fix(secretsmanager): rotation function name can exceed 64 chars (#7896)

Get the last 64 chars of the `uniqueId`. See #7885 (comment). Closes #7885 Closes #8442 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
aws · Jun 10, 2020 · 24e474b · 24e474b
1 parent b8b084f
commit 24e474b
Show file tree

Hide file tree

Showing 2 changed files with 67 additions and 1 deletion.
diff --git a/packages/@aws-cdk/aws-secretsmanager/lib/secret-rotation.ts b/packages/@aws-cdk/aws-secretsmanager/lib/secret-rotation.ts
@@ -210,7 +210,9 @@ export class SecretRotation extends Construct {
       throw new Error('The `masterSecret` must be specified for application using the multi user scheme.');
     }
 
-    const rotationFunctionName = this.node.uniqueId;
+    // Max length of 64 chars, get the last 64 chars
+    const uniqueId = this.node.uniqueId;
+    const rotationFunctionName = uniqueId.substring(Math.max(uniqueId.length - 64, 0), uniqueId.length);
 
     const securityGroup = props.securityGroup || new ec2.SecurityGroup(this, 'SecurityGroup', {
       vpc: props.vpc,

diff --git a/packages/@aws-cdk/aws-secretsmanager/test/test.secret-rotation.ts b/packages/@aws-cdk/aws-secretsmanager/test/test.secret-rotation.ts
@@ -291,4 +291,68 @@ export = {
 
     test.done();
   },
+
+  'rotation function name does not exceed 64 chars'(test: Test) {
+    // GIVEN
+    const stack = new cdk.Stack();
+    const vpc = new ec2.Vpc(stack, 'VPC');
+    const secret = new secretsmanager.Secret(stack, 'Secret');
+    const target = new ec2.Connections({
+      defaultPort: ec2.Port.tcp(3306),
+      securityGroups: [new ec2.SecurityGroup(stack, 'SecurityGroup', { vpc })],
+    });
+
+    // WHEN
+    const id = 'SecretRotation'.repeat(5);
+    new secretsmanager.SecretRotation(stack, id, {
+      application: secretsmanager.SecretRotationApplication.MYSQL_ROTATION_SINGLE_USER,
+      secret,
+      target,
+      vpc,
+    });
+
+    // THEN
+    expect(stack).to(haveResource('AWS::Serverless::Application', {
+      Parameters: {
+        endpoint: {
+          'Fn::Join': [
+            '',
+            [
+              'https://secretsmanager.',
+              {
+                Ref: 'AWS::Region',
+              },
+              '.',
+              {
+                Ref: 'AWS::URLSuffix',
+              },
+            ],
+          ],
+        },
+        functionName: 'RotationSecretRotationSecretRotationSecretRotationSecretRotation',
+        vpcSecurityGroupIds: {
+          'Fn::GetAtt': [
+            'SecretRotationSecretRotationSecretRotationSecretRotationSecretRotationSecurityGroupBFCB171A',
+            'GroupId',
+          ],
+        },
+        vpcSubnetIds: {
+          'Fn::Join': [
+            '',
+            [
+              {
+                Ref: 'VPCPrivateSubnet1Subnet8BCA10E0',
+              },
+              ',',
+              {
+                Ref: 'VPCPrivateSubnet2SubnetCFCDAA7A',
+              },
+            ],
+          ],
+        },
+      },
+    }));
+
+    test.done();
+  },
 };