From da38cee86afc8c55e004a7bdc6215f652f772a1b Mon Sep 17 00:00:00 2001 From: Douglas Parsons Date: Fri, 30 Sep 2022 17:07:39 +0100 Subject: [PATCH] fix(ssm) parameter version incorrectly specied when omitted (#18729) It is possible to omit the `version` of an SSM SecureString parameter. When omitted, the reference generated by CDK results in a ValidationError when applying the changes. e.g. ``` Error [ValidationError]: Incorrect format is used in the following SSM reference: [{{resolve:ssm-secure:/some/parameter:}}] ``` --- packages/@aws-cdk/aws-ssm/lib/parameter.ts | 5 ++++- packages/@aws-cdk/aws-ssm/test/parameter.test.ts | 2 +- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/packages/@aws-cdk/aws-ssm/lib/parameter.ts b/packages/@aws-cdk/aws-ssm/lib/parameter.ts index f24e4d0375108..5721cd30e922d 100644 --- a/packages/@aws-cdk/aws-ssm/lib/parameter.ts +++ b/packages/@aws-cdk/aws-ssm/lib/parameter.ts @@ -492,7 +492,10 @@ export class StringParameter extends ParameterBase implements IStringParameter { */ public static fromSecureStringParameterAttributes(scope: Construct, id: string, attrs: SecureStringParameterAttributes): IStringParameter { const version = attrs.version ? Tokenization.stringifyNumber(attrs.version) : ''; - const stringValue = new CfnDynamicReference(CfnDynamicReferenceService.SSM_SECURE, `${attrs.parameterName}:${version}`).toString(); + const stringValue = new CfnDynamicReference( + CfnDynamicReferenceService.SSM_SECURE, + version ? `${attrs.parameterName}:${version}` : attrs.parameterName, + ).toString(); class Import extends ParameterBase { public readonly parameterName = attrs.parameterName; diff --git a/packages/@aws-cdk/aws-ssm/test/parameter.test.ts b/packages/@aws-cdk/aws-ssm/test/parameter.test.ts index 817eb4d264239..c33bfaa01305f 100644 --- a/packages/@aws-cdk/aws-ssm/test/parameter.test.ts +++ b/packages/@aws-cdk/aws-ssm/test/parameter.test.ts @@ -602,7 +602,7 @@ test('StringParameter.fromSecureStringParameterAttributes without version', () = }); // THEN - expect(stack.resolve(param.stringValue)).toEqual('{{resolve:ssm-secure:MyParamName:}}'); + expect(stack.resolve(param.stringValue)).toEqual('{{resolve:ssm-secure:MyParamName}}'); }); test('StringListParameter.fromName', () => {