Skip to content

Commit

Permalink
[1.14] Cherrypicks Removes check for dummy key in AWS Secrets manager (
Browse files Browse the repository at this point in the history
…#3522)

Signed-off-by: Elena Kolevska <[email protected]>
  • Loading branch information
elena-kolevska authored Aug 30, 2024
1 parent 8eb716e commit 753d09e
Show file tree
Hide file tree
Showing 2 changed files with 1 addition and 43 deletions.
25 changes: 1 addition & 24 deletions secretstores/aws/secretmanager/secretmanager.go
Original file line number Diff line number Diff line change
Expand Up @@ -16,19 +16,16 @@ package secretmanager
import (
"context"
"encoding/json"
"errors"
"fmt"
"reflect"

"github.com/aws/aws-sdk-go/service/secretsmanager"
"github.com/aws/aws-sdk-go/service/secretsmanager/secretsmanageriface"

awsAuth "github.com/dapr/components-contrib/common/authentication/aws"
"github.com/dapr/components-contrib/common/utils"
"github.com/dapr/components-contrib/metadata"
"github.com/dapr/components-contrib/secretstores"
"github.com/dapr/kit/logger"
"github.com/dapr/kit/ptr"
)

const (
Expand Down Expand Up @@ -62,34 +59,14 @@ func (s *smSecretStore) Init(ctx context.Context, metadata secretstores.Metadata
return err
}

// This check is needed because d.client is set to a mock in tests
if s.client == nil {
s.client, err = s.getClient(meta)
if err != nil {
return err
}
}
s.client, err = s.getClient(meta)
if err != nil {
return err
}

var notFoundErr *secretsmanager.ResourceNotFoundException
if err := s.validateConnection(ctx); err != nil && !errors.As(err, &notFoundErr) {
return fmt.Errorf("error validating access to the aws.secretmanager secret store: %w", err)
}
return nil
}

// validateConnection runs a dummy GetSecretValueWithContext operation
// to validate the connection credentials
func (s *smSecretStore) validateConnection(ctx context.Context) error {
_, err := s.client.GetSecretValueWithContext(ctx, &secretsmanager.GetSecretValueInput{
SecretId: ptr.Of(utils.GetRandOrDefaultString("dapr-test-secret")),
})

return err
}

// GetSecret retrieves a secret using a key and returns a map of decrypted string/string values.
func (s *smSecretStore) GetSecret(ctx context.Context, req secretstores.GetSecretRequest) (secretstores.GetSecretResponse, error) {
var versionID *string
Expand Down
19 changes: 0 additions & 19 deletions secretstores/aws/secretmanager/secretmanager_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -43,12 +43,6 @@ func (m *mockedSM) GetSecretValueWithContext(ctx context.Context, input *secrets
func TestInit(t *testing.T) {
m := secretstores.Metadata{}
s := NewSecretManager(logger.NewLogger("test"))
s.(*smSecretStore).client = &mockedSM{
GetSecretValueFn: func(ctx context.Context, input *secretsmanager.GetSecretValueInput, option ...request.Option) (*secretsmanager.GetSecretValueOutput, error) {
// Simulate a non error response
return nil, nil
},
}

t.Run("Init with valid metadata", func(t *testing.T) {
m.Properties = map[string]string{
Expand All @@ -61,19 +55,6 @@ func TestInit(t *testing.T) {
err := s.Init(context.Background(), m)
require.NoError(t, err)
})

t.Run("Init with invalid connection details", func(t *testing.T) {
s.(*smSecretStore).client = &mockedSM{
GetSecretValueFn: func(ctx context.Context, input *secretsmanager.GetSecretValueInput, option ...request.Option) (*secretsmanager.GetSecretValueOutput, error) {
// Simulate a failure that resembles what AWS SM would return
return nil, fmt.Errorf("wrong-credentials")
},
}

err := s.Init(context.Background(), m)
require.Error(t, err)
require.EqualError(t, err, "error validating access to the aws.secretmanager secret store: wrong-credentials")
})
}

func TestGetSecret(t *testing.T) {
Expand Down

0 comments on commit 753d09e

Please sign in to comment.