fix(core): names generated using non-FIPS compliant algorithm

The CDK8s name generator (`Names.toLabelValue()` and `Names.toDnsLabel()`) have used sha256, which cannot be used in environments that are FIPS compliant.

To fix this, we are now using the [recently introduced](aws/constructs#314) `Node.of(construct).addr` as the hash postfix of generated names.

Fixes #334

BREAKING CHANGE: CAUTION! Auto-generated resource names will change with this release. Resource names in manifests synthesized by a previous version of the CDK8s will be invalidated. Deploying new manifests will cause **resources to be replaced**. Temporarily, you can opt to use the legacy hashing mechanism by setting the environment variable `CDK8S_LEGACY_HASH=1`.
* **core:** `Names.toDnsLabel()` now accepts a construct scope instead of a string path, and a set of options instead of `maxLen`.
* **core:** `Names.toLabelValue()` now accepts a construct scope instead of a string path, and a set of options instead of `maxLen`.

Author: Elad Ben-Israel

packages/cdk8s-cli/package.json

@@ -53,7 +53,7 @@
     "@types/node": "^10.17.0",
     "cdk8s": "0.0.0",
     "codemaker": "^1.14.1",
-    "constructs": "3.0.4",
+    "constructs": "3.2.34",
     "fs-extra": "^8.1.0",
     "jsii-pacmak": "^1.14.1",
     "jsii-srcmak": "^0.1.36",

packages/cdk8s-plus-17/API.md

@@ -627,7 +627,7 @@ addRules(...rules: IngressV1Beta1Rule[]): void
 
 #### protected onValidate()🔹 <a id="cdk8s-plus-17-ingressv1beta1-onvalidate"></a>
 
-Validate the current construct.
+(deprecated) Validate the current construct.
 
 This method can be implemented by derived constructs in order to perform
 validation logic. It is called on all constructs before synthesis.

packages/cdk8s-plus-17/package.json

@@ -38,16 +38,16 @@
     "@typescript-eslint/eslint-plugin": "^4.3.0",
     "@typescript-eslint/parser": "^4.3.0",
     "cdk8s": "^0.0.0",
-    "constructs": "3.0.4",
+    "constructs": "3.2.34",
     "eslint": "^6.8.0",
     "eslint-import-resolver-node": "^0.3.3",
     "eslint-import-resolver-typescript": "^2.0.0",
     "eslint-plugin-import": "^2.20.2",
     "jest": "^26.4.2",
-    "jsii": "^1.9.0",
-    "jsii-diff": "^1.9.0",
+    "jsii": "^1.14.1",
+    "jsii-diff": "^1.14.1",
     "jsii-docgen": "^1.3.2",
-    "jsii-pacmak": "^1.9.0",
+    "jsii-pacmak": "^1.14.1",
     "json-schema": "^0.2.5",
     "projen": "^0.3.168",
     "standard-version": "^9.0.0",
@@ -56,7 +56,7 @@
   },
   "peerDependencies": {
     "cdk8s": "^0.0.0",
-    "constructs": "^3.0.4"
+    "constructs": "^3.2.34"
   },
   "dependencies": {
     "minimatch": "^3.0.4"

packages/cdk8s-plus-17/src/deployment.ts

@@ -1,5 +1,5 @@
 import { ApiObject, ApiObjectMetadataDefinition, Lazy, Names } from 'cdk8s';
-import { Construct, Node } from 'constructs';
+import { Construct } from 'constructs';
 import { Resource, ResourceProps } from './base';
 import { Container, ContainerProps } from './container';
 import * as k8s from './imports/k8s';
@@ -124,7 +124,7 @@ export class Deployment extends Resource implements IPodTemplate {
 
     if (props.defaultSelector ?? true) {
       const selector = 'cdk8s.deployment';
-      const matcher = Names.toLabelValue(Node.of(this).path);
+      const matcher = Names.toLabelValue(this);
       this.podMetadata.addLabel(selector, matcher);
       this.selectByLabel(selector, matcher);
     }

packages/cdk8s-plus-17/test/__snapshots__/config-map.test.ts.snap

@@ -9,7 +9,7 @@ Array [
     },
     "kind": "ConfigMap",
     "metadata": Object {
-      "name": "test-my-config-map-91419662",
+      "name": "test-my-config-map-c8eaefa4",
     },
   },
 ]
@@ -25,7 +25,7 @@ Array [
     },
     "kind": "ConfigMap",
     "metadata": Object {
-      "name": "test-my-config-map-91419662",
+      "name": "test-my-config-map-c8eaefa4",
     },
   },
 ]
@@ -41,7 +41,7 @@ Array [
     },
     "kind": "ConfigMap",
     "metadata": Object {
-      "name": "test-my-config-map-91419662",
+      "name": "test-my-config-map-c8eaefa4",
     },
   },
 ]
@@ -56,7 +56,7 @@ Array [
     },
     "kind": "ConfigMap",
     "metadata": Object {
-      "name": "test-my-config-map-91419662",
+      "name": "test-my-config-map-c8eaefa4",
     },
   },
 ]
@@ -72,7 +72,7 @@ Array [
     },
     "kind": "ConfigMap",
     "metadata": Object {
-      "name": "test-my-config-map-91419662",
+      "name": "test-my-config-map-c8eaefa4",
     },
   },
 ]

packages/cdk8s-plus-17/test/config-map.test.ts

@@ -25,7 +25,7 @@ test('minimal', () => {
       apiVersion: 'v1',
       kind: 'ConfigMap',
       metadata: {
-        name: 'test-my-config-map-91419662',
+        name: 'test-my-config-map-c8eaefa4',
       },
     },
   ]);
@@ -53,7 +53,7 @@ test('with data', () => {
         key2: 'bar',
       },
       metadata: {
-        name: 'test-my-config-map-91419662',
+        name: 'test-my-config-map-c8eaefa4',
       },
     },
   ]);
@@ -81,7 +81,7 @@ test('with binaryData', () => {
         key2: 'bar',
       },
       metadata: {
-        name: 'test-my-config-map-91419662',
+        name: 'test-my-config-map-c8eaefa4',
       },
     },
   ]);
@@ -115,7 +115,7 @@ test('with binaryData and data', () => {
         key2: 'bar',
       },
       metadata: {
-        name: 'test-my-config-map-91419662',
+        name: 'test-my-config-map-c8eaefa4',
       },
     },
   ]);
@@ -174,7 +174,7 @@ test('addData()/addBinaryDataq() can be used to add data', () => {
       },
       kind: 'ConfigMap',
       metadata: {
-        name: 'test-my-config-map-91419662',
+        name: 'test-my-config-map-c8eaefa4',
       },
     },
   ]);

packages/cdk8s-plus-17/test/deployment.test.ts

@@ -19,7 +19,7 @@ test('A label selector is automatically allocated', () => {
   const deployment = new kplus.Deployment(chart, 'Deployment');
   deployment.addContainer({ image: 'foobar' });
 
-  const expectedValue = 'test-Deployment-9e0110cd';
+  const expectedValue = 'test-Deployment-c83f5e59';
   const expectedSelector = { 'cdk8s.deployment': expectedValue };
 
   // assert the k8s spec has it.
@@ -94,7 +94,7 @@ test('Can be exposed as via service', () => {
 
   const spec = Testing.synth(chart)[1].spec;
   expect(spec.type).toEqual('LoadBalancer');
-  expect(spec.selector).toEqual({ 'cdk8s.deployment': 'test-Deployment-9e0110cd' });
+  expect(spec.selector).toEqual({ 'cdk8s.deployment': 'test-Deployment-c83f5e59' });
   expect(spec.ports![0].port).toEqual(9200);
   expect(spec.ports![0].targetPort).toEqual(9300);
 
@@ -149,7 +149,7 @@ test('Expose can set service and port details', () => {
   expect(srv.metadata.name).toEqual('test-srv');
   expect(spec.type).toEqual('ClusterIP');
   expect(spec.selector).toEqual({
-    'cdk8s.deployment': 'test-Deployment-9e0110cd',
+    'cdk8s.deployment': 'test-Deployment-c83f5e59',
   });
   expect(spec.ports![0].port).toEqual(9200);
   expect(spec.ports![0].targetPort).toEqual(9500);

packages/cdk8s-plus-17/test/ingress-v1beta1.test.ts

@@ -24,7 +24,7 @@ describe('IngressBackend', () => {
 
       // THEN
       expect(IngressV1Beta1Backend.fromService(service)._toKube()).toEqual({
-        serviceName: 'test-my-service-72ba846b',
+        serviceName: 'test-my-service-c8493104',
         servicePort: 8899,
       });
     });
@@ -61,7 +61,7 @@ describe('IngressBackend', () => {
 
       // THEN
       expect(IngressV1Beta1Backend.fromService(service, { port: 6011 })._toKube()).toEqual({
-        serviceName: 'test-my-service-72ba846b',
+        serviceName: 'test-my-service-c8493104',
         servicePort: 6011,
       });
     });
@@ -78,7 +78,7 @@ describe('IngressBackend', () => {
 
       // THEN
       expect(IngressV1Beta1Backend.fromService(service, { port: 8899 })._toKube()).toEqual({
-        serviceName: 'test-my-service-72ba846b',
+        serviceName: 'test-my-service-c8493104',
         servicePort: 8899,
       });
     });
@@ -130,10 +130,10 @@ describe('Ingress', () => {
         {
           apiVersion: 'networking.k8s.io/v1beta1',
           kind: 'Ingress',
-          metadata: { name: 'test-my-ingress-e859c4c6' },
+          metadata: { name: 'test-my-ingress-c8135042' },
           spec: {
             backend: {
-              serviceName: 'test-my-service-72ba846b',
+              serviceName: 'test-my-service-c8493104',
               servicePort: 80,
             },
           },
@@ -155,10 +155,10 @@ describe('Ingress', () => {
         {
           apiVersion: 'networking.k8s.io/v1beta1',
           kind: 'Ingress',
-          metadata: { name: 'test-my-ingress-e859c4c6' },
+          metadata: { name: 'test-my-ingress-c8135042' },
           spec: {
             backend: {
-              serviceName: 'test-my-service-72ba846b',
+              serviceName: 'test-my-service-c8493104',
               servicePort: 80,
             },
           },
@@ -182,15 +182,15 @@ describe('Ingress', () => {
       {
         apiVersion: 'networking.k8s.io/v1beta1',
         kind: 'Ingress',
-        metadata: { name: 'test-my-ingress-e859c4c6' },
+        metadata: { name: 'test-my-ingress-c8135042' },
         spec: {
           rules: [{
             host: 'my.host',
             http: {
               paths: [
                 {
                   backend: {
-                    serviceName: 'test-my-service-72ba846b',
+                    serviceName: 'test-my-service-c8493104',
                     servicePort: 80,
                   },
                 },
@@ -219,7 +219,7 @@ describe('Ingress', () => {
       {
         apiVersion: 'networking.k8s.io/v1beta1',
         kind: 'Ingress',
-        metadata: { name: 'test-my-ingress-e859c4c6' },
+        metadata: { name: 'test-my-ingress-c8135042' },
         spec: {
           rules: [
             {
@@ -229,14 +229,14 @@ describe('Ingress', () => {
                   {
                     path: '/bar',
                     backend: {
-                      serviceName: 'test-my-service-72ba846b',
+                      serviceName: 'test-my-service-c8493104',
                       servicePort: 80,
                     },
                   },
                   {
                     path: '/foo',
                     backend: {
-                      serviceName: 'test-my-service-72ba846b',
+                      serviceName: 'test-my-service-c8493104',
                       servicePort: 80,
                     },
                   },
@@ -249,14 +249,14 @@ describe('Ingress', () => {
                 paths: [
                   {
                     backend: {
-                      serviceName: 'test-my-service-72ba846b',
+                      serviceName: 'test-my-service-c8493104',
                       servicePort: 80,
                     },
                   },
                   {
                     path: '/',
                     backend: {
-                      serviceName: 'test-my-service-72ba846b',
+                      serviceName: 'test-my-service-c8493104',
                       servicePort: 80,
                     },
                   },
@@ -284,7 +284,7 @@ describe('Ingress', () => {
       {
         apiVersion: 'networking.k8s.io/v1beta1',
         kind: 'Ingress',
-        metadata: { name: 'test-my-ingress-e859c4c6' },
+        metadata: { name: 'test-my-ingress-c8135042' },
         spec: {
           rules: [
             {
@@ -293,14 +293,14 @@ describe('Ingress', () => {
                   {
                     path: '/foo',
                     backend: {
-                      serviceName: 'test-my-service-72ba846b',
+                      serviceName: 'test-my-service-c8493104',
                       servicePort: 80,
                     },
                   },
                   {
                     path: '/foo/bar',
                     backend: {
-                      serviceName: 'test-my-service-72ba846b',
+                      serviceName: 'test-my-service-c8493104',
                       servicePort: 80,
                     },
                   },
@@ -331,13 +331,13 @@ describe('Ingress', () => {
     });
 
     // THEN
-    const expectedBackend = { serviceName: 'test-my-service-72ba846b', servicePort: 4000 };
+    const expectedBackend = { serviceName: 'test-my-service-c8493104', servicePort: 4000 };
     expect(Testing.synth(chart).filter(x => x.kind === 'Ingress')).toEqual([
       {
         apiVersion: 'networking.k8s.io/v1beta1',
         kind: 'Ingress',
         metadata: {
-          name: 'test-my-ingress-e859c4c6',
+          name: 'test-my-ingress-c8135042',
         },
         spec: {
           backend: expectedBackend,

packages/cdk8s-plus-17/test/secret.test.ts

@@ -1,35 +1,35 @@
-import { Testing, ApiObject } from 'cdk8s';
-import { Node } from 'constructs';
-import * as kplus from '../src';
+import { Testing, ApiObject } from "cdk8s";
+import { Node } from "constructs";
+import * as kplus from "../src";
 
-test('defaultChild', () => {
+test("defaultChild", () => {
   const chart = Testing.chart();
 
-  const defaultChild = Node.of(new kplus.Secret(chart, 'Secret')).defaultChild as ApiObject;
-
-  expect(defaultChild.kind).toEqual('Secret');
+  const defaultChild = Node.of(new kplus.Secret(chart, "Secret"))
+    .defaultChild as ApiObject;
 
+  expect(defaultChild.kind).toEqual("Secret");
 });
 
-test('Can be imported from secret name', () => {
-  const secret = kplus.Secret.fromSecretName('secret');
+test("Can be imported from secret name", () => {
+  const secret = kplus.Secret.fromSecretName("secret");
 
-  expect(secret.name).toEqual('secret');
+  expect(secret.name).toEqual("secret");
 });
 
-test('Can add data to new secrets', () => {
+test("Can add data to new secrets", () => {
   const chart = Testing.chart();
 
-  const secret = new kplus.Secret(chart, 'Secret');
-  secret.addStringData('key', 'value');
+  const secret = new kplus.Secret(chart, "Secret");
+  secret.addStringData("key", "value");
 
   expect(Testing.synth(chart)).toMatchInlineSnapshot(`
     Array [
       Object {
         "apiVersion": "v1",
         "kind": "Secret",
         "metadata": Object {
-          "name": "test-secret-17f996fa",
+          "name": "test-secret-c837fa76",
         },
         "stringData": Object {
           "key": "value",