Skip to content

feat(kms): support KEY_AGREEMENT for keyUsage#30993

Merged
mergify[bot] merged 6 commits intoaws:mainfrom
mazyu36:kms-30989
Nov 8, 2024
Merged

feat(kms): support KEY_AGREEMENT for keyUsage#30993
mergify[bot] merged 6 commits intoaws:mainfrom
mazyu36:kms-30989

Conversation

@mazyu36
Copy link
Copy Markdown
Contributor

@mazyu36 mazyu36 commented Jul 31, 2024

Issue # (if applicable)

Closes #30989

Reason for this change

To support KEY_AGREEMENT for KeyUsage.

Description of changes

  • Add KEY_AGREEMENT to KeyUsage enum
  • Add validation rule

Description of how you validated changes

Add unit test and integ test.

Checklist

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

@github-actions github-actions bot added effort/small Small work item – less than a day of effort feature-request A feature should be added or improved. p2 distinguished-contributor [Pilot] contributed 50+ PRs to the CDK labels Jul 31, 2024
@aws-cdk-automation aws-cdk-automation requested a review from a team July 31, 2024 22:54
aws-cdk-automation
aws-cdk-automation previously requested changes Jul 31, 2024
View reviewed changes
Copy link
Copy Markdown
Collaborator

@aws-cdk-automation aws-cdk-automation left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The pull request linter has failed. See the aws-cdk-automation comment below for failure reasons. If you believe this pull request should receive an exemption, please comment and provide a justification.

A comment requesting an exemption should contain the text Exemption Request. Additionally, if clarification is needed add Clarification Request to a comment.

mazyu36
mazyu36 commented Jul 31, 2024
View reviewed changes
packages/aws-cdk-lib/aws-kms/lib/key.ts
KeySpec.SYMMETRIC_DEFAULT,
KeySpec.SM2,
],
[KeyUsage.KEY_AGREEMENT]: [
Copy link
Copy Markdown
Contributor Author

@mazyu36 mazyu36 Jul 31, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I confirmed from the documentation and management console that only the following keySpecs are supported, and added the unsupported ones to the denyList.

  • For asymmetric KMS keys with NIST-recommended elliptic curve key pairs, specify SIGN_VERIFY or KEY_AGREEMENT.
  • For asymmetric KMS keys with SM2 key pairs (China Regions only), specify ENCRYPT_DECRYPT, SIGN_VERIFY, or KEY_AGREEMENT.

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-kms-key.html#cfn-kms-key-keyusage

@mazyu36
Copy link
Copy Markdown
Contributor Author

mazyu36 commented Jul 31, 2024

Exemption Request: I think updating the README is unnecessary, as this only involves adding a value to an enum.

@aws-cdk-automation aws-cdk-automation added pr-linter/exemption-requested The contributor has requested an exemption to the PR Linter feedback. pr/needs-community-review This PR needs a review from a Trusted Community Member or Core Team Member. labels Jul 31, 2024
This was referenced Aug 1, 2024
Closed
Closed
@aws-cdk-automation aws-cdk-automation added pr/needs-maintainer-review This PR needs a review from a Core Team Member and removed pr/needs-community-review This PR needs a review from a Trusted Community Member or Core Team Member. labels Nov 2, 2024
@Leo10Gama Leo10Gama self-assigned this Nov 8, 2024
@Leo10Gama Leo10Gama added pr-linter/exempt-readme The PR linter will not require README changes and removed pr-linter/exemption-requested The contributor has requested an exemption to the PR Linter feedback. labels Nov 8, 2024
@aws-cdk-automation aws-cdk-automation dismissed their stale review November 8, 2024 17:44

✅ Updated pull request passes all PRLinter validations. Dismissing previous PRLinter review.

Leo10Gama
Leo10Gama approved these changes Nov 8, 2024
View reviewed changes
Copy link
Copy Markdown
Contributor

@Leo10Gama Leo10Gama left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks for the contribution!

@Leo10Gama
Copy link
Copy Markdown
Contributor

Leo10Gama commented Nov 8, 2024

@Mergifyio update

@mergify
Copy link
Copy Markdown
Contributor

mergify bot commented Nov 8, 2024

update

✅ Branch has been successfully updated

@mergify
Copy link
Copy Markdown
Contributor

mergify bot commented Nov 8, 2024

Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

@aws-cdk-automation aws-cdk-automation removed the pr/needs-maintainer-review This PR needs a review from a Core Team Member label Nov 8, 2024
@aws-cdk-automation
Copy link
Copy Markdown
Collaborator

aws-cdk-automation commented Nov 8, 2024

AWS CodeBuild CI Report

  • CodeBuild project: AutoBuildv2Project1C6BFA3F-wQm2hXv2jqQv
  • Commit ID: 93ef4d0
  • Result: SUCCEEDED
  • Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

@mergify mergify bot merged commit 2323877 into aws:main Nov 8, 2024
@mergify
Copy link
Copy Markdown
Contributor

mergify bot commented Nov 8, 2024

Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Nov 8, 2024

Comments on closed issues and PRs are hard for our team to see.
If you need help, please open a new issue that references this one.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Nov 8, 2024
@mazyu36 mazyu36 deleted the kms-30989 branch November 8, 2024 22:36
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@aws-cdk-automation aws-cdk-automation aws-cdk-automation left review comments

+2 more reviewers

@Leo10Gama Leo10Gama Leo10Gama approved these changes

@badmintoncryer badmintoncryer badmintoncryer approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@Leo10Gama Leo10Gama

Labels

distinguished-contributor [Pilot] contributed 50+ PRs to the CDK effort/small Small work item – less than a day of effort feature-request A feature should be added or improved. p2 pr-linter/exempt-readme The PR linter will not require README changes

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

kms: Add support for KEY_AGREEMENT to KeyUsage in KMS key

4 participants

@mazyu36 @Leo10Gama @aws-cdk-automation @badmintoncryer