-
Notifications
You must be signed in to change notification settings - Fork 3.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(iam): openid connect provider #7803
Conversation
Fold the "assets" module, which includes the Staging construct that takes care of staging asset files into the cloud assembly during synthesis into "core". This is in order to allow implementing custom resources that leverage assets throughout the framework. A subsequent commit will add a mini-framework for custom resources that leverages this capability.
This commit folds the `CustomResource` and `NestedStack` types from `@aws-cdk/aws-cloudformation` into `@aws-cdk/core` in order to allow code in `core` and other lower layers to use capabilities such as nested stacks and custom resources. This comes at a minor sacrifice to API fidelity: the provider's service token is for custom resources is now passed as a simple `string` instead of a strongly typed `ICustomResourceProvider`. But this is negligible for this type of resource given the high involvement users require to use it anyway. Additionally, the `NestedStack` class accepts a `notificationArns` as a `string[]` instead of an `sns.ITopic[]`. In both cases the API in `@aws-cdk/aws-cloudformation` (which is considered a stable module) remains unchanged with a compatibility layer added. We took this opportunity to change the behavior of custom resources so that it won't pascal-case property names by default. This resolves #4896 and resolves #7035 and supersedes #7034. The API in the aws-cloudformation module are still supported for backwards compatibility but marked as deprecated.
We have `true` in the compatibility layer
A helper for implementing simple node.js-based custom resource providers. This is a simpler framework from what is offered `@aws-cdk/custom-resources.Provider`, designed to enable implementing custom resources with minimal dependencies. To that end, this helper uses `CfnResource` to define the AWS Lambda function and the low-level asset support that is now part of the core module. It DOES NOT support: - Arbitrary lambda function handlers, only node.js function. - Asynchronous "isComplete" waiters (limited to 15min lambda timeout). This is a precursor for implementing support for Open ID connect providers in the AWS IAM module, which is a very low-level module in our stack.
…ependency cdk-integ depends on "cdk" which dev-depends on @aws-cdk/core
…ae/core-provider-2
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Okay with merging this
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
Thank you for contributing! Your pull request will be updated from master and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork). |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
Thank you for contributing! Your pull request will be updated from master and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork). |
Commit Message
feat(iam): openid connect providers
Implements
iam.OpenIdConnectProvider
through a custom resource.See README for details.
Related #5388
Related #3949
Related #6308
End Commit Message
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license