Merge branch 'master' into nija-at/cognito-userpool-idp

packages/@aws-cdk/assets/package.json

@@ -65,7 +65,7 @@
   "devDependencies": {
     "@aws-cdk/assert": "0.0.0",
     "@types/nodeunit": "^0.0.31",
-    "@types/sinon": "^9.0.3",
+    "@types/sinon": "^9.0.4",
     "aws-cdk": "0.0.0",
     "cdk-build-tools": "0.0.0",
     "cdk-integ-tools": "0.0.0",

packages/@aws-cdk/aws-lambda/package.json

@@ -70,7 +70,7 @@
     "@types/aws-lambda": "^8.10.39",
     "@types/lodash": "^4.14.153",
     "@types/nodeunit": "^0.0.31",
-    "@types/sinon": "^9.0.3",
+    "@types/sinon": "^9.0.4",
     "aws-sdk": "^2.681.0",
     "aws-sdk-mock": "^5.1.0",
     "cdk-build-tools": "0.0.0",

packages/@aws-cdk/aws-s3-assets/package.json

@@ -61,7 +61,7 @@
   "devDependencies": {
     "@aws-cdk/assert": "0.0.0",
     "@types/nodeunit": "^0.0.31",
-    "@types/sinon": "^9.0.3",
+    "@types/sinon": "^9.0.4",
     "aws-cdk": "0.0.0",
     "cdk-build-tools": "0.0.0",
     "cdk-integ-tools": "0.0.0",

packages/@aws-cdk/core/lib/size.ts

@@ -26,7 +26,7 @@ export class Size {
   }
 
   /**
-   * Create a Storage representing an amount mebibytes.
+   * Create a Storage representing an amount gibibytes.
    * 1 GiB = 1024 MiB
    */
   public static gibibytes(amount: number): Size {
@@ -97,7 +97,7 @@ export class Size {
 }
 
 /**
- * Rouding behaviour when converting between units of `Size`.
+ * Rounding behaviour when converting between units of `Size`.
  */
 export enum SizeRoundingBehavior {
   /** Fail the conversion if the result is not an integer. */

packages/@aws-cdk/custom-resources/package.json

@@ -73,7 +73,7 @@
     "@aws-cdk/aws-ssm": "0.0.0",
     "@types/aws-lambda": "^8.10.39",
     "@types/fs-extra": "^8.1.0",
-    "@types/sinon": "^9.0.3",
+    "@types/sinon": "^9.0.4",
     "aws-sdk": "^2.681.0",
     "aws-sdk-mock": "^5.1.0",
     "cdk-build-tools": "0.0.0",

packages/aws-cdk/lib/api/deploy-stack.ts

@@ -235,6 +235,17 @@ export async function deployStack(options: DeployStackOptions): Promise<DeploySt
   debug('Initiated creation of changeset: %s; waiting for it to finish creating...', changeSet.Id);
   const changeSetDescription = await waitForChangeSet(cfn, deployName, changeSetName);
 
+  // Update termination protection only if it has changed.
+  const terminationProtection = stackArtifact.terminationProtection ?? false;
+  if (!!cloudFormationStack.terminationProtection !== terminationProtection) {
+    debug('Updating termination protection from %s to %s for stack %s', cloudFormationStack.terminationProtection, terminationProtection, deployName);
+    await cfn.updateTerminationProtection({
+      StackName: deployName,
+      EnableTerminationProtection: terminationProtection,
+    }).promise();
+    debug('Termination protection updated to %s for stack %s', terminationProtection, deployName);
+  }
+
   if (changeSetHasNoChanges(changeSetDescription)) {
     debug('No changes are to be performed on %s.', deployName);
     await cfn.deleteChangeSet({ StackName: deployName, ChangeSetName: changeSetName }).promise();
@@ -262,17 +273,6 @@ export async function deployStack(options: DeployStackOptions): Promise<DeploySt
     print('Changeset %s created and waiting in review for manual execution (--no-execute)', changeSetName);
   }
 
-  // Update termination protection only if it has changed.
-  const terminationProtection = stackArtifact.terminationProtection ?? false;
-  if (cloudFormationStack.terminationProtection !== terminationProtection) {
-    debug('Updating termination protection from %s to %s for stack %s', cloudFormationStack.terminationProtection, terminationProtection, deployName);
-    await cfn.updateTerminationProtection({
-      StackName: deployName,
-      EnableTerminationProtection: terminationProtection,
-    }).promise();
-    debug('Termination protection updated to %s for stack %s', terminationProtection, deployName);
-  }
-
   return { noOp: false, outputs: cloudFormationStack.outputs, stackArn: changeSet.StackId!, stackArtifact };
 }
 
@@ -399,8 +399,7 @@ async function canSkipDeploy(deployStackOptions: DeployStackOptions, cloudFormat
   }
 
   // Termination protection has been updated
-  const terminationProtection = deployStackOptions.stack.terminationProtection ?? false; // cast to boolean for comparison
-  if (terminationProtection !== cloudFormationStack.terminationProtection) {
+  if (!!deployStackOptions.stack.terminationProtection !== !!cloudFormationStack.terminationProtection) {
     debug(`${deployName}: termination protection has been updated`);
     return false;
   }

packages/aws-cdk/package.json

@@ -50,7 +50,7 @@
     "@types/node": "^10.17.21",
     "@types/promptly": "^3.0.0",
     "@types/semver": "^7.2.0",
-    "@types/sinon": "^9.0.3",
+    "@types/sinon": "^9.0.4",
     "@types/table": "^4.0.7",
     "@types/uuid": "^8.0.0",
     "@types/yaml": "^1.9.7",

packages/aws-cdk/test/integ/cli/app/app.js

@@ -280,7 +280,7 @@ new StackWithNestedStack(app, `${stackPrefix}-with-nested-stack`);
 new StackWithNestedStackUsingParameters(app, `${stackPrefix}-with-nested-stack-using-parameters`);
 
 new YourStack(app, `${stackPrefix}-termination-protection`, {
-  terminationProtection: true,
+  terminationProtection: process.env.TERMINATION_PROTECTION !== 'FALSE' ? true : false,
 });
 
 app.synth();

packages/aws-cdk/test/integ/cli/cli.integtest.ts

@@ -39,15 +39,15 @@ test('Two ways of shoing the version', async () => {
 });
 
 test('Termination protection', async () => {
-  await cdkDeploy('termination-protection');
+  const stackName = 'termination-protection';
+  await cdkDeploy(stackName);
 
   // Try a destroy that should fail
-  await expect(cdkDestroy('termination-protection')).rejects.toThrow('exited with error');
+  await expect(cdkDestroy(stackName)).rejects.toThrow('exited with error');
 
-  await cloudFormation('updateTerminationProtection', {
-    EnableTerminationProtection: false,
-    StackName: fullStackName('termination-protection'),
-  });
+  // Can update termination protection even though the change set doesn't contain changes
+  await cdkDeploy(stackName, { modEnv: { TERMINATION_PROTECTION: 'FALSE' } });
+  await cdkDestroy(stackName);
 });
 
 test('cdk synth', async () => {
@@ -437,15 +437,15 @@ test('IAM diff', async () => {
 
   // Roughly check for a table like this:
   //
-  // ┌───┬─────────────────┬────────┬────────────────┬────────────────────────────┬───────────┐
-  // │   │ Resource        │ Effect │ Action         │ Principal                  │ Condition │
-  // ├───┼─────────────────┼────────┼────────────────┼────────────────────────────┼───────────┤
-  // │ + │ ${SomeRole.Arn} │ Allow  │ sts:AssumeRole │ Service:ec2.amazonaws.com  │           │
-  // └───┴─────────────────┴────────┴────────────────┴────────────────────────────┴───────────┘
+  // ┌───┬─────────────────┬────────┬────────────────┬────────────────────────────-──┬───────────┐
+  // │   │ Resource        │ Effect │ Action         │ Principal                     │ Condition │
+  // ├───┼─────────────────┼────────┼────────────────┼───────────────────────────────┼───────────┤
+  // │ + │ ${SomeRole.Arn} │ Allow  │ sts:AssumeRole │ Service:ec2.${AWS::URLSuffix} │           │
+  // └───┴─────────────────┴────────┴────────────────┴───────────────────────────────┴───────────┘
 
   expect(output).toContain('${SomeRole.Arn}');
   expect(output).toContain('sts:AssumeRole');
-  expect(output).toContain('ec2.amazonaws.com');
+  expect(output).toContain('ec2.${AWS::URLSuffix}');
 });
 
 test('fast deploy', async () => {

yarn.lock

@@ -1595,10 +1595,10 @@
   dependencies:
     "@types/node" "*"
 
-"@types/sinon@^9.0.3":
-  version "9.0.3"
-  resolved "https://registry.yarnpkg.com/@types/sinon/-/sinon-9.0.3.tgz#c803f2ebf96db44230ce4e632235c279830edd45"
-  integrity sha512-NWVG++603tEDwmz5k0DwFR1hqP3iBmq5GYi6d+0KCQMQsfDEULF1D7xqZ+iXRJHeGwLVhM+Rv73uzIYuIUVlJQ==
+"@types/sinon@^9.0.4":
+  version "9.0.4"
+  resolved "https://registry.yarnpkg.com/@types/sinon/-/sinon-9.0.4.tgz#e934f904606632287a6e7f7ab0ce3f08a0dad4b1"
+  integrity sha512-sJmb32asJZY6Z2u09bl0G2wglSxDlROlAejCjsnor+LzBMz17gu8IU7vKC/vWDnv9zEq2wqADHVXFjf4eE8Gdw==
   dependencies:
     "@types/sinonjs__fake-timers" "*"