public override void Invoke(AWSCredentials creds, RegionEndpoint region, int maxItems)
{
AmazonSecretsManagerConfig config = new AmazonSecretsManagerConfig();
config.RegionEndpoint = region;
ConfigureClient(config);
AmazonSecretsManagerClient client = new AmazonSecretsManagerClient(creds, config);
ListSecretsResponse resp = new ListSecretsResponse();
do
{
ListSecretsRequest req = new ListSecretsRequest
{
NextToken = resp.NextToken
,
MaxResults = maxItems
};
resp = client.ListSecrets(req);
CheckError(resp.HttpStatusCode, "200");
foreach (var obj in resp.SecretList)
{
AddObject(obj);
}
}while (!string.IsNullOrEmpty(resp.NextToken));
}
/// <summary>
/// Unmarshaller the response from the service to the response class.
/// </summary>
/// <param name="context"></param>
/// <returns></returns>
public override AmazonWebServiceResponse Unmarshall(JsonUnmarshallerContext context)
{
ListSecretsResponse response = new ListSecretsResponse();
context.Read();
int targetDepth = context.CurrentDepth;
while (context.ReadAtDepth(targetDepth))
{
if (context.TestExpression("NextToken", targetDepth))
{
var unmarshaller = StringUnmarshaller.Instance;
response.NextToken = unmarshaller.Unmarshall(context);
continue;
}
if (context.TestExpression("SecretList", targetDepth))
{
var unmarshaller = new ListUnmarshaller <SecretListEntry, SecretListEntryUnmarshaller>(SecretListEntryUnmarshaller.Instance);
response.SecretList = unmarshaller.Unmarshall(context);
continue;
}
}
return(response);
}
public void Values_in_binary_are_ignored([Frozen] SecretListEntry testEntry, ListSecretsResponse listSecretsResponse, [Frozen] IAmazonSecretsManager secretsManager, SecretsManagerConfigurationProvider sut, IFixture fixture)
{
var getSecretValueResponse = fixture.Build <GetSecretValueResponse>()
.With(p => p.SecretBinary)
.Without(p => p.SecretString)
.Create();
Mock.Get(secretsManager).Setup(p => p.ListSecretsAsync(It.IsAny <ListSecretsRequest>(), It.IsAny <CancellationToken>())).ReturnsAsync(listSecretsResponse);
Mock.Get(secretsManager).Setup(p => p.GetSecretValueAsync(It.IsAny <GetSecretValueRequest>(), It.IsAny <CancellationToken>())).ReturnsAsync(getSecretValueResponse);
sut.Load();
Assert.That(sut.HasKey(testEntry.Name), Is.False);
}
public static ListSecretsResponse Unmarshall(UnmarshallerContext _ctx)
{
ListSecretsResponse listSecretsResponse = new ListSecretsResponse();
listSecretsResponse.HttpResponse = _ctx.HttpResponse;
listSecretsResponse.PageNumber = _ctx.IntegerValue("ListSecrets.PageNumber");
listSecretsResponse.PageSize = _ctx.IntegerValue("ListSecrets.PageSize");
listSecretsResponse.RequestId = _ctx.StringValue("ListSecrets.RequestId");
listSecretsResponse.TotalCount = _ctx.IntegerValue("ListSecrets.TotalCount");
List <ListSecretsResponse.ListSecrets_Secret> listSecretsResponse_secretList = new List <ListSecretsResponse.ListSecrets_Secret>();
for (int i = 0; i < _ctx.Length("ListSecrets.SecretList.Length"); i++)
{
ListSecretsResponse.ListSecrets_Secret secret = new ListSecretsResponse.ListSecrets_Secret();
secret.CreateTime = _ctx.StringValue("ListSecrets.SecretList[" + i + "].CreateTime");
secret.PlannedDeleteTime = _ctx.StringValue("ListSecrets.SecretList[" + i + "].PlannedDeleteTime");
secret.SecretName = _ctx.StringValue("ListSecrets.SecretList[" + i + "].SecretName");
secret.UpdateTime = _ctx.StringValue("ListSecrets.SecretList[" + i + "].UpdateTime");
secret.SecretType = _ctx.StringValue("ListSecrets.SecretList[" + i + "].SecretType");
List <ListSecretsResponse.ListSecrets_Secret.ListSecrets_Tag> secret_tags = new List <ListSecretsResponse.ListSecrets_Secret.ListSecrets_Tag>();
for (int j = 0; j < _ctx.Length("ListSecrets.SecretList[" + i + "].Tags.Length"); j++)
{
ListSecretsResponse.ListSecrets_Secret.ListSecrets_Tag tag = new ListSecretsResponse.ListSecrets_Secret.ListSecrets_Tag();
tag.TagKey = _ctx.StringValue("ListSecrets.SecretList[" + i + "].Tags[" + j + "].TagKey");
tag.TagValue = _ctx.StringValue("ListSecrets.SecretList[" + i + "].Tags[" + j + "].TagValue");
secret_tags.Add(tag);
}
secret.Tags = secret_tags;
listSecretsResponse_secretList.Add(secret);
}
listSecretsResponse.SecretList = listSecretsResponse_secretList;
return(listSecretsResponse);
}
public void Array_Of_Complex_JSON_objects_with_arrays_can_be_handled([Frozen] SecretListEntry testEntry, ListSecretsResponse listSecretsResponse, RootObjectWithArray[] test, [Frozen] IAmazonSecretsManager secretsManager, SecretsManagerConfigurationProvider sut, IFixture fixture)
{
var getSecretValueResponse = fixture.Build <GetSecretValueResponse>()
.With(p => p.SecretString, JsonConvert.SerializeObject(test))
.Without(p => p.SecretBinary)
.Create();
Mock.Get(secretsManager).Setup(p => p.ListSecretsAsync(It.IsAny <ListSecretsRequest>(), It.IsAny <CancellationToken>())).ReturnsAsync(listSecretsResponse);
Mock.Get(secretsManager).Setup(p => p.GetSecretValueAsync(It.IsAny <GetSecretValueRequest>(), It.IsAny <CancellationToken>())).ReturnsAsync(getSecretValueResponse);
sut.Load();
Assert.That(sut.Get(testEntry.Name, "0", nameof(RootObjectWithArray.Properties), "0"), Is.EqualTo(test[0].Properties[0]));
Assert.That(sut.Get(testEntry.Name, "0", nameof(RootObjectWithArray.Mids), "0", nameof(MidLevel.Property)), Is.EqualTo(test[0].Mids[0].Property));
Assert.That(sut.Get(testEntry.Name, "1", nameof(RootObjectWithArray.Properties), "0"), Is.EqualTo(test[1].Properties[0]));
Assert.That(sut.Get(testEntry.Name, "1", nameof(RootObjectWithArray.Mids), "0", nameof(MidLevel.Property)), Is.EqualTo(test[1].Mids[0].Property));
}
public void Simple_values_in_string_can_be_handled([Frozen] SecretListEntry testEntry, ListSecretsResponse listSecretsResponse, GetSecretValueResponse getSecretValueResponse, [Frozen] IAmazonSecretsManager secretsManager, SecretsManagerConfigurationProvider sut, IFixture fixture)
{
Mock.Get(secretsManager).Setup(p => p.ListSecretsAsync(It.IsAny <ListSecretsRequest>(), It.IsAny <CancellationToken>())).ReturnsAsync(listSecretsResponse);
Mock.Get(secretsManager).Setup(p => p.GetSecretValueAsync(It.IsAny <GetSecretValueRequest>(), It.IsAny <CancellationToken>())).ReturnsAsync(getSecretValueResponse);
sut.Load();
Assert.That(sut.Get(testEntry.Name), Is.EqualTo(getSecretValueResponse.SecretString));
}
public async Task Should_reload_when_forceReload_called([Frozen] SecretListEntry testEntry, ListSecretsResponse listSecretsResponse, GetSecretValueResponse getSecretValueInitialResponse, GetSecretValueResponse getSecretValueUpdatedResponse, [Frozen] IAmazonSecretsManager secretsManager, [Frozen] SecretsManagerConfigurationProviderOptions options, SecretsManagerConfigurationProvider sut, IFixture fixture, Action <object> changeCallback, object changeCallbackState)
{
Mock.Get(secretsManager).Setup(p => p.ListSecretsAsync(It.IsAny <ListSecretsRequest>(), It.IsAny <CancellationToken>())).ReturnsAsync(listSecretsResponse);
Mock.Get(secretsManager).SetupSequence(p => p.GetSecretValueAsync(It.IsAny <GetSecretValueRequest>(), It.IsAny <CancellationToken>()))
.ReturnsAsync(getSecretValueInitialResponse)
.ReturnsAsync(getSecretValueUpdatedResponse);
sut.GetReloadToken().RegisterChangeCallback(changeCallback, changeCallbackState);
sut.Load();
Assert.That(sut.Get(testEntry.Name), Is.EqualTo(getSecretValueInitialResponse.SecretString));
await sut.ForceReloadAsync(CancellationToken.None);
Mock.Get(changeCallback).Verify(c => c(changeCallbackState));
Assert.That(sut.Get(testEntry.Name), Is.EqualTo(getSecretValueUpdatedResponse.SecretString));
}
public void Should_poll_and_reload_when_secrets_changed([Frozen] SecretListEntry testEntry, ListSecretsResponse listSecretsResponse, GetSecretValueResponse getSecretValueInitialResponse, GetSecretValueResponse getSecretValueUpdatedResponse, [Frozen] IAmazonSecretsManager secretsManager, [Frozen] SecretsManagerConfigurationProviderOptions options, SecretsManagerConfigurationProvider sut, IFixture fixture, Action <object> changeCallback, object changeCallbackState)
{
Mock.Get(secretsManager).Setup(p => p.ListSecretsAsync(It.IsAny <ListSecretsRequest>(), It.IsAny <CancellationToken>())).ReturnsAsync(listSecretsResponse);
Mock.Get(secretsManager).SetupSequence(p => p.GetSecretValueAsync(It.IsAny <GetSecretValueRequest>(), It.IsAny <CancellationToken>()))
.ReturnsAsync(getSecretValueInitialResponse)
.ReturnsAsync(getSecretValueUpdatedResponse);
options.PollingInterval = TimeSpan.FromMilliseconds(100);
sut.GetReloadToken().RegisterChangeCallback(changeCallback, changeCallbackState);
sut.Load();
Assert.That(sut.Get(testEntry.Name), Is.EqualTo(getSecretValueInitialResponse.SecretString));
Thread.Sleep(200);
Mock.Get(changeCallback).Verify(c => c(changeCallbackState));
Assert.That(sut.Get(testEntry.Name), Is.EqualTo(getSecretValueUpdatedResponse.SecretString));
}
public void Should_throw_on_missing_secret_value([Frozen] SecretListEntry testEntry, ListSecretsResponse listSecretsResponse, [Frozen] IAmazonSecretsManager secretsManager, SecretsManagerConfigurationProvider sut, IFixture fixture)
{
Mock.Get(secretsManager).Setup(p => p.ListSecretsAsync(It.IsAny <ListSecretsRequest>(), It.IsAny <CancellationToken>())).ReturnsAsync(listSecretsResponse);
Mock.Get(secretsManager).Setup(p => p.GetSecretValueAsync(It.IsAny <GetSecretValueRequest>(), It.IsAny <CancellationToken>())).Throws(new ResourceNotFoundException("Oops"));
Assert.That(sut.Load, Throws.TypeOf <MissingSecretValueException>());
}
public void Secrets_can_be_filtered_out_via_options_on_fetching([Frozen] SecretListEntry testEntry, ListSecretsResponse listSecretsResponse, GetSecretValueResponse getSecretValueResponse, [Frozen] IAmazonSecretsManager secretsManager, [Frozen] SecretsManagerConfigurationProviderOptions options, SecretsManagerConfigurationProvider sut, IFixture fixture)
{
options.ListSecretsFilters = new List <Filter> {
new Filter {
Key = FilterNameStringType.Name, Values = new List <string> {
testEntry.Name
}
}
};
Mock.Get(secretsManager).Setup(p => p.ListSecretsAsync(It.Is <ListSecretsRequest>(request => request.Filters == options.ListSecretsFilters), It.IsAny <CancellationToken>())).ReturnsAsync(listSecretsResponse);
sut.Load();
Mock.Get(secretsManager).Verify(p => p.ListSecretsAsync(It.Is <ListSecretsRequest>(request => request.Filters == options.ListSecretsFilters), It.IsAny <CancellationToken>()));
Assert.That(sut.Get(testEntry.Name), Is.Null);
}
public void Keys_can_be_customized_via_options([Frozen] SecretListEntry testEntry, ListSecretsResponse listSecretsResponse, GetSecretValueResponse getSecretValueResponse, string newKey, [Frozen] IAmazonSecretsManager secretsManager, [Frozen] SecretsManagerConfigurationProviderOptions options, SecretsManagerConfigurationProvider sut, IFixture fixture)
{
Mock.Get(secretsManager).Setup(p => p.ListSecretsAsync(It.IsAny <ListSecretsRequest>(), It.IsAny <CancellationToken>())).ReturnsAsync(listSecretsResponse);
Mock.Get(secretsManager).Setup(p => p.GetSecretValueAsync(It.IsAny <GetSecretValueRequest>(), It.IsAny <CancellationToken>())).ReturnsAsync(getSecretValueResponse);
options.KeyGenerator = (entry, key) => newKey;
sut.Load();
Assert.That(sut.Get(testEntry.Name), Is.Null);
Assert.That(sut.Get(newKey), Is.EqualTo(getSecretValueResponse.SecretString));
}
public void Secrets_can_be_listed_explicitly_and_not_searched([Frozen] SecretListEntry testEntry, ListSecretsResponse listSecretsResponse, GetSecretValueResponse getSecretValueResponse, [Frozen] IAmazonSecretsManager secretsManager, [Frozen] SecretsManagerConfigurationProviderOptions options, SecretsManagerConfigurationProvider sut, IFixture fixture)
{
const string secretKey = "KEY";
var firstSecretArn = listSecretsResponse.SecretList.Select(x => x.ARN).First();
Mock.Get(secretsManager).Setup(p => p.GetSecretValueAsync(It.Is <GetSecretValueRequest>(x => x.SecretId.Equals(firstSecretArn)), It.IsAny <CancellationToken>())).ReturnsAsync(getSecretValueResponse);
options.SecretFilter = entry => true;
options.AcceptedSecretArns = new List <string> {
firstSecretArn
};
options.KeyGenerator = (entry, key) => secretKey;
sut.Load();
Mock.Get(secretsManager).Verify(p => p.GetSecretValueAsync(It.Is <GetSecretValueRequest>(x => !x.SecretId.Equals(firstSecretArn)), It.IsAny <CancellationToken>()), Times.Never);
Mock.Get(secretsManager).Verify(p => p.ListSecretsAsync(It.IsAny <ListSecretsRequest>(), It.IsAny <CancellationToken>()), Times.Never);
Assert.That(sut.Get(testEntry.Name), Is.Null);
Assert.That(sut.Get(secretKey), Is.EqualTo(getSecretValueResponse.SecretString));
}
public void Secrets_can_be_filtered_out_via_options([Frozen] SecretListEntry testEntry, ListSecretsResponse listSecretsResponse, [Frozen] IAmazonSecretsManager secretsManager, [Frozen] SecretsManagerConfigurationProviderOptions options, SecretsManagerConfigurationProvider sut, IFixture fixture)
{
Mock.Get(secretsManager).Setup(p => p.ListSecretsAsync(It.IsAny <ListSecretsRequest>(), It.IsAny <CancellationToken>())).ReturnsAsync(listSecretsResponse);
options.SecretFilter = entry => false;
sut.Load();
Mock.Get(secretsManager).Verify(p => p.GetSecretValueAsync(It.IsAny <GetSecretValueRequest>(), It.IsAny <CancellationToken>()), Times.Never);
Assert.That(sut.Get(testEntry.Name), Is.Null);
}
public void JSON_with_leading_spaces_should_be_processed_as_JSON([Frozen] SecretListEntry testEntry, ListSecretsResponse listSecretsResponse, RootObject test, [Frozen] IAmazonSecretsManager secretsManager, SecretsManagerConfigurationProvider sut, IFixture fixture)
{
var secretString = " " + JsonConvert.SerializeObject(test);
var getSecretValueResponse = fixture.Build <GetSecretValueResponse>()
.With(p => p.SecretString, secretString)
.Without(p => p.SecretBinary)
.Create();
Mock.Get(secretsManager).Setup(p => p.ListSecretsAsync(It.IsAny <ListSecretsRequest>(), It.IsAny <CancellationToken>())).ReturnsAsync(listSecretsResponse);
Mock.Get(secretsManager).Setup(p => p.GetSecretValueAsync(It.IsAny <GetSecretValueRequest>(), It.IsAny <CancellationToken>())).ReturnsAsync(getSecretValueResponse);
sut.Load();
Assert.That(sut.Get(testEntry.Name, nameof(RootObject.Property)), Is.EqualTo(test.Property));
Assert.That(sut.Get(testEntry.Name, nameof(RootObject.Mid), nameof(MidLevel.Property)), Is.EqualTo(test.Mid.Property));
Assert.That(sut.Get(testEntry.Name, nameof(RootObject.Mid), nameof(MidLevel.Leaf), nameof(Leaf.Property)), Is.EqualTo(test.Mid.Leaf.Property));
}
public void Incorrect_json_should_be_processed_as_string(string content, [Frozen] SecretListEntry testEntry, ListSecretsResponse listSecretsResponse, GetSecretValueResponse getSecretValueResponse, [Frozen] IAmazonSecretsManager secretsManager, SecretsManagerConfigurationProvider sut)
{
getSecretValueResponse.SecretString = content;
Mock.Get(secretsManager).Setup(p => p.ListSecretsAsync(It.IsAny <ListSecretsRequest>(), It.IsAny <CancellationToken>())).ReturnsAsync(listSecretsResponse);
Mock.Get(secretsManager).Setup(p => p.GetSecretValueAsync(It.IsAny <GetSecretValueRequest>(), It.IsAny <CancellationToken>())).ReturnsAsync(getSecretValueResponse);
sut.Load();
Assert.That(sut.Get(testEntry.Name), Is.EqualTo(getSecretValueResponse.SecretString));
}
public void Keys_should_be_case_insensitive([Frozen] SecretListEntry testEntry, ListSecretsResponse listSecretsResponse, GetSecretValueResponse getSecretValueResponse, [Frozen] IAmazonSecretsManager secretsManager, SecretsManagerConfigurationProvider sut, IFixture fixture)
{
Mock.Get(secretsManager).Setup(p => p.ListSecretsAsync(It.IsAny <ListSecretsRequest>(), It.IsAny <CancellationToken>())).ReturnsAsync(listSecretsResponse);
Mock.Get(secretsManager).Setup(p => p.GetSecretValueAsync(It.IsAny <GetSecretValueRequest>(), It.IsAny <CancellationToken>())).ReturnsAsync(getSecretValueResponse);
sut.Load();
Assert.That(sut.Get(testEntry.Name.ToLower()), Is.EqualTo(getSecretValueResponse.SecretString));
Assert.That(sut.Get(testEntry.Name.ToUpper()), Is.EqualTo(getSecretValueResponse.SecretString));
}
public void Secrets_listed_explicitly_and_saved_to_configuration_with_their_names_as_keys([Frozen] SecretListEntry testEntry, ListSecretsResponse listSecretsResponse, GetSecretValueResponse getSecretValueResponse, [Frozen] IAmazonSecretsManager secretsManager, [Frozen] SecretsManagerConfigurationProviderOptions options, SecretsManagerConfigurationProvider sut, IFixture fixture)
{
Mock.Get(secretsManager).Setup(p => p.GetSecretValueAsync(It.Is <GetSecretValueRequest>(x => x.SecretId.Equals(getSecretValueResponse.ARN)), It.IsAny <CancellationToken>())).ReturnsAsync(getSecretValueResponse);
options.AcceptedSecretArns = new List <string> {
getSecretValueResponse.ARN
};
Assert.DoesNotThrow(sut.Load);
Mock.Get(secretsManager).Verify(p => p.GetSecretValueAsync(It.Is <GetSecretValueRequest>(x => !x.SecretId.Equals(getSecretValueResponse.ARN)), It.IsAny <CancellationToken>()), Times.Never);
Assert.That(sut.Get(getSecretValueResponse.Name), Is.EqualTo(getSecretValueResponse.SecretString));
}
