(docdb): Secretrotation can generate Secrets that are not accepted by cloudformation #17575
Description
What is the problem?
Changing properties of a deployed DocDB may fail, because the rotated secret contains characters, that cloudformation won't accept (even if they are "accepted" and rotated by the secret rotation).
1/30 |5:59:20 PM | UPDATE_FAILED | AWS::DocDB::DBCluster | my-beautifull-database/Database (Database123456789) The parameter MasterUserPassword is not a valid password. Only printable ASCII characters besides '/', '@', '"', ' ' may be used. (Service: AmazonRDS; Status Code: 400; Error Code: InvalidParameterValue; Request ID: ...)The password did contain an @
Reproduction Steps
Create a database with CDK and activate secret rotation single user ... after a while and some secret rotations you will maybe find a situation where neither update nor rollback will succeed... because cloudformation won't accept the password.
What did you expect to happen?
Create a database with CDK and activate secret rotation single user ... after a while and some secret rotations you will maybe find a situation where neither update nor rollback will succeed... because cloudformation won't accept the password.
What actually happened?
Cloudformation was not able to update - Rollback failed also
CDK CLI Version
1.121
Framework Version
No response
Node.js Version
12
OS
mac
Language
Typescript
Language Version
No response
Other information
No response