constructor()

in packages/constructs/L2/redshift-constructs/lib/cluster.ts [184:287]

• 97 lines of code
• 9 McCabe index (conditional complexity)

  constructor(scope: Construct, id: string, props: MdaaRedshiftClusterProps) {
    super(scope, id, MdaaRedshiftCluster.setProps(props));
    MdaaNagSuppressions.addCodeResourceSuppressions(this, [
      {
        id: 'CdkNagValidationFailure',
        reason: 'Some cluster properties will reference intrinsic functions.',
      },
    ]);

    const cfnCluster = this.node.defaultChild as CfnCluster;
    cfnCluster.addOverride('Properties.EnhancedVpcRouting', true);
    if (props.automatedSnapshotRetentionDays && props.automatedSnapshotRetentionDays >= 0) {
      cfnCluster.addOverride('Properties.AutomatedSnapshotRetentionPeriod', props.automatedSnapshotRetentionDays);
    }
    // If restoring from snapshot admin password should be managed by Redshift
    if (props.snapshotIdentifier) {
      cfnCluster.addOverride('Properties.SnapshotIdentifier', props.snapshotIdentifier);
      cfnCluster.addDeletionOverride('Properties.MasterUserPassword');
      cfnCluster.addPropertyOverride('ManageMasterPassword', true);
    }
    if (props.ownerAccount) {
      cfnCluster.addOverride('Properties.OwnerAccount', props.ownerAccount);
    }

    if (props.redshiftManageMasterPassword) {
      // Find and delete the existing admin secret created by the L2 construct
      this.node.tryRemoveChild('Secret');
      cfnCluster.addPropertyOverride('ManageMasterPassword', true);
      cfnCluster.addPropertyDeletionOverride('MasterUserPassword');
      cfnCluster.addPropertyOverride('MasterPasswordSecretKmsKeyId', props.encryptionKey.keyArn);
      this.secret = Secret.fromSecretCompleteArn(
        this,
        'redshift-manage-secret-import',
        cfnCluster.attrMasterPasswordSecretArn,
      );
      cfnCluster.addPropertyOverride('MasterUsername', props.masterUsername);
    } else {
      if (props.adminPasswordRotationDays && props.adminPasswordRotationDays > 0) {
        this.addRotationSingleUser(Duration.days(props.adminPasswordRotationDays));
      }
    }

    if (this.secret) {
      new MdaaParamAndOutput(
        this,
        {
          ...{
            resourceType: 'cluster-secret',
            resourceId: props.clusterName,
            name: 'name',
            value: this.secret.secretName,
          },
          ...props,
        },
        scope,
      );
    }
    MdaaNagSuppressions.addCodeResourceSuppressions(this, [
      {
        id: 'NIST.800.53.R5-RedshiftEnhancedVPCRoutingEnabled',
        reason: 'Remediated through property override.',
      },
      {
        id: 'HIPAA.Security-RedshiftEnhancedVPCRoutingEnabled',
        reason: 'Remediated through property override.',
      },
      {
        id: 'PCI.DSS.321-RedshiftEnhancedVPCRoutingEnabled',
        reason: 'Remediated through property override.',
      },
      {
        id: 'CdkNagValidationFailure',
        reason: 'Some cluster properties will reference intrinsic functions.',
      },
    ]);

    new MdaaParamAndOutput(
      this,
      {
        ...{
          resourceType: 'cluster',
          resourceId: props.clusterName,
          name: 'endpoint',
          value: this.clusterEndpoint.socketAddress,
        },
        ...props,
      },
      scope,
    );

    new MdaaParamAndOutput(
      this,
      {
        ...{
          resourceType: 'cluster',
          resourceId: props.clusterName,
          name: 'security-group-id',
          value: props.securityGroup.securityGroupId,
        },
        ...props,
      },
      scope,
    );
  }