Skip to content

Commit

Permalink
feat(aws-certificatemanager): Add ability to specify the certificate …
Browse files Browse the repository at this point in the history
…name (aws#22301)

----
Like other AWS resources (VPC, TargetGroups,etc) they do not have an actual physical name but can be assigned an AWS designated tag which will be displayed in the web console. This is useful when you have many certificates to determine what is what.

I largely followed the pattern set about in other CDK constructs, for example in `vpc.ts` I also followed the convention set elsewhere name tag is used by defaulting the value too `this.node.path`

I believe this is also an important first step towards any implementation of aws#10792

I tried added integration tests, however due to the requirement of needing to validate the certificate I don't think this is possible. Currently there are no other integration tests for this module.

I have attached a screenshot of the failed integ-test (validation required) which shows the name tag in action

![CustomCertificate](https://user-images.githubusercontent.com/10041761/193207874-871d55e6-9a8e-4e8a-aa77-ae718e4bc1d4.png)



### All Submissions:

* [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md)

### Adding new Unconventional Dependencies:

* [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies)

### New Features

* [x] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)?
	* [x] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)?

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
  • Loading branch information
jmortlock authored and madeline-k committed Oct 10, 2022
1 parent 8ba453f commit 6c36d44
Show file tree
Hide file tree
Showing 14 changed files with 471 additions and 4 deletions.
1 change: 1 addition & 0 deletions packages/@aws-cdk/aws-certificatemanager/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,7 @@ const myHostedZone = new route53.HostedZone(this, 'HostedZone', {
});
new acm.Certificate(this, 'Certificate', {
domainName: 'hello.example.com',
certificateName: 'Hello World Service', // Optionally provide an certificate name
validation: acm.CertificateValidation.fromDns(myHostedZone),
});
```
Expand Down
18 changes: 17 additions & 1 deletion packages/@aws-cdk/aws-certificatemanager/lib/certificate.ts
Original file line number Diff line number Diff line change
@@ -1,11 +1,16 @@
import * as cloudwatch from '@aws-cdk/aws-cloudwatch';
import * as route53 from '@aws-cdk/aws-route53';
import { IResource, Token } from '@aws-cdk/core';
import { IResource, Token, Tags } from '@aws-cdk/core';
import { Construct } from 'constructs';
import { CertificateBase } from './certificate-base';
import { CfnCertificate } from './certificatemanager.generated';
import { apexDomain } from './util';

/**
* Name tag constant
*/
const NAME_TAG: string = 'Name';

/**
* Represents a certificate in AWS Certificate Manager
*/
Expand Down Expand Up @@ -87,6 +92,15 @@ export interface CertificateProps {
* @default true
*/
readonly transparencyLoggingEnabled?: boolean;

/**
* The Certifcate name.
*
* Since the Certifcate resource doesn't support providing a physical name, the value provided here will be recorded in the `Name` tag
*
* @default the full, absolute path of this construct
*/
readonly certificateName?: string
}

/**
Expand Down Expand Up @@ -247,6 +261,8 @@ export class Certificate extends CertificateBase implements ICertificate {
certificateTransparencyLoggingPreference,
});

Tags.of(cert).add(NAME_TAG, props.certificateName || this.node.path.slice(0, 255));

this.certificateArn = cert.ref;
}
}
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
{"version":"21.0.0"}
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
{
"version": "21.0.0",
"files": {
"2a0623ea167c5460a3ab6cf2c46f624fc293fa4185139c368333e1570962f13a": {
"source": {
"path": "integ-certificate-name.template.json",
"packaging": "file"
},
"destinations": {
"current_account-current_region": {
"bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}",
"objectKey": "2a0623ea167c5460a3ab6cf2c46f624fc293fa4185139c368333e1570962f13a.json",
"assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}"
}
}
}
},
"dockerImages": {}
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,57 @@
{
"Resources": {
"Certificate4E7ABB08": {
"Type": "AWS::CertificateManager::Certificate",
"Properties": {
"DomainName": "*.example.com",
"DomainValidationOptions": [
{
"DomainName": "*.example.com",
"HostedZoneId": "Z23ABC4XYZL05B"
}
],
"Tags": [
{
"Key": "Name",
"Value": "This is a test name"
}
],
"ValidationMethod": "DNS"
}
}
},
"Parameters": {
"BootstrapVersion": {
"Type": "AWS::SSM::Parameter::Value<String>",
"Default": "/cdk-bootstrap/hnb659fds/version",
"Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]"
}
},
"Rules": {
"CheckBootstrapVersion": {
"Assertions": [
{
"Assert": {
"Fn::Not": [
{
"Fn::Contains": [
[
"1",
"2",
"3",
"4",
"5"
],
{
"Ref": "BootstrapVersion"
}
]
}
]
},
"AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI."
}
]
}
}
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
{
"version": "21.0.0",
"testCases": {
"integ-test/DefaultTest": {
"stacks": [
"integ-certificate-name"
],
"diffAssets": true,
"assertionStack": "integ-test/DefaultTest/DeployAssert",
"assertionStackName": "integtestDefaultTestDeployAssert24D5C536"
}
}
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
{
"version": "21.0.0",
"files": {
"21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": {
"source": {
"path": "integtestDefaultTestDeployAssert24D5C536.template.json",
"packaging": "file"
},
"destinations": {
"current_account-current_region": {
"bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}",
"objectKey": "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json",
"assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}"
}
}
}
},
"dockerImages": {}
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
{
"Parameters": {
"BootstrapVersion": {
"Type": "AWS::SSM::Parameter::Value<String>",
"Default": "/cdk-bootstrap/hnb659fds/version",
"Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]"
}
},
"Rules": {
"CheckBootstrapVersion": {
"Assertions": [
{
"Assert": {
"Fn::Not": [
{
"Fn::Contains": [
[
"1",
"2",
"3",
"4",
"5"
],
{
"Ref": "BootstrapVersion"
}
]
}
]
},
"AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI."
}
]
}
}
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,111 @@
{
"version": "21.0.0",
"artifacts": {
"Tree": {
"type": "cdk:tree",
"properties": {
"file": "tree.json"
}
},
"integ-certificate-name.assets": {
"type": "cdk:asset-manifest",
"properties": {
"file": "integ-certificate-name.assets.json",
"requiresBootstrapStackVersion": 6,
"bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version"
}
},
"integ-certificate-name": {
"type": "aws:cloudformation:stack",
"environment": "aws://unknown-account/unknown-region",
"properties": {
"templateFile": "integ-certificate-name.template.json",
"validateOnSynth": false,
"assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}",
"cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}",
"stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/2a0623ea167c5460a3ab6cf2c46f624fc293fa4185139c368333e1570962f13a.json",
"requiresBootstrapStackVersion": 6,
"bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version",
"additionalDependencies": [
"integ-certificate-name.assets"
],
"lookupRole": {
"arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}",
"requiresBootstrapStackVersion": 8,
"bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version"
}
},
"dependencies": [
"integ-certificate-name.assets"
],
"metadata": {
"/integ-certificate-name/Certificate/Resource": [
{
"type": "aws:cdk:logicalId",
"data": "Certificate4E7ABB08"
}
],
"/integ-certificate-name/BootstrapVersion": [
{
"type": "aws:cdk:logicalId",
"data": "BootstrapVersion"
}
],
"/integ-certificate-name/CheckBootstrapVersion": [
{
"type": "aws:cdk:logicalId",
"data": "CheckBootstrapVersion"
}
]
},
"displayName": "integ-certificate-name"
},
"integtestDefaultTestDeployAssert24D5C536.assets": {
"type": "cdk:asset-manifest",
"properties": {
"file": "integtestDefaultTestDeployAssert24D5C536.assets.json",
"requiresBootstrapStackVersion": 6,
"bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version"
}
},
"integtestDefaultTestDeployAssert24D5C536": {
"type": "aws:cloudformation:stack",
"environment": "aws://unknown-account/unknown-region",
"properties": {
"templateFile": "integtestDefaultTestDeployAssert24D5C536.template.json",
"validateOnSynth": false,
"assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}",
"cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}",
"stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json",
"requiresBootstrapStackVersion": 6,
"bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version",
"additionalDependencies": [
"integtestDefaultTestDeployAssert24D5C536.assets"
],
"lookupRole": {
"arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}",
"requiresBootstrapStackVersion": 8,
"bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version"
}
},
"dependencies": [
"integtestDefaultTestDeployAssert24D5C536.assets"
],
"metadata": {
"/integ-test/DefaultTest/DeployAssert/BootstrapVersion": [
{
"type": "aws:cdk:logicalId",
"data": "BootstrapVersion"
}
],
"/integ-test/DefaultTest/DeployAssert/CheckBootstrapVersion": [
{
"type": "aws:cdk:logicalId",
"data": "CheckBootstrapVersion"
}
]
},
"displayName": "integ-test/DefaultTest/DeployAssert"
}
}
}
Loading

0 comments on commit 6c36d44

Please sign in to comment.