Skip to content

Commit

Permalink
feat(docdb): add option to set the name of the generated Secret (aws#…
Browse files Browse the repository at this point in the history
…17574)

fixes: aws#17572
*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
  • Loading branch information
markussiebert authored and TikiTDO committed Feb 21, 2022
1 parent 184d37f commit 0234bd7
Show file tree
Hide file tree
Showing 4 changed files with 30 additions and 0 deletions.
1 change: 1 addition & 0 deletions packages/@aws-cdk/aws-docdb/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@ const cluster = new DatabaseCluster(this, 'Database', {
masterUser: {
username: 'myuser' // NOTE: 'admin' is reserved by DocumentDB
excludeCharacters: '\"@/:', // optional, defaults to the set "\"@/"
secretName: '/myapp/mydocdb/masteruser', // optional, if you prefer to specify the secret name
},
instanceType: ec2.InstanceType.of(ec2.InstanceClass.R5, ec2.InstanceSize.LARGE),
vpcSubnets: {
Expand Down
1 change: 1 addition & 0 deletions packages/@aws-cdk/aws-docdb/lib/cluster.ts
Original file line number Diff line number Diff line change
Expand Up @@ -353,6 +353,7 @@ export class DatabaseCluster extends DatabaseClusterBase {
username: props.masterUser.username,
encryptionKey: props.masterUser.kmsKey,
excludeCharacters: props.masterUser.excludeCharacters,
secretName: props.masterUser.secretName,
});
}

Expand Down
7 changes: 7 additions & 0 deletions packages/@aws-cdk/aws-docdb/lib/props.ts
Original file line number Diff line number Diff line change
Expand Up @@ -60,6 +60,13 @@ export interface Login {
* @default "\"@/"
*/
readonly excludeCharacters?: string;

/**
* The physical name of the secret, that will be generated.
*
* @default Secretsmanager will generate a physical name for the secret
*/
readonly secretName?: string;
}

/**
Expand Down
21 changes: 21 additions & 0 deletions packages/@aws-cdk/aws-docdb/test/cluster.test.ts
Original file line number Diff line number Diff line change
Expand Up @@ -316,6 +316,27 @@ describe('DatabaseCluster', () => {
}));
});

test('creates a secret with secretName set', () => {
// GIVEN
const stack = testStack();
const vpc = new ec2.Vpc(stack, 'VPC');

// WHEN
new DatabaseCluster(stack, 'Database', {
masterUser: {
username: 'admin',
secretName: '/myapp/mydocdb/masteruser',
},
instanceType: ec2.InstanceType.of(ec2.InstanceClass.BURSTABLE2, ec2.InstanceSize.SMALL),
vpc,
});

// THEN
expectCDK(stack).to(haveResourceLike('AWS::SecretsManager::Secret', {
Name: '/myapp/mydocdb/masteruser',
}));
});

test('create an encrypted cluster with custom KMS key', () => {
// GIVEN
const stack = testStack();
Expand Down

0 comments on commit 0234bd7

Please sign in to comment.