Merge pull request #2559 from akhilmhdh/fix/ssm-integration-1-1

fix: resolved ssm failing for empty secret in 1-1 mapping
2025-03-29 22:02:57 +00:00 · 2024-10-09 13:19:22 -07:00
parent 75d71d4208 4aaba3ef9f
commit 4fffac07fd
1 changed files with 31 additions and 16 deletions
--- a/backend/src/services/integration-auth/integration-sync-secret.ts
+++ b/backend/src/services/integration-auth/integration-sync-secret.ts
@ -9,6 +9,7 @@

 import {
  CreateSecretCommand,
+  DeleteSecretCommand,
  DescribeSecretCommand,
  GetSecretValueCommand,
  ResourceNotFoundException,
@ -899,12 +900,21 @@ const syncSecretsAWSSecretManager = async ({
      }

      if (!isEqual(secretToCompare, secretValue)) {
-        await secretsManager.send(
-          new UpdateSecretCommand({
-            SecretId: secretId,
-            SecretString: typeof secretValue === "string" ? secretValue : JSON.stringify(secretValue)
-          })
-        );
+        if (secretValue) {
+          await secretsManager.send(
+            new UpdateSecretCommand({
+              SecretId: secretId,
+              SecretString: typeof secretValue === "string" ? secretValue : JSON.stringify(secretValue)
+            })
+          );
+          // delete it
+        } else {
+          await secretsManager.send(
+            new DeleteSecretCommand({
+              SecretId: secretId
+            })
+          );
+        }
      }

      const secretAWSTag = metadata.secretAWSTag as { key: string; value: string }[] | undefined;
@ -989,16 +999,21 @@ const syncSecretsAWSSecretManager = async ({
    } catch (err) {
      // case 1: when AWS manager can't find the specified secret
      if (err instanceof ResourceNotFoundException && secretsManager) {
-        await secretsManager.send(
-          new CreateSecretCommand({
-            Name: secretId,
-            SecretString: typeof secretValue === "string" ? secretValue : JSON.stringify(secretValue),
-            ...(metadata.kmsKeyId && { KmsKeyId: metadata.kmsKeyId }),
-            Tags: metadata.secretAWSTag
-              ? metadata.secretAWSTag.map((tag: { key: string; value: string }) => ({ Key: tag.key, Value: tag.value }))
-              : []
-          })
-        );
+        if (secretValue) {
+          await secretsManager.send(
+            new CreateSecretCommand({
+              Name: secretId,
+              SecretString: typeof secretValue === "string" ? secretValue : JSON.stringify(secretValue),
+              ...(metadata.kmsKeyId && { KmsKeyId: metadata.kmsKeyId }),
+              Tags: metadata.secretAWSTag
+                ? metadata.secretAWSTag.map((tag: { key: string; value: string }) => ({
+                    Key: tag.key,
+                    Value: tag.value
+                  }))
+                : []
+            })
+          );
+        }
        // case 2: something unexpected went wrong, so we'll throw the error to reflect the error in the integration sync status
      } else {
        throw err;