handle rotation in days with scheduleExpression

lpizzinidev · Dec 14, 2023 · 524ea38 · 524ea38
1 parent ada07d7
commit 524ea38
Show file tree

Hide file tree

Showing 19 changed files with 72 additions and 47 deletions.
diff --git a/.../test/integ.cluster-rotation.lit.js.snapshot/aws-cdk-docdb-cluster-rotation.template.json b/.../test/integ.cluster-rotation.lit.js.snapshot/aws-cdk-docdb-cluster-rotation.template.json
@@ -501,7 +501,7 @@
      ]
     },
     "RotationRules": {
-     "AutomaticallyAfterDays": 30
+     "ScheduleExpression": "rate(30 days)"
     },
     "SecretId": {
      "Ref": "DatabaseSecretAttachmentE5D1B020"

diff --git a/...ds/test/integ.cluster-rotation.lit.js.snapshot/aws-cdk-rds-cluster-rotation.template.json b/...ds/test/integ.cluster-rotation.lit.js.snapshot/aws-cdk-rds-cluster-rotation.template.json
@@ -599,7 +599,7 @@
      ]
     },
     "RotationRules": {
-     "AutomaticallyAfterDays": 30
+     "ScheduleExpression": "rate(30 days)"
     },
     "SecretId": {
      "Ref": "DatabaseSecretAttachmentE5D1B020"
@@ -920,7 +920,7 @@
      ]
     },
     "RotationRules": {
-     "AutomaticallyAfterDays": 7
+     "ScheduleExpression": "rate(7 days)"
     },
     "SecretId": {
      "Ref": "CustomRotationOptionsSecretAttachment697A23BF"

diff --git a/...esting/framework-integ/test/aws-rds/test/integ.cluster-rotation.lit.js.snapshot/tree.json b/...esting/framework-integ/test/aws-rds/test/integ.cluster-rotation.lit.js.snapshot/tree.json
diff --git a/.../aws-rds/test/integ.cluster-snapshot.js.snapshot/cdk-integ-cluster-snapshot.template.json b/.../aws-rds/test/integ.cluster-snapshot.js.snapshot/cdk-integ-cluster-snapshot.template.json
@@ -1403,7 +1403,7 @@
      ]
     },
     "RotationRules": {
-     "AutomaticallyAfterDays": 30
+     "ScheduleExpression": "rate(30 days)"
     },
     "SecretId": {
      "Ref": "FromSnapshotSnapshotSecretAttachmentA3F619B8"

diff --git a/...dk-testing/framework-integ/test/aws-rds/test/integ.cluster-snapshot.js.snapshot/tree.json b/...dk-testing/framework-integ/test/aws-rds/test/integ.cluster-snapshot.js.snapshot/tree.json
diff --git a/...integ/test/aws-rds/test/integ.instance.lit.js.snapshot/aws-cdk-rds-instance.template.json b/...integ/test/aws-rds/test/integ.instance.lit.js.snapshot/aws-cdk-rds-instance.template.json
@@ -616,7 +616,7 @@
      ]
     },
     "RotationRules": {
-     "AutomaticallyAfterDays": 30
+     "ScheduleExpression": "rate(30 days)"
     },
     "SecretId": {
      "Ref": "InstanceSecretAttachment83BEE581"

diff --git a/...ws-cdk-testing/framework-integ/test/aws-rds/test/integ.instance.lit.js.snapshot/tree.json b/...ws-cdk-testing/framework-integ/test/aws-rds/test/integ.instance.lit.js.snapshot/tree.json
diff --git a/...-secret-rotation-custom-names.js.snapshot/aws-cdk-rds-integ-secret-rotation.template.json b/...-secret-rotation-custom-names.js.snapshot/aws-cdk-rds-integ-secret-rotation.template.json
@@ -84,7 +84,7 @@
      "RotationType": "MySQLSingleUser"
     },
     "RotationRules": {
-     "AutomaticallyAfterDays": 30
+     "ScheduleExpression": "rate(30 days)"
     }
    }
   },

diff --git a/.../aws-rds/test/integ.serverless-cluster-secret-rotation-custom-names.js.snapshot/tree.json b/.../aws-rds/test/integ.serverless-cluster-secret-rotation-custom-names.js.snapshot/tree.json
diff --git a/...rless-cluster-secret-rotation.js.snapshot/aws-cdk-rds-integ-secret-rotation.template.json b/...rless-cluster-secret-rotation.js.snapshot/aws-cdk-rds-integ-secret-rotation.template.json
@@ -83,7 +83,7 @@
      "RotationType": "MySQLSingleUser"
     },
     "RotationRules": {
-     "AutomaticallyAfterDays": 30
+     "ScheduleExpression": "rate(30 days)"
     }
    }
   },

diff --git a/...rk-integ/test/aws-rds/test/integ.serverless-cluster-secret-rotation.js.snapshot/tree.json b/...rk-integ/test/aws-rds/test/integ.serverless-cluster-secret-rotation.js.snapshot/tree.json
diff --git a/...ger/test/integ.hosted-rotation.js.snapshot/cdk-integ-secret-hosted-rotation.template.json b/...ger/test/integ.hosted-rotation.js.snapshot/cdk-integ-secret-hosted-rotation.template.json
@@ -22,7 +22,7 @@
      "RotationType": "MySQLSingleUser"
     },
     "RotationRules": {
-     "AutomaticallyAfterDays": 30
+     "ScheduleExpression": "rate(30 days)"
     }
    }
   },
@@ -84,7 +84,7 @@
     },
     "RotateImmediatelyOnUpdate": false,
     "RotationRules": {
-     "AutomaticallyAfterDays": 30
+     "ScheduleExpression": "rate(30 days)"
     }
    }
   },

diff --git a/.../framework-integ/test/aws-secretsmanager/test/integ.hosted-rotation.js.snapshot/tree.json b/.../framework-integ/test/aws-secretsmanager/test/integ.hosted-rotation.js.snapshot/tree.json
diff --git a/packages/aws-cdk-lib/aws-docdb/test/cluster.test.ts b/packages/aws-cdk-lib/aws-docdb/test/cluster.test.ts
@@ -785,7 +785,7 @@ describe('DatabaseCluster', () => {
         'Fn::GetAtt': ['DatabaseRotationSingleUser65F55654', 'Outputs.RotationLambdaARN'],
       },
       RotationRules: {
-        AutomaticallyAfterDays: 5,
+        ScheduleExpression: 'rate(5 days)',
       },
     });
   });
@@ -899,7 +899,7 @@ describe('DatabaseCluster', () => {
         'Fn::GetAtt': ['DatabaseRotation6B6E1D86', 'Outputs.RotationLambdaARN'],
       },
       RotationRules: {
-        AutomaticallyAfterDays: 5,
+        ScheduleExpression: 'rate(5 days)',
       },
     });
   });

diff --git a/packages/aws-cdk-lib/aws-rds/test/cluster.test.ts b/packages/aws-cdk-lib/aws-rds/test/cluster.test.ts
@@ -1975,7 +1975,7 @@ describe('cluster', () => {
         ],
       },
       RotationRules: {
-        AutomaticallyAfterDays: 30,
+        ScheduleExpression: 'rate(30 days)',
       },
     });
   });
@@ -2006,7 +2006,7 @@ describe('cluster', () => {
         ],
       },
       RotationRules: {
-        AutomaticallyAfterDays: 30,
+        ScheduleExpression: 'rate(30 days)',
       },
     });
 
@@ -2058,7 +2058,7 @@ describe('cluster', () => {
     // THEN
     Template.fromStack(stack).hasResourceProperties('AWS::SecretsManager::RotationSchedule', {
       RotationRules: {
-        AutomaticallyAfterDays: 15,
+        ScheduleExpression: 'rate(15 days)',
       },
     });
 
@@ -2125,7 +2125,7 @@ describe('cluster', () => {
     // THEN
     Template.fromStack(stack).hasResourceProperties('AWS::SecretsManager::RotationSchedule', {
       RotationRules: {
-        AutomaticallyAfterDays: 15,
+        ScheduleExpression: 'rate(15 days)',
       },
     });
 
@@ -2231,7 +2231,7 @@ describe('cluster', () => {
         ],
       },
       RotationRules: {
-        AutomaticallyAfterDays: 30,
+        ScheduleExpression: 'rate(30 days)',
       },
       RotateImmediatelyOnUpdate: false,
     });
@@ -2266,7 +2266,7 @@ describe('cluster', () => {
         ],
       },
       RotationRules: {
-        AutomaticallyAfterDays: 30,
+        ScheduleExpression: 'rate(30 days)',
       },
       RotateImmediatelyOnUpdate: false,
     });
@@ -3439,7 +3439,7 @@ describe('cluster', () => {
     // THEN
     Template.fromStack(stack).hasResourceProperties('AWS::SecretsManager::RotationSchedule', {
       RotationRules: {
-        AutomaticallyAfterDays: 30,
+        ScheduleExpression: 'rate(30 days)',
       },
     });
   });
@@ -3493,7 +3493,7 @@ describe('cluster', () => {
         ],
       },
       RotationRules: {
-        AutomaticallyAfterDays: 30,
+        ScheduleExpression: 'rate(30 days)',
       },
     });
 

diff --git a/packages/aws-cdk-lib/aws-rds/test/instance.test.ts b/packages/aws-cdk-lib/aws-rds/test/instance.test.ts
@@ -782,7 +782,7 @@ describe('instance', () => {
         ],
       },
       RotationRules: {
-        AutomaticallyAfterDays: 30,
+        ScheduleExpression: 'rate(30 days)',
       },
     });
   });
@@ -810,7 +810,7 @@ describe('instance', () => {
         ],
       },
       RotationRules: {
-        AutomaticallyAfterDays: 30,
+        ScheduleExpression: 'rate(30 days)',
       },
     });
 
@@ -858,7 +858,7 @@ describe('instance', () => {
     // THEN
     Template.fromStack(stack).hasResourceProperties('AWS::SecretsManager::RotationSchedule', {
       RotationRules: {
-        AutomaticallyAfterDays: 15,
+        ScheduleExpression: 'rate(15 days)',
       },
     });
 
@@ -921,7 +921,7 @@ describe('instance', () => {
     // THEN
     Template.fromStack(stack).hasResourceProperties('AWS::SecretsManager::RotationSchedule', {
       RotationRules: {
-        AutomaticallyAfterDays: 15,
+        ScheduleExpression: 'rate(15 days)',
       },
     });
 

diff --git a/packages/aws-cdk-lib/aws-secretsmanager/lib/rotation-schedule.ts b/packages/aws-cdk-lib/aws-secretsmanager/lib/rotation-schedule.ts
@@ -128,7 +128,6 @@ export class RotationSchedule extends Resource {
       );
     }
 
-    let automaticallyAfterDays: number | undefined;
     let scheduleExpression: string | undefined;
     if (props.automaticallyAfter) {
       const automaticallyAfterMillis = props.automaticallyAfter.toMilliseconds();
@@ -139,20 +138,15 @@ export class RotationSchedule extends Resource {
         if (automaticallyAfterMillis > Duration.days(1000).toMilliseconds()) {
           throw new Error(`automaticallyAfter must not be greater than 1000 days, got ${props.automaticallyAfter.toDays()} days`);
         }
-        if (props.automaticallyAfter.toHours() >= 24) {
-          automaticallyAfterDays = props.automaticallyAfter.toDays();
-        } else {
-          scheduleExpression = Schedule.rate(props.automaticallyAfter).expressionString;
-        }
+        scheduleExpression = Schedule.rate(props.automaticallyAfter).expressionString;
       }
     } else {
-      automaticallyAfterDays = 30;
+      scheduleExpression = Schedule.rate(Duration.days(30)).expressionString;
     }
 
     let rotationRules: CfnRotationSchedule.RotationRulesProperty | undefined;
-    if (automaticallyAfterDays !== undefined || scheduleExpression !== undefined) {
+    if (scheduleExpression) {
       rotationRules = {
-        automaticallyAfterDays,
         scheduleExpression,
       };
     }