From e86608f86213442147dbe1e50848b07ae8288c84 Mon Sep 17 00:00:00 2001 From: yoshizawa56 Date: Tue, 22 Mar 2022 17:17:07 +0900 Subject: [PATCH 1/7] feat(batch): add secrets props to job definition --- .../@aws-cdk/aws-batch/lib/job-definition.ts | 23 ++++++ .../aws-batch/test/integ.batch.expected.json | 64 ++++++++++++++-- .../@aws-cdk/aws-batch/test/integ.batch.ts | 5 ++ .../aws-batch/test/job-definition.test.ts | 74 ++++++++++++++++++- 4 files changed, 157 insertions(+), 9 deletions(-) diff --git a/packages/@aws-cdk/aws-batch/lib/job-definition.ts b/packages/@aws-cdk/aws-batch/lib/job-definition.ts index 025dea4516252..99c28fa03d5c6 100644 --- a/packages/@aws-cdk/aws-batch/lib/job-definition.ts +++ b/packages/@aws-cdk/aws-batch/lib/job-definition.ts @@ -112,6 +112,13 @@ export interface JobDefinitionContainer { */ readonly environment?: { [key: string]: string }; + /** + * The environment variables from secrets manager or ssm parameter store + * + * @default none + */ + readonly secrets?: { [key: string]: ecs.Secret }; + /** * The image used to start a container. */ @@ -453,6 +460,14 @@ export class JobDefinition extends Resource implements IJobDefinition { platformCapabilities: props.platformCapabilities ?? [PlatformCapabilities.EC2], }); + // add read secrets permission to execution role + if ( props.container.secrets && props.container.executionRole ) { + const executionRole = props.container.executionRole; + Object.values(props.container.secrets).forEach((secret) => { + secret.grantRead(executionRole); + }); + } + this.jobDefinitionArn = this.getResourceArnAttribute(jobDef.ref, { service: 'batch', resource: 'job-definition', @@ -507,6 +522,14 @@ export class JobDefinition extends Resource implements IJobDefinition { return { command: container.command, environment: this.deserializeEnvVariables(container.environment), + secrets: container.secrets + ? Object.entries(container.secrets).map(([key, value]) => { + return { + name: key, + valueFrom: value.arn, + }; + }) + : undefined, image: this.imageConfig.imageName, instanceType: container.instanceType && container.instanceType.toString(), jobRoleArn: container.jobRole && container.jobRole.roleArn, diff --git a/packages/@aws-cdk/aws-batch/test/integ.batch.expected.json b/packages/@aws-cdk/aws-batch/test/integ.batch.expected.json index 299b04e3f66db..bd30c49981c5e 100644 --- a/packages/@aws-cdk/aws-batch/test/integ.batch.expected.json +++ b/packages/@aws-cdk/aws-batch/test/integ.batch.expected.json @@ -18,11 +18,11 @@ "vpcPublicSubnet1Subnet2E65531E": { "Type": "AWS::EC2::Subnet", "Properties": { - "CidrBlock": "10.0.0.0/19", "VpcId": { "Ref": "vpcA2121C38" }, "AvailabilityZone": "test-region-1a", + "CidrBlock": "10.0.0.0/19", "MapPublicIpOnLaunch": true, "Tags": [ { @@ -115,11 +115,11 @@ "vpcPublicSubnet2Subnet009B674F": { "Type": "AWS::EC2::Subnet", "Properties": { - "CidrBlock": "10.0.32.0/19", "VpcId": { "Ref": "vpcA2121C38" }, "AvailabilityZone": "test-region-1b", + "CidrBlock": "10.0.32.0/19", "MapPublicIpOnLaunch": true, "Tags": [ { @@ -212,11 +212,11 @@ "vpcPublicSubnet3Subnet11B92D7C": { "Type": "AWS::EC2::Subnet", "Properties": { - "CidrBlock": "10.0.64.0/19", "VpcId": { "Ref": "vpcA2121C38" }, "AvailabilityZone": "test-region-1c", + "CidrBlock": "10.0.64.0/19", "MapPublicIpOnLaunch": true, "Tags": [ { @@ -309,11 +309,11 @@ "vpcPrivateSubnet1Subnet934893E8": { "Type": "AWS::EC2::Subnet", "Properties": { - "CidrBlock": "10.0.96.0/19", "VpcId": { "Ref": "vpcA2121C38" }, "AvailabilityZone": "test-region-1a", + "CidrBlock": "10.0.96.0/19", "MapPublicIpOnLaunch": false, "Tags": [ { @@ -371,11 +371,11 @@ "vpcPrivateSubnet2Subnet7031C2BA": { "Type": "AWS::EC2::Subnet", "Properties": { - "CidrBlock": "10.0.128.0/19", "VpcId": { "Ref": "vpcA2121C38" }, "AvailabilityZone": "test-region-1b", + "CidrBlock": "10.0.128.0/19", "MapPublicIpOnLaunch": false, "Tags": [ { @@ -433,11 +433,11 @@ "vpcPrivateSubnet3Subnet985AC459": { "Type": "AWS::EC2::Subnet", "Properties": { - "CidrBlock": "10.0.160.0/19", "VpcId": { "Ref": "vpcA2121C38" }, "AvailabilityZone": "test-region-1c", + "CidrBlock": "10.0.160.0/19", "MapPublicIpOnLaunch": false, "Tags": [ { @@ -1673,6 +1673,14 @@ "UpdateReplacePolicy": "Retain", "DeletionPolicy": "Retain" }, + "batchsecret7CD5E4C6": { + "Type": "AWS::SecretsManager::Secret", + "Properties": { + "GenerateSecretString": {} + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, "batchjobdeffromecrE0E30DAD": { "Type": "AWS::Batch::JobDefinition", "Properties": { @@ -1758,8 +1766,14 @@ "Privileged": false, "ReadonlyRootFilesystem": false, "ResourceRequirements": [ - { "Type": "VCPU", "Value": "1" }, - { "Type": "MEMORY", "Value": "4" } + { + "Type": "VCPU", + "Value": "1" + }, + { + "Type": "MEMORY", + "Value": "4" + } ] }, "PlatformCapabilities": [ @@ -1788,6 +1802,32 @@ } } }, + "executionroleDefaultPolicy497F11A3": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "secretsmanager:DescribeSecret", + "secretsmanager:GetSecretValue" + ], + "Effect": "Allow", + "Resource": { + "Ref": "batchsecret7CD5E4C6" + } + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "executionroleDefaultPolicy497F11A3", + "Roles": [ + { + "Ref": "executionroleD9A39BE6" + } + ] + } + }, "batchjobdeffargate7FE30059": { "Type": "AWS::Batch::JobDefinition", "Properties": { @@ -1811,6 +1851,14 @@ "Type": "MEMORY", "Value": "512" } + ], + "Secrets": [ + { + "Name": "SECRET", + "ValueFrom": { + "Ref": "batchsecret7CD5E4C6" + } + } ] }, "PlatformCapabilities": [ diff --git a/packages/@aws-cdk/aws-batch/test/integ.batch.ts b/packages/@aws-cdk/aws-batch/test/integ.batch.ts index 4430cda4a7bf3..6de9a121b9b6d 100644 --- a/packages/@aws-cdk/aws-batch/test/integ.batch.ts +++ b/packages/@aws-cdk/aws-batch/test/integ.batch.ts @@ -2,6 +2,7 @@ import * as ec2 from '@aws-cdk/aws-ec2'; import * as ecr from '@aws-cdk/aws-ecr'; import * as ecs from '@aws-cdk/aws-ecs'; import * as iam from '@aws-cdk/aws-iam'; +import * as secretsmanager from '@aws-cdk/aws-secretsmanager'; import * as cdk from '@aws-cdk/core'; import * as batch from '../lib/'; @@ -93,6 +94,7 @@ new batch.JobQueue(stack, 'batch-job-fargate-queue', { }); const repo = new ecr.Repository(stack, 'batch-job-repo'); +const secret = new secretsmanager.Secret(stack, 'batch-secret'); new batch.JobDefinition(stack, 'batch-job-def-from-ecr', { container: { @@ -115,5 +117,8 @@ new batch.JobDefinition(stack, 'batch-job-def-fargate', { container: { image: ecs.ContainerImage.fromRegistry('docker/whalesay'), executionRole, + secrets: { + SECRET: ecs.Secret.fromSecretsManager(secret), + }, }, }); diff --git a/packages/@aws-cdk/aws-batch/test/job-definition.test.ts b/packages/@aws-cdk/aws-batch/test/job-definition.test.ts index 13926b6b80788..addaa5447f6ec 100644 --- a/packages/@aws-cdk/aws-batch/test/job-definition.test.ts +++ b/packages/@aws-cdk/aws-batch/test/job-definition.test.ts @@ -1,5 +1,5 @@ import { throws } from 'assert'; -import { Template } from '@aws-cdk/assertions'; +import { Match, Template } from '@aws-cdk/assertions'; import * as ec2 from '@aws-cdk/aws-ec2'; import * as ecr from '@aws-cdk/aws-ecr'; import * as ecs from '@aws-cdk/aws-ecs'; @@ -31,6 +31,12 @@ describe('Batch Job Definition', () => { options: { 'awslogs-region': 'us-east-1' }, }; + const secret = new secretsmanager.Secret(stack, 'test-secret'); + const parameter = ssm.StringParameter.fromSecureStringParameterAttributes(stack, 'test-parameter', { + parameterName: '/name', + version: 1, + }); + jobDefProps = { jobDefinitionName: 'test-job', container: { @@ -38,6 +44,10 @@ describe('Batch Job Definition', () => { environment: { foo: 'bar', }, + secrets: { + SECRET: ecs.Secret.fromSecretsManager(secret), + PARAMETER: ecs.Secret.fromSsmParameter(parameter), + }, jobRole: role, gpuCount: 1, image: ecs.EcrImage.fromRegistry('docker/whalesay'), @@ -82,6 +92,37 @@ describe('Batch Job Definition', () => { Value: 'bar', }, ], + Secrets: [ + { + Name: 'SECRET', + ValueFrom: { + Ref: Match.stringLikeRegexp('^testsecret[0-9A-Z]{8}$'), + }, + }, + { + Name: 'PARAMETER', + ValueFrom: { + 'Fn::Join': [ + '', + [ + 'arn:', + { + Ref: 'AWS::Partition', + }, + ':ssm:', + { + Ref: 'AWS::Region', + }, + ':', + { + Ref: 'AWS::AccountId', + }, + ':parameter/name', + ], + ], + }, + }, + ], InstanceType: jobDefProps.container.instanceType ? jobDefProps.container.instanceType.toString() : '', LinuxParameters: {}, LogConfiguration: { @@ -144,6 +185,37 @@ describe('Batch Job Definition', () => { Value: 'bar', }, ], + Secrets: [ + { + Name: 'SECRET', + ValueFrom: { + Ref: Match.stringLikeRegexp('^testsecret[0-9A-Z]{8}$'), + }, + }, + { + Name: 'PARAMETER', + ValueFrom: { + 'Fn::Join': [ + '', + [ + 'arn:', + { + Ref: 'AWS::Partition', + }, + ':ssm:', + { + Ref: 'AWS::Region', + }, + ':', + { + Ref: 'AWS::AccountId', + }, + ':parameter/name', + ], + ], + }, + }, + ], ExecutionRoleArn: { 'Fn::GetAtt': [ 'executionroleD9A39BE6', From 8a37e15f264d562961f3fc5471c475f5851c46be Mon Sep 17 00:00:00 2001 From: yoshizawa56 Date: Wed, 13 Apr 2022 21:50:47 +0900 Subject: [PATCH 2/7] add example --- packages/@aws-cdk/aws-batch/README.md | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/packages/@aws-cdk/aws-batch/README.md b/packages/@aws-cdk/aws-batch/README.md index 67d31ea468b41..73564fb818ae1 100644 --- a/packages/@aws-cdk/aws-batch/README.md +++ b/packages/@aws-cdk/aws-batch/README.md @@ -300,6 +300,26 @@ new batch.JobDefinition(this, 'job-def', { }); ``` +### Using the secret on secrets manager + +You can set the environment variables from secrets manager. + +```ts +import * as secretsmanager from '@aws-cdk/aws-secretsmanager'; +import * from ecs from '@aws-cdk/aws-ecs'; + + const dbSecret = new secretsmanager.Secret(this, 'secret'); + +new batch.JobDefinition(this, 'batch-job-def-secrets', { + container: { + image: ecs.EcrImage.fromRegistry('docker/whalesay'), + secrets: { + PASSWORD: ecs.Secret.fromSecretsManager(dbSecret, 'password'), + } + }, +}); +``` + ### Importing an existing Job Definition #### From ARN From 17ce6c745266d515f193e2cf185ba2d401c9a03f Mon Sep 17 00:00:00 2001 From: yoshizawa56 Date: Wed, 13 Apr 2022 23:01:26 +0900 Subject: [PATCH 3/7] fix typo --- packages/@aws-cdk/aws-batch/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/@aws-cdk/aws-batch/README.md b/packages/@aws-cdk/aws-batch/README.md index 73564fb818ae1..4f5d38873efe7 100644 --- a/packages/@aws-cdk/aws-batch/README.md +++ b/packages/@aws-cdk/aws-batch/README.md @@ -306,7 +306,7 @@ You can set the environment variables from secrets manager. ```ts import * as secretsmanager from '@aws-cdk/aws-secretsmanager'; -import * from ecs from '@aws-cdk/aws-ecs'; +import * as ecs from '@aws-cdk/aws-ecs'; const dbSecret = new secretsmanager.Secret(this, 'secret'); From ff88516ab509718cbd9b71ae94e18492a465924c Mon Sep 17 00:00:00 2001 From: yoshizawa56 Date: Thu, 14 Apr 2022 00:43:54 +0900 Subject: [PATCH 4/7] update snapshot --- .../batch-stack.template.json | 42 ++++++++++ .../test/batch.integ.snapshot/manifest.json | 12 +++ .../test/batch.integ.snapshot/tree.json | 76 +++++++++++++++++++ 3 files changed, 130 insertions(+) diff --git a/packages/@aws-cdk/aws-batch/test/batch.integ.snapshot/batch-stack.template.json b/packages/@aws-cdk/aws-batch/test/batch.integ.snapshot/batch-stack.template.json index c43298685ab28..91df273babfd8 100644 --- a/packages/@aws-cdk/aws-batch/test/batch.integ.snapshot/batch-stack.template.json +++ b/packages/@aws-cdk/aws-batch/test/batch.integ.snapshot/batch-stack.template.json @@ -1370,6 +1370,14 @@ "UpdateReplacePolicy": "Retain", "DeletionPolicy": "Retain" }, + "batchsecret7CD5E4C6": { + "Type": "AWS::SecretsManager::Secret", + "Properties": { + "GenerateSecretString": {} + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, "batchjobdeffromecrE0E30DAD": { "Type": "AWS::Batch::JobDefinition", "Properties": { @@ -1491,6 +1499,32 @@ } } }, + "executionroleDefaultPolicy497F11A3": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "secretsmanager:GetSecretValue", + "secretsmanager:DescribeSecret" + ], + "Effect": "Allow", + "Resource": { + "Ref": "batchsecret7CD5E4C6" + } + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "executionroleDefaultPolicy497F11A3", + "Roles": [ + { + "Ref": "executionroleD9A39BE6" + } + ] + } + }, "batchjobdeffargate7FE30059": { "Type": "AWS::Batch::JobDefinition", "Properties": { @@ -1514,6 +1548,14 @@ "Type": "MEMORY", "Value": "512" } + ], + "Secrets": [ + { + "Name": "SECRET", + "ValueFrom": { + "Ref": "batchsecret7CD5E4C6" + } + } ] }, "PlatformCapabilities": [ diff --git a/packages/@aws-cdk/aws-batch/test/batch.integ.snapshot/manifest.json b/packages/@aws-cdk/aws-batch/test/batch.integ.snapshot/manifest.json index eee67a695fa83..9db2116576a40 100644 --- a/packages/@aws-cdk/aws-batch/test/batch.integ.snapshot/manifest.json +++ b/packages/@aws-cdk/aws-batch/test/batch.integ.snapshot/manifest.json @@ -286,6 +286,12 @@ "data": "batchjobrepo4C508C51" } ], + "/batch-stack/batch-secret/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "batchsecret7CD5E4C6" + } + ], "/batch-stack/batch-job-def-from-ecr/Resource": [ { "type": "aws:cdk:logicalId", @@ -304,6 +310,12 @@ "data": "executionroleD9A39BE6" } ], + "/batch-stack/execution-role/DefaultPolicy/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "executionroleDefaultPolicy497F11A3" + } + ], "/batch-stack/batch-job-def-fargate/Resource": [ { "type": "aws:cdk:logicalId", diff --git a/packages/@aws-cdk/aws-batch/test/batch.integ.snapshot/tree.json b/packages/@aws-cdk/aws-batch/test/batch.integ.snapshot/tree.json index cfa97b7f8424b..de3d0a7ce25b9 100644 --- a/packages/@aws-cdk/aws-batch/test/batch.integ.snapshot/tree.json +++ b/packages/@aws-cdk/aws-batch/test/batch.integ.snapshot/tree.json @@ -1618,6 +1618,30 @@ "version": "0.0.0" } }, + "batch-secret": { + "id": "batch-secret", + "path": "batch-stack/batch-secret", + "children": { + "Resource": { + "id": "Resource", + "path": "batch-stack/batch-secret/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::SecretsManager::Secret", + "aws:cdk:cloudformation:props": { + "generateSecretString": {} + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-secretsmanager.CfnSecret", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-secretsmanager.Secret", + "version": "0.0.0" + } + }, "batch-job-def-from-ecr": { "id": "batch-job-def-from-ecr", "path": "batch-stack/batch-job-def-from-ecr", @@ -1818,6 +1842,50 @@ "fqn": "@aws-cdk/aws-iam.CfnRole", "version": "0.0.0" } + }, + "DefaultPolicy": { + "id": "DefaultPolicy", + "path": "batch-stack/execution-role/DefaultPolicy", + "children": { + "Resource": { + "id": "Resource", + "path": "batch-stack/execution-role/DefaultPolicy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Policy", + "aws:cdk:cloudformation:props": { + "policyDocument": { + "Statement": [ + { + "Action": [ + "secretsmanager:GetSecretValue", + "secretsmanager:DescribeSecret" + ], + "Effect": "Allow", + "Resource": { + "Ref": "batchsecret7CD5E4C6" + } + } + ], + "Version": "2012-10-17" + }, + "policyName": "executionroleDefaultPolicy497F11A3", + "roles": [ + { + "Ref": "executionroleD9A39BE6" + } + ] + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-iam.CfnPolicy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-iam.Policy", + "version": "0.0.0" + } } }, "constructInfo": { @@ -1853,6 +1921,14 @@ "aws:cdk:cloudformation:props": { "type": "container", "containerProperties": { + "secrets": [ + { + "name": "SECRET", + "valueFrom": { + "Ref": "batchsecret7CD5E4C6" + } + } + ], "image": "docker/whalesay", "executionRoleArn": { "Fn::GetAtt": [ From b2e5990321a31b76c8a122f292a34fd916346dfd Mon Sep 17 00:00:00 2001 From: yoshizawa56 Date: Thu, 14 Apr 2022 08:26:39 +0900 Subject: [PATCH 5/7] remove import from sample code --- packages/@aws-cdk/aws-batch/README.md | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/packages/@aws-cdk/aws-batch/README.md b/packages/@aws-cdk/aws-batch/README.md index 4f5d38873efe7..34e1fdf2eb889 100644 --- a/packages/@aws-cdk/aws-batch/README.md +++ b/packages/@aws-cdk/aws-batch/README.md @@ -305,10 +305,7 @@ new batch.JobDefinition(this, 'job-def', { You can set the environment variables from secrets manager. ```ts -import * as secretsmanager from '@aws-cdk/aws-secretsmanager'; -import * as ecs from '@aws-cdk/aws-ecs'; - - const dbSecret = new secretsmanager.Secret(this, 'secret'); +const dbSecret = new secretsmanager.Secret(this, 'secret'); new batch.JobDefinition(this, 'batch-job-def-secrets', { container: { From 8ff2a169c3cf019f4787110bee22daa301039be6 Mon Sep 17 00:00:00 2001 From: yoshizawa56 Date: Thu, 14 Apr 2022 09:13:53 +0900 Subject: [PATCH 6/7] add secretsmanager import --- packages/@aws-cdk/aws-batch/rosetta/default.ts-fixture | 1 + 1 file changed, 1 insertion(+) diff --git a/packages/@aws-cdk/aws-batch/rosetta/default.ts-fixture b/packages/@aws-cdk/aws-batch/rosetta/default.ts-fixture index 6fcfe8682a3ff..76bb82380fc06 100644 --- a/packages/@aws-cdk/aws-batch/rosetta/default.ts-fixture +++ b/packages/@aws-cdk/aws-batch/rosetta/default.ts-fixture @@ -4,6 +4,7 @@ import { Stack } from '@aws-cdk/core'; import * as ec2 from '@aws-cdk/aws-ec2'; import * as batch from '@aws-cdk/aws-batch'; import * as ecs from '@aws-cdk/aws-ecs'; +import * as secretsmanager from '@aws-cdk/aws-secretsmanager'; class Fixture extends Stack { constructor(scope: Construct, id: string) { From 378f9fe236786cc05c5a988b50d086fed138dcde Mon Sep 17 00:00:00 2001 From: yoshizawa56 Date: Thu, 12 May 2022 21:52:20 +0900 Subject: [PATCH 7/7] update snapshot --- .../batch.integ.snapshot/batch-stack.template.json | 5 +++++ .../aws-batch/test/batch.integ.snapshot/cdk.out | 2 +- .../aws-batch/test/batch.integ.snapshot/integ.json | 14 -------------- .../test/batch.integ.snapshot/manifest.json | 5 +++-- .../aws-batch/test/batch.integ.snapshot/tree.json | 6 +++++- 5 files changed, 14 insertions(+), 18 deletions(-) delete mode 100644 packages/@aws-cdk/aws-batch/test/batch.integ.snapshot/integ.json diff --git a/packages/@aws-cdk/aws-batch/test/batch.integ.snapshot/batch-stack.template.json b/packages/@aws-cdk/aws-batch/test/batch.integ.snapshot/batch-stack.template.json index aa73525db1235..91df273babfd8 100644 --- a/packages/@aws-cdk/aws-batch/test/batch.integ.snapshot/batch-stack.template.json +++ b/packages/@aws-cdk/aws-batch/test/batch.integ.snapshot/batch-stack.template.json @@ -1362,6 +1362,11 @@ }, "batchjobrepo4C508C51": { "Type": "AWS::ECR::Repository", + "Properties": { + "ImageScanningConfiguration": { + "ScanOnPush": false + } + }, "UpdateReplacePolicy": "Retain", "DeletionPolicy": "Retain" }, diff --git a/packages/@aws-cdk/aws-batch/test/batch.integ.snapshot/cdk.out b/packages/@aws-cdk/aws-batch/test/batch.integ.snapshot/cdk.out index 90bef2e09ad39..2efc89439fab8 100644 --- a/packages/@aws-cdk/aws-batch/test/batch.integ.snapshot/cdk.out +++ b/packages/@aws-cdk/aws-batch/test/batch.integ.snapshot/cdk.out @@ -1 +1 @@ -{"version":"17.0.0"} \ No newline at end of file +{"version":"18.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-batch/test/batch.integ.snapshot/integ.json b/packages/@aws-cdk/aws-batch/test/batch.integ.snapshot/integ.json deleted file mode 100644 index 307a072859518..0000000000000 --- a/packages/@aws-cdk/aws-batch/test/batch.integ.snapshot/integ.json +++ /dev/null @@ -1,14 +0,0 @@ -{ - "version": "18.0.0", - "testCases": { - "aws-batch/test/integ.batch": { - "stacks": [ - "batch-stack" - ], - "diffAssets": false, - "stackUpdateWorkflow": true - } - }, - "synthContext": {}, - "enableLookups": false -} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-batch/test/batch.integ.snapshot/manifest.json b/packages/@aws-cdk/aws-batch/test/batch.integ.snapshot/manifest.json index 58060ca001b2c..2b50dfbb3dfc9 100644 --- a/packages/@aws-cdk/aws-batch/test/batch.integ.snapshot/manifest.json +++ b/packages/@aws-cdk/aws-batch/test/batch.integ.snapshot/manifest.json @@ -1,11 +1,12 @@ { - "version": "17.0.0", + "version": "18.0.0", "artifacts": { "Tree": { "type": "cdk:tree", "properties": { "file": "tree.json" - } + }, + "metadata": {} }, "batch-stack": { "type": "aws:cloudformation:stack", diff --git a/packages/@aws-cdk/aws-batch/test/batch.integ.snapshot/tree.json b/packages/@aws-cdk/aws-batch/test/batch.integ.snapshot/tree.json index 3535b28940aae..de3d0a7ce25b9 100644 --- a/packages/@aws-cdk/aws-batch/test/batch.integ.snapshot/tree.json +++ b/packages/@aws-cdk/aws-batch/test/batch.integ.snapshot/tree.json @@ -1601,7 +1601,11 @@ "path": "batch-stack/batch-job-repo/Resource", "attributes": { "aws:cdk:cloudformation:type": "AWS::ECR::Repository", - "aws:cdk:cloudformation:props": {} + "aws:cdk:cloudformation:props": { + "imageScanningConfiguration": { + "scanOnPush": false + } + } }, "constructInfo": { "fqn": "@aws-cdk/aws-ecr.CfnRepository",