From 65adf1889668a103e92a8d9623beab03ada7e6f3 Mon Sep 17 00:00:00 2001
From: Ahmed-Hussein93 <ahmed.hussein.1993@gmail.com>
Date: Mon, 25 Apr 2022 21:05:08 +0000
Subject: [PATCH 1/5] feat(redshift): expose user.secret as property (#17520)

---
 packages/@aws-cdk/aws-redshift/lib/user.ts       | 8 ++++++++
 packages/@aws-cdk/aws-redshift/test/user.test.ts | 8 ++++++++
 2 files changed, 16 insertions(+)

diff --git a/packages/@aws-cdk/aws-redshift/lib/user.ts b/packages/@aws-cdk/aws-redshift/lib/user.ts
index 3b5c8d0829ef8..c11f6f72ad526 100644
--- a/packages/@aws-cdk/aws-redshift/lib/user.ts
+++ b/packages/@aws-cdk/aws-redshift/lib/user.ts
@@ -1,4 +1,5 @@
 import * as kms from '@aws-cdk/aws-kms';
+import * as secretsmanager from '@aws-cdk/aws-secretsmanager';
 import * as cdk from '@aws-cdk/core';
 import { Construct } from 'constructs';
 import { ICluster } from './cluster';
@@ -137,6 +138,12 @@ export class User extends UserBase {
   readonly databaseName: string;
   protected databaseProps: DatabaseOptions;
 
+  /**
+   * the Secrets Manager secret of the user.
+   * @attribute
+   */
+  public readonly secret: secretsmanager.ISecret;
+
   private resource: DatabaseQuery<UserHandlerProps>;
 
   constructor(scope: Construct, id: string, props: UserProps) {
@@ -165,6 +172,7 @@ export class User extends UserBase {
     attachedSecret.grantRead(this.resource);
 
     this.username = this.resource.getAttString('username');
+    this.secret = secret;
   }
 
   /**
diff --git a/packages/@aws-cdk/aws-redshift/test/user.test.ts b/packages/@aws-cdk/aws-redshift/test/user.test.ts
index 39b31345c7e33..1ad502723fa11 100644
--- a/packages/@aws-cdk/aws-redshift/test/user.test.ts
+++ b/packages/@aws-cdk/aws-redshift/test/user.test.ts
@@ -90,6 +90,14 @@ describe('cluster user', () => {
     });
   });
 
+  it('secret property is exposed', () => {
+    const user = new redshift.User(stack, 'User', databaseOptions);
+
+    expect(stack.resolve(user.secret.secretArn)).toStrictEqual({
+      Ref: 'UserSecretE2C04A69',
+    });
+  });
+  
   it('uses username when provided', () => {
     const username = 'username';
 

From 46f6a5e7b09d70ddb7471fcd7f1b46af66987668 Mon Sep 17 00:00:00 2001
From: Ahmed-Hussein93 <ahmed.hussein.1993@gmail.com>
Date: Mon, 25 Apr 2022 21:05:08 +0000
Subject: [PATCH 2/5] feat(redshift): expose user.secret as property (#17520)

---
 packages/aws-cdk-lib/package.json | 1 +
 1 file changed, 1 insertion(+)

diff --git a/packages/aws-cdk-lib/package.json b/packages/aws-cdk-lib/package.json
index 2fe4d8a6dbfb2..ceebcc6e79b3a 100644
--- a/packages/aws-cdk-lib/package.json
+++ b/packages/aws-cdk-lib/package.json
@@ -534,6 +534,7 @@
     "./aws-medialive": "./aws-medialive/index.js",
     "./aws-mediapackage": "./aws-mediapackage/index.js",
     "./aws-mediastore": "./aws-mediastore/index.js",
+    "./aws-mediatailor": "./aws-mediatailor/index.js",
     "./aws-memorydb": "./aws-memorydb/index.js",
     "./aws-msk": "./aws-msk/index.js",
     "./aws-mwaa": "./aws-mwaa/index.js",

From a7686c736d222e40698feb9aa1c2b95f3ec46341 Mon Sep 17 00:00:00 2001
From: Ahmed-Hussein93 <ahmed.hussein.1993@gmail.com>
Date: Mon, 25 Apr 2022 21:05:08 +0000
Subject: [PATCH 3/5] feat(redshift): expose user.secret as property (#17520)

---
 packages/@aws-cdk/aws-redshift/lib/user.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/packages/@aws-cdk/aws-redshift/lib/user.ts b/packages/@aws-cdk/aws-redshift/lib/user.ts
index c11f6f72ad526..15ce396190cac 100644
--- a/packages/@aws-cdk/aws-redshift/lib/user.ts
+++ b/packages/@aws-cdk/aws-redshift/lib/user.ts
@@ -139,7 +139,7 @@ export class User extends UserBase {
   protected databaseProps: DatabaseOptions;
 
   /**
-   * the Secrets Manager secret of the user.
+   * The Secrets Manager secret of the user.
    * @attribute
    */
   public readonly secret: secretsmanager.ISecret;

From f4e675b95adeef72df7140257435d750e917690f Mon Sep 17 00:00:00 2001
From: Ahmed-Hussein93 <ahmed.hussein.1993@gmail.com>
Date: Tue, 26 Apr 2022 18:50:52 +0000
Subject: [PATCH 4/5] Remove unneeded changes

---
 packages/@aws-cdk/aws-redshift/test/user.test.ts | 2 +-
 packages/aws-cdk-lib/package.json                | 1 -
 2 files changed, 1 insertion(+), 2 deletions(-)

diff --git a/packages/@aws-cdk/aws-redshift/test/user.test.ts b/packages/@aws-cdk/aws-redshift/test/user.test.ts
index 1ad502723fa11..79144d5c37cd3 100644
--- a/packages/@aws-cdk/aws-redshift/test/user.test.ts
+++ b/packages/@aws-cdk/aws-redshift/test/user.test.ts
@@ -97,7 +97,7 @@ describe('cluster user', () => {
       Ref: 'UserSecretE2C04A69',
     });
   });
-  
+
   it('uses username when provided', () => {
     const username = 'username';
 
diff --git a/packages/aws-cdk-lib/package.json b/packages/aws-cdk-lib/package.json
index ceebcc6e79b3a..2fe4d8a6dbfb2 100644
--- a/packages/aws-cdk-lib/package.json
+++ b/packages/aws-cdk-lib/package.json
@@ -534,7 +534,6 @@
     "./aws-medialive": "./aws-medialive/index.js",
     "./aws-mediapackage": "./aws-mediapackage/index.js",
     "./aws-mediastore": "./aws-mediastore/index.js",
-    "./aws-mediatailor": "./aws-mediatailor/index.js",
     "./aws-memorydb": "./aws-memorydb/index.js",
     "./aws-msk": "./aws-msk/index.js",
     "./aws-mwaa": "./aws-mwaa/index.js",

From 91e944eb8e48df0a2d97c18dc785fb6c6fe1f5c3 Mon Sep 17 00:00:00 2001
From: Ahmed-Hussein93 <ahmed.hussein.1993@gmail.com>
Date: Wed, 27 Apr 2022 02:11:14 +0000
Subject: [PATCH 5/5] Update Redshift README

---
 packages/@aws-cdk/aws-redshift/README.md | 39 +++++++++++++-----------
 1 file changed, 21 insertions(+), 18 deletions(-)

diff --git a/packages/@aws-cdk/aws-redshift/README.md b/packages/@aws-cdk/aws-redshift/README.md
index ce33c3d2f1d02..8f42386085396 100644
--- a/packages/@aws-cdk/aws-redshift/README.md
+++ b/packages/@aws-cdk/aws-redshift/README.md
@@ -60,24 +60,6 @@ The endpoint to access your database cluster will be available as the `.clusterE
 cluster.clusterEndpoint.socketAddress;   // "HOSTNAME:PORT"
 ```
 
-## Rotating credentials
-
-When the master password is generated and stored in AWS Secrets Manager, it can be rotated automatically:
-
-```ts fixture=cluster
-cluster.addRotationSingleUser(); // Will rotate automatically after 30 days
-```
-
-The multi user rotation scheme is also available:
-
-```ts fixture=cluster
-import * as secretsmanager from '@aws-cdk/aws-secretsmanager';
-
-cluster.addRotationMultiUser('MyUser', {
-  secret: secretsmanager.Secret.fromSecretNameV2(this, 'Imported Secret', 'my-secret'),
-});
-```
-
 ## Database Resources
 
 This module allows for the creation of non-CloudFormation database resources such as users
@@ -273,3 +255,24 @@ call to `grant` but the user does not have the specified permission.
 
 Note that this does not occur when duplicate privileges are granted within the same
 application, as such privileges are de-duplicated before any SQL query is submitted.
+
+## Rotating credentials
+
+When the master password is generated and stored in AWS Secrets Manager, it can be rotated automatically:
+
+```ts fixture=cluster
+cluster.addRotationSingleUser(); // Will rotate automatically after 30 days
+```
+
+The multi user rotation scheme is also available:
+
+```ts fixture=cluster
+
+const user = new User(this, 'User', {
+  cluster: cluster,
+  databaseName: 'databaseName',
+});
+cluster.addRotationMultiUser('MultiUserRotation', {
+  secret: user.secret,
+});
+```