From a53159719acf557d3428b3416ee40633e2543b2f Mon Sep 17 00:00:00 2001 From: Naoto Minami Date: Thu, 14 Nov 2024 01:09:57 +0900 Subject: [PATCH] feat: allow endpoint overrides in AwsSecretsManagerVault --- .../aws/AwsSecretsManagerVaultExtension.java | 18 ++++++++++++++---- .../AwsSecretsManagerVaultExtensionTest.java | 11 +++++++++++ 2 files changed, 25 insertions(+), 4 deletions(-) diff --git a/extensions/common/vault/vault-aws/src/main/java/org/eclipse/edc/vault/aws/AwsSecretsManagerVaultExtension.java b/extensions/common/vault/vault-aws/src/main/java/org/eclipse/edc/vault/aws/AwsSecretsManagerVaultExtension.java index feac7887..b95e8300 100644 --- a/extensions/common/vault/vault-aws/src/main/java/org/eclipse/edc/vault/aws/AwsSecretsManagerVaultExtension.java +++ b/extensions/common/vault/vault-aws/src/main/java/org/eclipse/edc/vault/aws/AwsSecretsManagerVaultExtension.java @@ -23,6 +23,9 @@ import software.amazon.awssdk.regions.Region; import software.amazon.awssdk.services.secretsmanager.SecretsManagerClient; +import java.net.URI; +import java.util.Optional; + /** * This extension registers an implementation of the Vault interface for AWS Secrets Manager. * It also registers a VaultPrivateKeyResolver and VaultCertificateResolver, which store and retrieve certificates @@ -36,6 +39,9 @@ public class AwsSecretsManagerVaultExtension implements ServiceExtension { @Setting private static final String VAULT_AWS_REGION = "edc.vault.aws.region"; + @Setting + private static final String AWS_ENDPOINT_OVERRIDE = "edc.aws.endpoint.override"; + @Override public String name() { return NAME; @@ -44,17 +50,21 @@ public String name() { @Provider public Vault createVault(ServiceExtensionContext context) { var vaultRegion = context.getConfig().getString(VAULT_AWS_REGION); + var vaultEndpointOverride = Optional.of(AWS_ENDPOINT_OVERRIDE) + .map(key -> context.getSetting(key, null)) + .map(URI::create) + .orElse(null); - var smClient = buildSmClient(vaultRegion); + var smClient = buildSmClient(vaultRegion, vaultEndpointOverride); return new AwsSecretsManagerVault(smClient, context.getMonitor(), new AwsSecretsManagerVaultDefaultSanitationStrategy(context.getMonitor())); } - private SecretsManagerClient buildSmClient(String vaultRegion) { + private SecretsManagerClient buildSmClient(String vaultRegion, URI vaultEndpointOverride) { var builder = SecretsManagerClient.builder() - .region(Region.of(vaultRegion)); + .region(Region.of(vaultRegion)) + .endpointOverride(vaultEndpointOverride); return builder.build(); } - } diff --git a/extensions/common/vault/vault-aws/src/test/java/org/eclipse/edc/vault/aws/AwsSecretsManagerVaultExtensionTest.java b/extensions/common/vault/vault-aws/src/test/java/org/eclipse/edc/vault/aws/AwsSecretsManagerVaultExtensionTest.java index 6fbd43e4..eb229395 100644 --- a/extensions/common/vault/vault-aws/src/test/java/org/eclipse/edc/vault/aws/AwsSecretsManagerVaultExtensionTest.java +++ b/extensions/common/vault/vault-aws/src/test/java/org/eclipse/edc/vault/aws/AwsSecretsManagerVaultExtensionTest.java @@ -47,4 +47,15 @@ void configOptionRegionProvided_shouldNotThrowException() { extension.createVault(validContext); } + @Test + void configOptionEndpointOverrideProvided_shouldNotThrowException() { + ServiceExtensionContext validContext = mock(ServiceExtensionContext.class); + Config cfg = mock(); + when(cfg.getString("edc.vault.aws.region")).thenReturn("eu-west-1"); + when(cfg.getString("edc.aws.endpoint.override")).thenReturn("http://localhost:4566"); + when(validContext.getConfig()).thenReturn(cfg); + when(validContext.getMonitor()).thenReturn(monitor); + + extension.createVault(validContext); + } }