Skip to content

Commit

Permalink
fix(ssm): StringParameter.fromSecureStringParameterAttributes not w…
Browse files Browse the repository at this point in the history 
…orking without version

It is possible to omit the `version` of an SSM SecureString parameter.

When omitted, the reference generated by CDK results in a
ValidationError when applying the changes.

e.g.

```
Error [ValidationError]: Incorrect format is used in the following SSM reference: [{{resolve:ssm-secure:/some/parameter:}}]
```
  • Loading branch information
@dglsparsons
dglsparsons committed Oct 2, 2022
1 parent e2deca0 commit a96f622
Show file tree
Hide file tree
Showing 3 changed files with 9 additions and 3 deletions.
5 changes: 4 additions & 1 deletion packages/@aws-cdk/aws-ssm/lib/parameter.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -492,7 +492,10 @@ export class StringParameter extends ParameterBase implements IStringParameter {
*/
public static fromSecureStringParameterAttributes(scope: Construct, id: string, attrs: SecureStringParameterAttributes): IStringParameter {
const version = attrs.version ? Tokenization.stringifyNumber(attrs.version) : '';
const stringValue = new CfnDynamicReference(CfnDynamicReferenceService.SSM_SECURE, `${attrs.parameterName}:${version}`).toString();
const stringValue = new CfnDynamicReference(
CfnDynamicReferenceService.SSM_SECURE,
version ? `${attrs.parameterName}:${version}` : attrs.parameterName,
).toString();

class Import extends ParameterBase {
public readonly parameterName = attrs.parameterName;
Expand Down
5 changes: 4 additions & 1 deletion packages/@aws-cdk/aws-ssm/test/integ.parameter-store-string.lit.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,9 +38,11 @@ class UsingStack extends cdk.Stack {
}).stringValue;

// Retrieve a specific version of the secret (SecureString) parameter.
// 'version' is always required.
const secretValue = ssm.StringParameter.fromSecureStringParameterAttributes(this, 'MySecureValue', {
parameterName: '/My/Secret/Parameter',
});
const secretValueVersion = ssm.StringParameter.fromSecureStringParameterAttributes(this, 'MySecureValueVersion', {
parameterName: '/My/Secret/Parameter',
version: 5,
});
const secretValueVersionFromToken = ssm.StringParameter.fromSecureStringParameterAttributes(this, 'MySecureValueVersionFromToken', {
Expand All @@ -57,6 +59,7 @@ class UsingStack extends cdk.Stack {

// Cannot be provisioned so cannot be actually used
Array.isArray(secretValue);
Array.isArray(secretValueVersion);
Array.isArray(secretValueVersionFromToken);
}
}
Expand Down
2 changes: 1 addition & 1 deletion packages/@aws-cdk/aws-ssm/test/parameter.test.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -602,7 +602,7 @@ test('StringParameter.fromSecureStringParameterAttributes without version', () =
});

// THEN
expect(stack.resolve(param.stringValue)).toEqual('{{resolve:ssm-secure:MyParamName:}}');
expect(stack.resolve(param.stringValue)).toEqual('{{resolve:ssm-secure:MyParamName}}');
});

test('StringListParameter.fromName', () => {
Expand Down

0 comments on commit a96f622

Please sign in to comment.