DEFAULT_DUMMY_KEY_ID

defaultDummyKeyId Revert "defaultDummyKeyId" This reverts commit e297b40. add readonly
aws · Oct 14, 2024 · 9e8a164 · 9e8a164
1 parent e37c31d
commit 9e8a164
Show file tree

Hide file tree

Showing 4 changed files with 16 additions and 5 deletions.
diff --git a/packages/aws-cdk-lib/aws-kms/README.md b/packages/aws-cdk-lib/aws-kms/README.md
@@ -126,15 +126,16 @@ will be a no-op.
 If the target key is not found in your account, an error will be thrown.
 To prevent the error in the case, you can receive a dummy key without the error
 by setting `returnDummyKeyOnMissing` to `true`. The dummy key has a `keyId` of
-`1234abcd-12ab-34cd-56ef-1234567890ab`.
+`1234abcd-12ab-34cd-56ef-1234567890ab`. The value of the dummy key id can also be
+referenced using the `Key.DEFAULT_DUMMY_KEY_ID` variable.
 
 ```ts
 const dummy = kms.Key.fromLookup(this, 'MyKeyLookup', {
   aliasName: 'alias/NonExistentAlias',
   returnDummyKeyOnMissing: true,
 });
 
-if (dummy.keyId === '1234abcd-12ab-34cd-56ef-1234567890ab') {
+if (dummy.keyId === kms.Key.DEFAULT_DUMMY_KEY_ID) { // '1234abcd-12ab-34cd-56ef-1234567890ab'
   // alternative process
 }
 ```

diff --git a/packages/aws-cdk-lib/aws-kms/lib/key-lookup.ts b/packages/aws-cdk-lib/aws-kms/lib/key-lookup.ts
@@ -14,7 +14,8 @@ export interface KeyLookupOptions {
    *
    * If it is set to `true` and the key was not found, a dummy
    * key with a key id '1234abcd-12ab-34cd-56ef-1234567890ab'
-   * will be returned.
+   * will be returned. The value of the dummy key id can also
+   * be referenced using the `Key.DEFAULT_DUMMY_KEY_ID` variable.
    *
    * @default false
    */

diff --git a/packages/aws-cdk-lib/aws-kms/lib/key.ts b/packages/aws-cdk-lib/aws-kms/lib/key.ts
@@ -554,6 +554,13 @@ export interface KeyProps {
  * @resource AWS::KMS::Key
  */
 export class Key extends KeyBase {
+  /**
+   * The default key id of the dummy key.
+   *
+   * This value is used as a dummy key id if the key was not found by the `fromLookup` method.
+   */
+  public static readonly DEFAULT_DUMMY_KEY_ID = '1234abcd-12ab-34cd-56ef-1234567890ab';
+
   /**
    * Import an externally defined KMS Key using its ARN.
    *
@@ -653,6 +660,8 @@ export class Key extends KeyBase {
    *
    * If you set `returnDummyKeyOnMissing` to `true` in `options` and the key was not found,
    * this method will return a dummy key with a key id '1234abcd-12ab-34cd-56ef-1234567890ab'.
+   * The value of the dummy key id can also be referenced using the `Key.DEFAULT_DUMMY_KEY_ID`
+   * variable.
    *
    * The Key information will be cached in `cdk.context.json` and the same Key
    * will be used on future runs. To refresh the lookup, you will have to
@@ -686,7 +695,7 @@ export class Key extends KeyBase {
         aliasName: options.aliasName,
       } as cxschema.KeyContextQuery,
       dummyValue: {
-        keyId: '1234abcd-12ab-34cd-56ef-1234567890ab',
+        keyId: Key.DEFAULT_DUMMY_KEY_ID,
       },
       ignoreErrorOnMissingContext: options.returnDummyKeyOnMissing,
     }).value;

diff --git a/packages/aws-cdk-lib/aws-kms/test/key.from-lookup.test.ts b/packages/aws-cdk-lib/aws-kms/test/key.from-lookup.test.ts
@@ -47,7 +47,7 @@ test('return dummy key if returnDummyKeyOnMissing is true', () => {
     returnDummyKeyOnMissing: true,
   });
 
-  expect(key.keyId).toEqual('1234abcd-12ab-34cd-56ef-1234567890ab');
+  expect(key.keyId).toEqual(Key.DEFAULT_DUMMY_KEY_ID);
   expect(app.synth().manifest.missing).toEqual([
     {
       key: 'key-provider:account=123456789012:aliasName=alias/foo:region=us-east-1',