Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(kms): support KEY_AGREEMENT for keyUsage #30993

Merged
merged 6 commits into from
Nov 8, 2024
Merged

feat(kms): support KEY_AGREEMENT for keyUsage #30993

merged 6 commits into from
Nov 8, 2024

Conversation

mazyu36
Copy link
Contributor

@mazyu36 mazyu36 commented Jul 31, 2024

Issue # (if applicable)

Closes #30989

Reason for this change

To support KEY_AGREEMENT for KeyUsage.

Description of changes

  • Add KEY_AGREEMENT to KeyUsage enum
  • Add validation rule

Description of how you validated changes

Add unit test and integ test.

Checklist

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

@github-actions github-actions bot added effort/small Small work item – less than a day of effort feature-request A feature should be added or improved. p2 distinguished-contributor [Pilot] contributed 50+ PRs to the CDK labels Jul 31, 2024
@aws-cdk-automation aws-cdk-automation requested a review from a team July 31, 2024 22:54
aws-cdk-automation
aws-cdk-automation previously requested changes Jul 31, 2024
View reviewed changes
Copy link
Collaborator

@aws-cdk-automation aws-cdk-automation left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The pull request linter has failed. See the aws-cdk-automation comment below for failure reasons. If you believe this pull request should receive an exemption, please comment and provide a justification.

A comment requesting an exemption should contain the text Exemption Request. Additionally, if clarification is needed add Clarification Request to a comment.

mazyu36
mazyu36 commented Jul 31, 2024
View reviewed changes
packages/aws-cdk-lib/aws-kms/lib/key.ts
@@ -715,6 +720,17 @@ export class Key extends KeyBase {
KeySpec.SYMMETRIC_DEFAULT,
KeySpec.SM2,
],
[KeyUsage.KEY_AGREEMENT]: [
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I confirmed from the documentation and management console that only the following keySpecs are supported, and added the unsupported ones to the denyList.

  • For asymmetric KMS keys with NIST-recommended elliptic curve key pairs, specify SIGN_VERIFY or KEY_AGREEMENT.
  • For asymmetric KMS keys with SM2 key pairs (China Regions only), specify ENCRYPT_DECRYPT, SIGN_VERIFY, or KEY_AGREEMENT.

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-kms-key.html#cfn-kms-key-keyusage

@mazyu36
Copy link
Contributor Author

mazyu36 commented Jul 31, 2024

Exemption Request: I think updating the README is unnecessary, as this only involves adding a value to an enum.

@aws-cdk-automation aws-cdk-automation added pr-linter/exemption-requested The contributor has requested an exemption to the PR Linter feedback. pr/needs-community-review This PR needs a review from a Trusted Community Member or Core Team Member. labels Jul 31, 2024
This was referenced Aug 1, 2024
Closed
Closed
@aws-cdk-automation aws-cdk-automation added pr/needs-maintainer-review This PR needs a review from a Core Team Member and removed pr/needs-community-review This PR needs a review from a Trusted Community Member or Core Team Member. labels Nov 2, 2024
@Leo10Gama Leo10Gama self-assigned this Nov 8, 2024
@Leo10Gama Leo10Gama added pr-linter/exempt-readme The PR linter will not require README changes and removed pr-linter/exemption-requested The contributor has requested an exemption to the PR Linter feedback. labels Nov 8, 2024
@aws-cdk-automation aws-cdk-automation dismissed their stale review November 8, 2024 17:44

✅ Updated pull request passes all PRLinter validations. Dismissing previous PRLinter review.

Leo10Gama
Leo10Gama approved these changes Nov 8, 2024
View reviewed changes
Copy link
Member

@Leo10Gama Leo10Gama left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks for the contribution!

@Leo10Gama
Copy link
Member

@Mergifyio update

@mergify Mergify
Copy link
Contributor

mergify bot commented Nov 8, 2024

update

✅ Branch has been successfully updated

@mergify Mergify
Copy link
Contributor

mergify bot commented Nov 8, 2024

Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

@aws-cdk-automation aws-cdk-automation removed the pr/needs-maintainer-review This PR needs a review from a Core Team Member label Nov 8, 2024
@aws-cdk-automation
Copy link
Collaborator

AWS CodeBuild CI Report

  • CodeBuild project: AutoBuildv2Project1C6BFA3F-wQm2hXv2jqQv
  • Commit ID: 93ef4d0
  • Result: SUCCEEDED
  • Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

@mergify mergify bot merged commit 2323877 into aws:main Nov 8, 2024
15 checks passed
@mergify Mergify
Copy link
Contributor

mergify bot commented Nov 8, 2024

Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

@github-actions GitHub Actions
Copy link

github-actions bot commented Nov 8, 2024

Comments on closed issues and PRs are hard for our team to see.
If you need help, please open a new issue that references this one.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Nov 8, 2024
@mazyu36 mazyu36 deleted the kms-30989 branch November 8, 2024 22:36
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@badmintoncryer badmintoncryer badmintoncryer approved these changes

@Leo10Gama Leo10Gama Leo10Gama approved these changes

@aws-cdk-automation aws-cdk-automation aws-cdk-automation left review comments

Assignees

@Leo10Gama Leo10Gama

Labels
distinguished-contributor [Pilot] contributed 50+ PRs to the CDK effort/small Small work item – less than a day of effort feature-request A feature should be added or improved. p2 pr-linter/exempt-readme The PR linter will not require README changes
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

kms: Add support for KEY_AGREEMENT to KeyUsage in KMS key
4 participants
@mazyu36 @Leo10Gama @aws-cdk-automation @badmintoncryer