Skip to content

Commit

Permalink
fix(secretsmanager/ssm): verify presence of parameter name (#2066)
Browse files Browse the repository at this point in the history
Throw an error if Secrets or SSM Parameter are referenced with an empty
name. This adds clear messaging around an otherwise obscure
CloudFormation error.
  • Loading branch information
rix0rrr authored Mar 21, 2019
1 parent abacc66 commit b93350f
Show file tree
Hide file tree
Showing 4 changed files with 46 additions and 0 deletions.
6 changes: 6 additions & 0 deletions packages/@aws-cdk/aws-secretsmanager/lib/secret-string.ts
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,12 @@ export class SecretString extends cdk.DynamicReference {
service: cdk.DynamicReferenceService.SecretsManager,
referenceKey: '',
});

// If we don't validate this here it will lead to a very unclear
// error message in CloudFormation, so better do it.
if (!props.secretId) {
throw new Error('SecretString: secretId cannot be empty');
}
}

/**
Expand Down
14 changes: 14 additions & 0 deletions packages/@aws-cdk/aws-secretsmanager/test/test.secret-string.ts
Original file line number Diff line number Diff line change
Expand Up @@ -32,4 +32,18 @@ export = {

test.done();
},

'empty secretId will throw'(test: Test) {
// GIVEN
const stack = new cdk.Stack();

// WHEN
test.throws(() => {
new secretsmanager.SecretString(stack, 'Ref', {
secretId: '',
});
}, /secretId cannot be empty/);

test.done();
},
};
12 changes: 12 additions & 0 deletions packages/@aws-cdk/aws-ssm/lib/parameter-store-string.ts
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,12 @@ export class ParameterStoreString extends cdk.Construct {
constructor(scope: cdk.Construct, id: string, props: ParameterStoreStringProps) {
super(scope, id);

// If we don't validate this here it will lead to a very unclear
// error message in CloudFormation, so better do it.
if (!props.parameterName) {
throw new Error('ParameterStoreString: parameterName cannot be empty');
}

// We use a different inner construct depend on whether we want the latest
// or a specific version.
//
Expand Down Expand Up @@ -80,5 +86,11 @@ export class ParameterStoreSecureString extends cdk.DynamicReference {
service: cdk.DynamicReferenceService.SsmSecure,
referenceKey: `${props.parameterName}:${props.version}`,
});

// If we don't validate this here it will lead to a very unclear
// error message in CloudFormation, so better do it.
if (!props.parameterName) {
throw new Error('ParameterStoreSecureString: parameterName cannot be empty');
}
}
}
14 changes: 14 additions & 0 deletions packages/@aws-cdk/aws-ssm/test/test.parameter-store-string.ts
Original file line number Diff line number Diff line change
Expand Up @@ -59,4 +59,18 @@ export = {

test.done();
},

'empty parameterName will throw'(test: Test) {
// GIVEN
const stack = new cdk.Stack();

// WHEN
test.throws(() => {
new ssm.ParameterStoreString(stack, 'Ref', {
parameterName: '',
});
}, /parameterName cannot be empty/);

test.done();
},
};

0 comments on commit b93350f

Please sign in to comment.