Search in sources :

Example 1 with DescribeSecretResult

use of com.amazonaws.services.secretsmanager.model.DescribeSecretResult in project aws-secretsmanager-caching-java by aws.

the class SecretCacheItem method executeRefresh.

/**
 * Execute the logic to perform the actual refresh of the item.
 *
 * @return The result from AWS Secrets Manager for the refresh.
 */
@Override
protected DescribeSecretResult executeRefresh() {
    DescribeSecretResult describeSecretResult = client.describeSecret(updateUserAgent(new DescribeSecretRequest().withSecretId(this.secretId)));
    long ttl = this.config.getCacheItemTTL();
    this.nextRefreshTime = System.currentTimeMillis() + ThreadLocalRandom.current().nextLong(ttl / 2, ttl + 1);
    return describeSecretResult;
}
Also used : DescribeSecretResult(com.amazonaws.services.secretsmanager.model.DescribeSecretResult) DescribeSecretRequest(com.amazonaws.services.secretsmanager.model.DescribeSecretRequest)

Example 2 with DescribeSecretResult

use of com.amazonaws.services.secretsmanager.model.DescribeSecretResult in project fernet-java8 by l0s.

the class MultiFernetKeyRotatorTest method verifyTestRejectsTooManyBytes.

@Test
public final void verifyTestRejectsTooManyBytes() throws IOException {
    // given
    final byte[] longArray = new byte[6 * 32 + 1];
    Arrays.fill(longArray, (byte) 0);
    final DescribeSecretResult description = new DescribeSecretResult();
    description.setRotationEnabled(true);
    description.setVersionIdsToStages(ImmutableMap.of("version", Arrays.asList("AWSPENDING")));
    final InputStream input = new StringInputStream("{\"Step\": \"testSecret\",\"ClientRequestToken\": \"version\",\"SecretId\":\"secret\"}");
    final ByteArrayOutputStream output = new ByteArrayOutputStream();
    final Context context = mock(Context.class);
    given(secretsManager.getSecretVersion("secret", "version")).willReturn(ByteBuffer.wrap(longArray));
    given(secretsManager.describeSecret("secret")).willReturn(description);
    // when / then
    assertThrows(RuntimeException.class, () -> rotator.handleRequest(input, output, context));
    new ObjectMapper().readTree(output.toByteArray());
}
Also used : Context(com.amazonaws.services.lambda.runtime.Context) DescribeSecretResult(com.amazonaws.services.secretsmanager.model.DescribeSecretResult) StringInputStream(com.amazonaws.util.StringInputStream) StringInputStream(com.amazonaws.util.StringInputStream) InputStream(java.io.InputStream) ByteArrayOutputStream(java.io.ByteArrayOutputStream) ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper) Test(org.junit.Test)

Example 3 with DescribeSecretResult

use of com.amazonaws.services.secretsmanager.model.DescribeSecretResult in project fernet-java8 by l0s.

the class SecretsManagerTest method verifyDescribeSecretPassesThrough.

@Test
public final void verifyDescribeSecretPassesThrough() {
    // given
    final DescribeSecretRequest request = new DescribeSecretRequest();
    request.setSecretId("secret");
    final DescribeSecretResult sampleResult = new DescribeSecretResult();
    sampleResult.setRotationEnabled(true);
    sampleResult.addVersionIdsToStagesEntry("version", singletonList("AWSPREVIOUS"));
    given(delegate.describeSecret(eq(request))).willReturn(sampleResult);
    // when
    final DescribeSecretResult result = manager.describeSecret("secret");
    // then
    assertTrue(result.isRotationEnabled());
    assertTrue(result.getVersionIdsToStages().get("version").contains("AWSPREVIOUS"));
}
Also used : DescribeSecretResult(com.amazonaws.services.secretsmanager.model.DescribeSecretResult) DescribeSecretRequest(com.amazonaws.services.secretsmanager.model.DescribeSecretRequest) Test(org.junit.Test)

Example 4 with DescribeSecretResult

use of com.amazonaws.services.secretsmanager.model.DescribeSecretResult in project fernet-java8 by l0s.

the class SimpleFernetKeyRotatorTest method verifyHandleRequestCreatesKey.

@Test
public void verifyHandleRequestCreatesKey() throws IOException {
    // given
    final Context context = mock(Context.class);
    final String clientRequestToken = "clientRequestToken";
    final String secretId = "secretId";
    final DescribeSecretResult secretDescription = new DescribeSecretResult();
    secretDescription.setRotationEnabled(true);
    secretDescription.addVersionIdsToStagesEntry(clientRequestToken, singletonList("AWSPENDING"));
    given(secretsManager.describeSecret(secretId)).willReturn(secretDescription);
    given(secretsManager.getSecretVersion(secretId, clientRequestToken)).willThrow(new ResourceNotFoundException("no value yet"));
    final RotationRequest creationRequest = new RotationRequest();
    creationRequest.setClientRequestToken(clientRequestToken);
    creationRequest.setSecretId(secretId);
    creationRequest.setStep(Step.CREATE_SECRET);
    final byte[] creationRequestBytes = mapper.writeValueAsBytes(creationRequest);
    // when
    try (InputStream input = new ByteArrayInputStream(creationRequestBytes)) {
        try (OutputStream output = new ByteArrayOutputStream()) {
            rotator.handleRequest(input, output, context);
            // then
            verify(secretsManager).putSecretValue(eq("secretId"), eq(clientRequestToken), any(Key.class), eq(PENDING));
        }
    }
}
Also used : Context(com.amazonaws.services.lambda.runtime.Context) DescribeSecretResult(com.amazonaws.services.secretsmanager.model.DescribeSecretResult) ByteArrayInputStream(java.io.ByteArrayInputStream) ByteArrayInputStream(java.io.ByteArrayInputStream) InputStream(java.io.InputStream) ByteArrayOutputStream(java.io.ByteArrayOutputStream) OutputStream(java.io.OutputStream) ByteArrayOutputStream(java.io.ByteArrayOutputStream) ResourceNotFoundException(com.amazonaws.services.secretsmanager.model.ResourceNotFoundException) Key(com.macasaet.fernet.Key) Test(org.junit.Test)

Example 5 with DescribeSecretResult

use of com.amazonaws.services.secretsmanager.model.DescribeSecretResult in project fernet-java8 by l0s.

the class MultiFernetKeyRotatorTest method verifyCreateSecretAddsKeyAndRemovesOldest.

@Test
public final void verifyCreateSecretAddsKeyAndRemovesOldest() throws IOException {
    // given
    final Key key0 = Key.generateKey(random);
    final Key key1 = Key.generateKey(random);
    final Key key2 = Key.generateKey(random);
    final DescribeSecretResult description = new DescribeSecretResult();
    description.setRotationEnabled(true);
    description.setVersionIdsToStages(ImmutableMap.of("version", Arrays.asList("AWSPENDING")));
    final InputStream input = new StringInputStream("{\"Step\": \"createSecret\",\"ClientRequestToken\": \"version\",\"SecretId\":\"secret\"}");
    final ByteArrayOutputStream output = new ByteArrayOutputStream();
    final Context context = mock(Context.class);
    try (ByteArrayOutputStream stream = new ByteArrayOutputStream()) {
        // pending
        key0.writeTo(stream);
        // primary
        key1.writeTo(stream);
        // old key
        key2.writeTo(stream);
        given(secretsManager.getSecretStage("secret", CURRENT)).willReturn(ByteBuffer.wrap(stream.toByteArray()));
        given(secretsManager.describeSecret("secret")).willReturn(description);
        given(secretsManager.getSecretVersion("secret", "version")).willThrow(new ResourceNotFoundException(""));
        // when
        rotator.handleRequest(input, output, context);
        // then
        verify(secretsManager).putSecretValue(eq("secret"), eq("version"), keyCollector.capture(), eq(PENDING));
        final Collection<? extends Key> keys = keyCollector.getValue();
        assertEquals(3, keys.size());
        // new pending key
        assertTrue(keys.contains(key0));
        // primary key (old pending)
        assertTrue(keys.contains(key1));
        // old key (old primary)
        assertFalse(keys.contains(key2));
        new ObjectMapper().readTree(output.toByteArray());
    }
}
Also used : Context(com.amazonaws.services.lambda.runtime.Context) DescribeSecretResult(com.amazonaws.services.secretsmanager.model.DescribeSecretResult) StringInputStream(com.amazonaws.util.StringInputStream) StringInputStream(com.amazonaws.util.StringInputStream) InputStream(java.io.InputStream) ByteArrayOutputStream(java.io.ByteArrayOutputStream) ResourceNotFoundException(com.amazonaws.services.secretsmanager.model.ResourceNotFoundException) Key(com.macasaet.fernet.Key) ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper) Test(org.junit.Test)

Aggregations

DescribeSecretResult (com.amazonaws.services.secretsmanager.model.DescribeSecretResult)12 Test (org.junit.Test)11 Context (com.amazonaws.services.lambda.runtime.Context)10 ByteArrayOutputStream (java.io.ByteArrayOutputStream)10 InputStream (java.io.InputStream)10 StringInputStream (com.amazonaws.util.StringInputStream)6 ObjectMapper (com.fasterxml.jackson.databind.ObjectMapper)6 Key (com.macasaet.fernet.Key)4 ByteArrayInputStream (java.io.ByteArrayInputStream)4 OutputStream (java.io.OutputStream)4 ResourceNotFoundException (com.amazonaws.services.secretsmanager.model.ResourceNotFoundException)3 DescribeSecretRequest (com.amazonaws.services.secretsmanager.model.DescribeSecretRequest)2 ByteBuffer (java.nio.ByteBuffer)2