From 799e13b196dc83f3be542d8f6d9ea892af327c34 Mon Sep 17 00:00:00 2001 From: watany <76135106+watany-dev@users.noreply.github.com> Date: Sat, 28 Sep 2024 12:24:12 +0000 Subject: [PATCH 1/5] fix(lambda): Resolve unable to reference AuthType from FunctionUrl --- packages/aws-cdk-lib/aws-lambda/lib/function-url.ts | 6 +++++- packages/aws-cdk-lib/aws-lambda/test/function-url.test.ts | 8 +++++++- 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/packages/aws-cdk-lib/aws-lambda/lib/function-url.ts b/packages/aws-cdk-lib/aws-lambda/lib/function-url.ts index bed33ec8bae4f..b46b84bf88680 100644 --- a/packages/aws-cdk-lib/aws-lambda/lib/function-url.ts +++ b/packages/aws-cdk-lib/aws-lambda/lib/function-url.ts @@ -204,6 +204,8 @@ export class FunctionUrl extends Resource implements IFunctionUrl { private readonly function: IFunction; + public readonly authType: FunctionUrlAuthType; + constructor(scope: Construct, id: string, props: FunctionUrlProps) { super(scope, id); @@ -217,8 +219,10 @@ export class FunctionUrl extends Resource implements IFunctionUrl { ? { targetFunction: props.function.version.lambda, alias: props.function } : { targetFunction: props.function, alias: undefined }; + this.authType = props.authType ?? FunctionUrlAuthType.AWS_IAM; + const resource: CfnUrl = new CfnUrl(this, 'Resource', { - authType: props.authType ?? FunctionUrlAuthType.AWS_IAM, + authType: this.authType, cors: props.cors ? this.renderCors(props.cors) : undefined, invokeMode: props.invokeMode, targetFunctionArn: targetFunction.functionArn, diff --git a/packages/aws-cdk-lib/aws-lambda/test/function-url.test.ts b/packages/aws-cdk-lib/aws-lambda/test/function-url.test.ts index 048fcea4fa1fa..088eb7c480b2f 100644 --- a/packages/aws-cdk-lib/aws-lambda/test/function-url.test.ts +++ b/packages/aws-cdk-lib/aws-lambda/test/function-url.test.ts @@ -231,11 +231,17 @@ describe('FunctionUrl', () => { }); // WHEN - fn.addFunctionUrl({ + const fnUrl = fn.addFunctionUrl({ authType: lambda.FunctionUrlAuthType.NONE, invokeMode: lambda.InvokeMode.BUFFERED, }); + if (fnUrl.authType === lambda.FunctionUrlAuthType.NONE) { + ; // ok + } else { + throw new Error('AuthType must be NONE'); + } + // THEN Template.fromStack(stack).hasResource('AWS::Lambda::Url', { Properties: { From 7c6cc2327a23f69a33add12b53b96dea644e0960 Mon Sep 17 00:00:00 2001 From: watany <76135106+watany-dev@users.noreply.github.com> Date: Sat, 28 Sep 2024 14:25:08 +0000 Subject: [PATCH 2/5] adding docstring --- packages/aws-cdk-lib/aws-lambda/lib/function-url.ts | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/packages/aws-cdk-lib/aws-lambda/lib/function-url.ts b/packages/aws-cdk-lib/aws-lambda/lib/function-url.ts index b46b84bf88680..8053c11c265cb 100644 --- a/packages/aws-cdk-lib/aws-lambda/lib/function-url.ts +++ b/packages/aws-cdk-lib/aws-lambda/lib/function-url.ts @@ -202,10 +202,13 @@ export class FunctionUrl extends Resource implements IFunctionUrl { */ public readonly functionArn: string; - private readonly function: IFunction; - + /** + * The authentication type used for this Function URL + */ public readonly authType: FunctionUrlAuthType; + private readonly function: IFunction; + constructor(scope: Construct, id: string, props: FunctionUrlProps) { super(scope, id); From e36e09bd27509909525d39b26cbd8fcf40fe06af Mon Sep 17 00:00:00 2001 From: watany <76135106+watany-dev@users.noreply.github.com> Date: Mon, 30 Sep 2024 03:42:33 +0000 Subject: [PATCH 3/5] refactor propaty check --- packages/aws-cdk-lib/aws-lambda/test/function-url.test.ts | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/packages/aws-cdk-lib/aws-lambda/test/function-url.test.ts b/packages/aws-cdk-lib/aws-lambda/test/function-url.test.ts index 088eb7c480b2f..699ad7ff232fc 100644 --- a/packages/aws-cdk-lib/aws-lambda/test/function-url.test.ts +++ b/packages/aws-cdk-lib/aws-lambda/test/function-url.test.ts @@ -236,11 +236,7 @@ describe('FunctionUrl', () => { invokeMode: lambda.InvokeMode.BUFFERED, }); - if (fnUrl.authType === lambda.FunctionUrlAuthType.NONE) { - ; // ok - } else { - throw new Error('AuthType must be NONE'); - } + expect(fnUrl.authType).toBe(lambda.FunctionUrlAuthType.NONE); // THEN Template.fromStack(stack).hasResource('AWS::Lambda::Url', { From cb9347b4ceca5efc482ec8f4267d0dc154a8d3b7 Mon Sep 17 00:00:00 2001 From: watany <76135106+watany-dev@users.noreply.github.com> Date: Thu, 3 Oct 2024 15:13:19 +0000 Subject: [PATCH 4/5] success integ --- ...efaultTestDeployAssertE3E7D2A4.assets.json | 2 +- .../Stack1.assets.json | 6 +-- .../Stack1.template.json | 36 ++++++++--------- .../integ.function-url.js.snapshot/cdk.out | 2 +- .../integ.function-url.js.snapshot/integ.json | 2 +- .../manifest.json | 8 +++- .../integ.function-url.js.snapshot/tree.json | 40 +++++++++---------- packages/aws-cdk-lib/cx-api/FEATURE_FLAGS.md | 2 +- 8 files changed, 51 insertions(+), 47 deletions(-) diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.function-url.js.snapshot/IntegTestDefaultTestDeployAssertE3E7D2A4.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.function-url.js.snapshot/IntegTestDefaultTestDeployAssertE3E7D2A4.assets.json index 81d460672e410..8bbe077289ad2 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.function-url.js.snapshot/IntegTestDefaultTestDeployAssertE3E7D2A4.assets.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.function-url.js.snapshot/IntegTestDefaultTestDeployAssertE3E7D2A4.assets.json @@ -1,5 +1,5 @@ { - "version": "31.0.0", + "version": "38.0.1", "files": { "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { "source": { diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.function-url.js.snapshot/Stack1.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.function-url.js.snapshot/Stack1.assets.json index f2dd96c81a800..16b9ed6375e38 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.function-url.js.snapshot/Stack1.assets.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.function-url.js.snapshot/Stack1.assets.json @@ -1,7 +1,7 @@ { - "version": "31.0.0", + "version": "38.0.1", "files": { - "d737b02c2791946e8c85b164fcf9b8853f5f29f5ba2839eecf03d7130d58ee17": { + "a83c04aa3d13aae337040b2062567727e3c7b177081dda963df9493e460f7a58": { "source": { "path": "Stack1.template.json", "packaging": "file" @@ -9,7 +9,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "d737b02c2791946e8c85b164fcf9b8853f5f29f5ba2839eecf03d7130d58ee17.json", + "objectKey": "a83c04aa3d13aae337040b2062567727e3c7b177081dda963df9493e460f7a58.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.function-url.js.snapshot/Stack1.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.function-url.js.snapshot/Stack1.template.json index 1d00c191ae091..84fdb041ee73e 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.function-url.js.snapshot/Stack1.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.function-url.js.snapshot/Stack1.template.json @@ -37,13 +37,13 @@ "Code": { "ZipFile": "def handler(event, context):\n return \"success\"" }, + "Handler": "index.handler", "Role": { "Fn::GetAtt": [ "IamAuthFunctionUrlsServiceRole35DF9DE0", "Arn" ] }, - "Handler": "index.handler", "Runtime": "python3.10" }, "DependsOn": [ @@ -99,13 +99,13 @@ "Code": { "ZipFile": "def handler(event, context):\n return \"success\"" }, + "Handler": "index.handler", "Role": { "Fn::GetAtt": [ "NoAuthFunctionUrlsServiceRole7247E6F2", "Arn" ] }, - "Handler": "index.handler", "Runtime": "python3.10" }, "DependsOn": [ @@ -134,8 +134,8 @@ "Arn" ] }, - "Principal": "*", - "FunctionUrlAuthType": "NONE" + "FunctionUrlAuthType": "NONE", + "Principal": "*" } }, "CorsFunctionUrlsServiceRole6227B597": { @@ -175,13 +175,13 @@ "Code": { "ZipFile": "def handler(event, context):\n return \"success\"" }, + "Handler": "index.handler", "Role": { "Fn::GetAtt": [ "CorsFunctionUrlsServiceRole6227B597", "Arn" ] }, - "Handler": "index.handler", "Runtime": "python3.10" }, "DependsOn": [ @@ -192,12 +192,6 @@ "Type": "AWS::Lambda::Url", "Properties": { "AuthType": "NONE", - "TargetFunctionArn": { - "Fn::GetAtt": [ - "CorsFunctionUrlsD81CF424", - "Arn" - ] - }, "Cors": { "AllowMethods": [ "*" @@ -205,6 +199,12 @@ "AllowOrigins": [ "https://example.com" ] + }, + "TargetFunctionArn": { + "Fn::GetAtt": [ + "CorsFunctionUrlsD81CF424", + "Arn" + ] } } }, @@ -218,8 +218,8 @@ "Arn" ] }, - "Principal": "*", - "FunctionUrlAuthType": "NONE" + "FunctionUrlAuthType": "NONE", + "Principal": "*" } }, "StreamFunctionUrlsServiceRoleAF76EC5D": { @@ -259,13 +259,13 @@ "Code": { "ZipFile": "def handler(event, context):\n return \"success\"" }, + "Handler": "index.handler", "Role": { "Fn::GetAtt": [ "StreamFunctionUrlsServiceRoleAF76EC5D", "Arn" ] }, - "Handler": "index.handler", "Runtime": "python3.10" }, "DependsOn": [ @@ -276,13 +276,13 @@ "Type": "AWS::Lambda::Url", "Properties": { "AuthType": "NONE", + "InvokeMode": "RESPONSE_STREAM", "TargetFunctionArn": { "Fn::GetAtt": [ "StreamFunctionUrlsAAB55C9C", "Arn" ] - }, - "InvokeMode": "RESPONSE_STREAM" + } } }, "StreamFunctionUrlsinvokefunctionurl4FD8689D": { @@ -295,8 +295,8 @@ "Arn" ] }, - "Principal": "*", - "FunctionUrlAuthType": "NONE" + "FunctionUrlAuthType": "NONE", + "Principal": "*" } } }, diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.function-url.js.snapshot/cdk.out b/packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.function-url.js.snapshot/cdk.out index 7925065efbcc4..c6e612584e352 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.function-url.js.snapshot/cdk.out +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.function-url.js.snapshot/cdk.out @@ -1 +1 @@ -{"version":"31.0.0"} \ No newline at end of file +{"version":"38.0.1"} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.function-url.js.snapshot/integ.json b/packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.function-url.js.snapshot/integ.json index af28900b46c4e..4de529c8a139a 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.function-url.js.snapshot/integ.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.function-url.js.snapshot/integ.json @@ -1,5 +1,5 @@ { - "version": "31.0.0", + "version": "38.0.1", "testCases": { "IntegTest/DefaultTest": { "stacks": [ diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.function-url.js.snapshot/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.function-url.js.snapshot/manifest.json index ae8f2a8887315..b1f4b3c3087af 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.function-url.js.snapshot/manifest.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.function-url.js.snapshot/manifest.json @@ -1,5 +1,5 @@ { - "version": "31.0.0", + "version": "38.0.1", "artifacts": { "Stack1.assets": { "type": "cdk:asset-manifest", @@ -14,10 +14,12 @@ "environment": "aws://unknown-account/unknown-region", "properties": { "templateFile": "Stack1.template.json", + "terminationProtection": false, "validateOnSynth": false, + "notificationArns": [], "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/d737b02c2791946e8c85b164fcf9b8853f5f29f5ba2839eecf03d7130d58ee17.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/a83c04aa3d13aae337040b2062567727e3c7b177081dda963df9493e460f7a58.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ @@ -175,7 +177,9 @@ "environment": "aws://unknown-account/unknown-region", "properties": { "templateFile": "IntegTestDefaultTestDeployAssertE3E7D2A4.template.json", + "terminationProtection": false, "validateOnSynth": false, + "notificationArns": [], "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.function-url.js.snapshot/tree.json b/packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.function-url.js.snapshot/tree.json index 7edd345204eec..4cc480c2d3d34 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.function-url.js.snapshot/tree.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.function-url.js.snapshot/tree.json @@ -78,13 +78,13 @@ "code": { "zipFile": "def handler(event, context):\n return \"success\"" }, + "handler": "index.handler", "role": { "Fn::GetAtt": [ "IamAuthFunctionUrlsServiceRole35DF9DE0", "Arn" ] }, - "handler": "index.handler", "runtime": "python3.10" } }, @@ -207,13 +207,13 @@ "code": { "zipFile": "def handler(event, context):\n return \"success\"" }, + "handler": "index.handler", "role": { "Fn::GetAtt": [ "NoAuthFunctionUrlsServiceRole7247E6F2", "Arn" ] }, - "handler": "index.handler", "runtime": "python3.10" } }, @@ -265,8 +265,8 @@ "Arn" ] }, - "principal": "*", - "functionUrlAuthType": "NONE" + "functionUrlAuthType": "NONE", + "principal": "*" } }, "constructInfo": { @@ -358,13 +358,13 @@ "code": { "zipFile": "def handler(event, context):\n return \"success\"" }, + "handler": "index.handler", "role": { "Fn::GetAtt": [ "CorsFunctionUrlsServiceRole6227B597", "Arn" ] }, - "handler": "index.handler", "runtime": "python3.10" } }, @@ -384,12 +384,6 @@ "aws:cdk:cloudformation:type": "AWS::Lambda::Url", "aws:cdk:cloudformation:props": { "authType": "NONE", - "targetFunctionArn": { - "Fn::GetAtt": [ - "CorsFunctionUrlsD81CF424", - "Arn" - ] - }, "cors": { "allowMethods": [ "*" @@ -397,6 +391,12 @@ "allowOrigins": [ "https://example.com" ] + }, + "targetFunctionArn": { + "Fn::GetAtt": [ + "CorsFunctionUrlsD81CF424", + "Arn" + ] } } }, @@ -424,8 +424,8 @@ "Arn" ] }, - "principal": "*", - "functionUrlAuthType": "NONE" + "functionUrlAuthType": "NONE", + "principal": "*" } }, "constructInfo": { @@ -517,13 +517,13 @@ "code": { "zipFile": "def handler(event, context):\n return \"success\"" }, + "handler": "index.handler", "role": { "Fn::GetAtt": [ "StreamFunctionUrlsServiceRoleAF76EC5D", "Arn" ] }, - "handler": "index.handler", "runtime": "python3.10" } }, @@ -543,13 +543,13 @@ "aws:cdk:cloudformation:type": "AWS::Lambda::Url", "aws:cdk:cloudformation:props": { "authType": "NONE", + "invokeMode": "RESPONSE_STREAM", "targetFunctionArn": { "Fn::GetAtt": [ "StreamFunctionUrlsAAB55C9C", "Arn" ] - }, - "invokeMode": "RESPONSE_STREAM" + } } }, "constructInfo": { @@ -576,8 +576,8 @@ "Arn" ] }, - "principal": "*", - "functionUrlAuthType": "NONE" + "functionUrlAuthType": "NONE", + "principal": "*" } }, "constructInfo": { @@ -634,7 +634,7 @@ "path": "IntegTest/DefaultTest/Default", "constructInfo": { "fqn": "constructs.Construct", - "version": "10.1.270" + "version": "10.3.0" } }, "DeployAssert": { @@ -680,7 +680,7 @@ "path": "Tree", "constructInfo": { "fqn": "constructs.Construct", - "version": "10.1.270" + "version": "10.3.0" } } }, diff --git a/packages/aws-cdk-lib/cx-api/FEATURE_FLAGS.md b/packages/aws-cdk-lib/cx-api/FEATURE_FLAGS.md index 2de4a12515cb1..d4030cf1e93f5 100644 --- a/packages/aws-cdk-lib/cx-api/FEATURE_FLAGS.md +++ b/packages/aws-cdk-lib/cx-api/FEATURE_FLAGS.md @@ -141,7 +141,7 @@ The following json shows the current recommended set of flags, as `cdk init` wou "@aws-cdk/aws-s3:keepNotificationInImportedBucket": false, "@aws-cdk/aws-ecs:reduceEc2FargateCloudWatchPermissions": true, "@aws-cdk/aws-ec2:ec2SumTImeoutEnabled": true, - "@aws-cdk/aws-appsync:appSyncGraphQLAPIScopeLambdaPermission": true + "@aws-cdk/aws-appsync:appSyncGraphQLAPIScopeLambdaPermission": true, "@aws-cdk/aws-rds:setCorrectValueForDatabaseInstanceReadReplicaInstanceResourceId": true } } From 3dcef9394642a938e2ff5059530f61823e5746df Mon Sep 17 00:00:00 2001 From: watany <76135106+watany-dev@users.noreply.github.com> Date: Thu, 3 Oct 2024 15:56:11 +0000 Subject: [PATCH 5/5] revert --- packages/aws-cdk-lib/cx-api/FEATURE_FLAGS.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/aws-cdk-lib/cx-api/FEATURE_FLAGS.md b/packages/aws-cdk-lib/cx-api/FEATURE_FLAGS.md index d4030cf1e93f5..2de4a12515cb1 100644 --- a/packages/aws-cdk-lib/cx-api/FEATURE_FLAGS.md +++ b/packages/aws-cdk-lib/cx-api/FEATURE_FLAGS.md @@ -141,7 +141,7 @@ The following json shows the current recommended set of flags, as `cdk init` wou "@aws-cdk/aws-s3:keepNotificationInImportedBucket": false, "@aws-cdk/aws-ecs:reduceEc2FargateCloudWatchPermissions": true, "@aws-cdk/aws-ec2:ec2SumTImeoutEnabled": true, - "@aws-cdk/aws-appsync:appSyncGraphQLAPIScopeLambdaPermission": true, + "@aws-cdk/aws-appsync:appSyncGraphQLAPIScopeLambdaPermission": true "@aws-cdk/aws-rds:setCorrectValueForDatabaseInstanceReadReplicaInstanceResourceId": true } }