fix(cfnspec): v101.0.0 introduced specific types on several types tha…

…t previously were typed as json (#23448) This PR reverts all changes where a type changed from `Json` to a specific type in CfnSpec v101.0.0. See 3951f09 - [x] 000_AWS_Backup.json - [x] 000_AWS_CloudFormation.json - [x] 000_AWS_CodeGuruProfiler.json - [x] 000_AWS_Config.json - [x] 000_AWS_Connect.json - [x] 000_AWS_DataBrew.json - [x] 000_AWS_EC2.json - [x] 000_AWS_ECR.json - [x] 000_AWS_ElastiCache.json - [x] 000_AWS_FIS.json - [x] 000_AWS_Forecast.json - [x] 000_AWS_GreengrassV2.json - [x] 000_AWS_IoT.json - [ ] ~000_AWS_IoTAnalytics.json~ - [x] 000_AWS_IoTCoreDeviceAdvisor.json - [ ] ~000_AWS_IoTFleetWise.json~ - [x] 000_AWS_IoTSiteWise.json - [x] 000_AWS_IoTTwinMaker.json - [x] 000_AWS_IoTWireless.json - [ ] ~000_AWS_LakeFormation.json~ - [x] 000_AWS_Lex.json - [x] 000_AWS_LookoutEquipment.json - [ ] ~000_AWS_Macie.json~ - [x] 000_AWS_MemoryDB.json - [x] 000_AWS_Personalize.json - [x] 000_AWS_Redshift.json - [x] 000_AWS_Route53.json - [x] 000_AWS_S3.json - [x] 000_AWS_S3ObjectLambda.json - [x] 000_AWS_S3Outposts.json - [x] 000_AWS_SageMaker.json - [ ] ~000_AWS_Scheduler.json~ - [ ] ~000_AWS_StepFunctions.json~ - [ ] ~000_AWS_Timestream.json~ - [x] 000_AWS_Transfer.json - [x] 000_AWS_WAFv2.json ---- ### All Submissions: * [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) ### Adding new Construct Runtime Dependencies: * [ ] This PR adds new construct runtime dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-construct-runtime-dependencies) ### New Features * [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)? * [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
aws · Dec 23, 2022 · 1b4e3a4 · 1b4e3a4
1 parent 1485f48
commit 1b4e3a4
Show file tree

Hide file tree

Showing 19 changed files with 1,261 additions and 476 deletions.
diff --git a/packages/@aws-cdk/aws-ec2/lib/vpc-flow-logs.ts b/packages/@aws-cdk/aws-ec2/lib/vpc-flow-logs.ts
@@ -676,7 +676,7 @@ export class FlowLog extends FlowLogBase {
     }
 
     const flowLog = new CfnFlowLog(this, 'FlowLog', {
-      destinationOptions: renderDestinationOptions(destinationConfig.destinationOptions),
+      destinationOptions: destinationConfig.destinationOptions,
       deliverLogsPermissionArn: this.iamRole ? this.iamRole.roleArn : undefined,
       logDestinationType: destinationConfig.logDestinationType,
       logGroupName: this.logGroup ? this.logGroup.logGroupName : undefined,
@@ -694,13 +694,3 @@ export class FlowLog extends FlowLogBase {
     this.node.defaultChild = flowLog;
   }
 }
-
-function renderDestinationOptions(opts: DestinationOptions | undefined): CfnFlowLog.DestinationOptionsProperty | undefined {
-  if (opts === undefined) { return undefined; }
-
-  return {
-    fileFormat: opts.fileFormat ?? 'plain-text',
-    hiveCompatiblePartitions: opts.hiveCompatiblePartitions ?? false,
-    perHourPartition: opts.perHourPartition ?? false,
-  };
-}
diff --git a/.../test/integ.vpc-flow-logs.js.snapshot/FlowLogsDefaultTestDeployAssert6AFD1854.assets.json b/.../test/integ.vpc-flow-logs.js.snapshot/FlowLogsDefaultTestDeployAssert6AFD1854.assets.json
@@ -1,28 +1,28 @@
 {
   "version": "21.0.0",
   "files": {
-    "3074b79e05e7b98930b6449e01baa3e68b32ecff86328933c2542f7b7fe6fdac": {
+    "b54b99043c35bd080b9d9d1afce31e3541cf15b679799ba980ed40c837dcb03b": {
       "source": {
-        "path": "asset.3074b79e05e7b98930b6449e01baa3e68b32ecff86328933c2542f7b7fe6fdac.bundle",
+        "path": "asset.b54b99043c35bd080b9d9d1afce31e3541cf15b679799ba980ed40c837dcb03b.bundle",
         "packaging": "zip"
       },
       "destinations": {
         "current_account-current_region": {
           "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}",
-          "objectKey": "3074b79e05e7b98930b6449e01baa3e68b32ecff86328933c2542f7b7fe6fdac.zip",
+          "objectKey": "b54b99043c35bd080b9d9d1afce31e3541cf15b679799ba980ed40c837dcb03b.zip",
           "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}"
         }
       }
     },
-    "dd951509b1e22484b40a66a661cb8cebce3087b8cb381e3dcf02e641e5eb08cd": {
+    "1dcf759cd2c8928f5b1acfbf439f1751e25367a5ac61ba5e640ff8b78fdf89f7": {
       "source": {
         "path": "FlowLogsDefaultTestDeployAssert6AFD1854.template.json",
         "packaging": "file"
       },
       "destinations": {
         "current_account-current_region": {
           "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}",
-          "objectKey": "dd951509b1e22484b40a66a661cb8cebce3087b8cb381e3dcf02e641e5eb08cd.json",
+          "objectKey": "1dcf759cd2c8928f5b1acfbf439f1751e25367a5ac61ba5e640ff8b78fdf89f7.json",
           "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}"
         }
       }

diff --git a/...est/integ.vpc-flow-logs.js.snapshot/FlowLogsDefaultTestDeployAssert6AFD1854.template.json b/...est/integ.vpc-flow-logs.js.snapshot/FlowLogsDefaultTestDeployAssert6AFD1854.template.json
@@ -31,7 +31,7 @@
      }
     },
     "flattenResponse": "false",
-    "salt": "1668693953813"
+    "salt": "1666810703150"
    },
    "UpdateReplacePolicy": "Delete",
    "DeletionPolicy": "Delete"
@@ -115,7 +115,7 @@
      "S3Bucket": {
       "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
      },
-     "S3Key": "3074b79e05e7b98930b6449e01baa3e68b32ecff86328933c2542f7b7fe6fdac.zip"
+     "S3Key": "b54b99043c35bd080b9d9d1afce31e3541cf15b679799ba980ed40c837dcb03b.zip"
     },
     "Timeout": 120,
     "Handler": "index.handler",

diff --git a/...ges/@aws-cdk/aws-ec2/test/integ.vpc-flow-logs.js.snapshot/FlowLogsFeatureFlag.assets.json b/...ges/@aws-cdk/aws-ec2/test/integ.vpc-flow-logs.js.snapshot/FlowLogsFeatureFlag.assets.json
@@ -1,15 +1,15 @@
 {
   "version": "21.0.0",
   "files": {
-    "8f4f8db3ea3ad2d5f5678275c75dce7d9b67b46d8df7d92c62913bdc5a03cd3f": {
+    "2db53e096625b4b167fb15dd7bdc246692b381f45e28c509614fef7d41c20bc9": {
       "source": {
         "path": "FlowLogsFeatureFlag.template.json",
         "packaging": "file"
       },
       "destinations": {
         "current_account-current_region": {
           "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}",
-          "objectKey": "8f4f8db3ea3ad2d5f5678275c75dce7d9b67b46d8df7d92c62913bdc5a03cd3f.json",
+          "objectKey": "2db53e096625b4b167fb15dd7bdc246692b381f45e28c509614fef7d41c20bc9.json",
           "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}"
         }
       }

diff --git a/...s/@aws-cdk/aws-ec2/test/integ.vpc-flow-logs.js.snapshot/FlowLogsFeatureFlag.template.json b/...s/@aws-cdk/aws-ec2/test/integ.vpc-flow-logs.js.snapshot/FlowLogsFeatureFlag.template.json
@@ -524,6 +524,7 @@
      "Ref": "VPCB9E5F0B4"
     },
     "ResourceType": "VPC",
+    "TrafficType": "ALL",
     "LogDestination": {
      "Fn::GetAtt": [
       "VPCFlowLogsS3BucketFB7DC2BE",
@@ -536,8 +537,7 @@
       "Key": "Name",
       "Value": "FlowLogsFeatureFlag/VPC"
      }
-    ],
-    "TrafficType": "ALL"
+    ]
    }
   },
   "VPCFlowLogsS3WithDestinationOptionsBucket1B7AC456": {
@@ -673,10 +673,11 @@
      "Ref": "VPCB9E5F0B4"
     },
     "ResourceType": "VPC",
+    "TrafficType": "ALL",
     "DestinationOptions": {
-     "FileFormat": "plain-text",
-     "HiveCompatiblePartitions": true,
-     "PerHourPartition": false
+     "fileFormat": "plain-text",
+     "perHourPartition": false,
+     "hiveCompatiblePartitions": true
     },
     "LogDestination": {
      "Fn::GetAtt": [
@@ -690,8 +691,7 @@
       "Key": "Name",
       "Value": "FlowLogsFeatureFlag/VPC"
      }
-    ],
-    "TrafficType": "ALL"
+    ]
    }
   },
   "FlowLogsInstanceInstanceSecurityGroupF61782E0": {

diff --git a/packages/@aws-cdk/aws-ec2/test/integ.vpc-flow-logs.js.snapshot/FlowLogsTestStack.assets.json b/packages/@aws-cdk/aws-ec2/test/integ.vpc-flow-logs.js.snapshot/FlowLogsTestStack.assets.json
@@ -1,28 +1,28 @@
 {
   "version": "21.0.0",
   "files": {
-    "33e2651435a0d472a75c1e033c9832b21321d9e56711926b04c5705e5f63874c": {
+    "bb426cfb5fed5237e5928f871893b243ddf86a591a592b558bd29f60e28bad9d": {
       "source": {
-        "path": "asset.33e2651435a0d472a75c1e033c9832b21321d9e56711926b04c5705e5f63874c",
+        "path": "asset.bb426cfb5fed5237e5928f871893b243ddf86a591a592b558bd29f60e28bad9d",
         "packaging": "zip"
       },
       "destinations": {
         "current_account-current_region": {
           "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}",
-          "objectKey": "33e2651435a0d472a75c1e033c9832b21321d9e56711926b04c5705e5f63874c.zip",
+          "objectKey": "bb426cfb5fed5237e5928f871893b243ddf86a591a592b558bd29f60e28bad9d.zip",
           "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}"
         }
       }
     },
-    "23955aa16c5d59106d93ecce9cedd43aa5782fbf23bb2ef8549b2119345a6f79": {
+    "2090a74d484bc155b48d7511b99e4921b8f55e488c3fe1500cffede0cdfd33b7": {
       "source": {
         "path": "FlowLogsTestStack.template.json",
         "packaging": "file"
       },
       "destinations": {
         "current_account-current_region": {
           "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}",
-          "objectKey": "23955aa16c5d59106d93ecce9cedd43aa5782fbf23bb2ef8549b2119345a6f79.json",
+          "objectKey": "2090a74d484bc155b48d7511b99e4921b8f55e488c3fe1500cffede0cdfd33b7.json",
           "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}"
         }
       }

diff --git a/...ges/@aws-cdk/aws-ec2/test/integ.vpc-flow-logs.js.snapshot/FlowLogsTestStack.template.json b/...ges/@aws-cdk/aws-ec2/test/integ.vpc-flow-logs.js.snapshot/FlowLogsTestStack.template.json
@@ -524,6 +524,7 @@
      "Ref": "VPCB9E5F0B4"
     },
     "ResourceType": "VPC",
+    "TrafficType": "ALL",
     "LogDestination": {
      "Fn::GetAtt": [
       "VPCFlowLogsS3BucketFB7DC2BE",
@@ -536,8 +537,7 @@
       "Key": "Name",
       "Value": "FlowLogsTestStack/VPC"
      }
-    ],
-    "TrafficType": "ALL"
+    ]
    }
   },
   "VPCFlowLogsS3KeyPrefixFlowLogB57F1746": {
@@ -547,6 +547,7 @@
      "Ref": "VPCB9E5F0B4"
     },
     "ResourceType": "VPC",
+    "TrafficType": "ALL",
     "LogDestination": {
      "Fn::Join": [
       "",
@@ -567,8 +568,7 @@
       "Key": "Name",
       "Value": "FlowLogsTestStack/VPC"
      }
-    ],
-    "TrafficType": "ALL"
+    ]
    }
   },
   "FlowLogsCWIAMRole017AD736": {
@@ -643,6 +643,7 @@
      "Ref": "VPCB9E5F0B4"
     },
     "ResourceType": "VPC",
+    "TrafficType": "ALL",
     "DeliverLogsPermissionArn": {
      "Fn::GetAtt": [
       "FlowLogsCWIAMRole017AD736",
@@ -652,8 +653,7 @@
     "LogDestinationType": "cloud-watch-logs",
     "LogGroupName": {
      "Ref": "FlowLogsCWLogGroup0398E8F8"
-    },
-    "TrafficType": "ALL"
+    }
    }
   },
   "Bucket83908E77": {
@@ -888,7 +888,7 @@
      "S3Bucket": {
       "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
      },
-     "S3Key": "33e2651435a0d472a75c1e033c9832b21321d9e56711926b04c5705e5f63874c.zip"
+     "S3Key": "bb426cfb5fed5237e5928f871893b243ddf86a591a592b558bd29f60e28bad9d.zip"
     },
     "Timeout": 900,
     "MemorySize": 128,

diff --git a/.../asset.33e2651435a0d472a75c1e033c9832b21321d9e56711926b04c5705e5f63874c/__entrypoint__.js b/.../asset.33e2651435a0d472a75c1e033c9832b21321d9e56711926b04c5705e5f63874c/__entrypoint__.js
diff --git a/.../asset.60767da3831353fede3cfe92efef10580a600592dec8ccbb06c051e95b9c1b26/__entrypoint__.js b/.../asset.60767da3831353fede3cfe92efef10580a600592dec8ccbb06c051e95b9c1b26/__entrypoint__.js
diff --git a/...napshot/asset.60767da3831353fede3cfe92efef10580a600592dec8ccbb06c051e95b9c1b26/index.d.ts b/...napshot/asset.60767da3831353fede3cfe92efef10580a600592dec8ccbb06c051e95b9c1b26/index.d.ts
@@ -0,0 +1 @@
+export declare function handler(event: AWSLambda.CloudFormationCustomResourceEvent): Promise<void>;
diff --git a/...1321d9e56711926b04c5705e5f63874c/index.js → ...0a600592dec8ccbb06c051e95b9c1b26/index.js b/...1321d9e56711926b04c5705e5f63874c/index.js → ...0a600592dec8ccbb06c051e95b9c1b26/index.js
diff --git a/....snapshot/asset.60767da3831353fede3cfe92efef10580a600592dec8ccbb06c051e95b9c1b26/index.ts b/....snapshot/asset.60767da3831353fede3cfe92efef10580a600592dec8ccbb06c051e95b9c1b26/index.ts
@@ -0,0 +1,82 @@
+// eslint-disable-next-line import/no-extraneous-dependencies
+import { S3 } from 'aws-sdk';
+
+const AUTO_DELETE_OBJECTS_TAG = 'aws-cdk:auto-delete-objects';
+
+const s3 = new S3();
+
+export async function handler(event: AWSLambda.CloudFormationCustomResourceEvent) {
+  switch (event.RequestType) {
+    case 'Create':
+      return;
+    case 'Update':
+      return onUpdate(event);
+    case 'Delete':
+      return onDelete(event.ResourceProperties?.BucketName);
+  }
+}
+
+async function onUpdate(event: AWSLambda.CloudFormationCustomResourceEvent) {
+  const updateEvent = event as AWSLambda.CloudFormationCustomResourceUpdateEvent;
+  const oldBucketName = updateEvent.OldResourceProperties?.BucketName;
+  const newBucketName = updateEvent.ResourceProperties?.BucketName;
+  const bucketNameHasChanged = newBucketName != null && oldBucketName != null && newBucketName !== oldBucketName;
+
+  /* If the name of the bucket has changed, CloudFormation will try to delete the bucket
+     and create a new one with the new name. So we have to delete the contents of the
+     bucket so that this operation does not fail. */
+  if (bucketNameHasChanged) {
+    return onDelete(oldBucketName);
+  }
+}
+
+/**
+ * Recursively delete all items in the bucket
+ *
+ * @param bucketName the bucket name
+ */
+async function emptyBucket(bucketName: string) {
+  const listedObjects = await s3.listObjectVersions({ Bucket: bucketName }).promise();
+  const contents = [...listedObjects.Versions ?? [], ...listedObjects.DeleteMarkers ?? []];
+  if (contents.length === 0) {
+    return;
+  }
+
+  const records = contents.map((record: any) => ({ Key: record.Key, VersionId: record.VersionId }));
+  await s3.deleteObjects({ Bucket: bucketName, Delete: { Objects: records } }).promise();
+
+  if (listedObjects?.IsTruncated) {
+    await emptyBucket(bucketName);
+  }
+}
+
+async function onDelete(bucketName?: string) {
+  if (!bucketName) {
+    throw new Error('No BucketName was provided.');
+  }
+  if (!await isBucketTaggedForDeletion(bucketName)) {
+    process.stdout.write(`Bucket does not have '${AUTO_DELETE_OBJECTS_TAG}' tag, skipping cleaning.\n`);
+    return;
+  }
+  try {
+    await emptyBucket(bucketName);
+  } catch (e) {
+    if (e.code !== 'NoSuchBucket') {
+      throw e;
+    }
+    // Bucket doesn't exist. Ignoring
+  }
+}
+
+/**
+ * The bucket will only be tagged for deletion if it's being deleted in the same
+ * deployment as this Custom Resource.
+ *
+ * If the Custom Resource is every deleted before the bucket, it must be because
+ * `autoDeleteObjects` has been switched to false, in which case the tag would have
+ * been removed before we get to this Delete event.
+ */
+async function isBucketTaggedForDeletion(bucketName: string) {
+  const response = await s3.getBucketTagging({ Bucket: bucketName }).promise();
+  return response.TagSet.some(tag => tag.Key === AUTO_DELETE_OBJECTS_TAG && tag.Value === 'true');
+}