Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

secretsmanager grantWrite doesn't give permission to update a secret #8491

Closed
dirknilius opened this issue Jun 11, 2020 · 0 comments · Fixed by #8600
Closed

secretsmanager grantWrite doesn't give permission to update a secret #8491

dirknilius opened this issue Jun 11, 2020 · 0 comments · Fixed by #8600
Assignees
@skinny85
Labels
@aws-cdk/aws-secretsmanager Related to AWS Secrets Manager bug This issue is a bug. good first issue Related to contributions. See CONTRIBUTING.md in-progress This issue is being actively worked on. p2

Comments

@dirknilius
Copy link
Contributor

Consider the following example:

import * as secretsmanager from '@aws-cdk/aws-secretsmanager';

const secret = new secretsmanager.Secret(this, 'Secret');
secret.grantWrite(role);

The grantWrite will give you secretsmanager:PutSecretValue permission. But it doesn't give secretsmanager:UpdateSecret permission.

Environment

  • Framework Version: 1.45.0
  • Language (Version): TypeScript 3.9.5

This is 🐛 Bug Report
@dirknilius dirknilius added bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels Jun 11, 2020
@SomayaB SomayaB added the @aws-cdk/aws-secretsmanager Related to AWS Secrets Manager label Jun 11, 2020
@skinny85 skinny85 added the good first issue Related to contributions. See CONTRIBUTING.md label Jun 11, 2020
ialford added a commit to ialford/aws-cdk that referenced this issue Jun 17, 2020
@ialford
feat(secretsmanager): add grantUpdate for updating secrets
30d0b5c 
closes aws#8491
@ialford ialford mentioned this issue Jun 17, 2020
Merged
@SomayaB SomayaB added the in-progress This issue is being actively worked on. label Jun 17, 2020
@skinny85 skinny85 added p2 and removed needs-triage This issue or PR still needs to be triaged. labels Jun 29, 2020
@mergify mergify bot closed this as completed in #8600 Jun 30, 2020
mergify bot pushed a commit that referenced this issue Jun 30, 2020
@ialford
feat(secretsmanager): add grantUpdate method (#8600)
4e72d1e 
This creates the `grantUpdate` method to give an `iam.IGrantable` the ability to update a secret in Secrets Manager.

I opted to move it out from the `grantWrite` method, as there may be cases where we want something to write an initial value, but not change it later on. This decision could be reversed if it seems too granular or too much of an edge-case.

Closes #8491 

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@skinny85 skinny85

Labels
@aws-cdk/aws-secretsmanager Related to AWS Secrets Manager bug This issue is a bug. good first issue Related to contributions. See CONTRIBUTING.md in-progress This issue is being actively worked on. p2
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat(secretsmanager): add grantUpdate method ialford/aws-cdk
3 participants
@skinny85 @dirknilius @SomayaB