Merge branch 'master' into master

aws · Jan 7, 2022 · ef9df2d · ef9df2d
2 parents 7a9c457 + 4fb0309
commit ef9df2d
Show file tree

Hide file tree

Showing 55 changed files with 1,610 additions and 256 deletions.
diff --git a/.github/workflows/yarn-upgrade.yml b/.github/workflows/yarn-upgrade.yml
@@ -18,7 +18,7 @@ jobs:
         uses: actions/checkout@v2
 
       - name: Set up Node
-        uses: actions/setup-node@v2.5.0
+        uses: actions/setup-node@v2.5.1
         with:
           node-version: 12
 

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,6 +2,13 @@
 
 All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
 
+## [1.138.1](https://github.com/aws/aws-cdk/compare/v1.138.0...v1.138.1) (2022-01-07)
+
+
+### Bug Fixes
+
+* **lambda-python:** asset files are generated inside the 'asset-input' folder ([#18306](https://github.com/aws/aws-cdk/issues/18306)) ([b00b44e](https://github.com/aws/aws-cdk/commit/b00b44efd6e402744725e711906b456a28cebc5b))
+
 ## [1.138.0](https://github.com/aws/aws-cdk/compare/v1.137.0...v1.138.0) (2022-01-04)
 
 

diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -52,9 +52,8 @@ See [Gitpod section](#gitpod) on how to set up the CDK repo on Gitpod.
 
 The following tools need to be installed on your system prior to installing the CDK:
 
-- [Node.js >= 10.13.0](https://nodejs.org/download/release/latest-v10.x/)
+- [Node.js >= 14.15.0](https://nodejs.org/download/release/latest-v14.x/)
   - We recommend using a version in [Active LTS](https://nodejs.org/en/about/releases/)
-  - ⚠️ versions `13.0.0` to `13.6.0` are not supported due to compatibility issues with our dependencies.
 - [Yarn >= 1.19.1, < 2](https://yarnpkg.com/lang/en/docs/install)
 - [.NET Core SDK 3.1.x](https://www.microsoft.com/net/download)
 - [Python >= 3.6.5, < 4.0](https://www.python.org/downloads/release/python-365/)

diff --git a/README.md b/README.md
@@ -19,9 +19,8 @@ infrastructure definition and share it without worrying about boilerplate logic.
 
 The CDK is available in the following languages:
 
-* JavaScript, TypeScript ([Node.js ≥ 10.13.0](https://nodejs.org/download/release/latest-v10.x/))
+* JavaScript, TypeScript ([Node.js ≥ 14.15.0](https://nodejs.org/download/release/latest-v14.x/))
   - We recommend using a version in [Active LTS](https://nodejs.org/en/about/releases/)
-  - ⚠️ versions `13.0.0` to `13.6.0` are not supported due to compatibility issues with our dependencies.
 * Python ([Python ≥ 3.6](https://www.python.org/downloads/))
 * Java ([Java ≥ 8](https://www.oracle.com/technetwork/java/javase/downloads/index.html) and [Maven ≥ 3.5.4](https://maven.apache.org/download.cgi))
 * .NET ([.NET Core ≥ 3.1](https://dotnet.microsoft.com/download))
@@ -77,8 +76,7 @@ in the CDK Developer Guide.
 For a detailed walkthrough, see the [tutorial](https://docs.aws.amazon.com/cdk/latest/guide/getting_started.html#hello_world_tutorial) in the AWS CDK [Developer Guide](https://docs.aws.amazon.com/cdk/latest/guide/home.html).
 
 ### At a glance
-Install or update the [AWS CDK CLI] from npm (requires [Node.js ≥ 10.13.0](https://nodejs.org/download/release/latest-v10.x/)). We recommend using a version in [Active LTS](https://nodejs.org/en/about/releases/)
-⚠️ versions `13.0.0` to `13.6.0` are not supported due to compatibility issues with our dependencies.
+Install or update the [AWS CDK CLI] from npm (requires [Node.js ≥ 14.15.0](https://nodejs.org/download/release/latest-v14.x/)). We recommend using a version in [Active LTS](https://nodejs.org/en/about/releases/)
 
 ```console
 $ npm i -g aws-cdk

diff --git a/...es/@aws-cdk-containers/ecs-service-extensions/test/integ.all-service-addons.expected.json b/...es/@aws-cdk-containers/ecs-service-extensions/test/integ.all-service-addons.expected.json
@@ -3185,22 +3185,12 @@
           "Backends": [
             {
               "VirtualService": {
-                "VirtualServiceName": {
-                  "Fn::GetAtt": [
-                    "namevirtualservice3DDDDF1E",
-                    "VirtualServiceName"
-                  ]
-                }
+                "VirtualServiceName": "name.production"
               }
             },
             {
               "VirtualService": {
-                "VirtualServiceName": {
-                  "Fn::GetAtt": [
-                    "greetingvirtualservice60AD3AD9",
-                    "VirtualServiceName"
-                  ]
-                }
+                "VirtualServiceName": "greeting.production"
               }
             }
           ],

diff --git a/packages/@aws-cdk/aws-appmesh/README.md b/packages/@aws-cdk/aws-appmesh/README.md
@@ -236,6 +236,24 @@ The `backends` property can be added with `node.addBackend()`. In the example, w
 
 The `backendDefaults` property is added to the node while creating the virtual node. These are the virtual node's default settings for all backends.
 
+The `VirtualNode.addBackend()` method is especially useful if you want to create a circular traffic flow by having a Virtual Service as a backend whose provider is that same Virtual Node:
+
+```ts
+declare const mesh: appmesh.Mesh;
+
+const node = new appmesh.VirtualNode(this, 'node', {
+  mesh,
+  serviceDiscovery: appmesh.ServiceDiscovery.dns('node'),
+});
+
+const virtualService = new appmesh.VirtualService(this, 'service-1', {
+  virtualServiceProvider: appmesh.VirtualServiceProvider.virtualNode(node),
+  virtualServiceName: 'service1.domain.local',
+});
+
+node.addBackend(appmesh.Backend.virtualService(virtualService));
+```
+
 ### Adding TLS to a listener
 
 The `tls` property specifies TLS configuration when creating a listener for a virtual node or a virtual gateway. 

diff --git a/packages/@aws-cdk/aws-appmesh/lib/shared-interfaces.ts b/packages/@aws-cdk/aws-appmesh/lib/shared-interfaces.ts
@@ -238,7 +238,14 @@ class VirtualServiceBackend extends Backend {
     return {
       virtualServiceBackend: {
         virtualService: {
-          virtualServiceName: this.virtualService.virtualServiceName,
+          /**
+           * We want to use the name of the Virtual Service here directly instead of
+           * a `{ 'Fn::GetAtt' }` CFN expression. This avoids a circular dependency in
+           * the case where this Virtual Node is the Virtual Service's provider.
+           */
+          virtualServiceName: cdk.Token.isUnresolved(this.virtualService.virtualServiceName)
+            ? (this.virtualService as any).physicalName
+            : this.virtualService.virtualServiceName,
           clientPolicy: this.tlsClientPolicy
             ? {
               tls: renderTlsClientPolicy(scope, this.tlsClientPolicy),

diff --git a/packages/@aws-cdk/aws-appmesh/test/integ.mesh.expected.json b/packages/@aws-cdk/aws-appmesh/test/integ.mesh.expected.json
@@ -1040,22 +1040,12 @@
           "Backends": [
             {
               "VirtualService": {
-                "VirtualServiceName": {
-                  "Fn::GetAtt": [
-                    "service6D174F83",
-                    "VirtualServiceName"
-                  ]
-                }
+                "VirtualServiceName": "service1.domain.local"
               }
             },
             {
               "VirtualService": {
-                "VirtualServiceName": {
-                  "Fn::GetAtt": [
-                    "service27C65CF7D",
-                    "VirtualServiceName"
-                  ]
-                }
+                "VirtualServiceName": "service2.domain.local"
               }
             }
           ],
@@ -1111,12 +1101,7 @@
           "Backends": [
             {
               "VirtualService": {
-                "VirtualServiceName": {
-                  "Fn::GetAtt": [
-                    "service3859EB104",
-                    "VirtualServiceName"
-                  ]
-                }
+                "VirtualServiceName": "service3.domain.local"
               }
             }
           ],
@@ -1241,12 +1226,7 @@
           "Backends": [
             {
               "VirtualService": {
-                "VirtualServiceName": {
-                  "Fn::GetAtt": [
-                    "service4983B61EE",
-                    "VirtualServiceName"
-                  ]
-                }
+                "VirtualServiceName": "service4.domain.local"
               }
             }
           ],

diff --git a/packages/@aws-cdk/aws-appmesh/test/mesh.test.ts b/packages/@aws-cdk/aws-appmesh/test/mesh.test.ts
@@ -314,9 +314,7 @@ describe('mesh', () => {
               Backends: [
                 {
                   VirtualService: {
-                    VirtualServiceName: {
-                      'Fn::GetAtt': ['service1A48078CF', 'VirtualServiceName'],
-                    },
+                    VirtualServiceName: 'service1.domain.local',
                   },
                 },
               ],

diff --git a/packages/@aws-cdk/aws-appmesh/test/virtual-node.test.ts b/packages/@aws-cdk/aws-appmesh/test/virtual-node.test.ts
@@ -41,24 +41,18 @@ describe('virtual node', () => {
             Backends: [
               {
                 VirtualService: {
-                  VirtualServiceName: {
-                    'Fn::GetAtt': ['service1A48078CF', 'VirtualServiceName'],
-                  },
+                  VirtualServiceName: 'service1.domain.local',
                 },
               },
               {
                 VirtualService: {
-                  VirtualServiceName: {
-                    'Fn::GetAtt': ['service27C65CF7D', 'VirtualServiceName'],
-                  },
+                  VirtualServiceName: 'service2.domain.local',
                 },
               },
             ],
           },
           MeshOwner: ABSENT,
         });
-
-
       });
     });
 
@@ -458,9 +452,7 @@ describe('virtual node', () => {
             Backends: [
               {
                 VirtualService: {
-                  VirtualServiceName: {
-                    'Fn::GetAtt': ['service1A48078CF', 'VirtualServiceName'],
-                  },
+                  VirtualServiceName: 'service1.domain.local',
                   ClientPolicy: {
                     TLS: {
                       Ports: [8080, 8081],
@@ -478,8 +470,75 @@ describe('virtual node', () => {
             ],
           },
         });
+      });
+
+      test('you can add a Virtual Service as a backend to a Virtual Node which is the provider for that Virtual Service', () => {
+        // GIVEN
+        const stack = new cdk.Stack();
+
+        // WHEN
+        const mesh = new appmesh.Mesh(stack, 'mesh', {
+          meshName: 'test-mesh',
+        });
+
+        const node = new appmesh.VirtualNode(stack, 'test-node', {
+          mesh,
+          serviceDiscovery: appmesh.ServiceDiscovery.dns('test'),
+        });
+
+        const myVirtualService = new appmesh.VirtualService(stack, 'service-1', {
+          virtualServiceProvider: appmesh.VirtualServiceProvider.virtualNode(node),
+          virtualServiceName: 'service1.domain.local',
+        });
+
+        node.addBackend(appmesh.Backend.virtualService(myVirtualService));
+
+        // THEN
+        expect(stack).toHaveResourceLike('AWS::AppMesh::VirtualNode', {
+          Spec: {
+            Backends: [
+              {
+                VirtualService: {
+                  VirtualServiceName: 'service1.domain.local',
+                },
+              },
+            ],
+          },
+        });
+      });
+
+      test('you can add a Virtual Service with an automated name as a backend to a Virtual Node which is the provider for that Virtual Service, ', () => {
+        // GIVEN
+        const stack = new cdk.Stack();
 
+        // WHEN
+        const mesh = new appmesh.Mesh(stack, 'mesh', {
+          meshName: 'test-mesh',
+        });
 
+        const node = new appmesh.VirtualNode(stack, 'test-node', {
+          mesh,
+          serviceDiscovery: appmesh.ServiceDiscovery.dns('test'),
+        });
+
+        const myVirtualService = new appmesh.VirtualService(stack, 'service-1', {
+          virtualServiceProvider: appmesh.VirtualServiceProvider.virtualNode(node),
+        });
+
+        node.addBackend(appmesh.Backend.virtualService(myVirtualService));
+
+        // THEN
+        expect(stack).toHaveResourceLike('AWS::AppMesh::VirtualNode', {
+          Spec: {
+            Backends: [
+              {
+                VirtualService: {
+                  VirtualServiceName: 'service1',
+                },
+              },
+            ],
+          },
+        });
       });
     });
 

diff --git a/packages/@aws-cdk/aws-cloudfront/lib/distribution.ts b/packages/@aws-cdk/aws-cloudfront/lib/distribution.ts
@@ -430,7 +430,10 @@ export class Distribution extends Resource implements IDistribution {
       throw new Error('Explicitly disabled logging but provided a logging bucket.');
     }
 
-    const bucket = props.logBucket ?? new s3.Bucket(this, 'LoggingBucket');
+    const bucket = props.logBucket ?? new s3.Bucket(this, 'LoggingBucket', {
+      encryption: s3.BucketEncryption.S3_MANAGED,
+      enforceSSL: true,
+    });
     return {
       bucket: bucket.bucketRegionalDomainName,
       includeCookies: props.logIncludesCookies,

diff --git a/packages/@aws-cdk/aws-cloudfront/lib/web-distribution.ts b/packages/@aws-cdk/aws-cloudfront/lib/web-distribution.ts
@@ -954,7 +954,10 @@ export class CloudFrontWebDistribution extends cdk.Resource implements IDistribu
     }
 
     if (props.loggingConfig) {
-      this.loggingBucket = props.loggingConfig.bucket || new s3.Bucket(this, 'LoggingBucket');
+      this.loggingBucket = props.loggingConfig.bucket || new s3.Bucket(this, 'LoggingBucket', {
+        encryption: s3.BucketEncryption.S3_MANAGED,
+        enforceSSL: true,
+      });
       distributionConfig = {
         ...distributionConfig,
         logging: {

diff --git a/packages/@aws-cdk/aws-cloudfront/test/integ.cloudfront-bucket-logging.expected.json b/packages/@aws-cdk/aws-cloudfront/test/integ.cloudfront-bucket-logging.expected.json
@@ -75,9 +75,67 @@
     },
     "AnAmazingWebsiteProbably2LoggingBucket222F7CE9": {
       "Type": "AWS::S3::Bucket",
+      "Properties": {
+        "BucketEncryption": {
+          "ServerSideEncryptionConfiguration": [
+            {
+              "ServerSideEncryptionByDefault": {
+                "SSEAlgorithm": "AES256"
+              }
+            }
+          ]
+        }
+      },
       "UpdateReplacePolicy": "Retain",
       "DeletionPolicy": "Retain"
     },
+    "AnAmazingWebsiteProbably2LoggingBucketPolicyE298B456": {
+      "Type": "AWS::S3::BucketPolicy",
+      "Properties": {
+        "Bucket": {
+          "Ref": "AnAmazingWebsiteProbably2LoggingBucket222F7CE9"
+        },
+        "PolicyDocument": {
+          "Statement": [
+            {
+              "Action": "s3:*",
+              "Condition": {
+                "Bool": {
+                  "aws:SecureTransport": "false"
+                }
+              },
+              "Effect": "Deny",
+              "Principal": {
+                "AWS": "*"
+              },
+              "Resource": [
+                {
+                  "Fn::GetAtt": [
+                    "AnAmazingWebsiteProbably2LoggingBucket222F7CE9",
+                    "Arn"
+                  ]
+                },
+                {
+                  "Fn::Join": [
+                    "",
+                    [
+                      {
+                        "Fn::GetAtt": [
+                          "AnAmazingWebsiteProbably2LoggingBucket222F7CE9",
+                          "Arn"
+                        ]
+                      },
+                      "/*"
+                    ]
+                  ]
+                }
+              ]
+            }
+          ],
+          "Version": "2012-10-17"
+        }
+      }
+    },
     "AnAmazingWebsiteProbably2CFDistribution7C1CCD12": {
       "Type": "AWS::CloudFront::Distribution",
       "Properties": {