Merge branch 'master' into clarify-docs

aws · May 12, 2021 · 6cd5573 · 6cd5573
2 parents f25f623 + 85e00fa
commit 6cd5573
Show file tree

Hide file tree

Showing 29 changed files with 260 additions and 42 deletions.
diff --git a/packages/@aws-cdk/aws-apigatewayv2-integrations/test/http/integ.alb.expected.json b/packages/@aws-cdk/aws-apigatewayv2-integrations/test/http/integ.alb.expected.json
@@ -633,6 +633,7 @@
           "Ref": "HttpProxyPrivateApiA55E154D"
         },
         "RouteKey": "$default",
+        "AuthorizationType": "NONE",
         "Target": {
           "Fn::Join": [
             "",

diff --git a/packages/@aws-cdk/aws-apigatewayv2-integrations/test/http/integ.http-proxy.expected.json b/packages/@aws-cdk/aws-apigatewayv2-integrations/test/http/integ.http-proxy.expected.json
@@ -117,6 +117,7 @@
           "Ref": "LambdaProxyApi67594471"
         },
         "RouteKey": "$default",
+        "AuthorizationType": "NONE",
         "Target": {
           "Fn::Join": [
             "",
@@ -185,6 +186,7 @@
           "Ref": "HttpProxyApiD0217C67"
         },
         "RouteKey": "$default",
+        "AuthorizationType": "NONE",
         "Target": {
           "Fn::Join": [
             "",

diff --git a/packages/@aws-cdk/aws-apigatewayv2-integrations/test/http/integ.lambda-proxy.expected.json b/packages/@aws-cdk/aws-apigatewayv2-integrations/test/http/integ.lambda-proxy.expected.json
@@ -117,6 +117,7 @@
           "Ref": "LambdaProxyApi67594471"
         },
         "RouteKey": "$default",
+        "AuthorizationType": "NONE",
         "Target": {
           "Fn::Join": [
             "",

diff --git a/packages/@aws-cdk/aws-apigatewayv2-integrations/test/http/integ.nlb.expected.json b/packages/@aws-cdk/aws-apigatewayv2-integrations/test/http/integ.nlb.expected.json
@@ -598,6 +598,7 @@
           "Ref": "HttpProxyPrivateApiA55E154D"
         },
         "RouteKey": "$default",
+        "AuthorizationType": "NONE",
         "Target": {
           "Fn::Join": [
             "",

diff --git a/...es/@aws-cdk/aws-apigatewayv2-integrations/test/http/integ.service-discovery.expected.json b/...es/@aws-cdk/aws-apigatewayv2-integrations/test/http/integ.service-discovery.expected.json
@@ -602,6 +602,7 @@
           "Ref": "HttpProxyPrivateApiA55E154D"
         },
         "RouteKey": "$default",
+        "AuthorizationType": "NONE",
         "Target": {
           "Fn::Join": [
             "",

diff --git a/packages/@aws-cdk/aws-apigatewayv2/lib/http/route.ts b/packages/@aws-cdk/aws-apigatewayv2/lib/http/route.ts
@@ -156,8 +156,6 @@ export class HttpRoute extends Resource implements IHttpRoute {
       ]));
     }
 
-    const authorizationType = authBindResult?.authorizationType === HttpAuthorizerType.NONE ? undefined : authBindResult?.authorizationType;
-
     if (authorizationScopes?.length === 0) {
       authorizationScopes = undefined;
     }
@@ -167,7 +165,7 @@ export class HttpRoute extends Resource implements IHttpRoute {
       routeKey: props.routeKey.key,
       target: `integrations/${integration.integrationId}`,
       authorizerId: authBindResult?.authorizerId,
-      authorizationType,
+      authorizationType: authBindResult?.authorizationType ?? HttpAuthorizerType.NONE, // must be explicitly NONE (not undefined) for stack updates to work correctly
       authorizationScopes,
     };
 

diff --git a/packages/@aws-cdk/aws-apigatewayv2/test/http/api.test.ts b/packages/@aws-cdk/aws-apigatewayv2/test/http/api.test.ts
@@ -429,6 +429,7 @@ describe('HttpApi', () => {
 
       expect(stack).toHaveResource('AWS::ApiGatewayV2::Route', {
         RouteKey: 'GET /chickens',
+        AuthorizationType: 'NONE',
         AuthorizerId: ABSENT,
       });
     });

diff --git a/packages/@aws-cdk/aws-apigatewayv2/test/http/route.test.ts b/packages/@aws-cdk/aws-apigatewayv2/test/http/route.test.ts
@@ -30,6 +30,7 @@ describe('HttpRoute', () => {
           ],
         ],
       },
+      AuthorizationType: 'NONE',
     });
 
     expect(stack).toHaveResource('AWS::ApiGatewayV2::Integration', {

diff --git a/packages/@aws-cdk/aws-cloudwatch/lib/graph.ts b/packages/@aws-cdk/aws-cloudwatch/lib/graph.ts
@@ -213,6 +213,16 @@ export interface GraphWidgetProps extends MetricWidgetProps {
    * @default TimeSeries
    */
   readonly view?: GraphWidgetView;
+
+  /**
+   * Whether to show the value from the entire time range. Only applicable for Bar and Pie charts.
+   *
+   * If false, values will be from the most recent period of your chosen time range;
+   * if true, shows the value from the entire time range.
+   *
+   * @default false
+   */
+  readonly setPeriodToTimeRange?: boolean;
 }
 
 /**
@@ -276,6 +286,7 @@ export class GraphWidget extends ConcreteWidget {
         },
         legend: this.props.legendPosition !== undefined ? { position: this.props.legendPosition } : undefined,
         liveData: this.props.liveData,
+        setPeriodToTimeRange: this.props.setPeriodToTimeRange,
       },
     }];
   }
@@ -447,4 +458,4 @@ function mapAnnotation(yAxis: string): ((x: HorizontalAnnotation) => any) {
   return (a: HorizontalAnnotation) => {
     return { ...a, yAxis };
   };
-}
+}
diff --git a/packages/@aws-cdk/aws-cloudwatch/test/integ.math-alarm-and-dashboard.expected.json b/packages/@aws-cdk/aws-cloudwatch/test/integ.math-alarm-and-dashboard.expected.json
@@ -116,7 +116,25 @@
                   "QueueName"
                 ]
               },
-              "\",{\"label\":\"NotVisible Messages\",\"period\":30,\"yAxis\":\"right\"}]],\"annotations\":{\"horizontal\":[{\"label\":\"Total Messages >= 100 for 3 datapoints within 3 minutes\",\"value\":100,\"yAxis\":\"left\"}]},\"yAxis\":{}}},{\"type\":\"metric\",\"width\":6,\"height\":3,\"x\":0,\"y\":12,\"properties\":{\"view\":\"singleValue\",\"title\":\"Current total messages in queue\",\"region\":\"",
+              "\",{\"label\":\"NotVisible Messages\",\"period\":30,\"yAxis\":\"right\"}]],\"annotations\":{\"horizontal\":[{\"label\":\"Total Messages >= 100 for 3 datapoints within 3 minutes\",\"value\":100,\"yAxis\":\"left\"}]},\"yAxis\":{}}},{\"type\":\"metric\",\"width\":6,\"height\":6,\"x\":0,\"y\":12,\"properties\":{\"view\":\"pie\",\"title\":\"Percentage of messages in each queue as pie chart\",\"region\":\"",
+              {
+                "Ref": "AWS::Region"
+              },
+              "\",\"metrics\":[[\"AWS/SQS\",\"ApproximateNumberOfMessagesVisible\",\"QueueName\",\"",
+              {
+                "Fn::GetAtt": [
+                  "queue",
+                  "QueueName"
+                ]
+              },
+              "\",{\"label\":\"Visible Messages\",\"period\":10}],[\"AWS/SQS\",\"ApproximateNumberOfMessagesNotVisible\",\"QueueName\",\"",
+              {
+                "Fn::GetAtt": [
+                  "queue",
+                  "QueueName"
+                ]
+              },
+              "\",{\"label\":\"NotVisible Messages\",\"period\":30}]],\"yAxis\":{},\"setPeriodToTimeRange\":true}},{\"type\":\"metric\",\"width\":6,\"height\":3,\"x\":0,\"y\":18,\"properties\":{\"view\":\"singleValue\",\"title\":\"Current total messages in queue\",\"region\":\"",
               {
                 "Ref": "AWS::Region"
               },

diff --git a/packages/@aws-cdk/aws-cloudwatch/test/integ.math-alarm-and-dashboard.ts b/packages/@aws-cdk/aws-cloudwatch/test/integ.math-alarm-and-dashboard.ts
@@ -59,6 +59,13 @@ dashboard.addWidgets(new cloudwatch.GraphWidget({
   leftAnnotations: [alarm.toAnnotation()],
 }));
 
+dashboard.addWidgets(new cloudwatch.GraphWidget({
+  title: 'Percentage of messages in each queue as pie chart',
+  left: [metricA, metricB],
+  view: cloudwatch.GraphWidgetView.PIE,
+  setPeriodToTimeRange: true,
+}));
+
 dashboard.addWidgets(new cloudwatch.SingleValueWidget({
   title: 'Current total messages in queue',
   metrics: [sumExpression],

diff --git a/packages/@aws-cdk/aws-cloudwatch/test/test.graphs.ts b/packages/@aws-cdk/aws-cloudwatch/test/test.graphs.ts
@@ -660,4 +660,32 @@ export = {
 
     test.done();
   },
-};
+
+  'add setPeriodToTimeRange to GraphWidget'(test: Test) {
+    // GIVEN
+    const stack = new Stack();
+    const widget = new GraphWidget({
+      left: [new Metric({ namespace: 'CDK', metricName: 'Test' })],
+      view: GraphWidgetView.PIE,
+      setPeriodToTimeRange: true,
+    });
+
+    // THEN
+    test.deepEqual(stack.resolve(widget.toJson()), [{
+      type: 'metric',
+      width: 6,
+      height: 6,
+      properties: {
+        view: 'pie',
+        region: { Ref: 'AWS::Region' },
+        metrics: [
+          ['CDK', 'Test'],
+        ],
+        yAxis: {},
+        setPeriodToTimeRange: true,
+      },
+    }]);
+
+    test.done();
+  },
+};
diff --git a/packages/@aws-cdk/aws-codepipeline-actions/package.json b/packages/@aws-cdk/aws-codepipeline-actions/package.json
@@ -69,7 +69,7 @@
     "@types/jest": "^26.0.23",
     "@aws-cdk/aws-cloudtrail": "0.0.0",
     "@aws-cdk/cx-api": "0.0.0",
-    "@types/lodash": "^4.14.168",
+    "@types/lodash": "^4.14.169",
     "cdk-build-tools": "0.0.0",
     "cdk-integ-tools": "0.0.0",
     "lodash": "^4.17.21",

diff --git a/packages/@aws-cdk/aws-finspace/package.json b/packages/@aws-cdk/aws-finspace/package.json
@@ -75,7 +75,7 @@
   },
   "license": "Apache-2.0",
   "devDependencies": {
-    "@types/jest": "^26.0.22",
+    "@types/jest": "^26.0.23",
     "@aws-cdk/assert-internal": "0.0.0",
     "cdk-build-tools": "0.0.0",
     "cfn2ts": "0.0.0",

diff --git a/packages/@aws-cdk/aws-frauddetector/package.json b/packages/@aws-cdk/aws-frauddetector/package.json
@@ -75,7 +75,7 @@
   },
   "license": "Apache-2.0",
   "devDependencies": {
-    "@types/jest": "^26.0.22",
+    "@types/jest": "^26.0.23",
     "@aws-cdk/assert-internal": "0.0.0",
     "cdk-build-tools": "0.0.0",
     "cfn2ts": "0.0.0",

diff --git a/packages/@aws-cdk/aws-lambda-event-sources/lib/stream.ts b/packages/@aws-cdk/aws-lambda-event-sources/lib/stream.ts
@@ -41,7 +41,7 @@ export interface StreamEventSourceProps {
    * * Minimum value of 60 seconds
    * * Maximum value of 7 days
    *
-   * @default Duration.days(7)
+   * @default - the retention period configured on the stream
    */
   readonly maxRecordAge?: Duration;
 
@@ -51,7 +51,7 @@ export interface StreamEventSourceProps {
    * * Minimum value of 0
    * * Maximum value of 10000
    *
-   * @default 10000
+   * @default - retry until the record expires
    */
   readonly retryAttempts?: number;
 

diff --git a/packages/@aws-cdk/aws-lambda/package.json b/packages/@aws-cdk/aws-lambda/package.json
@@ -77,7 +77,7 @@
   "devDependencies": {
     "@types/jest": "^26.0.23",
     "@types/aws-lambda": "^8.10.76",
-    "@types/lodash": "^4.14.168",
+    "@types/lodash": "^4.14.169",
     "cdk-build-tools": "0.0.0",
     "cdk-integ-tools": "0.0.0",
     "cfn2ts": "0.0.0",

diff --git a/packages/@aws-cdk/aws-secretsmanager/README.md b/packages/@aws-cdk/aws-secretsmanager/README.md
@@ -87,6 +87,8 @@ secret.addRotationSchedule('RotationSchedule', {
 });
 ```
 
+Note: The required permissions for Lambda to call SecretsManager and the other way round are automatically granted based on [AWS Documentation](https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets-required-permissions.html) as long as the Lambda is not imported.
+
 See [Overview of the Lambda Rotation Function](https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets-lambda-function-overview.html) on how to implement a Lambda Rotation Function.
 
 ### Using a Hosted Lambda Function

diff --git a/packages/@aws-cdk/aws-secretsmanager/lib/rotation-schedule.ts b/packages/@aws-cdk/aws-secretsmanager/lib/rotation-schedule.ts
@@ -1,4 +1,5 @@
 import * as ec2 from '@aws-cdk/aws-ec2';
+import * as iam from '@aws-cdk/aws-iam';
 import * as lambda from '@aws-cdk/aws-lambda';
 import { Duration, Resource, Stack } from '@aws-cdk/core';
 import { Construct } from 'constructs';
@@ -70,6 +71,35 @@ export class RotationSchedule extends Resource {
       throw new Error('One of `rotationLambda` or `hostedRotation` must be specified.');
     }
 
+    if (props.rotationLambda?.permissionsNode.defaultChild) {
+      props.rotationLambda.grantInvoke(new iam.ServicePrincipal('secretsmanager.amazonaws.com'));
+
+      props.rotationLambda.addToRolePolicy(
+        new iam.PolicyStatement({
+          actions: [
+            'secretsmanager:DescribeSecret',
+            'secretsmanager:GetSecretValue',
+            'secretsmanager:PutSecretValue',
+            'secretsmanager:UpdateSecretVersionStage',
+          ],
+          resources: [props.secret.secretArn],
+          conditions: {
+            StringEquals: {
+              'secretsmanager:resource/AllowRotationLambdaArn': props.rotationLambda.functionArn,
+            },
+          },
+        }),
+      );
+      props.rotationLambda.addToRolePolicy(
+        new iam.PolicyStatement({
+          actions: [
+            'secretsmanager:GetRandomPassword',
+          ],
+          resources: ['*'],
+        }),
+      );
+    }
+
     new CfnRotationSchedule(this, 'Resource', {
       secretId: props.secret.secretArn,
       rotationLambdaArn: props.rotationLambda?.functionArn,

diff --git a/packages/@aws-cdk/aws-secretsmanager/test/rotation-schedule.test.ts b/packages/@aws-cdk/aws-secretsmanager/test/rotation-schedule.test.ts
@@ -41,6 +41,75 @@ test('create a rotation schedule with a rotation Lambda', () => {
   });
 });
 
+test('assign permissions for rotation schedule with a rotation Lambda', () => {
+  // GIVEN
+  const secret = new secretsmanager.Secret(stack, 'Secret');
+  const rotationLambda = new lambda.Function(stack, 'Lambda', {
+    runtime: lambda.Runtime.NODEJS_10_X,
+    code: lambda.Code.fromInline('export.handler = event => event;'),
+    handler: 'index.handler',
+  });
+
+  // WHEN
+  new secretsmanager.RotationSchedule(stack, 'RotationSchedule', {
+    secret,
+    rotationLambda,
+  });
+
+  // THEN
+  expect(stack).toHaveResource('AWS::Lambda::Permission', {
+    Action: 'lambda:InvokeFunction',
+    FunctionName: {
+      'Fn::GetAtt': [
+        'LambdaD247545B',
+        'Arn',
+      ],
+    },
+    Principal: 'secretsmanager.amazonaws.com',
+  });
+
+  expect(stack).toHaveResource('AWS::IAM::Policy', {
+    PolicyDocument: {
+      Statement: [
+        {
+          Action: [
+            'secretsmanager:DescribeSecret',
+            'secretsmanager:GetSecretValue',
+            'secretsmanager:PutSecretValue',
+            'secretsmanager:UpdateSecretVersionStage',
+          ],
+          Effect: 'Allow',
+          Resource: {
+            Ref: 'SecretA720EF05',
+          },
+          Condition: {
+            StringEquals: {
+              'secretsmanager:resource/AllowRotationLambdaArn': {
+                'Fn::GetAtt': [
+                  'LambdaD247545B',
+                  'Arn',
+                ],
+              },
+            },
+          },
+        },
+        {
+          Action: 'secretsmanager:GetRandomPassword',
+          Effect: 'Allow',
+          Resource: '*',
+        },
+      ],
+      Version: '2012-10-17',
+    },
+    PolicyName: 'LambdaServiceRoleDefaultPolicyDAE46E21',
+    Roles: [
+      {
+        Ref: 'LambdaServiceRoleA8ED4D3B',
+      },
+    ],
+  });
+});
+
 describe('hosted rotation', () => {
   test('single user not in a vpc', () => {
     // GIVEN

diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/test/apigateway/integ.call-http-api.expected.json b/packages/@aws-cdk/aws-stepfunctions-tasks/test/apigateway/integ.call-http-api.expected.json
@@ -77,6 +77,7 @@
           "Ref": "MyHttpApi8AEAAC21"
         },
         "RouteKey": "ANY /",
+        "AuthorizationType": "NONE",
         "Target": {
           "Fn::Join": [
             "",

diff --git a/packages/@aws-cdk/aws-xray/package.json b/packages/@aws-cdk/aws-xray/package.json
@@ -75,7 +75,7 @@
   },
   "license": "Apache-2.0",
   "devDependencies": {
-    "@types/jest": "^26.0.22",
+    "@types/jest": "^26.0.23",
     "@aws-cdk/assert-internal": "0.0.0",
     "cdk-build-tools": "0.0.0",
     "cfn2ts": "0.0.0",

diff --git a/packages/@aws-cdk/core/package.json b/packages/@aws-cdk/core/package.json
@@ -177,7 +177,7 @@
     "@types/aws-lambda": "^8.10.76",
     "@types/fs-extra": "^8.1.1",
     "@types/jest": "^26.0.23",
-    "@types/lodash": "^4.14.168",
+    "@types/lodash": "^4.14.169",
     "@types/minimatch": "^3.0.4",
     "@types/node": "^10.17.59",
     "@types/sinon": "^9.0.11",
-Original file line number
+Diff line change
@@ Expand Up / @@ -30,6 +30,7 @@ describe('HttpRoute', () => { @@
               ],
             ],
           },
+          AuthorizationType: 'NONE',
         });
         expect(stack).toHaveResource('AWS::ApiGatewayV2::Integration', {
@@ Expand Down @@