fix(rds): prevent rendering deprecated credentials when creating a da…

…tabase cluster from a snapshot (under feature flag) (#27174)

This PR fixes a bug where an extra database secret is being generated when an RDS database cluster is being created from a snapshot.

On the `DatabaseClusterFromSnapshotProps` interface, we deprecated the `credentials` property and, at the same, introduced `snapshotCredentials` as the recommended replacement. However, the default behavior associated with the `credentials` property was not removed as doing so would introduce a breaking change for some users as detailed in this [PR](#20777). As a result, users just using the recommended `snapshotCredentials` property to create a new RDS database cluster are seeing an extra, unwanted secret being created.

Closes #23815

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.cluster-snapshot.js.snapshot/cdk-integ-cluster-snapshot.template.json

@@ -426,12 +426,12 @@
    "Type": "AWS::RDS::DBCluster",
    "Properties": {
     "CopyTagsToSnapshot": true,
-    "DBClusterParameterGroupName": "default.aurora-mysql5.7",
+    "DBClusterParameterGroupName": "default.aurora-mysql8.0",
     "DBSubnetGroupName": {
      "Ref": "ClusterSubnetsDCFA5CB7"
     },
     "Engine": "aurora-mysql",
-    "EngineVersion": "5.7.mysql_aurora.2.10.2",
+    "EngineVersion": "8.0.mysql_aurora.3.04.0",
     "MasterUserPassword": {
      "Fn::Join": [
       "",
@@ -474,7 +474,7 @@
     "DBClusterIdentifier": {
      "Ref": "ClusterEB0386A7"
     },
-    "DBInstanceClass": "db.t3.small",
+    "DBInstanceClass": "db.t3.medium",
     "DBSubnetGroupName": {
      "Ref": "ClusterSubnetsDCFA5CB7"
     },
@@ -495,7 +495,7 @@
     "DBClusterIdentifier": {
      "Ref": "ClusterEB0386A7"
     },
-    "DBInstanceClass": "db.t3.small",
+    "DBInstanceClass": "db.t3.medium",
     "DBSubnetGroupName": {
      "Ref": "ClusterSubnetsDCFA5CB7"
     },
@@ -1357,42 +1357,6 @@
     }
    }
   },
-  "FromSnapshotSecret9100F61C": {
-   "Type": "AWS::SecretsManager::Secret",
-   "Properties": {
-    "Description": {
-     "Fn::Join": [
-      "",
-      [
-       "Generated by the CDK for stack: ",
-       {
-        "Ref": "AWS::StackName"
-       }
-      ]
-     ]
-    },
-    "GenerateSecretString": {
-     "ExcludeCharacters": " %+~`#$&*()|[]{}:;<>?!'/@\"\\",
-     "GenerateStringKey": "password",
-     "PasswordLength": 30,
-     "SecretStringTemplate": "{\"username\":\"admin\"}"
-    }
-   },
-   "UpdateReplacePolicy": "Delete",
-   "DeletionPolicy": "Delete"
-  },
-  "FromSnapshotSecretAttachmentB62DA1C6": {
-   "Type": "AWS::SecretsManager::SecretTargetAttachment",
-   "Properties": {
-    "SecretId": {
-     "Ref": "FromSnapshotSecret9100F61C"
-    },
-    "TargetId": {
-     "Ref": "FromSnapshotEE0682C5"
-    },
-    "TargetType": "AWS::RDS::DBCluster"
-   }
-  },
   "cdkintegclustersnapshotFromSnapshotSnapshotSecretD93327943fdaad7efa858a3daf9490cf0a702aeb": {
    "Type": "AWS::SecretsManager::Secret",
    "Properties": {
@@ -1486,12 +1450,12 @@
    "Type": "AWS::RDS::DBCluster",
    "Properties": {
     "CopyTagsToSnapshot": true,
-    "DBClusterParameterGroupName": "default.aurora-mysql5.7",
+    "DBClusterParameterGroupName": "default.aurora-mysql8.0",
     "DBSubnetGroupName": {
      "Ref": "FromSnapshotSubnets9ED4B8EE"
     },
     "Engine": "aurora-mysql",
-    "EngineVersion": "5.7.mysql_aurora.2.10.2",
+    "EngineVersion": "8.0.mysql_aurora.3.04.0",
     "MasterUserPassword": {
      "Fn::Join": [
       "",
@@ -1528,7 +1492,7 @@
     "DBClusterIdentifier": {
      "Ref": "FromSnapshotEE0682C5"
     },
-    "DBInstanceClass": "db.t3.small",
+    "DBInstanceClass": "db.t3.medium",
     "DBSubnetGroupName": {
      "Ref": "FromSnapshotSubnets9ED4B8EE"
     },
@@ -1549,7 +1513,7 @@
     "DBClusterIdentifier": {
      "Ref": "FromSnapshotEE0682C5"
     },
-    "DBInstanceClass": "db.t3.small",
+    "DBInstanceClass": "db.t3.medium",
     "DBSubnetGroupName": {
      "Ref": "FromSnapshotSubnets9ED4B8EE"
     },

packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.cluster-snapshot.ts

@@ -17,11 +17,11 @@ class TestStack extends Stack {
     const vpc = new ec2.Vpc(this, 'Vpc', { maxAzs: 2, natGateways: 1, restrictDefaultSecurityGroup: false });
 
     const instanceProps = {
-      instanceType: ec2.InstanceType.of(ec2.InstanceClass.BURSTABLE3, ec2.InstanceSize.SMALL),
+      instanceType: ec2.InstanceType.of(ec2.InstanceClass.BURSTABLE3, ec2.InstanceSize.MEDIUM),
       isFromLegacyInstanceProps: true,
     };
     const cluster = new rds.DatabaseCluster(this, 'Cluster', {
-      engine: rds.DatabaseClusterEngine.auroraMysql({ version: rds.AuroraMysqlEngineVersion.VER_2_10_2 }),
+      engine: rds.DatabaseClusterEngine.auroraMysql({ version: rds.AuroraMysqlEngineVersion.VER_3_04_0 }),
       writer: ClusterInstance.provisioned('Instance1', {
         ...instanceProps,
       }),
@@ -42,7 +42,7 @@ class TestStack extends Stack {
     const fromSnapshot = new rds.DatabaseClusterFromSnapshot(this, 'FromSnapshot', {
       snapshotIdentifier: snapshoter.snapshotArn,
       snapshotCredentials: rds.SnapshotCredentials.fromGeneratedSecret('admin'),
-      engine: rds.DatabaseClusterEngine.auroraMysql({ version: rds.AuroraMysqlEngineVersion.VER_2_10_2 }),
+      engine: rds.DatabaseClusterEngine.auroraMysql({ version: rds.AuroraMysqlEngineVersion.VER_3_04_0 }),
       writer: ClusterInstance.provisioned('Instance1', {
         ...instanceProps,
       }),