Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(core): SecretValue.secretsManager fails for tokenized secret-id #16230

Merged
merged 3 commits into from
Oct 27, 2021
Merged

fix(core): SecretValue.secretsManager fails for tokenized secret-id #16230

merged 3 commits into from
Oct 27, 2021

Conversation

jumic
Copy link
Contributor

@jumic jumic commented Aug 25, 2021

SecretValue.secretsManager fails if a token is used for secret-id. This is caused by a validation which should be skipped for tokenized values.

Solved by skipping the validation if token is unresolved.

Fixes #16166.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

@gitpod-io
Copy link

gitpod-io bot commented Aug 25, 2021

@jumic
Copy link
Contributor Author

jumic commented Aug 25, 2021

The example which was provided in the issue can be deployed after this fix. In addition, I tested the change using the following code for secretsManager without jsonField. First, a secret has to be created in SecretsManager with name foo. Then, this code can be used.

const param = new cdk.CfnParameter(this, 'MyParam', {
  default: 'foo',
});

const secretValueFoo = cdk.SecretValue.secretsManager(param.valueAsString).toString();
new ssm.StringParameter(this, 'string-parameter-foo', {stringValue: secretValueFoo});

@peterwoodworth peterwoodworth changed the title fix(core): SecretValue.secretsManager fails for tokenized secret-id fix(core): SecretValue.secretsManager fails for tokenized secret-id Oct 21, 2021
@github-actions github-actions bot added the @aws-cdk/core Related to core CDK functionality label Oct 21, 2021
@mergify
Copy link
Contributor

mergify bot commented Oct 27, 2021

Thank you for contributing! Your pull request will be updated from master and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

@aws-cdk-automation
Copy link
Collaborator

AWS CodeBuild CI Report

  • CodeBuild project: AutoBuildProject89A8053A-LhjRyN9kxr8o
  • Commit ID: fe939ce
  • Result: SUCCEEDED
  • Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

@mergify mergify bot merged commit 5831456 into aws:master Oct 27, 2021
@mergify
Copy link
Contributor

mergify bot commented Oct 27, 2021

Thank you for contributing! Your pull request will be updated from master and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

TikiTDO pushed a commit to TikiTDO/aws-cdk that referenced this pull request Feb 21, 2022
@jumic @TikiTDO
fix(core): SecretValue.secretsManager fails for tokenized secret-id (a…
02c8dfe 
…ws#16230)

`SecretValue.secretsManager` fails if a token is used for `secret-id`. This is caused by a validation which should be skipped for tokenized values.

Solved by skipping the validation if token is unresolved.

Fixes aws#16166.

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rix0rrr rix0rrr rix0rrr approved these changes

Assignees

@rix0rrr rix0rrr

Labels
@aws-cdk/core Related to core CDK functionality
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

(@aws-cdk/core): Error: secret id "${Token[Fn::Join.84]}" is not an ARN but contains ":"
3 participants
@jumic @aws-cdk-automation @rix0rrr