mirror of https://github.com/smithy-lang/smithy-rs
Upgrade CDK infrastructure to CDK 2 (#1214)
* Upgrade EKS integ test infrastructure to CDK 2 * Upgrade ci-cdk to CDK 2
This commit is contained in:
parent
0a7d052173
commit
458b413be5
|
@ -1,14 +1,14 @@
|
|||
#!/usr/bin/env node
|
||||
/*
|
||||
* Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
|
||||
* SPDX-License-Identifier: Apache-2.0.
|
||||
*/
|
||||
|
||||
#!/usr/bin/env node
|
||||
import 'source-map-support/register';
|
||||
import * as cdk from '@aws-cdk/core';
|
||||
import { App } from "aws-cdk-lib";
|
||||
import { EksCredentialsStack } from '../lib/eks-credentials-stack';
|
||||
|
||||
const app = new cdk.App();
|
||||
const app = new App();
|
||||
new EksCredentialsStack(app, 'EksCredentialsStack', {
|
||||
/* If you don't specify 'env', this stack will be environment-agnostic.
|
||||
* Account/Region-dependent features and context lookups will not work,
|
||||
|
|
|
@ -1,18 +1,5 @@
|
|||
{
|
||||
"app": "npx ts-node --prefer-ts-exts bin/eks-credentials.ts",
|
||||
"context": {
|
||||
"@aws-cdk/aws-apigateway:usagePlanKeyOrderInsensitiveId": true,
|
||||
"@aws-cdk/core:enableStackNameDuplicates": "true",
|
||||
"aws-cdk:enableDiffNoFail": "true",
|
||||
"@aws-cdk/core:stackRelativeExports": "true",
|
||||
"@aws-cdk/aws-ecr-assets:dockerIgnoreSupport": true,
|
||||
"@aws-cdk/aws-secretsmanager:parseOwnedSecretName": true,
|
||||
"@aws-cdk/aws-kms:defaultKeyPolicies": true,
|
||||
"@aws-cdk/aws-s3:grantWriteWithoutAcl": true,
|
||||
"@aws-cdk/aws-ecs-patterns:removeDefaultDesiredCount": true,
|
||||
"@aws-cdk/aws-rds:lowercaseDbIdentifier": true,
|
||||
"@aws-cdk/aws-efs:defaultEncryptionAtRest": true,
|
||||
"@aws-cdk/aws-lambda:recognizeVersionProps": true,
|
||||
"@aws-cdk/aws-cloudfront:defaultSecurityPolicyTLSv1.2_2021": true
|
||||
}
|
||||
}
|
||||
|
|
|
@ -3,11 +3,13 @@
|
|||
* SPDX-License-Identifier: Apache-2.0.
|
||||
*/
|
||||
|
||||
import * as cdk from '@aws-cdk/core';
|
||||
import * as eks from '@aws-cdk/aws-eks';
|
||||
import * as dynamodb from '@aws-cdk/aws-dynamodb';
|
||||
export class EksCredentialsStack extends cdk.Stack {
|
||||
constructor(scope: cdk.Construct, id: string, props?: cdk.StackProps) {
|
||||
import { Stack, StackProps } from "aws-cdk-lib";
|
||||
import * as eks from "aws-cdk-lib/aws-eks";
|
||||
import * as dynamodb from "aws-cdk-lib/aws-dynamodb";
|
||||
import { Construct } from "constructs";
|
||||
|
||||
export class EksCredentialsStack extends Stack {
|
||||
constructor(scope: Construct, id: string, props?: StackProps) {
|
||||
super(scope, id, props);
|
||||
|
||||
|
||||
|
|
File diff suppressed because it is too large
Load Diff
|
@ -1,29 +1,22 @@
|
|||
{
|
||||
"name": "eks-credentials",
|
||||
"version": "0.1.0",
|
||||
"license": "Apache-2.0",
|
||||
"private": true,
|
||||
"bin": {
|
||||
"eks-credentials": "bin/eks-credentials.js"
|
||||
},
|
||||
"scripts": {
|
||||
"build": "tsc",
|
||||
"watch": "tsc -w",
|
||||
"test": "jest",
|
||||
"cdk": "cdk"
|
||||
},
|
||||
"devDependencies": {
|
||||
"@aws-cdk/assert": "1.143.0",
|
||||
"@types/jest": "^26.0.10",
|
||||
"@types/node": "10.17.27",
|
||||
"aws-cdk": "1.143.0",
|
||||
"jest": "^26.4.2",
|
||||
"ts-jest": "^26.2.0",
|
||||
"aws-cdk": "^2.0.0",
|
||||
"aws-cdk-lib": "^2.0.0",
|
||||
"constructs": "^10.0.0",
|
||||
"ts-node": "^9.0.0",
|
||||
"typescript": "~3.9.7"
|
||||
},
|
||||
"dependencies": {
|
||||
"@aws-cdk/aws-dynamodb": "^1.143.0",
|
||||
"@aws-cdk/aws-eks": "^1.143.0",
|
||||
"@aws-cdk/core": "1.143.0",
|
||||
"source-map-support": "^0.5.16"
|
||||
"typescript": "~4.5.5"
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1,18 +0,0 @@
|
|||
/*
|
||||
* Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
|
||||
* SPDX-License-Identifier: Apache-2.0.
|
||||
*/
|
||||
|
||||
import { expect as expectCDK, matchTemplate, MatchStyle } from '@aws-cdk/assert';
|
||||
import * as cdk from '@aws-cdk/core';
|
||||
import * as EksCredentials from '../lib/eks-credentials-stack';
|
||||
|
||||
test('Empty Stack', () => {
|
||||
const app = new cdk.App();
|
||||
// WHEN
|
||||
const stack = new EksCredentials.EksCredentialsStack(app, 'MyTestStack');
|
||||
// THEN
|
||||
expectCDK(stack).to(matchTemplate({
|
||||
"Resources": {}
|
||||
}, MatchStyle.EXACT))
|
||||
});
|
|
@ -5,12 +5,12 @@
|
|||
*/
|
||||
|
||||
import "source-map-support/register";
|
||||
import * as cdk from "@aws-cdk/core";
|
||||
import { App } from "aws-cdk-lib";
|
||||
import { PullRequestCdnStack } from "../lib/smithy-rs/pull-request-cdn-stack";
|
||||
import { CanaryStack } from "../lib/aws-sdk-rust/canary-stack";
|
||||
import { OidcProviderStack } from "../lib/oidc-provider-stack";
|
||||
|
||||
const app = new cdk.App();
|
||||
const app = new App();
|
||||
|
||||
const oidcProviderStack = new OidcProviderStack(app, "oidc-provider-stack", {});
|
||||
|
||||
|
|
|
@ -17,18 +17,5 @@
|
|||
]
|
||||
},
|
||||
"context": {
|
||||
"@aws-cdk/aws-apigateway:usagePlanKeyOrderInsensitiveId": true,
|
||||
"@aws-cdk/core:enableStackNameDuplicates": true,
|
||||
"aws-cdk:enableDiffNoFail": true,
|
||||
"@aws-cdk/core:stackRelativeExports": true,
|
||||
"@aws-cdk/aws-ecr-assets:dockerIgnoreSupport": true,
|
||||
"@aws-cdk/aws-secretsmanager:parseOwnedSecretName": true,
|
||||
"@aws-cdk/aws-kms:defaultKeyPolicies": true,
|
||||
"@aws-cdk/aws-s3:grantWriteWithoutAcl": true,
|
||||
"@aws-cdk/aws-ecs-patterns:removeDefaultDesiredCount": true,
|
||||
"@aws-cdk/aws-rds:lowercaseDbIdentifier": true,
|
||||
"@aws-cdk/aws-efs:defaultEncryptionAtRest": true,
|
||||
"@aws-cdk/aws-lambda:recognizeVersionProps": true,
|
||||
"@aws-cdk/aws-cloudfront:defaultSecurityPolicyTLSv1.2_2021": true
|
||||
}
|
||||
}
|
||||
|
|
|
@ -9,9 +9,10 @@ import {
|
|||
PolicyStatement,
|
||||
Role,
|
||||
ServicePrincipal,
|
||||
} from "@aws-cdk/aws-iam";
|
||||
import { BlockPublicAccess, Bucket, BucketEncryption } from "@aws-cdk/aws-s3";
|
||||
import { Construct, StackProps, Stack, Tags, RemovalPolicy, Duration } from "@aws-cdk/core";
|
||||
} from "aws-cdk-lib/aws-iam";
|
||||
import { BlockPublicAccess, Bucket, BucketEncryption } from "aws-cdk-lib/aws-s3";
|
||||
import { StackProps, Stack, Tags, RemovalPolicy, Duration } from "aws-cdk-lib";
|
||||
import { Construct } from "constructs";
|
||||
import { GitHubOidcRole } from "../constructs/github-oidc-role";
|
||||
|
||||
export interface Properties extends StackProps {
|
||||
|
|
|
@ -10,10 +10,11 @@ import {
|
|||
OriginAccessIdentity,
|
||||
PriceClass,
|
||||
ViewerProtocolPolicy,
|
||||
} from "@aws-cdk/aws-cloudfront";
|
||||
import { S3Origin } from "@aws-cdk/aws-cloudfront-origins";
|
||||
import { BlockPublicAccess, Bucket, BucketEncryption, LifecycleRule } from "@aws-cdk/aws-s3";
|
||||
import { Construct, RemovalPolicy, Tags } from "@aws-cdk/core";
|
||||
} from "aws-cdk-lib/aws-cloudfront";
|
||||
import { S3Origin } from "aws-cdk-lib/aws-cloudfront-origins";
|
||||
import { BlockPublicAccess, Bucket, BucketEncryption, LifecycleRule } from "aws-cdk-lib/aws-s3";
|
||||
import { RemovalPolicy, Tags } from "aws-cdk-lib";
|
||||
import { Construct } from "constructs";
|
||||
|
||||
export interface Properties {
|
||||
name: string;
|
||||
|
|
|
@ -3,8 +3,9 @@
|
|||
* SPDX-License-Identifier: Apache-2.0.
|
||||
*/
|
||||
|
||||
import { FederatedPrincipal, OpenIdConnectProvider, Role } from "@aws-cdk/aws-iam";
|
||||
import { Construct, Tags } from "@aws-cdk/core";
|
||||
import { FederatedPrincipal, OpenIdConnectProvider, Role } from "aws-cdk-lib/aws-iam";
|
||||
import { Construct } from "constructs";
|
||||
import { Tags } from "aws-cdk-lib";
|
||||
|
||||
export interface Properties {
|
||||
name: string;
|
||||
|
|
|
@ -3,8 +3,9 @@
|
|||
* SPDX-License-Identifier: Apache-2.0.
|
||||
*/
|
||||
|
||||
import { OpenIdConnectProvider } from "@aws-cdk/aws-iam";
|
||||
import { Construct, StackProps, Stack, Tags } from "@aws-cdk/core";
|
||||
import { OpenIdConnectProvider } from "aws-cdk-lib/aws-iam";
|
||||
import { StackProps, Stack, Tags } from "aws-cdk-lib";
|
||||
import { Construct } from "constructs";
|
||||
|
||||
/// This thumbprint is used to validate GitHub's identity to AWS. This is
|
||||
/// just a SHA-1 hash of the top intermediate certificate authority's certificate.
|
||||
|
@ -16,7 +17,7 @@ import { Construct, StackProps, Stack, Tags } from "@aws-cdk/core";
|
|||
///
|
||||
/// This was done with the initial Idp URL of:
|
||||
/// https://token.actions.githubusercontent.com/.well-known/openid-configuration
|
||||
const GITHUB_CERTIFICATE_THUMBPRINT = "6938FD4D98BAB03FAADB97B34396831E3780AEA1";
|
||||
export const GITHUB_CERTIFICATE_THUMBPRINT = "6938FD4D98BAB03FAADB97B34396831E3780AEA1";
|
||||
|
||||
// There can only be one OIDC provider for a given URL per AWS account,
|
||||
// so put these in their own stack to be shared with other stacks.
|
||||
|
|
|
@ -3,21 +3,21 @@
|
|||
* SPDX-License-Identifier: Apache-2.0.
|
||||
*/
|
||||
|
||||
import { OpenIdConnectProvider } from "@aws-cdk/aws-iam";
|
||||
import * as cdk from "@aws-cdk/core";
|
||||
import { Duration, RemovalPolicy, StackProps, Tags } from "@aws-cdk/core";
|
||||
import { OpenIdConnectProvider } from "aws-cdk-lib/aws-iam";
|
||||
import { Duration, RemovalPolicy, Stack, StackProps, Tags } from "aws-cdk-lib";
|
||||
import { CloudFrontS3Cdn } from "../constructs/cloudfront-s3-cdn";
|
||||
import { GitHubOidcRole } from "../constructs/github-oidc-role";
|
||||
import { Construct } from "constructs";
|
||||
|
||||
export interface Properties extends StackProps {
|
||||
githubActionsOidcProvider: OpenIdConnectProvider;
|
||||
}
|
||||
|
||||
export class PullRequestCdnStack extends cdk.Stack {
|
||||
export class PullRequestCdnStack extends Stack {
|
||||
public readonly smithyRsOidcRole: GitHubOidcRole;
|
||||
public readonly pullRequestCdn: CloudFrontS3Cdn;
|
||||
|
||||
constructor(scope: cdk.Construct, id: string, props: Properties) {
|
||||
constructor(scope: Construct, id: string, props: Properties) {
|
||||
super(scope, id, props);
|
||||
|
||||
// Tag the resources created by this stack to make identifying resources easier
|
||||
|
|
File diff suppressed because it is too large
Load Diff
|
@ -14,26 +14,20 @@
|
|||
"cdk": "cdk"
|
||||
},
|
||||
"devDependencies": {
|
||||
"@aws-cdk/assertions": "1.134.0",
|
||||
"@types/jest": "^26.0.10",
|
||||
"@types/node": "10.17.27",
|
||||
"@typescript-eslint/eslint-plugin": "^5.5.0",
|
||||
"@typescript-eslint/parser": "^5.5.0",
|
||||
"aws-cdk": "1.134.0",
|
||||
"eslint": "^8.3.0",
|
||||
"eslint-config-prettier": "^8.3.0",
|
||||
"jest": "^26.4.2",
|
||||
"@types/jest": "^27.0.0",
|
||||
"@types/node": "^17.0.0",
|
||||
"@typescript-eslint/eslint-plugin": "^5.12.0",
|
||||
"@typescript-eslint/parser": "^5.12.0",
|
||||
"aws-cdk": "^2.0.0",
|
||||
"aws-cdk-lib": "^2.0.0",
|
||||
"constructs": "^10.0.0",
|
||||
"eslint": "^8.9.0",
|
||||
"eslint-config-prettier": "^8.4.0",
|
||||
"jest": "^27.0.0",
|
||||
"prettier": "^2.5.0",
|
||||
"ts-jest": "^26.2.0",
|
||||
"ts-node": "^9.0.0",
|
||||
"typescript": "~3.9.7"
|
||||
},
|
||||
"dependencies": {
|
||||
"@aws-cdk/aws-cloudfront": "^1.134.0",
|
||||
"@aws-cdk/aws-cloudfront-origins": "^1.134.0",
|
||||
"@aws-cdk/aws-iam": "^1.134.0",
|
||||
"@aws-cdk/aws-s3": "^1.134.0",
|
||||
"@aws-cdk/core": "1.134.0",
|
||||
"source-map-support": "^0.5.16"
|
||||
"source-map-support": "^0.5.16",
|
||||
"ts-jest": "^27.0.0",
|
||||
"ts-node": "^10.0.0",
|
||||
"typescript": "~4.5.5"
|
||||
}
|
||||
}
|
||||
|
|
|
@ -3,14 +3,13 @@
|
|||
* SPDX-License-Identifier: Apache-2.0.
|
||||
*/
|
||||
|
||||
import { Match, Template } from "@aws-cdk/assertions";
|
||||
import * as cdk from "@aws-cdk/core";
|
||||
import { Stack } from "@aws-cdk/core";
|
||||
import { Match, Template } from "aws-cdk-lib/assertions";
|
||||
import { App, Stack } from "aws-cdk-lib";
|
||||
import { GitHubOidcRole } from "../../lib/constructs/github-oidc-role";
|
||||
import { OidcProviderStack } from "../../lib/oidc-provider-stack";
|
||||
|
||||
test("it should have an OIDC access role", () => {
|
||||
const app = new cdk.App();
|
||||
const app = new App();
|
||||
const oidcStack = new OidcProviderStack(app, "oidc-provider-stack", {});
|
||||
const stack = new Stack(app, "test-stack");
|
||||
|
||||
|
|
|
@ -3,19 +3,19 @@
|
|||
* SPDX-License-Identifier: Apache-2.0.
|
||||
*/
|
||||
|
||||
import { Template } from "@aws-cdk/assertions";
|
||||
import * as cdk from "@aws-cdk/core";
|
||||
import { OidcProviderStack } from "../lib/oidc-provider-stack";
|
||||
import { App } from "aws-cdk-lib";
|
||||
import { Template } from "aws-cdk-lib/assertions";
|
||||
import { GITHUB_CERTIFICATE_THUMBPRINT, OidcProviderStack } from "../lib/oidc-provider-stack";
|
||||
|
||||
test("it should have an OIDC provider", () => {
|
||||
const app = new cdk.App();
|
||||
const app = new App();
|
||||
const stack = new OidcProviderStack(app, "oidc-provider-stack", {});
|
||||
const template = Template.fromStack(stack);
|
||||
|
||||
// Verify the OIDC provider
|
||||
template.hasResourceProperties("Custom::AWSCDKOpenIdConnectProvider", {
|
||||
ClientIDList: ["sts.amazonaws.com"],
|
||||
ThumbprintList: ["A031C46782E6E6C662C2C87C76DA9AA62CCABD8E"],
|
||||
ThumbprintList: [GITHUB_CERTIFICATE_THUMBPRINT],
|
||||
Url: "https://token.actions.githubusercontent.com",
|
||||
});
|
||||
});
|
||||
|
|
Loading…
Reference in New Issue