Skip to content

Commit

Permalink
Changes after reset
Browse files Browse the repository at this point in the history
  • Loading branch information
upparekh committed Jul 8, 2021
1 parent 168bb9b commit e2c7f85
Show file tree
Hide file tree
Showing 3 changed files with 31 additions and 25 deletions.
18 changes: 1 addition & 17 deletions packages/@aws-cdk/aws-ecs/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -611,23 +611,7 @@ taskDefinition.addContainer('TheContainer', {
image: ecs.ContainerImage.fromRegistry('example-image'),
memoryLimitMiB: 256,
logging: ecs.LogDrivers.splunk({
token: cdk.SecretValue.secretsManager('my-splunk-token'),
url: 'my-splunk-url'
})
});
```

When providing the Splunk token in the `token` field it gets resolved to the secret value on deploying. Hence it is encouraged to use the `secretToken` field for specifying the Splunk token as a `Secret` which will be populated in the Log Driver `SecretOptions`. Below is an example task definition with both fields specified:

```ts
// Create a Task Definition for the container to start
const taskDefinition = new ecs.Ec2TaskDefinition(this, 'TaskDef');
taskDefinition.addContainer('TheContainer', {
image: ecs.ContainerImage.fromRegistry('example-image'),
memoryLimitMiB: 256,
logging: ecs.LogDrivers.splunk({
token: cdk.SecretValue.secretsManager('my-splunk-token'),
secretToken: ecs.Secret.fromSecretsManager(secret),
secretToken: cdk.SecretValue.secretsManager('my-splunk-token'),
url: 'my-splunk-url'
})
});
Expand Down
22 changes: 16 additions & 6 deletions packages/@aws-cdk/aws-ecs/lib/log-drivers/splunk-log-driver.ts
Original file line number Diff line number Diff line change
Expand Up @@ -25,13 +25,24 @@ export enum SplunkLogFormat {
export interface SplunkLogDriverProps extends BaseLogDriverProps {
/**
* Splunk HTTP Event Collector token.
*
* The splunk-token is added to the Options property of the Log Driver Configuration. So the secret value will be resolved and
* viewable in plain text in the console.
*
* Please provide at least one of `token` or `secretToken`.
* @deprecated Use {@link SplunkLogDriverProps.secretToken} instead.
* @default - token not provided.
*/
readonly token: SecretValue;
readonly token?: SecretValue;

/**
* Splunk HTTP Event Collector token (Secret).
* @default - Secret token not provided.
*
* The splunk-token is added to the SecretOptions property of the Log Driver Configuration. So the secret value will not be
* resolved or viewable as plain text.
*
* Please provide at least one of `token` or `secretToken`.
* @default - If secret token is not provided, then the value provided in `token` will be used.
*/
readonly secretToken?: Secret;

Expand Down Expand Up @@ -128,6 +139,9 @@ export class SplunkLogDriver extends LogDriver {
constructor(private readonly props: SplunkLogDriverProps) {
super();

if (!props.token && !props.secretToken) {
throw new Error('Please provide either token or secretToken.');
}
if (props.gzipLevel) {
ensureInRange(props.gzipLevel, -1, 9);
}
Expand All @@ -153,10 +167,6 @@ export class SplunkLogDriver extends LogDriver {
...renderCommonLogDriverOptions(this.props),
});

if (this.props.secretToken) {
delete options['splunk-token'];
}

return {
logDriver: 'splunk',
options,
Expand Down
16 changes: 14 additions & 2 deletions packages/@aws-cdk/aws-ecs/test/splunk-log-driver.test.ts
Original file line number Diff line number Diff line change
Expand Up @@ -112,7 +112,6 @@ nodeunitShim({
td.addContainer('Container', {
image,
logging: ecs.LogDrivers.splunk({
token: cdk.SecretValue.secretsManager('my-splunk-token'),
secretToken: ecs.Secret.fromSecretsManager(secret),
url: 'my-splunk-url',
}),
Expand Down Expand Up @@ -153,7 +152,6 @@ nodeunitShim({
td.addContainer('Container', {
image,
logging: ecs.LogDrivers.splunk({
token: cdk.SecretValue.secretsManager('my-splunk-token'),
secretToken: ecs.Secret.fromSsmParameter(parameter),
url: 'my-splunk-url',
}),
Expand Down Expand Up @@ -201,4 +199,18 @@ nodeunitShim({

test.done();
},

'throws when neither token nor secret token are provided'(test: Test) {
test.throws(() => {
td.addContainer('Container', {
image,
logging: ecs.LogDrivers.splunk({
url: 'my-splunk-url',
}),
memoryLimitMiB: 128,
});
}, 'Please provide either token or secretToken.');

test.done();
},
});

0 comments on commit e2c7f85

Please sign in to comment.