Skip to content

feat(certificatemanager): Allow opting out of transparency logging#21686

Merged
mergify[bot] merged 4 commits intoaws:mainfrom
AKoetsier:feature/acm-toggle-certificate-transparency-logging
Aug 23, 2022
Merged

feat(certificatemanager): Allow opting out of transparency logging#21686
mergify[bot] merged 4 commits intoaws:mainfrom
AKoetsier:feature/acm-toggle-certificate-transparency-logging

Conversation

@AKoetsier
Copy link
Copy Markdown
Contributor

@AKoetsier AKoetsier commented Aug 19, 2022

Certificates created with AWS Certificate Manager are recorded in a certificate transparency log. ACM however allows you to opt of out of transparency logging. This feature enables certificates created in ACM through CDK to opt out of transparency logging.

All Submissions:

Adding new Unconventional Dependencies:

  • This PR adds new unconventional dependencies following the process described here

New Features

  • Have you added the new feature to an integration test?
    • Did you use yarn integ to deploy the infrastructure and generate the snapshot (i.e. yarn integ without --dry-run)?

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

@gitpod-io
Copy link
Copy Markdown

gitpod-io bot commented Aug 19, 2022

@aws-cdk-automation aws-cdk-automation requested a review from a team August 19, 2022 14:21
@github-actions github-actions bot added the p2 label Aug 19, 2022
corymhall
corymhall previously requested changes Aug 22, 2022
View reviewed changes
packages/@aws-cdk/aws-certificatemanager/lib/certificate.ts
readonly validation?: CertificateValidation;

/**
* Enable or disable transparency logging for this certificate
Copy link
Copy Markdown
Contributor

@corymhall corymhall Aug 22, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you add something here about how enabling/disabling this works? For example I think you can't change it after creation?

Copy link
Copy Markdown
Contributor Author

@AKoetsier AKoetsier Aug 22, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Well you technically can change it in the api, however it will not have an effect. When a certificate is registered/logged it cannot be undone.

packages/@aws-cdk/aws-certificatemanager/lib/certificate.ts Outdated
*
* @default TransparencyLoggingPreference.ENABLED
*/
readonly certificateTransparencyLoggingPreference?: TransparencyLoggingPreference;
Copy link
Copy Markdown
Contributor

@corymhall corymhall Aug 22, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
readonly certificateTransparencyLoggingPreference?: TransparencyLoggingPreference;
readonly transparencyLoggingEnabled?: boolean;

Can we shorten the name to just transparencyLoggingEnabled? Also, since it is just enabled/disabled we can make it a boolean.

Copy link
Copy Markdown
Contributor Author

@AKoetsier AKoetsier Aug 22, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok will do

@corymhall corymhall added the pr-linter/exempt-integ-test The PR linter will not require integ test changes label Aug 22, 2022
@corymhall
Copy link
Copy Markdown
Contributor

corymhall commented Aug 22, 2022

exempting integration test since integration tests for certificatemanager require you to have a valid public domain (hence the lack of existing integration tests).

@AKoetsier AKoetsier force-pushed the feature/acm-toggle-certificate-transparency-logging branch from 67aaa4d to 515c0cb Compare August 23, 2022 06:38
@mergify mergify bot dismissed corymhall’s stale review August 23, 2022 06:38

Pull request has been modified.

@aws-cdk-automation
Copy link
Copy Markdown
Collaborator

aws-cdk-automation commented Aug 23, 2022

AWS CodeBuild CI Report

  • CodeBuild project: AutoBuildv2Project1C6BFA3F-wQm2hXv2jqQv
  • Commit ID: dde8a7c
  • Result: SUCCEEDED
  • Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

@mergify
Copy link
Copy Markdown
Contributor

mergify bot commented Aug 23, 2022

Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

@mergify mergify bot merged commit 85b6db0 into aws:main Aug 23, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@corymhall corymhall corymhall approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

p2 pr-linter/exempt-integ-test The PR linter will not require integ test changes

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@AKoetsier @corymhall @aws-cdk-automation