Encode RDS credential to base64 and decode in SampleApp (#244)

aws-observability · Sep 23, 2024 · 0624656 · 0624656
1 parent c1a7b87
commit 0624656
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 2 deletions.
diff --git a/.github/workflows/java-eks-test.yml b/.github/workflows/java-eks-test.yml
@@ -207,6 +207,11 @@ jobs:
             RDS_MYSQL_CLUSTER_SECRETS, ${{env.RDS_MYSQL_CLUSTER_CREDENTIAL_SECRET_NAME}}
           parse-json-secrets: true
 
+      - name: Convert RDS database credentials to base64
+        continue-on-error: true
+        run: |
+          echo "RDS_MYSQL_CLUSTER_SECRETS_PASSWORD_BASE64=$(echo -n '${{env.RDS_MYSQL_CLUSTER_SECRETS_PASSWORD}}' | base64)" >> $GITHUB_ENV
+
       - name: Initiate Terraform
         uses: ./.github/workflows/actions/execute_and_retry
         with:
@@ -245,7 +250,7 @@ jobs:
               -var="sample_remote_app_image=${{ env.REMOTE_SAMPLE_APP_IMAGE_ARN }}" \
               -var="rds_mysql_cluster_endpoint=${{env.RDS_MYSQL_CLUSTER_ENDPOINT}}" \
               -var="rds_mysql_cluster_username=${{env.RDS_MYSQL_CLUSTER_SECRETS_USERNAME}}" \
-              -var='rds_mysql_cluster_password=${{env.RDS_MYSQL_CLUSTER_SECRETS_PASSWORD}}' \
+              -var='rds_mysql_cluster_password=${{env.RDS_MYSQL_CLUSTER_SECRETS_PASSWORD_BASE64}}' \
               -var='account_id=${{ env.ACCOUNT_ID }}' \
             || deployment_failed=$?          
 

diff --git a/sample-apps/springboot/src/main/java/com/amazon/sampleapp/FrontendServiceController.java b/sample-apps/springboot/src/main/java/com/amazon/sampleapp/FrontendServiceController.java
@@ -29,6 +29,8 @@
 import java.util.concurrent.ScheduledExecutorService;
 import java.util.concurrent.TimeUnit;
 import java.util.concurrent.atomic.AtomicBoolean;
+
+import org.apache.tomcat.util.codec.binary.Base64;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -170,11 +172,13 @@ public String asyncService() {
   @ResponseBody
   public String mysql() {
     logger.info("mysql received");
+    final String rdsMySQLClusterPassword = new String(new Base64().decode(System.getenv("RDS_MYSQL_CLUSTER_PASSWORD").getBytes()));
+
     try {
       Connection connection = DriverManager.getConnection(
               System.getenv().get("RDS_MYSQL_CLUSTER_CONNECTION_URL"),
               System.getenv().get("RDS_MYSQL_CLUSTER_USERNAME"),
-              System.getenv().get("RDS_MYSQL_CLUSTER_PASSWORD"));
+              rdsMySQLClusterPassword);
       Statement statement = connection.createStatement();
       statement.executeQuery("SELECT * FROM tables LIMIT 1;");
     } catch (SQLException e) {