would this work ?

aws-amplify · Sep 17, 2024 · 9816f17 · awsluja · Sep 17, 2024 · sobolk
1 parent ac67ec4
commit 9816f17
Show file tree

Hide file tree

Showing 3 changed files with 16 additions and 27 deletions.
diff --git a/packages/backend/src/engine/backend-secret/backend_secret.ts b/packages/backend/src/engine/backend-secret/backend_secret.ts
@@ -18,9 +18,7 @@ export class CfnTokenBackendSecret implements BackendSecret {
   constructor(
     private readonly secretName: string,
     private readonly secretResourceFactory: BackendSecretFetcherFactory
-  ) {
-    BackendSecretFetcherFactory.registerSecret(secretName);
-  }
+  ) {}
   /**
    * Get a reference to the value within a CDK scope.
    */
@@ -30,7 +28,8 @@ export class CfnTokenBackendSecret implements BackendSecret {
   ): SecretValue => {
     const secretResource = this.secretResourceFactory.getOrCreate(
       scope,
-      backendIdentifier
+      backendIdentifier,
+      this.secretName
     );
 
     const val = secretResource.getAttString(`${this.secretName}`);

diff --git a/packages/backend/src/engine/backend-secret/backend_secret_fetcher_factory.ts b/packages/backend/src/engine/backend-secret/backend_secret_fetcher_factory.ts
@@ -1,6 +1,6 @@
 import { Construct } from 'constructs';
 import { BackendSecretFetcherProviderFactory } from './backend_secret_fetcher_provider_factory.js';
-import { CustomResource } from 'aws-cdk-lib';
+import { CustomResource, Lazy } from 'aws-cdk-lib';
 import { BackendIdentifier } from '@aws-amplify/plugin-types';
 import { SecretResourceProps } from './lambda/backend_secret_fetcher_types.js';
 
@@ -18,7 +18,7 @@ const SECRET_RESOURCE_TYPE = `Custom::SecretFetcherResource`;
  * The factory to create backend secret-fetcher resource.
  */
 export class BackendSecretFetcherFactory {
-  static secretNames: Set<string> = new Set<string>();
+  private readonly secretNames: Set<string> = new Set<string>();
 
   /**
    * Creates a backend secret-fetcher resource factory.
@@ -27,29 +27,16 @@ export class BackendSecretFetcherFactory {
     private readonly secretProviderFactory: BackendSecretFetcherProviderFactory
   ) {}
 
-  /**
-   * Register secrets that to be fetched by the BackendSecretFetcher custom resource.\
-   * @param secretName the name of the secret
-   */
-  static registerSecret = (secretName: string): void => {
-    BackendSecretFetcherFactory.secretNames.add(secretName);
-  };
-
-  /**
-   * Clear registered secrets that will be fetched by the BackendSecretFetcher custom resource.
-   */
-  static clearRegisteredSecrets = (): void => {
-    BackendSecretFetcherFactory.secretNames.clear();
-  };
-
   /**
    * Returns a resource if it exists in the input scope. Otherwise,
    * creates a new one.
    */
   getOrCreate = (
     scope: Construct,
-    backendIdentifier: BackendIdentifier
+    backendIdentifier: BackendIdentifier,
+    secretName: string
   ): CustomResource => {
+    this.secretNames.add(secretName);
     const secretResourceId = `SecretFetcherResource`;
     const existingResource = scope.node.tryFindChild(
       secretResourceId
@@ -75,7 +62,9 @@ export class BackendSecretFetcherFactory {
       namespace: backendIdentifier.namespace,
       name: backendIdentifier.name,
       type: backendIdentifier.type,
-      secretNames: Array.from(BackendSecretFetcherFactory.secretNames),
+      secretNames: Lazy.list({
+        produce: () => Array.from(this.secretNames),
+      }),
     };
 
     return new CustomResource(scope, secretResourceId, {

diff --git a/packages/backend/src/secret.ts b/packages/backend/src/secret.ts
@@ -3,6 +3,11 @@ import { CfnTokenBackendSecret } from './engine/backend-secret/backend_secret.js
 import { BackendSecretFetcherProviderFactory } from './engine/backend-secret/backend_secret_fetcher_provider_factory.js';
 import { BackendSecretFetcherFactory } from './engine/backend-secret/backend_secret_fetcher_factory.js';
 
+const secretProviderFactory = new BackendSecretFetcherProviderFactory();
+const secretResourceFactory = new BackendSecretFetcherFactory(
+  secretProviderFactory
+);
+
 /**
  * Use a secret from AWS Systems Manager (SSM) Parameter Store
  * @see https://docs.amplify.aws/gen2/deploy-and-host/fullstack-branching/secrets-and-vars/
@@ -27,9 +32,5 @@ import { BackendSecretFetcherFactory } from './engine/backend-secret/backend_sec
  *          ```
  */
 export const secret = (name: string): BackendSecret => {
-  const secretProviderFactory = new BackendSecretFetcherProviderFactory();
-  const secretResourceFactory = new BackendSecretFetcherFactory(
-    secretProviderFactory
-  );
   return new CfnTokenBackendSecret(name, secretResourceFactory);
 };