Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat(rds): eliminating the need for explicit
secret.grantRead()
inv…
…okes when using DataAPI with Aurora cluster (#29399) ### Issue # (if applicable) Closes #29362. ### Reason for this change As discussed [there](#29338 (comment)), we should invoke `secret.grantRead()` explicitly when using DataAPI with Aurora cluster. Because it's inconvenient for users, I made `secret.grantRead()` be invoked within `cluster.grantDataApiAccess()`. ### Description of changes - move `cluster.secret` from `DatabaseClusterNew` to `DatabaseClusterBase` to use it within `DatabaseClusterBase.grantDataApiAccess()` - add `secret.grantRead()` in `cluster.grantDataApiAccess()` - add `secret` property to `DatabaseClusterAttributes` #### Points of concern `DatabaseClusterBase` class is extended by `ImportedDatabaseCluster` class. Therefore, it is necessary to define `ImportedDatabaseCluster.secret`. I simply added `secret` props to `DatabaseClusterAttributes` but I cannot believe this is the best way. Other ways are.. - add `secretArn` to `DatabaseClusterAttributes` - don't add secret info and `ImportedDatabaseCluster.secret` becomes always undefined ### Description of how you validated changes ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https:/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https:/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
- Loading branch information