Upgrade CDK infrastructure to CDK 2 (#1214)

* Upgrade EKS integ test infrastructure to CDK 2 * Upgrade ci-cdk to CDK 2
2022-02-22 11:31:04 -08:00 · 2022-02-22 11:31:04 -08:00 · 458b413be5
parent 0a7d052173
commit 458b413be5
17 changed files with 1881 additions and 28953 deletions
--- a/aws/rust-runtime/aws-config/integration-tests/eks-credentials/bin/eks-credentials.ts
+++ b/aws/rust-runtime/aws-config/integration-tests/eks-credentials/bin/eks-credentials.ts
@ -1,14 +1,14 @@
+#!/usr/bin/env node
 /*
 * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
 * SPDX-License-Identifier: Apache-2.0.
 */

-#!/usr/bin/env node
 import 'source-map-support/register';
-import * as cdk from '@aws-cdk/core';
+import { App } from "aws-cdk-lib";
 import { EksCredentialsStack } from '../lib/eks-credentials-stack';

-const app = new cdk.App();
+const app = new App();
 new EksCredentialsStack(app, 'EksCredentialsStack', {
  /* If you don't specify 'env', this stack will be environment-agnostic.
   * Account/Region-dependent features and context lookups will not work,
--- a/aws/rust-runtime/aws-config/integration-tests/eks-credentials/cdk.json
+++ b/aws/rust-runtime/aws-config/integration-tests/eks-credentials/cdk.json
@ -1,18 +1,5 @@
 {
  "app": "npx ts-node --prefer-ts-exts bin/eks-credentials.ts",
  "context": {
-    "@aws-cdk/aws-apigateway:usagePlanKeyOrderInsensitiveId": true,
-    "@aws-cdk/core:enableStackNameDuplicates": "true",
-    "aws-cdk:enableDiffNoFail": "true",
-    "@aws-cdk/core:stackRelativeExports": "true",
-    "@aws-cdk/aws-ecr-assets:dockerIgnoreSupport": true,
-    "@aws-cdk/aws-secretsmanager:parseOwnedSecretName": true,
-    "@aws-cdk/aws-kms:defaultKeyPolicies": true,
-    "@aws-cdk/aws-s3:grantWriteWithoutAcl": true,
-    "@aws-cdk/aws-ecs-patterns:removeDefaultDesiredCount": true,
-    "@aws-cdk/aws-rds:lowercaseDbIdentifier": true,
-    "@aws-cdk/aws-efs:defaultEncryptionAtRest": true,
-    "@aws-cdk/aws-lambda:recognizeVersionProps": true,
-    "@aws-cdk/aws-cloudfront:defaultSecurityPolicyTLSv1.2_2021": true
  }
 }
--- a/aws/rust-runtime/aws-config/integration-tests/eks-credentials/lib/eks-credentials-stack.ts
+++ b/aws/rust-runtime/aws-config/integration-tests/eks-credentials/lib/eks-credentials-stack.ts
@ -3,11 +3,13 @@
 * SPDX-License-Identifier: Apache-2.0.
 */

-import * as cdk from '@aws-cdk/core';
-import * as eks from '@aws-cdk/aws-eks';
-import * as dynamodb from '@aws-cdk/aws-dynamodb';
-export class EksCredentialsStack extends cdk.Stack {
-  constructor(scope: cdk.Construct, id: string, props?: cdk.StackProps) {
+import { Stack, StackProps } from "aws-cdk-lib";
+import * as eks from "aws-cdk-lib/aws-eks";
+import * as dynamodb from "aws-cdk-lib/aws-dynamodb";
+import { Construct } from "constructs";
+
+export class EksCredentialsStack extends Stack {
+  constructor(scope: Construct, id: string, props?: StackProps) {
    super(scope, id, props);


--- a/aws/rust-runtime/aws-config/integration-tests/eks-credentials/package-lock.json
+++ b/aws/rust-runtime/aws-config/integration-tests/eks-credentials/package-lock.json
--- a/aws/rust-runtime/aws-config/integration-tests/eks-credentials/package.json
+++ b/aws/rust-runtime/aws-config/integration-tests/eks-credentials/package.json
@ -1,29 +1,22 @@
 {
  "name": "eks-credentials",
  "version": "0.1.0",
+  "license": "Apache-2.0",
+  "private": true,
  "bin": {
    "eks-credentials": "bin/eks-credentials.js"
  },
  "scripts": {
    "build": "tsc",
    "watch": "tsc -w",
-    "test": "jest",
    "cdk": "cdk"
  },
  "devDependencies": {
-    "@aws-cdk/assert": "1.143.0",
-    "@types/jest": "^26.0.10",
    "@types/node": "10.17.27",
-    "aws-cdk": "1.143.0",
-    "jest": "^26.4.2",
-    "ts-jest": "^26.2.0",
+    "aws-cdk": "^2.0.0",
+    "aws-cdk-lib": "^2.0.0",
+    "constructs": "^10.0.0",
    "ts-node": "^9.0.0",
-    "typescript": "~3.9.7"
-  },
-  "dependencies": {
-    "@aws-cdk/aws-dynamodb": "^1.143.0",
-    "@aws-cdk/aws-eks": "^1.143.0",
-    "@aws-cdk/core": "1.143.0",
-    "source-map-support": "^0.5.16"
+    "typescript": "~4.5.5"
  }
 }
--- a/aws/rust-runtime/aws-config/integration-tests/eks-credentials/test/eks-credentials.test.ts
+++ b/aws/rust-runtime/aws-config/integration-tests/eks-credentials/test/eks-credentials.test.ts
@ -1,18 +0,0 @@
-/*
- * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
- * SPDX-License-Identifier: Apache-2.0.
- */
-
-import { expect as expectCDK, matchTemplate, MatchStyle } from '@aws-cdk/assert';
-import * as cdk from '@aws-cdk/core';
-import * as EksCredentials from '../lib/eks-credentials-stack';
-
-test('Empty Stack', () => {
-    const app = new cdk.App();
-    // WHEN
-    const stack = new EksCredentials.EksCredentialsStack(app, 'MyTestStack');
-    // THEN
-    expectCDK(stack).to(matchTemplate({
-      "Resources": {}
-    }, MatchStyle.EXACT))
-});
--- a/tools/ci-cdk/bin/ci-cdk.ts
+++ b/tools/ci-cdk/bin/ci-cdk.ts
@ -5,12 +5,12 @@
 */

 import "source-map-support/register";
-import * as cdk from "@aws-cdk/core";
+import { App } from "aws-cdk-lib";
 import { PullRequestCdnStack } from "../lib/smithy-rs/pull-request-cdn-stack";
 import { CanaryStack } from "../lib/aws-sdk-rust/canary-stack";
 import { OidcProviderStack } from "../lib/oidc-provider-stack";

-const app = new cdk.App();
+const app = new App();

 const oidcProviderStack = new OidcProviderStack(app, "oidc-provider-stack", {});

--- a/tools/ci-cdk/cdk.json
+++ b/tools/ci-cdk/cdk.json
@ -17,18 +17,5 @@
    ]
  },
  "context": {
-    "@aws-cdk/aws-apigateway:usagePlanKeyOrderInsensitiveId": true,
-    "@aws-cdk/core:enableStackNameDuplicates": true,
-    "aws-cdk:enableDiffNoFail": true,
-    "@aws-cdk/core:stackRelativeExports": true,
-    "@aws-cdk/aws-ecr-assets:dockerIgnoreSupport": true,
-    "@aws-cdk/aws-secretsmanager:parseOwnedSecretName": true,
-    "@aws-cdk/aws-kms:defaultKeyPolicies": true,
-    "@aws-cdk/aws-s3:grantWriteWithoutAcl": true,
-    "@aws-cdk/aws-ecs-patterns:removeDefaultDesiredCount": true,
-    "@aws-cdk/aws-rds:lowercaseDbIdentifier": true,
-    "@aws-cdk/aws-efs:defaultEncryptionAtRest": true,
-    "@aws-cdk/aws-lambda:recognizeVersionProps": true,
-    "@aws-cdk/aws-cloudfront:defaultSecurityPolicyTLSv1.2_2021": true
  }
 }
--- a/tools/ci-cdk/lib/aws-sdk-rust/canary-stack.ts
+++ b/tools/ci-cdk/lib/aws-sdk-rust/canary-stack.ts
@ -9,9 +9,10 @@ import {
    PolicyStatement,
    Role,
    ServicePrincipal,
-} from "@aws-cdk/aws-iam";
-import { BlockPublicAccess, Bucket, BucketEncryption } from "@aws-cdk/aws-s3";
-import { Construct, StackProps, Stack, Tags, RemovalPolicy, Duration } from "@aws-cdk/core";
+} from "aws-cdk-lib/aws-iam";
+import { BlockPublicAccess, Bucket, BucketEncryption } from "aws-cdk-lib/aws-s3";
+import { StackProps, Stack, Tags, RemovalPolicy, Duration } from "aws-cdk-lib";
+import { Construct } from "constructs";
 import { GitHubOidcRole } from "../constructs/github-oidc-role";

 export interface Properties extends StackProps {
--- a/tools/ci-cdk/lib/constructs/cloudfront-s3-cdn.ts
+++ b/tools/ci-cdk/lib/constructs/cloudfront-s3-cdn.ts
@ -10,10 +10,11 @@ import {
    OriginAccessIdentity,
    PriceClass,
    ViewerProtocolPolicy,
-} from "@aws-cdk/aws-cloudfront";
-import { S3Origin } from "@aws-cdk/aws-cloudfront-origins";
-import { BlockPublicAccess, Bucket, BucketEncryption, LifecycleRule } from "@aws-cdk/aws-s3";
-import { Construct, RemovalPolicy, Tags } from "@aws-cdk/core";
+} from "aws-cdk-lib/aws-cloudfront";
+import { S3Origin } from "aws-cdk-lib/aws-cloudfront-origins";
+import { BlockPublicAccess, Bucket, BucketEncryption, LifecycleRule } from "aws-cdk-lib/aws-s3";
+import { RemovalPolicy, Tags } from "aws-cdk-lib";
+import { Construct } from "constructs";

 export interface Properties {
    name: string;
--- a/tools/ci-cdk/lib/constructs/github-oidc-role.ts
+++ b/tools/ci-cdk/lib/constructs/github-oidc-role.ts
@ -3,8 +3,9 @@
 * SPDX-License-Identifier: Apache-2.0.
 */

-import { FederatedPrincipal, OpenIdConnectProvider, Role } from "@aws-cdk/aws-iam";
-import { Construct, Tags } from "@aws-cdk/core";
+import { FederatedPrincipal, OpenIdConnectProvider, Role } from "aws-cdk-lib/aws-iam";
+import { Construct } from "constructs";
+import { Tags } from "aws-cdk-lib";

 export interface Properties {
    name: string;
--- a/tools/ci-cdk/lib/oidc-provider-stack.ts
+++ b/tools/ci-cdk/lib/oidc-provider-stack.ts
@ -3,8 +3,9 @@
 * SPDX-License-Identifier: Apache-2.0.
 */

-import { OpenIdConnectProvider } from "@aws-cdk/aws-iam";
-import { Construct, StackProps, Stack, Tags } from "@aws-cdk/core";
+import { OpenIdConnectProvider } from "aws-cdk-lib/aws-iam";
+import { StackProps, Stack, Tags } from "aws-cdk-lib";
+import { Construct } from "constructs";

 /// This thumbprint is used to validate GitHub's identity to AWS. This is
 /// just a SHA-1 hash of the top intermediate certificate authority's certificate.
@ -16,7 +17,7 @@ import { Construct, StackProps, Stack, Tags } from "@aws-cdk/core";
 ///
 /// This was done with the initial Idp URL of:
 /// https://token.actions.githubusercontent.com/.well-known/openid-configuration
-const GITHUB_CERTIFICATE_THUMBPRINT = "6938FD4D98BAB03FAADB97B34396831E3780AEA1";
+export const GITHUB_CERTIFICATE_THUMBPRINT = "6938FD4D98BAB03FAADB97B34396831E3780AEA1";

 // There can only be one OIDC provider for a given URL per AWS account,
 // so put these in their own stack to be shared with other stacks.
--- a/tools/ci-cdk/lib/smithy-rs/pull-request-cdn-stack.ts
+++ b/tools/ci-cdk/lib/smithy-rs/pull-request-cdn-stack.ts
@ -3,21 +3,21 @@
 * SPDX-License-Identifier: Apache-2.0.
 */

-import { OpenIdConnectProvider } from "@aws-cdk/aws-iam";
-import * as cdk from "@aws-cdk/core";
-import { Duration, RemovalPolicy, StackProps, Tags } from "@aws-cdk/core";
+import { OpenIdConnectProvider } from "aws-cdk-lib/aws-iam";
+import { Duration, RemovalPolicy, Stack, StackProps, Tags } from "aws-cdk-lib";
 import { CloudFrontS3Cdn } from "../constructs/cloudfront-s3-cdn";
 import { GitHubOidcRole } from "../constructs/github-oidc-role";
+import { Construct } from "constructs";

 export interface Properties extends StackProps {
    githubActionsOidcProvider: OpenIdConnectProvider;
 }

-export class PullRequestCdnStack extends cdk.Stack {
+export class PullRequestCdnStack extends Stack {
    public readonly smithyRsOidcRole: GitHubOidcRole;
    public readonly pullRequestCdn: CloudFrontS3Cdn;

-    constructor(scope: cdk.Construct, id: string, props: Properties) {
+    constructor(scope: Construct, id: string, props: Properties) {
        super(scope, id, props);

        // Tag the resources created by this stack to make identifying resources easier
--- a/tools/ci-cdk/package-lock.json
+++ b/tools/ci-cdk/package-lock.json
--- a/tools/ci-cdk/package.json
+++ b/tools/ci-cdk/package.json
@ -14,26 +14,20 @@
    "cdk": "cdk"
  },
  "devDependencies": {
-    "@aws-cdk/assertions": "1.134.0",
-    "@types/jest": "^26.0.10",
-    "@types/node": "10.17.27",
-    "@typescript-eslint/eslint-plugin": "^5.5.0",
-    "@typescript-eslint/parser": "^5.5.0",
-    "aws-cdk": "1.134.0",
-    "eslint": "^8.3.0",
-    "eslint-config-prettier": "^8.3.0",
-    "jest": "^26.4.2",
+    "@types/jest": "^27.0.0",
+    "@types/node": "^17.0.0",
+    "@typescript-eslint/eslint-plugin": "^5.12.0",
+    "@typescript-eslint/parser": "^5.12.0",
+    "aws-cdk": "^2.0.0",
+    "aws-cdk-lib": "^2.0.0",
+    "constructs": "^10.0.0",
+    "eslint": "^8.9.0",
+    "eslint-config-prettier": "^8.4.0",
+    "jest": "^27.0.0",
    "prettier": "^2.5.0",
-    "ts-jest": "^26.2.0",
-    "ts-node": "^9.0.0",
-    "typescript": "~3.9.7"
-  },
-  "dependencies": {
-    "@aws-cdk/aws-cloudfront": "^1.134.0",
-    "@aws-cdk/aws-cloudfront-origins": "^1.134.0",
-    "@aws-cdk/aws-iam": "^1.134.0",
-    "@aws-cdk/aws-s3": "^1.134.0",
-    "@aws-cdk/core": "1.134.0",
-    "source-map-support": "^0.5.16"
+    "source-map-support": "^0.5.16",
+    "ts-jest": "^27.0.0",
+    "ts-node": "^10.0.0",
+    "typescript": "~4.5.5"
  }
 }
--- a/tools/ci-cdk/test/constructs/github-oidc-role.test.ts
+++ b/tools/ci-cdk/test/constructs/github-oidc-role.test.ts
@ -3,14 +3,13 @@
 * SPDX-License-Identifier: Apache-2.0.
 */

-import { Match, Template } from "@aws-cdk/assertions";
-import * as cdk from "@aws-cdk/core";
-import { Stack } from "@aws-cdk/core";
+import { Match, Template } from "aws-cdk-lib/assertions";
+import { App, Stack } from "aws-cdk-lib";
 import { GitHubOidcRole } from "../../lib/constructs/github-oidc-role";
 import { OidcProviderStack } from "../../lib/oidc-provider-stack";

 test("it should have an OIDC access role", () => {
-    const app = new cdk.App();
+    const app = new App();
    const oidcStack = new OidcProviderStack(app, "oidc-provider-stack", {});
    const stack = new Stack(app, "test-stack");

--- a/tools/ci-cdk/test/oidc-provider-stack.test.ts
+++ b/tools/ci-cdk/test/oidc-provider-stack.test.ts
@ -3,19 +3,19 @@
 * SPDX-License-Identifier: Apache-2.0.
 */

-import { Template } from "@aws-cdk/assertions";
-import * as cdk from "@aws-cdk/core";
-import { OidcProviderStack } from "../lib/oidc-provider-stack";
+import { App } from "aws-cdk-lib";
+import { Template } from "aws-cdk-lib/assertions";
+import { GITHUB_CERTIFICATE_THUMBPRINT, OidcProviderStack } from "../lib/oidc-provider-stack";

 test("it should have an OIDC provider", () => {
-    const app = new cdk.App();
+    const app = new App();
    const stack = new OidcProviderStack(app, "oidc-provider-stack", {});
    const template = Template.fromStack(stack);

    // Verify the OIDC provider
    template.hasResourceProperties("Custom::AWSCDKOpenIdConnectProvider", {
        ClientIDList: ["sts.amazonaws.com"],
-        ThumbprintList: ["A031C46782E6E6C662C2C87C76DA9AA62CCABD8E"],
+        ThumbprintList: [GITHUB_CERTIFICATE_THUMBPRINT],
        Url: "https://token.actions.githubusercontent.com",
    });
 });