Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

aws-redshift-alpha: remove backtick ` from the user passwords #26847

Closed
1 of 2 tasks
ann8ty opened this issue Aug 22, 2023 · 5 comments · Fixed by #30563 or softwaremill/tapir#4137 · May be fixed by NOUIY/aws-solutions-constructs#135 or NOUIY/aws-solutions-constructs#136
Closed
1 of 2 tasks

aws-redshift-alpha: remove backtick ` from the user passwords #26847

ann8ty opened this issue Aug 22, 2023 · 5 comments · Fixed by #30563 or softwaremill/tapir#4137 · May be fixed by NOUIY/aws-solutions-constructs#135 or NOUIY/aws-solutions-constructs#136
Labels
@aws-cdk/aws-redshift Related to Amazon Redshift effort/medium Medium work item – several days of effort feature-request A feature should be added or improved. p2

Comments

@ann8ty
Copy link

ann8ty commented Aug 22, 2023
edited
Loading

Describe the feature

As per https://docs.aws.amazon.com/cdk/api/v2/docs/aws-redshift-alpha-readme.html#creating-users

The user password is generated by AWS Secrets Manager using the default configuration found in secretsmanager.SecretStringGenerator, except with password length 30 and some SQL-incompliant characters excluded. The plaintext for the password will never be present in the CDK application; instead, a CloudFormation Dynamic Reference will be used wherever the password value is required.

Could you also please exclude backtick ` or expose the secret configuration?

Use Case

When integrating with DBT airflow dags that use redshift, we have a generated password with backtick. The password has to be written as an environment variable to keep it out of dbt profiles yaml. The backtick are problematic. This had to be fixed manually.

Proposed Solution

Simplest, add more characters to the list excluded from the password

Other Information

No response

Acknowledgements

  • I may be able to implement this feature request
  • This feature might incur a breaking change

CDK version used

2.85.0 (build 4e0d726)

Environment details (OS name and version, etc.)

Mac Os
@ann8ty ann8ty added feature-request A feature should be added or improved. needs-triage This issue or PR still needs to be triaged. labels Aug 22, 2023
@github-actions github-actions bot added the @aws-cdk/aws-redshift Related to Amazon Redshift label Aug 22, 2023
@pahud
Copy link
Contributor

pahud commented Aug 23, 2023

I think some have been excluded but I agree to expose the secret as an optional property.

aws-cdk/packages/@aws-cdk/aws-redshift-alpha/lib/database-secret.ts

Line 35 in ed00f24

excludeCharacters: '"@/\\\ \'',

@pahud pahud added p2 effort/medium Medium work item – several days of effort and removed needs-triage This issue or PR still needs to be triaged. labels Aug 23, 2023
@ann8ty
Copy link
Author

ann8ty commented Aug 23, 2023
edited
Loading

@pahud quote and double quote sure are! double checking on that password, it was the backtick that got me. updated the ticket to reflect. thanks!

@ann8ty ann8ty changed the title aws-redshift-alpha: remove quote characters ' " ` from the user passwords aws-redshift-alpha: remove quote characters backtick ` from the user passwords Aug 23, 2023
@ann8ty ann8ty changed the title aws-redshift-alpha: remove quote characters backtick ` from the user passwords aws-redshift-alpha: remove backtick ` from the user passwords Aug 23, 2023
@pahud
Copy link
Contributor

pahud commented Aug 23, 2023

@pahud quote and double quote sure are! double checking on that password, it was the backtick that got me. updated the ticket to reflect. thanks!

Yeah I guess we could simply create a tiny PR to add the backtick in or just expose the secret prop to the surface.

@github-actions github-actions bot mentioned this issue Sep 1, 2023
Closed
@mazyu36 mazyu36 mentioned this issue Jun 16, 2024
Merged
1 task
@mergify mergify bot closed this as completed in #30563 Sep 26, 2024
@mergify mergify bot closed this as completed in a1c46cf Sep 26, 2024
@github-actions GitHub Actions
Copy link

Comments on closed issues and PRs are hard for our team to see.
If you need help, please open a new issue that references this one.

1 similar comment
@github-actions GitHub Actions
Copy link

Comments on closed issues and PRs are hard for our team to see.
If you need help, please open a new issue that references this one.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Sep 26, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
@aws-cdk/aws-redshift Related to Amazon Redshift effort/medium Medium work item – several days of effort feature-request A feature should be added or improved. p2
Projects
None yet
Milestone
No milestone
2 participants
@pahud @ann8ty