AWS cdk documentation change
Summary
Updated plugin code examples to use TypeScript/JavaScript type annotations and SDKv3-compatible credential patterns
Security assessment
Changes demonstrate updated plugin development patterns for credential providers but do not address specific security vulnerabilities or introduce new security features. Updates focus on code structure and SDK compatibility rather than security enhancements.
Diff
diff --git a/cdk/v2/guide/plugins.md b/cdk/v2/guide/plugins.md index cab78fa69..157b09fc6 100644 --- a//cdk/v2/guide/plugins.md +++ b//cdk/v2/guide/plugins.md @@ -33 +33 @@ TypeScript - import type { IPluginHost } from '@aws-cdk/cli-plugin-contract'; + import type { IPluginHost, Plugin } from '@aws-cdk/cli-plugin-contract'; @@ -35 +35 @@ TypeScript - export = { + const plugin: Plugin = { @@ -45,0 +46,2 @@ TypeScript + export = plugin; + @@ -50 +52 @@ JavaScript - module.exports = { + const plugin = { @@ -60,0 +63,2 @@ JavaScript + module.exports = plugin; + @@ -164,3 +168 @@ TypeScript - import type { IPluginHost } from '@aws-cdk/cli-plugin-contract'; - import { registerCredentialProviderSource, Mode, CredentialProviderSource } from '@aws-cdk/cli-plugin-contract'; - import { Credentials } from '@aws-sdk/client-sts'; + import type { CredentialProviderSource, ForReading, ForWriting, IPluginHost, Plugin, PluginProviderResult, SDKv3CompatibleCredentials } from '@aws-cdk/cli-plugin-contract'; @@ -193 +195 @@ TypeScript - public async getProvider(accountId: string, mode: Mode): Promise<PluginProviderResult> { + public async getProvider(accountId: string, mode: ForReading | ForWriting): Promise<PluginProviderResult> { @@ -195 +197 @@ TypeScript - const readOnly = mode === Mode.ForReading; + const readOnly = mode === 0 satisfies ForReading; @@ -198,2 +200 @@ TypeScript - // In this example we're using AWS SDK v3 credentials - const credentials = new Credentials({ + const credentials: SDKv3CompatibleCredentials = { @@ -205 +206 @@ TypeScript - }); + }; @@ -211,2 +212,2 @@ TypeScript - export = { - version = '1', + const plugin: Plugin = { + version: '1', @@ -219 +220 @@ TypeScript -JavaScript + export = plugin; @@ -220,0 +222 @@ JavaScript +JavaScript @@ -223,2 +224,0 @@ JavaScript - const { Mode, registerCredentialProviderSource, CredentialProviderSource } = require('@aws-cdk/cli-plugin-contract'); - const { Credentials } = require('@aws-sdk/client-sts'); @@ -227 +227 @@ JavaScript - class CustomCredentialProviderSource extends CredentialProviderSource { + class CustomCredentialProviderSource { @@ -229 +228,0 @@ JavaScript - super(); @@ -257 +256 @@ JavaScript - const readOnly = mode === Mode.ForReading; + const readOnly = mode === 0; // 0 indicates ForReading; 1 indicates ForWriting @@ -260,2 +259 @@ JavaScript - // In this example we're using AWS SDK v3 credentials - const credentials = new Credentials({ + const credentials = { @@ -267 +265 @@ JavaScript - }); + }; @@ -273,2 +271,2 @@ JavaScript - module.exports = { - version = '1', + const plugin = { + version: '1', @@ -280,0 +279,2 @@ JavaScript + module.exports = plugin; +