fix(secretsmanager): allow templated string creation #2010
Conversation
The interface `TemplatedSecretStringGenerator` was exported but not used in the `generateSecretString` prop.
| @@ -75,7 +75,7 @@ export interface SecretProps { | |||
| * @default 32 characters with upper-case letters, lower-case letters, punctuation and numbers (at least one from each | |||
| * category), per the default values of ``SecretStringGenerator``. | |||
| */ | |||
| generateSecretString?: SecretStringGenerator; | |||
| generateSecretString?: SecretStringGenerator | TemplatedSecretStringGenerator; | |||
There was a problem hiding this comment.
Unions do not translate very nicely across programming languages since some languages don't support them, so we forbid unions at the L2 layer. The solution is usually to define an abstract class with a bunch of static factory methods for the various options.
There was a problem hiding this comment.
An easy solution here could be to integrate generateStringKey and secretStringTemplate in the SecretStringGenerator interface (which is a prop of SecretProps) and add validation (if one is specified the other must also be specified), what do you think?
There was a problem hiding this comment.
But... TemplatedSecretStringGenerator extends SecretStringGenerator, so you are able to pass an instance of that in and it'll be used just as you'd expect... The signature already enables that. I'll admit that discoverability isn't all so great, but I don't see why altering the signature is useful.
There was a problem hiding this comment.
This doesn't work:
new secretsmanager.Secret(this, 'Secret', {
generateSecretString: {
secretStringTemplate: JSON.stringify({ username: 'username' }),
generateStringKey: 'password',
excludeCharacters: '"@/\\'
}
}) Types of property 'generateSecretString' are incompatible.
Type '{ passwordLength: number; secretStringTemplate: string; generateStringKey: string; excludeCharacters: string; }' is not assignable to type 'SecretStringGenerator'.
Object literal may only specify known properties, and 'secretStringTemplate' does not exist in type 'SecretStringGenerator'.
You mean like this?
new secretsmanager.Secret(this, 'Resource', {
generateSecretString: ({
secretStringTemplate: JSON.stringify({ username: 'username' }),
generateStringKey: 'password',
excludeCharacters: '"@/\\'
}) as secretsmanager.TemplatedSecretStringGenerator
});
There was a problem hiding this comment.
@RomainMuller it's not a comfortable interface for value-typed interfaces. TSC is not going to search the whole type space for a type that matches your literal object AND happens to be assignable to a SecretStringGenerator.
It's actually good that it doesn't because I'm not sure the semantics would be preserved when using it via JSII.
We can either make 2 arguments at the top-level:
secretStringGenerator?: SecretStringGenerator;
templatedSecretStringGenerator?: TemplatedSecretStringGenerator;OR
Fold the 2 structures together and do some run-time analysis
OR
Define an interface and 2 classes and some factory functions.
Preferences?
There was a problem hiding this comment.
If nobody expresses a preference by Monday I'm going to pick something.
There was a problem hiding this comment.
Fold the 2 structures together and do some run-time analysis
I have a preference for this solution...
| @@ -81,7 +81,7 @@ export interface SecretProps { | |||
| * @default 32 characters with upper-case letters, lower-case letters, punctuation and numbers (at least one from each | |||
| * category), per the default values of ``SecretStringGenerator``. | |||
| */ | |||
| generateSecretString?: SecretStringGenerator; | |||
There was a problem hiding this comment.
Why rid of the semicolon?
The interface
TemplatedSecretStringGeneratorwas exported but notused in the
generateSecretStringprop.Pull Request Checklist
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license.