Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore(release): 2.112.0 #28216

Closed
wants to merge 92 commits into from
Closed

chore(release): 2.112.0 #28216

wants to merge 92 commits into from

Conversation

aws-cdk-automation
Copy link
Collaborator

@aws-cdk-automation aws-cdk-automation commented Dec 1, 2023

See CHANGELOG

moelasmar and others added 30 commits November 15, 2023 16:39
Adding new author to .mergify.yml and .github-merit-badger.yml as per
contribution guidelines.

----

*By submitting this pull request, I confirm that my contribution is made
under the terms of the Apache-2.0 license*
…8027)

Because of IPAM allocation, we can't know the parent CIDR at synth time, so we cannot calculate the CIDR split at synth time either.

This forces us to rely on the `{ Fn::Cidr }` function provided by CloudFormation. For resource consumption reasons, this function is limited to splitting any range into at most 256 subranges, which means the IPAM allocated VPC cannot split into more subranges either.

This PR adds a recursive split feature: if we need to split an CIDR range more than 256 times, we will do multiple splits:

```ts
Fn.select(300, Fn.cidr(range, 4096, 4)) // <-- illegal

// ==

Fn.select(44, Fn.cidr(Fn.select(1, Fn.cidr(range, 4, 12)), 256, 4))
```

Fixes #25537.

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Ran npm-check-updates and yarn upgrade to keep the `yarn.lock` file up-to-date.
…ment variables (#28048)

### Changes
- added `AWS_DEFAULT_REGION` to `reservedEnvironmentVariables`
  - unit tests were not added because there is only one existing test case written.
    - https://github.com/aws/aws-cdk/blob/91a3e8c0fb0b6e91d45146c44c234151c59b3476/packages/aws-cdk-lib/aws-lambda/test/function.test.ts#L3426 

### Description
The Function constructor checks that reserved environment variables are not specified when adding environment variables.
However, when I mistakenly specified `AWS_DEFAULT_REGION` as an environment variable,  `cdk synth` did not generate an error.

The following document contains the list of reserved environment variables.
https://docs.aws.amazon.com/lambda/latest/dg/configuration-envvars.html#configuration-envvars-runtime

Cloudformation gives the following error.
`Resource handler returned message: "Lambda was unable to configure your environment variables because the environment variables you have provided contains reserved keys that are currently not supported for modification. Reserved keys used in this request: AWS_DEFAULT_REGION`

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Reduces runtime of `awslint` against `aws-cdk-lib` from ~70s down to ~15s.

Speed up 1: Reduce rule definitions (~1s)
Speed up 2: Make core checks fqn based only (~5s)
Speed up 3: Optimize code paths to defer expensive checks (~4s)
Speed up 4: Locked typesystem (~25s)
Speed up 5: Faster camel casing (~15s)


![giphy](https://github.com/aws/aws-cdk/assets/379814/4a8eb1dd-d045-48a2-8a4d-0a1e36db8b3b)


----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
This PR moves the eval-nodejs handler from aws-cdk-lib to our new centralized location for custom resource handlers in the [@aws-cdk](https://github.com/aws-cdk) package.

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
This PR moves the log retention handler from aws-cdk-lib to our new centralized location for custom resource handlers in the @aws-cdk package.

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
This PR moves the oidc handler from aws-cdk-lib to our new centralized location for custom resource handlers in the [@aws-cdk](https://github.com/aws-cdk) package.

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Minimum required version enforced by jsii-pacmak.

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Makes our diagram editable now that it is mermaid.

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…27898)

This PR moves the dns validated certificate handler from aws-cdk-lib to our new centralized location for custom resource handlers in the [@aws-cdk](https://github.com/aws-cdk) package.

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…28068)

We switched the images used to build PRs to `jsii/superchain:bullseye-slim-node18` which comes with Node.js 18 instead of Node.js 16. This Node.js upgrade also includes an upgraded version of npm, and in recent npm versions, the unsef-perm option is not required anymore. This change simply removes the now redundant command.

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
We switched the images used to run our main build to jsii/superchain:bullseye-slim-node18 which comes with Node.js 18 instead of Node.js 16. This Node.js upgrade also includes an upgraded version of npm, and in recent npm versions, the unsef-perm option is not required anymore. This change simply removes the now redundant command.


----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
AWS Service Spec packages to latest versions.
Some folks are still stuck on node14. Replacing `.at()` with conventional array access to make it easier for them. In this particular instance there's really no benefit to the code using it.

But seriously, y'all should upgrade to a current, supported version like Node.js 18.

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…ions do not get configured (#27861)

Closes #18965 

`HTTPLambdaIntegration` using imported lambda functions are currently not being configured. This is due to the fact that the `canCreatePermissions` property is set to false in imported lambdas, so the lambda permissions are never created.

This PR fixes this issue by:
- Setting the `sameEnvironment` property to `true` for lambdas imported using `fromFunctionName()`
- Adding clarification in documentation about imported lambdas needing to belong to the same stack account and region as that of the lambda being imported from be able to add permissions
- Adding a new warning to be thrown when the `addPermissions()` function is called on a lambda with `canCreatePermissions` set to false.

The new integ test file tests that imported lambdas using `fromFunctionName()` and `fromFunctionAttributes()` (with `sameEnvironment` set to `true`) work as expected, including on sub-route integrations.

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
This PR moves the delete existing record set handler from aws-cdk-lib to our new centralized location for custom resource handlers in the [@aws-cdk](https://github.com/aws-cdk) package.

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…e logging (#28057)

Our current logging statement for s3 bucket deployments is inconsistent. This PR updates the logging statement to ensure consistent one-line logging.

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…t token-aware (#27797)

Allows a Token to be provided for maxConcurrency without runtime errors

Closes #27796.

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
This PR moves the ec2 restrict default security group handler from `aws-cdk-lib` to our new centralized location for custom resource handlers in the `@aws-cdk` package.

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
sakurai-ryo and others added 16 commits November 28, 2023 21:51
When using `WINDOWS_SERVER_2019_CONTAINER`, only MEDIUM and LARGE computeType is supported.
https://docs.aws.amazon.com/codebuild/latest/userguide/build-env-ref-compute-types.html

However, currently only ComputeType `SMALL` is validated.
This PR modified to generate an error when ComputeType is specified as X2_LARGE in WindowsBuildImage.
```ts
    new codebuild.Project(this, 'CodeBuildCdk', {
      source: codebuild.Source.codeCommit({ repository: codecommit.Repository.fromRepositoryName(this, "Repo", "sample") }),
      environment: {
        computeType: codebuild.ComputeType.X2_LARGE, // generate error in synth stage
        buildImage:  codebuild.WindowsBuildImage.WINDOWS_BASE_2_0
      }
    });
```

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
This PR moves the dynamodb replica handler from `aws-cdk-lib` to our new centralized location for custom resource handlers in the `@aws-cdk` package.

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…ion integ test (#28181)

This PR adds directions that can be used when running the cross account zone delegation integ test. The directions are the exact same as what is provided for running the [cross account assume role integ test](https://github.com/aws/aws-cdk/blob/20bfa721525d290f453b17ad4bc91b7fb8922635/packages/%40aws-cdk-testing/framework-integ/test/custom-resources/test/aws-custom-resource/integ.cross-account-assumeRole.ts#L7-L29).

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Closes #27459 

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
It is more or less frustrating that we have to check if a variable is undefined or not before calling the `CfnResource.isCfnResource` method. For example,

```ts
const bucket1 = new Bucket(stack, 'Bucket1');
const bucket1Resource = bucket1.node.defaultChild;
if (bucket1Resource !== undefined &&  // Currently we need this!
    cdk.CfnResource.isCfnResource(bucket1Resource)
) {
    bucket1Resource.addDependency(...);
}
```

With this PR, `isCfnResource` now accepts `any` type as input and performs the necessary validations inside.

```ts
const bucket1 = new Bucket(stack, 'Bucket1');
const bucket1Resource = bucket1.node.defaultChild;
if (cdk.CfnResource.isCfnResource(bucket1Resource)) { // much smoother
    bucket1Resource.addDependency(...);
}
```

Actually, other `isXxx` methods have consistent signatures like the one below:

```ts
public static isStack(x: any): x is Stack
public static isReference(x: any): x is Reference
public static isCfnElement(x: any): x is CfnElement
// and more...
```

This change also makes the `isCfnResource` consistent with these signatures.

Note that this is not a breaking change, because the input constraint is relaxed, not tightened, so all the old code will work without change.

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
This PR moves the cross account zone handler from aws-cdk-lib to our new centralized location for custom resource handlers in the [@aws-cdk](https://github.com/aws-cdk) package.

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Improve docstrings to explain that parameter objectsKeyPattern of type any should take in string inputs.

Unable to directly change the parameter type because of backwards compatibility concerns (mentioned in #27486 we are improving documentation as an alternative solution.

Closes #27481.

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
An eventBridgePutEvents target was implemented similar to the already existing LambdaInvoke/StepFunctionStartExecution target.

I needed to change some properties and methods from Target.ts from private to protected so that the logic could be reused (hope that is ok).

Some design choices to outline (let me know if you disagree or have improvements I could take :) ):
1. PutEvents would accept multiple Entries (eg. an array), but I decided to support just one single event, because how Target is currently designed (to support only one target arn). It also aligns with the templated integration in the aws management console.
2. It throws an error in the constructor if the base prop `input` is used. All the props should be delivered by the new `EventBridgePutEventsEntry`. It felt not right for the developer experience to split the object (detail to `input` and `source`, `detailType` to `EventBridgePutEventsEntry` ).


Closes #27454.

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
We are excited to graduate the `@aws-cdk/aws-apigatewayv2-alpha`, `@aws-cdk/aws-apigatewayv2-authorizers-alpha`, and `@aws-cdk/aws-apigatewayv2-integrations-alpha` modules to STABLE.

They now live on as:
- `aws-cdk-lib/aws-apigatewayv2`
- `aws-cdk-lib/aws-apigatewayv2-authorizers`
- `aws-cdk-lib/aws-apigatewayv2-integrations`

**Deprecated properties removed**:

- `httpApiId` has been removed in `aws-apigatewayv2`. Use `apiId` instead.
----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…28185)

The hotswappable resource detectors failed to correctly identify `AWS::IAM::Policy` resources as not-hotswappable.

When `--hotswap-fallback` was used and the only change to the stack was with `AWS::IAM::Policy`, this caused the deploy command to first report IAM changes, and then report `no changes` on the stack.

<img width="1076" alt="image" src="https://github.com/aws/aws-cdk/assets/379814/d77320bc-fc8d-4b70-b710-2c28467d07e5">

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…e_modules/@aws-cdk/integ-runner/lib/workers/db.json.gz'" (#28199)

After #27813 the `deploy` action was broken with the above error. This is effectively the same as #27983 .

To ensure these kind of issues are not slipping through again, the PR is adding a basic testing harness for `cli-lib` to `@aws-cdk-testing/cli-integtests`.

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…27850)

This PR adds InspectorStartAssessmentRun Target for EventBridge Scheduler.

In [the issue](#27453), the `inspector.CfnAssessmentTarget` is used in the `InspectorStartAssessmentRun`. But it should be a `CfnAssessmentTemplate` so I fixed.

```ts
  export class InspectorStartAssessmentRun extends ScheduleTargetBase implements IScheduleTarget {
    constructor(
      private readonly target: inspector.CfnAssessmentTarget, // <- here
      private readonly props: ScheduleTargetBaseProps,
    ) {
```

Closes #27453.

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Closes #28190.

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
@aws-cdk-automation aws-cdk-automation added auto-approve pr/no-squash This PR should be merged instead of squash-merging it labels Dec 1, 2023
@aws-cdk-automation aws-cdk-automation requested a review from a team December 1, 2023 10:12
@github-actions github-actions bot added the p2 label Dec 1, 2023
@mrgrain mrgrain added the pr/do-not-merge This PR should not be merged at this time. label Dec 1, 2023
@mrgrain mrgrain closed this Dec 1, 2023
@mrgrain mrgrain deleted the bump/2.112.0 branch December 1, 2023 10:19
@aws-cdk-automation
Copy link
Collaborator Author

AWS CodeBuild CI Report

  • CodeBuild project: AutoBuildv2Project1C6BFA3F-wQm2hXv2jqQv
  • Commit ID: 9611604
  • Result: SUCCEEDED
  • Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
auto-approve p2 pr/do-not-merge This PR should not be merged at this time. pr/no-squash This PR should be merged instead of squash-merging it
Projects
None yet
Development

Successfully merging this pull request may close these issues.