From 6590e7dd7d19c1f32b4516a45d34420cd4fe30b7 Mon Sep 17 00:00:00 2001
From: Adam Ruka <adamruka@amazon.com>
Date: Tue, 15 Jun 2021 14:50:07 -0700
Subject: [PATCH] fix: Custom Resources use end-of-life Lambda Node 10 runtime
 (#834)

Update them to Node 12.

-----

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
---
 lib/__tests__/expected.yml                      | 8 ++++----
 lib/change-controller.ts                        | 2 +-
 lib/chime-notifier/chime-notifier.ts            | 2 +-
 lib/code-signing/certificate-signing-request.ts | 2 +-
 lib/code-signing/private-key.ts                 | 2 +-
 lib/open-pgp-key-pair.ts                        | 2 +-
 package.json                                    | 2 +-
 7 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/lib/__tests__/expected.yml b/lib/__tests__/expected.yml
index d383c887..832fc2d1 100644
--- a/lib/__tests__/expected.yml
+++ b/lib/__tests__/expected.yml
@@ -4300,7 +4300,7 @@ Resources:
           STAGE_NAME: Publish
           AWS_NODEJS_CONNECTION_REUSE_ENABLED: "1"
       Handler: index.handler
-      Runtime: nodejs10.x
+      Runtime: nodejs12.x
       Timeout: 300
     DependsOn:
       - CodeCommitPipelineChangeControllerFunctionServiceRoleDefaultPolicy315F7AF5
@@ -4513,7 +4513,7 @@ Resources:
       Handler: index.handler
       Layers:
         - Ref: X509CodeSigningKeyRSAPrivateKeyOpenSslCliLayer3F0C7B04
-      Runtime: nodejs10.x
+      Runtime: nodejs12.x
       Timeout: 300
     DependsOn:
       - RSAPrivateKey72FD327D38134632934028EC437AA486ServiceRoleDefaultPolicy487DB1EA
@@ -4569,7 +4569,7 @@ Resources:
       Handler: index.handler
       Layers:
         - Ref: X509CodeSigningKeyRSAPrivateKeyCertificateSigningRequestOpenSslCliLayer61AF8E77
-      Runtime: nodejs10.x
+      Runtime: nodejs12.x
       Timeout: 300
     DependsOn:
       - CreateCSR541F67826DCF49A78C5A67715ADD9E4CServiceRoleDefaultPolicyC0800208
@@ -4747,7 +4747,7 @@ Resources:
       Handler: index.handler
       Layers:
         - Ref: CodeSignGpgLayer4D38F47B
-      Runtime: nodejs10.x
+      Runtime: nodejs12.x
       Timeout: 300
     DependsOn:
       - SingletonLambdaf25803d3054b44fc985f4860d7d6ee74ServiceRoleDefaultPolicyA8FDF5BD
diff --git a/lib/change-controller.ts b/lib/change-controller.ts
index afa88cb7..486aa595 100644
--- a/lib/change-controller.ts
+++ b/lib/change-controller.ts
@@ -79,7 +79,7 @@ export class ChangeController extends Construct {
     const fn = new nodejs.NodejsFunction(this, 'Function', {
       description: `Enforces a Change Control Policy into CodePipeline's ${props.pipelineStage.stageName} stage`,
       entry: path.join(__dirname, 'change-control-lambda', 'index.ts'),
-      runtime: lambda.Runtime.NODEJS_10_X,
+      runtime: lambda.Runtime.NODEJS_12_X,
       environment: {
         // CAPITAL punishment 👌🏻
         CHANGE_CONTROL_BUCKET_NAME: changeControlBucket.bucketName,
diff --git a/lib/chime-notifier/chime-notifier.ts b/lib/chime-notifier/chime-notifier.ts
index 4e2817d8..7e25bf65 100644
--- a/lib/chime-notifier/chime-notifier.ts
+++ b/lib/chime-notifier/chime-notifier.ts
@@ -56,7 +56,7 @@ export class ChimeNotifier extends Construct {
         handler: 'index.handler',
         uuid: '0f4a3ee0-692e-4249-932f-a46a833886d8',
         code: lambda.Code.inline(stripComments(fs.readFileSync(path.join(__dirname, 'notifier-handler.js')).toString('utf8'))),
-        runtime: lambda.Runtime.NODEJS_10_X,
+        runtime: lambda.Runtime.NODEJS_12_X,
         timeout: Duration.minutes(5),
       });
 
diff --git a/lib/code-signing/certificate-signing-request.ts b/lib/code-signing/certificate-signing-request.ts
index e4bd8868..4c167b17 100644
--- a/lib/code-signing/certificate-signing-request.ts
+++ b/lib/code-signing/certificate-signing-request.ts
@@ -55,7 +55,7 @@ export class CertificateSigningRequest extends Construct {
       uuid: '541F6782-6DCF-49A7-8C5A-67715ADD9E4C',
       lambdaPurpose: 'CreateCSR',
       description: 'Creates a Certificate Signing Request document for an x509 certificate',
-      runtime: lambda.Runtime.NODEJS_10_X,
+      runtime: lambda.Runtime.NODEJS_12_X,
       handler: 'index.handler',
       code: new lambda.AssetCode(codeLocation),
       timeout: Duration.seconds(300),
diff --git a/lib/code-signing/private-key.ts b/lib/code-signing/private-key.ts
index 7fa2f0d8..7734487e 100644
--- a/lib/code-signing/private-key.ts
+++ b/lib/code-signing/private-key.ts
@@ -66,7 +66,7 @@ export class RsaPrivateKeySecret extends Construct {
       lambdaPurpose: 'RSAPrivate-Key',
       uuid: '72FD327D-3813-4632-9340-28EC437AA486',
       description: 'Generates an RSA Private Key and stores it in AWS Secrets Manager',
-      runtime: lambda.Runtime.NODEJS_10_X,
+      runtime: lambda.Runtime.NODEJS_12_X,
       handler: 'index.handler',
       code: new lambda.AssetCode(codeLocation),
       timeout: Duration.seconds(300),
diff --git a/lib/open-pgp-key-pair.ts b/lib/open-pgp-key-pair.ts
index 1de4e890..f5699f97 100644
--- a/lib/open-pgp-key-pair.ts
+++ b/lib/open-pgp-key-pair.ts
@@ -119,7 +119,7 @@ export class OpenPGPKeyPair extends Construct implements ICredentialPair {
       code: new lambda.AssetCode(codeLocation),
       handler: 'index.handler',
       timeout: Duration.seconds(300),
-      runtime: lambda.Runtime.NODEJS_10_X,
+      runtime: lambda.Runtime.NODEJS_12_X,
       // add the layer that contains the GPG binary (+ shared libraries)
       layers: [new lambda.LayerVersion(this, 'GpgLayer', {
         code: lambda.Code.fromAsset(path.join(__dirname, 'custom-resource-handlers', 'layers', 'gpg-layer.zip')),
diff --git a/package.json b/package.json
index a215dfe9..6a865b68 100644
--- a/package.json
+++ b/package.json
@@ -115,4 +115,4 @@
   },
   "types": "lib/index.d.ts",
   "//": "~~ Generated by projen. To modify, edit .projenrc.js and run \"npx projen\"."
-}
+}
\ No newline at end of file