Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(kms): allow multiple addAlias calls on single key #3596

Merged
merged 4 commits into from
Aug 9, 2019
Merged

fix(kms): allow multiple addAlias calls on single key #3596

merged 4 commits into from
Aug 9, 2019

Conversation

nmussy
Copy link
Contributor

@nmussy nmussy commented Aug 9, 2019
edited by rix0rrr

We append alias name to logical ID to prevent collisions.

Also allow omitting the required "alias/" prefix when adding an alias, it will be added automatically when necessary, and adding an initial alias through the construction props of Key.

Fixes #3594

Please read the contribution guidelines and follow the pull-request checklist.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

nmussy
nmussy commented Aug 9, 2019
View reviewed changes
packages/@aws-cdk/aws-kms/lib/key.ts
@@ -68,7 +68,7 @@ abstract class KeyBase extends Resource implements IKey {
* Defines a new alias for the key.
*/
public addAlias(alias: string): Alias {
return new Alias(this, 'Alias', { aliasName: alias, targetKey: this });
return new Alias(this, `Alias${alias}`, { aliasName: alias, targetKey: this });
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not a particularly clean solution.
Maybe adding an aliasCounter property to the Key and appending it instead of the name would be more preferable?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is good, because it's stable. Using counters will lead to problems if people change the order of a list of aliases, since all of their logical ids would change.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good point.

Could there be issues with valid aliasName values that would result in an invalid logical ID? I should probably slug the name if we're keeping it

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Don't worry about it, that happens automatically.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Alright 👍

And thanks for the fixes!

packages/@aws-cdk/aws-kms/test/test.key.ts Outdated
@@ -311,7 +311,7 @@ export = {
DeletionPolicy: "Retain",
UpdateReplacePolicy: "Retain",
},
MyKeyAlias1B45D9DA: {
MyKeyAliasaliasxoo1B45D9DA: {
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Testing it locally, the logical ID suffix kept changing, e.g. MyKeyAliasaliasxoo9464EB1C.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@rix0rrr Out of curiosity, what was causing my IDs to be unstable?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Honestly, I have no idea. I just changed them to the expectations. Might it have been copy/pasting between tests? I see some of them had similar but slightly different construct IDs.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I ran the tests again on my original commit, and yeah they're stable. I must have misread the test output. Sorry about that!

@rix0rrr rix0rrr self-assigned this Aug 9, 2019
@rix0rrr rix0rrr changed the title fix(kms): allow multiple addAlias calls on single key fix(kms): allow multiple addAlias calls on single key Aug 9, 2019
@mergify mergify bot merged commit 54f8ea9 into aws:master Aug 9, 2019
@nmussy nmussy deleted the 3594 branch August 9, 2019 18:35
@nmussy
Copy link
Contributor Author

nmussy commented Aug 9, 2019

Thanks again @rix0rrr ❤️

@Visorgood
Copy link

Hello @nmussy ! I have updated my project to CDK 1.4.0, and now my KMS aliases are failing. Basically, it shows now that aliases have to be destroyed and recreated with different logical names, but when I try to deploy, it fails saying that alias already exists.
Actually, as far as I can see, diff command shows that the alias should be destroyed and recreated with a new logical name, but then when doing deploy, there is no step that deletes the previous alias, there is immediately an attempt to create it again. Maybe it cannot anymore identify the old alias because it looks up by the logical id that is now different? Any idea how to resolve it?

@nmussy
Copy link
Contributor Author

nmussy commented Aug 14, 2019

Hey @Visorgood. Thanks for letting us know, I was able to reproduce it. I'm opening a separate issue.

Sorry for the inconvenience!

This was referenced Aug 14, 2019
Closed
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rix0rrr rix0rrr rix0rrr approved these changes

Assignees

@rix0rrr rix0rrr

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Cannot add multiple aliases to KMS key
3 participants
@nmussy @Visorgood @rix0rrr