Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

aws_rds: DatabaseInstance credentials doesn't accept dict in Python #30514

Closed
andrewvaughan opened this issue Jun 10, 2024 · 4 comments
Closed

aws_rds: DatabaseInstance credentials doesn't accept dict in Python #30514

andrewvaughan opened this issue Jun 10, 2024 · 4 comments
Assignees
@khushail
Labels
@aws-cdk/aws-rds Related to Amazon Relational Database bug This issue is a bug. closed-for-staleness This issue was automatically closed because it hadn't received any attention in a while. response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days.

Comments

@andrewvaughan
Copy link

Describe the bug

Per the Python documentation:

https://docs.aws.amazon.com/cdk/api/v2/python/aws_cdk.aws_rds/DatabaseInstance.html

credentials (Optional[Credentials]) – Credentials for the administrative user. Default: - A username of ‘admin’ (or ‘postgres’ for PostgreSQL) and SecretsManager-generated password

However, the example immediately preceding shows a dictionary being used to involve template secrets:

# Templated secret with username and password fields
templated_secret = secretsmanager.Secret(self, "TemplatedSecret",
    generate_secret_string=secretsmanager.SecretStringGenerator(
        secret_string_template=JSON.stringify({"username": "postgres"}),
        generate_string_key="password",
        exclude_characters="/@""
    )
)
# Using the templated secret as credentials
instance2 = rds.DatabaseInstance(self, "PostgresInstance2",
    engine=rds.DatabaseInstanceEngine.POSTGRES,
    credentials={
        "username": templated_secret.secret_value_from_json("username").to_string(),
        "password": templated_secret.secret_value_from_json("password")
    },
    vpc=vpc
)

And the code will fail if a dict is used, as shown. Either the documentation should be updated to remove the invalid example, or (recommended) the credentials variable should be updated to accept a dict.

Expected Behavior

A dict should be accepted for the credentials parameter of DatabaseInstance.

Current Behavior

TypeError: type of argument credentials must be one of (aws_cdk.aws_rds.Credentials, NoneType); got dict instead

Reproduction Steps

Copy and paste the example from the documentation.

Possible Solution

No response

Additional Information/Context

No response

CDK CLI Version

2.145.0 (build fdf53ba)

Framework Version

No response

Node.js Version

Node.js v22.2.0

OS

macOS

Language

Python

Language Version

Python 3.12.0

Other information

No response
@andrewvaughan andrewvaughan added bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels Jun 10, 2024
@github-actions github-actions bot added the @aws-cdk/aws-rds Related to Amazon Relational Database label Jun 10, 2024
@andrewvaughan
Copy link
Author

Alternatively, improve the documentation by removing the dict based approach and use:

  # ...
  credentials=rds.Credentials.from_secret(templated_secret)
  # ...

@khushail khushail added investigating This issue is being investigated and/or work is in progress to resolve the issue. and removed needs-triage This issue or PR still needs to be triaged. labels Jun 12, 2024
@khushail khushail self-assigned this Jun 12, 2024
@khushail khushail added needs-reproduction This issue needs reproduction. and removed investigating This issue is being investigated and/or work is in progress to resolve the issue. labels Jun 12, 2024
@github-actions github-actions bot mentioned this issue Jun 17, 2024
Closed
@github-actions github-actions bot mentioned this issue Jul 1, 2024
Closed
@khushail khushail added investigating This issue is being investigated and/or work is in progress to resolve the issue. and removed needs-reproduction This issue needs reproduction. labels Jul 1, 2024
@khushail
Copy link
Contributor

khushail commented Jul 1, 2024

Hi @andrewvaughan , thanks for reaching out.

Could you please try doing this way and see if it works as I noticed that the fromSecert() uses Secret object and username which works like this -

aws-cdk/packages/aws-cdk-lib/aws-rds/lib/props.ts

Line 251 in b368c78

public static fromSecret(secret: secretsmanager.ISecret, username?: string): Credentials {

code change -

credentials= rds.Credentials.from_secret(secret01, "username"),

Sharing the synthesized template snippet -

{
 "Resources": {
  "AuroraSecret41E6E877": {
   "Type": "AWS::SecretsManager::Secret",
   "Properties": {
    "Description": {
     "Fn::Join": [
      "",
      [
       "Generated by the CDK for stack: ",
       {
        "Ref": "AWS::StackName"
       }
      ]
     ]
    },
    "GenerateSecretString": {
     "ExcludeCharacters": " %+~`#$&*()|[]{}:;<>?!'/@\"\\",
     "GenerateStringKey": "password",
     "PasswordLength": 30,
     "SecretStringTemplate": "{\"username\":\"clusteradmin\"}"
    }
   },
   "UpdateReplacePolicy": "Delete",
   "DeletionPolicy": "Delete",
   "Metadata": {
    "aws:cdk:path": "RdscredsissueStack/AuroraSecret/Resource"
   }
  },

Also I tried to repro in typescript to see if dict is accepted and its successful there as well -

const cluster = new rds.DatabaseCluster(this, 'AuroraClusterV2', {
      engine: rds.DatabaseClusterEngine.auroraPostgres({ version: rds.AuroraPostgresEngineVersion.VER_15_5 }),
      credentials: { username: 'clusteradmin'},
      clusterIdentifier: 'db-endpoint-test',
      writer: rds.ClusterInstance.serverlessV2('writer'),
      serverlessV2MinCapacity: 2,
      serverlessV2MaxCapacity: 10,
      vpc,
      defaultDatabaseName: 'demos',
      enableDataApi: true,  // has to be set to true to enable Data API as not enable by default
    });

Please feel free to correct if something is misinterpreted.

@khushail khushail added response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days. and removed investigating This issue is being investigated and/or work is in progress to resolve the issue. labels Jul 1, 2024
@github-actions GitHub Actions
Copy link

github-actions bot commented Jul 4, 2024

This issue has not received a response in a while. If you want to keep this issue open, please leave a comment below and auto-close will be canceled.

@github-actions github-actions bot added closing-soon This issue will automatically close in 4 days unless further comments are made. closed-for-staleness This issue was automatically closed because it hadn't received any attention in a while. and removed closing-soon This issue will automatically close in 4 days unless further comments are made. labels Jul 4, 2024
@github-actions github-actions bot closed this as completed Jul 9, 2024
@aws-cdk-automation
Copy link
Collaborator

Comments on closed issues and PRs are hard for our team to see. If you need help, please open a new issue that references this one.

@aws aws locked as resolved and limited conversation to collaborators Jul 25, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@khushail khushail

Labels
@aws-cdk/aws-rds Related to Amazon Relational Database bug This issue is a bug. closed-for-staleness This issue was automatically closed because it hadn't received any attention in a while. response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@andrewvaughan @aws-cdk-automation @khushail