Class: AWSCDK::RDS::DatabaseSecret
- Inherits:
-
SecretsManager::Secret
- Object
- SecretsManager::Secret
- AWSCDK::RDS::DatabaseSecret
- Defined in:
- rds/database_secret.rb
Overview
A database secret.
Class Method Summary collapse
- .jsii_overridable_methods ⇒ Object
-
.PROPERTY_INJECTION_ID ⇒ String
Uniquely identifies this class.
Instance Method Summary collapse
-
#add_replica_region(region, encryption_key = nil) ⇒ void
Adds a replica region for the secret.
-
#add_rotation_schedule(id, options) ⇒ AWSCDK::SecretsManager::RotationSchedule
Adds a rotation schedule to the secret.
-
#add_to_resource_policy(statement) ⇒ AWSCDK::IAM::AddToResourcePolicyResult
Adds a statement to the IAM resource policy associated with this secret.
-
#apply_cross_stack_reference_strength(strength) ⇒ void
Override the cross-stack reference strength for this resource.
-
#apply_removal_policy(policy) ⇒ void
Apply the given removal policy to this resource.
-
#arn_for_policies ⇒ String
Provides an identifier for this secret for use in IAM policies.
-
#attach(target) ⇒ AWSCDK::SecretsManager::ISecret
Attach a target to this secret.
- #auto_create_policy ⇒ Boolean
-
#cfn_dynamic_reference_key(options = nil) ⇒ String
Returns a key which can be used within an AWS CloudFormation dynamic reference to dynamically load this secret from AWS Secrets Manager.
-
#deny_account_root_delete ⇒ void
Denies the
DeleteSecretaction to all principals within the current account. -
#encryption_key ⇒ AWSCDK::KMS::IKey?
The customer-managed encryption key that is used to encrypt this secret, if any.
-
#env ⇒ AWSCDK::Interfaces::ResourceEnvironment
The environment this resource belongs to.
-
#exclude_characters ⇒ String?
The string of the characters that are excluded in this secret when it is generated.
- #generate_physical_name ⇒ String
-
#get_resource_arn_attribute(arn_attr, arn_components) ⇒ String
Returns an environment-sensitive token that should be used for the resource's "ARN" attribute (e.g.
bucket.bucketArn). -
#get_resource_name_attribute(name_attr) ⇒ String
Returns an environment-sensitive token that should be used for the resource's "name" attribute (e.g.
bucket.bucketName). -
#grant_read(grantee, version_stages = nil) ⇒ AWSCDK::IAM::Grant
[disable-awslint:no-grants].
-
#grant_write(grantee) ⇒ AWSCDK::IAM::Grant
[disable-awslint:no-grants].
-
#initialize(scope, id, props) ⇒ DatabaseSecret
constructor
A new instance of DatabaseSecret.
-
#node ⇒ Constructs::Node
The tree node.
-
#physical_name ⇒ String
Returns a string-encoded token that resolves to the physical name that should be passed to the CloudFormation resource.
-
#secret_arn ⇒ String
The ARN of the secret in AWS Secrets Manager.
-
#secret_full_arn ⇒ String?
The full ARN of the secret in AWS Secrets Manager, which is the ARN including the Secrets Manager-supplied 6-character suffix.
-
#secret_name ⇒ String
The name of the secret.
-
#secret_ref ⇒ AWSCDK::Interfaces::AWSSecretsmanager::SecretReference
A reference to a Secret resource.
-
#secret_value ⇒ AWSCDK::SecretValue
Retrieve the value of the stored secret as a
SecretValue. -
#secret_value_from_json(json_field) ⇒ AWSCDK::SecretValue
Interpret the secret as a JSON object and return a field's value from it as a
SecretValue. -
#stack ⇒ AWSCDK::Stack
The stack in which this resource is defined.
-
#to_string ⇒ String
Returns a string representation of this construct.
-
#with(*mixins) ⇒ Constructs::IConstruct
Applies one or more mixins to this construct.
Constructor Details
#initialize(scope, id, props) ⇒ DatabaseSecret
Returns a new instance of DatabaseSecret.
11 12 13 14 15 16 17 |
# File 'rds/database_secret.rb', line 11 def initialize(scope, id, props) props = props.is_a?(Hash) ? ::AWSCDK::RDS::DatabaseSecretProps.new(**props.transform_keys(&:to_sym)) : props Jsii::Type.check_type(scope, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJjb25zdHJ1Y3RzLkNvbnN0cnVjdCJ9")), "scope") Jsii::Type.check_type(id, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "id") Jsii::Type.check_type(props, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfcmRzLkRhdGFiYXNlU2VjcmV0UHJvcHMifQ==")), "props") Jsii::Object.instance_method(:initialize).bind(self).call(scope, id, props) end |
Class Method Details
.jsii_overridable_methods ⇒ Object
19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 |
# File 'rds/database_secret.rb', line 19 def self.jsii_overridable_methods { :node => { kind: :property, name: "node", is_optional: false }, :env => { kind: :property, name: "env", is_optional: false }, :physical_name => { kind: :property, name: "physicalName", is_optional: false }, :stack => { kind: :property, name: "stack", is_optional: false }, :arn_for_policies => { kind: :property, name: "arnForPolicies", is_optional: false }, :auto_create_policy => { kind: :property, name: "autoCreatePolicy", is_optional: false }, :secret_arn => { kind: :property, name: "secretArn", is_optional: false }, :secret_name => { kind: :property, name: "secretName", is_optional: false }, :secret_ref => { kind: :property, name: "secretRef", is_optional: false }, :secret_value => { kind: :property, name: "secretValue", is_optional: false }, :encryption_key => { kind: :property, name: "encryptionKey", is_optional: true }, :exclude_characters => { kind: :property, name: "excludeCharacters", is_optional: true }, :secret_full_arn => { kind: :property, name: "secretFullArn", is_optional: true }, :to_string => { kind: :method, name: "toString", is_optional: false }, :with => { kind: :method, name: "with", is_optional: false }, :apply_cross_stack_reference_strength => { kind: :method, name: "applyCrossStackReferenceStrength", is_optional: false }, :apply_removal_policy => { kind: :method, name: "applyRemovalPolicy", is_optional: false }, :generate_physical_name => { kind: :method, name: "generatePhysicalName", is_optional: false }, :get_resource_arn_attribute => { kind: :method, name: "getResourceArnAttribute", is_optional: false }, :get_resource_name_attribute => { kind: :method, name: "getResourceNameAttribute", is_optional: false }, :add_replica_region => { kind: :method, name: "addReplicaRegion", is_optional: false }, :add_rotation_schedule => { kind: :method, name: "addRotationSchedule", is_optional: false }, :add_to_resource_policy => { kind: :method, name: "addToResourcePolicy", is_optional: false }, :attach => { kind: :method, name: "attach", is_optional: false }, :cfn_dynamic_reference_key => { kind: :method, name: "cfnDynamicReferenceKey", is_optional: false }, :deny_account_root_delete => { kind: :method, name: "denyAccountRootDelete", is_optional: false }, :grant_read => { kind: :method, name: "grantRead", is_optional: false }, :grant_write => { kind: :method, name: "grantWrite", is_optional: false }, :secret_value_from_json => { kind: :method, name: "secretValueFromJson", is_optional: false }, } end |
.PROPERTY_INJECTION_ID ⇒ String
Uniquely identifies this class.
99 100 101 |
# File 'rds/database_secret.rb', line 99 def self.PROPERTY_INJECTION_ID() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_rds.DatabaseSecret", "PROPERTY_INJECTION_ID") end |
Instance Method Details
#add_replica_region(region, encryption_key = nil) ⇒ void
This method returns an undefined value.
Adds a replica region for the secret.
274 275 276 277 278 |
# File 'rds/database_secret.rb', line 274 def add_replica_region(region, encryption_key = nil) Jsii::Type.check_type(region, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "region") Jsii::Type.check_type(encryption_key, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5pbnRlcmZhY2VzLmF3c19rbXMuSUtleVJlZiJ9")), "encryptionKey") unless encryption_key.nil? jsii_call_method("addReplicaRegion", [region, encryption_key]) end |
#add_rotation_schedule(id, options) ⇒ AWSCDK::SecretsManager::RotationSchedule
Adds a rotation schedule to the secret.
285 286 287 288 289 290 |
# File 'rds/database_secret.rb', line 285 def add_rotation_schedule(id, ) Jsii::Type.check_type(id, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "id") = .is_a?(Hash) ? ::AWSCDK::SecretsManager::RotationScheduleOptions.new(**.transform_keys(&:to_sym)) : Jsii::Type.check_type(, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3Nfc2VjcmV0c21hbmFnZXIuUm90YXRpb25TY2hlZHVsZU9wdGlvbnMifQ==")), "options") jsii_call_method("addRotationSchedule", [id, ]) end |
#add_to_resource_policy(statement) ⇒ AWSCDK::IAM::AddToResourcePolicyResult
Adds a statement to the IAM resource policy associated with this secret.
If this secret was created in this stack, a resource policy will be
automatically created upon the first call to add_to_resource_policy. If
the secret is imported, then this is a no-op.
300 301 302 303 |
# File 'rds/database_secret.rb', line 300 def add_to_resource_policy(statement) Jsii::Type.check_type(statement, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfaWFtLlBvbGljeVN0YXRlbWVudCJ9")), "statement") jsii_call_method("addToResourcePolicy", [statement]) end |
#apply_cross_stack_reference_strength(strength) ⇒ void
This method returns an undefined value.
Override the cross-stack reference strength for this resource.
When set, any cross-stack reference to this resource will use the specified
mechanism instead of the global default determined by the
@aws-cdk/core:defaultCrossStackReferences context key. This is useful for
selectively weakening specific references to avoid the "deadly embrace" problem
without changing the app-wide default.
212 213 214 215 |
# File 'rds/database_secret.rb', line 212 def apply_cross_stack_reference_strength(strength) Jsii::Type.check_type(strength, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5SZWZlcmVuY2VTdHJlbmd0aCJ9")), "strength") jsii_call_method("applyCrossStackReferenceStrength", [strength]) end |
#apply_removal_policy(policy) ⇒ void
This method returns an undefined value.
Apply the given removal policy to this resource.
The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced.
The resource can be deleted (RemovalPolicy.DESTROY), or left in your AWS
account for data recovery and cleanup later (RemovalPolicy.RETAIN).
229 230 231 232 |
# File 'rds/database_secret.rb', line 229 def apply_removal_policy(policy) Jsii::Type.check_type(policy, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5SZW1vdmFsUG9saWN5In0=")), "policy") jsii_call_method("applyRemovalPolicy", [policy]) end |
#arn_for_policies ⇒ String
Provides an identifier for this secret for use in IAM policies.
If there is a full ARN, this is just the ARN; if we have a partial ARN -- due to either importing by secret name or partial ARN -- then we need to add a suffix to capture the full ARN's format.
110 111 112 |
# File 'rds/database_secret.rb', line 110 def arn_for_policies() jsii_get_property("arnForPolicies") end |
#attach(target) ⇒ AWSCDK::SecretsManager::ISecret
Attach a target to this secret.
309 310 311 312 |
# File 'rds/database_secret.rb', line 309 def attach(target) Jsii::Type.check_type(target, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3Nfc2VjcmV0c21hbmFnZXIuSVNlY3JldEF0dGFjaG1lbnRUYXJnZXQifQ==")), "target") jsii_call_method("attach", [target]) end |
#auto_create_policy ⇒ Boolean
115 116 117 |
# File 'rds/database_secret.rb', line 115 def auto_create_policy() jsii_get_property("autoCreatePolicy") end |
#cfn_dynamic_reference_key(options = nil) ⇒ String
Returns a key which can be used within an AWS CloudFormation dynamic reference to dynamically load this secret from AWS Secrets Manager.
319 320 321 322 323 |
# File 'rds/database_secret.rb', line 319 def cfn_dynamic_reference_key( = nil) = .is_a?(Hash) ? ::AWSCDK::SecretsManagerSecretOptions.new(**.transform_keys(&:to_sym)) : Jsii::Type.check_type(, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5TZWNyZXRzTWFuYWdlclNlY3JldE9wdGlvbnMifQ==")), "options") unless .nil? jsii_call_method("cfnDynamicReferenceKey", []) end |
#deny_account_root_delete ⇒ void
This method returns an undefined value.
Denies the DeleteSecret action to all principals within the current account.
328 329 330 |
# File 'rds/database_secret.rb', line 328 def deny_account_root_delete() jsii_call_method("denyAccountRootDelete", []) end |
#encryption_key ⇒ AWSCDK::KMS::IKey?
The customer-managed encryption key that is used to encrypt this secret, if any.
When not specified, the default KMS key for the account and region is being used.
159 160 161 |
# File 'rds/database_secret.rb', line 159 def encryption_key() jsii_get_property("encryptionKey") end |
#env ⇒ AWSCDK::Interfaces::ResourceEnvironment
The environment this resource belongs to.
For resources that are created and managed in a Stack (those created by
creating new class instances like new Role(), new Bucket(), etc.), this
is always the same as the environment of the stack they belong to.
For referenced resources (those obtained from referencing methods like
Role.fromRoleArn(), Bucket.fromBucketName(), etc.), they might be
different than the stack they were imported into.
71 72 73 |
# File 'rds/database_secret.rb', line 71 def env() jsii_get_property("env") end |
#exclude_characters ⇒ String?
The string of the characters that are excluded in this secret when it is generated.
166 167 168 |
# File 'rds/database_secret.rb', line 166 def exclude_characters() jsii_get_property("excludeCharacters") end |
#generate_physical_name ⇒ String
235 236 237 |
# File 'rds/database_secret.rb', line 235 def generate_physical_name() jsii_call_method("generatePhysicalName", []) end |
#get_resource_arn_attribute(arn_attr, arn_components) ⇒ String
Returns an environment-sensitive token that should be used for the resource's "ARN" attribute (e.g. bucket.bucketArn).
Normally, this token will resolve to arn_attr, but if the resource is
referenced across environments, arn_components will be used to synthesize
a concrete ARN with the resource's physical name. Make sure to reference
this.physicalName in arn_components.
249 250 251 252 253 254 |
# File 'rds/database_secret.rb', line 249 def get_resource_arn_attribute(arn_attr, arn_components) Jsii::Type.check_type(arn_attr, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "arnAttr") arn_components = arn_components.is_a?(Hash) ? ::AWSCDK::ARNComponents.new(**arn_components.transform_keys(&:to_sym)) : arn_components Jsii::Type.check_type(arn_components, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5Bcm5Db21wb25lbnRzIn0=")), "arnComponents") jsii_call_method("getResourceArnAttribute", [arn_attr, arn_components]) end |
#get_resource_name_attribute(name_attr) ⇒ String
Returns an environment-sensitive token that should be used for the resource's "name" attribute (e.g. bucket.bucketName).
Normally, this token will resolve to name_attr, but if the resource is
referenced across environments, it will be resolved to this.physicalName,
which will be a concrete name.
264 265 266 267 |
# File 'rds/database_secret.rb', line 264 def get_resource_name_attribute(name_attr) Jsii::Type.check_type(name_attr, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "nameAttr") jsii_call_method("getResourceNameAttribute", [name_attr]) end |
#grant_read(grantee, version_stages = nil) ⇒ AWSCDK::IAM::Grant
[disable-awslint:no-grants].
337 338 339 340 341 |
# File 'rds/database_secret.rb', line 337 def grant_read(grantee, version_stages = nil) Jsii::Type.check_type(grantee, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfaWFtLklHcmFudGFibGUifQ==")), "grantee") Jsii::Type.check_type(version_stages, JSON.parse(Base64.strict_decode64("eyJjb2xsZWN0aW9uIjp7ImVsZW1lbnR0eXBlIjp7InByaW1pdGl2ZSI6InN0cmluZyJ9LCJraW5kIjoiYXJyYXkifX0=")), "versionStages") unless version_stages.nil? jsii_call_method("grantRead", [grantee, version_stages]) end |
#grant_write(grantee) ⇒ AWSCDK::IAM::Grant
[disable-awslint:no-grants].
347 348 349 350 |
# File 'rds/database_secret.rb', line 347 def grant_write(grantee) Jsii::Type.check_type(grantee, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfaWFtLklHcmFudGFibGUifQ==")), "grantee") jsii_call_method("grantWrite", [grantee]) end |
#node ⇒ Constructs::Node
The tree node.
56 57 58 |
# File 'rds/database_secret.rb', line 56 def node() jsii_get_property("node") end |
#physical_name ⇒ String
Returns a string-encoded token that resolves to the physical name that should be passed to the CloudFormation resource.
This value will resolve to one of the following:
- a concrete value (e.g.
"my-awesome-bucket") undefined, when a name should be generated by CloudFormation- a concrete name generated automatically during synthesis, in cross-environment scenarios.
85 86 87 |
# File 'rds/database_secret.rb', line 85 def physical_name() jsii_get_property("physicalName") end |
#secret_arn ⇒ String
The ARN of the secret in AWS Secrets Manager.
Will return the full ARN if available, otherwise a partial arn.
For secrets imported by the deprecated from_secret_name, it will return the secret_name.
125 126 127 |
# File 'rds/database_secret.rb', line 125 def secret_arn() jsii_get_property("secretArn") end |
#secret_full_arn ⇒ String?
The full ARN of the secret in AWS Secrets Manager, which is the ARN including the Secrets Manager-supplied 6-character suffix.
This is equal to secret_arn in most cases, but is undefined when a full ARN is not available (e.g., secrets imported by name).
175 176 177 |
# File 'rds/database_secret.rb', line 175 def secret_full_arn() jsii_get_property("secretFullArn") end |
#secret_name ⇒ String
The name of the secret.
For "owned" secrets, this will be the full resource name (secret name + suffix), unless the '@aws-cdk/aws-secretsmanager:parseOwnedSecretName' feature flag is set.
135 136 137 |
# File 'rds/database_secret.rb', line 135 def secret_name() jsii_get_property("secretName") end |
#secret_ref ⇒ AWSCDK::Interfaces::AWSSecretsmanager::SecretReference
A reference to a Secret resource.
142 143 144 |
# File 'rds/database_secret.rb', line 142 def secret_ref() jsii_get_property("secretRef") end |
#secret_value ⇒ AWSCDK::SecretValue
Retrieve the value of the stored secret as a SecretValue.
149 150 151 |
# File 'rds/database_secret.rb', line 149 def secret_value() jsii_get_property("secretValue") end |
#secret_value_from_json(json_field) ⇒ AWSCDK::SecretValue
Interpret the secret as a JSON object and return a field's value from it as a SecretValue.
356 357 358 359 |
# File 'rds/database_secret.rb', line 356 def secret_value_from_json(json_field) Jsii::Type.check_type(json_field, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "jsonField") jsii_call_method("secretValueFromJson", [json_field]) end |
#stack ⇒ AWSCDK::Stack
The stack in which this resource is defined.
92 93 94 |
# File 'rds/database_secret.rb', line 92 def stack() jsii_get_property("stack") end |
#to_string ⇒ String
Returns a string representation of this construct.
182 183 184 |
# File 'rds/database_secret.rb', line 182 def to_string() jsii_call_method("toString", []) end |
#with(*mixins) ⇒ Constructs::IConstruct
Applies one or more mixins to this construct.
Mixins are applied in order. The list of constructs is captured at the
start of the call, so constructs added by a mixin will not be visited.
Use multiple with() calls if subsequent mixins should apply to added
constructs.
195 196 197 198 199 200 |
# File 'rds/database_secret.rb', line 195 def with(*mixins) mixins.each_with_index do |item, index| Jsii::Type.check_type(item, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJjb25zdHJ1Y3RzLklNaXhpbiJ9")), "mixins[#{index}]") end jsii_call_method("with", [*mixins]) end |