Merge branch 'master' into njlynch/cloudfront

CONTRIBUTING.md

@@ -77,26 +77,25 @@ you need to have the following SDKs and tools locally:
 - [Node.js >= 10.13.0](https://nodejs.org/download/release/latest-v10.x/)
   - We recommend using a version in [Active LTS](https://nodejs.org/en/about/releases/)
   - ⚠️ versions `13.0.0` to `13.6.0` are not supported due to compatibility issues with our dependencies.
-- [Yarn >= 1.19.1](https://yarnpkg.com/lang/en/docs/install)
-- [Java OpenJDK 8](https://docs.aws.amazon.com/corretto/latest/corretto-8-ug/downloads-list.html)
-- [Apache Maven](http://maven.apache.org/install.html)
-- [.NET Core SDK 3.1](https://www.microsoft.com/net/download)
-- [Python 3.6.5](https://www.python.org/downloads/release/python-365/)
-- [Ruby 2.5.1](https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-5-1-released/)
+- [Yarn >= 1.19.1, < 1.3](https://yarnpkg.com/lang/en/docs/install)
+- [Java >= OpenJDK 8, 11, 14](https://docs.aws.amazon.com/corretto/latest/corretto-8-ug/downloads-list.html)
+- [Apache Maven >= 3.6.0, < 4.0](http://maven.apache.org/install.html)
+- [.NET Core SDK 3.1.x](https://www.microsoft.com/net/download)
+- [Python >= 3.6.5, < 4.0](https://www.python.org/downloads/release/python-365/)
+- [Ruby >= 2.5.1, < 3.0](https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-5-1-released/)
+- [Docker 19.03](https://docs.docker.com/get-docker/)
 
 The basic commands to get the repository cloned and built locally follow:
 
 ```console
 $ git clone https://github.com/aws/aws-cdk.git
 $ cd aws-cdk
-$ yarn install
 $ yarn build
 ```
 
-If you get compiler errors when building, a common cause is globally installed tools like tslint and typescript. Try uninstalling them.
+If you get compiler errors when building, a common cause is a globally installed typescript. Try uninstalling it.
 
 ```
-npm uninstall -g tslint
 npm uninstall -g typescript
 ```
 
@@ -277,7 +276,7 @@ However, in many cases, you can probably get away with just building a portion o
 want to work on.
 
 We recommend that you use [Visual Studio Code](https://code.visualstudio.com/) to work on the CDK. Be sure to install
-the [tslint extension](https://marketplace.visualstudio.com/items?itemName=eg2.tslint) for it as well, since we have
+the [eslint extension](https://marketplace.visualstudio.com/items?itemName=dbaeumer.vscode-eslint) for it as well, since we have
 strict linting rules that will prevent your code from compiling, but with VSCode and this extension can be automatically
 fixed for you by hitting `Ctrl-.` when your cursor is on a red underline.
 
@@ -332,9 +331,6 @@ The following linters are used -
 
 #### eslint
 
-Historically, the CDK has used tslint for linting its typescript source code. With [tslint's deprecation in
-2019](https://medium.com/palantir/tslint-in-2019-1a144c2317a9), we are slowly moving over to using eslint.
-
 All packages in the repo use a standard base configuration found at [eslintrc.js](tools/cdk-build-tools/config/eslintrc.js).
 This can be customized for any package by modifying the `.eslintrc` file found at its root.
 

build.sh

@@ -38,8 +38,12 @@ fail() {
   exit 1
 }
 
+# Check for secrets that should not be committed
 /bin/bash ./git-secrets-scan.sh
 
+# Verify dependencies before starting the build
+/bin/bash ./scripts/check-prerequisites.sh
+
 # Prepare for build with references
 /bin/bash scripts/generate-aggregate-tsconfig.sh > tsconfig.json
 

package.json

@@ -20,8 +20,9 @@
     "jsii-diff": "^1.8.0",
     "jsii-pacmak": "^1.8.0",
     "jsii-rosetta": "^1.8.0",
+    "jest-junit": "^11.0.1",
     "lerna": "^3.22.1",
-    "standard-version": "^8.0.0",
+    "standard-version": "^8.0.2",
     "typescript": "~3.9.6"
   },
   "resolutions-comment": "should be removed or reviewed when nodeunit dependency is dropped or adjusted",

packages/@aws-cdk/assert/package.json

@@ -21,11 +21,11 @@
   },
   "license": "Apache-2.0",
   "devDependencies": {
-    "@types/jest": "^26.0.3",
+    "@types/jest": "^26.0.4",
     "cdk-build-tools": "0.0.0",
     "jest": "^25.5.4",
     "pkglint": "0.0.0",
-    "ts-jest": "^26.1.1"
+    "ts-jest": "^26.1.2"
   },
   "dependencies": {
     "@aws-cdk/cloudformation-diff": "0.0.0",

packages/@aws-cdk/aws-ce/.gitignore

@@ -2,7 +2,6 @@
 *.js.map
 *.d.ts
 tsconfig.json
-tslint.json
 node_modules
 *.generated.ts
 dist
@@ -18,4 +17,4 @@ nyc.config.js
 !.eslintrc.js
 !jest.config.js
 
-junit.xml
+junit.xml

packages/@aws-cdk/aws-certificatemanager/suffixes/build-map.py

@@ -31,5 +31,5 @@
 
 with open('../lib/public-suffixes.ts', 'w') as o:
   o.write('// This file has been generated using ../suffixes/build-map.py\n')
-  o.write('// tslint:disable:no-trailing-whitespace object-literal-key-quotes\n')
+  o.write('/* eslint-disable no-trailing-spaces, quote-props */\n')
   o.write('export const publicSuffixes = %s;' % json.dumps(trie, indent=2))

packages/@aws-cdk/aws-codepipeline-actions/lib/bitbucket/source-action.ts

@@ -59,7 +59,6 @@ export interface BitBucketSourceActionProps extends codepipeline.CommonAwsAction
    * @see https://docs.aws.amazon.com/codepipeline/latest/userguide/action-reference-CodestarConnectionSource.html#action-reference-CodestarConnectionSource-config
    */
   readonly codeBuildCloneOutput?: boolean;
-  // tslint:enable:max-line-length
 }
 
 /**

packages/@aws-cdk/aws-codepipeline-actions/lib/cloudformation/pipeline-actions.ts

@@ -234,7 +234,6 @@ interface CloudFormationDeployActionProps extends CloudFormationActionProps {
    */
   readonly extraInputs?: codepipeline.Artifact[];
 }
-// tslint:enable:max-line-length
 
 /**
  * Base class for all CloudFormation actions that execute or stage deployments.

packages/@aws-cdk/aws-codepipeline-actions/lib/custom-action-registration.ts

@@ -36,8 +36,6 @@ export interface CustomActionProperty {
    */
   queryable?: boolean;
 
-  // tslint:enable:max-line-length
-
   /**
    * Whether this property is required.
    */

packages/@aws-cdk/aws-codepipeline-actions/lib/lambda/invoke-action.ts

@@ -38,8 +38,6 @@ export interface LambdaInvokeActionProps extends codepipeline.CommonAwsActionPro
    */
   readonly userParameters?: { [key: string]: any };
 
-  // tslint:enable:max-line-length
-
   /**
    * The lambda function to invoke.
    */

packages/@aws-cdk/aws-cognito/lib/user-pool-attr.ts

@@ -153,7 +153,6 @@ export interface CustomAttributeConfig {
    * @see https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SchemaAttributeType.html#CognitoUserPools-Type-SchemaAttributeType-AttributeDataType
    */
   readonly dataType: string;
-  // tslint:enable:max-line-length
 
   /**
    * The constraints for a custom attribute of 'String' data type.

packages/@aws-cdk/aws-cognito/lib/user-pool-client.ts

@@ -136,7 +136,6 @@ export class OAuthScope {
    * The name of this scope as recognized by CloudFormation.
    * @see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpoolclient.html#cfn-cognito-userpoolclient-allowedoauthscopes
    */
-  // tslint:enable:max-line-length
   public readonly scopeName: string;
 
   private constructor(scopeName: string) {

packages/@aws-cdk/aws-detective/.gitignore

@@ -2,7 +2,6 @@
 *.js.map
 *.d.ts
 tsconfig.json
-tslint.json
 node_modules
 *.generated.ts
 dist
@@ -18,4 +17,4 @@ nyc.config.js
 !.eslintrc.js
 !jest.config.js
 
-junit.xml
+junit.xml

packages/@aws-cdk/aws-docdb/lib/instance.ts

@@ -155,7 +155,6 @@ export interface DatabaseInstanceProps {
    * time for each AWS Region, occurring on a random day of the week. To see
    * the time blocks available, see https://docs.aws.amazon.com/documentdb/latest/developerguide/db-instance-maintain.html#maintenance-window
    */
-  // tslint:enable:max-line-length
   readonly preferredMaintenanceWindow?: string;
 
   /**

packages/@aws-cdk/aws-dynamodb/package.json

@@ -64,7 +64,7 @@
   "license": "Apache-2.0",
   "devDependencies": {
     "@aws-cdk/assert": "0.0.0",
-    "@types/jest": "^26.0.3",
+    "@types/jest": "^26.0.4",
     "aws-sdk": "^2.713.0",
     "aws-sdk-mock": "^5.1.0",
     "cdk-build-tools": "0.0.0",
@@ -73,7 +73,7 @@
     "jest": "^25.5.4",
     "pkglint": "0.0.0",
     "sinon": "^9.0.2",
-    "ts-jest": "^26.1.1"
+    "ts-jest": "^26.1.2"
   },
   "dependencies": {
     "@aws-cdk/aws-applicationautoscaling": "0.0.0",

packages/@aws-cdk/aws-ecr/README.md

@@ -22,7 +22,7 @@ const repository = new ecr.Repository(this, 'Repository');
 
 ### Image scanning
 
-Amazon ECR image scanning helps in identifying software vulnerabilities in your container images. You can manually scan container images stored in Amazon ECR, or you can configure your repositories to scan images when you push them to a repository. To create a new reposity to scan on push, simply enable `imageScanOnPush` in the properties
+Amazon ECR image scanning helps in identifying software vulnerabilities in your container images. You can manually scan container images stored in Amazon ECR, or you can configure your repositories to scan images when you push them to a repository. To create a new repository to scan on push, simply enable `imageScanOnPush` in the properties
 
 ```ts
 const repository = new ecr.Repository(stack, 'Repo', {

packages/@aws-cdk/aws-eks/lib/cluster.ts

@@ -1,10 +1,10 @@
+import * as fs from 'fs';
+import * as path from 'path';
 import * as autoscaling from '@aws-cdk/aws-autoscaling';
 import * as ec2 from '@aws-cdk/aws-ec2';
 import * as iam from '@aws-cdk/aws-iam';
 import * as ssm from '@aws-cdk/aws-ssm';
 import { CfnOutput, CfnResource, Construct, IResource, Resource, Stack, Tag, Token } from '@aws-cdk/core';
-import * as fs from 'fs';
-import * as path from 'path';
 import * as YAML from 'yaml';
 import { AwsAuth } from './aws-auth';
 import { clusterArnComponents, ClusterResource } from './cluster-resource';
@@ -292,6 +292,11 @@ export class KubernetesVersion {
    */
   public static readonly V1_16 = KubernetesVersion.of('1.16');
 
+  /**
+   * Kubernetes version 1.17
+   */
+  public static readonly V1_17 = KubernetesVersion.of('1.17');
+
   /**
    * Custom cluster version
    * @param version custom version number
@@ -492,6 +497,16 @@ export class Cluster extends Resource implements ICluster {
       resource = new ClusterResource(this, 'Resource', clusterProps);
       this._clusterResource = resource;
 
+      // see https://github.com/aws/aws-cdk/issues/9027
+      this._clusterResource.creationRole.addToPolicy(new iam.PolicyStatement({
+        actions: ['ec2:DescribeVpcs'],
+        resources: [ stack.formatArn({
+          service: 'ec2',
+          resource: 'vpc',
+          resourceName: this.vpc.vpcId,
+        })],
+      }));
+
       // we use an SSM parameter as a barrier because it's free and fast.
       this._kubectlReadyBarrier = new CfnResource(this, 'KubectlReadyBarrier', {
         type: 'AWS::SSM::Parameter',

packages/@aws-cdk/aws-eks/test/integ.eks-cluster.expected.json

@@ -768,6 +768,25 @@
               "Effect": "Allow",
               "Resource": "*"
             },
+            {
+              "Action": "ec2:DescribeVpcs",
+              "Effect": "Allow",
+              "Resource": {
+                "Fn::Join": [
+                  "",
+                  [
+                    "arn:",
+                    {
+                      "Ref": "AWS::Partition"
+                    },
+                    ":ec2:test-region:12345678:vpc/",
+                    {
+                      "Ref": "Vpc8378EB38"
+                    }
+                  ]
+                ]
+              }
+            },
             {
               "Action": "iam:PassRole",
               "Effect": "Allow",

packages/@aws-cdk/aws-eks/test/integ.eks-cluster.ts

@@ -1,7 +1,7 @@
 /// !cdk-integ pragma:ignore-assets
 import * as ec2 from '@aws-cdk/aws-ec2';
 import * as iam from '@aws-cdk/aws-iam';
-import { App, CfnOutput, Duration } from '@aws-cdk/core';
+import { App, CfnOutput, Duration, Token } from '@aws-cdk/core';
 import * as eks from '../lib';
 import * as hello from './hello-k8s';
 import { TestStack } from './util';
@@ -113,10 +113,36 @@ class EksClusterStack extends TestStack {
   }
 }
 
+// this test uses the bottlerocket image, which is only supported in these
+// regions. see https://github.com/aws/aws-cdk/tree/master/packages/%40aws-cdk/aws-eks#bottlerocket
+const supportedRegions = [
+  'ap-northeast-1',
+  'ap-south-1',
+  'eu-central-1',
+  'us-east-1',
+  'us-west-2',
+];
+
 const app = new App();
 
 // since the EKS optimized AMI is hard-coded here based on the region,
 // we need to actually pass in a specific region.
-new EksClusterStack(app, 'aws-cdk-eks-cluster-test');
+const stack = new EksClusterStack(app, 'aws-cdk-eks-cluster-test');
+
+if (process.env.CDK_INTEG_ACCOUNT !== '12345678') {
+
+  // only validate if we are about to actually deploy.
+  // TODO: better way to determine this, right now the 'CDK_INTEG_ACCOUNT' seems like the only way.
+
+  if (Token.isUnresolved(stack.region)) {
+    throw new Error(`region (${stack.region}) cannot be a token and must be configured to one of: ${supportedRegions}`);
+  }
+
+  if (!supportedRegions.includes(stack.region)) {
+    throw new Error(`region (${stack.region}) must be configured to one of: ${supportedRegions}`);
+  }
+
+}
+
 
 app.synth();