UNPKG

aws-cdk-lib

Version:

Version 2 of the AWS Cloud Development Kit library

github.com/aws/aws-cdk

aws/aws-cdk

2 lines (1 loc) 4.46 kB
1
2
"use strict";var _a;Object.defineProperty(exports,"__esModule",{value:!0}),exports.SecretValue=void 0;const jsiiDeprecationWarnings=require("../../.warnings.jsii.js"),JSII_RTTI_SYMBOL_1=Symbol.for("jsii.rtti"),cx_api_1=require("../../cx-api"),cfn_dynamic_reference_1=require("./cfn-dynamic-reference"),cfn_resource_1=require("./cfn-resource"),feature_flags_1=require("./feature-flags"),cfn_reference_1=require("./private/cfn-reference"),intrinsic_1=require("./private/intrinsic"),token_1=require("./token");class SecretValue extends intrinsic_1.Intrinsic{constructor(protectedValue,options){super(protectedValue,options);try{jsiiDeprecationWarnings.aws_cdk_lib_IntrinsicProps(options)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,SecretValue),error}this.rawValue=protectedValue}static isSecretValue(x){return typeof x=="object"&&x&&x[SECRET_VALUE_SYM]}static plainText(secret){try{jsiiDeprecationWarnings.print("aws-cdk-lib.SecretValue#plainText","Use `unsafePlainText()` instead.")}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.plainText),error}return new SecretValue(secret)}static unsafePlainText(secret){return new SecretValue(secret)}static secretsManager(secretId,options={}){try{jsiiDeprecationWarnings.aws_cdk_lib_SecretsManagerSecretOptions(options)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.secretsManager),error}if(!secretId)throw new Error("secretId cannot be empty");if(!token_1.Token.isUnresolved(secretId)&&!secretId.startsWith("arn:")&&secretId.includes(":"))throw new Error(`secret id "${secretId}" is not an ARN but contains ":"`);if(options.versionStage&&options.versionId)throw new Error(`verionStage: '${options.versionStage}' and versionId: '${options.versionId}' were both provided but only one is allowed`);const parts=[secretId,"SecretString",options.jsonField||"",options.versionStage||"",options.versionId||""],dyref=new cfn_dynamic_reference_1.CfnDynamicReference(cfn_dynamic_reference_1.CfnDynamicReferenceService.SECRETS_MANAGER,parts.join(":"));return this.cfnDynamicReference(dyref)}static ssmSecure(parameterName,version){return this.cfnDynamicReference(new cfn_dynamic_reference_1.CfnDynamicReference(cfn_dynamic_reference_1.CfnDynamicReferenceService.SSM_SECURE,version?`${parameterName}:${version}`:parameterName))}static cfnDynamicReference(ref){try{jsiiDeprecationWarnings.aws_cdk_lib_CfnDynamicReference(ref)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.cfnDynamicReference),error}return new SecretValue(ref)}static cfnParameter(param){try{jsiiDeprecationWarnings.aws_cdk_lib_CfnParameter(param)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.cfnParameter),error}if(!param.noEcho)throw new Error('CloudFormation parameter must be configured with "NoEcho"');return new SecretValue(param.value)}static resourceAttribute(attr){const resolved=token_1.Tokenization.reverseCompleteString(attr);if(!resolved||!cfn_reference_1.CfnReference.isCfnReference(resolved)||!cfn_resource_1.CfnResource.isCfnResource(resolved.target))throw new Error("SecretValue.resourceAttribute() must be used with a resource attribute");return new SecretValue(attr)}unsafeUnwrap(){return token_1.Token.asString(this.rawValue)}resolve(context){try{jsiiDeprecationWarnings.aws_cdk_lib_IResolveContext(context)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.resolve),error}if(feature_flags_1.FeatureFlags.of(context.scope).isEnabled(cx_api_1.CHECK_SECRET_USAGE))throw new Error(`Synthing a secret value to ${context.documentPath.join("/")}. Using a SecretValue here risks exposing your secret. Only pass SecretValues to constructs that accept a SecretValue property, or call AWS Secrets Manager directly in your runtime code. Call 'secretValue.unsafeUnwrap()' if you understand and accept the risks.`);return super.resolve(context)}}exports.SecretValue=SecretValue,_a=JSII_RTTI_SYMBOL_1,SecretValue[_a]={fqn:"aws-cdk-lib.SecretValue",version:"2.70.0"};const SECRET_VALUE_SYM=Symbol.for("@aws-cdk/core.SecretValue");Object.defineProperty(SecretValue.prototype,SECRET_VALUE_SYM,{value:!0,configurable:!1,enumerable:!1,writable:!1});