fix(secretsmanager): can't export secret name from Secret (#11202)

For owned Secrets, `secretName` was set to the physical name, which was set to
the provided `secretName` if given, or a Token otherwise. However, the Token was
never resolved, as the `secretName` isn't actually a return vaue / attribute.

The fix explicitly sets the `secretName` either to the inputted name or the
parsed name from the ARN. Note that this means the secret name will be the
partial/"friendly" name (e.g., 'MySecret') if the secret name was passed in,
and the full name (e.g., 'MySecret-123abc') otherwise.

fixes #10914

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

packages/@aws-cdk/aws-secretsmanager/lib/secret.ts

@@ -437,7 +437,7 @@ export class Secret extends SecretBase {
     });
 
     this.encryptionKey = props.encryptionKey;
-    this.secretName = this.physicalName;
+    this.secretName = parseSecretName(this, this.secretArn);
 
     // @see https://docs.aws.amazon.com/kms/latest/developerguide/services-secrets-manager.html#asm-authz
     const principal =

packages/@aws-cdk/aws-secretsmanager/test/secret.test.ts

@@ -425,6 +425,23 @@ test('secretValue', () => {
   });
 });
 
+describe('secretName', () => {
+  test.each([undefined, 'mySecret'])('when secretName is %s', (secretName) => {
+    const secret = new secretsmanager.Secret(stack, 'Secret', {
+      secretName,
+    });
+    new cdk.CfnOutput(stack, 'MySecretName', {
+      value: secret.secretName,
+    });
+
+    // Creates secret name by parsing ARN.
+    expect(stack).toHaveOutput({
+      outputName: 'MySecretName',
+      outputValue: { 'Fn::Select': [6, { 'Fn::Split': [':', { Ref: 'SecretA720EF05' }] }] },
+    });
+  });
+});
+
 test('import by secretArn', () => {
   // GIVEN
   const secretArn = 'arn:aws:secretsmanager:eu-west-1:111111111111:secret:MySecret-f3gDy9';