public void Keys_can_be_customized_via_options(SecretListEntry testEntry, string newKey)
{
var secretListResponse = fixture.Build <ListSecretsResponse>()
.With(p => p.SecretList, new List <SecretListEntry> {
testEntry
})
.With(p => p.NextToken, null)
.Create();
var getSecretValueResponse = fixture.Build <GetSecretValueResponse>()
.With(p => p.SecretString)
.Without(p => p.SecretBinary)
.Create();
mockSecretsManager.Setup(p => p.ListSecretsAsync(It.IsAny <ListSecretsRequest>(), It.IsAny <CancellationToken>())).ReturnsAsync(secretListResponse);
mockSecretsManager.Setup(p => p.GetSecretValueAsync(It.IsAny <GetSecretValueRequest>(), It.IsAny <CancellationToken>())).ReturnsAsync(getSecretValueResponse);
var options = new SecretsManagerConfigurationProviderOptions
{
KeyGenerator = (entry, key) => newKey
};
var sut = CreateSystemUnderTest(options);
sut.Load();
Assert.That(sut.Get(testEntry.Name), Is.Null);
Assert.That(sut.Get(newKey), Is.EqualTo(getSecretValueResponse.SecretString));
}
public void Build_can_create_a_IConfigurationProvider_with_options(SecretsManagerConfigurationProviderOptions options, IConfigurationBuilder configurationBuilder)
{
var sut = new SecretsManagerConfigurationSource(options: options);
var provider = sut.Build(configurationBuilder);
Assert.That(provider, Is.Not.Null);
Assert.That(provider, Is.InstanceOf <SecretsManagerConfigurationProvider>());
}
public void Build_invokes_config_client_method(IConfigurationBuilder configurationBuilder, Action <AmazonSecretsManagerConfig> secretsManagerConfiguration)
{
var options = new SecretsManagerConfigurationProviderOptions
{
ConfigureSecretsManagerConfig = secretsManagerConfiguration
};
var sut = new SecretsManagerConfigurationSource(options: options);
var provider = sut.Build(configurationBuilder);
Mock.Get(secretsManagerConfiguration).Verify(p => p(It.Is <AmazonSecretsManagerConfig>(c => c != null)), Times.Once());
}
public static IConfigurationBuilder AddSecretsManager(this IConfigurationBuilder configurationBuilder,
AWSCredentials credentials = null,
RegionEndpoint region = null,
Action<SecretsManagerConfigurationProviderOptions> configurator = null)
{
var options = new SecretsManagerConfigurationProviderOptions();
configurator?.Invoke(options);
var source = new SecretsManagerConfigurationSource(credentials, options);
if (region != null)
{
source.Region = region;
}
configurationBuilder.Add(source);
return configurationBuilder;
}
public void Secrets_can_be_filtered_out_via_options(SecretListEntry testEntry)
{
var secretListResponse = fixture.Build <ListSecretsResponse>()
.With(p => p.SecretList, new List <SecretListEntry> {
testEntry
})
.With(p => p.NextToken, null)
.Create();
mockSecretsManager.Setup(p => p.ListSecretsAsync(It.IsAny <ListSecretsRequest>(), It.IsAny <CancellationToken>())).ReturnsAsync(secretListResponse);
var options = new SecretsManagerConfigurationProviderOptions
{
SecretFilter = entry => false
};
var sut = CreateSystemUnderTest(options);
sut.Load();
mockSecretsManager.Verify(p => p.GetSecretValueAsync(It.IsAny <GetSecretValueRequest>(), It.IsAny <CancellationToken>()), Times.Never);
Assert.That(sut.Get(testEntry.Name), Is.Null);
}
private SecretsManagerConfigurationProvider CreateSystemUnderTest(SecretsManagerConfigurationProviderOptions options = null)
{
options = options ?? new SecretsManagerConfigurationProviderOptions();
return(new SecretsManagerConfigurationProvider(mockSecretsManager.Object, options));
}
public async Task Should_reload_when_forceReload_called([Frozen] SecretListEntry testEntry, ListSecretsResponse listSecretsResponse, GetSecretValueResponse getSecretValueInitialResponse, GetSecretValueResponse getSecretValueUpdatedResponse, [Frozen] IAmazonSecretsManager secretsManager, [Frozen] SecretsManagerConfigurationProviderOptions options, SecretsManagerConfigurationProvider sut, IFixture fixture, Action <object> changeCallback, object changeCallbackState)
{
Mock.Get(secretsManager).Setup(p => p.ListSecretsAsync(It.IsAny <ListSecretsRequest>(), It.IsAny <CancellationToken>())).ReturnsAsync(listSecretsResponse);
Mock.Get(secretsManager).SetupSequence(p => p.GetSecretValueAsync(It.IsAny <GetSecretValueRequest>(), It.IsAny <CancellationToken>()))
.ReturnsAsync(getSecretValueInitialResponse)
.ReturnsAsync(getSecretValueUpdatedResponse);
sut.GetReloadToken().RegisterChangeCallback(changeCallback, changeCallbackState);
sut.Load();
Assert.That(sut.Get(testEntry.Name), Is.EqualTo(getSecretValueInitialResponse.SecretString));
await sut.ForceReloadAsync(CancellationToken.None);
Mock.Get(changeCallback).Verify(c => c(changeCallbackState));
Assert.That(sut.Get(testEntry.Name), Is.EqualTo(getSecretValueUpdatedResponse.SecretString));
}
public void Should_poll_and_reload_when_secrets_changed([Frozen] SecretListEntry testEntry, ListSecretsResponse listSecretsResponse, GetSecretValueResponse getSecretValueInitialResponse, GetSecretValueResponse getSecretValueUpdatedResponse, [Frozen] IAmazonSecretsManager secretsManager, [Frozen] SecretsManagerConfigurationProviderOptions options, SecretsManagerConfigurationProvider sut, IFixture fixture, Action <object> changeCallback, object changeCallbackState)
{
Mock.Get(secretsManager).Setup(p => p.ListSecretsAsync(It.IsAny <ListSecretsRequest>(), It.IsAny <CancellationToken>())).ReturnsAsync(listSecretsResponse);
Mock.Get(secretsManager).SetupSequence(p => p.GetSecretValueAsync(It.IsAny <GetSecretValueRequest>(), It.IsAny <CancellationToken>()))
.ReturnsAsync(getSecretValueInitialResponse)
.ReturnsAsync(getSecretValueUpdatedResponse);
options.PollingInterval = TimeSpan.FromMilliseconds(100);
sut.GetReloadToken().RegisterChangeCallback(changeCallback, changeCallbackState);
sut.Load();
Assert.That(sut.Get(testEntry.Name), Is.EqualTo(getSecretValueInitialResponse.SecretString));
Thread.Sleep(200);
Mock.Get(changeCallback).Verify(c => c(changeCallbackState));
Assert.That(sut.Get(testEntry.Name), Is.EqualTo(getSecretValueUpdatedResponse.SecretString));
}
public void Keys_can_be_customized_via_options([Frozen] SecretListEntry testEntry, ListSecretsResponse listSecretsResponse, GetSecretValueResponse getSecretValueResponse, string newKey, [Frozen] IAmazonSecretsManager secretsManager, [Frozen] SecretsManagerConfigurationProviderOptions options, SecretsManagerConfigurationProvider sut, IFixture fixture)
{
Mock.Get(secretsManager).Setup(p => p.ListSecretsAsync(It.IsAny <ListSecretsRequest>(), It.IsAny <CancellationToken>())).ReturnsAsync(listSecretsResponse);
Mock.Get(secretsManager).Setup(p => p.GetSecretValueAsync(It.IsAny <GetSecretValueRequest>(), It.IsAny <CancellationToken>())).ReturnsAsync(getSecretValueResponse);
options.KeyGenerator = (entry, key) => newKey;
sut.Load();
Assert.That(sut.Get(testEntry.Name), Is.Null);
Assert.That(sut.Get(newKey), Is.EqualTo(getSecretValueResponse.SecretString));
}
public void Secrets_can_be_listed_explicitly_and_not_searched([Frozen] SecretListEntry testEntry, ListSecretsResponse listSecretsResponse, GetSecretValueResponse getSecretValueResponse, [Frozen] IAmazonSecretsManager secretsManager, [Frozen] SecretsManagerConfigurationProviderOptions options, SecretsManagerConfigurationProvider sut, IFixture fixture)
{
const string secretKey = "KEY";
var firstSecretArn = listSecretsResponse.SecretList.Select(x => x.ARN).First();
Mock.Get(secretsManager).Setup(p => p.GetSecretValueAsync(It.Is <GetSecretValueRequest>(x => x.SecretId.Equals(firstSecretArn)), It.IsAny <CancellationToken>())).ReturnsAsync(getSecretValueResponse);
options.SecretFilter = entry => true;
options.AcceptedSecretArns = new List <string> {
firstSecretArn
};
options.KeyGenerator = (entry, key) => secretKey;
sut.Load();
Mock.Get(secretsManager).Verify(p => p.GetSecretValueAsync(It.Is <GetSecretValueRequest>(x => !x.SecretId.Equals(firstSecretArn)), It.IsAny <CancellationToken>()), Times.Never);
Mock.Get(secretsManager).Verify(p => p.ListSecretsAsync(It.IsAny <ListSecretsRequest>(), It.IsAny <CancellationToken>()), Times.Never);
Assert.That(sut.Get(testEntry.Name), Is.Null);
Assert.That(sut.Get(secretKey), Is.EqualTo(getSecretValueResponse.SecretString));
}
public void Secrets_can_be_filtered_out_via_options([Frozen] SecretListEntry testEntry, ListSecretsResponse listSecretsResponse, [Frozen] IAmazonSecretsManager secretsManager, [Frozen] SecretsManagerConfigurationProviderOptions options, SecretsManagerConfigurationProvider sut, IFixture fixture)
{
Mock.Get(secretsManager).Setup(p => p.ListSecretsAsync(It.IsAny <ListSecretsRequest>(), It.IsAny <CancellationToken>())).ReturnsAsync(listSecretsResponse);
options.SecretFilter = entry => false;
sut.Load();
Mock.Get(secretsManager).Verify(p => p.GetSecretValueAsync(It.IsAny <GetSecretValueRequest>(), It.IsAny <CancellationToken>()), Times.Never);
Assert.That(sut.Get(testEntry.Name), Is.Null);
}
public void Secrets_can_be_filtered_out_via_options_on_fetching([Frozen] SecretListEntry testEntry, ListSecretsResponse listSecretsResponse, GetSecretValueResponse getSecretValueResponse, [Frozen] IAmazonSecretsManager secretsManager, [Frozen] SecretsManagerConfigurationProviderOptions options, SecretsManagerConfigurationProvider sut, IFixture fixture)
{
options.ListSecretsFilters = new List <Filter> {
new Filter {
Key = FilterNameStringType.Name, Values = new List <string> {
testEntry.Name
}
}
};
Mock.Get(secretsManager).Setup(p => p.ListSecretsAsync(It.Is <ListSecretsRequest>(request => request.Filters == options.ListSecretsFilters), It.IsAny <CancellationToken>())).ReturnsAsync(listSecretsResponse);
sut.Load();
Mock.Get(secretsManager).Verify(p => p.ListSecretsAsync(It.Is <ListSecretsRequest>(request => request.Filters == options.ListSecretsFilters), It.IsAny <CancellationToken>()));
Assert.That(sut.Get(testEntry.Name), Is.Null);
}
public void Secrets_listed_explicitly_and_saved_to_configuration_with_their_names_as_keys([Frozen] SecretListEntry testEntry, ListSecretsResponse listSecretsResponse, GetSecretValueResponse getSecretValueResponse, [Frozen] IAmazonSecretsManager secretsManager, [Frozen] SecretsManagerConfigurationProviderOptions options, SecretsManagerConfigurationProvider sut, IFixture fixture)
{
Mock.Get(secretsManager).Setup(p => p.GetSecretValueAsync(It.Is <GetSecretValueRequest>(x => x.SecretId.Equals(getSecretValueResponse.ARN)), It.IsAny <CancellationToken>())).ReturnsAsync(getSecretValueResponse);
options.AcceptedSecretArns = new List <string> {
getSecretValueResponse.ARN
};
Assert.DoesNotThrow(sut.Load);
Mock.Get(secretsManager).Verify(p => p.GetSecretValueAsync(It.Is <GetSecretValueRequest>(x => !x.SecretId.Equals(getSecretValueResponse.ARN)), It.IsAny <CancellationToken>()), Times.Never);
Assert.That(sut.Get(getSecretValueResponse.Name), Is.EqualTo(getSecretValueResponse.SecretString));
}
public void Build_uses_given_client_factory_method(IConfigurationBuilder configurationBuilder, SecretsManagerConfigurationProviderOptions options, Func <IAmazonSecretsManager> clientFactory)
{
options.CreateClient = clientFactory;
var sut = new SecretsManagerConfigurationSource(options: options);
var provider = sut.Build(configurationBuilder);
Assert.That(provider, Is.Not.Null);
Mock.Get(clientFactory).Verify(p => p());
}
