-
Notifications
You must be signed in to change notification settings - Fork 4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
(aws_docdb): addRotationSingleUser() not consistent with aws_rds.Cluster.addRotationSingleUser() #17347
Comments
This issue has not received a response in a while. If you want to keep this issue open, please leave a comment below and auto-close will be canceled. |
@skinny85 dude, fixed it before I even reported it? That's pretty next level. Thanks!!! |
|
@skinny85 I think this issue is not fixed yet. The merge request you linked provides the ability to specify the excluded chars for the secret itself but not for the secret rotation lambda function. |
Hmm, you're right @h1008! Let me re-open this issue. Would you consider picking this one up where the previous contributor left off in #17262? Our "Contributing" guide: https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md. Thanks, |
Thanks, I'll have a look if I can prepare a PR. |
@skinny85 my PR is ready. I think this should fix it! |
|
What is the problem?
https://docs.aws.amazon.com/cdk/api/latest/docs/aws-rds-readme.html#rotating-credentials describes the
aws_rds.Cluster.addRotationSinglerUser()
, as implemented by aws_docdb there is no support forexcludeCharacters
. And sure enough, I went to update a stack containing aand got
Reproduction Steps
I'm not sure how to reliably repro this one. The problem, I think, is that the secret rotator generates an illegal password. The deeper problem is that the secret rotator doesn't follow the good example in
aws_rds
and allow for configurableexcludeCharacters
, so there's no simple way to fix this. This might be the root cause of #17288 (I'm imagining if the rotator generates an illegal password and DocDB refuses to accept it).What did you expect to happen?
I expect to never have to think about the (unfortunately named) masterUser's password. The rotation should Just Work.
What actually happened?
First try: (pulled from the CloudFormation console)
Second try:
CDK CLI Version
2.0.0-rc.27 (build 435e6f6)
Framework Version
2.0.0-rc.27 (build 435e6f6)
Node.js Version
v14.17.5
OS
MacOS
Language
Typescript
Language Version
4.4.4
Other information
No response
The text was updated successfully, but these errors were encountered: