chore: refactor changes

Author: awsluja

packages/backend/src/engine/backend-secret/backend_secret.ts

@@ -18,9 +18,7 @@ export class CfnTokenBackendSecret implements BackendSecret {
   constructor(
     private readonly secretName: string,
     private readonly secretResourceFactory: BackendSecretFetcherFactory
-  ) {
-    BackendSecretFetcherFactory.registerSecret(secretName);
-  }
+  ) {}
   /**
    * Get a reference to the value within a CDK scope.
    */
@@ -30,7 +28,8 @@ export class CfnTokenBackendSecret implements BackendSecret {
   ): SecretValue => {
     const secretResource = this.secretResourceFactory.getOrCreate(
       scope,
-      backendIdentifier
+      backendIdentifier,
+      this.secretName
     );
 
     const val = secretResource.getAttString(`${this.secretName}`);

packages/backend/src/engine/backend-secret/backend_secret_fetcher_factory.test.ts

@@ -1,5 +1,5 @@
 import { App, Stack } from 'aws-cdk-lib';
-import { beforeEach, describe, it } from 'node:test';
+import { describe, it } from 'node:test';
 import { BackendSecretFetcherProviderFactory } from './backend_secret_fetcher_provider_factory.js';
 import { Template } from 'aws-cdk-lib/assertions';
 import assert from 'node:assert';
@@ -22,20 +22,14 @@ const backendId: BackendIdentifier = {
 };
 
 void describe('getOrCreate', () => {
-  const providerFactory = new BackendSecretFetcherProviderFactory();
-  const resourceFactory = new BackendSecretFetcherFactory(providerFactory);
-
-  beforeEach(() => {
-    BackendSecretFetcherFactory.clearRegisteredSecrets();
-  });
-
   void it('create different secrets', () => {
     const app = new App();
     const stack = new Stack(app);
+    const providerFactory = new BackendSecretFetcherProviderFactory();
+    const resourceFactory = new BackendSecretFetcherFactory(providerFactory);
     stack.node.setContext('secretLastUpdated', secretLastUpdated);
-    BackendSecretFetcherFactory.registerSecret(secretName1);
-    BackendSecretFetcherFactory.registerSecret(secretName2);
-    resourceFactory.getOrCreate(stack, backendId);
+    resourceFactory.getOrCreate(stack, backendId, secretName1);
+    resourceFactory.getOrCreate(stack, backendId, secretName2);
 
     const template = Template.fromStack(stack);
     // only one custom resource is created that fetches all secrets
@@ -64,18 +58,12 @@ void describe('getOrCreate', () => {
   void it('does not create duplicate resource for the same secret name', () => {
     const app = new App();
     const stack = new Stack(app);
-    // ensure only 1 secret name is registered if they are duplicates
-    BackendSecretFetcherFactory.registerSecret(secretName1);
-    BackendSecretFetcherFactory.registerSecret(secretName1);
-    assert.equal(BackendSecretFetcherFactory.secretNames.size, 1);
-    assert.equal(
-      Array.from(BackendSecretFetcherFactory.secretNames)[0],
-      secretName1
-    );
+    const providerFactory = new BackendSecretFetcherProviderFactory();
+    const resourceFactory = new BackendSecretFetcherFactory(providerFactory);
 
     // ensure only 1 resource is created even if this is called twice
-    resourceFactory.getOrCreate(stack, backendId);
-    resourceFactory.getOrCreate(stack, backendId);
+    resourceFactory.getOrCreate(stack, backendId, secretName1);
+    resourceFactory.getOrCreate(stack, backendId, secretName1);
 
     const template = Template.fromStack(stack);
     template.resourceCountIs(secretResourceType, 1);

packages/backend/src/engine/backend-secret/backend_secret_fetcher_factory.ts

@@ -1,6 +1,6 @@
 import { Construct } from 'constructs';
 import { BackendSecretFetcherProviderFactory } from './backend_secret_fetcher_provider_factory.js';
-import { CustomResource } from 'aws-cdk-lib';
+import { CustomResource, CustomResourceProps, Lazy } from 'aws-cdk-lib';
 import { BackendIdentifier } from '@aws-amplify/plugin-types';
 import { SecretResourceProps } from './lambda/backend_secret_fetcher_types.js';
 
@@ -9,6 +9,25 @@ import { SecretResourceProps } from './lambda/backend_secret_fetcher_types.js';
  */
 export const SECRET_RESOURCE_PROVIDER_ID = 'SecretFetcherResourceProvider';
 
+class SecretFetcherCustomResource extends CustomResource {
+  private secrets: Set<string>;
+  constructor(
+    scope: Construct,
+    id: string,
+    props: CustomResourceProps,
+    secrets: Set<string>
+  ) {
+    super(scope, id, {
+      ...props,
+    });
+    this.secrets = secrets;
+  }
+
+  public addSecret = (secretName: string) => {
+    this.secrets.add(secretName);
+  };
+}
+
 /**
  * Type of the backend custom CFN resource.
  */
@@ -18,46 +37,33 @@ const SECRET_RESOURCE_TYPE = `Custom::SecretFetcherResource`;
  * The factory to create backend secret-fetcher resource.
  */
 export class BackendSecretFetcherFactory {
-  static secretNames: Set<string> = new Set<string>();
-
   /**
    * Creates a backend secret-fetcher resource factory.
    */
   constructor(
-    private readonly secretProviderFactory: BackendSecretFetcherProviderFactory
+    private secretProviderFactory: BackendSecretFetcherProviderFactory
   ) {}
 
-  /**
-   * Register secrets that to be fetched by the BackendSecretFetcher custom resource.\
-   * @param secretName the name of the secret
-   */
-  static registerSecret = (secretName: string): void => {
-    BackendSecretFetcherFactory.secretNames.add(secretName);
-  };
-
-  /**
-   * Clear registered secrets that will be fetched by the BackendSecretFetcher custom resource.
-   */
-  static clearRegisteredSecrets = (): void => {
-    BackendSecretFetcherFactory.secretNames.clear();
-  };
-
   /**
    * Returns a resource if it exists in the input scope. Otherwise,
    * creates a new one.
    */
   getOrCreate = (
     scope: Construct,
-    backendIdentifier: BackendIdentifier
-  ): CustomResource => {
+    backendIdentifier: BackendIdentifier,
+    secretName: string
+  ): SecretFetcherCustomResource => {
     const secretResourceId = `SecretFetcherResource`;
     const existingResource = scope.node.tryFindChild(
       secretResourceId
-    ) as CustomResource;
+    ) as SecretFetcherCustomResource;
 
     if (existingResource) {
+      existingResource.addSecret(secretName);
       return existingResource;
     }
+    const secrets: Set<string> = new Set();
+    secrets.add(secretName);
 
     const provider = this.secretProviderFactory.getOrCreateInstance(
       scope,
@@ -75,16 +81,25 @@ export class BackendSecretFetcherFactory {
       namespace: backendIdentifier.namespace,
       name: backendIdentifier.name,
       type: backendIdentifier.type,
-      secretNames: Array.from(BackendSecretFetcherFactory.secretNames),
+      secretNames: Lazy.list({
+        produce: () => {
+          return Array.from(secrets);
+        },
+      }),
     };
 
-    return new CustomResource(scope, secretResourceId, {
-      serviceToken: provider.serviceToken,
-      properties: {
-        ...customResourceProps,
-        secretLastUpdated, // this property is only to trigger resource update event.
+    return new SecretFetcherCustomResource(
+      scope,
+      secretResourceId,
+      {
+        serviceToken: provider.serviceToken,
+        properties: {
+          ...customResourceProps,
+          secretLastUpdated, // this property is only to trigger resource update event.
+        },
+        resourceType: SECRET_RESOURCE_TYPE,
       },
-      resourceType: SECRET_RESOURCE_TYPE,
-    });
+      secrets
+    );
   };
 }

packages/backend/src/secret.ts

@@ -1,7 +1,7 @@
 import { BackendSecret } from '@aws-amplify/plugin-types';
 import { CfnTokenBackendSecret } from './engine/backend-secret/backend_secret.js';
-import { BackendSecretFetcherProviderFactory } from './engine/backend-secret/backend_secret_fetcher_provider_factory.js';
 import { BackendSecretFetcherFactory } from './engine/backend-secret/backend_secret_fetcher_factory.js';
+import { BackendSecretFetcherProviderFactory } from './engine/backend-secret/backend_secret_fetcher_provider_factory.js';
 
 /**
  * Use a secret from AWS Systems Manager (SSM) Parameter Store