From c7b236cfa74f3e4d7b412b368d41c506d7ba9f98 Mon Sep 17 00:00:00 2001 From: mazyu36 Date: Thu, 29 Aug 2024 10:17:54 +0900 Subject: [PATCH 1/3] chore(rds): support 11.22-rds.20240808 for RDS PostgreSQL (#31233) Add new instance engine. Ref: [Amazon RDS for PostgreSQL announces Extended Support minor 11.22-RDS.20240808](https://aws.amazon.com/about-aws/whats-new/2024/08/amazon-rds-postgresql-minor-11-22-rds-20240808/) ```sh % aws rds describe-db-engine-versions --engine postgres --query "DBEngineVersions[].EngineVersion" --output table --region us-east-1 -------------------------- |DescribeDBEngineVersions| +------------------------+ // omit | 11.22-rds.20240808 | // omit ``` ### Checklist - [ ] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- packages/aws-cdk-lib/aws-rds/lib/instance-engine.ts | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/packages/aws-cdk-lib/aws-rds/lib/instance-engine.ts b/packages/aws-cdk-lib/aws-rds/lib/instance-engine.ts index 3c0b256f6e687..f64da36c38107 100644 --- a/packages/aws-cdk-lib/aws-rds/lib/instance-engine.ts +++ b/packages/aws-cdk-lib/aws-rds/lib/instance-engine.ts @@ -1449,6 +1449,10 @@ export class PostgresEngineVersion { * Version "11.22-rds.20240509" */ public static readonly VER_11_22_RDS_20240509 = PostgresEngineVersion.of('11.22-rds.20240509', '11', { s3Import: true, s3Export: true }); + /** + * Version "11.22-rds.20240808" + */ + public static readonly VER_11_22_RDS_20240808 = PostgresEngineVersion.of('11.22-RDS.20240808', '11', { s3Import: true, s3Export: true }); /** Version "12" (only a major version, without a specific minor version). */ public static readonly VER_12 = PostgresEngineVersion.of('12', '12', { s3Import: true }); From 04d73acc5e95568bd410a714ef00e7edb192681a Mon Sep 17 00:00:00 2001 From: mazyu36 Date: Fri, 30 Aug 2024 02:42:36 +0900 Subject: [PATCH 2/3] feat(location): support GeofenceCollection (#30711) ### Issue # (if applicable) Closes #30710. ### Reason for this change To support L2 level geofence collection. ### Description of changes Add `Geofence Collection` class. ### Description of how you validated changes Add unit tests and integ tests. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- .../@aws-cdk/aws-location-alpha/README.md | 28 +++ .../lib/geofence-collection.ts | 163 ++++++++++++++++ .../@aws-cdk/aws-location-alpha/lib/index.ts | 1 + .../aws-location-alpha/lib/place-index.ts | 14 +- .../@aws-cdk/aws-location-alpha/lib/util.ts | 10 + .../rosetta/default.ts-fixture | 1 + .../test/geofence-collection.test.ts | 112 +++++++++++ ...efaultTestDeployAssert44609017.assets.json | 19 ++ ...aultTestDeployAssert44609017.template.json | 36 ++++ ...g-location-geofence-collection.assets.json | 19 ++ ...location-geofence-collection.template.json | 86 ++++++++ .../cdk.out | 1 + .../integ.json | 12 ++ .../manifest.json | 119 ++++++++++++ .../tree.json | 183 ++++++++++++++++++ .../test/integ.geofence-collection.ts | 27 +++ 16 files changed, 821 insertions(+), 10 deletions(-) create mode 100644 packages/@aws-cdk/aws-location-alpha/lib/geofence-collection.ts create mode 100644 packages/@aws-cdk/aws-location-alpha/lib/util.ts create mode 100644 packages/@aws-cdk/aws-location-alpha/test/geofence-collection.test.ts create mode 100644 packages/@aws-cdk/aws-location-alpha/test/integ.geofence-collection.js.snapshot/GeofenceCollectionTestDefaultTestDeployAssert44609017.assets.json create mode 100644 packages/@aws-cdk/aws-location-alpha/test/integ.geofence-collection.js.snapshot/GeofenceCollectionTestDefaultTestDeployAssert44609017.template.json create mode 100644 packages/@aws-cdk/aws-location-alpha/test/integ.geofence-collection.js.snapshot/cdk-integ-location-geofence-collection.assets.json create mode 100644 packages/@aws-cdk/aws-location-alpha/test/integ.geofence-collection.js.snapshot/cdk-integ-location-geofence-collection.template.json create mode 100644 packages/@aws-cdk/aws-location-alpha/test/integ.geofence-collection.js.snapshot/cdk.out create mode 100644 packages/@aws-cdk/aws-location-alpha/test/integ.geofence-collection.js.snapshot/integ.json create mode 100644 packages/@aws-cdk/aws-location-alpha/test/integ.geofence-collection.js.snapshot/manifest.json create mode 100644 packages/@aws-cdk/aws-location-alpha/test/integ.geofence-collection.js.snapshot/tree.json create mode 100644 packages/@aws-cdk/aws-location-alpha/test/integ.geofence-collection.ts diff --git a/packages/@aws-cdk/aws-location-alpha/README.md b/packages/@aws-cdk/aws-location-alpha/README.md index 5d0a8bd1b624d..33398554e31fd 100644 --- a/packages/@aws-cdk/aws-location-alpha/README.md +++ b/packages/@aws-cdk/aws-location-alpha/README.md @@ -49,3 +49,31 @@ declare const role: iam.Role; const placeIndex = new location.PlaceIndex(this, 'PlaceIndex'); placeIndex.grantSearch(role); ``` + +## Geofence Collection + +Geofence collection resources allow you to store and manage geofences—virtual boundaries on a map. +You can evaluate locations against a geofence collection resource and get notifications when the location +update crosses the boundary of any of the geofences in the geofence collection. + +```ts +declare const key: kms.Key; + +new location.GeofenceCollection(this, 'GeofenceCollection', { + geofenceCollectionName: 'MyGeofenceCollection', // optional, defaults to a generated name + kmsKey: key, // optional, defaults to use an AWS managed key +}); +``` + +Use the `grant()` or `grantRead()` method to grant the given identity permissions to perform actions +on the geofence collection: + +```ts +declare const role: iam.Role; + +const geofenceCollection = new location.GeofenceCollection(this, 'GeofenceCollection', { + geofenceCollectionName: 'MyGeofenceCollection', +}); + +geofenceCollection.grantRead(role); +``` diff --git a/packages/@aws-cdk/aws-location-alpha/lib/geofence-collection.ts b/packages/@aws-cdk/aws-location-alpha/lib/geofence-collection.ts new file mode 100644 index 0000000000000..633f2b4ea9997 --- /dev/null +++ b/packages/@aws-cdk/aws-location-alpha/lib/geofence-collection.ts @@ -0,0 +1,163 @@ +import * as iam from 'aws-cdk-lib/aws-iam'; +import * as kms from 'aws-cdk-lib/aws-kms'; +import { ArnFormat, IResource, Lazy, Resource, Stack, Token } from 'aws-cdk-lib/core'; +import { Construct } from 'constructs'; +import { CfnGeofenceCollection } from 'aws-cdk-lib/aws-location'; +import { generateUniqueId } from './util'; + +/** + * A Geofence Collection + */ +export interface IGeofenceCollection extends IResource { + /** + * The name of the geofence collection + * + * @attribute + */ + readonly geofenceCollectionName: string; + + /** + * The Amazon Resource Name (ARN) of the geofence collection resource + * + * @attribute Arn, CollectionArn + */ + readonly geofenceCollectionArn: string; +} + +/** + * Properties for a geofence collection + */ +export interface GeofenceCollectionProps { + /** + * A name for the geofence collection + * + * Must be between 1 and 100 characters and contain only alphanumeric characters, + * hyphens, periods and underscores. + * + * @default - A name is automatically generated + */ + readonly geofenceCollectionName?: string; + + /** + * A description for the geofence collection + * + * @default - no description + */ + readonly description?: string; + + /** + * The customer managed to encrypt your data. + * + * @default - Use an AWS managed key + * @see https://docs.aws.amazon.com/location/latest/developerguide/encryption-at-rest.html + */ + readonly kmsKey?: kms.IKey; +} + +/** + * A Geofence Collection + * + * @see https://docs.aws.amazon.com/location/latest/developerguide/geofence-tracker-concepts.html#geofence-overview + */ +export class GeofenceCollection extends Resource implements IGeofenceCollection { + /** + * Use an existing geofence collection by name + */ + public static fromGeofenceCollectionName(scope: Construct, id: string, geofenceCollectionName: string): IGeofenceCollection { + const geofenceCollectionArn = Stack.of(scope).formatArn({ + service: 'geo', + resource: 'geofence-collection', + resourceName: geofenceCollectionName, + }); + + return GeofenceCollection.fromGeofenceCollectionArn(scope, id, geofenceCollectionArn); + } + + /** + * Use an existing geofence collection by ARN + */ + public static fromGeofenceCollectionArn(scope: Construct, id: string, geofenceCollectionArn: string): IGeofenceCollection { + const parsedArn = Stack.of(scope).splitArn(geofenceCollectionArn, ArnFormat.SLASH_RESOURCE_NAME); + + if (!parsedArn.resourceName) { + throw new Error(`Geofence Collection Arn ${geofenceCollectionArn} does not have a resource name.`); + } + + class Import extends Resource implements IGeofenceCollection { + public readonly geofenceCollectionName = parsedArn.resourceName!; + public readonly geofenceCollectionArn = geofenceCollectionArn; + } + + return new Import(scope, id, { + account: parsedArn.account, + region: parsedArn.region, + }); + } + + public readonly geofenceCollectionName: string; + + public readonly geofenceCollectionArn: string; + + /** + * The timestamp for when the geofence collection resource was created in ISO 8601 format + * + * @attribute + */ + public readonly geofenceCollectionCreateTime: string; + + /** + * The timestamp for when the geofence collection resource was last updated in ISO 8601 format + * + * @attribute + */ + public readonly geofenceCollectionUpdateTime: string; + + constructor(scope: Construct, id: string, props: GeofenceCollectionProps = {}) { + + if (props.description && !Token.isUnresolved(props.description) && props.description.length > 1000) { + throw new Error(`\`description\` must be between 0 and 1000 characters. Received: ${props.description.length} characters`); + } + + if (props.geofenceCollectionName && !Token.isUnresolved(props.geofenceCollectionName) && !/^[-.\w]{1,100}$/.test(props.geofenceCollectionName)) { + throw new Error(`Invalid geofence collection name. The geofence collection name must be between 1 and 100 characters and contain only alphanumeric characters, hyphens, periods and underscores. Received: ${props.geofenceCollectionName}`); + } + + super(scope, id, { + physicalName: props.geofenceCollectionName ?? Lazy.string({ produce: () => generateUniqueId(this) }), + }); + + const geofenceCollection = new CfnGeofenceCollection(this, 'Resource', { + collectionName: this.physicalName, + description: props.description, + kmsKeyId: props.kmsKey?.keyArn, + }); + + this.geofenceCollectionName = geofenceCollection.ref; + this.geofenceCollectionArn = geofenceCollection.attrArn; + this.geofenceCollectionCreateTime = geofenceCollection.attrCreateTime; + this.geofenceCollectionUpdateTime = geofenceCollection.attrUpdateTime; + } + + /** + * Grant the given principal identity permissions to perform the actions on this geofence collection. + */ + public grant(grantee: iam.IGrantable, ...actions: string[]): iam.Grant { + return iam.Grant.addToPrincipal({ + grantee: grantee, + actions: actions, + resourceArns: [this.geofenceCollectionArn], + }); + } + + /** + * Grant the given identity permissions to read this geofence collection + * + * @see https://docs.aws.amazon.com/location/latest/developerguide/security_iam_id-based-policy-examples.html#security_iam_id-based-policy-examples-read-only-geofences + */ + public grantRead(grantee: iam.IGrantable): iam.Grant { + return this.grant(grantee, + 'geo:ListGeofences', + 'geo:GetGeofence', + ); + } +} diff --git a/packages/@aws-cdk/aws-location-alpha/lib/index.ts b/packages/@aws-cdk/aws-location-alpha/lib/index.ts index 845bf77540edf..2dbba33a53f09 100644 --- a/packages/@aws-cdk/aws-location-alpha/lib/index.ts +++ b/packages/@aws-cdk/aws-location-alpha/lib/index.ts @@ -1,3 +1,4 @@ +export * from './geofence-collection'; export * from './place-index'; // AWS::Location CloudFormation Resources: diff --git a/packages/@aws-cdk/aws-location-alpha/lib/place-index.ts b/packages/@aws-cdk/aws-location-alpha/lib/place-index.ts index 144059b6469a2..34f35264b7ad4 100644 --- a/packages/@aws-cdk/aws-location-alpha/lib/place-index.ts +++ b/packages/@aws-cdk/aws-location-alpha/lib/place-index.ts @@ -1,7 +1,8 @@ import * as iam from 'aws-cdk-lib/aws-iam'; -import { ArnFormat, IResource, Lazy, Names, Resource, Stack, Token } from 'aws-cdk-lib/core'; +import { ArnFormat, IResource, Lazy, Resource, Stack, Token } from 'aws-cdk-lib/core'; import { Construct } from 'constructs'; import { CfnPlaceIndex } from 'aws-cdk-lib/aws-location'; +import { generateUniqueId } from './util'; /** * A Place Index @@ -164,7 +165,7 @@ export class PlaceIndex extends PlaceIndexBase { public readonly placeIndexArn: string; /** - * The timestamp for when the place index resource was created in ISO 8601 forma + * The timestamp for when the place index resource was created in ISO 8601 format * * @attribute */ @@ -187,7 +188,7 @@ export class PlaceIndex extends PlaceIndexBase { } super(scope, id, { - physicalName: props.placeIndexName ?? Lazy.string({ produce: () => this.generateUniqueId() }), + physicalName: props.placeIndexName ?? Lazy.string({ produce: () => generateUniqueId(this) }), }); const placeIndex = new CfnPlaceIndex(this, 'Resource', { @@ -205,11 +206,4 @@ export class PlaceIndex extends PlaceIndexBase { this.placeIndexUpdateTime = placeIndex.attrUpdateTime; } - private generateUniqueId(): string { - const name = Names.uniqueId(this); - if (name.length > 100) { - return name.substring(0, 50) + name.substring(name.length - 50); - } - return name; - } } diff --git a/packages/@aws-cdk/aws-location-alpha/lib/util.ts b/packages/@aws-cdk/aws-location-alpha/lib/util.ts new file mode 100644 index 0000000000000..ff0871f6836ff --- /dev/null +++ b/packages/@aws-cdk/aws-location-alpha/lib/util.ts @@ -0,0 +1,10 @@ +import { Names } from 'aws-cdk-lib/core'; +import { IConstruct } from 'constructs'; + +export function generateUniqueId(context: IConstruct): string { + const name = Names.uniqueId(context); + if (name.length > 100) { + return name.substring(0, 50) + name.substring(name.length - 50); + } + return name; +} diff --git a/packages/@aws-cdk/aws-location-alpha/rosetta/default.ts-fixture b/packages/@aws-cdk/aws-location-alpha/rosetta/default.ts-fixture index 4dfb2134f19d1..5434bf2ea274e 100644 --- a/packages/@aws-cdk/aws-location-alpha/rosetta/default.ts-fixture +++ b/packages/@aws-cdk/aws-location-alpha/rosetta/default.ts-fixture @@ -3,6 +3,7 @@ import { Stack } from 'aws-cdk-lib'; import { Construct } from 'constructs'; import * as location from '@aws-cdk/aws-location-alpha'; import * as iam from 'aws-cdk-lib/aws-iam'; +import * as kms from 'aws-cdk-lib/aws-kms'; class Fixture extends Stack { constructor(scope: Construct, id: string) { diff --git a/packages/@aws-cdk/aws-location-alpha/test/geofence-collection.test.ts b/packages/@aws-cdk/aws-location-alpha/test/geofence-collection.test.ts new file mode 100644 index 0000000000000..5ff30c63a940b --- /dev/null +++ b/packages/@aws-cdk/aws-location-alpha/test/geofence-collection.test.ts @@ -0,0 +1,112 @@ +import { Match, Template } from 'aws-cdk-lib/assertions'; +import * as iam from 'aws-cdk-lib/aws-iam'; +import * as kms from 'aws-cdk-lib/aws-kms'; +import { Stack } from 'aws-cdk-lib'; +import { GeofenceCollection } from '../lib/geofence-collection'; + +let stack: Stack; +beforeEach(() => { + stack = new Stack(); +}); + +test('create a geofence collection', () => { + new GeofenceCollection(stack, 'GeofenceCollection', { description: 'test' }); + + Template.fromStack(stack).hasResourceProperties('AWS::Location::GeofenceCollection', { + CollectionName: 'GeofenceCollection', + Description: 'test', + }); +}); + +test('creates geofence collection with empty description', () => { + new GeofenceCollection(stack, 'GeofenceCollection', { description: '' }); + + Template.fromStack(stack).hasResourceProperties('AWS::Location::GeofenceCollection', { + Description: '', + }); +}); + +test('throws with invalid description', () => { + expect(() => new GeofenceCollection(stack, 'GeofenceCollection', { + description: 'a'.repeat(1001), + })).toThrow('`description` must be between 0 and 1000 characters. Received: 1001 characters'); +}); + +test('throws with invalid name', () => { + expect(() => new GeofenceCollection(stack, 'GeofenceCollection', { + geofenceCollectionName: 'inv@lid', + })).toThrow('Invalid geofence collection name. The geofence collection name must be between 1 and 100 characters and contain only alphanumeric characters, hyphens, periods and underscores. Received: inv@lid'); +}); + +test('grant read actions', () => { + const geofenceCollection = new GeofenceCollection(stack, 'GeofenceCollection', { + }); + + const role = new iam.Role(stack, 'Role', { + assumedBy: new iam.ServicePrincipal('foo'), + }); + + geofenceCollection.grantRead(role); + + Template.fromStack(stack).hasResourceProperties('AWS::IAM::Policy', Match.objectLike({ + PolicyDocument: Match.objectLike({ + Statement: [ + { + Action: [ + 'geo:ListGeofences', + 'geo:GetGeofence', + ], + Effect: 'Allow', + Resource: { + 'Fn::GetAtt': [ + 'GeofenceCollection6FAC681F', + 'Arn', + ], + }, + }, + ], + }), + })); +}); + +test('import from arn', () => { + const geofenceCollectionArn = stack.formatArn({ + service: 'geo', + resource: 'geofence-collection', + resourceName: 'MyGeofenceCollection', + }); + const geofenceCollection = GeofenceCollection.fromGeofenceCollectionArn(stack, 'GeofenceCollection', geofenceCollectionArn); + + // THEN + expect(geofenceCollection.geofenceCollectionName).toEqual('MyGeofenceCollection'); + expect(geofenceCollection.geofenceCollectionArn).toEqual(geofenceCollectionArn); +}); + +test('import from name', () => { + // WHEN + const geofenceCollectionName = 'MyGeofenceCollection'; + const geofenceCollection = GeofenceCollection.fromGeofenceCollectionName(stack, 'GeofenceCollection', geofenceCollectionName); + + // THEN + expect(geofenceCollection.geofenceCollectionName).toEqual(geofenceCollectionName); + expect(geofenceCollection.geofenceCollectionArn).toEqual(stack.formatArn({ + service: 'geo', + resource: 'geofence-collection', + resourceName: 'MyGeofenceCollection', + })); +}); + +test('create a geofence collection with a customer managed key)', () => { + // GIVEN + const kmsKey = new kms.Key(stack, 'Key'); + + // WHEN + new GeofenceCollection(stack, 'GeofenceCollection', + { kmsKey }, + ); + + // THEN + Template.fromStack(stack).hasResourceProperties('AWS::Location::GeofenceCollection', { + KmsKeyId: stack.resolve(kmsKey.keyArn), + }); +}); diff --git a/packages/@aws-cdk/aws-location-alpha/test/integ.geofence-collection.js.snapshot/GeofenceCollectionTestDefaultTestDeployAssert44609017.assets.json b/packages/@aws-cdk/aws-location-alpha/test/integ.geofence-collection.js.snapshot/GeofenceCollectionTestDefaultTestDeployAssert44609017.assets.json new file mode 100644 index 0000000000000..21013347510cd --- /dev/null +++ b/packages/@aws-cdk/aws-location-alpha/test/integ.geofence-collection.js.snapshot/GeofenceCollectionTestDefaultTestDeployAssert44609017.assets.json @@ -0,0 +1,19 @@ +{ + "version": "36.0.0", + "files": { + "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { + "source": { + "path": "GeofenceCollectionTestDefaultTestDeployAssert44609017.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-location-alpha/test/integ.geofence-collection.js.snapshot/GeofenceCollectionTestDefaultTestDeployAssert44609017.template.json b/packages/@aws-cdk/aws-location-alpha/test/integ.geofence-collection.js.snapshot/GeofenceCollectionTestDefaultTestDeployAssert44609017.template.json new file mode 100644 index 0000000000000..ad9d0fb73d1dd --- /dev/null +++ b/packages/@aws-cdk/aws-location-alpha/test/integ.geofence-collection.js.snapshot/GeofenceCollectionTestDefaultTestDeployAssert44609017.template.json @@ -0,0 +1,36 @@ +{ + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-location-alpha/test/integ.geofence-collection.js.snapshot/cdk-integ-location-geofence-collection.assets.json b/packages/@aws-cdk/aws-location-alpha/test/integ.geofence-collection.js.snapshot/cdk-integ-location-geofence-collection.assets.json new file mode 100644 index 0000000000000..bd6134ef3546a --- /dev/null +++ b/packages/@aws-cdk/aws-location-alpha/test/integ.geofence-collection.js.snapshot/cdk-integ-location-geofence-collection.assets.json @@ -0,0 +1,19 @@ +{ + "version": "36.0.0", + "files": { + "ce1c7f3a6473ed714ceb4e42d3e80186a96e0334c97f4f5f93a7bcc8491e7c5a": { + "source": { + "path": "cdk-integ-location-geofence-collection.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "ce1c7f3a6473ed714ceb4e42d3e80186a96e0334c97f4f5f93a7bcc8491e7c5a.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-location-alpha/test/integ.geofence-collection.js.snapshot/cdk-integ-location-geofence-collection.template.json b/packages/@aws-cdk/aws-location-alpha/test/integ.geofence-collection.js.snapshot/cdk-integ-location-geofence-collection.template.json new file mode 100644 index 0000000000000..cb677ef548f40 --- /dev/null +++ b/packages/@aws-cdk/aws-location-alpha/test/integ.geofence-collection.js.snapshot/cdk-integ-location-geofence-collection.template.json @@ -0,0 +1,86 @@ +{ + "Resources": { + "keyFEDD6EC0": { + "Type": "AWS::KMS::Key", + "Properties": { + "KeyPolicy": { + "Statement": [ + { + "Action": "kms:*", + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" + ] + ] + } + }, + "Resource": "*" + } + ], + "Version": "2012-10-17" + } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "GeofenceCollection6FAC681F": { + "Type": "AWS::Location::GeofenceCollection", + "Properties": { + "CollectionName": "MyGeofenceCollection", + "Description": "test", + "KmsKeyId": { + "Fn::GetAtt": [ + "keyFEDD6EC0", + "Arn" + ] + } + } + } + }, + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-location-alpha/test/integ.geofence-collection.js.snapshot/cdk.out b/packages/@aws-cdk/aws-location-alpha/test/integ.geofence-collection.js.snapshot/cdk.out new file mode 100644 index 0000000000000..1f0068d32659a --- /dev/null +++ b/packages/@aws-cdk/aws-location-alpha/test/integ.geofence-collection.js.snapshot/cdk.out @@ -0,0 +1 @@ +{"version":"36.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-location-alpha/test/integ.geofence-collection.js.snapshot/integ.json b/packages/@aws-cdk/aws-location-alpha/test/integ.geofence-collection.js.snapshot/integ.json new file mode 100644 index 0000000000000..d5b6cdd858e5b --- /dev/null +++ b/packages/@aws-cdk/aws-location-alpha/test/integ.geofence-collection.js.snapshot/integ.json @@ -0,0 +1,12 @@ +{ + "version": "36.0.0", + "testCases": { + "GeofenceCollectionTest/DefaultTest": { + "stacks": [ + "cdk-integ-location-geofence-collection" + ], + "assertionStack": "GeofenceCollectionTest/DefaultTest/DeployAssert", + "assertionStackName": "GeofenceCollectionTestDefaultTestDeployAssert44609017" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-location-alpha/test/integ.geofence-collection.js.snapshot/manifest.json b/packages/@aws-cdk/aws-location-alpha/test/integ.geofence-collection.js.snapshot/manifest.json new file mode 100644 index 0000000000000..f4bd71a00ba2a --- /dev/null +++ b/packages/@aws-cdk/aws-location-alpha/test/integ.geofence-collection.js.snapshot/manifest.json @@ -0,0 +1,119 @@ +{ + "version": "36.0.0", + "artifacts": { + "cdk-integ-location-geofence-collection.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "cdk-integ-location-geofence-collection.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "cdk-integ-location-geofence-collection": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "cdk-integ-location-geofence-collection.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/ce1c7f3a6473ed714ceb4e42d3e80186a96e0334c97f4f5f93a7bcc8491e7c5a.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "cdk-integ-location-geofence-collection.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "cdk-integ-location-geofence-collection.assets" + ], + "metadata": { + "/cdk-integ-location-geofence-collection/key/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "keyFEDD6EC0" + } + ], + "/cdk-integ-location-geofence-collection/GeofenceCollection/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "GeofenceCollection6FAC681F" + } + ], + "/cdk-integ-location-geofence-collection/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/cdk-integ-location-geofence-collection/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "cdk-integ-location-geofence-collection" + }, + "GeofenceCollectionTestDefaultTestDeployAssert44609017.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "GeofenceCollectionTestDefaultTestDeployAssert44609017.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "GeofenceCollectionTestDefaultTestDeployAssert44609017": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "GeofenceCollectionTestDefaultTestDeployAssert44609017.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "GeofenceCollectionTestDefaultTestDeployAssert44609017.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "GeofenceCollectionTestDefaultTestDeployAssert44609017.assets" + ], + "metadata": { + "/GeofenceCollectionTest/DefaultTest/DeployAssert/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/GeofenceCollectionTest/DefaultTest/DeployAssert/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "GeofenceCollectionTest/DefaultTest/DeployAssert" + }, + "Tree": { + "type": "cdk:tree", + "properties": { + "file": "tree.json" + } + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-location-alpha/test/integ.geofence-collection.js.snapshot/tree.json b/packages/@aws-cdk/aws-location-alpha/test/integ.geofence-collection.js.snapshot/tree.json new file mode 100644 index 0000000000000..ebf1d6e5e3ab6 --- /dev/null +++ b/packages/@aws-cdk/aws-location-alpha/test/integ.geofence-collection.js.snapshot/tree.json @@ -0,0 +1,183 @@ +{ + "version": "tree-0.1", + "tree": { + "id": "App", + "path": "", + "children": { + "cdk-integ-location-geofence-collection": { + "id": "cdk-integ-location-geofence-collection", + "path": "cdk-integ-location-geofence-collection", + "children": { + "key": { + "id": "key", + "path": "cdk-integ-location-geofence-collection/key", + "children": { + "Resource": { + "id": "Resource", + "path": "cdk-integ-location-geofence-collection/key/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::KMS::Key", + "aws:cdk:cloudformation:props": { + "keyPolicy": { + "Statement": [ + { + "Action": "kms:*", + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" + ] + ] + } + }, + "Resource": "*" + } + ], + "Version": "2012-10-17" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "GeofenceCollection": { + "id": "GeofenceCollection", + "path": "cdk-integ-location-geofence-collection/GeofenceCollection", + "children": { + "Resource": { + "id": "Resource", + "path": "cdk-integ-location-geofence-collection/GeofenceCollection/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Location::GeofenceCollection", + "aws:cdk:cloudformation:props": { + "collectionName": "MyGeofenceCollection", + "description": "test", + "kmsKeyId": { + "Fn::GetAtt": [ + "keyFEDD6EC0", + "Arn" + ] + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "cdk-integ-location-geofence-collection/BootstrapVersion", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "cdk-integ-location-geofence-collection/CheckBootstrapVersion", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "GeofenceCollectionTest": { + "id": "GeofenceCollectionTest", + "path": "GeofenceCollectionTest", + "children": { + "DefaultTest": { + "id": "DefaultTest", + "path": "GeofenceCollectionTest/DefaultTest", + "children": { + "Default": { + "id": "Default", + "path": "GeofenceCollectionTest/DefaultTest/Default", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "DeployAssert": { + "id": "DeployAssert", + "path": "GeofenceCollectionTest/DefaultTest/DeployAssert", + "children": { + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "GeofenceCollectionTest/DefaultTest/DeployAssert/BootstrapVersion", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "GeofenceCollectionTest/DefaultTest/DeployAssert/CheckBootstrapVersion", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTestCase", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTest", + "version": "0.0.0" + } + }, + "Tree": { + "id": "Tree", + "path": "Tree", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-location-alpha/test/integ.geofence-collection.ts b/packages/@aws-cdk/aws-location-alpha/test/integ.geofence-collection.ts new file mode 100644 index 0000000000000..a093499e38ab6 --- /dev/null +++ b/packages/@aws-cdk/aws-location-alpha/test/integ.geofence-collection.ts @@ -0,0 +1,27 @@ +import { App, RemovalPolicy, Stack } from 'aws-cdk-lib'; +import * as kms from 'aws-cdk-lib/aws-kms'; +import * as integ from '@aws-cdk/integ-tests-alpha'; +import { Construct } from 'constructs'; +import { GeofenceCollection } from '../lib'; + +class TestStack extends Stack { + constructor(scope: Construct, id: string) { + super(scope, id); + + const kmsKey = new kms.Key(this, 'key', { + removalPolicy: RemovalPolicy.DESTROY, + }); + + new GeofenceCollection(this, 'GeofenceCollection', { + geofenceCollectionName: 'MyGeofenceCollection', + description: 'test', + kmsKey, + }); + } +} + +const app = new App(); + +new integ.IntegTest(app, 'GeofenceCollectionTest', { + testCases: [new TestStack(app, 'cdk-integ-location-geofence-collection')], +}); From 7803e066b1e9b47112433a0596139a5ed63faf34 Mon Sep 17 00:00:00 2001 From: "Kenta Goto (k.goto)" <24818752+go-to-k@users.noreply.github.com> Date: Fri, 30 Aug 2024 03:34:08 +0900 Subject: [PATCH 3/3] chore(cloudfront): add validation for length of comment in cache policy (#31251) ### Issue # (if applicable) Closes #31248 . ### Reason for this change CDK doesn't validate the comment's length in the cache policy now. ### Description of changes Add validation for the length. ### Description of how you validated changes unit tests. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- packages/aws-cdk-lib/aws-cloudfront/lib/cache-policy.ts | 7 +++++++ .../aws-cdk-lib/aws-cloudfront/test/cache-policy.test.ts | 5 +++++ 2 files changed, 12 insertions(+) diff --git a/packages/aws-cdk-lib/aws-cloudfront/lib/cache-policy.ts b/packages/aws-cdk-lib/aws-cloudfront/lib/cache-policy.ts index ab123d9949f54..c9e1e94af0a00 100644 --- a/packages/aws-cdk-lib/aws-cloudfront/lib/cache-policy.ts +++ b/packages/aws-cdk-lib/aws-cloudfront/lib/cache-policy.ts @@ -26,6 +26,9 @@ export interface CachePolicyProps { /** * A comment to describe the cache policy. + * + * The comment cannot be longer than 128 characters. + * * @default - no comment */ readonly comment?: string; @@ -149,6 +152,10 @@ export class CachePolicy extends Resource implements ICachePolicy { throw new Error(`'cachePolicyName' cannot be longer than 128 characters, got: '${cachePolicyName.length}'`); } + if (props.comment && !Token.isUnresolved(props.comment) && props.comment.length > 128) { + throw new Error(`'comment' cannot be longer than 128 characters, got: ${props.comment.length}`); + } + const minTtl = (props.minTtl ?? Duration.seconds(0)).toSeconds(); let defaultTtl = (props.defaultTtl ?? Duration.days(1)).toSeconds(); let maxTtl = (props.maxTtl ?? Duration.days(365)).toSeconds(); diff --git a/packages/aws-cdk-lib/aws-cloudfront/test/cache-policy.test.ts b/packages/aws-cdk-lib/aws-cloudfront/test/cache-policy.test.ts index bd30650bc0ea5..44bfd52d19c84 100644 --- a/packages/aws-cdk-lib/aws-cloudfront/test/cache-policy.test.ts +++ b/packages/aws-cdk-lib/aws-cloudfront/test/cache-policy.test.ts @@ -108,6 +108,11 @@ describe('CachePolicy', () => { })).not.toThrow(); }); + test('throws on long comment over 128 characters', () => { + const errorMessage = /'comment' cannot be longer than 128 characters, got: 129/; + expect(() => new CachePolicy(stack, 'CachePolicy1', { comment: 'a'.repeat(129) })).toThrow(errorMessage); + }); + describe('TTLs', () => { test('default TTLs', () => { new CachePolicy(stack, 'CachePolicy', { cachePolicyName: 'MyPolicy' });