Skip to content

Commit

Permalink
events: add Secrets Manager rotation event (#291) (#530)
Browse files Browse the repository at this point in the history
resolves #291

Co-authored-by: Bryan Moffatt <[email protected]>
  • Loading branch information
gnusey and bmoffatt authored Nov 30, 2023
1 parent 110afe9 commit 2ff7818
Show file tree
Hide file tree
Showing 4 changed files with 84 additions and 0 deletions.
38 changes: 38 additions & 0 deletions events/README_SecretsManager_SecretRotationEvent.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,38 @@
# Sample Function

The following is a sample Lambda function that handles a SecretsManager secret rotation event.

```go
package main

import (
"fmt"
"context"

"github.com/aws/aws-lambda-go/lambda"
"github.com/aws/aws-lambda-go/events"
)

func handler(ctx context.Context, event SecretsManagerSecretRotationEvent) error {
fmt.Printf("rotating secret %s with token %s\n",
event.SecretID, event.ClientRequestToken)

switch event.Step {
case "createSecret":
// create
case "setSecret":
// set
case "finishSecret":
// finish
case "testSecret":
// test
}

return nil
}


func main() {
lambda.Start(handler)
}
```
11 changes: 11 additions & 0 deletions events/secretsmanager.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
package events

// SecretsManagerSecretRotationEvent is the event passed to a Lambda function to handle
// automatic secret rotation.
//
// https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets.html#rotate-secrets_how
type SecretsManagerSecretRotationEvent struct {
Step string `json:"Step"`
SecretID string `json:"SecretId"`
ClientRequestToken string `json:"ClientRequestToken"`
}
30 changes: 30 additions & 0 deletions events/secretsmanager_test.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
package events

import (
"encoding/json"
"testing"

"github.com/aws/aws-lambda-go/events/test"
"github.com/stretchr/testify/assert"
)

func TestSecretsManagerSecretRotationEventMarshaling(t *testing.T) {

// 1. read JSON from file
inputJSON := test.ReadJSONFromFile(t, "./testdata/secretsmanager-secret-rotation-event.json")

// 2. de-serialize into Go object
var inputEvent SecretsManagerSecretRotationEvent
if err := json.Unmarshal(inputJSON, &inputEvent); err != nil {
t.Errorf("could not unmarshal event. details: %v", err)
}

// 3. serialize to JSON
outputJSON, err := json.Marshal(inputEvent)
if err != nil {
t.Errorf("could not marshal event. details: %v", err)
}

// 4. check result
assert.JSONEq(t, string(inputJSON), string(outputJSON))
}
5 changes: 5 additions & 0 deletions events/testdata/secretsmanager-secret-rotation-event.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
{
"Step": "createSecret",
"SecretId": "arn:aws:secretsmanager:us-east-1:111122223333:secret:id-ABCD1E",
"ClientRequestToken": "1ab23456-cde7-8912-34fg-h56i78j9k12l"
}

0 comments on commit 2ff7818

Please sign in to comment.