feat(secretsmanager): add grantUpdate method

[ialford]

This creates the grantUpdate method to give an iam.IGrantable the ability to update a secret in Secrets Manager.

I opted to move it out from the grantWrite method, as there may be cases where we want something to write an initial value, but not change it later on. This decision could be reversed if it seems too granular or too much of an edge-case.

Closes #8491

---

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

[skinny85]

Thanks for the PR @ialford !

Can I propose a slightly different take on this? Can you add 'secretsmanager:UpdateSecret' permission to the existing grantWrite() method, instead of a creating new one?

Thanks,
Adam

[ialford]

Thanks for the PR @ialford !

Can I propose a slightly different take on this? Can you add 'secretsmanager:UpdateSecret' permission to the existing grantWrite() method, instead of a creating new one?

Thanks,
Adam

Sure, no problem. I wasn't sure which was the better route to take, as I could see use cases for both. I'll push up a revision soon.

Pull request has been modified.

[ialford]

@skinny85 ,

I've updated as requested. Feel free to review when able.

[skinny85]

Thanks for the contribution @ialford !

[mergify]

Thank you for contributing! Your pull request will be updated from master and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

[aws-cdk-automation]

AWS CodeBuild CI Report

• CodeBuild project: AutoBuildProject6AEA49D1-qxepHUsryhcu
• Commit ID: ff15172
• Result: SUCCEEDED
• Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

[mergify]

Thank you for contributing! Your pull request will be updated from master and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).