fix(lib): names generated using non-FIPS compliant algorithm (#392)

The CDK8s name generator (`Names.toLabelValue()` and `Names.toDnsLabel()`) have used sha256, which cannot be used in environments that are FIPS compliant.

To fix this, we are now using the [recently introduced](aws/constructs#314) `Node.of(construct).addr` as the hash postfix of generated names.

Fixes #334

BREAKING CHANGE: CAUTION! Auto-generated resource names will change with this release. Resource names in manifests synthesized by a previous version of the CDK8s will be invalidated. Deploying new manifests will cause **resources to be replaced**. Temporarily, you can opt to use the legacy hashing mechanism by setting the environment variable `CDK8S_LEGACY_HASH=1`.
* **lib:** `Names.toDnsLabel()` now accepts a construct scope instead of a string path, and a set of options instead of `maxLen`.
* **lib:** `Names.toLabelValue()` now accepts a construct scope instead of a string path, and a set of options instead of `maxLen`.

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

examples/java/hello/package.json

@@ -10,7 +10,7 @@
   },
   "dependencies": {
     "cdk8s": "0.0.0",
-    "constructs": "3.0.4"
+    "constructs": "3.2.34"
   },
   "devDependencies": {
     "cdk8s-cli": "0.0.0"

examples/java/web-service/package.json

@@ -10,7 +10,7 @@
   },
   "dependencies": {
     "cdk8s": "0.0.0",
-    "constructs": "3.0.4"
+    "constructs": "3.2.34"
   },
   "devDependencies": {
     "cdk8s-cli": "0.0.0"

examples/python/crd/package.json

@@ -10,7 +10,7 @@
   },
   "dependencies": {
     "cdk8s": "0.0.0",
-    "constructs": "3.0.4"
+    "constructs": "3.2.34"
   },
   "devDependencies": {
     "cdk8s-cli": "0.0.0"

examples/python/hello/package.json

@@ -10,7 +10,7 @@
   },
   "dependencies": {
     "cdk8s": "0.0.0",
-    "constructs": "3.0.4"
+    "constructs": "3.2.34"
   },
   "devDependencies": {
     "cdk8s-cli": "0.0.0"

examples/python/web-service/package.json

@@ -10,7 +10,7 @@
   },
   "dependencies": {
     "cdk8s": "0.0.0",
-    "constructs": "3.0.4"
+    "constructs": "3.2.34"
   },
   "devDependencies": {
     "cdk8s-cli": "0.0.0"

examples/typescript/cdk8s-plus-elasticsearch-query/__snapshots__/main.test.ts.snap

@@ -6,7 +6,7 @@ Array [
     "apiVersion": "elasticsearch.k8s.elastic.co/v1",
     "kind": "Elasticsearch",
     "metadata": Object {
-      "name": "test-chart-elasticsearch-5921e846",
+      "name": "test-chart-elasticsearch-c819bb71",
     },
     "spec": Object {
       "http": Object {
@@ -46,19 +46,19 @@ Array [
     "apiVersion": "apps/v1",
     "kind": "Deployment",
     "metadata": Object {
-      "name": "test-chart-deployment-e606f14e",
+      "name": "test-chart-deployment-c8cfd183",
     },
     "spec": Object {
       "replicas": 1,
       "selector": Object {
         "matchLabels": Object {
-          "cdk8s.deployment": "test-chart-Deployment-98e15317",
+          "cdk8s.deployment": "test-chart-Deployment-c8550d6d",
         },
       },
       "template": Object {
         "metadata": Object {
           "labels": Object {
-            "cdk8s.deployment": "test-chart-Deployment-98e15317",
+            "cdk8s.deployment": "test-chart-Deployment-c8550d6d",
           },
         },
         "spec": Object {
@@ -76,14 +76,14 @@ Array [
                 },
                 Object {
                   "name": "ELASTIC_ENDPOINT",
-                  "value": "http://test-chart-elasticsearch-5921e846-es-http:9200",
+                  "value": "http://test-chart-elasticsearch-c819bb71-es-http:9200",
                 },
                 Object {
                   "name": "ELASTIC_PASSWORD",
                   "valueFrom": Object {
                     "secretKeyRef": Object {
                       "key": "elastic",
-                      "name": "test-chart-elasticsearch-5921e846-es-elastic-user",
+                      "name": "test-chart-elasticsearch-c819bb71-es-elastic-user",
                     },
                   },
                 },
@@ -99,7 +99,7 @@ Array [
               "volumeMounts": Array [
                 Object {
                   "mountPath": "/root",
-                  "name": "configmap-test-chart-config-c3f7d3c0",
+                  "name": "configmap-test-chart-config-c873bd48",
                 },
               ],
               "workingDir": "/root",
@@ -108,9 +108,9 @@ Array [
           "volumes": Array [
             Object {
               "configMap": Object {
-                "name": "test-chart-config-c3f7d3c0",
+                "name": "test-chart-config-c873bd48",
               },
-              "name": "configmap-test-chart-config-c3f7d3c0",
+              "name": "configmap-test-chart-config-c873bd48",
             },
           ],
         },
@@ -121,7 +121,7 @@ Array [
     "apiVersion": "v1",
     "kind": "Service",
     "metadata": Object {
-      "name": "test-chart-deployment-service-7f4c5401",
+      "name": "test-chart-deployment-service-c835a1d2",
     },
     "spec": Object {
       "externalIPs": Array [],
@@ -132,7 +132,7 @@ Array [
         },
       ],
       "selector": Object {
-        "cdk8s.deployment": "test-chart-Deployment-98e15317",
+        "cdk8s.deployment": "test-chart-Deployment-c8550d6d",
       },
       "type": "ClusterIP",
     },
@@ -210,7 +210,7 @@ function doSearch(uri, callback) {
     },
     "kind": "ConfigMap",
     "metadata": Object {
-      "name": "test-chart-config-c3f7d3c0",
+      "name": "test-chart-config-c873bd48",
     },
   },
 ]

examples/typescript/cdk8s-plus-elasticsearch-query/package.json

@@ -19,7 +19,7 @@
   "dependencies": {
     "cdk8s": "0.0.0",
     "cdk8s-plus-17": "0.0.0",
-    "constructs": "3.0.4"
+    "constructs": "3.2.34"
   },
   "devDependencies": {
     "@types/jest": "^26.0.8",

examples/typescript/cdk8s-plus-ingress/package.json

@@ -16,7 +16,7 @@
   "dependencies": {
     "cdk8s": "0.0.0",
     "cdk8s-plus-17": "0.0.0",
-    "constructs": "3.0.4"
+    "constructs": "3.2.34"
   },
   "devDependencies": {
     "@types/node": "^14.0.27",

examples/typescript/crd/__snapshots__/index.test.js.snap

@@ -6,7 +6,7 @@ Array [
     "apiVersion": "jenkins.io/v1alpha2",
     "kind": "Jenkins",
     "metadata": Object {
-      "name": "hello-jenkins-6847f922",
+      "name": "hello-jenkins-c80d3a3b",
     },
     "spec": Object {
       "jenkinsAPISettings": Object {
@@ -30,7 +30,7 @@ Array [
     "apiVersion": "mattermost.com/v1alpha1",
     "kind": "ClusterInstallation",
     "metadata": Object {
-      "name": "hello-foo-6845e4bd",
+      "name": "hello-foo-c8398804",
     },
     "spec": Object {
       "database": Object {

examples/typescript/crd/package.json

@@ -19,7 +19,7 @@
   },
   "dependencies": {
     "cdk8s": "0.0.0",
-    "constructs": "3.0.4"
+    "constructs": "3.2.34"
   },
   "devDependencies": {
     "@types/jest": "^25.1.2",

examples/typescript/hello/__snapshots__/index.test.js.snap

@@ -6,7 +6,7 @@ Array [
     "apiVersion": "v1",
     "kind": "Service",
     "metadata": Object {
-      "name": "hello-service-9878228b",
+      "name": "hello-service-c8c17160",
     },
     "spec": Object {
       "ports": Array [
@@ -25,7 +25,7 @@ Array [
     "apiVersion": "apps/v1",
     "kind": "Deployment",
     "metadata": Object {
-      "name": "hello-deployment-c51e9e6b",
+      "name": "hello-deployment-c8c7fda7",
     },
     "spec": Object {
       "replicas": 1,

examples/typescript/hello/package.json

@@ -19,7 +19,7 @@
   },
   "dependencies": {
     "cdk8s": "0.0.0",
-    "constructs": "3.0.4"
+    "constructs": "3.2.34"
   },
   "devDependencies": {
     "@types/jest": "^25.1.2",

examples/typescript/include-dashboard/package.json

@@ -18,7 +18,7 @@
   },
   "dependencies": {
     "cdk8s": "0.0.0",
-    "constructs": "3.0.4"
+    "constructs": "3.2.34"
   },
   "devDependencies": {
     "@types/jest": "^25.1.2",

examples/typescript/podinfo/lib/deployment.ts

@@ -1,4 +1,4 @@
-import { Construct, Node } from 'constructs';
+import { Construct } from 'constructs';
 import { ApiObject, Names } from 'cdk8s';
 import { KubeDeployment, Affinity, Container, IntOrString } from '../imports/k8s';
 import { Autoscaler, AutoscalingOptions } from './autoscaler';
@@ -90,7 +90,7 @@ export class Deployment extends Construct implements ISelector {
     // labels
 
     this.selector = { 
-      deploymentId: Names.toLabelValue(Node.of(this).path),
+      deploymentId: Names.toLabelValue(this),
       ...options.labels
     };
 

examples/typescript/podinfo/package.json

@@ -18,7 +18,7 @@
   },
   "dependencies": {
     "cdk8s": "0.0.0",
-    "constructs": "3.0.4"
+    "constructs": "3.2.34"
   },
   "devDependencies": {
     "@types/jest": "^25.1.2",

examples/typescript/web-service/package.json

@@ -18,7 +18,7 @@
   },
   "dependencies": {
     "cdk8s": "0.0.0",
-    "constructs": "3.0.4"
+    "constructs": "3.2.34"
   },
   "devDependencies": {
     "@types/jest": "^25.1.2",

examples/typescript/web-service/web-service.ts

@@ -1,4 +1,4 @@
-import { Construct, Node } from 'constructs';
+import { Construct } from 'constructs';
 import { Names } from 'cdk8s';
 import { KubeDeployment, KubeService, IntOrString } from './imports/k8s';
 
@@ -31,7 +31,7 @@ export class WebService extends Construct {
 
     const port = options.port || 80;
     const containerPort = options.containerPort || 8080;
-    const label = { app: Names.toLabelValue(Node.of(this).path) };
+    const label = { app: Names.toLabelValue(this) };
     const replicas = options.replicas ?? 1;
 
     new KubeService(this, 'service', {

packages/cdk8s-cli/.projenrc.js

@@ -11,7 +11,7 @@ const project = new TypeScriptLibraryProject({
   deps: [
     'cdk8s@0.0.0',
     'codemaker',
-    `constructs@${common.versions.constructs}`,
+    `constructs@^${common.versions.constructs}`,
     'fs-extra',
     'jsii-srcmak',
     'jsii-pacmak',

packages/cdk8s-cli/package.json

@@ -53,7 +53,7 @@
     "@types/node": "^10.17.0",
     "cdk8s": "0.0.0",
     "codemaker": "^1.14.1",
-    "constructs": "3.0.4",
+    "constructs": "^3.2.34",
     "fs-extra": "^8.1.0",
     "jsii-pacmak": "^1.14.1",
     "jsii-srcmak": "^0.1.36",

packages/cdk8s-cli/src/cli/cmds/init.ts

@@ -8,7 +8,7 @@ import * as yargs from 'yargs';
 const pkgroot = path.join(__dirname, '..', '..', '..');
 
 const pkg = fs.readJsonSync(path.join(pkgroot, 'package.json'));
-const constructsVersion = pkg.dependencies.constructs;
+const constructsVersion = pkg.dependencies.constructs.replace('^', '');
 
 const templatesDir = path.join(pkgroot, 'templates');
 const availableTemplates = fs.readdirSync(templatesDir).filter(x => !x.startsWith('.'));

packages/cdk8s-cli/templates/python-app/Pipfile

@@ -7,4 +7,4 @@ verify_ssl = true
 python_version = "3.7"
 
 [packages]
-constructs = "==3.0.4"
+constructs = "~={{ constructs_version }}"

packages/cdk8s-cli/templates/typescript-app/.hooks.sscaff.js

@@ -1,17 +1,16 @@
 const { execSync } = require('child_process');
 const { readFileSync } = require('fs');
 
-const constructs_version = require('../../package.json').dependencies.constructs;
-
 exports.post = ctx => {
   const npm_cdk8s = ctx.npm_cdk8s;
   const npm_cdk8s_plus = ctx.npm_cdk8s_plus;
   const npm_cdk8s_cli = ctx.npm_cdk8s_cli;
+  const constructs_version = ctx.constructs_version;
 
   if (!npm_cdk8s) { throw new Error(`missing context "npm_cdk8s"`); }
   if (!npm_cdk8s_cli) { throw new Error(`missing context "npm_cdk8s_cli"`); }
 
-  installDeps([ npm_cdk8s, npm_cdk8s_plus, `constructs@${constructs_version}` ]);
+  installDeps([ npm_cdk8s, npm_cdk8s_plus, `constructs@^${constructs_version}` ]);
   installDeps([
       npm_cdk8s_cli,
       '@types/node',

packages/cdk8s-cli/test/import/__snapshots__/import-crd.test.ts.snap

@@ -10,7 +10,7 @@ Object {
   },
   "dependencies": Object {
     "cdk8s": "999.999.999",
-    "constructs": "3.0.4",
+    "constructs": "3.2.34",
   },
   "dependencyClosure": Object {
     "cdk8s": Object {
@@ -253,7 +253,7 @@ Object {
   },
   "dependencies": Object {
     "cdk8s": "999.999.999",
-    "constructs": "3.0.4",
+    "constructs": "3.2.34",
   },
   "dependencyClosure": Object {
     "cdk8s": Object {
@@ -4318,7 +4318,7 @@ Object {
   },
   "dependencies": Object {
     "cdk8s": "999.999.999",
-    "constructs": "3.0.4",
+    "constructs": "3.2.34",
   },
   "dependencyClosure": Object {
     "cdk8s": Object {
@@ -17086,7 +17086,7 @@ Object {
   },
   "dependencies": Object {
     "cdk8s": "999.999.999",
-    "constructs": "3.0.4",
+    "constructs": "3.2.34",
   },
   "dependencyClosure": Object {
     "cdk8s": Object {
@@ -17329,7 +17329,7 @@ Object {
   },
   "dependencies": Object {
     "cdk8s": "999.999.999",
-    "constructs": "3.0.4",
+    "constructs": "3.2.34",
   },
   "dependencyClosure": Object {
     "cdk8s": Object {
@@ -17572,7 +17572,7 @@ Object {
   },
   "dependencies": Object {
     "cdk8s": "999.999.999",
-    "constructs": "3.0.4",
+    "constructs": "3.2.34",
   },
   "dependencyClosure": Object {
     "cdk8s": Object {

packages/cdk8s-cli/test/import/__snapshots__/import-crds-dev.test.ts.snap

@@ -10,7 +10,7 @@ Object {
   },
   "dependencies": Object {
     "cdk8s": "999.999.999",
-    "constructs": "3.0.4",
+    "constructs": "3.2.34",
   },
   "dependencyClosure": Object {
     "cdk8s": Object {