-
Notifications
You must be signed in to change notification settings - Fork 4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(ssm): allow referencing "latest" version of SSM parameter #1768
Conversation
There are many requests from people to integrate with SSM parameter store in same way, and in particular to get the latest version of a parameter. The mechanisms to get a specific version or the latest version at deployment time are very different, but both are now supported by and hidden in the ssm.ParameterStoreString class. Make the naming around properties that return a (potentially Tokenized) value consistent. All properties of objects that return a string value are `stringValue`, all properties of objects taht return a list value are `stringListValue`. Fixes #1587. BREAKING CHANGE: Rename `parameter.valueAsString` => `parameter.stringValue`, rename `parameter.valueAsList` => `parameter.stringListValue`, rename `ssmParameter.parameterValue` => `ssmParameter.stringValue` or `ssmParameter.stringListValue` depending on type, rename `secretString.value` => `secretString.stringValue`.
packages/@aws-cdk/aws-ssm/README.md
Outdated
|
||
You can create either `ssm.StringParameter` or `ssm.StringListParameter`s. | ||
*SecretString* parameters cannot be created directly from a CDK application; | ||
if you want to provision secrets automatically, use Secrets Manager Secrets. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not sure what you mean by 'use Secrete Manager Secrets'. Link/Clarify.
@@ -25,7 +25,7 @@ export interface DynamicReferenceProps { | |||
* @see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/dynamic-references.html | |||
*/ | |||
export class DynamicReference extends Construct { | |||
private readonly _value: string; | |||
private _value: string; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should this remain readonly? I don't see it mutated anywhere.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah, it's just that it's a little silly to have it readonly. But sure.
BREAKING CHANGE: rename `secret.toSecretString()` => `secret.secretString`.
public toSecretString() { | ||
this.secretString = this.secretString || new SecretString(this, 'SecretString', { secretId: this.secretArn }); | ||
return this.secretString; | ||
public get secretString() { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would prefer this to be called “toSecretString” because it’s not a property of the secret, but rather a conversion method.
(Like toPipelineAction)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would prefer this to be called “toSecretString” because it’s not a property of the secret
I disagree. It do see it as a property access (like .secretArn
, but instead we access the VALUE of the secret). It just so happens that the value is of a complex type instead of a primitive (like Date
).
It does not create a new resource, nor convert to anything that's used anywhere else in the construct tree. From this complex value object, you're still supposed to take stringValue
or jsonFieldValue
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
OK, makes sense. Thanks for the explanation. What threw me off was the sugar methods stringValue
and jsonFieldValue
.
There are many requests from people to integrate with SSM parameter
store in same way, and in particular to get the latest version of
a parameter.
The mechanisms to get a specific version or the latest version
at deployment time are very different, but both are now supported
by and hidden in the ssm.ParameterStoreString class.
Make the naming around properties that return a (potentially
Tokenized) value consistent. All properties of objects that return
a string value are
stringValue
, all properties of objects tahtreturn a list value are
stringListValue
.Fixes #1587.
BREAKING CHANGE: Rename
parameter.valueAsString
=>parameter.stringValue
, renameparameter.valueAsList
=>parameter.stringListValue
, renamessmParameter.parameterValue
=>ssmParameter.stringValue
orssmParameter.stringListValue
dependingon type, rename
secretString.value
=>secretString.stringValue
.Pull Request Checklist
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license.