Module: AWSCDK::SecretsManager::ISecretTargetAttachment

Includes:
Interfaces::AWSSecretsmanager::ISecretTargetAttachmentRef, ISecret
Included in:
SecretTargetAttachment
Defined in:
secrets_manager/i_secret_target_attachment.rb

Class Method Summary collapse

Instance Method Summary collapse

Class Method Details

.jsii_overridable_methodsObject



216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
# File 'secrets_manager/i_secret_target_attachment.rb', line 216

def self.jsii_overridable_methods
  {
    :node => { kind: :property, name: "node", is_optional: false },
    :env => { kind: :property, name: "env", is_optional: false },
    :stack => { kind: :property, name: "stack", is_optional: false },
    :secret_ref => { kind: :property, name: "secretRef", is_optional: false },
    :secret_arn => { kind: :property, name: "secretArn", is_optional: false },
    :secret_name => { kind: :property, name: "secretName", is_optional: false },
    :secret_value => { kind: :property, name: "secretValue", is_optional: false },
    :encryption_key => { kind: :property, name: "encryptionKey", is_optional: true },
    :secret_full_arn => { kind: :property, name: "secretFullArn", is_optional: true },
    :secret_target_attachment_ref => { kind: :property, name: "secretTargetAttachmentRef", is_optional: false },
    :secret_target_attachment_secret_arn => { kind: :property, name: "secretTargetAttachmentSecretArn", is_optional: false },
    :with => { kind: :method, name: "with", is_optional: false },
    :apply_removal_policy => { kind: :method, name: "applyRemovalPolicy", is_optional: false },
    :add_rotation_schedule => { kind: :method, name: "addRotationSchedule", is_optional: false },
    :add_to_resource_policy => { kind: :method, name: "addToResourcePolicy", is_optional: false },
    :attach => { kind: :method, name: "attach", is_optional: false },
    :cfn_dynamic_reference_key => { kind: :method, name: "cfnDynamicReferenceKey", is_optional: false },
    :deny_account_root_delete => { kind: :method, name: "denyAccountRootDelete", is_optional: false },
    :grant_read => { kind: :method, name: "grantRead", is_optional: false },
    :grant_write => { kind: :method, name: "grantWrite", is_optional: false },
    :secret_value_from_json => { kind: :method, name: "secretValueFromJson", is_optional: false },
  }
end

Instance Method Details

#add_rotation_schedule(id, options) ⇒ AWSCDK::SecretsManager::RotationSchedule

Adds a rotation schedule to the secret.



140
141
142
143
144
145
# File 'secrets_manager/i_secret_target_attachment.rb', line 140

def add_rotation_schedule(id, options)
  Jsii::Type.check_type(id, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "id")
  options = options.is_a?(Hash) ? ::AWSCDK::SecretsManager::RotationScheduleOptions.new(**options.transform_keys(&:to_sym)) : options
  Jsii::Type.check_type(options, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3Nfc2VjcmV0c21hbmFnZXIuUm90YXRpb25TY2hlZHVsZU9wdGlvbnMifQ==")), "options")
  jsii_call_method("addRotationSchedule", [id, options])
end

#add_to_resource_policy(statement) ⇒ AWSCDK::IAM::AddToResourcePolicyResult

Adds a statement to the IAM resource policy associated with this secret.

If this secret was created in this stack, a resource policy will be automatically created upon the first call to add_to_resource_policy. If the secret is imported, then this is a no-op.



155
156
157
158
# File 'secrets_manager/i_secret_target_attachment.rb', line 155

def add_to_resource_policy(statement)
  Jsii::Type.check_type(statement, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfaWFtLlBvbGljeVN0YXRlbWVudCJ9")), "statement")
  jsii_call_method("addToResourcePolicy", [statement])
end

#apply_removal_policy(policy) ⇒ void

This method returns an undefined value.

Apply the given removal policy to this resource.

The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced.

The resource can be deleted (RemovalPolicy.DESTROY), or left in your AWS account for data recovery and cleanup later (RemovalPolicy.RETAIN).

Parameters:



130
131
132
133
# File 'secrets_manager/i_secret_target_attachment.rb', line 130

def apply_removal_policy(policy)
  Jsii::Type.check_type(policy, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5SZW1vdmFsUG9saWN5In0=")), "policy")
  jsii_call_method("applyRemovalPolicy", [policy])
end

#attach(target) ⇒ AWSCDK::SecretsManager::ISecret

Attach a target to this secret.

Parameters:

Returns:



164
165
166
167
# File 'secrets_manager/i_secret_target_attachment.rb', line 164

def attach(target)
  Jsii::Type.check_type(target, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3Nfc2VjcmV0c21hbmFnZXIuSVNlY3JldEF0dGFjaG1lbnRUYXJnZXQifQ==")), "target")
  jsii_call_method("attach", [target])
end

#cfn_dynamic_reference_key(options = nil) ⇒ String

Returns a key which can be used within an AWS CloudFormation dynamic reference to dynamically load this secret from AWS Secrets Manager.

Parameters:

Returns:

  • (String)

See Also:



174
175
176
177
178
# File 'secrets_manager/i_secret_target_attachment.rb', line 174

def cfn_dynamic_reference_key(options = nil)
  options = options.is_a?(Hash) ? ::AWSCDK::SecretsManagerSecretOptions.new(**options.transform_keys(&:to_sym)) : options
  Jsii::Type.check_type(options, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5TZWNyZXRzTWFuYWdlclNlY3JldE9wdGlvbnMifQ==")), "options") unless options.nil?
  jsii_call_method("cfnDynamicReferenceKey", [options])
end

#deny_account_root_deletevoid

This method returns an undefined value.

Denies the DeleteSecret action to all principals within the current account.



183
184
185
# File 'secrets_manager/i_secret_target_attachment.rb', line 183

def ()
  jsii_call_method("denyAccountRootDelete", [])
end

#encryption_keyAWSCDK::KMS::IKey?

The customer-managed encryption key that is used to encrypt this secret, if any.

When not specified, the default KMS key for the account and region is being used.

Returns:



77
78
79
# File 'secrets_manager/i_secret_target_attachment.rb', line 77

def encryption_key()
  jsii_get_property("encryptionKey")
end

#envAWSCDK::Interfaces::ResourceEnvironment

The environment this resource belongs to.

For resources that are created and managed in a Stack (those created by creating new class instances like new Role(), new Bucket(), etc.), this is always the same as the environment of the stack they belong to.

For referenced resources (those obtained from referencing methods like Role.fromRoleArn(), Bucket.fromBucketName(), etc.), they might be different than the stack they were imported into.



26
27
28
# File 'secrets_manager/i_secret_target_attachment.rb', line 26

def env()
  jsii_get_property("env")
end

#grant_read(grantee, version_stages = nil) ⇒ AWSCDK::IAM::Grant

Grants reading the secret value to some role.

Parameters:

  • grantee (AWSCDK::IAM::IGrantable)

    the principal being granted permission.

  • version_stages (Array<String>, nil) (defaults to: nil)

    the version stages the grant is limited to.

Returns:



192
193
194
195
196
# File 'secrets_manager/i_secret_target_attachment.rb', line 192

def grant_read(grantee, version_stages = nil)
  Jsii::Type.check_type(grantee, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfaWFtLklHcmFudGFibGUifQ==")), "grantee")
  Jsii::Type.check_type(version_stages, JSON.parse(Base64.strict_decode64("eyJjb2xsZWN0aW9uIjp7ImVsZW1lbnR0eXBlIjp7InByaW1pdGl2ZSI6InN0cmluZyJ9LCJraW5kIjoiYXJyYXkifX0=")), "versionStages") unless version_stages.nil?
  jsii_call_method("grantRead", [grantee, version_stages])
end

#grant_write(grantee) ⇒ AWSCDK::IAM::Grant

Grants writing and updating the secret value to some role.

Parameters:

Returns:



202
203
204
205
# File 'secrets_manager/i_secret_target_attachment.rb', line 202

def grant_write(grantee)
  Jsii::Type.check_type(grantee, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfaWFtLklHcmFudGFibGUifQ==")), "grantee")
  jsii_call_method("grantWrite", [grantee])
end

#nodeConstructs::Node

The tree node.

Returns:

  • (Constructs::Node)


11
12
13
# File 'secrets_manager/i_secret_target_attachment.rb', line 11

def node()
  jsii_get_property("node")
end

#secret_arnString

The ARN of the secret in AWS Secrets Manager.

Will return the full ARN if available, otherwise a partial arn. For secrets imported by the deprecated from_secret_name, it will return the secret_name.

Returns:

  • (String)


50
51
52
# File 'secrets_manager/i_secret_target_attachment.rb', line 50

def secret_arn()
  jsii_get_property("secretArn")
end

#secret_full_arnString?

The full ARN of the secret in AWS Secrets Manager, which is the ARN including the Secrets Manager-supplied 6-character suffix.

This is equal to secret_arn in most cases, but is undefined when a full ARN is not available (e.g., secrets imported by name).

Returns:

  • (String, nil)


86
87
88
# File 'secrets_manager/i_secret_target_attachment.rb', line 86

def secret_full_arn()
  jsii_get_property("secretFullArn")
end

#secret_nameString

The name of the secret.

For "owned" secrets, this will be the full resource name (secret name + suffix), unless the '@aws-cdk/aws-secretsmanager:parseOwnedSecretName' feature flag is set.

Returns:

  • (String)


60
61
62
# File 'secrets_manager/i_secret_target_attachment.rb', line 60

def secret_name()
  jsii_get_property("secretName")
end

#secret_refAWSCDK::Interfaces::AWSSecretsmanager::SecretReference

A reference to a Secret resource.



40
41
42
# File 'secrets_manager/i_secret_target_attachment.rb', line 40

def secret_ref()
  jsii_get_property("secretRef")
end

#secret_target_attachment_refAWSCDK::Interfaces::AWSSecretsmanager::SecretTargetAttachmentReference

A reference to a SecretTargetAttachment resource.



93
94
95
# File 'secrets_manager/i_secret_target_attachment.rb', line 93

def secret_target_attachment_ref()
  jsii_get_property("secretTargetAttachmentRef")
end

#secret_target_attachment_secret_arnString

Same as secretArn.

Returns:

  • (String)


100
101
102
# File 'secrets_manager/i_secret_target_attachment.rb', line 100

def secret_target_attachment_secret_arn()
  jsii_get_property("secretTargetAttachmentSecretArn")
end

#secret_valueAWSCDK::SecretValue

Retrieve the value of the stored secret as a SecretValue.

Returns:



67
68
69
# File 'secrets_manager/i_secret_target_attachment.rb', line 67

def secret_value()
  jsii_get_property("secretValue")
end

#secret_value_from_json(key) ⇒ AWSCDK::SecretValue

Interpret the secret as a JSON object and return a field's value from it as a SecretValue.

Parameters:

  • key (String)

Returns:



211
212
213
214
# File 'secrets_manager/i_secret_target_attachment.rb', line 211

def secret_value_from_json(key)
  Jsii::Type.check_type(key, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "key")
  jsii_call_method("secretValueFromJson", [key])
end

#stackAWSCDK::Stack

The stack in which this resource is defined.

Returns:



33
34
35
# File 'secrets_manager/i_secret_target_attachment.rb', line 33

def stack()
  jsii_get_property("stack")
end

#with(*mixins) ⇒ Constructs::IConstruct

Applies one or more mixins to this construct.

Mixins are applied in order. The list of constructs is captured at the start of the call, so constructs added by a mixin will not be visited.

Parameters:

  • mixins (Array<Constructs::IMixin>)

    The mixins to apply.

Returns:

  • (Constructs::IConstruct)

    This construct for chaining



111
112
113
114
115
116
# File 'secrets_manager/i_secret_target_attachment.rb', line 111

def with(*mixins)
  mixins.each_with_index do |item, index|
    Jsii::Type.check_type(item, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJjb25zdHJ1Y3RzLklNaXhpbiJ9")), "mixins[#{index}]")
  end
  jsii_call_method("with", [*mixins])
end