feat(codebuild): add support for setting a BuildEnvironment Certificate

[mneil]

fixes #15701

Add certificate as optional parameter to codebuild project
Environment. The certificate option supports including an additional
PEM certificate for on-prem DNS / SSL of codebuild projects.

---

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

[gitpod-io]

[rot26]

Optional: you could add an example s3 arn.

Example: arn:aws:s3:::bucket_name/key/path/to/ca.pem

[rot26]

This is something we need at my job. 👍

[skinny85]

Thanks for the contribution @mneil! Small suggestion on the design of this new API.

Also, we need to add an example to the module's ReadMe file.

[skinny85]

I'm wondering whether a string is the best way to model this...? Seems a little looks for my taste.

I see 2 possible alternatives:

1. Introduce a dedicated interface for this property, something like BuildCertificate, that takes in an s3.IBucket, a string for the key, and maybe an optional version?
2. Use the existing Location interface from the S3 module. There's a small downside that it takes in a bucketName as just a string, but maybe that's fine - we can show an example in the ReadMe of importing a Bucket by ARN, and then using it to pass the bucketName property as bucket.bucketName.

I'll let you decide which option you like more!

[mneil]

Ah thanks! I was looking for something better but couldn't find existing classes that met the need and wasn't sure about adding another interface. I like option 2 better since it already exists.

However, arns do not support versions and the BuildEnvironment certificate at the cloudformation level only accepts a string value that is an arn. It seems like there's no way to support a version at the moment for the certificate. Because of this I'll create a new interface that takes in an IBucket and key only so people don't think they can use a version when it's not supported.

Let me know if I'm wrong about the version? If so I'll use the existing interface. Won't be hard to do either way.

[skinny85]

Yeah, let's go with a new interface here.

Pull request has been modified.

[mneil]

@skinny85 Any additional feedback? I've added a new interface and documentation.

[skinny85]

I haven't reviewed the latest iteration. Make sure to re-request my review after you're done pushing your changes (there's a button next to my avatar in the top-right corner of the PR page).

[skinny85]

Looks great @mneil! A few minor comments.

[skinny85]

Can we inline this variable? I don't think it adds much.

Pull request has been modified.

[mneil]

I should probably stop force pushing so you can see the changes are resolved :). If there's anymore feedback I'll do that and squash later. I just realized I'm clobbering the diff on your requested changes.

[skinny85]

Looks great @mneil, thanks for the contribution!

[mergify]

Thank you for contributing! Your pull request will be updated from master and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

[aws-cdk-automation]

AWS CodeBuild CI Report

• CodeBuild project: AutoBuildProject89A8053A-LhjRyN9kxr8o
• Commit ID: 99e5fef
• Result: SUCCEEDED
• Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

[mergify]

Thank you for contributing! Your pull request will be updated from master and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).