Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(iam): openid connect provider #7803

Merged
merged 54 commits into from
May 6, 2020
Merged

feat(iam): openid connect provider #7803

merged 54 commits into from
May 6, 2020

Conversation

eladb
Copy link
Contributor

@eladb eladb commented May 5, 2020

Commit Message

feat(iam): openid connect providers

Implements iam.OpenIdConnectProvider through a custom resource.

See README for details.

Related #5388
Related #3949
Related #6308

End Commit Message

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

Elad Ben-Israel and others added 30 commits April 30, 2020 19:22
refactor(core): fold "assets" to "core"
fd8868f 
Fold the "assets" module, which includes the Staging construct that takes care of staging asset files into the cloud assembly during synthesis into "core". This is in order to allow implementing custom resources that leverage assets throughout the framework.

A subsequent commit will add a mini-framework for custom resources that leverages this capability.
add coverage to for the compatibility layer
f8eafa1
Merge remote-tracking branch 'origin/master' into benisrae/refactor/a…
e6dec09 
…ssets
Merge branch 'master' into benisrae/refactor/assets
b00a1a9
feat(core): fold "aws-cloudformation" into "core"
81d80ea 
This commit folds the `CustomResource` and `NestedStack` types from `@aws-cdk/aws-cloudformation` into `@aws-cdk/core` in order to allow code in `core` and other lower layers to use capabilities such as nested stacks and custom resources.

This comes at a minor sacrifice to API fidelity: the provider's service token is for custom resources is now passed as a simple `string` instead of a strongly typed `ICustomResourceProvider`. But this is negligible for this type of resource given the high involvement users require to use it anyway. Additionally, the `NestedStack` class accepts a `notificationArns` as a `string[]` instead of an `sns.ITopic[]`. In both cases the API in `@aws-cdk/aws-cloudformation` (which is considered a stable module) remains unchanged with a compatibility layer added.

We took this opportunity to change the behavior of custom resources so that it won't pascal-case property names by default. This resolves #4896 and resolves #7035 and supersedes #7034.

The API in the aws-cloudformation module are still supported for backwards compatibility but marked as deprecated.
awslint: search for resource types in a case insensitive way
093f300
add assets
a3b0b8f
fix some stuffs
94beaf0
Merge remote-tracking branch 'origin/master' into benisrae/fold-cfn-2
ce4e43b
reintroduce dependency between custom resources and aws-cloudformation
60c51f6
fix eks legacy
3877e65
Merge branch 'master' into benisrae/fold-cfn-2
c03e31e
change default of pascalCaseProperties to false
b027158 
We have `true` in the compatibility layer
Update test.custom-resource.ts
79c8419
Update README.md
d190ad9
Update README.md
b73f68f
Update README.md
867a534
Update README.md
c7a6815
feat(core): custom resource provider helper
fb4b46d 
A helper for implementing simple node.js-based custom resource providers. This is a simpler framework from what is offered `@aws-cdk/custom-resources.Provider`, designed to enable implementing custom resources with minimal dependencies.

To that end, this helper uses `CfnResource` to define the AWS Lambda function and the low-level asset support that is now part of the core module.

It DOES NOT support:
- Arbitrary lambda function handlers, only node.js function.
- Asynchronous "isComplete" waiters (limited to 15min lambda timeout).

This is a precursor for implementing support for Open ID connect providers in the AWS IAM module, which is a very low-level module in our stack.
fix aws-custom-resource
2b1a4ae
Merge branch 'benisrae/fold-cfn-2' into benisrae/core-provider-2
ff9446d
Merge branch 'master' into benisrae/fold-cfn-2
b8f7ee3
fix ddb-global pascal case
48c759f
@mergify
Merge branch 'master' into benisrae/fold-cfn-2
fd18b61
move integ test from core to aws-cloudformation to break the cyclic d…
a99ebc6 
…ependency

cdk-integ depends on "cdk" which dev-depends on @aws-cdk/core
revert changes to package.json
72288aa
revert yarn.lock
46ba12b
Merge remote-tracking branch 'origin/benisrae/fold-cfn-2' into benisr…
180a621 
…ae/core-provider-2
Merge branch 'master' into benisrae/core-provider-2
6de7e58
Merge branch 'master' into benisrae/core-provider-2
0ff4aff
@eladb eladb mentioned this pull request May 5, 2020
Merged
7 tasks
@aws-cdk-automation
Copy link
Collaborator

AWS CodeBuild CI Report

  • CodeBuild project: AutoBuildProject6AEA49D1-qxepHUsryhcu
  • Commit ID: 86bfe10
  • Result: SUCCEEDED
  • Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

@aws-cdk-automation
Copy link
Collaborator

AWS CodeBuild CI Report

  • CodeBuild project: AutoBuildProject6AEA49D1-qxepHUsryhcu
  • Commit ID: 254388b
  • Result: SUCCEEDED
  • Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

@eladb eladb changed the base branch from benisrae/core-provider-2 to master May 6, 2020 07:10
@eladb eladb requested a review from rix0rrr May 6, 2020 07:16
@aws-cdk-automation
Copy link
Collaborator

AWS CodeBuild CI Report

  • CodeBuild project: AutoBuildProject6AEA49D1-qxepHUsryhcu
  • Commit ID: 67664c6
  • Result: FAILED
  • Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

@aws-cdk-automation
Copy link
Collaborator

AWS CodeBuild CI Report

  • CodeBuild project: AutoBuildProject6AEA49D1-qxepHUsryhcu
  • Commit ID: 82a7666
  • Result: SUCCEEDED
  • Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

@aws-cdk-automation
Copy link
Collaborator

AWS CodeBuild CI Report

  • CodeBuild project: AutoBuildProject6AEA49D1-qxepHUsryhcu
  • Commit ID: f8ef988
  • Result: SUCCEEDED
  • Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

rix0rrr
rix0rrr reviewed May 6, 2020
View reviewed changes
packages/@aws-cdk/aws-iam/README.md Outdated Show resolved Hide resolved
packages/@aws-cdk/aws-iam/lib/oidc-provider.ts Show resolved Hide resolved
packages/@aws-cdk/aws-iam/lib/oidc-provider.ts Show resolved Hide resolved
packages/@aws-cdk/aws-iam/README.md Outdated Show resolved Hide resolved
@rix0rrr rix0rrr added the pr/do-not-merge This PR should not be merged at this time. label May 6, 2020
rix0rrr
rix0rrr approved these changes May 6, 2020
View reviewed changes
Copy link
Contributor

@rix0rrr rix0rrr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Okay with merging this

@aws-cdk-automation
Copy link
Collaborator

AWS CodeBuild CI Report

  • CodeBuild project: AutoBuildProject6AEA49D1-qxepHUsryhcu
  • Commit ID: e325cbc
  • Result: SUCCEEDED
  • Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

@aws-cdk-automation
Copy link
Collaborator

AWS CodeBuild CI Report

  • CodeBuild project: AutoBuildProject6AEA49D1-qxepHUsryhcu
  • Commit ID: 71ba6e2
  • Result: SUCCEEDED
  • Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

@eladb eladb removed the pr/do-not-merge This PR should not be merged at this time. label May 6, 2020
@mergify
Copy link
Contributor

mergify bot commented May 6, 2020

Thank you for contributing! Your pull request will be updated from master and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

@aws-cdk-automation
Copy link
Collaborator

AWS CodeBuild CI Report

  • CodeBuild project: AutoBuildProject6AEA49D1-qxepHUsryhcu
  • Commit ID: 7bd28c8
  • Result: SUCCEEDED
  • Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

@aws-cdk-automation
Copy link
Collaborator

AWS CodeBuild CI Report

  • CodeBuild project: AutoBuildProject6AEA49D1-qxepHUsryhcu
  • Commit ID: 5d8be98
  • Result: SUCCEEDED
  • Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

@mergify
Copy link
Contributor

mergify bot commented May 6, 2020

Thank you for contributing! Your pull request will be updated from master and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

@mergify mergify bot merged commit 20621ac into master May 6, 2020
@mergify mergify bot deleted the benisrae/oidc-provider branch May 6, 2020 17:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rix0rrr rix0rrr rix0rrr approved these changes

Assignees

@rix0rrr rix0rrr

Labels
contribution/core This is a PR that came from AWS.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@eladb @aws-cdk-automation @rix0rrr