Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[aws-secretsmanager]: Expose arnForPolicies on ISecret #28402

Open
2 tasks
Xfel opened this issue Dec 18, 2023 · 1 comment
Open
2 tasks

[aws-secretsmanager]: Expose arnForPolicies on ISecret #28402

Xfel opened this issue Dec 18, 2023 · 1 comment
Labels
@aws-cdk/aws-secretsmanager Related to AWS Secrets Manager effort/medium Medium work item – several days of effort feature-request A feature should be added or improved. p3

Comments

@Xfel
Copy link

Xfel commented Dec 18, 2023

Describe the feature

The property arnForPolicies is currently defined protected on SecretBase and used by the grantRead and grantWrite methods. Making this a public property on ISecret simplifies creation of custom policies.

Use Case

The Kubernetes External Secrets operator needs additional actions granted on secrets used, as described here. These are not added when simply using ISecret.grantRead.

However, using the correct ARN for secrets in policies is non-trivial, especially when you aren't sure at the time of writing where the secret in question will come from. CDK internally uses a mechanism to resolve this, but it is not exposed.

Another usecase would be to handle multiple secret resources inside a single policy statement.

Proposed Solution

The logic is already present, it just needs to be made public.

Other Information

No response

Acknowledgements

  • I may be able to implement this feature request
  • This feature might incur a breaking change

CDK version used

2.99.0

Environment details (OS name and version, etc.)

Windows 10
@Xfel Xfel added feature-request A feature should be added or improved. needs-triage This issue or PR still needs to be triaged. labels Dec 18, 2023
@github-actions github-actions bot added the @aws-cdk/aws-secretsmanager Related to AWS Secrets Manager label Dec 18, 2023
@pahud pahud added p2 effort/medium Medium work item – several days of effort and removed needs-triage This issue or PR still needs to be triaged. labels Dec 18, 2023
@pahud
Copy link
Contributor

pahud commented Dec 18, 2023

Thanks for your use case sharing. We probably need more discussion here though I don't see any risk making it public.

@github-actions github-actions bot mentioned this issue Jan 1, 2024
Closed
@pahud pahud added p3 and removed p2 labels Jun 11, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
@aws-cdk/aws-secretsmanager Related to AWS Secrets Manager effort/medium Medium work item – several days of effort feature-request A feature should be added or improved. p3
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@pahud @Xfel