@rio-cloud/cdk-v2-constructs 7.6.0 → 7.8.1-alpha.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.jsii +635 -146
- package/docs/API.md +447 -3
- package/docs/changelog.md +20 -0
- package/lib/datadogv2/datadog-lambda-instrumentation.d.ts +2 -3
- package/lib/datadogv2/datadog-lambda-instrumentation.js +3 -4
- package/lib/datadogv2/datadog-shared-secrets.d.ts +30 -14
- package/lib/datadogv2/datadog-shared-secrets.js +54 -32
- package/lib/fargate/datadog.d.ts +4 -5
- package/lib/fargate/datadog.js +7 -7
- package/lib/fargate/rio-fargate-service-blue-green-alpha.js +7 -5
- package/lib/fargate/rio-fargate-service.js +6 -5
- package/package.json +1 -1
- package/version.json +1 -1
package/docs/API.md
CHANGED
|
@@ -1728,8 +1728,7 @@ Per default, it will disable all additional features, that cause Datadog chargin
|
|
|
1728
1728
|
So just change it, if you need the advanced features.
|
|
1729
1729
|
|
|
1730
1730
|
Additionally, some defaults from the datadog-integration account module are applied:
|
|
1731
|
-
- the secret for the API key is read from
|
|
1732
|
-
- the site is read from the parameter store `/rio/config/datadog-integration/site`
|
|
1731
|
+
- the secret and site for the API key is read from a shared secret in rio-developer-tools account
|
|
1733
1732
|
|
|
1734
1733
|
To use it, install Datadog CDK Constructs package:
|
|
1735
1734
|
```bash
|
|
@@ -2818,11 +2817,456 @@ The tree node.
|
|
|
2818
2817
|
---
|
|
2819
2818
|
|
|
2820
2819
|
|
|
2820
|
+
### DatadogSharedCredentials <a name="DatadogSharedCredentials" id="@rio-cloud/cdk-v2-constructs.datadogv2.DatadogSharedCredentials"></a>
|
|
2821
|
+
|
|
2822
|
+
- *Implements:* aws-cdk-lib.aws_secretsmanager.ISecret
|
|
2823
|
+
|
|
2824
|
+
#### Initializers <a name="Initializers" id="@rio-cloud/cdk-v2-constructs.datadogv2.DatadogSharedCredentials.Initializer"></a>
|
|
2825
|
+
|
|
2826
|
+
```typescript
|
|
2827
|
+
import { datadogv2 } from '@rio-cloud/cdk-v2-constructs'
|
|
2828
|
+
|
|
2829
|
+
new datadogv2.DatadogSharedCredentials(scope: IConstruct, id: string, secretName: string)
|
|
2830
|
+
```
|
|
2831
|
+
|
|
2832
|
+
| **Name** | **Type** | **Description** |
|
|
2833
|
+
| --- | --- | --- |
|
|
2834
|
+
| <code><a href="#@rio-cloud/cdk-v2-constructs.datadogv2.DatadogSharedCredentials.Initializer.parameter.scope">scope</a></code> | <code>constructs.IConstruct</code> | *No description.* |
|
|
2835
|
+
| <code><a href="#@rio-cloud/cdk-v2-constructs.datadogv2.DatadogSharedCredentials.Initializer.parameter.id">id</a></code> | <code>string</code> | *No description.* |
|
|
2836
|
+
| <code><a href="#@rio-cloud/cdk-v2-constructs.datadogv2.DatadogSharedCredentials.Initializer.parameter.secretName">secretName</a></code> | <code>string</code> | The name of the secret. |
|
|
2837
|
+
|
|
2838
|
+
---
|
|
2839
|
+
|
|
2840
|
+
##### `scope`<sup>Required</sup> <a name="scope" id="@rio-cloud/cdk-v2-constructs.datadogv2.DatadogSharedCredentials.Initializer.parameter.scope"></a>
|
|
2841
|
+
|
|
2842
|
+
- *Type:* constructs.IConstruct
|
|
2843
|
+
|
|
2844
|
+
---
|
|
2845
|
+
|
|
2846
|
+
##### `id`<sup>Required</sup> <a name="id" id="@rio-cloud/cdk-v2-constructs.datadogv2.DatadogSharedCredentials.Initializer.parameter.id"></a>
|
|
2847
|
+
|
|
2848
|
+
- *Type:* string
|
|
2849
|
+
|
|
2850
|
+
---
|
|
2851
|
+
|
|
2852
|
+
##### `secretName`<sup>Required</sup> <a name="secretName" id="@rio-cloud/cdk-v2-constructs.datadogv2.DatadogSharedCredentials.Initializer.parameter.secretName"></a>
|
|
2853
|
+
|
|
2854
|
+
- *Type:* string
|
|
2855
|
+
|
|
2856
|
+
The name of the secret.
|
|
2857
|
+
|
|
2858
|
+
For "owned" secrets, this will be the full resource name (secret name + suffix), unless the
|
|
2859
|
+
'@aws-cdk/aws-secretsmanager:parseOwnedSecretName' feature flag is set.
|
|
2860
|
+
|
|
2861
|
+
---
|
|
2862
|
+
|
|
2863
|
+
#### Methods <a name="Methods" id="Methods"></a>
|
|
2864
|
+
|
|
2865
|
+
| **Name** | **Description** |
|
|
2866
|
+
| --- | --- |
|
|
2867
|
+
| <code><a href="#@rio-cloud/cdk-v2-constructs.datadogv2.DatadogSharedCredentials.toString">toString</a></code> | Returns a string representation of this construct. |
|
|
2868
|
+
| <code><a href="#@rio-cloud/cdk-v2-constructs.datadogv2.DatadogSharedCredentials.addRotationSchedule">addRotationSchedule</a></code> | Adds a rotation schedule to the secret. |
|
|
2869
|
+
| <code><a href="#@rio-cloud/cdk-v2-constructs.datadogv2.DatadogSharedCredentials.addToResourcePolicy">addToResourcePolicy</a></code> | Adds a statement to the IAM resource policy associated with this secret. |
|
|
2870
|
+
| <code><a href="#@rio-cloud/cdk-v2-constructs.datadogv2.DatadogSharedCredentials.applyRemovalPolicy">applyRemovalPolicy</a></code> | Apply the given removal policy to this resource. |
|
|
2871
|
+
| <code><a href="#@rio-cloud/cdk-v2-constructs.datadogv2.DatadogSharedCredentials.attach">attach</a></code> | Attach a target to this secret. |
|
|
2872
|
+
| <code><a href="#@rio-cloud/cdk-v2-constructs.datadogv2.DatadogSharedCredentials.denyAccountRootDelete">denyAccountRootDelete</a></code> | Denies the `DeleteSecret` action to all principals within the current account. |
|
|
2873
|
+
| <code><a href="#@rio-cloud/cdk-v2-constructs.datadogv2.DatadogSharedCredentials.getSecret">getSecret</a></code> | *No description.* |
|
|
2874
|
+
| <code><a href="#@rio-cloud/cdk-v2-constructs.datadogv2.DatadogSharedCredentials.getSecretValue">getSecretValue</a></code> | *No description.* |
|
|
2875
|
+
| <code><a href="#@rio-cloud/cdk-v2-constructs.datadogv2.DatadogSharedCredentials.grantRead">grantRead</a></code> | Grants reading the secret value to some role. |
|
|
2876
|
+
| <code><a href="#@rio-cloud/cdk-v2-constructs.datadogv2.DatadogSharedCredentials.grantWrite">grantWrite</a></code> | Grants writing and updating the secret value to some role. |
|
|
2877
|
+
| <code><a href="#@rio-cloud/cdk-v2-constructs.datadogv2.DatadogSharedCredentials.secretValueFromJson">secretValueFromJson</a></code> | Interpret the secret as a JSON object and return a field's value from it as a `SecretValue`. |
|
|
2878
|
+
|
|
2879
|
+
---
|
|
2880
|
+
|
|
2881
|
+
##### `toString` <a name="toString" id="@rio-cloud/cdk-v2-constructs.datadogv2.DatadogSharedCredentials.toString"></a>
|
|
2882
|
+
|
|
2883
|
+
```typescript
|
|
2884
|
+
public toString(): string
|
|
2885
|
+
```
|
|
2886
|
+
|
|
2887
|
+
Returns a string representation of this construct.
|
|
2888
|
+
|
|
2889
|
+
##### `addRotationSchedule` <a name="addRotationSchedule" id="@rio-cloud/cdk-v2-constructs.datadogv2.DatadogSharedCredentials.addRotationSchedule"></a>
|
|
2890
|
+
|
|
2891
|
+
```typescript
|
|
2892
|
+
public addRotationSchedule(_id: string, _options: RotationScheduleOptions): RotationSchedule
|
|
2893
|
+
```
|
|
2894
|
+
|
|
2895
|
+
Adds a rotation schedule to the secret.
|
|
2896
|
+
|
|
2897
|
+
###### `_id`<sup>Required</sup> <a name="_id" id="@rio-cloud/cdk-v2-constructs.datadogv2.DatadogSharedCredentials.addRotationSchedule.parameter._id"></a>
|
|
2898
|
+
|
|
2899
|
+
- *Type:* string
|
|
2900
|
+
|
|
2901
|
+
---
|
|
2902
|
+
|
|
2903
|
+
###### `_options`<sup>Required</sup> <a name="_options" id="@rio-cloud/cdk-v2-constructs.datadogv2.DatadogSharedCredentials.addRotationSchedule.parameter._options"></a>
|
|
2904
|
+
|
|
2905
|
+
- *Type:* aws-cdk-lib.aws_secretsmanager.RotationScheduleOptions
|
|
2906
|
+
|
|
2907
|
+
---
|
|
2908
|
+
|
|
2909
|
+
##### `addToResourcePolicy` <a name="addToResourcePolicy" id="@rio-cloud/cdk-v2-constructs.datadogv2.DatadogSharedCredentials.addToResourcePolicy"></a>
|
|
2910
|
+
|
|
2911
|
+
```typescript
|
|
2912
|
+
public addToResourcePolicy(_statement: PolicyStatement): AddToResourcePolicyResult
|
|
2913
|
+
```
|
|
2914
|
+
|
|
2915
|
+
Adds a statement to the IAM resource policy associated with this secret.
|
|
2916
|
+
|
|
2917
|
+
If this secret was created in this stack, a resource policy will be
|
|
2918
|
+
automatically created upon the first call to `addToResourcePolicy`. If
|
|
2919
|
+
the secret is imported, then this is a no-op.
|
|
2920
|
+
|
|
2921
|
+
###### `_statement`<sup>Required</sup> <a name="_statement" id="@rio-cloud/cdk-v2-constructs.datadogv2.DatadogSharedCredentials.addToResourcePolicy.parameter._statement"></a>
|
|
2922
|
+
|
|
2923
|
+
- *Type:* aws-cdk-lib.aws_iam.PolicyStatement
|
|
2924
|
+
|
|
2925
|
+
---
|
|
2926
|
+
|
|
2927
|
+
##### `applyRemovalPolicy` <a name="applyRemovalPolicy" id="@rio-cloud/cdk-v2-constructs.datadogv2.DatadogSharedCredentials.applyRemovalPolicy"></a>
|
|
2928
|
+
|
|
2929
|
+
```typescript
|
|
2930
|
+
public applyRemovalPolicy(_policy: RemovalPolicy): void
|
|
2931
|
+
```
|
|
2932
|
+
|
|
2933
|
+
Apply the given removal policy to this resource.
|
|
2934
|
+
|
|
2935
|
+
The Removal Policy controls what happens to this resource when it stops
|
|
2936
|
+
being managed by CloudFormation, either because you've removed it from the
|
|
2937
|
+
CDK application or because you've made a change that requires the resource
|
|
2938
|
+
to be replaced.
|
|
2939
|
+
|
|
2940
|
+
The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
|
|
2941
|
+
account for data recovery and cleanup later (`RemovalPolicy.RETAIN`).
|
|
2942
|
+
|
|
2943
|
+
###### `_policy`<sup>Required</sup> <a name="_policy" id="@rio-cloud/cdk-v2-constructs.datadogv2.DatadogSharedCredentials.applyRemovalPolicy.parameter._policy"></a>
|
|
2944
|
+
|
|
2945
|
+
- *Type:* aws-cdk-lib.RemovalPolicy
|
|
2946
|
+
|
|
2947
|
+
---
|
|
2948
|
+
|
|
2949
|
+
##### `attach` <a name="attach" id="@rio-cloud/cdk-v2-constructs.datadogv2.DatadogSharedCredentials.attach"></a>
|
|
2950
|
+
|
|
2951
|
+
```typescript
|
|
2952
|
+
public attach(_target: ISecretAttachmentTarget): ISecret
|
|
2953
|
+
```
|
|
2954
|
+
|
|
2955
|
+
Attach a target to this secret.
|
|
2956
|
+
|
|
2957
|
+
###### `_target`<sup>Required</sup> <a name="_target" id="@rio-cloud/cdk-v2-constructs.datadogv2.DatadogSharedCredentials.attach.parameter._target"></a>
|
|
2958
|
+
|
|
2959
|
+
- *Type:* aws-cdk-lib.aws_secretsmanager.ISecretAttachmentTarget
|
|
2960
|
+
|
|
2961
|
+
---
|
|
2962
|
+
|
|
2963
|
+
##### `denyAccountRootDelete` <a name="denyAccountRootDelete" id="@rio-cloud/cdk-v2-constructs.datadogv2.DatadogSharedCredentials.denyAccountRootDelete"></a>
|
|
2964
|
+
|
|
2965
|
+
```typescript
|
|
2966
|
+
public denyAccountRootDelete(): void
|
|
2967
|
+
```
|
|
2968
|
+
|
|
2969
|
+
Denies the `DeleteSecret` action to all principals within the current account.
|
|
2970
|
+
|
|
2971
|
+
##### `getSecret` <a name="getSecret" id="@rio-cloud/cdk-v2-constructs.datadogv2.DatadogSharedCredentials.getSecret"></a>
|
|
2972
|
+
|
|
2973
|
+
```typescript
|
|
2974
|
+
public getSecret(field: string): Secret
|
|
2975
|
+
```
|
|
2976
|
+
|
|
2977
|
+
###### `field`<sup>Required</sup> <a name="field" id="@rio-cloud/cdk-v2-constructs.datadogv2.DatadogSharedCredentials.getSecret.parameter.field"></a>
|
|
2978
|
+
|
|
2979
|
+
- *Type:* string
|
|
2980
|
+
|
|
2981
|
+
---
|
|
2982
|
+
|
|
2983
|
+
##### `getSecretValue` <a name="getSecretValue" id="@rio-cloud/cdk-v2-constructs.datadogv2.DatadogSharedCredentials.getSecretValue"></a>
|
|
2984
|
+
|
|
2985
|
+
```typescript
|
|
2986
|
+
public getSecretValue(field: string): SecretValue
|
|
2987
|
+
```
|
|
2988
|
+
|
|
2989
|
+
###### `field`<sup>Required</sup> <a name="field" id="@rio-cloud/cdk-v2-constructs.datadogv2.DatadogSharedCredentials.getSecretValue.parameter.field"></a>
|
|
2990
|
+
|
|
2991
|
+
- *Type:* string
|
|
2992
|
+
|
|
2993
|
+
---
|
|
2994
|
+
|
|
2995
|
+
##### `grantRead` <a name="grantRead" id="@rio-cloud/cdk-v2-constructs.datadogv2.DatadogSharedCredentials.grantRead"></a>
|
|
2996
|
+
|
|
2997
|
+
```typescript
|
|
2998
|
+
public grantRead(grantee: IGrantable, versionStages?: string[]): Grant
|
|
2999
|
+
```
|
|
3000
|
+
|
|
3001
|
+
Grants reading the secret value to some role.
|
|
3002
|
+
|
|
3003
|
+
###### `grantee`<sup>Required</sup> <a name="grantee" id="@rio-cloud/cdk-v2-constructs.datadogv2.DatadogSharedCredentials.grantRead.parameter.grantee"></a>
|
|
3004
|
+
|
|
3005
|
+
- *Type:* aws-cdk-lib.aws_iam.IGrantable
|
|
3006
|
+
|
|
3007
|
+
---
|
|
3008
|
+
|
|
3009
|
+
###### `versionStages`<sup>Optional</sup> <a name="versionStages" id="@rio-cloud/cdk-v2-constructs.datadogv2.DatadogSharedCredentials.grantRead.parameter.versionStages"></a>
|
|
3010
|
+
|
|
3011
|
+
- *Type:* string[]
|
|
3012
|
+
|
|
3013
|
+
---
|
|
3014
|
+
|
|
3015
|
+
##### `grantWrite` <a name="grantWrite" id="@rio-cloud/cdk-v2-constructs.datadogv2.DatadogSharedCredentials.grantWrite"></a>
|
|
3016
|
+
|
|
3017
|
+
```typescript
|
|
3018
|
+
public grantWrite(_grantee: IGrantable): Grant
|
|
3019
|
+
```
|
|
3020
|
+
|
|
3021
|
+
Grants writing and updating the secret value to some role.
|
|
3022
|
+
|
|
3023
|
+
###### `_grantee`<sup>Required</sup> <a name="_grantee" id="@rio-cloud/cdk-v2-constructs.datadogv2.DatadogSharedCredentials.grantWrite.parameter._grantee"></a>
|
|
3024
|
+
|
|
3025
|
+
- *Type:* aws-cdk-lib.aws_iam.IGrantable
|
|
3026
|
+
|
|
3027
|
+
---
|
|
3028
|
+
|
|
3029
|
+
##### `secretValueFromJson` <a name="secretValueFromJson" id="@rio-cloud/cdk-v2-constructs.datadogv2.DatadogSharedCredentials.secretValueFromJson"></a>
|
|
3030
|
+
|
|
3031
|
+
```typescript
|
|
3032
|
+
public secretValueFromJson(key: string): SecretValue
|
|
3033
|
+
```
|
|
3034
|
+
|
|
3035
|
+
Interpret the secret as a JSON object and return a field's value from it as a `SecretValue`.
|
|
3036
|
+
|
|
3037
|
+
###### `key`<sup>Required</sup> <a name="key" id="@rio-cloud/cdk-v2-constructs.datadogv2.DatadogSharedCredentials.secretValueFromJson.parameter.key"></a>
|
|
3038
|
+
|
|
3039
|
+
- *Type:* string
|
|
3040
|
+
|
|
3041
|
+
---
|
|
3042
|
+
|
|
3043
|
+
#### Static Functions <a name="Static Functions" id="Static Functions"></a>
|
|
3044
|
+
|
|
3045
|
+
| **Name** | **Description** |
|
|
3046
|
+
| --- | --- |
|
|
3047
|
+
| <code><a href="#@rio-cloud/cdk-v2-constructs.datadogv2.DatadogSharedCredentials.isConstruct">isConstruct</a></code> | Checks if `x` is a construct. |
|
|
3048
|
+
|
|
3049
|
+
---
|
|
3050
|
+
|
|
3051
|
+
##### `isConstruct` <a name="isConstruct" id="@rio-cloud/cdk-v2-constructs.datadogv2.DatadogSharedCredentials.isConstruct"></a>
|
|
3052
|
+
|
|
3053
|
+
```typescript
|
|
3054
|
+
import { datadogv2 } from '@rio-cloud/cdk-v2-constructs'
|
|
3055
|
+
|
|
3056
|
+
datadogv2.DatadogSharedCredentials.isConstruct(x: any)
|
|
3057
|
+
```
|
|
3058
|
+
|
|
3059
|
+
Checks if `x` is a construct.
|
|
3060
|
+
|
|
3061
|
+
Use this method instead of `instanceof` to properly detect `Construct`
|
|
3062
|
+
instances, even when the construct library is symlinked.
|
|
3063
|
+
|
|
3064
|
+
Explanation: in JavaScript, multiple copies of the `constructs` library on
|
|
3065
|
+
disk are seen as independent, completely different libraries. As a
|
|
3066
|
+
consequence, the class `Construct` in each copy of the `constructs` library
|
|
3067
|
+
is seen as a different class, and an instance of one class will not test as
|
|
3068
|
+
`instanceof` the other class. `npm install` will not create installations
|
|
3069
|
+
like this, but users may manually symlink construct libraries together or
|
|
3070
|
+
use a monorepo tool: in those cases, multiple copies of the `constructs`
|
|
3071
|
+
library can be accidentally installed, and `instanceof` will behave
|
|
3072
|
+
unpredictably. It is safest to avoid using `instanceof`, and using
|
|
3073
|
+
this type-testing method instead.
|
|
3074
|
+
|
|
3075
|
+
###### `x`<sup>Required</sup> <a name="x" id="@rio-cloud/cdk-v2-constructs.datadogv2.DatadogSharedCredentials.isConstruct.parameter.x"></a>
|
|
3076
|
+
|
|
3077
|
+
- *Type:* any
|
|
3078
|
+
|
|
3079
|
+
Any object.
|
|
3080
|
+
|
|
3081
|
+
---
|
|
3082
|
+
|
|
3083
|
+
#### Properties <a name="Properties" id="Properties"></a>
|
|
3084
|
+
|
|
3085
|
+
| **Name** | **Type** | **Description** |
|
|
3086
|
+
| --- | --- | --- |
|
|
3087
|
+
| <code><a href="#@rio-cloud/cdk-v2-constructs.datadogv2.DatadogSharedCredentials.property.node">node</a></code> | <code>constructs.Node</code> | The tree node. |
|
|
3088
|
+
| <code><a href="#@rio-cloud/cdk-v2-constructs.datadogv2.DatadogSharedCredentials.property.env">env</a></code> | <code>aws-cdk-lib.ResourceEnvironment</code> | The environment this resource belongs to. |
|
|
3089
|
+
| <code><a href="#@rio-cloud/cdk-v2-constructs.datadogv2.DatadogSharedCredentials.property.secretArn">secretArn</a></code> | <code>string</code> | The ARN of the secret in AWS Secrets Manager. |
|
|
3090
|
+
| <code><a href="#@rio-cloud/cdk-v2-constructs.datadogv2.DatadogSharedCredentials.property.secretName">secretName</a></code> | <code>string</code> | The name of the secret. |
|
|
3091
|
+
| <code><a href="#@rio-cloud/cdk-v2-constructs.datadogv2.DatadogSharedCredentials.property.secretValue">secretValue</a></code> | <code>aws-cdk-lib.SecretValue</code> | Retrieve the value of the stored secret as a `SecretValue`. |
|
|
3092
|
+
| <code><a href="#@rio-cloud/cdk-v2-constructs.datadogv2.DatadogSharedCredentials.property.stack">stack</a></code> | <code>aws-cdk-lib.Stack</code> | The stack in which this resource is defined. |
|
|
3093
|
+
| <code><a href="#@rio-cloud/cdk-v2-constructs.datadogv2.DatadogSharedCredentials.property.encryptionKey">encryptionKey</a></code> | <code>aws-cdk-lib.aws_kms.IKey</code> | The customer-managed encryption key that is used to encrypt this secret, if any. |
|
|
3094
|
+
| <code><a href="#@rio-cloud/cdk-v2-constructs.datadogv2.DatadogSharedCredentials.property.secretFullArn">secretFullArn</a></code> | <code>string</code> | The full ARN of the secret in AWS Secrets Manager, which is the ARN including the Secrets Manager-supplied 6-character suffix. |
|
|
3095
|
+
|
|
3096
|
+
---
|
|
3097
|
+
|
|
3098
|
+
##### `node`<sup>Required</sup> <a name="node" id="@rio-cloud/cdk-v2-constructs.datadogv2.DatadogSharedCredentials.property.node"></a>
|
|
3099
|
+
|
|
3100
|
+
```typescript
|
|
3101
|
+
public readonly node: Node;
|
|
3102
|
+
```
|
|
3103
|
+
|
|
3104
|
+
- *Type:* constructs.Node
|
|
3105
|
+
|
|
3106
|
+
The tree node.
|
|
3107
|
+
|
|
3108
|
+
---
|
|
3109
|
+
|
|
3110
|
+
##### `env`<sup>Required</sup> <a name="env" id="@rio-cloud/cdk-v2-constructs.datadogv2.DatadogSharedCredentials.property.env"></a>
|
|
3111
|
+
|
|
3112
|
+
```typescript
|
|
3113
|
+
public readonly env: ResourceEnvironment;
|
|
3114
|
+
```
|
|
3115
|
+
|
|
3116
|
+
- *Type:* aws-cdk-lib.ResourceEnvironment
|
|
3117
|
+
|
|
3118
|
+
The environment this resource belongs to.
|
|
3119
|
+
|
|
3120
|
+
For resources that are created and managed by the CDK
|
|
3121
|
+
(generally, those created by creating new class instances like Role, Bucket, etc.),
|
|
3122
|
+
this is always the same as the environment of the stack they belong to;
|
|
3123
|
+
however, for imported resources
|
|
3124
|
+
(those obtained from static methods like fromRoleArn, fromBucketName, etc.),
|
|
3125
|
+
that might be different than the stack they were imported into.
|
|
3126
|
+
|
|
3127
|
+
---
|
|
3128
|
+
|
|
3129
|
+
##### `secretArn`<sup>Required</sup> <a name="secretArn" id="@rio-cloud/cdk-v2-constructs.datadogv2.DatadogSharedCredentials.property.secretArn"></a>
|
|
3130
|
+
|
|
3131
|
+
```typescript
|
|
3132
|
+
public readonly secretArn: string;
|
|
3133
|
+
```
|
|
3134
|
+
|
|
3135
|
+
- *Type:* string
|
|
3136
|
+
|
|
3137
|
+
The ARN of the secret in AWS Secrets Manager.
|
|
3138
|
+
|
|
3139
|
+
Will return the full ARN if available, otherwise a partial arn.
|
|
3140
|
+
For secrets imported by the deprecated `fromSecretName`, it will return the `secretName`.
|
|
3141
|
+
|
|
3142
|
+
---
|
|
3143
|
+
|
|
3144
|
+
##### `secretName`<sup>Required</sup> <a name="secretName" id="@rio-cloud/cdk-v2-constructs.datadogv2.DatadogSharedCredentials.property.secretName"></a>
|
|
3145
|
+
|
|
3146
|
+
```typescript
|
|
3147
|
+
public readonly secretName: string;
|
|
3148
|
+
```
|
|
3149
|
+
|
|
3150
|
+
- *Type:* string
|
|
3151
|
+
|
|
3152
|
+
The name of the secret.
|
|
3153
|
+
|
|
3154
|
+
For "owned" secrets, this will be the full resource name (secret name + suffix), unless the
|
|
3155
|
+
'@aws-cdk/aws-secretsmanager:parseOwnedSecretName' feature flag is set.
|
|
3156
|
+
|
|
3157
|
+
---
|
|
3158
|
+
|
|
3159
|
+
##### `secretValue`<sup>Required</sup> <a name="secretValue" id="@rio-cloud/cdk-v2-constructs.datadogv2.DatadogSharedCredentials.property.secretValue"></a>
|
|
3160
|
+
|
|
3161
|
+
```typescript
|
|
3162
|
+
public readonly secretValue: SecretValue;
|
|
3163
|
+
```
|
|
3164
|
+
|
|
3165
|
+
- *Type:* aws-cdk-lib.SecretValue
|
|
3166
|
+
|
|
3167
|
+
Retrieve the value of the stored secret as a `SecretValue`.
|
|
3168
|
+
|
|
3169
|
+
---
|
|
3170
|
+
|
|
3171
|
+
##### `stack`<sup>Required</sup> <a name="stack" id="@rio-cloud/cdk-v2-constructs.datadogv2.DatadogSharedCredentials.property.stack"></a>
|
|
3172
|
+
|
|
3173
|
+
```typescript
|
|
3174
|
+
public readonly stack: Stack;
|
|
3175
|
+
```
|
|
3176
|
+
|
|
3177
|
+
- *Type:* aws-cdk-lib.Stack
|
|
3178
|
+
|
|
3179
|
+
The stack in which this resource is defined.
|
|
3180
|
+
|
|
3181
|
+
---
|
|
3182
|
+
|
|
3183
|
+
##### `encryptionKey`<sup>Optional</sup> <a name="encryptionKey" id="@rio-cloud/cdk-v2-constructs.datadogv2.DatadogSharedCredentials.property.encryptionKey"></a>
|
|
3184
|
+
|
|
3185
|
+
```typescript
|
|
3186
|
+
public readonly encryptionKey: IKey;
|
|
3187
|
+
```
|
|
3188
|
+
|
|
3189
|
+
- *Type:* aws-cdk-lib.aws_kms.IKey
|
|
3190
|
+
|
|
3191
|
+
The customer-managed encryption key that is used to encrypt this secret, if any.
|
|
3192
|
+
|
|
3193
|
+
When not specified, the default
|
|
3194
|
+
KMS key for the account and region is being used.
|
|
3195
|
+
|
|
3196
|
+
---
|
|
3197
|
+
|
|
3198
|
+
##### `secretFullArn`<sup>Optional</sup> <a name="secretFullArn" id="@rio-cloud/cdk-v2-constructs.datadogv2.DatadogSharedCredentials.property.secretFullArn"></a>
|
|
3199
|
+
|
|
3200
|
+
```typescript
|
|
3201
|
+
public readonly secretFullArn: string;
|
|
3202
|
+
```
|
|
3203
|
+
|
|
3204
|
+
- *Type:* string
|
|
3205
|
+
|
|
3206
|
+
The full ARN of the secret in AWS Secrets Manager, which is the ARN including the Secrets Manager-supplied 6-character suffix.
|
|
3207
|
+
|
|
3208
|
+
This is equal to `secretArn` in most cases, but is undefined when a full ARN is not available (e.g., secrets imported by name).
|
|
3209
|
+
|
|
3210
|
+
---
|
|
3211
|
+
|
|
3212
|
+
|
|
2821
3213
|
### DatadogSharedSecret <a name="DatadogSharedSecret" id="@rio-cloud/cdk-v2-constructs.datadogv2.DatadogSharedSecret"></a>
|
|
2822
3214
|
|
|
2823
3215
|
- *Implements:* aws-cdk-lib.aws_secretsmanager.ISecret
|
|
2824
3216
|
|
|
2825
|
-
A custom resource that resolves the
|
|
3217
|
+
A custom resource that resolves the Datadog API keys from a shared secret.
|
|
3218
|
+
|
|
3219
|
+
*Example*
|
|
3220
|
+
|
|
3221
|
+
```typescript
|
|
3222
|
+
const datadogApiKey = DatadogSharedSecret.apiKeySecret(this);
|
|
3223
|
+
|
|
3224
|
+
const datadogSecret = DatadogSharedSecret.credentialsSecret(this);
|
|
3225
|
+
const datadogSite = datadogSecret.getSecret('Site');
|
|
3226
|
+
const datadogApiKey = datadogSecret.getSecret('ApiKey');
|
|
3227
|
+
const datadogApiKeyValue = datadogSecret.getSecretValue('ApiKey');
|
|
3228
|
+
const datadogApiKeyValue = datadogSecret.getSecretValue('ApplicationKey');
|
|
3229
|
+
```
|
|
3230
|
+
|
|
3231
|
+
|
|
3232
|
+
#### Initializers <a name="Initializers" id="@rio-cloud/cdk-v2-constructs.datadogv2.DatadogSharedSecret.Initializer"></a>
|
|
3233
|
+
|
|
3234
|
+
```typescript
|
|
3235
|
+
import { datadogv2 } from '@rio-cloud/cdk-v2-constructs'
|
|
3236
|
+
|
|
3237
|
+
new datadogv2.DatadogSharedSecret(scope: IConstruct, id: string, secretName: string)
|
|
3238
|
+
```
|
|
3239
|
+
|
|
3240
|
+
| **Name** | **Type** | **Description** |
|
|
3241
|
+
| --- | --- | --- |
|
|
3242
|
+
| <code><a href="#@rio-cloud/cdk-v2-constructs.datadogv2.DatadogSharedSecret.Initializer.parameter.scope">scope</a></code> | <code>constructs.IConstruct</code> | *No description.* |
|
|
3243
|
+
| <code><a href="#@rio-cloud/cdk-v2-constructs.datadogv2.DatadogSharedSecret.Initializer.parameter.id">id</a></code> | <code>string</code> | *No description.* |
|
|
3244
|
+
| <code><a href="#@rio-cloud/cdk-v2-constructs.datadogv2.DatadogSharedSecret.Initializer.parameter.secretName">secretName</a></code> | <code>string</code> | The name of the secret. |
|
|
3245
|
+
|
|
3246
|
+
---
|
|
3247
|
+
|
|
3248
|
+
##### `scope`<sup>Required</sup> <a name="scope" id="@rio-cloud/cdk-v2-constructs.datadogv2.DatadogSharedSecret.Initializer.parameter.scope"></a>
|
|
3249
|
+
|
|
3250
|
+
- *Type:* constructs.IConstruct
|
|
3251
|
+
|
|
3252
|
+
---
|
|
3253
|
+
|
|
3254
|
+
##### `id`<sup>Required</sup> <a name="id" id="@rio-cloud/cdk-v2-constructs.datadogv2.DatadogSharedSecret.Initializer.parameter.id"></a>
|
|
3255
|
+
|
|
3256
|
+
- *Type:* string
|
|
3257
|
+
|
|
3258
|
+
---
|
|
3259
|
+
|
|
3260
|
+
##### `secretName`<sup>Required</sup> <a name="secretName" id="@rio-cloud/cdk-v2-constructs.datadogv2.DatadogSharedSecret.Initializer.parameter.secretName"></a>
|
|
3261
|
+
|
|
3262
|
+
- *Type:* string
|
|
3263
|
+
|
|
3264
|
+
The name of the secret.
|
|
3265
|
+
|
|
3266
|
+
For "owned" secrets, this will be the full resource name (secret name + suffix), unless the
|
|
3267
|
+
'@aws-cdk/aws-secretsmanager:parseOwnedSecretName' feature flag is set.
|
|
3268
|
+
|
|
3269
|
+
---
|
|
2826
3270
|
|
|
2827
3271
|
#### Methods <a name="Methods" id="Methods"></a>
|
|
2828
3272
|
|
package/docs/changelog.md
CHANGED
|
@@ -2,6 +2,26 @@
|
|
|
2
2
|
|
|
3
3
|
All notable changes to this project will be documented in this file. See [commit-and-tag-version](https://github.com/absolute-version/commit-and-tag-version) for commit guidelines.
|
|
4
4
|
|
|
5
|
+
## [7.8.1-alpha.0](https://bitbucket.collaboration-man.com/projects/RIODEV/repos/cdk-v2-constructs/compare/commits?targetBranch=refs%2Ftags%2Fv7.8.0&sourceBranch=refs%2Ftags%2Fv7.8.1-alpha.0) (2025-08-05)
|
|
6
|
+
|
|
7
|
+
## [7.8.0](https://bitbucket.collaboration-man.com/projects/RIODEV/repos/cdk-v2-constructs/compare/commits?targetBranch=refs%2Ftags%2Fv7.7.1&sourceBranch=refs%2Ftags%2Fv7.8.0) (2025-07-31)
|
|
8
|
+
|
|
9
|
+
|
|
10
|
+
### Features
|
|
11
|
+
|
|
12
|
+
* returning string (instead of unsafeUnwrapped string) from datadog secret for better security ([5a06162](https://bitbucket.collaboration-man.com/projects/RIODEV/repos/cdk-v2-constructs/commits/5a061622622526e1c82a1fa7e0e089cabc0c6f2e))
|
|
13
|
+
|
|
14
|
+
## [7.7.1](https://bitbucket.collaboration-man.com/projects/RIODEV/repos/cdk-v2-constructs/compare/commits?targetBranch=refs%2Ftags%2Fv7.7.0&sourceBranch=refs%2Ftags%2Fv7.7.1) (2025-07-30)
|
|
15
|
+
|
|
16
|
+
## [7.7.0](https://bitbucket.collaboration-man.com/projects/RIODEV/repos/cdk-v2-constructs/compare/commits?targetBranch=refs%2Ftags%2Fv7.7.0-alpha.0&sourceBranch=refs%2Ftags%2Fv7.7.0) (2025-07-30)
|
|
17
|
+
|
|
18
|
+
## [7.7.0-alpha.0](https://bitbucket.collaboration-man.com/projects/RIODEV/repos/cdk-v2-constructs/compare/commits?targetBranch=refs%2Ftags%2Fv7.6.0&sourceBranch=refs%2Ftags%2Fv7.7.0-alpha.0) (2025-07-30)
|
|
19
|
+
|
|
20
|
+
|
|
21
|
+
### Features
|
|
22
|
+
|
|
23
|
+
* using shared datadog secret instead of ssm parameter in rio-fargate-service ([e376e3e](https://bitbucket.collaboration-man.com/projects/RIODEV/repos/cdk-v2-constructs/commits/e376e3e7cf5367e0de63180b1c0c7b42d6a5fbdd))
|
|
24
|
+
|
|
5
25
|
## [7.6.0](https://bitbucket.collaboration-man.com/projects/RIODEV/repos/cdk-v2-constructs/compare/commits?targetBranch=refs%2Ftags%2Fv7.5.4&sourceBranch=refs%2Ftags%2Fv7.6.0) (2025-07-24)
|
|
6
26
|
|
|
7
27
|
|
|
@@ -62,8 +62,7 @@ export interface DatadogLambdaInstrumentationProps {
|
|
|
62
62
|
* So just change it, if you need the advanced features.
|
|
63
63
|
*
|
|
64
64
|
* Additionally, some defaults from the datadog-integration account module are applied:
|
|
65
|
-
* - the secret for the API key is read from
|
|
66
|
-
* - the site is read from the parameter store `/rio/config/datadog-integration/site`
|
|
65
|
+
* - the secret and site for the API key is read from a shared secret in rio-developer-tools account
|
|
67
66
|
*
|
|
68
67
|
* To use it, install Datadog CDK Constructs package:
|
|
69
68
|
* ```bash
|
|
@@ -73,7 +72,7 @@ export interface DatadogLambdaInstrumentationProps {
|
|
|
73
72
|
export declare class DatadogLambdaInstrumentation extends Construct {
|
|
74
73
|
private delegate;
|
|
75
74
|
private datadogSecret;
|
|
76
|
-
private site;
|
|
75
|
+
private readonly site;
|
|
77
76
|
private readonly enhancedMetricsEnabled;
|
|
78
77
|
constructor(scope: Construct, id: string, props: DatadogLambdaInstrumentationProps);
|
|
79
78
|
addLambdaFunctions(lambdaFunctions: dd.LambdaFunction[], construct?: Construct): void;
|
|
@@ -14,8 +14,7 @@ const datadog_shared_secrets_1 = require("./datadog-shared-secrets");
|
|
|
14
14
|
* So just change it, if you need the advanced features.
|
|
15
15
|
*
|
|
16
16
|
* Additionally, some defaults from the datadog-integration account module are applied:
|
|
17
|
-
* - the secret for the API key is read from
|
|
18
|
-
* - the site is read from the parameter store `/rio/config/datadog-integration/site`
|
|
17
|
+
* - the secret and site for the API key is read from a shared secret in rio-developer-tools account
|
|
19
18
|
*
|
|
20
19
|
* To use it, install Datadog CDK Constructs package:
|
|
21
20
|
* ```bash
|
|
@@ -27,7 +26,7 @@ class DatadogLambdaInstrumentation extends constructs_1.Construct {
|
|
|
27
26
|
super(scope, id);
|
|
28
27
|
this.datadogSecret = datadog_shared_secrets_1.DatadogSharedSecret.apiKeySecret(this);
|
|
29
28
|
const resolvedDatadogSecret = datadog_shared_secrets_1.DatadogSharedSecret.credentialsSecret(this);
|
|
30
|
-
this.site = resolvedDatadogSecret.
|
|
29
|
+
this.site = resolvedDatadogSecret.getSecretValue('Site').unsafeUnwrap();
|
|
31
30
|
const finalProps = {
|
|
32
31
|
env: 'prod',
|
|
33
32
|
apiKeySecretArn: this.datadogSecret.secretArn,
|
|
@@ -73,4 +72,4 @@ const getSourceCodeIntegrationDefault = (node) => {
|
|
|
73
72
|
const isDisabled = value === 'false' || value === false;
|
|
74
73
|
return !isDisabled;
|
|
75
74
|
};
|
|
76
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
75
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZGF0YWRvZy1sYW1iZGEtaW5zdHJ1bWVudGF0aW9uLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vc3JjL2RhdGFkb2d2Mi9kYXRhZG9nLWxhbWJkYS1pbnN0cnVtZW50YXRpb24udHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7Ozs7QUFFQSwyQ0FBNkM7QUFDN0MsNkRBQTZEO0FBQzdELGdEQUFnRDtBQUNoRCxxRUFBK0Q7QUF5RC9EOzs7Ozs7Ozs7Ozs7O0dBYUc7QUFDSCxNQUFhLDRCQUE2QixTQUFRLHNCQUFTO0lBS3pELFlBQVksS0FBZ0IsRUFBRSxFQUFVLEVBQUUsS0FBd0M7UUFDaEYsS0FBSyxDQUFDLEtBQUssRUFBRSxFQUFFLENBQUMsQ0FBQztRQUVqQixJQUFJLENBQUMsYUFBYSxHQUFHLDRDQUFtQixDQUFDLFlBQVksQ0FBQyxJQUFJLENBQUMsQ0FBQztRQUU1RCxNQUFNLHFCQUFxQixHQUFHLDRDQUFtQixDQUFDLGlCQUFpQixDQUFDLElBQUksQ0FBQyxDQUFDO1FBQzFFLElBQUksQ0FBQyxJQUFJLEdBQUcscUJBQXFCLENBQUMsY0FBYyxDQUFDLE1BQU0sQ0FBQyxDQUFDLFlBQVksRUFBRSxDQUFDO1FBRXhFLE1BQU0sVUFBVSxHQUFHO1lBQ2pCLEdBQUcsRUFBRSxNQUFNO1lBQ1gsZUFBZSxFQUFFLElBQUksQ0FBQyxhQUFhLENBQUMsU0FBUztZQUM3QyxJQUFJLEVBQUUsSUFBSSxDQUFDLElBQUk7WUFDZixpQkFBaUIsRUFBRSxJQUFJO1lBQ3ZCLGdCQUFnQixFQUFFLElBQUk7WUFDdEIsb0JBQW9CLEVBQUUsS0FBSztZQUMzQixzQkFBc0IsRUFBRSxLQUFLO1lBQzdCLGdCQUFnQixFQUFFLEtBQUs7WUFDdkIscUJBQXFCLEVBQUUsS0FBSztZQUM1QixlQUFlLEVBQUUsS0FBSztZQUN0QixxQkFBcUIsRUFBRSwrQkFBK0IsQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDO1lBQ2pFLEdBQUcsS0FBSztTQUNULENBQUM7UUFFRixFQUFFLENBQUMsYUFBYSxDQUFDLFVBQVUsQ0FBQyxDQUFDO1FBQzdCLEVBQUUsQ0FBQyx1QkFBdUIsQ0FBQyxVQUFVLENBQUMsQ0FBQztRQUV2QyxJQUFJLENBQUMsUUFBUSxHQUFHLElBQUksRUFBRSxDQUFDLE9BQU8sQ0FBQyxJQUFJLEVBQUUsU0FBUyxFQUFFLFVBQVUsQ0FBQyxDQUFDO1FBQzVELElBQUksQ0FBQyxzQkFBc0IsR0FBRyxLQUFLLENBQUMscUJBQXFCLElBQUksS0FBSyxDQUFDO0lBQ3JFLENBQUM7SUFFRCxrQkFBa0IsQ0FBQyxlQUFvQyxFQUFFLFNBQXFCO1FBQzVFLEtBQUssTUFBTSxjQUFjLElBQUksZUFBZSxFQUFFLENBQUM7WUFDN0MsSUFBSSxDQUFDLGFBQWEsQ0FBQyxTQUFTLENBQUMsY0FBYyxDQUFDLENBQUM7WUFDN0MsY0FBYyxDQUFDLGNBQWMsQ0FBQyxxQkFBcUIsRUFBRSxHQUFHLElBQUksQ0FBQyxzQkFBc0IsRUFBRSxDQUFDLENBQUM7UUFDekYsQ0FBQztRQUNELElBQUksQ0FBQyxRQUFRLENBQUMsa0JBQWtCLENBQUMsZUFBZSxFQUFFLFNBQVMsQ0FBQyxDQUFDO0lBQy9ELENBQUM7SUFDRCxvQkFBb0IsQ0FBQyxlQUFvQyxFQUFFLFlBQXFCLEVBQUUsVUFBbUI7UUFDbkcsSUFBSSxDQUFDLFFBQVEsQ0FBQyxvQkFBb0IsQ0FBQyxlQUFlLEVBQUUsWUFBWSxFQUFFLFVBQVUsQ0FBQyxDQUFDO0lBQ2hGLENBQUM7SUFDRCxnQ0FBZ0MsQ0FBQyxTQUEyQjtRQUMxRCxJQUFJLENBQUMsUUFBUSxDQUFDLGdDQUFnQyxDQUFDLFNBQVMsQ0FBQyxDQUFDO0lBQzVELENBQUM7O0FBL0NILG9FQWdEQzs7O0FBRUQ7OztHQUdHO0FBQ0gsTUFBTSwrQkFBK0IsR0FBRyxDQUFDLElBQVUsRUFBVyxFQUFFO0lBQzlELE1BQU0sS0FBSyxHQUFHLElBQUksQ0FBQyxhQUFhLENBQUMsMERBQTBELENBQUMsQ0FBQztJQUU3RixNQUFNLFVBQVUsR0FBRyxLQUFLLEtBQUssT0FBTyxJQUFJLEtBQUssS0FBSyxLQUFLLENBQUM7SUFFeEQsT0FBTyxDQUFDLFVBQVUsQ0FBQztBQUNyQixDQUFDLENBQUMiLCJzb3VyY2VzQ29udGVudCI6WyJpbXBvcnQgKiBhcyBsb2dzIGZyb20gJ2F3cy1jZGstbGliL2F3cy1sb2dzJztcbmltcG9ydCAqIGFzIHNlY3JldHMgZnJvbSAnYXdzLWNkay1saWIvYXdzLXNlY3JldHNtYW5hZ2VyJztcbmltcG9ydCB7IENvbnN0cnVjdCwgTm9kZSB9IGZyb20gJ2NvbnN0cnVjdHMnO1xuLy8gZXNsaW50LWRpc2FibGUtbmV4dC1saW5lIGltcG9ydC9uby1leHRyYW5lb3VzLWRlcGVuZGVuY2llc1xuaW1wb3J0ICogYXMgZGQgZnJvbSAnZGF0YWRvZy1jZGstY29uc3RydWN0cy12Mic7XG5pbXBvcnQgeyBEYXRhZG9nU2hhcmVkU2VjcmV0IH0gZnJvbSAnLi9kYXRhZG9nLXNoYXJlZC1zZWNyZXRzJztcblxuLyoqXG4gKiBQcm9wcyBmb3IgdGhlIERhdGFkb2dMYW1iZGFJbnN0cnVtZW50YXRpb24gY29uc3RydWN0LlxuICogQ29waWVkIG92ZXIgZnJvbSBvcmlnaW5hbCBEYXRhZG9nIGNvbnN0cnVjdC5cbiAqIFRoaXMgaW50ZXJmYWNlIGlzIGludGVudGlvbmFsbHkgbm90IGV4dGVuZGluZyB0aGUgb3JpZ2luYWwgRGF0YWRvZ1Byb3BzLCBzbyB0aGF0IHRoZSBkZXBlbmRlbmN5IG5lZWRzIHRvIGJlIGJ1bmRsZWQgYXMgd2VsbC5cbiAqXG4gKiBsYXRlc3QgdmVyc2lvbiBmb3Igbm9kZUxheWVyVmVyc2lvbjogaHR0cHM6Ly9naXRodWIuY29tL0RhdGFEb2cvZGF0YWRvZy1sYW1iZGEtanMvcmVsZWFzZXNcbiAqXG4gKiBsYXRlc3QgdmVyc2lvbiBmb3IgZXh0ZW5zaW9uTGF5ZXJWZXJzaW9uOiBodHRwczovL2dpdGh1Yi5jb20vRGF0YURvZy9kYXRhZG9nLWxhbWJkYS1leHRlbnNpb24vcmVsZWFzZXNcbiAqXG4gKlxuICogQHNlZSBkZC5EYXRhZG9nUHJvcHNcbiAqL1xuZXhwb3J0IGludGVyZmFjZSBEYXRhZG9nTGFtYmRhSW5zdHJ1bWVudGF0aW9uUHJvcHMge1xuICByZWFkb25seSBzZXJ2aWNlOiBzdHJpbmc7XG5cbiAgLyoqXG4gICAqIFdoZXRoZXIgdG8gZW5hYmxlIGVuaGFuY2VkIG1ldHJpY3MgZm9yIHRoZSBMYW1iZGEgZnVuY3Rpb25zLlxuICAgKlxuICAgKiBAZGVmYXVsdFZhbHVlIGZhbHNlXG4gICovXG4gIHJlYWRvbmx5IGVuYWJsZUVuaGFuY2VkTWV0cmljcz86IGJvb2xlYW47XG4gIHJlYWRvbmx5IG5vZGVMYXllclZlcnNpb246IG51bWJlcjtcbiAgcmVhZG9ubHkgZXh0ZW5zaW9uTGF5ZXJWZXJzaW9uOiBudW1iZXI7XG4gIHJlYWRvbmx5IGFkZExheWVycz86IGJvb2xlYW47XG4gIHJlYWRvbmx5IGZvcndhcmRlckFybj86IHN0cmluZztcbiAgcmVhZG9ubHkgZmx1c2hNZXRyaWNzVG9Mb2dzPzogYm9vbGVhbjtcbiAgcmVhZG9ubHkgc2l0ZT86IHN0cmluZztcbiAgcmVhZG9ubHkgYXBpS2V5Pzogc3RyaW5nO1xuICByZWFkb25seSBhcGlLZXlTZWNyZXRBcm4/OiBzdHJpbmc7XG4gIHJlYWRvbmx5IGFwaUtleVNlY3JldD86IHNlY3JldHMuSVNlY3JldDtcbiAgcmVhZG9ubHkgYXBpS21zS2V5Pzogc3RyaW5nO1xuICByZWFkb25seSBlbmFibGVEYXRhZG9nVHJhY2luZz86IGJvb2xlYW47XG4gIHJlYWRvbmx5IGVuYWJsZURhdGFkb2dBU00/OiBib29sZWFuO1xuICByZWFkb25seSBlbmFibGVNZXJnZVhyYXlUcmFjZXM/OiBib29sZWFuO1xuICByZWFkb25seSBpbmplY3RMb2dDb250ZXh0PzogYm9vbGVhbjtcbiAgcmVhZG9ubHkgbG9nTGV2ZWw/OiBzdHJpbmc7XG4gIHJlYWRvbmx5IGVuYWJsZURhdGFkb2dMb2dzPzogYm9vbGVhbjtcbiAgcmVhZG9ubHkgY2FwdHVyZUxhbWJkYVBheWxvYWQ/OiBib29sZWFuO1xuICByZWFkb25seSBlbnY/OiBzdHJpbmc7XG4gIHJlYWRvbmx5IHZlcnNpb24/OiBzdHJpbmc7XG4gIHJlYWRvbmx5IHRhZ3M/OiBzdHJpbmc7XG4gIHJlYWRvbmx5IGNyZWF0ZUZvcndhcmRlclBlcm1pc3Npb25zPzogYm9vbGVhbjtcbiAgcmVhZG9ubHkgc291cmNlQ29kZUludGVncmF0aW9uPzogYm9vbGVhbjtcbiAgcmVhZG9ubHkgZW5hYmxlQ29sZFN0YXJ0VHJhY2luZz86IGJvb2xlYW47XG4gIHJlYWRvbmx5IG1pbkNvbGRTdGFydFRyYWNlRHVyYXRpb24/OiBudW1iZXI7XG4gIHJlYWRvbmx5IGNvbGRTdGFydFRyYWNlU2tpcExpYnM/OiBzdHJpbmc7XG4gIHJlYWRvbmx5IGVuYWJsZVByb2ZpbGluZz86IGJvb2xlYW47XG4gIHJlYWRvbmx5IGVuY29kZUF1dGhvcml6ZXJDb250ZXh0PzogYm9vbGVhbjtcbiAgcmVhZG9ubHkgZGVjb2RlQXV0aG9yaXplckNvbnRleHQ/OiBib29sZWFuO1xuICByZWFkb25seSBhcG1GbHVzaERlYWRsaW5lPzogc3RyaW5nIHwgbnVtYmVyO1xuICByZWFkb25seSByZWRpcmVjdEhhbmRsZXI/OiBib29sZWFuO1xuICByZWFkb25seSBncmFudFNlY3JldFJlYWRBY2Nlc3M/OiBib29sZWFuO1xuICByZWFkb25seSB1c2VMYXllcnNGcm9tQWNjb3VudD86IHN0cmluZztcbn1cblxuLyoqXG4gKiBXcmFwcGVyIGNvbnN0cnVjdCBmb3IgRGF0YWRvZydzIExhbWJkYSBpbnN0cnVtZW50YXRpb24uXG4gKiBUaGlzIGNvbnN0cnVjdCB3aWxsIGNyZWF0ZSBhIERhdGFkb2cgY29uc3RydWN0IHdpdGggdGhlIHByb3ZpZGVkIHByb3BzIGFuZCBhZGQgdGhlIExhbWJkYSBmdW5jdGlvbnMgdG8gaXQuXG4gKiBQZXIgZGVmYXVsdCwgaXQgd2lsbCBkaXNhYmxlIGFsbCBhZGRpdGlvbmFsIGZlYXR1cmVzLCB0aGF0IGNhdXNlIERhdGFkb2cgY2hhcmdpbmcgZm9yIFNlcnZlcmxlc3MgRnVuY3Rpb25zIGZlYXR1cmVzLlxuICogU28ganVzdCBjaGFuZ2UgaXQsIGlmIHlvdSBuZWVkIHRoZSBhZHZhbmNlZCBmZWF0dXJlcy5cbiAqXG4gKiBBZGRpdGlvbmFsbHksIHNvbWUgZGVmYXVsdHMgZnJvbSB0aGUgZGF0YWRvZy1pbnRlZ3JhdGlvbiBhY2NvdW50IG1vZHVsZSBhcmUgYXBwbGllZDpcbiAqIC0gdGhlIHNlY3JldCBhbmQgc2l0ZSBmb3IgdGhlIEFQSSBrZXkgaXMgcmVhZCBmcm9tIGEgc2hhcmVkIHNlY3JldCBpbiByaW8tZGV2ZWxvcGVyLXRvb2xzIGFjY291bnRcbiAqXG4gKiBUbyB1c2UgaXQsIGluc3RhbGwgRGF0YWRvZyBDREsgQ29uc3RydWN0cyBwYWNrYWdlOlxuICogYGBgYmFzaFxuICogbnBtIGkgLUQgZGF0YWRvZy1jZGstY29uc3RydWN0cy12MlxuICogYGBgXG4gKi9cbmV4cG9ydCBjbGFzcyBEYXRhZG9nTGFtYmRhSW5zdHJ1bWVudGF0aW9uIGV4dGVuZHMgQ29uc3RydWN0IHtcbiAgcHJpdmF0ZSBkZWxlZ2F0ZTogZGQuRGF0YWRvZztcbiAgcHJpdmF0ZSBkYXRhZG9nU2VjcmV0OiBEYXRhZG9nU2hhcmVkU2VjcmV0O1xuICBwcml2YXRlIHJlYWRvbmx5IHNpdGU6IHN0cmluZztcbiAgcHJpdmF0ZSByZWFkb25seSBlbmhhbmNlZE1ldHJpY3NFbmFibGVkOiBib29sZWFuO1xuICBjb25zdHJ1Y3RvcihzY29wZTogQ29uc3RydWN0LCBpZDogc3RyaW5nLCBwcm9wczogRGF0YWRvZ0xhbWJkYUluc3RydW1lbnRhdGlvblByb3BzKSB7XG4gICAgc3VwZXIoc2NvcGUsIGlkKTtcblxuICAgIHRoaXMuZGF0YWRvZ1NlY3JldCA9IERhdGFkb2dTaGFyZWRTZWNyZXQuYXBpS2V5U2VjcmV0KHRoaXMpO1xuXG4gICAgY29uc3QgcmVzb2x2ZWREYXRhZG9nU2VjcmV0ID0gRGF0YWRvZ1NoYXJlZFNlY3JldC5jcmVkZW50aWFsc1NlY3JldCh0aGlzKTtcbiAgICB0aGlzLnNpdGUgPSByZXNvbHZlZERhdGFkb2dTZWNyZXQuZ2V0U2VjcmV0VmFsdWUoJ1NpdGUnKS51bnNhZmVVbndyYXAoKTtcblxuICAgIGNvbnN0IGZpbmFsUHJvcHMgPSB7XG4gICAgICBlbnY6ICdwcm9kJyxcbiAgICAgIGFwaUtleVNlY3JldEFybjogdGhpcy5kYXRhZG9nU2VjcmV0LnNlY3JldEFybixcbiAgICAgIHNpdGU6IHRoaXMuc2l0ZSxcbiAgICAgIGVuYWJsZURhdGFkb2dMb2dzOiB0cnVlLFxuICAgICAgaW5qZWN0TG9nQ29udGV4dDogdHJ1ZSxcbiAgICAgIGVuYWJsZURhdGFkb2dUcmFjaW5nOiBmYWxzZSxcbiAgICAgIGVuYWJsZUNvbGRTdGFydFRyYWNpbmc6IGZhbHNlLFxuICAgICAgZW5hYmxlRGF0YWRvZ0FTTTogZmFsc2UsXG4gICAgICBlbmFibGVNZXJnZVhyYXlUcmFjZXM6IGZhbHNlLFxuICAgICAgZW5hYmxlUHJvZmlsaW5nOiBmYWxzZSxcbiAgICAgIHNvdXJjZUNvZGVJbnRlZ3JhdGlvbjogZ2V0U291cmNlQ29kZUludGVncmF0aW9uRGVmYXVsdCh0aGlzLm5vZGUpLFxuICAgICAgLi4ucHJvcHMsXG4gICAgfTtcblxuICAgIGRkLnZhbGlkYXRlUHJvcHMoZmluYWxQcm9wcyk7XG4gICAgZGQuY2hlY2tGb3JNdWx0aXBsZUFwaUtleXMoZmluYWxQcm9wcyk7XG5cbiAgICB0aGlzLmRlbGVnYXRlID0gbmV3IGRkLkRhdGFkb2codGhpcywgJ0RhdGFkb2cnLCBmaW5hbFByb3BzKTtcbiAgICB0aGlzLmVuaGFuY2VkTWV0cmljc0VuYWJsZWQgPSBwcm9wcy5lbmFibGVFbmhhbmNlZE1ldHJpY3MgPz8gZmFsc2U7XG4gIH1cblxuICBhZGRMYW1iZGFGdW5jdGlvbnMobGFtYmRhRnVuY3Rpb25zOiBkZC5MYW1iZGFGdW5jdGlvbltdLCBjb25zdHJ1Y3Q/OiBDb25zdHJ1Y3QpOiB2b2lkIHtcbiAgICBmb3IgKGNvbnN0IGxhbWJkYUZ1bmN0aW9uIG9mIGxhbWJkYUZ1bmN0aW9ucykge1xuICAgICAgdGhpcy5kYXRhZG9nU2VjcmV0LmdyYW50UmVhZChsYW1iZGFGdW5jdGlvbik7XG4gICAgICBsYW1iZGFGdW5jdGlvbi5hZGRFbnZpcm9ubWVudCgnRERfRU5IQU5DRURfTUVUUklDUycsIGAke3RoaXMuZW5oYW5jZWRNZXRyaWNzRW5hYmxlZH1gKTtcbiAgICB9XG4gICAgdGhpcy5kZWxlZ2F0ZS5hZGRMYW1iZGFGdW5jdGlvbnMobGFtYmRhRnVuY3Rpb25zLCBjb25zdHJ1Y3QpO1xuICB9XG4gIGFkZEdpdENvbW1pdE1ldGFkYXRhKGxhbWJkYUZ1bmN0aW9uczogZGQuTGFtYmRhRnVuY3Rpb25bXSwgZ2l0Q29tbWl0U2hhPzogc3RyaW5nLCBnaXRSZXBvVXJsPzogc3RyaW5nKTogdm9pZCB7XG4gICAgdGhpcy5kZWxlZ2F0ZS5hZGRHaXRDb21taXRNZXRhZGF0YShsYW1iZGFGdW5jdGlvbnMsIGdpdENvbW1pdFNoYSwgZ2l0UmVwb1VybCk7XG4gIH1cbiAgYWRkRm9yd2FyZGVyVG9Ob25MYW1iZGFMb2dHcm91cHMobG9nR3JvdXBzOiBsb2dzLklMb2dHcm91cFtdKTogdm9pZCB7XG4gICAgdGhpcy5kZWxlZ2F0ZS5hZGRGb3J3YXJkZXJUb05vbkxhbWJkYUxvZ0dyb3Vwcyhsb2dHcm91cHMpO1xuICB9XG59XG5cbi8qKlxuICogQHBhcmFtIG5vZGUgLSBUaGUgbm9kZSB0byBjaGVjayBmb3IgdGhlIGNvbnRleHQgdmFsdWVcbiAqIEByZXR1cm5zIHRydWUgYXMgYSBkZWZhdWx0IGlmIG5vdCBkaXNhYmxlZCB2aWEgY29udGV4dFxuICovXG5jb25zdCBnZXRTb3VyY2VDb2RlSW50ZWdyYXRpb25EZWZhdWx0ID0gKG5vZGU6IE5vZGUpOiBib29sZWFuID0+IHtcbiAgY29uc3QgdmFsdWUgPSBub2RlLnRyeUdldENvbnRleHQoJ0ByaW8tY2xvdWQvY2RrLXYyLWNvbnN0cnVjdHM6ZW5hYmxlU291cmNlQ29kZUludGVncmF0aW9uJyk7XG5cbiAgY29uc3QgaXNEaXNhYmxlZCA9IHZhbHVlID09PSAnZmFsc2UnIHx8IHZhbHVlID09PSBmYWxzZTtcblxuICByZXR1cm4gIWlzRGlzYWJsZWQ7XG59O1xuIl19
|
|
@@ -2,22 +2,11 @@ import * as cdk from 'aws-cdk-lib';
|
|
|
2
2
|
import * as iam from 'aws-cdk-lib/aws-iam';
|
|
3
3
|
import * as sec from 'aws-cdk-lib/aws-secretsmanager';
|
|
4
4
|
import * as constructs from 'constructs';
|
|
5
|
-
|
|
6
|
-
* A custom resource that resolves the secret ARN based on the organization ID.
|
|
7
|
-
*/
|
|
8
|
-
export declare class DatadogSharedSecret extends constructs.Construct implements sec.ISecret {
|
|
9
|
-
/**
|
|
10
|
-
* This static function resolves to the plain api-key secret, that can be used for the log forwarder or the Lambda instrumentation.
|
|
11
|
-
*/
|
|
12
|
-
static apiKeySecret(scope: constructs.Construct): DatadogSharedSecret;
|
|
13
|
-
/**
|
|
14
|
-
* This static function resolves to the json credentials secret that contains ['ApiKey', 'ApplicationKey', 'Site'].
|
|
15
|
-
*/
|
|
16
|
-
static credentialsSecret(scope: constructs.Construct): DatadogSharedSecret;
|
|
5
|
+
declare abstract class SharedSecret extends constructs.Construct implements sec.ISecret {
|
|
17
6
|
private static setupCustomResource;
|
|
18
|
-
|
|
7
|
+
protected readonly secret: sec.ISecret;
|
|
19
8
|
private customResource;
|
|
20
|
-
|
|
9
|
+
protected constructor(scope: constructs.IConstruct, id: string, secretName: string);
|
|
21
10
|
get stack(): cdk.Stack;
|
|
22
11
|
get env(): cdk.ResourceEnvironment;
|
|
23
12
|
get encryptionKey(): cdk.aws_kms.IKey | undefined;
|
|
@@ -34,3 +23,30 @@ export declare class DatadogSharedSecret extends constructs.Construct implements
|
|
|
34
23
|
attach(_target: sec.ISecretAttachmentTarget): sec.ISecret;
|
|
35
24
|
applyRemovalPolicy(_policy: cdk.RemovalPolicy): void;
|
|
36
25
|
}
|
|
26
|
+
/**
|
|
27
|
+
* A custom resource that resolves the Datadog API keys from a shared secret
|
|
28
|
+
* @example
|
|
29
|
+
* const datadogApiKey = DatadogSharedSecret.apiKeySecret(this);
|
|
30
|
+
*
|
|
31
|
+
* const datadogSecret = DatadogSharedSecret.credentialsSecret(this);
|
|
32
|
+
* const datadogSite = datadogSecret.getSecret('Site');
|
|
33
|
+
* const datadogApiKey = datadogSecret.getSecret('ApiKey');
|
|
34
|
+
* const datadogApiKeyValue = datadogSecret.getSecretValue('ApiKey');
|
|
35
|
+
* const datadogApiKeyValue = datadogSecret.getSecretValue('ApplicationKey');
|
|
36
|
+
*/
|
|
37
|
+
export declare class DatadogSharedSecret extends SharedSecret {
|
|
38
|
+
/**
|
|
39
|
+
* This static function resolves to the plain api-key secret, that can be used for the log forwarder or the Lambda instrumentation.
|
|
40
|
+
*/
|
|
41
|
+
static apiKeySecret(scope: constructs.Construct): DatadogSharedSecret;
|
|
42
|
+
/**
|
|
43
|
+
* This static function resolves to the json credentials secret that contains ['ApiKey', 'ApplicationKey', 'Site'].
|
|
44
|
+
*/
|
|
45
|
+
static credentialsSecret(scope: constructs.Construct): DatadogSharedCredentials;
|
|
46
|
+
}
|
|
47
|
+
type Field = 'ApplicationKey' | 'Site' | 'ApiKey';
|
|
48
|
+
export declare class DatadogSharedCredentials extends SharedSecret {
|
|
49
|
+
getSecretValue(field: Field): cdk.SecretValue;
|
|
50
|
+
getSecret(field: Field): cdk.aws_ecs.Secret;
|
|
51
|
+
}
|
|
52
|
+
export {};
|