feat: allow endpoint overrides in AwsSecretsManagerVault

eclipse-edc · Nov 13, 2024 · a531597 · a531597
1 parent c43e0bb
commit a531597
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 4 deletions.
diff --git a/...lt/vault-aws/src/main/java/org/eclipse/edc/vault/aws/AwsSecretsManagerVaultExtension.java b/...lt/vault-aws/src/main/java/org/eclipse/edc/vault/aws/AwsSecretsManagerVaultExtension.java
@@ -23,6 +23,9 @@
 import software.amazon.awssdk.regions.Region;
 import software.amazon.awssdk.services.secretsmanager.SecretsManagerClient;
 
+import java.net.URI;
+import java.util.Optional;
+
 /**
  * This extension registers an implementation of the Vault interface for AWS Secrets Manager.
  * It also registers a VaultPrivateKeyResolver and VaultCertificateResolver, which store and retrieve certificates
@@ -36,6 +39,9 @@ public class AwsSecretsManagerVaultExtension implements ServiceExtension {
     @Setting
     private static final String VAULT_AWS_REGION = "edc.vault.aws.region";
 
+    @Setting
+    private static final String AWS_ENDPOINT_OVERRIDE = "edc.aws.endpoint.override";
+
     @Override
     public String name() {
         return NAME;
@@ -44,17 +50,21 @@ public String name() {
     @Provider
     public Vault createVault(ServiceExtensionContext context) {
         var vaultRegion = context.getConfig().getString(VAULT_AWS_REGION);
+        var vaultEndpointOverride = Optional.of(AWS_ENDPOINT_OVERRIDE)
+                .map(key -> context.getSetting(key, null))
+                .map(URI::create)
+                .orElse(null);
 
-        var smClient = buildSmClient(vaultRegion);
+        var smClient = buildSmClient(vaultRegion, vaultEndpointOverride);
 
         return new AwsSecretsManagerVault(smClient, context.getMonitor(),
                 new AwsSecretsManagerVaultDefaultSanitationStrategy(context.getMonitor()));
     }
 
-    private SecretsManagerClient buildSmClient(String vaultRegion) {
+    private SecretsManagerClient buildSmClient(String vaultRegion, URI vaultEndpointOverride) {
         var builder = SecretsManagerClient.builder()
-                .region(Region.of(vaultRegion));
+                .region(Region.of(vaultRegion))
+                .endpointOverride(vaultEndpointOverride);
         return builder.build();
     }
-
 }
diff --git a/...ault-aws/src/test/java/org/eclipse/edc/vault/aws/AwsSecretsManagerVaultExtensionTest.java b/...ault-aws/src/test/java/org/eclipse/edc/vault/aws/AwsSecretsManagerVaultExtensionTest.java
@@ -47,4 +47,15 @@ void configOptionRegionProvided_shouldNotThrowException() {
         extension.createVault(validContext);
     }
 
+    @Test
+    void configOptionEndpointOverrideProvided_shouldNotThrowException() {
+        ServiceExtensionContext validContext = mock(ServiceExtensionContext.class);
+        Config cfg = mock();
+        when(cfg.getString("edc.vault.aws.region")).thenReturn("eu-west-1");
+        when(cfg.getString("edc.aws.endpoint.override")).thenReturn("http://localhost:4566");
+        when(validContext.getConfig()).thenReturn(cfg);
+        when(validContext.getMonitor()).thenReturn(monitor);
+
+        extension.createVault(validContext);
+    }
 }