chore(release): 2.172.0 #32403
Merged
chore(release): 2.172.0 #32403
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Updates the L1 CloudFormation resource definitions with the latest changes from `@aws-cdk/aws-service-spec` **L1 CloudFormation resource definition changes:** ``` ├[~] service aws-autoscaling │ └ resources │ └[~] resource AWS::AutoScaling::AutoScalingGroup │ ├ properties │ │ └ CapacityReservationSpecification: (documentation changed) │ └ types │ ├[~] type BaselinePerformanceFactorsRequest │ │ ├ - documentation: undefined │ │ │ + documentation: The baseline performance to consider, using an instance family as a baseline reference. The instance family establishes the lowest acceptable level of performance. Auto Scaling uses this baseline to guide instance type selection, but there is no guarantee that the selected instance types will always exceed the baseline for every application. │ │ │ Currently, this parameter only supports CPU performance as a baseline performance factor. For example, specifying `c6i` uses the CPU performance of the `c6i` family as the baseline reference. │ │ └ properties │ │ └ Cpu: (documentation changed) │ ├[~] type CapacityReservationSpecification │ │ ├ - documentation: undefined │ │ │ + documentation: Describes the Capacity Reservation preference and targeting options. If you specify `open` or `none` for `CapacityReservationPreference` , do not specify a `CapacityReservationTarget` . │ │ └ properties │ │ ├ CapacityReservationPreference: (documentation changed) │ │ └ CapacityReservationTarget: (documentation changed) │ ├[~] type CapacityReservationTarget │ │ ├ - documentation: undefined │ │ │ + documentation: The target for the Capacity Reservation. Specify Capacity Reservations IDs or Capacity Reservation resource group ARNs. │ │ └ properties │ │ ├ CapacityReservationIds: (documentation changed) │ │ └ CapacityReservationResourceGroupArns: (documentation changed) │ ├[~] type CpuPerformanceFactorRequest │ │ ├ - documentation: undefined │ │ │ + documentation: The CPU performance to consider, using an instance family as the baseline reference. │ │ └ properties │ │ └ References: (documentation changed) │ ├[~] type InstanceRequirements │ │ └ properties │ │ └ BaselinePerformanceFactors: (documentation changed) │ └[~] type PerformanceFactorReferenceRequest │ ├ - documentation: undefined │ │ + documentation: Specify an instance family to use as the baseline reference for CPU performance. All instance types that All instance types that match your specified attributes will be compared against the CPU performance of the referenced instance family, regardless of CPU manufacturer or architecture differences. │ │ > Currently only one instance family can be specified in the list. │ └ properties │ └ InstanceFamily: (documentation changed) ├[~] service aws-cloudformation │ └ resources │ ├[~] resource AWS::CloudFormation::GuardHook │ │ ├ - documentation: This is a CloudFormation resource for activating the first-party AWS::Hooks::GuardHook. │ │ │ + documentation: The `AWS::CloudFormation::GuardHook` resource creates a Guard Hook with the specified attributes within your CloudFormation template. Using the Guard domain specific language (DSL), you can author Hooks to evaluate your resources before allowing stack creation, modification, or deletion. For more information, see [Guard Hooks](https://docs.aws.amazon.com/cloudformation-cli/latest/hooks-userguide/guard-hooks.html) in the *AWS CloudFormation Hooks User Guide* . │ │ ├ properties │ │ │ ├ Alias: (documentation changed) │ │ │ ├ ExecutionRole: (documentation changed) │ │ │ ├ FailureMode: (documentation changed) │ │ │ ├ HookStatus: (documentation changed) │ │ │ ├ LogBucket: (documentation changed) │ │ │ ├ Options: (documentation changed) │ │ │ ├ RuleLocation: (documentation changed) │ │ │ ├ StackFilters: (documentation changed) │ │ │ ├ TargetFilters: (documentation changed) │ │ │ └ TargetOperations: (documentation changed) │ │ ├ attributes │ │ │ └ HookArn: (documentation changed) │ │ └ types │ │ ├[~] type Options │ │ │ ├ - documentation: undefined │ │ │ │ + documentation: Specifies the input parameters for a Guard Hook. │ │ │ └ properties │ │ │ └ InputParams: (documentation changed) │ │ ├[~] type S3Location │ │ │ ├ - documentation: S3 Source Location for the Guard files. │ │ │ │ + documentation: Specifies the S3 location where your Guard rules or input parameters are located. │ │ │ └ properties │ │ │ ├ Uri: (documentation changed) │ │ │ └ VersionId: (documentation changed) │ │ ├[~] type StackFilters │ │ │ ├ - documentation: Filters to allow hooks to target specific stack attributes │ │ │ │ + documentation: The `StackFilters` property type specifies stack level filters for a Hook. │ │ │ │ The `StackNames` or `StackRoles` properties are optional. However, you must specify at least one of these properties. │ │ │ │ For more information, see [AWS CloudFormation Hooks stack level filters](https://docs.aws.amazon.com/cloudformation-cli/latest/hooks-userguide/hooks-stack-level-filtering.html) . │ │ │ └ properties │ │ │ ├ FilteringCriteria: (documentation changed) │ │ │ ├ StackNames: (documentation changed) │ │ │ └ StackRoles: (documentation changed) │ │ ├[~] type StackNames │ │ │ ├ - documentation: List of stack names as filters │ │ │ │ + documentation: Specifies the stack names for the `StackFilters` property type to include or exclude specific stacks from Hook invocations. │ │ │ │ For more information, see [AWS CloudFormation Hooks stack level filters](https://docs.aws.amazon.com/cloudformation-cli/latest/hooks-userguide/hooks-stack-level-filtering.html) . │ │ │ └ properties │ │ │ ├ Exclude: (documentation changed) │ │ │ └ Include: (documentation changed) │ │ ├[~] type StackRoles │ │ │ ├ - documentation: List of stack roles that are performing the stack operations. │ │ │ │ + documentation: Specifies the stack roles for the `StackFilters` property type to include or exclude specific stacks from Hook invocations based on their associated IAM roles. │ │ │ │ For more information, see [AWS CloudFormation Hooks stack level filters](https://docs.aws.amazon.com/cloudformation-cli/latest/hooks-userguide/hooks-stack-level-filtering.html) . │ │ │ └ properties │ │ │ ├ Exclude: (documentation changed) │ │ │ └ Include: (documentation changed) │ │ └[~] type TargetFilters │ │ └ - documentation: undefined │ │ + documentation: The `TargetFilters` property type specifies the target filters for the Hook. │ │ For more information, see [AWS CloudFormation Hook target filters](https://docs.aws.amazon.com/cloudformation-cli/latest/hooks-userguide/specify-hook-configuration-targetfilters.html) . │ ├[~] resource AWS::CloudFormation::HookDefaultVersion │ │ ├ - documentation: The `HookDefaultVersion` resource specifies the default version of the hook. The default version of the hook is used in CloudFormation operations for this AWS account and AWS Region . │ │ │ + documentation: The `HookDefaultVersion` resource specifies the default version of the Hook. The default version of the Hook is used in CloudFormation operations for this AWS account and AWS Region . │ │ └ properties │ │ └ TypeName: (documentation changed) │ ├[~] resource AWS::CloudFormation::HookTypeConfig │ │ ├ - documentation: The `HookTypeConfig` resource specifies the configuration of a hook. │ │ │ + documentation: The `HookTypeConfig` resource specifies the configuration of a Hook. │ │ ├ properties │ │ │ ├ Configuration: (documentation changed) │ │ │ ├ ConfigurationAlias: (documentation changed) │ │ │ ├ TypeArn: (documentation changed) │ │ │ └ TypeName: (documentation changed) │ │ └ attributes │ │ └ ConfigurationArn: (documentation changed) │ ├[~] resource AWS::CloudFormation::HookVersion │ │ ├ - documentation: The `HookVersion` resource publishes new or first hook version to the AWS CloudFormation registry. │ │ │ + documentation: The `HookVersion` resource publishes new or first Hook version to the AWS CloudFormation registry. │ │ ├ properties │ │ │ ├ ExecutionRoleArn: (documentation changed) │ │ │ └ SchemaHandlerPackage: (documentation changed) │ │ └ attributes │ │ ├ Arn: (documentation changed) │ │ ├ IsDefaultVersion: (documentation changed) │ │ ├ TypeArn: (documentation changed) │ │ └ VersionId: (documentation changed) │ └[~] resource AWS::CloudFormation::LambdaHook │ ├ - documentation: This is a CloudFormation resource for the first-party AWS::Hooks::LambdaHook. │ │ + documentation: The `AWS::CloudFormation::LambdaHook` resource creates a Lambda Hook with the specified attributes within your CloudFormation template. You can use a Lambda Hook to evaluate your resources before allowing stack creation, modification, or deletion. This resource forwards requests for resource evaluation to a Lambda function. For more information, see [Lambda Hooks](https://docs.aws.amazon.com/cloudformation-cli/latest/hooks-userguide/lambda-hooks.html) in the *AWS CloudFormation Hooks User Guide* . │ ├ properties │ │ ├ Alias: (documentation changed) │ │ ├ ExecutionRole: (documentation changed) │ │ ├ FailureMode: (documentation changed) │ │ ├ HookStatus: (documentation changed) │ │ ├ LambdaFunction: (documentation changed) │ │ ├ StackFilters: (documentation changed) │ │ ├ TargetFilters: (documentation changed) │ │ └ TargetOperations: (documentation changed) │ ├ attributes │ │ └ HookArn: (documentation changed) │ └ types │ ├[~] type StackFilters │ │ ├ - documentation: Filters to allow hooks to target specific stack attributes │ │ │ + documentation: The `StackFilters` property type specifies stack level filters for a Hook. │ │ │ The `StackNames` or `StackRoles` properties are optional. However, you must specify at least one of these properties. │ │ │ For more information, see [AWS CloudFormation Hooks stack level filters](https://docs.aws.amazon.com/cloudformation-cli/latest/hooks-userguide/hooks-stack-level-filtering.html) . │ │ └ properties │ │ ├ FilteringCriteria: (documentation changed) │ │ ├ StackNames: (documentation changed) │ │ └ StackRoles: (documentation changed) │ ├[~] type StackNames │ │ ├ - documentation: List of stack names as filters │ │ │ + documentation: Specifies the stack names for the `StackFilters` property type to include or exclude specific stacks from Hook invocations. │ │ │ For more information, see [AWS CloudFormation Hooks stack level filters](https://docs.aws.amazon.com/cloudformation-cli/latest/hooks-userguide/hooks-stack-level-filtering.html) . │ │ └ properties │ │ ├ Exclude: (documentation changed) │ │ └ Include: (documentation changed) │ ├[~] type StackRoles │ │ ├ - documentation: List of stack roles that are performing the stack operations. │ │ │ + documentation: Specifies the stack roles for the `StackFilters` property type to include or exclude specific stacks from Hook invocations based on their associated IAM roles. │ │ │ For more information, see [AWS CloudFormation Hooks stack level filters](https://docs.aws.amazon.com/cloudformation-cli/latest/hooks-userguide/hooks-stack-level-filtering.html) . │ │ └ properties │ │ ├ Exclude: (documentation changed) │ │ └ Include: (documentation changed) │ └[~] type TargetFilters │ └ - documentation: undefined │ + documentation: The `TargetFilters` property type specifies the target filters for the Hook. │ For more information, see [AWS CloudFormation Hook target filters](https://docs.aws.amazon.com/cloudformation-cli/latest/hooks-userguide/specify-hook-configuration-targetfilters.html) . ├[~] service aws-cloudfront │ └ resources │ ├[~] resource AWS::CloudFront::Distribution │ │ └ types │ │ └[~] type Logging │ │ ├ - documentation: A complex type that controls whether access logs are written for the distribution. │ │ │ + documentation: A complex type that specifies whether access logs are written for the distribution. │ │ │ > If you already enabled standard logging (legacy) and you want to enable standard logging (v2) to send your access logs to Amazon S3, we recommend that you specify a *different* Amazon S3 bucket or use a *separate path* in the same bucket (for example, use a log prefix or partitioning). This helps you keep track of which log files are associated with which logging subscription and prevents log files from overwriting each other. For more information, see [Standard logging (access logs)](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/AccessLogs.html) in the *Amazon CloudFront Developer Guide* . │ │ └ properties │ │ └ Bucket: (documentation changed) │ └[~] resource AWS::CloudFront::StreamingDistribution │ └ types │ └[~] type Logging │ └ properties │ └ Bucket: (documentation changed) ├[~] service aws-ecs │ └ resources │ ├[~] resource AWS::ECS::Service │ │ ├ properties │ │ │ └ AvailabilityZoneRebalancing: (documentation changed) │ │ └ types │ │ └[~] type DeploymentController │ │ └ - documentation: The deployment controller to use for the service. For more information, see [Amazon ECS deployment types](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/deployment-types.html) in the *Amazon Elastic Container Service Developer Guide* . │ │ + documentation: The deployment controller to use for the service. │ └[~] resource AWS::ECS::TaskDefinition │ └ types │ └[~] type ContainerDefinition │ └ properties │ └ VersionConsistency: (documentation changed) ├[~] service aws-lambda │ └ resources │ ├[~] resource AWS::Lambda::EventInvokeConfig │ │ ├ properties │ │ │ └ DestinationConfig: (documentation changed) │ │ └ types │ │ ├[~] type OnFailure │ │ │ └ properties │ │ │ └ Destination: (documentation changed) │ │ └[~] type OnSuccess │ │ └ - documentation: A destination for events that were processed successfully. │ │ + documentation: A destination for events that were processed successfully. │ │ To retain records of successful [asynchronous invocations](https://docs.aws.amazon.com/lambda/latest/dg/invocation-async.html#invocation-async-destinations) , you can configure an Amazon SNS topic, Amazon SQS queue, Lambda function, or Amazon EventBridge event bus as the destination. │ └[~] resource AWS::Lambda::EventSourceMapping │ └ types │ └[~] type OnFailure │ └ properties │ └ Destination: (documentation changed) ├[~] service aws-mwaa │ └ resources │ └[~] resource AWS::MWAA::Environment │ └ properties │ ├ MaxWebservers: (documentation changed) │ └ MinWebservers: (documentation changed) ├[~] service aws-qbusiness │ └ resources │ └[~] resource AWS::QBusiness::Application │ └ - documentation: Creates an Amazon Q Business application. │ > There are new tiers for Amazon Q Business. Not all features in Amazon Q Business Pro are also available in Amazon Q Business Lite. For information on what's included in Amazon Q Business Lite and what's included in Amazon Q Business Pro, see [Amazon Q Business tiers](https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/tiers.html#user-sub-tiers) . You must use the Amazon Q Business console to assign subscription tiers to users. │ > │ > A Amazon Q Apps service linked role will be created if it's absent in the AWS account when the QAppsConfiguration is enabled in the request. For more information, see [Using service-linked roles for Q Apps](https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/using-service-linked-roles-qapps.html) │ + documentation: Creates an Amazon Q Business application. │ > There are new tiers for Amazon Q Business. Not all features in Amazon Q Business Pro are also available in Amazon Q Business Lite. For information on what's included in Amazon Q Business Lite and what's included in Amazon Q Business Pro, see [Amazon Q Business tiers](https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/tiers.html#user-sub-tiers) . You must use the Amazon Q Business console to assign subscription tiers to users. │ > │ > An Amazon Q Apps service linked role will be created if it's absent in the AWS account when `QAppsConfiguration` is enabled in the request. For more information, see [Using service-linked roles for Q Apps](https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/using-service-linked-roles-qapps.html) . │ > │ > When you create an application, Amazon Q Business may securely transmit data for processing from your selected AWS region, but within your geography. For more information, see [Cross region inference in Amazon Q Business](https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/cross-region-inference.html) . ├[~] service aws-rbin │ └ resources │ └[~] resource AWS::Rbin::Rule │ ├ - documentation: Resource Type definition for AWS::Rbin::Rule │ │ + documentation: Creates a Recycle Bin retention rule. You can create two types of retention rules: │ │ - *Tag-level retention rules* - These retention rules use resource tags to identify the resources to protect. For each retention rule, you specify one or more tag key and value pairs. Resources (of the specified type) that have at least one of these tag key and value pairs are automatically retained in the Recycle Bin upon deletion. Use this type of retention rule to protect specific resources in your account based on their tags. │ │ - *Region-level retention rules* - These retention rules, by default, apply to all of the resources (of the specified type) in the Region, even if the resources are not tagged. However, you can specify exclusion tags to exclude resources that have specific tags. Use this type of retention rule to protect all resources of a specific type in a Region. │ │ For more information, see [Create Recycle Bin retention rules](https://docs.aws.amazon.com/ebs/latest/userguide/recycle-bin.html) in the *Amazon EBS User Guide* . │ ├ properties │ │ ├ Description: (documentation changed) │ │ ├ LockConfiguration: (documentation changed) │ │ ├ ResourceTags: (documentation changed) │ │ ├ RetentionPeriod: (documentation changed) │ │ └ Status: (documentation changed) │ ├ attributes │ │ ├ Arn: (documentation changed) │ │ └ LockState: (documentation changed) │ └ types │ ├[~] type ResourceTag │ │ ├ - documentation: The resource tag of the rule. │ │ │ + documentation: [Tag-level retention rules only] Information about the resource tags used to identify resources that are retained by the retention rule. │ │ └ properties │ │ ├ ResourceTagKey: (documentation changed) │ │ └ ResourceTagValue: (documentation changed) │ ├[~] type RetentionPeriod │ │ ├ - documentation: The retention period of the rule. │ │ │ + documentation: Information about the retention period for which the retention rule is to retain resources. │ │ └ properties │ │ ├ RetentionPeriodUnit: (documentation changed) │ │ └ RetentionPeriodValue: (documentation changed) │ └[~] type UnlockDelay │ ├ - documentation: undefined │ │ + documentation: Information about the retention rule unlock delay. The unlock delay is the period after which a retention rule can be modified or edited after it has been unlocked by a user with the required permissions. The retention rule can't be modified or deleted during the unlock delay. │ └ properties │ └ UnlockDelayValue: (documentation changed) ├[~] service aws-rds │ └ resources │ ├[~] resource AWS::RDS::DBCluster │ │ └ types │ │ └[~] type ServerlessV2ScalingConfiguration │ │ └ properties │ │ └ MinCapacity: (documentation changed) │ └[~] resource AWS::RDS::GlobalCluster │ ├ properties │ │ └ GlobalEndpoint: (documentation changed) │ └ types │ └[~] type GlobalEndpoint │ ├ - documentation: undefined │ │ + documentation: The writer endpoint for the new global database cluster. This endpoint always points to the writer DB instance in the current primary cluster. │ └ properties │ └ Address: (documentation changed) └[~] service aws-route53resolver └ resources └[~] resource AWS::Route53Resolver::FirewallRuleGroup └ types └[~] type FirewallRule └ properties ├ ConfidenceThreshold: (documentation changed) ├ DnsThreatProtection: (documentation changed) └ FirewallThreatProtectionId: (documentation changed) ```
Our CLI unit tests were interfering with each other because they were writing files from and to the current directory, which is shared between all of them. Solve it by making a non-writeable directory before running the tests, so that the tests that do that start throwing errors and we can identify them. Then fix those. I tried papering over the issue by trying to create tempdirs automatically, but that started to introduce all kinds of errors in tests that were already doing tempdir management themselves, and it took too long to go and figure out what was wrong there, so I'm doing this instead. Also in this PR: - Switch off global `silent` mode for the tests. It's very annoying if `console.log` statements don't make it out when you're debugging. - This PR caused a couple of lines in `init.ts` to be useless (they were there for tests), and removing those causes a lack of coverage in `init.ts`'s entirety, so add some tests for that file. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
### Issue # (if applicable) N/A ### Reason for this change Remove unnecessary linter rules. ### Description of changes Remove these added in https://github.com/aws/aws-cdk/pull/32205/files#diff-f66e69e18f9e11ae10f52dbe34309dcdf47cb8e3da6d54befbb45beaaf083b35R408-R419 ### Description of how you validated changes N/A ### Checklist - [ ] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Bumps [smol-toml](https://github.com/squirrelchat/smol-toml) from 1.3.0 to 1.3.1. <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/squirrelchat/smol-toml/commits">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/aws/aws-cdk/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…2257) Add a new minor version. Ref * https://aws.amazon.com/about-aws/whats-new/2024/11/amazon-rds-for-mysql-8-4-lts-release/ * https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/MySQL.Concepts.VersionMgmt.html#MySQL.Concepts.VersionMgmt.Supported ```sh % aws rds describe-db-engine-versions --engine mysql --query "DBEngineVersions[].EngineVersion" --output table --region us-east-1 -------------------------- |DescribeDBEngineVersions| +------------------------+ | 5.7.44 | | 5.7.44-rds.20240408 | | 5.7.44-rds.20240529 | | 5.7.44-rds.20240808 | | 8.0.32 | | 8.0.33 | | 8.0.34 | | 8.0.35 | | 8.0.36 | | 8.0.37 | | 8.0.39 | | 8.0.40 | | 8.4.3 | +------------------------+ ``` ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
### Issue # (if applicable) None ### Reason for this change Some services started to be accessed from the interface VPC endpoint. ### Description of changes Add some newly added interface vpc endpoints. - arsenal-discovery - bcm-pricing-calculator - discovery - neptune-graph-data - neptune-graph-fips - resource-groups - resource-groups-fips - synthetics-fips - tagging ### Description of how you validated changes Execute describe-vpc-endpoints AWS CLI. ```sh $ aws ec2 describe-vpc-endpoint-services --filters Name=service-type,Values=Interface Name=owner,Values=amazon --region us-east-1 --query ServiceNames .. com.amazonaws.us-east-1.arsenal-discovery .. com.amazonaws.us-east-1.bcm-pricing-calculator .. com.amazonaws.us-east-1.discovery .. com.amazonaws.us-east-1.neptune-graph-data com.amazonaws.us-east-1.neptune-graph-fips .. com.amazonaws.us-east-1.resource-groups com.amazonaws.us-east-1.resource-groups-fips .. com.amazonaws.us-east-1.synthetics-fips .. com.amazonaws.us-east-1.tagging ``` ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…est runtime build images (#32267) ### Reason for this change This change to auto update the integration test cases for Lambda functions to make sure that SAM Build images we use to build functions are available. ### Description of changes - Add a tool to check Lambda function runtimes, and update Python, NodeJs, and Go lambda function test cases to test new runtimes. - Add a Github action to run this tool to auto update the Lambda functions test cases to make sure it will be updated even if contributors missed to execute it. - ### Checklist - [X] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…#32284) ### Issue # (if applicable) N/A ### Reason for this change The minimum value of `MaximumEventAgeInSeconds` of RetryPolicy is 60 seconds. https://docs.aws.amazon.com/ja_jp/AWSCloudFormation/latest/UserGuide/aws-properties-scheduler-schedule-retrypolicy.html `renderRetryPolicy()` currently throws an error when `maxEventAge` is less than 15 minutes. ### Description of changes Fixed the minimum value of `maxEventAge` to 1 minute. JSDoc is already correct. ### Description of how you validated changes Fixed unit tests for maxEventAge. Fixed a lambda integ test to specify maxEventAge to 1 minute. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…plication target group (#32189) ### Issue # (if applicable) None ### Reason for this change Both Application and Network target group supports for specifying IP address type. Application: <https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-target-groups.html#target-group-ip-address-type> Network: <https://docs.aws.amazon.com/elasticloadbalancing/latest/network/load-balancer-target-groups.html#target-group-ip-address-type> ### Description of changes - Define `TargetGroupIpAddressType` enum - Because there has been a `IpAddressType` in `aws-elassticloadbalancingv2` module, I don't name `IpAddressType` - Add `ipAddressType` prop to `BaseTargetGroupProps` ### Description of how you validated changes Add both unit and integ tests. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…odule (#32297) ### Issue # (if applicable) Closes #32296 ### Reason for this change As a summary, CDK `aws-apigateway` module had a legacy file called `apigatewayv2.ts` which includes CDK L1 Constructs from API Gateway V2 resource like `CfnDomainNameV2`. We've already moved everything here to aws-apigatewayv2 module. However, we had to keep the legacy file for backward compatibility issue and every Constructs in the file were marked as `deprecated` 5 years ago. Now API Gateway team has released a new AWS resource called DomainNameV2 in API Gateway. The default CDK generated name would be CfnDomainNameV2 in aws-apigateway module but this name collides with the legacy CfnDomainNameV2 Construct from apigatewayv2.ts file (supposedly for APIGatewayV2). This is causing the L1 generation tool to fail because the new resource by API Gateway is also caused `CfnDomainNameV2`. ### Description of changes Delete the deprecated `apigatewayv2.ts` file entirely. ### Description of how you validated changes Existing users on upgrade won't be able to deploy their template without knowing the change because the property for the `APIGateway::DomainNameV2` resource is different from `APIGatewayV2::DomainName` resource, so the template would be non-deployable. Verified that if existing users who use `CfnDomainNameV2` from `aws-apigateway` module and update to use the same Construct from `aws-apigatewayv2` module, it will generate the exact same output CFN template so it won't cause any resource replacement or downtime. There's only 76 users who used `CfnApiV2` from `aws-apigateway` module based on Analytics. All these users were on CDK V1 so if they choose to upgrade to latest version, they need to fix a bunch of breaking changes anyway. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) BREAKING CHANGE: We will be removing deprecated `APIGatewayV2` constructs from `aws-apigateway` module. *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…ithout custom resource (#31402) ### Issue # (if applicable) Closes #31342. ### Reason for this change `UserPoolDomain` creates a custom resource to get CloudFront endpoint. However, CFn exposes the attribute natively now (see the issue). No custom resource is better if it is not needed. ### Description of changes I propose a new method `cloudFrontEndpoint` without a custom resource. Three ways were originally considered. This method was chosen as it was the most reasonable of all. #### 1. Create a new method This is the method submitted in this PR. #### 2. Rewrite an existing method directly This causes destructive changes. Custom resources are not directly used in the user's application. However, this change will result in resource deletion in the user's CDK stack. This causes confusion for users and should be avoided. Also, the existing integ tests that use the method will fail because the changes are considered as destructive changes. ``` Tests: 1 failed, 1 total Failed: /aws-cdk/packages/@aws-cdk-testing/framework-integ/test/aws-cognito/test/integ.user-pool-domain-cfdist.js !!! This test contains destructive changes !!! Stack: integ-user-pool-domain-cfdist - Resource: UserPoolDomainCloudFrontDomainNameE213E594 - Impact: WILL_DESTROY Stack: integ-user-pool-domain-cfdist - Resource: UserPoolDomainCloudFrontDomainNameCustomResourcePolicy7DE54188 - Impact: WILL_DESTROY Stack: integ-user-pool-domain-cfdist - Resource: AWS679f53fac002430cb0da5b7982bd2287ServiceRoleC1EA0FF2 - Impact: WILL_DESTROY Stack: integ-user-pool-domain-cfdist - Resource: AWS679f53fac002430cb0da5b7982bd22872D164C4C - Impact: WILL_DESTROY !!! If these destructive changes are necessary, please indicate this on the PR !!! Error: Some changes were destructive! at main (/aws-cdk/packages/@aws-cdk/integ-runner/lib/cli.js:183:15) error Command failed with exit code 1. info Visit https://yarnpkg.com/en/docs/cli/run for documentation about this command. ``` #### 3. Rewrite an existing method with a feature flag An alternative to way 2, but a feature flag was avoided in this case as it leads to complexity. The [design guidelines](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md#dealing-with-breaking-behavior-changes) also recommend a new method. ### Additional information I avoided the feature flag in this PR, but there are situations where there are constructs that use an existing method, but cannot provide a new method for the constructs because it is used by a method implemented in the interface. https://github.com/go-to-k/aws-cdk/blob/fcbdc769e681f1f915cdc8cd7aa3a565d807884d/packages/aws-cdk-lib/aws-route53-targets/lib/userpool-domain.ts#L14 I will make changes to those cases using a feature flag in a separate PR. #31403 ### Description of how you validated changes Both unit and integ tests. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
`STSClientConfig` and `NodeHttpHandlerOptions` are different types, but all have optional properties only. That means that a call like this:
```ts
const credentials = await fromTemporaryCredentials({
masterCredentials: mainCredentials.credentials,
params: {
RoleArn: roleArn,
ExternalId: externalId,
RoleSessionName: `aws-cdk-${safeUsername()}`,
...additionalOptions,
TransitiveTagKeys: additionalOptions?.Tags ? additionalOptions.Tags.map((t) => t.Key!) : undefined,
},
clientConfig: {
region,
...this.requestHandler, // type NodeHttpHandlerOptions
},
})();
```
compiles just fine, when the intention was to write:
```ts
fromTemporaryCredentials({
...
clientConfig: {
region,
requestHandler: this.requestHandler, // type NodeHttpHandlerOptions
},
});
```
----
*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…ction is not allowed (#32301) Closes #32219 ### Reason for this change In SDKv3, the standard `waitUntilFunctionUpdated` function invokes the `GetFunctionConfiguration` API, as opposed to SDKv2, which invoked `GetFunction`. This means that consumers of SDKv3 must allow the `lambda:GetFunctionConfiguration` action in their IAM role policy. ### Description of changes Use a different waiter function provided by the SDK, which invokes `GetFunction` instead of `GetFunctionConfiguration`, and thus restoring required IAM permissions to what they were in SDKv2. See https://github.com/aws/aws-sdk-js-v3/blob/main/clients/client-lambda/src/waiters/waitForFunctionUpdatedV2.ts#L10 > As opposed to https://github.com/aws/aws-sdk-js-v3/blob/main/clients/client-lambda/src/waiters/waitForFunctionUpdated.ts#L13 ### Description of how you validated changes Manul test. Assumed a role with the following policies:  ```console ❯ cdk deploy --hotswap [09:29:11] ✨ Synthesis time: 2.72s⚠️ The --hotswap and --hotswap-fallback flags deliberately introduce CloudFormation drift to speed up deployments⚠️ They should only be used for development - never use them for your production Stacks! AwsCdkPlaygroundStack: deploying... [1/1] ✨ hotswapping resources: ✨ Lambda Function 'AwsCdkPlaygroundStack-Function76856677-7Rl7hiwwO5LQ' ❌ AwsCdkPlaygroundStack failed: TimeoutError: Resource is not in the expected state due to waiter status: TIMEOUT. Waiter has timed out. ``` Then, run the CLI from the PR. ```console ❯ /Users/epolon/dev/src/github.com/aws/aws-cdk/packages/aws-cdk/bin/cdk deploy --hotswap [10:03:00] ✨ Synthesis time: 3.46s⚠️ The --hotswap and --hotswap-fallback flags deliberately introduce CloudFormation drift to speed up deployments⚠️ They should only be used for development - never use them for your production Stacks! AwsCdkPlaygroundStack: deploying... [1/1] ✨ hotswapping resources: ✨ Lambda Function 'AwsCdkPlaygroundStack-Function76856677-7Rl7hiwwO5LQ' ✨ Lambda Function 'AwsCdkPlaygroundStack-Function76856677-7Rl7hiwwO5LQ' hotswapped! ✅ AwsCdkPlaygroundStack ✨ Deployment time: 12.72s Stack ARN: arn:aws:cloudformation:us-east-1:01234567890:stack/AwsCdkPlaygroundStack/22f2b380-a7cd-11ef-badd-0e08a8e0b5b1 ✨ Total time: 16.19s >>> elapsed time 23s ``` ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Closes #32039 Modified the existing logging mechanism to route to a single log function. Adapted the existing structure so that very minimal changes were required for existing logging functions and how they are used today ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Reverts #32173 Codecov v5 is throwing errors with some PRs (e.g. [failing workflow](https://github.com/aws/aws-cdk/actions/runs/12012047131/job/33482380518)) and reportedly has many issues. The quick-fix until they resolve their issues is to downgrade the version of codecov we are using back to v4.
…property to CloudFormation templates (#32020) ### Issue Closes #32018. ### Reason for this change The originAccessControlId property of CloudFront Origin has not been propagated to CloudFormation templates. ### Description of changes Propagate the property to render function. ### Description of how you validated changes have run the [run build over the whole repo](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md#setup) - my computer almost exploded. I have also run tests for the aws-cloudfront which run successfully. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
### Issue # (if applicable) Closes #<issue number here>. 1. remove `sudo` usage in dockerfile 2. upgrade DinD for Apple Silicon ### Reason for this change ### Description of changes 1. following best practice [here](https://semgrep.dev/r?q=dockerfile.security.no-sudo-in-dockerfile.no-sudo-in-dockerfile) 2. upgrade DinD to the latest version to support Apple Silicon. ### Description of how you validated changes reopen the devcontainer in vscode on my laptop <img width="496" alt="image" src="https://github.com/user-attachments/assets/dee28dc7-19be-41b6-8d9b-72c0a994c8b0"> ### Checklist - [X] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
We only passed in the `mfaCode` function if we got a profile from `--profile`, not when configured using `$AWS_PROFILE`. Reduce a miss in the duplicated code by moving the `clientConfig` to a single initialization point. Fixes #32312. Unfortunately this cannot be unit tested (I cannot mock the function that I need to mock), nor integ tested because it needs human input. I'm open to ideas. In the mean time, tested manually. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Turn on test randomization: this causes tests to run in a random order, which will expose tests that only succeed because tests before them have left the system in a specific state (or that poison tests after them because they don't clean up). Of course, doing this exposed that we have a number of such tests, clean those up as well. This needed to clean up mocking a lot in the garbage collector code, because it was confusing. Also remove the side-effect mock resetting that happens whenver a `MockSdk()` is instantiated, since that caused prepared mock behavior to be cleared. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Remove the source maps from the bundled CLI. The source maps are not really useful for customers anyway, and have the following downsides: - They are 30+MB, which we vend to customers for no benefit. - They tend to slow down Node as it loads and processes them. We have reports that on some Node versions this even leads to socket timeouts as the Node process was too busy loading source maps (#19930). There are 2 steps to producing a CLI build: - First compile with TypeScript -> JavaScript. Produces sourcemaps that are still being loaded. - Then bundle JavaScript -> bundle. This removes sourcemaps. Developers running a local (non-bundled) build will benefit from the source maps generated by TypeScript. Two other changes in this PR that came up around this: * Clarify what the `--debug` flag is for (debugging the CDK app) and what it's not for (debugging the CLI) * Only print the stack trace in a CLI error if we're on a developer build; due to the minification printing the stack trace on a bundled copy prints a 1000-character minified line which is not useful to anyone. Closes #19930. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…32309) The logic on `rollback` and `!rollback` was inverted in a couple of places, causing the check to be the wrong way around and making reasoning about these options harder. Revert the logic and do a more comprehensive test suite around these options. Also remove a stray `debug()` statement that was left in from a previous PR, and show the stack status in the error message. Closes #32295. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
(This work came out of the proxy issue research) The logging of what SDK calls were being performed was lost during the migration of SDKv2 -> SDKv3. Add it back. Also in this PR: - Set a timeout on `npm view`; if for network isolation reasons NPM can't connect to the server, it will make the CLI hang for a minute. - Work around an issue where the CLI entirely fails if it is run as a user that doesn't have a home directory. Closes #32306. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
### Issue # (if applicable) Closes #8348 ### Reason for this change - Use only 1 IAM instance profile for multiple instances - Passing role create too many instance profile ### Description of changes - `ec2.Instance` support `instanceProfile` param ### Description of how you validated changes - unit test - integ test ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
### Reason for this change As part of #32324 we are enforcing stricter rules on thrown errors. ### Description of changes Enforce the `no-throw-literal` eslint rule. Fix the one instance that wasn't compliant yet. ### Description of how you validated changes Manual testing. Only changed code is in supporting CLI tool. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
aws-cdk-automation
requested a deployment
to
test-pipeline
GitHub Actions
Waiting
otaviomacedo
requested a deployment
to
test-pipeline
GitHub Actions
Waiting
otaviomacedo
removed
the
pr/do-not-merge
pahud
reviewed
Dec 6, 2024
| role_arn = props['RoleArn'] | ||
|
|
||
| # "log in" to the cluster | ||
| subprocess.check_call([ 'aws', 'eks', 'update-kubeconfig', |
There was a problem hiding this comment.
Recommendation generated by Amazon CodeGuru Reviewer. Leave feedback on this recommendation by replying to the comment or by reacting to the comment using emoji.
Starting a process with a partial executable path https://bandit.readthedocs.io/en/latest/plugins/b607_start_process_with_partial_path.html
pahud
reviewed
Dec 6, 2024
| skip_crds = props.get('SkipCrds', False) | ||
|
|
||
| # "log in" to the cluster | ||
| subprocess.check_call([ 'aws', 'eks', 'update-kubeconfig', |
There was a problem hiding this comment.
Recommendation generated by Amazon CodeGuru Reviewer. Leave feedback on this recommendation by replying to the comment or by reacting to the comment using emoji.
Starting a process with a partial executable path https://bandit.readthedocs.io/en/latest/plugins/b607_start_process_with_partial_path.html
pahud
reviewed
Dec 6, 2024
| def get_chart_asset_from_url(chart_asset_url): | ||
| chart_zip = os.path.join(outdir, 'chart.zip') | ||
| shutil.rmtree(chart_zip, ignore_errors=True) | ||
| subprocess.check_call(['aws', 's3', 'cp', chart_asset_url, chart_zip]) |
There was a problem hiding this comment.
Recommendation generated by Amazon CodeGuru Reviewer. Leave feedback on this recommendation by replying to the comment or by reacting to the comment using emoji.
Starting a process with a partial executable path https://bandit.readthedocs.io/en/latest/plugins/b607_start_process_with_partial_path.html
pahud
reviewed
Dec 6, 2024
| role_arn = props['RoleArn'] | ||
|
|
||
| # "log in" to the cluster | ||
| subprocess.check_call([ 'aws', 'eks', 'update-kubeconfig', |
There was a problem hiding this comment.
Recommendation generated by Amazon CodeGuru Reviewer. Leave feedback on this recommendation by replying to the comment or by reacting to the comment using emoji.
Starting a process with a partial executable path https://bandit.readthedocs.io/en/latest/plugins/b607_start_process_with_partial_path.html
pahud
reviewed
Dec 6, 2024
| while retry > 0: | ||
| try: | ||
| logger.info(cmnd) | ||
| output = subprocess.check_output(cmnd, stderr=subprocess.STDOUT, cwd=tmpdir, shell=True) |
There was a problem hiding this comment.
Recommendation generated by Amazon CodeGuru Reviewer. Leave feedback on this recommendation by replying to the comment or by reacting to the comment using emoji.
subprocess call with shell=True identified, security issue. https://bandit.readthedocs.io/en/latest/plugins/b602_subprocess_popen_with_shell_equals_true.html
pahud
reviewed
Dec 6, 2024
| retry = retry - 1 | ||
| logger.info("kubectl timed out, retries left: %s" % retry) | ||
| else: | ||
| raise Exception(output) |
There was a problem hiding this comment.
Recommendation generated by Amazon CodeGuru Reviewer. Leave feedback on this recommendation by replying to the comment or by reacting to the comment using emoji.
Using Exception and BaseException can make your code prone to errors and difficult to maintain. Instead, we recommend using one of the Built-in Exceptions or creating a custom exception class that is derived from Exception or one of its subclasses.
Similar issue at line number 95.
pahud
reviewed
Dec 6, 2024
| elif request_type == 'Delete': | ||
| patch_json = restore_patch_json | ||
| else: | ||
| raise Exception("invalid request type %s" % request_type) |
There was a problem hiding this comment.
Recommendation generated by Amazon CodeGuru Reviewer. Leave feedback on this recommendation by replying to the comment or by reacting to the comment using emoji.
Using Exception and BaseException can make your code prone to errors and difficult to maintain. Instead, we recommend using one of the Built-in Exceptions or creating a custom exception class that is derived from Exception or one of its subclasses.
pahud
reviewed
Dec 6, 2024
| retry = retry - 1 | ||
| logger.info("Broken pipe, retries left: %s" % retry) | ||
| else: | ||
| raise Exception(output) |
There was a problem hiding this comment.
Recommendation generated by Amazon CodeGuru Reviewer. Leave feedback on this recommendation by replying to the comment or by reacting to the comment using emoji.
Using Exception and BaseException can make your code prone to errors and difficult to maintain. Instead, we recommend using one of the Built-in Exceptions or creating a custom exception class that is derived from Exception or one of its subclasses.
Similar issue at line number 203.
pahud
reviewed
Dec 6, 2024
| if resource_type == 'Custom::AWSCDK-EKS-KubernetesObjectValue': | ||
| return get_handler(event, context) | ||
|
|
||
| raise Exception("unknown resource type %s" % resource_type) |
There was a problem hiding this comment.
Recommendation generated by Amazon CodeGuru Reviewer. Leave feedback on this recommendation by replying to the comment or by reacting to the comment using emoji.
Using Exception and BaseException can make your code prone to errors and difficult to maintain. Instead, we recommend using one of the Built-in Exceptions or creating a custom exception class that is derived from Exception or one of its subclasses.
pahud
reviewed
Dec 6, 2024
| retry = retry - 1 | ||
| logger.info("kubectl timed out, retries left: %s" % retry) | ||
| else: | ||
| raise Exception(output) |
There was a problem hiding this comment.
Recommendation generated by Amazon CodeGuru Reviewer. Leave feedback on this recommendation by replying to the comment or by reacting to the comment using emoji.
Using Exception and BaseException can make your code prone to errors and difficult to maintain. Instead, we recommend using one of the Built-in Exceptions or creating a custom exception class that is derived from Exception or one of its subclasses.
Similar issue at line number 70.
pahud
reviewed
Dec 6, 2024
| elif request_type == 'Delete': | ||
| pass | ||
| else: | ||
| raise Exception("invalid request type %s" % request_type) |
There was a problem hiding this comment.
Recommendation generated by Amazon CodeGuru Reviewer. Leave feedback on this recommendation by replying to the comment or by reacting to the comment using emoji.
Using Exception and BaseException can make your code prone to errors and difficult to maintain. Instead, we recommend using one of the Built-in Exceptions or creating a custom exception class that is derived from Exception or one of its subclasses.
pahud
reviewed
Dec 6, 2024
| retry = retry - 1 | ||
| logger.info("Broken pipe, retries left: %s" % retry) | ||
| else: | ||
| raise Exception(output) |
There was a problem hiding this comment.
Recommendation generated by Amazon CodeGuru Reviewer. Leave feedback on this recommendation by replying to the comment or by reacting to the comment using emoji.
Using Exception and BaseException can make your code prone to errors and difficult to maintain. Instead, we recommend using one of the Built-in Exceptions or creating a custom exception class that is derived from Exception or one of its subclasses.
Similar issue at line number 158.
pahud
reviewed
Dec 6, 2024
| logger.info("kubectl timed out, retries left: %s" % retry) | ||
| retry = retry - 1 | ||
| else: | ||
| raise Exception(output) |
There was a problem hiding this comment.
Recommendation generated by Amazon CodeGuru Reviewer. Leave feedback on this recommendation by replying to the comment or by reacting to the comment using emoji.
Using Exception and BaseException can make your code prone to errors and difficult to maintain. Instead, we recommend using one of the Built-in Exceptions or creating a custom exception class that is derived from Exception or one of its subclasses.
pahud
reviewed
Dec 6, 2024
|
|
||
| if request_type == 'Create' or request_type == 'Update': | ||
| # Ensure chart or chart_asset_url are set | ||
| if chart == None and chart_asset_url == None: |
There was a problem hiding this comment.
Recommendation generated by Amazon CodeGuru Reviewer. Leave feedback on this recommendation by replying to the comment or by reacting to the comment using emoji.
The == and != operators use the compared objects' __eq__ method to test if they are equal. To check if an object is a singleton, such as None, we recommend that you use the is identity comparison operator.
Similar issue at line numbers 80, 81, 82, and 83.
pahud
reviewed
Dec 6, 2024
|
|
||
| # Write out the values to a file and include them with the install and upgrade | ||
| values_file = None | ||
| if not request_type == "Delete" and not values_text is None: |
There was a problem hiding this comment.
Recommendation generated by Amazon CodeGuru Reviewer. Leave feedback on this recommendation by replying to the comment or by reacting to the comment using emoji.
Use is not operator rather than not ... is because it is more readable and makes your code easier to understand.
pahud
reviewed
Dec 6, 2024
| import subprocess | ||
|
|
||
| cmnd = ['helm', verb, release] | ||
| if not chart is None: |
There was a problem hiding this comment.
Recommendation generated by Amazon CodeGuru Reviewer. Leave feedback on this recommendation by replying to the comment or by reacting to the comment using emoji.
Use is not operator rather than not ... is because it is more readable and makes your code easier to understand.
Similar issue at line numbers 171, 173, 175, 177, and 183.
pahud
reviewed
Dec 6, 2024
| chart = get_chart_asset_from_url(chart_asset_url) | ||
|
|
||
| if repository is not None and repository.startswith('oci://'): | ||
| tmpdir = tempfile.TemporaryDirectory() |
There was a problem hiding this comment.
Recommendation generated by Amazon CodeGuru Reviewer. Leave feedback on this recommendation by replying to the comment or by reacting to the comment using emoji.
Problem
This line of code might contain a resource leak. Resource leaks can cause your system to slow down or crash.
Fix
Consider closing the following resource: tmpdir. The resource is allocated by call tempfile.TemporaryDirectory. Execution paths that do not contain closure statements were detected. To prevent this resource leak, close tmpdir in a try-finally block or declare it using a with statement.
More info
View details about the with statement in the Python developer's guide (external link).
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
|
Thank you for contributing! Your pull request will be automatically updated and merged without squashing (do not update manually, and be sure to allow changes to be pushed to your fork). |
|
Comments on closed issues and PRs are hard for our team to see. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
See CHANGELOG