Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

aws_rds: DatabaseInstance credentials doesn't accept dict in Python #30514

Closed
andrewvaughan opened this issue Jun 10, 2024 · 4 comments
Closed

aws_rds: DatabaseInstance credentials doesn't accept dict in Python #30514

andrewvaughan opened this issue Jun 10, 2024 · 4 comments
Assignees
@khushail
Labels
@aws-cdk/aws-rds Related to Amazon Relational Database bug This issue is a bug. closed-for-staleness This issue was automatically closed because it hadn't received any attention in a while. response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days.

Comments

@andrewvaughan
Copy link

Describe the bug

Per the Python documentation:

https://docs.aws.amazon.com/cdk/api/v2/python/aws_cdk.aws_rds/DatabaseInstance.html

credentials (Optional[Credentials]) – Credentials for the administrative user. Default: - A username of ‘admin’ (or ‘postgres’ for PostgreSQL) and SecretsManager-generated password

However, the example immediately preceding shows a dictionary being used to involve template secrets:

# Templated secret with username and password fields
templated_secret = secretsmanager.Secret(self, "TemplatedSecret",
    generate_secret_string=secretsmanager.SecretStringGenerator(
        secret_string_template=JSON.stringify({"username": "postgres"}),
        generate_string_key="password",
        exclude_characters="/@""
    )
)
# Using the templated secret as credentials
instance2 = rds.DatabaseInstance(self, "PostgresInstance2",
    engine=rds.DatabaseInstanceEngine.POSTGRES,
    credentials={
        "username": templated_secret.secret_value_from_json("username").to_string(),
        "password": templated_secret.secret_value_from_json("password")
    },
    vpc=vpc
)

And the code will fail if a dict is used, as shown. Either the documentation should be updated to remove the invalid example, or (recommended) the credentials variable should be updated to accept a dict.

Expected Behavior

A dict should be accepted for the credentials parameter of DatabaseInstance.

Current Behavior

TypeError: type of argument credentials must be one of (aws_cdk.aws_rds.Credentials, NoneType); got dict instead

Reproduction Steps

Copy and paste the example from the documentation.

Possible Solution

No response

Additional Information/Context

No response

CDK CLI Version

2.145.0 (build fdf53ba)

Framework Version

No response

Node.js Version

Node.js v22.2.0

OS

macOS

Language

Python

Language Version

Python 3.12.0

Other information

No response
@andrewvaughan andrewvaughan added bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels Jun 10, 2024
@github-actions github-actions bot added the @aws-cdk/aws-rds Related to Amazon Relational Database label Jun 10, 2024
@andrewvaughan
Copy link
Author

Alternatively, improve the documentation by removing the dict based approach and use:

  # ...
  credentials=rds.Credentials.from_secret(templated_secret)
  # ...

@khushail khushail added investigating This issue is being investigated and/or work is in progress to resolve the issue. and removed needs-triage This issue or PR still needs to be triaged. labels Jun 12, 2024
@khushail khushail self-assigned this Jun 12, 2024
@khushail khushail added needs-reproduction This issue needs reproduction. and removed investigating This issue is being investigated and/or work is in progress to resolve the issue. labels Jun 12, 2024
@github-actions github-actions bot mentioned this issue Jun 17, 2024
Closed
@github-actions github-actions bot mentioned this issue Jul 1, 2024
Closed
@khushail khushail added investigating This issue is being investigated and/or work is in progress to resolve the issue. and removed needs-reproduction This issue needs reproduction. labels Jul 1, 2024
@khushail
Copy link
Contributor

khushail commented Jul 1, 2024

Hi @andrewvaughan , thanks for reaching out.

Could you please try doing this way and see if it works as I noticed that the fromSecert() uses Secret object and username which works like this -

aws-cdk/packages/aws-cdk-lib/aws-rds/lib/props.ts

Line 251 in b368c78

public static fromSecret(secret: secretsmanager.ISecret, username?: string): Credentials {

code change -

credentials= rds.Credentials.from_secret(secret01, "username"),

Sharing the synthesized template snippet -

{
 "Resources": {
  "AuroraSecret41E6E877": {
   "Type": "AWS::SecretsManager::Secret",
   "Properties": {
    "Description": {
     "Fn::Join": [
      "",
      [
       "Generated by the CDK for stack: ",
       {
        "Ref": "AWS::StackName"
       }
      ]
     ]
    },
    "GenerateSecretString": {
     "ExcludeCharacters": " %+~`#$&*()|[]{}:;<>?!'/@\"\\",
     "GenerateStringKey": "password",
     "PasswordLength": 30,
     "SecretStringTemplate": "{\"username\":\"clusteradmin\"}"
    }
   },
   "UpdateReplacePolicy": "Delete",
   "DeletionPolicy": "Delete",
   "Metadata": {
    "aws:cdk:path": "RdscredsissueStack/AuroraSecret/Resource"
   }
  },

Also I tried to repro in typescript to see if dict is accepted and its successful there as well -

const cluster = new rds.DatabaseCluster(this, 'AuroraClusterV2', {
      engine: rds.DatabaseClusterEngine.auroraPostgres({ version: rds.AuroraPostgresEngineVersion.VER_15_5 }),
      credentials: { username: 'clusteradmin'},
      clusterIdentifier: 'db-endpoint-test',
      writer: rds.ClusterInstance.serverlessV2('writer'),
      serverlessV2MinCapacity: 2,
      serverlessV2MaxCapacity: 10,
      vpc,
      defaultDatabaseName: 'demos',
      enableDataApi: true,  // has to be set to true to enable Data API as not enable by default
    });

Please feel free to correct if something is misinterpreted.

@khushail khushail added response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days. and removed investigating This issue is being investigated and/or work is in progress to resolve the issue. labels Jul 1, 2024
@github-actions GitHub Actions
Copy link

github-actions bot commented Jul 4, 2024

This issue has not received a response in a while. If you want to keep this issue open, please leave a comment below and auto-close will be canceled.

@github-actions github-actions bot added closing-soon This issue will automatically close in 4 days unless further comments are made. closed-for-staleness This issue was automatically closed because it hadn't received any attention in a while. and removed closing-soon This issue will automatically close in 4 days unless further comments are made. labels Jul 4, 2024
@github-actions github-actions bot closed this as completed Jul 9, 2024
@aws-cdk-automation
Copy link
Collaborator

Comments on closed issues and PRs are hard for our team to see. If you need help, please open a new issue that references this one.

@aws aws locked as resolved and limited conversation to collaborators Jul 25, 2024
# for free to subscribe to this conversation on GitHub. Already have an account? #.
Assignees

@khushail khushail

Labels
@aws-cdk/aws-rds Related to Amazon Relational Database bug This issue is a bug. closed-for-staleness This issue was automatically closed because it hadn't received any attention in a while. response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@andrewvaughan @aws-cdk-automation @khushail