-
Notifications
You must be signed in to change notification settings - Fork 17
/
DatabaseSecretProps.go
109 lines (106 loc) · 4.34 KB
/
DatabaseSecretProps.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
package awsrds
import (
"github.com/aws/aws-cdk-go/awscdk/v2/awskms"
"github.com/aws/aws-cdk-go/awscdk/v2/awssecretsmanager"
)
// Construction properties for a DatabaseSecret.
//
// Example:
// // Build a data source for AppSync to access the database.
// var api graphqlApi
// // Create username and password secret for DB Cluster
// secret := rds.NewDatabaseSecret(this, jsii.String("AuroraSecret"), &DatabaseSecretProps{
// Username: jsii.String("clusteradmin"),
// })
//
// // The VPC to place the cluster in
// vpc := ec2.NewVpc(this, jsii.String("AuroraVpc"))
//
// // Create the serverless cluster, provide all values needed to customise the database.
// cluster := rds.NewServerlessCluster(this, jsii.String("AuroraCluster"), &ServerlessClusterProps{
// Engine: rds.DatabaseClusterEngine_AURORA_MYSQL(),
// Vpc: Vpc,
// Credentials: map[string]*string{
// "username": jsii.String("clusteradmin"),
// },
// ClusterIdentifier: jsii.String("db-endpoint-test"),
// DefaultDatabaseName: jsii.String("demos"),
// })
// rdsDS := api.AddRdsDataSource(jsii.String("rds"), cluster, secret, jsii.String("demos"))
//
// // Set up a resolver for an RDS query.
// rdsDS.CreateResolver(jsii.String("QueryGetDemosRdsResolver"), &BaseResolverProps{
// TypeName: jsii.String("Query"),
// FieldName: jsii.String("getDemosRds"),
// RequestMappingTemplate: appsync.MappingTemplate_FromString(jsii.String(`
// {
// "version": "2018-05-29",
// "statements": [
// "SELECT * FROM demos"
// ]
// }
// `)),
// ResponseMappingTemplate: appsync.MappingTemplate_*FromString(jsii.String(`
// $utils.toJson($utils.rds.toJsonObject($ctx.result)[0])
// `)),
// })
//
// // Set up a resolver for an RDS mutation.
// rdsDS.CreateResolver(jsii.String("MutationAddDemoRdsResolver"), &BaseResolverProps{
// TypeName: jsii.String("Mutation"),
// FieldName: jsii.String("addDemoRds"),
// RequestMappingTemplate: appsync.MappingTemplate_*FromString(jsii.String(`
// {
// "version": "2018-05-29",
// "statements": [
// "INSERT INTO demos VALUES (:id, :version)",
// "SELECT * WHERE id = :id"
// ],
// "variableMap": {
// ":id": $util.toJson($util.autoId()),
// ":version": $util.toJson($ctx.args.version)
// }
// }
// `)),
// ResponseMappingTemplate: appsync.MappingTemplate_*FromString(jsii.String(`
// $utils.toJson($utils.rds.toJsonObject($ctx.result)[1][0])
// `)),
// })
//
type DatabaseSecretProps struct {
// The username.
Username *string `field:"required" json:"username" yaml:"username"`
// The database name, if not using the default one.
// Default: - whatever the secret generates after the attach method is run.
//
Dbname *string `field:"optional" json:"dbname" yaml:"dbname"`
// The KMS key to use to encrypt the secret.
// Default: default master key.
//
EncryptionKey awskms.IKey `field:"optional" json:"encryptionKey" yaml:"encryptionKey"`
// Characters to not include in the generated password.
// Default: " %+~`#$&*()|[]{}:;<>?!'/@\"\\"
//
ExcludeCharacters *string `field:"optional" json:"excludeCharacters" yaml:"excludeCharacters"`
// The master secret which will be used to rotate this secret.
// Default: - no master secret information will be included.
//
MasterSecret awssecretsmanager.ISecret `field:"optional" json:"masterSecret" yaml:"masterSecret"`
// Whether to replace this secret when the criteria for the password change.
//
// This is achieved by overriding the logical id of the AWS::SecretsManager::Secret
// with a hash of the options that influence the password generation. This
// way a new secret will be created when the password is regenerated and the
// cluster or instance consuming this secret will have its credentials updated.
// Default: false.
//
ReplaceOnPasswordCriteriaChanges *bool `field:"optional" json:"replaceOnPasswordCriteriaChanges" yaml:"replaceOnPasswordCriteriaChanges"`
// A list of regions where to replicate this secret.
// Default: - Secret is not replicated.
//
ReplicaRegions *[]*awssecretsmanager.ReplicaRegion `field:"optional" json:"replicaRegions" yaml:"replicaRegions"`
// A name for the secret.
// Default: - A name is generated by CloudFormation.
//
SecretName *string `field:"optional" json:"secretName" yaml:"secretName"`
}