Merge branch 'master' into apig-uppercase-domain

.mergify.yml

@@ -6,7 +6,7 @@ pull_request_rules:
       label:
         add: [ contribution/core ]
     conditions:
-      - author~=^(eladb|RomainMuller|garnaat|nija-at|shivlaks|skinny85|rix0rrr|NGL321|Jerry-AWS|SomayaB|MrArnoldPalmer|NetaNir|iliapolo)$
+      - author~=^(eladb|RomainMuller|garnaat|nija-at|shivlaks|skinny85|rix0rrr|NGL321|Jerry-AWS|SomayaB|MrArnoldPalmer|NetaNir|iliapolo|njlynch)$
       - -label~="contribution/core"
   - name: automatic merge
     actions:
@@ -66,20 +66,7 @@ pull_request_rules:
     conditions:
       - author!=dependabot[bot]
       - author!=dependabot-preview[bot]
-        # List out all the people whose work is okay to provisionally approve
-      - author!=eladb
-      - author!=RomainMuller
-      - author!=garnaat
-      - author!=nija-at
-      - author!=shivlaks
-      - author!=skinny85
-      - author!=rix0rrr
-      - author!=NGL321
-      - author!=Jerry-AWS
-      - author!=SomayaB
-      - author!=MrArnoldPalmer
-      - author!=NetaNir
-      - author!=iliapolo
+      - label!=contribution/core
       - base=master
       - -merged
       - -closed

CONTRIBUTING.md

@@ -184,6 +184,17 @@ Integration tests perform a few functions in the CDK code base -
 3. (Optionally) Acts as a way to validate that constructs set up the CloudFormation resources as expected. A successful
    CloudFormation deployment does not mean that the resources are set up correctly.
 
+For Gitpod users only! The best way to supply CDK with your AWS credentials is to add them as
+[persisting environment variables](https://www.gitpod.io/docs/environment-variables).
+Adding them works as follows via terminal:
+
+```shell
+eval $(gp env -e AWS_ACCESS_KEY_ID=XXXXXXXXX)
+eval $(gp env -e AWS_SECRET_ACCESS_KEY=YYYYYYY)
+eval $(gp env -e AWS_DEFAULT_REGION=ZZZZZZZZ)
+eval $(gp env -e)
+```
+
 If you are working on a new feature that is using previously unused CloudFormation resource types, or involves
 configuring resource types across services, you need to write integration tests that use these resource types or
 features.

package.json

@@ -16,12 +16,12 @@
   "devDependencies": {
     "conventional-changelog-cli": "^2.0.34",
     "fs-extra": "^9.0.1",
+    "graceful-fs": "^4.2.4",
     "jsii-diff": "^1.6.0",
     "jsii-pacmak": "^1.6.0",
     "jsii-rosetta": "^1.6.0",
-    "lerna": "^3.22.0",
+    "lerna": "^3.22.1",
     "standard-version": "^8.0.0",
-    "graceful-fs": "^4.2.4",
     "typescript": "~3.8.3"
   },
   "resolutions-comment": "should be removed or reviewed when nodeunit dependency is dropped or adjusted",

packages/@aws-cdk/app-delivery/package.json

@@ -57,7 +57,7 @@
     "@types/nodeunit": "^0.0.31",
     "cdk-build-tools": "0.0.0",
     "cdk-integ-tools": "0.0.0",
-    "fast-check": "^1.24.2",
+    "fast-check": "^1.25.0",
     "nodeunit": "^0.11.3",
     "pkglint": "0.0.0"
   },

packages/@aws-cdk/assert/lib/assertions/have-resource.ts

@@ -313,7 +313,7 @@ export function arrayWith(...elements: any[]): PropertyMatcher {
 
   const ret = (value: any, inspection: InspectionFailure): boolean => {
     if (!Array.isArray(value)) {
-      return failMatcher(inspection, `Expect an object but got '${typeof value}'`);
+      return failMatcher(inspection, `Expect an array but got '${typeof value}'`);
     }
 
     for (const element of elements) {
@@ -412,4 +412,4 @@ function isCallable(x: any): x is ((...args: any[]) => any) {
 function isObject(x: any): x is object {
   // Because `typeof null === 'object'`.
   return x && typeof x === 'object';
-}
+}

packages/@aws-cdk/aws-amplify/README.md

@@ -52,6 +52,17 @@ const amplifyApp = new amplify.App(this, 'MyApp', {
 });
 ```
 
+To connect your `App` to GitLab, use the `GitLabSourceCodeProvider`:
+```ts
+const amplifyApp = new amplify.App(this, 'MyApp', {
+  sourceCodeProvider: new amplify.GitLabSourceCodeProvider({
+    owner: '<user>',
+    repository: '<repo>',
+    oauthToken: cdk.SecretValue.secretsManager('my-gitlab-token')
+  })
+});
+```
+
 To connect your `App` to CodeCommit, use the `CodeCommitSourceCodeProvider`:
 ```ts
 const repository = new codecommit.Repository(this, 'Repo', {

packages/@aws-cdk/aws-amplify/lib/app.ts

@@ -372,6 +372,11 @@ export enum RedirectStatus {
    * Not found (404)
    */
   NOT_FOUND = '404',
+
+  /**
+   * Not found rewrite (404)
+   */
+  NOT_FOUND_REWRITE = '404-200',
 }
 
 /**

packages/@aws-cdk/aws-amplify/lib/source-code-providers.ts

@@ -36,6 +36,40 @@ export class GitHubSourceCodeProvider implements ISourceCodeProvider {
   }
 }
 
+/**
+ * Properties for a GitLab source code provider
+ */
+export interface GitLabSourceCodeProviderProps {
+  /**
+   * The user or organization owning the repository
+   */
+  readonly owner: string;
+
+  /**
+   * The name of the repository
+   */
+  readonly repository: string;
+
+  /**
+   * A personal access token with the `repo` scope
+   */
+  readonly oauthToken: SecretValue;
+}
+
+/**
+ * GitLab source code provider
+ */
+export class GitLabSourceCodeProvider implements ISourceCodeProvider {
+  constructor(private readonly props: GitLabSourceCodeProviderProps) { }
+
+  public bind(_app: App): SourceCodeProviderConfig {
+    return {
+      repository: `https://gitlab.com/${this.props.owner}/${this.props.repository}`,
+      oauthToken: this.props.oauthToken,
+    };
+  }
+}
+
 /**
  * Properties for a CodeCommit source code provider
  */

packages/@aws-cdk/aws-amplify/test/app.test.ts

@@ -61,6 +61,58 @@ test('create an app connected to a GitHub repository', () => {
   });
 });
 
+test('create an app connected to a GitLab repository', () => {
+  // WHEN
+  new amplify.App(stack, 'App', {
+    sourceCodeProvider: new amplify.GitLabSourceCodeProvider({
+      owner: 'aws',
+      repository: 'aws-cdk',
+      oauthToken: SecretValue.plainText('secret'),
+    }),
+    buildSpec: codebuild.BuildSpec.fromObject({
+      version: '1.0',
+      frontend: {
+        phases: {
+          build: {
+            commands: [
+              'npm run build',
+            ],
+          },
+        },
+      },
+    }),
+  });
+
+  // THEN
+  expect(stack).toHaveResource('AWS::Amplify::App', {
+    Name: 'App',
+    BuildSpec: '{\n  \"version\": \"1.0\",\n  \"frontend\": {\n    \"phases\": {\n      \"build\": {\n        \"commands\": [\n          \"npm run build\"\n        ]\n      }\n    }\n  }\n}',
+    IAMServiceRole: {
+      'Fn::GetAtt': [
+        'AppRole1AF9B530',
+        'Arn',
+      ],
+    },
+    OauthToken: 'secret',
+    Repository: 'https://gitlab.com/aws/aws-cdk',
+  });
+
+  expect(stack).toHaveResource('AWS::IAM::Role', {
+    AssumeRolePolicyDocument: {
+      Statement: [
+        {
+          Action: 'sts:AssumeRole',
+          Effect: 'Allow',
+          Principal: {
+            Service: 'amplify.amazonaws.com',
+          },
+        },
+      ],
+      Version: '2012-10-17',
+    },
+  });
+});
+
 test('create an app connected to a CodeCommit repository', () => {
   // WHEN
   new amplify.App(stack, 'App', {

packages/@aws-cdk/aws-apigateway/README.md

@@ -19,6 +19,7 @@ running on AWS Lambda, or any web application.
 ## Table of Contents
 
 - [Defining APIs](#defining-apis)
+  - [Breaking up Methods and Resources across Stacks](#breaking-up-methods-and-resources-across-stacks)
 - [AWS Lambda-backed APIs](#aws-lambda-backed-apis)
 - [Integration Targets](#integration-targets)
 - [Working with models](#working-with-models)
@@ -99,6 +100,18 @@ item.addMethod('GET');   // GET /items/{item}
 item.addMethod('DELETE', new apigateway.HttpIntegration('http://amazon.com'));
 ```
 
+### Breaking up Methods and Resources across Stacks
+
+It is fairly common for REST APIs with a large number of Resources and Methods to hit the [CloudFormation
+limit](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/cloudformation-limits.html) of 200 resources per
+stack.
+
+To help with this, Resources and Methods for the same REST API can be re-organized across multiple stacks. A common
+way to do this is to have a stack per Resource or groups of Resources, but this is not the only possible way.
+The following example uses sets up two Resources '/pets' and '/books' in separate stacks using nested stacks:
+
+[Resources grouped into nested stacks](test/integ.restapi-import.lit.ts)
+
 ## Integration Targets
 
 Methods are associated with backend integrations, which are invoked when this
@@ -956,17 +969,27 @@ The following code creates a REST API using an external OpenAPI definition JSON
 const api = new apigateway.SpecRestApi(this, 'books-api', {
   apiDefinition: apigateway.ApiDefinition.fromAsset('path-to-file.json')
 });
+
+const booksResource = api.root.addResource('books')
+booksResource.addMethod('GET', ...);
 ```
 
+It is possible to use the `addResource()` API to define additional API Gateway Resources.
+
+**Note:** Deployment will fail if a Resource of the same name is already defined in the Open API specification.
+
+**Note:** Any default properties configured, such as `defaultIntegration`, `defaultMethodOptions`, etc. will only be
+applied to Resources and Methods defined in the CDK, and not the ones defined in the spec. Use the [API Gateway
+extensions to OpenAPI](https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-swagger-extensions.html)
+to configure these.
+
 There are a number of limitations in using OpenAPI definitions in API Gateway. Read the [Amazon API Gateway important
 notes for REST APIs](https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-known-issues.html#api-gateway-known-issues-rest-apis)
 for more details.
 
 **Note:** When starting off with an OpenAPI definition using `SpecRestApi`, it is not possible to configure some
 properties that can be configured directly in the OpenAPI specification file. This is to prevent people duplication
 of these properties and potential confusion.
-Further, it is currently also not possible to configure Methods and Resources in addition to the ones in the
-specification file.
 
 ## APIGateway v2
 

packages/@aws-cdk/aws-apigateway/lib/authorizer.ts

@@ -1,6 +1,6 @@
 import { Construct, Resource, ResourceProps } from '@aws-cdk/core';
 import { AuthorizationType } from './method';
-import { RestApi } from './restapi';
+import { IRestApi } from './restapi';
 
 const AUTHORIZER_SYMBOL = Symbol.for('@aws-cdk/aws-apigateway.Authorizer');
 
@@ -28,7 +28,7 @@ export abstract class Authorizer extends Resource implements IAuthorizer {
    * Called when the authorizer is used from a specific REST API.
    * @internal
    */
-  public abstract _attachToApi(restApi: RestApi): void;
+  public abstract _attachToApi(restApi: IRestApi): void;
 }
 
 /**

packages/@aws-cdk/aws-apigateway/lib/authorizers/lambda.ts

@@ -3,7 +3,7 @@ import * as lambda from '@aws-cdk/aws-lambda';
 import { Construct, Duration, Lazy, Stack } from '@aws-cdk/core';
 import { CfnAuthorizer } from '../apigateway.generated';
 import { Authorizer, IAuthorizer } from '../authorizer';
-import { RestApi } from '../restapi';
+import { IRestApi } from '../restapi';
 
 /**
  * Base properties for all lambda authorizers
@@ -83,7 +83,7 @@ abstract class LambdaAuthorizer extends Authorizer implements IAuthorizer {
    * Attaches this authorizer to a specific REST API.
    * @internal
    */
-  public _attachToApi(restApi: RestApi) {
+  public _attachToApi(restApi: IRestApi) {
     if (this.restApiId && this.restApiId !== restApi.restApiId) {
       throw new Error('Cannot attach authorizer to two different rest APIs');
     }

packages/@aws-cdk/aws-apigateway/lib/method.ts

@@ -7,7 +7,7 @@ import { MethodResponse } from './methodresponse';
 import { IModel } from './model';
 import { IRequestValidator, RequestValidatorOptions } from './requestvalidator';
 import { IResource } from './resource';
-import { RestApi } from './restapi';
+import { IRestApi, RestApi, RestApiBase } from './restapi';
 import { validateHttpMethod } from './util';
 
 export interface MethodOptions {
@@ -159,13 +159,16 @@ export class Method extends Resource {
 
   public readonly httpMethod: string;
   public readonly resource: IResource;
-  public readonly restApi: RestApi;
+  /**
+   * The API Gateway RestApi associated with this method.
+   */
+  public readonly api: IRestApi;
 
   constructor(scope: Construct, id: string, props: MethodProps) {
     super(scope, id);
 
     this.resource = props.resource;
-    this.restApi = props.resource.restApi;
+    this.api = props.resource.api;
     this.httpMethod = props.httpMethod.toUpperCase();
 
     validateHttpMethod(this.httpMethod);
@@ -186,12 +189,12 @@ export class Method extends Resource {
     }
 
     if (Authorizer.isAuthorizer(authorizer)) {
-      authorizer._attachToApi(this.restApi);
+      authorizer._attachToApi(this.api);
     }
 
     const methodProps: CfnMethodProps = {
       resourceId: props.resource.resourceId,
-      restApiId: this.restApi.restApiId,
+      restApiId: this.api.restApiId,
       httpMethod: this.httpMethod,
       operationName: options.operationName || defaultMethodOptions.operationName,
       apiKeyRequired: options.apiKeyRequired || defaultMethodOptions.apiKeyRequired,
@@ -209,15 +212,25 @@ export class Method extends Resource {
 
     this.methodId = resource.ref;
 
-    props.resource.restApi._attachMethod(this);
+    if (RestApiBase._isRestApiBase(props.resource.api)) {
+      props.resource.api._attachMethod(this);
+    }
 
-    const deployment = props.resource.restApi.latestDeployment;
+    const deployment = props.resource.api.latestDeployment;
     if (deployment) {
       deployment.node.addDependency(resource);
       deployment.addToLogicalId({ method: methodProps });
     }
   }
 
+  /**
+   * The RestApi associated with this Method
+   * @deprecated - Throws an error if this Resource is not associated with an instance of `RestApi`. Use `api` instead.
+   */
+  public get restApi(): RestApi {
+    return this.resource.restApi;
+  }
+
   /**
    * Returns an execute-api ARN for this method:
    *