feat(certificatemanager): key algorithm support for PrivateCertificate and Certificate#28597
Conversation
aws-cdk-automation
left a comment
There was a problem hiding this comment.
The pull request linter has failed. See the aws-cdk-automation comment below for failure reasons. If you believe this pull request should receive an exemption, please comment and provide a justification.
A comment requesting an exemption should contain the text Exemption Request. Additionally, if clarification is needed add Clarification Request to a comment.
| * If you need to use an algorithm that doesn't exist as a static member, you | ||
| * can instantiate a `KeyAlgorithm` object, e.g: `new KeyAlgorithm('RSA_2048')`. | ||
| */ | ||
| export class KeyAlgorithm { |
There was a problem hiding this comment.
Allowed values are: RSA_1024 | RSA_2048 | RSA_3072 | RSA_4096 | EC_prime256v1 | EC_secp384r1 | EC_secp521r1 but I only included RSA_2048 | EC_prime256v1 | EC_secp384r1 since imported certificate does not exist in CloudFormation
There was a problem hiding this comment.
Personally I feel like that's the right thing to do for now too. Having the ability to create additional values probably makes up for any edge cases that could come up.
| /** | ||
| * Specifies the algorithm of the public and private key pair that your certificate uses to encrypt data. | ||
| * | ||
| * @default KeyAlgorithm.RSA_2048 |
There was a problem hiding this comment.
If keyAlgorithm is undefined, then the default algorithm is RSA_2048 according to doc
✅ Updated pull request passes all PRLinter validations. Dismissing previous PRLinter review.
laurelmay
left a comment
There was a problem hiding this comment.
Thanks for your work on this! I see the PR is still in draft but I happened to be working on something similar so I hope you don't mind getting some comments now 😄
This is a really great addition for certificates!
...-testing/framework-integ/test/aws-certificatemanager/test/integ.certificate-key-algorithm.ts
Outdated
Show resolved
Hide resolved
| * If you need to use an algorithm that doesn't exist as a static member, you | ||
| * can instantiate a `KeyAlgorithm` object, e.g: `new KeyAlgorithm('RSA_2048')`. | ||
| */ | ||
| export class KeyAlgorithm { |
There was a problem hiding this comment.
Personally I feel like that's the right thing to do for now too. Having the ability to create additional values probably makes up for any edge cases that could come up.
PrivateCertificate and Certificate
|
Appreciate the feedbacks!! I've added all your PR suggestions |
laurelmay
left a comment
There was a problem hiding this comment.
Thanks @longtv2222! This looks good to me! This will be a super helpful feature!
PrivateCertificate and CertificatePrivateCertificate and Certificate
kaizencc
left a comment
There was a problem hiding this comment.
Thanks @longtv2222 and @kylelaker!
|
Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork). |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
|
Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork). |
Add support for key algorithm when requesting a certificate
keyAlgorithmsupport forDnsValidatedCertificateis not supported since the construct was deprecated. Added a warning if user tries to usekeyAlgorithmfor the construct instead.CloudFormation docs for key algorithm.
Closes #22887.
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license