Closed Malanius closed 1 year ago
Yeah I noticed the type is secretsmanager.ISecret[];
now. Thank you for your feedback.
Our hotifx for this issue was:
const job = new batchAlpha.EcsJobDefinition(..., {container: {secrets: Object.values(secretsMap)}} /* Define as usual */)
const cfnContainerDef = job.node.defaultChild as CfnJobDefinition;
const secrets: { Name: string; ValueFrom: string }[] = [];
Object.entries(secretsMap).forEach(([Name, secret]) => {
secrets.push({ Name, ValueFrom: secret.secretArn });
});
cfnContainerDef.addPropertyOverride('ContainerProperties.Secrets', secrets);
Comments on closed issues are hard for our team to see. If you need more assistance, please either tag a team member or open a new issue that references this one. If you wish to keep having a conversation with other community members under this issue feel free to do so.
Describe the bug
Since the changes in the batch-alpha module in 2.74.0, it is impossible to define environment variables holding values from secrets. This is due to the changed interface between the old
JobDefinitionContainer
and newIEcsContainerDefinition
. The old interface correctly useskey: value from ECS secret
with control of which env variable the secret is assigned to and also which secret field is used. The new one just expects an array of Secrets Manager secrets that don't provide any way to specify these things.Expected Behavior
To be able to define and use ECS secrets in the same way as with previous constructs.
Current Behavior
The new one just expects an array of Secrets Manager secrets that don't provide any way to assign the secret value and field to the container env variable. I didn't even try to synthesise and deploy this to see what would happen as this clearly doesn't do what's needed.
Reproduction Steps
This is working pre 2.74.0:
Trying to update to the new, post 2.74.0 constructs, the secrets property is incompatible:
The new interface also requires some properties that were optional and had default values in the old one like CPU and memory resources.
Possible Solution
Using the correct interface for secrets property in order to be able to use ECS secrets as before and be able to upgrade existing job definitions is probably the way.
Additional Information/Context
No response
CDK CLI Version
2.79.1
Framework Version
Node.js Version
16.20.0
OS
Linux
Language
Typescript
Language Version
Typescript (4.9.5)
Other information
No response