Class: AWSCDK::DocDB::DatabaseSecret

Inherits:
SecretsManager::Secret
  • Object
show all
Defined in:
doc_db/database_secret.rb

Overview

A database secret.

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(scope, id, props) ⇒ DatabaseSecret

Returns a new instance of DatabaseSecret.

Parameters:



11
12
13
14
15
16
17
# File 'doc_db/database_secret.rb', line 11

def initialize(scope, id, props)
  props = props.is_a?(Hash) ? ::AWSCDK::DocDB::DatabaseSecretProps.new(**props.transform_keys(&:to_sym)) : props
  Jsii::Type.check_type(scope, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJjb25zdHJ1Y3RzLkNvbnN0cnVjdCJ9")), "scope")
  Jsii::Type.check_type(id, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "id")
  Jsii::Type.check_type(props, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfZG9jZGIuRGF0YWJhc2VTZWNyZXRQcm9wcyJ9")), "props")
  Jsii::Object.instance_method(:initialize).bind(self).call(scope, id, props)
end

Class Method Details

.jsii_overridable_methodsObject



19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
# File 'doc_db/database_secret.rb', line 19

def self.jsii_overridable_methods
  {
    :node => { kind: :property, name: "node", is_optional: false },
    :env => { kind: :property, name: "env", is_optional: false },
    :physical_name => { kind: :property, name: "physicalName", is_optional: false },
    :stack => { kind: :property, name: "stack", is_optional: false },
    :arn_for_policies => { kind: :property, name: "arnForPolicies", is_optional: false },
    :auto_create_policy => { kind: :property, name: "autoCreatePolicy", is_optional: false },
    :secret_arn => { kind: :property, name: "secretArn", is_optional: false },
    :secret_name => { kind: :property, name: "secretName", is_optional: false },
    :secret_ref => { kind: :property, name: "secretRef", is_optional: false },
    :secret_value => { kind: :property, name: "secretValue", is_optional: false },
    :encryption_key => { kind: :property, name: "encryptionKey", is_optional: true },
    :exclude_characters => { kind: :property, name: "excludeCharacters", is_optional: true },
    :secret_full_arn => { kind: :property, name: "secretFullArn", is_optional: true },
    :to_string => { kind: :method, name: "toString", is_optional: false },
    :with => { kind: :method, name: "with", is_optional: false },
    :apply_cross_stack_reference_strength => { kind: :method, name: "applyCrossStackReferenceStrength", is_optional: false },
    :apply_removal_policy => { kind: :method, name: "applyRemovalPolicy", is_optional: false },
    :generate_physical_name => { kind: :method, name: "generatePhysicalName", is_optional: false },
    :get_resource_arn_attribute => { kind: :method, name: "getResourceArnAttribute", is_optional: false },
    :get_resource_name_attribute => { kind: :method, name: "getResourceNameAttribute", is_optional: false },
    :add_replica_region => { kind: :method, name: "addReplicaRegion", is_optional: false },
    :add_rotation_schedule => { kind: :method, name: "addRotationSchedule", is_optional: false },
    :add_to_resource_policy => { kind: :method, name: "addToResourcePolicy", is_optional: false },
    :attach => { kind: :method, name: "attach", is_optional: false },
    :cfn_dynamic_reference_key => { kind: :method, name: "cfnDynamicReferenceKey", is_optional: false },
    :deny_account_root_delete => { kind: :method, name: "denyAccountRootDelete", is_optional: false },
    :grant_read => { kind: :method, name: "grantRead", is_optional: false },
    :grant_write => { kind: :method, name: "grantWrite", is_optional: false },
    :secret_value_from_json => { kind: :method, name: "secretValueFromJson", is_optional: false },
  }
end

.PROPERTY_INJECTION_IDString

Uniquely identifies this class.

Returns:

  • (String)


99
100
101
# File 'doc_db/database_secret.rb', line 99

def self.PROPERTY_INJECTION_ID()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_docdb.DatabaseSecret", "PROPERTY_INJECTION_ID")
end

Instance Method Details

#add_replica_region(region, encryption_key = nil) ⇒ void

This method returns an undefined value.

Adds a replica region for the secret.

Parameters:

  • region (String)

    The name of the region.

  • encryption_key (AWSCDK::Interfaces::AWSKMS::IKeyRef, nil) (defaults to: nil)

    The customer-managed encryption key to use for encrypting the secret value.



274
275
276
277
278
# File 'doc_db/database_secret.rb', line 274

def add_replica_region(region, encryption_key = nil)
  Jsii::Type.check_type(region, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "region")
  Jsii::Type.check_type(encryption_key, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5pbnRlcmZhY2VzLmF3c19rbXMuSUtleVJlZiJ9")), "encryptionKey") unless encryption_key.nil?
  jsii_call_method("addReplicaRegion", [region, encryption_key])
end

#add_rotation_schedule(id, options) ⇒ AWSCDK::SecretsManager::RotationSchedule

Adds a rotation schedule to the secret.



285
286
287
288
289
290
# File 'doc_db/database_secret.rb', line 285

def add_rotation_schedule(id, options)
  Jsii::Type.check_type(id, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "id")
  options = options.is_a?(Hash) ? ::AWSCDK::SecretsManager::RotationScheduleOptions.new(**options.transform_keys(&:to_sym)) : options
  Jsii::Type.check_type(options, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3Nfc2VjcmV0c21hbmFnZXIuUm90YXRpb25TY2hlZHVsZU9wdGlvbnMifQ==")), "options")
  jsii_call_method("addRotationSchedule", [id, options])
end

#add_to_resource_policy(statement) ⇒ AWSCDK::IAM::AddToResourcePolicyResult

Adds a statement to the IAM resource policy associated with this secret.

If this secret was created in this stack, a resource policy will be automatically created upon the first call to add_to_resource_policy. If the secret is imported, then this is a no-op.



300
301
302
303
# File 'doc_db/database_secret.rb', line 300

def add_to_resource_policy(statement)
  Jsii::Type.check_type(statement, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfaWFtLlBvbGljeVN0YXRlbWVudCJ9")), "statement")
  jsii_call_method("addToResourcePolicy", [statement])
end

#apply_cross_stack_reference_strength(strength) ⇒ void

This method returns an undefined value.

Override the cross-stack reference strength for this resource.

When set, any cross-stack reference to this resource will use the specified mechanism instead of the global default determined by the @aws-cdk/core:defaultCrossStackReferences context key. This is useful for selectively weakening specific references to avoid the "deadly embrace" problem without changing the app-wide default.

Parameters:



212
213
214
215
# File 'doc_db/database_secret.rb', line 212

def apply_cross_stack_reference_strength(strength)
  Jsii::Type.check_type(strength, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5SZWZlcmVuY2VTdHJlbmd0aCJ9")), "strength")
  jsii_call_method("applyCrossStackReferenceStrength", [strength])
end

#apply_removal_policy(policy) ⇒ void

This method returns an undefined value.

Apply the given removal policy to this resource.

The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced.

The resource can be deleted (RemovalPolicy.DESTROY), or left in your AWS account for data recovery and cleanup later (RemovalPolicy.RETAIN).

Parameters:



229
230
231
232
# File 'doc_db/database_secret.rb', line 229

def apply_removal_policy(policy)
  Jsii::Type.check_type(policy, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5SZW1vdmFsUG9saWN5In0=")), "policy")
  jsii_call_method("applyRemovalPolicy", [policy])
end

#arn_for_policiesString

Provides an identifier for this secret for use in IAM policies.

If there is a full ARN, this is just the ARN; if we have a partial ARN -- due to either importing by secret name or partial ARN -- then we need to add a suffix to capture the full ARN's format.

Returns:

  • (String)


110
111
112
# File 'doc_db/database_secret.rb', line 110

def arn_for_policies()
  jsii_get_property("arnForPolicies")
end

#attach(target) ⇒ AWSCDK::SecretsManager::ISecret

Attach a target to this secret.

Parameters:

Returns:



309
310
311
312
# File 'doc_db/database_secret.rb', line 309

def attach(target)
  Jsii::Type.check_type(target, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3Nfc2VjcmV0c21hbmFnZXIuSVNlY3JldEF0dGFjaG1lbnRUYXJnZXQifQ==")), "target")
  jsii_call_method("attach", [target])
end

#auto_create_policyBoolean

Returns:

  • (Boolean)


115
116
117
# File 'doc_db/database_secret.rb', line 115

def auto_create_policy()
  jsii_get_property("autoCreatePolicy")
end

#cfn_dynamic_reference_key(options = nil) ⇒ String

Returns a key which can be used within an AWS CloudFormation dynamic reference to dynamically load this secret from AWS Secrets Manager.

Parameters:

Returns:

  • (String)

See Also:



319
320
321
322
323
# File 'doc_db/database_secret.rb', line 319

def cfn_dynamic_reference_key(options = nil)
  options = options.is_a?(Hash) ? ::AWSCDK::SecretsManagerSecretOptions.new(**options.transform_keys(&:to_sym)) : options
  Jsii::Type.check_type(options, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5TZWNyZXRzTWFuYWdlclNlY3JldE9wdGlvbnMifQ==")), "options") unless options.nil?
  jsii_call_method("cfnDynamicReferenceKey", [options])
end

#deny_account_root_deletevoid

This method returns an undefined value.

Denies the DeleteSecret action to all principals within the current account.



328
329
330
# File 'doc_db/database_secret.rb', line 328

def ()
  jsii_call_method("denyAccountRootDelete", [])
end

#encryption_keyAWSCDK::KMS::IKey?

The customer-managed encryption key that is used to encrypt this secret, if any.

When not specified, the default KMS key for the account and region is being used.

Returns:



159
160
161
# File 'doc_db/database_secret.rb', line 159

def encryption_key()
  jsii_get_property("encryptionKey")
end

#envAWSCDK::Interfaces::ResourceEnvironment

The environment this resource belongs to.

For resources that are created and managed in a Stack (those created by creating new class instances like new Role(), new Bucket(), etc.), this is always the same as the environment of the stack they belong to.

For referenced resources (those obtained from referencing methods like Role.fromRoleArn(), Bucket.fromBucketName(), etc.), they might be different than the stack they were imported into.



71
72
73
# File 'doc_db/database_secret.rb', line 71

def env()
  jsii_get_property("env")
end

#exclude_charactersString?

The string of the characters that are excluded in this secret when it is generated.

Returns:

  • (String, nil)


166
167
168
# File 'doc_db/database_secret.rb', line 166

def exclude_characters()
  jsii_get_property("excludeCharacters")
end

#generate_physical_nameString

Returns:

  • (String)


235
236
237
# File 'doc_db/database_secret.rb', line 235

def generate_physical_name()
  jsii_call_method("generatePhysicalName", [])
end

#get_resource_arn_attribute(arn_attr, arn_components) ⇒ String

Returns an environment-sensitive token that should be used for the resource's "ARN" attribute (e.g. bucket.bucketArn).

Normally, this token will resolve to arn_attr, but if the resource is referenced across environments, arn_components will be used to synthesize a concrete ARN with the resource's physical name. Make sure to reference this.physicalName in arn_components.

Parameters:

  • arn_attr (String)

    The CFN attribute which resolves to the ARN of the resource.

  • arn_components (AWSCDK::ARNComponents)

    The format of the ARN of this resource.

Returns:

  • (String)


249
250
251
252
253
254
# File 'doc_db/database_secret.rb', line 249

def get_resource_arn_attribute(arn_attr, arn_components)
  Jsii::Type.check_type(arn_attr, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "arnAttr")
  arn_components = arn_components.is_a?(Hash) ? ::AWSCDK::ARNComponents.new(**arn_components.transform_keys(&:to_sym)) : arn_components
  Jsii::Type.check_type(arn_components, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5Bcm5Db21wb25lbnRzIn0=")), "arnComponents")
  jsii_call_method("getResourceArnAttribute", [arn_attr, arn_components])
end

#get_resource_name_attribute(name_attr) ⇒ String

Returns an environment-sensitive token that should be used for the resource's "name" attribute (e.g. bucket.bucketName).

Normally, this token will resolve to name_attr, but if the resource is referenced across environments, it will be resolved to this.physicalName, which will be a concrete name.

Parameters:

  • name_attr (String)

    The CFN attribute which resolves to the resource's name.

Returns:

  • (String)


264
265
266
267
# File 'doc_db/database_secret.rb', line 264

def get_resource_name_attribute(name_attr)
  Jsii::Type.check_type(name_attr, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "nameAttr")
  jsii_call_method("getResourceNameAttribute", [name_attr])
end

#grant_read(grantee, version_stages = nil) ⇒ AWSCDK::IAM::Grant

[disable-awslint:no-grants].

Parameters:

Returns:



337
338
339
340
341
# File 'doc_db/database_secret.rb', line 337

def grant_read(grantee, version_stages = nil)
  Jsii::Type.check_type(grantee, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfaWFtLklHcmFudGFibGUifQ==")), "grantee")
  Jsii::Type.check_type(version_stages, JSON.parse(Base64.strict_decode64("eyJjb2xsZWN0aW9uIjp7ImVsZW1lbnR0eXBlIjp7InByaW1pdGl2ZSI6InN0cmluZyJ9LCJraW5kIjoiYXJyYXkifX0=")), "versionStages") unless version_stages.nil?
  jsii_call_method("grantRead", [grantee, version_stages])
end

#grant_write(grantee) ⇒ AWSCDK::IAM::Grant

[disable-awslint:no-grants].

Parameters:

Returns:



347
348
349
350
# File 'doc_db/database_secret.rb', line 347

def grant_write(grantee)
  Jsii::Type.check_type(grantee, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfaWFtLklHcmFudGFibGUifQ==")), "grantee")
  jsii_call_method("grantWrite", [grantee])
end

#nodeConstructs::Node

The tree node.

Returns:

  • (Constructs::Node)


56
57
58
# File 'doc_db/database_secret.rb', line 56

def node()
  jsii_get_property("node")
end

#physical_nameString

Returns a string-encoded token that resolves to the physical name that should be passed to the CloudFormation resource.

This value will resolve to one of the following:

  • a concrete value (e.g. "my-awesome-bucket")
  • undefined, when a name should be generated by CloudFormation
  • a concrete name generated automatically during synthesis, in cross-environment scenarios.

Returns:

  • (String)


85
86
87
# File 'doc_db/database_secret.rb', line 85

def physical_name()
  jsii_get_property("physicalName")
end

#secret_arnString

The ARN of the secret in AWS Secrets Manager.

Will return the full ARN if available, otherwise a partial arn. For secrets imported by the deprecated from_secret_name, it will return the secret_name.

Returns:

  • (String)


125
126
127
# File 'doc_db/database_secret.rb', line 125

def secret_arn()
  jsii_get_property("secretArn")
end

#secret_full_arnString?

The full ARN of the secret in AWS Secrets Manager, which is the ARN including the Secrets Manager-supplied 6-character suffix.

This is equal to secret_arn in most cases, but is undefined when a full ARN is not available (e.g., secrets imported by name).

Returns:

  • (String, nil)


175
176
177
# File 'doc_db/database_secret.rb', line 175

def secret_full_arn()
  jsii_get_property("secretFullArn")
end

#secret_nameString

The name of the secret.

For "owned" secrets, this will be the full resource name (secret name + suffix), unless the '@aws-cdk/aws-secretsmanager:parseOwnedSecretName' feature flag is set.

Returns:

  • (String)


135
136
137
# File 'doc_db/database_secret.rb', line 135

def secret_name()
  jsii_get_property("secretName")
end

#secret_refAWSCDK::Interfaces::AWSSecretsmanager::SecretReference

A reference to a Secret resource.



142
143
144
# File 'doc_db/database_secret.rb', line 142

def secret_ref()
  jsii_get_property("secretRef")
end

#secret_valueAWSCDK::SecretValue

Retrieve the value of the stored secret as a SecretValue.

Returns:



149
150
151
# File 'doc_db/database_secret.rb', line 149

def secret_value()
  jsii_get_property("secretValue")
end

#secret_value_from_json(json_field) ⇒ AWSCDK::SecretValue

Interpret the secret as a JSON object and return a field's value from it as a SecretValue.

Parameters:

  • json_field (String)

Returns:



356
357
358
359
# File 'doc_db/database_secret.rb', line 356

def secret_value_from_json(json_field)
  Jsii::Type.check_type(json_field, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "jsonField")
  jsii_call_method("secretValueFromJson", [json_field])
end

#stackAWSCDK::Stack

The stack in which this resource is defined.

Returns:



92
93
94
# File 'doc_db/database_secret.rb', line 92

def stack()
  jsii_get_property("stack")
end

#to_stringString

Returns a string representation of this construct.

Returns:

  • (String)


182
183
184
# File 'doc_db/database_secret.rb', line 182

def to_string()
  jsii_call_method("toString", [])
end

#with(*mixins) ⇒ Constructs::IConstruct

Applies one or more mixins to this construct.

Mixins are applied in order. The list of constructs is captured at the start of the call, so constructs added by a mixin will not be visited. Use multiple with() calls if subsequent mixins should apply to added constructs.

Parameters:

  • mixins (Array<Constructs::IMixin>)

Returns:

  • (Constructs::IConstruct)


195
196
197
198
199
200
# File 'doc_db/database_secret.rb', line 195

def with(*mixins)
  mixins.each_with_index do |item, index|
    Jsii::Type.check_type(item, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJjb25zdHJ1Y3RzLklNaXhpbiJ9")), "mixins[#{index}]")
  end
  jsii_call_method("with", [*mixins])
end