Skip to content

Commit

Permalink
fix: Make sqs.Queue.encryptionMasterKey readonly (#650)
Browse files Browse the repository at this point in the history 
The `sqs.QueueRef` class defines `encryptionMasterKey` as readonly, and consequently,
`sqs.Queue` cannot re-define it as mutable without breaking Liskov substitutability,
which the next release of `jsii` will be enforcing.
  • Loading branch information
@RomainMuller
RomainMuller authored and Elad Ben-Israel committed Sep 2, 2018
1 parent feae63c commit 19b540a
Showing 1 changed file with 47 additions and 38 deletions.
85 changes: 47 additions & 38 deletions packages/@aws-cdk/aws-sqs/lib/queue.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -198,7 +198,7 @@ export class Queue extends QueueRef {
/**
* If this queue is encrypted, this is the KMS key.
*/
public encryptionMasterKey?: kms.EncryptionKeyRef;
public readonly encryptionMasterKey?: kms.EncryptionKeyRef;

protected readonly autoCreatePolicy = true;

Expand All @@ -214,20 +214,65 @@ export class Queue extends QueueRef {
}
: undefined;

const { encryptionMasterKey, encryptionProps } = _determineEncryptionProps.call(this);

const queue = new cloudformation.QueueResource(this, 'Resource', {
queueName: props.queueName,
...this.determineFifoProps(props),
...this.determineEncryptionProps(props),
...encryptionProps,
redrivePolicy,
delaySeconds: props.deliveryDelaySec,
maximumMessageSize: props.maxMessageSizeBytes,
messageRetentionPeriod: props.retentionPeriodSec,
receiveMessageWaitTimeSeconds: props.receiveMessageWaitTimeSec,
visibilityTimeout: props.visibilityTimeoutSec,
});
this.encryptionMasterKey = encryptionMasterKey;
this.queueArn = queue.queueArn;
this.queueName = queue.queueName;
this.queueUrl = queue.ref;

function _determineEncryptionProps(this: Queue): { encryptionProps: EncryptionProps, encryptionMasterKey?: kms.EncryptionKeyRef } {
let encryption = props.encryption || QueueEncryption.Unencrypted;

if (encryption !== QueueEncryption.Kms && props.encryptionMasterKey) {
encryption = QueueEncryption.Kms; // KMS is implied by specifying an encryption key
}

if (encryption === QueueEncryption.Unencrypted) {
return { encryptionProps: {} };
}

if (encryption === QueueEncryption.KmsManaged) {
const masterKey = kms.EncryptionKey.import(this, 'Key', {
keyArn: new kms.KeyArn('alias/aws/sqs')
});

return {
encryptionMasterKey: masterKey,
encryptionProps: {
kmsMasterKeyId: 'alias/aws/sqs',
kmsDataKeyReusePeriodSeconds: props.dataKeyReuseSec
}
};
}

if (encryption === QueueEncryption.Kms) {
const masterKey = props.encryptionMasterKey || new kms.EncryptionKey(this, 'Key', {
description: `Created by ${this.path}`
});

return {
encryptionMasterKey: masterKey,
encryptionProps: {
kmsMasterKeyId: masterKey.keyArn,
kmsDataKeyReusePeriodSeconds: props.dataKeyReuseSec
}
};
}

throw new Error(`Unexpected 'encryptionType': ${encryption}`);
}
}

/**
Expand Down Expand Up @@ -258,42 +303,6 @@ export class Queue extends QueueRef {
fifoQueue,
};
}

private determineEncryptionProps(props: QueueProps): EncryptionProps {
let encryption = props.encryption || QueueEncryption.Unencrypted;

if (encryption !== QueueEncryption.Kms && props.encryptionMasterKey) {
encryption = QueueEncryption.Kms; // KMS is implied by specifying an encryption key
}

if (encryption === QueueEncryption.Unencrypted) {
return {};
}

if (encryption === QueueEncryption.KmsManaged) {
this.encryptionMasterKey = kms.EncryptionKey.import(this, 'Key', {
keyArn: new kms.KeyArn('alias/aws/sqs')
});

return {
kmsMasterKeyId: 'alias/aws/sqs',
kmsDataKeyReusePeriodSeconds: props.dataKeyReuseSec
};
}

if (encryption === QueueEncryption.Kms) {
this.encryptionMasterKey = props.encryptionMasterKey || new kms.EncryptionKey(this, 'Key', {
description: `Created by ${this.path}`
});

return {
kmsMasterKeyId: this.encryptionMasterKey.keyArn,
kmsDataKeyReusePeriodSeconds: props.dataKeyReuseSec
};
}

throw new Error(`Unexpected 'encryptionType': ${encryption}`);
}
}

interface FifoProps {
Expand Down

0 comments on commit 19b540a

Please sign in to comment.