Merge pull request #30 from IBM/saikumar1607-202306160650

changes to GetSecret() method

.pre-commit-config.yaml

@@ -7,7 +7,7 @@
 repos:
 - repo: git@github.ibm.com:Whitewater/whitewater-detect-secrets
   # If you desire to use a specific version of whitewater-detect-secrets, you can replace `master` with other git revisions such as branch, tag or commit sha.
-  rev: 0.13.1+ibm.57.dss
+  rev: 0.13.1+ibm.61.dss
   hooks:
     -   id: detect-secrets # pragma: whitelist secret
         # Add options for detect-secrets-hook binary. You can run `detect-secrets-hook --help` to list out all possible options.

.secrets.baseline

@@ -3,7 +3,7 @@
     "files": "^.secrets.baseline$|go.sum|vendor|.cra/.cveignore",
     "lines": null
   },
-  "generated_at": "2023-04-12T06:00:07Z",
+  "generated_at": "2023-06-16T06:52:36Z",
   "plugins_used": [
     {
       "name": "AWSKeyDetector"
@@ -61,7 +61,7 @@
     }
   ],
   "results": {},
-  "version": "0.13.1+ibm.58.dss",
+  "version": "0.13.1+ibm.61.dss",
   "word_list": {
     "file": null,
     "hash": null

README.md

@@ -1,4 +1,4 @@
-# IBM Cloud App Configuration Go server SDK 0.3.3
+# IBM Cloud App Configuration Go server SDK 0.4.0
 
 IBM Cloud App Configuration SDK is used to perform feature flag and property evaluation based on the configuration on
 IBM Cloud App Configuration service.
@@ -246,11 +246,14 @@ propertyVal := property.GetCurrentValue(entityId, entityAttributes)
 ## Get secret property
 
 ```go
-secretPropertyObject, err := appConfiguration.GetSecret(propertyID, secretsManagerObject)
+secretPropertyObject, err := appConfigClient.GetSecret(propertyID, secretsManagerService)
 ```
 
-* propertyID: propertyID is the unique string identifier, using this we will be able to fetch the property which will provide the necessary data to fetch the secret.
-* secretsManagerObject: secretsManagerObject is an Secret Manager variable or object which will be used for getting the secrets during the secret property evaluation. How to create a secret manager object refer the secret manager docs:https://cloud.ibm.com/apidocs/secrets-manager?code=go
+* propertyID: propertyID is the unique string identifier, using this we will be able to fetch the property which will
+  provide the necessary metadata to fetch the secret.
+* secretsManagerService: an initialised secrets manager client, which will be used for getting the secret data during
+  the secret property evaluation. Create a secret manager client by referring the
+  doc: https://cloud.ibm.com/apidocs/secrets-manager/secrets-manager-v2?code=go#authentication
 
 ## Evaluate a secret property
 
@@ -264,6 +267,7 @@ entityAttributes["city"] = "Bangalore"
 entityAttributes["country"] = "India"
 
 getSecretRes, detailedResponse, err := secretPropertyObject.GetCurrentValue(entityId, entityAttributes)
+// See below to know how to access the secret data from the detailedResponse
 ```
 
 * entityId: entityId is a string identifier related to the Entity against which the property will be evaluated. For
@@ -276,22 +280,41 @@ getSecretRes, detailedResponse, err := secretPropertyObject.GetCurrentValue(enti
   evaluation. An attribute is a parameter that is used to define a segment. The SDK uses the attribute values to
   determine if the specified entity satisfies the targeting rules, and returns the appropriate value.
 
-## How to access the payload secret data from the response
+## How to access the secret data from a successful response
+
+Full example :
 ```go
-//make sure this import statement is added
-import (sm "github.com/IBM/secrets-manager-go-sdk/secretsmanagerv1")
+import (
+    "github.com/IBM/go-sdk-core/v5/core"
+    sm "github.com/IBM/secrets-manager-go-sdk/v2/secretsmanagerv2"
+)
+
+secretsManagerService, err := sm.NewSecretsManagerV2(&sm.SecretsManagerV2Options{
+    URL: "<SECRETS_MANAGER_INSTANCE_URL>",
+    Authenticator: &core.IamAuthenticator{
+        ApiKey: "<SECRETS_MANAGER_APIKEY>",
+    },
+})
+secretPropertyObject, err := appConfigClient.GetSecret(propertyID, secretsManagerService)
+getSecretRes, detailedResponse, err := secretPropertyObject.GetCurrentValue(entityId, entityAttributes)
+
+// For Arbitrary secret type
+secretData := *detailedResponse.Result.(*sm.ArbitrarySecret).Payload
+
+// For username-password secret type
+secretData := *detailedResponse.Result.(*sm.UsernamePasswordSecret).Username
+secretData := *detailedResponse.Result.(*sm.UsernamePasswordSecret).Password
 
-secret := getSecretRes.Resources[0].(*sm.SecretResource)
-secretData := secret.SecretData.(map[string]interface{})
-payload := secretData["payload"]
+// For key-value secret type
+secretData := detailedResponse.Result.(*sm.KVSecret).Data["key1"]
+secretData := detailedResponse.Result.(*sm.KVSecret).Data["key2"]
 ```
 
 The GetCurrentValue will be sending the 3 objects as part of response. 
 
-* getSecretRes:  this will give the meta data and payload.
+* getSecretRes: this will give the meta data and payload.
 * detailedResponse: this will give entire data which includes the http response header data, meta data and payload.
 * err: this will give the error response if the request is invalid or failed for some reason.
-> Note: `secretData["payload"] will return interface{}` so based on the data we need to do the type casting.
 
 ## Fetching the appConfigClient across other modules
 

examples/go.mod

@@ -3,7 +3,7 @@ module examples
 go 1.16
 
 require (
-	github.com/IBM/appconfiguration-go-sdk v0.3.3
+	github.com/IBM/appconfiguration-go-sdk v0.4.0
 	github.com/gorilla/mux v1.7.2
 	github.com/joho/godotenv v1.4.0
 )

go.mod

@@ -4,7 +4,7 @@ go 1.16
 
 require (
 	github.com/IBM/go-sdk-core/v5 v5.13.1
-	github.com/IBM/secrets-manager-go-sdk v1.0.49
+	github.com/IBM/secrets-manager-go-sdk/v2 v2.0.0
 	github.com/go-openapi/strfmt v0.21.7 // indirect
 	github.com/go-playground/validator/v10 v10.12.0 // indirect
 	github.com/gorilla/websocket v1.5.0

go.sum

@@ -1,8 +1,10 @@
 github.com/IBM/go-sdk-core/v5 v5.10.2/go.mod h1:WZPFasUzsKab/2mzt29xPcfruSk5js2ywAPwW4VJjdI=
 github.com/IBM/go-sdk-core/v5 v5.13.1 h1:zD6p3t1whAlRJo/VBmE69c8RcH9LCHL1n0/sO1MWlpw=
 github.com/IBM/go-sdk-core/v5 v5.13.1/go.mod h1:pVkN7IGmsSdmR1ZCU4E/cLcCclqRKMYgg7ya+O2Mk6g=
-github.com/IBM/secrets-manager-go-sdk v1.0.49 h1:wRxyjFpSoZz6brj55JSMk6Sb38dLrQYnsEKcdYibflo=
-github.com/IBM/secrets-manager-go-sdk v1.0.49/go.mod h1:QyDSznC6gJEXIGaj+JPxoEVtyXfkaxzId87mxcEb+vM=
+github.com/IBM/secrets-manager-go-sdk v1.2.0 h1:bgFfBF+LjHLtUfV3hTLkfgE8EjFsJaeU2icA2Hg+M50=
+github.com/IBM/secrets-manager-go-sdk v1.2.0/go.mod h1:qv+tQg8Z3Vb11DQYxDjEGeROHDtTLQxUWuOIrIdWg6E=
+github.com/IBM/secrets-manager-go-sdk/v2 v2.0.0 h1:Lx4Bvim/MfoHEYR+n312bty5DirAJypBGGS9YZo3zCw=
+github.com/IBM/secrets-manager-go-sdk/v2 v2.0.0/go.mod h1:jagqWmjZ0zUEqh5jdGB42ApSQS40fu2LWw6pdg8JJko=
 github.com/asaskevich/govalidator v0.0.0-20200907205600-7a23bdc65eef/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
 github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
 github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3dyBCFEj5IhUbnKptjxatkF07cF2ak3yi77so=

lib/AppConfiguration.go

@@ -23,7 +23,7 @@ import (
 	"github.com/IBM/appconfiguration-go-sdk/lib/internal/messages"
 	"github.com/IBM/appconfiguration-go-sdk/lib/internal/models"
 	"github.com/IBM/appconfiguration-go-sdk/lib/internal/utils/log"
-	sm "github.com/IBM/secrets-manager-go-sdk/secretsmanagerv1"
+	sm "github.com/IBM/secrets-manager-go-sdk/v2/secretsmanagerv2"
 )
 
 // AppConfiguration : Struct having init and configInstance.
@@ -80,7 +80,6 @@ func GetInstance() *AppConfiguration {
 // Example: AppConfiguration.OverrideServiceUrl("https://testurl.com")
 //
 // NOTE: To be used for development purposes only.
-//
 func OverrideServiceUrl(url string) {
 	overrideServiceUrl = url
 }
@@ -89,7 +88,7 @@ func OverrideServiceUrl(url string) {
 // by using a private endpoint that is accessible only through the IBM Cloud private network.
 // Be default, it is set to false.
 //
-//NOTE: This method must be called before calling the `Init` function on the SDK.
+// NOTE: This method must be called before calling the `Init` function on the SDK.
 func (ac *AppConfiguration) UsePrivateEndpoint(usePrivateEndpointParam bool) {
 	usePrivateEndpoint = usePrivateEndpointParam
 }
@@ -213,10 +212,10 @@ func (ac *AppConfiguration) GetProperties() (map[string]models.Property, error)
 }
 
 // GetSecret : Get Secret
-func (ac *AppConfiguration) GetSecret(propertyID string, secretMangerObject *sm.SecretsManagerV1) (models.SecretProperty, error) {
+func (ac *AppConfiguration) GetSecret(propertyID string, secretsManagerService *sm.SecretsManagerV2) (models.SecretProperty, error) {
 	if ac.isInitializedConfig == true && ac.configurationHandlerInstance != nil {
-		if secretMangerObject != nil {
-			return ac.configurationHandlerInstance.getSecret(propertyID, secretMangerObject)
+		if secretsManagerService != nil {
+			return ac.configurationHandlerInstance.getSecret(propertyID, secretsManagerService)
 		} else {
 			log.Error(messages.InvalidSecretManagerMessage)
 			return models.SecretProperty{}, errors.New("error: " + messages.InvalidSecretManagerMessage)

lib/ConfigurationHandler.go

@@ -31,7 +31,7 @@ import (
 	"github.com/IBM/appconfiguration-go-sdk/lib/internal/utils"
 	"github.com/IBM/appconfiguration-go-sdk/lib/internal/utils/log"
 	"github.com/IBM/go-sdk-core/v5/core"
-	sm "github.com/IBM/secrets-manager-go-sdk/secretsmanagerv1"
+	sm "github.com/IBM/secrets-manager-go-sdk/v2/secretsmanagerv2"
 	"github.com/gorilla/websocket"
 )
 
@@ -308,13 +308,13 @@ func (ch *ConfigurationHandler) getProperty(propertyID string) (models.Property,
 }
 
 // GetSecret : Get Secret
-func (ch *ConfigurationHandler) getSecret(propertyID string, secretMangerObject *sm.SecretsManagerV1) (models.SecretProperty, error) {
+func (ch *ConfigurationHandler) getSecret(propertyID string, secretsManagerService *sm.SecretsManagerV2) (models.SecretProperty, error) {
 	property, err := ch.getProperty(propertyID)
 	if err != nil {
 		return models.SecretProperty{}, err
 	}
 	if property.GetPropertyDataType() == "SECRETREF" {
-		ch.cache.SecretManagerMap[propertyID] = secretMangerObject
+		ch.cache.SecretManagerMap[propertyID] = secretsManagerService
 		return models.SecretProperty{PropertyID: propertyID}, nil
 	}
 	log.Error("Invalid operation: GetSecret() cannot be called on a ", property.GetPropertyDataType(), " property.")

lib/internal/constants/constants.go

@@ -26,7 +26,7 @@ const DefaultEntityID = "$$null$$"
 const DefaultUsageLimit = 10
 
 // UserAgent specifies the user agent name
-const UserAgent = "appconfiguration-go-sdk/0.3.3"
+const UserAgent = "appconfiguration-go-sdk/0.4.0"
 
 // ConfigurationFile : Name of file to which configurations will be written
 const ConfigurationFile = "appconfiguration.json"

lib/internal/models/SecretProperty.go

@@ -22,7 +22,7 @@ import (
 	"github.com/IBM/appconfiguration-go-sdk/lib/internal/messages"
 	"github.com/IBM/appconfiguration-go-sdk/lib/internal/utils/log"
 	"github.com/IBM/go-sdk-core/v5/core"
-	sm "github.com/IBM/secrets-manager-go-sdk/secretsmanagerv1"
+	sm "github.com/IBM/secrets-manager-go-sdk/v2/secretsmanagerv2"
 )
 
 // SecretProperty : SecretProperty struct
@@ -41,7 +41,7 @@ type SecretProperty struct {
 // entityAttributes is a map of type `map[string]interface{}` consisting of the attribute name and their values that defines the specified entity.
 // This is an optional parameter if the property is not configured with any targeting definition.
 // If the targeting is configured, then entityAttributes should be provided for the rule evaluation.
-func (sp *SecretProperty) GetCurrentValue(entityID string, entityAttributes ...map[string]interface{}) (result *sm.GetSecret, response *core.DetailedResponse, err error) {
+func (sp *SecretProperty) GetCurrentValue(entityID string, entityAttributes ...map[string]interface{}) (result sm.SecretIntf, response *core.DetailedResponse, err error) {
 
 	if len(entityID) <= 0 {
 		log.Error("SecretProperty evaluation: ", messages.InvalidEntityId, "GetCurrentValue")
@@ -54,15 +54,6 @@ func (sp *SecretProperty) GetCurrentValue(entityID string, entityAttributes ...m
 	}
 
 	propertyObject := GetCacheInstance().PropertyMap[sp.PropertyID]
-	propertySecretValue := propertyObject.GetValue().(map[string]interface{})
-	var propertySecretType string
-	if secretTypeValue, secretTypeExist := propertySecretValue["secret_type"]; secretTypeExist {
-		propertySecretType = secretTypeValue.(string)
-	} else {
-		//secret_type does not exist then throw error
-		log.Error("SecretProperty evaluation: secret_type is missing from the Property value of:", propertyObject.GetPropertyName())
-		return nil, nil, errors.New("error: secret_type is missing from the Property value of :" + propertyObject.GetPropertyName())
-	}
 
 	var propertyCurrentVal interface{}
 	if entityAttributes == nil {
@@ -83,12 +74,11 @@ func (sp *SecretProperty) GetCurrentValue(entityID string, entityAttributes ...m
 	if secretID, secretIDExist := valMap["id"]; secretIDExist {
 		id := secretID.(string)
 		//sm sdk call
-		secretManager := GetCacheInstance().SecretManagerMap[sp.PropertyID].(*sm.SecretsManagerV1)
-		secretData, detailedResp, err := secretManager.GetSecret(&sm.GetSecretOptions{
-			SecretType: core.StringPtr(propertySecretType),
-			ID:         &id,
-		})
-
+		secretsManagerService := GetCacheInstance().SecretManagerMap[sp.PropertyID].(*sm.SecretsManagerV2)
+		getSecretOptions := secretsManagerService.NewGetSecretOptions(
+			id,
+		)
+		secretData, detailedResp, err := secretsManagerService.GetSecret(getSecretOptions)
 		if err != nil {
 			return nil, nil, err
 		}