AwsSecretResolver.java

package gov.usgs.earthquake.aws;

import software.amazon.awssdk.regions.Region;
import software.amazon.awssdk.services.secretsmanager.SecretsManagerClient;
import software.amazon.awssdk.services.secretsmanager.model.GetSecretValueRequest;
import software.amazon.awssdk.services.secretsmanager.model.GetSecretValueResponse;

import java.util.logging.Logger;
import java.util.Objects;

import gov.usgs.earthquake.distribution.ConfigurationException;
import gov.usgs.util.Config;
import gov.usgs.util.DefaultConfigurable;

/**
 * Implementation of a SecretResolver for AWS Secrets Manager
 */
public class AwsSecretResolver extends DefaultConfigurable implements SecretResolver {

  /** Logger to use for this class */
  public static final Logger LOGGER = Logger.getLogger(AwsSecretResolver.class.getName());
  /** AWS Region to use to get secret */
  public static final String REGION_PROPERTY = "region";

  /** SecretManagerClient to use to make requests */
  private SecretsManagerClient secretsManagerClient;

  /**
   * Configure class with a config object with the desired configuration
   * 
   * @param config configuration to configure this object with
   * @throws ConfigurationException if required fields aren't given
   */
  @Override
  public void configure(Config config) throws ConfigurationException {
    final String region = config.getProperty(REGION_PROPERTY);
    if (Objects.isNull(region)) {
      throw new ConfigurationException(
          "[" + getName() + "] " + REGION_PROPERTY + " is required");
    }
    LOGGER.config(() -> String.format("[%s] region=%s", getName(), region));

    this.secretsManagerClient = SecretsManagerClient.builder()
        .region(Region.of(region))
        .build();
  }

  /**
   * Retrieve the String representation of a secret
   * 
   * @param secretName to retrieve
   * @return String value of the retrieved secret
   */
  public String getPlaintextSecret(String secretName) {
    LOGGER.fine(() -> String.format("[%s] Retrieving secretId=", getName(), secretName));
    GetSecretValueRequest valueRequest = GetSecretValueRequest.builder()
        .secretId(secretName)
        .build();

    GetSecretValueResponse valueResponse = this.secretsManagerClient.getSecretValue(valueRequest);

    return valueResponse.secretString();
  }

  /**
   * Get the SecretsManagerClient being used
   * 
   * @return SecretsManagerClient
   */
  public SecretsManagerClient getSecretsManagerClient() {
    return this.secretsManagerClient;
  }

  /**
   * Set the client to be used for retrieving secrets
   * 
   * @param secretsManagerClient a new instance of SecretsManagerClient to use
   */
  public void setSecretsManagerClient(SecretsManagerClient secretsManagerClient) {
    this.secretsManagerClient = secretsManagerClient;
  }
}
Created with JaCoCo 0.8.8.202204050719