Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Java/.NET/Python: Unable to use SecretValue #2304

Closed
jousby opened this issue Apr 16, 2019 · 3 comments · Fixed by aws/jsii#460
Closed

Java/.NET/Python: Unable to use SecretValue #2304

jousby opened this issue Apr 16, 2019 · 3 comments · Fixed by aws/jsii#460
Assignees
@RomainMuller
Labels
bug This issue is a bug. language/dotnet Related to .NET bindings language/java Related to Java bindings language/python Related to Python bindings

Comments

@jousby
Copy link

jousby commented Apr 16, 2019

Describe the bug
Prior to 0.28.0 I was retrieving my github user token from SecretsManager for using in a build pipeline with the following code:

SecretString secretString = new SecretString(this, "oauth", SecretStringProps.builder()
         .withSecretId("jousby/github")
         .build());

Secret githubToken = new Secret(secretString.jsonFieldValue("oauthToken"));

I can see from the changelog for 0.28.0 that this approach has been removed in favour of the more elegant SecretValue class.

My attempt to refactor to use SecretValue in Java looks like this:

SecretValue githubToken = SecretValue.secretsManager("jousby/github", SecretsManagerSecretOptions.builder()
        .withJsonField("oauthToken")
        .build());

When i run cdk synth on this though I get the following exception:

$ cdk synth
Exception in thread "main" software.amazon.jsii.JsiiException: Cannot read property 'cfnDynamicReference' of null
TypeError: Cannot read property 'cfnDynamicReference' of null
    at secretsManager (/private/var/folders/6k/6fp51jbx3xg83p3fs4vnr4l4t8strm/T/jsii-kernel-n1SyPd/node_modules/@aws-cdk/cdk/lib/secret-value.js:48:21)
    at _wrapSandboxCode (/private/var/folders/6k/6fp51jbx3xg83p3fs4vnr4l4t8strm/T/jsii-java-runtime7834811835378697967/jsii-runtime.js:6349:51)
    at Kernel._wrapSandboxCode (/private/var/folders/6k/6fp51jbx3xg83p3fs4vnr4l4t8strm/T/jsii-java-runtime7834811835378697967/jsii-runtime.js:6975:19)
    at ret._ensureSync (/private/var/folders/6k/6fp51jbx3xg83p3fs4vnr4l4t8strm/T/jsii-java-runtime7834811835378697967/jsii-runtime.js:6349:25)
    at Kernel._ensureSync (/private/var/folders/6k/6fp51jbx3xg83p3fs4vnr4l4t8strm/T/jsii-java-runtime7834811835378697967/jsii-runtime.js:6943:20)
    at Kernel.sinvoke (/private/var/folders/6k/6fp51jbx3xg83p3fs4vnr4l4t8strm/T/jsii-java-runtime7834811835378697967/jsii-runtime.js:6348:26)
    at KernelHost.processRequest (/private/var/folders/6k/6fp51jbx3xg83p3fs4vnr4l4t8strm/T/jsii-java-runtime7834811835378697967/jsii-runtime.js:6023:28)
    at KernelHost.run (/private/var/folders/6k/6fp51jbx3xg83p3fs4vnr4l4t8strm/T/jsii-java-runtime7834811835378697967/jsii-runtime.js:5997:14)
    at processRequest (/private/var/folders/6k/6fp51jbx3xg83p3fs4vnr4l4t8strm/T/jsii-java-runtime7834811835378697967/jsii-runtime.js:5997:45)
    at KernelHost.processRequest (/private/var/folders/6k/6fp51jbx3xg83p3fs4vnr4l4t8strm/T/jsii-java-runtime7834811835378697967/jsii-runtime.js:6065:16)
    at KernelHost.run (/private/var/folders/6k/6fp51jbx3xg83p3fs4vnr4l4t8strm/T/jsii-java-runtime7834811835378697967/jsii-runtime.js:5997:14)
    at processRequest (/private/var/folders/6k/6fp51jbx3xg83p3fs4vnr4l4t8strm/T/jsii-java-runtime7834811835378697967/jsii-runtime.js:5997:45)
    at KernelHost.processRequest (/private/var/folders/6k/6fp51jbx3xg83p3fs4vnr4l4t8strm/T/jsii-java-runtime7834811835378697967/jsii-runtime.js:6065:16)
	at software.amazon.jsii.JsiiRuntime.processErrorResponse(JsiiRuntime.java:112)
	at software.amazon.jsii.JsiiRuntime.requestResponse(JsiiRuntime.java:84)
	at software.amazon.jsii.JsiiClient.callStaticMethod(JsiiClient.java:169)
	at software.amazon.jsii.JsiiObject.jsiiStaticCall(JsiiObject.java:76)
	at software.amazon.awscdk.SecretValue.secretsManager(SecretValue.java:126)
	at com.myorg.PipelineStack.<init>(PipelineStack.java:50)
	at com.myorg.PipelineStack.<init>(PipelineStack.java:39)
	at com.myorg.PipelineApp.main(PipelineApp.java:9)
Subprocess exited with error 1

For what its worth i spun up a test project in typescript and tried a similiar usage of SecretValue which worked fine:

const secret = cdk.SecretValue.secretsManager('jousby/github', {
  jsonField: 'oauthToken'
});

To Reproduce
In a post 0.28.0 Java CDK project add a snippet to retrieve a SecretValue from SecretsManager (as per description above) and try to run cdk synth.

Expected behavior
CDK Stack successfully synthesises to CloudFormation.

Version:

  • OS = MacOS High Sierra (10.13.6)
  • Programming Language = Java
  • CDK Version = 0.28.0
@jousby jousby added the bug This issue is a bug. label Apr 16, 2019
@RomainMuller RomainMuller self-assigned this Apr 16, 2019
@RomainMuller
Copy link
Contributor

I suspect this might be a symptom of a known/fixed bug in the JSII Runtime 0.8.1 (fixed in 0.8.2), but I'm attempting a repro before I push this point forward too much... 😅

@RomainMuller
Copy link
Contributor

Alright - I did manage to reproduce this bug (BTW - thanks @jousby for providing all the details about the specific code that breaks). So this is either not the 0.8.1 bug, or some new edge case.

@RomainMuller
Copy link
Contributor

Found the root cause... The JSII kernel is not binding a this context when invoking a static method, causing a different behavior than what happens when done in "pure" Javascript. This is an easy fix (yay!).

RomainMuller added a commit to aws/jsii that referenced this issue Apr 16, 2019
@RomainMuller
fix(kernel): Set this in static contexts
d4a2bd3 
Javascript allows static members to refer to other static members
through `this`, but the `jsii-kernel` passed `null` for the `this`
context in `sinvoke`, making it impossible to invoke static methods that
made use of this feature through the `jsii` runtimes.

Fixes aws/aws-cdk#2304
@RomainMuller RomainMuller mentioned this issue Apr 16, 2019
Merged
@RomainMuller RomainMuller changed the title Java version of SecretValue not synthesising Java/.NET/Python: Unable to use SecretValue Apr 16, 2019
@RomainMuller RomainMuller added language/dotnet Related to .NET bindings language/java Related to Java bindings language/python Related to Python bindings labels Apr 16, 2019
RomainMuller added a commit to aws/jsii that referenced this issue Apr 16, 2019
@RomainMuller
fix(kernel): Set this in static contexts (#460)
c81b4c1 
Javascript allows static members to refer to other static members
through `this`, but the `jsii-kernel` passed `null` for the `this`
context in `sinvoke`, making it impossible to invoke static methods that
made use of this feature through the `jsii` runtimes.

Fixes aws/aws-cdk#2304
@neo01124 neo01124 mentioned this issue May 21, 2019
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@RomainMuller RomainMuller

Labels
bug This issue is a bug. language/dotnet Related to .NET bindings language/java Related to Java bindings language/python Related to Python bindings
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix(kernel): Set this in static contexts aws/jsii
2 participants
@RomainMuller @jousby