Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(ssm): allow referencing "latest" version of SSM parameter #1768

Merged
merged 4 commits into from
Feb 16, 2019

Conversation

rix0rrr
Copy link
Contributor

@rix0rrr rix0rrr commented Feb 14, 2019

There are many requests from people to integrate with SSM parameter
store in same way, and in particular to get the latest version of
a parameter.

The mechanisms to get a specific version or the latest version
at deployment time are very different, but both are now supported
by and hidden in the ssm.ParameterStoreString class.

Make the naming around properties that return a (potentially
Tokenized) value consistent. All properties of objects that return
a string value are stringValue, all properties of objects taht
return a list value are stringListValue.

Fixes #1587.

BREAKING CHANGE: Rename parameter.valueAsString =>
parameter.stringValue, rename parameter.valueAsList =>
parameter.stringListValue, rename ssmParameter.parameterValue =>
ssmParameter.stringValue or ssmParameter.stringListValue depending
on type, rename secretString.value => secretString.stringValue.


Pull Request Checklist

  • Testing
    • Unit test added
    • CLI change?: coordinate update of integration tests with team
    • cdk-init template change?: coordinated update of integration tests with team
  • Docs
    • jsdocs: All public APIs documented
    • README: README and/or documentation topic updated
  • Title and Description
    • Change type: title prefixed with fix, feat will appear in changelog
    • Title: use lower-case and doesn't end with a period
    • Breaking?: last paragraph: "BREAKING CHANGE: <describe what changed + link for details>"
    • Issues: Indicate issues fixed via: "Fixes #xxx" or "Closes #xxx"
  • Sensitive Modules (requires 2 PR approvers)
    • IAM Policy Document (in @aws-cdk/aws-iam)
    • EC2 Security Groups and ACLs (in @aws-cdk/aws-ec2)
    • Grant APIs (only if not based on official documentation with a reference)

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license.

There are many requests from people to integrate with SSM parameter
store in same way, and in particular to get the latest version of
a parameter.

The mechanisms to get a specific version or the latest version
at deployment time are very different, but both are now supported
by and hidden in the ssm.ParameterStoreString class.

Make the naming around properties that return a (potentially
Tokenized) value consistent. All properties of objects that return
a string value are `stringValue`, all properties of objects taht
return a list value are `stringListValue`.

Fixes #1587.

BREAKING CHANGE: Rename `parameter.valueAsString` =>
`parameter.stringValue`, rename `parameter.valueAsList` =>
`parameter.stringListValue`, rename `ssmParameter.parameterValue` =>
`ssmParameter.stringValue` or `ssmParameter.stringListValue` depending
on type, rename `secretString.value` => `secretString.stringValue`.
@rix0rrr rix0rrr requested a review from a team as a code owner February 14, 2019 15:22

You can create either `ssm.StringParameter` or `ssm.StringListParameter`s.
*SecretString* parameters cannot be created directly from a CDK application;
if you want to provision secrets automatically, use Secrets Manager Secrets.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not sure what you mean by 'use Secrete Manager Secrets'. Link/Clarify.

@@ -25,7 +25,7 @@ export interface DynamicReferenceProps {
* @see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/dynamic-references.html
*/
export class DynamicReference extends Construct {
private readonly _value: string;
private _value: string;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should this remain readonly? I don't see it mutated anywhere.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, it's just that it's a little silly to have it readonly. But sure.

Rico Huijbers added 3 commits February 15, 2019 10:05
BREAKING CHANGE: rename `secret.toSecretString()` =>
`secret.secretString`.
@rix0rrr rix0rrr merged commit 9af36af into master Feb 16, 2019
@rix0rrr rix0rrr deleted the huijbers/ssmps-latest branch February 16, 2019 10:04
public toSecretString() {
this.secretString = this.secretString || new SecretString(this, 'SecretString', { secretId: this.secretArn });
return this.secretString;
public get secretString() {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would prefer this to be called “toSecretString” because it’s not a property of the secret, but rather a conversion method.

(Like toPipelineAction)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would prefer this to be called “toSecretString” because it’s not a property of the secret

I disagree. It do see it as a property access (like .secretArn, but instead we access the VALUE of the secret). It just so happens that the value is of a complex type instead of a primitive (like Date).

It does not create a new resource, nor convert to anything that's used anywhere else in the construct tree. From this complex value object, you're still supposed to take stringValue or jsonFieldValue.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

OK, makes sense. Thanks for the explanation. What threw me off was the sugar methods stringValue and jsonFieldValue.

@NGL321 NGL321 added the contribution/core This is a PR that came from AWS. label Sep 27, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
contribution/core This is a PR that came from AWS.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Getting latest version of the SSM parameter
4 participants