feat: allow endpoint overrides in AwsSecretsManagerVault #485
Conversation
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
There was a problem hiding this comment.
We are always happy to welcome new contributors ❤️ To make things easier for everyone, please make sure to follow our contribution guidelines, check if you have already signed the ECA, and relate this pull request to an existing issue or discussion.
|
@chlorochrule do NOT submit surprise PRs. Committers will then triage the issue and approve it for implementation by removing the |
|
@paullatzelsperger I apologize for the breaking etiquette, and thank you for pointing that out! I created a ticket #486 |
|
This pull request is stale because it has been open for 7 days with no activity. |
| @Setting | ||
| private static final String AWS_ENDPOINT_OVERRIDE = "edc.aws.endpoint.override"; |
There was a problem hiding this comment.
I think this setting should be different than the one used to create the S3 client, and be called edc.vault.aws.endpoint.override, to align with the region setting.
plus, settings can be injected in a different way, as described in this DR
Please adapt and add some description to the annotation
| @@ -47,4 +47,15 @@ void configOptionRegionProvided_shouldNotThrowException() { | |||
| extension.createVault(validContext); | |||
| } | |||
|
|
|||
| @Test | |||
| void configOptionEndpointOverrideProvided_shouldNotThrowException() { | |||
There was a problem hiding this comment.
this test is asserting nothing. I know that you inherited from the already existing tests, but tests without assertions should be avoided.
Demonstration: if you try to add a proper assertion like:
var vault = extension.createVault(validContext);
assertThat(vault).extracting("smClient", type(SecretsManagerClient.class)).satisfies(client -> {
assertThat(client.serviceClientConfiguration().endpointOverride()).contains(URI.create("http://localhost:4566"));
});it won't pass, that's because you set the mock to respond a call where only the setting key is passed, but not the default value.
Another suggestion would be not to mock the config object but to create one using ConfigFactory.fromMap, that will make everything easier.
| @Setting(key = "edc.vault.aws.region", | ||
| description = "The AWS Secrets Manager client will point to the specified region") | ||
| String vaultRegion; |
There was a problem hiding this comment.
AwsClientBuilder#region can identify the endpoint automatically, so it might be better to support required = false
https://github.com/aws/aws-sdk-java-v2/blob/891cf4fb6f37ac671fa91663c23965585fbdd504/core/aws-core/src/main/java/software/amazon/awssdk/awscore/client/builder/AwsClientBuilder.java#L85-L97
There was a problem hiding this comment.
yes, but to be tackled eventually in a separated issue/PR.
| @Setting(key = "edc.vault.aws.region", | ||
| description = "The AWS Secrets Manager client will point to the specified region") | ||
| String vaultRegion; |
There was a problem hiding this comment.
package private for testing
There was a problem hiding this comment.
this is not a good pattern, please see my previous comment
| @Setting(key = "edc.vault.aws.endpoint.override", | ||
| description = "If valued, the AWS Secrets Manager client will point to the specified endpoint", | ||
| required = false) | ||
| String vaultAwsEndpointOverride; |
There was a problem hiding this comment.
package private for testing
| private static ServiceExtensionContext context; | ||
|
|
||
| @BeforeAll | ||
| public static void beforeAll() { | ||
| context = mock(ServiceExtensionContext.class); | ||
| when(context.getMonitor()).thenReturn(mock(Monitor.class)); | ||
| } |
There was a problem hiding this comment.
AwsSecretsManagerVaultExtension uses only monitor, does not use ServiceExtensionContext
There was a problem hiding this comment.
using DependencyInjectionExtension will make these lines unnecessary
| extension.vaultRegion = "eu-west-1"; | ||
| extension.vaultAwsEndpointOverride = "http://localhost:4566"; |
There was a problem hiding this comment.
I'm trying to use key of @Setting, but I can't find the way to inject the testing value to the field variable. Please let me know how to test @Setting annotated value with key overrides if you know a better way!
There was a problem hiding this comment.
My suggestion is to use the DependencyInjectionExtension that can be found in the edc-junit module.
Then this test can be written this way:
@Test
void configOptionEndpointOverrideProvided_shouldNotThrowException(ObjectFactory factory, ServiceExtensionContext context) {
var config = ConfigFactory.fromMap(Map.of(
"edc.vault.aws.region", "region",
"edc.vault.aws.endpoint.override", "http://localhost:4566"
));
when(context.getConfig()).thenReturn(config);
var extension = factory.constructInstance(AwsSecretsManagerVaultExtension.class);
var vault = extension.createVault(context);
assertThat(vault).extracting("smClient", type(SecretsManagerClient.class)).satisfies(client -> {
assertThat(client.serviceClientConfiguration().endpointOverride()).contains(URI.create("http://localhost:4566"));
});
}and no need to make the setting fields package private
|
@chlorochrule when you are ready for another review please re-request my review, so this will be listed on my "review-to-be-done" tab ;) |
| extension.vaultRegion = "eu-west-1"; | ||
| extension.vaultAwsEndpointOverride = "http://localhost:4566"; |
There was a problem hiding this comment.
My suggestion is to use the DependencyInjectionExtension that can be found in the edc-junit module.
Then this test can be written this way:
@Test
void configOptionEndpointOverrideProvided_shouldNotThrowException(ObjectFactory factory, ServiceExtensionContext context) {
var config = ConfigFactory.fromMap(Map.of(
"edc.vault.aws.region", "region",
"edc.vault.aws.endpoint.override", "http://localhost:4566"
));
when(context.getConfig()).thenReturn(config);
var extension = factory.constructInstance(AwsSecretsManagerVaultExtension.class);
var vault = extension.createVault(context);
assertThat(vault).extracting("smClient", type(SecretsManagerClient.class)).satisfies(client -> {
assertThat(client.serviceClientConfiguration().endpointOverride()).contains(URI.create("http://localhost:4566"));
});
}and no need to make the setting fields package private
| @Setting(key = "edc.vault.aws.region", | ||
| description = "The AWS Secrets Manager client will point to the specified region") | ||
| String vaultRegion; |
There was a problem hiding this comment.
yes, but to be tackled eventually in a separated issue/PR.
| @Setting(key = "edc.vault.aws.region", | ||
| description = "The AWS Secrets Manager client will point to the specified region") | ||
| String vaultRegion; |
There was a problem hiding this comment.
this is not a good pattern, please see my previous comment
| private static ServiceExtensionContext context; | ||
|
|
||
| @BeforeAll | ||
| public static void beforeAll() { | ||
| context = mock(ServiceExtensionContext.class); | ||
| when(context.getMonitor()).thenReturn(mock(Monitor.class)); | ||
| } |
There was a problem hiding this comment.
using DependencyInjectionExtension will make these lines unnecessary
|
|
||
| return new AwsSecretsManagerVault(smClient, context.getMonitor(), | ||
| new AwsSecretsManagerVaultDefaultSanitationStrategy(context.getMonitor())); | ||
| } | ||
|
|
||
| private SecretsManagerClient buildSmClient(String vaultRegion) { | ||
| private SecretsManagerClient buildSmClient(String vaultRegion, URI vaultEndpointOverride) { |
There was a problem hiding this comment.
I would inline this method as it's not really giving any improvement.
What this PR changes/adds
AwsSecretsManagerVaultExtensiondo not allow to override AWS endpoint. However,S3CoreExtensionallows it. So, I implements endpoint overrides inAwsSecretsManagerVaultusingedc.aws.endpoint.overridethe same param ofS3CoreExtension.Why it does that
For AWS-compatible services like localstack.
Closes #486