Search in sources :

Example 21 with GetSecretValueResult

use of com.amazonaws.services.secretsmanager.model.GetSecretValueResult in project cerberus by Nike-Inc.

the class SecretsManagerSecretEngine method decrypt.

@Override
public byte[] decrypt(EncryptedSecret encryptedSecret) {
    String secretName = encryptedSecret.getParams().get(SECRET_NAME);
    String secretRegion = encryptedSecret.getParams().get(SECRET_REGION);
    String secretKey = encryptedSecret.getParams().get(SECRET_KEY);
    AWSSecretsManager client = AWSSecretsManagerClientBuilder.standard().withRegion(secretRegion).build();
    byte[] binarySecret = null;
    GetSecretValueRequest getSecretValueRequest = new GetSecretValueRequest().withSecretId(secretName);
    GetSecretValueResult getSecretValueResult = null;
    try {
        getSecretValueResult = client.getSecretValue(getSecretValueRequest);
    } catch (Exception e) {
        log.error("An error occurred when trying to use AWS Secrets Manager to fetch: [secretName: {}, secretRegion: {}, secretKey: {}]", secretName, secretRegion, secretKey, e);
        throw new RuntimeException("Failed to fetch secret from AWS Secrets Manager", e);
    }
    if (getSecretValueResult.getSecretString() != null) {
        String secret = getSecretValueResult.getSecretString();
        Gson gson = new Gson();
        Type type = new TypeToken<Map<String, String>>() {
        }.getType();
        Map<String, String> myMap = gson.fromJson(secret, type);
        binarySecret = myMap.get(secretKey).getBytes(StandardCharsets.UTF_8);
    } else {
        binarySecret = getSecretValueResult.getSecretBinary().array();
    }
    return binarySecret;
}
Also used : Type(java.lang.reflect.Type) GetSecretValueResult(com.amazonaws.services.secretsmanager.model.GetSecretValueResult) AWSSecretsManager(com.amazonaws.services.secretsmanager.AWSSecretsManager) Gson(com.google.gson.Gson) GetSecretValueRequest(com.amazonaws.services.secretsmanager.model.GetSecretValueRequest) HashMap(java.util.HashMap) Map(java.util.Map) InvalidSecretFormatException(com.netflix.spinnaker.kork.secrets.InvalidSecretFormatException)

Example 22 with GetSecretValueResult

use of com.amazonaws.services.secretsmanager.model.GetSecretValueResult in project spring-cloud-aws by awspring.

the class AwsSecretsManagerPropertySource method readSecretValue.

private void readSecretValue(GetSecretValueRequest secretValueRequest) {
    try {
        GetSecretValueResult secretValueResult = source.getSecretValue(secretValueRequest);
        Map<String, Object> secretMap = jsonMapper.readValue(secretValueResult.getSecretString(), new TypeReference<Map<String, Object>>() {
        });
        for (Map.Entry<String, Object> secretEntry : secretMap.entrySet()) {
            LOG.debug("Populating property retrieved from AWS Secrets Manager: " + secretEntry.getKey());
            properties.put(secretEntry.getKey(), secretEntry.getValue());
        }
    } catch (JsonProcessingException e) {
        throw new RuntimeException(e);
    }
}
Also used : GetSecretValueResult(com.amazonaws.services.secretsmanager.model.GetSecretValueResult) LinkedHashMap(java.util.LinkedHashMap) Map(java.util.Map) JsonProcessingException(com.fasterxml.jackson.core.JsonProcessingException)

Example 23 with GetSecretValueResult

use of com.amazonaws.services.secretsmanager.model.GetSecretValueResult in project spring-cloud-aws by awspring.

the class AwsSecretsManagerPropertySourceLocatorTest method contextSpecificOrderExpected.

@Test
void contextSpecificOrderExpected() {
    AwsSecretsManagerProperties properties = new AwsSecretsManagerPropertiesBuilder().withDefaultContext("application").withName("messaging-service").build();
    GetSecretValueResult secretValueResult = new GetSecretValueResult();
    secretValueResult.setSecretString("{\"key1\": \"value1\", \"key2\": \"value2\"}");
    when(smClient.getSecretValue(any(GetSecretValueRequest.class))).thenReturn(secretValueResult);
    AwsSecretsManagerPropertySourceLocator locator = new AwsSecretsManagerPropertySourceLocator(smClient, properties);
    env.setActiveProfiles("test");
    locator.locate(env);
    List<String> contextToBeTested = new ArrayList<>(locator.getContexts());
    assertThat(contextToBeTested.get(0)).isEqualTo("/secret/messaging-service_test");
    assertThat(contextToBeTested.get(1)).isEqualTo("/secret/messaging-service");
    assertThat(contextToBeTested.get(2)).isEqualTo("/secret/application_test");
    assertThat(contextToBeTested.get(3)).isEqualTo("/secret/application");
}
Also used : GetSecretValueResult(com.amazonaws.services.secretsmanager.model.GetSecretValueResult) ArrayList(java.util.ArrayList) GetSecretValueRequest(com.amazonaws.services.secretsmanager.model.GetSecretValueRequest) Test(org.junit.jupiter.api.Test)

Example 24 with GetSecretValueResult

use of com.amazonaws.services.secretsmanager.model.GetSecretValueResult in project spring-cloud-aws by awspring.

the class AwsSecretsManagerPropertySourceLocatorTest method locate_nameSpecifiedInConstructor_returnsPropertySourceWithSpecifiedName.

@Test
void locate_nameSpecifiedInConstructor_returnsPropertySourceWithSpecifiedName() {
    GetSecretValueResult secretValueResult = new GetSecretValueResult();
    secretValueResult.setSecretString("{\"key1\": \"value1\", \"key2\": \"value2\"}");
    when(smClient.getSecretValue(any(GetSecretValueRequest.class))).thenReturn(secretValueResult);
    AwsSecretsManagerProperties properties = new AwsSecretsManagerProperties();
    AwsSecretsManagerPropertySourceLocator locator = new AwsSecretsManagerPropertySourceLocator("my-name", smClient, properties);
    PropertySource propertySource = locator.locate(env);
    assertThat(propertySource.getName()).isEqualTo("my-name");
}
Also used : GetSecretValueResult(com.amazonaws.services.secretsmanager.model.GetSecretValueResult) GetSecretValueRequest(com.amazonaws.services.secretsmanager.model.GetSecretValueRequest) PropertySource(org.springframework.core.env.PropertySource) CompositePropertySource(org.springframework.core.env.CompositePropertySource) Test(org.junit.jupiter.api.Test)

Example 25 with GetSecretValueResult

use of com.amazonaws.services.secretsmanager.model.GetSecretValueResult in project spring-cloud-aws by awspring.

the class AwsSecretsManagerPropertySourceLocatorTest method contextExpectedToHave4Elements.

@Test
void contextExpectedToHave4Elements() {
    AwsSecretsManagerProperties properties = new AwsSecretsManagerPropertiesBuilder().withDefaultContext("application").withName("messaging-service").build();
    GetSecretValueResult secretValueResult = new GetSecretValueResult();
    secretValueResult.setSecretString("{\"key1\": \"value1\", \"key2\": \"value2\"}");
    when(smClient.getSecretValue(any(GetSecretValueRequest.class))).thenReturn(secretValueResult);
    AwsSecretsManagerPropertySourceLocator locator = new AwsSecretsManagerPropertySourceLocator(smClient, properties);
    env.setActiveProfiles("test");
    locator.locate(env);
    assertThat(locator.getContexts()).hasSize(4);
}
Also used : GetSecretValueResult(com.amazonaws.services.secretsmanager.model.GetSecretValueResult) GetSecretValueRequest(com.amazonaws.services.secretsmanager.model.GetSecretValueRequest) Test(org.junit.jupiter.api.Test)

Aggregations

GetSecretValueResult (com.amazonaws.services.secretsmanager.model.GetSecretValueResult)60 GetSecretValueRequest (com.amazonaws.services.secretsmanager.model.GetSecretValueRequest)51 AWSSecretsManager (com.amazonaws.services.secretsmanager.AWSSecretsManager)25 Before (org.junit.Before)21 JdbcConnectionFactory (com.amazonaws.athena.connectors.jdbc.connection.JdbcConnectionFactory)18 JdbcCredentialProvider (com.amazonaws.athena.connectors.jdbc.connection.JdbcCredentialProvider)18 AmazonAthena (com.amazonaws.services.athena.AmazonAthena)17 FederatedIdentity (com.amazonaws.athena.connector.lambda.security.FederatedIdentity)16 Connection (java.sql.Connection)13 Test (org.junit.jupiter.api.Test)10 Test (org.junit.Test)8 AmazonS3 (com.amazonaws.services.s3.AmazonS3)6 DatabaseConnectionConfig (com.amazonaws.athena.connectors.jdbc.connection.DatabaseConnectionConfig)5 InvocationOnMock (org.mockito.invocation.InvocationOnMock)5 Map (java.util.Map)4 ParameterizedTest (org.junit.jupiter.params.ParameterizedTest)4 QueryStatusChecker (com.amazonaws.athena.connector.lambda.QueryStatusChecker)3 JsonProcessingException (com.fasterxml.jackson.core.JsonProcessingException)3 ObjectMapper (com.fasterxml.jackson.databind.ObjectMapper)3 IOException (java.io.IOException)3