-
Notifications
You must be signed in to change notification settings - Fork 3.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
aws-redshift-alpha: User DatabaseSecret created without masterarn in Secret Text causing multi-user secret rotation to fail #28852
Labels
@aws-cdk/aws-redshift
Related to Amazon Redshift
bug
This issue is a bug.
effort/medium
Medium work item – several days of effort
p3
Comments
penniman26
added
bug
This issue is a bug.
needs-triage
This issue or PR still needs to be triaged.
labels
Jan 24, 2024
penniman26
pushed a commit
to penniman26/aws-cdk
that referenced
this issue
Jan 25, 2024
Fixes Redshift User Secret Multi-User Rotation for new Users by including `masterarn` in the Secret's Serialized JSON Object Text. Note: This doesn't affect existing users (nor fixes roation for them) since the secret string template is only used when the secret is first created. For those existing secrets, the secret text will need to be updated to include `masterarn` using the GetSecretValue and UpdateSecret SecretManager APIs. closes aws#28852 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
penniman26
pushed a commit
to penniman26/aws-cdk
that referenced
this issue
Jan 25, 2024
Fixes Redshift User Secret Multi-User Rotation for new Users by including `masterarn` in the Secret's Serialized JSON Object Text. Note: This doesn't affect existing users (nor fixes roation for them) since the secret string template is only used when the secret is first created. For those existing secrets, the secret text will need to be updated to include `masterarn` using the GetSecretValue and UpdateSecret SecretManager APIs. closes aws#28852 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
penniman26
pushed a commit
to penniman26/aws-cdk
that referenced
this issue
Jan 25, 2024
Fixes Redshift User Secret Multi-User Rotation for new Users by including `masterarn` in the Secret's Serialized JSON Object Text. Note: This doesn't affect existing users (nor fixes roation for them) since the secret string template is only used when the secret is first created. For those existing secrets, the secret text will need to be updated to include `masterarn` using the GetSecretValue and UpdateSecret SecretManager APIs. closes aws#28852 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
penniman26
pushed a commit
to penniman26/aws-cdk
that referenced
this issue
Jan 25, 2024
Fixes Redshift User Secret Multi-User Rotation for new Users by including `masterarn` in the Secret's Serialized JSON Object Text. Note: This doesn't affect existing users (nor fixes roation for them) since the secret string template is only used when the secret is first created. For those existing secrets, the secret text will need to be updated to include `masterarn` using the GetSecretValue and UpdateSecret SecretManager APIs. closes aws#28852 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Thank you and we appreciate your PR. |
pahud
added
p2
effort/medium
Medium work item – several days of effort
and removed
needs-triage
This issue or PR still needs to be triaged.
labels
Jan 29, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
@aws-cdk/aws-redshift
Related to Amazon Redshift
bug
This issue is a bug.
effort/medium
Medium work item – several days of effort
p3
Describe the bug
Multi-User Secret Rotation on Redshift User Secret does not work without a
masterarn
field present in Redshift User Secret serialized JSON text.The User Construct does not plumb in the Cluster's secret (i.e. the master secret) to the DatabaseSecret in the User constructor.
A similar change was applied to RDS's DatabaseSecret and Cluster to enable Multi-User Secret Rotation
Expected Behavior
After enabling Multi-User Secret Rotation:
The Redshift User Secret has a
masterarn
so that Multi-User Secret Rotation worksCurrent Behavior
The Secret Rotation Lambda fails with
Reproduction Steps
Possible Solution
props.adminUser
to DatabaseSecret's new masterSecret propAdditional Information/Context
No response
CDK CLI Version
2.70.0
Framework Version
No response
Node.js Version
18
OS
AL2
Language
TypeScript
Language Version
No response
Other information
No response
The text was updated successfully, but these errors were encountered: