aws-cloudformation
diff --git a/‎aws-redshiftserverless-namespace/.rpdk-config‎
Lines changed: 2 additions & 1 deletion b/‎aws-redshiftserverless-namespace/.rpdk-config‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎aws-redshiftserverless-namespace/README.md‎
Lines changed: 2 additions & 2 deletions b/‎aws-redshiftserverless-namespace/README.md‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎aws-redshiftserverless-namespace/docs/namespace.md‎
Lines changed: 0 additions & 1 deletion b/‎aws-redshiftserverless-namespace/docs/namespace.md‎
Lines changed: 0 additions & 1 deletion
diff --git a/‎aws-redshiftserverless-namespace/docs/tag.md‎
Lines changed: 0 additions & 1 deletion b/‎aws-redshiftserverless-namespace/docs/tag.md‎
Lines changed: 0 additions & 1 deletion
diff --git a/‎aws-redshiftserverless-namespace/pom.xml‎
Lines changed: 6 additions & 0 deletions b/‎aws-redshiftserverless-namespace/pom.xml‎
Lines changed: 6 additions & 0 deletions
diff --git a/‎aws-redshiftserverless-namespace/src/main/java/software/amazon/redshiftserverless/namespace/BaseHandlerStd.java‎
Lines changed: 39 additions & 0 deletions b/‎aws-redshiftserverless-namespace/src/main/java/software/amazon/redshiftserverless/namespace/BaseHandlerStd.java‎
Lines changed: 39 additions & 0 deletions
diff --git a/‎aws-redshiftserverless-namespace/src/main/java/software/amazon/redshiftserverless/namespace/CallbackContext.java‎
Lines changed: 9 additions & 0 deletions b/‎aws-redshiftserverless-namespace/src/main/java/software/amazon/redshiftserverless/namespace/CallbackContext.java‎
Lines changed: 9 additions & 0 deletions
diff --git a/‎aws-redshiftserverless-namespace/src/main/java/software/amazon/redshiftserverless/namespace/ClientBuilder.java‎
Lines changed: 6 additions & 0 deletions b/‎aws-redshiftserverless-namespace/src/main/java/software/amazon/redshiftserverless/namespace/ClientBuilder.java‎
Lines changed: 6 additions & 0 deletions
diff --git a/‎aws-redshiftserverless-namespace/src/main/java/software/amazon/redshiftserverless/namespace/CreateHandler.java‎
Lines changed: 3 additions & 1 deletion b/‎aws-redshiftserverless-namespace/src/main/java/software/amazon/redshiftserverless/namespace/CreateHandler.java‎
Lines changed: 3 additions & 1 deletion
diff --git a/‎aws-redshiftserverless-namespace/src/main/java/software/amazon/redshiftserverless/namespace/DeleteHandler.java‎
Lines changed: 15 additions & 9 deletions b/‎aws-redshiftserverless-namespace/src/main/java/software/amazon/redshiftserverless/namespace/DeleteHandler.java‎
Lines changed: 15 additions & 9 deletions
@@ -20,5 +20,6 @@
         ],
         "codegen_template_path": "guided_aws",
         "protocolVersion": "2.0.0"
-    }
+    },
+    "executableEntrypoint": "software.amazon.redshiftserverless.namespace.HandlerWrapperExecutable"
 }
@@ -31,7 +31,7 @@ The code uses [Lombok](https://projectlombok.org/), and [you may have to install
 ## Note: This should be tested in the same region as your deployed resource.
 ## This would just test the resource handler changes and deploy resource in your account. This uses your local aws credentials
 ## The permissions provided here doesn't truly represent the necessary permission defined in the schema and need to be updated before you execute contract tests.
-## References: 
+## References:
 ##    - https://w.amazon.com/bin/view/AWS21/Design/Uluru/Onboarding_Guide/Uluru_OpenSource_And_Developing_In_Amazon/IntegrationTests/
 
 1. cd <resource_folder> && source <virtualenvfolder>/bin/activate && sam local start-lambda
@@ -51,7 +51,7 @@ The code uses [Lombok](https://projectlombok.org/), and [you may have to install
 ## References:
 ##    - https://docs.aws.amazon.com/cli/latest/reference/cloudformation/create-stack.html
 
-1. cp <resource_folder>/local-test-artifacts/create-<resource>.yaml cp local-test-artifacts/create-<resource>-<feature>.json 
+1. cp <resource_folder>/local-test-artifacts/create-<resource>.yaml cp local-test-artifacts/create-<resource>-<feature>.json
 2. cd <resource_folder> && aws cloudformation create-stack --stack-name <stack-name> --template-body file://local-test-artifacts/create-<resource>-<feature>.yaml> --region <region>
 3. Verify if the cloudformation template is deployed successfully into your account.
 
 
@@ -37,4 +37,3 @@ _Required_: No
 _Type_: String
 
 _Update requires_: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)
-
@@ -43,4 +43,3 @@ _Type_: String
 _Maximum Length_: <code>256</code>
 
 _Update requires_: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)
-
@@ -43,6 +43,12 @@
             <artifactId>redshift</artifactId>
             <version>2.22.5</version>
         </dependency>
+        <!-- https://mvnrepository.com/artifact/software.amazon.awssdk/secretsmanager -->
+        <dependency>
+            <groupId>software.amazon.awssdk</groupId>
+            <artifactId>secretsmanager</artifactId>
+            <version>2.22.5</version>
+        </dependency>
         <dependency>
             <groupId>software.amazon.awssdk</groupId>
             <artifactId>aws-core</artifactId>
 
@@ -23,6 +23,10 @@
 import software.amazon.cloudformation.proxy.ProxyClient;
 import software.amazon.cloudformation.proxy.ResourceHandlerRequest;
 import software.amazon.cloudformation.proxy.delay.Constant;
+import software.amazon.awssdk.services.secretsmanager.SecretsManagerClient;
+import software.amazon.awssdk.services.secretsmanager.model.DescribeSecretRequest;
+import software.amazon.awssdk.services.secretsmanager.model.DescribeSecretResponse;
+import com.amazonaws.util.StringUtils;
 
 import java.time.Duration;
 
@@ -44,6 +48,7 @@ public final ProgressEvent<ResourceModel, CallbackContext> handleRequest(
       callbackContext != null ? callbackContext : new CallbackContext(),
       proxy.newProxy(ClientBuilder::getClient),
       proxy.newProxy(ClientBuilder::redshiftClient),
+      proxy.newProxy(ClientBuilder::secretsManagerClient),
       logger
     );
   }
@@ -54,6 +59,7 @@ protected abstract ProgressEvent<ResourceModel, CallbackContext> handleRequest(
     final CallbackContext callbackContext,
     final ProxyClient<RedshiftServerlessClient> proxyClient,
     final ProxyClient<RedshiftClient> redshiftProxyClient,
+    final ProxyClient<SecretsManagerClient> secretsManagerProxyClient,
     final Logger logger);
 
   protected boolean isNamespaceActive (final ProxyClient<RedshiftServerlessClient> proxyClient, ResourceModel resourceModel, CallbackContext context) {
@@ -77,6 +83,24 @@ protected boolean isNamespaceActiveAfterDelete (final ProxyClient<RedshiftServer
     return false;
   }
 
+  protected boolean isNamespaceSecretDeleted (final ProxyClient<SecretsManagerClient> secretsManagerProxyClient, CallbackContext context) {
+    String namespaceSecretArn = context.getAdminPasswordSecretArn();
+
+    // For namespaces that aren't opted in to Redshift Managed Passwords, AdminPasswordSecretArn is null
+    if (StringUtils.isNullOrEmpty(namespaceSecretArn)) {
+      return true;
+    }
+
+    DescribeSecretRequest describeSecretRequest = DescribeSecretRequest.builder().secretId(namespaceSecretArn).build();
+    try {
+      secretsManagerProxyClient.injectCredentialsAndInvokeV2(describeSecretRequest, secretsManagerProxyClient.client()::describeSecret);
+    } catch (final software.amazon.awssdk.services.secretsmanager.model.ResourceNotFoundException e) {
+      logger.log(String.format("Secret %s has successfully been deleted.", namespaceSecretArn));
+      return true;
+    }
+    return false;
+  }
+
   protected ListSnapshotCopyConfigurationsResponse listSnapshotCopyConfigurations(final ListSnapshotCopyConfigurationsRequest listRequest,
                                                                                   final ProxyClient<RedshiftServerlessClient> proxyClient) {
     ListSnapshotCopyConfigurationsResponse listResponse = proxyClient.injectCredentialsAndInvokeV2(listRequest, proxyClient.client()::listSnapshotCopyConfigurations);
@@ -92,6 +116,21 @@ protected CreateSnapshotCopyConfigurationResponse createSnapshotCopyConfiguratio
     return createResponse;
   }
 
+  protected String getNamespaceSecretArn(final ProxyClient<RedshiftServerlessClient> proxyClient, final String namespaceName) {
+    String namespaceSecretArn = null;
+    GetNamespaceResponse getNamespaceResponse = null;
+
+    GetNamespaceRequest getNamespaceRequest = GetNamespaceRequest.builder().namespaceName(namespaceName).build();
+
+    try {
+      getNamespaceResponse = proxyClient.injectCredentialsAndInvokeV2(getNamespaceRequest, proxyClient.client()::getNamespace);
+      namespaceSecretArn = getNamespaceResponse.namespace().adminPasswordSecretArn();
+    } catch (final ResourceNotFoundException e) {
+      // do nothing here, we will handle this in .handleError part of the handler instead
+    }
+    return namespaceSecretArn;
+  }
+
   protected <T> ProgressEvent<ResourceModel, CallbackContext> defaultErrorHandler(final T request,
                                                                                   final Exception exception,
                                                                                   final ProxyClient<RedshiftServerlessClient> client,
 
@@ -9,6 +9,7 @@
 public class CallbackContext extends StdCallbackContext {
     String namespaceArn = null;
     boolean callBackForDelete = false;
+    String adminPasswordSecretArn = null;
 
     public void setNamespaceArn(String namespaceArn) {this.namespaceArn = namespaceArn; }
 
@@ -21,4 +22,12 @@ public void setCallBackForDelete(boolean callBackForDelete) {
     public boolean getCallBackForDelete() {
         return callBackForDelete;
     }
+
+    public String getAdminPasswordSecretArn() {
+        return adminPasswordSecretArn;
+    }
+
+    public void setAdminPasswordSecretArn(String adminPasswordSecretArn) {
+        this.adminPasswordSecretArn = adminPasswordSecretArn;
+    }
 }
@@ -2,6 +2,7 @@
 
 import software.amazon.awssdk.services.redshift.RedshiftClient;
 import software.amazon.awssdk.services.redshiftserverless.RedshiftServerlessClient;
+import software.amazon.awssdk.services.secretsmanager.SecretsManagerClient;
 import software.amazon.cloudformation.LambdaWrapper;
 
 import java.util.function.Supplier;
@@ -18,4 +19,9 @@ public static RedshiftClient redshiftClient() {
                 .httpClient(LambdaWrapper.HTTP_CLIENT)
                 .build();
     }
+    public static SecretsManagerClient secretsManagerClient() {
+        return SecretsManagerClient.builder()
+                .httpClient(LambdaWrapper.HTTP_CLIENT)
+                .build();
+    }
 }
@@ -20,6 +20,7 @@
 import software.amazon.cloudformation.proxy.ProgressEvent;
 import software.amazon.cloudformation.proxy.ProxyClient;
 import software.amazon.cloudformation.proxy.ResourceHandlerRequest;
+import software.amazon.awssdk.services.secretsmanager.SecretsManagerClient;
 
 import java.util.Collections;
 import java.util.Optional;
@@ -32,6 +33,7 @@ protected ProgressEvent<ResourceModel, CallbackContext> handleRequest(
         final CallbackContext callbackContext,
         final ProxyClient<RedshiftServerlessClient> proxyClient,
         final ProxyClient<RedshiftClient> redshiftProxyClient,
+        final ProxyClient<SecretsManagerClient> secretsManagerProxyClient,
         final Logger logger) {
 
         this.logger = logger;
@@ -68,7 +70,7 @@ protected ProgressEvent<ResourceModel, CallbackContext> handleRequest(
                return progress;
             })
             .then(progress ->
-                new ReadHandler().handleRequest(proxy, request, callbackContext, proxyClient, redshiftProxyClient, logger)
+                new ReadHandler().handleRequest(proxy, request, callbackContext, proxyClient, redshiftProxyClient, secretsManagerProxyClient, logger)
             );
     }
 
 
@@ -9,6 +9,10 @@
 import software.amazon.cloudformation.proxy.ProgressEvent;
 import software.amazon.cloudformation.proxy.ProxyClient;
 import software.amazon.cloudformation.proxy.ResourceHandlerRequest;
+import software.amazon.awssdk.services.secretsmanager.SecretsManagerClient;
+import software.amazon.awssdk.services.redshiftserverless.model.GetNamespaceRequest;
+import software.amazon.awssdk.services.redshiftserverless.model.GetNamespaceResponse;
+import software.amazon.awssdk.services.redshiftserverless.model.ResourceNotFoundException;
 
 public class DeleteHandler extends BaseHandlerStd {
     protected ProgressEvent<ResourceModel, CallbackContext> handleRequest(
@@ -17,29 +21,31 @@ protected ProgressEvent<ResourceModel, CallbackContext> handleRequest(
         final CallbackContext callbackContext,
         final ProxyClient<RedshiftServerlessClient> proxyClient,
         final ProxyClient<RedshiftClient> redshiftProxyClient,
+        final ProxyClient<SecretsManagerClient> secretsManagerProxyClient,
         final Logger logger) {
 
         this.logger = logger;
 
         final ResourceModel model = request.getDesiredResourceState();
+
+        // Set the secret ARN in the callback context. We will use this in the stabilize operation of this handler
+        if (callbackContext.getAdminPasswordSecretArn() == null) {
+            String adminPasswordSecretArn = getNamespaceSecretArn(proxyClient, model.getNamespaceName());
+            callbackContext.setAdminPasswordSecretArn(adminPasswordSecretArn);
+            logger.log(String.format("Set namespace secret ARN in callback context: %s", adminPasswordSecretArn));
+        }
+
         return ProgressEvent.progress(model, callbackContext)
                 .then(progress ->
                     proxy.initiate("AWS-RedshiftServerless-Namespace::Delete", proxyClient, model, callbackContext)
                             .translateToServiceRequest(Translator::translateToDeleteRequest)
                             .backoffDelay(BACKOFF_STRATEGY)
                             .makeServiceCall(this::deleteNamespace)
-                            .stabilize((_awsRequest, _awsResponse, _client, _model, _context) -> isNamespaceActiveAfterDelete(_client, _model, _context))
+                            .stabilize((_awsRequest, _awsResponse, _client, _model, _context) -> isNamespaceActiveAfterDelete(_client, model, _context) &&
+                                    isNamespaceSecretDeleted(secretsManagerProxyClient, _context))
                             .handleError(this::defaultErrorHandler)
                             .done(deleteNamespaceResponse -> {
                                 logger.log(String.format("%s %s deleted.",ResourceModel.TYPE_NAME, model.getNamespaceName()));
-                                // TODO: Need to add a stabilize operation to verify if secret is deleted
-                                // This is a temporary fix to handle deletion of secrets for managed passwords
-                                // Since deletion of secret is handled async CTv2 is failing even in SingleTestMode
-                                try {
-                                    Thread.sleep(30000);
-                                } catch(InterruptedException ex) {
-                                    Thread.currentThread().interrupt();
-                                }
                                 return ProgressEvent.defaultSuccessHandler(null);
                             })
                 );
Original file line number	Diff line number	Diff line change
`@@ -20,5 +20,6 @@`
`20`	`20`	`],`
`21`	`21`	`"codegen_template_path": "guided_aws",`
`22`	`22`	`"protocolVersion": "2.0.0"`
`23`		`- }`
	`23`	`+ },`
	`24`	`+ "executableEntrypoint": "software.amazon.redshiftserverless.namespace.HandlerWrapperExecutable"`
`24`	`25`	`}`
Original file line number	Diff line number	Diff line change
`@@ -37,4 +37,3 @@ _Required_: No`
`37`	`37`	`_Type_: String`
`38`	`38`
`39`	`39`	`_Update requires_: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)`
`40`		`-`
Original file line number	Diff line number	Diff line change
`@@ -43,4 +43,3 @@ _Type_: String`
`43`	`43`	`_Maximum Length_: <code>256</code>`
`44`	`44`
`45`	`45`	`_Update requires_: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)`
`46`		`-`