From 23ee3b1ea1e72c72689ff2c58742accef785322e Mon Sep 17 00:00:00 2001 From: gjoranv Date: Fri, 6 Dec 2024 14:19:37 +0100 Subject: [PATCH] Add support for listing secrets in ASM --- .../secret/aws/AsmTenantSecretReader.java | 7 ++++-- .../aws/testutil/AsmSecretTesterBase.java | 22 ++++++++++++------- 2 files changed, 19 insertions(+), 10 deletions(-) diff --git a/jdisc-cloud-aws/src/main/java/ai/vespa/secret/aws/AsmTenantSecretReader.java b/jdisc-cloud-aws/src/main/java/ai/vespa/secret/aws/AsmTenantSecretReader.java index c736b50bd74..996deffbe46 100644 --- a/jdisc-cloud-aws/src/main/java/ai/vespa/secret/aws/AsmTenantSecretReader.java +++ b/jdisc-cloud-aws/src/main/java/ai/vespa/secret/aws/AsmTenantSecretReader.java @@ -77,8 +77,11 @@ private String awsSecretId(String tenant, Key key) { } public static String getAwsSecretId(String system, String tenant, Key key) { - return "%s.%s.%s.%s/%s".formatted(AthenzUtil.PREFIX, system, tenant, - key.vaultName().value(), key.secretName().value()); + return "%s/%s".formatted(awsVaultPrefix(system, tenant, key.vaultName()), key.secretName().value()); + } + + public static String awsVaultPrefix(String system, String tenant, VaultName vault) { + return "%s.%s.%s.%s".formatted(AthenzUtil.PREFIX, system, tenant, vault.value()); } record Vault(VaultId vaultId, VaultName vaultName, ExternalId externalId) {} diff --git a/jdisc-cloud-aws/src/main/java/ai/vespa/secret/aws/testutil/AsmSecretTesterBase.java b/jdisc-cloud-aws/src/main/java/ai/vespa/secret/aws/testutil/AsmSecretTesterBase.java index 6de8e977baa..a318423057d 100644 --- a/jdisc-cloud-aws/src/main/java/ai/vespa/secret/aws/testutil/AsmSecretTesterBase.java +++ b/jdisc-cloud-aws/src/main/java/ai/vespa/secret/aws/testutil/AsmSecretTesterBase.java @@ -8,22 +8,19 @@ import ai.vespa.secret.aws.AwsRolePath; import ai.vespa.secret.model.Key; import ai.vespa.secret.model.SecretVersionState; -import software.amazon.awssdk.awscore.exception.AwsServiceException; -import software.amazon.awssdk.core.exception.SdkClientException; import software.amazon.awssdk.services.secretsmanager.SecretsManagerClient; -import software.amazon.awssdk.services.secretsmanager.model.InternalServiceErrorException; -import software.amazon.awssdk.services.secretsmanager.model.InvalidNextTokenException; -import software.amazon.awssdk.services.secretsmanager.model.InvalidParameterException; import software.amazon.awssdk.services.secretsmanager.model.ListSecretVersionIdsRequest; import software.amazon.awssdk.services.secretsmanager.model.ListSecretVersionIdsResponse; -import software.amazon.awssdk.services.secretsmanager.model.ResourceNotFoundException; +import software.amazon.awssdk.services.secretsmanager.model.ListSecretsRequest; +import software.amazon.awssdk.services.secretsmanager.model.ListSecretsResponse; +import software.amazon.awssdk.services.secretsmanager.model.SecretListEntry; import software.amazon.awssdk.services.secretsmanager.model.SecretVersionsListEntry; -import software.amazon.awssdk.services.secretsmanager.model.SecretsManagerException; import java.util.ArrayList; import java.util.HashMap; import java.util.List; import java.util.Map; +import java.util.function.Consumer; import java.util.function.Function; /** @@ -66,9 +63,18 @@ protected MockSecretsManagerClient(AwsRolePath awsRole) { clients.add(this); } + @Override + public ListSecretsResponse listSecrets(Consumer listSecretsRequest) { + return ListSecretsResponse.builder() + .secretList(secrets.keySet().stream() + .map(name -> SecretListEntry.builder().name(name).build()) + .toList()) + .build(); + } + // Used by both reader and writer testers @Override - public ListSecretVersionIdsResponse listSecretVersionIds(ListSecretVersionIdsRequest request) throws InvalidNextTokenException, ResourceNotFoundException, InternalServiceErrorException, InvalidParameterException, AwsServiceException, SdkClientException, SecretsManagerException { + public ListSecretVersionIdsResponse listSecretVersionIds(ListSecretVersionIdsRequest request) { return ListSecretVersionIdsResponse.builder() .name(request.secretId()) .versions(secrets.getOrDefault(request.secretId(), List.of()).stream()