diff --git a/.github/workflows/issue-label-assign.yml b/.github/workflows/issue-label-assign.yml index 1e8a7ecb51f3e..181db20c10541 100644 --- a/.github/workflows/issue-label-assign.yml +++ b/.github/workflows/issue-label-assign.yml @@ -70,7 +70,6 @@ env: [ {"area":"package/tools","keywords":["cli","command line","init","synth","diff","bootstrap"],"labels":["package/tools"],"enableGlobalAffixes":false}, {"area":"@aws-cdk/alexa-ask","keywords":["alexa-ask","alexa"],"labels":["@aws-cdk/alexa-ask"]}, - {"area":"@aws-cdk/app-delivery","keywords":["app-delivery"],"labels":["@aws-cdk/app-delivery"]}, {"area":"@aws-cdk/assert","keywords":["assert"],"labels":["@aws-cdk/assert"]}, {"area":"@aws-cdk/assertions","keywords":["assertions"],"labels":["@aws-cdk/assertions"]}, {"area":"@aws-cdk/assets","keywords":["assets","staging"],"labels":["@aws-cdk/assets"]}, diff --git a/packages/@aws-cdk/app-delivery/.eslintrc.js b/packages/@aws-cdk/app-delivery/.eslintrc.js deleted file mode 100644 index 2658ee8727166..0000000000000 --- a/packages/@aws-cdk/app-delivery/.eslintrc.js +++ /dev/null @@ -1,3 +0,0 @@ -const baseConfig = require('@aws-cdk/cdk-build-tools/config/eslintrc'); -baseConfig.parserOptions.project = __dirname + '/tsconfig.json'; -module.exports = baseConfig; diff --git a/packages/@aws-cdk/app-delivery/.gitignore b/packages/@aws-cdk/app-delivery/.gitignore deleted file mode 100644 index a9f9cd7511b84..0000000000000 --- a/packages/@aws-cdk/app-delivery/.gitignore +++ /dev/null @@ -1,19 +0,0 @@ -dist -.LAST_PACKAGE -.LAST_BUILD -.jsii -.nyc_output -nyc.config.js -tsconfig.json -*.js -*.d.ts -*.snk -coverage -!.eslintrc.js - -junit.xml -!jest.config.js -!**/*.snapshot/**/asset.*/*.js -!**/*.snapshot/**/asset.*/*.d.ts - -!**/*.snapshot/**/asset.*/** diff --git a/packages/@aws-cdk/app-delivery/.npmignore b/packages/@aws-cdk/app-delivery/.npmignore deleted file mode 100644 index bb3cb4ce52e47..0000000000000 --- a/packages/@aws-cdk/app-delivery/.npmignore +++ /dev/null @@ -1,27 +0,0 @@ - -dist -.LAST_PACKAGE -.LAST_BUILD -*.ts -!*.d.ts -!*.js -coverage -.nyc_output -*.tgz -*.snk - -# Include .jsii -!.jsii - -*.tsbuildinfo - -tsconfig.json -.eslintrc.js - -# exclude cdk artifacts -**/cdk.out -junit.xml -test/ -!*.lit.ts -jest.config.js -**/*.snapshot diff --git a/packages/@aws-cdk/app-delivery/LICENSE b/packages/@aws-cdk/app-delivery/LICENSE deleted file mode 100644 index 9b722c65c5481..0000000000000 --- a/packages/@aws-cdk/app-delivery/LICENSE +++ /dev/null @@ -1,201 +0,0 @@ - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "[]" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright 2018-2023 Amazon.com, Inc. or its affiliates. All Rights Reserved. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. diff --git a/packages/@aws-cdk/app-delivery/NOTICE b/packages/@aws-cdk/app-delivery/NOTICE deleted file mode 100644 index a27b7dd317649..0000000000000 --- a/packages/@aws-cdk/app-delivery/NOTICE +++ /dev/null @@ -1,2 +0,0 @@ -AWS Cloud Development Kit (AWS CDK) -Copyright 2018-2023 Amazon.com, Inc. or its affiliates. All Rights Reserved. diff --git a/packages/@aws-cdk/app-delivery/README.md b/packages/@aws-cdk/app-delivery/README.md deleted file mode 100644 index a8f0877f19b89..0000000000000 --- a/packages/@aws-cdk/app-delivery/README.md +++ /dev/null @@ -1,186 +0,0 @@ -# Continuous Integration / Continuous Delivery for CDK Applications - - ---- - -![Deprecated](https://img.shields.io/badge/deprecated-critical.svg?style=for-the-badge) - -> This API may emit warnings. Backward compatibility is not guaranteed. - ---- - - - -This library includes a *CodePipeline* composite Action for deploying AWS CDK Applications. - -This module is part of the [AWS Cloud Development Kit](https://github.com/aws/aws-cdk) project. - - -## Replacement recommended - -This library has been deprecated. We recommend you use the -[@aws-cdk/pipelines](https://docs.aws.amazon.com/cdk/api/latest/docs/pipelines-readme.html) module instead. - - -## Limitations - -The construct library in it's current form has the following limitations: - -1. It can only deploy stacks that are hosted in the same AWS account and region as the *CodePipeline* is. -2. Stacks that make use of `Asset`s cannot be deployed successfully. - -## Getting Started - -In order to add the `PipelineDeployStackAction` to your *CodePipeline*, you need to have a *CodePipeline* artifact that -contains the result of invoking `cdk synth -o ` on your *CDK App*. You can for example achieve this using a -*CodeBuild* project. - -The example below defines a *CDK App* that contains 3 stacks: - -* `CodePipelineStack` manages the *CodePipeline* resources, and self-updates before deploying any other stack -* `ServiceStackA` and `ServiceStackB` are service infrastructure stacks, and need to be deployed in this order - -```plaintext - ┏━━━━━━━━━━━━━━━━┓ ┏━━━━━━━━━━━━━━━━┓ ┏━━━━━━━━━━━━━━━━━┓ ┏━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┓ - ┃ Source ┃ ┃ Build ┃ ┃ Self-Update ┃ ┃ Deploy ┃ - ┃ ┃ ┃ ┃ ┃ ┃ ┃ ┃ - ┃ ┌────────────┐ ┃ ┃ ┌────────────┐ ┃ ┃ ┌─────────────┐ ┃ ┃ ┌─────────────┐ ┌─────────────┐ ┃ - ┃ │ GitHub ┣━╋━━╋━▶ CodeBuild ┣━╋━━╋━▶Deploy Stack ┣━╋━━╋━▶Deploy Stack ┣━▶Deploy Stack │ ┃ - ┃ │ │ ┃ ┃ │ │ ┃ ┃ │PipelineStack│ ┃ ┃ │ServiceStackA│ │ServiceStackB│ ┃ - ┃ └────────────┘ ┃ ┃ └────────────┘ ┃ ┃ └─────────────┘ ┃ ┃ └─────────────┘ └─────────────┘ ┃ - ┗━━━━━━━━━━━━━━━━┛ ┗━━━━━━━━━━━━━━━━┛ ┗━━━━━━━━━━━━━━━━━┛ ┗━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┛ -``` - -### `index.ts` - -```ts -import * as codebuild from '@aws-cdk/aws-codebuild'; -import * as codepipeline from '@aws-cdk/aws-codepipeline'; -import * as codepipeline_actions from '@aws-cdk/aws-codepipeline-actions'; -import * as cdk from '@aws-cdk/core'; -import * as cicd from '@aws-cdk/app-delivery'; -import * as iam from '@aws-cdk/aws-iam'; - -class MyServiceStackA extends cdk.Stack {} -class MyServiceStackB extends cdk.Stack {} - -const app = new cdk.App(); - -// We define a stack that contains the CodePipeline -const pipelineStack = new cdk.Stack(app, 'PipelineStack'); -const pipeline = new codepipeline.Pipeline(pipelineStack, 'CodePipeline', { - // Mutating a CodePipeline can cause the currently propagating state to be - // "lost". Ensure we re-run the latest change through the pipeline after it's - // been mutated so we're sure the latest state is fully deployed through. - restartExecutionOnUpdate: true, - /* ... */ -}); - -// Configure the CodePipeline source - where your CDK App's source code is hosted -const sourceOutput = new codepipeline.Artifact(); -const source = new codepipeline_actions.GitHubSourceAction({ - actionName: 'GitHub', - output: sourceOutput, - owner: 'myName', - repo: 'myRepo', - oauthToken: cdk.SecretValue.unsafePlainText('secret'), -}); -pipeline.addStage({ - stageName: 'source', - actions: [source], -}); - -const project = new codebuild.PipelineProject(pipelineStack, 'CodeBuild', { - /** - * Choose an environment configuration that meets your use case. - * For NodeJS, this might be: - * - * environment: { - * buildImage: codebuild.LinuxBuildImage.UBUNTU_14_04_NODEJS_10_1_0, - * }, - */ -}); -const synthesizedApp = new codepipeline.Artifact(); -const buildAction = new codepipeline_actions.CodeBuildAction({ - actionName: 'CodeBuild', - project, - input: sourceOutput, - outputs: [synthesizedApp], -}); -pipeline.addStage({ - stageName: 'build', - actions: [buildAction], -}); - -// Optionally, self-update the pipeline stack -const selfUpdateStage = pipeline.addStage({ stageName: 'SelfUpdate' }); -selfUpdateStage.addAction(new cicd.PipelineDeployStackAction({ - stack: pipelineStack, - input: synthesizedApp, - adminPermissions: true, -})); - -// Now add our service stacks -const deployStage = pipeline.addStage({ stageName: 'Deploy' }); -const serviceStackA = new MyServiceStackA(app, 'ServiceStackA', { /* ... */ }); -// Add actions to deploy the stacks in the deploy stage: -const deployServiceAAction = new cicd.PipelineDeployStackAction({ - stack: serviceStackA, - input: synthesizedApp, - // See the note below for details about this option. - adminPermissions: false, -}); -deployStage.addAction(deployServiceAAction); -// Add the necessary permissions for you service deploy action. This role is -// is passed to CloudFormation and needs the permissions necessary to deploy -// stack. Alternatively you can enable [Administrator](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_job-functions.html#jf_administrator) permissions above, -// users should understand the privileged nature of this role. -const myResourceArn = 'arn:partition:service:region:account-id:resource-id'; -deployServiceAAction.addToDeploymentRolePolicy(new iam.PolicyStatement({ - actions: ['service:SomeAction'], - resources: [myResourceArn], - // add more Action(s) and/or Resource(s) here, as needed -})); - -const serviceStackB = new MyServiceStackB(app, 'ServiceStackB', { /* ... */ }); -deployStage.addAction(new cicd.PipelineDeployStackAction({ - stack: serviceStackB, - input: synthesizedApp, - createChangeSetRunOrder: 998, - adminPermissions: true, // no need to modify the role with admin -})); -``` - -### `buildspec.yml` - -The repository can contain a file at the root level named `buildspec.yml`, or -you can in-line the buildspec. Note that `buildspec.yaml` is not compatible. - -For example, a *TypeScript* or *Javascript* CDK App can add the following `buildspec.yml` -at the root of the repository: - -```yml -version: 0.2 -phases: - install: - commands: - # Installs the npm dependencies as defined by the `package.json` file - # present in the root directory of the package - # (`cdk init app --language=typescript` would have created one for you) - - npm install - build: - commands: - # Builds the CDK App so it can be synthesized - - npm run build - # Synthesizes the CDK App and puts the resulting artifacts into `dist` - - npm run cdk synth -- -o dist -artifacts: - # The output artifact is all the files in the `dist` directory - base-directory: dist - files: '**/*' -``` - -The `PipelineDeployStackAction` expects it's `input` to contain the result of -synthesizing a CDK App using the `cdk synth -o `. - - diff --git a/packages/@aws-cdk/app-delivery/jest.config.js b/packages/@aws-cdk/app-delivery/jest.config.js deleted file mode 100644 index 34818e1593f6b..0000000000000 --- a/packages/@aws-cdk/app-delivery/jest.config.js +++ /dev/null @@ -1,2 +0,0 @@ -const baseConfig = require('../../../tools/@aws-cdk/cdk-build-tools/config/jest.config'); -module.exports = baseConfig; diff --git a/packages/@aws-cdk/app-delivery/lib/index.ts b/packages/@aws-cdk/app-delivery/lib/index.ts deleted file mode 100644 index 5d0ab4f1eb92a..0000000000000 --- a/packages/@aws-cdk/app-delivery/lib/index.ts +++ /dev/null @@ -1 +0,0 @@ -export * from './pipeline-deploy-stack-action'; diff --git a/packages/@aws-cdk/app-delivery/lib/pipeline-deploy-stack-action.ts b/packages/@aws-cdk/app-delivery/lib/pipeline-deploy-stack-action.ts deleted file mode 100644 index 047c006e5dff1..0000000000000 --- a/packages/@aws-cdk/app-delivery/lib/pipeline-deploy-stack-action.ts +++ /dev/null @@ -1,205 +0,0 @@ -import * as cfn from '@aws-cdk/aws-cloudformation'; -import * as codepipeline from '@aws-cdk/aws-codepipeline'; -import * as cpactions from '@aws-cdk/aws-codepipeline-actions'; -import * as events from '@aws-cdk/aws-events'; -import * as iam from '@aws-cdk/aws-iam'; -import * as cxschema from '@aws-cdk/cloud-assembly-schema'; -import * as cdk from '@aws-cdk/core'; -import { Construct } from 'constructs'; - -export interface PipelineDeployStackActionProps { - /** - * The CDK stack to be deployed. - */ - readonly stack: cdk.Stack; - - /** - * The CodePipeline artifact that holds the synthesized app, which is the - * contents of the ```` when running ``cdk synth -o ``. - */ - readonly input: codepipeline.Artifact; - - /** - * The name to use when creating a ChangeSet for the stack. - * - * @default CDK-CodePipeline-ChangeSet - */ - readonly changeSetName?: string; - - /** - * The runOrder for the CodePipeline action creating the ChangeSet. - * - * @default 1 - */ - readonly createChangeSetRunOrder?: number; - - /** - * The name of the CodePipeline action creating the ChangeSet. - * - * @default 'ChangeSet' - */ - readonly createChangeSetActionName?: string; - - /** - * The runOrder for the CodePipeline action executing the ChangeSet. - * - * @default ``createChangeSetRunOrder + 1`` - */ - readonly executeChangeSetRunOrder?: number; - - /** - * The name of the CodePipeline action creating the ChangeSet. - * - * @default 'Execute' - */ - readonly executeChangeSetActionName?: string; - - /** - * IAM role to assume when deploying changes. - * - * If not specified, a fresh role is created. The role is created with zero - * permissions unless `adminPermissions` is true, in which case the role will have - * admin permissions. - * - * @default A fresh role with admin or no permissions (depending on the value of `adminPermissions`). - */ - readonly role?: iam.IRole; - - /** - * Acknowledge certain changes made as part of deployment - * - * For stacks that contain certain resources, explicit acknowledgement that AWS CloudFormation - * might create or update those resources. For example, you must specify AnonymousIAM if your - * stack template contains AWS Identity and Access Management (IAM) resources. For more - * information - * - * @see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-iam-template.html#using-iam-capabilities - * @default [AnonymousIAM, AutoExpand], unless `adminPermissions` is true - */ - readonly capabilities?: cfn.CloudFormationCapabilities[]; - - /** - * Whether to grant admin permissions to CloudFormation while deploying this template. - * - * Setting this to `true` affects the defaults for `role` and `capabilities`, if you - * don't specify any alternatives. - * - * The default role that will be created for you will have admin (i.e., `*`) - * permissions on all resources, and the deployment will have named IAM - * capabilities (i.e., able to create all IAM resources). - * - * This is a shorthand that you can use if you fully trust the templates that - * are deployed in this pipeline. If you want more fine-grained permissions, - * use `addToRolePolicy` and `capabilities` to control what the CloudFormation - * deployment is allowed to do. - */ - readonly adminPermissions: boolean; -} - -/** - * A class to deploy a stack that is part of a CDK App, using CodePipeline. - * This composite Action takes care of preparing and executing a CloudFormation ChangeSet. - * - * It currently does *not* support stacks that make use of ``Asset``s, and - * requires the deployed stack is in the same account and region where the - * CodePipeline is hosted. - */ -export class PipelineDeployStackAction implements codepipeline.IAction { - /** - * The role used by CloudFormation for the deploy action - */ - private _deploymentRole?: iam.IRole; - - private readonly stack: cdk.Stack; - private readonly prepareChangeSetAction: cpactions.CloudFormationCreateReplaceChangeSetAction; - private readonly executeChangeSetAction: cpactions.CloudFormationExecuteChangeSetAction; - - constructor(props: PipelineDeployStackActionProps) { - this.stack = props.stack; - const assets = this.stack.node.metadata.filter(md => md.type === cxschema.ArtifactMetadataEntryType.ASSET); - if (assets.length > 0) { - // FIXME: Implement the necessary actions to publish assets - throw new Error(`Cannot deploy the stack ${this.stack.stackName} because it references ${assets.length} asset(s)`); - } - - const createChangeSetRunOrder = props.createChangeSetRunOrder || 1; - const executeChangeSetRunOrder = props.executeChangeSetRunOrder || (createChangeSetRunOrder + 1); - if (createChangeSetRunOrder >= executeChangeSetRunOrder) { - throw new Error(`createChangeSetRunOrder (${createChangeSetRunOrder}) must be < executeChangeSetRunOrder (${executeChangeSetRunOrder})`); - } - - const changeSetName = props.changeSetName || 'CDK-CodePipeline-ChangeSet'; - const capabilities = cfnCapabilities(props.adminPermissions, props.capabilities); - this.prepareChangeSetAction = new cpactions.CloudFormationCreateReplaceChangeSetAction({ - actionName: props.createChangeSetActionName ?? 'ChangeSet', - changeSetName, - runOrder: createChangeSetRunOrder, - stackName: props.stack.stackName, - templatePath: props.input.atPath(props.stack.templateFile), - adminPermissions: props.adminPermissions, - deploymentRole: props.role, - capabilities, - }); - this.executeChangeSetAction = new cpactions.CloudFormationExecuteChangeSetAction({ - actionName: props.executeChangeSetActionName ?? 'Execute', - changeSetName, - runOrder: executeChangeSetRunOrder, - stackName: this.stack.stackName, - }); - } - - public bind(scope: Construct, stage: codepipeline.IStage, options: codepipeline.ActionBindOptions): - codepipeline.ActionConfig { - if (this.stack.environment !== cdk.Stack.of(scope).environment) { - // FIXME: Add the necessary to extend to stacks in a different account - throw new Error('Cross-environment deployment is not supported'); - } - - stage.addAction(this.prepareChangeSetAction); - this._deploymentRole = this.prepareChangeSetAction.deploymentRole; - - return this.executeChangeSetAction.bind(scope, stage, options); - } - - public get deploymentRole(): iam.IRole { - if (!this._deploymentRole) { - throw new Error('Use this action in a pipeline first before accessing \'deploymentRole\''); - } - - return this._deploymentRole; - } - - /** - * Add policy statements to the role deploying the stack. - * - * This role is passed to CloudFormation and must have the IAM permissions - * necessary to deploy the stack or you can grant this role `adminPermissions` - * by using that option during creation. If you do not grant - * `adminPermissions` you need to identify the proper statements to add to - * this role based on the CloudFormation Resources in your stack. - */ - public addToDeploymentRolePolicy(statement: iam.PolicyStatement) { - this.deploymentRole.addToPolicy(statement); - } - - public onStateChange(name: string, target?: events.IRuleTarget, options?: events.RuleProps): events.Rule { - return this.executeChangeSetAction.onStateChange(name, target, options); - } - - public get actionProperties(): codepipeline.ActionProperties { - return this.executeChangeSetAction.actionProperties; - } -} - -function cfnCapabilities(adminPermissions: boolean, capabilities?: cfn.CloudFormationCapabilities[]): cfn.CloudFormationCapabilities[] { - if (adminPermissions && capabilities === undefined) { - // admin true default capability to NamedIAM and AutoExpand - return [cfn.CloudFormationCapabilities.NAMED_IAM, cfn.CloudFormationCapabilities.AUTO_EXPAND]; - } else if (capabilities === undefined) { - // else capabilities are undefined set AnonymousIAM and AutoExpand - return [cfn.CloudFormationCapabilities.ANONYMOUS_IAM, cfn.CloudFormationCapabilities.AUTO_EXPAND]; - } else { - // else capabilities are defined use them - return capabilities; - } -} diff --git a/packages/@aws-cdk/app-delivery/package.json b/packages/@aws-cdk/app-delivery/package.json deleted file mode 100644 index 5cafe2d64624c..0000000000000 --- a/packages/@aws-cdk/app-delivery/package.json +++ /dev/null @@ -1,131 +0,0 @@ -{ - "name": "@aws-cdk/app-delivery", - "description": "Continuous Integration / Continuous Delivery for CDK Applications", - "deprecated": "Use the @aws-cdk/pipelines module instead", - "private": true, - "version": "0.0.0", - "main": "lib/index.js", - "types": "lib/index.d.ts", - "jsii": { - "targets": { - "java": { - "maven": { - "groupId": "software.amazon.awscdk", - "artifactId": "cdk-app-delivery" - }, - "package": "software.amazon.awscdk.appdelivery" - }, - "dotnet": { - "namespace": "Amazon.CDK.AppDelivery", - "packageId": "Amazon.CDK.AppDelivery", - "iconUrl": "https://raw.githubusercontent.com/aws/aws-cdk/main/logo/default-256-dark.png" - }, - "python": { - "distName": "aws-cdk.app-delivery", - "module": "aws_cdk.app_delivery", - "classifiers": [ - "Framework :: AWS CDK", - "Framework :: AWS CDK :: 2" - ] - } - }, - "outdir": "dist", - "projectReferences": true, - "metadata": { - "jsii": { - "rosetta": { - "strict": true - } - } - } - }, - "scripts": { - "build": "cdk-build", - "package": "cdk-package", - "pkglint": "pkglint -f", - "test": "cdk-test", - "watch": "cdk-watch", - "lint": "cdk-lint", - "integ": "integ-runner", - "awslint": "cdk-awslint", - "build+test+package": "yarn build+test && yarn package", - "build+test": "yarn build && yarn test", - "compat": "cdk-compat", - "rosetta:extract": "yarn --silent jsii-rosetta extract", - "build+extract": "yarn build && yarn rosetta:extract", - "build+test+extract": "yarn build+test && yarn rosetta:extract" - }, - "dependencies": { - "@aws-cdk/aws-cloudformation": "0.0.0", - "@aws-cdk/aws-codebuild": "0.0.0", - "@aws-cdk/aws-codepipeline": "0.0.0", - "@aws-cdk/aws-codepipeline-actions": "0.0.0", - "@aws-cdk/aws-events": "0.0.0", - "@aws-cdk/aws-iam": "0.0.0", - "@aws-cdk/cloud-assembly-schema": "0.0.0", - "@aws-cdk/core": "0.0.0", - "@aws-cdk/cx-api": "0.0.0", - "constructs": "^10.0.0" - }, - "devDependencies": { - "@aws-cdk/assertions": "0.0.0", - "@aws-cdk/aws-s3": "0.0.0", - "@aws-cdk/cdk-build-tools": "0.0.0", - "@aws-cdk/integ-runner": "0.0.0", - "@aws-cdk/pkglint": "0.0.0", - "@types/jest": "^27.5.2", - "fast-check": "^2.25.0", - "jest": "^27.5.1" - }, - "repository": { - "type": "git", - "url": "https://github.com/aws/aws-cdk.git", - "directory": "packages/@aws-cdk/app-delivery" - }, - "homepage": "https://github.com/aws/aws-cdk", - "license": "Apache-2.0", - "author": { - "name": "Amazon Web Services", - "url": "https://aws.amazon.com", - "organization": true - }, - "keywords": [ - "aws", - "cdk" - ], - "peerDependencies": { - "@aws-cdk/aws-cloudformation": "0.0.0", - "@aws-cdk/aws-codebuild": "0.0.0", - "@aws-cdk/aws-codepipeline": "0.0.0", - "@aws-cdk/aws-codepipeline-actions": "0.0.0", - "@aws-cdk/aws-events": "0.0.0", - "@aws-cdk/aws-iam": "0.0.0", - "@aws-cdk/cloud-assembly-schema": "0.0.0", - "@aws-cdk/core": "0.0.0", - "@aws-cdk/cx-api": "0.0.0", - "constructs": "^10.0.0" - }, - "engines": { - "node": ">= 14.15.0" - }, - "stability": "deprecated", - "maturity": "deprecated", - "nyc": { - "statements": 75 - }, - "awslint": { - "exclude": [ - "docs-public-apis:@aws-cdk/app-delivery.PipelineDeployStackAction.actionProperties", - "docs-public-apis:@aws-cdk/app-delivery.PipelineDeployStackAction.deploymentRole", - "docs-public-apis:@aws-cdk/app-delivery.PipelineDeployStackAction.bind", - "docs-public-apis:@aws-cdk/app-delivery.PipelineDeployStackAction.onStateChange", - "docs-public-apis:@aws-cdk/app-delivery.PipelineDeployStackActionProps" - ] - }, - "awscdkio": { - "announce": false - }, - "publishConfig": { - "tag": "next" - } -} diff --git a/packages/@aws-cdk/app-delivery/test/integ.cicd.js.snapshot/CICD.assets.json b/packages/@aws-cdk/app-delivery/test/integ.cicd.js.snapshot/CICD.assets.json deleted file mode 100644 index 4f1eaebedd538..0000000000000 --- a/packages/@aws-cdk/app-delivery/test/integ.cicd.js.snapshot/CICD.assets.json +++ /dev/null @@ -1,19 +0,0 @@ -{ - "version": "20.0.0", - "files": { - "4844d07f1e19de1a0f6926b94b9bc19bf4e39bbb14b8511dee5d345f776182c7": { - "source": { - "path": "CICD.template.json", - "packaging": "file" - }, - "destinations": { - "current_account-current_region": { - "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "4844d07f1e19de1a0f6926b94b9bc19bf4e39bbb14b8511dee5d345f776182c7.json", - "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" - } - } - } - }, - "dockerImages": {} -} \ No newline at end of file diff --git a/packages/@aws-cdk/app-delivery/test/integ.cicd.js.snapshot/CICD.template.json b/packages/@aws-cdk/app-delivery/test/integ.cicd.js.snapshot/CICD.template.json deleted file mode 100644 index 5386674ce824b..0000000000000 --- a/packages/@aws-cdk/app-delivery/test/integ.cicd.js.snapshot/CICD.template.json +++ /dev/null @@ -1,506 +0,0 @@ -{ - "Resources": { - "ArtifactBucket7410C9EF": { - "Type": "AWS::S3::Bucket", - "UpdateReplacePolicy": "Delete", - "DeletionPolicy": "Delete" - }, - "CodePipelineRoleB3A660B4": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "codepipeline.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - } - } - }, - "CodePipelineRoleDefaultPolicy8D520A8D": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": [ - "s3:Abort*", - "s3:DeleteObject*", - "s3:GetBucket*", - "s3:GetObject*", - "s3:List*", - "s3:PutObject", - "s3:PutObjectLegalHold", - "s3:PutObjectRetention", - "s3:PutObjectTagging", - "s3:PutObjectVersionTagging" - ], - "Effect": "Allow", - "Resource": [ - { - "Fn::GetAtt": [ - "ArtifactBucket7410C9EF", - "Arn" - ] - }, - { - "Fn::Join": [ - "", - [ - { - "Fn::GetAtt": [ - "ArtifactBucket7410C9EF", - "Arn" - ] - }, - "/*" - ] - ] - } - ] - }, - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Resource": [ - { - "Fn::GetAtt": [ - "CodePipelineDeployChangeSetCodePipelineActionRoleB3BCDD8A", - "Arn" - ] - }, - { - "Fn::GetAtt": [ - "CodePipelineDeployExecuteCodePipelineActionRoleAE36AF49", - "Arn" - ] - } - ] - } - ], - "Version": "2012-10-17" - }, - "PolicyName": "CodePipelineRoleDefaultPolicy8D520A8D", - "Roles": [ - { - "Ref": "CodePipelineRoleB3A660B4" - } - ] - } - }, - "CodePipelineB74E5936": { - "Type": "AWS::CodePipeline::Pipeline", - "Properties": { - "RoleArn": { - "Fn::GetAtt": [ - "CodePipelineRoleB3A660B4", - "Arn" - ] - }, - "Stages": [ - { - "Actions": [ - { - "ActionTypeId": { - "Category": "Source", - "Owner": "ThirdParty", - "Provider": "GitHub", - "Version": "1" - }, - "Configuration": { - "Owner": "awslabs", - "Repo": "aws-cdk", - "Branch": "master", - "OAuthToken": "DummyToken", - "PollForSourceChanges": true - }, - "Name": "GitHub", - "OutputArtifacts": [ - { - "Name": "Artifact_CICDGitHubF8BA7ADD" - } - ], - "RunOrder": 1 - } - ], - "Name": "Source" - }, - { - "Actions": [ - { - "ActionTypeId": { - "Category": "Deploy", - "Owner": "AWS", - "Provider": "CloudFormation", - "Version": "1" - }, - "Configuration": { - "StackName": "CICD", - "RoleArn": { - "Fn::GetAtt": [ - "CodePipelineDeployChangeSetRoleF9F2B343", - "Arn" - ] - }, - "ActionMode": "CHANGE_SET_REPLACE", - "ChangeSetName": "CICD-ChangeSet", - "TemplatePath": "Artifact_CICDGitHubF8BA7ADD::CICD.template.json" - }, - "InputArtifacts": [ - { - "Name": "Artifact_CICDGitHubF8BA7ADD" - } - ], - "Name": "ChangeSet", - "RoleArn": { - "Fn::GetAtt": [ - "CodePipelineDeployChangeSetCodePipelineActionRoleB3BCDD8A", - "Arn" - ] - }, - "RunOrder": 10 - }, - { - "ActionTypeId": { - "Category": "Deploy", - "Owner": "AWS", - "Provider": "CloudFormation", - "Version": "1" - }, - "Configuration": { - "StackName": "CICD", - "ActionMode": "CHANGE_SET_EXECUTE", - "ChangeSetName": "CICD-ChangeSet" - }, - "Name": "Execute", - "RoleArn": { - "Fn::GetAtt": [ - "CodePipelineDeployExecuteCodePipelineActionRoleAE36AF49", - "Arn" - ] - }, - "RunOrder": 999 - } - ], - "Name": "Deploy" - } - ], - "ArtifactStore": { - "Location": { - "Ref": "ArtifactBucket7410C9EF" - }, - "Type": "S3" - } - }, - "DependsOn": [ - "CodePipelineRoleDefaultPolicy8D520A8D", - "CodePipelineRoleB3A660B4" - ] - }, - "CodePipelineDeployExecuteCodePipelineActionRoleAE36AF49": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":root" - ] - ] - } - } - } - ], - "Version": "2012-10-17" - } - } - }, - "CodePipelineDeployExecuteCodePipelineActionRoleDefaultPolicy2B66E78C": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": [ - "cloudformation:DescribeChangeSet", - "cloudformation:DescribeStacks", - "cloudformation:ExecuteChangeSet" - ], - "Condition": { - "StringEqualsIfExists": { - "cloudformation:ChangeSetName": "CICD-ChangeSet" - } - }, - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":cloudformation:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":stack/CICD/*" - ] - ] - } - } - ], - "Version": "2012-10-17" - }, - "PolicyName": "CodePipelineDeployExecuteCodePipelineActionRoleDefaultPolicy2B66E78C", - "Roles": [ - { - "Ref": "CodePipelineDeployExecuteCodePipelineActionRoleAE36AF49" - } - ] - } - }, - "CodePipelineDeployChangeSetCodePipelineActionRoleB3BCDD8A": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":root" - ] - ] - } - } - } - ], - "Version": "2012-10-17" - } - } - }, - "CodePipelineDeployChangeSetCodePipelineActionRoleDefaultPolicy87FA0C1E": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": "iam:PassRole", - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "CodePipelineDeployChangeSetRoleF9F2B343", - "Arn" - ] - } - }, - { - "Action": [ - "s3:GetBucket*", - "s3:GetObject*", - "s3:List*" - ], - "Effect": "Allow", - "Resource": [ - { - "Fn::GetAtt": [ - "ArtifactBucket7410C9EF", - "Arn" - ] - }, - { - "Fn::Join": [ - "", - [ - { - "Fn::GetAtt": [ - "ArtifactBucket7410C9EF", - "Arn" - ] - }, - "/*" - ] - ] - } - ] - }, - { - "Action": [ - "cloudformation:CreateChangeSet", - "cloudformation:DeleteChangeSet", - "cloudformation:DescribeChangeSet", - "cloudformation:DescribeStacks" - ], - "Condition": { - "StringEqualsIfExists": { - "cloudformation:ChangeSetName": "CICD-ChangeSet" - } - }, - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":cloudformation:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":stack/CICD/*" - ] - ] - } - } - ], - "Version": "2012-10-17" - }, - "PolicyName": "CodePipelineDeployChangeSetCodePipelineActionRoleDefaultPolicy87FA0C1E", - "Roles": [ - { - "Ref": "CodePipelineDeployChangeSetCodePipelineActionRoleB3BCDD8A" - } - ] - } - }, - "CodePipelineDeployChangeSetRoleF9F2B343": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "cloudformation.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - } - } - }, - "CodePipelineDeployChangeSetRoleDefaultPolicy289820BE": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": [ - "s3:GetBucket*", - "s3:GetObject*", - "s3:List*" - ], - "Effect": "Allow", - "Resource": [ - { - "Fn::GetAtt": [ - "ArtifactBucket7410C9EF", - "Arn" - ] - }, - { - "Fn::Join": [ - "", - [ - { - "Fn::GetAtt": [ - "ArtifactBucket7410C9EF", - "Arn" - ] - }, - "/*" - ] - ] - } - ] - } - ], - "Version": "2012-10-17" - }, - "PolicyName": "CodePipelineDeployChangeSetRoleDefaultPolicy289820BE", - "Roles": [ - { - "Ref": "CodePipelineDeployChangeSetRoleF9F2B343" - } - ] - } - } - }, - "Parameters": { - "BootstrapVersion": { - "Type": "AWS::SSM::Parameter::Value", - "Default": "/cdk-bootstrap/hnb659fds/version", - "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" - } - }, - "Rules": { - "CheckBootstrapVersion": { - "Assertions": [ - { - "Assert": { - "Fn::Not": [ - { - "Fn::Contains": [ - [ - "1", - "2", - "3", - "4", - "5" - ], - { - "Ref": "BootstrapVersion" - } - ] - } - ] - }, - "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." - } - ] - } - } -} \ No newline at end of file diff --git a/packages/@aws-cdk/app-delivery/test/integ.cicd.js.snapshot/cdk.out b/packages/@aws-cdk/app-delivery/test/integ.cicd.js.snapshot/cdk.out deleted file mode 100644 index 588d7b269d34f..0000000000000 --- a/packages/@aws-cdk/app-delivery/test/integ.cicd.js.snapshot/cdk.out +++ /dev/null @@ -1 +0,0 @@ -{"version":"20.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk/app-delivery/test/integ.cicd.js.snapshot/integ.json b/packages/@aws-cdk/app-delivery/test/integ.cicd.js.snapshot/integ.json deleted file mode 100644 index 0d70306fbd254..0000000000000 --- a/packages/@aws-cdk/app-delivery/test/integ.cicd.js.snapshot/integ.json +++ /dev/null @@ -1,14 +0,0 @@ -{ - "version": "20.0.0", - "testCases": { - "integ.cicd": { - "stacks": [ - "CICD" - ], - "diffAssets": false, - "stackUpdateWorkflow": true - } - }, - "synthContext": {}, - "enableLookups": false -} \ No newline at end of file diff --git a/packages/@aws-cdk/app-delivery/test/integ.cicd.js.snapshot/manifest.json b/packages/@aws-cdk/app-delivery/test/integ.cicd.js.snapshot/manifest.json deleted file mode 100644 index 79550f2289dd9..0000000000000 --- a/packages/@aws-cdk/app-delivery/test/integ.cicd.js.snapshot/manifest.json +++ /dev/null @@ -1,118 +0,0 @@ -{ - "version": "20.0.0", - "artifacts": { - "Tree": { - "type": "cdk:tree", - "properties": { - "file": "tree.json" - } - }, - "CICD.assets": { - "type": "cdk:asset-manifest", - "properties": { - "file": "CICD.assets.json", - "requiresBootstrapStackVersion": 6, - "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" - } - }, - "CICD": { - "type": "aws:cloudformation:stack", - "environment": "aws://unknown-account/unknown-region", - "properties": { - "templateFile": "CICD.template.json", - "validateOnSynth": false, - "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", - "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/4844d07f1e19de1a0f6926b94b9bc19bf4e39bbb14b8511dee5d345f776182c7.json", - "requiresBootstrapStackVersion": 6, - "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", - "additionalDependencies": [ - "CICD.assets" - ], - "lookupRole": { - "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", - "requiresBootstrapStackVersion": 8, - "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" - } - }, - "dependencies": [ - "CICD.assets" - ], - "metadata": { - "/CICD/ArtifactBucket/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "ArtifactBucket7410C9EF" - } - ], - "/CICD/CodePipeline/Role/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "CodePipelineRoleB3A660B4" - } - ], - "/CICD/CodePipeline/Role/DefaultPolicy/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "CodePipelineRoleDefaultPolicy8D520A8D" - } - ], - "/CICD/CodePipeline/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "CodePipelineB74E5936" - } - ], - "/CICD/CodePipeline/Deploy/Execute/CodePipelineActionRole/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "CodePipelineDeployExecuteCodePipelineActionRoleAE36AF49" - } - ], - "/CICD/CodePipeline/Deploy/Execute/CodePipelineActionRole/DefaultPolicy/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "CodePipelineDeployExecuteCodePipelineActionRoleDefaultPolicy2B66E78C" - } - ], - "/CICD/CodePipeline/Deploy/ChangeSet/CodePipelineActionRole/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "CodePipelineDeployChangeSetCodePipelineActionRoleB3BCDD8A" - } - ], - "/CICD/CodePipeline/Deploy/ChangeSet/CodePipelineActionRole/DefaultPolicy/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "CodePipelineDeployChangeSetCodePipelineActionRoleDefaultPolicy87FA0C1E" - } - ], - "/CICD/CodePipeline/Deploy/ChangeSet/Role/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "CodePipelineDeployChangeSetRoleF9F2B343" - } - ], - "/CICD/CodePipeline/Deploy/ChangeSet/Role/DefaultPolicy/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "CodePipelineDeployChangeSetRoleDefaultPolicy289820BE" - } - ], - "/CICD/BootstrapVersion": [ - { - "type": "aws:cdk:logicalId", - "data": "BootstrapVersion" - } - ], - "/CICD/CheckBootstrapVersion": [ - { - "type": "aws:cdk:logicalId", - "data": "CheckBootstrapVersion" - } - ] - }, - "displayName": "CICD" - } - } -} \ No newline at end of file diff --git a/packages/@aws-cdk/app-delivery/test/integ.cicd.js.snapshot/tree.json b/packages/@aws-cdk/app-delivery/test/integ.cicd.js.snapshot/tree.json deleted file mode 100644 index 050d661c67e70..0000000000000 --- a/packages/@aws-cdk/app-delivery/test/integ.cicd.js.snapshot/tree.json +++ /dev/null @@ -1,738 +0,0 @@ -{ - "version": "tree-0.1", - "tree": { - "id": "App", - "path": "", - "children": { - "Tree": { - "id": "Tree", - "path": "Tree", - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.1.85" - } - }, - "CICD": { - "id": "CICD", - "path": "CICD", - "children": { - "ArtifactBucket": { - "id": "ArtifactBucket", - "path": "CICD/ArtifactBucket", - "children": { - "Resource": { - "id": "Resource", - "path": "CICD/ArtifactBucket/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::S3::Bucket", - "aws:cdk:cloudformation:props": {} - }, - "constructInfo": { - "fqn": "@aws-cdk/aws-s3.CfnBucket", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "@aws-cdk/aws-s3.Bucket", - "version": "0.0.0" - } - }, - "CodePipeline": { - "id": "CodePipeline", - "path": "CICD/CodePipeline", - "children": { - "Role": { - "id": "Role", - "path": "CICD/CodePipeline/Role", - "children": { - "Resource": { - "id": "Resource", - "path": "CICD/CodePipeline/Role/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::IAM::Role", - "aws:cdk:cloudformation:props": { - "assumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "codepipeline.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - } - } - }, - "constructInfo": { - "fqn": "@aws-cdk/aws-iam.CfnRole", - "version": "0.0.0" - } - }, - "DefaultPolicy": { - "id": "DefaultPolicy", - "path": "CICD/CodePipeline/Role/DefaultPolicy", - "children": { - "Resource": { - "id": "Resource", - "path": "CICD/CodePipeline/Role/DefaultPolicy/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::IAM::Policy", - "aws:cdk:cloudformation:props": { - "policyDocument": { - "Statement": [ - { - "Action": [ - "s3:Abort*", - "s3:DeleteObject*", - "s3:GetBucket*", - "s3:GetObject*", - "s3:List*", - "s3:PutObject", - "s3:PutObjectLegalHold", - "s3:PutObjectRetention", - "s3:PutObjectTagging", - "s3:PutObjectVersionTagging" - ], - "Effect": "Allow", - "Resource": [ - { - "Fn::GetAtt": [ - "ArtifactBucket7410C9EF", - "Arn" - ] - }, - { - "Fn::Join": [ - "", - [ - { - "Fn::GetAtt": [ - "ArtifactBucket7410C9EF", - "Arn" - ] - }, - "/*" - ] - ] - } - ] - }, - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Resource": [ - { - "Fn::GetAtt": [ - "CodePipelineDeployChangeSetCodePipelineActionRoleB3BCDD8A", - "Arn" - ] - }, - { - "Fn::GetAtt": [ - "CodePipelineDeployExecuteCodePipelineActionRoleAE36AF49", - "Arn" - ] - } - ] - } - ], - "Version": "2012-10-17" - }, - "policyName": "CodePipelineRoleDefaultPolicy8D520A8D", - "roles": [ - { - "Ref": "CodePipelineRoleB3A660B4" - } - ] - } - }, - "constructInfo": { - "fqn": "@aws-cdk/aws-iam.CfnPolicy", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "@aws-cdk/aws-iam.Policy", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "@aws-cdk/aws-iam.Role", - "version": "0.0.0" - } - }, - "Resource": { - "id": "Resource", - "path": "CICD/CodePipeline/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::CodePipeline::Pipeline", - "aws:cdk:cloudformation:props": { - "roleArn": { - "Fn::GetAtt": [ - "CodePipelineRoleB3A660B4", - "Arn" - ] - }, - "stages": [ - { - "name": "Source", - "actions": [ - { - "name": "GitHub", - "outputArtifacts": [ - { - "name": "Artifact_CICDGitHubF8BA7ADD" - } - ], - "actionTypeId": { - "category": "Source", - "version": "1", - "owner": "ThirdParty", - "provider": "GitHub" - }, - "configuration": { - "Owner": "awslabs", - "Repo": "aws-cdk", - "Branch": "master", - "OAuthToken": "DummyToken", - "PollForSourceChanges": true - }, - "runOrder": 1 - } - ] - }, - { - "name": "Deploy", - "actions": [ - { - "name": "ChangeSet", - "inputArtifacts": [ - { - "name": "Artifact_CICDGitHubF8BA7ADD" - } - ], - "actionTypeId": { - "category": "Deploy", - "version": "1", - "owner": "AWS", - "provider": "CloudFormation" - }, - "configuration": { - "StackName": "CICD", - "RoleArn": { - "Fn::GetAtt": [ - "CodePipelineDeployChangeSetRoleF9F2B343", - "Arn" - ] - }, - "ActionMode": "CHANGE_SET_REPLACE", - "ChangeSetName": "CICD-ChangeSet", - "TemplatePath": "Artifact_CICDGitHubF8BA7ADD::CICD.template.json" - }, - "runOrder": 10, - "roleArn": { - "Fn::GetAtt": [ - "CodePipelineDeployChangeSetCodePipelineActionRoleB3BCDD8A", - "Arn" - ] - } - }, - { - "name": "Execute", - "actionTypeId": { - "category": "Deploy", - "version": "1", - "owner": "AWS", - "provider": "CloudFormation" - }, - "configuration": { - "StackName": "CICD", - "ActionMode": "CHANGE_SET_EXECUTE", - "ChangeSetName": "CICD-ChangeSet" - }, - "runOrder": 999, - "roleArn": { - "Fn::GetAtt": [ - "CodePipelineDeployExecuteCodePipelineActionRoleAE36AF49", - "Arn" - ] - } - } - ] - } - ], - "artifactStore": { - "type": "S3", - "location": { - "Ref": "ArtifactBucket7410C9EF" - } - } - } - }, - "constructInfo": { - "fqn": "@aws-cdk/aws-codepipeline.CfnPipeline", - "version": "0.0.0" - } - }, - "Source": { - "id": "Source", - "path": "CICD/CodePipeline/Source", - "children": { - "GitHub": { - "id": "GitHub", - "path": "CICD/CodePipeline/Source/GitHub", - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.1.85" - } - } - }, - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.1.85" - } - }, - "Deploy": { - "id": "Deploy", - "path": "CICD/CodePipeline/Deploy", - "children": { - "Execute": { - "id": "Execute", - "path": "CICD/CodePipeline/Deploy/Execute", - "children": { - "CodePipelineActionRole": { - "id": "CodePipelineActionRole", - "path": "CICD/CodePipeline/Deploy/Execute/CodePipelineActionRole", - "children": { - "Resource": { - "id": "Resource", - "path": "CICD/CodePipeline/Deploy/Execute/CodePipelineActionRole/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::IAM::Role", - "aws:cdk:cloudformation:props": { - "assumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":root" - ] - ] - } - } - } - ], - "Version": "2012-10-17" - } - } - }, - "constructInfo": { - "fqn": "@aws-cdk/aws-iam.CfnRole", - "version": "0.0.0" - } - }, - "8389e75f-0810-4838-bf64-d6f85a95cf83": { - "id": "8389e75f-0810-4838-bf64-d6f85a95cf83", - "path": "CICD/CodePipeline/Deploy/Execute/CodePipelineActionRole/8389e75f-0810-4838-bf64-d6f85a95cf83", - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.1.85" - } - }, - "DefaultPolicy": { - "id": "DefaultPolicy", - "path": "CICD/CodePipeline/Deploy/Execute/CodePipelineActionRole/DefaultPolicy", - "children": { - "Resource": { - "id": "Resource", - "path": "CICD/CodePipeline/Deploy/Execute/CodePipelineActionRole/DefaultPolicy/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::IAM::Policy", - "aws:cdk:cloudformation:props": { - "policyDocument": { - "Statement": [ - { - "Action": [ - "cloudformation:DescribeChangeSet", - "cloudformation:DescribeStacks", - "cloudformation:ExecuteChangeSet" - ], - "Condition": { - "StringEqualsIfExists": { - "cloudformation:ChangeSetName": "CICD-ChangeSet" - } - }, - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":cloudformation:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":stack/CICD/*" - ] - ] - } - } - ], - "Version": "2012-10-17" - }, - "policyName": "CodePipelineDeployExecuteCodePipelineActionRoleDefaultPolicy2B66E78C", - "roles": [ - { - "Ref": "CodePipelineDeployExecuteCodePipelineActionRoleAE36AF49" - } - ] - } - }, - "constructInfo": { - "fqn": "@aws-cdk/aws-iam.CfnPolicy", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "@aws-cdk/aws-iam.Policy", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "@aws-cdk/aws-iam.Role", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.1.85" - } - }, - "ChangeSet": { - "id": "ChangeSet", - "path": "CICD/CodePipeline/Deploy/ChangeSet", - "children": { - "CodePipelineActionRole": { - "id": "CodePipelineActionRole", - "path": "CICD/CodePipeline/Deploy/ChangeSet/CodePipelineActionRole", - "children": { - "Resource": { - "id": "Resource", - "path": "CICD/CodePipeline/Deploy/ChangeSet/CodePipelineActionRole/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::IAM::Role", - "aws:cdk:cloudformation:props": { - "assumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":root" - ] - ] - } - } - } - ], - "Version": "2012-10-17" - } - } - }, - "constructInfo": { - "fqn": "@aws-cdk/aws-iam.CfnRole", - "version": "0.0.0" - } - }, - "8389e75f-0810-4838-bf64-d6f85a95cf83": { - "id": "8389e75f-0810-4838-bf64-d6f85a95cf83", - "path": "CICD/CodePipeline/Deploy/ChangeSet/CodePipelineActionRole/8389e75f-0810-4838-bf64-d6f85a95cf83", - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.1.85" - } - }, - "DefaultPolicy": { - "id": "DefaultPolicy", - "path": "CICD/CodePipeline/Deploy/ChangeSet/CodePipelineActionRole/DefaultPolicy", - "children": { - "Resource": { - "id": "Resource", - "path": "CICD/CodePipeline/Deploy/ChangeSet/CodePipelineActionRole/DefaultPolicy/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::IAM::Policy", - "aws:cdk:cloudformation:props": { - "policyDocument": { - "Statement": [ - { - "Action": "iam:PassRole", - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "CodePipelineDeployChangeSetRoleF9F2B343", - "Arn" - ] - } - }, - { - "Action": [ - "s3:GetBucket*", - "s3:GetObject*", - "s3:List*" - ], - "Effect": "Allow", - "Resource": [ - { - "Fn::GetAtt": [ - "ArtifactBucket7410C9EF", - "Arn" - ] - }, - { - "Fn::Join": [ - "", - [ - { - "Fn::GetAtt": [ - "ArtifactBucket7410C9EF", - "Arn" - ] - }, - "/*" - ] - ] - } - ] - }, - { - "Action": [ - "cloudformation:CreateChangeSet", - "cloudformation:DeleteChangeSet", - "cloudformation:DescribeChangeSet", - "cloudformation:DescribeStacks" - ], - "Condition": { - "StringEqualsIfExists": { - "cloudformation:ChangeSetName": "CICD-ChangeSet" - } - }, - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":cloudformation:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":stack/CICD/*" - ] - ] - } - } - ], - "Version": "2012-10-17" - }, - "policyName": "CodePipelineDeployChangeSetCodePipelineActionRoleDefaultPolicy87FA0C1E", - "roles": [ - { - "Ref": "CodePipelineDeployChangeSetCodePipelineActionRoleB3BCDD8A" - } - ] - } - }, - "constructInfo": { - "fqn": "@aws-cdk/aws-iam.CfnPolicy", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "@aws-cdk/aws-iam.Policy", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "@aws-cdk/aws-iam.Role", - "version": "0.0.0" - } - }, - "Role": { - "id": "Role", - "path": "CICD/CodePipeline/Deploy/ChangeSet/Role", - "children": { - "Resource": { - "id": "Resource", - "path": "CICD/CodePipeline/Deploy/ChangeSet/Role/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::IAM::Role", - "aws:cdk:cloudformation:props": { - "assumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "cloudformation.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - } - } - }, - "constructInfo": { - "fqn": "@aws-cdk/aws-iam.CfnRole", - "version": "0.0.0" - } - }, - "DefaultPolicy": { - "id": "DefaultPolicy", - "path": "CICD/CodePipeline/Deploy/ChangeSet/Role/DefaultPolicy", - "children": { - "Resource": { - "id": "Resource", - "path": "CICD/CodePipeline/Deploy/ChangeSet/Role/DefaultPolicy/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::IAM::Policy", - "aws:cdk:cloudformation:props": { - "policyDocument": { - "Statement": [ - { - "Action": [ - "s3:GetBucket*", - "s3:GetObject*", - "s3:List*" - ], - "Effect": "Allow", - "Resource": [ - { - "Fn::GetAtt": [ - "ArtifactBucket7410C9EF", - "Arn" - ] - }, - { - "Fn::Join": [ - "", - [ - { - "Fn::GetAtt": [ - "ArtifactBucket7410C9EF", - "Arn" - ] - }, - "/*" - ] - ] - } - ] - } - ], - "Version": "2012-10-17" - }, - "policyName": "CodePipelineDeployChangeSetRoleDefaultPolicy289820BE", - "roles": [ - { - "Ref": "CodePipelineDeployChangeSetRoleF9F2B343" - } - ] - } - }, - "constructInfo": { - "fqn": "@aws-cdk/aws-iam.CfnPolicy", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "@aws-cdk/aws-iam.Policy", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "@aws-cdk/aws-iam.Role", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.1.85" - } - } - }, - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.1.85" - } - } - }, - "constructInfo": { - "fqn": "@aws-cdk/aws-codepipeline.Pipeline", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.1.85" - } - } - }, - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.1.85" - } - } -} \ No newline at end of file diff --git a/packages/@aws-cdk/app-delivery/test/integ.cicd.ts b/packages/@aws-cdk/app-delivery/test/integ.cicd.ts deleted file mode 100644 index d0f148bb82dd8..0000000000000 --- a/packages/@aws-cdk/app-delivery/test/integ.cicd.ts +++ /dev/null @@ -1,40 +0,0 @@ -import * as cfn from '@aws-cdk/aws-cloudformation'; -import * as codepipeline from '@aws-cdk/aws-codepipeline'; -import * as cpactions from '@aws-cdk/aws-codepipeline-actions'; -import * as s3 from '@aws-cdk/aws-s3'; -import * as cdk from '@aws-cdk/core'; -import * as cicd from '../lib'; - -const app = new cdk.App(); - -const stack = new cdk.Stack(app, 'CICD'); -const pipeline = new codepipeline.Pipeline(stack, 'CodePipeline', { - artifactBucket: new s3.Bucket(stack, 'ArtifactBucket', { - removalPolicy: cdk.RemovalPolicy.DESTROY, - }), -}); -const sourceOutput = new codepipeline.Artifact('Artifact_CICDGitHubF8BA7ADD'); -const source = new cpactions.GitHubSourceAction({ - actionName: 'GitHub', - owner: 'awslabs', - repo: 'aws-cdk', - oauthToken: cdk.SecretValue.unsafePlainText('DummyToken'), - trigger: cpactions.GitHubTrigger.POLL, - output: sourceOutput, -}); -pipeline.addStage({ - stageName: 'Source', - actions: [source], -}); -const stage = pipeline.addStage({ stageName: 'Deploy' }); -stage.addAction(new cicd.PipelineDeployStackAction({ - stack, - changeSetName: 'CICD-ChangeSet', - createChangeSetRunOrder: 10, - executeChangeSetRunOrder: 999, - input: sourceOutput, - adminPermissions: false, - capabilities: [cfn.CloudFormationCapabilities.NONE], -})); - -app.synth(); diff --git a/packages/@aws-cdk/app-delivery/test/pipeline-deploy-stack-action.test.ts b/packages/@aws-cdk/app-delivery/test/pipeline-deploy-stack-action.test.ts deleted file mode 100644 index ccd9c230fe284..0000000000000 --- a/packages/@aws-cdk/app-delivery/test/pipeline-deploy-stack-action.test.ts +++ /dev/null @@ -1,503 +0,0 @@ -import { Match, Matcher, Template } from '@aws-cdk/assertions'; -import * as cfn from '@aws-cdk/aws-cloudformation'; -import * as codebuild from '@aws-cdk/aws-codebuild'; -import * as codepipeline from '@aws-cdk/aws-codepipeline'; -import * as cpactions from '@aws-cdk/aws-codepipeline-actions'; -import * as events from '@aws-cdk/aws-events'; -import * as iam from '@aws-cdk/aws-iam'; -import * as s3 from '@aws-cdk/aws-s3'; -import { describeDeprecated } from '@aws-cdk/cdk-build-tools'; -import * as cxschema from '@aws-cdk/cloud-assembly-schema'; -import * as cdk from '@aws-cdk/core'; -import * as constructs from 'constructs'; -import * as fc from 'fast-check'; -import { PipelineDeployStackAction } from '../lib/pipeline-deploy-stack-action'; - -interface SelfUpdatingPipeline { - synthesizedApp: codepipeline.Artifact; - pipeline: codepipeline.Pipeline; -} -const accountId = fc.array(fc.integer(0, 9), 12, 12).map(arr => arr.join()); - -describeDeprecated('pipeline deploy stack action', () => { - test('rejects cross-environment deployment', () => { - fc.assert( - fc.property( - accountId, accountId, - (pipelineAccount, stackAccount) => { - fc.pre(pipelineAccount !== stackAccount); - expect(() => { - const app = new cdk.App(); - const stack = new cdk.Stack(app, 'Test', { env: { account: pipelineAccount } }); - const pipeline = new codepipeline.Pipeline(stack, 'Pipeline'); - const fakeAction = new FakeAction('Fake'); - pipeline.addStage({ - stageName: 'FakeStage', - actions: [fakeAction], - }); - - const deployStage = pipeline.addStage({ stageName: 'DeployStage' }); - deployStage.addAction(new PipelineDeployStackAction({ - changeSetName: 'ChangeSet', - input: fakeAction.outputArtifact, - stack: new cdk.Stack(app, 'DeployedStack', { env: { account: stackAccount } }), - adminPermissions: false, - })); - }).toThrow('Cross-environment deployment is not supported'); - }, - ), - ); - - }); - - test('rejects createRunOrder >= executeRunOrder', () => { - fc.assert( - fc.property( - fc.integer(1, 999), fc.integer(1, 999), - (createRunOrder, executeRunOrder) => { - fc.pre(createRunOrder >= executeRunOrder); - expect(() => { - const app = new cdk.App(); - const stack = new cdk.Stack(app, 'Test'); - const pipeline = new codepipeline.Pipeline(stack, 'Pipeline'); - const fakeAction = new FakeAction('Fake'); - pipeline.addStage({ - stageName: 'FakeStage', - actions: [fakeAction], - }); - const deployStage = pipeline.addStage({ stageName: 'DeployStage' }); - deployStage.addAction(new PipelineDeployStackAction({ - changeSetName: 'ChangeSet', - createChangeSetRunOrder: createRunOrder, - executeChangeSetRunOrder: executeRunOrder, - input: fakeAction.outputArtifact, - stack: new cdk.Stack(app, 'DeployedStack'), - adminPermissions: false, - })); - }).toThrow(/createChangeSetRunOrder .* must be < executeChangeSetRunOrder/); - }, - ), - ); - - }); - test('users can supply CloudFormation capabilities', () => { - const pipelineStack = getTestStack(); - const stackWithNoCapability = new cdk.Stack(undefined, 'NoCapStack', - { env: { account: '123456789012', region: 'us-east-1' } }); - - const stackWithAnonymousCapability = new cdk.Stack(undefined, 'AnonymousIAM', - { env: { account: '123456789012', region: 'us-east-1' } }); - - const stackWithAutoExpandCapability = new cdk.Stack(undefined, 'AutoExpand', - { env: { account: '123456789012', region: 'us-east-1' } }); - - const stackWithAnonymousAndAutoExpandCapability = new cdk.Stack(undefined, 'AnonymousIAMAndAutoExpand', - { env: { account: '123456789012', region: 'us-east-1' } }); - - const selfUpdatingStack = createSelfUpdatingStack(pipelineStack); - - const pipeline = selfUpdatingStack.pipeline; - - const selfUpdateStage1 = pipeline.addStage({ stageName: 'SelfUpdate1' }); - const selfUpdateStage2 = pipeline.addStage({ stageName: 'SelfUpdate2' }); - const selfUpdateStage3 = pipeline.addStage({ stageName: 'SelfUpdate3' }); - const selfUpdateStage4 = pipeline.addStage({ stageName: 'SelfUpdate4' }); - const selfUpdateStage5 = pipeline.addStage({ stageName: 'SelfUpdate5' }); - - selfUpdateStage1.addAction(new PipelineDeployStackAction({ - stack: pipelineStack, - input: selfUpdatingStack.synthesizedApp, - capabilities: [cfn.CloudFormationCapabilities.NAMED_IAM], - adminPermissions: false, - })); - selfUpdateStage2.addAction(new PipelineDeployStackAction({ - stack: stackWithNoCapability, - input: selfUpdatingStack.synthesizedApp, - capabilities: [cfn.CloudFormationCapabilities.NONE], - adminPermissions: false, - })); - selfUpdateStage3.addAction(new PipelineDeployStackAction({ - stack: stackWithAnonymousCapability, - input: selfUpdatingStack.synthesizedApp, - capabilities: [cfn.CloudFormationCapabilities.ANONYMOUS_IAM], - adminPermissions: false, - })); - selfUpdateStage4.addAction(new PipelineDeployStackAction({ - stack: stackWithAutoExpandCapability, - input: selfUpdatingStack.synthesizedApp, - capabilities: [cfn.CloudFormationCapabilities.AUTO_EXPAND], - adminPermissions: false, - })); - selfUpdateStage5.addAction(new PipelineDeployStackAction({ - stack: stackWithAnonymousAndAutoExpandCapability, - input: selfUpdatingStack.synthesizedApp, - capabilities: [cfn.CloudFormationCapabilities.ANONYMOUS_IAM, cfn.CloudFormationCapabilities.AUTO_EXPAND], - adminPermissions: false, - })); - - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', hasPipelineActionConfiguration({ - StackName: 'TestStack', - ActionMode: 'CHANGE_SET_REPLACE', - Capabilities: 'CAPABILITY_NAMED_IAM', - })); - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', hasPipelineActionConfiguration({ - StackName: 'AnonymousIAM', - ActionMode: 'CHANGE_SET_REPLACE', - Capabilities: 'CAPABILITY_IAM', - })); - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', Match.not(hasPipelineActionConfiguration({ - StackName: 'NoCapStack', - ActionMode: 'CHANGE_SET_REPLACE', - Capabilities: 'CAPABILITY_NAMED_IAM', - }))); - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', Match.not(hasPipelineActionConfiguration({ - StackName: 'NoCapStack', - ActionMode: 'CHANGE_SET_REPLACE', - Capabilities: 'CAPABILITY_IAM', - }))); - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', hasPipelineActionConfiguration({ - StackName: 'NoCapStack', - ActionMode: 'CHANGE_SET_REPLACE', - })); - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', hasPipelineActionConfiguration({ - StackName: 'AutoExpand', - ActionMode: 'CHANGE_SET_REPLACE', - Capabilities: 'CAPABILITY_AUTO_EXPAND', - })); - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', hasPipelineActionConfiguration({ - StackName: 'AnonymousIAMAndAutoExpand', - ActionMode: 'CHANGE_SET_REPLACE', - Capabilities: 'CAPABILITY_IAM,CAPABILITY_AUTO_EXPAND', - })); - }); - - test('users can use admin permissions', () => { - const pipelineStack = getTestStack(); - const selfUpdatingStack = createSelfUpdatingStack(pipelineStack); - - const pipeline = selfUpdatingStack.pipeline; - const selfUpdateStage = pipeline.addStage({ stageName: 'SelfUpdate' }); - selfUpdateStage.addAction(new PipelineDeployStackAction({ - stack: pipelineStack, - input: selfUpdatingStack.synthesizedApp, - adminPermissions: true, - })); - Template.fromStack(pipelineStack).hasResourceProperties('AWS::IAM::Policy', { - PolicyDocument: { - Version: '2012-10-17', - Statement: [ - { - Action: [ - 's3:GetObject*', - 's3:GetBucket*', - 's3:List*', - ], - Effect: 'Allow', - Resource: [ - { - 'Fn::GetAtt': [ - 'CodePipelineArtifactsBucketF1E925CF', - 'Arn', - ], - }, - { - 'Fn::Join': [ - '', - [ - { - 'Fn::GetAtt': [ - 'CodePipelineArtifactsBucketF1E925CF', - 'Arn', - ], - }, - '/*', - ], - ], - }, - ], - }, - { - Action: [ - 'kms:Decrypt', - 'kms:DescribeKey', - ], - Effect: 'Allow', - Resource: { - 'Fn::GetAtt': [ - 'CodePipelineArtifactsBucketEncryptionKey85407CB4', - 'Arn', - ], - }, - }, - { - Action: '*', - Effect: 'Allow', - Resource: '*', - }, - ], - }, - }); - Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', hasPipelineActionConfiguration({ - StackName: 'TestStack', - ActionMode: 'CHANGE_SET_REPLACE', - Capabilities: 'CAPABILITY_NAMED_IAM,CAPABILITY_AUTO_EXPAND', - })); - }); - - test('users can supply a role for deploy action', () => { - const pipelineStack = getTestStack(); - const selfUpdatingStack = createSelfUpdatingStack(pipelineStack); - - const role = new iam.Role(pipelineStack, 'MyRole', { - assumedBy: new iam.ServicePrincipal('cloudformation.amazonaws.com'), - }); - const pipeline = selfUpdatingStack.pipeline; - const selfUpdateStage = pipeline.addStage({ stageName: 'SelfUpdate' }); - const deployAction = new PipelineDeployStackAction({ - stack: pipelineStack, - input: selfUpdatingStack.synthesizedApp, - adminPermissions: false, - role, - }); - selfUpdateStage.addAction(deployAction); - expect(deployAction.deploymentRole).toEqual(role); - - }); - test('users can specify IAM permissions for the deploy action', () => { - // GIVEN // - const pipelineStack = getTestStack(); - - // the fake stack to deploy - const emptyStack = getTestStack(); - - const selfUpdatingStack = createSelfUpdatingStack(pipelineStack); - const pipeline = selfUpdatingStack.pipeline; - - // WHEN // - // this our app/service/infra to deploy - const deployStage = pipeline.addStage({ stageName: 'Deploy' }); - const deployAction = new PipelineDeployStackAction({ - stack: emptyStack, - input: selfUpdatingStack.synthesizedApp, - adminPermissions: false, - }); - deployStage.addAction(deployAction); - // we might need to add permissions - deployAction.addToDeploymentRolePolicy(new iam.PolicyStatement({ - actions: [ - 'ec2:AuthorizeSecurityGroupEgress', - 'ec2:AuthorizeSecurityGroupIngress', - 'ec2:DeleteSecurityGroup', - 'ec2:DescribeSecurityGroups', - 'ec2:CreateSecurityGroup', - 'ec2:RevokeSecurityGroupEgress', - 'ec2:RevokeSecurityGroupIngress', - ], - resources: ['*'], - })); - - // THEN // - Template.fromStack(pipelineStack).hasResourceProperties('AWS::IAM::Policy', { - PolicyDocument: { - Version: '2012-10-17', - Statement: [ - { - Action: [ - 's3:GetObject*', - 's3:GetBucket*', - 's3:List*', - ], - Effect: 'Allow', - Resource: [ - { - 'Fn::GetAtt': [ - 'CodePipelineArtifactsBucketF1E925CF', - 'Arn', - ], - }, - { - 'Fn::Join': [ - '', - [ - { - 'Fn::GetAtt': [ - 'CodePipelineArtifactsBucketF1E925CF', - 'Arn', - ], - }, - '/*', - ], - ], - }, - ], - }, - { - Action: [ - 'kms:Decrypt', - 'kms:DescribeKey', - ], - Effect: 'Allow', - Resource: { - 'Fn::GetAtt': [ - 'CodePipelineArtifactsBucketEncryptionKey85407CB4', - 'Arn', - ], - }, - }, - { - Action: [ - 'ec2:AuthorizeSecurityGroupEgress', - 'ec2:AuthorizeSecurityGroupIngress', - 'ec2:DeleteSecurityGroup', - 'ec2:DescribeSecurityGroups', - 'ec2:CreateSecurityGroup', - 'ec2:RevokeSecurityGroupEgress', - 'ec2:RevokeSecurityGroupIngress', - ], - Effect: 'Allow', - Resource: '*', - }, - ], - }, - Roles: [ - { - Ref: 'CodePipelineDeployChangeSetRoleF9F2B343', - }, - ], - }); - - }); - test('rejects stacks with assets', () => { - fc.assert( - fc.property( - fc.integer(1, 5), - (assetCount) => { - const app = new cdk.App(); - - const deployedStack = new cdk.Stack(app, 'DeployedStack'); - for (let i = 0; i < assetCount; i++) { - deployedStack.node.addMetadata(cxschema.ArtifactMetadataEntryType.ASSET, {}); - } - - expect(() => { - new PipelineDeployStackAction({ - changeSetName: 'ChangeSet', - input: new codepipeline.Artifact(), - stack: deployedStack, - adminPermissions: false, - }); - }).toThrow(/Cannot deploy the stack DeployedStack because it references/); - }, - ), - ); - }); - - test('allows overriding the ChangeSet and Execute action names', () => { - const stack = getTestStack(); - const selfUpdatingPipeline = createSelfUpdatingStack(stack); - selfUpdatingPipeline.pipeline.addStage({ - stageName: 'Deploy', - actions: [ - new PipelineDeployStackAction({ - input: selfUpdatingPipeline.synthesizedApp, - adminPermissions: true, - stack, - createChangeSetActionName: 'Prepare', - executeChangeSetActionName: 'Deploy', - }), - ], - }); - - Template.fromStack(stack).hasResourceProperties('AWS::CodePipeline::Pipeline', { - Stages: Match.arrayWith([ - Match.objectLike({ - Name: 'Deploy', - Actions: Match.arrayWith([ - Match.objectLike({ - Name: 'Prepare', - }), - Match.objectLike({ - Name: 'Deploy', - }), - ]), - }), - ]), - }); - }); -}); - -class FakeAction implements codepipeline.IAction { - public readonly actionProperties: codepipeline.ActionProperties; - public readonly outputArtifact: codepipeline.Artifact; - - constructor(actionName: string) { - this.actionProperties = { - actionName, - artifactBounds: { minInputs: 0, maxInputs: 5, minOutputs: 0, maxOutputs: 5 }, - category: codepipeline.ActionCategory.TEST, - provider: 'Test', - }; - this.outputArtifact = new codepipeline.Artifact('OutputArtifact'); - } - - public bind(_scope: constructs.Construct, _stage: codepipeline.IStage, _options: codepipeline.ActionBindOptions): - codepipeline.ActionConfig { - return {}; - } - - public onStateChange(_name: string, _target?: events.IRuleTarget, _options?: events.RuleProps): events.Rule { - throw new Error('onStateChange() is not available on FakeAction'); - } -} - -function getTestStack(): cdk.Stack { - return new cdk.Stack(undefined, 'TestStack', { env: { account: '123456789012', region: 'us-east-1' } }); -} - -function createSelfUpdatingStack(pipelineStack: cdk.Stack): SelfUpdatingPipeline { - const pipeline = new codepipeline.Pipeline(pipelineStack, 'CodePipeline', { - restartExecutionOnUpdate: true, - }); - - // simple source - const bucket = s3.Bucket.fromBucketArn(pipeline, 'PatternBucket', 'arn:aws:s3:::totally-fake-bucket'); - const sourceOutput = new codepipeline.Artifact('SourceOutput'); - const sourceAction = new cpactions.S3SourceAction({ - actionName: 'S3Source', - bucket, - bucketKey: 'the-great-key', - output: sourceOutput, - }); - pipeline.addStage({ - stageName: 'source', - actions: [sourceAction], - }); - - const project = new codebuild.PipelineProject(pipelineStack, 'CodeBuild'); - const buildOutput = new codepipeline.Artifact('BuildOutput'); - const buildAction = new cpactions.CodeBuildAction({ - actionName: 'CodeBuild', - project, - input: sourceOutput, - outputs: [buildOutput], - }); - pipeline.addStage({ - stageName: 'build', - actions: [buildAction], - }); - return { synthesizedApp: buildOutput, pipeline }; -} - -function hasPipelineActionConfiguration(expectedActionConfiguration: any): Matcher { - return Match.objectLike({ - Stages: Match.arrayWith([ - Match.objectLike({ - Actions: Match.arrayWith([ - Match.objectLike({ - Configuration: expectedActionConfiguration, - }), - ]), - }), - ]), - }); -} \ No newline at end of file diff --git a/packages/aws-cdk-lib/package.json b/packages/aws-cdk-lib/package.json index d03670b41c4d6..1e5ce8b89ec67 100644 --- a/packages/aws-cdk-lib/package.json +++ b/packages/aws-cdk-lib/package.json @@ -120,7 +120,6 @@ }, "devDependencies": { "@aws-cdk/alexa-ask": "0.0.0", - "@aws-cdk/app-delivery": "0.0.0", "@aws-cdk/assertions": "0.0.0", "@aws-cdk/assets": "0.0.0", "@aws-cdk/aws-accessanalyzer": "0.0.0", diff --git a/tests.txt b/tests.txt index 7dd61ead63eca..a926eafe89f4c 100644 --- a/tests.txt +++ b/tests.txt @@ -1,4 +1,3 @@ -app-delivery/test/integ.cicd.js aws-amplify/test/integ.app-asset-deployment.js aws-amplify/test/integ.app-codecommit.js aws-amplify/test/integ.app.js