PyPI - konokenj.cdk-api-mcp-server - Versions diffs - 0.41.0__py3-none-any.whl → 0.42.0__py3-none-any.whl - Mend

konokenj.cdk-api-mcp-server 0.41.0py3-none-any.whl → 0.42.0py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of konokenj.cdk-api-mcp-server might be problematic. Click here for more details.

Files changed (37) hide show

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-stepfunctions-tasks/integ.invoke.ts CHANGED Viewed

@@ -1,101 +1,119 @@
-import * as path from 'path';
-import { IntegTest, ExpectedResult } from '@aws-cdk/integ-tests-alpha';
-import * as cdk from 'aws-cdk-lib';
-import * as apigateway from 'aws-cdk-lib/aws-apigateway';
-import * as events from 'aws-cdk-lib/aws-events';
+import { Code, Function } from 'aws-cdk-lib/aws-lambda';
 import * as sfn from 'aws-cdk-lib/aws-stepfunctions';
-import * as lambda from 'aws-cdk-lib/aws-lambda-nodejs';
-import * as tasks from 'aws-cdk-lib/aws-stepfunctions-tasks';
-import { password, username } from './my-lambda-handler';
+import * as cdk from 'aws-cdk-lib';
+import { LambdaInvoke } from 'aws-cdk-lib/aws-stepfunctions-tasks';
+import { IntegTest, ExpectedResult } from '@aws-cdk/integ-tests-alpha';
+import { STANDARD_NODEJS_RUNTIME } from '../../../config';
 /*
- * Creates an API Gateway instance with a GET method and mock integration,
- * secured with basic auth. It then creates a matching Connection and uses it
- * in a state machine with a task state to invoke the endpoint.
+ * Creates a state machine with a task state to invoke a Lambda function
+ * The state machine creates a couple of Lambdas that pass results forward
+ * and into a Choice state that validates the output.
+ *
+ * Stack verification steps:
+ * The generated State Machine can be executed from the CLI (or Step Functions console)
+ * and runs with an execution status of `Succeeded`.
  *
- * Stack verification steps :
- * * aws stepfunctions start-execution --state-machine-arn <deployed state machine arn> : should return execution arn
- * * aws stepfunctions describe-execution --execution-arn <execution-arn generated before> : should return status as SUCCEEDED
+ * -- aws stepfunctions start-execution --state-machine-arn <state-machine-arn-from-output> provides execution arn
+ * -- aws stepfunctions describe-execution --execution-arn <state-machine-arn-from-output> returns a status of `Succeeded`
  */
 const app = new cdk.App({
   postCliContext: {
     '@aws-cdk/aws-lambda:useCdkManagedLogGroup': false,
   },
 });
-const stack = new cdk.Stack(app, 'aws-stepfunctions-tasks-http-invoke-integ');
+const stack = new cdk.Stack(app, 'aws-stepfunctions-tasks-lambda-invoke-integ');
-const authorizerHandler = new lambda.NodejsFunction(stack, 'AuthorizerHandler', {
-  entry: path.resolve(__dirname, 'my-lambda-handler', 'index.ts'),
-  handler: 'handler',
+const submitJobLambda = new Function(stack, 'submitJobLambda', {
+  code: Code.fromInline(`exports.handler = async (event, context) => {
+        return {
+          statusCode: '200',
+          body: 'hello, world!',
+          ...event,
+        };
+      };`),
+  runtime: STANDARD_NODEJS_RUNTIME,
+  handler: 'index.handler',
 });
-const authorizer = new apigateway.TokenAuthorizer(stack, 'Authorizer', {
-  handler: authorizerHandler,
-  identitySource: 'method.request.header.Authorization',
-  resultsCacheTtl: cdk.Duration.seconds(0),
+const submitJob = new LambdaInvoke(stack, 'Invoke Handler', {
+  lambdaFunction: submitJobLambda,
+  payload: sfn.TaskInput.fromObject({
+    execId: sfn.JsonPath.executionId,
+    execInput: sfn.JsonPath.executionInput,
+    execName: sfn.JsonPath.executionName,
+    execRoleArn: sfn.JsonPath.executionRoleArn,
+    execStartTime: sfn.JsonPath.executionStartTime,
+    stateEnteredTime: sfn.JsonPath.stateEnteredTime,
+    stateName: sfn.JsonPath.stateName,
+    stateRetryCount: sfn.JsonPath.stateRetryCount,
+    stateMachineId: sfn.JsonPath.stateMachineId,
+    stateMachineName: sfn.JsonPath.stateMachineName,
+  }),
+  outputPath: '$.Payload',
 });
-const api = new apigateway.RestApi(stack, 'IntegRestApi');
+const checkJobStateLambda = new Function(stack, 'checkJobStateLambda', {
+  code: Code.fromInline(`exports.handler = async function(event, context) {
+        const expectedFields = [
+          'execId', 'execInput', 'execName', 'execRoleArn',
+          'execStartTime', 'stateEnteredTime', 'stateName',
+          'stateRetryCount', 'stateMachineId', 'stateMachineName',
+        ];
+        const fieldsAreSet = expectedFields.every(field => event[field] !== undefined);
+        return {
+          status: event.statusCode === '200' && fieldsAreSet ? 'SUCCEEDED' : 'FAILED'
+        };
+  };`),
+  runtime: STANDARD_NODEJS_RUNTIME,
+  handler: 'index.handler',
+});
-api.root.addResource('test').addMethod(
-  'GET',
-  new apigateway.MockIntegration({
-    integrationResponses: [
-      {
-        statusCode: '200',
-        responseTemplates: {
-          'application/json': JSON.stringify({ message: 'Hello, tester!' }),
-        },
-      },
-    ],
-    passthroughBehavior: apigateway.PassthroughBehavior.NEVER,
-    requestTemplates: {
-      'application/json': '{ "statusCode": 200 }',
-    },
-  }),
-  {
-    authorizer,
-    methodResponses: [
-      {
-        statusCode: '200',
-      },
-    ],
+const checkJobState = new LambdaInvoke(stack, 'Check the job state', {
+  lambdaFunction: checkJobStateLambda,
+  resultSelector: {
+    status: sfn.JsonPath.stringAt('$.Payload.status'),
   },
-);
-const connection = new events.Connection(stack, 'Connection', {
-  authorization: events.Authorization.basic(username, cdk.SecretValue.unsafePlainText(password)),
 });
-const httpInvokeTask = new tasks.HttpInvoke(stack, 'Invoke HTTP Endpoint', {
-  apiRoot: api.urlForPath('/'),
-  apiEndpoint: sfn.TaskInput.fromText('/test'),
-  connection,
-  method: sfn.TaskInput.fromText('GET'),
+const isComplete = new sfn.Choice(stack, 'Job Complete?');
+const jobFailed = new sfn.Fail(stack, 'Job Failed', {
+  cause: 'Job Failed',
+  error: 'Received a status that was not 200',
 });
+const finalStatus = new sfn.Pass(stack, 'Final step');
+const chain = sfn.Chain.start(submitJob)
+  .next(checkJobState)
+  .next(
+    isComplete
+      .when(sfn.Condition.stringEquals('$.status', 'FAILED'), jobFailed)
+      .when(sfn.Condition.stringEquals('$.status', 'SUCCEEDED'), finalStatus),
+  );
 const sm = new sfn.StateMachine(stack, 'StateMachine', {
-  definition: httpInvokeTask,
+  definition: chain,
   timeout: cdk.Duration.seconds(30),
 });
-const testCase = new IntegTest(app, 'HttpInvokeTest', {
-  testCases: [stack],
+new cdk.CfnOutput(stack, 'stateMachineArn', {
+  value: sm.stateMachineArn,
 });
-// Start an execution
-const start = testCase.assertions.awsApiCall('StepFunctions', 'startExecution', {
-  stateMachineArn: sm.stateMachineArn,
+const integ = new IntegTest(app, 'IntegTest', {
+  testCases: [stack],
 });
-// describe the results of the execution
-const describe = testCase.assertions.awsApiCall('StepFunctions', 'describeExecution', {
-  executionArn: start.getAttString('executionArn'),
+const res = integ.assertions.awsApiCall('StepFunctions', 'startExecution', {
+  stateMachineArn: sm.stateMachineArn,
 });
-// assert the results
-describe.expect(ExpectedResult.objectLike({
+const executionArn = res.getAttString('executionArn');
+integ.assertions.awsApiCall('StepFunctions', 'describeExecution', {
+  executionArn,
+}).expect(ExpectedResult.objectLike({
   status: 'SUCCEEDED',
-}));
+})).waitForAssertions({
+  totalTimeout: cdk.Duration.seconds(10),
+  interval: cdk.Duration.seconds(3),
+});
 app.synth();

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-stepfunctions-tasks/integ.start-job-run.ts CHANGED Viewed

@@ -1,124 +1,122 @@
-import * as databrew from 'aws-cdk-lib/aws-databrew';
+import * as ec2 from 'aws-cdk-lib/aws-ec2';
+import * as eks from 'aws-cdk-lib/aws-eks';
+import { AwsAuthMapping } from 'aws-cdk-lib/aws-eks';
 import * as iam from 'aws-cdk-lib/aws-iam';
-import * as s3 from 'aws-cdk-lib/aws-s3';
 import * as sfn from 'aws-cdk-lib/aws-stepfunctions';
 import * as cdk from 'aws-cdk-lib';
-import { GlueDataBrewStartJobRun } from 'aws-cdk-lib/aws-stepfunctions-tasks';
+import { Aws } from 'aws-cdk-lib';
+import * as integ from '@aws-cdk/integ-tests-alpha';
+import { KubectlV31Layer } from '@aws-cdk/lambda-layer-kubectl-v31';
+import { EmrContainersStartJobRun, ReleaseLabel, VirtualClusterInput } from 'aws-cdk-lib/aws-stepfunctions-tasks';
+import { EC2_RESTRICT_DEFAULT_SECURITY_GROUP } from 'aws-cdk-lib/cx-api';
-/*
+/**
  * Stack verification steps:
- * * aws stepfunctions start-execution --state-machine-arn <deployed state machine arn> : should return execution arn
- * * aws stepfunctions describe-execution --execution-arn <exection-arn generated before> : should return status as SUCCEEDED
+ * Everything in the link below must be setup before running the state machine.
+ * @see https://docs.aws.amazon.com/emr/latest/EMR-on-EKS-DevelopmentGuide/setting-up-enable-IAM.html
+ * aws stepfunctions start-execution --state-machine-arn <deployed state machine arn> : should return execution arn
+ * aws stepfunctions describe-execution --execution-arn <exection-arn generated before> : should return status as SUCCEEDED
  */
-class GlueDataBrewJobStack extends cdk.Stack {
-  constructor(scope: cdk.App, id: string, props: cdk.StackProps = {}) {
-    super(scope, id, props);
+const app = new cdk.App({
+  postCliContext: {
+    '@aws-cdk/aws-lambda:useCdkManagedLogGroup': false,
+    '@aws-cdk/aws-lambda:createNewPoliciesWithAddToRolePolicy': false,
+  },
+});
+const stack = new cdk.Stack(app, 'aws-stepfunctions-tasks-emr-containers-start-job-run');
+stack.node.setContext(EC2_RESTRICT_DEFAULT_SECURITY_GROUP, false);
-    const region = this.region;
+const eksCluster = new eks.Cluster(stack, 'integration-test-eks-cluster', {
+  version: eks.KubernetesVersion.V1_30,
+  defaultCapacity: 3,
+  defaultCapacityInstance: ec2.InstanceType.of(ec2.InstanceClass.M5, ec2.InstanceSize.XLARGE),
+  kubectlLayer: new KubectlV31Layer(stack, 'KubectlLayer'),
+});
-    const outputBucket = new s3.Bucket(this, 'JobOutputBucket', {
-      removalPolicy: cdk.RemovalPolicy.DESTROY,
-    });
-    const role = new iam.Role(this, 'DataBrew Role', {
-      managedPolicies: [{
-        managedPolicyArn: 'arn:aws:iam::aws:policy/service-role/AWSGlueDataBrewServiceRole',
-      }],
-      path: '/',
-      assumedBy: new iam.ServicePrincipal('databrew.amazonaws.com'),
-      inlinePolicies: {
-        DataBrewPolicy: iam.PolicyDocument.fromJson({
-          Statement: [{
-            Effect: 'Allow',
-            Action: [
-              's3:GetObject',
-              's3:PutObject',
-              's3:DeleteObject',
-              's3:ListBucket',
-            ],
-            Resource: [
-              `arn:aws:s3:::databrew-public-datasets-${region}/*`,
-              `arn:aws:s3:::databrew-public-datasets-${region}`,
-              `${outputBucket.bucketArn}/*`,
-              `${outputBucket.bucketArn}`,
-            ],
-          }],
-        }),
+const virtualCluster = new cdk.CfnResource(stack, 'Virtual Cluster', {
+  type: 'AWS::EMRContainers::VirtualCluster',
+  properties: {
+    ContainerProvider: {
+      Id: eksCluster.clusterName,
+      Info: {
+        EksInfo: {
+          Namespace: 'default',
+        },
       },
-    });
+      Type: 'EKS',
+    },
+    Name: 'Virtual-Cluster-Name',
+  },
+});
-    const recipe = new databrew.CfnRecipe(this, 'DataBrew Recipe', {
-      name: 'recipe-1',
-      steps: [
-        {
-          action: {
-            operation: 'UPPER_CASE',
-            parameters: {
-              sourceColumn: 'description',
-            },
-          },
-        },
-        {
-          action: {
-            operation: 'DELETE',
-            parameters: {
-              sourceColumn: 'doc_id',
-            },
-          },
-        },
-      ],
-    });
+const emrRole = eksCluster.addManifest('emrRole', {
+  apiVersion: 'rbac.authorization.k8s.io/v1',
+  kind: 'Role',
+  metadata: { name: 'emr-containers', namespace: 'default' },
+  rules: [
+    { apiGroups: [''], resources: ['namespaces'], verbs: ['get'] },
+    { apiGroups: [''], resources: ['serviceaccounts', 'services', 'configmaps', 'events', 'pods', 'pods/log'], verbs: ['get', 'list', 'watch', 'describe', 'create', 'edit', 'delete', 'deletecollection', 'annotate', 'patch', 'label'] },
+    { apiGroups: [''], resources: ['secrets'], verbs: ['create', 'patch', 'delete', 'watch'] },
+    { apiGroups: ['apps'], resources: ['statefulsets', 'deployments'], verbs: ['get', 'list', 'watch', 'describe', 'create', 'edit', 'delete', 'annotate', 'patch', 'label'] },
+    { apiGroups: ['batch'], resources: ['jobs'], verbs: ['get', 'list', 'watch', 'describe', 'create', 'edit', 'delete', 'annotate', 'patch', 'label'] },
+    { apiGroups: ['extensions'], resources: ['ingresses'], verbs: ['get', 'list', 'watch', 'describe', 'create', 'edit', 'delete', 'annotate', 'patch', 'label'] },
+    { apiGroups: ['rbac.authorization.k8s.io'], resources: ['roles', 'rolebindings'], verbs: ['get', 'list', 'watch', 'describe', 'create', 'edit', 'delete', 'deletecollection', 'annotate', 'patch', 'label'] },
+  ],
+});
-    const dataset = new databrew.CfnDataset(this, 'DataBrew Dataset', {
-      input: {
-        s3InputDefinition: {
-          bucket: `databrew-public-datasets-${region}`,
-          key: 'votes.csv',
-        },
-      },
-      name: 'dataset-1',
-    });
+const emrRoleBind = eksCluster.addManifest('emrRoleBind', {
+  apiVersion: 'rbac.authorization.k8s.io/v1',
+  kind: 'RoleBinding',
+  metadata: { name: 'emr-containers', namespace: 'default' },
+  subjects: [{ kind: 'User', name: 'emr-containers', apiGroup: 'rbac.authorization.k8s.io' }],
+  roleRef: { kind: 'Role', name: 'emr-containers', apiGroup: 'rbac.authorization.k8s.io' },
+});
-    const project = new databrew.CfnProject(this, 'DataBrew Project', {
-      name: 'project-1',
-      roleArn: role.roleArn,
-      datasetName: dataset.name,
-      recipeName: recipe.name,
-    });
-    project.addDependency(dataset);
-    project.addDependency(recipe);
+emrRoleBind.node.addDependency(emrRole);
-    const job = new databrew.CfnJob(this, 'DataBrew Job', {
-      name: 'job-1',
-      type: 'RECIPE',
-      projectName: project.name,
-      roleArn: role.roleArn,
-      outputs: [{
-        location: {
-          bucket: outputBucket.bucketName,
-        },
-      }],
-    });
-    job.addDependency(project);
+const emrServiceRole = iam.Role.fromRoleArn(stack, 'emrServiceRole', 'arn:aws:iam::'+Aws.ACCOUNT_ID+':role/AWSServiceRoleForAmazonEMRContainers');
+const authMapping: AwsAuthMapping = { groups: [], username: 'emr-containers' };
+eksCluster.awsAuth.addRoleMapping(emrServiceRole, authMapping);
+virtualCluster.node.addDependency(emrRoleBind);
+virtualCluster.node.addDependency(eksCluster.awsAuth);
-    const startGlueDataBrewJob = new GlueDataBrewStartJobRun(this, 'Start DataBrew Job run', {
-      name: job.name,
-    });
+const startJobRunJob = new EmrContainersStartJobRun(stack, 'Start a Job Run', {
+  virtualCluster: VirtualClusterInput.fromVirtualClusterId(virtualCluster.getAtt('Id').toString()),
+  releaseLabel: ReleaseLabel.EMR_6_2_0,
+  jobName: 'EMR-Containers-Job',
+  jobDriver: {
+    sparkSubmitJobDriver: {
+      entryPoint: sfn.TaskInput.fromText('local:///usr/lib/spark/examples/src/main/python/pi.py'),
+      entryPointArguments: sfn.TaskInput.fromObject(['2']),
+      sparkSubmitParameters: '--conf spark.driver.memory=512M --conf spark.kubernetes.driver.request.cores=0.2 --conf spark.kubernetes.executor.request.cores=0.2 --conf spark.sql.shuffle.partitions=60 --conf spark.dynamicAllocation.enabled=false',
+    },
+  },
+});
-    const chain = sfn.Chain.start(startGlueDataBrewJob);
+const chain = sfn.Chain.start(startJobRunJob);
-    const sm = new sfn.StateMachine(this, 'StateMachine', {
-      definition: chain,
-      timeout: cdk.Duration.seconds(30),
-    });
+const sm = new sfn.StateMachine(stack, 'StateMachine', {
+  definition: chain,
+  timeout: cdk.Duration.seconds(1000),
+});
-    new cdk.CfnOutput(this, 'stateMachineArn', {
-      value: sm.stateMachineArn,
-    });
-  }
-}
+new cdk.CfnOutput(stack, 'stateMachineArn', {
+  value: sm.stateMachineArn,
+});
+new integ.IntegTest(app, 'aws-stepfunctions-tasks-emr-containers-start-job-run-integ', {
+  testCases: [stack],
+  // Test includes assets that are updated weekly. If not disabled, the upgrade PR will fail.
+  diffAssets: false,
+  cdkCommandOptions: {
+    deploy: {
+      args: {
+        rollback: true,
+      },
+    },
+  },
+});
-const app = new cdk.App();
-new GlueDataBrewJobStack(app, 'aws-stepfunctions-tasks-databrew-start-job-run-integ');
 app.synth();

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/cx-api/FEATURE_FLAGS.md CHANGED Viewed

@@ -105,7 +105,8 @@ Flags come in three types:
 | [@aws-cdk/aws-lambda:useCdkManagedLogGroup](#aws-cdkaws-lambdausecdkmanagedloggroup) | When enabled, CDK creates and manages loggroup for the lambda function | 2.200.0 | new default |
 | [@aws-cdk/aws-kms:applyImportedAliasPermissionsToPrincipal](#aws-cdkaws-kmsapplyimportedaliaspermissionstoprincipal) | Enable grant methods on Aliases imported by name to use kms:ResourceAliases condition | 2.202.0 | fix |
 | [@aws-cdk/core:explicitStackTags](#aws-cdkcoreexplicitstacktags) | When enabled, stack tags need to be assigned explicitly on a Stack. | 2.205.0 | new default |
-| [@aws-cdk/aws-signer:signingProfileNamePassedToCfn](#aws-cdkaws-signersigningprofilenamepassedtocfn) | Pass signingProfileName to CfnSigningProfile | V2NEXT | fix |
+| [@aws-cdk/aws-signer:signingProfileNamePassedToCfn](#aws-cdkaws-signersigningprofilenamepassedtocfn) | Pass signingProfileName to CfnSigningProfile | 2.212.0 | fix |
+| [@aws-cdk/aws-ecs-patterns:secGroupsDisablesImplicitOpenListener](#aws-cdkaws-ecs-patternssecgroupsdisablesimplicitopenlistener) | Disable implicit openListener when custom security groups are provided | V2NEXT | new default |
 <!-- END table -->
@@ -118,6 +119,7 @@ The following json shows the current recommended set of flags, as `cdk init` wou
 {
   "context": {
     "@aws-cdk/aws-signer:signingProfileNamePassedToCfn": true,
+    "@aws-cdk/aws-ecs-patterns:secGroupsDisablesImplicitOpenListener": true,
     "@aws-cdk/aws-lambda:recognizeLayerVersion": true,
     "@aws-cdk/core:checkSecretUsage": true,
     "@aws-cdk/core:target-partitions": [
@@ -2244,10 +2246,35 @@ replaced during deployment if a `signingProfileName` was specified but not previ
 in the CloudFormation template.
+| Since | Unset behaves like | Recommended value |
+| ----- | ----- | ----- |
+| (not in v1) |  |  |
+| 2.212.0 | `false` | `true` |
+### @aws-cdk/aws-ecs-patterns:secGroupsDisablesImplicitOpenListener
+*Disable implicit openListener when custom security groups are provided*
+Flag type: New default behavior
+ApplicationLoadBalancedServiceBase currently defaults openListener to true, which creates
+security group rules allowing ingress from 0.0.0.0/0. This can be a security risk when
+users provide custom security groups on their load balancer, expecting those to be the
+only ingress rules.
+If this flag is not set, openListener will always default to true for backward compatibility.
+If true, openListener will default to false when custom security groups are detected on the
+load balancer, and true otherwise. Users can still explicitly set openListener: true to
+override this behavior.
 | Since | Unset behaves like | Recommended value |
 | ----- | ----- | ----- |
 | (not in v1) |  |  |
 | V2NEXT | `false` | `true` |
+**Compatibility with old behavior:** You can pass `openListener: true` explicitly to maintain the old behavior.
 <!-- END details -->

{konokenj_cdk_api_mcp_server-0.41.0.dist-info → konokenj_cdk_api_mcp_server-0.42.0.dist-info}/METADATA RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: konokenj.cdk-api-mcp-server
-Version: 0.41.0
+Version: 0.42.0
 Summary: An MCP server provides AWS CDK API Reference
 Project-URL: Documentation, https://github.com/konokenj/cdk-api-mcp-server#readme
 Project-URL: Issues, https://github.com/konokenj/cdk-api-mcp-server/issues
@@ -26,7 +26,7 @@ Description-Content-Type: text/markdown
 [![PyPI - Python Version](https://img.shields.io/pypi/pyversions/konokenj.cdk-api-mcp-server.svg)](https://pypi.org/project/konokenj.cdk-api-mcp-server)
 <!-- DEP-VERSIONS-START -->
-[![aws-cdk](https://img.shields.io/badge/aws%20cdk-v2.211.0-blue.svg)](https://github.com/konokenj/cdk-api-mcp-server/blob/main/current-versions/aws-cdk.txt)
+[![aws-cdk](https://img.shields.io/badge/aws%20cdk-v2.212.0-blue.svg)](https://github.com/konokenj/cdk-api-mcp-server/blob/main/current-versions/aws-cdk.txt)
 <!-- DEP-VERSIONS-END -->
 ---

konokenj.cdk-api-mcp-server 0.41.0__py3-none-any.whl → 0.42.0__py3-none-any.whl

Potentially problematic release.

konokenj.cdk-api-mcp-server 0.41.0py3-none-any.whl → 0.42.0py3-none-any.whl