Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(codepipeline): make the default CodePipeline Bucket have an encryption key #2241

Merged
merged 4 commits into from
Apr 24, 2019
Merged

feat(codepipeline): make the default CodePipeline Bucket have an encryption key #2241

merged 4 commits into from
Apr 24, 2019

Conversation

skinny85
Copy link
Contributor

This is a prerequisite for having a nice cross-account experience
(see #1924).

Pull Request Checklist

  • Testing
    • Unit test added (prefer not to modify an existing test, otherwise, it's probably a breaking change)
    • CLI change?: coordinate update of integration tests with team
    • cdk-init template change?: coordinated update of integration tests with team
  • Docs
    • jsdocs: All public APIs documented
    • README: README and/or documentation topic updated
  • Title and Description
    • Change type: title prefixed with fix, feat will appear in changelog
    • Title: use lower-case and doesn't end with a period
    • Breaking?: last paragraph: "BREAKING CHANGE: <describe what changed + link for details>"
    • Issues: Indicate issues fixed via: "Fixes #xxx" or "Closes #xxx"
  • Sensitive Modules (requires 2 PR approvers)
    • IAM Policy Document (in @aws-cdk/aws-iam)
    • EC2 Security Groups and ACLs (in @aws-cdk/aws-ec2)
    • Grant APIs (only if not based on official documentation with a reference)

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license.

@skinny85 skinny85 requested review from RomainMuller and a team as code owners April 10, 2019 23:57
@skinny85 skinny85 mentioned this pull request Apr 10, 2019
Merged
4 tasks
eladb
eladb suggested changes Apr 11, 2019
View reviewed changes
packages/@aws-cdk/aws-codepipeline/lib/pipeline.ts
@@ -159,7 +160,10 @@ export class Pipeline extends cdk.Construct implements IPipeline {
// If a bucket has been provided, use it - otherwise, create a bucket.
let propsBucket = props.artifactBucket;
if (!propsBucket) {
const encryptionKey = new kms.EncryptionKey(this, 'ArtifactsBucketEncryptionKey');
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Feels like something we should allow users to opt out from and also supply their own key.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We already allow it - the customer can supply their own artifactBucket in props (notice that we check if (!propsBucket), and don't do any defaulting in that case).

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

My comment was about the key, not about the bucket, but I guess you are right. If they want to customize the key, they can just pass in a custom bucket. Make sure to mention in the artifactBucket props that the bucket is encrypted.

@skinny85 skinny85 force-pushed the feature/pipeline-default-bucket-add-kms branch from f8f90b7 to b69e4e1 Compare April 11, 2019 18:54
@skinny85
Copy link
Contributor Author

Updated the decdk snapshot.

@RomainMuller RomainMuller merged commit ef9bba5 into aws:master Apr 24, 2019
piradeepk pushed a commit to piradeepk/aws-cdk that referenced this pull request Apr 25, 2019
@skinny85 @piradeepk
feat(codepipeline): make the default CodePipeline Bucket have an encr…
e225534 
…yption key (aws#2241)

This is a prerequisite for having a nice cross-account experience
(see aws#1924).
SanderKnape pushed a commit to SanderKnape/aws-cdk that referenced this pull request May 14, 2019
@skinny85 @SanderKnape
feat(codepipeline): make the default CodePipeline Bucket have an encr…
274bf2b 
…yption key (aws#2241)

This is a prerequisite for having a nice cross-account experience
(see aws#1924).
@skinny85 skinny85 deleted the feature/pipeline-default-bucket-add-kms branch September 10, 2019 16:40
@NGL321 NGL321 added the contribution/core This is a PR that came from AWS. label Sep 27, 2019
This was referenced Dec 12, 2019
Closed
Open
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@eladb eladb eladb approved these changes

@RomainMuller RomainMuller Awaiting requested review from RomainMuller

Assignees
No one assigned
Labels
contribution/core This is a PR that came from AWS.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@skinny85 @eladb @RomainMuller @NGL321