public void GetSecretBinaryTest()
{
String testSecretName = Setup(TestType.SecretBinary);
cache = new SecretsManagerCache(TestBase.Client);
Assert.Equal(cache.GetSecretBinary(testSecretName).Result, testSecretBinary.ToArray());
}
public void NoSecretStringTest()
{
String testSecretName = Setup(TestType.SecretBinary);
cache = new SecretsManagerCache(TestBase.Client);
Assert.Null(cache.GetSecretString(testSecretName).Result);
}
public void TestBasicCacheEviction()
{
Mock <IAmazonSecretsManager> secretsManager = new Mock <IAmazonSecretsManager>(MockBehavior.Strict);
secretsManager.SetupSequence(i => i.GetSecretValueAsync(It.Is <GetSecretValueRequest>(j => j.SecretId == secretStringResponse1.Name), default(CancellationToken)))
.ReturnsAsync(secretStringResponse1)
.ReturnsAsync(secretStringResponse2)
.ThrowsAsync(new AmazonSecretsManagerException("This should not be called"));
secretsManager.SetupSequence(i => i.GetSecretValueAsync(It.Is <GetSecretValueRequest>(j => j.SecretId == secretStringResponse3.Name), default(CancellationToken)))
.ReturnsAsync(secretStringResponse3)
.ThrowsAsync(new AmazonSecretsManagerException("This should not be called"));
secretsManager.SetupSequence(i => i.DescribeSecretAsync(It.IsAny <DescribeSecretRequest>(), default(CancellationToken)))
.ReturnsAsync(describeSecretResponse1)
.ReturnsAsync(describeSecretResponse1)
.ReturnsAsync(describeSecretResponse2)
.ThrowsAsync(new AmazonSecretsManagerException("This should not be called"));
SecretsManagerCache cache = new SecretsManagerCache(secretsManager.Object, new SecretCacheConfiguration {
MaxCacheSize = 1
});
String first = cache.GetSecretString(secretStringResponse1.Name).Result;
String second = cache.GetSecretString(secretStringResponse3.Name).Result;
String third = cache.GetSecretString(secretStringResponse2.Name).Result;
Assert.NotEqual(first, third);
}
public void BasicSecretCacheTTLRefreshTest()
{
Mock <IAmazonSecretsManager> secretsManager = new Mock <IAmazonSecretsManager>(MockBehavior.Strict);
secretsManager.SetupSequence(i => i.GetSecretValueAsync(It.Is <GetSecretValueRequest>(j => j.SecretId == secretStringResponse1.Name), default(CancellationToken)))
.ReturnsAsync(secretStringResponse1)
.ReturnsAsync(secretStringResponse2)
.ThrowsAsync(new AmazonSecretsManagerException("This should not be called"));
secretsManager.SetupSequence(i => i.DescribeSecretAsync(It.Is <DescribeSecretRequest>(j => j.SecretId == secretStringResponse1.Name), default(CancellationToken)))
.ReturnsAsync(describeSecretResponse1)
.ReturnsAsync(describeSecretResponse2)
.ThrowsAsync(new AmazonSecretsManagerException("This should not be called"));
SecretsManagerCache cache = new SecretsManagerCache(secretsManager.Object, new SecretCacheConfiguration {
CacheItemTTL = 1000
});
String first = cache.GetSecretString(secretStringResponse1.Name).Result;
String second = cache.GetSecretString(secretStringResponse1.Name).Result;
Assert.Equal(first, second);
Thread.Sleep(5000);
String third = cache.GetSecretString(secretStringResponse2.Name).Result;
Assert.NotEqual(second, third);
}
public void GetSecretStringTest()
{
String testSecretName = Setup(TestType.SecretString);
cache = new SecretsManagerCache(TestBase.Client);
Assert.Equal(cache.GetSecretString(testSecretName).Result, testSecretString);
}
public async Task <string> GetSecretAsync()
{
try
{
string secret = "";
if (_secretsManagerCache != null)
{
secret = await _secretsManagerCache.GetSecretString(_tokenSecretName);
}
if (string.IsNullOrEmpty(secret))
{
var request = new GetSecretValueRequest
{
SecretId = _tokenSecretName,
VersionStage = "AWSCURRENT"
};
var response = await _amazonSecretsManager.GetSecretValueAsync(request);
_secretsManagerCache = new SecretsManagerCache(_amazonSecretsManager);
secret = response.SecretString;
}
return(secret);
}
catch (Exception ex)
{
_logger.LogError(ex, ex.Message, _tokenSecretName);
return("");
}
}
public void HookSecretCacheTest()
{
Mock <IAmazonSecretsManager> secretsManager = new Mock <IAmazonSecretsManager>(MockBehavior.Strict);
secretsManager.SetupSequence(i => i.GetSecretValueAsync(It.IsAny <GetSecretValueRequest>(), default(CancellationToken)))
.ReturnsAsync(secretStringResponse1)
.ReturnsAsync(binaryResponse1)
.ThrowsAsync(new AmazonSecretsManagerException("This should not be called"));
secretsManager.SetupSequence(i => i.DescribeSecretAsync(It.IsAny <DescribeSecretRequest>(), default(CancellationToken)))
.ReturnsAsync(describeSecretResponse1)
.ReturnsAsync(describeSecretResponse1)
.ThrowsAsync(new AmazonSecretsManagerException("This should not be called"));
TestHook testHook = new TestHook();
SecretsManagerCache cache = new SecretsManagerCache(secretsManager.Object, new SecretCacheConfiguration {
CacheHook = testHook
});
for (int i = 0; i < 10; i++)
{
Assert.Equal(cache.GetSecretString(secretStringResponse1.Name).Result, secretStringResponse1.SecretString);
}
Assert.Equal(2, testHook.GetCount());
for (int i = 0; i < 10; i++)
{
Assert.Equal(cache.GetSecretBinary(binaryResponse1.Name).Result, binaryResponse1.SecretBinary.ToArray());
}
Assert.Equal(4, testHook.GetCount());
}
public void SecretCacheConstructorTest()
{
Mock <IAmazonSecretsManager> secretsManager = new Mock <IAmazonSecretsManager>(MockBehavior.Strict);
SecretsManagerCache cache1 = new SecretsManagerCache(secretsManager.Object);
SecretsManagerCache cache2 = new SecretsManagerCache(secretsManager.Object, new SecretCacheConfiguration());
Assert.NotNull(cache1);
Assert.NotNull(cache2);
}
public AwsSecretsHandler(AWSCredentials awsCredentials, RegionEndpoint regionEndpoint)
{
if (awsCredentials == null)
{
return;
}
SecretsManager = GetAmazonSecretsManagerClient(awsCredentials, regionEndpoint);
Cache = new SecretsManagerCache(SecretsManager);
}
public void CacheHookTest()
{
String testSecretName = Setup(TestType.SecretString);
TestHook testHook = new TestHook();
cache = new SecretsManagerCache(TestBase.Client, new SecretCacheConfiguration {
CacheHook = testHook
});
String originalSecretString = cache.GetSecretString(testSecretName).Result;
}
public void SecretCacheRefreshTest()
{
String testSecretName = Setup(TestType.SecretString);
cache = new SecretsManagerCache(TestBase.Client);
String originalSecretString = cache.GetSecretString(testSecretName).Result;
TestBase.Client.UpdateSecretAsync(new UpdateSecretRequest {
SecretId = testSecretName, SecretString = System.Guid.NewGuid().ToString()
});
Assert.Equal(originalSecretString, cache.GetSecretString(testSecretName).Result);
Assert.True(cache.RefreshNowAsync(testSecretName).Result);
Assert.NotEqual(originalSecretString, cache.GetSecretString(testSecretName).Result);
}
public void NoSecretBinaryPresentTest()
{
Mock <IAmazonSecretsManager> secretsManager = new Mock <IAmazonSecretsManager>(MockBehavior.Strict);
secretsManager.SetupSequence(i => i.GetSecretValueAsync(It.Is <GetSecretValueRequest>(j => j.SecretId == binaryResponse1.Name), default(CancellationToken)))
.ReturnsAsync(secretStringResponse1)
.ThrowsAsync(new AmazonSecretsManagerException("This should not be called"));
secretsManager.SetupSequence(i => i.DescribeSecretAsync(It.Is <DescribeSecretRequest>(j => j.SecretId == binaryResponse1.Name), default(CancellationToken)))
.ReturnsAsync(describeSecretResponse1)
.ThrowsAsync(new AmazonSecretsManagerException("This should not be called"));
SecretsManagerCache cache = new SecretsManagerCache(secretsManager.Object);
byte[] first = cache.GetSecretBinary(binaryResponse1.Name).Result;
Assert.Null(first);
}
public static async Task <Dictionary <string, string> > GetSqlCredential(this IServiceCollection services, string secretId)
{
var credential = new Dictionary <string, string>();
using (var secretsManager = new AmazonSecretsManagerClient(Amazon.RegionEndpoint.USEast1))
using (var cache = new SecretsManagerCache(secretsManager))
{
var sec = await cache.GetSecretString(secretId);
var jo = Newtonsoft.Json.Linq.JObject.Parse(sec);
credential["username"] = jo["username"].ToObject <string>();
credential["password"] = jo["password"].ToObject <string>();
}
return(credential);
}
public void TestBasicErrorCaching()
{
Mock <IAmazonSecretsManager> secretsManager = new Mock <IAmazonSecretsManager>(MockBehavior.Strict);
secretsManager.SetupSequence(i => i.GetSecretValueAsync(It.Is <GetSecretValueRequest>(j => j.SecretId == secretStringResponse1.Name), default(CancellationToken)))
.ThrowsAsync(new AmazonSecretsManagerException("This should not be called"));
secretsManager.SetupSequence(i => i.DescribeSecretAsync(It.Is <DescribeSecretRequest>(j => j.SecretId == secretStringResponse1.Name), default(CancellationToken)))
.ThrowsAsync(new AmazonServiceException("Expected exception"))
.ThrowsAsync(new AmazonSecretsManagerException("This should not be called"));
SecretsManagerCache cache = new SecretsManagerCache(secretsManager.Object);
for (int i = 0; i < 5; i++)
{
Assert.ThrowsAsync <AmazonServiceException>(async() => await cache.GetSecretString(secretStringResponse1.Name));
}
}
public void RefreshNowFailedTest()
{
Mock <IAmazonSecretsManager> secretsManager = new Mock <IAmazonSecretsManager>(MockBehavior.Strict);
secretsManager.SetupSequence(i => i.GetSecretValueAsync(It.Is <GetSecretValueRequest>(j => j.SecretId == secretStringResponse1.Name), default(CancellationToken)))
.ReturnsAsync(secretStringResponse1)
.ThrowsAsync(new AmazonSecretsManagerException("This should not be called"));
secretsManager.SetupSequence(i => i.DescribeSecretAsync(It.Is <DescribeSecretRequest>(j => j.SecretId == secretStringResponse1.Name), default(CancellationToken)))
.ReturnsAsync(describeSecretResponse1)
.ThrowsAsync(new AmazonServiceException("Caught exception"));
SecretsManagerCache cache = new SecretsManagerCache(secretsManager.Object);
String first = cache.GetSecretString(secretStringResponse1.Name).Result;
bool success = cache.RefreshNowAsync(secretStringResponse1.Name).Result;
String second = cache.GetSecretString(secretStringResponse2.Name).Result;
Assert.False(success);
Assert.Equal(first, second);
}
public void GetSecretStringMultipleTest()
{
Mock <IAmazonSecretsManager> secretsManager = new Mock <IAmazonSecretsManager>(MockBehavior.Strict);
secretsManager.SetupSequence(i => i.GetSecretValueAsync(It.Is <GetSecretValueRequest>(j => j.SecretId == secretStringResponse1.Name), default(CancellationToken)))
.ReturnsAsync(secretStringResponse1)
.ThrowsAsync(new AmazonSecretsManagerException("This should not be called"));
secretsManager.SetupSequence(i => i.DescribeSecretAsync(It.Is <DescribeSecretRequest>(j => j.SecretId == secretStringResponse1.Name), default(CancellationToken)))
.ReturnsAsync(describeSecretResponse2)
.ThrowsAsync(new AmazonSecretsManagerException("This should not be called"));
SecretsManagerCache cache = new SecretsManagerCache(secretsManager.Object);
String first = null;
for (int i = 0; i < 10; i++)
{
first = cache.GetSecretString(secretStringResponse1.Name).Result;
}
Assert.Equal(first, secretStringResponse1.SecretString);
}
public void SecretCacheTTLTest()
{
String testSecretName = Setup(TestType.SecretString);
cache = new SecretsManagerCache(TestBase.Client, new SecretCacheConfiguration {
CacheItemTTL = 1000
});
String originalSecretString = cache.GetSecretString(testSecretName).Result;
TestBase.Client.UpdateSecretAsync(new UpdateSecretRequest {
SecretId = testSecretName, SecretString = System.Guid.NewGuid().ToString()
});
// Even though the secret is updated, the cached version should be retrieved
Assert.Equal(originalSecretString, cache.GetSecretString(testSecretName).Result);
Thread.Sleep(1000);
// Cached secret string should be expired and the updated secret string retrieved
Assert.NotEqual(originalSecretString, cache.GetSecretString(testSecretName).Result);
}
public void BinarySecretRefreshNowTest()
{
Mock <IAmazonSecretsManager> secretsManager = new Mock <IAmazonSecretsManager>(MockBehavior.Strict);
secretsManager.SetupSequence(i => i.GetSecretValueAsync(It.Is <GetSecretValueRequest>(j => j.SecretId == binaryResponse1.Name), default(CancellationToken)))
.ReturnsAsync(binaryResponse1)
.ReturnsAsync(binaryResponse2)
.ThrowsAsync(new AmazonSecretsManagerException("This should not be called"));
secretsManager.SetupSequence(i => i.DescribeSecretAsync(It.Is <DescribeSecretRequest>(j => j.SecretId == binaryResponse1.Name), default(CancellationToken)))
.ReturnsAsync(describeSecretResponse1)
.ReturnsAsync(describeSecretResponse2)
.ThrowsAsync(new AmazonSecretsManagerException("This should not be called"));
SecretsManagerCache cache = new SecretsManagerCache(secretsManager.Object);
byte[] first = cache.GetSecretBinary(binaryResponse1.Name).Result;
bool success = cache.RefreshNowAsync(binaryResponse1.Name).Result;
byte[] second = cache.GetSecretBinary(binaryResponse1.Name).Result;
Assert.True(success);
Assert.NotEqual(first, second);
}
public void ExceptionRetryTest()
{
Mock <IAmazonSecretsManager> secretsManager = new Mock <IAmazonSecretsManager>(MockBehavior.Strict);
secretsManager.SetupSequence(i => i.DescribeSecretAsync(It.IsAny <DescribeSecretRequest>(), default(CancellationToken)))
.ThrowsAsync(new AmazonServiceException("Expected exception 1"))
.ThrowsAsync(new AmazonServiceException("Expected exception 2"))
.ThrowsAsync(new AmazonSecretsManagerException("This should not be called"));
SecretsManagerCache cache = new SecretsManagerCache(secretsManager.Object);
int retryCount = 10;
String result = null;
Exception ex = null;
for (int i = 0; i < retryCount; i++)
{
ex = null;
try
{
result = cache.GetSecretString("").Result;
}
catch (AggregateException exception) { ex = exception.InnerException; }
Assert.Equal("Expected exception 1", ex.Message);
}
// Wait for backoff interval before retrying to verify a retry is performed.
Thread.Sleep(2100);
ex = null;
try
{
result = cache.GetSecretString("").Result;
}
catch (AggregateException exception) { ex = exception.InnerException; }
Assert.Equal("Expected exception 2", ex.Message);
}
public SecretManager(IAmazonSecretsManager amazonSecretsManager)
{
_cache = new SecretsManagerCache(amazonSecretsManager);
}
