Skip to content

Commit

Permalink
fix(kms): do not use fixed name when building kms key constructs (#1103)
Browse files Browse the repository at this point in the history 
* Ensure anything creating a Key uses an id argument in name

* Added test to check Issue 1101
  • Loading branch information
@biffgaut
biffgaut committed Apr 12, 2024
1 parent 8f4b82b commit a5fa0f9
Show file tree
Hide file tree
Showing 150 changed files with 3,471 additions and 911 deletions.
6 changes: 3 additions & 3 deletions source/patterns/@aws-solutions-constructs/aws-apigateway-sqs/test/apigateway-sqs.test.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -257,7 +257,7 @@ test('Queue is encrypted with provided encryptionKeyProps', () => {
template.hasResourceProperties("AWS::SQS::Queue", {
KmsMasterKeyId: {
"Fn::GetAtt": [
"apigatewaysqsEncryptionKey4A698F7C",
"apigatewaysqsqueueKeyEC2D27F3",
"Arn"
]
}
Expand All @@ -267,7 +267,7 @@ test('Queue is encrypted with provided encryptionKeyProps', () => {
AliasName: 'alias/new-key-alias-from-props',
TargetKeyId: {
'Fn::GetAtt': [
'apigatewaysqsEncryptionKey4A698F7C',
'apigatewaysqsqueueKeyEC2D27F3',
'Arn'
]
}
Expand All @@ -294,7 +294,7 @@ test('Queue is encrypted with customer managed KMS Key when enable encryption fl
template.hasResourceProperties("AWS::SQS::Queue", {
KmsMasterKeyId: {
"Fn::GetAtt": [
"apigatewaysqsEncryptionKey4A698F7C",
"apigatewaysqsqueueKeyEC2D27F3",
"Arn"
]
}
Expand Down
2 changes: 1 addition & 1 deletion source/patterns/@aws-solutions-constructs/aws-eventbridge-sns/lib/index.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -98,7 +98,7 @@ export class EventbridgeToSns extends Construct {
}

// Setup the sns topic.
const buildTopicResponse = defaults.buildTopic(this, {
const buildTopicResponse = defaults.buildTopic(this, id, {
existingTopicObj: props.existingTopicObj,
topicProps: props.topicProps,
enableEncryptionWithCustomerManagedKey: enableEncryptionParam,
Expand Down
12 changes: 6 additions & 6 deletions ...patterns/@aws-solutions-constructs/aws-eventbridge-sns/test/eventbridge-sns-topic.test.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -196,7 +196,7 @@ test('check the sns topic properties', () => {
template.hasResourceProperties('AWS::SNS::Topic', {
KmsMasterKeyId: {
"Fn::GetAtt": [
"testEncryptionKeyB55BFDBC",
"testtestKeyDC306BBB",
"Arn"
]
}
Expand All @@ -205,7 +205,7 @@ test('check the sns topic properties', () => {

test('check the sns topic properties with existing KMS key', () => {
const stack = new cdk.Stack();
const key = defaults.buildEncryptionKey(stack, {
const key = defaults.buildEncryptionKey(stack, 'test', {
description: 'my-key'
});

Expand All @@ -222,7 +222,7 @@ test('check the sns topic properties with existing KMS key', () => {
template.hasResourceProperties('AWS::SNS::Topic', {
KmsMasterKeyId: {
"Fn::GetAtt": [
"EncryptionKey1B843E66",
"testKey2C00E5E5",
"Arn"
]
}
Expand Down Expand Up @@ -291,7 +291,7 @@ test('check custom event bus resource with props when deploy:true', () => {

test('Topic is encrypted when key is provided on topicProps.masterKey prop', () => {
const stack = new cdk.Stack();
const key = defaults.buildEncryptionKey(stack, {
const key = defaults.buildEncryptionKey(stack, 'test', {
description: 'my-key'
});

Expand All @@ -310,7 +310,7 @@ test('Topic is encrypted when key is provided on topicProps.masterKey prop', ()
template.hasResourceProperties('AWS::SNS::Topic', {
KmsMasterKeyId: {
"Fn::GetAtt": [
"EncryptionKey1B843E66",
"testKey2C00E5E5",
"Arn"
]
}
Expand Down Expand Up @@ -340,7 +340,7 @@ test('Topic is encrypted when keyProps are provided', () => {
template.hasResourceProperties('AWS::SNS::Topic', {
KmsMasterKeyId: {
"Fn::GetAtt": [
"testeventsrulesqsEncryptionKey19AB0C02",
"testeventsrulesqstesteventsrulesqsKey0BF3CCD9",
"Arn"
]
}
Expand Down
4 changes: 2 additions & 2 deletions .../aws-eventbridge-sns/test/integ.evtsns-exist-bus.js.snapshot/evtsns-exist-bus.assets.json
View file
Original file line number Diff line number Diff line change
@@ -1,15 +1,15 @@
{
"version": "36.0.0",
"files": {
"2451021956d0c5f2cdf62fa8cda83a732366091373b3685aab517752ed37428e": {
"9862b639359bc5c3fec9dffccc166e084b05fc540a1c162a1bde6ec167bd37f4": {
"source": {
"path": "evtsns-exist-bus.template.json",
"packaging": "file"
},
"destinations": {
"current_account-current_region": {
"bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}",
"objectKey": "2451021956d0c5f2cdf62fa8cda83a732366091373b3685aab517752ed37428e.json",
"objectKey": "9862b639359bc5c3fec9dffccc166e084b05fc540a1c162a1bde6ec167bd37f4.json",
"assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}"
}
}
Expand Down
4 changes: 2 additions & 2 deletions ...ws-eventbridge-sns/test/integ.evtsns-exist-bus.js.snapshot/evtsns-exist-bus.template.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@
"Name": "evtsnsexistbusexistingeventbusEAEACB72"
}
},
"testconstructEncryptionKey6153B053": {
"testconstructtestconstructKey1FB48CCA": {
"Type": "AWS::KMS::Key",
"Properties": {
"EnableKeyRotation": true,
Expand Down Expand Up @@ -60,7 +60,7 @@
"Properties": {
"KmsMasterKeyId": {
"Fn::GetAtt": [
"testconstructEncryptionKey6153B053",
"testconstructtestconstructKey1FB48CCA",
"Arn"
]
}
Expand Down
15 changes: 12 additions & 3 deletions ...ions-constructs/aws-eventbridge-sns/test/integ.evtsns-exist-bus.js.snapshot/manifest.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -66,7 +66,7 @@
"validateOnSynth": false,
"assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}",
"cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}",
"stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/2451021956d0c5f2cdf62fa8cda83a732366091373b3685aab517752ed37428e.json",
"stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/9862b639359bc5c3fec9dffccc166e084b05fc540a1c162a1bde6ec167bd37f4.json",
"requiresBootstrapStackVersion": 6,
"bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version",
"additionalDependencies": [
Expand All @@ -88,10 +88,10 @@
"data": "existingeventbusA5B80487"
}
],
"/evtsns-exist-bus/test-construct/EncryptionKey/Resource": [
"/evtsns-exist-bus/test-construct/'test-constructKey'/Resource": [
{
"type": "aws:cdk:logicalId",
"data": "testconstructEncryptionKey6153B053"
"data": "testconstructtestconstructKey1FB48CCA"
}
],
"/evtsns-exist-bus/test-construct/SnsTopic/Resource": [
Expand Down Expand Up @@ -123,6 +123,15 @@
"type": "aws:cdk:logicalId",
"data": "CheckBootstrapVersion"
}
],
"testconstructEncryptionKey6153B053": [
{
"type": "aws:cdk:logicalId",
"data": "testconstructEncryptionKey6153B053",
"trace": [
"!!DESTRUCTIVE_CHANGES: WILL_DESTROY"
]
}
]
},
"displayName": "evtsns-exist-bus"
Expand Down
54 changes: 27 additions & 27 deletions ...olutions-constructs/aws-eventbridge-sns/test/integ.evtsns-exist-bus.js.snapshot/tree.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,26 +23,26 @@
},
"constructInfo": {
"fqn": "aws-cdk-lib.aws_events.CfnEventBus",
"version": "2.118.0"
"version": "2.135.0"
}
}
},
"constructInfo": {
"fqn": "aws-cdk-lib.aws_events.EventBus",
"version": "2.118.0"
"version": "2.135.0"
}
},
"test-construct": {
"id": "test-construct",
"path": "evtsns-exist-bus/test-construct",
"children": {
"EncryptionKey": {
"id": "EncryptionKey",
"path": "evtsns-exist-bus/test-construct/EncryptionKey",
"'test-constructKey'": {
"id": "'test-constructKey'",
"path": "evtsns-exist-bus/test-construct/'test-constructKey'",
"children": {
"Resource": {
"id": "Resource",
"path": "evtsns-exist-bus/test-construct/EncryptionKey/Resource",
"path": "evtsns-exist-bus/test-construct/'test-constructKey'/Resource",
"attributes": {
"aws:cdk:cloudformation:type": "AWS::KMS::Key",
"aws:cdk:cloudformation:props": {
Expand Down Expand Up @@ -92,13 +92,13 @@
},
"constructInfo": {
"fqn": "aws-cdk-lib.aws_kms.CfnKey",
"version": "2.118.0"
"version": "2.135.0"
}
}
},
"constructInfo": {
"fqn": "aws-cdk-lib.aws_kms.Key",
"version": "2.118.0"
"version": "2.135.0"
}
},
"SnsTopic": {
Expand All @@ -113,15 +113,15 @@
"aws:cdk:cloudformation:props": {
"kmsMasterKeyId": {
"Fn::GetAtt": [
"testconstructEncryptionKey6153B053",
"testconstructtestconstructKey1FB48CCA",
"Arn"
]
}
}
},
"constructInfo": {
"fqn": "aws-cdk-lib.aws_sns.CfnTopic",
"version": "2.118.0"
"version": "2.135.0"
}
},
"Policy": {
Expand Down Expand Up @@ -228,19 +228,19 @@
},
"constructInfo": {
"fqn": "aws-cdk-lib.aws_sns.CfnTopicPolicy",
"version": "2.118.0"
"version": "2.135.0"
}
}
},
"constructInfo": {
"fqn": "aws-cdk-lib.aws_sns.TopicPolicy",
"version": "2.118.0"
"version": "2.135.0"
}
}
},
"constructInfo": {
"fqn": "aws-cdk-lib.aws_sns.Topic",
"version": "2.118.0"
"version": "2.135.0"
}
},
"EventsRule": {
Expand Down Expand Up @@ -294,19 +294,19 @@
},
"constructInfo": {
"fqn": "aws-cdk-lib.aws_events.CfnRule",
"version": "2.118.0"
"version": "2.135.0"
}
}
},
"constructInfo": {
"fqn": "aws-cdk-lib.aws_events.Rule",
"version": "2.118.0"
"version": "2.135.0"
}
}
},
"constructInfo": {
"fqn": "@aws-solutions-constructs/aws-eventbridge-sns.EventbridgeToSns",
"version": "2.50.0"
"version": "2.54.1"
}
},
"Integ": {
Expand All @@ -322,7 +322,7 @@
"path": "evtsns-exist-bus/Integ/DefaultTest/Default",
"constructInfo": {
"fqn": "constructs.Construct",
"version": "10.0.0"
"version": "10.3.0"
}
},
"DeployAssert": {
Expand All @@ -334,69 +334,69 @@
"path": "evtsns-exist-bus/Integ/DefaultTest/DeployAssert/BootstrapVersion",
"constructInfo": {
"fqn": "aws-cdk-lib.CfnParameter",
"version": "2.118.0"
"version": "2.135.0"
}
},
"CheckBootstrapVersion": {
"id": "CheckBootstrapVersion",
"path": "evtsns-exist-bus/Integ/DefaultTest/DeployAssert/CheckBootstrapVersion",
"constructInfo": {
"fqn": "aws-cdk-lib.CfnRule",
"version": "2.118.0"
"version": "2.135.0"
}
}
},
"constructInfo": {
"fqn": "aws-cdk-lib.Stack",
"version": "2.118.0"
"version": "2.135.0"
}
}
},
"constructInfo": {
"fqn": "@aws-cdk/integ-tests-alpha.IntegTestCase",
"version": "2.118.0-alpha.0"
"version": "2.135.0-alpha.0"
}
}
},
"constructInfo": {
"fqn": "@aws-cdk/integ-tests-alpha.IntegTest",
"version": "2.118.0-alpha.0"
"version": "2.135.0-alpha.0"
}
},
"BootstrapVersion": {
"id": "BootstrapVersion",
"path": "evtsns-exist-bus/BootstrapVersion",
"constructInfo": {
"fqn": "aws-cdk-lib.CfnParameter",
"version": "2.118.0"
"version": "2.135.0"
}
},
"CheckBootstrapVersion": {
"id": "CheckBootstrapVersion",
"path": "evtsns-exist-bus/CheckBootstrapVersion",
"constructInfo": {
"fqn": "aws-cdk-lib.CfnRule",
"version": "2.118.0"
"version": "2.135.0"
}
}
},
"constructInfo": {
"fqn": "aws-cdk-lib.Stack",
"version": "2.118.0"
"version": "2.135.0"
}
},
"Tree": {
"id": "Tree",
"path": "Tree",
"constructInfo": {
"fqn": "constructs.Construct",
"version": "10.0.0"
"version": "10.3.0"
}
}
},
"constructInfo": {
"fqn": "aws-cdk-lib.App",
"version": "2.118.0"
"version": "2.135.0"
}
}
}
4 changes: 2 additions & 2 deletions ...ucts/aws-eventbridge-sns/test/integ.evtsns-new-bus.js.snapshot/evtsns-new-bus.assets.json
View file
Original file line number Diff line number Diff line change
@@ -1,15 +1,15 @@
{
"version": "36.0.0",
"files": {
"50110703ede9c14bc5c2fee15301da0ee3aa8813c65d3aabf4c0c58b74a1ef23": {
"8b6ff301fc69838f6d089d44c1de29bc904b1e818d3c4279e841a349bb83e1be": {
"source": {
"path": "evtsns-new-bus.template.json",
"packaging": "file"
},
"destinations": {
"current_account-current_region": {
"bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}",
"objectKey": "50110703ede9c14bc5c2fee15301da0ee3aa8813c65d3aabf4c0c58b74a1ef23.json",
"objectKey": "8b6ff301fc69838f6d089d44c1de29bc904b1e818d3c4279e841a349bb83e1be.json",
"assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}"
}
}
Expand Down
Loading

0 comments on commit a5fa0f9

Please sign in to comment.