From e4df7e5456aa25041373412d31104c59b791c21c Mon Sep 17 00:00:00 2001 From: AWS CDK Automation <43080478+aws-cdk-automation@users.noreply.github.com> Date: Wed, 24 Jan 2024 09:18:05 -0500 Subject: [PATCH 1/6] chore: npm-check-updates && yarn upgrade (#28839) Ran npm-check-updates and yarn upgrade to keep the `yarn.lock` file up-to-date. --- .../@aws-cdk-testing/cli-integ/package.json | 2 +- .../framework-integ/package.json | 4 +- .../@aws-cdk/cloudformation-diff/package.json | 2 +- .../custom-resource-handlers/package.json | 4 +- packages/aws-cdk-lib/package.json | 6 +- packages/aws-cdk/THIRD_PARTY_LICENSES | 4 +- .../app/typescript/package.json | 2 +- .../lib/typescript/package.json | 2 +- .../sample-app/typescript/package.json | 2 +- packages/aws-cdk/package.json | 2 +- packages/cdk-assets/package.json | 2 +- tools/@aws-cdk/lazify/package.json | 2 +- tools/@aws-cdk/node-bundle/package.json | 2 +- yarn.lock | 358 +++++++++--------- 14 files changed, 202 insertions(+), 192 deletions(-) diff --git a/packages/@aws-cdk-testing/cli-integ/package.json b/packages/@aws-cdk-testing/cli-integ/package.json index 905c96ffe9203..0bfe4ca53077e 100644 --- a/packages/@aws-cdk-testing/cli-integ/package.json +++ b/packages/@aws-cdk-testing/cli-integ/package.json @@ -39,7 +39,7 @@ }, "dependencies": { "@octokit/rest": "^18.12.0", - "aws-sdk": "^2.1540.0", + "aws-sdk": "^2.1542.0", "axios": "^1.6.5", "fs-extra": "^9.1.0", "glob": "^7.2.3", diff --git a/packages/@aws-cdk-testing/framework-integ/package.json b/packages/@aws-cdk-testing/framework-integ/package.json index 936692c4221df..5f34dadd94be6 100644 --- a/packages/@aws-cdk-testing/framework-integ/package.json +++ b/packages/@aws-cdk-testing/framework-integ/package.json @@ -41,9 +41,9 @@ "@aws-cdk/integ-tests-alpha": "0.0.0", "@aws-cdk/lambda-layer-kubectl-v24": "^2.0.242", "aws-cdk-lib": "0.0.0", - "aws-sdk": "^2.1540.0", + "aws-sdk": "^2.1542.0", "aws-sdk-mock": "5.6.0", - "cdk8s": "2.68.29", + "cdk8s": "2.68.30", "cdk8s-plus-27": "2.7.73", "constructs": "^10.0.0" }, diff --git a/packages/@aws-cdk/cloudformation-diff/package.json b/packages/@aws-cdk/cloudformation-diff/package.json index 56ac325afdeca..784725bf8d021 100644 --- a/packages/@aws-cdk/cloudformation-diff/package.json +++ b/packages/@aws-cdk/cloudformation-diff/package.json @@ -38,7 +38,7 @@ "@types/string-width": "^4.0.1", "fast-check": "^3.15.0", "jest": "^29.7.0", - "aws-sdk": "2.1540.0", + "aws-sdk": "2.1542.0", "ts-jest": "^29.1.2" }, "repository": { diff --git a/packages/@aws-cdk/custom-resource-handlers/package.json b/packages/@aws-cdk/custom-resource-handlers/package.json index a2f30366e4609..3d076ddf499b5 100644 --- a/packages/@aws-cdk/custom-resource-handlers/package.json +++ b/packages/@aws-cdk/custom-resource-handlers/package.json @@ -55,7 +55,7 @@ "sinon": "^9.2.4", "nock": "^13.5.0", "fs-extra": "^11.2.0", - "esbuild": "^0.19.11" + "esbuild": "^0.19.12" }, "dependencies": { "@aws-cdk/asset-node-proxy-agent-v6": "^2.0.1", @@ -63,7 +63,7 @@ "@aws-sdk/client-synthetics": "3.421.0", "@aws-sdk/client-ecr": "3.421.0", "@aws-sdk/client-s3": "3.421.0", - "aws-sdk": "^2.1540.0" + "aws-sdk": "^2.1542.0" }, "repository": { "url": "https://github.com/aws/aws-cdk.git", diff --git a/packages/aws-cdk-lib/package.json b/packages/aws-cdk-lib/package.json index 3d9d95118df3c..ccf73497a6bfc 100644 --- a/packages/aws-cdk-lib/package.json +++ b/packages/aws-cdk-lib/package.json @@ -163,14 +163,14 @@ "@types/lodash": "^4.14.202", "@types/punycode": "^2.1.3", "@aws-cdk/lazify": "0.0.0", - "aws-sdk": "^2.1540.0", + "aws-sdk": "^2.1542.0", "aws-sdk-client-mock": "^3.0.1", "aws-sdk-client-mock-jest": "^3.0.1", "aws-sdk-mock": "5.8.0", - "cdk8s": "2.68.29", + "cdk8s": "2.68.30", "constructs": "^10.0.0", "delay": "5.0.0", - "esbuild": "^0.19.11", + "esbuild": "^0.19.12", "fast-check": "^3.15.0", "jest": "^29.7.0", "jest-each": "^29.7.0", diff --git a/packages/aws-cdk/THIRD_PARTY_LICENSES b/packages/aws-cdk/THIRD_PARTY_LICENSES index d7866dd03f457..7815192848133 100644 --- a/packages/aws-cdk/THIRD_PARTY_LICENSES +++ b/packages/aws-cdk/THIRD_PARTY_LICENSES @@ -264,7 +264,7 @@ THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH RE ---------------- -** aws-sdk@2.1540.0 - https://www.npmjs.com/package/aws-sdk/v/2.1540.0 | Apache-2.0 +** aws-sdk@2.1542.0 - https://www.npmjs.com/package/aws-sdk/v/2.1542.0 | Apache-2.0 AWS SDK for JavaScript Copyright 2012-2017 Amazon.com, Inc. or its affiliates. All Rights Reserved. @@ -3298,7 +3298,7 @@ IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. ---------------- -** xml2js@0.5.0 - https://www.npmjs.com/package/xml2js/v/0.5.0 | MIT +** xml2js@0.6.2 - https://www.npmjs.com/package/xml2js/v/0.6.2 | MIT Copyright 2010, 2011, 2012, 2013. All rights reserved. Permission is hereby granted, free of charge, to any person obtaining a copy diff --git a/packages/aws-cdk/lib/init-templates/app/typescript/package.json b/packages/aws-cdk/lib/init-templates/app/typescript/package.json index 523c32b652fa1..8127c62190947 100644 --- a/packages/aws-cdk/lib/init-templates/app/typescript/package.json +++ b/packages/aws-cdk/lib/init-templates/app/typescript/package.json @@ -12,7 +12,7 @@ }, "devDependencies": { "@types/jest": "^29.5.11", - "@types/node": "20.11.5", + "@types/node": "20.11.6", "jest": "^29.7.0", "ts-jest": "^29.1.2", "aws-cdk": "%cdk-version%", diff --git a/packages/aws-cdk/lib/init-templates/lib/typescript/package.json b/packages/aws-cdk/lib/init-templates/lib/typescript/package.json index d9a027076aaa5..16525c001383c 100644 --- a/packages/aws-cdk/lib/init-templates/lib/typescript/package.json +++ b/packages/aws-cdk/lib/init-templates/lib/typescript/package.json @@ -10,7 +10,7 @@ }, "devDependencies": { "@types/jest": "^29.5.11", - "@types/node": "20.11.5", + "@types/node": "20.11.6", "aws-cdk-lib": "%cdk-version%", "constructs": "%constructs-version%", "jest": "^29.7.0", diff --git a/packages/aws-cdk/lib/init-templates/sample-app/typescript/package.json b/packages/aws-cdk/lib/init-templates/sample-app/typescript/package.json index 97585b4dbe104..536d4394d536f 100644 --- a/packages/aws-cdk/lib/init-templates/sample-app/typescript/package.json +++ b/packages/aws-cdk/lib/init-templates/sample-app/typescript/package.json @@ -12,7 +12,7 @@ }, "devDependencies": { "@types/jest": "^29.5.11", - "@types/node": "20.11.5", + "@types/node": "20.11.6", "jest": "^29.7.0", "ts-jest": "^29.1.2", "aws-cdk": "%cdk-version%", diff --git a/packages/aws-cdk/package.json b/packages/aws-cdk/package.json index e5fcd7a24c060..237628bb6315b 100644 --- a/packages/aws-cdk/package.json +++ b/packages/aws-cdk/package.json @@ -102,7 +102,7 @@ "@aws-cdk/region-info": "0.0.0", "@jsii/check-node": "1.94.0", "archiver": "^5.3.2", - "aws-sdk": "^2.1540.0", + "aws-sdk": "^2.1542.0", "camelcase": "^6.3.0", "cdk-assets": "0.0.0", "cdk-from-cfn": "^0.122.0", diff --git a/packages/cdk-assets/package.json b/packages/cdk-assets/package.json index 6e4978031430b..767423ca837d5 100644 --- a/packages/cdk-assets/package.json +++ b/packages/cdk-assets/package.json @@ -46,7 +46,7 @@ "@aws-cdk/cloud-assembly-schema": "0.0.0", "@aws-cdk/cx-api": "0.0.0", "archiver": "^5.3.2", - "aws-sdk": "^2.1540.0", + "aws-sdk": "^2.1542.0", "glob": "^7.2.3", "mime": "^2.6.0", "yargs": "^16.2.0" diff --git a/tools/@aws-cdk/lazify/package.json b/tools/@aws-cdk/lazify/package.json index a805b70f9bc39..e9414c38e52f1 100644 --- a/tools/@aws-cdk/lazify/package.json +++ b/tools/@aws-cdk/lazify/package.json @@ -24,7 +24,7 @@ "cjs-module-lexer": "^1.2.3" }, "dependencies": { - "esbuild": "^0.19.11", + "esbuild": "^0.19.12", "fs-extra": "^10.1.0", "yargs": "^17.7.2" }, diff --git a/tools/@aws-cdk/node-bundle/package.json b/tools/@aws-cdk/node-bundle/package.json index f83985609466b..7ef0b26a35705 100644 --- a/tools/@aws-cdk/node-bundle/package.json +++ b/tools/@aws-cdk/node-bundle/package.json @@ -31,7 +31,7 @@ "typescript": "^4.5.5" }, "dependencies": { - "esbuild": "^0.19.11", + "esbuild": "^0.19.12", "fs-extra": "^10.1.0", "license-checker": "^25.0.1", "madge": "^5.0.2", diff --git a/yarn.lock b/yarn.lock index 7fcf156b73d75..cfc2af0d81d04 100644 --- a/yarn.lock +++ b/yarn.lock @@ -2911,120 +2911,120 @@ enabled "2.0.x" kuler "^2.0.0" -"@esbuild/aix-ppc64@0.19.11": - version "0.19.11" - resolved "https://registry.npmjs.org/@esbuild/aix-ppc64/-/aix-ppc64-0.19.11.tgz#2acd20be6d4f0458bc8c784103495ff24f13b1d3" - integrity sha512-FnzU0LyE3ySQk7UntJO4+qIiQgI7KoODnZg5xzXIrFJlKd2P2gwHsHY4927xj9y5PJmJSzULiUCWmv7iWnNa7g== - -"@esbuild/android-arm64@0.19.11": - version "0.19.11" - resolved "https://registry.npmjs.org/@esbuild/android-arm64/-/android-arm64-0.19.11.tgz#b45d000017385c9051a4f03e17078abb935be220" - integrity sha512-aiu7K/5JnLj//KOnOfEZ0D90obUkRzDMyqd/wNAUQ34m4YUPVhRZpnqKV9uqDGxT7cToSDnIHsGooyIczu9T+Q== - -"@esbuild/android-arm@0.19.11": - version "0.19.11" - resolved "https://registry.npmjs.org/@esbuild/android-arm/-/android-arm-0.19.11.tgz#f46f55414e1c3614ac682b29977792131238164c" - integrity sha512-5OVapq0ClabvKvQ58Bws8+wkLCV+Rxg7tUVbo9xu034Nm536QTII4YzhaFriQ7rMrorfnFKUsArD2lqKbFY4vw== - -"@esbuild/android-x64@0.19.11": - version "0.19.11" - resolved "https://registry.npmjs.org/@esbuild/android-x64/-/android-x64-0.19.11.tgz#bfc01e91740b82011ef503c48f548950824922b2" - integrity sha512-eccxjlfGw43WYoY9QgB82SgGgDbibcqyDTlk3l3C0jOVHKxrjdc9CTwDUQd0vkvYg5um0OH+GpxYvp39r+IPOg== - -"@esbuild/darwin-arm64@0.19.11": - version "0.19.11" - resolved "https://registry.npmjs.org/@esbuild/darwin-arm64/-/darwin-arm64-0.19.11.tgz#533fb7f5a08c37121d82c66198263dcc1bed29bf" - integrity sha512-ETp87DRWuSt9KdDVkqSoKoLFHYTrkyz2+65fj9nfXsaV3bMhTCjtQfw3y+um88vGRKRiF7erPrh/ZuIdLUIVxQ== - -"@esbuild/darwin-x64@0.19.11": - version "0.19.11" - resolved "https://registry.npmjs.org/@esbuild/darwin-x64/-/darwin-x64-0.19.11.tgz#62f3819eff7e4ddc656b7c6815a31cf9a1e7d98e" - integrity sha512-fkFUiS6IUK9WYUO/+22omwetaSNl5/A8giXvQlcinLIjVkxwTLSktbF5f/kJMftM2MJp9+fXqZ5ezS7+SALp4g== - -"@esbuild/freebsd-arm64@0.19.11": - version "0.19.11" - resolved "https://registry.npmjs.org/@esbuild/freebsd-arm64/-/freebsd-arm64-0.19.11.tgz#d478b4195aa3ca44160272dab85ef8baf4175b4a" - integrity sha512-lhoSp5K6bxKRNdXUtHoNc5HhbXVCS8V0iZmDvyWvYq9S5WSfTIHU2UGjcGt7UeS6iEYp9eeymIl5mJBn0yiuxA== - -"@esbuild/freebsd-x64@0.19.11": - version "0.19.11" - resolved "https://registry.npmjs.org/@esbuild/freebsd-x64/-/freebsd-x64-0.19.11.tgz#7bdcc1917409178257ca6a1a27fe06e797ec18a2" - integrity sha512-JkUqn44AffGXitVI6/AbQdoYAq0TEullFdqcMY/PCUZ36xJ9ZJRtQabzMA+Vi7r78+25ZIBosLTOKnUXBSi1Kw== - -"@esbuild/linux-arm64@0.19.11": - version "0.19.11" - resolved "https://registry.npmjs.org/@esbuild/linux-arm64/-/linux-arm64-0.19.11.tgz#58ad4ff11685fcc735d7ff4ca759ab18fcfe4545" - integrity sha512-LneLg3ypEeveBSMuoa0kwMpCGmpu8XQUh+mL8XXwoYZ6Be2qBnVtcDI5azSvh7vioMDhoJFZzp9GWp9IWpYoUg== - -"@esbuild/linux-arm@0.19.11": - version "0.19.11" - resolved "https://registry.npmjs.org/@esbuild/linux-arm/-/linux-arm-0.19.11.tgz#ce82246d873b5534d34de1e5c1b33026f35e60e3" - integrity sha512-3CRkr9+vCV2XJbjwgzjPtO8T0SZUmRZla+UL1jw+XqHZPkPgZiyWvbDvl9rqAN8Zl7qJF0O/9ycMtjU67HN9/Q== - -"@esbuild/linux-ia32@0.19.11": - version "0.19.11" - resolved "https://registry.npmjs.org/@esbuild/linux-ia32/-/linux-ia32-0.19.11.tgz#cbae1f313209affc74b80f4390c4c35c6ab83fa4" - integrity sha512-caHy++CsD8Bgq2V5CodbJjFPEiDPq8JJmBdeyZ8GWVQMjRD0sU548nNdwPNvKjVpamYYVL40AORekgfIubwHoA== - -"@esbuild/linux-loong64@0.19.11": - version "0.19.11" - resolved "https://registry.npmjs.org/@esbuild/linux-loong64/-/linux-loong64-0.19.11.tgz#5f32aead1c3ec8f4cccdb7ed08b166224d4e9121" - integrity sha512-ppZSSLVpPrwHccvC6nQVZaSHlFsvCQyjnvirnVjbKSHuE5N24Yl8F3UwYUUR1UEPaFObGD2tSvVKbvR+uT1Nrg== - -"@esbuild/linux-mips64el@0.19.11": - version "0.19.11" - resolved "https://registry.npmjs.org/@esbuild/linux-mips64el/-/linux-mips64el-0.19.11.tgz#38eecf1cbb8c36a616261de858b3c10d03419af9" - integrity sha512-B5x9j0OgjG+v1dF2DkH34lr+7Gmv0kzX6/V0afF41FkPMMqaQ77pH7CrhWeR22aEeHKaeZVtZ6yFwlxOKPVFyg== - -"@esbuild/linux-ppc64@0.19.11": - version "0.19.11" - resolved "https://registry.npmjs.org/@esbuild/linux-ppc64/-/linux-ppc64-0.19.11.tgz#9c5725a94e6ec15b93195e5a6afb821628afd912" - integrity sha512-MHrZYLeCG8vXblMetWyttkdVRjQlQUb/oMgBNurVEnhj4YWOr4G5lmBfZjHYQHHN0g6yDmCAQRR8MUHldvvRDA== - -"@esbuild/linux-riscv64@0.19.11": - version "0.19.11" - resolved "https://registry.npmjs.org/@esbuild/linux-riscv64/-/linux-riscv64-0.19.11.tgz#2dc4486d474a2a62bbe5870522a9a600e2acb916" - integrity sha512-f3DY++t94uVg141dozDu4CCUkYW+09rWtaWfnb3bqe4w5NqmZd6nPVBm+qbz7WaHZCoqXqHz5p6CM6qv3qnSSQ== - -"@esbuild/linux-s390x@0.19.11": - version "0.19.11" - resolved "https://registry.npmjs.org/@esbuild/linux-s390x/-/linux-s390x-0.19.11.tgz#4ad8567df48f7dd4c71ec5b1753b6f37561a65a8" - integrity sha512-A5xdUoyWJHMMlcSMcPGVLzYzpcY8QP1RtYzX5/bS4dvjBGVxdhuiYyFwp7z74ocV7WDc0n1harxmpq2ePOjI0Q== - -"@esbuild/linux-x64@0.19.11": - version "0.19.11" - resolved "https://registry.npmjs.org/@esbuild/linux-x64/-/linux-x64-0.19.11.tgz#b7390c4d5184f203ebe7ddaedf073df82a658766" - integrity sha512-grbyMlVCvJSfxFQUndw5mCtWs5LO1gUlwP4CDi4iJBbVpZcqLVT29FxgGuBJGSzyOxotFG4LoO5X+M1350zmPA== - -"@esbuild/netbsd-x64@0.19.11": - version "0.19.11" - resolved "https://registry.npmjs.org/@esbuild/netbsd-x64/-/netbsd-x64-0.19.11.tgz#d633c09492a1721377f3bccedb2d821b911e813d" - integrity sha512-13jvrQZJc3P230OhU8xgwUnDeuC/9egsjTkXN49b3GcS5BKvJqZn86aGM8W9pd14Kd+u7HuFBMVtrNGhh6fHEQ== - -"@esbuild/openbsd-x64@0.19.11": - version "0.19.11" - resolved "https://registry.npmjs.org/@esbuild/openbsd-x64/-/openbsd-x64-0.19.11.tgz#17388c76e2f01125bf831a68c03a7ffccb65d1a2" - integrity sha512-ysyOGZuTp6SNKPE11INDUeFVVQFrhcNDVUgSQVDzqsqX38DjhPEPATpid04LCoUr2WXhQTEZ8ct/EgJCUDpyNw== - -"@esbuild/sunos-x64@0.19.11": - version "0.19.11" - resolved "https://registry.npmjs.org/@esbuild/sunos-x64/-/sunos-x64-0.19.11.tgz#e320636f00bb9f4fdf3a80e548cb743370d41767" - integrity sha512-Hf+Sad9nVwvtxy4DXCZQqLpgmRTQqyFyhT3bZ4F2XlJCjxGmRFF0Shwn9rzhOYRB61w9VMXUkxlBy56dk9JJiQ== - -"@esbuild/win32-arm64@0.19.11": - version "0.19.11" - resolved "https://registry.npmjs.org/@esbuild/win32-arm64/-/win32-arm64-0.19.11.tgz#c778b45a496e90b6fc373e2a2bb072f1441fe0ee" - integrity sha512-0P58Sbi0LctOMOQbpEOvOL44Ne0sqbS0XWHMvvrg6NE5jQ1xguCSSw9jQeUk2lfrXYsKDdOe6K+oZiwKPilYPQ== - -"@esbuild/win32-ia32@0.19.11": - version "0.19.11" - resolved "https://registry.npmjs.org/@esbuild/win32-ia32/-/win32-ia32-0.19.11.tgz#481a65fee2e5cce74ec44823e6b09ecedcc5194c" - integrity sha512-6YOrWS+sDJDmshdBIQU+Uoyh7pQKrdykdefC1avn76ss5c+RN6gut3LZA4E2cH5xUEp5/cA0+YxRaVtRAb0xBg== - -"@esbuild/win32-x64@0.19.11": - version "0.19.11" - resolved "https://registry.npmjs.org/@esbuild/win32-x64/-/win32-x64-0.19.11.tgz#a5d300008960bb39677c46bf16f53ec70d8dee04" - integrity sha512-vfkhltrjCAb603XaFhqhAF4LGDi2M4OrCRrFusyQ+iTLQ/o60QQXxc9cZC/FFpihBI9N1Grn6SMKVJ4KP7Fuiw== +"@esbuild/aix-ppc64@0.19.12": + version "0.19.12" + resolved "https://registry.npmjs.org/@esbuild/aix-ppc64/-/aix-ppc64-0.19.12.tgz#d1bc06aedb6936b3b6d313bf809a5a40387d2b7f" + integrity sha512-bmoCYyWdEL3wDQIVbcyzRyeKLgk2WtWLTWz1ZIAZF/EGbNOwSA6ew3PftJ1PqMiOOGu0OyFMzG53L0zqIpPeNA== + +"@esbuild/android-arm64@0.19.12": + version "0.19.12" + resolved "https://registry.npmjs.org/@esbuild/android-arm64/-/android-arm64-0.19.12.tgz#7ad65a36cfdb7e0d429c353e00f680d737c2aed4" + integrity sha512-P0UVNGIienjZv3f5zq0DP3Nt2IE/3plFzuaS96vihvD0Hd6H/q4WXUGpCxD/E8YrSXfNyRPbpTq+T8ZQioSuPA== + +"@esbuild/android-arm@0.19.12": + version "0.19.12" + resolved "https://registry.npmjs.org/@esbuild/android-arm/-/android-arm-0.19.12.tgz#b0c26536f37776162ca8bde25e42040c203f2824" + integrity sha512-qg/Lj1mu3CdQlDEEiWrlC4eaPZ1KztwGJ9B6J+/6G+/4ewxJg7gqj8eVYWvao1bXrqGiW2rsBZFSX3q2lcW05w== + +"@esbuild/android-x64@0.19.12": + version "0.19.12" + resolved "https://registry.npmjs.org/@esbuild/android-x64/-/android-x64-0.19.12.tgz#cb13e2211282012194d89bf3bfe7721273473b3d" + integrity sha512-3k7ZoUW6Q6YqhdhIaq/WZ7HwBpnFBlW905Fa4s4qWJyiNOgT1dOqDiVAQFwBH7gBRZr17gLrlFCRzF6jFh7Kew== + +"@esbuild/darwin-arm64@0.19.12": + version "0.19.12" + resolved "https://registry.npmjs.org/@esbuild/darwin-arm64/-/darwin-arm64-0.19.12.tgz#cbee41e988020d4b516e9d9e44dd29200996275e" + integrity sha512-B6IeSgZgtEzGC42jsI+YYu9Z3HKRxp8ZT3cqhvliEHovq8HSX2YX8lNocDn79gCKJXOSaEot9MVYky7AKjCs8g== + +"@esbuild/darwin-x64@0.19.12": + version "0.19.12" + resolved "https://registry.npmjs.org/@esbuild/darwin-x64/-/darwin-x64-0.19.12.tgz#e37d9633246d52aecf491ee916ece709f9d5f4cd" + integrity sha512-hKoVkKzFiToTgn+41qGhsUJXFlIjxI/jSYeZf3ugemDYZldIXIxhvwN6erJGlX4t5h417iFuheZ7l+YVn05N3A== + +"@esbuild/freebsd-arm64@0.19.12": + version "0.19.12" + resolved "https://registry.npmjs.org/@esbuild/freebsd-arm64/-/freebsd-arm64-0.19.12.tgz#1ee4d8b682ed363b08af74d1ea2b2b4dbba76487" + integrity sha512-4aRvFIXmwAcDBw9AueDQ2YnGmz5L6obe5kmPT8Vd+/+x/JMVKCgdcRwH6APrbpNXsPz+K653Qg8HB/oXvXVukA== + +"@esbuild/freebsd-x64@0.19.12": + version "0.19.12" + resolved "https://registry.npmjs.org/@esbuild/freebsd-x64/-/freebsd-x64-0.19.12.tgz#37a693553d42ff77cd7126764b535fb6cc28a11c" + integrity sha512-EYoXZ4d8xtBoVN7CEwWY2IN4ho76xjYXqSXMNccFSx2lgqOG/1TBPW0yPx1bJZk94qu3tX0fycJeeQsKovA8gg== + +"@esbuild/linux-arm64@0.19.12": + version "0.19.12" + resolved "https://registry.npmjs.org/@esbuild/linux-arm64/-/linux-arm64-0.19.12.tgz#be9b145985ec6c57470e0e051d887b09dddb2d4b" + integrity sha512-EoTjyYyLuVPfdPLsGVVVC8a0p1BFFvtpQDB/YLEhaXyf/5bczaGeN15QkR+O4S5LeJ92Tqotve7i1jn35qwvdA== + +"@esbuild/linux-arm@0.19.12": + version "0.19.12" + resolved "https://registry.npmjs.org/@esbuild/linux-arm/-/linux-arm-0.19.12.tgz#207ecd982a8db95f7b5279207d0ff2331acf5eef" + integrity sha512-J5jPms//KhSNv+LO1S1TX1UWp1ucM6N6XuL6ITdKWElCu8wXP72l9MM0zDTzzeikVyqFE6U8YAV9/tFyj0ti+w== + +"@esbuild/linux-ia32@0.19.12": + version "0.19.12" + resolved "https://registry.npmjs.org/@esbuild/linux-ia32/-/linux-ia32-0.19.12.tgz#d0d86b5ca1562523dc284a6723293a52d5860601" + integrity sha512-Thsa42rrP1+UIGaWz47uydHSBOgTUnwBwNq59khgIwktK6x60Hivfbux9iNR0eHCHzOLjLMLfUMLCypBkZXMHA== + +"@esbuild/linux-loong64@0.19.12": + version "0.19.12" + resolved "https://registry.npmjs.org/@esbuild/linux-loong64/-/linux-loong64-0.19.12.tgz#9a37f87fec4b8408e682b528391fa22afd952299" + integrity sha512-LiXdXA0s3IqRRjm6rV6XaWATScKAXjI4R4LoDlvO7+yQqFdlr1Bax62sRwkVvRIrwXxvtYEHHI4dm50jAXkuAA== + +"@esbuild/linux-mips64el@0.19.12": + version "0.19.12" + resolved "https://registry.npmjs.org/@esbuild/linux-mips64el/-/linux-mips64el-0.19.12.tgz#4ddebd4e6eeba20b509d8e74c8e30d8ace0b89ec" + integrity sha512-fEnAuj5VGTanfJ07ff0gOA6IPsvrVHLVb6Lyd1g2/ed67oU1eFzL0r9WL7ZzscD+/N6i3dWumGE1Un4f7Amf+w== + +"@esbuild/linux-ppc64@0.19.12": + version "0.19.12" + resolved "https://registry.npmjs.org/@esbuild/linux-ppc64/-/linux-ppc64-0.19.12.tgz#adb67dadb73656849f63cd522f5ecb351dd8dee8" + integrity sha512-nYJA2/QPimDQOh1rKWedNOe3Gfc8PabU7HT3iXWtNUbRzXS9+vgB0Fjaqr//XNbd82mCxHzik2qotuI89cfixg== + +"@esbuild/linux-riscv64@0.19.12": + version "0.19.12" + resolved "https://registry.npmjs.org/@esbuild/linux-riscv64/-/linux-riscv64-0.19.12.tgz#11bc0698bf0a2abf8727f1c7ace2112612c15adf" + integrity sha512-2MueBrlPQCw5dVJJpQdUYgeqIzDQgw3QtiAHUC4RBz9FXPrskyyU3VI1hw7C0BSKB9OduwSJ79FTCqtGMWqJHg== + +"@esbuild/linux-s390x@0.19.12": + version "0.19.12" + resolved "https://registry.npmjs.org/@esbuild/linux-s390x/-/linux-s390x-0.19.12.tgz#e86fb8ffba7c5c92ba91fc3b27ed5a70196c3cc8" + integrity sha512-+Pil1Nv3Umes4m3AZKqA2anfhJiVmNCYkPchwFJNEJN5QxmTs1uzyy4TvmDrCRNT2ApwSari7ZIgrPeUx4UZDg== + +"@esbuild/linux-x64@0.19.12": + version "0.19.12" + resolved "https://registry.npmjs.org/@esbuild/linux-x64/-/linux-x64-0.19.12.tgz#5f37cfdc705aea687dfe5dfbec086a05acfe9c78" + integrity sha512-B71g1QpxfwBvNrfyJdVDexenDIt1CiDN1TIXLbhOw0KhJzE78KIFGX6OJ9MrtC0oOqMWf+0xop4qEU8JrJTwCg== + +"@esbuild/netbsd-x64@0.19.12": + version "0.19.12" + resolved "https://registry.npmjs.org/@esbuild/netbsd-x64/-/netbsd-x64-0.19.12.tgz#29da566a75324e0d0dd7e47519ba2f7ef168657b" + integrity sha512-3ltjQ7n1owJgFbuC61Oj++XhtzmymoCihNFgT84UAmJnxJfm4sYCiSLTXZtE00VWYpPMYc+ZQmB6xbSdVh0JWA== + +"@esbuild/openbsd-x64@0.19.12": + version "0.19.12" + resolved "https://registry.npmjs.org/@esbuild/openbsd-x64/-/openbsd-x64-0.19.12.tgz#306c0acbdb5a99c95be98bdd1d47c916e7dc3ff0" + integrity sha512-RbrfTB9SWsr0kWmb9srfF+L933uMDdu9BIzdA7os2t0TXhCRjrQyCeOt6wVxr79CKD4c+p+YhCj31HBkYcXebw== + +"@esbuild/sunos-x64@0.19.12": + version "0.19.12" + resolved "https://registry.npmjs.org/@esbuild/sunos-x64/-/sunos-x64-0.19.12.tgz#0933eaab9af8b9b2c930236f62aae3fc593faf30" + integrity sha512-HKjJwRrW8uWtCQnQOz9qcU3mUZhTUQvi56Q8DPTLLB+DawoiQdjsYq+j+D3s9I8VFtDr+F9CjgXKKC4ss89IeA== + +"@esbuild/win32-arm64@0.19.12": + version "0.19.12" + resolved "https://registry.npmjs.org/@esbuild/win32-arm64/-/win32-arm64-0.19.12.tgz#773bdbaa1971b36db2f6560088639ccd1e6773ae" + integrity sha512-URgtR1dJnmGvX864pn1B2YUYNzjmXkuJOIqG2HdU62MVS4EHpU2946OZoTMnRUHklGtJdJZ33QfzdjGACXhn1A== + +"@esbuild/win32-ia32@0.19.12": + version "0.19.12" + resolved "https://registry.npmjs.org/@esbuild/win32-ia32/-/win32-ia32-0.19.12.tgz#000516cad06354cc84a73f0943a4aa690ef6fd67" + integrity sha512-+ZOE6pUkMOJfmxmBZElNOx72NKpIa/HFOMGzu8fqzQJ5kgf6aTGrcJaFsNiVMH4JKpMipyK+7k0n2UXN7a8YKQ== + +"@esbuild/win32-x64@0.19.12": + version "0.19.12" + resolved "https://registry.npmjs.org/@esbuild/win32-x64/-/win32-x64-0.19.12.tgz#c57c8afbb4054a3ab8317591a0b7320360b444ae" + integrity sha512-T1QyPSDCyMXaO3pzBkF96E8xMkiRYbUEZADd29SyPGabqxMViNoii+NcK7eWJAEoU6RZyEm5lVSIjTmcdoB9HA== "@eslint-community/eslint-utils@^4.2.0", "@eslint-community/eslint-utils@^4.4.0": version "4.4.0" @@ -5038,9 +5038,9 @@ form-data "^4.0.0" "@types/node@*": - version "20.11.5" - resolved "https://registry.npmjs.org/@types/node/-/node-20.11.5.tgz#be10c622ca7fcaa3cf226cf80166abc31389d86e" - integrity sha512-g557vgQjUUfN76MZAN/dt1z3dzcUsimuysco0KeluHgrPdJXkP/XdAURgyO2W9fZWHRtRBiVKzKn8vyOAwlG+w== + version "20.11.6" + resolved "https://registry.npmjs.org/@types/node/-/node-20.11.6.tgz#6adf4241460e28be53836529c033a41985f85b6e" + integrity sha512-+EOokTnksGVgip2PbYbr3xnR7kZigh4LbybAfBAw5BpnQ+FqBYUsvCEjYd70IXKlbohQ64mzEYmMtlWUY8q//Q== dependencies: undici-types "~5.26.4" @@ -5050,14 +5050,14 @@ integrity sha512-YUgMWAQBWLObABqrvx8qKO1enAvBUdjZOAWQ5grBAkp5LQv45jBvYKZ3oFS9iKRCQyFjqw6iuEa1vmFqtxYLZw== "@types/node@^16", "@types/node@^16.9.2": - version "16.18.74" - resolved "https://registry.npmjs.org/@types/node/-/node-16.18.74.tgz#af518a0abafe8ab453f04c12ee62cfad75a8ca8d" - integrity sha512-eEn8RkzZFcT0gb8qyi0CcfSOQnLE+NbGLIIaxGGmjn/N35v/C3M8ohxcpSlNlCv+H8vPpMGmrGDdCkzr8xu2tQ== + version "16.18.75" + resolved "https://registry.npmjs.org/@types/node/-/node-16.18.75.tgz#88460b2706e5be1788f5ed6ef51152283b7703a2" + integrity sha512-+FSfZd5mpMDTcIK7bp2GueIcAespzR4FROOXnEst248c85vwthIEwtXYOLgVc/sI4ihE1K/7yO1lEiSgvwAOxA== "@types/node@^18": - version "18.19.8" - resolved "https://registry.npmjs.org/@types/node/-/node-18.19.8.tgz#c1e42b165e5a526caf1f010747e0522cb2c9c36a" - integrity sha512-g1pZtPhsvGVTwmeVoexWZLTQaOvXwoSq//pTL0DHeNzUDrFnir4fgETdhjhIxjVnN+hKOuh98+E1eMLnUXstFg== + version "18.19.9" + resolved "https://registry.npmjs.org/@types/node/-/node-18.19.9.tgz#6c2624c3a05bfa3a2735c533f95597ffacbb5608" + integrity sha512-oZFKlC8l5YtzGQNT4zC2PiSSKzQVZ8bAwwd+EYdPLtyk0nSEq6O16SkK+rkkT2eflDAbormJgEF3QnH3oDrTSw== dependencies: undici-types "~5.26.4" @@ -5823,10 +5823,10 @@ aws-sdk-mock@5.8.0: sinon "^14.0.1" traverse "^0.6.6" -aws-sdk@2.1540.0, aws-sdk@^2.1231.0, aws-sdk@^2.1540.0, aws-sdk@^2.928.0: - version "2.1540.0" - resolved "https://registry.npmjs.org/aws-sdk/-/aws-sdk-2.1540.0.tgz#13be9aec1fc3c404224dd94d6a8c5abb9dc13084" - integrity sha512-nAIXvpAYuBKFrCWAKrKJB3ppD/zFAGpYT888ZVkiBQUlWpq7Z/tDL8lDbnTPceSGnWYmmyPP9awGjoFgWsXsbw== +aws-sdk@2.1542.0, aws-sdk@^2.1231.0, aws-sdk@^2.1542.0, aws-sdk@^2.928.0: + version "2.1542.0" + resolved "https://registry.npmjs.org/aws-sdk/-/aws-sdk-2.1542.0.tgz#c8940b5d746b31bd592277905c07adbda8336359" + integrity sha512-GcDlp9/2fRo7I6LxW1wAMVHf6G4b4S4vsFDhWMhK6Ycx3EhNmpJVEtQn5b46O90ChgD6ydQwBGEoi00W5Km0Lw== dependencies: buffer "4.9.2" events "1.1.1" @@ -5837,7 +5837,7 @@ aws-sdk@2.1540.0, aws-sdk@^2.1231.0, aws-sdk@^2.1540.0, aws-sdk@^2.928.0: url "0.10.3" util "^0.12.4" uuid "8.0.0" - xml2js "0.5.0" + xml2js "0.6.2" axios@^0.27.2: version "0.27.2" @@ -6272,10 +6272,10 @@ cdk8s-plus-27@2.7.73: optionalDependencies: backport "8.5.0" -cdk8s@2.68.29: - version "2.68.29" - resolved "https://registry.npmjs.org/cdk8s/-/cdk8s-2.68.29.tgz#4454ef9290f0bb656cc5c10766f1e837d8b70c27" - integrity sha512-/pPORr8iJGBaSGKgRxGlptIl3Z94qbi/XbSg38CEiIvH9v/aE6oclrPUrZkHM8tP+QM4SEoiVCYax1/DqD1JZg== +cdk8s@2.68.30: + version "2.68.30" + resolved "https://registry.npmjs.org/cdk8s/-/cdk8s-2.68.30.tgz#08665698caf6f8154d9a38dd885c80c773ed15c2" + integrity sha512-/AdOwcSY2YOIoQ02l/580KLwjWaFfcM8aKgsfc6W6/rAWhaWHAtNCCQHjPCZjDKqjKHeQX/x7Z+3adTH/zo3Vw== dependencies: fast-json-patch "^3.1.1" follow-redirects "^1.15.2" @@ -7459,16 +7459,21 @@ dotenv-json@^1.0.0: resolved "https://registry.npmjs.org/dotenv-json/-/dotenv-json-1.0.0.tgz#fc7f672aafea04bed33818733b9f94662332815c" integrity sha512-jAssr+6r4nKhKRudQ0HOzMskOFFi9+ubXWwmrSGJFgTvpjyPXCXsCsYbjif6mXp7uxA7xY3/LGaiTQukZzSbOQ== -dotenv@^16.0.1, dotenv@~16.3.1: - version "16.3.2" - resolved "https://registry.npmjs.org/dotenv/-/dotenv-16.3.2.tgz#3cb611ce5a63002dbabf7c281bc331f69d28f03f" - integrity sha512-HTlk5nmhkm8F6JcdXvHIzaorzCoziNQT9mGxLPVXW8wJF1TiGSL60ZGB4gHWabHOaMmWmhvk2/lPHfnBiT78AQ== +dotenv@^16.0.1: + version "16.4.0" + resolved "https://registry.npmjs.org/dotenv/-/dotenv-16.4.0.tgz#ac21c3fcaad2e7832a1cd0c0e4e8e52225ecda0e" + integrity sha512-WvImr5kpN5NGNn7KaDjJnLTh5rDVLZiDf/YLA8T1ZEZEBZNEDOE+mnkS0PVjPax8ZxBP5zC5SLMB3/9VV5de9g== dotenv@^8.0.0: version "8.6.0" resolved "https://registry.npmjs.org/dotenv/-/dotenv-8.6.0.tgz#061af664d19f7f4d8fc6e4ff9b584ce237adcb8b" integrity sha512-IrPdXQsk2BbzvCBGBOTmmSH5SodmqZNt4ERAZDmW4CT+tL8VtvinqywuANaFu4bOMWki16nqf0e4oC0QIaDr/g== +dotenv@~16.3.1: + version "16.3.2" + resolved "https://registry.npmjs.org/dotenv/-/dotenv-16.3.2.tgz#3cb611ce5a63002dbabf7c281bc331f69d28f03f" + integrity sha512-HTlk5nmhkm8F6JcdXvHIzaorzCoziNQT9mGxLPVXW8wJF1TiGSL60ZGB4gHWabHOaMmWmhvk2/lPHfnBiT78AQ== + dotgitignore@^2.1.0: version "2.1.0" resolved "https://registry.npmjs.org/dotgitignore/-/dotgitignore-2.1.0.tgz#a4b15a4e4ef3cf383598aaf1dfa4a04bcc089b7b" @@ -7506,9 +7511,9 @@ ejs@^3.1.7: jake "^10.8.5" electron-to-chromium@^1.4.601: - version "1.4.640" - resolved "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.4.640.tgz#76290a36fa4b5f1f4cadaf1fc582478ebb3ac246" - integrity sha512-z/6oZ/Muqk4BaE7P69bXhUhpJbUM9ZJeka43ZwxsDshKtePns4mhBlh8bU5+yrnOnz3fhG82XLzGUXazOmsWnA== + version "1.4.643" + resolved "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.4.643.tgz#081a20c5534db91e66ef094f68624960f674768f" + integrity sha512-QHscvvS7gt155PtoRC0dR2ilhL8E9LHhfTQEq1uD5AL0524rBLAwpAREFH06f87/e45B9XkR6Ki5dbhbCsVEIg== emittery@^0.13.1: version "0.13.1" @@ -7705,34 +7710,34 @@ es6-weak-map@^2.0.3: es6-iterator "^2.0.3" es6-symbol "^3.1.1" -esbuild@^0.19.11: - version "0.19.11" - resolved "https://registry.npmjs.org/esbuild/-/esbuild-0.19.11.tgz#4a02dca031e768b5556606e1b468fe72e3325d96" - integrity sha512-HJ96Hev2hX/6i5cDVwcqiJBBtuo9+FeIJOtZ9W1kA5M6AMJRHUZlpYZ1/SbEwtO0ioNAW8rUooVpC/WehY2SfA== +esbuild@^0.19.12: + version "0.19.12" + resolved "https://registry.npmjs.org/esbuild/-/esbuild-0.19.12.tgz#dc82ee5dc79e82f5a5c3b4323a2a641827db3e04" + integrity sha512-aARqgq8roFBj054KvQr5f1sFu0D65G+miZRCuJyJ0G13Zwx7vRar5Zhn2tkQNzIXcBrNVsv/8stehpj+GAjgbg== optionalDependencies: - "@esbuild/aix-ppc64" "0.19.11" - "@esbuild/android-arm" "0.19.11" - "@esbuild/android-arm64" "0.19.11" - "@esbuild/android-x64" "0.19.11" - "@esbuild/darwin-arm64" "0.19.11" - "@esbuild/darwin-x64" "0.19.11" - "@esbuild/freebsd-arm64" "0.19.11" - "@esbuild/freebsd-x64" "0.19.11" - "@esbuild/linux-arm" "0.19.11" - "@esbuild/linux-arm64" "0.19.11" - "@esbuild/linux-ia32" "0.19.11" - "@esbuild/linux-loong64" "0.19.11" - "@esbuild/linux-mips64el" "0.19.11" - "@esbuild/linux-ppc64" "0.19.11" - "@esbuild/linux-riscv64" "0.19.11" - "@esbuild/linux-s390x" "0.19.11" - "@esbuild/linux-x64" "0.19.11" - "@esbuild/netbsd-x64" "0.19.11" - "@esbuild/openbsd-x64" "0.19.11" - "@esbuild/sunos-x64" "0.19.11" - "@esbuild/win32-arm64" "0.19.11" - "@esbuild/win32-ia32" "0.19.11" - "@esbuild/win32-x64" "0.19.11" + "@esbuild/aix-ppc64" "0.19.12" + "@esbuild/android-arm" "0.19.12" + "@esbuild/android-arm64" "0.19.12" + "@esbuild/android-x64" "0.19.12" + "@esbuild/darwin-arm64" "0.19.12" + "@esbuild/darwin-x64" "0.19.12" + "@esbuild/freebsd-arm64" "0.19.12" + "@esbuild/freebsd-x64" "0.19.12" + "@esbuild/linux-arm" "0.19.12" + "@esbuild/linux-arm64" "0.19.12" + "@esbuild/linux-ia32" "0.19.12" + "@esbuild/linux-loong64" "0.19.12" + "@esbuild/linux-mips64el" "0.19.12" + "@esbuild/linux-ppc64" "0.19.12" + "@esbuild/linux-riscv64" "0.19.12" + "@esbuild/linux-s390x" "0.19.12" + "@esbuild/linux-x64" "0.19.12" + "@esbuild/netbsd-x64" "0.19.12" + "@esbuild/openbsd-x64" "0.19.12" + "@esbuild/sunos-x64" "0.19.12" + "@esbuild/win32-arm64" "0.19.12" + "@esbuild/win32-ia32" "0.19.12" + "@esbuild/win32-x64" "0.19.12" escalade@^3.1.1: version "3.1.1" @@ -10363,11 +10368,16 @@ json5@^2.2.2, json5@^2.2.3: resolved "https://registry.npmjs.org/json5/-/json5-2.2.3.tgz#78cd6f1a19bdc12b73db5ad0c61efd66c1e29283" integrity sha512-XmOWe7eyHYH14cLdVPoyg+GOH3rYX++KpzrylJwSW98t3Nk+U8XOl8FWKOgwtzdb8lXGf6zYwDUzeHMWfxasyg== -jsonc-parser@3.2.0, jsonc-parser@~3.2.0: +jsonc-parser@3.2.0: version "3.2.0" resolved "https://registry.npmjs.org/jsonc-parser/-/jsonc-parser-3.2.0.tgz#31ff3f4c2b9793f89c67212627c51c6394f88e76" integrity sha512-gfFQZrcTc8CnKXp6Y4/CBT3fTc0OVuDofpre4aEeEpSBPV5X5v4+Vmx+8snU7RLPrNHPKSgLxGo9YuQzz20o+w== +jsonc-parser@~3.2.0: + version "3.2.1" + resolved "https://registry.npmjs.org/jsonc-parser/-/jsonc-parser-3.2.1.tgz#031904571ccf929d7670ee8c547545081cb37f1a" + integrity sha512-AilxAyFOAcK5wA1+LeaySVBrHsGQvUFCDWXKpZjzaL0PqW+xfBOttn8GNtWKFWqneyMZj41MWF9Kl6iPWLwgOA== + jsonfile@^4.0.0: version "4.0.0" resolved "https://registry.npmjs.org/jsonfile/-/jsonfile-4.0.0.tgz#8771aae0799b64076b76640fca058f9c10e33ecb" @@ -14541,9 +14551,9 @@ typescript@^4.5.5: integrity sha512-1FXk9E2Hm+QzZQ7z+McJiHL4NW1F2EzMu9Nq9i3zAaGqibafqYwCVU6WyWAuyQRRzOlxou8xZSyXLEN8oKj24g== typescript@next: - version "5.4.0-dev.20240122" - resolved "https://registry.npmjs.org/typescript/-/typescript-5.4.0-dev.20240122.tgz#87049df18060af0153f466194ad37c3be86b91cd" - integrity sha512-AlqDACgFZ2OGGSqJcWcQQOkbiznU+fXn2vhdcZttnOe5qr1E1oXf1lcHXEz3wTmEouLQwN6fVp2/76/JOsf9rQ== + version "5.4.0-dev.20240124" + resolved "https://registry.npmjs.org/typescript/-/typescript-5.4.0-dev.20240124.tgz#76f7cf309d8186b62c186b3664bc72f7418e45b3" + integrity sha512-OAWV1z3s7OoZR1tKuVK8UokiDmv5J8EEjKJu7BtU7veEXBA9cLGQ6LEw4Jt83BidP8lWytDetVuOxmF/VtLQPg== typescript@~5.1.0, typescript@~5.1.6: version "5.1.6" @@ -15060,10 +15070,10 @@ xml-js@^1.6.11: dependencies: sax "^1.2.4" -xml2js@0.5.0: - version "0.5.0" - resolved "https://registry.npmjs.org/xml2js/-/xml2js-0.5.0.tgz#d9440631fbb2ed800203fad106f2724f62c493b7" - integrity sha512-drPFnkQJik/O+uPKpqSgr22mpuFHqKdbS835iAQrUC73L2F5WkboIRd63ai/2Yg6I1jzifPFKH2NTK+cfglkIA== +xml2js@0.6.2: + version "0.6.2" + resolved "https://registry.npmjs.org/xml2js/-/xml2js-0.6.2.tgz#dd0b630083aa09c161e25a4d0901e2b2a929b499" + integrity sha512-T4rieHaC1EXcES0Kxxj4JWgaUQHDk+qwHcYOCFHfiwKz7tOVPLq7Hjq9dM1WCMhylqMEfP7hMcOIChvotiZegA== dependencies: sax ">=0.6.0" xmlbuilder "~11.0.0" From bdf42854ba74b80d18263e77ec76ce1c2356fd38 Mon Sep 17 00:00:00 2001 From: kazuho cryer-shinozuka Date: Thu, 25 Jan 2024 03:07:21 +0900 Subject: [PATCH 2/6] feat(rds): Kerberos authentication support in Aurora Database Clusters (#28559) I have added the arguments domain and domainRole to support Kerberos authentication for the Aurora Database cluster. The specifications for these arguments are the same as the existing [domain](https://github.com/aws/aws-cdk/blob/main/packages/aws-cdk-lib/aws-rds/lib/instance.ts#L625) and [domainRole](https://github.com/aws/aws-cdk/blob/main/packages/aws-cdk-lib/aws-rds/lib/instance.ts#L633) in the [Instance](https://github.com/aws/aws-cdk/tree/main/packages/aws-cdk-lib/aws-rds#kerberos-authentication). ```ts declare const vpc: ec2.Vpc declare const iamRole: iam.IRole new rds.DatabaseCluster(this, 'Database', { engine: rds.DatabaseClusterEngine.auroraMysql({ version: rds.AuroraMysqlEngineVersion.VER_3_05_1 }), writer: rds.ClusterInstance.provisioned('Instance', { instanceType: ec2.InstanceType.of(ec2.InstanceClass.BURSTABLE3, ec2.InstanceSize.MEDIUM), }), vpc, domain: 'd-????????', // added domainRole: iamRole, // added }); ``` Closes #28050. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- .../__entrypoint__.js | 147 +++ .../index.js | 1 + .../cdk.out | 1 + .../cluster-kerberos.assets.json | 32 + .../cluster-kerberos.template.json | 736 +++++++++++ .../integ.json | 12 + ...efaultTestDeployAssert6F647828.assets.json | 19 + ...aultTestDeployAssert6F647828.template.json | 36 + .../manifest.json | 311 +++++ .../tree.json | 1125 +++++++++++++++++ .../aws-rds/test/integ.cluster-kerberos.ts | 46 + packages/aws-cdk-lib/aws-rds/README.md | 27 +- packages/aws-cdk-lib/aws-rds/lib/cluster.ts | 36 + .../aws-cdk-lib/aws-rds/test/cluster.test.ts | 78 ++ 14 files changed, 2606 insertions(+), 1 deletion(-) create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.cluster-kerberos.js.snapshot/asset.4554b47be6f57b68c6c7a7391dcc73894866d2377fe174883351e7639097f292/__entrypoint__.js create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.cluster-kerberos.js.snapshot/asset.4554b47be6f57b68c6c7a7391dcc73894866d2377fe174883351e7639097f292/index.js create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.cluster-kerberos.js.snapshot/cdk.out create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.cluster-kerberos.js.snapshot/cluster-kerberos.assets.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.cluster-kerberos.js.snapshot/cluster-kerberos.template.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.cluster-kerberos.js.snapshot/integ.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.cluster-kerberos.js.snapshot/integclusterkerberosDefaultTestDeployAssert6F647828.assets.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.cluster-kerberos.js.snapshot/integclusterkerberosDefaultTestDeployAssert6F647828.template.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.cluster-kerberos.js.snapshot/manifest.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.cluster-kerberos.js.snapshot/tree.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.cluster-kerberos.ts diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.cluster-kerberos.js.snapshot/asset.4554b47be6f57b68c6c7a7391dcc73894866d2377fe174883351e7639097f292/__entrypoint__.js b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.cluster-kerberos.js.snapshot/asset.4554b47be6f57b68c6c7a7391dcc73894866d2377fe174883351e7639097f292/__entrypoint__.js new file mode 100644 index 0000000000000..1e64dba70bdc0 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.cluster-kerberos.js.snapshot/asset.4554b47be6f57b68c6c7a7391dcc73894866d2377fe174883351e7639097f292/__entrypoint__.js @@ -0,0 +1,147 @@ +"use strict"; +Object.defineProperty(exports, "__esModule", { value: true }); +exports.withRetries = exports.handler = exports.external = void 0; +const https = require("https"); +const url = require("url"); +// for unit tests +exports.external = { + sendHttpRequest: defaultSendHttpRequest, + log: defaultLog, + includeStackTraces: true, + userHandlerIndex: './index', +}; +const CREATE_FAILED_PHYSICAL_ID_MARKER = 'AWSCDK::CustomResourceProviderFramework::CREATE_FAILED'; +const MISSING_PHYSICAL_ID_MARKER = 'AWSCDK::CustomResourceProviderFramework::MISSING_PHYSICAL_ID'; +async function handler(event, context) { + const sanitizedEvent = { ...event, ResponseURL: '...' }; + exports.external.log(JSON.stringify(sanitizedEvent, undefined, 2)); + // ignore DELETE event when the physical resource ID is the marker that + // indicates that this DELETE is a subsequent DELETE to a failed CREATE + // operation. + if (event.RequestType === 'Delete' && event.PhysicalResourceId === CREATE_FAILED_PHYSICAL_ID_MARKER) { + exports.external.log('ignoring DELETE event caused by a failed CREATE event'); + await submitResponse('SUCCESS', event); + return; + } + try { + // invoke the user handler. this is intentionally inside the try-catch to + // ensure that if there is an error it's reported as a failure to + // cloudformation (otherwise cfn waits). + // eslint-disable-next-line @typescript-eslint/no-require-imports + const userHandler = require(exports.external.userHandlerIndex).handler; + const result = await userHandler(sanitizedEvent, context); + // validate user response and create the combined event + const responseEvent = renderResponse(event, result); + // submit to cfn as success + await submitResponse('SUCCESS', responseEvent); + } + catch (e) { + const resp = { + ...event, + Reason: exports.external.includeStackTraces ? e.stack : e.message, + }; + if (!resp.PhysicalResourceId) { + // special case: if CREATE fails, which usually implies, we usually don't + // have a physical resource id. in this case, the subsequent DELETE + // operation does not have any meaning, and will likely fail as well. to + // address this, we use a marker so the provider framework can simply + // ignore the subsequent DELETE. + if (event.RequestType === 'Create') { + exports.external.log('CREATE failed, responding with a marker physical resource id so that the subsequent DELETE will be ignored'); + resp.PhysicalResourceId = CREATE_FAILED_PHYSICAL_ID_MARKER; + } + else { + // otherwise, if PhysicalResourceId is not specified, something is + // terribly wrong because all other events should have an ID. + exports.external.log(`ERROR: Malformed event. "PhysicalResourceId" is required: ${JSON.stringify(event)}`); + } + } + // this is an actual error, fail the activity altogether and exist. + await submitResponse('FAILED', resp); + } +} +exports.handler = handler; +function renderResponse(cfnRequest, handlerResponse = {}) { + // if physical ID is not returned, we have some defaults for you based + // on the request type. + const physicalResourceId = handlerResponse.PhysicalResourceId ?? cfnRequest.PhysicalResourceId ?? cfnRequest.RequestId; + // if we are in DELETE and physical ID was changed, it's an error. + if (cfnRequest.RequestType === 'Delete' && physicalResourceId !== cfnRequest.PhysicalResourceId) { + throw new Error(`DELETE: cannot change the physical resource ID from "${cfnRequest.PhysicalResourceId}" to "${handlerResponse.PhysicalResourceId}" during deletion`); + } + // merge request event and result event (result prevails). + return { + ...cfnRequest, + ...handlerResponse, + PhysicalResourceId: physicalResourceId, + }; +} +async function submitResponse(status, event) { + const json = { + Status: status, + Reason: event.Reason ?? status, + StackId: event.StackId, + RequestId: event.RequestId, + PhysicalResourceId: event.PhysicalResourceId || MISSING_PHYSICAL_ID_MARKER, + LogicalResourceId: event.LogicalResourceId, + NoEcho: event.NoEcho, + Data: event.Data, + }; + exports.external.log('submit response to cloudformation', json); + const responseBody = JSON.stringify(json); + const parsedUrl = url.parse(event.ResponseURL); + const req = { + hostname: parsedUrl.hostname, + path: parsedUrl.path, + method: 'PUT', + headers: { + 'content-type': '', + 'content-length': Buffer.byteLength(responseBody, 'utf8'), + }, + }; + const retryOptions = { + attempts: 5, + sleep: 1000, + }; + await withRetries(retryOptions, exports.external.sendHttpRequest)(req, responseBody); +} +async function defaultSendHttpRequest(options, responseBody) { + return new Promise((resolve, reject) => { + try { + const request = https.request(options, _ => resolve()); + request.on('error', reject); + request.write(responseBody); + request.end(); + } + catch (e) { + reject(e); + } + }); +} +function defaultLog(fmt, ...params) { + // eslint-disable-next-line no-console + console.log(fmt, ...params); +} +function withRetries(options, fn) { + return async (...xs) => { + let attempts = options.attempts; + let ms = options.sleep; + while (true) { + try { + return await fn(...xs); + } + catch (e) { + if (attempts-- <= 0) { + throw e; + } + await sleep(Math.floor(Math.random() * ms)); + ms *= 2; + } + } + }; +} +exports.withRetries = withRetries; +async function sleep(ms) { + return new Promise((ok) => setTimeout(ok, ms)); +} +//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyJpbmRleC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7QUFBQSwrQkFBK0I7QUFDL0IsMkJBQTJCO0FBRTNCLGlCQUFpQjtBQUNKLFFBQUEsUUFBUSxHQUFHO0lBQ3RCLGVBQWUsRUFBRSxzQkFBc0I7SUFDdkMsR0FBRyxFQUFFLFVBQVU7SUFDZixrQkFBa0IsRUFBRSxJQUFJO0lBQ3hCLGdCQUFnQixFQUFFLFNBQVM7Q0FDNUIsQ0FBQztBQUVGLE1BQU0sZ0NBQWdDLEdBQUcsd0RBQXdELENBQUM7QUFDbEcsTUFBTSwwQkFBMEIsR0FBRyw4REFBOEQsQ0FBQztBQVczRixLQUFLLFVBQVUsT0FBTyxDQUFDLEtBQWtELEVBQUUsT0FBMEI7SUFDMUcsTUFBTSxjQUFjLEdBQUcsRUFBRSxHQUFHLEtBQUssRUFBRSxXQUFXLEVBQUUsS0FBSyxFQUFFLENBQUM7SUFDeEQsZ0JBQVEsQ0FBQyxHQUFHLENBQUMsSUFBSSxDQUFDLFNBQVMsQ0FBQyxjQUFjLEVBQUUsU0FBUyxFQUFFLENBQUMsQ0FBQyxDQUFDLENBQUM7SUFFM0QsdUVBQXVFO0lBQ3ZFLHVFQUF1RTtJQUN2RSxhQUFhO0lBQ2IsSUFBSSxLQUFLLENBQUMsV0FBVyxLQUFLLFFBQVEsSUFBSSxLQUFLLENBQUMsa0JBQWtCLEtBQUssZ0NBQWdDLEVBQUU7UUFDbkcsZ0JBQVEsQ0FBQyxHQUFHLENBQUMsdURBQXVELENBQUMsQ0FBQztRQUN0RSxNQUFNLGNBQWMsQ0FBQyxTQUFTLEVBQUUsS0FBSyxDQUFDLENBQUM7UUFDdkMsT0FBTztLQUNSO0lBRUQsSUFBSTtRQUNGLHlFQUF5RTtRQUN6RSxpRUFBaUU7UUFDakUsd0NBQXdDO1FBQ3hDLGlFQUFpRTtRQUNqRSxNQUFNLFdBQVcsR0FBWSxPQUFPLENBQUMsZ0JBQVEsQ0FBQyxnQkFBZ0IsQ0FBQyxDQUFDLE9BQU8sQ0FBQztRQUN4RSxNQUFNLE1BQU0sR0FBRyxNQUFNLFdBQVcsQ0FBQyxjQUFjLEVBQUUsT0FBTyxDQUFDLENBQUM7UUFFMUQsdURBQXVEO1FBQ3ZELE1BQU0sYUFBYSxHQUFHLGNBQWMsQ0FBQyxLQUFLLEVBQUUsTUFBTSxDQUFDLENBQUM7UUFFcEQsMkJBQTJCO1FBQzNCLE1BQU0sY0FBYyxDQUFDLFNBQVMsRUFBRSxhQUFhLENBQUMsQ0FBQztLQUNoRDtJQUFDLE9BQU8sQ0FBTSxFQUFFO1FBQ2YsTUFBTSxJQUFJLEdBQWE7WUFDckIsR0FBRyxLQUFLO1lBQ1IsTUFBTSxFQUFFLGdCQUFRLENBQUMsa0JBQWtCLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQyxLQUFLLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQyxPQUFPO1NBQzFELENBQUM7UUFFRixJQUFJLENBQUMsSUFBSSxDQUFDLGtCQUFrQixFQUFFO1lBQzVCLHlFQUF5RTtZQUN6RSxtRUFBbUU7WUFDbkUsd0VBQXdFO1lBQ3hFLHFFQUFxRTtZQUNyRSxnQ0FBZ0M7WUFDaEMsSUFBSSxLQUFLLENBQUMsV0FBVyxLQUFLLFFBQVEsRUFBRTtnQkFDbEMsZ0JBQVEsQ0FBQyxHQUFHLENBQUMsNEdBQTRHLENBQUMsQ0FBQztnQkFDM0gsSUFBSSxDQUFDLGtCQUFrQixHQUFHLGdDQUFnQyxDQUFDO2FBQzVEO2lCQUFNO2dCQUNMLGtFQUFrRTtnQkFDbEUsNkRBQTZEO2dCQUM3RCxnQkFBUSxDQUFDLEdBQUcsQ0FBQyw2REFBNkQsSUFBSSxDQUFDLFNBQVMsQ0FBQyxLQUFLLENBQUMsRUFBRSxDQUFDLENBQUM7YUFDcEc7U0FDRjtRQUVELG1FQUFtRTtRQUNuRSxNQUFNLGNBQWMsQ0FBQyxRQUFRLEVBQUUsSUFBSSxDQUFDLENBQUM7S0FDdEM7QUFDSCxDQUFDO0FBbkRELDBCQW1EQztBQUVELFNBQVMsY0FBYyxDQUNyQixVQUF5RixFQUN6RixrQkFBMEMsRUFBRztJQUU3QyxzRUFBc0U7SUFDdEUsdUJBQXVCO0lBQ3ZCLE1BQU0sa0JBQWtCLEdBQUcsZUFBZSxDQUFDLGtCQUFrQixJQUFJLFVBQVUsQ0FBQyxrQkFBa0IsSUFBSSxVQUFVLENBQUMsU0FBUyxDQUFDO0lBRXZILGtFQUFrRTtJQUNsRSxJQUFJLFVBQVUsQ0FBQyxXQUFXLEtBQUssUUFBUSxJQUFJLGtCQUFrQixLQUFLLFVBQVUsQ0FBQyxrQkFBa0IsRUFBRTtRQUMvRixNQUFNLElBQUksS0FBSyxDQUFDLHdEQUF3RCxVQUFVLENBQUMsa0JBQWtCLFNBQVMsZUFBZSxDQUFDLGtCQUFrQixtQkFBbUIsQ0FBQyxDQUFDO0tBQ3RLO0lBRUQsMERBQTBEO0lBQzFELE9BQU87UUFDTCxHQUFHLFVBQVU7UUFDYixHQUFHLGVBQWU7UUFDbEIsa0JBQWtCLEVBQUUsa0JBQWtCO0tBQ3ZDLENBQUM7QUFDSixDQUFDO0FBRUQsS0FBSyxVQUFVLGNBQWMsQ0FBQyxNQUE0QixFQUFFLEtBQWU7SUFDekUsTUFBTSxJQUFJLEdBQW1EO1FBQzNELE1BQU0sRUFBRSxNQUFNO1FBQ2QsTUFBTSxFQUFFLEtBQUssQ0FBQyxNQUFNLElBQUksTUFBTTtRQUM5QixPQUFPLEVBQUUsS0FBSyxDQUFDLE9BQU87UUFDdEIsU0FBUyxFQUFFLEtBQUssQ0FBQyxTQUFTO1FBQzFCLGtCQUFrQixFQUFFLEtBQUssQ0FBQyxrQkFBa0IsSUFBSSwwQkFBMEI7UUFDMUUsaUJBQWlCLEVBQUUsS0FBSyxDQUFDLGlCQUFpQjtRQUMxQyxNQUFNLEVBQUUsS0FBSyxDQUFDLE1BQU07UUFDcEIsSUFBSSxFQUFFLEtBQUssQ0FBQyxJQUFJO0tBQ2pCLENBQUM7SUFFRixnQkFBUSxDQUFDLEdBQUcsQ0FBQyxtQ0FBbUMsRUFBRSxJQUFJLENBQUMsQ0FBQztJQUV4RCxNQUFNLFlBQVksR0FBRyxJQUFJLENBQUMsU0FBUyxDQUFDLElBQUksQ0FBQyxDQUFDO0lBQzFDLE1BQU0sU0FBUyxHQUFHLEdBQUcsQ0FBQyxLQUFLLENBQUMsS0FBSyxDQUFDLFdBQVcsQ0FBQyxDQUFDO0lBQy9DLE1BQU0sR0FBRyxHQUFHO1FBQ1YsUUFBUSxFQUFFLFNBQVMsQ0FBQyxRQUFRO1FBQzVCLElBQUksRUFBRSxTQUFTLENBQUMsSUFBSTtRQUNwQixNQUFNLEVBQUUsS0FBSztRQUNiLE9BQU8sRUFBRTtZQUNQLGNBQWMsRUFBRSxFQUFFO1lBQ2xCLGdCQUFnQixFQUFFLE1BQU0sQ0FBQyxVQUFVLENBQUMsWUFBWSxFQUFFLE1BQU0sQ0FBQztTQUMxRDtLQUNGLENBQUM7SUFFRixNQUFNLFlBQVksR0FBRztRQUNuQixRQUFRLEVBQUUsQ0FBQztRQUNYLEtBQUssRUFBRSxJQUFJO0tBQ1osQ0FBQztJQUNGLE1BQU0sV0FBVyxDQUFDLFlBQVksRUFBRSxnQkFBUSxDQUFDLGVBQWUsQ0FBQyxDQUFDLEdBQUcsRUFBRSxZQUFZLENBQUMsQ0FBQztBQUMvRSxDQUFDO0FBRUQsS0FBSyxVQUFVLHNCQUFzQixDQUFDLE9BQTZCLEVBQUUsWUFBb0I7SUFDdkYsT0FBTyxJQUFJLE9BQU8sQ0FBQyxDQUFDLE9BQU8sRUFBRSxNQUFNLEVBQUUsRUFBRTtRQUNyQyxJQUFJO1lBQ0YsTUFBTSxPQUFPLEdBQUcsS0FBSyxDQUFDLE9BQU8sQ0FBQyxPQUFPLEVBQUUsQ0FBQyxDQUFDLEVBQUUsQ0FBQyxPQUFPLEVBQUUsQ0FBQyxDQUFDO1lBQ3ZELE9BQU8sQ0FBQyxFQUFFLENBQUMsT0FBTyxFQUFFLE1BQU0sQ0FBQyxDQUFDO1lBQzVCLE9BQU8sQ0FBQyxLQUFLLENBQUMsWUFBWSxDQUFDLENBQUM7WUFDNUIsT0FBTyxDQUFDLEdBQUcsRUFBRSxDQUFDO1NBQ2Y7UUFBQyxPQUFPLENBQUMsRUFBRTtZQUNWLE1BQU0sQ0FBQyxDQUFDLENBQUMsQ0FBQztTQUNYO0lBQ0gsQ0FBQyxDQUFDLENBQUM7QUFDTCxDQUFDO0FBRUQsU0FBUyxVQUFVLENBQUMsR0FBVyxFQUFFLEdBQUcsTUFBYTtJQUMvQyxzQ0FBc0M7SUFDdEMsT0FBTyxDQUFDLEdBQUcsQ0FBQyxHQUFHLEVBQUUsR0FBRyxNQUFNLENBQUMsQ0FBQztBQUM5QixDQUFDO0FBU0QsU0FBZ0IsV0FBVyxDQUEwQixPQUFxQixFQUFFLEVBQTRCO0lBQ3RHLE9BQU8sS0FBSyxFQUFFLEdBQUcsRUFBSyxFQUFFLEVBQUU7UUFDeEIsSUFBSSxRQUFRLEdBQUcsT0FBTyxDQUFDLFFBQVEsQ0FBQztRQUNoQyxJQUFJLEVBQUUsR0FBRyxPQUFPLENBQUMsS0FBSyxDQUFDO1FBQ3ZCLE9BQU8sSUFBSSxFQUFFO1lBQ1gsSUFBSTtnQkFDRixPQUFPLE1BQU0sRUFBRSxDQUFDLEdBQUcsRUFBRSxDQUFDLENBQUM7YUFDeEI7WUFBQyxPQUFPLENBQUMsRUFBRTtnQkFDVixJQUFJLFFBQVEsRUFBRSxJQUFJLENBQUMsRUFBRTtvQkFDbkIsTUFBTSxDQUFDLENBQUM7aUJBQ1Q7Z0JBQ0QsTUFBTSxLQUFLLENBQUMsSUFBSSxDQUFDLEtBQUssQ0FBQyxJQUFJLENBQUMsTUFBTSxFQUFFLEdBQUcsRUFBRSxDQUFDLENBQUMsQ0FBQztnQkFDNUMsRUFBRSxJQUFJLENBQUMsQ0FBQzthQUNUO1NBQ0Y7SUFDSCxDQUFDLENBQUM7QUFDSixDQUFDO0FBaEJELGtDQWdCQztBQUVELEtBQUssVUFBVSxLQUFLLENBQUMsRUFBVTtJQUM3QixPQUFPLElBQUksT0FBTyxDQUFDLENBQUMsRUFBRSxFQUFFLEVBQUUsQ0FBQyxVQUFVLENBQUMsRUFBRSxFQUFFLEVBQUUsQ0FBQyxDQUFDLENBQUM7QUFDakQsQ0FBQyIsInNvdXJjZXNDb250ZW50IjpbImltcG9ydCAqIGFzIGh0dHBzIGZyb20gJ2h0dHBzJztcbmltcG9ydCAqIGFzIHVybCBmcm9tICd1cmwnO1xuXG4vLyBmb3IgdW5pdCB0ZXN0c1xuZXhwb3J0IGNvbnN0IGV4dGVybmFsID0ge1xuICBzZW5kSHR0cFJlcXVlc3Q6IGRlZmF1bHRTZW5kSHR0cFJlcXVlc3QsXG4gIGxvZzogZGVmYXVsdExvZyxcbiAgaW5jbHVkZVN0YWNrVHJhY2VzOiB0cnVlLFxuICB1c2VySGFuZGxlckluZGV4OiAnLi9pbmRleCcsXG59O1xuXG5jb25zdCBDUkVBVEVfRkFJTEVEX1BIWVNJQ0FMX0lEX01BUktFUiA9ICdBV1NDREs6OkN1c3RvbVJlc291cmNlUHJvdmlkZXJGcmFtZXdvcms6OkNSRUFURV9GQUlMRUQnO1xuY29uc3QgTUlTU0lOR19QSFlTSUNBTF9JRF9NQVJLRVIgPSAnQVdTQ0RLOjpDdXN0b21SZXNvdXJjZVByb3ZpZGVyRnJhbWV3b3JrOjpNSVNTSU5HX1BIWVNJQ0FMX0lEJztcblxuZXhwb3J0IHR5cGUgUmVzcG9uc2UgPSBBV1NMYW1iZGEuQ2xvdWRGb3JtYXRpb25DdXN0b21SZXNvdXJjZUV2ZW50ICYgSGFuZGxlclJlc3BvbnNlO1xuZXhwb3J0IHR5cGUgSGFuZGxlciA9IChldmVudDogQVdTTGFtYmRhLkNsb3VkRm9ybWF0aW9uQ3VzdG9tUmVzb3VyY2VFdmVudCwgY29udGV4dDogQVdTTGFtYmRhLkNvbnRleHQpID0+IFByb21pc2U8SGFuZGxlclJlc3BvbnNlIHwgdm9pZD47XG5leHBvcnQgdHlwZSBIYW5kbGVyUmVzcG9uc2UgPSB1bmRlZmluZWQgfCB7XG4gIERhdGE/OiBhbnk7XG4gIFBoeXNpY2FsUmVzb3VyY2VJZD86IHN0cmluZztcbiAgUmVhc29uPzogc3RyaW5nO1xuICBOb0VjaG8/OiBib29sZWFuO1xufTtcblxuZXhwb3J0IGFzeW5jIGZ1bmN0aW9uIGhhbmRsZXIoZXZlbnQ6IEFXU0xhbWJkYS5DbG91ZEZvcm1hdGlvbkN1c3RvbVJlc291cmNlRXZlbnQsIGNvbnRleHQ6IEFXU0xhbWJkYS5Db250ZXh0KSB7XG4gIGNvbnN0IHNhbml0aXplZEV2ZW50ID0geyAuLi5ldmVudCwgUmVzcG9uc2VVUkw6ICcuLi4nIH07XG4gIGV4dGVybmFsLmxvZyhKU09OLnN0cmluZ2lmeShzYW5pdGl6ZWRFdmVudCwgdW5kZWZpbmVkLCAyKSk7XG5cbiAgLy8gaWdub3JlIERFTEVURSBldmVudCB3aGVuIHRoZSBwaHlzaWNhbCByZXNvdXJjZSBJRCBpcyB0aGUgbWFya2VyIHRoYXRcbiAgLy8gaW5kaWNhdGVzIHRoYXQgdGhpcyBERUxFVEUgaXMgYSBzdWJzZXF1ZW50IERFTEVURSB0byBhIGZhaWxlZCBDUkVBVEVcbiAgLy8gb3BlcmF0aW9uLlxuICBpZiAoZXZlbnQuUmVxdWVzdFR5cGUgPT09ICdEZWxldGUnICYmIGV2ZW50LlBoeXNpY2FsUmVzb3VyY2VJZCA9PT0gQ1JFQVRFX0ZBSUxFRF9QSFlTSUNBTF9JRF9NQVJLRVIpIHtcbiAgICBleHRlcm5hbC5sb2coJ2lnbm9yaW5nIERFTEVURSBldmVudCBjYXVzZWQgYnkgYSBmYWlsZWQgQ1JFQVRFIGV2ZW50Jyk7XG4gICAgYXdhaXQgc3VibWl0UmVzcG9uc2UoJ1NVQ0NFU1MnLCBldmVudCk7XG4gICAgcmV0dXJuO1xuICB9XG5cbiAgdHJ5IHtcbiAgICAvLyBpbnZva2UgdGhlIHVzZXIgaGFuZGxlci4gdGhpcyBpcyBpbnRlbnRpb25hbGx5IGluc2lkZSB0aGUgdHJ5LWNhdGNoIHRvXG4gICAgLy8gZW5zdXJlIHRoYXQgaWYgdGhlcmUgaXMgYW4gZXJyb3IgaXQncyByZXBvcnRlZCBhcyBhIGZhaWx1cmUgdG9cbiAgICAvLyBjbG91ZGZvcm1hdGlvbiAob3RoZXJ3aXNlIGNmbiB3YWl0cykuXG4gICAgLy8gZXNsaW50LWRpc2FibGUtbmV4dC1saW5lIEB0eXBlc2NyaXB0LWVzbGludC9uby1yZXF1aXJlLWltcG9ydHNcbiAgICBjb25zdCB1c2VySGFuZGxlcjogSGFuZGxlciA9IHJlcXVpcmUoZXh0ZXJuYWwudXNlckhhbmRsZXJJbmRleCkuaGFuZGxlcjtcbiAgICBjb25zdCByZXN1bHQgPSBhd2FpdCB1c2VySGFuZGxlcihzYW5pdGl6ZWRFdmVudCwgY29udGV4dCk7XG5cbiAgICAvLyB2YWxpZGF0ZSB1c2VyIHJlc3BvbnNlIGFuZCBjcmVhdGUgdGhlIGNvbWJpbmVkIGV2ZW50XG4gICAgY29uc3QgcmVzcG9uc2VFdmVudCA9IHJlbmRlclJlc3BvbnNlKGV2ZW50LCByZXN1bHQpO1xuXG4gICAgLy8gc3VibWl0IHRvIGNmbiBhcyBzdWNjZXNzXG4gICAgYXdhaXQgc3VibWl0UmVzcG9uc2UoJ1NVQ0NFU1MnLCByZXNwb25zZUV2ZW50KTtcbiAgfSBjYXRjaCAoZTogYW55KSB7XG4gICAgY29uc3QgcmVzcDogUmVzcG9uc2UgPSB7XG4gICAgICAuLi5ldmVudCxcbiAgICAgIFJlYXNvbjogZXh0ZXJuYWwuaW5jbHVkZVN0YWNrVHJhY2VzID8gZS5zdGFjayA6IGUubWVzc2FnZSxcbiAgICB9O1xuXG4gICAgaWYgKCFyZXNwLlBoeXNpY2FsUmVzb3VyY2VJZCkge1xuICAgICAgLy8gc3BlY2lhbCBjYXNlOiBpZiBDUkVBVEUgZmFpbHMsIHdoaWNoIHVzdWFsbHkgaW1wbGllcywgd2UgdXN1YWxseSBkb24ndFxuICAgICAgLy8gaGF2ZSBhIHBoeXNpY2FsIHJlc291cmNlIGlkLiBpbiB0aGlzIGNhc2UsIHRoZSBzdWJzZXF1ZW50IERFTEVURVxuICAgICAgLy8gb3BlcmF0aW9uIGRvZXMgbm90IGhhdmUgYW55IG1lYW5pbmcsIGFuZCB3aWxsIGxpa2VseSBmYWlsIGFzIHdlbGwuIHRvXG4gICAgICAvLyBhZGRyZXNzIHRoaXMsIHdlIHVzZSBhIG1hcmtlciBzbyB0aGUgcHJvdmlkZXIgZnJhbWV3b3JrIGNhbiBzaW1wbHlcbiAgICAgIC8vIGlnbm9yZSB0aGUgc3Vic2VxdWVudCBERUxFVEUuXG4gICAgICBpZiAoZXZlbnQuUmVxdWVzdFR5cGUgPT09ICdDcmVhdGUnKSB7XG4gICAgICAgIGV4dGVybmFsLmxvZygnQ1JFQVRFIGZhaWxlZCwgcmVzcG9uZGluZyB3aXRoIGEgbWFya2VyIHBoeXNpY2FsIHJlc291cmNlIGlkIHNvIHRoYXQgdGhlIHN1YnNlcXVlbnQgREVMRVRFIHdpbGwgYmUgaWdub3JlZCcpO1xuICAgICAgICByZXNwLlBoeXNpY2FsUmVzb3VyY2VJZCA9IENSRUFURV9GQUlMRURfUEhZU0lDQUxfSURfTUFSS0VSO1xuICAgICAgfSBlbHNlIHtcbiAgICAgICAgLy8gb3RoZXJ3aXNlLCBpZiBQaHlzaWNhbFJlc291cmNlSWQgaXMgbm90IHNwZWNpZmllZCwgc29tZXRoaW5nIGlzXG4gICAgICAgIC8vIHRlcnJpYmx5IHdyb25nIGJlY2F1c2UgYWxsIG90aGVyIGV2ZW50cyBzaG91bGQgaGF2ZSBhbiBJRC5cbiAgICAgICAgZXh0ZXJuYWwubG9nKGBFUlJPUjogTWFsZm9ybWVkIGV2ZW50LiBcIlBoeXNpY2FsUmVzb3VyY2VJZFwiIGlzIHJlcXVpcmVkOiAke0pTT04uc3RyaW5naWZ5KGV2ZW50KX1gKTtcbiAgICAgIH1cbiAgICB9XG5cbiAgICAvLyB0aGlzIGlzIGFuIGFjdHVhbCBlcnJvciwgZmFpbCB0aGUgYWN0aXZpdHkgYWx0b2dldGhlciBhbmQgZXhpc3QuXG4gICAgYXdhaXQgc3VibWl0UmVzcG9uc2UoJ0ZBSUxFRCcsIHJlc3ApO1xuICB9XG59XG5cbmZ1bmN0aW9uIHJlbmRlclJlc3BvbnNlKFxuICBjZm5SZXF1ZXN0OiBBV1NMYW1iZGEuQ2xvdWRGb3JtYXRpb25DdXN0b21SZXNvdXJjZUV2ZW50ICYgeyBQaHlzaWNhbFJlc291cmNlSWQ/OiBzdHJpbmcgfSxcbiAgaGFuZGxlclJlc3BvbnNlOiB2b2lkIHwgSGFuZGxlclJlc3BvbnNlID0geyB9KTogUmVzcG9uc2Uge1xuXG4gIC8vIGlmIHBoeXNpY2FsIElEIGlzIG5vdCByZXR1cm5lZCwgd2UgaGF2ZSBzb21lIGRlZmF1bHRzIGZvciB5b3UgYmFzZWRcbiAgLy8gb24gdGhlIHJlcXVlc3QgdHlwZS5cbiAgY29uc3QgcGh5c2ljYWxSZXNvdXJjZUlkID0gaGFuZGxlclJlc3BvbnNlLlBoeXNpY2FsUmVzb3VyY2VJZCA/PyBjZm5SZXF1ZXN0LlBoeXNpY2FsUmVzb3VyY2VJZCA/PyBjZm5SZXF1ZXN0LlJlcXVlc3RJZDtcblxuICAvLyBpZiB3ZSBhcmUgaW4gREVMRVRFIGFuZCBwaHlzaWNhbCBJRCB3YXMgY2hhbmdlZCwgaXQncyBhbiBlcnJvci5cbiAgaWYgKGNmblJlcXVlc3QuUmVxdWVzdFR5cGUgPT09ICdEZWxldGUnICYmIHBoeXNpY2FsUmVzb3VyY2VJZCAhPT0gY2ZuUmVxdWVzdC5QaHlzaWNhbFJlc291cmNlSWQpIHtcbiAgICB0aHJvdyBuZXcgRXJyb3IoYERFTEVURTogY2Fubm90IGNoYW5nZSB0aGUgcGh5c2ljYWwgcmVzb3VyY2UgSUQgZnJvbSBcIiR7Y2ZuUmVxdWVzdC5QaHlzaWNhbFJlc291cmNlSWR9XCIgdG8gXCIke2hhbmRsZXJSZXNwb25zZS5QaHlzaWNhbFJlc291cmNlSWR9XCIgZHVyaW5nIGRlbGV0aW9uYCk7XG4gIH1cblxuICAvLyBtZXJnZSByZXF1ZXN0IGV2ZW50IGFuZCByZXN1bHQgZXZlbnQgKHJlc3VsdCBwcmV2YWlscykuXG4gIHJldHVybiB7XG4gICAgLi4uY2ZuUmVxdWVzdCxcbiAgICAuLi5oYW5kbGVyUmVzcG9uc2UsXG4gICAgUGh5c2ljYWxSZXNvdXJjZUlkOiBwaHlzaWNhbFJlc291cmNlSWQsXG4gIH07XG59XG5cbmFzeW5jIGZ1bmN0aW9uIHN1Ym1pdFJlc3BvbnNlKHN0YXR1czogJ1NVQ0NFU1MnIHwgJ0ZBSUxFRCcsIGV2ZW50OiBSZXNwb25zZSkge1xuICBjb25zdCBqc29uOiBBV1NMYW1iZGEuQ2xvdWRGb3JtYXRpb25DdXN0b21SZXNvdXJjZVJlc3BvbnNlID0ge1xuICAgIFN0YXR1czogc3RhdHVzLFxuICAgIFJlYXNvbjogZXZlbnQuUmVhc29uID8/IHN0YXR1cyxcbiAgICBTdGFja0lkOiBldmVudC5TdGFja0lkLFxuICAgIFJlcXVlc3RJZDogZXZlbnQuUmVxdWVzdElkLFxuICAgIFBoeXNpY2FsUmVzb3VyY2VJZDogZXZlbnQuUGh5c2ljYWxSZXNvdXJjZUlkIHx8IE1JU1NJTkdfUEhZU0lDQUxfSURfTUFSS0VSLFxuICAgIExvZ2ljYWxSZXNvdXJjZUlkOiBldmVudC5Mb2dpY2FsUmVzb3VyY2VJZCxcbiAgICBOb0VjaG86IGV2ZW50Lk5vRWNobyxcbiAgICBEYXRhOiBldmVudC5EYXRhLFxuICB9O1xuXG4gIGV4dGVybmFsLmxvZygnc3VibWl0IHJlc3BvbnNlIHRvIGNsb3VkZm9ybWF0aW9uJywganNvbik7XG5cbiAgY29uc3QgcmVzcG9uc2VCb2R5ID0gSlNPTi5zdHJpbmdpZnkoanNvbik7XG4gIGNvbnN0IHBhcnNlZFVybCA9IHVybC5wYXJzZShldmVudC5SZXNwb25zZVVSTCk7XG4gIGNvbnN0IHJlcSA9IHtcbiAgICBob3N0bmFtZTogcGFyc2VkVXJsLmhvc3RuYW1lLFxuICAgIHBhdGg6IHBhcnNlZFVybC5wYXRoLFxuICAgIG1ldGhvZDogJ1BVVCcsXG4gICAgaGVhZGVyczoge1xuICAgICAgJ2NvbnRlbnQtdHlwZSc6ICcnLFxuICAgICAgJ2NvbnRlbnQtbGVuZ3RoJzogQnVmZmVyLmJ5dGVMZW5ndGgocmVzcG9uc2VCb2R5LCAndXRmOCcpLFxuICAgIH0sXG4gIH07XG5cbiAgY29uc3QgcmV0cnlPcHRpb25zID0ge1xuICAgIGF0dGVtcHRzOiA1LFxuICAgIHNsZWVwOiAxMDAwLFxuICB9O1xuICBhd2FpdCB3aXRoUmV0cmllcyhyZXRyeU9wdGlvbnMsIGV4dGVybmFsLnNlbmRIdHRwUmVxdWVzdCkocmVxLCByZXNwb25zZUJvZHkpO1xufVxuXG5hc3luYyBmdW5jdGlvbiBkZWZhdWx0U2VuZEh0dHBSZXF1ZXN0KG9wdGlvbnM6IGh0dHBzLlJlcXVlc3RPcHRpb25zLCByZXNwb25zZUJvZHk6IHN0cmluZyk6IFByb21pc2U8dm9pZD4ge1xuICByZXR1cm4gbmV3IFByb21pc2UoKHJlc29sdmUsIHJlamVjdCkgPT4ge1xuICAgIHRyeSB7XG4gICAgICBjb25zdCByZXF1ZXN0ID0gaHR0cHMucmVxdWVzdChvcHRpb25zLCBfID0+IHJlc29sdmUoKSk7XG4gICAgICByZXF1ZXN0Lm9uKCdlcnJvcicsIHJlamVjdCk7XG4gICAgICByZXF1ZXN0LndyaXRlKHJlc3BvbnNlQm9keSk7XG4gICAgICByZXF1ZXN0LmVuZCgpO1xuICAgIH0gY2F0Y2ggKGUpIHtcbiAgICAgIHJlamVjdChlKTtcbiAgICB9XG4gIH0pO1xufVxuXG5mdW5jdGlvbiBkZWZhdWx0TG9nKGZtdDogc3RyaW5nLCAuLi5wYXJhbXM6IGFueVtdKSB7XG4gIC8vIGVzbGludC1kaXNhYmxlLW5leHQtbGluZSBuby1jb25zb2xlXG4gIGNvbnNvbGUubG9nKGZtdCwgLi4ucGFyYW1zKTtcbn1cblxuZXhwb3J0IGludGVyZmFjZSBSZXRyeU9wdGlvbnMge1xuICAvKiogSG93IG1hbnkgcmV0cmllcyAod2lsbCBhdCBsZWFzdCB0cnkgb25jZSkgKi9cbiAgcmVhZG9ubHkgYXR0ZW1wdHM6IG51bWJlcjtcbiAgLyoqIFNsZWVwIGJhc2UsIGluIG1zICovXG4gIHJlYWRvbmx5IHNsZWVwOiBudW1iZXI7XG59XG5cbmV4cG9ydCBmdW5jdGlvbiB3aXRoUmV0cmllczxBIGV4dGVuZHMgQXJyYXk8YW55PiwgQj4ob3B0aW9uczogUmV0cnlPcHRpb25zLCBmbjogKC4uLnhzOiBBKSA9PiBQcm9taXNlPEI+KTogKC4uLnhzOiBBKSA9PiBQcm9taXNlPEI+IHtcbiAgcmV0dXJuIGFzeW5jICguLi54czogQSkgPT4ge1xuICAgIGxldCBhdHRlbXB0cyA9IG9wdGlvbnMuYXR0ZW1wdHM7XG4gICAgbGV0IG1zID0gb3B0aW9ucy5zbGVlcDtcbiAgICB3aGlsZSAodHJ1ZSkge1xuICAgICAgdHJ5IHtcbiAgICAgICAgcmV0dXJuIGF3YWl0IGZuKC4uLnhzKTtcbiAgICAgIH0gY2F0Y2ggKGUpIHtcbiAgICAgICAgaWYgKGF0dGVtcHRzLS0gPD0gMCkge1xuICAgICAgICAgIHRocm93IGU7XG4gICAgICAgIH1cbiAgICAgICAgYXdhaXQgc2xlZXAoTWF0aC5mbG9vcihNYXRoLnJhbmRvbSgpICogbXMpKTtcbiAgICAgICAgbXMgKj0gMjtcbiAgICAgIH1cbiAgICB9XG4gIH07XG59XG5cbmFzeW5jIGZ1bmN0aW9uIHNsZWVwKG1zOiBudW1iZXIpOiBQcm9taXNlPHZvaWQ+IHtcbiAgcmV0dXJuIG5ldyBQcm9taXNlKChvaykgPT4gc2V0VGltZW91dChvaywgbXMpKTtcbn1cbiJdfQ== \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.cluster-kerberos.js.snapshot/asset.4554b47be6f57b68c6c7a7391dcc73894866d2377fe174883351e7639097f292/index.js b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.cluster-kerberos.js.snapshot/asset.4554b47be6f57b68c6c7a7391dcc73894866d2377fe174883351e7639097f292/index.js new file mode 100644 index 0000000000000..013bcaffd8fe5 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.cluster-kerberos.js.snapshot/asset.4554b47be6f57b68c6c7a7391dcc73894866d2377fe174883351e7639097f292/index.js @@ -0,0 +1 @@ +"use strict";var I=Object.create;var t=Object.defineProperty;var y=Object.getOwnPropertyDescriptor;var P=Object.getOwnPropertyNames;var g=Object.getPrototypeOf,l=Object.prototype.hasOwnProperty;var G=(r,e)=>{for(var o in e)t(r,o,{get:e[o],enumerable:!0})},n=(r,e,o,i)=>{if(e&&typeof e=="object"||typeof e=="function")for(let s of P(e))!l.call(r,s)&&s!==o&&t(r,s,{get:()=>e[s],enumerable:!(i=y(e,s))||i.enumerable});return r};var R=(r,e,o)=>(o=r!=null?I(g(r)):{},n(e||!r||!r.__esModule?t(o,"default",{value:r,enumerable:!0}):o,r)),S=r=>n(t({},"__esModule",{value:!0}),r);var k={};G(k,{handler:()=>f});module.exports=S(k);var a=R(require("@aws-sdk/client-ec2")),u=new a.EC2({});function c(r,e){return{GroupId:r,IpPermissions:[{UserIdGroupPairs:[{GroupId:r,UserId:e}],IpProtocol:"-1"}]}}function d(r){return{GroupId:r,IpPermissions:[{IpRanges:[{CidrIp:"0.0.0.0/0"}],IpProtocol:"-1"}]}}async function f(r){let e=r.ResourceProperties.DefaultSecurityGroupId,o=r.ResourceProperties.Account;switch(r.RequestType){case"Create":return p(e,o);case"Update":return h(r);case"Delete":return m(e,o)}}async function h(r){let e=r.OldResourceProperties.DefaultSecurityGroupId,o=r.ResourceProperties.DefaultSecurityGroupId;e!==o&&(await m(e,r.ResourceProperties.Account),await p(o,r.ResourceProperties.Account))}async function p(r,e){try{await u.revokeSecurityGroupEgress(d(r))}catch(o){if(o.name!=="InvalidPermission.NotFound")throw o}try{await u.revokeSecurityGroupIngress(c(r,e))}catch(o){if(o.name!=="InvalidPermission.NotFound")throw o}}async function m(r,e){await u.authorizeSecurityGroupIngress(c(r,e)),await u.authorizeSecurityGroupEgress(d(r))}0&&(module.exports={handler}); diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.cluster-kerberos.js.snapshot/cdk.out b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.cluster-kerberos.js.snapshot/cdk.out new file mode 100644 index 0000000000000..1f0068d32659a --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.cluster-kerberos.js.snapshot/cdk.out @@ -0,0 +1 @@ +{"version":"36.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.cluster-kerberos.js.snapshot/cluster-kerberos.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.cluster-kerberos.js.snapshot/cluster-kerberos.assets.json new file mode 100644 index 0000000000000..b2d74551dceac --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.cluster-kerberos.js.snapshot/cluster-kerberos.assets.json @@ -0,0 +1,32 @@ +{ + "version": "36.0.0", + "files": { + "4554b47be6f57b68c6c7a7391dcc73894866d2377fe174883351e7639097f292": { + "source": { + "path": "asset.4554b47be6f57b68c6c7a7391dcc73894866d2377fe174883351e7639097f292", + "packaging": "zip" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "4554b47be6f57b68c6c7a7391dcc73894866d2377fe174883351e7639097f292.zip", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + }, + "7962cda1450db22c9a5122fd781c112ed120188138b674c8b64109047ef42caf": { + "source": { + "path": "cluster-kerberos.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "7962cda1450db22c9a5122fd781c112ed120188138b674c8b64109047ef42caf.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.cluster-kerberos.js.snapshot/cluster-kerberos.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.cluster-kerberos.js.snapshot/cluster-kerberos.template.json new file mode 100644 index 0000000000000..912b5bd667da8 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.cluster-kerberos.js.snapshot/cluster-kerberos.template.json @@ -0,0 +1,736 @@ +{ + "Resources": { + "VPCB9E5F0B4": { + "Type": "AWS::EC2::VPC", + "Properties": { + "CidrBlock": "10.0.0.0/16", + "EnableDnsHostnames": true, + "EnableDnsSupport": true, + "InstanceTenancy": "default", + "Tags": [ + { + "Key": "Name", + "Value": "cluster-kerberos/VPC" + } + ] + } + }, + "VPCPublicSubnet1SubnetB4246D30": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "AvailabilityZone": { + "Fn::Select": [ + 0, + { + "Fn::GetAZs": "" + } + ] + }, + "CidrBlock": "10.0.0.0/18", + "MapPublicIpOnLaunch": true, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Public" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Public" + }, + { + "Key": "Name", + "Value": "cluster-kerberos/VPC/PublicSubnet1" + } + ], + "VpcId": { + "Ref": "VPCB9E5F0B4" + } + } + }, + "VPCPublicSubnet1RouteTableFEE4B781": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "cluster-kerberos/VPC/PublicSubnet1" + } + ], + "VpcId": { + "Ref": "VPCB9E5F0B4" + } + } + }, + "VPCPublicSubnet1RouteTableAssociation0B0896DC": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "VPCPublicSubnet1RouteTableFEE4B781" + }, + "SubnetId": { + "Ref": "VPCPublicSubnet1SubnetB4246D30" + } + } + }, + "VPCPublicSubnet1DefaultRoute91CEF279": { + "Type": "AWS::EC2::Route", + "Properties": { + "DestinationCidrBlock": "0.0.0.0/0", + "GatewayId": { + "Ref": "VPCIGWB7E252D3" + }, + "RouteTableId": { + "Ref": "VPCPublicSubnet1RouteTableFEE4B781" + } + }, + "DependsOn": [ + "VPCVPCGW99B986DC" + ] + }, + "VPCPublicSubnet1EIP6AD938E8": { + "Type": "AWS::EC2::EIP", + "Properties": { + "Domain": "vpc", + "Tags": [ + { + "Key": "Name", + "Value": "cluster-kerberos/VPC/PublicSubnet1" + } + ] + } + }, + "VPCPublicSubnet1NATGatewayE0556630": { + "Type": "AWS::EC2::NatGateway", + "Properties": { + "AllocationId": { + "Fn::GetAtt": [ + "VPCPublicSubnet1EIP6AD938E8", + "AllocationId" + ] + }, + "SubnetId": { + "Ref": "VPCPublicSubnet1SubnetB4246D30" + }, + "Tags": [ + { + "Key": "Name", + "Value": "cluster-kerberos/VPC/PublicSubnet1" + } + ] + }, + "DependsOn": [ + "VPCPublicSubnet1DefaultRoute91CEF279", + "VPCPublicSubnet1RouteTableAssociation0B0896DC" + ] + }, + "VPCPublicSubnet2Subnet74179F39": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "AvailabilityZone": { + "Fn::Select": [ + 1, + { + "Fn::GetAZs": "" + } + ] + }, + "CidrBlock": "10.0.64.0/18", + "MapPublicIpOnLaunch": true, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Public" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Public" + }, + { + "Key": "Name", + "Value": "cluster-kerberos/VPC/PublicSubnet2" + } + ], + "VpcId": { + "Ref": "VPCB9E5F0B4" + } + } + }, + "VPCPublicSubnet2RouteTable6F1A15F1": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "cluster-kerberos/VPC/PublicSubnet2" + } + ], + "VpcId": { + "Ref": "VPCB9E5F0B4" + } + } + }, + "VPCPublicSubnet2RouteTableAssociation5A808732": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "VPCPublicSubnet2RouteTable6F1A15F1" + }, + "SubnetId": { + "Ref": "VPCPublicSubnet2Subnet74179F39" + } + } + }, + "VPCPublicSubnet2DefaultRouteB7481BBA": { + "Type": "AWS::EC2::Route", + "Properties": { + "DestinationCidrBlock": "0.0.0.0/0", + "GatewayId": { + "Ref": "VPCIGWB7E252D3" + }, + "RouteTableId": { + "Ref": "VPCPublicSubnet2RouteTable6F1A15F1" + } + }, + "DependsOn": [ + "VPCVPCGW99B986DC" + ] + }, + "VPCPublicSubnet2EIP4947BC00": { + "Type": "AWS::EC2::EIP", + "Properties": { + "Domain": "vpc", + "Tags": [ + { + "Key": "Name", + "Value": "cluster-kerberos/VPC/PublicSubnet2" + } + ] + } + }, + "VPCPublicSubnet2NATGateway3C070193": { + "Type": "AWS::EC2::NatGateway", + "Properties": { + "AllocationId": { + "Fn::GetAtt": [ + "VPCPublicSubnet2EIP4947BC00", + "AllocationId" + ] + }, + "SubnetId": { + "Ref": "VPCPublicSubnet2Subnet74179F39" + }, + "Tags": [ + { + "Key": "Name", + "Value": "cluster-kerberos/VPC/PublicSubnet2" + } + ] + }, + "DependsOn": [ + "VPCPublicSubnet2DefaultRouteB7481BBA", + "VPCPublicSubnet2RouteTableAssociation5A808732" + ] + }, + "VPCPrivateSubnet1Subnet8BCA10E0": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "AvailabilityZone": { + "Fn::Select": [ + 0, + { + "Fn::GetAZs": "" + } + ] + }, + "CidrBlock": "10.0.128.0/18", + "MapPublicIpOnLaunch": false, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Private" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Private" + }, + { + "Key": "Name", + "Value": "cluster-kerberos/VPC/PrivateSubnet1" + } + ], + "VpcId": { + "Ref": "VPCB9E5F0B4" + } + } + }, + "VPCPrivateSubnet1RouteTableBE8A6027": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "cluster-kerberos/VPC/PrivateSubnet1" + } + ], + "VpcId": { + "Ref": "VPCB9E5F0B4" + } + } + }, + "VPCPrivateSubnet1RouteTableAssociation347902D1": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "VPCPrivateSubnet1RouteTableBE8A6027" + }, + "SubnetId": { + "Ref": "VPCPrivateSubnet1Subnet8BCA10E0" + } + } + }, + "VPCPrivateSubnet1DefaultRouteAE1D6490": { + "Type": "AWS::EC2::Route", + "Properties": { + "DestinationCidrBlock": "0.0.0.0/0", + "NatGatewayId": { + "Ref": "VPCPublicSubnet1NATGatewayE0556630" + }, + "RouteTableId": { + "Ref": "VPCPrivateSubnet1RouteTableBE8A6027" + } + } + }, + "VPCPrivateSubnet2SubnetCFCDAA7A": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "AvailabilityZone": { + "Fn::Select": [ + 1, + { + "Fn::GetAZs": "" + } + ] + }, + "CidrBlock": "10.0.192.0/18", + "MapPublicIpOnLaunch": false, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Private" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Private" + }, + { + "Key": "Name", + "Value": "cluster-kerberos/VPC/PrivateSubnet2" + } + ], + "VpcId": { + "Ref": "VPCB9E5F0B4" + } + } + }, + "VPCPrivateSubnet2RouteTable0A19E10E": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "cluster-kerberos/VPC/PrivateSubnet2" + } + ], + "VpcId": { + "Ref": "VPCB9E5F0B4" + } + } + }, + "VPCPrivateSubnet2RouteTableAssociation0C73D413": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "VPCPrivateSubnet2RouteTable0A19E10E" + }, + "SubnetId": { + "Ref": "VPCPrivateSubnet2SubnetCFCDAA7A" + } + } + }, + "VPCPrivateSubnet2DefaultRouteF4F5CFD2": { + "Type": "AWS::EC2::Route", + "Properties": { + "DestinationCidrBlock": "0.0.0.0/0", + "NatGatewayId": { + "Ref": "VPCPublicSubnet2NATGateway3C070193" + }, + "RouteTableId": { + "Ref": "VPCPrivateSubnet2RouteTable0A19E10E" + } + } + }, + "VPCIGWB7E252D3": { + "Type": "AWS::EC2::InternetGateway", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "cluster-kerberos/VPC" + } + ] + } + }, + "VPCVPCGW99B986DC": { + "Type": "AWS::EC2::VPCGatewayAttachment", + "Properties": { + "InternetGatewayId": { + "Ref": "VPCIGWB7E252D3" + }, + "VpcId": { + "Ref": "VPCB9E5F0B4" + } + } + }, + "VPCRestrictDefaultSecurityGroupCustomResource59474679": { + "Type": "Custom::VpcRestrictDefaultSG", + "Properties": { + "ServiceToken": { + "Fn::GetAtt": [ + "CustomVpcRestrictDefaultSGCustomResourceProviderHandlerDC833E5E", + "Arn" + ] + }, + "DefaultSecurityGroupId": { + "Fn::GetAtt": [ + "VPCB9E5F0B4", + "DefaultSecurityGroup" + ] + }, + "Account": { + "Ref": "AWS::AccountId" + } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "CustomVpcRestrictDefaultSGCustomResourceProviderRole26592FE0": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ] + }, + "ManagedPolicyArns": [ + { + "Fn::Sub": "arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + } + ], + "Policies": [ + { + "PolicyName": "Inline", + "PolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "ec2:AuthorizeSecurityGroupIngress", + "ec2:AuthorizeSecurityGroupEgress", + "ec2:RevokeSecurityGroupIngress", + "ec2:RevokeSecurityGroupEgress" + ], + "Resource": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":ec2:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":security-group/", + { + "Fn::GetAtt": [ + "VPCB9E5F0B4", + "DefaultSecurityGroup" + ] + } + ] + ] + } + ] + } + ] + } + } + ] + } + }, + "CustomVpcRestrictDefaultSGCustomResourceProviderHandlerDC833E5E": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "S3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "S3Key": "4554b47be6f57b68c6c7a7391dcc73894866d2377fe174883351e7639097f292.zip" + }, + "Timeout": 900, + "MemorySize": 128, + "Handler": "__entrypoint__.handler", + "Role": { + "Fn::GetAtt": [ + "CustomVpcRestrictDefaultSGCustomResourceProviderRole26592FE0", + "Arn" + ] + }, + "Runtime": "nodejs18.x", + "Description": "Lambda function for removing all inbound/outbound rules from the VPC default security group" + }, + "DependsOn": [ + "CustomVpcRestrictDefaultSGCustomResourceProviderRole26592FE0" + ] + }, + "Role1ABCC5F0": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": [ + "directoryservice.rds.amazonaws.com", + "rds.amazonaws.com" + ] + } + } + ], + "Version": "2012-10-17" + }, + "ManagedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AmazonRDSDirectoryServiceAccess" + ] + ] + } + ] + } + }, + "AD": { + "Type": "AWS::DirectoryService::MicrosoftAD", + "Properties": { + "Name": "test-directory.com", + "Password": "Password123!", + "VpcSettings": { + "SubnetIds": [ + { + "Ref": "VPCPrivateSubnet1Subnet8BCA10E0" + }, + { + "Ref": "VPCPrivateSubnet2SubnetCFCDAA7A" + } + ], + "VpcId": { + "Ref": "VPCB9E5F0B4" + } + } + } + }, + "DatabaseSubnets56F17B9A": { + "Type": "AWS::RDS::DBSubnetGroup", + "Properties": { + "DBSubnetGroupDescription": "Subnets for Database database", + "SubnetIds": [ + { + "Ref": "VPCPrivateSubnet1Subnet8BCA10E0" + }, + { + "Ref": "VPCPrivateSubnet2SubnetCFCDAA7A" + } + ] + } + }, + "DatabaseSecurityGroup5C91FDCB": { + "Type": "AWS::EC2::SecurityGroup", + "Properties": { + "GroupDescription": "RDS security group", + "SecurityGroupEgress": [ + { + "CidrIp": "0.0.0.0/0", + "Description": "Allow all outbound traffic by default", + "IpProtocol": "-1" + } + ], + "VpcId": { + "Ref": "VPCB9E5F0B4" + } + } + }, + "DatabaseSecret3B817195": { + "Type": "AWS::SecretsManager::Secret", + "Properties": { + "Description": { + "Fn::Join": [ + "", + [ + "Generated by the CDK for stack: ", + { + "Ref": "AWS::StackName" + } + ] + ] + }, + "GenerateSecretString": { + "ExcludeCharacters": " %+~`#$&*()|[]{}:;<>?!'/@\"\\", + "GenerateStringKey": "password", + "PasswordLength": 30, + "SecretStringTemplate": "{\"username\":\"admin\"}" + } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "DatabaseSecretAttachmentE5D1B020": { + "Type": "AWS::SecretsManager::SecretTargetAttachment", + "Properties": { + "SecretId": { + "Ref": "DatabaseSecret3B817195" + }, + "TargetId": { + "Ref": "DatabaseB269D8BB" + }, + "TargetType": "AWS::RDS::DBCluster" + } + }, + "DatabaseB269D8BB": { + "Type": "AWS::RDS::DBCluster", + "Properties": { + "CopyTagsToSnapshot": true, + "DBClusterParameterGroupName": "default.aurora-mysql8.0", + "DBSubnetGroupName": { + "Ref": "DatabaseSubnets56F17B9A" + }, + "Domain": { + "Ref": "AD" + }, + "DomainIAMRoleName": { + "Ref": "Role1ABCC5F0" + }, + "Engine": "aurora-mysql", + "EngineVersion": "8.0.mysql_aurora.3.05.1", + "MasterUserPassword": { + "Fn::Join": [ + "", + [ + "{{resolve:secretsmanager:", + { + "Ref": "DatabaseSecret3B817195" + }, + ":SecretString:password::}}" + ] + ] + }, + "MasterUsername": { + "Fn::Join": [ + "", + [ + "{{resolve:secretsmanager:", + { + "Ref": "DatabaseSecret3B817195" + }, + ":SecretString:username::}}" + ] + ] + }, + "VpcSecurityGroupIds": [ + { + "Fn::GetAtt": [ + "DatabaseSecurityGroup5C91FDCB", + "GroupId" + ] + } + ] + }, + "UpdateReplacePolicy": "Snapshot", + "DeletionPolicy": "Snapshot" + }, + "DatabaseInstanceAA8A5FDE": { + "Type": "AWS::RDS::DBInstance", + "Properties": { + "DBClusterIdentifier": { + "Ref": "DatabaseB269D8BB" + }, + "DBInstanceClass": "db.t3.medium", + "Engine": "aurora-mysql", + "PromotionTier": 0 + }, + "DependsOn": [ + "VPCPrivateSubnet1DefaultRouteAE1D6490", + "VPCPrivateSubnet1RouteTableAssociation347902D1", + "VPCPrivateSubnet2DefaultRouteF4F5CFD2", + "VPCPrivateSubnet2RouteTableAssociation0C73D413" + ], + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + } + }, + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.cluster-kerberos.js.snapshot/integ.json b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.cluster-kerberos.js.snapshot/integ.json new file mode 100644 index 0000000000000..682910c4c8288 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.cluster-kerberos.js.snapshot/integ.json @@ -0,0 +1,12 @@ +{ + "version": "36.0.0", + "testCases": { + "integ-cluster-kerberos/DefaultTest": { + "stacks": [ + "cluster-kerberos" + ], + "assertionStack": "integ-cluster-kerberos/DefaultTest/DeployAssert", + "assertionStackName": "integclusterkerberosDefaultTestDeployAssert6F647828" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.cluster-kerberos.js.snapshot/integclusterkerberosDefaultTestDeployAssert6F647828.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.cluster-kerberos.js.snapshot/integclusterkerberosDefaultTestDeployAssert6F647828.assets.json new file mode 100644 index 0000000000000..1016ebe9d1a72 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.cluster-kerberos.js.snapshot/integclusterkerberosDefaultTestDeployAssert6F647828.assets.json @@ -0,0 +1,19 @@ +{ + "version": "36.0.0", + "files": { + "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { + "source": { + "path": "integclusterkerberosDefaultTestDeployAssert6F647828.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.cluster-kerberos.js.snapshot/integclusterkerberosDefaultTestDeployAssert6F647828.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.cluster-kerberos.js.snapshot/integclusterkerberosDefaultTestDeployAssert6F647828.template.json new file mode 100644 index 0000000000000..ad9d0fb73d1dd --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.cluster-kerberos.js.snapshot/integclusterkerberosDefaultTestDeployAssert6F647828.template.json @@ -0,0 +1,36 @@ +{ + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.cluster-kerberos.js.snapshot/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.cluster-kerberos.js.snapshot/manifest.json new file mode 100644 index 0000000000000..717c854adf673 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.cluster-kerberos.js.snapshot/manifest.json @@ -0,0 +1,311 @@ +{ + "version": "36.0.0", + "artifacts": { + "cluster-kerberos.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "cluster-kerberos.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "cluster-kerberos": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "cluster-kerberos.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/7962cda1450db22c9a5122fd781c112ed120188138b674c8b64109047ef42caf.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "cluster-kerberos.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "cluster-kerberos.assets" + ], + "metadata": { + "/cluster-kerberos/VPC/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCB9E5F0B4" + } + ], + "/cluster-kerberos/VPC/PublicSubnet1/Subnet": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPublicSubnet1SubnetB4246D30" + } + ], + "/cluster-kerberos/VPC/PublicSubnet1/RouteTable": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPublicSubnet1RouteTableFEE4B781" + } + ], + "/cluster-kerberos/VPC/PublicSubnet1/RouteTableAssociation": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPublicSubnet1RouteTableAssociation0B0896DC" + } + ], + "/cluster-kerberos/VPC/PublicSubnet1/DefaultRoute": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPublicSubnet1DefaultRoute91CEF279" + } + ], + "/cluster-kerberos/VPC/PublicSubnet1/EIP": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPublicSubnet1EIP6AD938E8" + } + ], + "/cluster-kerberos/VPC/PublicSubnet1/NATGateway": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPublicSubnet1NATGatewayE0556630" + } + ], + "/cluster-kerberos/VPC/PublicSubnet2/Subnet": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPublicSubnet2Subnet74179F39" + } + ], + "/cluster-kerberos/VPC/PublicSubnet2/RouteTable": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPublicSubnet2RouteTable6F1A15F1" + } + ], + "/cluster-kerberos/VPC/PublicSubnet2/RouteTableAssociation": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPublicSubnet2RouteTableAssociation5A808732" + } + ], + "/cluster-kerberos/VPC/PublicSubnet2/DefaultRoute": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPublicSubnet2DefaultRouteB7481BBA" + } + ], + "/cluster-kerberos/VPC/PublicSubnet2/EIP": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPublicSubnet2EIP4947BC00" + } + ], + "/cluster-kerberos/VPC/PublicSubnet2/NATGateway": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPublicSubnet2NATGateway3C070193" + } + ], + "/cluster-kerberos/VPC/PrivateSubnet1/Subnet": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPrivateSubnet1Subnet8BCA10E0" + } + ], + "/cluster-kerberos/VPC/PrivateSubnet1/RouteTable": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPrivateSubnet1RouteTableBE8A6027" + } + ], + "/cluster-kerberos/VPC/PrivateSubnet1/RouteTableAssociation": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPrivateSubnet1RouteTableAssociation347902D1" + } + ], + "/cluster-kerberos/VPC/PrivateSubnet1/DefaultRoute": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPrivateSubnet1DefaultRouteAE1D6490" + } + ], + "/cluster-kerberos/VPC/PrivateSubnet2/Subnet": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPrivateSubnet2SubnetCFCDAA7A" + } + ], + "/cluster-kerberos/VPC/PrivateSubnet2/RouteTable": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPrivateSubnet2RouteTable0A19E10E" + } + ], + "/cluster-kerberos/VPC/PrivateSubnet2/RouteTableAssociation": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPrivateSubnet2RouteTableAssociation0C73D413" + } + ], + "/cluster-kerberos/VPC/PrivateSubnet2/DefaultRoute": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPrivateSubnet2DefaultRouteF4F5CFD2" + } + ], + "/cluster-kerberos/VPC/IGW": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCIGWB7E252D3" + } + ], + "/cluster-kerberos/VPC/VPCGW": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCVPCGW99B986DC" + } + ], + "/cluster-kerberos/VPC/RestrictDefaultSecurityGroupCustomResource/Default": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCRestrictDefaultSecurityGroupCustomResource59474679" + } + ], + "/cluster-kerberos/Custom::VpcRestrictDefaultSGCustomResourceProvider/Role": [ + { + "type": "aws:cdk:logicalId", + "data": "CustomVpcRestrictDefaultSGCustomResourceProviderRole26592FE0" + } + ], + "/cluster-kerberos/Custom::VpcRestrictDefaultSGCustomResourceProvider/Handler": [ + { + "type": "aws:cdk:logicalId", + "data": "CustomVpcRestrictDefaultSGCustomResourceProviderHandlerDC833E5E" + } + ], + "/cluster-kerberos/Role/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "Role1ABCC5F0" + } + ], + "/cluster-kerberos/AD": [ + { + "type": "aws:cdk:logicalId", + "data": "AD" + } + ], + "/cluster-kerberos/Database/Subnets/Default": [ + { + "type": "aws:cdk:logicalId", + "data": "DatabaseSubnets56F17B9A" + } + ], + "/cluster-kerberos/Database/SecurityGroup/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "DatabaseSecurityGroup5C91FDCB" + } + ], + "/cluster-kerberos/Database/Secret/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "DatabaseSecret3B817195" + } + ], + "/cluster-kerberos/Database/Secret/Attachment/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "DatabaseSecretAttachmentE5D1B020" + } + ], + "/cluster-kerberos/Database/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "DatabaseB269D8BB" + } + ], + "/cluster-kerberos/Database/Instance/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "DatabaseInstanceAA8A5FDE" + } + ], + "/cluster-kerberos/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/cluster-kerberos/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "cluster-kerberos" + }, + "integclusterkerberosDefaultTestDeployAssert6F647828.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "integclusterkerberosDefaultTestDeployAssert6F647828.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "integclusterkerberosDefaultTestDeployAssert6F647828": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "integclusterkerberosDefaultTestDeployAssert6F647828.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "integclusterkerberosDefaultTestDeployAssert6F647828.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "integclusterkerberosDefaultTestDeployAssert6F647828.assets" + ], + "metadata": { + "/integ-cluster-kerberos/DefaultTest/DeployAssert/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/integ-cluster-kerberos/DefaultTest/DeployAssert/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "integ-cluster-kerberos/DefaultTest/DeployAssert" + }, + "Tree": { + "type": "cdk:tree", + "properties": { + "file": "tree.json" + } + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.cluster-kerberos.js.snapshot/tree.json b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.cluster-kerberos.js.snapshot/tree.json new file mode 100644 index 0000000000000..d01e21fffef31 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.cluster-kerberos.js.snapshot/tree.json @@ -0,0 +1,1125 @@ +{ + "version": "tree-0.1", + "tree": { + "id": "App", + "path": "", + "children": { + "cluster-kerberos": { + "id": "cluster-kerberos", + "path": "cluster-kerberos", + "children": { + "VPC": { + "id": "VPC", + "path": "cluster-kerberos/VPC", + "children": { + "Resource": { + "id": "Resource", + "path": "cluster-kerberos/VPC/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::VPC", + "aws:cdk:cloudformation:props": { + "cidrBlock": "10.0.0.0/16", + "enableDnsHostnames": true, + "enableDnsSupport": true, + "instanceTenancy": "default", + "tags": [ + { + "key": "Name", + "value": "cluster-kerberos/VPC" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnVPC", + "version": "0.0.0" + } + }, + "PublicSubnet1": { + "id": "PublicSubnet1", + "path": "cluster-kerberos/VPC/PublicSubnet1", + "children": { + "Subnet": { + "id": "Subnet", + "path": "cluster-kerberos/VPC/PublicSubnet1/Subnet", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", + "aws:cdk:cloudformation:props": { + "availabilityZone": { + "Fn::Select": [ + 0, + { + "Fn::GetAZs": "" + } + ] + }, + "cidrBlock": "10.0.0.0/18", + "mapPublicIpOnLaunch": true, + "tags": [ + { + "key": "aws-cdk:subnet-name", + "value": "Public" + }, + { + "key": "aws-cdk:subnet-type", + "value": "Public" + }, + { + "key": "Name", + "value": "cluster-kerberos/VPC/PublicSubnet1" + } + ], + "vpcId": { + "Ref": "VPCB9E5F0B4" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", + "version": "0.0.0" + } + }, + "Acl": { + "id": "Acl", + "path": "cluster-kerberos/VPC/PublicSubnet1/Acl", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "RouteTable": { + "id": "RouteTable", + "path": "cluster-kerberos/VPC/PublicSubnet1/RouteTable", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", + "aws:cdk:cloudformation:props": { + "tags": [ + { + "key": "Name", + "value": "cluster-kerberos/VPC/PublicSubnet1" + } + ], + "vpcId": { + "Ref": "VPCB9E5F0B4" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", + "version": "0.0.0" + } + }, + "RouteTableAssociation": { + "id": "RouteTableAssociation", + "path": "cluster-kerberos/VPC/PublicSubnet1/RouteTableAssociation", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Ref": "VPCPublicSubnet1RouteTableFEE4B781" + }, + "subnetId": { + "Ref": "VPCPublicSubnet1SubnetB4246D30" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", + "version": "0.0.0" + } + }, + "DefaultRoute": { + "id": "DefaultRoute", + "path": "cluster-kerberos/VPC/PublicSubnet1/DefaultRoute", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Route", + "aws:cdk:cloudformation:props": { + "destinationCidrBlock": "0.0.0.0/0", + "gatewayId": { + "Ref": "VPCIGWB7E252D3" + }, + "routeTableId": { + "Ref": "VPCPublicSubnet1RouteTableFEE4B781" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRoute", + "version": "0.0.0" + } + }, + "EIP": { + "id": "EIP", + "path": "cluster-kerberos/VPC/PublicSubnet1/EIP", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::EIP", + "aws:cdk:cloudformation:props": { + "domain": "vpc", + "tags": [ + { + "key": "Name", + "value": "cluster-kerberos/VPC/PublicSubnet1" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnEIP", + "version": "0.0.0" + } + }, + "NATGateway": { + "id": "NATGateway", + "path": "cluster-kerberos/VPC/PublicSubnet1/NATGateway", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::NatGateway", + "aws:cdk:cloudformation:props": { + "allocationId": { + "Fn::GetAtt": [ + "VPCPublicSubnet1EIP6AD938E8", + "AllocationId" + ] + }, + "subnetId": { + "Ref": "VPCPublicSubnet1SubnetB4246D30" + }, + "tags": [ + { + "key": "Name", + "value": "cluster-kerberos/VPC/PublicSubnet1" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnNatGateway", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.PublicSubnet", + "version": "0.0.0" + } + }, + "PublicSubnet2": { + "id": "PublicSubnet2", + "path": "cluster-kerberos/VPC/PublicSubnet2", + "children": { + "Subnet": { + "id": "Subnet", + "path": "cluster-kerberos/VPC/PublicSubnet2/Subnet", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", + "aws:cdk:cloudformation:props": { + "availabilityZone": { + "Fn::Select": [ + 1, + { + "Fn::GetAZs": "" + } + ] + }, + "cidrBlock": "10.0.64.0/18", + "mapPublicIpOnLaunch": true, + "tags": [ + { + "key": "aws-cdk:subnet-name", + "value": "Public" + }, + { + "key": "aws-cdk:subnet-type", + "value": "Public" + }, + { + "key": "Name", + "value": "cluster-kerberos/VPC/PublicSubnet2" + } + ], + "vpcId": { + "Ref": "VPCB9E5F0B4" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", + "version": "0.0.0" + } + }, + "Acl": { + "id": "Acl", + "path": "cluster-kerberos/VPC/PublicSubnet2/Acl", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "RouteTable": { + "id": "RouteTable", + "path": "cluster-kerberos/VPC/PublicSubnet2/RouteTable", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", + "aws:cdk:cloudformation:props": { + "tags": [ + { + "key": "Name", + "value": "cluster-kerberos/VPC/PublicSubnet2" + } + ], + "vpcId": { + "Ref": "VPCB9E5F0B4" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", + "version": "0.0.0" + } + }, + "RouteTableAssociation": { + "id": "RouteTableAssociation", + "path": "cluster-kerberos/VPC/PublicSubnet2/RouteTableAssociation", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Ref": "VPCPublicSubnet2RouteTable6F1A15F1" + }, + "subnetId": { + "Ref": "VPCPublicSubnet2Subnet74179F39" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", + "version": "0.0.0" + } + }, + "DefaultRoute": { + "id": "DefaultRoute", + "path": "cluster-kerberos/VPC/PublicSubnet2/DefaultRoute", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Route", + "aws:cdk:cloudformation:props": { + "destinationCidrBlock": "0.0.0.0/0", + "gatewayId": { + "Ref": "VPCIGWB7E252D3" + }, + "routeTableId": { + "Ref": "VPCPublicSubnet2RouteTable6F1A15F1" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRoute", + "version": "0.0.0" + } + }, + "EIP": { + "id": "EIP", + "path": "cluster-kerberos/VPC/PublicSubnet2/EIP", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::EIP", + "aws:cdk:cloudformation:props": { + "domain": "vpc", + "tags": [ + { + "key": "Name", + "value": "cluster-kerberos/VPC/PublicSubnet2" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnEIP", + "version": "0.0.0" + } + }, + "NATGateway": { + "id": "NATGateway", + "path": "cluster-kerberos/VPC/PublicSubnet2/NATGateway", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::NatGateway", + "aws:cdk:cloudformation:props": { + "allocationId": { + "Fn::GetAtt": [ + "VPCPublicSubnet2EIP4947BC00", + "AllocationId" + ] + }, + "subnetId": { + "Ref": "VPCPublicSubnet2Subnet74179F39" + }, + "tags": [ + { + "key": "Name", + "value": "cluster-kerberos/VPC/PublicSubnet2" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnNatGateway", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.PublicSubnet", + "version": "0.0.0" + } + }, + "PrivateSubnet1": { + "id": "PrivateSubnet1", + "path": "cluster-kerberos/VPC/PrivateSubnet1", + "children": { + "Subnet": { + "id": "Subnet", + "path": "cluster-kerberos/VPC/PrivateSubnet1/Subnet", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", + "aws:cdk:cloudformation:props": { + "availabilityZone": { + "Fn::Select": [ + 0, + { + "Fn::GetAZs": "" + } + ] + }, + "cidrBlock": "10.0.128.0/18", + "mapPublicIpOnLaunch": false, + "tags": [ + { + "key": "aws-cdk:subnet-name", + "value": "Private" + }, + { + "key": "aws-cdk:subnet-type", + "value": "Private" + }, + { + "key": "Name", + "value": "cluster-kerberos/VPC/PrivateSubnet1" + } + ], + "vpcId": { + "Ref": "VPCB9E5F0B4" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", + "version": "0.0.0" + } + }, + "Acl": { + "id": "Acl", + "path": "cluster-kerberos/VPC/PrivateSubnet1/Acl", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "RouteTable": { + "id": "RouteTable", + "path": "cluster-kerberos/VPC/PrivateSubnet1/RouteTable", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", + "aws:cdk:cloudformation:props": { + "tags": [ + { + "key": "Name", + "value": "cluster-kerberos/VPC/PrivateSubnet1" + } + ], + "vpcId": { + "Ref": "VPCB9E5F0B4" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", + "version": "0.0.0" + } + }, + "RouteTableAssociation": { + "id": "RouteTableAssociation", + "path": "cluster-kerberos/VPC/PrivateSubnet1/RouteTableAssociation", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Ref": "VPCPrivateSubnet1RouteTableBE8A6027" + }, + "subnetId": { + "Ref": "VPCPrivateSubnet1Subnet8BCA10E0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", + "version": "0.0.0" + } + }, + "DefaultRoute": { + "id": "DefaultRoute", + "path": "cluster-kerberos/VPC/PrivateSubnet1/DefaultRoute", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Route", + "aws:cdk:cloudformation:props": { + "destinationCidrBlock": "0.0.0.0/0", + "natGatewayId": { + "Ref": "VPCPublicSubnet1NATGatewayE0556630" + }, + "routeTableId": { + "Ref": "VPCPrivateSubnet1RouteTableBE8A6027" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRoute", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.PrivateSubnet", + "version": "0.0.0" + } + }, + "PrivateSubnet2": { + "id": "PrivateSubnet2", + "path": "cluster-kerberos/VPC/PrivateSubnet2", + "children": { + "Subnet": { + "id": "Subnet", + "path": "cluster-kerberos/VPC/PrivateSubnet2/Subnet", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", + "aws:cdk:cloudformation:props": { + "availabilityZone": { + "Fn::Select": [ + 1, + { + "Fn::GetAZs": "" + } + ] + }, + "cidrBlock": "10.0.192.0/18", + "mapPublicIpOnLaunch": false, + "tags": [ + { + "key": "aws-cdk:subnet-name", + "value": "Private" + }, + { + "key": "aws-cdk:subnet-type", + "value": "Private" + }, + { + "key": "Name", + "value": "cluster-kerberos/VPC/PrivateSubnet2" + } + ], + "vpcId": { + "Ref": "VPCB9E5F0B4" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", + "version": "0.0.0" + } + }, + "Acl": { + "id": "Acl", + "path": "cluster-kerberos/VPC/PrivateSubnet2/Acl", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "RouteTable": { + "id": "RouteTable", + "path": "cluster-kerberos/VPC/PrivateSubnet2/RouteTable", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", + "aws:cdk:cloudformation:props": { + "tags": [ + { + "key": "Name", + "value": "cluster-kerberos/VPC/PrivateSubnet2" + } + ], + "vpcId": { + "Ref": "VPCB9E5F0B4" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", + "version": "0.0.0" + } + }, + "RouteTableAssociation": { + "id": "RouteTableAssociation", + "path": "cluster-kerberos/VPC/PrivateSubnet2/RouteTableAssociation", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Ref": "VPCPrivateSubnet2RouteTable0A19E10E" + }, + "subnetId": { + "Ref": "VPCPrivateSubnet2SubnetCFCDAA7A" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", + "version": "0.0.0" + } + }, + "DefaultRoute": { + "id": "DefaultRoute", + "path": "cluster-kerberos/VPC/PrivateSubnet2/DefaultRoute", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Route", + "aws:cdk:cloudformation:props": { + "destinationCidrBlock": "0.0.0.0/0", + "natGatewayId": { + "Ref": "VPCPublicSubnet2NATGateway3C070193" + }, + "routeTableId": { + "Ref": "VPCPrivateSubnet2RouteTable0A19E10E" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRoute", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.PrivateSubnet", + "version": "0.0.0" + } + }, + "IGW": { + "id": "IGW", + "path": "cluster-kerberos/VPC/IGW", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::InternetGateway", + "aws:cdk:cloudformation:props": { + "tags": [ + { + "key": "Name", + "value": "cluster-kerberos/VPC" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnInternetGateway", + "version": "0.0.0" + } + }, + "VPCGW": { + "id": "VPCGW", + "path": "cluster-kerberos/VPC/VPCGW", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::VPCGatewayAttachment", + "aws:cdk:cloudformation:props": { + "internetGatewayId": { + "Ref": "VPCIGWB7E252D3" + }, + "vpcId": { + "Ref": "VPCB9E5F0B4" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnVPCGatewayAttachment", + "version": "0.0.0" + } + }, + "RestrictDefaultSecurityGroupCustomResource": { + "id": "RestrictDefaultSecurityGroupCustomResource", + "path": "cluster-kerberos/VPC/RestrictDefaultSecurityGroupCustomResource", + "children": { + "Default": { + "id": "Default", + "path": "cluster-kerberos/VPC/RestrictDefaultSecurityGroupCustomResource/Default", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnResource", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.CustomResource", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.Vpc", + "version": "0.0.0" + } + }, + "Custom::VpcRestrictDefaultSGCustomResourceProvider": { + "id": "Custom::VpcRestrictDefaultSGCustomResourceProvider", + "path": "cluster-kerberos/Custom::VpcRestrictDefaultSGCustomResourceProvider", + "children": { + "Staging": { + "id": "Staging", + "path": "cluster-kerberos/Custom::VpcRestrictDefaultSGCustomResourceProvider/Staging", + "constructInfo": { + "fqn": "aws-cdk-lib.AssetStaging", + "version": "0.0.0" + } + }, + "Role": { + "id": "Role", + "path": "cluster-kerberos/Custom::VpcRestrictDefaultSGCustomResourceProvider/Role", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnResource", + "version": "0.0.0" + } + }, + "Handler": { + "id": "Handler", + "path": "cluster-kerberos/Custom::VpcRestrictDefaultSGCustomResourceProvider/Handler", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnResource", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.CustomResourceProviderBase", + "version": "0.0.0" + } + }, + "Role": { + "id": "Role", + "path": "cluster-kerberos/Role", + "children": { + "ImportRole": { + "id": "ImportRole", + "path": "cluster-kerberos/Role/ImportRole", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "cluster-kerberos/Role/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": [ + "directoryservice.rds.amazonaws.com", + "rds.amazonaws.com" + ] + } + } + ], + "Version": "2012-10-17" + }, + "managedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AmazonRDSDirectoryServiceAccess" + ] + ] + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "0.0.0" + } + }, + "AD": { + "id": "AD", + "path": "cluster-kerberos/AD", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::DirectoryService::MicrosoftAD", + "aws:cdk:cloudformation:props": { + "name": "test-directory.com", + "password": "Password123!", + "vpcSettings": { + "vpcId": { + "Ref": "VPCB9E5F0B4" + }, + "subnetIds": [ + { + "Ref": "VPCPrivateSubnet1Subnet8BCA10E0" + }, + { + "Ref": "VPCPrivateSubnet2SubnetCFCDAA7A" + } + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_directoryservice.CfnMicrosoftAD", + "version": "0.0.0" + } + }, + "Database": { + "id": "Database", + "path": "cluster-kerberos/Database", + "children": { + "Subnets": { + "id": "Subnets", + "path": "cluster-kerberos/Database/Subnets", + "children": { + "Default": { + "id": "Default", + "path": "cluster-kerberos/Database/Subnets/Default", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::RDS::DBSubnetGroup", + "aws:cdk:cloudformation:props": { + "dbSubnetGroupDescription": "Subnets for Database database", + "subnetIds": [ + { + "Ref": "VPCPrivateSubnet1Subnet8BCA10E0" + }, + { + "Ref": "VPCPrivateSubnet2SubnetCFCDAA7A" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_rds.CfnDBSubnetGroup", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_rds.SubnetGroup", + "version": "0.0.0" + } + }, + "SecurityGroup": { + "id": "SecurityGroup", + "path": "cluster-kerberos/Database/SecurityGroup", + "children": { + "Resource": { + "id": "Resource", + "path": "cluster-kerberos/Database/SecurityGroup/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SecurityGroup", + "aws:cdk:cloudformation:props": { + "groupDescription": "RDS security group", + "securityGroupEgress": [ + { + "cidrIp": "0.0.0.0/0", + "description": "Allow all outbound traffic by default", + "ipProtocol": "-1" + } + ], + "vpcId": { + "Ref": "VPCB9E5F0B4" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSecurityGroup", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.SecurityGroup", + "version": "0.0.0" + } + }, + "AuroraMySqlDatabaseClusterEngineDefaultParameterGroup": { + "id": "AuroraMySqlDatabaseClusterEngineDefaultParameterGroup", + "path": "cluster-kerberos/Database/AuroraMySqlDatabaseClusterEngineDefaultParameterGroup", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "Secret": { + "id": "Secret", + "path": "cluster-kerberos/Database/Secret", + "children": { + "Resource": { + "id": "Resource", + "path": "cluster-kerberos/Database/Secret/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::SecretsManager::Secret", + "aws:cdk:cloudformation:props": { + "description": { + "Fn::Join": [ + "", + [ + "Generated by the CDK for stack: ", + { + "Ref": "AWS::StackName" + } + ] + ] + }, + "generateSecretString": { + "passwordLength": 30, + "secretStringTemplate": "{\"username\":\"admin\"}", + "generateStringKey": "password", + "excludeCharacters": " %+~`#$&*()|[]{}:;<>?!'/@\"\\" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_secretsmanager.CfnSecret", + "version": "0.0.0" + } + }, + "Attachment": { + "id": "Attachment", + "path": "cluster-kerberos/Database/Secret/Attachment", + "children": { + "Resource": { + "id": "Resource", + "path": "cluster-kerberos/Database/Secret/Attachment/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::SecretsManager::SecretTargetAttachment", + "aws:cdk:cloudformation:props": { + "secretId": { + "Ref": "DatabaseSecret3B817195" + }, + "targetId": { + "Ref": "DatabaseB269D8BB" + }, + "targetType": "AWS::RDS::DBCluster" + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_secretsmanager.CfnSecretTargetAttachment", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_secretsmanager.SecretTargetAttachment", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_rds.DatabaseSecret", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "cluster-kerberos/Database/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::RDS::DBCluster", + "aws:cdk:cloudformation:props": { + "copyTagsToSnapshot": true, + "dbClusterParameterGroupName": "default.aurora-mysql8.0", + "dbSubnetGroupName": { + "Ref": "DatabaseSubnets56F17B9A" + }, + "domain": { + "Ref": "AD" + }, + "domainIamRoleName": { + "Ref": "Role1ABCC5F0" + }, + "engine": "aurora-mysql", + "engineVersion": "8.0.mysql_aurora.3.05.1", + "masterUsername": { + "Fn::Join": [ + "", + [ + "{{resolve:secretsmanager:", + { + "Ref": "DatabaseSecret3B817195" + }, + ":SecretString:username::}}" + ] + ] + }, + "masterUserPassword": { + "Fn::Join": [ + "", + [ + "{{resolve:secretsmanager:", + { + "Ref": "DatabaseSecret3B817195" + }, + ":SecretString:password::}}" + ] + ] + }, + "vpcSecurityGroupIds": [ + { + "Fn::GetAtt": [ + "DatabaseSecurityGroup5C91FDCB", + "GroupId" + ] + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_rds.CfnDBCluster", + "version": "0.0.0" + } + }, + "Instance": { + "id": "Instance", + "path": "cluster-kerberos/Database/Instance", + "children": { + "Resource": { + "id": "Resource", + "path": "cluster-kerberos/Database/Instance/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::RDS::DBInstance", + "aws:cdk:cloudformation:props": { + "dbClusterIdentifier": { + "Ref": "DatabaseB269D8BB" + }, + "dbInstanceClass": "db.t3.medium", + "engine": "aurora-mysql", + "promotionTier": 0 + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_rds.CfnDBInstance", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_rds.DatabaseCluster", + "version": "0.0.0" + } + }, + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "cluster-kerberos/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "cluster-kerberos/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + }, + "integ-cluster-kerberos": { + "id": "integ-cluster-kerberos", + "path": "integ-cluster-kerberos", + "children": { + "DefaultTest": { + "id": "DefaultTest", + "path": "integ-cluster-kerberos/DefaultTest", + "children": { + "Default": { + "id": "Default", + "path": "integ-cluster-kerberos/DefaultTest/Default", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "DeployAssert": { + "id": "DeployAssert", + "path": "integ-cluster-kerberos/DefaultTest/DeployAssert", + "children": { + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "integ-cluster-kerberos/DefaultTest/DeployAssert/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "integ-cluster-kerberos/DefaultTest/DeployAssert/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTestCase", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTest", + "version": "0.0.0" + } + }, + "Tree": { + "id": "Tree", + "path": "Tree", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.App", + "version": "0.0.0" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.cluster-kerberos.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.cluster-kerberos.ts new file mode 100644 index 0000000000000..0d7f51d2335e3 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.cluster-kerberos.ts @@ -0,0 +1,46 @@ +import * as cdk from 'aws-cdk-lib/core'; +import * as integ from '@aws-cdk/integ-tests-alpha'; +import * as ec2 from 'aws-cdk-lib/aws-ec2'; +import * as rds from 'aws-cdk-lib/aws-rds'; +import * as iam from 'aws-cdk-lib/aws-iam'; +import * as ds from 'aws-cdk-lib/aws-directoryservice'; + +const app = new cdk.App(); + +const stack = new cdk.Stack(app, 'cluster-kerberos'); +const vpc = new ec2.Vpc(stack, 'VPC'); + +const iamRole = new iam.Role(stack, 'Role', { + assumedBy: new iam.CompositePrincipal( + new iam.ServicePrincipal('rds.amazonaws.com'), + new iam.ServicePrincipal('directoryservice.rds.amazonaws.com'), + ), + managedPolicies: [ + iam.ManagedPolicy.fromAwsManagedPolicyName('service-role/AmazonRDSDirectoryServiceAccess'), + ], +}); + +const activeDirectory = new ds.CfnMicrosoftAD(stack, 'AD', { + name: 'test-directory.com', + password: 'Password123!', + vpcSettings: { + vpcId: vpc.vpcId, + subnetIds: vpc.privateSubnets.map(subnet => subnet.subnetId), + }, +}); + +new rds.DatabaseCluster(stack, 'Database', { + engine: rds.DatabaseClusterEngine.auroraMysql({ version: rds.AuroraMysqlEngineVersion.VER_3_05_1 }), + writer: rds.ClusterInstance.provisioned('Instance', { + instanceType: ec2.InstanceType.of(ec2.InstanceClass.BURSTABLE3, ec2.InstanceSize.MEDIUM), + }), + vpc, + domain: activeDirectory.ref, + domainRole: iamRole, +}); + +new integ.IntegTest(app, 'integ-cluster-kerberos', { + testCases: [stack], +}); + +app.synth(); \ No newline at end of file diff --git a/packages/aws-cdk-lib/aws-rds/README.md b/packages/aws-cdk-lib/aws-rds/README.md index 995e5f3628510..e936a529be876 100644 --- a/packages/aws-cdk-lib/aws-rds/README.md +++ b/packages/aws-cdk-lib/aws-rds/README.md @@ -884,7 +884,32 @@ const instance = new rds.DatabaseInstance(this, 'Instance', { }); ``` -**Note**: In addition to the setup above, you need to make sure that the database instance has network connectivity +You can also use the Kerberos authentication for an Aurora database cluster. + +```ts +declare const vpc: ec2.Vpc; +const iamRole = new iam.Role(this, 'Role', { + assumedBy: new iam.CompositePrincipal( + new iam.ServicePrincipal('rds.amazonaws.com'), + new iam.ServicePrincipal('directoryservice.rds.amazonaws.com'), + ), + managedPolicies: [ + iam.ManagedPolicy.fromAwsManagedPolicyName('service-role/AmazonRDSDirectoryServiceAccess'), + ], +}); + +new rds.DatabaseCluster(this, 'Database', { + engine: rds.DatabaseClusterEngine.auroraMysql({ version: rds.AuroraMysqlEngineVersion.VER_3_05_1 }), + writer: rds.ClusterInstance.provisioned('Instance', { + instanceType: ec2.InstanceType.of(ec2.InstanceClass.BURSTABLE3, ec2.InstanceSize.MEDIUM), + }), + vpc, + domain: 'd-????????', // The ID of the domain for the cluster to join. + domainRole: iamRole, // Optional - will be created automatically if not provided. +}); +``` + +**Note**: In addition to the setup above, you need to make sure that the database instance or cluster has network connectivity to the domain controllers. This includes enabling cross-VPC traffic if in a different VPC and setting up the appropriate security groups/network ACL to allow traffic between the database instance and domain controllers. Once configured, see for details diff --git a/packages/aws-cdk-lib/aws-rds/lib/cluster.ts b/packages/aws-cdk-lib/aws-rds/lib/cluster.ts index 71f6f46dc16cb..5f2f6339dcefa 100644 --- a/packages/aws-cdk-lib/aws-rds/lib/cluster.ts +++ b/packages/aws-cdk-lib/aws-rds/lib/cluster.ts @@ -359,6 +359,24 @@ interface DatabaseClusterBaseProps { * @default - IPV4 */ readonly networkType?: NetworkType; + + /** + * Directory ID for associating the DB cluster with a specific Active Directory. + * + * Necessary for enabling Kerberos authentication. If specified, the DB cluster joins the given Active Directory, enabling Kerberos authentication. + * If not specified, the DB cluster will not be associated with any Active Directory, and Kerberos authentication will not be enabled. + * + * @default - DB cluster is not associated with an Active Directory; Kerberos authentication is not enabled. + */ + readonly domain?: string; + + /** + * The IAM role to be used when making API calls to the Directory Service. The role needs the AWS-managed policy + * `AmazonRDSDirectoryServiceAccess` or equivalent. + * + * @default - If `DatabaseClusterBaseProps.domain` is specified, a role with the `AmazonRDSDirectoryServiceAccess` policy is automatically created. + */ + readonly domainRole?: iam.IRole; } /** @@ -487,6 +505,9 @@ abstract class DatabaseClusterNew extends DatabaseClusterBase { protected readonly securityGroups: ec2.ISecurityGroup[]; protected readonly subnetGroup: ISubnetGroup; + private readonly domainId?: string; + private readonly domainRole?: iam.IRole; + /** * Secret in SecretsManager to store the database cluster user credentials. */ @@ -609,6 +630,19 @@ abstract class DatabaseClusterNew extends DatabaseClusterBase { ? props.clusterIdentifier?.toLowerCase() : props.clusterIdentifier; + if (props.domain) { + this.domainId = props.domain; + this.domainRole = props.domainRole ?? new iam.Role(this, 'RDSClusterDirectoryServiceRole', { + assumedBy: new iam.CompositePrincipal( + new iam.ServicePrincipal('rds.amazonaws.com'), + new iam.ServicePrincipal('directoryservice.rds.amazonaws.com'), + ), + managedPolicies: [ + iam.ManagedPolicy.fromAwsManagedPolicyName('service-role/AmazonRDSDirectoryServiceAccess'), + ], + }); + } + this.newCfnProps = { // Basic engine: props.engine.engineType, @@ -646,6 +680,8 @@ abstract class DatabaseClusterNew extends DatabaseClusterBase { storageEncrypted: props.storageEncryptionKey ? true : props.storageEncrypted, // Tags copyTagsToSnapshot: props.copyTagsToSnapshot ?? true, + domain: this.domainId, + domainIamRoleName: this.domainRole?.roleName, }; } diff --git a/packages/aws-cdk-lib/aws-rds/test/cluster.test.ts b/packages/aws-cdk-lib/aws-rds/test/cluster.test.ts index 0c3670bdeca39..585cd870181a3 100644 --- a/packages/aws-cdk-lib/aws-rds/test/cluster.test.ts +++ b/packages/aws-cdk-lib/aws-rds/test/cluster.test.ts @@ -1,6 +1,7 @@ import { Annotations, Match, Template } from '../../assertions'; import * as ec2 from '../../aws-ec2'; import { ManagedPolicy, Role, ServicePrincipal } from '../../aws-iam'; +import * as iam from '../../aws-iam'; import * as kms from '../../aws-kms'; import * as logs from '../../aws-logs'; import * as s3 from '../../aws-s3'; @@ -3974,6 +3975,83 @@ describe('cluster', () => { }, }); }); + + test('setup kerberos authentication with domainRole', () => { + // GIVEN + const stack = testStack(); + const vpc = new ec2.Vpc(stack, 'VPC'); + + const role = new iam.Role(stack, 'Role', { + roleName: 'directoryServiceRoleName', + assumedBy: new iam.CompositePrincipal( + new iam.ServicePrincipal('rds.amazonaws.com'), + new iam.ServicePrincipal('directoryservice.rds.amazonaws.com'), + ), + managedPolicies: [ + iam.ManagedPolicy.fromAwsManagedPolicyName('service-role/AmazonRDSDirectoryServiceAccess'), + ], + }); + + // WHEN + new DatabaseCluster(stack, 'Database', { + engine: DatabaseClusterEngine.auroraPostgres({ version: AuroraPostgresEngineVersion.VER_14_3 }), + instanceProps: { vpc }, + domain: 'domain.com', + domainRole: role, + }); + + // THEN + Template.fromStack(stack).hasResourceProperties('AWS::RDS::DBCluster', { + DBClusterParameterGroupName: 'default.aurora-postgresql14', + Domain: 'domain.com', + DomainIAMRoleName: { Ref: 'Role1ABCC5F0' }, + }); + }); + + test('setup kerberos authentication without domainRole', () => { + // GIVEN + const stack = testStack(); + const vpc = new ec2.Vpc(stack, 'VPC'); + + // WHEN + new DatabaseCluster(stack, 'Database', { + engine: DatabaseClusterEngine.auroraPostgres({ version: AuroraPostgresEngineVersion.VER_14_3 }), + instanceProps: { vpc }, + domain: 'domain.com', + }); + + // THEN + Template.fromStack(stack).hasResourceProperties('AWS::RDS::DBCluster', { + DBClusterParameterGroupName: 'default.aurora-postgresql14', + Domain: 'domain.com', + DomainIAMRoleName: { + Ref: 'DatabaseRDSClusterDirectoryServiceRole6E1B0FFE', + }, + }); + Template.fromStack(stack).hasResourceProperties('AWS::IAM::Role', { + AssumeRolePolicyDocument: { + Statement: [{ + Action: 'sts:AssumeRole', + Effect: 'Allow', + Principal: { + Service: 'rds.amazonaws.com', + }, + }, { + Action: 'sts:AssumeRole', + Effect: 'Allow', + Principal: { + Service: 'directoryservice.rds.amazonaws.com', + }, + }], + Version: '2012-10-17', + }, + ManagedPolicyArns: [ + { + 'Fn::Join': ['', ['arn:', { Ref: 'AWS::Partition' }, ':iam::aws:policy/service-role/AmazonRDSDirectoryServiceAccess']], + }, + ], + }); + }); }); test.each([ From 27dd6e1270618f079cc7741db85debd635ebcb33 Mon Sep 17 00:00:00 2001 From: AWS CDK Team Date: Wed, 24 Jan 2024 18:20:03 +0000 Subject: [PATCH 3/6] chore(release): 2.123.0 --- CHANGELOG.v2.alpha.md | 13 +++++++++++++ CHANGELOG.v2.md | 28 ++++++++++++++++++++++++++++ version.v2.json | 4 ++-- 3 files changed, 43 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.v2.alpha.md b/CHANGELOG.v2.alpha.md index 9416b6c06ab70..fd0088fa79d2e 100644 --- a/CHANGELOG.v2.alpha.md +++ b/CHANGELOG.v2.alpha.md @@ -2,6 +2,19 @@ All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines. +## [2.123.0-alpha.0](https://github.com/aws/aws-cdk/compare/v2.122.0-alpha.0...v2.123.0-alpha.0) (2024-01-24) + + +### Features + +* **iot-actions-alpha:** open search action in IoT topic rule ([#28748](https://github.com/aws/aws-cdk/issues/28748)) ([84b23cb](https://github.com/aws/aws-cdk/commit/84b23cb07d421ec004e412bf48e837ae0d87f7fe)) + + +### Bug Fixes + +* **amplify:** addBranch fails synth with "cannot find entry file..." ([#28772](https://github.com/aws/aws-cdk/issues/28772)) ([cb522bb](https://github.com/aws/aws-cdk/commit/cb522bb65b03e9b0cdcbd01b4f71798e628424f4)), closes [#28658](https://github.com/aws/aws-cdk/issues/28658) [#28764](https://github.com/aws/aws-cdk/issues/28764) +* **redshift:** enableRebootForParameterChanges fails synth with "cannot find entry file…" ([#28760](https://github.com/aws/aws-cdk/issues/28760)) ([4952f36](https://github.com/aws/aws-cdk/commit/4952f36ff70c25c7a56676fedf47ab6571c19cea)) + ## [2.122.0-alpha.0](https://github.com/aws/aws-cdk/compare/v2.121.1-alpha.0...v2.122.0-alpha.0) (2024-01-18) diff --git a/CHANGELOG.v2.md b/CHANGELOG.v2.md index eb148d49cbb23..deb194083f35e 100644 --- a/CHANGELOG.v2.md +++ b/CHANGELOG.v2.md @@ -2,6 +2,34 @@ All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines. +## [2.123.0](https://github.com/aws/aws-cdk/compare/v2.122.0...v2.123.0) (2024-01-24) + + +### Features + +* **apigatewayv2:** AWS type websocket api integration in http api ([#28718](https://github.com/aws/aws-cdk/issues/28718)) ([4d7374e](https://github.com/aws/aws-cdk/commit/4d7374ea5b83c4341935f5e5b39429b662c3857d)), closes [/docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigatewayv2-integration.html#cfn-apigatewayv2](https://github.com/aws//docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigatewayv2-integration.html/issues/cfn-apigatewayv2) +* **autoscaling:** `datapointsToAlarm` property for step scaling policy ([#28792](https://github.com/aws/aws-cdk/issues/28792)) ([baf2bfb](https://github.com/aws/aws-cdk/commit/baf2bfb18dda5d05d563a082b32b4fb13de321e0)), closes [#28749](https://github.com/aws/aws-cdk/issues/28749) +* **core:** add validations for export name in CfnOutput ([#28575](https://github.com/aws/aws-cdk/issues/28575)) ([513d9fb](https://github.com/aws/aws-cdk/commit/513d9fb57a896b9f6998d7157f01080cc87ad233)), closes [#28563](https://github.com/aws/aws-cdk/issues/28563) +* **core:** custom resources deprecate `logRetention` in favor of `logGroup` ([#28783](https://github.com/aws/aws-cdk/issues/28783)) ([ea34c89](https://github.com/aws/aws-cdk/commit/ea34c89d92d126c56bfffab6c17361cfaa00315f)), closes [#28737](https://github.com/aws/aws-cdk/issues/28737) +* **dynamodb:** import data from the bucket ([#28610](https://github.com/aws/aws-cdk/issues/28610)) ([45b8398](https://github.com/aws/aws-cdk/commit/45b8398bec9ba9c03f195c14f3b92188c9058a7b)), closes [#21825](https://github.com/aws/aws-cdk/issues/21825) +* **ec2:** flow logs from TransitGateway and TransitGatewayAttachment ([#28605](https://github.com/aws/aws-cdk/issues/28605)) ([a238590](https://github.com/aws/aws-cdk/commit/a2385907c73f6ebbda85919ca2138ef8471e707d)), closes [#27222](https://github.com/aws/aws-cdk/issues/27222) +* **ecs:** add neuron to ecs AMI hardware type ([#28819](https://github.com/aws/aws-cdk/issues/28819)) ([ef1d64e](https://github.com/aws/aws-cdk/commit/ef1d64ef7aaf30c68fa21d625e3b22cb66283d26)), closes [#28198](https://github.com/aws/aws-cdk/issues/28198) +* **ecs:** support for explicit activation of the circuit breaker ([#28611](https://github.com/aws/aws-cdk/issues/28611)) ([bbb9555](https://github.com/aws/aws-cdk/commit/bbb95550b84f2fa179ba05f2fcf738eb11a9c525)), closes [#27131](https://github.com/aws/aws-cdk/issues/27131) +* **ecs-patterns:** cooldown parameter to QueueProcessingServiceBaseProps ([#28730](https://github.com/aws/aws-cdk/issues/28730)) ([b3b672a](https://github.com/aws/aws-cdk/commit/b3b672af736d64c346508dde55d5a9df11f7009d)), closes [#8298](https://github.com/aws/aws-cdk/issues/8298) +* **logs:** support data protection custom data identifiers ([#28553](https://github.com/aws/aws-cdk/issues/28553)) ([1222aaa](https://github.com/aws/aws-cdk/commit/1222aaac57a48113a52347a99e41af59236c0aef)), closes [#28430](https://github.com/aws/aws-cdk/issues/28430) +* **rds:** allocatedStorage parameter for DatabaseInstanceReadReplica ([#28789](https://github.com/aws/aws-cdk/issues/28789)) ([df8fbc4](https://github.com/aws/aws-cdk/commit/df8fbc48c2eaf59c3380d3ffa46d0024ef88ada5)), closes [#17083](https://github.com/aws/aws-cdk/issues/17083) +* **rds:** Kerberos authentication support in Aurora Database Clusters ([#28559](https://github.com/aws/aws-cdk/issues/28559)) ([bdf4285](https://github.com/aws/aws-cdk/commit/bdf42854ba74b80d18263e77ec76ce1c2356fd38)), closes [/github.com/aws/aws-cdk/blob/main/packages/aws-cdk-lib/aws-rds/lib/instance.ts#L625](https://github.com/aws//github.com/aws/aws-cdk/blob/main/packages/aws-cdk-lib/aws-rds/lib/instance.ts/issues/L625) [/github.com/aws/aws-cdk/blob/main/packages/aws-cdk-lib/aws-rds/lib/instance.ts#L633](https://github.com/aws//github.com/aws/aws-cdk/blob/main/packages/aws-cdk-lib/aws-rds/lib/instance.ts/issues/L633) [#28050](https://github.com/aws/aws-cdk/issues/28050) +* **stepfunctions:** support Map ItemSelector ([#28771](https://github.com/aws/aws-cdk/issues/28771)) ([b226a8c](https://github.com/aws/aws-cdk/commit/b226a8ca50e41853d60958374dbac4addc20d861)), closes [#27913](https://github.com/aws/aws-cdk/issues/27913) [#23265](https://github.com/aws/aws-cdk/issues/23265) +* update L1 CloudFormation resource definitions ([#28811](https://github.com/aws/aws-cdk/issues/28811)) ([1b6be8b](https://github.com/aws/aws-cdk/commit/1b6be8b94b8620911cf8418f0627227045c47bf9)) + + +### Bug Fixes + +* **appsync:** add dependency to logretention for graphql apis log group ([#28548](https://github.com/aws/aws-cdk/issues/28548)) ([04e5480](https://github.com/aws/aws-cdk/commit/04e5480399c2ff3f3487583343fd3021a63b63e1)), closes [#26564](https://github.com/aws/aws-cdk/issues/26564) +* **CLI:** `cdk diff` is not clear enough about using read-only change sets ([#28741](https://github.com/aws/aws-cdk/issues/28741)) ([bb50f97](https://github.com/aws/aws-cdk/commit/bb50f97393cf54963b0c19a104d8a7b487963b83)) +* **lambda:** lambda does not set environment variables for `AWS_CODEGURU_PROFILER` properties when creating Amazon CodeGuruProfiler profiling group ([#28762](https://github.com/aws/aws-cdk/issues/28762)) ([2511956](https://github.com/aws/aws-cdk/commit/2511956fc619ffa2c55d7e2637e97d7359f96de3)), closes [#23511](https://github.com/aws/aws-cdk/issues/23511) +* **rds:** Failed to create a Database Instance with Kerberos authentication configured ([#28601](https://github.com/aws/aws-cdk/issues/28601)) ([b620f1b](https://github.com/aws/aws-cdk/commit/b620f1b65e9254f76d4ebfa7d77e0cb4ef91514f)), closes [#28600](https://github.com/aws/aws-cdk/issues/28600) + ## [2.122.0](https://github.com/aws/aws-cdk/compare/v2.121.1...v2.122.0) (2024-01-18) diff --git a/version.v2.json b/version.v2.json index 521c3d6d0fe23..c4245379311aa 100644 --- a/version.v2.json +++ b/version.v2.json @@ -1,4 +1,4 @@ { - "version": "2.122.0", - "alphaVersion": "2.122.0-alpha.0" + "version": "2.123.0", + "alphaVersion": "2.123.0-alpha.0" } \ No newline at end of file From c1f2abb153789f0496e5194e65cfeacfafc65a32 Mon Sep 17 00:00:00 2001 From: kazuho cryer-shinozuka Date: Thu, 25 Jan 2024 03:44:25 +0900 Subject: [PATCH 4/6] fix(iam): SamlConsolePrincipal returns incorrect url in GovCloud and ISO regions (#28704) This PR addresses the issue where the SAML federation principal is hardcoded with URLs specific to standard AWS and China partitions, causing failures in GovCloud, Iso, and Iso-b partitions. The provided solution dynamically sets the SAML sign-on URL based on the partition. ```diff - 'SAML:aud': cdk.Aws.PARTITION==='aws-cn'? 'https://signin.amazonaws.cn/saml': 'https://signin.aws.amazon.com/saml', + 'SAML:aud': RegionInfo.get(samlProvider.stack.region).samlSignOnUrl ?? 'https://signin.aws.amazon.com/saml', ``` ```ts export const PARTITION_SAML_SIGN_ON_URL: Record = { [Partition.Default]: 'https://signin.aws.amazon.com/saml', [Partition.Cn]: 'https://signin.amazonaws.cn/saml', [Partition.UsGov]: 'https://signin.amazonaws-us-gov.com/saml', [Partition.UsIso]: 'https://signin.c2shome.ic.gov/saml', [Partition.UsIsoB]: 'https://signin.sc2shome.sgov.gov/saml', }; ``` Closes #25723. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- packages/aws-cdk-lib/aws-iam/lib/principals.ts | 2 +- .../aws-cdk-lib/aws-iam/test/principals.test.ts | 13 ++++++++++--- .../region-info/build-tools/fact-tables.ts | 8 ++++++++ .../region-info/build-tools/generate-static-data.ts | 3 +++ packages/aws-cdk-lib/region-info/lib/fact.ts | 5 +++++ packages/aws-cdk-lib/region-info/lib/region-info.ts | 8 ++++++++ 6 files changed, 35 insertions(+), 4 deletions(-) diff --git a/packages/aws-cdk-lib/aws-iam/lib/principals.ts b/packages/aws-cdk-lib/aws-iam/lib/principals.ts index 5de347fd4606f..6833334fcbf3d 100644 --- a/packages/aws-cdk-lib/aws-iam/lib/principals.ts +++ b/packages/aws-cdk-lib/aws-iam/lib/principals.ts @@ -760,7 +760,7 @@ export class SamlConsolePrincipal extends SamlPrincipal { super(samlProvider, { ...conditions, StringEquals: { - 'SAML:aud': cdk.Aws.PARTITION==='aws-cn'? 'https://signin.amazonaws.cn/saml': 'https://signin.aws.amazon.com/saml', + 'SAML:aud': RegionInfo.get(samlProvider.stack.region).samlSignOnUrl ?? 'https://signin.aws.amazon.com/saml', }, }); } diff --git a/packages/aws-cdk-lib/aws-iam/test/principals.test.ts b/packages/aws-cdk-lib/aws-iam/test/principals.test.ts index 8b9532e0d17e1..67cdb361ee257 100644 --- a/packages/aws-cdk-lib/aws-iam/test/principals.test.ts +++ b/packages/aws-cdk-lib/aws-iam/test/principals.test.ts @@ -144,9 +144,16 @@ test('use OpenID Connect principal from provider', () => { expect(stack.resolve(principal.federated)).toStrictEqual({ Ref: 'MyProvider730BA1C8' }); }); -test('SAML principal', () => { +test.each([ + { name: 'SAML principal', region: 'us-east-1', expectedAud: 'https://signin.aws.amazon.com/saml' }, + { name: 'SAML principal CN', region: 'cn-northwest-1', expectedAud: 'https://signin.amazonaws.cn/saml' }, + { name: 'SAML principal UsGov', region: 'us-gov-east-1', expectedAud: 'https://signin.amazonaws-us-gov.com/saml' }, + { name: 'SAML principal UsIso', region: 'us-iso-east-1', expectedAud: 'https://signin.c2shome.ic.gov/saml' }, + { name: 'SAML principal UsIsoB', region: 'us-isob-east-1', expectedAud: 'https://signin.sc2shome.sgov.gov/saml' }, +])('$name', ({ region, expectedAud }) => { // GIVEN - const stack = new Stack(); + const app = new App(); + const stack = new Stack(app, 'TestStack', { env: { region } }); const provider = new iam.SamlProvider(stack, 'MyProvider', { metadataDocument: iam.SamlMetadataDocument.fromXml('document'), }); @@ -166,7 +173,7 @@ test('SAML principal', () => { Action: 'sts:AssumeRoleWithSAML', Condition: { StringEquals: { - 'SAML:aud': 'https://signin.aws.amazon.com/saml', + 'SAML:aud': expectedAud, }, }, Effect: 'Allow', diff --git a/packages/aws-cdk-lib/region-info/build-tools/fact-tables.ts b/packages/aws-cdk-lib/region-info/build-tools/fact-tables.ts index 4284ceffa7931..955996a81b491 100644 --- a/packages/aws-cdk-lib/region-info/build-tools/fact-tables.ts +++ b/packages/aws-cdk-lib/region-info/build-tools/fact-tables.ts @@ -3361,3 +3361,11 @@ export const ADOT_LAMBDA_LAYER_ARNS: { [key: string]: any } = { PYTHON_SDK: ADOT_LAMBDA_LAYER_PYTHON_SDK_ARNS, GENERIC: ADOT_LAMBDA_LAYER_GENERIC_ARNS, }; + +export const PARTITION_SAML_SIGN_ON_URL: Record = { + [Partition.Default]: 'https://signin.aws.amazon.com/saml', + [Partition.Cn]: 'https://signin.amazonaws.cn/saml', + [Partition.UsGov]: 'https://signin.amazonaws-us-gov.com/saml', + [Partition.UsIso]: 'https://signin.c2shome.ic.gov/saml', + [Partition.UsIsoB]: 'https://signin.sc2shome.sgov.gov/saml', +}; diff --git a/packages/aws-cdk-lib/region-info/build-tools/generate-static-data.ts b/packages/aws-cdk-lib/region-info/build-tools/generate-static-data.ts index b759c32a342c7..03f8c5d712710 100644 --- a/packages/aws-cdk-lib/region-info/build-tools/generate-static-data.ts +++ b/packages/aws-cdk-lib/region-info/build-tools/generate-static-data.ts @@ -12,6 +12,7 @@ import { ADOT_LAMBDA_LAYER_ARNS, PARAMS_AND_SECRETS_LAMBDA_LAYER_ARNS, APPCONFIG_LAMBDA_LAYER_ARNS, + PARTITION_SAML_SIGN_ON_URL, } from './fact-tables'; import { AWS_CDK_METADATA } from './metadata'; import { @@ -84,6 +85,8 @@ export async function main(): Promise { registerFact(region, 'APPMESH_ECR_ACCOUNT', APPMESH_ECR_ACCOUNTS[region]); + registerFact(region, 'SAML_SIGN_ON_URL', PARTITION_SAML_SIGN_ON_URL[partition]); + const firehoseCidrBlock = FIREHOSE_CIDR_BLOCKS[region]; if (firehoseCidrBlock) { registerFact(region, 'FIREHOSE_CIDR_BLOCK', `${FIREHOSE_CIDR_BLOCKS[region]}/27`); diff --git a/packages/aws-cdk-lib/region-info/lib/fact.ts b/packages/aws-cdk-lib/region-info/lib/fact.ts index 4b1ecc6574a25..36671df11c3f1 100644 --- a/packages/aws-cdk-lib/region-info/lib/fact.ts +++ b/packages/aws-cdk-lib/region-info/lib/fact.ts @@ -190,6 +190,11 @@ export class FactName { */ public static readonly FIREHOSE_CIDR_BLOCK = 'firehoseCidrBlock'; + /** + * The SAML Sign On URL for partition used by IAM SAML Principal + */ + public static readonly SAML_SIGN_ON_URL = 'samlSignOnUrl'; + /** * The ARN of CloudWatch Lambda Insights for a version (e.g. 1.0.98.0) */ diff --git a/packages/aws-cdk-lib/region-info/lib/region-info.ts b/packages/aws-cdk-lib/region-info/lib/region-info.ts index 28535c1242095..5f360f206bd0a 100644 --- a/packages/aws-cdk-lib/region-info/lib/region-info.ts +++ b/packages/aws-cdk-lib/region-info/lib/region-info.ts @@ -197,4 +197,12 @@ export class RegionInfo { public paramsAndSecretsLambdaLayerArn(version: string, architecture: string): string | undefined { return Fact.find(this.name, FactName.paramsAndSecretsLambdaLayer(version, architecture)); } + + /** + * SAML Sign On URL used by IAM SAML Principals. + */ + public get samlSignOnUrl(): string | undefined { + return Fact.find(this.name, FactName.SAML_SIGN_ON_URL); + } + } From 169fd91e135556b8efb59d631acaf9a3426eaa53 Mon Sep 17 00:00:00 2001 From: kazuho cryer-shinozuka Date: Thu, 25 Jan 2024 05:02:10 +0900 Subject: [PATCH 5/6] feat(route53): latency based routing (#28723) In this PR, I have made the RecordSet compatible with latency-based routing. You can set it by providing a Region name to the region argument. ```ts new route53.ARecord(this, 'ARecord', { zone: myZone, target: route53.RecordTarget.fromIpAddresses('1.2.3.4'), region: 'ap-northeast-1', // added }) ``` Closes #28722. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- ...efaultTestDeployAssert0B7B9B14.assets.json | 19 ++ ...aultTestDeployAssert0B7B9B14.template.json | 36 +++ .../cdk.out | 1 + .../integ.json | 12 + .../latency-based-routing.assets.json | 19 ++ .../latency-based-routing.template.json | 92 +++++++ .../manifest.json | 131 ++++++++++ .../tree.json | 227 ++++++++++++++++++ .../test/integ.latency-based-routing.ts | 35 +++ packages/aws-cdk-lib/aws-route53/README.md | 16 +- .../aws-cdk-lib/aws-route53/lib/record-set.ts | 40 ++- .../aws-route53/test/record-set.test.ts | 16 +- 12 files changed, 630 insertions(+), 14 deletions(-) create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.latency-based-routing.js.snapshot/Route53LatencyBasedRoutingIntegDefaultTestDeployAssert0B7B9B14.assets.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.latency-based-routing.js.snapshot/Route53LatencyBasedRoutingIntegDefaultTestDeployAssert0B7B9B14.template.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.latency-based-routing.js.snapshot/cdk.out create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.latency-based-routing.js.snapshot/integ.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.latency-based-routing.js.snapshot/latency-based-routing.assets.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.latency-based-routing.js.snapshot/latency-based-routing.template.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.latency-based-routing.js.snapshot/manifest.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.latency-based-routing.js.snapshot/tree.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.latency-based-routing.ts diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.latency-based-routing.js.snapshot/Route53LatencyBasedRoutingIntegDefaultTestDeployAssert0B7B9B14.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.latency-based-routing.js.snapshot/Route53LatencyBasedRoutingIntegDefaultTestDeployAssert0B7B9B14.assets.json new file mode 100644 index 0000000000000..5e6fa13156374 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.latency-based-routing.js.snapshot/Route53LatencyBasedRoutingIntegDefaultTestDeployAssert0B7B9B14.assets.json @@ -0,0 +1,19 @@ +{ + "version": "36.0.0", + "files": { + "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { + "source": { + "path": "Route53LatencyBasedRoutingIntegDefaultTestDeployAssert0B7B9B14.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.latency-based-routing.js.snapshot/Route53LatencyBasedRoutingIntegDefaultTestDeployAssert0B7B9B14.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.latency-based-routing.js.snapshot/Route53LatencyBasedRoutingIntegDefaultTestDeployAssert0B7B9B14.template.json new file mode 100644 index 0000000000000..ad9d0fb73d1dd --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.latency-based-routing.js.snapshot/Route53LatencyBasedRoutingIntegDefaultTestDeployAssert0B7B9B14.template.json @@ -0,0 +1,36 @@ +{ + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.latency-based-routing.js.snapshot/cdk.out b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.latency-based-routing.js.snapshot/cdk.out new file mode 100644 index 0000000000000..1f0068d32659a --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.latency-based-routing.js.snapshot/cdk.out @@ -0,0 +1 @@ +{"version":"36.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.latency-based-routing.js.snapshot/integ.json b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.latency-based-routing.js.snapshot/integ.json new file mode 100644 index 0000000000000..d4846f2169088 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.latency-based-routing.js.snapshot/integ.json @@ -0,0 +1,12 @@ +{ + "version": "36.0.0", + "testCases": { + "Route53LatencyBasedRoutingInteg/DefaultTest": { + "stacks": [ + "latency-based-routing" + ], + "assertionStack": "Route53LatencyBasedRoutingInteg/DefaultTest/DeployAssert", + "assertionStackName": "Route53LatencyBasedRoutingIntegDefaultTestDeployAssert0B7B9B14" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.latency-based-routing.js.snapshot/latency-based-routing.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.latency-based-routing.js.snapshot/latency-based-routing.assets.json new file mode 100644 index 0000000000000..65a0b9089f9bb --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.latency-based-routing.js.snapshot/latency-based-routing.assets.json @@ -0,0 +1,19 @@ +{ + "version": "36.0.0", + "files": { + "a80ec20b957f0b1134ee759f20e89c04b7bc876c73408565ff5613e6632e3b1f": { + "source": { + "path": "latency-based-routing.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "a80ec20b957f0b1134ee759f20e89c04b7bc876c73408565ff5613e6632e3b1f.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.latency-based-routing.js.snapshot/latency-based-routing.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.latency-based-routing.js.snapshot/latency-based-routing.template.json new file mode 100644 index 0000000000000..7a46513e08aa4 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.latency-based-routing.js.snapshot/latency-based-routing.template.json @@ -0,0 +1,92 @@ +{ + "Resources": { + "HostedZoneDB99F866": { + "Type": "AWS::Route53::HostedZone", + "Properties": { + "Name": "cdk.dev." + } + }, + "LatencyBasedRouting0C1664EAC": { + "Type": "AWS::Route53::RecordSet", + "Properties": { + "HostedZoneId": { + "Ref": "HostedZoneDB99F866" + }, + "Name": "www.cdk.dev.", + "Region": "us-east-1", + "ResourceRecords": [ + "1.2.3.4" + ], + "SetIdentifier": "REGION_us-east-1_ID_latencybasedroutintencyBasedRouting09258C5CC", + "TTL": "1800", + "Type": "A" + } + }, + "LatencyBasedRouting1D10EA109": { + "Type": "AWS::Route53::RecordSet", + "Properties": { + "HostedZoneId": { + "Ref": "HostedZoneDB99F866" + }, + "Name": "www.cdk.dev.", + "Region": "ap-northeast-1", + "ResourceRecords": [ + "2.3.4.5" + ], + "SetIdentifier": "REGION_ap-northeast-1_ID_latencybasedroucyBasedRouting193C4855F", + "TTL": "1800", + "Type": "A" + } + }, + "LatencyBasedRouting26C32588A": { + "Type": "AWS::Route53::RecordSet", + "Properties": { + "HostedZoneId": { + "Ref": "HostedZoneDB99F866" + }, + "Name": "www.cdk.dev.", + "Region": "eu-west-1", + "ResourceRecords": [ + "3.4.5.6" + ], + "SetIdentifier": "REGION_eu-west-1_ID_latencybasedroutintencyBasedRouting25966E4AD", + "TTL": "1800", + "Type": "A" + } + } + }, + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.latency-based-routing.js.snapshot/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.latency-based-routing.js.snapshot/manifest.json new file mode 100644 index 0000000000000..b8eba09d53899 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.latency-based-routing.js.snapshot/manifest.json @@ -0,0 +1,131 @@ +{ + "version": "36.0.0", + "artifacts": { + "latency-based-routing.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "latency-based-routing.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "latency-based-routing": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "latency-based-routing.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/a80ec20b957f0b1134ee759f20e89c04b7bc876c73408565ff5613e6632e3b1f.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "latency-based-routing.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "latency-based-routing.assets" + ], + "metadata": { + "/latency-based-routing/HostedZone/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "HostedZoneDB99F866" + } + ], + "/latency-based-routing/LatencyBasedRouting0/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "LatencyBasedRouting0C1664EAC" + } + ], + "/latency-based-routing/LatencyBasedRouting1/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "LatencyBasedRouting1D10EA109" + } + ], + "/latency-based-routing/LatencyBasedRouting2/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "LatencyBasedRouting26C32588A" + } + ], + "/latency-based-routing/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/latency-based-routing/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "latency-based-routing" + }, + "Route53LatencyBasedRoutingIntegDefaultTestDeployAssert0B7B9B14.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "Route53LatencyBasedRoutingIntegDefaultTestDeployAssert0B7B9B14.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "Route53LatencyBasedRoutingIntegDefaultTestDeployAssert0B7B9B14": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "Route53LatencyBasedRoutingIntegDefaultTestDeployAssert0B7B9B14.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "Route53LatencyBasedRoutingIntegDefaultTestDeployAssert0B7B9B14.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "Route53LatencyBasedRoutingIntegDefaultTestDeployAssert0B7B9B14.assets" + ], + "metadata": { + "/Route53LatencyBasedRoutingInteg/DefaultTest/DeployAssert/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/Route53LatencyBasedRoutingInteg/DefaultTest/DeployAssert/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "Route53LatencyBasedRoutingInteg/DefaultTest/DeployAssert" + }, + "Tree": { + "type": "cdk:tree", + "properties": { + "file": "tree.json" + } + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.latency-based-routing.js.snapshot/tree.json b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.latency-based-routing.js.snapshot/tree.json new file mode 100644 index 0000000000000..75c178dd1b0a1 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.latency-based-routing.js.snapshot/tree.json @@ -0,0 +1,227 @@ +{ + "version": "tree-0.1", + "tree": { + "id": "App", + "path": "", + "children": { + "latency-based-routing": { + "id": "latency-based-routing", + "path": "latency-based-routing", + "children": { + "HostedZone": { + "id": "HostedZone", + "path": "latency-based-routing/HostedZone", + "children": { + "Resource": { + "id": "Resource", + "path": "latency-based-routing/HostedZone/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Route53::HostedZone", + "aws:cdk:cloudformation:props": { + "name": "cdk.dev." + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_route53.CfnHostedZone", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_route53.PublicHostedZone", + "version": "0.0.0" + } + }, + "LatencyBasedRouting0": { + "id": "LatencyBasedRouting0", + "path": "latency-based-routing/LatencyBasedRouting0", + "children": { + "Resource": { + "id": "Resource", + "path": "latency-based-routing/LatencyBasedRouting0/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Route53::RecordSet", + "aws:cdk:cloudformation:props": { + "hostedZoneId": { + "Ref": "HostedZoneDB99F866" + }, + "name": "www.cdk.dev.", + "region": "us-east-1", + "resourceRecords": [ + "1.2.3.4" + ], + "setIdentifier": "REGION_us-east-1_ID_latencybasedroutintencyBasedRouting09258C5CC", + "ttl": "1800", + "type": "A" + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_route53.CfnRecordSet", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_route53.ARecord", + "version": "0.0.0" + } + }, + "LatencyBasedRouting1": { + "id": "LatencyBasedRouting1", + "path": "latency-based-routing/LatencyBasedRouting1", + "children": { + "Resource": { + "id": "Resource", + "path": "latency-based-routing/LatencyBasedRouting1/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Route53::RecordSet", + "aws:cdk:cloudformation:props": { + "hostedZoneId": { + "Ref": "HostedZoneDB99F866" + }, + "name": "www.cdk.dev.", + "region": "ap-northeast-1", + "resourceRecords": [ + "2.3.4.5" + ], + "setIdentifier": "REGION_ap-northeast-1_ID_latencybasedroucyBasedRouting193C4855F", + "ttl": "1800", + "type": "A" + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_route53.CfnRecordSet", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_route53.ARecord", + "version": "0.0.0" + } + }, + "LatencyBasedRouting2": { + "id": "LatencyBasedRouting2", + "path": "latency-based-routing/LatencyBasedRouting2", + "children": { + "Resource": { + "id": "Resource", + "path": "latency-based-routing/LatencyBasedRouting2/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Route53::RecordSet", + "aws:cdk:cloudformation:props": { + "hostedZoneId": { + "Ref": "HostedZoneDB99F866" + }, + "name": "www.cdk.dev.", + "region": "eu-west-1", + "resourceRecords": [ + "3.4.5.6" + ], + "setIdentifier": "REGION_eu-west-1_ID_latencybasedroutintencyBasedRouting25966E4AD", + "ttl": "1800", + "type": "A" + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_route53.CfnRecordSet", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_route53.ARecord", + "version": "0.0.0" + } + }, + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "latency-based-routing/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "latency-based-routing/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + }, + "Route53LatencyBasedRoutingInteg": { + "id": "Route53LatencyBasedRoutingInteg", + "path": "Route53LatencyBasedRoutingInteg", + "children": { + "DefaultTest": { + "id": "DefaultTest", + "path": "Route53LatencyBasedRoutingInteg/DefaultTest", + "children": { + "Default": { + "id": "Default", + "path": "Route53LatencyBasedRoutingInteg/DefaultTest/Default", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "DeployAssert": { + "id": "DeployAssert", + "path": "Route53LatencyBasedRoutingInteg/DefaultTest/DeployAssert", + "children": { + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "Route53LatencyBasedRoutingInteg/DefaultTest/DeployAssert/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "Route53LatencyBasedRoutingInteg/DefaultTest/DeployAssert/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTestCase", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTest", + "version": "0.0.0" + } + }, + "Tree": { + "id": "Tree", + "path": "Tree", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.App", + "version": "0.0.0" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.latency-based-routing.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.latency-based-routing.ts new file mode 100644 index 0000000000000..fc83fb1630db3 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.latency-based-routing.ts @@ -0,0 +1,35 @@ +import { App, Stack, StackProps } from 'aws-cdk-lib'; +import { Construct } from 'constructs'; +import * as route53 from 'aws-cdk-lib/aws-route53'; +import { IntegTest } from '@aws-cdk/integ-tests-alpha'; + +class TestStack extends Stack { + constructor(scope: Construct, id: string, props?: StackProps) { + super(scope, id, props); + + const hostedZone = new route53.PublicHostedZone(this, 'HostedZone', { + zoneName: 'cdk.dev', + }); + + [ + { target: '1.2.3.4', region: 'us-east-1' }, + { target: '2.3.4.5', region: 'ap-northeast-1' }, + { target: '3.4.5.6', region: 'eu-west-1' }, + ].forEach((data, index) => { + new route53.ARecord(this, `LatencyBasedRouting${index}`, { + zone: hostedZone, + recordName: 'www', + region: data.region, + target: route53.RecordTarget.fromIpAddresses(data.target), + }); + }); + } +} + +const app = new App(); +const stack = new TestStack(app, 'latency-based-routing'); + +new IntegTest(app, 'Route53LatencyBasedRoutingInteg', { + testCases: [stack], +}); +app.synth(); diff --git a/packages/aws-cdk-lib/aws-route53/README.md b/packages/aws-cdk-lib/aws-route53/README.md index fb33c8f5e7fdf..34727074040a4 100644 --- a/packages/aws-cdk-lib/aws-route53/README.md +++ b/packages/aws-cdk-lib/aws-route53/README.md @@ -163,6 +163,18 @@ new route53.ARecord(this, 'ARecordWeighted1', { }); ``` +To enable [latency based routing](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/routing-policy-latency.html), use the `region` parameter: + +```ts +declare const myZone: route53.HostedZone; + +new route53.ARecord(this, 'ARecordLatency1', { + zone: myZone, + target: route53.RecordTarget.fromIpAddresses('1.2.3.4'), + region: 'us-east-1', +}); +``` + To specify a unique identifier to differentiate among multiple resource record sets that have the same combination of name and type, use the `setIdentifier` parameter: ```ts @@ -172,10 +184,10 @@ new route53.ARecord(this, 'ARecordWeighted1', { zone: myZone, target: route53.RecordTarget.fromIpAddresses('1.2.3.4'), weight: 10, - setIdentifier: 'weighted-record-id', + setIdentifier: 'weighted-record-id', }); ``` -**Warning** It is not possible to specify `setIdentifier` in a simple routing without one of `weight` or `geoLocation` defined. +**Warning** It is not possible to specify `setIdentifier` for a simple routing policy. Constructs are available for A, AAAA, CAA, CNAME, MX, NS, SRV and TXT records. diff --git a/packages/aws-cdk-lib/aws-route53/lib/record-set.ts b/packages/aws-cdk-lib/aws-route53/lib/record-set.ts index 02c1b2a8d3fac..8564aedae843a 100644 --- a/packages/aws-cdk-lib/aws-route53/lib/record-set.ts +++ b/packages/aws-cdk-lib/aws-route53/lib/record-set.ts @@ -200,6 +200,21 @@ export interface RecordSetOptions { */ readonly weight?: number; + /** + * The Amazon EC2 Region where you created the resource that this resource record set refers to. + * The resource typically is an AWS resource, such as an EC2 instance or an ELB load balancer, + * and is referred to by an IP address or a DNS domain name, depending on the record type. + * + * When Amazon Route 53 receives a DNS query for a domain name and type for which you have created latency resource record sets, + * Route 53 selects the latency resource record set that has the lowest latency between the end user and the associated Amazon EC2 Region. + * Route 53 then returns the value that is associated with the selected resource record set. + * + * @see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-route53-recordset.html#cfn-route53-recordset-region + * + * @default - Do not set latency based routing + */ + readonly region?: string; + /** * A string used to distinguish between different records with the same combination of DNS name and type. * It can only be set when either weight or geoLocation is defined. @@ -268,6 +283,7 @@ export class RecordSet extends Resource implements IRecordSet { public readonly domainName: string; private readonly geoLocation?: GeoLocation; private readonly weight?: number; + private readonly region?: string; constructor(scope: Construct, id: string, props: RecordSetProps) { super(scope, id); @@ -278,15 +294,18 @@ export class RecordSet extends Resource implements IRecordSet { if (props.setIdentifier && (props.setIdentifier.length < 1 || props.setIdentifier.length > 128)) { throw new Error(`setIdentifier must be between 1 and 128 characters long, got: ${props.setIdentifier.length}`); } - if (props.weight && props.geoLocation) { - throw new Error('Only one of weight or geoLocation can be specified, not both'); + if (props.setIdentifier && !props.weight && !props.geoLocation && !props.region) { + throw new Error('setIdentifier can only be specified for non-simple routing policies'); } - if (props.setIdentifier && !props.weight && !props.geoLocation) { - throw new Error('setIdentifier can only be specified when either weight or geoLocation is defined'); + + let nonSimpleRoutingPolicies = [props.geoLocation, props.region, props.weight].filter((variable) => variable !== undefined).length; + if (nonSimpleRoutingPolicies > 1) { + throw new Error('Only one of region, weight, or geoLocation can be defined'); } this.geoLocation = props.geoLocation; this.weight = props.weight; + this.region = props.region; const ttl = props.target.aliasTarget ? undefined : ((props.ttl && props.ttl.toSeconds()) ?? 1800).toString(); @@ -307,6 +326,7 @@ export class RecordSet extends Resource implements IRecordSet { } : undefined, setIdentifier: props.setIdentifier ?? this.configureSetIdentifier(), weight: props.weight, + region: props.region, }); this.domainName = recordSet.ref; @@ -369,12 +389,20 @@ export class RecordSet extends Resource implements IRecordSet { if (this.weight) { const idPrefix = `WEIGHT_${this.weight}_ID_`; - const identifier = `${idPrefix}${Names.uniqueResourceName(this, { maxLength: 64 - idPrefix.length })}`; - return identifier; + return this.createIdentifier(idPrefix); + } + + if (this.region) { + const idPrefix= `REGION_${this.region}_ID_`; + return this.createIdentifier(idPrefix); } return undefined; } + + private createIdentifier(prefix: string): string { + return `${prefix}${Names.uniqueResourceName(this, { maxLength: 64 - prefix.length })}`; + } } /** diff --git a/packages/aws-cdk-lib/aws-route53/test/record-set.test.ts b/packages/aws-cdk-lib/aws-route53/test/record-set.test.ts index 871768a41893a..7f6c990af4955 100644 --- a/packages/aws-cdk-lib/aws-route53/test/record-set.test.ts +++ b/packages/aws-cdk-lib/aws-route53/test/record-set.test.ts @@ -1166,7 +1166,12 @@ describe('record set', () => { })).toThrow('setIdentifier must be between 1 and 128 characters long, got: 129'); }); - test('throw error for the simultaneous definition of weight and geoLocation', () => { + test.each([ + { weight: 20, geoLocation: route53.GeoLocation.continent(route53.Continent.EUROPE) }, + { weight: 20, region: 'us-east-1' }, + { geoLocation: route53.GeoLocation.continent(route53.Continent.EUROPE), region: 'us-east-1' }, + { weight: 20, geoLocation: route53.GeoLocation.continent(route53.Continent.EUROPE), region: 'us-east-1' }, + ])('throw error for the simultaneous definition of weight, geoLocation and region', (props) => { // GIVEN const stack = new Stack(); @@ -1178,13 +1183,12 @@ describe('record set', () => { recordName: 'www', recordType: route53.RecordType.CNAME, target: route53.RecordTarget.fromValues('zzz'), - weight: 50, - geoLocation: route53.GeoLocation.continent(route53.Continent.EUROPE), setIdentifier: 'uniqueId', - })).toThrow('Only one of weight or geoLocation can be specified, not both'); + ...props, + })).toThrow('Only one of region, weight, or geoLocation can be defined'); }); - test('throw error for the definition of setIdentifier without weight or geoLocation', () => { + test('throw error for the definition of setIdentifier without weight, geoLocation or region', () => { // GIVEN const stack = new Stack(); @@ -1197,6 +1201,6 @@ describe('record set', () => { recordType: route53.RecordType.CNAME, target: route53.RecordTarget.fromValues('zzz'), setIdentifier: 'uniqueId', - })).toThrow('setIdentifier can only be specified when either weight or geoLocation is defined'); + })).toThrow('setIdentifier can only be specified for non-simple routing policies'); }); }); From 280135567956b78fedd6a528cff0adda6171ec33 Mon Sep 17 00:00:00 2001 From: Connor Robertson Date: Wed, 24 Jan 2024 15:22:57 -0800 Subject: [PATCH 6/6] fix(iam): allow intrinsic functions in deletion policy (#28834) > # Issue > > When using `CfnInclude` it was not possible to have an intrinsic function in the `DeletionPolicy`. It only allowed the DeletionPolicy to be explicitly defined. > # Solution > > Check if policy looks like an intrinsic. Check if it is an explicitly defined DeletionPolicy. Then Default to a case that checks if this is an intrinsic if it is return the policy after using parseValue. Else throw the same error it was previously. > # Important Design Decisions > > Unsure if any have been made please let me know if there are any I didn't think were Important Design Decisions. > > Remember to follow the [CONTRIBUTING GUIDE] and [DESIGN GUIDELINES] for any > code you submit. > > [CONTRIBUTING GUIDE]: https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md > [DESIGN GUIDELINES]: https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md Closes https://github.com/aws/aws-cdk/issues/28292 . ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- ...efaultTestDeployAssert6189EF04.assets.json | 19 ++ ...aultTestDeployAssert6189EF04.template.json | 36 ++++ .../Stack.assets.json | 19 ++ .../Stack.template.json | 58 ++++++ .../cdk.out | 1 + .../integ.json | 12 ++ .../manifest.json | 125 +++++++++++++ .../tree.json | 173 ++++++++++++++++++ .../test/integ.intrinsic-deletion-policy.ts | 15 ++ .../test-templates/fn-if-deletion-policy.json | 25 +++ .../intrinsic-deletion-policy-ref.json | 46 +++++ .../intrinsic-deletion-policy.json | 53 ++++++ .../test/valid-templates.test.ts | 16 ++ .../core/lib/helpers-internal/cfn-parse.ts | 13 +- 14 files changed, 608 insertions(+), 3 deletions(-) create mode 100644 packages/@aws-cdk-testing/framework-integ/test/cloudformation-include/test/integ.intrinsic-deletion-policy.js.snapshot/DeletionPolicyTestDefaultTestDeployAssert6189EF04.assets.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/cloudformation-include/test/integ.intrinsic-deletion-policy.js.snapshot/DeletionPolicyTestDefaultTestDeployAssert6189EF04.template.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/cloudformation-include/test/integ.intrinsic-deletion-policy.js.snapshot/Stack.assets.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/cloudformation-include/test/integ.intrinsic-deletion-policy.js.snapshot/Stack.template.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/cloudformation-include/test/integ.intrinsic-deletion-policy.js.snapshot/cdk.out create mode 100644 packages/@aws-cdk-testing/framework-integ/test/cloudformation-include/test/integ.intrinsic-deletion-policy.js.snapshot/integ.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/cloudformation-include/test/integ.intrinsic-deletion-policy.js.snapshot/manifest.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/cloudformation-include/test/integ.intrinsic-deletion-policy.js.snapshot/tree.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/cloudformation-include/test/integ.intrinsic-deletion-policy.ts create mode 100644 packages/@aws-cdk-testing/framework-integ/test/cloudformation-include/test/test-templates/fn-if-deletion-policy.json create mode 100644 packages/aws-cdk-lib/cloudformation-include/test/test-templates/intrinsic-deletion-policy-ref.json create mode 100644 packages/aws-cdk-lib/cloudformation-include/test/test-templates/intrinsic-deletion-policy.json diff --git a/packages/@aws-cdk-testing/framework-integ/test/cloudformation-include/test/integ.intrinsic-deletion-policy.js.snapshot/DeletionPolicyTestDefaultTestDeployAssert6189EF04.assets.json b/packages/@aws-cdk-testing/framework-integ/test/cloudformation-include/test/integ.intrinsic-deletion-policy.js.snapshot/DeletionPolicyTestDefaultTestDeployAssert6189EF04.assets.json new file mode 100644 index 0000000000000..bf0cd5ed3a1c2 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/cloudformation-include/test/integ.intrinsic-deletion-policy.js.snapshot/DeletionPolicyTestDefaultTestDeployAssert6189EF04.assets.json @@ -0,0 +1,19 @@ +{ + "version": "36.0.0", + "files": { + "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { + "source": { + "path": "DeletionPolicyTestDefaultTestDeployAssert6189EF04.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/cloudformation-include/test/integ.intrinsic-deletion-policy.js.snapshot/DeletionPolicyTestDefaultTestDeployAssert6189EF04.template.json b/packages/@aws-cdk-testing/framework-integ/test/cloudformation-include/test/integ.intrinsic-deletion-policy.js.snapshot/DeletionPolicyTestDefaultTestDeployAssert6189EF04.template.json new file mode 100644 index 0000000000000..ad9d0fb73d1dd --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/cloudformation-include/test/integ.intrinsic-deletion-policy.js.snapshot/DeletionPolicyTestDefaultTestDeployAssert6189EF04.template.json @@ -0,0 +1,36 @@ +{ + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/cloudformation-include/test/integ.intrinsic-deletion-policy.js.snapshot/Stack.assets.json b/packages/@aws-cdk-testing/framework-integ/test/cloudformation-include/test/integ.intrinsic-deletion-policy.js.snapshot/Stack.assets.json new file mode 100644 index 0000000000000..4f2896026d3a3 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/cloudformation-include/test/integ.intrinsic-deletion-policy.js.snapshot/Stack.assets.json @@ -0,0 +1,19 @@ +{ + "version": "36.0.0", + "files": { + "2ec981d249c5fd2e1befd964a3ffcb115d1eb16b36017d923fe1ced27352e0e5": { + "source": { + "path": "Stack.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "2ec981d249c5fd2e1befd964a3ffcb115d1eb16b36017d923fe1ced27352e0e5.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/cloudformation-include/test/integ.intrinsic-deletion-policy.js.snapshot/Stack.template.json b/packages/@aws-cdk-testing/framework-integ/test/cloudformation-include/test/integ.intrinsic-deletion-policy.js.snapshot/Stack.template.json new file mode 100644 index 0000000000000..690634ca5efe7 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/cloudformation-include/test/integ.intrinsic-deletion-policy.js.snapshot/Stack.template.json @@ -0,0 +1,58 @@ +{ + "Conditions": { + "AlwaysFalseCond": { + "Fn::Equals": [ + { + "Ref": "AWS::Region" + }, + "completely-made-up-region" + ] + } + }, + "Resources": { + "Bucket": { + "Type": "AWS::S3::Bucket", + "DeletionPolicy": { + "Fn::If": [ + "AlwaysFalseCond", + "Retain", + "Delete" + ] + } + } + }, + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/cloudformation-include/test/integ.intrinsic-deletion-policy.js.snapshot/cdk.out b/packages/@aws-cdk-testing/framework-integ/test/cloudformation-include/test/integ.intrinsic-deletion-policy.js.snapshot/cdk.out new file mode 100644 index 0000000000000..1f0068d32659a --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/cloudformation-include/test/integ.intrinsic-deletion-policy.js.snapshot/cdk.out @@ -0,0 +1 @@ +{"version":"36.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/cloudformation-include/test/integ.intrinsic-deletion-policy.js.snapshot/integ.json b/packages/@aws-cdk-testing/framework-integ/test/cloudformation-include/test/integ.intrinsic-deletion-policy.js.snapshot/integ.json new file mode 100644 index 0000000000000..a2fda9175aada --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/cloudformation-include/test/integ.intrinsic-deletion-policy.js.snapshot/integ.json @@ -0,0 +1,12 @@ +{ + "version": "36.0.0", + "testCases": { + "DeletionPolicyTest/DefaultTest": { + "stacks": [ + "Stack" + ], + "assertionStack": "DeletionPolicyTest/DefaultTest/DeployAssert", + "assertionStackName": "DeletionPolicyTestDefaultTestDeployAssert6189EF04" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/cloudformation-include/test/integ.intrinsic-deletion-policy.js.snapshot/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/cloudformation-include/test/integ.intrinsic-deletion-policy.js.snapshot/manifest.json new file mode 100644 index 0000000000000..9aeb2b31b724f --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/cloudformation-include/test/integ.intrinsic-deletion-policy.js.snapshot/manifest.json @@ -0,0 +1,125 @@ +{ + "version": "36.0.0", + "artifacts": { + "Stack.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "Stack.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "Stack": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "Stack.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/2ec981d249c5fd2e1befd964a3ffcb115d1eb16b36017d923fe1ced27352e0e5.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "Stack.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "Stack.assets" + ], + "metadata": { + "/Stack/Stack": [ + { + "type": "aws:cdk:logicalId", + "data": "Stack" + } + ], + "/Stack/Stack/$Conditions/AlwaysFalseCond": [ + { + "type": "aws:cdk:logicalId", + "data": "AlwaysFalseCond" + } + ], + "/Stack/Stack/Bucket": [ + { + "type": "aws:cdk:logicalId", + "data": "Bucket" + } + ], + "/Stack/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/Stack/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "Stack" + }, + "DeletionPolicyTestDefaultTestDeployAssert6189EF04.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "DeletionPolicyTestDefaultTestDeployAssert6189EF04.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "DeletionPolicyTestDefaultTestDeployAssert6189EF04": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "DeletionPolicyTestDefaultTestDeployAssert6189EF04.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "DeletionPolicyTestDefaultTestDeployAssert6189EF04.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "DeletionPolicyTestDefaultTestDeployAssert6189EF04.assets" + ], + "metadata": { + "/DeletionPolicyTest/DefaultTest/DeployAssert/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/DeletionPolicyTest/DefaultTest/DeployAssert/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "DeletionPolicyTest/DefaultTest/DeployAssert" + }, + "Tree": { + "type": "cdk:tree", + "properties": { + "file": "tree.json" + } + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/cloudformation-include/test/integ.intrinsic-deletion-policy.js.snapshot/tree.json b/packages/@aws-cdk-testing/framework-integ/test/cloudformation-include/test/integ.intrinsic-deletion-policy.js.snapshot/tree.json new file mode 100644 index 0000000000000..3c5b96273ac99 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/cloudformation-include/test/integ.intrinsic-deletion-policy.js.snapshot/tree.json @@ -0,0 +1,173 @@ +{ + "version": "tree-0.1", + "tree": { + "id": "App", + "path": "", + "children": { + "Stack": { + "id": "Stack", + "path": "Stack", + "children": { + "Stack": { + "id": "Stack", + "path": "Stack/Stack", + "children": { + "$Mappings": { + "id": "$Mappings", + "path": "Stack/Stack/$Mappings", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "$Conditions": { + "id": "$Conditions", + "path": "Stack/Stack/$Conditions", + "children": { + "AlwaysFalseCond": { + "id": "AlwaysFalseCond", + "path": "Stack/Stack/$Conditions/AlwaysFalseCond", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnCondition", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "$Rules": { + "id": "$Rules", + "path": "Stack/Stack/$Rules", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "Bucket": { + "id": "Bucket", + "path": "Stack/Stack/Bucket", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::S3::Bucket", + "aws:cdk:cloudformation:props": {} + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3.CfnBucket", + "version": "0.0.0" + } + }, + "$Hooks": { + "id": "$Hooks", + "path": "Stack/Stack/$Hooks", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "$Ouputs": { + "id": "$Ouputs", + "path": "Stack/Stack/$Ouputs", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.cloudformation_include.CfnInclude", + "version": "0.0.0" + } + }, + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "Stack/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "Stack/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + }, + "DeletionPolicyTest": { + "id": "DeletionPolicyTest", + "path": "DeletionPolicyTest", + "children": { + "DefaultTest": { + "id": "DefaultTest", + "path": "DeletionPolicyTest/DefaultTest", + "children": { + "Default": { + "id": "Default", + "path": "DeletionPolicyTest/DefaultTest/Default", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "DeployAssert": { + "id": "DeployAssert", + "path": "DeletionPolicyTest/DefaultTest/DeployAssert", + "children": { + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "DeletionPolicyTest/DefaultTest/DeployAssert/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "DeletionPolicyTest/DefaultTest/DeployAssert/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTestCase", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTest", + "version": "0.0.0" + } + }, + "Tree": { + "id": "Tree", + "path": "Tree", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.App", + "version": "0.0.0" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/cloudformation-include/test/integ.intrinsic-deletion-policy.ts b/packages/@aws-cdk-testing/framework-integ/test/cloudformation-include/test/integ.intrinsic-deletion-policy.ts new file mode 100644 index 0000000000000..65e88a5e24757 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/cloudformation-include/test/integ.intrinsic-deletion-policy.ts @@ -0,0 +1,15 @@ +import * as core from 'aws-cdk-lib'; +import * as inc from 'aws-cdk-lib/cloudformation-include'; +import * as integ from '@aws-cdk/integ-tests-alpha'; + +const app = new core.App(); + +const stack = new core.Stack(app, 'Stack'); + +new inc.CfnInclude(stack, 'Stack', { + templateFile: 'test-templates/fn-if-deletion-policy.json', +}); + +new integ.IntegTest(app, 'DeletionPolicyTest', { + testCases: [stack], +}); diff --git a/packages/@aws-cdk-testing/framework-integ/test/cloudformation-include/test/test-templates/fn-if-deletion-policy.json b/packages/@aws-cdk-testing/framework-integ/test/cloudformation-include/test/test-templates/fn-if-deletion-policy.json new file mode 100644 index 0000000000000..f8d6909224108 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/cloudformation-include/test/test-templates/fn-if-deletion-policy.json @@ -0,0 +1,25 @@ +{ + "Conditions": { + "AlwaysFalseCond": { + "Fn::Equals": [ + { + "Ref": "AWS::Region" + }, + "completely-made-up-region" + ] + } + }, + "Resources": { + "Bucket": { + "Type": "AWS::S3::Bucket", + "DeletionPolicy": { + "Fn::If": [ + "AlwaysFalseCond", + "Retain", + "Delete" + ] + } + } + } + } + \ No newline at end of file diff --git a/packages/aws-cdk-lib/cloudformation-include/test/test-templates/intrinsic-deletion-policy-ref.json b/packages/aws-cdk-lib/cloudformation-include/test/test-templates/intrinsic-deletion-policy-ref.json new file mode 100644 index 0000000000000..0b02ae68180bc --- /dev/null +++ b/packages/aws-cdk-lib/cloudformation-include/test/test-templates/intrinsic-deletion-policy-ref.json @@ -0,0 +1,46 @@ +{ + "AWSTemplateFormatVersion": "2010-09-09", + "Transform": "AWS::LanguageExtensions", + "Parameters": { + "DeletionPolicyParam": { + "Type": "String", + "AllowedValues": [ + "Delete", + "Retain", + "Snapshot" + ], + "Default": "Delete" + }, + "UpdateReplacePolicyParam": { + "Type": "String", + "AllowedValues": [ + "Delete", + "Retain", + "Snapshot" + ], + "Default": "Delete" + } + }, + "Resources": { + "Table": { + "Type": "AWS::DynamoDB::Table", + "Properties": { + "KeySchema": [ + { + "AttributeName": "primaryKey", + "KeyType": "HASH" + }], + "AttributeDefinitions": [{ + "AttributeName": "primaryKey", + "AttributeType": "S" + }] + }, + "DeletionPolicy": { + "Ref": "DeletionPolicyParam" + }, + "UpdateReplacePolicy": { + "Ref": "UpdateReplacePolicyParam" + } + } + } +} \ No newline at end of file diff --git a/packages/aws-cdk-lib/cloudformation-include/test/test-templates/intrinsic-deletion-policy.json b/packages/aws-cdk-lib/cloudformation-include/test/test-templates/intrinsic-deletion-policy.json new file mode 100644 index 0000000000000..722ed175d0556 --- /dev/null +++ b/packages/aws-cdk-lib/cloudformation-include/test/test-templates/intrinsic-deletion-policy.json @@ -0,0 +1,53 @@ +{ + "AWSTemplateFormatVersion": "2010-09-09", + "Transform": "AWS::LanguageExtensions", + "Parameters": { + "Stage": { + "Type": "String", + "AllowedValues": [ + "Prod", + "Staging", + "Dev" + ] + } + }, + "Conditions": { + "IsProd": { + "Fn::Equals": [ + { + "Ref": "Stage" + }, + "Prod" + ] + } + }, + "Resources": { + "Table": { + "Type": "AWS::DynamoDB::Table", + "Properties": { + "KeySchema": [{ + "AttributeName": "primaryKey", + "KeyType": "HASH" + }], + "AttributeDefinitions": [{ + "AttributeName": "primaryKey", + "AttributeType": "S" + }] + }, + "DeletionPolicy": { + "Fn::If": [ + "IsProd", + "Retain", + "Delete" + ] + }, + "UpdateReplacePolicy": { + "Fn::If": [ + "IsProd", + "Retain", + "Delete" + ] + } + } + } +} \ No newline at end of file diff --git a/packages/aws-cdk-lib/cloudformation-include/test/valid-templates.test.ts b/packages/aws-cdk-lib/cloudformation-include/test/valid-templates.test.ts index b6ff1bea6f681..e27c9bb3ebc17 100644 --- a/packages/aws-cdk-lib/cloudformation-include/test/valid-templates.test.ts +++ b/packages/aws-cdk-lib/cloudformation-include/test/valid-templates.test.ts @@ -262,6 +262,22 @@ describe('CDK Include', () => { ); }); + test('can ingest a template with fn:: intrinsic function used in deletion policy', () => { + includeTestTemplate(stack, 'intrinsic-deletion-policy.json'); + + Template.fromStack(stack).templateMatches( + loadTestFileToJsObject('intrinsic-deletion-policy.json'), + ); + }); + + test('can ingest a template with ref intrinsic functions used in deletion policy', () => { + includeTestTemplate(stack, 'intrinsic-deletion-policy-ref.json'); + + Template.fromStack(stack).templateMatches( + loadTestFileToJsObject('intrinsic-deletion-policy-ref.json'), + ); + }); + test('can ingest a JSON template with string-form Fn::GetAtt, and output it unchanged', () => { includeTestTemplate(stack, 'get-att-string-form.json'); diff --git a/packages/aws-cdk-lib/core/lib/helpers-internal/cfn-parse.ts b/packages/aws-cdk-lib/core/lib/helpers-internal/cfn-parse.ts index 4b7fd0cbb30a4..2dce8dad956e9 100644 --- a/packages/aws-cdk-lib/core/lib/helpers-internal/cfn-parse.ts +++ b/packages/aws-cdk-lib/core/lib/helpers-internal/cfn-parse.ts @@ -466,14 +466,21 @@ export class CfnParser { } private parseDeletionPolicy(policy: any): CfnDeletionPolicy | undefined { + if (policy === undefined || policy === null) { + return undefined; + } + const isIntrinsic = this.looksLikeCfnIntrinsic(policy); switch (policy) { - case null: return undefined; - case undefined: return undefined; case 'Delete': return CfnDeletionPolicy.DELETE; case 'Retain': return CfnDeletionPolicy.RETAIN; case 'Snapshot': return CfnDeletionPolicy.SNAPSHOT; case 'RetainExceptOnCreate': return CfnDeletionPolicy.RETAIN_EXCEPT_ON_CREATE; - default: throw new Error(`Unrecognized DeletionPolicy '${policy}'`); + default: if (isIntrinsic) { + policy = this.parseValue(policy); + return policy; + } else { + throw new Error(`Unrecognized DeletionPolicy '${policy}'`); + } } }