From e2c7f85e6f99422b52c1ec1ca7190ed383244dc9 Mon Sep 17 00:00:00 2001 From: UnnatiParekh05 Date: Thu, 8 Jul 2021 11:36:48 -0700 Subject: [PATCH] Changes after reset --- packages/@aws-cdk/aws-ecs/README.md | 18 +-------------- .../lib/log-drivers/splunk-log-driver.ts | 22 ++++++++++++++----- .../aws-ecs/test/splunk-log-driver.test.ts | 16 ++++++++++++-- 3 files changed, 31 insertions(+), 25 deletions(-) diff --git a/packages/@aws-cdk/aws-ecs/README.md b/packages/@aws-cdk/aws-ecs/README.md index e6e11c31419f3..449d67f986ac4 100644 --- a/packages/@aws-cdk/aws-ecs/README.md +++ b/packages/@aws-cdk/aws-ecs/README.md @@ -611,23 +611,7 @@ taskDefinition.addContainer('TheContainer', { image: ecs.ContainerImage.fromRegistry('example-image'), memoryLimitMiB: 256, logging: ecs.LogDrivers.splunk({ - token: cdk.SecretValue.secretsManager('my-splunk-token'), - url: 'my-splunk-url' - }) -}); -``` - -When providing the Splunk token in the `token` field it gets resolved to the secret value on deploying. Hence it is encouraged to use the `secretToken` field for specifying the Splunk token as a `Secret` which will be populated in the Log Driver `SecretOptions`. Below is an example task definition with both fields specified: - -```ts -// Create a Task Definition for the container to start -const taskDefinition = new ecs.Ec2TaskDefinition(this, 'TaskDef'); -taskDefinition.addContainer('TheContainer', { - image: ecs.ContainerImage.fromRegistry('example-image'), - memoryLimitMiB: 256, - logging: ecs.LogDrivers.splunk({ - token: cdk.SecretValue.secretsManager('my-splunk-token'), - secretToken: ecs.Secret.fromSecretsManager(secret), + secretToken: cdk.SecretValue.secretsManager('my-splunk-token'), url: 'my-splunk-url' }) }); diff --git a/packages/@aws-cdk/aws-ecs/lib/log-drivers/splunk-log-driver.ts b/packages/@aws-cdk/aws-ecs/lib/log-drivers/splunk-log-driver.ts index 3eab79392b5d1..c1d3ceac6908f 100644 --- a/packages/@aws-cdk/aws-ecs/lib/log-drivers/splunk-log-driver.ts +++ b/packages/@aws-cdk/aws-ecs/lib/log-drivers/splunk-log-driver.ts @@ -25,13 +25,24 @@ export enum SplunkLogFormat { export interface SplunkLogDriverProps extends BaseLogDriverProps { /** * Splunk HTTP Event Collector token. + * + * The splunk-token is added to the Options property of the Log Driver Configuration. So the secret value will be resolved and + * viewable in plain text in the console. + * + * Please provide at least one of `token` or `secretToken`. * @deprecated Use {@link SplunkLogDriverProps.secretToken} instead. + * @default - token not provided. */ - readonly token: SecretValue; + readonly token?: SecretValue; /** * Splunk HTTP Event Collector token (Secret). - * @default - Secret token not provided. + * + * The splunk-token is added to the SecretOptions property of the Log Driver Configuration. So the secret value will not be + * resolved or viewable as plain text. + * + * Please provide at least one of `token` or `secretToken`. + * @default - If secret token is not provided, then the value provided in `token` will be used. */ readonly secretToken?: Secret; @@ -128,6 +139,9 @@ export class SplunkLogDriver extends LogDriver { constructor(private readonly props: SplunkLogDriverProps) { super(); + if (!props.token && !props.secretToken) { + throw new Error('Please provide either token or secretToken.'); + } if (props.gzipLevel) { ensureInRange(props.gzipLevel, -1, 9); } @@ -153,10 +167,6 @@ export class SplunkLogDriver extends LogDriver { ...renderCommonLogDriverOptions(this.props), }); - if (this.props.secretToken) { - delete options['splunk-token']; - } - return { logDriver: 'splunk', options, diff --git a/packages/@aws-cdk/aws-ecs/test/splunk-log-driver.test.ts b/packages/@aws-cdk/aws-ecs/test/splunk-log-driver.test.ts index a493803bb94c0..ee7d3f4b68ee8 100644 --- a/packages/@aws-cdk/aws-ecs/test/splunk-log-driver.test.ts +++ b/packages/@aws-cdk/aws-ecs/test/splunk-log-driver.test.ts @@ -112,7 +112,6 @@ nodeunitShim({ td.addContainer('Container', { image, logging: ecs.LogDrivers.splunk({ - token: cdk.SecretValue.secretsManager('my-splunk-token'), secretToken: ecs.Secret.fromSecretsManager(secret), url: 'my-splunk-url', }), @@ -153,7 +152,6 @@ nodeunitShim({ td.addContainer('Container', { image, logging: ecs.LogDrivers.splunk({ - token: cdk.SecretValue.secretsManager('my-splunk-token'), secretToken: ecs.Secret.fromSsmParameter(parameter), url: 'my-splunk-url', }), @@ -201,4 +199,18 @@ nodeunitShim({ test.done(); }, + + 'throws when neither token nor secret token are provided'(test: Test) { + test.throws(() => { + td.addContainer('Container', { + image, + logging: ecs.LogDrivers.splunk({ + url: 'my-splunk-url', + }), + memoryLimitMiB: 128, + }); + }, 'Please provide either token or secretToken.'); + + test.done(); + }, });