From 221d422be82879442a3e1fb74f750ee19acf8800 Mon Sep 17 00:00:00 2001 From: CoprDistGit Date: Thu, 18 May 2023 03:42:16 +0000 Subject: automatic import of python-cdk-ec2-key-pair --- .gitignore | 1 + python-cdk-ec2-key-pair.spec | 544 +++++++++++++++++++++++++++++++++++++++++++ sources | 1 + 3 files changed, 546 insertions(+) create mode 100644 python-cdk-ec2-key-pair.spec create mode 100644 sources diff --git a/.gitignore b/.gitignore index e69de29..a260f27 100644 --- a/.gitignore +++ b/.gitignore @@ -0,0 +1 @@ +/cdk-ec2-key-pair-3.3.1.tar.gz diff --git a/python-cdk-ec2-key-pair.spec b/python-cdk-ec2-key-pair.spec new file mode 100644 index 0000000..72b9f01 --- /dev/null +++ b/python-cdk-ec2-key-pair.spec @@ -0,0 +1,544 @@ +%global _empty_manifest_terminate_build 0 +Name: python-cdk-ec2-key-pair +Version: 3.3.1 +Release: 1 +Summary: CDK Construct for managing EC2 key pairs +License: Apache-2.0 +URL: https://github.com/udondan/cdk-ec2-key-pair +Source0: https://mirrors.nju.edu.cn/pypi/web/packages/5f/50/613824e91e39527360b77675a045b90cc0a07a6cf323d55672cdff20277a/cdk-ec2-key-pair-3.3.1.tar.gz +BuildArch: noarch + +Requires: python3-aws-cdk-lib +Requires: python3-constructs +Requires: python3-jsii +Requires: python3-publication + +%description +# CDK EC2 Key Pair + +[![Source](https://img.shields.io/badge/Source-GitHub-blue?logo=github)](https://github.com/udondan/cdk-ec2-key-pair) +[![Test](https://github.com/udondan/cdk-ec2-key-pair/workflows/Test/badge.svg)](https://github.com/udondan/cdk-ec2-key-pair/actions?query=workflow%3ATest) +[![GitHub](https://img.shields.io/github/license/udondan/cdk-ec2-key-pair)](https://github.com/udondan/cdk-ec2-key-pair/blob/master/LICENSE) +[![Docs](https://img.shields.io/badge/Construct%20Hub-cdk--ec2--key--pair-orange)](https://constructs.dev/packages/cdk-ec2-key-pair) + +[![npm package](https://img.shields.io/npm/v/cdk-ec2-key-pair?color=brightgreen)](https://www.npmjs.com/package/cdk-ec2-key-pair) +[![PyPI package](https://img.shields.io/pypi/v/cdk-ec2-key-pair?color=brightgreen)](https://pypi.org/project/cdk-ec2-key-pair/) + +![Downloads](https://img.shields.io/badge/-DOWNLOADS:-brightgreen?color=gray) +[![npm](https://img.shields.io/npm/dt/cdk-ec2-key-pair?label=npm&color=blueviolet)](https://www.npmjs.com/package/cdk-ec2-key-pair) +[![PyPI](https://img.shields.io/pypi/dm/cdk-ec2-key-pair?label=pypi&color=blueviolet)](https://pypi.org/project/cdk-ec2-key-pair/) + +[AWS CDK](https://aws.amazon.com/cdk/) L3 construct for managing [EC2 Key Pairs](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html). + +CloudFormation doesn't directly support creation of EC2 Key Pairs. This construct provides an easy interface for creating Key Pairs through a [custom CloudFormation resource](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/template-custom-resources.html). The private key is stored in [AWS Secrets Manager](https://aws.amazon.com/secrets-manager/). + +## Installation + +This package has peer dependencies, which need to be installed along in the expected version. + +For TypeScript/NodeJS, add these to your `dependencies` in `package.json`. For Python, add these to your `requirements.txt`: + +* cdk-ec2-key-pair +* aws-cdk-lib (^2.0.0) +* constructs (^10.0.0) + +## CDK compatibility + +* Version 3.x is compatible with the CDK v2. +* Version 2.x is compatible with the CDK v1. There won't be regular updates for this. + +## Usage + +```python +import cdk = require('aws-cdk-lib'); +import { Construct } from 'constructs'; +import { KeyPair } from 'cdk-ec2-key-pair'; + +// ... + +// Create the Key Pair +const key = new KeyPair(this, 'A-Key-Pair', { + name: 'a-key-pair', + description: 'This is a Key Pair', + storePublicKey: true, // by default the public key will not be stored in Secrets Manager +}); + +// Grant read access to the private key to a role or user +key.grantReadOnPrivateKey(someRole) + +// Grant read access to the public key to another role or user +key.grantReadOnPublicKey(anotherRole) + +// Use Key Pair on an EC2 instance +new ec2.Instance(this, 'An-Instance', { + keyName: key.keyPairName, + // ... +}) +``` + +The private (and optionally the public) key will be stored in AWS Secrets Manager. The secret names by default are prefixed with `ec2-ssh-key/`. The private key is suffixed with `/private`, the public key is suffixed with `/public`. So in this example they will be stored as `ec2-ssh-key/a-key-pair/private` and `ec2-ssh-key/a-key-pair/public`. + +To download the private key via AWS cli you can run: + +```bash +aws secretsmanager get-secret-value \ + --secret-id ec2-ssh-key/a-key-pair/private \ + --query SecretString \ + --output text +``` + +### Tag support + +The construct supports tagging: + +```python +cdk.Tags.of(key).add('someTag', 'some value'); +``` + +We also use tags to restrict update/delete actions to those, the construct created itself. The Lambda function, which backs the custom CFN resource, is not able to manipulate other keys/secrets. The tag we use for identifying these resources is `CreatedByCfnCustomResource` with value `CFN::Resource::Custom::EC2-Key-Pair`. + +### Updates + +Since an EC2 KeyPair cannot be updated, you cannot change any property related to the KeyPair. The code has checks in place which will prevent any attempt to do so. If you try, the stack will end in a failed state. In that case you can safely continue the rollback in the AWS console and ignore the key resource. + +You can, however, change properties that only relate to the secrets. These are the KMS keys used for encryption, the `secretPrefix`, `description` and `removeKeySecretsAfterDays`. + +### Encryption + +Secrets in the AWS Secrets Manager by default are encrypted with the key `alias/aws/secretsmanager`. + +To use a custom KMS key you can pass it to the Key Pair: + +```python +const kmsKey = new kms.Key(this, 'KMS-key'); + +const keyPair = new KeyPair(this, 'A-Key-Pair', { + name: 'a-key-pair', + kms: kmsKey, +}); +``` + +This KMS key needs to be created in the same stack. You cannot use a key imported via ARN, because the keys access policy will need to be modified. + +To use different KMS keys for the private and public key, use the `kmsPrivateKey` and `kmsPublicKey` instead: + +```python +const kmsKeyPrivate = new kms.Key(this, 'KMS-key-private'); +const kmsKeyPublic = new kms.Key(this, 'KMS-key-public'); + +const keyPair = new KeyPair(this, 'A-Key-Pair', { + name: 'a-key-pair', + kmsPrivateKey: kmsKeyPrivate, + kmsPublicKey: kmsKeyPublic +}); +``` + +### Importing public key + +You can create a key pair by importing the public key. Obviously, in this case the private key won't be available in secrets manager. + +The public key has to be in OpenSSH format. + +```python +new KeyPair(this, 'Test-Key-Pair', { + name: 'imported-key-pair', + publicKey: 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCuMmbK...' +}); +``` + +### Using the key pair for CloudFront signed url/cookies + +You can use this library for generating keys for CloudFront signed url/cookies. + +Make sure to set `publicKeyFormat` to `PublicKeyFormat.PEM` as that is the format required for CloudFront. +You also have to set `exposePublicKey` to `true` so you can actually get the public key. + +```python + const key = new KeyPair(this, 'Signing-Key-Pair', { + name: 'CFN-signing-key', + exposePublicKey: true, + storePublicKey: true, + publicKeyFormat: PublicKeyFormat.PEM + }); + + const pubKey = new cloudfront.PublicKey(this, 'Signing-Public-Key', { + encodedKey: key.publicKeyValue, + }); + const trustedKeyGroupForCF = new cloudfront.KeyGroup(this, 'Signing-Key-Group', { + items: [ pubKey ] + }); +``` + + + + +%package -n python3-cdk-ec2-key-pair +Summary: CDK Construct for managing EC2 key pairs +Provides: python-cdk-ec2-key-pair +BuildRequires: python3-devel +BuildRequires: python3-setuptools +BuildRequires: python3-pip +%description -n python3-cdk-ec2-key-pair +# CDK EC2 Key Pair + +[![Source](https://img.shields.io/badge/Source-GitHub-blue?logo=github)](https://github.com/udondan/cdk-ec2-key-pair) +[![Test](https://github.com/udondan/cdk-ec2-key-pair/workflows/Test/badge.svg)](https://github.com/udondan/cdk-ec2-key-pair/actions?query=workflow%3ATest) +[![GitHub](https://img.shields.io/github/license/udondan/cdk-ec2-key-pair)](https://github.com/udondan/cdk-ec2-key-pair/blob/master/LICENSE) +[![Docs](https://img.shields.io/badge/Construct%20Hub-cdk--ec2--key--pair-orange)](https://constructs.dev/packages/cdk-ec2-key-pair) + +[![npm package](https://img.shields.io/npm/v/cdk-ec2-key-pair?color=brightgreen)](https://www.npmjs.com/package/cdk-ec2-key-pair) +[![PyPI package](https://img.shields.io/pypi/v/cdk-ec2-key-pair?color=brightgreen)](https://pypi.org/project/cdk-ec2-key-pair/) + +![Downloads](https://img.shields.io/badge/-DOWNLOADS:-brightgreen?color=gray) +[![npm](https://img.shields.io/npm/dt/cdk-ec2-key-pair?label=npm&color=blueviolet)](https://www.npmjs.com/package/cdk-ec2-key-pair) +[![PyPI](https://img.shields.io/pypi/dm/cdk-ec2-key-pair?label=pypi&color=blueviolet)](https://pypi.org/project/cdk-ec2-key-pair/) + +[AWS CDK](https://aws.amazon.com/cdk/) L3 construct for managing [EC2 Key Pairs](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html). + +CloudFormation doesn't directly support creation of EC2 Key Pairs. This construct provides an easy interface for creating Key Pairs through a [custom CloudFormation resource](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/template-custom-resources.html). The private key is stored in [AWS Secrets Manager](https://aws.amazon.com/secrets-manager/). + +## Installation + +This package has peer dependencies, which need to be installed along in the expected version. + +For TypeScript/NodeJS, add these to your `dependencies` in `package.json`. For Python, add these to your `requirements.txt`: + +* cdk-ec2-key-pair +* aws-cdk-lib (^2.0.0) +* constructs (^10.0.0) + +## CDK compatibility + +* Version 3.x is compatible with the CDK v2. +* Version 2.x is compatible with the CDK v1. There won't be regular updates for this. + +## Usage + +```python +import cdk = require('aws-cdk-lib'); +import { Construct } from 'constructs'; +import { KeyPair } from 'cdk-ec2-key-pair'; + +// ... + +// Create the Key Pair +const key = new KeyPair(this, 'A-Key-Pair', { + name: 'a-key-pair', + description: 'This is a Key Pair', + storePublicKey: true, // by default the public key will not be stored in Secrets Manager +}); + +// Grant read access to the private key to a role or user +key.grantReadOnPrivateKey(someRole) + +// Grant read access to the public key to another role or user +key.grantReadOnPublicKey(anotherRole) + +// Use Key Pair on an EC2 instance +new ec2.Instance(this, 'An-Instance', { + keyName: key.keyPairName, + // ... +}) +``` + +The private (and optionally the public) key will be stored in AWS Secrets Manager. The secret names by default are prefixed with `ec2-ssh-key/`. The private key is suffixed with `/private`, the public key is suffixed with `/public`. So in this example they will be stored as `ec2-ssh-key/a-key-pair/private` and `ec2-ssh-key/a-key-pair/public`. + +To download the private key via AWS cli you can run: + +```bash +aws secretsmanager get-secret-value \ + --secret-id ec2-ssh-key/a-key-pair/private \ + --query SecretString \ + --output text +``` + +### Tag support + +The construct supports tagging: + +```python +cdk.Tags.of(key).add('someTag', 'some value'); +``` + +We also use tags to restrict update/delete actions to those, the construct created itself. The Lambda function, which backs the custom CFN resource, is not able to manipulate other keys/secrets. The tag we use for identifying these resources is `CreatedByCfnCustomResource` with value `CFN::Resource::Custom::EC2-Key-Pair`. + +### Updates + +Since an EC2 KeyPair cannot be updated, you cannot change any property related to the KeyPair. The code has checks in place which will prevent any attempt to do so. If you try, the stack will end in a failed state. In that case you can safely continue the rollback in the AWS console and ignore the key resource. + +You can, however, change properties that only relate to the secrets. These are the KMS keys used for encryption, the `secretPrefix`, `description` and `removeKeySecretsAfterDays`. + +### Encryption + +Secrets in the AWS Secrets Manager by default are encrypted with the key `alias/aws/secretsmanager`. + +To use a custom KMS key you can pass it to the Key Pair: + +```python +const kmsKey = new kms.Key(this, 'KMS-key'); + +const keyPair = new KeyPair(this, 'A-Key-Pair', { + name: 'a-key-pair', + kms: kmsKey, +}); +``` + +This KMS key needs to be created in the same stack. You cannot use a key imported via ARN, because the keys access policy will need to be modified. + +To use different KMS keys for the private and public key, use the `kmsPrivateKey` and `kmsPublicKey` instead: + +```python +const kmsKeyPrivate = new kms.Key(this, 'KMS-key-private'); +const kmsKeyPublic = new kms.Key(this, 'KMS-key-public'); + +const keyPair = new KeyPair(this, 'A-Key-Pair', { + name: 'a-key-pair', + kmsPrivateKey: kmsKeyPrivate, + kmsPublicKey: kmsKeyPublic +}); +``` + +### Importing public key + +You can create a key pair by importing the public key. Obviously, in this case the private key won't be available in secrets manager. + +The public key has to be in OpenSSH format. + +```python +new KeyPair(this, 'Test-Key-Pair', { + name: 'imported-key-pair', + publicKey: 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCuMmbK...' +}); +``` + +### Using the key pair for CloudFront signed url/cookies + +You can use this library for generating keys for CloudFront signed url/cookies. + +Make sure to set `publicKeyFormat` to `PublicKeyFormat.PEM` as that is the format required for CloudFront. +You also have to set `exposePublicKey` to `true` so you can actually get the public key. + +```python + const key = new KeyPair(this, 'Signing-Key-Pair', { + name: 'CFN-signing-key', + exposePublicKey: true, + storePublicKey: true, + publicKeyFormat: PublicKeyFormat.PEM + }); + + const pubKey = new cloudfront.PublicKey(this, 'Signing-Public-Key', { + encodedKey: key.publicKeyValue, + }); + const trustedKeyGroupForCF = new cloudfront.KeyGroup(this, 'Signing-Key-Group', { + items: [ pubKey ] + }); +``` + + + + +%package help +Summary: Development documents and examples for cdk-ec2-key-pair +Provides: python3-cdk-ec2-key-pair-doc +%description help +# CDK EC2 Key Pair + +[![Source](https://img.shields.io/badge/Source-GitHub-blue?logo=github)](https://github.com/udondan/cdk-ec2-key-pair) +[![Test](https://github.com/udondan/cdk-ec2-key-pair/workflows/Test/badge.svg)](https://github.com/udondan/cdk-ec2-key-pair/actions?query=workflow%3ATest) +[![GitHub](https://img.shields.io/github/license/udondan/cdk-ec2-key-pair)](https://github.com/udondan/cdk-ec2-key-pair/blob/master/LICENSE) +[![Docs](https://img.shields.io/badge/Construct%20Hub-cdk--ec2--key--pair-orange)](https://constructs.dev/packages/cdk-ec2-key-pair) + +[![npm package](https://img.shields.io/npm/v/cdk-ec2-key-pair?color=brightgreen)](https://www.npmjs.com/package/cdk-ec2-key-pair) +[![PyPI package](https://img.shields.io/pypi/v/cdk-ec2-key-pair?color=brightgreen)](https://pypi.org/project/cdk-ec2-key-pair/) + +![Downloads](https://img.shields.io/badge/-DOWNLOADS:-brightgreen?color=gray) +[![npm](https://img.shields.io/npm/dt/cdk-ec2-key-pair?label=npm&color=blueviolet)](https://www.npmjs.com/package/cdk-ec2-key-pair) +[![PyPI](https://img.shields.io/pypi/dm/cdk-ec2-key-pair?label=pypi&color=blueviolet)](https://pypi.org/project/cdk-ec2-key-pair/) + +[AWS CDK](https://aws.amazon.com/cdk/) L3 construct for managing [EC2 Key Pairs](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html). + +CloudFormation doesn't directly support creation of EC2 Key Pairs. This construct provides an easy interface for creating Key Pairs through a [custom CloudFormation resource](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/template-custom-resources.html). The private key is stored in [AWS Secrets Manager](https://aws.amazon.com/secrets-manager/). + +## Installation + +This package has peer dependencies, which need to be installed along in the expected version. + +For TypeScript/NodeJS, add these to your `dependencies` in `package.json`. For Python, add these to your `requirements.txt`: + +* cdk-ec2-key-pair +* aws-cdk-lib (^2.0.0) +* constructs (^10.0.0) + +## CDK compatibility + +* Version 3.x is compatible with the CDK v2. +* Version 2.x is compatible with the CDK v1. There won't be regular updates for this. + +## Usage + +```python +import cdk = require('aws-cdk-lib'); +import { Construct } from 'constructs'; +import { KeyPair } from 'cdk-ec2-key-pair'; + +// ... + +// Create the Key Pair +const key = new KeyPair(this, 'A-Key-Pair', { + name: 'a-key-pair', + description: 'This is a Key Pair', + storePublicKey: true, // by default the public key will not be stored in Secrets Manager +}); + +// Grant read access to the private key to a role or user +key.grantReadOnPrivateKey(someRole) + +// Grant read access to the public key to another role or user +key.grantReadOnPublicKey(anotherRole) + +// Use Key Pair on an EC2 instance +new ec2.Instance(this, 'An-Instance', { + keyName: key.keyPairName, + // ... +}) +``` + +The private (and optionally the public) key will be stored in AWS Secrets Manager. The secret names by default are prefixed with `ec2-ssh-key/`. The private key is suffixed with `/private`, the public key is suffixed with `/public`. So in this example they will be stored as `ec2-ssh-key/a-key-pair/private` and `ec2-ssh-key/a-key-pair/public`. + +To download the private key via AWS cli you can run: + +```bash +aws secretsmanager get-secret-value \ + --secret-id ec2-ssh-key/a-key-pair/private \ + --query SecretString \ + --output text +``` + +### Tag support + +The construct supports tagging: + +```python +cdk.Tags.of(key).add('someTag', 'some value'); +``` + +We also use tags to restrict update/delete actions to those, the construct created itself. The Lambda function, which backs the custom CFN resource, is not able to manipulate other keys/secrets. The tag we use for identifying these resources is `CreatedByCfnCustomResource` with value `CFN::Resource::Custom::EC2-Key-Pair`. + +### Updates + +Since an EC2 KeyPair cannot be updated, you cannot change any property related to the KeyPair. The code has checks in place which will prevent any attempt to do so. If you try, the stack will end in a failed state. In that case you can safely continue the rollback in the AWS console and ignore the key resource. + +You can, however, change properties that only relate to the secrets. These are the KMS keys used for encryption, the `secretPrefix`, `description` and `removeKeySecretsAfterDays`. + +### Encryption + +Secrets in the AWS Secrets Manager by default are encrypted with the key `alias/aws/secretsmanager`. + +To use a custom KMS key you can pass it to the Key Pair: + +```python +const kmsKey = new kms.Key(this, 'KMS-key'); + +const keyPair = new KeyPair(this, 'A-Key-Pair', { + name: 'a-key-pair', + kms: kmsKey, +}); +``` + +This KMS key needs to be created in the same stack. You cannot use a key imported via ARN, because the keys access policy will need to be modified. + +To use different KMS keys for the private and public key, use the `kmsPrivateKey` and `kmsPublicKey` instead: + +```python +const kmsKeyPrivate = new kms.Key(this, 'KMS-key-private'); +const kmsKeyPublic = new kms.Key(this, 'KMS-key-public'); + +const keyPair = new KeyPair(this, 'A-Key-Pair', { + name: 'a-key-pair', + kmsPrivateKey: kmsKeyPrivate, + kmsPublicKey: kmsKeyPublic +}); +``` + +### Importing public key + +You can create a key pair by importing the public key. Obviously, in this case the private key won't be available in secrets manager. + +The public key has to be in OpenSSH format. + +```python +new KeyPair(this, 'Test-Key-Pair', { + name: 'imported-key-pair', + publicKey: 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCuMmbK...' +}); +``` + +### Using the key pair for CloudFront signed url/cookies + +You can use this library for generating keys for CloudFront signed url/cookies. + +Make sure to set `publicKeyFormat` to `PublicKeyFormat.PEM` as that is the format required for CloudFront. +You also have to set `exposePublicKey` to `true` so you can actually get the public key. + +```python + const key = new KeyPair(this, 'Signing-Key-Pair', { + name: 'CFN-signing-key', + exposePublicKey: true, + storePublicKey: true, + publicKeyFormat: PublicKeyFormat.PEM + }); + + const pubKey = new cloudfront.PublicKey(this, 'Signing-Public-Key', { + encodedKey: key.publicKeyValue, + }); + const trustedKeyGroupForCF = new cloudfront.KeyGroup(this, 'Signing-Key-Group', { + items: [ pubKey ] + }); +``` + + + + +%prep +%autosetup -n cdk-ec2-key-pair-3.3.1 + +%build +%py3_build + +%install +%py3_install +install -d -m755 %{buildroot}/%{_pkgdocdir} +if [ -d doc ]; then cp -arf doc %{buildroot}/%{_pkgdocdir}; fi +if [ -d docs ]; then cp -arf docs %{buildroot}/%{_pkgdocdir}; fi +if [ -d example ]; then cp -arf example %{buildroot}/%{_pkgdocdir}; fi +if [ -d examples ]; then cp -arf examples %{buildroot}/%{_pkgdocdir}; fi +pushd %{buildroot} +if [ -d usr/lib ]; then + find usr/lib -type f -printf "/%h/%f\n" >> filelist.lst +fi +if [ -d usr/lib64 ]; then + find usr/lib64 -type f -printf "/%h/%f\n" >> filelist.lst +fi +if [ -d usr/bin ]; then + find usr/bin -type f -printf "/%h/%f\n" >> filelist.lst +fi +if [ -d usr/sbin ]; then + find usr/sbin -type f -printf "/%h/%f\n" >> filelist.lst +fi +touch doclist.lst +if [ -d usr/share/man ]; then + find usr/share/man -type f -printf "/%h/%f.gz\n" >> doclist.lst +fi +popd +mv %{buildroot}/filelist.lst . +mv %{buildroot}/doclist.lst . + +%files -n python3-cdk-ec2-key-pair -f filelist.lst +%dir %{python3_sitelib}/* + +%files help -f doclist.lst +%{_docdir}/* + +%changelog +* Thu May 18 2023 Python_Bot - 3.3.1-1 +- Package Spec generated diff --git a/sources b/sources new file mode 100644 index 0000000..1d022a9 --- /dev/null +++ b/sources @@ -0,0 +1 @@ +f94051dbb01fc961aede3416c43e2fff cdk-ec2-key-pair-3.3.1.tar.gz -- cgit v1.2.3