Merge branch 'master' into merge-back/1.146.0

Author: mergify[bot]

packages/@aws-cdk-containers/ecs-service-extensions/test/integ.assign-public-ip.expected.json

@@ -766,7 +766,8 @@
                 "dynamodb:BatchWriteItem",
                 "dynamodb:PutItem",
                 "dynamodb:UpdateItem",
-                "dynamodb:DeleteItem"
+                "dynamodb:DeleteItem",
+                "dynamodb:DescribeTable"
               ],
               "Effect": "Allow",
               "Resource": [

packages/@aws-cdk/aws-apigateway/lib/resource.ts

@@ -311,8 +311,8 @@ export abstract class ResourceBase extends ResourceConstruct implements IResourc
 
       const template = new Array<string>();
 
-      template.push('#set($origin = $input.params("Origin"))');
-      template.push('#if($origin == "") #set($origin = $input.params("origin")) #end');
+      template.push('#set($origin = $input.params().header.get("Origin"))');
+      template.push('#if($origin == "") #set($origin = $input.params().header.get("origin")) #end');
 
       const condition = origins.map(o => `$origin.matches("${o}")`).join(' || ');
 

packages/@aws-cdk/aws-apigateway/lib/usage-plan.ts

@@ -6,7 +6,7 @@ import { CfnUsagePlan, CfnUsagePlanKey } from './apigateway.generated';
 import { Method } from './method';
 import { IRestApi } from './restapi';
 import { Stage } from './stage';
-import { validateInteger } from './util';
+import { validateDouble, validateInteger } from './util';
 
 /**
  * Container for defining throttling parameters to API stages or methods.
@@ -316,7 +316,7 @@ export class UsagePlan extends UsagePlanBase {
       const burstLimit = props.burstLimit;
       validateInteger(burstLimit, 'Throttle burst limit');
       const rateLimit = props.rateLimit;
-      validateInteger(rateLimit, 'Throttle rate limit');
+      validateDouble(rateLimit, 'Throttle rate limit');
 
       ret = {
         burstLimit: burstLimit,

packages/@aws-cdk/aws-apigateway/lib/util.ts

@@ -78,6 +78,12 @@ export function validateInteger(property: number | undefined, messagePrefix: str
   }
 }
 
+export function validateDouble(property: number | undefined, messagePrefix: string) {
+  if (property && isNaN(property) && isNaN(parseFloat(property.toString()))) {
+    throw new Error(`${messagePrefix} should be an double`);
+  }
+}
+
 export class JsonSchemaMapper {
   /**
    * Transforms naming of some properties to prefix with a $, where needed

packages/@aws-cdk/aws-apigateway/test/cors.test.ts

@@ -290,7 +290,7 @@ describe('cors', () => {
               'method.response.header.Access-Control-Allow-Methods': "'OPTIONS,GET,PUT,POST,DELETE,PATCH,HEAD'",
             },
             ResponseTemplates: {
-              'application/json': '#set($origin = $input.params("Origin"))\n#if($origin == "") #set($origin = $input.params("origin")) #end\n#if($origin.matches("https://amazon.com") || $origin.matches("https://aws.amazon.com"))\n  #set($context.responseOverride.header.Access-Control-Allow-Origin = $origin)\n#end',
+              'application/json': '#set($origin = $input.params().header.get("Origin"))\n#if($origin == "") #set($origin = $input.params().header.get("origin")) #end\n#if($origin.matches("https://amazon.com") || $origin.matches("https://aws.amazon.com"))\n  #set($context.responseOverride.header.Access-Control-Allow-Origin = $origin)\n#end',
             },
             StatusCode: '204',
           },

packages/@aws-cdk/aws-apigateway/test/integ.cors.expected.json

@@ -51,7 +51,7 @@
         "corsapitest8682546E"
       ]
     },
-    "corsapitestDeployment2BF1633A228079ea05e5799220dd4ca13512b92d": {
+    "corsapitestDeployment2BF1633A51392cbce1ac2785bd0e53063423e203": {
       "Type": "AWS::ApiGateway::Deployment",
       "Properties": {
         "RestApiId": {
@@ -74,7 +74,7 @@
           "Ref": "corsapitest8682546E"
         },
         "DeploymentId": {
-          "Ref": "corsapitestDeployment2BF1633A228079ea05e5799220dd4ca13512b92d"
+          "Ref": "corsapitestDeployment2BF1633A51392cbce1ac2785bd0e53063423e203"
         },
         "StageName": "prod"
       },
@@ -472,7 +472,7 @@
                 "method.response.header.Access-Control-Allow-Methods": "'OPTIONS,GET,PUT,POST,DELETE,PATCH,HEAD'"
               },
               "ResponseTemplates": {
-                "application/json": "#set($origin = $input.params(\"Origin\"))\n#if($origin == \"\") #set($origin = $input.params(\"origin\")) #end\n#if($origin.matches(\"https://www.test-cors.org\"))\n  #set($context.responseOverride.header.Access-Control-Allow-Origin = $origin)\n#end"
+                "application/json": "#set($origin = $input.params().header.get(\"Origin\"))\n#if($origin == \"\") #set($origin = $input.params().header.get(\"origin\")) #end\n#if($origin.matches(\"https://www.test-cors.org\"))\n  #set($context.responseOverride.header.Access-Control-Allow-Origin = $origin)\n#end"
               },
               "StatusCode": "204"
             }

packages/@aws-cdk/aws-apigateway/test/usage-plan.test.ts

@@ -27,13 +27,13 @@ describe('usage plan', () => {
     });
   });
 
-  test('usage plan with throttling limits', () => {
+  test('usage plan with integer throttling limits', () => {
     // GIVEN
     const stack = new cdk.Stack();
     const api = new apigateway.RestApi(stack, 'my-api', { cloudWatchRole: false, deploy: true, deployOptions: { stageName: 'test' } });
     const method: apigateway.Method = api.root.addMethod('GET'); // Need at least one method on the api
     const usagePlanName = 'Basic';
-    const usagePlanDescription = 'Basic Usage Plan with throttling limits';
+    const usagePlanDescription = 'Basic Usage Plan with integer throttling limits';
 
     // WHEN
     new apigateway.UsagePlan(stack, 'my-usage-plan', {
@@ -78,6 +78,57 @@ describe('usage plan', () => {
     });
   });
 
+  test('usage plan with integer and float throttling limits', () => {
+    // GIVEN
+    const stack = new cdk.Stack();
+    const api = new apigateway.RestApi(stack, 'my-api', { cloudWatchRole: false, deploy: true, deployOptions: { stageName: 'test' } });
+    const method: apigateway.Method = api.root.addMethod('GET'); // Need at least one method on the api
+    const usagePlanName = 'Basic';
+    const usagePlanDescription = 'Basic Usage Plan with integer and float throttling limits';
+
+    // WHEN
+    new apigateway.UsagePlan(stack, 'my-usage-plan', {
+      name: usagePlanName,
+      description: usagePlanDescription,
+      apiStages: [
+        {
+          stage: api.deploymentStage,
+          throttle: [
+            {
+              method,
+              throttle: {
+                burstLimit: 20,
+                rateLimit: 10.5,
+              },
+            },
+          ],
+        },
+      ],
+    });
+
+    // THEN
+    Template.fromStack(stack).hasResourceProperties(RESOURCE_TYPE, {
+      UsagePlanName: usagePlanName,
+      Description: usagePlanDescription,
+      ApiStages: [
+        {
+          ApiId: {
+            Ref: 'myapi4C7BF186',
+          },
+          Stage: {
+            Ref: 'myapiDeploymentStagetest4A4AB65E',
+          },
+          Throttle: {
+            '//GET': {
+              BurstLimit: 20,
+              RateLimit: 10.5,
+            },
+          },
+        },
+      ],
+    });
+  });
+
   test('usage plan with blocked methods', () => {
     // GIVEN
     const stack = new cdk.Stack();

packages/@aws-cdk/aws-appsync/test/integ.api-import.expected.json

@@ -85,7 +85,8 @@
                   "dynamodb:BatchWriteItem",
                   "dynamodb:PutItem",
                   "dynamodb:UpdateItem",
-                  "dynamodb:DeleteItem"
+                  "dynamodb:DeleteItem",
+                  "dynamodb:DescribeTable"
                 ],
                 "Effect": "Allow",
                 "Resource": [

packages/@aws-cdk/aws-appsync/test/integ.auth-apikey.expected.json

@@ -68,7 +68,8 @@
                 "dynamodb:BatchWriteItem",
                 "dynamodb:PutItem",
                 "dynamodb:UpdateItem",
-                "dynamodb:DeleteItem"
+                "dynamodb:DeleteItem",
+                "dynamodb:DescribeTable"
               ],
               "Effect": "Allow",
               "Resource": [

packages/@aws-cdk/aws-appsync/test/integ.graphql-iam.expected.json

@@ -99,7 +99,8 @@
                 "dynamodb:BatchWriteItem",
                 "dynamodb:PutItem",
                 "dynamodb:UpdateItem",
-                "dynamodb:DeleteItem"
+                "dynamodb:DeleteItem",
+                "dynamodb:DescribeTable"
               ],
               "Effect": "Allow",
               "Resource": [

packages/@aws-cdk/aws-appsync/test/integ.graphql-schema.expected.json

@@ -67,7 +67,8 @@
                 "dynamodb:BatchWriteItem",
                 "dynamodb:PutItem",
                 "dynamodb:UpdateItem",
-                "dynamodb:DeleteItem"
+                "dynamodb:DeleteItem",
+                "dynamodb:DescribeTable"
               ],
               "Effect": "Allow",
               "Resource": [

packages/@aws-cdk/aws-appsync/test/integ.graphql.expected.json

@@ -147,7 +147,8 @@
                 "dynamodb:BatchWriteItem",
                 "dynamodb:PutItem",
                 "dynamodb:UpdateItem",
-                "dynamodb:DeleteItem"
+                "dynamodb:DeleteItem",
+                "dynamodb:DescribeTable"
               ],
               "Effect": "Allow",
               "Resource": [
@@ -360,7 +361,8 @@
                 "dynamodb:BatchWriteItem",
                 "dynamodb:PutItem",
                 "dynamodb:UpdateItem",
-                "dynamodb:DeleteItem"
+                "dynamodb:DeleteItem",
+                "dynamodb:DescribeTable"
               ],
               "Effect": "Allow",
               "Resource": [
@@ -752,7 +754,8 @@
                 "dynamodb:BatchWriteItem",
                 "dynamodb:PutItem",
                 "dynamodb:UpdateItem",
-                "dynamodb:DeleteItem"
+                "dynamodb:DeleteItem",
+                "dynamodb:DescribeTable"
               ],
               "Effect": "Allow",
               "Resource": [

packages/@aws-cdk/aws-dynamodb/lib/perms.ts

@@ -29,3 +29,5 @@ export const READ_STREAM_DATA_ACTIONS = [
   'dynamodb:GetRecords',
   'dynamodb:GetShardIterator',
 ];
+
+export const DESCRIBE_TABLE = 'dynamodb:DescribeTable';

packages/@aws-cdk/aws-dynamodb/lib/table.ts

@@ -679,15 +679,16 @@ abstract class TableBase extends Resource implements ITable {
 
   /**
    * Permits an IAM principal all data read operations from this table:
-   * BatchGetItem, GetRecords, GetShardIterator, Query, GetItem, Scan.
+   * BatchGetItem, GetRecords, GetShardIterator, Query, GetItem, Scan, DescribeTable.
    *
    * Appropriate grants will also be added to the customer-managed KMS key
    * if one was configured.
    *
    * @param grantee The principal to grant access to
    */
   public grantReadData(grantee: iam.IGrantable): iam.Grant {
-    return this.combinedGrant(grantee, { keyActions: perms.KEY_READ_ACTIONS, tableActions: perms.READ_DATA_ACTIONS });
+    const tableActions = perms.READ_DATA_ACTIONS.concat(perms.DESCRIBE_TABLE);
+    return this.combinedGrant(grantee, { keyActions: perms.KEY_READ_ACTIONS, tableActions });
   }
 
   /**
@@ -724,29 +725,31 @@ abstract class TableBase extends Resource implements ITable {
 
   /**
    * Permits an IAM principal all data write operations to this table:
-   * BatchWriteItem, PutItem, UpdateItem, DeleteItem.
+   * BatchWriteItem, PutItem, UpdateItem, DeleteItem, DescribeTable.
    *
    * Appropriate grants will also be added to the customer-managed KMS key
    * if one was configured.
    *
    * @param grantee The principal to grant access to
    */
   public grantWriteData(grantee: iam.IGrantable): iam.Grant {
-    return this.combinedGrant(grantee, { keyActions: perms.KEY_WRITE_ACTIONS, tableActions: perms.WRITE_DATA_ACTIONS });
+    const tableActions = perms.WRITE_DATA_ACTIONS.concat(perms.DESCRIBE_TABLE);
+    const keyActions = perms.KEY_READ_ACTIONS.concat(perms.KEY_WRITE_ACTIONS);
+    return this.combinedGrant(grantee, { keyActions, tableActions });
   }
 
   /**
    * Permits an IAM principal to all data read/write operations to this table.
    * BatchGetItem, GetRecords, GetShardIterator, Query, GetItem, Scan,
-   * BatchWriteItem, PutItem, UpdateItem, DeleteItem
+   * BatchWriteItem, PutItem, UpdateItem, DeleteItem, DescribeTable
    *
    * Appropriate grants will also be added to the customer-managed KMS key
    * if one was configured.
    *
    * @param grantee The principal to grant access to
    */
   public grantReadWriteData(grantee: iam.IGrantable): iam.Grant {
-    const tableActions = perms.READ_DATA_ACTIONS.concat(perms.WRITE_DATA_ACTIONS);
+    const tableActions = perms.READ_DATA_ACTIONS.concat(perms.WRITE_DATA_ACTIONS).concat(perms.DESCRIBE_TABLE);
     const keyActions = perms.KEY_READ_ACTIONS.concat(perms.KEY_WRITE_ACTIONS);
     return this.combinedGrant(grantee, { keyActions, tableActions });
   }