bump cdk to v1.124.0 (#74)

* bump cdk to v1.124.0

Includes fix for aws/aws-cdk#15709

* update unit tests

* match aws-cdk version in CI

.github/workflows/tests.yml

@@ -28,12 +28,12 @@ jobs:
       uses: actions/setup-node@v2
       with:
         node-version: 16
-    - name: Install aws-cdk
-      run: npm install -g [email protected]
     - name: Install dependencies
       run: |
         pip install -r requirements.txt
         pip install awscli==1.20.8 build
+    - name: Install aws-cdk
+      run: npm install -g aws-cdk@$(pip freeze | grep aws-cdk.core | sed -e 's/.*==//')
     - name: Lint with flake8/black/isort
       run: |
         export FILES=(*.py domino_cdk tests)

cdk/setup.py

@@ -25,19 +25,19 @@
         ("domino-cdk", ["app.py", "cdk.json", "util.py"]),
     ],
     install_requires=[
-        "aws-cdk.assertions~=1.110.1",
-        "aws-cdk.aws-backup~=1.110.1",
-        "aws-cdk.aws-ec2~=1.110.1",
-        "aws-cdk.aws-ecr~=1.110.1",
-        "aws-cdk.aws-efs~=1.110.1",
-        "aws-cdk.aws-eks~=1.110.1",
-        "aws-cdk.aws-iam~=1.110.1",
-        "aws-cdk.aws-lambda~=1.110.1",
-        "aws-cdk.aws-s3~=1.110.1",
-        "aws-cdk.aws-stepfunctions-tasks~=1.110.1",
-        "aws-cdk.core~=1.110.1",
-        "aws-cdk.lambda-layer-awscli~=1.110.1",
-        "aws-cdk.lambda-layer-kubectl~=1.110.1",
+        "aws-cdk.assertions~=1.124.0",
+        "aws-cdk.aws-backup~=1.124.0",
+        "aws-cdk.aws-ec2~=1.124.0",
+        "aws-cdk.aws-ecr~=1.124.0",
+        "aws-cdk.aws-efs~=1.124.0",
+        "aws-cdk.aws-eks~=1.124.0",
+        "aws-cdk.aws-iam~=1.124.0",
+        "aws-cdk.aws-lambda~=1.124.0",
+        "aws-cdk.aws-s3~=1.124.0",
+        "aws-cdk.aws-stepfunctions-tasks~=1.124.0",
+        "aws-cdk.core~=1.124.0",
+        "aws-cdk.lambda-layer-awscli~=1.124.0",
+        "aws-cdk.lambda-layer-kubectl~=1.124.0",
         "boto3~=1.18.7",
         "field_properties~=0.1",
         "requests~=2.25.1",

cdk/tests/unit/provisioners/test_aws_configurator.py

@@ -3,7 +3,7 @@
 from tempfile import TemporaryDirectory
 
 import aws_cdk.aws_eks as eks
-from aws_cdk.assertions import TemplateAssertions
+from aws_cdk.assertions import Template
 from aws_cdk.core import App, Environment, Stack
 from ruamel.yaml import YAML
 
@@ -21,7 +21,7 @@ def setUp(self):
     def test_install_calico(self):
         DominoAwsConfigurator(self.stack, self.eks_cluster)
 
-        assertion = TemplateAssertions.from_stack(self.stack)
+        assertion = Template.from_stack(self.stack)
         assertion.resource_count_is("Custom::AWSCDK-EKS-KubernetesResource", 3)  # two calico, one aws-auth
 
         template = self.app.synth().get_stack("calico").template
@@ -43,7 +43,7 @@ def test_install_calico_file(self):
 
             DominoAwsConfigurator(self.stack, self.eks_cluster)
 
-        assertion = TemplateAssertions.from_stack(self.stack)
+        assertion = Template.from_stack(self.stack)
         assertion.resource_count_is("Custom::AWSCDK-EKS-KubernetesResource", 3)  # two calico, one aws-auth
 
         template = self.app.synth().get_stack("calico").template

cdk/tests/unit/provisioners/test_eks_cluster.py

@@ -2,7 +2,7 @@
 from unittest.mock import patch
 
 import aws_cdk.aws_eks as eks
-from aws_cdk.assertions import TemplateAssertions
+from aws_cdk.assertions import Template
 from aws_cdk.core import App, Environment, Stack
 
 from domino_cdk.provisioners.eks import DominoEksClusterProvisioner
@@ -28,7 +28,7 @@ def test_setup_addons(self, mock_get_addon_version):
 
         eks_provisioner.setup_addons(self.eks_cluster, self.eks_version.version)
 
-        assertion = TemplateAssertions.from_stack(self.stack)
+        assertion = Template.from_stack(self.stack)
         assertion.resource_count_is("Custom::AWSCDK-EKS-KubernetesPatch", 1)
         assertion.resource_count_is("AWS::EKS::Addon", 3)
         assertion.has_resource_properties("AWS::EKS::Addon", {"AddonName": "vpc-cni", "AddonVersion": ADDON_VERSION})

cdk/tests/unit/provisioners/test_s3.py

@@ -1,6 +1,6 @@
 from os import environ
 
-from aws_cdk.assertions import TemplateAssertions
+from aws_cdk.assertions import Template
 from aws_cdk.core import App, Environment, Stack
 
 from domino_cdk.config import S3
@@ -26,12 +26,12 @@ def test_monitoring_bucket(self):
 
         DominoS3Provisioner(self.stack, "construct-1", "test-s3", s3_config, False)
 
-        assertion = TemplateAssertions.from_stack(self.stack)
+        assertion = Template.from_stack(self.stack)
 
         template = self.app.synth().get_stack("S3").template
 
         assertion.resource_count_is("AWS::S3::Bucket", 1)
-        assertion.has_resource_definition(
+        assertion.has_resource(
             "AWS::S3::Bucket",
             {
                 "Properties": {
@@ -66,7 +66,6 @@ def test_monitoring_bucket(self):
                     "Action": "s3:*",
                     "Condition": {"Bool": {"aws:SecureTransport": "false"}},
                     "Effect": "Deny",
-                    "Principal": "*",
                 },
                 {
                     "Action": ["s3:GetBucket*", "s3:List*", "s3:DeleteObject*"],
@@ -80,7 +79,6 @@ def test_monitoring_bucket(self):
                     "Action": "s3:PutObject",
                     "Condition": {"StringEquals": {"s3:x-amz-acl": "bucket-owner-full-control"}},
                     "Effect": "Allow",
-                    "Principal": {"Service": "delivery.logs.amazonaws.com"},
                     "Sid": "AWSLogDeliveryWrite",
                 },
                 {
@@ -105,7 +103,7 @@ def test_monitoring_kms_key(self):
 
         DominoS3Provisioner(self.stack, "construct-1", "test-s3", s3_config, False)
 
-        assertion = TemplateAssertions.from_stack(self.stack)
+        assertion = Template.from_stack(self.stack)
         assertion.resource_count_is("AWS::S3::Bucket", 1)
         assertion.has_resource_properties(
             "AWS::S3::Bucket",
@@ -224,9 +222,9 @@ def test_buckets(self):
 
             DominoS3Provisioner(stack, "construct-1", "test-s3", s3_config, False)
 
-            assertion = TemplateAssertions.from_stack(stack)
+            assertion = Template.from_stack(stack)
             assertion.resource_count_is("AWS::S3::Bucket", 1)
-            assertion.has_resource_definition("AWS::S3::Bucket", resource_defn)
+            assertion.has_resource("AWS::S3::Bucket", resource_defn)
 
             assertion.resource_count_is("AWS::S3::BucketPolicy", 1)
 
@@ -241,7 +239,6 @@ def test_buckets(self):
                         "Action": "s3:*",
                         "Condition": {"Bool": {"aws:SecureTransport": "false"}},
                         "Effect": "Deny",
-                        "Principal": "*",
                     },
                     *policies,
                     {
@@ -252,14 +249,12 @@ def test_buckets(self):
                             }
                         },
                         "Effect": "Deny",
-                        "Principal": "*",
                         "Sid": "DenyIncorrectEncryptionHeader",
                     },
                     {
                         "Action": "s3:PutObject",
                         "Condition": {"Null": {"s3:x-amz-server-side-encryption": "true"}},
                         "Effect": "Deny",
-                        "Principal": "*",
                         "Sid": "DenyUnEncryptedObjectUploads",
                     },
                 ],
@@ -278,7 +273,7 @@ def test_buckets_access_logging(self):
 
         DominoS3Provisioner(self.stack, "construct-1", "test-s3", s3_config, False)
 
-        assertion = TemplateAssertions.from_stack(self.stack)
+        assertion = Template.from_stack(self.stack)
         assertion.resource_count_is("AWS::S3::Bucket", 2)
         assertion.has_resource_properties(
             "AWS::S3::Bucket",

cdk/tests/unit/provisioners/test_vpc.py

@@ -1,5 +1,5 @@
 import aws_cdk.aws_s3 as s3
-from aws_cdk.assertions import TemplateAssertions
+from aws_cdk.assertions import Template
 from aws_cdk.core import App, Environment, Stack
 
 from domino_cdk.config import VPC, IngressRule
@@ -37,7 +37,7 @@ def test_vpc(self):
 
         DominoVpcProvisioner(self.stack, "construct-1", "test-vpc", vpc_config, False, None)
 
-        assertion = TemplateAssertions.from_stack(self.stack)
+        assertion = Template.from_stack(self.stack)
         assertion.resource_count_is("AWS::EC2::VPC", 1)
         assertion.resource_count_is("AWS::EC2::Subnet", 9)
         assertion.resource_count_is("AWS::EC2::InternetGateway", 1)
@@ -103,7 +103,7 @@ def test_vpc_flow_logging(self):
         logging_bucket = s3.Bucket(self.stack, "logging-bucket")
         DominoVpcProvisioner(self.stack, "construct-1", "test-vpc", vpc_config, False, logging_bucket)
 
-        assertion = TemplateAssertions.from_stack(self.stack)
+        assertion = Template.from_stack(self.stack)
         assertion.resource_count_is("AWS::EC2::FlowLog", 1)
 
     def test_bring_your_own_vpc(self):
@@ -128,7 +128,7 @@ def test_bring_your_own_vpc(self):
 
         DominoVpcProvisioner(self.stack, "construct-1", "test-vpc", vpc_config, False, None)
 
-        assertion = TemplateAssertions.from_stack(self.stack)
+        assertion = Template.from_stack(self.stack)
         assertion.resource_count_is("AWS::EC2::VPC", 0)
 
     def test_bastion_bring_your_own_ami(self):
@@ -155,7 +155,7 @@ def test_bastion_bring_your_own_ami(self):
 
         DominoVpcProvisioner(self.stack, "construct-1", "test-vpc", vpc_config, False, None)
 
-        assertion = TemplateAssertions.from_stack(self.stack)
+        assertion = Template.from_stack(self.stack)
         assertion.resource_count_is("AWS::EC2::Instance", 1)
 
         template = self.app.synth().get_stack("VPC").template