Merge branch 'main' into huijbers/security-hub-kms2

aws · Mar 15, 2023 · e343483 · e343483
2 parents c5d52b8 + b935f2b
commit e343483
Show file tree

Hide file tree

Showing 22 changed files with 394 additions and 152 deletions.
diff --git a/.github/workflows/auto-approve.yml b/.github/workflows/auto-approve.yml
@@ -12,6 +12,6 @@ jobs:
     permissions:
       pull-requests: write
     steps:
-    - uses: hmarr/auto-approve-action@v3.1.0
+    - uses: hmarr/auto-approve-action@v3.2.0
       with:
         github-token: "${{ secrets.GITHUB_TOKEN }}"
diff --git a/CHANGELOG.v2.alpha.md b/CHANGELOG.v2.alpha.md
@@ -2,6 +2,13 @@
 
 All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
 
+## [2.69.0-alpha.0](https://github.com/aws/aws-cdk/compare/v2.68.0-alpha.0...v2.69.0-alpha.0) (2023-03-14)
+
+
+### Features
+
+* **kinesisanalytics-flink:** VPC support for Flink applications ([#24442](https://github.com/aws/aws-cdk/issues/24442)) ([7c7ad6d](https://github.com/aws/aws-cdk/commit/7c7ad6d18bd0d48a30858c1964d27d8a02b274ae)), closes [40aws-cdk/aws-lambda/lib/function.ts#L170](https://github.com/40aws-cdk/aws-lambda/lib/function.ts/issues/L170) [#21104](https://github.com/aws/aws-cdk/issues/21104)
+
 ## [2.68.0-alpha.0](https://github.com/aws/aws-cdk/compare/v2.67.0-alpha.0...v2.68.0-alpha.0) (2023-03-08)
 
 

diff --git a/CHANGELOG.v2.md b/CHANGELOG.v2.md
@@ -2,6 +2,26 @@
 
 All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
 
+## [2.69.0](https://github.com/aws/aws-cdk/compare/v2.68.0...v2.69.0) (2023-03-14)
+
+
+### Features
+
+* **custom-resources:** AwsCustomResource copy physicalResourceId from request when omit it in onUpdate ([#24194](https://github.com/aws/aws-cdk/issues/24194)) ([21ad7a7](https://github.com/aws/aws-cdk/commit/21ad7a7a0462a00c491ed104163d2065828a9aa1)), closes [#23843](https://github.com/aws/aws-cdk/issues/23843)
+* **docdb:** added ability to enable performance insights ([#24039](https://github.com/aws/aws-cdk/issues/24039)) ([c897f44](https://github.com/aws/aws-cdk/commit/c897f44ea438487a8bf48053dead667c35cade02)), closes [#24036](https://github.com/aws/aws-cdk/issues/24036)
+* **ecr-assets:** Support cache-from and cache-to flags ([#24024](https://github.com/aws/aws-cdk/issues/24024)) ([4e02566](https://github.com/aws/aws-cdk/commit/4e02566fab0f6c6708c9ee766e2805adbb329f18))
+* **eks:** support for Kubernetes version 1.25 ([#24484](https://github.com/aws/aws-cdk/issues/24484)) ([70fd3e9](https://github.com/aws/aws-cdk/commit/70fd3e97e5b3555f4036ada6e562cec4359cadeb)), closes [#24282](https://github.com/aws/aws-cdk/issues/24282)
+* **rds:** add support for minor versions of PostgreSQL: 14.7, 13.10, 12.14, and 11.19 ([#24539](https://github.com/aws/aws-cdk/issues/24539)) ([15cb919](https://github.com/aws/aws-cdk/commit/15cb919fab9d20d0e8f0485662131cbb10980269))
+* **rds:** PostgreSQL engine version 15.2 ([#24463](https://github.com/aws/aws-cdk/issues/24463)) ([59d795b](https://github.com/aws/aws-cdk/commit/59d795b6e8d77b2d2d099169eaeb83a66c9d6a1a)), closes [#24462](https://github.com/aws/aws-cdk/issues/24462)
+
+
+### Bug Fixes
+
+* **custom-resource:** custom resources fail with data containing multi-byte utf8 chars ([#24501](https://github.com/aws/aws-cdk/issues/24501)) ([9bd5078](https://github.com/aws/aws-cdk/commit/9bd507842f567ee3e450c3f44e5c3dccc7c42ae6)), closes [#24491](https://github.com/aws/aws-cdk/issues/24491)
+* **ecr-assets:** prefix cache arguments correctly ([#24524](https://github.com/aws/aws-cdk/issues/24524)) ([d451b30](https://github.com/aws/aws-cdk/commit/d451b3014a1d39e0a6ea18c2ec79a547b187adc5))
+* **pipelines:** Ubuntu 5 images will be slow, move to Ubuntu 6 ([#24544](https://github.com/aws/aws-cdk/issues/24544)) ([1f62c43](https://github.com/aws/aws-cdk/commit/1f62c438fb68332a492b624bad65159cc9c0308f))
+* **sfn:** can't override toStateJson() from other languages ([#24593](https://github.com/aws/aws-cdk/issues/24593)) ([e955d18](https://github.com/aws/aws-cdk/commit/e955d18052b8ec397c06ae6994b96bb7558e12bb)), closes [#14639](https://github.com/aws/aws-cdk/issues/14639)
+
 ## [2.68.0](https://github.com/aws/aws-cdk/compare/v2.67.0...v2.68.0) (2023-03-08)
 
 

diff --git a/packages/@aws-cdk/aws-ecr-assets/test/tarball-asset.test.ts b/packages/@aws-cdk/aws-ecr-assets/test/tarball-asset.test.ts
@@ -11,12 +11,13 @@ import { TarballImageAsset } from '../lib';
 
 
 describe('image asset', () => {
+  const tarballFile = path.join(__dirname, 'demo-tarball', 'empty.tar');
   test('test instantiating Asset Image', () => {
     // GIVEN
     const app = new App();
     const stack = new Stack(app);
     const asset = new TarballImageAsset(stack, 'Image', {
-      tarballFile: __dirname + '/demo-tarball/empty.tar',
+      tarballFile,
     });
 
     // WHEN
@@ -56,7 +57,7 @@ describe('image asset', () => {
     const stack = new Stack();
     const user = new iam.User(stack, 'MyUser');
     const asset = new TarballImageAsset(stack, 'Image', {
-      tarballFile: 'test/demo-tarball/empty.tar',
+      tarballFile,
     });
 
     // WHEN
@@ -118,7 +119,7 @@ describe('image asset', () => {
     const app = new App();
     const stack = new Stack(app);
     const image = new TarballImageAsset(stack, 'MyAsset', {
-      tarballFile: 'test/demo-tarball/empty.tar',
+      tarballFile,
     });
 
     const session = app.synth();
@@ -145,10 +146,10 @@ describe('image asset', () => {
       }),
     });
     const asset1 = new TarballImageAsset(stack1, 'MyAsset', {
-      tarballFile: 'test/demo-tarball/empty.tar',
+      tarballFile,
     });
     const asset2 = new TarballImageAsset(stack2, 'MyAsset', {
-      tarballFile: 'test/demo-tarball/empty.tar',
+      tarballFile,
     });
 
     test('stack with default synthesizer', () => {

diff --git a/packages/@aws-cdk/aws-lambda-go/test/docker.test.ts b/packages/@aws-cdk/aws-lambda-go/test/docker.test.ts
@@ -1,12 +1,13 @@
 import { spawnSync } from 'child_process';
 import * as path from 'path';
 
+const docker = process.env.CDK_DOCKER ?? 'docker';
 beforeAll(() => {
-  spawnSync('docker', ['build', '-t', 'golang', path.join(__dirname, '../lib')]);
+  spawnSync(docker, ['build', '-t', 'golang', path.join(__dirname, '../lib')]);
 });
 
 test('golang is available', async () => {
-  const proc = spawnSync('docker', [
+  const proc = spawnSync(docker, [
     'run', 'golang',
     'sh', '-c',
     'go version',

diff --git a/packages/@aws-cdk/aws-lambda-go/test/function.test.ts b/packages/@aws-cdk/aws-lambda-go/test/function.test.ts
@@ -43,7 +43,7 @@ test('GoFunction with defaults', () => {
 test('GoFunction with using provided runtime', () => {
   // WHEN
   new GoFunction(stack, 'handler', {
-    entry: 'test/lambda-handler-vendor/cmd/api',
+    entry: path.join(__dirname, 'lambda-handler-vendor/cmd/api'),
     runtime: Runtime.PROVIDED,
   });
 
@@ -60,7 +60,7 @@ test('GoFunction with using provided runtime', () => {
 test('GoFunction with using golang runtime', () => {
   // WHEN
   new GoFunction(stack, 'handler', {
-    entry: 'test/lambda-handler-vendor/cmd/api',
+    entry: path.join(__dirname, 'lambda-handler-vendor/cmd/api'),
     runtime: Runtime.GO_1_X,
   });
 
@@ -77,7 +77,7 @@ test('GoFunction with using golang runtime', () => {
 test('GoFunction with container env vars', () => {
   // WHEN
   new GoFunction(stack, 'handler', {
-    entry: 'test/lambda-handler-vendor/cmd/api',
+    entry: path.join(__dirname, 'lambda-handler-vendor/cmd/api'),
     bundling: {
       environment: {
         KEY: 'VALUE',
@@ -94,15 +94,15 @@ test('GoFunction with container env vars', () => {
 
 test('throws with the wrong runtime family', () => {
   expect(() => new GoFunction(stack, 'handler', {
-    entry: 'test/lambda-handler-vendor/cmd/api',
+    entry: path.join(__dirname, 'lambda-handler-vendor/cmd/api'),
     runtime: Runtime.PYTHON_3_8,
   })).toThrow(/Only `go` and `provided` runtimes are supported/);
 });
 
 test('resolves entry to an absolute path', () => {
   // WHEN
   new GoFunction(stack, 'fn', {
-    entry: 'test/lambda-handler-vendor/cmd/api/main.go',
+    entry: path.join(__dirname, 'lambda-handler-vendor/cmd/api/main.go'),
   });
 
   expect(Bundling.bundle).toHaveBeenCalledWith(expect.objectContaining({
@@ -112,22 +112,22 @@ test('resolves entry to an absolute path', () => {
 
 test('throws with no existing go.mod file', () => {
   expect(() => new GoFunction(stack, 'handler', {
-    entry: 'test/lambda-handler-vendor/cmd/api',
+    entry: path.join(__dirname, 'lambda-handler-vendor/cmd/api'),
     moduleDir: '/does/not/exist/go.mod',
   })).toThrow(/go.mod file at \/does\/not\/exist\/go.mod doesn't exist/);
 });
 
 test('throws with incorrect moduleDir file', () => {
   expect(() => new GoFunction(stack, 'handler', {
-    entry: 'test/lambda-handler-vendor/cmd/api',
+    entry: path.join(__dirname, 'lambda-handler-vendor/cmd/api'),
     moduleDir: '/does/not/exist.mod',
   })).toThrow(/moduleDir is specifying a file that is not go.mod/);
 });
 
 test('custom moduleDir can be used', () => {
   new GoFunction(stack, 'handler', {
-    entry: 'test/lambda-handler-vendor/cmd/api',
-    moduleDir: 'test/lambda-handler-vendor',
+    entry: path.join(__dirname, 'lambda-handler-vendor/cmd/api'),
+    moduleDir: path.join(__dirname, 'lambda-handler-vendor'),
   });
 
   Template.fromStack(stack).hasResourceProperties('AWS::Lambda::Function', {
@@ -137,8 +137,8 @@ test('custom moduleDir can be used', () => {
 
 test('custom moduleDir with file path can be used', () => {
   new GoFunction(stack, 'handler', {
-    entry: 'test/lambda-handler-vendor/cmd/api',
-    moduleDir: 'test/lambda-handler-vendor/go.mod',
+    entry: path.join(__dirname, 'lambda-handler-vendor/cmd/api'),
+    moduleDir: path.join(__dirname, 'lambda-handler-vendor/go.mod'),
   });
 
   Template.fromStack(stack).hasResourceProperties('AWS::Lambda::Function', {

diff --git a/packages/@aws-cdk/aws-lambda-nodejs/test/bundling.test.ts b/packages/@aws-cdk/aws-lambda-nodejs/test/bundling.test.ts
@@ -1,4 +1,5 @@
 import * as child_process from 'child_process';
+import * as fs from 'fs';
 import * as os from 'os';
 import * as path from 'path';
 import { Architecture, Code, Runtime, RuntimeFamily } from '@aws-cdk/aws-lambda';
@@ -641,7 +642,7 @@ test('esbuild bundling with pre compilations', () => {
     architecture: Architecture.X86_64,
   });
 
-  const compilerOptions = util.getTsconfigCompilerOptions(path.join(__dirname, '..', 'tsconfig.json'));
+  const compilerOptions = util.getTsconfigCompilerOptions(findParentTsConfigPath(__dirname));
 
   // Correctly bundles with esbuild
   expect(Code.fromAsset).toHaveBeenCalledWith(path.dirname(packageLock), {
@@ -845,3 +846,14 @@ test('Custom bundling file copy variant', () => {
     }),
   });
 });
+
+function findParentTsConfigPath(dir: string, depth: number = 1, limit: number = 5): string {
+  const target = path.join(dir, 'tsconfig.json');
+  if (fs.existsSync(target)) {
+    return target;
+  } else if (depth < limit) {
+    return findParentTsConfigPath(path.join(dir, '..'), depth + 1, limit);
+  }
+
+  throw new Error(`No \`package.json\` file found within ${depth} parent directories`);
+}
diff --git a/packages/@aws-cdk/aws-lambda-nodejs/test/docker.test.ts b/packages/@aws-cdk/aws-lambda-nodejs/test/docker.test.ts
@@ -1,20 +1,21 @@
 import { spawnSync } from 'child_process';
 import * as path from 'path';
 
+const docker = process.env.CDK_DOCKER ?? 'docker';
 beforeAll(() => {
-  spawnSync('docker', ['build', '-t', 'esbuild', path.join(__dirname, '../lib')]);
+  spawnSync(docker, ['build', '-t', 'esbuild', path.join(__dirname, '../lib')]);
 });
 
 test('esbuild is available', () => {
-  const proc = spawnSync('docker', [
+  const proc = spawnSync(docker, [
     'run', 'esbuild',
     'esbuild', '--version',
   ]);
   expect(proc.status).toEqual(0);
 });
 
 test('can npm install with non root user', () => {
-  const proc = spawnSync('docker', [
+  const proc = spawnSync(docker, [
     'run', '-u', '1000:1000',
     'esbuild',
     'bash', '-c', [
@@ -27,7 +28,7 @@ test('can npm install with non root user', () => {
 });
 
 test('can yarn install with non root user', () => {
-  const proc = spawnSync('docker', [
+  const proc = spawnSync(docker, [
     'run', '-u', '500:500',
     'esbuild',
     'bash', '-c', [
@@ -40,7 +41,7 @@ test('can yarn install with non root user', () => {
 });
 
 test('can pnpm install with non root user', () => {
-  const proc = spawnSync('docker', [
+  const proc = spawnSync(docker, [
     'run', '-u', '500:500',
     'esbuild',
     'bash', '-c', [
@@ -53,7 +54,7 @@ test('can pnpm install with non root user', () => {
 });
 
 test('cache folders have the right permissions', () => {
-  const proc = spawnSync('docker', [
+  const proc = spawnSync(docker, [
     'run', 'esbuild',
     'bash', '-c', [
       'stat -c \'%a\' /tmp/npm-cache',

diff --git a/packages/@aws-cdk/aws-lambda-python/test/function.test.ts b/packages/@aws-cdk/aws-lambda-python/test/function.test.ts
@@ -47,7 +47,7 @@ beforeEach(() => {
 
 test('PythonFunction with defaults', () => {
   new PythonFunction(stack, 'handler', {
-    entry: 'test/lambda-handler',
+    entry: path.join(__dirname, 'lambda-handler'),
     runtime: Runtime.PYTHON_3_8,
   });
 
@@ -62,7 +62,7 @@ test('PythonFunction with defaults', () => {
 
 test('PythonFunction with index in a subdirectory', () => {
   new PythonFunction(stack, 'handler', {
-    entry: 'test/lambda-handler-sub',
+    entry: path.join(__dirname, 'lambda-handler-sub'),
     index: 'inner/custom_index.py',
     handler: 'custom_handler',
     runtime: Runtime.PYTHON_3_8,
@@ -79,7 +79,7 @@ test('PythonFunction with index in a subdirectory', () => {
 
 test('PythonFunction with index in a nested subdirectory', () => {
   new PythonFunction(stack, 'handler', {
-    entry: 'test/lambda-handler-sub-nested',
+    entry: path.join(__dirname, 'lambda-handler-sub-nested'),
     index: 'inner/inner2/custom_index.py',
     handler: 'custom_handler',
     runtime: Runtime.PYTHON_3_8,
@@ -96,7 +96,7 @@ test('PythonFunction with index in a nested subdirectory', () => {
 
 test('throws when index is not py', () => {
   expect(() => new PythonFunction(stack, 'Fn', {
-    entry: 'test/lambda-handler',
+    entry: path.join(__dirname, 'lambda-handler'),
     index: 'index.js',
     runtime: Runtime.PYTHON_3_8,
   })).toThrow(/Only Python \(\.py\) index files are supported/);
@@ -111,37 +111,37 @@ test('throws when entry does not exist', () => {
 
 test('throws with the wrong runtime family', () => {
   expect(() => new PythonFunction(stack, 'handler1', {
-    entry: 'test/lambda-handler',
+    entry: path.join(__dirname, 'lambda-handler'),
     runtime: Runtime.NODEJS_14_X,
   })).toThrow(/Only `PYTHON` runtimes are supported/);
 });
 
 test('allows specifying hash type', () => {
   new PythonFunction(stack, 'source1', {
-    entry: 'test/lambda-handler-nodeps',
+    entry: path.join(__dirname, 'lambda-handler-nodeps'),
     index: 'index.py',
     handler: 'handler',
     runtime: Runtime.PYTHON_3_8,
   });
 
   new PythonFunction(stack, 'source2', {
-    entry: 'test/lambda-handler-nodeps',
+    entry: path.join(__dirname, 'lambda-handler-nodeps'),
     index: 'index.py',
     handler: 'handler',
     runtime: Runtime.PYTHON_3_8,
     bundling: { assetHashType: AssetHashType.SOURCE },
   });
 
   new PythonFunction(stack, 'output', {
-    entry: 'test/lambda-handler-nodeps',
+    entry: path.join(__dirname, 'lambda-handler-nodeps'),
     index: 'index.py',
     handler: 'handler',
     runtime: Runtime.PYTHON_3_8,
     bundling: { assetHashType: AssetHashType.OUTPUT },
   });
 
   new PythonFunction(stack, 'custom', {
-    entry: 'test/lambda-handler-nodeps',
+    entry: path.join(__dirname, 'lambda-handler-nodeps'),
     index: 'index.py',
     handler: 'handler',
     runtime: Runtime.PYTHON_3_8,