern index 0 at (serializedJson)/Foo']); - expectFailure(matcher, '{ "Bar": ["Baz"] }', ['Missing key at (serializedJson)/Foo']); + expectFailure(matcher, '{ "Bar": ["Baz"] }', [/Missing key.*at \(serializedJson\)\/Foo/]); }); test('invalid json string', () => { diff --git a/packages/@aws-cdk/assertions/test/template.test.ts b/packages/@aws-cdk/assertions/test/template.test.ts index dcdb73e61da71..c98236401b5f6 100644 --- a/packages/@aws-cdk/assertions/test/template.test.ts +++ b/packages/@aws-cdk/assertions/test/template.test.ts @@ -181,7 +181,7 @@ describe('Template', () => { expect(() => inspect.hasResource('Foo::Bar', { Properties: { baz: 'qux', fred: 'waldo' }, - })).toThrow(/Missing key at \/Properties\/fred/); + })).toThrow(/Missing key.*at \/Properties\/fred/); }); test('arrayWith', () => { @@ -337,7 +337,7 @@ describe('Template', () => { .toThrow(/Expected waldo but received qux at \/Properties\/baz/); expect(() => inspect.hasResourceProperties('Foo::Bar', { baz: 'qux', fred: 'waldo' })) - .toThrow(/Missing key at \/Properties\/fred/); + .toThrow(/Missing key.*at \/Properties\/fred/); }); test('absent - with properties', () => { @@ -367,7 +367,7 @@ describe('Template', () => { const inspect = Template.fromStack(stack); expect(() => inspect.hasResourceProperties('Foo::Bar', { bar: Match.absent(), baz: 'qux' })) - .toThrow(/Missing key at \/Properties\/baz/); + .toThrow(/Missing key.*at \/Properties\/baz/); inspect.hasResourceProperties('Foo::Bar', Match.absent()); }); diff --git a/packages/@aws-cdk/aws-lambda/test/event-source-mapping.test.ts b/packages/@aws-cdk/aws-lambda/test/event-source-mapping.test.ts index 793e9abb4c42d..c1e32caf281b2 100644 --- a/packages/@aws-cdk/aws-lambda/test/event-source-mapping.test.ts +++ b/packages/@aws-cdk/aws-lambda/test/event-source-mapping.test.ts @@ -1,16 +1,41 @@ import { Match, Template } from '@aws-cdk/assertions'; import * as cdk from '@aws-cdk/core'; -import { Code, EventSourceMapping, Function, Runtime } from '../lib'; +import { Code, EventSourceMapping, Function, Runtime, Alias } from '../lib'; + +let stack: cdk.Stack; +let fn: Function; +beforeEach(() => { + stack = new cdk.Stack(); + fn = new Function(stack, 'fn', { + handler: 'index.handler', + code: Code.fromInline('exports.handler = ${handler.toString()}'), + runtime: Runtime.NODEJS_14_X, + }); +}); describe('event source mapping', () => { - test('throws if maxBatchingWindow > 300 seconds', () => { - const stack = new cdk.Stack(); - const fn = new Function(stack, 'fn', { - handler: 'index.handler', - code: Code.fromInline('exports.handler = ${handler.toString()}'), - runtime: Runtime.NODEJS_10_X, + test('verify that alias.addEventSourceMapping produces stable ids', () => { + // GIVEN + var alias = new Alias(stack, 'LiveAlias', { + aliasName: 'Live', + version: fn.currentVersion, }); + // WHEN + alias.addEventSourceMapping('MyMapping', { + eventSourceArn: 'asfd', + }); + + // THEN + Template.fromStack(stack).templateMatches({ + Resources: { + // Crucially, no ID in there that depends on the state of the Lambda + LiveAliasMyMapping4E1B698B: { Type: 'AWS::Lambda::EventSourceMapping' }, + }, + }); + }); + + test('throws if maxBatchingWindow > 300 seconds', () => { expect(() => new EventSourceMapping(stack, 'test', { target: fn, eventSourceArn: '', @@ -19,13 +44,6 @@ describe('event source mapping', () => { }); test('throws if maxRecordAge is below 60 seconds', () => { - const stack = new cdk.Stack(); - const fn = new Function(stack, 'fn', { - handler: 'index.handler', - code: Code.fromInline('exports.handler = ${handler.toString()}'), - runtime: Runtime.NODEJS_10_X, - }); - expect(() => new EventSourceMapping(stack, 'test', { target: fn, eventSourceArn: '', @@ -34,13 +52,6 @@ describe('event source mapping', () => { }); test('throws if maxRecordAge is over 7 days', () => { - const stack = new cdk.Stack(); - const fn = new Function(stack, 'fn', { - handler: 'index.handler', - code: Code.fromInline('exports.handler = ${handler.toString()}'), - runtime: Runtime.NODEJS_10_X, - }); - expect(() => new EventSourceMapping(stack, 'test', { target: fn, eventSourceArn: '', @@ -49,13 +60,6 @@ describe('event source mapping', () => { }); test('throws if retryAttempts is negative', () => { - const stack = new cdk.Stack(); - const fn = new Function(stack, 'fn', { - handler: 'index.handler', - code: Code.fromInline('exports.handler = ${handler.toString()}'), - runtime: Runtime.NODEJS_10_X, - }); - expect(() => new EventSourceMapping(stack, 'test', { target: fn, eventSourceArn: '', @@ -64,13 +68,6 @@ describe('event source mapping', () => { }); test('throws if retryAttempts is over 10000', () => { - const stack = new cdk.Stack(); - const fn = new Function(stack, 'fn', { - handler: 'index.handler', - code: Code.fromInline('exports.handler = ${handler.toString()}'), - runtime: Runtime.NODEJS_10_X, - }); - expect(() => new EventSourceMapping(stack, 'test', { target: fn, eventSourceArn: '', @@ -79,13 +76,6 @@ describe('event source mapping', () => { }); test('accepts if retryAttempts is a token', () => { - const stack = new cdk.Stack(); - const fn = new Function(stack, 'fn', { - handler: 'index.handler', - code: Code.fromInline('exports.handler = ${handler.toString()}'), - runtime: Runtime.NODEJS_10_X, - }); - new EventSourceMapping(stack, 'test', { target: fn, eventSourceArn: '', @@ -94,13 +84,6 @@ describe('event source mapping', () => { }); test('throws if parallelizationFactor is below 1', () => { - const stack = new cdk.Stack(); - const fn = new Function(stack, 'fn', { - handler: 'index.handler', - code: Code.fromInline('exports.handler = ${handler.toString()}'), - runtime: Runtime.NODEJS_10_X, - }); - expect(() => new EventSourceMapping(stack, 'test', { target: fn, eventSourceArn: '', @@ -109,13 +92,6 @@ describe('event source mapping', () => { }); test('throws if parallelizationFactor is over 10', () => { - const stack = new cdk.Stack(); - const fn = new Function(stack, 'fn', { - handler: 'index.handler', - code: Code.fromInline('exports.handler = ${handler.toString()}'), - runtime: Runtime.NODEJS_10_X, - }); - expect(() => new EventSourceMapping(stack, 'test', { target: fn, eventSourceArn: '', @@ -124,13 +100,6 @@ describe('event source mapping', () => { }); test('accepts if parallelizationFactor is a token', () => { - const stack = new cdk.Stack(); - const fn = new Function(stack, 'fn', { - handler: 'index.handler', - code: Code.fromInline('exports.handler = ${handler.toString()}'), - runtime: Runtime.NODEJS_10_X, - }); - new EventSourceMapping(stack, 'test', { target: fn, eventSourceArn: '', @@ -139,25 +108,18 @@ describe('event source mapping', () => { }); test('import event source mapping', () => { - const stack = new cdk.Stack(undefined, undefined, { stackName: 'test-stack' }); - const imported = EventSourceMapping.fromEventSourceMappingId(stack, 'imported', '14e0db71-5d35-4eb5-b481-8945cf9d10c2'); + const stack2 = new cdk.Stack(undefined, undefined, { stackName: 'test-stack' }); + const imported = EventSourceMapping.fromEventSourceMappingId(stack2, 'imported', '14e0db71-5d35-4eb5-b481-8945cf9d10c2'); expect(imported.eventSourceMappingId).toEqual('14e0db71-5d35-4eb5-b481-8945cf9d10c2'); expect(imported.stack.stackName).toEqual('test-stack'); }); test('accepts if kafkaTopic is a parameter', () => { - const stack = new cdk.Stack(); const topicNameParam = new cdk.CfnParameter(stack, 'TopicNameParam', { type: 'String', }); - const fn = new Function(stack, 'fn', { - handler: 'index.handler', - code: Code.fromInline('exports.handler = ${handler.toString()}'), - runtime: Runtime.NODEJS_10_X, - }); - new EventSourceMapping(stack, 'test', { target: fn, eventSourceArn: '', @@ -172,26 +134,12 @@ describe('event source mapping', () => { }); test('throws if neither eventSourceArn nor kafkaBootstrapServers are set', () => { - const stack = new cdk.Stack(); - const fn = new Function(stack, 'fn', { - handler: 'index.handler', - code: Code.fromInline('exports.handler = ${handler.toString()}'), - runtime: Runtime.NODEJS_10_X, - }); - expect(() => new EventSourceMapping(stack, 'test', { target: fn, })).toThrow(/Either eventSourceArn or kafkaBootstrapServers must be set/); }); test('throws if both eventSourceArn and kafkaBootstrapServers are set', () => { - const stack = new cdk.Stack(); - const fn = new Function(stack, 'fn', { - handler: 'index.handler', - code: Code.fromInline('exports.handler = ${handler.toString()}'), - runtime: Runtime.NODEJS_10_X, - }); - expect(() => new EventSourceMapping(stack, 'test', { eventSourceArn: '', kafkaBootstrapServers: [], @@ -200,13 +148,6 @@ describe('event source mapping', () => { }); test('throws if both kafkaBootstrapServers is set but empty', () => { - const stack = new cdk.Stack(); - const fn = new Function(stack, 'fn', { - handler: 'index.handler', - code: Code.fromInline('exports.handler = ${handler.toString()}'), - runtime: Runtime.NODEJS_10_X, - }); - expect(() => new EventSourceMapping(stack, 'test', { kafkaBootstrapServers: [], target: fn, @@ -214,17 +155,10 @@ describe('event source mapping', () => { }); test('eventSourceArn appears in stack', () => { - const stack = new cdk.Stack(); const topicNameParam = new cdk.CfnParameter(stack, 'TopicNameParam', { type: 'String', }); - const fn = new Function(stack, 'fn', { - handler: 'index.handler', - code: Code.fromInline('exports.handler = ${handler.toString()}'), - runtime: Runtime.NODEJS_10_X, - }); - let eventSourceArn = 'some-arn'; new EventSourceMapping(stack, 'test', { @@ -239,17 +173,10 @@ describe('event source mapping', () => { }); test('kafkaBootstrapServers appears in stack', () => { - const stack = new cdk.Stack(); const topicNameParam = new cdk.CfnParameter(stack, 'TopicNameParam', { type: 'String', }); - const fn = new Function(stack, 'fn', { - handler: 'index.handler', - code: Code.fromInline('exports.handler = ${handler.toString()}'), - runtime: Runtime.NODEJS_10_X, - }); - let kafkaBootstrapServers = ['kafka-broker.example.com:9092']; new EventSourceMapping(stack, 'test', { target: fn, @@ -263,13 +190,6 @@ describe('event source mapping', () => { }); test('throws if tumblingWindow > 900 seconds', () => { - const stack = new cdk.Stack(); - const fn = new Function(stack, 'fn', { - handler: 'index.handler', - code: Code.fromInline('exports.handler = ${handler.toString()}'), - runtime: Runtime.NODEJS_10_X, - }); - expect(() => new EventSourceMapping(stack, 'test', { target: fn, eventSourceArn: '', @@ -278,12 +198,6 @@ describe('event source mapping', () => { }); test('accepts if tumblingWindow is a token', () => { - const stack = new cdk.Stack(); - const fn = new Function(stack, 'fn', { - handler: 'index.handler', - code: Code.fromInline('exports.handler = ${handler.toString()}'), - runtime: Runtime.NODEJS_10_X, - }); const lazyDuration = cdk.Duration.seconds(cdk.Lazy.number({ produce: () => 60 })); new EventSourceMapping(stack, 'test', { @@ -294,14 +208,6 @@ describe('event source mapping', () => { }); test('transforms reportBatchItemFailures into functionResponseTypes with ReportBatchItemFailures', () => { - const stack = new cdk.Stack(); - - const fn = new Function(stack, 'fn', { - handler: 'index.handler', - code: Code.fromInline('exports.handler = ${handler.toString()}'), - runtime: Runtime.NODEJS_10_X, - }); - new EventSourceMapping(stack, 'test', { target: fn, eventSourceArn: '', @@ -314,14 +220,6 @@ describe('event source mapping', () => { }); test('transforms missing reportBatchItemFailures into absent FunctionResponseTypes', () => { - const stack = new cdk.Stack(); - - const fn = new Function(stack, 'fn', { - handler: 'index.handler', - code: Code.fromInline('exports.handler = ${handler.toString()}'), - runtime: Runtime.NODEJS_10_X, - }); - new EventSourceMapping(stack, 'test', { target: fn, eventSourceArn: '', @@ -333,14 +231,6 @@ describe('event source mapping', () => { }); test('transforms reportBatchItemFailures false into absent FunctionResponseTypes', () => { - const stack = new cdk.Stack(); - - const fn = new Function(stack, 'fn', { - handler: 'index.handler', - code: Code.fromInline('exports.handler = ${handler.toString()}'), - runtime: Runtime.NODEJS_10_X, - }); - new EventSourceMapping(stack, 'test', { target: fn, eventSourceArn: '', From f2b0acb4c036930235393153ca9d2a6fc7d54860 Mon Sep 17 00:00:00 2001 From: AWS CDK Automation <43080478+aws-cdk-automation@users.noreply.github.com> Date: Wed, 27 Apr 2022 04:24:06 -0700 Subject: [PATCH 4/5] docs(cfnspec): update CloudFormation documentation (#20093) --- .../spec-source/cfn-docs/cfn-docs.json | 74 +++++++++---------- 1 file changed, 37 insertions(+), 37 deletions(-) diff --git a/packages/@aws-cdk/cfnspec/spec-source/cfn-docs/cfn-docs.json b/packages/@aws-cdk/cfnspec/spec-source/cfn-docs/cfn-docs.json index d82735ddf6267..51b0a71c11e1c 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/cfn-docs/cfn-docs.json +++ b/packages/@aws-cdk/cfnspec/spec-source/cfn-docs/cfn-docs.json @@ -8703,7 +8703,7 @@ "description": "The email configuration of your user pool. The email configuration type sets your preferred sending method, AWS Region, and sender for messages from your user pool.", "properties": { "ConfigurationSet": "The set of configuration rules that can be applied to emails sent using Amazon SES. A configuration set is applied to an email by including a reference to the configuration set in the headers of the email. Once applied, all of the rules in that configuration set are applied to the email. Configuration sets can be used to apply the following types of rules to emails:\n\n- Event publishing \u2013 Amazon SES can track the number of send, delivery, open, click, bounce, and complaint events for each email sent. Use event publishing to send information about these events to other AWS services such as SNS and CloudWatch.\n- IP pool management \u2013 When leasing dedicated IP addresses with Amazon SES, you can create groups of IP addresses, called dedicated IP pools. You can then associate the dedicated IP pools with configuration sets.", - "EmailSendingAccount": "Specifies whether Amazon Cognito uses its built-in functionality to send your users email messages, or uses your Amazon Simple Email Service email configuration. Specify one of the following values:\n\n- **COGNITO_DEFAULT** - When Amazon Cognito emails your users, it uses its built-in email functionality. When you use the default option, Amazon Cognito allows only a limited number of emails each day for your user pool. For typical production environments, the default email limit is less than the required delivery volume. To achieve a higher delivery volume, specify DEVELOPER to use your Amazon SES email configuration.\n\nTo look up the email delivery limit for the default option, see [Limits in](https://docs.aws.amazon.com/cognito/latest/developerguide/limits.html) in the *Developer Guide* .\n\nThe default FROM address is `no-reply@verificationemail.com` . To customize the FROM address, provide the Amazon Resource Name (ARN) of an Amazon SES verified email address for the `SourceArn` parameter.\n\nIf EmailSendingAccount is COGNITO_DEFAULT, you can't use the following parameters:\n\n- EmailVerificationMessage\n- EmailVerificationSubject\n- InviteMessageTemplate.EmailMessage\n- InviteMessageTemplate.EmailSubject\n- VerificationMessageTemplate.EmailMessage\n- VerificationMessageTemplate.EmailMessageByLink\n- VerificationMessageTemplate.EmailSubject,\n- VerificationMessageTemplate.EmailSubjectByLink\n\n> DEVELOPER EmailSendingAccount is required.\n- **DEVELOPER** - When Amazon Cognito emails your users, it uses your Amazon SES configuration. Amazon Cognito calls Amazon SES on your behalf to send email from your verified email address. When you use this option, the email delivery limits are the same limits that apply to your Amazon SES verified email address in your AWS account .\n\nIf you use this option, you must provide the ARN of an Amazon SES verified email address for the `SourceArn` parameter.\n\nBefore Amazon Cognito can email your users, it requires additional permissions to call Amazon SES on your behalf. When you update your user pool with this option, Amazon Cognito creates a *service-linked role* , which is a type of role, in your AWS account . This role contains the permissions that allow to access Amazon SES and send email messages with your address. For more information about the service-linked role that Amazon Cognito creates, see [Using Service-Linked Roles for Amazon Cognito](https://docs.aws.amazon.com/cognito/latest/developerguide/using-service-linked-roles.html) in the *Amazon Cognito Developer Guide* .", + "EmailSendingAccount": "Specifies whether Amazon Cognito uses its built-in functionality to send your users email messages, or uses your Amazon Simple Email Service email configuration. Specify one of the following values:\n\n- **COGNITO_DEFAULT** - When Amazon Cognito emails your users, it uses its built-in email functionality. When you use the default option, Amazon Cognito allows only a limited number of emails each day for your user pool. For typical production environments, the default email limit is less than the required delivery volume. To achieve a higher delivery volume, specify DEVELOPER to use your Amazon SES email configuration.\n\nTo look up the email delivery limit for the default option, see [Limits in](https://docs.aws.amazon.com/cognito/latest/developerguide/limits.html) in the *Developer Guide* .\n\nThe default FROM address is `no-reply@verificationemail.com` . To customize the FROM address, provide the Amazon Resource Name (ARN) of an Amazon SES verified email address for the `SourceArn` parameter.\n- **DEVELOPER** - When Amazon Cognito emails your users, it uses your Amazon SES configuration. Amazon Cognito calls Amazon SES on your behalf to send email from your verified email address. When you use this option, the email delivery limits are the same limits that apply to your Amazon SES verified email address in your AWS account .\n\nIf you use this option, provide the ARN of an Amazon SES verified email address for the `SourceArn` parameter.\n\nBefore Amazon Cognito can email your users, it requires additional permissions to call Amazon SES on your behalf. When you update your user pool with this option, Amazon Cognito creates a *service-linked role* , which is a type of role, in your AWS account . This role contains the permissions that allow to access Amazon SES and send email messages with your address. For more information about the service-linked role that Amazon Cognito creates, see [Using Service-Linked Roles for Amazon Cognito](https://docs.aws.amazon.com/cognito/latest/developerguide/using-service-linked-roles.html) in the *Amazon Cognito Developer Guide* .", "From": "Identifies either the sender's email address or the sender's name with their email address. For example, `testuser@example.com` or `Test User ` . This address appears before the body of the email.", "ReplyToEmailAddress": "The destination to which the receiver of the email should reply.", "SourceArn": "The ARN of a verified email address in Amazon SES. Amazon Cognito uses this email address in one of the following ways, depending on the value that you specify for the `EmailSendingAccount` parameter:\n\n- If you specify `COGNITO_DEFAULT` , Amazon Cognito uses this address as the custom FROM address when it emails your users using its built-in email account.\n- If you specify `DEVELOPER` , Amazon Cognito emails your users with this address by calling Amazon SES on your behalf.\n\nThe Region value of the `SourceArn` parameter must indicate a supported AWS Region of your user pool. Typically, the Region in the `SourceArn` and the user pool Region are the same. For more information, see [Amazon SES email configuration regions](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-email.html#user-pool-email-developer-region-mapping) in the [Amazon Cognito Developer Guide](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools.html) ." @@ -8754,7 +8754,7 @@ "RequireNumbers": "In the password policy that you have set, refers to whether you have required users to use at least one number in their password.", "RequireSymbols": "In the password policy that you have set, refers to whether you have required users to use at least one symbol in their password.", "RequireUppercase": "In the password policy that you have set, refers to whether you have required users to use at least one uppercase letter in their password.", - "TemporaryPasswordValidityDays": "The number of days a temporary password is valid in the password policy. If the user doesn't sign in during this time, an administrator must reset their password.\n\n> When you set `TemporaryPasswordValidityDays` for a user pool, you can no longer set the deprecated `UnusedAccountValidityDays` value for that user pool." + "TemporaryPasswordValidityDays": "The number of days a temporary password is valid in the password policy. If the user doesn't sign in during this time, an administrator must reset their password.\n\n> When you set `TemporaryPasswordValidityDays` for a user pool, you can no longer set a value for the legacy `UnusedAccountValidityDays` parameter in that user pool." } }, "AWS::Cognito::UserPool.Policies": { @@ -8778,7 +8778,7 @@ "properties": { "AttributeDataType": "The attribute data type.", "DeveloperOnlyAttribute": "> We recommend that you use [WriteAttributes](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UserPoolClientType.html#CognitoUserPools-Type-UserPoolClientType-WriteAttributes) in the user pool client to control how attributes can be mutated for new use cases instead of using `DeveloperOnlyAttribute` . \n\nSpecifies whether the attribute type is developer only. This attribute can only be modified by an administrator. Users will not be able to modify this attribute using their access token.", - "Mutable": "Specifies whether the value of the attribute can be changed.\n\nFor any user pool attribute that is mapped to an identity provider attribute, you must set this parameter to `true` . Amazon Cognito updates mapped attributes when users sign in to your application through an identity provider. If an attribute is immutable, Amazon Cognito throws an error when it attempts to update the attribute. For more information, see [Specifying Identity Provider Attribute Mappings for Your User Pool](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-specifying-attribute-mapping.html) .", + "Mutable": "Specifies whether the value of the attribute can be changed.\n\nFor any user pool attribute that is mapped to an IdP attribute, you must set this parameter to `true` . Amazon Cognito updates mapped attributes when users sign in to your application through an IdP. If an attribute is immutable, Amazon Cognito throws an error when it attempts to update the attribute. For more information, see [Specifying Identity Provider Attribute Mappings for Your User Pool](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-specifying-attribute-mapping.html) .", "Name": "A schema attribute of the name type.", "NumberAttributeConstraints": "Specifies the constraints for an attribute of the number type.", "Required": "Specifies whether a user pool attribute is required. If the attribute is required and the user doesn't provide a value, registration or sign-in will fail.", @@ -8813,7 +8813,7 @@ "attributes": {}, "description": "The `UsernameConfiguration` property type specifies case sensitivity on the username input for the selected sign-in option.", "properties": { - "CaseSensitive": "Specifies whether username case sensitivity will be applied for all users in the user pool through Amazon Cognito APIs.\n\nValid values include:\n\n- **True** - Enables case sensitivity for all username input. When this option is set to `True` , users must sign in using the exact capitalization of their given username, such as \u201cUserName\u201d. This is the default value.\n- **False** - Enables case insensitivity for all username input. For example, when this option is set to `False` , users can sign in using either \"username\" or \"Username\". This option also enables both `preferred_username` and `email` alias to be case insensitive, in addition to the `username` attribute." + "CaseSensitive": "Specifies whether user name case sensitivity will be applied for all users in the user pool through Amazon Cognito APIs.\n\nValid values include:\n\n- **True** - Enables case sensitivity for all username input. When this option is set to `True` , users must sign in using the exact capitalization of their given username, such as \u201cUserName\u201d. This is the default value.\n- **False** - Enables case insensitivity for all username input. For example, when this option is set to `False` , users can sign in using either \"username\" or \"Username\". This option also enables both `preferred_username` and `email` alias to be case insensitive, in addition to the `username` attribute." } }, "AWS::Cognito::UserPool.VerificationMessageTemplate": { @@ -8835,36 +8835,36 @@ "description": "The `AWS::Cognito::UserPoolClient` resource specifies an Amazon Cognito user pool client.\n\n> If you don't specify a value for a parameter, Amazon Cognito sets it to a default value.", "properties": { "AccessTokenValidity": "The time limit after which the access token is no longer valid and can't be used. If you supply a TokenValidityUnits value, you override the default time unit of *hours* . The default time unit for AccessTokenValidity in an API request is hours.", - "AllowedOAuthFlows": "The allowed OAuth flows.\n\nSet to `code` to initiate a code grant flow, which provides an authorization code as the response. This code can be exchanged for access tokens with the token endpoint.\n\nSet to `implicit` to specify that the client should get the access token (and, optionally, ID token, based on scopes) directly.\n\nSet to `client_credentials` to specify that the client should get the access token (and, optionally, ID token, based on scopes) from the token endpoint using a combination of client and client_secret.", + "AllowedOAuthFlows": "The allowed OAuth flows.\n\n- **code** - Use a code grant flow, which provides an authorization code as the response. This code can be exchanged for access tokens with the `/oauth2/token` endpoint.\n- **implicit** - Issue the access token (and, optionally, ID token, based on scopes) directly to your user.\n- **client_credentials** - Issue the access token from the `/oauth2/token` endpoint directly to a non-person user using a combination of the client ID and client secret.", "AllowedOAuthFlowsUserPoolClient": "Set to true if the client is allowed to follow the OAuth protocol when interacting with Amazon Cognito user pools.", - "AllowedOAuthScopes": "The allowed OAuth scopes. Possible values provided by OAuth are: `phone` , `email` , `openid` , and `profile` . Possible values provided by AWS are: `aws.cognito.signin.user.admin` . Custom scopes created in Resource Servers are also supported.", + "AllowedOAuthScopes": "The allowed OAuth scopes. Possible values provided by OAuth are `phone` , `email` , `openid` , and `profile` . Possible values provided by AWS are `aws.cognito.signin.user.admin` . Custom scopes created in Resource Servers are also supported.", "AnalyticsConfiguration": "The user pool analytics configuration for collecting metrics and sending them to your Amazon Pinpoint campaign.\n\n> In AWS Regions where Amazon Pinpoint isn't available, user pools only support sending events to Amazon Pinpoint projects in AWS Region us-east-1. In Regions where Amazon Pinpoint is available, user pools support sending events to Amazon Pinpoint projects within that same Region.", - "CallbackURLs": "A list of allowed redirect (callback) URLs for the identity providers.\n\nA redirect URI must:\n\n- Be an absolute URI.\n- Be registered with the authorization server.\n- Not include a fragment component.\n\nSee [OAuth 2.0 - Redirection Endpoint](https://docs.aws.amazon.com/https://tools.ietf.org/html/rfc6749#section-3.1.2) .\n\nAmazon Cognito requires HTTPS over HTTP except for http://localhost for testing purposes only.\n\nApp callback URLs such as myapp://example are also supported.", + "CallbackURLs": "A list of allowed redirect (callback) URLs for the IdPs.\n\nA redirect URI must:\n\n- Be an absolute URI.\n- Be registered with the authorization server.\n- Not include a fragment component.\n\nSee [OAuth 2.0 - Redirection Endpoint](https://docs.aws.amazon.com/https://tools.ietf.org/html/rfc6749#section-3.1.2) .\n\nAmazon Cognito requires HTTPS over HTTP except for http://localhost for testing purposes only.\n\nApp callback URLs such as myapp://example are also supported.", "ClientName": "The client name for the user pool client you would like to create.", "DefaultRedirectURI": "The default redirect URI. Must be in the `CallbackURLs` list.\n\nA redirect URI must:\n\n- Be an absolute URI.\n- Be registered with the authorization server.\n- Not include a fragment component.\n\nSee [OAuth 2.0 - Redirection Endpoint](https://docs.aws.amazon.com/https://tools.ietf.org/html/rfc6749#section-3.1.2) .\n\nAmazon Cognito requires HTTPS over HTTP except for http://localhost for testing purposes only.\n\nApp callback URLs such as myapp://example are also supported.", "EnableTokenRevocation": "Activates or deactivates token revocation. For more information about revoking tokens, see [RevokeToken](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_RevokeToken.html) .\n\nIf you don't include this parameter, token revocation is automatically activated for the new user pool client.", - "ExplicitAuthFlows": "The authentication flows that are supported by the user pool clients. Flow names without the `ALLOW_` prefix are no longer supported, in favor of new names with the `ALLOW_` prefix.\n\n> Values with `ALLOW_` prefix must be used only along with the `ALLOW_` prefix. \n\nValid values include:\n\n- `ALLOW_ADMIN_USER_PASSWORD_AUTH` : Enable admin based user password authentication flow `ADMIN_USER_PASSWORD_AUTH` . This setting replaces the `ADMIN_NO_SRP_AUTH` setting. With this authentication flow, Amazon Cognito receives the password in the request instead of using the Secure Remote Password (SRP) protocol to verify passwords.\n- `ALLOW_CUSTOM_AUTH` : Enable AWS Lambda trigger based authentication.\n- `ALLOW_USER_PASSWORD_AUTH` : Enable user password-based authentication. In this flow, Amazon Cognito receives the password in the request instead of using the SRP protocol to verify passwords.\n- `ALLOW_USER_SRP_AUTH` : Enable SRP-based authentication.\n- `ALLOW_REFRESH_TOKEN_AUTH` : Enable authflow to refresh tokens.", + "ExplicitAuthFlows": "The authentication flows that are supported by the user pool clients. Flow names without the `ALLOW_` prefix are no longer supported, in favor of new names with the `ALLOW_` prefix.\n\n> Values with `ALLOW_` prefix must be used only along with the `ALLOW_` prefix. \n\nValid values include:\n\n- `ALLOW_ADMIN_USER_PASSWORD_AUTH` : Enable admin based user password authentication flow `ADMIN_USER_PASSWORD_AUTH` . This setting replaces the `ADMIN_NO_SRP_AUTH` setting. With this authentication flow, Amazon Cognito receives the password in the request instead of using the Secure Remote Password (SRP) protocol to verify passwords.\n- `ALLOW_CUSTOM_AUTH` : Enable AWS Lambda trigger based authentication.\n- `ALLOW_USER_PASSWORD_AUTH` : Enable user password-based authentication. In this flow, Amazon Cognito receives the password in the request instead of using the SRP protocol to verify passwords.\n- `ALLOW_USER_SRP_AUTH` : Enable SRP-based authentication.\n- `ALLOW_REFRESH_TOKEN_AUTH` : Enable authflow to refresh tokens.\n\nIf you don't specify a value for `ExplicitAuthFlows` , your app client activates the `ALLOW_USER_SRP_AUTH` and `ALLOW_CUSTOM_AUTH` authentication flows.", "GenerateSecret": "Boolean to specify whether you want to generate a secret for the user pool client being created.", "IdTokenValidity": "The time limit after which the access token is no longer valid and can't be used. If you supply a TokenValidityUnits value, you override the default time unit of *hours* . The default time unit for AccessTokenValidity in an API request is hours.", - "LogoutURLs": "A list of allowed logout URLs for the identity providers.", + "LogoutURLs": "A list of allowed logout URLs for the IdPs.", "PreventUserExistenceErrors": "Use this setting to choose which errors and responses are returned by Cognito APIs during authentication, account confirmation, and password recovery when the user does not exist in the user pool. When set to `ENABLED` and the user does not exist, authentication returns an error indicating either the username or password was incorrect, and account confirmation and password recovery return a response indicating a code was sent to a simulated destination. When set to `LEGACY` , those APIs will return a `UserNotFoundException` exception if the user does not exist in the user pool.", "ReadAttributes": "The read attributes.", "RefreshTokenValidity": "The time limit after which the refresh token is no longer valid and can't be used. The default time unit for RefreshTokenValidity in an API request is days.", "SupportedIdentityProviders": "A list of provider names for the identity providers that are supported on this client. The following are supported: `COGNITO` , `Facebook` , `SignInWithApple` , `Google` and `LoginWithAmazon` .", "TokenValidityUnits": "The units in which the validity times are represented. The default unit for RefreshToken is days, and default for ID and access tokens are hours.", "UserPoolId": "The user pool ID for the user pool where you want to create a user pool client.", - "WriteAttributes": "The user pool attributes that the app client can write to.\n\nIf your app client allows users to sign in through an identity provider, this array must include all attributes that you have mapped to identity provider attributes. Amazon Cognito updates mapped attributes when users sign in to your application through an identity provider. If your app client does not have write access to a mapped attribute, Amazon Cognito throws an error when it tries to update the attribute. For more information, see [Specifying Identity Provider Attribute Mappings for Your user pool](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-specifying-attribute-mapping.html) ." + "WriteAttributes": "The user pool attributes that the app client can write to.\n\nIf your app client allows users to sign in through an IdP, this array must include all attributes that you have mapped to IdP attributes. Amazon Cognito updates mapped attributes when users sign in to your application through an IdP. If your app client does not have write access to a mapped attribute, Amazon Cognito throws an error when it tries to update the attribute. For more information, see [Specifying IdP Attribute Mappings for Your user pool](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-specifying-attribute-mapping.html) ." } }, "AWS::Cognito::UserPoolClient.AnalyticsConfiguration": { "attributes": {}, - "description": "The Amazon Pinpoint analytics configuration for collecting metrics for a user pool.\n\n> In Regions where Amazon Pinpointisn't available, user pools only support sending events to Amazon Pinpoint projects in us-east-1. In Regions where Amazon Pinpoint is available, user pools support sending events to Amazon Pinpoint projects within that same Region.", + "description": "The Amazon Pinpoint analytics configuration necessary to collect metrics for a user pool.\n\n> In Regions where Amazon Pinpointisn't available, user pools only support sending events to Amazon Pinpoint projects in us-east-1. In Regions where Amazon Pinpoint is available, user pools support sending events to Amazon Pinpoint projects within that same Region.", "properties": { "ApplicationArn": "The Amazon Resource Name (ARN) of an Amazon Pinpoint project. You can use the Amazon Pinpoint project for integration with the chosen user pool client. Amazon Cognito publishes events to the Amazon Pinpoint project that the app ARN declares.", "ApplicationId": "The application ID for an Amazon Pinpoint application.", "ExternalId": "The external ID.", "RoleArn": "The ARN of an AWS Identity and Access Management role that authorizes Amazon Cognito to publish events to Amazon Pinpoint analytics.", - "UserDataShared": "If `UserDataShared` is `true` , Amazon Cognito will include user data in the events it publishes to Amazon Pinpoint analytics." + "UserDataShared": "If `UserDataShared` is `true` , Amazon Cognito includes user data in the events that it publishes to Amazon Pinpoint analytics." } }, "AWS::Cognito::UserPoolClient.TokenValidityUnits": { @@ -8902,7 +8902,7 @@ "properties": { "Description": "A string containing the description of the group.", "GroupName": "The name of the group. Must be unique.", - "Precedence": "A non-negative integer value that specifies the precedence of this group relative to the other groups that a user can belong to in the user pool. Zero is the highest precedence value. Groups with lower `Precedence` values take precedence over groups with higher ornull `Precedence` values. If a user belongs to two or more groups, it is the group with the lowest precedence value whose role ARN is given in the user's tokens for the `cognito:roles` and `cognito:preferred_role` claims.\n\nTwo groups can have the same `Precedence` value. If this happens, neither group takes precedence over the other. If two groups with the same `Precedence` have the same role ARN, that role is used in the `cognito:preferred_role` claim in tokens for users in each group. If the two groups have different role ARNs, the `cognito:preferred_role` claim isn't set in users' tokens.\n\nThe default `Precedence` value is null.", + "Precedence": "A non-negative integer value that specifies the precedence of this group relative to the other groups that a user can belong to in the user pool. Zero is the highest precedence value. Groups with lower `Precedence` values take precedence over groups with higher or null `Precedence` values. If a user belongs to two or more groups, it is the group with the lowest precedence value whose role ARN is given in the user's tokens for the `cognito:roles` and `cognito:preferred_role` claims.\n\nTwo groups can have the same `Precedence` value. If this happens, neither group takes precedence over the other. If two groups with the same `Precedence` have the same role ARN, that role is used in the `cognito:preferred_role` claim in tokens for users in each group. If the two groups have different role ARNs, the `cognito:preferred_role` claim isn't set in users' tokens.\n\nThe default `Precedence` value is null. The maximum `Precedence` value is `2^31-1` .", "RoleArn": "The role Amazon Resource Name (ARN) for the group.", "UserPoolId": "The user pool ID for the user pool." } @@ -8913,11 +8913,11 @@ }, "description": "The `AWS::Cognito::UserPoolIdentityProvider` resource creates an identity provider for a user pool.", "properties": { - "AttributeMapping": "A mapping of identity provider attributes to standard and custom user pool attributes.", - "IdpIdentifiers": "A list of identity provider identifiers.", - "ProviderDetails": "The identity provider details. The following list describes the provider detail keys for each identity provider type.\n\n- For Google and Login with Amazon:\n\n- client_id\n- client_secret\n- authorize_scopes\n- For Facebook:\n\n- client_id\n- client_secret\n- authorize_scopes\n- api_version\n- For Sign in with Apple:\n\n- client_id\n- team_id\n- key_id\n- private_key\n- authorize_scopes\n- For OpenID Connect (OIDC) providers:\n\n- client_id\n- client_secret\n- attributes_request_method\n- oidc_issuer\n- authorize_scopes\n- authorize_url *if not available from discovery URL specified by oidc_issuer key*\n- token_url *if not available from discovery URL specified by oidc_issuer key*\n- attributes_url *if not available from discovery URL specified by oidc_issuer key*\n- jwks_uri *if not available from discovery URL specified by oidc_issuer key*\n- attributes_url_add_attributes *a read-only property that is set automatically*\n- For SAML providers:\n\n- MetadataFile OR MetadataURL\n- IDPSignout (optional)", - "ProviderName": "The identity provider name.", - "ProviderType": "The identity provider type.", + "AttributeMapping": "A mapping of IdP attributes to standard and custom user pool attributes.", + "IdpIdentifiers": "A list of IdP identifiers.", + "ProviderDetails": "The IdP details. The following list describes the provider detail keys for each IdP type.\n\n- For Google and Login with Amazon:\n\n- client_id\n- client_secret\n- authorize_scopes\n- For Facebook:\n\n- client_id\n- client_secret\n- authorize_scopes\n- api_version\n- For Sign in with Apple:\n\n- client_id\n- team_id\n- key_id\n- private_key\n- authorize_scopes\n- For OpenID Connect (OIDC) providers:\n\n- client_id\n- client_secret\n- attributes_request_method\n- oidc_issuer\n- authorize_scopes\n- The following keys are only present if Amazon Cognito didn't discover them at the `oidc_issuer` URL.\n\n- authorize_url\n- token_url\n- attributes_url\n- jwks_uri\n- Amazon Cognito sets the value of the following keys automatically. They are read-only.\n\n- attributes_url_add_attributes\n- For SAML providers:\n\n- MetadataFile or MetadataURL\n- IDPSignout *optional*", + "ProviderName": "The IdP name.", + "ProviderType": "The IdP type.", "UserPoolId": "The user pool ID." } }, @@ -8958,7 +8958,7 @@ "attributes": {}, "description": "Account takeover action type.", "properties": { - "EventAction": "The action to take in response to the account takeover action. Valid values are:\n\n- `BLOCK` Choosing this action will block the request.\n- `MFA_IF_CONFIGURED` Present an MFA challenge if user has configured it, else allow the request.\n- `MFA_REQUIRED` Present an MFA challenge if user has configured it, else block the request.\n- `NO_ACTION` Allow the user to sign in.", + "EventAction": "The action to take in response to the account takeover action. Valid values are as follows:\n\n- `BLOCK` Choosing this action will block the request.\n- `MFA_IF_CONFIGURED` Present an MFA challenge if user has configured it, else allow the request.\n- `MFA_REQUIRED` Present an MFA challenge if user has configured it, else block the request.\n- `NO_ACTION` Allow the user to sign in.", "Notify": "Flag specifying whether to send a notification." } }, @@ -11201,7 +11201,7 @@ "attributes": {}, "description": "Represents attributes that are copied (projected) from the table into an index. These are in addition to the primary key attributes and index key attributes, which are automatically projected.", "properties": { - "NonKeyAttributes": "Represents the non-key attribute names which will be projected into the index.\n\nFor local secondary indexes, the total count of `NonKeyAttributes` summed across all of the local secondary indexes, must not exceed 20. If you project the same attribute into two different indexes, this counts as two distinct attributes when determining the total.", + "NonKeyAttributes": "Represents the non-key attribute names which will be projected into the index.\n\nFor local secondary indexes, the total count of `NonKeyAttributes` summed across all of the local secondary indexes, must not exceed 100. If you project the same attribute into two different indexes, this counts as two distinct attributes when determining the total.", "ProjectionType": "The set of attributes that are projected into the index:\n\n- `KEYS_ONLY` - Only the index and primary keys are projected into the index.\n- `INCLUDE` - In addition to the attributes described in `KEYS_ONLY` , the secondary index will include other non-key attributes that you specify.\n- `ALL` - All of the table attributes are projected into the index." } }, @@ -11369,7 +11369,7 @@ "attributes": {}, "description": "Represents attributes that are copied (projected) from the table into an index. These are in addition to the primary key attributes and index key attributes, which are automatically projected.", "properties": { - "NonKeyAttributes": "Represents the non-key attribute names which will be projected into the index.\n\nFor local secondary indexes, the total count of `NonKeyAttributes` summed across all of the local secondary indexes, must not exceed 20. If you project the same attribute into two different indexes, this counts as two distinct attributes when determining the total.", + "NonKeyAttributes": "Represents the non-key attribute names which will be projected into the index.\n\nFor local secondary indexes, the total count of `NonKeyAttributes` summed across all of the local secondary indexes, must not exceed 100. If you project the same attribute into two different indexes, this counts as two distinct attributes when determining the total.", "ProjectionType": "The set of attributes that are projected into the index:\n\n- `KEYS_ONLY` - Only the index and primary keys are projected into the index.\n- `INCLUDE` - In addition to the attributes described in `KEYS_ONLY` , the secondary index will include other non-key attributes that you specify.\n- `ALL` - All of the table attributes are projected into the index." } }, @@ -13544,14 +13544,14 @@ }, "description": "Specifies a subnet for a VPC.\n\nWhen you create each subnet, you provide the VPC ID and IPv4 CIDR block for the subnet. After you create a subnet, you can't change its CIDR block. The size of the subnet's IPv4 CIDR block can be the same as a VPC's IPv4 CIDR block, or a subset of a VPC's IPv4 CIDR block. If you create more than one subnet in a VPC, the subnets' CIDR blocks must not overlap. The smallest IPv4 subnet (and VPC) you can create uses a /28 netmask (16 IPv4 addresses), and the largest uses a /16 netmask (65,536 IPv4 addresses).\n\nIf you've associated an IPv6 CIDR block with your VPC, you can create a subnet with an IPv6 CIDR block that uses a /64 prefix length.", "properties": { - "AssignIpv6AddressOnCreation": "Indicates whether a network interface created in this subnet receives an IPv6 address. The default value is `false` .\n\nIf you specify `AssignIpv6AddressOnCreation` , you must also specify `Ipv6CidrBlock` .\n\nIf you specify `AssignIpv6AddressOnCreation` , you cannot specify `MapPublicIpOnLaunch` .", + "AssignIpv6AddressOnCreation": "Indicates whether a network interface created in this subnet receives an IPv6 address. The default value is `false` .\n\nIf you specify `AssignIpv6AddressOnCreation` , you must also specify `Ipv6CidrBlock` .", "AvailabilityZone": "The Availability Zone of the subnet.\n\nIf you update this property, you must also update the `CidrBlock` property.", "AvailabilityZoneId": "The AZ ID of the subnet.", "CidrBlock": "The IPv4 CIDR block assigned to the subnet.\n\nIf you update this property, we create a new subnet, and then delete the existing one.", "EnableDns64": "Indicates whether DNS queries made to the Amazon-provided DNS Resolver in this subnet should return synthetic IPv6 addresses for IPv4-only destinations. For more information, see [DNS64 and NAT64](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html#nat-gateway-nat64-dns64) in the *Amazon Virtual Private Cloud User Guide* .", "Ipv6CidrBlock": "The IPv6 CIDR block.\n\nIf you specify `AssignIpv6AddressOnCreation` , you must also specify `Ipv6CidrBlock` .", "Ipv6Native": "Indicates whether this is an IPv6 only subnet. For more information, see [Subnet basics](https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Subnets.html#subnet-basics) in the *Amazon Virtual Private Cloud User Guide* .", - "MapPublicIpOnLaunch": "Indicates whether instances launched in this subnet receive a public IPv4 address. The default value is `false` .\n\nIf you specify `MapPublicIpOnLaunch` , you cannot specify `AssignIpv6AddressOnCreation` .", + "MapPublicIpOnLaunch": "Indicates whether instances launched in this subnet receive a public IPv4 address. The default value is `false` .", "OutpostArn": "The Amazon Resource Name (ARN) of the Outpost.", "PrivateDnsNameOptionsOnLaunch": "The hostname type for EC2 instances launched into this subnet and how DNS A and AAAA record queries to the instances should be handled. For more information, see [Amazon EC2 instance hostname types](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-naming.html) in the *Amazon Elastic Compute Cloud User Guide* .", "Tags": "Any tags assigned to the subnet.", @@ -33759,7 +33759,7 @@ "AllowMajorVersionUpgrade": "A value that indicates whether major version upgrades are allowed. Changing this parameter doesn't result in an outage and the change is asynchronously applied as soon as possible.\n\nConstraints: Major version upgrades must be allowed when specifying a value for the `EngineVersion` parameter that is a different major version than the DB instance's current version.", "AssociatedRoles": "The AWS Identity and Access Management (IAM) roles associated with the DB instance.\n\n*Amazon Aurora*\n\nNot applicable. The associated roles are managed by the DB cluster.", "AutoMinorVersionUpgrade": "A value that indicates whether minor engine upgrades are applied automatically to the DB instance during the maintenance window. By default, minor engine upgrades are applied automatically.", - "AvailabilityZone": "The Availability Zone (AZ) where the database will be created. For information on AWS Regions and Availability Zones, see [Regions and Availability Zones](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.RegionsAndAvailabilityZones.html) .\n\n*Amazon Aurora*\n\nEach Aurora DB cluster hosts copies of its storage in three separate Availability Zones. Specify one of these Availability Zones. Aurora automatically chooses an appropriate Availability Zone if you don't specify one.\n\nDefault: A random, system-chosen Availability Zone in the endpoint's AWS Region .\n\nExample: `us-east-1d`\n\nConstraint: The `AvailabilityZone` parameter can't be specified if the DB instance is a Multi-AZ deployment. The specified Availability Zone must be in the same AWS Region as the current endpoint.\n\n> If you're creating a DB instance in an RDS on VMware environment, specify the identifier of the custom Availability Zone to create the DB instance in.\n> \n> For more information about RDS on VMware, see the [RDS on VMware User Guide.](https://docs.aws.amazon.com/AmazonRDS/latest/RDSonVMwareUserGuide/rds-on-vmware.html)", + "AvailabilityZone": "The Availability Zone that the database instance will be created in.\n\nDefault: A random, system-chosen Availability Zone in the endpoint's region.\n\nExample: `us-east-1d`\n\nConstraint: The AvailabilityZone parameter cannot be specified if the MultiAZ parameter is set to `true` . The specified Availability Zone must be in the same region as the current endpoint.", "BackupRetentionPeriod": "The number of days for which automated backups are retained. Setting this parameter to a positive number enables backups. Setting this parameter to 0 disables automated backups.\n\n*Amazon Aurora*\n\nNot applicable. The retention period for automated backups is managed by the DB cluster.\n\nDefault: 1\n\nConstraints:\n\n- Must be a value from 0 to 35\n- Can't be set to 0 if the DB instance is a source to read replicas", "CACertificateIdentifier": "The identifier of the CA certificate for this DB instance.\n\n> Specifying or updating this property triggers a reboot. \n\nFor more information about CA certificate identifiers for RDS DB engines, see [Rotating Your SSL/TLS Certificate](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL-certificate-rotation.html) in the *Amazon RDS User Guide* .\n\nFor more information about CA certificate identifiers for Aurora DB engines, see [Rotating Your SSL/TLS Certificate](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/UsingWithRDS.SSL-certificate-rotation.html) in the *Amazon Aurora User Guide* .", "CharacterSetName": "For supported engines, indicates that the DB instance should be associated with the specified character set.\n\n*Amazon Aurora*\n\nNot applicable. The character set is managed by the DB cluster. For more information, see [AWS::RDS::DBCluster](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rds-dbcluster.html) .", @@ -33831,7 +33831,7 @@ }, "description": "The `AWS::RDS::DBParameterGroup` resource creates a custom parameter group for an RDS database family.\n\nThis type can be declared in a template and referenced in the `DBParameterGroupName` property of an `[AWS::RDS::DBInstance](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-database-instance.html)` resource.\n\nFor information about configuring parameters for Amazon RDS DB instances, see [Working with DB parameter groups](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_WorkingWithParamGroups.html) in the *Amazon RDS User Guide* .\n\nFor information about configuring parameters for Amazon Aurora DB instances, see [Working with DB parameter groups and DB cluster parameter groups](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_WorkingWithParamGroups.html) in the *Amazon Aurora User Guide* .\n\n> Applying a parameter group to a DB instance may require the DB instance to reboot, resulting in a database outage for the duration of the reboot.", "properties": { - "Description": "Provides the customer-specified description for this DB Parameter Group.", + "Description": "Provides the customer-specified description for this DB parameter group.", "Family": "The DB parameter group family name. A DB parameter group can be associated with one and only one DB parameter group family, and can be applied only to a DB instance running a DB engine and engine version compatible with that DB parameter group family.\n\n> The DB parameter group family can't be changed when updating a DB parameter group. \n\nTo list all of the available parameter group families, use the following command:\n\n`aws rds describe-db-engine-versions --query \"DBEngineVersions[].DBParameterGroupFamily\"`\n\nThe output contains duplicates.\n\nFor more information, see `[CreateDBParameterGroup](https://docs.aws.amazon.com//AmazonRDS/latest/APIReference/API_CreateDBParameterGroup.html)` .", "Parameters": "An array of parameter names and values for the parameter update. At least one parameter name and value must be supplied. Subsequent arguments are optional.\n\nFor more information about DB parameters and DB parameter groups for Amazon RDS DB engines, see [Working with DB Parameter Groups](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_WorkingWithParamGroups.html) in the *Amazon RDS User Guide* .\n\nFor more information about DB cluster and DB instance parameters and parameter groups for Amazon Aurora DB engines, see [Working with DB Parameter Groups and DB Cluster Parameter Groups](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_WorkingWithParamGroups.html) in the *Amazon Aurora User Guide* .\n\n> AWS CloudFormation doesn't support specifying an apply method for each individual parameter. The default apply method for each parameter is used.", "Tags": "Tags to assign to the DB parameter group." @@ -33935,7 +33935,7 @@ "properties": { "DBSecurityGroupIngress": "Ingress rules to be applied to the DB security group.", "EC2VpcId": "The identifier of an Amazon VPC. This property indicates the VPC that this DB security group belongs to.\n\n> The `EC2VpcId` property is for backward compatibility with older regions, and is no longer recommended for providing security information to an RDS DB instance.", - "GroupDescription": "Provides the description of the DB Security Group.", + "GroupDescription": "Provides the description of the DB security group.", "Tags": "Tags to assign to the DB security group." } }, @@ -33944,9 +33944,9 @@ "description": "The `Ingress` property type specifies an individual ingress rule within an `AWS::RDS::DBSecurityGroup` resource.", "properties": { "CIDRIP": "The IP range to authorize.", - "EC2SecurityGroupId": "Id of the EC2 security group to authorize. For VPC DB security groups, `EC2SecurityGroupId` must be provided. Otherwise, `EC2SecurityGroupOwnerId` and either `EC2SecurityGroupName` or `EC2SecurityGroupId` must be provided.", - "EC2SecurityGroupName": "Name of the EC2 security group to authorize. For VPC DB security groups, `EC2SecurityGroupId` must be provided. Otherwise, `EC2SecurityGroupOwnerId` and either `EC2SecurityGroupName` or `EC2SecurityGroupId` must be provided.", - "EC2SecurityGroupOwnerId": "AWS account number of the owner of the EC2 security group specified in the `EC2SecurityGroupName` parameter. The AWS access key ID isn't an acceptable value. For VPC DB security groups, `EC2SecurityGroupId` must be provided. Otherwise, `EC2SecurityGroupOwnerId` and either `EC2SecurityGroupName` or `EC2SecurityGroupId` must be provided." + "EC2SecurityGroupId": "Id of the EC2 Security Group to authorize. For VPC DB Security Groups, `EC2SecurityGroupId` must be provided. Otherwise, EC2SecurityGroupOwnerId and either `EC2SecurityGroupName` or `EC2SecurityGroupId` must be provided.", + "EC2SecurityGroupName": "Name of the EC2 Security Group to authorize. For VPC DB Security Groups, `EC2SecurityGroupId` must be provided. Otherwise, EC2SecurityGroupOwnerId and either `EC2SecurityGroupName` or `EC2SecurityGroupId` must be provided.", + "EC2SecurityGroupOwnerId": "AWS Account Number of the owner of the EC2 Security Group specified in the EC2SecurityGroupName parameter. The AWS Access Key ID is not an acceptable value. For VPC DB Security Groups, `EC2SecurityGroupId` must be provided. Otherwise, EC2SecurityGroupOwnerId and either `EC2SecurityGroupName` or `EC2SecurityGroupId` must be provided." } }, "AWS::RDS::DBSecurityGroupIngress": { @@ -33956,10 +33956,10 @@ "description": "The `AWS::RDS::DBSecurityGroupIngress` resource enables ingress to a DB security group using one of two forms of authorization. First, you can add EC2 or VPC security groups to the DB security group if the application using the database is running on EC2 or VPC instances. Second, IP ranges are available if the application accessing your database is running on the Internet.\n\nThis type supports updates. For more information about updating stacks, see [AWS CloudFormation Stacks Updates](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks.html) .\n\nFor details about the settings for DB security group ingress, see [AuthorizeDBSecurityGroupIngress](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_AuthorizeDBSecurityGroupIngress.html) .", "properties": { "CIDRIP": "The IP range to authorize.", - "DBSecurityGroupName": "The name of the DB security group to add authorization to.", - "EC2SecurityGroupId": "Id of the EC2 security group to authorize. For VPC DB security groups, `EC2SecurityGroupId` must be provided. Otherwise, `EC2SecurityGroupOwnerId` and either `EC2SecurityGroupName` or `EC2SecurityGroupId` must be provided.", - "EC2SecurityGroupName": "Name of the EC2 security group to authorize. For VPC DB security groups, `EC2SecurityGroupId` must be provided. Otherwise, `EC2SecurityGroupOwnerId` and either `EC2SecurityGroupName` or `EC2SecurityGroupId` must be provided.", - "EC2SecurityGroupOwnerId": "AWS account number of the owner of the EC2 security group specified in the `EC2SecurityGroupName` parameter. The AWS access key ID isn't an acceptable value. For VPC DB security groups, `EC2SecurityGroupId` must be provided. Otherwise, `EC2SecurityGroupOwnerId` and either `EC2SecurityGroupName` or `EC2SecurityGroupId` must be provided." + "DBSecurityGroupName": "The name of the DB Security Group to add authorization to.", + "EC2SecurityGroupId": "Id of the EC2 Security Group to authorize. For VPC DB Security Groups, `EC2SecurityGroupId` must be provided. Otherwise, EC2SecurityGroupOwnerId and either `EC2SecurityGroupName` or `EC2SecurityGroupId` must be provided.", + "EC2SecurityGroupName": "Name of the EC2 Security Group to authorize. For VPC DB Security Groups, `EC2SecurityGroupId` must be provided. Otherwise, EC2SecurityGroupOwnerId and either `EC2SecurityGroupName` or `EC2SecurityGroupId` must be provided.", + "EC2SecurityGroupOwnerId": "AWS Account Number of the owner of the EC2 Security Group specified in the EC2SecurityGroupName parameter. The AWS Access Key ID is not an acceptable value. For VPC DB Security Groups, `EC2SecurityGroupId` must be provided. Otherwise, EC2SecurityGroupOwnerId and either `EC2SecurityGroupName` or `EC2SecurityGroupId` must be provided." } }, "AWS::RDS::DBSubnetGroup": { @@ -33968,9 +33968,9 @@ }, "description": "The `AWS::RDS::DBSubnetGroup` resource creates a database subnet group. Subnet groups must contain at least two subnets in two different Availability Zones in the same region.\n\nFor more information, see [Working with DB subnet groups](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.WorkingWithRDSInstanceinaVPC.html#USER_VPC.Subnets) in the *Amazon RDS User Guide* .", "properties": { - "DBSubnetGroupDescription": "The description for the DB subnet group.", + "DBSubnetGroupDescription": "The description for the DB Subnet Group.", "DBSubnetGroupName": "The name for the DB subnet group. This value is stored as a lowercase string.\n\nConstraints: Must contain no more than 255 lowercase alphanumeric characters or hyphens. Must not be \"Default\".\n\nExample: `mysubnetgroup`", - "SubnetIds": "The EC2 Subnet IDs for the DB subnet group.", + "SubnetIds": "The EC2 Subnet IDs for the DB Subnet Group.", "Tags": "Tags to assign to the DB subnet group." } }, @@ -33980,8 +33980,8 @@ }, "description": "The `AWS::RDS::EventSubscription` resource allows you to receive notifications for Amazon Relational Database Service events through the Amazon Simple Notification Service (Amazon SNS). For more information, see [Using Amazon RDS Event Notification](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Events.html) in the *Amazon RDS User Guide* .", "properties": { - "Enabled": "A value that indicates whether to activate the subscription. If the event notification subscription isn't activated, the subscription is created but not active.", - "EventCategories": "A list of event categories for a particular source type ( `SourceType` ) that you want to subscribe to. You can see a list of the categories for a given source type in the \"Amazon RDS event categories and event messages\" section of the [*Amazon RDS User Guide*](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Events.Messages.html) or the [*Amazon Aurora User Guide*](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_Events.Messages.html) . You can also see this list by using the `DescribeEventCategories` operation.", + "Enabled": "A Boolean value; set to *true* to activate the subscription, set to *false* to create the subscription but not active it.", + "EventCategories": "A list of event categories for a SourceType that you want to subscribe to. You can see a list of the categories for a given SourceType in the [Events](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Events.html) topic in the Amazon RDS User Guide or by using the *DescribeEventCategories* action.", "SnsTopicArn": "The Amazon Resource Name (ARN) of the SNS topic created for event notification. The ARN is created by Amazon SNS when you create a topic and subscribe to it.", "SourceIds": "The list of identifiers of the event sources for which events are returned. If not specified, then all sources are included in the response. An identifier must begin with a letter and must contain only ASCII letters, digits, and hyphens. It can't end with a hyphen or contain two consecutive hyphens.\n\nConstraints:\n\n- If a `SourceIds` value is supplied, `SourceType` must also be provided.\n- If the source type is a DB instance, a `DBInstanceIdentifier` value must be supplied.\n- If the source type is a DB cluster, a `DBClusterIdentifier` value must be supplied.\n- If the source type is a DB parameter group, a `DBParameterGroupName` value must be supplied.\n- If the source type is a DB security group, a `DBSecurityGroupName` value must be supplied.\n- If the source type is a DB snapshot, a `DBSnapshotIdentifier` value must be supplied.\n- If the source type is a DB cluster snapshot, a `DBClusterSnapshotIdentifier` value must be supplied.", "SourceType": "The type of source that is generating the events. For example, if you want to be notified of events generated by a DB instance, set this parameter to `db-instance` . If this value isn't specified, all events are returned.\n\nValid values: `db-instance` | `db-cluster` | `db-parameter-group` | `db-security-group` | `db-snapshot` | `db-cluster-snapshot`" From 91f9aff5910c2cdb234d5b6c7a701aed823b8073 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 27 Apr 2022 12:08:48 +0000 Subject: [PATCH 5/5] chore(deps): Bump awscli from 1.22.101 to 1.23.1 in /packages/@aws-cdk/lambda-layer-awscli (#20095) Bumps [awscli](https://github.com/aws/aws-cli) from 1.22.101 to 1.23.1.
Changelog

Sourced from awscli's changelog.

1.23.1

  • api-change:lightsail: [botocore] This release adds support for Lightsail load balancer HTTP to HTTPS redirect and TLS policy configuration.
  • api-change:sagemaker: [botocore] SageMaker Inference Recommender now accepts customer KMS key ID for encryption of endpoints and compilation outputs created during inference recommendation.
  • api-change:pricing: [botocore] Documentation updates for Price List API
  • api-change:glue: [botocore] This release adds documentation for the APIs to create, read, delete, list, and batch read of AWS Glue custom patterns, and for Lake Formation configuration settings in the AWS Glue crawler.
  • api-change:cloudfront: [botocore] CloudFront now supports the Server-Timing header in HTTP responses sent from CloudFront. You can use this header to view metrics that help you gain insights about the behavior and performance of CloudFront. To use this header, enable it in a response headers policy.
  • api-change:ivschat: [botocore] Adds new APIs for IVS Chat, a feature for building interactive chat experiences alongside an IVS broadcast.
  • api-change:network-firewall: [botocore] AWS Network Firewall now enables customers to use a customer managed AWS KMS key for the encryption of their firewall resources.

1.23.0

  • api-change:gamelift: [botocore] Documentation updates for Amazon GameLift.
  • api-change:mq: [botocore] This release adds the CRITICAL_ACTION_REQUIRED broker state and the ActionRequired API property. CRITICAL_ACTION_REQUIRED informs you when your broker is degraded. ActionRequired provides you with a code which you can use to find instructions in the Developer Guide on how to resolve the issue.
  • feature:IMDS: [botocore] Added resiliency mechanisms to IMDS Credential Fetcher
  • api-change:securityhub: [botocore] Security Hub now lets you opt-out of auto-enabling the defaults standards (CIS and FSBP) in accounts that are auto-enabled with Security Hub via Security Hub's integration with AWS Organizations.
  • api-change:connect: [botocore] This release adds SearchUsers API which can be used to search for users with a Connect Instance
  • api-change:rds-data: [botocore] Support to receive SQL query results in the form of a simplified JSON string. This enables developers using the new JSON string format to more easily convert it to an object using popular JSON string parsing libraries.
Commits
  • d3572db Merge branch 'release-1.23.1'
  • 01f3eea Bumping version to 1.23.1
  • b280e77 Add changelog entries from botocore
  • edad847 Merge branch 'release-1.23.0'
  • 9c7abbf Merge branch 'release-1.23.0' into develop
  • b705ad0 Bumping version to 1.23.0
  • 5b6ca13 Add changelog entries from botocore
  • e604854 Merge pull request #6170 from akshayhiremath/patch-1
  • 301b235 Merge pull request #6893 from stealthycoin/colorama
  • 08fdf52 Merge branch 'release-1.22.101' into develop
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=awscli&package-manager=pip&previous-version=1.22.101&new-version=1.23.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
--- packages/@aws-cdk/lambda-layer-awscli/layer/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/@aws-cdk/lambda-layer-awscli/layer/requirements.txt b/packages/@aws-cdk/lambda-layer-awscli/layer/requirements.txt index 54eaddff5b24c..7f5f9d2defa2c 100644 --- a/packages/@aws-cdk/lambda-layer-awscli/layer/requirements.txt +++ b/packages/@aws-cdk/lambda-layer-awscli/layer/requirements.txt @@ -1 +1 @@ -awscli==1.22.101 +awscli==1.23.1