Add a Snowflake class that sets conventional defaults and turns itself into a secret and SSM params

Author: jdimeo

iac/src/main/java/com/compassion/commons/iac/CDKUtils.java

@@ -15,6 +15,8 @@
 
 import lombok.AccessLevel;
 import lombok.RequiredArgsConstructor;
+import lombok.Setter;
+import lombok.experimental.Accessors;
 import lombok.experimental.Delegate;
 import software.amazon.awscdk.Stack;
 import software.amazon.awscdk.services.ec2.ISubnet;
@@ -119,11 +121,14 @@ default Function.Builder lambdaFromPOM(String artifactId, Path... pomPaths) thro
 		}
 	}
 
+	@Setter @Accessors(fluent = true)
 	@RequiredArgsConstructor(access = AccessLevel.PRIVATE)
 	class ParamFromSecretBuilder implements Builder<CfnParameter> {
 		@Delegate
 		private final CfnParameter.Builder delegate;
 		private final String path;
+		
+		private String pathDescription;
 
 		// Assumes the last path fragment is the access path inside the secret
 		public ParamFromSecretBuilder secret(ISecret s) {
@@ -135,5 +140,23 @@ public ParamFromSecretBuilder secret(ISecret s, String secretPath) {
 			value(SECRET_PATH + s.getSecretName() + "/" + secretPath);
 			return this;
 		}
+		
+		/**
+		 * Sets the description for the parameter. If you have already set a 
+		 * path description via {@link #pathDescription(String)} that will be 
+		 * appended to the end of this description to form the final description.
+		 * If not, this description will be used as-is.
+		 * @param baseDescription the base description for related parameters
+		 * at the same level of the hierarchy.
+		 * @return this for chaining
+		 */
+		public ParamFromSecretBuilder description(String baseDescription) {
+			if (pathDescription == null) {
+				delegate.description(baseDescription);
+			} else {
+				delegate.description(baseDescription + " - " + pathDescription);
+			}
+			return this;
+		}
 	}
 }

iac/src/main/java/com/compassion/commons/iac/CISnowflake.java

@@ -0,0 +1,55 @@
+package com.compassion.commons.iac;
+
+import org.jooq.lambda.Seq;
+
+import com.compassion.commons.Utilities;
+import com.compassion.commons.config.CIEnvironment;
+import com.compassion.commons.config.CredentialConfig.ConfigWithUserPassword;
+import com.compassion.commons.iac.CDKUtils.ParamFromSecretBuilder;
+import com.fasterxml.jackson.core.JsonProcessingException;
+
+import lombok.Getter;
+import lombok.Setter;
+import lombok.experimental.Accessors;
+import software.amazon.awscdk.SecretValue;
+import software.amazon.awscdk.services.secretsmanager.ISecret;
+import software.amazon.awscdk.services.secretsmanager.Secret;
+import software.constructs.Construct;
+
+@Getter @Setter @Accessors(chain = true)
+public class CISnowflake extends ConfigWithUserPassword {
+	public enum CISnowflakeRole {
+		WRITER,
+		READER,
+		DEVELOPER
+	}
+	
+	private String database, role;
+	
+	public CISnowflake withDefaults(CIEnvironment env, String svc, String domain, CISnowflakeRole roleType) {
+		switch (env) {
+			case Prod  -> setDatabase(domain).setRole(domain + "_" + roleType).setUser(svc + "_SVC");
+			case Stage -> setDatabase(domain + "_STAGE").setRole(domain + "_STAGE_" + roleType).setUser(svc + "_STAGE_SVC");
+			default    -> setDatabase(domain + "_DEVINT").setRole(domain + "_DEVINT_" + roleType).setUser(svc + "_DEVINT_SVC");
+			case Cloud -> throw new IllegalArgumentException("Snowflake does not support the Cloud environment");
+		}
+		return this;
+	}
+	
+	public Secret.Builder asSecret(Construct stack, String id) {
+		try {
+			return Secret.Builder.create(stack, id).secretStringValue(SecretValue.unsafePlainText(toPlaceholderJson()));
+		} catch (JsonProcessingException e) {
+			throw new IllegalArgumentException("Cannot generate placeholder JSON from " + this, e);
+		}
+	}
+	
+	public Seq<ParamFromSecretBuilder> asParams(CDKUtils utils, String path, ISecret secret) {
+		return Seq.of(
+			utils.newParam(path + "/user").pathDescription("Username").secret(secret),
+			utils.newParam(path + "/password").pathDescription("Password").secret(secret),
+			Utilities.cast(utils.newParam(path + "/database").pathDescription("Database").value(getDatabase())),
+			Utilities.cast(utils.newParam(path + "/role").pathDescription("Database Role").value(getRole()))
+		);
+	}
+}