AWS secrets manager store

pom.xml

@@ -44,6 +44,7 @@
     <module>vertx-config-zookeeper</module>
     <module>vertx-config-consul</module>
     <module>vertx-config-vault</module>
+    <module>vertx-config-aws-secrets-manager</module>
   </modules>
 
   <scm>

vertx-config-aws-secrets-manager/pom.xml

@@ -0,0 +1,32 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+  <parent>
+    <artifactId>vertx-config-parent</artifactId>
+    <groupId>io.vertx</groupId>
+    <version>4.0.0-SNAPSHOT</version>
+  </parent>
+  <modelVersion>4.0.0</modelVersion>
+
+  <artifactId>vertx-config-aws-secrets-manager</artifactId>
+
+  <properties>
+    <doc.skip>false</doc.skip>
+  </properties>
+
+  <dependencies>
+    <dependency>
+      <groupId>io.vertx</groupId>
+      <artifactId>vertx-config</artifactId>
+      <version>${project.version}</version>
+    </dependency>
+
+    <dependency>
+      <groupId>com.amazonaws</groupId>
+      <artifactId>aws-java-sdk-secretsmanager</artifactId>
+      <version>1.11.697</version>
+    </dependency>
+  </dependencies>
+
+</project>

vertx-config-aws-secrets-manager/src/main/asciidoc/aws-store.adoc

@@ -0,0 +1,46 @@
+=== AWS Secrets Manager Configuration Store
+
+The AWS Secrets Manager Configuration Store extends the Vert.x Configuration Retriever and provides the way to retrieve configuration from AWS Secrets Manager.
+It uses the AWS SDK as a client.
+
+==== Using the AWS Secrets Manager Configuration Store
+
+To use the AWS Secrets Manager Configuration Store, add the following dependency to the _dependencies_ section of your build descriptor:
+
+* Maven (in your `pom.xml`):
+
+[source,xml,subs="+attributes"]
+----
+<dependency>
+  <groupId>io.vertx</groupId>
+  <artifactId>vertx-config-aws-secrets-manager</artifactId>
+  <version>${maven.version}</version>
+</dependency>
+<dependency>
+  <groupId>io.vertx</groupId>
+  <artifactId>vertx-config</artifactId>
+  <version>${maven.version}</version>
+</dependency>
+----
+
+* Gradle (in your `build.gradle` file):
+
+[source,groovy,subs="+attributes"]
+----
+compile 'io.vertx:vertx-config:${maven.version}'
+compile 'io.vertx:vertx-config-aws-secrets-manager:${maven.version}'
+----
+
+==== Configuring the store
+
+Once added to your classpath or dependencies, you need to configure the {@link io.vertx.config.ConfigRetriever} to use this store:
+
+[source,$lang]
+----
+{@link examples.ConfigAWSExamples#example1(io.vertx.core.Vertx)}
+----
+
+The store configuration is used to configure the AWS SDK client and the _secretName_ containing the configuration.
+Notice that the format of the configuration can be PlainText JSON only.
+
+You must also have the _AWS_ACCESS_KEY_ID_ & _AWS_SECRET_ACCESS_KEY_ environment variables set so AWS SDK can authenticate.

vertx-config-aws-secrets-manager/src/main/java/examples/ConfigAWSExamples.java

@@ -0,0 +1,30 @@
+package examples;
+
+import io.vertx.config.ConfigRetriever;
+import io.vertx.config.ConfigRetrieverOptions;
+import io.vertx.config.ConfigStoreOptions;
+import io.vertx.core.Vertx;
+import io.vertx.core.json.JsonObject;
+
+public class ConfigAWSExamples {
+
+  /**
+   *  Environment variables that are required to be set to use AWS
+   *  AWS_ACCESS_KEY_ID
+   *  AWS_SECRET_ACCESS_KEY
+   * @param vertx
+   */
+  public void example1(Vertx vertx) {
+    ConfigStoreOptions store = new ConfigStoreOptions()
+      .setType("aws-secrets-manager")
+      .setConfig(new JsonObject()
+        .put("region", "us-west-2")
+        .put("secretName", "test/example")
+      );
+
+    ConfigRetriever retriever = ConfigRetriever.create(vertx,
+      new ConfigRetrieverOptions().addStore(store));
+  }
+
+
+}

vertx-config-aws-secrets-manager/src/main/java/examples/package-info.java

@@ -0,0 +1,21 @@
+/*
+ * Copyright (c) 2014 Red Hat, Inc. and others
+ *
+ * Red Hat licenses this file to you under the Apache License, version 2.0
+ * (the "License"); you may not use this file except in compliance with the
+ * License.  You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+
+@Source
+package examples;
+
+import io.vertx.docgen.Source;

vertx-config-aws-secrets-manager/src/main/java/io/vertx/config/aws/AWSMissingSecretException.java

@@ -0,0 +1,10 @@
+package io.vertx.config.aws;
+
+/**
+ * An exception that is thrown when an AWS Secret is not found
+ */
+public class AWSMissingSecretException extends Exception {
+  public AWSMissingSecretException(String message) {
+    super(message);
+  }
+}

vertx-config-aws-secrets-manager/src/main/java/io/vertx/config/aws/AWSSecretTypeException.java

@@ -0,0 +1,8 @@
+package io.vertx.config.aws;
+
+/**
+ * An exception that is thrown when an AWS Secret is not of a usable type
+ */
+public class AWSSecretTypeException extends Exception {
+  public AWSSecretTypeException(String message) { super(message); }
+}

vertx-config-aws-secrets-manager/src/main/java/io/vertx/config/aws/AWSSecretsManagerStore.java

@@ -0,0 +1,83 @@
+package io.vertx.config.aws;
+
+
+import com.amazonaws.services.secretsmanager.AWSSecretsManager;
+import com.amazonaws.services.secretsmanager.AWSSecretsManagerClientBuilder;
+import com.amazonaws.services.secretsmanager.model.*;
+import io.vertx.config.spi.ConfigStore;
+import io.vertx.core.AsyncResult;
+import io.vertx.core.Future;
+import io.vertx.core.Handler;
+import io.vertx.core.Vertx;
+import io.vertx.core.buffer.Buffer;
+import io.vertx.core.json.DecodeException;
+import io.vertx.core.json.JsonObject;
+
+import java.util.Objects;
+
+class AWSSecretsManagerStore implements ConfigStore {
+  private final Vertx vertx;
+  private final String region;
+  private final String secretName;
+
+  public AWSSecretsManagerStore(Vertx vertx, JsonObject configuration) {
+    this.vertx = Objects.requireNonNull(vertx);
+    this.region = configuration.getString("region");
+    this.secretName = configuration.getString("secretName");
+  }
+
+  @Override
+  public void get(Handler<AsyncResult<Buffer>> completionHandler) {
+
+    try {
+      // Check Environment variables exist, but we don't need to use them outselves, AWS SDK will use automatically.
+      System.getenv("AWS_ACCESS_KEY_ID");
+      System.getenv("AWS_SECRET_ACCESS_KEY");
+
+      vertx.executeBlocking(
+        future -> {
+          AWSSecretsManager client = AWSSecretsManagerClientBuilder.standard()
+            .withRegion(region)
+            .build();
+
+          GetSecretValueRequest getSecretValueRequest = new GetSecretValueRequest()
+            .withSecretId(secretName);
+
+          try {
+            GetSecretValueResult getSecretValueResult = client.getSecretValue(getSecretValueRequest);
+            if (getSecretValueResult != null) {
+              String secret = getSecretValueResult.getSecretString();
+
+              if (secret != null) {
+                future.complete(new JsonObject(secret));
+              } else {
+                throw new AWSSecretTypeException("Secret is not a string");
+              }
+            } else {
+              throw new AWSMissingSecretException(secretName + " not found");
+            }
+          } catch (DecodeException | AWSMissingSecretException | DecryptionFailureException | InternalServiceErrorException | InvalidParameterException | InvalidRequestException | ResourceNotFoundException | AWSSecretTypeException e) {
+            future.fail(e);
+          }
+        },
+        v -> {
+          if (v.failed()) {
+            completionHandler.handle(Future.failedFuture(v.cause()));
+          } else {
+            JsonObject configFromAWSSecretsManager = (JsonObject) v.result();
+            completionHandler.handle(Future.succeededFuture(configFromAWSSecretsManager.toBuffer()));
+          }
+        }
+      );
+
+    } catch (NullPointerException e) {
+      completionHandler.handle(Future.failedFuture("No AWS environment variable credentials present"));
+    }
+
+  }
+
+  @Override
+  public void close(Handler<Void> completionHandler) {
+    completionHandler.handle(null);
+  }
+}

vertx-config-aws-secrets-manager/src/main/java/io/vertx/config/aws/AWSSecretsManagerStoreFactory.java

@@ -0,0 +1,41 @@
+/*
+ * Copyright (c) 2014 Red Hat, Inc. and others
+ *
+ * Red Hat licenses this file to you under the Apache License, version 2.0
+ * (the "License"); you may not use this file except in compliance with the
+ * License.  You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+
+package io.vertx.config.aws;
+
+
+import io.vertx.config.spi.ConfigStore;
+import io.vertx.config.spi.ConfigStoreFactory;
+import io.vertx.core.Vertx;
+import io.vertx.core.json.JsonObject;
+
+/**
+ * Factory to create {@link AWSSecretsManagerStore} instances.
+ *
+ * @author <a href="http://indiealexh.com">Alexander Haslam</a>
+ */
+public class AWSSecretsManagerStoreFactory implements ConfigStoreFactory {
+  @Override
+  public String name() {
+    return "aws-secrets-manager";
+  }
+
+  @Override
+  public ConfigStore create(Vertx vertx, JsonObject configuration) {
+    return new AWSSecretsManagerStore(vertx, configuration);
+  }
+}

vertx-config-aws-secrets-manager/src/main/resources/META-INF/services/io.vertx.config.spi.ConfigStoreFactory

@@ -0,0 +1,18 @@
+#
+# Copyright (c) 2014 Red Hat, Inc. and others
+#
+# Red Hat licenses this file to you under the Apache License, version 2.0
+# (the "License"); you may not use this file except in compliance with the
+# License.  You may obtain a copy of the License at:
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.  See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+#
+
+io.vertx.config.aws.AWSSecretsManagerStoreFactory

vertx-config-aws-secrets-manager/src/test/java/io/vertx/config/aws/AWSSecretsManagerStoreTest.java

@@ -0,0 +1,81 @@
+package io.vertx.config.aws;
+
+
+import io.vertx.config.ConfigRetriever;
+import io.vertx.config.ConfigRetrieverOptions;
+import io.vertx.config.ConfigStoreOptions;
+import io.vertx.core.Vertx;
+import io.vertx.core.json.JsonObject;
+import io.vertx.ext.unit.Async;
+import io.vertx.ext.unit.TestContext;
+import io.vertx.ext.unit.junit.VertxUnitRunner;
+import org.assertj.core.api.Assertions;
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
+import java.io.IOException;
+
+import static org.assertj.core.api.AssertionsForClassTypes.assertThat;
+
+/**
+ * Factory to create {@link AWSSecretsManagerStore} instances.
+ *
+ * @author <a href="http://indiealexh.com">Alexander Haslam</a>
+ */
+@RunWith(VertxUnitRunner.class)
+public class AWSSecretsManagerStoreTest {
+
+  private ConfigRetriever retriever;
+  private Vertx vertx;
+
+
+  @Before
+  public void setUp(TestContext tc) throws IOException {
+    vertx = Vertx.vertx();
+    vertx.exceptionHandler(tc.exceptionHandler());
+  }
+
+  @After
+  public void tearDown(TestContext tc) {
+    retriever.close();
+    vertx.close(tc.asyncAssertSuccess());
+  }
+
+  @Test
+  public void getExampleFromAWSSecretsManager(TestContext tc) throws Exception {
+    Async async = tc.async();
+    retriever = ConfigRetriever.create(vertx,
+      new ConfigRetrieverOptions().addStore(
+        new ConfigStoreOptions()
+          .setType("aws-secrets-manager")
+          .setConfig(new JsonObject()
+            .put("region", "us-west-2")
+            .put("secretName", "test/example")
+          )));
+    retriever.getConfig(ar -> {
+      assertThat(ar.succeeded()).isTrue();
+      JsonObject json = ar.result();
+      Assertions.assertThat(json).isNotNull();
+      Assertions.assertThat(json.getString("key")).isEqualTo("value");
+
+      Assertions.assertThat(json.getBoolean("true")).isTrue();
+      Assertions.assertThat(json.getBoolean("false")).isFalse();
+
+      Assertions.assertThat(json.getString("missing")).isNull();
+
+      Assertions.assertThat(json.getInteger("int")).isEqualTo(5);
+      Assertions.assertThat(json.getDouble("float")).isEqualTo(25.3);
+
+      Assertions.assertThat(json.getJsonArray("array").size()).isEqualTo(3);
+      Assertions.assertThat(json.getJsonArray("array").contains(1)).isTrue();
+      Assertions.assertThat(json.getJsonArray("array").contains(2)).isTrue();
+      Assertions.assertThat(json.getJsonArray("array").contains(3)).isTrue();
+
+      Assertions.assertThat(json.getJsonObject("sub").getString("foo")).isEqualTo("bar");
+      async.complete();
+    });
+  }
+
+}