chore(release): 1.72.0 #11326
Merged
chore(release): 1.72.0 #11326
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Attribute all bundled third party dependencies in the corresponding packages' NOTICE files along with their license. Internal ref: tiny/57ei9h5p Added a 'pkglint' rule that ensures that these are present. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…ployment (#11068) The auto deployment feature is implemented by recording changes to the RestApi and replacing the AWS::ApiGateway::Deployment resource on any changes. The GatewayResponse construct was not registered, and hence no deployments occurred on changes to this. fixes #10963 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Running an image by only providing the hash fails on docker engine v20.10.0-beta1 with invalid repository name. ``` docker run --rm b92402b29db56f1bbace74c369bedef5ee296a76fd8545426255247da70ce21a docker: Error response from daemon: invalid repository name (b92402b29db56f1bbace74c369bedef5ee296a76fd8545426255247da70ce21a), cannot specify 64-byte hexadecimal strings. ``` Using `docker run --rm sha256:b92402b29db56f1bbace74c369bedef5ee296a76fd8545426255247da70ce21a` instead works as expected. I haven't been able to pinpoint the exact change yet as this seems not to be mentioned in https://github.com/docker/docker-ce/blob/0fc7084265b3786a5867ec311d3f916af7bf7a23/CHANGELOG.md Created an issue with docker to clarify whether this is a regression or a planned change docker/cli#2815 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
---- This is a draft PR to resolve #9533 Takes an approach for creating protocol specific Gateway Routes as described in #10793 This is a draft as I am seeking feedback on the implementation and approach for creating per protocol variants of App Mesh Resources. Before merging: - [x] Approach for per protocol variants defined - [x] Update Gateway Listeners to follow the same pattern - [x] Add more integ tests *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
This reverts commit 65be3a0. Original PR: #10531 Co-authored-by: Ayush Goyal <goyalayu@amazon.com> relates #10119 This commit was previously reverted due to a bug in jsii - aws/jsii#1947 and aws/jsii#1830. This has been fixed in jsii version 1.14.0. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
) The ability to import and reference a Secret purely by the secret name was introduced in #10309. One of the original requests was modelled after the integration with CodeBuild, where either the secret name or the full ARN -- including the SecretsManager-provided suffix -- were accepted, but not a "partial" ARN without the suffix. To ease integrations with other services in this case, the `secretArn` was defined as returning the `secretName` for these secrets imported by name. However, other services -- like ECS -- require that an ARN format is provided, even as a partial ARN. This introduces a dual behavior where sometimes the secretName works and partial ARN fails, and other times the partial ARN works and the secretName fails. This change deprecates `fromSecretName` and introduces a new, better-behaved `fromSecretNameV2` that sets the ARN to a "partial" ARN without the Secrets Manager suffix. It also introduces a `secretFullArn` that is an optional version of `secretArn` that will be undefined for secrets imported by name. Related changes * I improved the suffix-strippiung logic of `parseSecretName` to only strip a suffix if it's exactly 6 characters long, as all SecretsManager suffixes are 6 characters. This prevents accidentally stripping the last word off of a hyphenated secret name like 'github-token'. * Updated the CodeBuild integration and added CodeBuild tests. fixes #10519 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
pkglint will now complain if there are attributions to dependencies that are not bundled (anymore). ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…a different stack (#11217) The Lambda Permission resource causes a cyclic dependency when the rule is in a seprate stack from the lambda target for the rule. (a picture is worth a thousand words) ``` +-------------------+ +---------------+ |Lamda Stack | |Event Stack | | | | | | +----------+ | | +------+ | | | | | | | | | | | Function |<-----------------+ Rule | | | | | | | | | | | +----------+ | | +------+ | | ^ | | ^ | | | | | | | | +-----+------+ | | | | | | | | | | | | | Permission +--------------------+ | | | | | | | | +------------+ | | | | | | | +-------------------+ +---------------+ ``` The fix is to move the Permission resource into the event stack instead. fixes #10942 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
fixes #10651 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
---- Add @aws-cdk-containers to the white list for cdk ecs extensions. *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Bumps [@octokit/rest](https://github.com/octokit/rest.js) from 18.0.6 to 18.0.7. - [Release notes](https://github.com/octokit/rest.js/releases) - [Commits](octokit/rest.js@v18.0.6...v18.0.7) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
…435 (#11212) Bumps [parcel](https://github.com/parcel-bundler/parcel) from 2.0.0-nightly.432 to 2.0.0-nightly.435. - [Release notes](https://github.com/parcel-bundler/parcel/releases) - [Changelog](https://github.com/parcel-bundler/parcel/blob/v2/CHANGELOG.md) - [Commits](https://github.com/parcel-bundler/parcel/commits) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
Bumps [aws-sdk](https://github.com/aws/aws-sdk-js) from 2.781.0 to 2.783.0. - [Release notes](https://github.com/aws/aws-sdk-js/releases) - [Changelog](https://github.com/aws/aws-sdk-js/blob/master/CHANGELOG.md) - [Commits](aws/aws-sdk-js@v2.781.0...v2.783.0) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
…438 (#11231) Bumps [parcel](https://github.com/parcel-bundler/parcel) from 2.0.0-nightly.435 to 2.0.0-nightly.438. - [Release notes](https://github.com/parcel-bundler/parcel/releases) - [Changelog](https://github.com/parcel-bundler/parcel/blob/v2/CHANGELOG.md) - [Commits](https://github.com/parcel-bundler/parcel/commits) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
Bumps [@octokit/rest](https://github.com/octokit/rest.js) from 18.0.7 to 18.0.8. - [Release notes](https://github.com/octokit/rest.js/releases) - [Commits](octokit/rest.js@v18.0.7...v18.0.8) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
Bumps [jest](https://github.com/facebook/jest) from 26.6.1 to 26.6.2. - [Release notes](https://github.com/facebook/jest/releases) - [Changelog](https://github.com/facebook/jest/blob/master/CHANGELOG.md) - [Commits](jestjs/jest@v26.6.1...v26.6.2) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
Bumps [@types/lodash](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/lodash) from 4.14.163 to 4.14.164. - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/lodash) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
…thin Stage or App' error (#11113) A recent change surfaces an issue where Stage objects from different code copies don't recognize each other as a Stage. This paht aligns the way how a Stage determines if something is a Stage to the same mechanism that App and Stack use. Thanks to @Shogan and @jogold for narrowing the issue down fixes #10314 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
~~Very, ***very*** preliminary attempt at adding RDS data source to AppSync.~~ ~~Still need to fix tests and lint.~~ This PR adds support for RDS as a datasource for AppSync. There are several examples included in the README, integration tests, and documentation. Fixes #9152 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
this module's tests are written in jest ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…ration patterns (#11188) The changes made by #11045 seem to support `WAIT_FOR_TASK_TOKEN (.waitForTaskToken)` but according to the documentation, only `Request Response` and `Run a job (.sync)` are supported: https://docs.aws.amazon.com/step-functions/latest/dg/connect-athena.html closes #11246 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Fix missing parenthesis in SQS code example ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…ryExecution (#11203) The changes made by #11045 grant S3 scoped permissions if the optional parameter output location is passed. The output location is not parsed correctly to be attached as a resource. When the output location is correctly parsed, state machines with a valid definition and a valid S3 bucket still fail due to an `Unable to verify/create output bucket` error. The exact same state machine and S3 bucket pass with wildcard permissions as such the resource for Start Query Execution must be changed to `*`. BREAKING CHANGE: type of `outputLocation` in the experimental Athena `StartQueryExecution` has been changed to `s3.Location` from `string` ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Lambda is missing from InterfaceVpcEndpointAwsService, this adds it. closes: #11259 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
#11258) Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 4.6.0 to 4.6.1. - [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases) - [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/master/packages/eslint-plugin/CHANGELOG.md) - [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v4.6.1/packages/eslint-plugin) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
Bumps [@octokit/rest](https://github.com/octokit/rest.js) from 18.0.8 to 18.0.9. - [Release notes](https://github.com/octokit/rest.js/releases) - [Commits](octokit/rest.js@v18.0.8...v18.0.9) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
…s in CloudFormation specification (#11280) The Resource specification import v18.3.0 included unintended specification changes which modified the type of the health check config property and removed the previously modeled HealthCheckConfig type. This patch adds the fix mentioned in to restore the resource specification for Route 53 health checks: #11096 (comment) closes #11096 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
The CLI skips performing a CloudFormation deployment when it determines that the deployment will be a no-op (the CLI does this itself instead of deferring to CloudFormation because CloudFormation cannot accurately determine whether a changeset is going to be a no-op if Nested Stacks are involved, and we are looking to improve performance here). One of the aspects the CLI considers (after checking whether the templates are the same) is whether any Parameter values have changed. When `--no-previous-parameters` was passed, the code incorrectly completely ignored the existing Parameter values, which effectively led to it assuming that the "current values" on the stack were the same as the "default values" of the parameters. That meant that if a stack that was previously deployed with specific Parameter values, but then wanted to revert them to the defaults, this analysis would conclude that since the parameter values were equal to the defaults, there was "no change". In hindsight, this is obviously incorrect. The previous values should have been ignored for the purposes of determining the final paramater values and the CloudFormation API call parameters, but *not* for determining whether there is a change in parameter values between the current state of the stack and the new state of the stack. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
CodePipelines has a hard limit of 50 actions per stage. Currently, all asset publishing actions are assigned to a single stage, limiting pipelines to 50 total assets. This change dynamically creates new stages as necessary to allow expansion beyond 50 assets. This should allow for hundreds (or thousands) of assets before hitting the 50 stages per pipeline hard limit. fixes #9353 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
As we prepare for 2.0, we need to release the CDK concurrently in multiple version lines (1.x and 2.0.0-alpha.x). In order to avoid merge conflicts of `lerna.json` and `CHANGELOG.md` between the v1 and v2 branches, we extracted the version number from `lerna.json` to `version.vNNN.json` and changelog to `CHANGELOG.vNNN.json` (1.0 is still CHANGELOG.md because it is tracked externally). A new file called `release.json` has been introduced and includes *static* information about which version line this branch serves. This allows us to avoid merge conflicts caused by version bumps between release branches. This change also cleans up some of the scripts related to versioning and bumps. The main bump script is now implemented in `scripts/bump.js` and interacts with `standard-version` as a library instead of through the CLI. To that end, the `.versionrc.json` file was also removed. See CONTRIBUTING for more details about how this works. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Ran npm-check-updates and yarn upgrade to keep the `yarn.lock` file up-to-date.
Bumps [aws-sdk](https://github.com/aws/aws-sdk-js) from 2.783.0 to 2.785.0. - [Release notes](https://github.com/aws/aws-sdk-js/releases) - [Changelog](https://github.com/aws/aws-sdk-js/blob/master/CHANGELOG.md) - [Commits](aws/aws-sdk-js@v2.783.0...v2.785.0) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
the bump spec currently errors with `lerna: command not found` switching it to use `yarn` instead as the install script runs ahead of the usage site of the lerna command. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
For owned Secrets, `secretName` was set to the physical name, which was set to the provided `secretName` if given, or a Token otherwise. However, the Token was never resolved, as the `secretName` isn't actually a return vaue / attribute. The fix explicitly sets the `secretName` either to the inputted name or the parsed name from the ARN. Note that this means the secret name will be the partial/"friendly" name (e.g., 'MySecret') if the secret name was passed in, and the full name (e.g., 'MySecret-123abc') otherwise. fixes #10914 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
In #11191, we split up the running of the cfnspec update and the adding files to git/commit step into sub-shells However, variable assignments do not remain in effect after the subshell completes. Currently, the `version` variable is not accessible when we try to commit to Git. Removed the execution of these steps in sub-shells as the separation is not likely to provide a ton of benefit. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
This PR adds a `grantDataApi` method to `IServerlessCluster` to grant access to the Data API. The "minimum required permissions" to access the Data API are listed [here](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/data-api.html#data-api.access). This PR further restricts the IAM policy statement to the specific cluster (in favor of wildcarding). Read access to the cluster secret must be granted separately via the secrets `grantRead` method. TBH, the `secretmanager` actions included in the two IAM policy statements in the [official documentation](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/data-api.html#data-api.access). are rather confusing to me: * I don't know why the resource name of the resource listed in "SecretsManagerDbCredentialsAccess" statement has a `rds-db-credentials` prefix. That prefix is not present in * I don't know what the `secretmanager` actions in the "RDSDataServiceAccess" statement are for closes #10744 BREAKING CHANGE: Serverless cluster `enableHttpEndpoint` renamed to `enableDataApi` ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
As we prepare for 2.0, we need to release the CDK concurrently in multiple version lines (1.x and 2.0.0-alpha.x). In order to avoid merge conflicts of `lerna.json` and `CHANGELOG.md` between the v1 and v2 branches, we extracted the version number from `lerna.json` to `version.vNNN.json` and changelog to `CHANGELOG.vNNN.json` (1.0 is still CHANGELOG.md because it is tracked externally). A new file called `release.json` has been introduced and includes *static* information about which version line this branch serves. This allows us to avoid merge conflicts caused by version bumps between release branches. This change also cleans up some of the scripts related to versioning and bumps. The main bump script is now implemented in `scripts/bump.js` and interacts with `standard-version` as a library instead of through the CLI. To that end, the `.versionrc.json` file was also removed. See CONTRIBUTING for more details about how this works. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…11301) Bumps [conventional-changelog-cli](https://github.com/conventional-changelog/conventional-changelog) from 2.1.0 to 2.1.1. - [Release notes](https://github.com/conventional-changelog/conventional-changelog/releases) - [Commits](https://github.com/conventional-changelog/conventional-changelog/compare/conventional-changelog-cli@2.1.0...conventional-changelog-cli@2.1.1) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
This [PR](#11307) migrated our CLI usage of `standard-version` to be used in code as a library. But the library is not installed anywhere. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…hecks (#11303) The patch added in #11280 was not being applied as our patching requires the `PropertyTypes` and `ResourceTypes` keys rather than use them directly through the `path` property. Since they were previously relying entirely on the path, the patch was not actually applied. Verified the final specification after all patches have been applied. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Allow versions with pre-release tags in stable branches to allow BUMP_CANDIDATE to work. Otherwise, after the bump, any call to `resolve-version` will fail because there is a mismatch between the actual version and `release.json`. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…11297) Update APP_MESH_ENVOY_SIDECAR_VERSION to v1.15.1.0-prod ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
This PR corrects 3 misconfigured metrics we had on the `Table` construct. ### UserErrors Per the [documentation](https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/metrics-dimensions.html) The `table.metricUserErrors()` does not emit the `TableName` dimension. It is actually an account (and region) wide metric. The fix was to remove the `TableName` dimensionality from the metric creation. ### SystemErrors Per the [documentation](https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/metrics-dimensions.html) The `table.metricSystemErrors()` is always emitted with the `Operation` dimension, and our current implementation does not pass it. The fix adds an additional `operations` property to the method, that allows passing an array of operations, the returned metric will be a *SUM* over those operations. If no operation is passed, we sum all available operations. Since the current method returns a `Metric`, returning a math expression won't work since it is an `IMetric` that doesn't extend `Metric`. To avoid breaking changes, we introduce a new method, `metricSystemErrorsForOperations`: ```ts const totalSystemErrors = table.metricSystemErrorsForOperations(); const getPutSystemErrors = table.metricSystemErrorsForOperations({ operations: [dynamo.Operation.PUT_ITEM, dynamo.Operation.GET_ITEM] }); ``` ### SuccessfulRequestLatency Per the [documentation](https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/metrics-dimensions.html) The `table.metricSuccessfulRequestLatency()` is always emitted with the `Operation` dimension, and our current implementation does not pass it. The fix requires user to pass the `Operation` dimension. So the API is: ```ts const getLatency = table.metricSuccessfulRequestLatency({ dimensions: { Operation: 'GetItem' }, }); ``` Fixes #11261 Fixes #11269 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
#10812) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
aws-cdk-automation
added
the
pr/no-squash
|
|
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
shivlaks
approved these changes
Nov 6, 2020
|
Thank you for contributing! Your pull request will be updated from master and then merged automatically without squashing (do not update manually, and be sure to allow changes to be pushed to your fork). |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
See CHANGELOG