public void GetSecretBinaryTest() { String testSecretName = Setup(TestType.SecretBinary); cache = new SecretsManagerCache(TestBase.Client); Assert.Equal(cache.GetSecretBinary(testSecretName).Result, testSecretBinary.ToArray()); }
public void NoSecretStringTest() { String testSecretName = Setup(TestType.SecretBinary); cache = new SecretsManagerCache(TestBase.Client); Assert.Null(cache.GetSecretString(testSecretName).Result); }
public void TestBasicCacheEviction() { Mock <IAmazonSecretsManager> secretsManager = new Mock <IAmazonSecretsManager>(MockBehavior.Strict); secretsManager.SetupSequence(i => i.GetSecretValueAsync(It.Is <GetSecretValueRequest>(j => j.SecretId == secretStringResponse1.Name), default(CancellationToken))) .ReturnsAsync(secretStringResponse1) .ReturnsAsync(secretStringResponse2) .ThrowsAsync(new AmazonSecretsManagerException("This should not be called")); secretsManager.SetupSequence(i => i.GetSecretValueAsync(It.Is <GetSecretValueRequest>(j => j.SecretId == secretStringResponse3.Name), default(CancellationToken))) .ReturnsAsync(secretStringResponse3) .ThrowsAsync(new AmazonSecretsManagerException("This should not be called")); secretsManager.SetupSequence(i => i.DescribeSecretAsync(It.IsAny <DescribeSecretRequest>(), default(CancellationToken))) .ReturnsAsync(describeSecretResponse1) .ReturnsAsync(describeSecretResponse1) .ReturnsAsync(describeSecretResponse2) .ThrowsAsync(new AmazonSecretsManagerException("This should not be called")); SecretsManagerCache cache = new SecretsManagerCache(secretsManager.Object, new SecretCacheConfiguration { MaxCacheSize = 1 }); String first = cache.GetSecretString(secretStringResponse1.Name).Result; String second = cache.GetSecretString(secretStringResponse3.Name).Result; String third = cache.GetSecretString(secretStringResponse2.Name).Result; Assert.NotEqual(first, third); }
public void BasicSecretCacheTTLRefreshTest() { Mock <IAmazonSecretsManager> secretsManager = new Mock <IAmazonSecretsManager>(MockBehavior.Strict); secretsManager.SetupSequence(i => i.GetSecretValueAsync(It.Is <GetSecretValueRequest>(j => j.SecretId == secretStringResponse1.Name), default(CancellationToken))) .ReturnsAsync(secretStringResponse1) .ReturnsAsync(secretStringResponse2) .ThrowsAsync(new AmazonSecretsManagerException("This should not be called")); secretsManager.SetupSequence(i => i.DescribeSecretAsync(It.Is <DescribeSecretRequest>(j => j.SecretId == secretStringResponse1.Name), default(CancellationToken))) .ReturnsAsync(describeSecretResponse1) .ReturnsAsync(describeSecretResponse2) .ThrowsAsync(new AmazonSecretsManagerException("This should not be called")); SecretsManagerCache cache = new SecretsManagerCache(secretsManager.Object, new SecretCacheConfiguration { CacheItemTTL = 1000 }); String first = cache.GetSecretString(secretStringResponse1.Name).Result; String second = cache.GetSecretString(secretStringResponse1.Name).Result; Assert.Equal(first, second); Thread.Sleep(5000); String third = cache.GetSecretString(secretStringResponse2.Name).Result; Assert.NotEqual(second, third); }
public void GetSecretStringTest() { String testSecretName = Setup(TestType.SecretString); cache = new SecretsManagerCache(TestBase.Client); Assert.Equal(cache.GetSecretString(testSecretName).Result, testSecretString); }
public async Task <string> GetSecretAsync() { try { string secret = ""; if (_secretsManagerCache != null) { secret = await _secretsManagerCache.GetSecretString(_tokenSecretName); } if (string.IsNullOrEmpty(secret)) { var request = new GetSecretValueRequest { SecretId = _tokenSecretName, VersionStage = "AWSCURRENT" }; var response = await _amazonSecretsManager.GetSecretValueAsync(request); _secretsManagerCache = new SecretsManagerCache(_amazonSecretsManager); secret = response.SecretString; } return(secret); } catch (Exception ex) { _logger.LogError(ex, ex.Message, _tokenSecretName); return(""); } }
public void HookSecretCacheTest() { Mock <IAmazonSecretsManager> secretsManager = new Mock <IAmazonSecretsManager>(MockBehavior.Strict); secretsManager.SetupSequence(i => i.GetSecretValueAsync(It.IsAny <GetSecretValueRequest>(), default(CancellationToken))) .ReturnsAsync(secretStringResponse1) .ReturnsAsync(binaryResponse1) .ThrowsAsync(new AmazonSecretsManagerException("This should not be called")); secretsManager.SetupSequence(i => i.DescribeSecretAsync(It.IsAny <DescribeSecretRequest>(), default(CancellationToken))) .ReturnsAsync(describeSecretResponse1) .ReturnsAsync(describeSecretResponse1) .ThrowsAsync(new AmazonSecretsManagerException("This should not be called")); TestHook testHook = new TestHook(); SecretsManagerCache cache = new SecretsManagerCache(secretsManager.Object, new SecretCacheConfiguration { CacheHook = testHook }); for (int i = 0; i < 10; i++) { Assert.Equal(cache.GetSecretString(secretStringResponse1.Name).Result, secretStringResponse1.SecretString); } Assert.Equal(2, testHook.GetCount()); for (int i = 0; i < 10; i++) { Assert.Equal(cache.GetSecretBinary(binaryResponse1.Name).Result, binaryResponse1.SecretBinary.ToArray()); } Assert.Equal(4, testHook.GetCount()); }
public void SecretCacheConstructorTest() { Mock <IAmazonSecretsManager> secretsManager = new Mock <IAmazonSecretsManager>(MockBehavior.Strict); SecretsManagerCache cache1 = new SecretsManagerCache(secretsManager.Object); SecretsManagerCache cache2 = new SecretsManagerCache(secretsManager.Object, new SecretCacheConfiguration()); Assert.NotNull(cache1); Assert.NotNull(cache2); }
public AwsSecretsHandler(AWSCredentials awsCredentials, RegionEndpoint regionEndpoint) { if (awsCredentials == null) { return; } SecretsManager = GetAmazonSecretsManagerClient(awsCredentials, regionEndpoint); Cache = new SecretsManagerCache(SecretsManager); }
public void CacheHookTest() { String testSecretName = Setup(TestType.SecretString); TestHook testHook = new TestHook(); cache = new SecretsManagerCache(TestBase.Client, new SecretCacheConfiguration { CacheHook = testHook }); String originalSecretString = cache.GetSecretString(testSecretName).Result; }
public void SecretCacheRefreshTest() { String testSecretName = Setup(TestType.SecretString); cache = new SecretsManagerCache(TestBase.Client); String originalSecretString = cache.GetSecretString(testSecretName).Result; TestBase.Client.UpdateSecretAsync(new UpdateSecretRequest { SecretId = testSecretName, SecretString = System.Guid.NewGuid().ToString() }); Assert.Equal(originalSecretString, cache.GetSecretString(testSecretName).Result); Assert.True(cache.RefreshNowAsync(testSecretName).Result); Assert.NotEqual(originalSecretString, cache.GetSecretString(testSecretName).Result); }
public void NoSecretBinaryPresentTest() { Mock <IAmazonSecretsManager> secretsManager = new Mock <IAmazonSecretsManager>(MockBehavior.Strict); secretsManager.SetupSequence(i => i.GetSecretValueAsync(It.Is <GetSecretValueRequest>(j => j.SecretId == binaryResponse1.Name), default(CancellationToken))) .ReturnsAsync(secretStringResponse1) .ThrowsAsync(new AmazonSecretsManagerException("This should not be called")); secretsManager.SetupSequence(i => i.DescribeSecretAsync(It.Is <DescribeSecretRequest>(j => j.SecretId == binaryResponse1.Name), default(CancellationToken))) .ReturnsAsync(describeSecretResponse1) .ThrowsAsync(new AmazonSecretsManagerException("This should not be called")); SecretsManagerCache cache = new SecretsManagerCache(secretsManager.Object); byte[] first = cache.GetSecretBinary(binaryResponse1.Name).Result; Assert.Null(first); }
public static async Task <Dictionary <string, string> > GetSqlCredential(this IServiceCollection services, string secretId) { var credential = new Dictionary <string, string>(); using (var secretsManager = new AmazonSecretsManagerClient(Amazon.RegionEndpoint.USEast1)) using (var cache = new SecretsManagerCache(secretsManager)) { var sec = await cache.GetSecretString(secretId); var jo = Newtonsoft.Json.Linq.JObject.Parse(sec); credential["username"] = jo["username"].ToObject <string>(); credential["password"] = jo["password"].ToObject <string>(); } return(credential); }
public void TestBasicErrorCaching() { Mock <IAmazonSecretsManager> secretsManager = new Mock <IAmazonSecretsManager>(MockBehavior.Strict); secretsManager.SetupSequence(i => i.GetSecretValueAsync(It.Is <GetSecretValueRequest>(j => j.SecretId == secretStringResponse1.Name), default(CancellationToken))) .ThrowsAsync(new AmazonSecretsManagerException("This should not be called")); secretsManager.SetupSequence(i => i.DescribeSecretAsync(It.Is <DescribeSecretRequest>(j => j.SecretId == secretStringResponse1.Name), default(CancellationToken))) .ThrowsAsync(new AmazonServiceException("Expected exception")) .ThrowsAsync(new AmazonSecretsManagerException("This should not be called")); SecretsManagerCache cache = new SecretsManagerCache(secretsManager.Object); for (int i = 0; i < 5; i++) { Assert.ThrowsAsync <AmazonServiceException>(async() => await cache.GetSecretString(secretStringResponse1.Name)); } }
public void RefreshNowFailedTest() { Mock <IAmazonSecretsManager> secretsManager = new Mock <IAmazonSecretsManager>(MockBehavior.Strict); secretsManager.SetupSequence(i => i.GetSecretValueAsync(It.Is <GetSecretValueRequest>(j => j.SecretId == secretStringResponse1.Name), default(CancellationToken))) .ReturnsAsync(secretStringResponse1) .ThrowsAsync(new AmazonSecretsManagerException("This should not be called")); secretsManager.SetupSequence(i => i.DescribeSecretAsync(It.Is <DescribeSecretRequest>(j => j.SecretId == secretStringResponse1.Name), default(CancellationToken))) .ReturnsAsync(describeSecretResponse1) .ThrowsAsync(new AmazonServiceException("Caught exception")); SecretsManagerCache cache = new SecretsManagerCache(secretsManager.Object); String first = cache.GetSecretString(secretStringResponse1.Name).Result; bool success = cache.RefreshNowAsync(secretStringResponse1.Name).Result; String second = cache.GetSecretString(secretStringResponse2.Name).Result; Assert.False(success); Assert.Equal(first, second); }
public void GetSecretStringMultipleTest() { Mock <IAmazonSecretsManager> secretsManager = new Mock <IAmazonSecretsManager>(MockBehavior.Strict); secretsManager.SetupSequence(i => i.GetSecretValueAsync(It.Is <GetSecretValueRequest>(j => j.SecretId == secretStringResponse1.Name), default(CancellationToken))) .ReturnsAsync(secretStringResponse1) .ThrowsAsync(new AmazonSecretsManagerException("This should not be called")); secretsManager.SetupSequence(i => i.DescribeSecretAsync(It.Is <DescribeSecretRequest>(j => j.SecretId == secretStringResponse1.Name), default(CancellationToken))) .ReturnsAsync(describeSecretResponse2) .ThrowsAsync(new AmazonSecretsManagerException("This should not be called")); SecretsManagerCache cache = new SecretsManagerCache(secretsManager.Object); String first = null; for (int i = 0; i < 10; i++) { first = cache.GetSecretString(secretStringResponse1.Name).Result; } Assert.Equal(first, secretStringResponse1.SecretString); }
public void SecretCacheTTLTest() { String testSecretName = Setup(TestType.SecretString); cache = new SecretsManagerCache(TestBase.Client, new SecretCacheConfiguration { CacheItemTTL = 1000 }); String originalSecretString = cache.GetSecretString(testSecretName).Result; TestBase.Client.UpdateSecretAsync(new UpdateSecretRequest { SecretId = testSecretName, SecretString = System.Guid.NewGuid().ToString() }); // Even though the secret is updated, the cached version should be retrieved Assert.Equal(originalSecretString, cache.GetSecretString(testSecretName).Result); Thread.Sleep(1000); // Cached secret string should be expired and the updated secret string retrieved Assert.NotEqual(originalSecretString, cache.GetSecretString(testSecretName).Result); }
public void BinarySecretRefreshNowTest() { Mock <IAmazonSecretsManager> secretsManager = new Mock <IAmazonSecretsManager>(MockBehavior.Strict); secretsManager.SetupSequence(i => i.GetSecretValueAsync(It.Is <GetSecretValueRequest>(j => j.SecretId == binaryResponse1.Name), default(CancellationToken))) .ReturnsAsync(binaryResponse1) .ReturnsAsync(binaryResponse2) .ThrowsAsync(new AmazonSecretsManagerException("This should not be called")); secretsManager.SetupSequence(i => i.DescribeSecretAsync(It.Is <DescribeSecretRequest>(j => j.SecretId == binaryResponse1.Name), default(CancellationToken))) .ReturnsAsync(describeSecretResponse1) .ReturnsAsync(describeSecretResponse2) .ThrowsAsync(new AmazonSecretsManagerException("This should not be called")); SecretsManagerCache cache = new SecretsManagerCache(secretsManager.Object); byte[] first = cache.GetSecretBinary(binaryResponse1.Name).Result; bool success = cache.RefreshNowAsync(binaryResponse1.Name).Result; byte[] second = cache.GetSecretBinary(binaryResponse1.Name).Result; Assert.True(success); Assert.NotEqual(first, second); }
public void ExceptionRetryTest() { Mock <IAmazonSecretsManager> secretsManager = new Mock <IAmazonSecretsManager>(MockBehavior.Strict); secretsManager.SetupSequence(i => i.DescribeSecretAsync(It.IsAny <DescribeSecretRequest>(), default(CancellationToken))) .ThrowsAsync(new AmazonServiceException("Expected exception 1")) .ThrowsAsync(new AmazonServiceException("Expected exception 2")) .ThrowsAsync(new AmazonSecretsManagerException("This should not be called")); SecretsManagerCache cache = new SecretsManagerCache(secretsManager.Object); int retryCount = 10; String result = null; Exception ex = null; for (int i = 0; i < retryCount; i++) { ex = null; try { result = cache.GetSecretString("").Result; } catch (AggregateException exception) { ex = exception.InnerException; } Assert.Equal("Expected exception 1", ex.Message); } // Wait for backoff interval before retrying to verify a retry is performed. Thread.Sleep(2100); ex = null; try { result = cache.GetSecretString("").Result; } catch (AggregateException exception) { ex = exception.InnerException; } Assert.Equal("Expected exception 2", ex.Message); }
public SecretManager(IAmazonSecretsManager amazonSecretsManager) { _cache = new SecretsManagerCache(amazonSecretsManager); }