aws-cdk-lib/aws-docdb/lib/cluster.js

Version 2 of the AWS Cloud Development Kit library

"use strict";var __decorate=exports&&exports.__decorate||function(decorators,target,key,desc){var c=arguments.length,r=c<3?target:desc===null?desc=Object.getOwnPropertyDescriptor(target,key):desc,d;if(typeof Reflect=="object"&&typeof Reflect.decorate=="function")r=Reflect.decorate(decorators,target,key,desc);else for(var i=decorators.length-1;i>=0;i--)(d=decorators[i])&&(r=(c<3?d(r):c>3?d(target,key,r):d(target,key))||r);return c>3&&r&&Object.defineProperty(target,key,r),r},_a,DatabaseCluster_1;Object.defineProperty(exports,"__esModule",{value:!0}),exports.DatabaseCluster=exports.StorageType=void 0;var jsiiDeprecationWarnings=()=>{var tmp=require("../../.warnings.jsii.js");return jsiiDeprecationWarnings=()=>tmp,tmp};const JSII_RTTI_SYMBOL_1=Symbol.for("jsii.rtti");var database_secret_1=()=>{var tmp=require("./database-secret");return database_secret_1=()=>tmp,tmp},docdb_generated_1=()=>{var tmp=require("./docdb.generated");return docdb_generated_1=()=>tmp,tmp},endpoint_1=()=>{var tmp=require("./endpoint");return endpoint_1=()=>tmp,tmp},ec2=()=>{var tmp=require("../../aws-ec2");return ec2=()=>tmp,tmp},logs=()=>{var tmp=require("../../aws-logs");return logs=()=>tmp,tmp},secretsmanager=()=>{var tmp=require("../../aws-secretsmanager");return secretsmanager=()=>tmp,tmp},core_1=()=>{var tmp=require("../../core");return core_1=()=>tmp,tmp},metadata_resource_1=()=>{var tmp=require("../../core/lib/metadata-resource");return metadata_resource_1=()=>tmp,tmp},prop_injectable_1=()=>{var tmp=require("../../core/lib/prop-injectable");return prop_injectable_1=()=>tmp,tmp};const MIN_ENGINE_VERSION_FOR_IO_OPTIMIZED_STORAGE=5;var StorageType;(function(StorageType2){StorageType2.STANDARD="standard",StorageType2.IOPT1="iopt1"})(StorageType||(exports.StorageType=StorageType={}));class DatabaseClusterBase extends core_1().Resource{asSecretAttachmentTarget(){return{targetId:this.clusterIdentifier,targetType:secretsmanager().AttachmentTargetType.DOCDB_DB_CLUSTER}}}let DatabaseCluster=DatabaseCluster_1=class DatabaseCluster2 extends DatabaseClusterBase{static fromDatabaseClusterAttributes(scope,id,attrs){try{jsiiDeprecationWarnings().aws_cdk_lib_aws_docdb_DatabaseClusterAttributes(attrs)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.fromDatabaseClusterAttributes),error}class Import extends DatabaseClusterBase{constructor(){super(...arguments),this.defaultPort=typeof attrs.port<"u"?ec2().Port.tcp(attrs.port):void 0,this.connections=new(ec2()).Connections({securityGroups:attrs.securityGroup?[attrs.securityGroup]:void 0,defaultPort:this.defaultPort}),this.clusterIdentifier=attrs.clusterIdentifier,this._instanceIdentifiers=attrs.instanceIdentifiers,this._clusterEndpoint=attrs.clusterEndpointAddress&&typeof attrs.port<"u"?new(endpoint_1()).Endpoint(attrs.clusterEndpointAddress,attrs.port):void 0,this._clusterReadEndpoint=attrs.readerEndpointAddress&&typeof attrs.port<"u"?new(endpoint_1()).Endpoint(attrs.readerEndpointAddress,attrs.port):void 0,this._instanceEndpoints=attrs.instanceEndpointAddresses&&typeof attrs.port<"u"?attrs.instanceEndpointAddresses.map(addr=>new(endpoint_1()).Endpoint(addr,attrs.port)):void 0,this._securityGroupId=attrs.securityGroup?.securityGroupId}get instanceIdentifiers(){if(!this._instanceIdentifiers)throw new(core_1()).UnscopedValidationError("Cannot access `instanceIdentifiers` of an imported cluster without provided instanceIdentifiers");return this._instanceIdentifiers}get clusterEndpoint(){if(!this._clusterEndpoint)throw new(core_1()).UnscopedValidationError("Cannot access `clusterEndpoint` of an imported cluster without an endpoint address and port");return this._clusterEndpoint}get clusterReadEndpoint(){if(!this._clusterReadEndpoint)throw new(core_1()).UnscopedValidationError("Cannot access `clusterReadEndpoint` of an imported cluster without a readerEndpointAddress and port");return this._clusterReadEndpoint}get instanceEndpoints(){if(!this._instanceEndpoints)throw new(core_1()).UnscopedValidationError("Cannot access `instanceEndpoints` of an imported cluster without instanceEndpointAddresses and port");return this._instanceEndpoints}get securityGroupId(){if(!this._securityGroupId)throw new(core_1()).UnscopedValidationError("Cannot access `securityGroupId` of an imported cluster without securityGroupId");return this._securityGroupId}}return new Import(scope,id)}constructor(scope,id,props){super(scope,id),this.instanceIdentifiers=[],this.instanceEndpoints=[];try{jsiiDeprecationWarnings().aws_cdk_lib_aws_docdb_DatabaseClusterProps(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,DatabaseCluster2),error}(0,metadata_resource_1().addConstructMetadata)(this,props),this.vpc=props.vpc,this.vpcSubnets=props.vpcSubnets;const{subnetIds,internetConnectivityEstablished}=this.vpc.selectSubnets(this.vpcSubnets);if(subnetIds.length<2)throw new(core_1()).ValidationError(`Cluster requires at least 2 subnets, got ${subnetIds.length}`,this);const subnetGroup=new(docdb_generated_1()).CfnDBSubnetGroup(this,"Subnets",{dbSubnetGroupDescription:`Subnets for ${id} database`,subnetIds});let securityGroup;if(props.securityGroup)securityGroup=props.securityGroup;else{securityGroup=new(ec2()).SecurityGroup(this,"SecurityGroup",{description:"DocumentDB security group",vpc:this.vpc});const securityGroupRemovalPolicy=this.getSecurityGroupRemovalPolicy(props);securityGroup.node.defaultChild.applyRemovalPolicy(securityGroupRemovalPolicy,{applyToUpdateReplacePolicy:!0})}this.securityGroupId=securityGroup.securityGroupId;const enableCloudwatchLogsExports=[];props.exportAuditLogsToCloudWatch&&enableCloudwatchLogsExports.push("audit"),props.exportProfilerLogsToCloudWatch&&enableCloudwatchLogsExports.push("profiler");let secret;props.masterUser.password||(secret=new(database_secret_1()).DatabaseSecret(this,"Secret",{username:props.masterUser.username,encryptionKey:props.masterUser.kmsKey,excludeCharacters:props.masterUser.excludeCharacters,secretName:props.masterUser.secretName}));const storageEncrypted=props.storageEncrypted??!0;if(props.kmsKey&&!storageEncrypted)throw new(core_1()).ValidationError("KMS key supplied but storageEncrypted is false",this);const validEngineVersionRegex=/^(0|[1-9][0-9]*)\.(0|[1-9][0-9]*)\.(0|[1-9][0-9]*)$/;if(props.engineVersion!==void 0&&!validEngineVersionRegex.test(props.engineVersion))throw new(core_1()).ValidationError(`Invalid engine version: '${props.engineVersion}'. Engine version must be in the format x.y.z`,this);if(props.storageType===StorageType.IOPT1&&props.engineVersion!==void 0&&Number(props.engineVersion.split(".")[0])<MIN_ENGINE_VERSION_FOR_IO_OPTIMIZED_STORAGE)throw new(core_1()).ValidationError(`I/O-optimized storage is supported starting with engine version 5.0.0, got '${props.engineVersion}'`,this);this.cluster=new(docdb_generated_1()).CfnDBCluster(this,"Resource",{engineVersion:props.engineVersion,dbClusterIdentifier:props.dbClusterName,dbSubnetGroupName:subnetGroup.ref,port:props.port,vpcSecurityGroupIds:[this.securityGroupId],dbClusterParameterGroupName:props.parameterGroup?.parameterGroupName,deletionProtection:props.deletionProtection,masterUsername:secret?secret.secretValueFromJson("username").unsafeUnwrap():props.masterUser.username,masterUserPassword:secret?secret.secretValueFromJson("password").unsafeUnwrap():props.masterUser.password.unsafeUnwrap(),backupRetentionPeriod:props.backup?.retention?.toDays(),preferredBackupWindow:props.backup?.preferredWindow,preferredMaintenanceWindow:props.preferredMaintenanceWindow,enableCloudwatchLogsExports:enableCloudwatchLogsExports.length>0?enableCloudwatchLogsExports:void 0,kmsKeyId:props.kmsKey?.keyArn,storageEncrypted,copyTagsToSnapshot:props.copyTagsToSnapshot,storageType:props.storageType}),this.cluster.applyRemovalPolicy(props.removalPolicy,{applyToUpdateReplacePolicy:!0}),this.clusterIdentifier=this.cluster.ref,this.clusterResourceIdentifier=this.cluster.attrClusterResourceId;const port=core_1().Token.asNumber(this.cluster.attrPort);this.clusterEndpoint=new(endpoint_1()).Endpoint(this.cluster.attrEndpoint,port),this.clusterReadEndpoint=new(endpoint_1()).Endpoint(this.cluster.attrReadEndpoint,port),this.setLogRetention(this,props,enableCloudwatchLogsExports),secret&&(this.secret=secret.attach(this));const instanceCount=props.instances??DatabaseCluster_1.DEFAULT_NUM_INSTANCES;if(instanceCount<1)throw new(core_1()).ValidationError("At least one instance is required",this);const instanceRemovalPolicy=this.getInstanceRemovalPolicy(props),caCertificateIdentifier=props.caCertificate?props.caCertificate.toString():void 0;for(let i=0;i<instanceCount;i++){const instanceIndex=i+1,instanceIdentifier=props.instanceIdentifierBase!=null?`${props.instanceIdentifierBase}${instanceIndex}`:props.dbClusterName!=null?`${props.dbClusterName}instance${instanceIndex}`:void 0,instance=new(docdb_generated_1()).CfnDBInstance(this,`Instance${instanceIndex}`,{dbClusterIdentifier:this.cluster.ref,dbInstanceIdentifier:instanceIdentifier,dbInstanceClass:databaseInstanceType(props.instanceType),enablePerformanceInsights:props.enablePerformanceInsights,caCertificateIdentifier});instance.applyRemovalPolicy(instanceRemovalPolicy,{applyToUpdateReplacePolicy:!0}),instance.node.addDependency(internetConnectivityEstablished),this.instanceIdentifiers.push(instance.ref),this.instanceEndpoints.push(new(endpoint_1()).Endpoint(instance.attrEndpoint,port))}this.connections=new(ec2()).Connections({defaultPort:ec2().Port.tcp(port),securityGroups:[securityGroup]})}setLogRetention(cluster,props,cloudwatchLogsExports){if(props.cloudWatchLogsRetention)for(const log of cloudwatchLogsExports)new(logs()).LogRetention(cluster,`LogRetention${log}`,{logGroupName:`/aws/docdb/${cluster.clusterIdentifier}/${log}`,retention:props.cloudWatchLogsRetention,role:props.cloudWatchLogsRetentionRole})}getInstanceRemovalPolicy(props){if(props.instanceRemovalPolicy===core_1().RemovalPolicy.SNAPSHOT)throw new(core_1()).ValidationError("AWS::DocDB::DBInstance does not support the SNAPSHOT removal policy",this);return props.instanceRemovalPolicy?props.instanceRemovalPolicy:!props.removalPolicy||props.removalPolicy!==core_1().RemovalPolicy.SNAPSHOT?props.removalPolicy:core_1().RemovalPolicy.DESTROY}getSecurityGroupRemovalPolicy(props){if(props.securityGroupRemovalPolicy===core_1().RemovalPolicy.SNAPSHOT)throw new(core_1()).ValidationError("AWS::EC2::SecurityGroup does not support the SNAPSHOT removal policy",this);return props.securityGroupRemovalPolicy?props.securityGroupRemovalPolicy:!props.removalPolicy||props.removalPolicy!==core_1().RemovalPolicy.SNAPSHOT?props.removalPolicy:core_1().RemovalPolicy.DESTROY}addRotationSingleUser(automaticallyAfter){try{jsiiDeprecationWarnings().aws_cdk_lib_Duration(automaticallyAfter)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.addRotationSingleUser),error}if(!this.secret)throw new(core_1()).ValidationError("Cannot add single user rotation for a cluster without secret.",this);const id="RotationSingleUser";if(this.node.tryFindChild(id))throw new(core_1()).ValidationError("A single user rotation was already added to this cluster.",this);return new(secretsmanager()).SecretRotation(this,id,{secret:this.secret,automaticallyAfter,application:DatabaseCluster_1.SINGLE_USER_ROTATION_APPLICATION,excludeCharacters:this.node.tryFindChild("Secret")._excludedCharacters,vpc:this.vpc,vpcSubnets:this.vpcSubnets,target:this})}addRotationMultiUser(id,options){try{jsiiDeprecationWarnings().aws_cdk_lib_aws_docdb_RotationMultiUserOptions(options)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.addRotationMultiUser),error}if(!this.secret)throw new(core_1()).ValidationError("Cannot add multi user rotation for a cluster without secret.",this);return new(secretsmanager()).SecretRotation(this,id,{secret:options.secret,masterSecret:this.secret,automaticallyAfter:options.automaticallyAfter,excludeCharacters:this.node.tryFindChild("Secret")._excludedCharacters,application:DatabaseCluster_1.MULTI_USER_ROTATION_APPLICATION,vpc:this.vpc,vpcSubnets:this.vpcSubnets,target:this})}addSecurityGroups(...securityGroups){try{jsiiDeprecationWarnings().aws_cdk_lib_aws_ec2_ISecurityGroup(securityGroups)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.addSecurityGroups),error}this.cluster.vpcSecurityGroupIds===void 0&&(this.cluster.vpcSecurityGroupIds=[]),this.cluster.vpcSecurityGroupIds.push(...securityGroups.map(sg=>sg.securityGroupId))}};exports.DatabaseCluster=DatabaseCluster,_a=JSII_RTTI_SYMBOL_1,DatabaseCluster[_a]={fqn:"aws-cdk-lib.aws_docdb.DatabaseCluster",version:"2.202.0"},DatabaseCluster.PROPERTY_INJECTION_ID="aws-cdk-lib.aws-docdb.DatabaseCluster",DatabaseCluster.DEFAULT_NUM_INSTANCES=1,DatabaseCluster.DEFAULT_PORT=27017,DatabaseCluster.SINGLE_USER_ROTATION_APPLICATION=secretsmanager().SecretRotationApplication.MONGODB_ROTATION_SINGLE_USER,DatabaseCluster.MULTI_USER_ROTATION_APPLICATION=secretsmanager().SecretRotationApplication.MONGODB_ROTATION_MULTI_USER,__decorate([(0,metadata_resource_1().MethodMetadata)()],DatabaseCluster.prototype,"addRotationSingleUser",null),__decorate([(0,metadata_resource_1().MethodMetadata)()],DatabaseCluster.prototype,"addRotationMultiUser",null),__decorate([(0,metadata_resource_1().MethodMetadata)()],DatabaseCluster.prototype,"addSecurityGroups",null),exports.DatabaseCluster=DatabaseCluster=DatabaseCluster_1=__decorate([prop_injectable_1().propertyInjectable],DatabaseCluster);function databaseInstanceType(instanceType){return"db."+instanceType.toString()}