public static void AternativelyCompoundValue_Normalized(ConfigurationKey[] key, NonEmptyString value, NonEmptyString secretId)
{
var alternativelyCompoundKey = string.Join(AlternativeKeyDelimiter, key);
var datum = new Dictionary <string, object>
{
[alternativelyCompoundKey] = value.Get,
};
var response = new GetSecretValueResponse
{
SecretString = JsonConvert.SerializeObject(datum),
};
var client = new Mock <IAmazonSecretsManager>();
_ = client
.Setup(m => m.GetSecretValueAsync(It.IsNotNull <GetSecretValueRequest>(), It.IsAny <CancellationToken>()))
.ReturnsAsync(response);
var configurationSource = new SecretsManagerConfigurationSource(client.Object, secretId.Get, Timeout.InfiniteTimeSpan);
using var sut = new SecretsManagerConfigurationProvider(configurationSource);
sut.Load();
var compoundKey = Combine(key.Select(k => k.Get));
client.Verify(m => m.GetSecretValueAsync(It.Is <GetSecretValueRequest>(r => r.SecretId == secretId.Get), It.IsAny <CancellationToken>()), Times.Once);
Assert.Equal(value.Get, sut.Get(compoundKey));
}
public void Build_can_create_a_IConfigurationProvider_with_options(SecretsManagerConfigurationProviderOptions options, IConfigurationBuilder configurationBuilder)
{
var sut = new SecretsManagerConfigurationSource(options: options);
var provider = sut.Build(configurationBuilder);
Assert.That(provider, Is.Not.Null);
Assert.That(provider, Is.InstanceOf <SecretsManagerConfigurationProvider>());
}
public void Build_can_create_a_IConfigurationProvider_with_credentials(AWSCredentials credentials, IConfigurationBuilder configurationBuilder)
{
var sut = new SecretsManagerConfigurationSource(credentials);
var provider = sut.Build(configurationBuilder);
Assert.That(provider, Is.Not.Null);
Assert.That(provider, Is.InstanceOf <SecretsManagerConfigurationProvider>());
}
public static void NoReload_OK(NonEmptyString secretId)
{
var client = Mock.Of <IAmazonSecretsManager>();
var configurationSource = new SecretsManagerConfigurationSource(client, secretId.Get, Timeout.InfiniteTimeSpan);
using var sut = new SecretsManagerConfigurationProvider(configurationSource);
// note(cosborn) Assertion controlled by the "longRunningTestSeconds" parameter in `xunit.runner.json`.
sut.WaitForReloadToComplete(Timeout.InfiniteTimeSpan);
}
public void Build_uses_given_client_factory_method(IConfigurationBuilder configurationBuilder, SecretsManagerConfigurationProviderOptions options, Func <IAmazonSecretsManager> clientFactory)
{
options.CreateClient = clientFactory;
var sut = new SecretsManagerConfigurationSource(options: options);
var provider = sut.Build(configurationBuilder);
Assert.That(provider, Is.Not.Null);
Mock.Get(clientFactory).Verify(p => p());
}
public void Build_invokes_config_client_method(IConfigurationBuilder configurationBuilder, Action <AmazonSecretsManagerConfig> secretsManagerConfiguration)
{
var options = new SecretsManagerConfigurationProviderOptions
{
ConfigureSecretsManagerConfig = secretsManagerConfiguration
};
var sut = new SecretsManagerConfigurationSource(options: options);
var provider = sut.Build(configurationBuilder);
Mock.Get(secretsManagerConfiguration).Verify(p => p(It.Is <AmazonSecretsManagerConfig>(c => c != null)), Times.Once());
}
/// <summary>
/// Adds an <see cref="IConfigurationProvider"/> that reads configuration values from the AWS Secret Manager.
/// </summary>
/// <param name="configurationBuilder">The <see cref="IConfigurationBuilder"/> to add to.</param>
/// <param name="accessKeyId">AWS Access Key ID</param>
/// <param name="accessKeySecret">AWS Secret Access Key</param>
/// <param name="region"> The system name of the service like "us-west-1". The default value is us-east-2</param>
/// <param name="cacheSize">The maximum number of items the Cache can contain before evicting using LRU. The default value is 1024.</param>
/// <param name="cacheItemTTL">The TTL of a Cache item in milliseconds.The default value is 3600000 ms, or 1 hour</param>
public static IConfigurationBuilder AddSecretsManager(this IConfigurationBuilder configurationBuilder,
string accessKeyId,
string accessKeySecret,
string region = "us-east-2",
ushort cacheSize = 1024,
uint cacheItemTTL = 3600000u)
{
if (!Environment.GetEnvironmentVariable("ASPNETCORE_ENVIRONMENT").Equals("Development", StringComparison.OrdinalIgnoreCase))
{
var source = new SecretsManagerConfigurationSource(accessKeyId, accessKeySecret, region, cacheSize, cacheItemTTL);
configurationBuilder.Add(source);
}
return(configurationBuilder);
}
public void Build_invokes_config_client_method(IConfigurationBuilder configurationBuilder)
{
bool configInvoked = false;
AmazonSecretsManagerConfig usedConfig = null;
var sut = new SecretsManagerConfigurationSource(options: new SecretsManagerConfigurationProviderOptions()
{
ConfigureSecretsManagerConfig = c =>
{
usedConfig = c;
configInvoked = true;
}
});
var provider = sut.Build(configurationBuilder);
Assert.That(configInvoked, Is.True);
Assert.That(usedConfig, Is.Not.Null);
}
public static void DeepValue_Normalized(NonEmptyArray <ConfigurationKey> key, NonEmptyString value, NonEmptyString secretId)
{
var datum = GenerateDatum(key.Get, value.Get);
var response = new GetSecretValueResponse
{
SecretString = JsonConvert.SerializeObject(datum),
};
var client = new Mock <IAmazonSecretsManager>();
_ = client
.Setup(m => m.GetSecretValueAsync(It.IsNotNull <GetSecretValueRequest>(), It.IsAny <CancellationToken>()))
.ReturnsAsync(response);
var configurationSource = new SecretsManagerConfigurationSource(client.Object, secretId.Get, Timeout.InfiniteTimeSpan);
using var sut = new SecretsManagerConfigurationProvider(configurationSource);
sut.Load();
var compoundKey = Combine(key.Get.Select(k => k.Get));
client.Verify(m => m.GetSecretValueAsync(It.Is <GetSecretValueRequest>(r => r.SecretId == secretId.Get), It.IsAny <CancellationToken>()), Times.Once);
Assert.Equal(value.Get, sut.Get(compoundKey));
public static void NoConfiguredSecret_Exception(NonEmptyString message, NonEmptyString secretId)
{
var client = new Mock <IAmazonSecretsManager>();
_ = client
.Setup(m => m.GetSecretValueAsync(It.IsNotNull <GetSecretValueRequest>(), It.IsAny <CancellationToken>()))
.ThrowsAsync(new ResourceNotFoundException(message.Get));
var configurationSource = new SecretsManagerConfigurationSource(client.Object, secretId.Get, Timeout.InfiniteTimeSpan);
using var sut = new SecretsManagerConfigurationProvider(configurationSource);
var actual = Record.Exception(sut.Load);
client.Verify(
m => m.GetSecretValueAsync(
It.Is <GetSecretValueRequest>(r => r.SecretId == secretId.Get),
It.IsAny <CancellationToken>()),
Times.Once);
Assert.NotNull(actual);
var rnfe = Assert.IsAssignableFrom <ResourceNotFoundException>(actual);
Assert.Equal(message.Get, rnfe.Message, Ordinal);
}
public static void PlainValue_Unchanged(ConfigurationKey key, NonEmptyString value, NonEmptyString secretId)
{
var datum = new Dictionary <string, object>
{
[key.Get] = value.Get,
};
var response = new GetSecretValueResponse
{
SecretString = JsonConvert.SerializeObject(datum),
};
var client = new Mock <IAmazonSecretsManager>();
_ = client
.Setup(m => m.GetSecretValueAsync(It.IsNotNull <GetSecretValueRequest>(), It.IsAny <CancellationToken>()))
.ReturnsAsync(response);
var configurationSource = new SecretsManagerConfigurationSource(client.Object, secretId.Get, Timeout.InfiniteTimeSpan);
using var sut = new SecretsManagerConfigurationProvider(configurationSource);
sut.Load();
client.Verify(m => m.GetSecretValueAsync(It.Is <GetSecretValueRequest>(r => r.SecretId == secretId.Get), It.IsAny <CancellationToken>()), Times.Once);
Assert.Equal(value.Get, sut.Get(key.Get));
}
