From 822e65e0919c579ef384f382a75cc0b89e1342f3 Mon Sep 17 00:00:00 2001 From: Akira Kawabata Date: Thu, 15 Aug 2024 18:29:05 +0900 Subject: [PATCH 1/5] feat(kms): add multiRegion property to a Key --- .../TestStack.assets.json | 19 +++ .../TestStack.template.json | 74 +++++++++ .../cdk.out | 1 + .../integ.json | 12 ++ ...efaultTestDeployAssert5D62E49E.assets.json | 19 +++ ...aultTestDeployAssert5D62E49E.template.json | 36 +++++ .../manifest.json | 113 +++++++++++++ .../tree.json | 153 ++++++++++++++++++ .../aws-kms/test/integ.key-multi-region.ts | 20 +++ packages/aws-cdk-lib/aws-kms/README.md | 9 ++ packages/aws-cdk-lib/aws-kms/lib/key.ts | 16 ++ packages/aws-cdk-lib/aws-kms/test/key.test.ts | 11 ++ 12 files changed, 483 insertions(+) create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-kms/test/integ.key-multi-region.js.snapshot/TestStack.assets.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-kms/test/integ.key-multi-region.js.snapshot/TestStack.template.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-kms/test/integ.key-multi-region.js.snapshot/cdk.out create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-kms/test/integ.key-multi-region.js.snapshot/integ.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-kms/test/integ.key-multi-region.js.snapshot/kmskeymultiregionDefaultTestDeployAssert5D62E49E.assets.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-kms/test/integ.key-multi-region.js.snapshot/kmskeymultiregionDefaultTestDeployAssert5D62E49E.template.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-kms/test/integ.key-multi-region.js.snapshot/manifest.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-kms/test/integ.key-multi-region.js.snapshot/tree.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-kms/test/integ.key-multi-region.ts diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-kms/test/integ.key-multi-region.js.snapshot/TestStack.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-kms/test/integ.key-multi-region.js.snapshot/TestStack.assets.json new file mode 100644 index 0000000000000..d8b5e202d6dd5 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-kms/test/integ.key-multi-region.js.snapshot/TestStack.assets.json @@ -0,0 +1,19 @@ +{ + "version": "36.0.5", + "files": { + "d9e986753b0d85d4019eeeb0bfa3943d6b3e1f7727b0ad62c1f97277cc0567ac": { + "source": { + "path": "TestStack.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "d9e986753b0d85d4019eeeb0bfa3943d6b3e1f7727b0ad62c1f97277cc0567ac.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-kms/test/integ.key-multi-region.js.snapshot/TestStack.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-kms/test/integ.key-multi-region.js.snapshot/TestStack.template.json new file mode 100644 index 0000000000000..d88e8944ac546 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-kms/test/integ.key-multi-region.js.snapshot/TestStack.template.json @@ -0,0 +1,74 @@ +{ + "Resources": { + "keyFEDD6EC0": { + "Type": "AWS::KMS::Key", + "Properties": { + "KeyPolicy": { + "Statement": [ + { + "Action": "kms:*", + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" + ] + ] + } + }, + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "MultiRegion": true + }, + "UpdateReplacePolicy": "Retain", + "DeletionPolicy": "Retain" + } + }, + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-kms/test/integ.key-multi-region.js.snapshot/cdk.out b/packages/@aws-cdk-testing/framework-integ/test/aws-kms/test/integ.key-multi-region.js.snapshot/cdk.out new file mode 100644 index 0000000000000..bd5311dc372de --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-kms/test/integ.key-multi-region.js.snapshot/cdk.out @@ -0,0 +1 @@ +{"version":"36.0.5"} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-kms/test/integ.key-multi-region.js.snapshot/integ.json b/packages/@aws-cdk-testing/framework-integ/test/aws-kms/test/integ.key-multi-region.js.snapshot/integ.json new file mode 100644 index 0000000000000..7219f7670a7ab --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-kms/test/integ.key-multi-region.js.snapshot/integ.json @@ -0,0 +1,12 @@ +{ + "version": "36.0.5", + "testCases": { + "kms-key-multi-region/DefaultTest": { + "stacks": [ + "TestStack" + ], + "assertionStack": "kms-key-multi-region/DefaultTest/DeployAssert", + "assertionStackName": "kmskeymultiregionDefaultTestDeployAssert5D62E49E" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-kms/test/integ.key-multi-region.js.snapshot/kmskeymultiregionDefaultTestDeployAssert5D62E49E.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-kms/test/integ.key-multi-region.js.snapshot/kmskeymultiregionDefaultTestDeployAssert5D62E49E.assets.json new file mode 100644 index 0000000000000..96989d02ba47d --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-kms/test/integ.key-multi-region.js.snapshot/kmskeymultiregionDefaultTestDeployAssert5D62E49E.assets.json @@ -0,0 +1,19 @@ +{ + "version": "36.0.5", + "files": { + "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { + "source": { + "path": "kmskeymultiregionDefaultTestDeployAssert5D62E49E.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-kms/test/integ.key-multi-region.js.snapshot/kmskeymultiregionDefaultTestDeployAssert5D62E49E.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-kms/test/integ.key-multi-region.js.snapshot/kmskeymultiregionDefaultTestDeployAssert5D62E49E.template.json new file mode 100644 index 0000000000000..ad9d0fb73d1dd --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-kms/test/integ.key-multi-region.js.snapshot/kmskeymultiregionDefaultTestDeployAssert5D62E49E.template.json @@ -0,0 +1,36 @@ +{ + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-kms/test/integ.key-multi-region.js.snapshot/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/aws-kms/test/integ.key-multi-region.js.snapshot/manifest.json new file mode 100644 index 0000000000000..fb3ef818828d0 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-kms/test/integ.key-multi-region.js.snapshot/manifest.json @@ -0,0 +1,113 @@ +{ + "version": "36.0.5", + "artifacts": { + "TestStack.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "TestStack.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "TestStack": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "TestStack.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/d9e986753b0d85d4019eeeb0bfa3943d6b3e1f7727b0ad62c1f97277cc0567ac.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "TestStack.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "TestStack.assets" + ], + "metadata": { + "/TestStack/key/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "keyFEDD6EC0" + } + ], + "/TestStack/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/TestStack/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "TestStack" + }, + "kmskeymultiregionDefaultTestDeployAssert5D62E49E.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "kmskeymultiregionDefaultTestDeployAssert5D62E49E.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "kmskeymultiregionDefaultTestDeployAssert5D62E49E": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "kmskeymultiregionDefaultTestDeployAssert5D62E49E.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "kmskeymultiregionDefaultTestDeployAssert5D62E49E.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "kmskeymultiregionDefaultTestDeployAssert5D62E49E.assets" + ], + "metadata": { + "/kms-key-multi-region/DefaultTest/DeployAssert/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/kms-key-multi-region/DefaultTest/DeployAssert/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "kms-key-multi-region/DefaultTest/DeployAssert" + }, + "Tree": { + "type": "cdk:tree", + "properties": { + "file": "tree.json" + } + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-kms/test/integ.key-multi-region.js.snapshot/tree.json b/packages/@aws-cdk-testing/framework-integ/test/aws-kms/test/integ.key-multi-region.js.snapshot/tree.json new file mode 100644 index 0000000000000..5fbeb40fa88aa --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-kms/test/integ.key-multi-region.js.snapshot/tree.json @@ -0,0 +1,153 @@ +{ + "version": "tree-0.1", + "tree": { + "id": "App", + "path": "", + "children": { + "TestStack": { + "id": "TestStack", + "path": "TestStack", + "children": { + "key": { + "id": "key", + "path": "TestStack/key", + "children": { + "Resource": { + "id": "Resource", + "path": "TestStack/key/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::KMS::Key", + "aws:cdk:cloudformation:props": { + "keyPolicy": { + "Statement": [ + { + "Action": "kms:*", + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" + ] + ] + } + }, + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "multiRegion": true + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "TestStack/BootstrapVersion", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "TestStack/CheckBootstrapVersion", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "kms-key-multi-region": { + "id": "kms-key-multi-region", + "path": "kms-key-multi-region", + "children": { + "DefaultTest": { + "id": "DefaultTest", + "path": "kms-key-multi-region/DefaultTest", + "children": { + "Default": { + "id": "Default", + "path": "kms-key-multi-region/DefaultTest/Default", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "DeployAssert": { + "id": "DeployAssert", + "path": "kms-key-multi-region/DefaultTest/DeployAssert", + "children": { + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "kms-key-multi-region/DefaultTest/DeployAssert/BootstrapVersion", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "kms-key-multi-region/DefaultTest/DeployAssert/CheckBootstrapVersion", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTestCase", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTest", + "version": "0.0.0" + } + }, + "Tree": { + "id": "Tree", + "path": "Tree", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-kms/test/integ.key-multi-region.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-kms/test/integ.key-multi-region.ts new file mode 100644 index 0000000000000..76ea48bb9d923 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-kms/test/integ.key-multi-region.ts @@ -0,0 +1,20 @@ +import { App, Stack } from 'aws-cdk-lib'; +import * as kms from 'aws-cdk-lib/aws-kms'; +import { IntegTest } from '@aws-cdk/integ-tests-alpha'; + + +class TestStack extends Stack { + constructor(scope: App) { + super(scope, 'TestStack'); + new kms.Key(this, 'key', { + multiRegion: true, + }); + } +} + +const app = new App(); +const stack = new TestStack(app); + +new IntegTest(app, 'kms-key-multi-region', { + testCases: [stack], +}); diff --git a/packages/aws-cdk-lib/aws-kms/README.md b/packages/aws-cdk-lib/aws-kms/README.md index 5bf8c6366087d..77239299ede5a 100644 --- a/packages/aws-cdk-lib/aws-kms/README.md +++ b/packages/aws-cdk-lib/aws-kms/README.md @@ -41,6 +41,15 @@ const key = new kms.Key(this, 'MyKey', { }); ``` + +Creates a multi-Region primary key: + +```ts +const key = new kms.Key(this, 'MyKey', { + multiRegion: true, // Default is false +}); +``` + ## Sharing keys between stacks To use a KMS key in a different stack in the same CDK application, diff --git a/packages/aws-cdk-lib/aws-kms/lib/key.ts b/packages/aws-cdk-lib/aws-kms/lib/key.ts index fec01eaade57d..1dfecb34c8e37 100644 --- a/packages/aws-cdk-lib/aws-kms/lib/key.ts +++ b/packages/aws-cdk-lib/aws-kms/lib/key.ts @@ -468,6 +468,21 @@ export interface KeyProps { */ readonly keyUsage?: KeyUsage; + /** + * Creates a multi-Region primary key that you can replicate in other AWS Regions. + * You can't change the MultiRegion value after the KMS key is created. + * + * For a multi-Region key, set to this property to true. + * For a single-Region key, omit this property or set it to false. The default value is false. + * + * IMPORTANT: If you change the value of the MultiRegion property on an existing KMS key, the update request fails, + * regardless of the value of the UpdateReplacePolicy attribute. + * This prevents you from accidentally deleting a KMS key by changing an immutable property value. + * + * @default - false + */ + readonly multiRegion?: boolean; + /** * Custom policy document to attach to the KMS key. * @@ -783,6 +798,7 @@ export class Key extends KeyBase { keySpec: props.keySpec, keyUsage: props.keyUsage, keyPolicy: this.policy, + multiRegion: props.multiRegion, pendingWindowInDays: pendingWindowInDays, }); diff --git a/packages/aws-cdk-lib/aws-kms/test/key.test.ts b/packages/aws-cdk-lib/aws-kms/test/key.test.ts index 298a82730dc45..a8c4cea8596d8 100644 --- a/packages/aws-cdk-lib/aws-kms/test/key.test.ts +++ b/packages/aws-cdk-lib/aws-kms/test/key.test.ts @@ -646,6 +646,17 @@ test('fails if key policy has no IAM principals', () => { expect(() => app.synth()).toThrow(/A PolicyStatement used in a resource-based policy must specify at least one IAM principal/); }); +test('creates a multi-Region primary key', () => { + const stack = new cdk.Stack(); + new kms.Key(stack, 'MyKey', { + multiRegion: true, + }); + + Template.fromStack(stack).hasResourceProperties('AWS::KMS::Key', { + MultiRegion: true, + }); +}) + describe('imported keys', () => { test('throw an error when providing something that is not a valid key ARN', () => { const stack = new cdk.Stack(); From 893d4ac1a9794a681f7bf09eab0b09e2595ad175 Mon Sep 17 00:00:00 2001 From: Akira Kawabata Date: Thu, 15 Aug 2024 19:04:31 +0900 Subject: [PATCH 2/5] fix indentation and semi colonerrors --- packages/aws-cdk-lib/aws-kms/lib/key.ts | 2 +- packages/aws-cdk-lib/aws-kms/test/key.test.ts | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/aws-cdk-lib/aws-kms/lib/key.ts b/packages/aws-cdk-lib/aws-kms/lib/key.ts index 1dfecb34c8e37..cb05259f301ba 100644 --- a/packages/aws-cdk-lib/aws-kms/lib/key.ts +++ b/packages/aws-cdk-lib/aws-kms/lib/key.ts @@ -468,7 +468,7 @@ export interface KeyProps { */ readonly keyUsage?: KeyUsage; - /** + /** * Creates a multi-Region primary key that you can replicate in other AWS Regions. * You can't change the MultiRegion value after the KMS key is created. * diff --git a/packages/aws-cdk-lib/aws-kms/test/key.test.ts b/packages/aws-cdk-lib/aws-kms/test/key.test.ts index a8c4cea8596d8..58cd88373cbfa 100644 --- a/packages/aws-cdk-lib/aws-kms/test/key.test.ts +++ b/packages/aws-cdk-lib/aws-kms/test/key.test.ts @@ -655,7 +655,7 @@ test('creates a multi-Region primary key', () => { Template.fromStack(stack).hasResourceProperties('AWS::KMS::Key', { MultiRegion: true, }); -}) +}); describe('imported keys', () => { test('throw an error when providing something that is not a valid key ARN', () => { From 7dc422dccc14da9f70b5e0447616b83efc123002 Mon Sep 17 00:00:00 2001 From: Akira Kawabata Date: Thu, 15 Aug 2024 20:12:46 +0900 Subject: [PATCH 3/5] fix indentation and space errors --- .../test/aws-kms/test/integ.key-multi-region.ts | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-kms/test/integ.key-multi-region.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-kms/test/integ.key-multi-region.ts index 76ea48bb9d923..07a39b975102e 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-kms/test/integ.key-multi-region.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-kms/test/integ.key-multi-region.ts @@ -2,12 +2,11 @@ import { App, Stack } from 'aws-cdk-lib'; import * as kms from 'aws-cdk-lib/aws-kms'; import { IntegTest } from '@aws-cdk/integ-tests-alpha'; - class TestStack extends Stack { constructor(scope: App) { super(scope, 'TestStack'); new kms.Key(this, 'key', { - multiRegion: true, + multiRegion: true, }); } } @@ -16,5 +15,5 @@ const app = new App(); const stack = new TestStack(app); new IntegTest(app, 'kms-key-multi-region', { - testCases: [stack], + testCases: [stack], }); From 910a7d3602db0a5bf7637c219956a83abe626620 Mon Sep 17 00:00:00 2001 From: Akira Kawabata Date: Thu, 15 Aug 2024 21:41:28 +0900 Subject: [PATCH 4/5] Commited all of suggestions --- .../test/aws-kms/test/integ.key-multi-region.ts | 6 +++--- packages/aws-cdk-lib/aws-kms/README.md | 2 +- packages/aws-cdk-lib/aws-kms/lib/key.ts | 9 ++++----- packages/aws-cdk-lib/aws-kms/test/key.test.ts | 2 +- 4 files changed, 9 insertions(+), 10 deletions(-) diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-kms/test/integ.key-multi-region.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-kms/test/integ.key-multi-region.ts index 07a39b975102e..996c11faa2b87 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-kms/test/integ.key-multi-region.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-kms/test/integ.key-multi-region.ts @@ -2,9 +2,9 @@ import { App, Stack } from 'aws-cdk-lib'; import * as kms from 'aws-cdk-lib/aws-kms'; import { IntegTest } from '@aws-cdk/integ-tests-alpha'; -class TestStack extends Stack { +class KmsKeyMultiRegionStack extends Stack { constructor(scope: App) { - super(scope, 'TestStack'); + super(scope, 'KmsKeyMultiRegionStack'); new kms.Key(this, 'key', { multiRegion: true, }); @@ -12,7 +12,7 @@ class TestStack extends Stack { } const app = new App(); -const stack = new TestStack(app); +const stack = new KmsKeyMultiRegionStack(app); new IntegTest(app, 'kms-key-multi-region', { testCases: [stack], diff --git a/packages/aws-cdk-lib/aws-kms/README.md b/packages/aws-cdk-lib/aws-kms/README.md index 77239299ede5a..ae78310e96917 100644 --- a/packages/aws-cdk-lib/aws-kms/README.md +++ b/packages/aws-cdk-lib/aws-kms/README.md @@ -42,7 +42,7 @@ const key = new kms.Key(this, 'MyKey', { ``` -Creates a multi-Region primary key: +Create a multi-Region primary key: ```ts const key = new kms.Key(this, 'MyKey', { diff --git a/packages/aws-cdk-lib/aws-kms/lib/key.ts b/packages/aws-cdk-lib/aws-kms/lib/key.ts index cb05259f301ba..7cdd14fc546e0 100644 --- a/packages/aws-cdk-lib/aws-kms/lib/key.ts +++ b/packages/aws-cdk-lib/aws-kms/lib/key.ts @@ -470,16 +470,15 @@ export interface KeyProps { /** * Creates a multi-Region primary key that you can replicate in other AWS Regions. - * You can't change the MultiRegion value after the KMS key is created. * - * For a multi-Region key, set to this property to true. - * For a single-Region key, omit this property or set it to false. The default value is false. + * You can't change the `multiRegion` value after the KMS key is created. * - * IMPORTANT: If you change the value of the MultiRegion property on an existing KMS key, the update request fails, + * IMPORTANT: If you change the value of the `multiRegion` property on an existing KMS key, the update request fails, * regardless of the value of the UpdateReplacePolicy attribute. * This prevents you from accidentally deleting a KMS key by changing an immutable property value. * - * @default - false + * @default false + * @see https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html */ readonly multiRegion?: boolean; diff --git a/packages/aws-cdk-lib/aws-kms/test/key.test.ts b/packages/aws-cdk-lib/aws-kms/test/key.test.ts index 58cd88373cbfa..14f2df628f0b1 100644 --- a/packages/aws-cdk-lib/aws-kms/test/key.test.ts +++ b/packages/aws-cdk-lib/aws-kms/test/key.test.ts @@ -646,7 +646,7 @@ test('fails if key policy has no IAM principals', () => { expect(() => app.synth()).toThrow(/A PolicyStatement used in a resource-based policy must specify at least one IAM principal/); }); -test('creates a multi-Region primary key', () => { +test('multi-region primary key', () => { const stack = new cdk.Stack(); new kms.Key(stack, 'MyKey', { multiRegion: true, From 449936ccb45d6ae8cc2b489f4b3565b59cb39106 Mon Sep 17 00:00:00 2001 From: Akira Kawabata Date: Fri, 16 Aug 2024 16:07:30 +0900 Subject: [PATCH 5/5] re-run the integ test --- ...son => KmsKeyMultiRegionStack.assets.json} | 2 +- ...n => KmsKeyMultiRegionStack.template.json} | 0 .../integ.json | 2 +- .../manifest.json | 20 +++++++++---------- .../tree.json | 14 ++++++------- 5 files changed, 19 insertions(+), 19 deletions(-) rename packages/@aws-cdk-testing/framework-integ/test/aws-kms/test/integ.key-multi-region.js.snapshot/{TestStack.assets.json => KmsKeyMultiRegionStack.assets.json} (91%) rename packages/@aws-cdk-testing/framework-integ/test/aws-kms/test/integ.key-multi-region.js.snapshot/{TestStack.template.json => KmsKeyMultiRegionStack.template.json} (100%) diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-kms/test/integ.key-multi-region.js.snapshot/TestStack.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-kms/test/integ.key-multi-region.js.snapshot/KmsKeyMultiRegionStack.assets.json similarity index 91% rename from packages/@aws-cdk-testing/framework-integ/test/aws-kms/test/integ.key-multi-region.js.snapshot/TestStack.assets.json rename to packages/@aws-cdk-testing/framework-integ/test/aws-kms/test/integ.key-multi-region.js.snapshot/KmsKeyMultiRegionStack.assets.json index d8b5e202d6dd5..d362330acdb20 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-kms/test/integ.key-multi-region.js.snapshot/TestStack.assets.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-kms/test/integ.key-multi-region.js.snapshot/KmsKeyMultiRegionStack.assets.json @@ -3,7 +3,7 @@ "files": { "d9e986753b0d85d4019eeeb0bfa3943d6b3e1f7727b0ad62c1f97277cc0567ac": { "source": { - "path": "TestStack.template.json", + "path": "KmsKeyMultiRegionStack.template.json", "packaging": "file" }, "destinations": { diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-kms/test/integ.key-multi-region.js.snapshot/TestStack.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-kms/test/integ.key-multi-region.js.snapshot/KmsKeyMultiRegionStack.template.json similarity index 100% rename from packages/@aws-cdk-testing/framework-integ/test/aws-kms/test/integ.key-multi-region.js.snapshot/TestStack.template.json rename to packages/@aws-cdk-testing/framework-integ/test/aws-kms/test/integ.key-multi-region.js.snapshot/KmsKeyMultiRegionStack.template.json diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-kms/test/integ.key-multi-region.js.snapshot/integ.json b/packages/@aws-cdk-testing/framework-integ/test/aws-kms/test/integ.key-multi-region.js.snapshot/integ.json index 7219f7670a7ab..f7aae343362c5 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-kms/test/integ.key-multi-region.js.snapshot/integ.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-kms/test/integ.key-multi-region.js.snapshot/integ.json @@ -3,7 +3,7 @@ "testCases": { "kms-key-multi-region/DefaultTest": { "stacks": [ - "TestStack" + "KmsKeyMultiRegionStack" ], "assertionStack": "kms-key-multi-region/DefaultTest/DeployAssert", "assertionStackName": "kmskeymultiregionDefaultTestDeployAssert5D62E49E" diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-kms/test/integ.key-multi-region.js.snapshot/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/aws-kms/test/integ.key-multi-region.js.snapshot/manifest.json index fb3ef818828d0..7224a06794e6b 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-kms/test/integ.key-multi-region.js.snapshot/manifest.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-kms/test/integ.key-multi-region.js.snapshot/manifest.json @@ -1,19 +1,19 @@ { "version": "36.0.5", "artifacts": { - "TestStack.assets": { + "KmsKeyMultiRegionStack.assets": { "type": "cdk:asset-manifest", "properties": { - "file": "TestStack.assets.json", + "file": "KmsKeyMultiRegionStack.assets.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" } }, - "TestStack": { + "KmsKeyMultiRegionStack": { "type": "aws:cloudformation:stack", "environment": "aws://unknown-account/unknown-region", "properties": { - "templateFile": "TestStack.template.json", + "templateFile": "KmsKeyMultiRegionStack.template.json", "terminationProtection": false, "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", @@ -22,7 +22,7 @@ "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ - "TestStack.assets" + "KmsKeyMultiRegionStack.assets" ], "lookupRole": { "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", @@ -31,29 +31,29 @@ } }, "dependencies": [ - "TestStack.assets" + "KmsKeyMultiRegionStack.assets" ], "metadata": { - "/TestStack/key/Resource": [ + "/KmsKeyMultiRegionStack/key/Resource": [ { "type": "aws:cdk:logicalId", "data": "keyFEDD6EC0" } ], - "/TestStack/BootstrapVersion": [ + "/KmsKeyMultiRegionStack/BootstrapVersion": [ { "type": "aws:cdk:logicalId", "data": "BootstrapVersion" } ], - "/TestStack/CheckBootstrapVersion": [ + "/KmsKeyMultiRegionStack/CheckBootstrapVersion": [ { "type": "aws:cdk:logicalId", "data": "CheckBootstrapVersion" } ] }, - "displayName": "TestStack" + "displayName": "KmsKeyMultiRegionStack" }, "kmskeymultiregionDefaultTestDeployAssert5D62E49E.assets": { "type": "cdk:asset-manifest", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-kms/test/integ.key-multi-region.js.snapshot/tree.json b/packages/@aws-cdk-testing/framework-integ/test/aws-kms/test/integ.key-multi-region.js.snapshot/tree.json index 5fbeb40fa88aa..2788290326799 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-kms/test/integ.key-multi-region.js.snapshot/tree.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-kms/test/integ.key-multi-region.js.snapshot/tree.json @@ -4,17 +4,17 @@ "id": "App", "path": "", "children": { - "TestStack": { - "id": "TestStack", - "path": "TestStack", + "KmsKeyMultiRegionStack": { + "id": "KmsKeyMultiRegionStack", + "path": "KmsKeyMultiRegionStack", "children": { "key": { "id": "key", - "path": "TestStack/key", + "path": "KmsKeyMultiRegionStack/key", "children": { "Resource": { "id": "Resource", - "path": "TestStack/key/Resource", + "path": "KmsKeyMultiRegionStack/key/Resource", "attributes": { "aws:cdk:cloudformation:type": "AWS::KMS::Key", "aws:cdk:cloudformation:props": { @@ -62,7 +62,7 @@ }, "BootstrapVersion": { "id": "BootstrapVersion", - "path": "TestStack/BootstrapVersion", + "path": "KmsKeyMultiRegionStack/BootstrapVersion", "constructInfo": { "fqn": "constructs.Construct", "version": "10.3.0" @@ -70,7 +70,7 @@ }, "CheckBootstrapVersion": { "id": "CheckBootstrapVersion", - "path": "TestStack/CheckBootstrapVersion", + "path": "KmsKeyMultiRegionStack/CheckBootstrapVersion", "constructInfo": { "fqn": "constructs.Construct", "version": "10.3.0"