use of com.amazonaws.services.secretsmanager.model.DescribeSecretResult in project aws-secretsmanager-caching-java by aws.
the class SecretCacheItem method executeRefresh.
/**
* Execute the logic to perform the actual refresh of the item.
*
* @return The result from AWS Secrets Manager for the refresh.
*/
@Override
protected DescribeSecretResult executeRefresh() {
DescribeSecretResult describeSecretResult = client.describeSecret(updateUserAgent(new DescribeSecretRequest().withSecretId(this.secretId)));
long ttl = this.config.getCacheItemTTL();
this.nextRefreshTime = System.currentTimeMillis() + ThreadLocalRandom.current().nextLong(ttl / 2, ttl + 1);
return describeSecretResult;
}
use of com.amazonaws.services.secretsmanager.model.DescribeSecretResult in project fernet-java8 by l0s.
the class MultiFernetKeyRotatorTest method verifyTestRejectsTooManyBytes.
@Test
public final void verifyTestRejectsTooManyBytes() throws IOException {
// given
final byte[] longArray = new byte[6 * 32 + 1];
Arrays.fill(longArray, (byte) 0);
final DescribeSecretResult description = new DescribeSecretResult();
description.setRotationEnabled(true);
description.setVersionIdsToStages(ImmutableMap.of("version", Arrays.asList("AWSPENDING")));
final InputStream input = new StringInputStream("{\"Step\": \"testSecret\",\"ClientRequestToken\": \"version\",\"SecretId\":\"secret\"}");
final ByteArrayOutputStream output = new ByteArrayOutputStream();
final Context context = mock(Context.class);
given(secretsManager.getSecretVersion("secret", "version")).willReturn(ByteBuffer.wrap(longArray));
given(secretsManager.describeSecret("secret")).willReturn(description);
// when / then
assertThrows(RuntimeException.class, () -> rotator.handleRequest(input, output, context));
new ObjectMapper().readTree(output.toByteArray());
}
use of com.amazonaws.services.secretsmanager.model.DescribeSecretResult in project fernet-java8 by l0s.
the class SecretsManagerTest method verifyDescribeSecretPassesThrough.
@Test
public final void verifyDescribeSecretPassesThrough() {
// given
final DescribeSecretRequest request = new DescribeSecretRequest();
request.setSecretId("secret");
final DescribeSecretResult sampleResult = new DescribeSecretResult();
sampleResult.setRotationEnabled(true);
sampleResult.addVersionIdsToStagesEntry("version", singletonList("AWSPREVIOUS"));
given(delegate.describeSecret(eq(request))).willReturn(sampleResult);
// when
final DescribeSecretResult result = manager.describeSecret("secret");
// then
assertTrue(result.isRotationEnabled());
assertTrue(result.getVersionIdsToStages().get("version").contains("AWSPREVIOUS"));
}
use of com.amazonaws.services.secretsmanager.model.DescribeSecretResult in project fernet-java8 by l0s.
the class SimpleFernetKeyRotatorTest method verifyHandleRequestCreatesKey.
@Test
public void verifyHandleRequestCreatesKey() throws IOException {
// given
final Context context = mock(Context.class);
final String clientRequestToken = "clientRequestToken";
final String secretId = "secretId";
final DescribeSecretResult secretDescription = new DescribeSecretResult();
secretDescription.setRotationEnabled(true);
secretDescription.addVersionIdsToStagesEntry(clientRequestToken, singletonList("AWSPENDING"));
given(secretsManager.describeSecret(secretId)).willReturn(secretDescription);
given(secretsManager.getSecretVersion(secretId, clientRequestToken)).willThrow(new ResourceNotFoundException("no value yet"));
final RotationRequest creationRequest = new RotationRequest();
creationRequest.setClientRequestToken(clientRequestToken);
creationRequest.setSecretId(secretId);
creationRequest.setStep(Step.CREATE_SECRET);
final byte[] creationRequestBytes = mapper.writeValueAsBytes(creationRequest);
// when
try (InputStream input = new ByteArrayInputStream(creationRequestBytes)) {
try (OutputStream output = new ByteArrayOutputStream()) {
rotator.handleRequest(input, output, context);
// then
verify(secretsManager).putSecretValue(eq("secretId"), eq(clientRequestToken), any(Key.class), eq(PENDING));
}
}
}
use of com.amazonaws.services.secretsmanager.model.DescribeSecretResult in project fernet-java8 by l0s.
the class MultiFernetKeyRotatorTest method verifyCreateSecretAddsKeyAndRemovesOldest.
@Test
public final void verifyCreateSecretAddsKeyAndRemovesOldest() throws IOException {
// given
final Key key0 = Key.generateKey(random);
final Key key1 = Key.generateKey(random);
final Key key2 = Key.generateKey(random);
final DescribeSecretResult description = new DescribeSecretResult();
description.setRotationEnabled(true);
description.setVersionIdsToStages(ImmutableMap.of("version", Arrays.asList("AWSPENDING")));
final InputStream input = new StringInputStream("{\"Step\": \"createSecret\",\"ClientRequestToken\": \"version\",\"SecretId\":\"secret\"}");
final ByteArrayOutputStream output = new ByteArrayOutputStream();
final Context context = mock(Context.class);
try (ByteArrayOutputStream stream = new ByteArrayOutputStream()) {
// pending
key0.writeTo(stream);
// primary
key1.writeTo(stream);
// old key
key2.writeTo(stream);
given(secretsManager.getSecretStage("secret", CURRENT)).willReturn(ByteBuffer.wrap(stream.toByteArray()));
given(secretsManager.describeSecret("secret")).willReturn(description);
given(secretsManager.getSecretVersion("secret", "version")).willThrow(new ResourceNotFoundException(""));
// when
rotator.handleRequest(input, output, context);
// then
verify(secretsManager).putSecretValue(eq("secret"), eq("version"), keyCollector.capture(), eq(PENDING));
final Collection<? extends Key> keys = keyCollector.getValue();
assertEquals(3, keys.size());
// new pending key
assertTrue(keys.contains(key0));
// primary key (old pending)
assertTrue(keys.contains(key1));
// old key (old primary)
assertFalse(keys.contains(key2));
new ObjectMapper().readTree(output.toByteArray());
}
}
Aggregations