diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-signer/integ.signing-profile.js.snapshot/aws-cdk-signer-signing-profile.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-signer/integ.signing-profile.js.snapshot/aws-cdk-signer-signing-profile.assets.json new file mode 100644 index 0000000000000..2adbb529701d8 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-signer/integ.signing-profile.js.snapshot/aws-cdk-signer-signing-profile.assets.json @@ -0,0 +1,19 @@ +{ + "version": "34.0.0", + "files": { + "bb5554b18d5450c7ca1e64100800a89c7f35242a1286267155fa2f0bae8ae2de": { + "source": { + "path": "aws-cdk-signer-signing-profile.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "bb5554b18d5450c7ca1e64100800a89c7f35242a1286267155fa2f0bae8ae2de.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-signer/integ.signing-profile.js.snapshot/aws-cdk-signer-signing-profile.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-signer/integ.signing-profile.js.snapshot/aws-cdk-signer-signing-profile.template.json new file mode 100644 index 0000000000000..983f40aa39404 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-signer/integ.signing-profile.js.snapshot/aws-cdk-signer-signing-profile.template.json @@ -0,0 +1,58 @@ +{ + "Resources": { + "SigningProfileLambda4B150CCB": { + "Type": "AWS::Signer::SigningProfile", + "Properties": { + "PlatformId": "AWSLambda-SHA384-ECDSA", + "SignatureValidityPeriod": { + "Type": "MONTHS", + "Value": 135 + } + } + }, + "SigningProfileOCI1EA741C3": { + "Type": "AWS::Signer::SigningProfile", + "Properties": { + "PlatformId": "Notation-OCI-SHA384-ECDSA", + "SignatureValidityPeriod": { + "Type": "DAYS", + "Value": 60 + } + } + } + }, + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-signer/integ.signing-profile.js.snapshot/cdk.out b/packages/@aws-cdk-testing/framework-integ/test/aws-signer/integ.signing-profile.js.snapshot/cdk.out new file mode 100644 index 0000000000000..2313ab5436501 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-signer/integ.signing-profile.js.snapshot/cdk.out @@ -0,0 +1 @@ +{"version":"34.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-signer/integ.signing-profile.js.snapshot/cdkintegsignersigningprofileDefaultTestDeployAssertE50BA0E5.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-signer/integ.signing-profile.js.snapshot/cdkintegsignersigningprofileDefaultTestDeployAssertE50BA0E5.assets.json new file mode 100644 index 0000000000000..cb7757bedf497 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-signer/integ.signing-profile.js.snapshot/cdkintegsignersigningprofileDefaultTestDeployAssertE50BA0E5.assets.json @@ -0,0 +1,19 @@ +{ + "version": "34.0.0", + "files": { + "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { + "source": { + "path": "cdkintegsignersigningprofileDefaultTestDeployAssertE50BA0E5.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-signer/integ.signing-profile.js.snapshot/cdkintegsignersigningprofileDefaultTestDeployAssertE50BA0E5.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-signer/integ.signing-profile.js.snapshot/cdkintegsignersigningprofileDefaultTestDeployAssertE50BA0E5.template.json new file mode 100644 index 0000000000000..ad9d0fb73d1dd --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-signer/integ.signing-profile.js.snapshot/cdkintegsignersigningprofileDefaultTestDeployAssertE50BA0E5.template.json @@ -0,0 +1,36 @@ +{ + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-signer/integ.signing-profile.js.snapshot/integ.json b/packages/@aws-cdk-testing/framework-integ/test/aws-signer/integ.signing-profile.js.snapshot/integ.json new file mode 100644 index 0000000000000..3711c89c20dca --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-signer/integ.signing-profile.js.snapshot/integ.json @@ -0,0 +1,12 @@ +{ + "version": "34.0.0", + "testCases": { + "cdk-integ-signer-signing-profile/DefaultTest": { + "stacks": [ + "aws-cdk-signer-signing-profile" + ], + "assertionStack": "cdk-integ-signer-signing-profile/DefaultTest/DeployAssert", + "assertionStackName": "cdkintegsignersigningprofileDefaultTestDeployAssertE50BA0E5" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-signer/integ.signing-profile.js.snapshot/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/aws-signer/integ.signing-profile.js.snapshot/manifest.json new file mode 100644 index 0000000000000..530d693df32cd --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-signer/integ.signing-profile.js.snapshot/manifest.json @@ -0,0 +1,119 @@ +{ + "version": "34.0.0", + "artifacts": { + "aws-cdk-signer-signing-profile.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "aws-cdk-signer-signing-profile.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "aws-cdk-signer-signing-profile": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "aws-cdk-signer-signing-profile.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/bb5554b18d5450c7ca1e64100800a89c7f35242a1286267155fa2f0bae8ae2de.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "aws-cdk-signer-signing-profile.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "aws-cdk-signer-signing-profile.assets" + ], + "metadata": { + "/aws-cdk-signer-signing-profile/SigningProfileLambda/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "SigningProfileLambda4B150CCB" + } + ], + "/aws-cdk-signer-signing-profile/SigningProfileOCI/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "SigningProfileOCI1EA741C3" + } + ], + "/aws-cdk-signer-signing-profile/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/aws-cdk-signer-signing-profile/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "aws-cdk-signer-signing-profile" + }, + "cdkintegsignersigningprofileDefaultTestDeployAssertE50BA0E5.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "cdkintegsignersigningprofileDefaultTestDeployAssertE50BA0E5.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "cdkintegsignersigningprofileDefaultTestDeployAssertE50BA0E5": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "cdkintegsignersigningprofileDefaultTestDeployAssertE50BA0E5.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "cdkintegsignersigningprofileDefaultTestDeployAssertE50BA0E5.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "cdkintegsignersigningprofileDefaultTestDeployAssertE50BA0E5.assets" + ], + "metadata": { + "/cdk-integ-signer-signing-profile/DefaultTest/DeployAssert/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/cdk-integ-signer-signing-profile/DefaultTest/DeployAssert/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "cdk-integ-signer-signing-profile/DefaultTest/DeployAssert" + }, + "Tree": { + "type": "cdk:tree", + "properties": { + "file": "tree.json" + } + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-signer/integ.signing-profile.js.snapshot/tree.json b/packages/@aws-cdk-testing/framework-integ/test/aws-signer/integ.signing-profile.js.snapshot/tree.json new file mode 100644 index 0000000000000..4ebcd4249d0d4 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-signer/integ.signing-profile.js.snapshot/tree.json @@ -0,0 +1,157 @@ +{ + "version": "tree-0.1", + "tree": { + "id": "App", + "path": "", + "children": { + "aws-cdk-signer-signing-profile": { + "id": "aws-cdk-signer-signing-profile", + "path": "aws-cdk-signer-signing-profile", + "children": { + "SigningProfileLambda": { + "id": "SigningProfileLambda", + "path": "aws-cdk-signer-signing-profile/SigningProfileLambda", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-signer-signing-profile/SigningProfileLambda/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Signer::SigningProfile", + "aws:cdk:cloudformation:props": { + "platformId": "AWSLambda-SHA384-ECDSA", + "signatureValidityPeriod": { + "type": "MONTHS", + "value": 135 + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_signer.CfnSigningProfile", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_signer.SigningProfile", + "version": "0.0.0" + } + }, + "SigningProfileOCI": { + "id": "SigningProfileOCI", + "path": "aws-cdk-signer-signing-profile/SigningProfileOCI", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-signer-signing-profile/SigningProfileOCI/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Signer::SigningProfile", + "aws:cdk:cloudformation:props": { + "platformId": "Notation-OCI-SHA384-ECDSA", + "signatureValidityPeriod": { + "type": "DAYS", + "value": 60 + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_signer.CfnSigningProfile", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_signer.SigningProfile", + "version": "0.0.0" + } + }, + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "aws-cdk-signer-signing-profile/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "aws-cdk-signer-signing-profile/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + }, + "cdk-integ-signer-signing-profile": { + "id": "cdk-integ-signer-signing-profile", + "path": "cdk-integ-signer-signing-profile", + "children": { + "DefaultTest": { + "id": "DefaultTest", + "path": "cdk-integ-signer-signing-profile/DefaultTest", + "children": { + "Default": { + "id": "Default", + "path": "cdk-integ-signer-signing-profile/DefaultTest/Default", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "DeployAssert": { + "id": "DeployAssert", + "path": "cdk-integ-signer-signing-profile/DefaultTest/DeployAssert", + "children": { + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "cdk-integ-signer-signing-profile/DefaultTest/DeployAssert/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "cdk-integ-signer-signing-profile/DefaultTest/DeployAssert/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTestCase", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTest", + "version": "0.0.0" + } + }, + "Tree": { + "id": "Tree", + "path": "Tree", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.App", + "version": "0.0.0" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-signer/integ.signing-profile.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-signer/integ.signing-profile.ts new file mode 100644 index 0000000000000..fbbd536cd3eba --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-signer/integ.signing-profile.ts @@ -0,0 +1,21 @@ +#!/usr/bin/env node +import * as cdk from 'aws-cdk-lib'; +import { IntegTest } from '@aws-cdk/integ-tests-alpha'; +import * as signer from 'aws-cdk-lib/aws-signer'; + +const app = new cdk.App(); + +const stack = new cdk.Stack(app, 'aws-cdk-signer-signing-profile'); + +new signer.SigningProfile(stack, 'SigningProfileLambda', { + platform: signer.Platform.AWS_LAMBDA_SHA384_ECDSA, +}); + +new signer.SigningProfile(stack, 'SigningProfileOCI', { + platform: signer.Platform.NOTATION_OCI_SHA384_ECDSA, + signatureValidity: cdk.Duration.days(60), +}); + +new IntegTest(app, 'cdk-integ-signer-signing-profile', { + testCases: [stack], +}); diff --git a/packages/aws-cdk-lib/aws-signer/lib/signing-profile.ts b/packages/aws-cdk-lib/aws-signer/lib/signing-profile.ts index 8637f242f5a36..d562dfa566393 100644 --- a/packages/aws-cdk-lib/aws-signer/lib/signing-profile.ts +++ b/packages/aws-cdk-lib/aws-signer/lib/signing-profile.ts @@ -10,32 +10,47 @@ export class Platform { /** * Specification of signature format and signing algorithms for AWS IoT Device. */ - public static readonly AWS_IOT_DEVICE_MANAGEMENT_SHA256_ECDSA = new Platform('AWSIoTDeviceManagement-SHA256-ECDSA'); + public static readonly AWS_IOT_DEVICE_MANAGEMENT_SHA256_ECDSA = Platform.of('AWSIoTDeviceManagement-SHA256-ECDSA'); /** * Specification of signature format and signing algorithms for AWS Lambda. */ - public static readonly AWS_LAMBDA_SHA384_ECDSA = new Platform('AWSLambda-SHA384-ECDSA'); + public static readonly AWS_LAMBDA_SHA384_ECDSA = Platform.of('AWSLambda-SHA384-ECDSA'); /** * Specification of signature format and signing algorithms with * SHA1 hash and RSA encryption for Amazon FreeRTOS. */ - public static readonly AMAZON_FREE_RTOS_TI_CC3220SF = new Platform('AmazonFreeRTOS-TI-CC3220SF'); + public static readonly AMAZON_FREE_RTOS_TI_CC3220SF = Platform.of('AmazonFreeRTOS-TI-CC3220SF'); /** * Specification of signature format and signing algorithms with * SHA256 hash and ECDSA encryption for Amazon FreeRTOS. */ - public static readonly AMAZON_FREE_RTOS_DEFAULT = new Platform('AmazonFreeRTOS-Default'); + public static readonly AMAZON_FREE_RTOS_DEFAULT = Platform.of('AmazonFreeRTOS-Default'); /** - * The id of signing platform. + * Specification of signature format and signing algorithms with + * SHA256 hash and ECDSA encryption for container registries with notation. + */ + public static readonly NOTATION_OCI_SHA384_ECDSA = Platform.of('Notation-OCI-SHA384-ECDSA'); + + /** + * Custom signing profile platform. + * * @see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-signer-signingprofile.html#cfn-signer-signingprofile-platformid + * + * @param platformId - The id of signing platform. */ - public readonly platformId: string; + public static of(platformId: string): Platform { + return new Platform(platformId); + } - private constructor(platformId: string) { + /** + * + * @param platformId - The id of signing platform. + */ + private constructor(public readonly platformId: string) { this.platformId = platformId; } } diff --git a/packages/aws-cdk-lib/aws-signer/test/signing-profile.test.ts b/packages/aws-cdk-lib/aws-signer/test/signing-profile.test.ts index 49075529598fb..e415832424f31 100644 --- a/packages/aws-cdk-lib/aws-signer/test/signing-profile.test.ts +++ b/packages/aws-cdk-lib/aws-signer/test/signing-profile.test.ts @@ -4,15 +4,16 @@ import * as signer from '../lib'; let app: cdk.App; let stack: cdk.Stack; -beforeEach( () => { - app = new cdk.App( {} ); - stack = new cdk.Stack( app ); -} ); + +beforeEach(() => { + app = new cdk.App({}); + stack = new cdk.Stack(app); +}); describe('signing profile', () => { - test( 'default', () => { + test('default', () => { const platform = signer.Platform.AWS_LAMBDA_SHA384_ECDSA; - new signer.SigningProfile( stack, 'SigningProfile', { platform } ); + new signer.SigningProfile(stack, 'SigningProfile', { platform }); Template.fromStack(stack).hasResourceProperties('AWS::Signer::SigningProfile', { PlatformId: platform.platformId, @@ -23,12 +24,12 @@ describe('signing profile', () => { }); }); - test( 'default with signature validity period', () => { + test('default with signature validity period', () => { const platform = signer.Platform.AWS_LAMBDA_SHA384_ECDSA; - new signer.SigningProfile( stack, 'SigningProfile', { + new signer.SigningProfile(stack, 'SigningProfile', { platform, - signatureValidity: cdk.Duration.days( 7 ), - } ); + signatureValidity: cdk.Duration.days(7), + }); Template.fromStack(stack).hasResourceProperties('AWS::Signer::SigningProfile', { PlatformId: platform.platformId, @@ -39,9 +40,9 @@ describe('signing profile', () => { }); }); - test( 'default with some tags', () => { + test('default with some tags', () => { const platform = signer.Platform.AWS_LAMBDA_SHA384_ECDSA; - const signing = new signer.SigningProfile( stack, 'SigningProfile', { platform } ); + const signing = new signer.SigningProfile(stack, 'SigningProfile', { platform }); cdk.Tags.of(signing).add('tag1', 'value1'); cdk.Tags.of(signing).add('tag2', 'value2'); @@ -70,6 +71,19 @@ describe('signing profile', () => { }); }); + test('default container registries with notation platform', () => { + const platform = signer.Platform.NOTATION_OCI_SHA384_ECDSA; + new signer.SigningProfile(stack, 'SigningProfile', { platform }); + + Template.fromStack(stack).hasResourceProperties('AWS::Signer::SigningProfile', { + PlatformId: platform.platformId, + SignatureValidityPeriod: { + Type: 'MONTHS', + Value: 135, + }, + }); + }); + describe('import', () => { test('from signingProfileProfileName and signingProfileProfileVersion', () => { const signingProfileName = 'test'; @@ -111,5 +125,5 @@ describe('signing profile', () => { }); Template.fromStack(stack).templateMatches({}); }); - } ); + }); });