chore(release): 1.159.0 (#20597)

See [CHANGELOG](https://github.com/aws/aws-cdk/blob/bump/1.159.0/CHANGELOG.md)
aws · Jun 2, 2022 · ba91ca4 · ba91ca4
2 parents ab28878 + 9465789
commit ba91ca4
Show file tree

Hide file tree

Showing 328 changed files with 3,862 additions and 675 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,6 +2,37 @@
 
 All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
 
+## [1.159.0](https://github.com/aws/aws-cdk/compare/v1.158.0...v1.159.0) (2022-06-02)
+
+
+### ⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES
+
+* **core:** so this PR attempts to smooth a rough edge by "locking"
+the `logicalId` when `exportValue` is called. If the user attempts to
+override the id _after_ that point, an error message will be thrown
+
+### Features
+
+* **cfnspec:** cloudformation spec v73.1.0 ([#20587](https://github.com/aws/aws-cdk/issues/20587)) ([419fdae](https://github.com/aws/aws-cdk/commit/419fdaec2770de1d21c0340f294ad72155d991ce))
+* **cognito:** OpenID Connect identity provider ([#20241](https://github.com/aws/aws-cdk/issues/20241)) ([33acc7c](https://github.com/aws/aws-cdk/commit/33acc7cc03c4a6700c05e840393ef90e5d8f68dc))
+* **integ-runner:** publish integ-runner cli ([#20477](https://github.com/aws/aws-cdk/issues/20477)) ([7779531](https://github.com/aws/aws-cdk/commit/777953106ac550b058fdaa3ccde25b62be07defa))
+* **lambda:** add insights version 1.0.135.0 ([#19588](https://github.com/aws/aws-cdk/issues/19588)) ([68761dc](https://github.com/aws/aws-cdk/commit/68761dc3ceadbe77e241fb85544e48544149568a)), closes [/docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/Lambda-Insights-extension-versionsx86-64.html#Lambda-Insights-extension-1](https://github.com/aws//docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/Lambda-Insights-extension-versionsx86-64.html/issues/Lambda-Insights-extension-1) [/docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/Lambda-Insights-extension-versionsARM.html#Lambda-Insights-extension-ARM-1](https://github.com/aws//docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/Lambda-Insights-extension-versionsARM.html/issues/Lambda-Insights-extension-ARM-1)
+* **s3:** adds objectSizeLessThan property for s3 lifecycle rule ([#20429](https://github.com/aws/aws-cdk/issues/20429)) ([2bf30df](https://github.com/aws/aws-cdk/commit/2bf30df223cc5bb43c2fcfaaf32669a8438ad19a)), closes [#20425](https://github.com/aws/aws-cdk/issues/20425) [#20372](https://github.com/aws/aws-cdk/issues/20372)
+
+
+### Bug Fixes
+
+* **core:** logicalId is consumed prior to being overridden ([#20560](https://github.com/aws/aws-cdk/issues/20560)) ([e44c2c4](https://github.com/aws/aws-cdk/commit/e44c2c436d41a9993714d7e9ff5a9ed95b5677f1)), closes [#14335](https://github.com/aws/aws-cdk/issues/14335)
+* **ecr-assets:** cannot build ARM images using modern stack synthesis ([#20563](https://github.com/aws/aws-cdk/issues/20563)) ([9a23575](https://github.com/aws/aws-cdk/commit/9a23575f4590a170caf79f4141c16adf431e7c40)), closes [#20439](https://github.com/aws/aws-cdk/issues/20439)
+* **ecs:** canContainersAccessInstanceRole is ignored when passed in AsgCapacityProvider constructor ([#20522](https://github.com/aws/aws-cdk/issues/20522)) ([dacefd6](https://github.com/aws/aws-cdk/commit/dacefd6c4770f06390f853fdf4703d8662beb3f5)), closes [#20293](https://github.com/aws/aws-cdk/issues/20293) [#20293](https://github.com/aws/aws-cdk/issues/20293)
+* **ecs:** fix typo from fromServiceAtrributes to fromServiceAttributes ([#20456](https://github.com/aws/aws-cdk/issues/20456)) ([f4439ce](https://github.com/aws/aws-cdk/commit/f4439ceda079dd762ec30c6f4a893d6bcd7ed100)), closes [#20458](https://github.com/aws/aws-cdk/issues/20458)
+* **events-targets:** EventBus IAM statements are only added for the first target ([#20479](https://github.com/aws/aws-cdk/issues/20479)) ([74318c7](https://github.com/aws/aws-cdk/commit/74318c7d22bfc00de9e005f68a0a6aaa58c7db39)), closes [#19407](https://github.com/aws/aws-cdk/issues/19407)
+* **iam:** referencing the same immutable role twice makes it mutable ([#20497](https://github.com/aws/aws-cdk/issues/20497)) ([264c02e](https://github.com/aws/aws-cdk/commit/264c02e6014552cd73f38acef0df2205811d6c86)), closes [#7255](https://github.com/aws/aws-cdk/issues/7255)
+* **integ-runner:** catch snapshot errors, treat `--from-file` as command-line ([#20523](https://github.com/aws/aws-cdk/issues/20523)) ([cedfde8](https://github.com/aws/aws-cdk/commit/cedfde8cb07eb879ee384bda93bba813ede91699))
+* **integ-runner:** don't throw error if tests pass ([#20511](https://github.com/aws/aws-cdk/issues/20511)) ([c274c2f](https://github.com/aws/aws-cdk/commit/c274c2f983de2dfd20ed2886a3c50f7fd3f6b3f4)), closes [#20384](https://github.com/aws/aws-cdk/issues/20384)
+* **lambda:** function version ignores layer version changes ([#20150](https://github.com/aws/aws-cdk/issues/20150)) ([f19ecef](https://github.com/aws/aws-cdk/commit/f19ecefcdde712dfd951106bec3b1f850b66f2a8)), closes [#19098](https://github.com/aws/aws-cdk/issues/19098)
+* Default username in RoleSessionName ([#20188](https://github.com/aws/aws-cdk/issues/20188)) ([b7bc10c](https://github.com/aws/aws-cdk/commit/b7bc10cc7a734fe3b4a9194dffbc017f2fe3ef43)), closes [#19401](https://github.com/aws/aws-cdk/issues/19401) [#7937](https://github.com/aws/aws-cdk/issues/7937) [#19401](https://github.com/aws/aws-cdk/issues/19401)
+
 ## [1.158.0](https://github.com/aws/aws-cdk/compare/v1.157.0...v1.158.0) (2022-05-27)
 
 

diff --git a/packages/@aws-cdk/aws-cloudfront/test/distribution-lambda.integ.snapshot/cdk.out b/packages/@aws-cdk/aws-cloudfront/test/distribution-lambda.integ.snapshot/cdk.out
@@ -1 +1 @@
-{"version":"17.0.0"}
+{"version":"20.0.0"}
diff --git a/...loudfront/test/distribution-lambda.integ.snapshot/integ-distribution-lambda.template.json b/...loudfront/test/distribution-lambda.integ.snapshot/integ-distribution-lambda.template.json
@@ -53,7 +53,7 @@
     "LambdaServiceRoleA8ED4D3B"
    ]
   },
-  "LambdaCurrentVersionDF706F6A9a632a294ae3a9cd4d550f1c4e26619d": {
+  "LambdaCurrentVersionDF706F6A1ee13d0fa54e9f5621e8c7b616fc53fc": {
    "Type": "AWS::Lambda::Version",
    "Properties": {
     "FunctionName": {
@@ -72,7 +72,7 @@
        {
         "EventType": "origin-request",
         "LambdaFunctionARN": {
-         "Ref": "LambdaCurrentVersionDF706F6A9a632a294ae3a9cd4d550f1c4e26619d"
+         "Ref": "LambdaCurrentVersionDF706F6A1ee13d0fa54e9f5621e8c7b616fc53fc"
         }
        }
       ],

diff --git a/packages/@aws-cdk/aws-cloudfront/test/distribution-lambda.integ.snapshot/integ.json b/packages/@aws-cdk/aws-cloudfront/test/distribution-lambda.integ.snapshot/integ.json
@@ -1,7 +1,7 @@
 {
-  "version": "18.0.0",
+  "version": "20.0.0",
   "testCases": {
-    "aws-cloudfront/test/integ.distribution-lambda": {
+    "integ.distribution-lambda": {
       "stacks": [
         "integ-distribution-lambda"
       ],

diff --git a/packages/@aws-cdk/aws-cloudfront/test/distribution-lambda.integ.snapshot/manifest.json b/packages/@aws-cdk/aws-cloudfront/test/distribution-lambda.integ.snapshot/manifest.json
@@ -1,5 +1,5 @@
 {
-  "version": "17.0.0",
+  "version": "20.0.0",
   "artifacts": {
     "Tree": {
       "type": "cdk:tree",
@@ -30,14 +30,23 @@
         "/integ-distribution-lambda/Lambda/CurrentVersion/Resource": [
           {
             "type": "aws:cdk:logicalId",
-            "data": "LambdaCurrentVersionDF706F6A9a632a294ae3a9cd4d550f1c4e26619d"
+            "data": "LambdaCurrentVersionDF706F6A1ee13d0fa54e9f5621e8c7b616fc53fc"
           }
         ],
         "/integ-distribution-lambda/Dist/Resource": [
           {
             "type": "aws:cdk:logicalId",
             "data": "DistB3B78991"
           }
+        ],
+        "LambdaCurrentVersionDF706F6A9a632a294ae3a9cd4d550f1c4e26619d": [
+          {
+            "type": "aws:cdk:logicalId",
+            "data": "LambdaCurrentVersionDF706F6A9a632a294ae3a9cd4d550f1c4e26619d",
+            "trace": [
+              "!!DESTRUCTIVE_CHANGES: WILL_DESTROY"
+            ]
+          }
         ]
       },
       "displayName": "integ-distribution-lambda"

diff --git a/packages/@aws-cdk/aws-cloudfront/test/distribution-lambda.integ.snapshot/tree.json b/packages/@aws-cdk/aws-cloudfront/test/distribution-lambda.integ.snapshot/tree.json
@@ -166,7 +166,7 @@
                         "lambdaFunctionAssociations": [
                           {
                             "lambdaFunctionArn": {
-                              "Ref": "LambdaCurrentVersionDF706F6A9a632a294ae3a9cd4d550f1c4e26619d"
+                              "Ref": "LambdaCurrentVersionDF706F6A1ee13d0fa54e9f5621e8c7b616fc53fc"
                             },
                             "eventType": "origin-request"
                           }

diff --git a/...eploy/test/lambda/deployment-group.integ.snapshot/aws-cdk-codedeploy-lambda.template.json b/...eploy/test/lambda/deployment-group.integ.snapshot/aws-cdk-codedeploy-lambda.template.json
@@ -85,7 +85,7 @@
     "HandlerServiceRoleFCDC14AE"
    ]
   },
-  "HandlerCurrentVersion93FB80BFb2a9ce598bf2730613c07e406cddb6b6": {
+  "HandlerCurrentVersion93FB80BFf2e6129c63154d1f37c0092df295ab51": {
    "Type": "AWS::Lambda::Version",
    "Properties": {
     "FunctionName": {
@@ -101,7 +101,7 @@
     },
     "FunctionVersion": {
      "Fn::GetAtt": [
-      "HandlerCurrentVersion93FB80BFb2a9ce598bf2730613c07e406cddb6b6",
+      "HandlerCurrentVersion93FB80BFf2e6129c63154d1f37c0092df295ab51",
       "Version"
      ]
     },

diff --git a/packages/@aws-cdk/aws-codedeploy/test/lambda/deployment-group.integ.snapshot/cdk.out b/packages/@aws-cdk/aws-codedeploy/test/lambda/deployment-group.integ.snapshot/cdk.out
@@ -1 +1 @@
-{"version":"17.0.0"}
+{"version":"20.0.0"}
diff --git a/packages/@aws-cdk/aws-codedeploy/test/lambda/deployment-group.integ.snapshot/integ.json b/packages/@aws-cdk/aws-codedeploy/test/lambda/deployment-group.integ.snapshot/integ.json
@@ -1,7 +1,7 @@
 {
-  "version": "18.0.0",
+  "version": "20.0.0",
   "testCases": {
-    "aws-codedeploy/test/lambda/integ.deployment-group": {
+    "lambda/integ.deployment-group": {
       "stacks": [
         "aws-cdk-codedeploy-lambda"
       ],

diff --git a/packages/@aws-cdk/aws-codedeploy/test/lambda/deployment-group.integ.snapshot/manifest.json b/packages/@aws-cdk/aws-codedeploy/test/lambda/deployment-group.integ.snapshot/manifest.json
@@ -1,5 +1,5 @@
 {
-  "version": "17.0.0",
+  "version": "20.0.0",
   "artifacts": {
     "Tree": {
       "type": "cdk:tree",
@@ -68,7 +68,7 @@
         "/aws-cdk-codedeploy-lambda/Handler/CurrentVersion/Resource": [
           {
             "type": "aws:cdk:logicalId",
-            "data": "HandlerCurrentVersion93FB80BFb2a9ce598bf2730613c07e406cddb6b6"
+            "data": "HandlerCurrentVersion93FB80BFf2e6129c63154d1f37c0092df295ab51"
           }
         ],
         "/aws-cdk-codedeploy-lambda/AssetParameters/edb7466707eb899fbaee22c1e67f9443e9edcc2eeda0b58d8448f7c4157746b3/S3Bucket": [
@@ -202,6 +202,15 @@
             "type": "aws:cdk:logicalId",
             "data": "ServiceprincipalMap"
           }
+        ],
+        "HandlerCurrentVersion93FB80BFb2a9ce598bf2730613c07e406cddb6b6": [
+          {
+            "type": "aws:cdk:logicalId",
+            "data": "HandlerCurrentVersion93FB80BFb2a9ce598bf2730613c07e406cddb6b6",
+            "trace": [
+              "!!DESTRUCTIVE_CHANGES: WILL_DESTROY"
+            ]
+          }
         ]
       },
       "displayName": "aws-cdk-codedeploy-lambda"

diff --git a/packages/@aws-cdk/aws-codedeploy/test/lambda/deployment-group.integ.snapshot/tree.json b/packages/@aws-cdk/aws-codedeploy/test/lambda/deployment-group.integ.snapshot/tree.json
@@ -313,7 +313,7 @@
                     },
                     "functionVersion": {
                       "Fn::GetAtt": [
-                        "HandlerCurrentVersion93FB80BFb2a9ce598bf2730613c07e406cddb6b6",
+                        "HandlerCurrentVersion93FB80BFf2e6129c63154d1f37c0092df295ab51",
                         "Version"
                       ]
                     },

diff --git a/packages/@aws-cdk/aws-cognito/README.md b/packages/@aws-cdk/aws-cognito/README.md
@@ -503,6 +503,7 @@ The following third-party identity providers are currently supported in the CDK
 - [Facebook Login](https://developers.facebook.com/docs/facebook-login/)
 - [Google Login](https://developers.google.com/identity/sign-in/web/sign-in)
 - [Sign In With Apple](https://developer.apple.com/sign-in-with-apple/get-started/)
+- [OpenID Connect](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-oidc-idp.html)
 
 The following code configures a user pool to federate with the third party provider, 'Login with Amazon'. The identity
 provider needs to be configured with a set of credentials that the Cognito backend can use to federate with the

diff --git a/packages/@aws-cdk/aws-cognito/lib/user-pool-idps/index.ts b/packages/@aws-cdk/aws-cognito/lib/user-pool-idps/index.ts
@@ -2,4 +2,5 @@ export * from './base';
 export * from './apple';
 export * from './amazon';
 export * from './facebook';
-export * from './google';
+export * from './google';
+export * from './oidc';
diff --git a/packages/@aws-cdk/aws-cognito/lib/user-pool-idps/oidc.ts b/packages/@aws-cdk/aws-cognito/lib/user-pool-idps/oidc.ts
@@ -0,0 +1,157 @@
+import { Names, Token } from '@aws-cdk/core';
+import { Construct } from 'constructs';
+import { CfnUserPoolIdentityProvider } from '../cognito.generated';
+import { UserPoolIdentityProviderProps } from './base';
+import { UserPoolIdentityProviderBase } from './private/user-pool-idp-base';
+
+/**
+ * Properties to initialize UserPoolIdentityProviderOidc
+ */
+export interface UserPoolIdentityProviderOidcProps extends UserPoolIdentityProviderProps {
+  /**
+   * The client id
+   */
+  readonly clientId: string;
+
+  /**
+   * The client secret
+   */
+  readonly clientSecret: string;
+
+  /**
+   * Issuer URL
+   */
+  readonly issuerUrl: string;
+
+  /**
+   * The name of the provider
+   *
+   * @default - the unique ID of the construct
+   */
+  readonly name?: string;
+
+  /**
+   * The OAuth 2.0 scopes that you will request from OpenID Connect. Scopes are
+   * groups of OpenID Connect user attributes to exchange with your app.
+   *
+   * @default ['openid']
+   */
+  readonly scopes?: string[];
+
+  /**
+   * Identifiers
+   *
+   * Identifiers can be used to redirect users to the correct IdP in multitenant apps.
+   *
+   * @default - no identifiers used
+   */
+  readonly identifiers?: string[]
+
+  /**
+   * The method to use to request attributes
+   *
+   * @default OidcAttributeRequestMethod.GET
+   */
+  readonly attributeRequestMethod?: OidcAttributeRequestMethod
+
+  /**
+   * OpenID connect endpoints
+   *
+   * @default - auto discovered with issuer URL
+   */
+  readonly endpoints?: OidcEndpoints;
+}
+
+/**
+ * OpenID Connect endpoints
+ */
+export interface OidcEndpoints {
+  /**
+   * Authorization endpoint
+   */
+  readonly authorization: string;
+
+  /**
+    * Token endpoint
+    */
+  readonly token: string;
+
+  /**
+    * UserInfo endpoint
+    */
+  readonly userInfo: string;
+
+  /**
+    * Jwks_uri endpoint
+   */
+  readonly jwksUri: string;
+}
+
+/**
+ * The method to use to request attributes
+ */
+export enum OidcAttributeRequestMethod {
+  /** GET */
+  GET = 'GET',
+  /** POST */
+  POST = 'POST'
+}
+
+/**
+ * Represents a identity provider that integrates with OpenID Connect
+ * @resource AWS::Cognito::UserPoolIdentityProvider
+ */
+export class UserPoolIdentityProviderOidc extends UserPoolIdentityProviderBase {
+  public readonly providerName: string;
+
+  constructor(scope: Construct, id: string, props: UserPoolIdentityProviderOidcProps) {
+    super(scope, id, props);
+
+    if (props.name && !Token.isUnresolved(props.name) && (props.name.length < 3 || props.name.length > 32)) {
+      throw new Error(`Expected provider name to be between 3 and 32 characters, received ${props.name} (${props.name.length} characters)`);
+    }
+
+    const scopes = props.scopes ?? ['openid'];
+
+    const resource = new CfnUserPoolIdentityProvider(this, 'Resource', {
+      userPoolId: props.userPool.userPoolId,
+      providerName: this.getProviderName(props.name),
+      providerType: 'OIDC',
+      providerDetails: {
+        client_id: props.clientId,
+        client_secret: props.clientSecret,
+        authorize_scopes: scopes.join(' '),
+        attributes_request_method: props.attributeRequestMethod ?? OidcAttributeRequestMethod.GET,
+        oidc_issuer: props.issuerUrl,
+        authorize_url: props.endpoints?.authorization,
+        token_url: props.endpoints?.token,
+        attributes_url: props.endpoints?.userInfo,
+        jwks_uri: props.endpoints?.jwksUri,
+      },
+      idpIdentifiers: props.identifiers,
+      attributeMapping: super.configureAttributeMapping(),
+    });
+
+    this.providerName = super.getResourceNameAttribute(resource.ref);
+  }
+
+  private getProviderName(name?: string): string {
+    if (name) {
+      if (!Token.isUnresolved(name) && (name.length < 3 || name.length > 32)) {
+        throw new Error(`Expected provider name to be between 3 and 32 characters, received ${name} (${name.length} characters)`);
+      }
+      return name;
+    }
+
+    const uniqueId = Names.uniqueId(this);
+
+    if (uniqueId.length < 3) {
+      return `${uniqueId}oidc`;
+    }
+
+    if (uniqueId.length > 32) {
+      return uniqueId.substring(0, 16) + uniqueId.substring(uniqueId.length - 16);
+    }
+    return uniqueId;
+  }
+}
diff --git a/packages/@aws-cdk/aws-cognito/package.json b/packages/@aws-cdk/aws-cognito/package.json
@@ -122,7 +122,8 @@
       "props-physical-name:@aws-cdk/aws-cognito.UserPoolIdentityProviderFacebookProps",
       "props-physical-name:@aws-cdk/aws-cognito.UserPoolIdentityProviderAmazonProps",
       "props-physical-name:@aws-cdk/aws-cognito.UserPoolIdentityProviderGoogleProps",
-      "props-physical-name:@aws-cdk/aws-cognito.UserPoolIdentityProviderAppleProps"
+      "props-physical-name:@aws-cdk/aws-cognito.UserPoolIdentityProviderAppleProps",
+      "props-physical-name:@aws-cdk/aws-cognito.UserPoolIdentityProviderOidcProps"
     ]
   },
   "stability": "stable",