aws-secrets-manager-rotation-lambdas icon indicating copy to clipboard operation
aws-secrets-manager-rotation-lambdas copied to clipboard

Published 20 hours ago verified publisher icon aws-samples

RotationMultiUser doesn't set host and engine from masterSecret

Open ahammond opened this issue 2 years ago • 0 comments

I added password rotation to my database using https://github.com/time-loop/cdk-aurora/blob/main/src/aurora.ts#L284

However, it didn't

  • create the user, which didn't previously exist, so I worked around it: https://github.com/time-loop/cdk-aurora/blob/main/src/aurora.provisioner.ts#L432:16
  • set the newly created user's password, so... https://github.com/time-loop/cdk-aurora/blob/main/src/aurora.provisioner.ts#L454
  • populate the user secret with the host and engine from the master secret, so... https://github.com/time-loop/cdk-aurora/blob/main/src/aurora.provisioner.ts#L333..L354 although really I think it should just be using masterSecret's info there.

Also, what is with the master stuff? BLM happened years ago. adminSecret or administratorSecret if you want to do Microsofty things. Or mainSecret if you want to follow GitHub's pattern. Or primarySecret, or controlSecret. It takes almost no effort at all to not be crass.

ahammond avatar May 06 '22 03:05 ahammond