From cd407a74620be54cb21a4e6d3deaf3f68a0618a3 Mon Sep 17 00:00:00 2001 From: Anton Kukushkin Date: Mon, 12 Feb 2024 14:49:56 +0000 Subject: [PATCH 1/5] fix: Update RDS cert bundle Signed-off-by: Anton Kukushkin --- test_infra/stacks/databases_stack.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test_infra/stacks/databases_stack.py b/test_infra/stacks/databases_stack.py index a96f98351..a7d6dfba8 100644 --- a/test_infra/stacks/databases_stack.py +++ b/test_infra/stacks/databases_stack.py @@ -493,7 +493,7 @@ def _setup_mysql(self) -> None: "USERNAME": self.db_username, "PASSWORD": self.db_password, "JDBC_ENFORCE_SSL": "true", - "CUSTOM_JDBC_CERT": "s3://rds-downloads/rds-combined-ca-bundle.pem", + "CUSTOM_JDBC_CERT": "https://truststore.pki.rds.amazonaws.com/global/global-bundle.pem", }, subnet=self.glue_connection_subnet, security_groups=[self.db_security_group], From 90b6cdb363009d97babba6a0de29ec9677ffd2ad Mon Sep 17 00:00:00 2001 From: Anton Kukushkin Date: Tue, 13 Feb 2024 11:17:11 +0000 Subject: [PATCH 2/5] use s3 url Signed-off-by: Anton Kukushkin --- test_infra/stacks/databases_stack.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test_infra/stacks/databases_stack.py b/test_infra/stacks/databases_stack.py index a7d6dfba8..2dee504af 100644 --- a/test_infra/stacks/databases_stack.py +++ b/test_infra/stacks/databases_stack.py @@ -493,7 +493,7 @@ def _setup_mysql(self) -> None: "USERNAME": self.db_username, "PASSWORD": self.db_password, "JDBC_ENFORCE_SSL": "true", - "CUSTOM_JDBC_CERT": "https://truststore.pki.rds.amazonaws.com/global/global-bundle.pem", + "CUSTOM_JDBC_CERT": "s3://aws-glue-assets-658066294590-us-east-1/certificates/global-bundle.pem", }, subnet=self.glue_connection_subnet, security_groups=[self.db_security_group], From 2f7e5523cdc75d3afb8f2e7f58f1ca89b783d980 Mon Sep 17 00:00:00 2001 From: Anton Kukushkin Date: Wed, 14 Feb 2024 15:44:13 +0000 Subject: [PATCH 3/5] use CUSTOM_JDBC_CERT_STRING Signed-off-by: Anton Kukushkin --- test_infra/stacks/databases_stack.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/test_infra/stacks/databases_stack.py b/test_infra/stacks/databases_stack.py index 2dee504af..9d0c5bd05 100644 --- a/test_infra/stacks/databases_stack.py +++ b/test_infra/stacks/databases_stack.py @@ -1,4 +1,5 @@ import json +from urllib.request import urlopen from aws_cdk import Aws, CfnOutput, Duration, RemovalPolicy, Stack from aws_cdk import aws_ec2 as ec2 @@ -493,7 +494,9 @@ def _setup_mysql(self) -> None: "USERNAME": self.db_username, "PASSWORD": self.db_password, "JDBC_ENFORCE_SSL": "true", - "CUSTOM_JDBC_CERT": "s3://aws-glue-assets-658066294590-us-east-1/certificates/global-bundle.pem", + "CUSTOM_JDBC_CERT_STRING": urlopen("https://truststore.pki.rds.amazonaws.com/global/global-bundle.pem") + .read() + .decode("utf-8"), }, subnet=self.glue_connection_subnet, security_groups=[self.db_security_group], From 5179808f657253b17c8ec55a452337b17afea52b Mon Sep 17 00:00:00 2001 From: Anton Kukushkin Date: Fri, 16 Feb 2024 11:57:34 +0000 Subject: [PATCH 4/5] bump cdk version Signed-off-by: Anton Kukushkin --- test_infra/poetry.lock | 32 ++++++++++++++-------------- test_infra/pyproject.toml | 8 +++---- test_infra/stacks/databases_stack.py | 2 +- 3 files changed, 20 insertions(+), 22 deletions(-) diff --git a/test_infra/poetry.lock b/test_infra/poetry.lock index 84c221d64..0ae584429 100644 --- a/test_infra/poetry.lock +++ b/test_infra/poetry.lock @@ -69,17 +69,17 @@ typeguard = ">=2.13.3,<2.14.0" [[package]] name = "aws-cdk-aws-glue-alpha" -version = "2.125.0a0" +version = "2.128.0a0" description = "The CDK Construct Library for AWS::Glue" optional = false python-versions = "~=3.8" files = [ - {file = "aws-cdk.aws-glue-alpha-2.125.0a0.tar.gz", hash = "sha256:95797a0522177880822eb29b796ffbdc33e1e63fdc284aaae733da4d4f86a1ff"}, - {file = "aws_cdk.aws_glue_alpha-2.125.0a0-py3-none-any.whl", hash = "sha256:1ccdf7ee9d68d91f45e6e98ff9e05cc776797d9f510778de091ef4851b72bc80"}, + {file = "aws-cdk.aws-glue-alpha-2.128.0a0.tar.gz", hash = "sha256:81d7ffde3cacdf5e89e9dd0a4fdbebd015974f2a718fd23ed80128b22bc9de1f"}, + {file = "aws_cdk.aws_glue_alpha-2.128.0a0-py3-none-any.whl", hash = "sha256:5a0f425b2af6b6767e16deda9a79b866f7521d57ee77356ded30dcae4ba15666"}, ] [package.dependencies] -aws-cdk-lib = ">=2.125.0,<3.0.0" +aws-cdk-lib = ">=2.128.0,<3.0.0" constructs = ">=10.0.0,<11.0.0" jsii = ">=1.94.0,<2.0.0" publication = ">=0.0.3" @@ -87,17 +87,17 @@ typeguard = ">=2.13.3,<2.14.0" [[package]] name = "aws-cdk-aws-neptune-alpha" -version = "2.125.0a0" +version = "2.128.0a0" description = "The CDK Construct Library for AWS::Neptune" optional = false python-versions = "~=3.8" files = [ - {file = "aws-cdk.aws-neptune-alpha-2.125.0a0.tar.gz", hash = "sha256:710afd826c0a88186278ef220028974c1aee5345d30494d2d0d2814f54c5b11a"}, - {file = "aws_cdk.aws_neptune_alpha-2.125.0a0-py3-none-any.whl", hash = "sha256:f05875bf1fd3243e3f22b8b523f49587756ba4f78c110547e1b4af8343ddbe04"}, + {file = "aws-cdk.aws-neptune-alpha-2.128.0a0.tar.gz", hash = "sha256:60d17d0742ce89fc078e120538a90e5e8b9f2b0d590919c544445056f1026123"}, + {file = "aws_cdk.aws_neptune_alpha-2.128.0a0-py3-none-any.whl", hash = "sha256:1f72ba53c2d703c06378e0929003dd99f9648e3db2c42a302d23cea61a6d059a"}, ] [package.dependencies] -aws-cdk-lib = ">=2.125.0,<3.0.0" +aws-cdk-lib = ">=2.128.0,<3.0.0" constructs = ">=10.0.0,<11.0.0" jsii = ">=1.94.0,<2.0.0" publication = ">=0.0.3" @@ -105,17 +105,17 @@ typeguard = ">=2.13.3,<2.14.0" [[package]] name = "aws-cdk-aws-redshift-alpha" -version = "2.125.0a0" +version = "2.128.0a0" description = "The CDK Construct Library for AWS::Redshift" optional = false python-versions = "~=3.8" files = [ - {file = "aws-cdk.aws-redshift-alpha-2.125.0a0.tar.gz", hash = "sha256:eb2f174979bb9b08d077281694890f82f7447edfc9f9ea77a82ea5301f3cdb59"}, - {file = "aws_cdk.aws_redshift_alpha-2.125.0a0-py3-none-any.whl", hash = "sha256:71da55934d862d4795c0a4e85e2334d850ea6c7479cddc9544fcd7785b222fd6"}, + {file = "aws-cdk.aws-redshift-alpha-2.128.0a0.tar.gz", hash = "sha256:9e3af49de672ffb6f04b37667ce66f6d6db5db957be939ad0e597ec69a556ee4"}, + {file = "aws_cdk.aws_redshift_alpha-2.128.0a0-py3-none-any.whl", hash = "sha256:0a8e75c297010b8dcaa70bf518f7f001282d857355f767cd3a1775e8d99e455e"}, ] [package.dependencies] -aws-cdk-lib = ">=2.125.0,<3.0.0" +aws-cdk-lib = ">=2.128.0,<3.0.0" constructs = ">=10.0.0,<11.0.0" jsii = ">=1.94.0,<2.0.0" publication = ">=0.0.3" @@ -123,13 +123,13 @@ typeguard = ">=2.13.3,<2.14.0" [[package]] name = "aws-cdk-lib" -version = "2.125.0" +version = "2.128.0" description = "Version 2 of the AWS Cloud Development Kit library" optional = false python-versions = "~=3.8" files = [ - {file = "aws-cdk-lib-2.125.0.tar.gz", hash = "sha256:c94056bc3445f83b9574e6cb66dcf023878667612af1a51346826ef93be1843d"}, - {file = "aws_cdk_lib-2.125.0-py3-none-any.whl", hash = "sha256:d22e0203a14dc03bf31477dbc0f8e33fe18ba7ad9bf82d088f611d2e32ab209f"}, + {file = "aws-cdk-lib-2.128.0.tar.gz", hash = "sha256:796459062daa0dbe0581925874db121d4c220295c6c35e73dedfe39e82ca301f"}, + {file = "aws_cdk_lib-2.128.0-py3-none-any.whl", hash = "sha256:49170b21cb738d30d67f7aa361b78ba3a8b711f8dd15523cbfe64710f9386553"}, ] [package.dependencies] @@ -314,4 +314,4 @@ testing = ["big-O", "jaraco.functools", "jaraco.itertools", "more-itertools", "p [metadata] lock-version = "2.0" python-versions = ">=3.8, <4.0" -content-hash = "e8d22301d10a9306ce963a7a8ccefb127b8c366b67ffa9a0b021a46f1f2c5b1a" +content-hash = "6c67e017c7813535fbc091c3492804c7d57e695a819cec159a53c37261a17a06" diff --git a/test_infra/pyproject.toml b/test_infra/pyproject.toml index a0477121c..447822269 100644 --- a/test_infra/pyproject.toml +++ b/test_infra/pyproject.toml @@ -7,8 +7,6 @@ license = "Apache License 2.0" [tool.poetry.dependencies] python = ">=3.8, <4.0" -"constructs" = ">=10.0.0,<11.0.0" -"aws-cdk-lib" = "^2.125.0" -"aws-cdk.aws-glue-alpha" = "^2.125.0a0" -"aws-cdk.aws-redshift-alpha" = "^2.125.0a0" -"aws-cdk.aws-neptune-alpha" = "^2.125.0a0" +"aws-cdk-lib" = "^2.128.0" +"aws-cdk.aws-glue-alpha" = "^2.128.0a0" +"aws-cdk.aws-redshift-alpha" = "^2.128.0a0" diff --git a/test_infra/stacks/databases_stack.py b/test_infra/stacks/databases_stack.py index 9d0c5bd05..1e8c20565 100644 --- a/test_infra/stacks/databases_stack.py +++ b/test_infra/stacks/databases_stack.py @@ -6,7 +6,7 @@ from aws_cdk import aws_glue_alpha as glue from aws_cdk import aws_iam as iam from aws_cdk import aws_kms as kms -from aws_cdk import aws_neptune_alpha as neptune +from aws_cdk import aws_neptune as neptune from aws_cdk import aws_rds as rds from aws_cdk import aws_redshift_alpha as redshift from aws_cdk import aws_redshiftserverless as redshiftserverless From e036852764665af6a847f0d6111de78d6b42ba6a Mon Sep 17 00:00:00 2001 From: Anton Kukushkin Date: Mon, 19 Feb 2024 14:29:39 +0000 Subject: [PATCH 5/5] Revert "use CUSTOM_JDBC_CERT_STRING" This reverts commit 2f7e5523cdc75d3afb8f2e7f58f1ca89b783d980. --- test_infra/stacks/databases_stack.py | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/test_infra/stacks/databases_stack.py b/test_infra/stacks/databases_stack.py index 1e8c20565..4e8ec3ab3 100644 --- a/test_infra/stacks/databases_stack.py +++ b/test_infra/stacks/databases_stack.py @@ -1,5 +1,4 @@ import json -from urllib.request import urlopen from aws_cdk import Aws, CfnOutput, Duration, RemovalPolicy, Stack from aws_cdk import aws_ec2 as ec2 @@ -494,9 +493,7 @@ def _setup_mysql(self) -> None: "USERNAME": self.db_username, "PASSWORD": self.db_password, "JDBC_ENFORCE_SSL": "true", - "CUSTOM_JDBC_CERT_STRING": urlopen("https://truststore.pki.rds.amazonaws.com/global/global-bundle.pem") - .read() - .decode("utf-8"), + "CUSTOM_JDBC_CERT": "s3://aws-glue-assets-658066294590-us-east-1/certificates/global-bundle.pem", }, subnet=self.glue_connection_subnet, security_groups=[self.db_security_group],