@gradientedge/cdk-utils 8.98.0 → 8.99.1

package/dist/src/lib/services/aws/secrets-manager/main.d.ts

@@ -1,4 +1,3 @@
-import { SecretsManager as SM } from '@aws-sdk/client-secrets-manager';
 import * as cdk from 'aws-cdk-lib';
 import * as secretsManager from 'aws-cdk-lib/aws-secretsmanager';
 import { CommonConstruct } from '../../../common';
@@ -20,16 +19,12 @@ import { CommonConstruct } from '../../../common';
  */
 export declare class SecretsManager {
     /**
-     *
-     * @param region
-     */
-    getAwsSecretsManager(region: string): SM;
-    /**
-     * @summary Method to load a secret from secrets manager
-     * @param secretName
-     * @param region
+     * @summary Method to create a secret
+     * @param id scoped id of the resource
+     * @param scope scope in which this resource is defined
+     * @param props the secret properties
      */
-    loadSecret(secretName: string, region: string): Promise<any>;
+    createSecret(id: string, scope: CommonConstruct, props: secretsManager.SecretProps): cdk.aws_secretsmanager.Secret;
     /**
      * @summary Method to retrieve a secret from secrets manager with a cloudformation export
      * @param id
@@ -39,10 +34,10 @@ export declare class SecretsManager {
      */
     retrieveSecretFromSecretsManager(id: string, scope: CommonConstruct, stackName: string, exportName: string): cdk.aws_secretsmanager.ISecret;
     /**
-     * @summary Method to create a secret
-     * @param id scoped id of the resource
+     * @summary Method to resolve secret value from a secret using AWS SDK
      * @param scope scope in which this resource is defined
-     * @param props the secret properties
+     * @param secretId the secret name/ARN
+     * @param secretKey the secret key to resolve the value for
      */
-    createSecret(id: string, scope: CommonConstruct, props: secretsManager.SecretProps): cdk.aws_secretsmanager.Secret;
+    resolveSecretValue(scope: CommonConstruct, secretId: string, secretKey: string): Promise<any>;
 }

package/dist/src/lib/services/aws/secrets-manager/main.js

@@ -46,21 +46,19 @@ const utils = __importStar(require("../../../utils"));
  */
 class SecretsManager {
     /**
-     *
-     * @param region
-     */
-    getAwsSecretsManager(region) {
-        return new client_secrets_manager_1.SecretsManager({ region: region });
-    }
-    /**
-     * @summary Method to load a secret from secrets manager
-     * @param secretName
-     * @param region
+     * @summary Method to create a secret
+     * @param id scoped id of the resource
+     * @param scope scope in which this resource is defined
+     * @param props the secret properties
      */
-    async loadSecret(secretName, region) {
-        const secretsManager = this.getAwsSecretsManager(region);
-        const secret = await Promise.all([secretsManager.getSecretValue({ SecretId: secretName })]);
-        return secret ? JSON.parse(secret[0].SecretString) : {};
+    createSecret(id, scope, props) {
+        const secret = new secretsManager.Secret(scope, `${id}`, {
+            ...props,
+            secretName: `${props.secretName}-${scope.props.stage}`,
+        });
+        utils.createCfnOutput(`${id}-secretName`, scope, secret.secretName);
+        utils.createCfnOutput(`${id}-secretArn`, scope, secret.secretArn);
+        return secret;
     }
     /**
      * @summary Method to retrieve a secret from secrets manager with a cloudformation export
@@ -73,19 +71,24 @@ class SecretsManager {
         return secretsManager.Secret.fromSecretNameV2(scope, `${id}`, cdk.Fn.importValue(`${stackName}-${scope.props.stage}-${exportName}`));
     }
     /**
-     * @summary Method to create a secret
-     * @param id scoped id of the resource
+     * @summary Method to resolve secret value from a secret using AWS SDK
      * @param scope scope in which this resource is defined
-     * @param props the secret properties
+     * @param secretId the secret name/ARN
+     * @param secretKey the secret key to resolve the value for
      */
-    createSecret(id, scope, props) {
-        const secret = new secretsManager.Secret(scope, `${id}`, {
-            ...props,
-            secretName: `${props.secretName}-${scope.props.stage}`,
+    async resolveSecretValue(scope, secretId, secretKey) {
+        const client = new client_secrets_manager_1.SecretsManagerClient({
+            credentials: utils.determineCredentials(),
+            region: scope.props.region,
         });
-        utils.createCfnOutput(`${id}-secretName`, scope, secret.secretName);
-        utils.createCfnOutput(`${id}-secretArn`, scope, secret.secretArn);
-        return secret;
+        const command = new client_secrets_manager_1.GetSecretValueCommand({
+            SecretId: secretId,
+        });
+        const response = await client.send(command);
+        if (!response.SecretString)
+            throw `Unable to resolve secret for ${secretId}`;
+        const secretString = JSON.parse(response.SecretString);
+        return secretString[secretKey];
     }
 }
 exports.SecretsManager = SecretsManager;

package/dist/src/lib/utils/aws/index.d.ts

@@ -1,5 +1,6 @@
 import * as cdk from 'aws-cdk-lib';
 import { CommonConstruct } from '../../common';
+import { AwsCredentialIdentityProvider } from '@aws-sdk/types';
 /**
  * @summary Helper method to add CloudFormation outputs from the construct
  * @param id scoped id of the resource
@@ -10,3 +11,4 @@ import { CommonConstruct } from '../../common';
  * @returns The CloudFormation output
  */
 export declare function createCfnOutput(id: string, scope: CommonConstruct, value?: string, description?: string, overrideId?: boolean): cdk.CfnOutput;
+export declare function determineCredentials(): AwsCredentialIdentityProvider;

package/dist/src/lib/utils/aws/index.js

@@ -23,9 +23,10 @@ var __importStar = (this && this.__importStar) || function (mod) {
     return result;
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.createCfnOutput = void 0;
+exports.determineCredentials = exports.createCfnOutput = void 0;
 const cdk = __importStar(require("aws-cdk-lib"));
 const _ = __importStar(require("lodash"));
+const credential_providers_1 = require("@aws-sdk/credential-providers");
 /**
  * @summary Helper method to add CloudFormation outputs from the construct
  * @param id scoped id of the resource
@@ -48,3 +49,9 @@ function createCfnOutput(id, scope, value, description, overrideId = true) {
     return output;
 }
 exports.createCfnOutput = createCfnOutput;
+function determineCredentials() {
+    if (process.env.AWS_PROFILE)
+        return (0, credential_providers_1.fromIni)();
+    return (0, credential_providers_1.fromEnv)();
+}
+exports.determineCredentials = determineCredentials;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@gradientedge/cdk-utils",
-  "version": "8.98.0",
+  "version": "8.99.1",
   "description": "Utilities for AWS CDK provisioning",
   "main": "dist/index.js",
   "engines": {
@@ -30,10 +30,10 @@
     "build:production": "rimraf dist/ && npx tsc -p tsconfig.prd.json && pnpm -r build",
     "ci": "pnpm install --frozen-lockfile && pnpm build && pnpm validate && pnpm run docs",
     "cz": "npx cz",
-    "override:plugin:docs": "cp theme/type-converter.js node_modules/better-docs/typescript",
     "docs": "npx rimraf api-docs && pnpm override:plugin:docs  && npx jsdoc --pedantic -c jsdoc.json .",
-    "lint": "pnpm prettify && eslint **/*.ts --cache --max-warnings=0",
     "fix": "pnpm prettify && eslint --fix **/*.ts",
+    "lint": "pnpm prettify && eslint **/*.ts --cache --max-warnings=0",
+    "override:plugin:docs": "cp theme/type-converter.js node_modules/better-docs/typescript",
     "prettier": "npx prettier --cache --check \"**/*.{ts,json,md}\"",
     "prettify": "npx prettier --cache --write \"**/*.{ts,json,md}\"",
     "test": "npx rimraf coverage && npx jest --ci --maxWorkers=100%",
@@ -46,13 +46,15 @@
     }
   },
   "dependencies": {
-    "@aws-sdk/client-secrets-manager": "^3.354.0",
+    "@aws-sdk/client-secrets-manager": "^3.357.0",
+    "@aws-sdk/credential-providers": "^3.357.0",
+    "@aws-sdk/types": "^3.357.0",
     "@types/lodash": "^4.14.195",
     "@types/node": "^20.3.1",
     "@types/uuid": "^9.0.2",
     "app-root-path": "^3.1.0",
-    "aws-cdk-lib": "^2.84.0",
-    "constructs": "^10.2.54",
+    "aws-cdk-lib": "^2.85.0",
+    "constructs": "^10.2.56",
     "lodash": "^4.17.21",
     "moment": "^2.29.4",
     "nconf": "^0.12.0",
@@ -65,9 +67,9 @@
     "@babel/eslint-parser": "^7.22.5",
     "@babel/plugin-proposal-class-properties": "^7.18.6",
     "@types/jest": "^29.5.2",
-    "@typescript-eslint/eslint-plugin": "^5.59.11",
-    "@typescript-eslint/parser": "^5.59.11",
-    "aws-cdk": "^2.84.0",
+    "@typescript-eslint/eslint-plugin": "^5.60.0",
+    "@typescript-eslint/parser": "^5.60.0",
+    "aws-cdk": "^2.85.0",
     "better-docs": "^2.7.2",
     "codecov": "^3.8.3",
     "commitizen": "^4.3.0",
@@ -84,8 +86,8 @@
     "jsdoc": "^4.0.2",
     "jsdoc-babel": "^0.5.0",
     "jsdoc-mermaid": "^1.0.0",
-    "jsdoc-to-markdown": "^8.0.0",
     "jsdoc-plugin-typescript": "^2.2.1",
+    "jsdoc-to-markdown": "^8.0.0",
     "prettier": "^2.8.8",
     "prettier-plugin-organize-imports": "^3.2.2",
     "rimraf": "^5.0.1",

package/src/lib/services/aws/secrets-manager/main.ts

@@ -1,4 +1,4 @@
-import { SecretsManager as SM } from '@aws-sdk/client-secrets-manager'
+import { GetSecretValueCommand, SecretsManagerClient } from '@aws-sdk/client-secrets-manager'
 import * as cdk from 'aws-cdk-lib'
 import * as secretsManager from 'aws-cdk-lib/aws-secretsmanager'
 import * as utils from '../../../utils'
@@ -22,22 +22,21 @@ import { CommonConstruct } from '../../../common'
  */
 export class SecretsManager {
   /**
-   *
-   * @param region
+   * @summary Method to create a secret
+   * @param id scoped id of the resource
+   * @param scope scope in which this resource is defined
+   * @param props the secret properties
    */
-  public getAwsSecretsManager(region: string) {
-    return new SM({ region: region })
-  }
+  public createSecret(id: string, scope: CommonConstruct, props: secretsManager.SecretProps) {
+    const secret = new secretsManager.Secret(scope, `${id}`, {
+      ...props,
+      secretName: `${props.secretName}-${scope.props.stage}`,
+    })
 
-  /**
-   * @summary Method to load a secret from secrets manager
-   * @param secretName
-   * @param region
-   */
-  public async loadSecret(secretName: string, region: string) {
-    const secretsManager = this.getAwsSecretsManager(region)
-    const secret: any = await Promise.all([secretsManager.getSecretValue({ SecretId: secretName })])
-    return secret ? JSON.parse(secret[0].SecretString) : {}
+    utils.createCfnOutput(`${id}-secretName`, scope, secret.secretName)
+    utils.createCfnOutput(`${id}-secretArn`, scope, secret.secretArn)
+
+    return secret
   }
 
   /**
@@ -56,20 +55,23 @@ export class SecretsManager {
   }
 
   /**
-   * @summary Method to create a secret
-   * @param id scoped id of the resource
+   * @summary Method to resolve secret value from a secret using AWS SDK
    * @param scope scope in which this resource is defined
-   * @param props the secret properties
+   * @param secretId the secret name/ARN
+   * @param secretKey the secret key to resolve the value for
    */
-  public createSecret(id: string, scope: CommonConstruct, props: secretsManager.SecretProps) {
-    const secret = new secretsManager.Secret(scope, `${id}`, {
-      ...props,
-      secretName: `${props.secretName}-${scope.props.stage}`,
+  public async resolveSecretValue(scope: CommonConstruct, secretId: string, secretKey: string) {
+    const client = new SecretsManagerClient({
+      credentials: utils.determineCredentials(),
+      region: scope.props.region,
     })
+    const command = new GetSecretValueCommand({
+      SecretId: secretId,
+    })
+    const response = await client.send(command)
+    if (!response.SecretString) throw `Unable to resolve secret for ${secretId}`
+    const secretString = JSON.parse(response.SecretString)
 
-    utils.createCfnOutput(`${id}-secretName`, scope, secret.secretName)
-    utils.createCfnOutput(`${id}-secretArn`, scope, secret.secretArn)
-
-    return secret
+    return secretString[secretKey]
   }
 }

package/src/lib/utils/aws/index.ts

@@ -1,6 +1,8 @@
 import * as cdk from 'aws-cdk-lib'
 import * as _ from 'lodash'
 import { CommonConstruct } from '../../common'
+import { fromEnv, fromIni } from '@aws-sdk/credential-providers'
+import { AwsCredentialIdentityProvider } from '@aws-sdk/types'
 
 /**
  * @summary Helper method to add CloudFormation outputs from the construct
@@ -29,3 +31,8 @@ export function createCfnOutput(
   }
   return output
 }
+
+export function determineCredentials(): AwsCredentialIdentityProvider {
+  if (process.env.AWS_PROFILE) return fromIni()
+  return fromEnv()
+}