feat: initial implementation for function secret access (#845)

* move parameter path methods to BackendIdentifierConversions

* initial function secret implementation

* update api

* make resolveToPath required

* add banner and policy to resolve secrets

* add unit test

* update test and translateEnvironmentProp

* move parameter path methods to ParameterPathConversions

* update API

* move banner code to separate file with tests, narrow down resource scope, limit getParameters arguments

* update e2e test for function secret access

* move eslint comment

* poke ci

* update package-lock

* fix tests

* maybe this works

* test

* try this

* try to see if error is from the snippet

* try this

* try this

* try this

* try that

* try that

* try that

* poke ci

* test

* test again

* test

* poke ci

* whoops

* test

* what

* maybe this works

* maybe this

* slowly getting there

* test

* try this

* disable test cleanup

* Revert "disable test cleanup"

This reverts commit 9ff2224.

* replace os EOL with specific characters

* lint fix

* rename resolveToPath to resolvePath

* rename secret in e2e test

* move client-ssm to devDependencies

* update secret path storage and getting code snippet

* nit fixes

* rename function to resolve secrets

* add FunctionEnvironmentTranslator class

* update e2e test

* remove source map from code snippet

Author: rtpascual

.changeset/grumpy-trainers-repeat.md

@@ -0,0 +1,7 @@
+---
+'@aws-amplify/backend-function': minor
+'@aws-amplify/plugin-types': minor
+'@aws-amplify/backend': minor
+---
+
+Implement function secret access

.changeset/young-rings-do.md

@@ -0,0 +1,6 @@
+---
+'@aws-amplify/backend-secret': patch
+'@aws-amplify/platform-core': patch
+---
+
+Move parameter path methods to ParameterPathConversions

package-lock.json

@@ -10,6 +10,7 @@ import { AuthProps, PhoneNumberLogin } from '@aws-amplify/auth-construct-alpha';
 import { SecretValue } from 'aws-cdk-lib';
 import assert from 'node:assert';
 import { translateToAuthConstructLoginWith } from './translate_auth_props.js';
+import { ParameterPathConversions } from '@aws-amplify/platform-core';
 
 const phone: PhoneNumberLogin = {
   verificationMessage: (code: string) => `text${code}text2`,
@@ -43,12 +44,21 @@ class TestBackendSecret implements BackendSecret {
   resolve = (): SecretValue => {
     return SecretValue.unsafePlainText(this.secretName);
   };
+  resolvePath = (): string => {
+    return ParameterPathConversions.toParameterFullPath(
+      testBackendIdentifier,
+      this.secretName
+    );
+  };
 }
 
 class TestBackendSecretResolver implements BackendSecretResolver {
   resolveSecret = (backendSecret: BackendSecret): SecretValue => {
     return backendSecret.resolve(testStack, testBackendIdentifier);
   };
+  resolvePath = (backendSecret: BackendSecret): string => {
+    return backendSecret.resolvePath(testBackendIdentifier);
+  };
 }
 
 void describe('translateToAuthConstructLoginWith', () => {

packages/backend-auth/src/translate_auth_props.test.ts

@@ -4,6 +4,7 @@
 
 ```ts
 
+import { BackendSecret } from '@aws-amplify/plugin-types';
 import { ConstructFactory } from '@aws-amplify/plugin-types';
 import { FunctionResources } from '@aws-amplify/plugin-types';
 import { ResourceProvider } from '@aws-amplify/plugin-types';
@@ -17,7 +18,7 @@ export type FunctionProps = {
     entry?: string;
     timeoutSeconds?: number;
     memoryMB?: number;
-    environment?: Record<string, string>;
+    environment?: Record<string, string | BackendSecret>;
     runtime?: NodeVersion;
 };
 

packages/backend-function/API.md

@@ -25,6 +25,7 @@
   "devDependencies": {
     "@aws-amplify/backend-platform-test-stubs": "^0.3.1",
     "@aws-amplify/platform-core": "^0.3.3",
+    "@aws-sdk/client-ssm": "^3.398.0",
     "uuid": "^9.0.1"
   },
   "peerDependencies": {