Skip to content

Commit

Permalink
feat: make role's secret available via a property
Browse files Browse the repository at this point in the history
  • Loading branch information
berenddeboer committed Sep 16, 2022
1 parent a2988e6 commit 3c25b23
Show file tree
Hide file tree
Showing 2 changed files with 15 additions and 5 deletions.
2 changes: 2 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -102,6 +102,8 @@ does, with all the connection info needed for this user. It's secret value is a
}
```

You can access the secret via `role.secret`.

## Database

Create a datdabse as follows:
Expand Down
18 changes: 13 additions & 5 deletions src/role.ts
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
import { RemovalPolicy } from "aws-cdk-lib"
import * as kms from "aws-cdk-lib/aws-kms"
import { ServerlessCluster } from "aws-cdk-lib/aws-rds"
import { Secret } from "aws-cdk-lib/aws-secretsmanager"
import { ISecret, Secret } from "aws-cdk-lib/aws-secretsmanager"
import { Construct } from "constructs"
import { Provider } from "./provider"
import { Role as CustomResourceRole } from "./role.custom-resource"
Expand Down Expand Up @@ -36,11 +36,19 @@ export interface RoleProps {
}

export class Role extends Construct {
/**
* The role name.
*/
public readonly roleName: string

/**
* The generated secret.
*/
public readonly secret: ISecret

constructor(scope: Construct, id: string, props: RoleProps) {
super(scope, id)
const secret = new Secret(this, "Secret", {
this.secret = new Secret(this, "Secret", {
encryptionKey: props.encryptionKey,
description: `Generated secret for postgres role ${props.roleName}`,
generateSecretString: {
Expand All @@ -61,10 +69,10 @@ export class Role extends Construct {
const role = new CustomResourceRole(this, "PostgresRole", {
provider: props.provider,
roleName: props.roleName,
passwordArn: secret.secretArn,
passwordArn: this.secret.secretArn,
})
role.node.addDependency(secret)
role.node.addDependency(this.secret)
this.roleName = props.roleName
secret.grantRead(props.provider.handler)
this.secret.grantRead(props.provider.handler)
}
}

0 comments on commit 3c25b23

Please sign in to comment.