From 8a9f6bbcf2084a35c27b616fce9df58bac32596f Mon Sep 17 00:00:00 2001 From: Adam Ruka Date: Wed, 12 May 2021 02:16:26 -0700 Subject: [PATCH 1/6] chore: change `??` to `||` in check-yarn-lock.js (#14644) `??` is only supported since Node 14, but CDK should build with Node 10. Fixes #14634 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- scripts/check-yarn-lock.js | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/scripts/check-yarn-lock.js b/scripts/check-yarn-lock.js index 285128b3b18a6..d13e4e08cf64f 100755 --- a/scripts/check-yarn-lock.js +++ b/scripts/check-yarn-lock.js @@ -45,9 +45,9 @@ async function main() { } projects.forEach((p) => { - Object.entries(p.devDependencies ?? {}).forEach(([depName, depVersion]) => errorIfNotInYarnLock(p, depName, depVersion)); - Object.entries(p.peerDependencies ?? {}).forEach(([depName, depVersion]) => errorIfNotInYarnLock(p, depName, depVersion)); - Object.entries(p.dependencies ?? {}).forEach(([depName, depVersion]) => errorIfNotInYarnLock(p, depName, depVersion)); + Object.entries(p.devDependencies || {}).forEach(([depName, depVersion]) => errorIfNotInYarnLock(p, depName, depVersion)); + Object.entries(p.peerDependencies || {}).forEach(([depName, depVersion]) => errorIfNotInYarnLock(p, depName, depVersion)); + Object.entries(p.dependencies || {}).forEach(([depName, depVersion]) => errorIfNotInYarnLock(p, depName, depVersion)); }); } From 0ea24e95939412765c0e09133a7793557f779c76 Mon Sep 17 00:00:00 2001 From: Niranjan Jayakar Date: Wed, 12 May 2021 10:56:25 +0100 Subject: [PATCH 2/6] fix(lambda-event-sources): incorrect documented defaults for stream types (#14562) The defaults documented for `maxRecordAge` and `retryAttempts` properties for event sources that are 'stream' type were documented incorrectly. The implementation falls back to the defaults provided by CloudFormation. fixes #13908 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- packages/@aws-cdk/aws-lambda-event-sources/lib/stream.ts | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/@aws-cdk/aws-lambda-event-sources/lib/stream.ts b/packages/@aws-cdk/aws-lambda-event-sources/lib/stream.ts index c9de62653a93e..85b9728fafbc2 100644 --- a/packages/@aws-cdk/aws-lambda-event-sources/lib/stream.ts +++ b/packages/@aws-cdk/aws-lambda-event-sources/lib/stream.ts @@ -41,7 +41,7 @@ export interface StreamEventSourceProps { * * Minimum value of 60 seconds * * Maximum value of 7 days * - * @default Duration.days(7) + * @default - the retention period configured on the stream */ readonly maxRecordAge?: Duration; @@ -51,7 +51,7 @@ export interface StreamEventSourceProps { * * Minimum value of 0 * * Maximum value of 10000 * - * @default 10000 + * @default - retry until the record expires */ readonly retryAttempts?: number; From 3698a91ac81a31f763c55487f200458d5b5eaf0f Mon Sep 17 00:00:00 2001 From: Nathanael Law Date: Wed, 12 May 2021 04:32:44 -0600 Subject: [PATCH 3/6] fix(apigatewayv2): authorizer is not removed when HttpNoneAuthorizer is used (#14424) CloudFormation will not remove an existing Authorizer if AuthorizationType and AuthorizerId are simply removed. The AuthorizationType must be explicitly set to NONE for CloudFormation to remove the existing Authorizer. As such, I updated the HttpRoute constructor to include the AuthorizationType even if it is NONE; otherwise it is impossible to remove an authorizer in CDK. Some thought had obviously gone into this previously because of the following line: https://github.com/aws/aws-cdk/blob/2f5eeb08f8790c73db7305cc7f85116e2730267d/packages/%40aws-cdk/aws-apigatewayv2/lib/http/route.ts#L159 I did not manage to track down the reasoning for this in commit comments, so I would be interested to hear why this was done, since I may have overlooked a desired use case. I'm wondering if it was assumed that the default CloudFormation value for AuthorizationType is NONE, so to have a more compact template it was omitted. However, the behavior when AuthorizationType is not present, is to not change the existing Authorizer. Basically in the CloudFormation template, ```yaml APIGETintegrationgoogleapiregister1D8736BD: Type: AWS::ApiGatewayV2::Route Properties: ApiId: Ref: API62EA1CEE RouteKey: GET /integration/google-api/register Target: ... ``` does not have the same effect as ```yaml APIGETintegrationgoogleapiregister1D8736BD: Type: AWS::ApiGatewayV2::Route Properties: ApiId: Ref: API62EA1CEE RouteKey: GET /integration/google-api/register AuthorizationType: NONE Target: ... ``` Only the later will remove an existing Authorizer. If you think this is a bug in CloudFormation and not its intended behavior, please let me know. I am assuming that they would not change the behavior anyway since that could have unintended consequence for anyone who redeploys a template without the AuthorizationType set. BREAKING CHANGE: setting the authorizer of an API route to HttpNoneAuthorizer will now remove any existing authorizer on the route ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- .../test/http/integ.alb.expected.json | 1 + .../test/http/integ.http-proxy.expected.json | 2 ++ .../test/http/integ.lambda-proxy.expected.json | 1 + .../test/http/integ.nlb.expected.json | 1 + .../test/http/integ.service-discovery.expected.json | 1 + packages/@aws-cdk/aws-apigatewayv2/lib/http/route.ts | 4 +--- packages/@aws-cdk/aws-apigatewayv2/test/http/api.test.ts | 1 + packages/@aws-cdk/aws-apigatewayv2/test/http/route.test.ts | 1 + .../test/apigateway/integ.call-http-api.expected.json | 1 + 9 files changed, 10 insertions(+), 3 deletions(-) diff --git a/packages/@aws-cdk/aws-apigatewayv2-integrations/test/http/integ.alb.expected.json b/packages/@aws-cdk/aws-apigatewayv2-integrations/test/http/integ.alb.expected.json index ae65d49847d54..b9f5d96ff4656 100644 --- a/packages/@aws-cdk/aws-apigatewayv2-integrations/test/http/integ.alb.expected.json +++ b/packages/@aws-cdk/aws-apigatewayv2-integrations/test/http/integ.alb.expected.json @@ -633,6 +633,7 @@ "Ref": "HttpProxyPrivateApiA55E154D" }, "RouteKey": "$default", + "AuthorizationType": "NONE", "Target": { "Fn::Join": [ "", diff --git a/packages/@aws-cdk/aws-apigatewayv2-integrations/test/http/integ.http-proxy.expected.json b/packages/@aws-cdk/aws-apigatewayv2-integrations/test/http/integ.http-proxy.expected.json index 378e7b2395f03..0e53d0a223e42 100644 --- a/packages/@aws-cdk/aws-apigatewayv2-integrations/test/http/integ.http-proxy.expected.json +++ b/packages/@aws-cdk/aws-apigatewayv2-integrations/test/http/integ.http-proxy.expected.json @@ -117,6 +117,7 @@ "Ref": "LambdaProxyApi67594471" }, "RouteKey": "$default", + "AuthorizationType": "NONE", "Target": { "Fn::Join": [ "", @@ -185,6 +186,7 @@ "Ref": "HttpProxyApiD0217C67" }, "RouteKey": "$default", + "AuthorizationType": "NONE", "Target": { "Fn::Join": [ "", diff --git a/packages/@aws-cdk/aws-apigatewayv2-integrations/test/http/integ.lambda-proxy.expected.json b/packages/@aws-cdk/aws-apigatewayv2-integrations/test/http/integ.lambda-proxy.expected.json index 58e37b0f64e0a..7963d3534e099 100644 --- a/packages/@aws-cdk/aws-apigatewayv2-integrations/test/http/integ.lambda-proxy.expected.json +++ b/packages/@aws-cdk/aws-apigatewayv2-integrations/test/http/integ.lambda-proxy.expected.json @@ -117,6 +117,7 @@ "Ref": "LambdaProxyApi67594471" }, "RouteKey": "$default", + "AuthorizationType": "NONE", "Target": { "Fn::Join": [ "", diff --git a/packages/@aws-cdk/aws-apigatewayv2-integrations/test/http/integ.nlb.expected.json b/packages/@aws-cdk/aws-apigatewayv2-integrations/test/http/integ.nlb.expected.json index aed54a5a8395c..0a3241cdc8139 100644 --- a/packages/@aws-cdk/aws-apigatewayv2-integrations/test/http/integ.nlb.expected.json +++ b/packages/@aws-cdk/aws-apigatewayv2-integrations/test/http/integ.nlb.expected.json @@ -598,6 +598,7 @@ "Ref": "HttpProxyPrivateApiA55E154D" }, "RouteKey": "$default", + "AuthorizationType": "NONE", "Target": { "Fn::Join": [ "", diff --git a/packages/@aws-cdk/aws-apigatewayv2-integrations/test/http/integ.service-discovery.expected.json b/packages/@aws-cdk/aws-apigatewayv2-integrations/test/http/integ.service-discovery.expected.json index 1aaf644336b8c..00e587f8ac85f 100644 --- a/packages/@aws-cdk/aws-apigatewayv2-integrations/test/http/integ.service-discovery.expected.json +++ b/packages/@aws-cdk/aws-apigatewayv2-integrations/test/http/integ.service-discovery.expected.json @@ -602,6 +602,7 @@ "Ref": "HttpProxyPrivateApiA55E154D" }, "RouteKey": "$default", + "AuthorizationType": "NONE", "Target": { "Fn::Join": [ "", diff --git a/packages/@aws-cdk/aws-apigatewayv2/lib/http/route.ts b/packages/@aws-cdk/aws-apigatewayv2/lib/http/route.ts index 2252630930c27..5178281d08953 100644 --- a/packages/@aws-cdk/aws-apigatewayv2/lib/http/route.ts +++ b/packages/@aws-cdk/aws-apigatewayv2/lib/http/route.ts @@ -156,8 +156,6 @@ export class HttpRoute extends Resource implements IHttpRoute { ])); } - const authorizationType = authBindResult?.authorizationType === HttpAuthorizerType.NONE ? undefined : authBindResult?.authorizationType; - if (authorizationScopes?.length === 0) { authorizationScopes = undefined; } @@ -167,7 +165,7 @@ export class HttpRoute extends Resource implements IHttpRoute { routeKey: props.routeKey.key, target: `integrations/${integration.integrationId}`, authorizerId: authBindResult?.authorizerId, - authorizationType, + authorizationType: authBindResult?.authorizationType ?? HttpAuthorizerType.NONE, // must be explicitly NONE (not undefined) for stack updates to work correctly authorizationScopes, }; diff --git a/packages/@aws-cdk/aws-apigatewayv2/test/http/api.test.ts b/packages/@aws-cdk/aws-apigatewayv2/test/http/api.test.ts index 25b0a5bca3189..12d2c68aa0ecb 100644 --- a/packages/@aws-cdk/aws-apigatewayv2/test/http/api.test.ts +++ b/packages/@aws-cdk/aws-apigatewayv2/test/http/api.test.ts @@ -429,6 +429,7 @@ describe('HttpApi', () => { expect(stack).toHaveResource('AWS::ApiGatewayV2::Route', { RouteKey: 'GET /chickens', + AuthorizationType: 'NONE', AuthorizerId: ABSENT, }); }); diff --git a/packages/@aws-cdk/aws-apigatewayv2/test/http/route.test.ts b/packages/@aws-cdk/aws-apigatewayv2/test/http/route.test.ts index 044d278e086e4..8de7d2ae7f1d6 100644 --- a/packages/@aws-cdk/aws-apigatewayv2/test/http/route.test.ts +++ b/packages/@aws-cdk/aws-apigatewayv2/test/http/route.test.ts @@ -30,6 +30,7 @@ describe('HttpRoute', () => { ], ], }, + AuthorizationType: 'NONE', }); expect(stack).toHaveResource('AWS::ApiGatewayV2::Integration', { diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/test/apigateway/integ.call-http-api.expected.json b/packages/@aws-cdk/aws-stepfunctions-tasks/test/apigateway/integ.call-http-api.expected.json index 56d4889af3d55..c6a6abaa89273 100644 --- a/packages/@aws-cdk/aws-stepfunctions-tasks/test/apigateway/integ.call-http-api.expected.json +++ b/packages/@aws-cdk/aws-stepfunctions-tasks/test/apigateway/integ.call-http-api.expected.json @@ -77,6 +77,7 @@ "Ref": "MyHttpApi8AEAAC21" }, "RouteKey": "ANY /", + "AuthorizationType": "NONE", "Target": { "Fn::Join": [ "", From c8d3128a38edb01db3f8bfcf9fc5520562509e17 Mon Sep 17 00:00:00 2001 From: AWS CDK Automation <43080478+aws-cdk-automation@users.noreply.github.com> Date: Wed, 12 May 2021 16:19:40 +0200 Subject: [PATCH 4/6] chore: npm-check-updates && yarn upgrade (#14661) Ran npm-check-updates and yarn upgrade to keep the `yarn.lock` file up-to-date. --- .../aws-codepipeline-actions/package.json | 2 +- packages/@aws-cdk/aws-finspace/package.json | 2 +- .../@aws-cdk/aws-frauddetector/package.json | 2 +- packages/@aws-cdk/aws-lambda/package.json | 2 +- packages/@aws-cdk/aws-xray/package.json | 2 +- packages/@aws-cdk/core/package.json | 2 +- packages/awslint/package.json | 4 +- tools/cdk-build-tools/package.json | 4 +- tools/eslint-plugin-cdk/package.json | 2 +- tools/pkglint/package.json | 4 +- yarn.lock | 82 +++++++++++++++---- 11 files changed, 77 insertions(+), 31 deletions(-) diff --git a/packages/@aws-cdk/aws-codepipeline-actions/package.json b/packages/@aws-cdk/aws-codepipeline-actions/package.json index 48b7c111f56f6..281edb052d5a6 100644 --- a/packages/@aws-cdk/aws-codepipeline-actions/package.json +++ b/packages/@aws-cdk/aws-codepipeline-actions/package.json @@ -69,7 +69,7 @@ "@types/jest": "^26.0.23", "@aws-cdk/aws-cloudtrail": "0.0.0", "@aws-cdk/cx-api": "0.0.0", - "@types/lodash": "^4.14.168", + "@types/lodash": "^4.14.169", "cdk-build-tools": "0.0.0", "cdk-integ-tools": "0.0.0", "lodash": "^4.17.21", diff --git a/packages/@aws-cdk/aws-finspace/package.json b/packages/@aws-cdk/aws-finspace/package.json index 5cca013076363..4c3c6f007e64b 100644 --- a/packages/@aws-cdk/aws-finspace/package.json +++ b/packages/@aws-cdk/aws-finspace/package.json @@ -75,7 +75,7 @@ }, "license": "Apache-2.0", "devDependencies": { - "@types/jest": "^26.0.22", + "@types/jest": "^26.0.23", "@aws-cdk/assert-internal": "0.0.0", "cdk-build-tools": "0.0.0", "cfn2ts": "0.0.0", diff --git a/packages/@aws-cdk/aws-frauddetector/package.json b/packages/@aws-cdk/aws-frauddetector/package.json index 56c7e1128fd2c..58b9f0393e614 100644 --- a/packages/@aws-cdk/aws-frauddetector/package.json +++ b/packages/@aws-cdk/aws-frauddetector/package.json @@ -75,7 +75,7 @@ }, "license": "Apache-2.0", "devDependencies": { - "@types/jest": "^26.0.22", + "@types/jest": "^26.0.23", "@aws-cdk/assert-internal": "0.0.0", "cdk-build-tools": "0.0.0", "cfn2ts": "0.0.0", diff --git a/packages/@aws-cdk/aws-lambda/package.json b/packages/@aws-cdk/aws-lambda/package.json index 3fdc26ada0d5e..6279fa92e0518 100644 --- a/packages/@aws-cdk/aws-lambda/package.json +++ b/packages/@aws-cdk/aws-lambda/package.json @@ -77,7 +77,7 @@ "devDependencies": { "@types/jest": "^26.0.23", "@types/aws-lambda": "^8.10.76", - "@types/lodash": "^4.14.168", + "@types/lodash": "^4.14.169", "cdk-build-tools": "0.0.0", "cdk-integ-tools": "0.0.0", "cfn2ts": "0.0.0", diff --git a/packages/@aws-cdk/aws-xray/package.json b/packages/@aws-cdk/aws-xray/package.json index 7efedfd8af300..baaafffc7e70e 100644 --- a/packages/@aws-cdk/aws-xray/package.json +++ b/packages/@aws-cdk/aws-xray/package.json @@ -75,7 +75,7 @@ }, "license": "Apache-2.0", "devDependencies": { - "@types/jest": "^26.0.22", + "@types/jest": "^26.0.23", "@aws-cdk/assert-internal": "0.0.0", "cdk-build-tools": "0.0.0", "cfn2ts": "0.0.0", diff --git a/packages/@aws-cdk/core/package.json b/packages/@aws-cdk/core/package.json index af2e803a1f7f8..c926741368a48 100644 --- a/packages/@aws-cdk/core/package.json +++ b/packages/@aws-cdk/core/package.json @@ -177,7 +177,7 @@ "@types/aws-lambda": "^8.10.76", "@types/fs-extra": "^8.1.1", "@types/jest": "^26.0.23", - "@types/lodash": "^4.14.168", + "@types/lodash": "^4.14.169", "@types/minimatch": "^3.0.4", "@types/node": "^10.17.59", "@types/sinon": "^9.0.11", diff --git a/packages/awslint/package.json b/packages/awslint/package.json index dab312dc46ea0..6b91a94c8349d 100644 --- a/packages/awslint/package.json +++ b/packages/awslint/package.json @@ -29,8 +29,8 @@ "@types/yargs": "^15.0.13", "pkglint": "0.0.0", "typescript": "~3.9.9", - "@typescript-eslint/eslint-plugin": "^4.22.1", - "@typescript-eslint/parser": "^4.22.1", + "@typescript-eslint/eslint-plugin": "^4.23.0", + "@typescript-eslint/parser": "^4.23.0", "eslint": "^7.26.0", "eslint-import-resolver-node": "^0.3.4", "eslint-import-resolver-typescript": "^2.4.0", diff --git a/tools/cdk-build-tools/package.json b/tools/cdk-build-tools/package.json index 994b0248e9882..8e31468544319 100644 --- a/tools/cdk-build-tools/package.json +++ b/tools/cdk-build-tools/package.json @@ -40,8 +40,8 @@ "pkglint": "0.0.0" }, "dependencies": { - "@typescript-eslint/eslint-plugin": "^4.22.1", - "@typescript-eslint/parser": "^4.22.1", + "@typescript-eslint/eslint-plugin": "^4.23.0", + "@typescript-eslint/parser": "^4.23.0", "awslint": "0.0.0", "colors": "^1.4.0", "eslint": "^7.26.0", diff --git a/tools/eslint-plugin-cdk/package.json b/tools/eslint-plugin-cdk/package.json index 0d07037e93385..562f31110ad8d 100644 --- a/tools/eslint-plugin-cdk/package.json +++ b/tools/eslint-plugin-cdk/package.json @@ -21,7 +21,7 @@ "typescript": "~3.9.9" }, "dependencies": { - "@typescript-eslint/parser": "^4.22.1", + "@typescript-eslint/parser": "^4.23.0", "eslint": "^7.26.0", "fs-extra": "^9.1.0" }, diff --git a/tools/pkglint/package.json b/tools/pkglint/package.json index 21c682d12b91d..0fd91fcb0d2a0 100644 --- a/tools/pkglint/package.json +++ b/tools/pkglint/package.json @@ -40,8 +40,8 @@ "@types/jest": "^26.0.23", "@types/semver": "^7.3.5", "@types/yargs": "^15.0.13", - "@typescript-eslint/eslint-plugin": "^4.22.1", - "@typescript-eslint/parser": "^4.22.1", + "@typescript-eslint/eslint-plugin": "^4.23.0", + "@typescript-eslint/parser": "^4.23.0", "eslint": "^7.26.0", "eslint-import-resolver-node": "^0.3.4", "eslint-import-resolver-typescript": "^2.4.0", diff --git a/yarn.lock b/yarn.lock index cd9959d6a69fe..0be97e7c4e3ba 100644 --- a/yarn.lock +++ b/yarn.lock @@ -1529,10 +1529,10 @@ dependencies: jszip "*" -"@types/lodash@^4.14.168": - version "4.14.168" - resolved "https://registry.yarnpkg.com/@types/lodash/-/lodash-4.14.168.tgz#fe24632e79b7ade3f132891afff86caa5e5ce008" - integrity sha512-oVfRvqHV/V6D1yifJbVRU3TMp8OT6o6BG+U9MkwuJ3U8/CsDHvalRpsxBqivn71ztOFZBTfJMvETbqHiaNSj7Q== +"@types/lodash@^4.14.169": + version "4.14.169" + resolved "https://registry.yarnpkg.com/@types/lodash/-/lodash-4.14.169.tgz#83c217688f07a4d9ef8f28a3ebd1d318f6ff4cbb" + integrity sha512-DvmZHoHTFJ8zhVYwCLWbQ7uAbYQEk52Ev2/ZiQ7Y7gQGeV9pjBqjnQpECMHfKS1rCYAhMI7LHVxwyZLZinJgdw== "@types/md5@^2.3.0": version "2.3.0" @@ -1692,13 +1692,13 @@ resolved "https://registry.yarnpkg.com/@types/yarnpkg__lockfile/-/yarnpkg__lockfile-1.1.4.tgz#445251eb00bd9c1e751f82c7c6bf4f714edfd464" integrity sha512-/emrKCfQMQmFCqRqqBJ0JueHBT06jBRM3e8OgnvDUcvuExONujIk2hFA5dNsN9Nt41ljGVDdChvCydATZ+KOZw== -"@typescript-eslint/eslint-plugin@^4.22.1": - version "4.22.1" - resolved "https://registry.yarnpkg.com/@typescript-eslint/eslint-plugin/-/eslint-plugin-4.22.1.tgz#6bcdbaa4548553ab861b4e5f34936ead1349a543" - integrity sha512-kVTAghWDDhsvQ602tHBc6WmQkdaYbkcTwZu+7l24jtJiYvm9l+/y/b2BZANEezxPDiX5MK2ZecE+9BFi/YJryw== +"@typescript-eslint/eslint-plugin@^4.23.0": + version "4.23.0" + resolved "https://registry.yarnpkg.com/@typescript-eslint/eslint-plugin/-/eslint-plugin-4.23.0.tgz#29d3c9c81f6200b1fd6d8454cfb007ba176cde80" + integrity sha512-tGK1y3KIvdsQEEgq6xNn1DjiFJtl+wn8JJQiETtCbdQxw1vzjXyAaIkEmO2l6Nq24iy3uZBMFQjZ6ECf1QdgGw== dependencies: - "@typescript-eslint/experimental-utils" "4.22.1" - "@typescript-eslint/scope-manager" "4.22.1" + "@typescript-eslint/experimental-utils" "4.23.0" + "@typescript-eslint/scope-manager" "4.23.0" debug "^4.1.1" functional-red-black-tree "^1.0.1" lodash "^4.17.15" @@ -1706,7 +1706,19 @@ semver "^7.3.2" tsutils "^3.17.1" -"@typescript-eslint/experimental-utils@4.22.1", "@typescript-eslint/experimental-utils@^4.0.1": +"@typescript-eslint/experimental-utils@4.23.0": + version "4.23.0" + resolved "https://registry.yarnpkg.com/@typescript-eslint/experimental-utils/-/experimental-utils-4.23.0.tgz#f2059434cd6e5672bfeab2fb03b7c0a20622266f" + integrity sha512-WAFNiTDnQfrF3Z2fQ05nmCgPsO5o790vOhmWKXbbYQTO9erE1/YsFot5/LnOUizLzU2eeuz6+U/81KV5/hFTGA== + dependencies: + "@types/json-schema" "^7.0.3" + "@typescript-eslint/scope-manager" "4.23.0" + "@typescript-eslint/types" "4.23.0" + "@typescript-eslint/typescript-estree" "4.23.0" + eslint-scope "^5.0.0" + eslint-utils "^2.0.0" + +"@typescript-eslint/experimental-utils@^4.0.1": version "4.22.1" resolved "https://registry.yarnpkg.com/@typescript-eslint/experimental-utils/-/experimental-utils-4.22.1.tgz#3938a5c89b27dc9a39b5de63a62ab1623ab27497" integrity sha512-svYlHecSMCQGDO2qN1v477ax/IDQwWhc7PRBiwAdAMJE7GXk5stF4Z9R/8wbRkuX/5e9dHqbIWxjeOjckK3wLQ== @@ -1718,14 +1730,14 @@ eslint-scope "^5.0.0" eslint-utils "^2.0.0" -"@typescript-eslint/parser@^4.22.1": - version "4.22.1" - resolved "https://registry.yarnpkg.com/@typescript-eslint/parser/-/parser-4.22.1.tgz#a95bda0fd01d994a15fc3e99dc984294f25c19cc" - integrity sha512-l+sUJFInWhuMxA6rtirzjooh8cM/AATAe3amvIkqKFeMzkn85V+eLzb1RyuXkHak4dLfYzOmF6DXPyflJvjQnw== +"@typescript-eslint/parser@^4.23.0": + version "4.23.0" + resolved "https://registry.yarnpkg.com/@typescript-eslint/parser/-/parser-4.23.0.tgz#239315d38e42e852bef43a4b0b01bef78f78911c" + integrity sha512-wsvjksHBMOqySy/Pi2Q6UuIuHYbgAMwLczRl4YanEPKW5KVxI9ZzDYh3B5DtcZPQTGRWFJrfcbJ6L01Leybwug== dependencies: - "@typescript-eslint/scope-manager" "4.22.1" - "@typescript-eslint/types" "4.22.1" - "@typescript-eslint/typescript-estree" "4.22.1" + "@typescript-eslint/scope-manager" "4.23.0" + "@typescript-eslint/types" "4.23.0" + "@typescript-eslint/typescript-estree" "4.23.0" debug "^4.1.1" "@typescript-eslint/scope-manager@4.22.1": @@ -1736,11 +1748,24 @@ "@typescript-eslint/types" "4.22.1" "@typescript-eslint/visitor-keys" "4.22.1" +"@typescript-eslint/scope-manager@4.23.0": + version "4.23.0" + resolved "https://registry.yarnpkg.com/@typescript-eslint/scope-manager/-/scope-manager-4.23.0.tgz#8792ef7eacac122e2ec8fa2d30a59b8d9a1f1ce4" + integrity sha512-ZZ21PCFxPhI3n0wuqEJK9omkw51wi2bmeKJvlRZPH5YFkcawKOuRMQMnI8mH6Vo0/DoHSeZJnHiIx84LmVQY+w== + dependencies: + "@typescript-eslint/types" "4.23.0" + "@typescript-eslint/visitor-keys" "4.23.0" + "@typescript-eslint/types@4.22.1": version "4.22.1" resolved "https://registry.yarnpkg.com/@typescript-eslint/types/-/types-4.22.1.tgz#bf99c6cec0b4a23d53a61894816927f2adad856a" integrity sha512-2HTkbkdAeI3OOcWbqA8hWf/7z9c6gkmnWNGz0dKSLYLWywUlkOAQ2XcjhlKLj5xBFDf8FgAOF5aQbnLRvgNbCw== +"@typescript-eslint/types@4.23.0": + version "4.23.0" + resolved "https://registry.yarnpkg.com/@typescript-eslint/types/-/types-4.23.0.tgz#da1654c8a5332f4d1645b2d9a1c64193cae3aa3b" + integrity sha512-oqkNWyG2SLS7uTWLZf6Sr7Dm02gA5yxiz1RP87tvsmDsguVATdpVguHr4HoGOcFOpCvx9vtCSCyQUGfzq28YCw== + "@typescript-eslint/typescript-estree@4.22.1": version "4.22.1" resolved "https://registry.yarnpkg.com/@typescript-eslint/typescript-estree/-/typescript-estree-4.22.1.tgz#dca379eead8cdfd4edc04805e83af6d148c164f9" @@ -1754,6 +1779,19 @@ semver "^7.3.2" tsutils "^3.17.1" +"@typescript-eslint/typescript-estree@4.23.0": + version "4.23.0" + resolved "https://registry.yarnpkg.com/@typescript-eslint/typescript-estree/-/typescript-estree-4.23.0.tgz#0753b292097523852428a6f5a1aa8ccc1aae6cd9" + integrity sha512-5Sty6zPEVZF5fbvrZczfmLCOcby3sfrSPu30qKoY1U3mca5/jvU5cwsPb/CO6Q3ByRjixTMIVsDkqwIxCf/dMw== + dependencies: + "@typescript-eslint/types" "4.23.0" + "@typescript-eslint/visitor-keys" "4.23.0" + debug "^4.1.1" + globby "^11.0.1" + is-glob "^4.0.1" + semver "^7.3.2" + tsutils "^3.17.1" + "@typescript-eslint/visitor-keys@4.22.1": version "4.22.1" resolved "https://registry.yarnpkg.com/@typescript-eslint/visitor-keys/-/visitor-keys-4.22.1.tgz#6045ae25a11662c671f90b3a403d682dfca0b7a6" @@ -1762,6 +1800,14 @@ "@typescript-eslint/types" "4.22.1" eslint-visitor-keys "^2.0.0" +"@typescript-eslint/visitor-keys@4.23.0": + version "4.23.0" + resolved "https://registry.yarnpkg.com/@typescript-eslint/visitor-keys/-/visitor-keys-4.23.0.tgz#7215cc977bd3b4ef22467b9023594e32f9e4e455" + integrity sha512-5PNe5cmX9pSifit0H+nPoQBXdbNzi5tOEec+3riK+ku4e3er37pKxMKDH5Ct5Y4fhWxcD4spnlYjxi9vXbSpwg== + dependencies: + "@typescript-eslint/types" "4.23.0" + eslint-visitor-keys "^2.0.0" + "@yarnpkg/lockfile@^1.1.0": version "1.1.0" resolved "https://registry.yarnpkg.com/@yarnpkg/lockfile/-/lockfile-1.1.0.tgz#e77a97fbd345b76d83245edcd17d393b1b41fb31" From 010a6b1a14f14be5001779644df3d3a2e27d4e71 Mon Sep 17 00:00:00 2001 From: Nick Lynch Date: Wed, 12 May 2021 15:58:49 +0100 Subject: [PATCH 5/6] feat(cloudwatch): time range support for GraphWidget (#14659) The `setPeriodToTimeRange` property affects number (SingleValue), bar, and pie charts. If set, it displays all data points in the time range in the bar/pie chart, instead of only the most recent value. Support for this property for `SingleValueWidget` was introduced way back in #4649, but was never added to `GraphWidget`. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- packages/@aws-cdk/aws-cloudwatch/lib/graph.ts | 13 +++++++- ...teg.math-alarm-and-dashboard.expected.json | 20 ++++++++++++- .../test/integ.math-alarm-and-dashboard.ts | 7 +++++ .../aws-cloudwatch/test/test.graphs.ts | 30 ++++++++++++++++++- 4 files changed, 67 insertions(+), 3 deletions(-) diff --git a/packages/@aws-cdk/aws-cloudwatch/lib/graph.ts b/packages/@aws-cdk/aws-cloudwatch/lib/graph.ts index 98f8980db4f4b..bc6407a52f8e6 100644 --- a/packages/@aws-cdk/aws-cloudwatch/lib/graph.ts +++ b/packages/@aws-cdk/aws-cloudwatch/lib/graph.ts @@ -213,6 +213,16 @@ export interface GraphWidgetProps extends MetricWidgetProps { * @default TimeSeries */ readonly view?: GraphWidgetView; + + /** + * Whether to show the value from the entire time range. Only applicable for Bar and Pie charts. + * + * If false, values will be from the most recent period of your chosen time range; + * if true, shows the value from the entire time range. + * + * @default false + */ + readonly setPeriodToTimeRange?: boolean; } /** @@ -276,6 +286,7 @@ export class GraphWidget extends ConcreteWidget { }, legend: this.props.legendPosition !== undefined ? { position: this.props.legendPosition } : undefined, liveData: this.props.liveData, + setPeriodToTimeRange: this.props.setPeriodToTimeRange, }, }]; } @@ -447,4 +458,4 @@ function mapAnnotation(yAxis: string): ((x: HorizontalAnnotation) => any) { return (a: HorizontalAnnotation) => { return { ...a, yAxis }; }; -} \ No newline at end of file +} diff --git a/packages/@aws-cdk/aws-cloudwatch/test/integ.math-alarm-and-dashboard.expected.json b/packages/@aws-cdk/aws-cloudwatch/test/integ.math-alarm-and-dashboard.expected.json index 8e9b235bb2b65..9d6d0b5b1c4bc 100644 --- a/packages/@aws-cdk/aws-cloudwatch/test/integ.math-alarm-and-dashboard.expected.json +++ b/packages/@aws-cdk/aws-cloudwatch/test/integ.math-alarm-and-dashboard.expected.json @@ -116,7 +116,25 @@ "QueueName" ] }, - "\",{\"label\":\"NotVisible Messages\",\"period\":30,\"yAxis\":\"right\"}]],\"annotations\":{\"horizontal\":[{\"label\":\"Total Messages >= 100 for 3 datapoints within 3 minutes\",\"value\":100,\"yAxis\":\"left\"}]},\"yAxis\":{}}},{\"type\":\"metric\",\"width\":6,\"height\":3,\"x\":0,\"y\":12,\"properties\":{\"view\":\"singleValue\",\"title\":\"Current total messages in queue\",\"region\":\"", + "\",{\"label\":\"NotVisible Messages\",\"period\":30,\"yAxis\":\"right\"}]],\"annotations\":{\"horizontal\":[{\"label\":\"Total Messages >= 100 for 3 datapoints within 3 minutes\",\"value\":100,\"yAxis\":\"left\"}]},\"yAxis\":{}}},{\"type\":\"metric\",\"width\":6,\"height\":6,\"x\":0,\"y\":12,\"properties\":{\"view\":\"pie\",\"title\":\"Percentage of messages in each queue as pie chart\",\"region\":\"", + { + "Ref": "AWS::Region" + }, + "\",\"metrics\":[[\"AWS/SQS\",\"ApproximateNumberOfMessagesVisible\",\"QueueName\",\"", + { + "Fn::GetAtt": [ + "queue", + "QueueName" + ] + }, + "\",{\"label\":\"Visible Messages\",\"period\":10}],[\"AWS/SQS\",\"ApproximateNumberOfMessagesNotVisible\",\"QueueName\",\"", + { + "Fn::GetAtt": [ + "queue", + "QueueName" + ] + }, + "\",{\"label\":\"NotVisible Messages\",\"period\":30}]],\"yAxis\":{},\"setPeriodToTimeRange\":true}},{\"type\":\"metric\",\"width\":6,\"height\":3,\"x\":0,\"y\":18,\"properties\":{\"view\":\"singleValue\",\"title\":\"Current total messages in queue\",\"region\":\"", { "Ref": "AWS::Region" }, diff --git a/packages/@aws-cdk/aws-cloudwatch/test/integ.math-alarm-and-dashboard.ts b/packages/@aws-cdk/aws-cloudwatch/test/integ.math-alarm-and-dashboard.ts index 9de88e6bc729a..5a3285d873fe8 100644 --- a/packages/@aws-cdk/aws-cloudwatch/test/integ.math-alarm-and-dashboard.ts +++ b/packages/@aws-cdk/aws-cloudwatch/test/integ.math-alarm-and-dashboard.ts @@ -59,6 +59,13 @@ dashboard.addWidgets(new cloudwatch.GraphWidget({ leftAnnotations: [alarm.toAnnotation()], })); +dashboard.addWidgets(new cloudwatch.GraphWidget({ + title: 'Percentage of messages in each queue as pie chart', + left: [metricA, metricB], + view: cloudwatch.GraphWidgetView.PIE, + setPeriodToTimeRange: true, +})); + dashboard.addWidgets(new cloudwatch.SingleValueWidget({ title: 'Current total messages in queue', metrics: [sumExpression], diff --git a/packages/@aws-cdk/aws-cloudwatch/test/test.graphs.ts b/packages/@aws-cdk/aws-cloudwatch/test/test.graphs.ts index 7e306e2bf0691..e6420bbec1955 100644 --- a/packages/@aws-cdk/aws-cloudwatch/test/test.graphs.ts +++ b/packages/@aws-cdk/aws-cloudwatch/test/test.graphs.ts @@ -660,4 +660,32 @@ export = { test.done(); }, -}; \ No newline at end of file + + 'add setPeriodToTimeRange to GraphWidget'(test: Test) { + // GIVEN + const stack = new Stack(); + const widget = new GraphWidget({ + left: [new Metric({ namespace: 'CDK', metricName: 'Test' })], + view: GraphWidgetView.PIE, + setPeriodToTimeRange: true, + }); + + // THEN + test.deepEqual(stack.resolve(widget.toJson()), [{ + type: 'metric', + width: 6, + height: 6, + properties: { + view: 'pie', + region: { Ref: 'AWS::Region' }, + metrics: [ + ['CDK', 'Test'], + ], + yAxis: {}, + setPeriodToTimeRange: true, + }, + }]); + + test.done(); + }, +}; From 85e00faf1e3bcc32c2f7aa881d42c6d1f6c17f63 Mon Sep 17 00:00:00 2001 From: Florian Eitel Date: Wed, 12 May 2021 17:25:29 +0200 Subject: [PATCH 6/6] feat(secretsmanager): Automatically grant permissions to rotation Lambda (#14471) When you use the AWS Secrets Manager console to configure rotation for a secret for one of the fully supported databases, the console configures almost all parameters for you. But if you create a function or opt to do anything manually for other reasons, you also might have to manually configure the permissions for that part of the rotation. https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets-required-permissions.html ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- .../@aws-cdk/aws-secretsmanager/README.md | 2 + .../lib/rotation-schedule.ts | 30 ++++++++ .../test/rotation-schedule.test.ts | 69 +++++++++++++++++++ 3 files changed, 101 insertions(+) diff --git a/packages/@aws-cdk/aws-secretsmanager/README.md b/packages/@aws-cdk/aws-secretsmanager/README.md index 0c0f45828e9ef..81c8e3c5e8e24 100644 --- a/packages/@aws-cdk/aws-secretsmanager/README.md +++ b/packages/@aws-cdk/aws-secretsmanager/README.md @@ -87,6 +87,8 @@ secret.addRotationSchedule('RotationSchedule', { }); ``` +Note: The required permissions for Lambda to call SecretsManager and the other way round are automatically granted based on [AWS Documentation](https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets-required-permissions.html) as long as the Lambda is not imported. + See [Overview of the Lambda Rotation Function](https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets-lambda-function-overview.html) on how to implement a Lambda Rotation Function. ### Using a Hosted Lambda Function diff --git a/packages/@aws-cdk/aws-secretsmanager/lib/rotation-schedule.ts b/packages/@aws-cdk/aws-secretsmanager/lib/rotation-schedule.ts index 1243976963386..7e00492f2cb2f 100644 --- a/packages/@aws-cdk/aws-secretsmanager/lib/rotation-schedule.ts +++ b/packages/@aws-cdk/aws-secretsmanager/lib/rotation-schedule.ts @@ -1,4 +1,5 @@ import * as ec2 from '@aws-cdk/aws-ec2'; +import * as iam from '@aws-cdk/aws-iam'; import * as lambda from '@aws-cdk/aws-lambda'; import { Duration, Resource, Stack } from '@aws-cdk/core'; import { Construct } from 'constructs'; @@ -70,6 +71,35 @@ export class RotationSchedule extends Resource { throw new Error('One of `rotationLambda` or `hostedRotation` must be specified.'); } + if (props.rotationLambda?.permissionsNode.defaultChild) { + props.rotationLambda.grantInvoke(new iam.ServicePrincipal('secretsmanager.amazonaws.com')); + + props.rotationLambda.addToRolePolicy( + new iam.PolicyStatement({ + actions: [ + 'secretsmanager:DescribeSecret', + 'secretsmanager:GetSecretValue', + 'secretsmanager:PutSecretValue', + 'secretsmanager:UpdateSecretVersionStage', + ], + resources: [props.secret.secretArn], + conditions: { + StringEquals: { + 'secretsmanager:resource/AllowRotationLambdaArn': props.rotationLambda.functionArn, + }, + }, + }), + ); + props.rotationLambda.addToRolePolicy( + new iam.PolicyStatement({ + actions: [ + 'secretsmanager:GetRandomPassword', + ], + resources: ['*'], + }), + ); + } + new CfnRotationSchedule(this, 'Resource', { secretId: props.secret.secretArn, rotationLambdaArn: props.rotationLambda?.functionArn, diff --git a/packages/@aws-cdk/aws-secretsmanager/test/rotation-schedule.test.ts b/packages/@aws-cdk/aws-secretsmanager/test/rotation-schedule.test.ts index e77336732d51b..3ab3422cd265b 100644 --- a/packages/@aws-cdk/aws-secretsmanager/test/rotation-schedule.test.ts +++ b/packages/@aws-cdk/aws-secretsmanager/test/rotation-schedule.test.ts @@ -41,6 +41,75 @@ test('create a rotation schedule with a rotation Lambda', () => { }); }); +test('assign permissions for rotation schedule with a rotation Lambda', () => { + // GIVEN + const secret = new secretsmanager.Secret(stack, 'Secret'); + const rotationLambda = new lambda.Function(stack, 'Lambda', { + runtime: lambda.Runtime.NODEJS_10_X, + code: lambda.Code.fromInline('export.handler = event => event;'), + handler: 'index.handler', + }); + + // WHEN + new secretsmanager.RotationSchedule(stack, 'RotationSchedule', { + secret, + rotationLambda, + }); + + // THEN + expect(stack).toHaveResource('AWS::Lambda::Permission', { + Action: 'lambda:InvokeFunction', + FunctionName: { + 'Fn::GetAtt': [ + 'LambdaD247545B', + 'Arn', + ], + }, + Principal: 'secretsmanager.amazonaws.com', + }); + + expect(stack).toHaveResource('AWS::IAM::Policy', { + PolicyDocument: { + Statement: [ + { + Action: [ + 'secretsmanager:DescribeSecret', + 'secretsmanager:GetSecretValue', + 'secretsmanager:PutSecretValue', + 'secretsmanager:UpdateSecretVersionStage', + ], + Effect: 'Allow', + Resource: { + Ref: 'SecretA720EF05', + }, + Condition: { + StringEquals: { + 'secretsmanager:resource/AllowRotationLambdaArn': { + 'Fn::GetAtt': [ + 'LambdaD247545B', + 'Arn', + ], + }, + }, + }, + }, + { + Action: 'secretsmanager:GetRandomPassword', + Effect: 'Allow', + Resource: '*', + }, + ], + Version: '2012-10-17', + }, + PolicyName: 'LambdaServiceRoleDefaultPolicyDAE46E21', + Roles: [ + { + Ref: 'LambdaServiceRoleA8ED4D3B', + }, + ], + }); +}); + describe('hosted rotation', () => { test('single user not in a vpc', () => { // GIVEN