feat: allow endpoint overrides in AwsSecretsManagerVault

extensions/common/vault/vault-aws/src/main/java/org/eclipse/edc/vault/aws/AwsSecretsManagerVaultExtension.java

@@ -23,6 +23,9 @@
 import software.amazon.awssdk.regions.Region;
 import software.amazon.awssdk.services.secretsmanager.SecretsManagerClient;
 
+import java.net.URI;
+import java.util.Optional;
+
 /**
  * This extension registers an implementation of the Vault interface for AWS Secrets Manager.
  * It also registers a VaultPrivateKeyResolver and VaultCertificateResolver, which store and retrieve certificates
@@ -33,8 +36,14 @@
 public class AwsSecretsManagerVaultExtension implements ServiceExtension {
     public static final String NAME = "AWS Secrets Manager Vault";
 
-    @Setting
-    private static final String VAULT_AWS_REGION = "edc.vault.aws.region";
+    @Setting(key = "edc.vault.aws.region",
+            description = "The AWS Secrets Manager client will point to the specified region")
+    String vaultRegion;
+
+    @Setting(key = "edc.vault.aws.endpoint.override",
+            description = "If valued, the AWS Secrets Manager client will point to the specified endpoint",
+            required = false)
+    String vaultAwsEndpointOverride;
 
     @Override
     public String name() {
@@ -43,18 +52,20 @@ public String name() {
 
     @Provider
     public Vault createVault(ServiceExtensionContext context) {
-        var vaultRegion = context.getConfig().getString(VAULT_AWS_REGION);
+        var vaultEndpointOverride = Optional.ofNullable(vaultAwsEndpointOverride)
+                .map(URI::create)
+                .orElse(null);
 
-        var smClient = buildSmClient(vaultRegion);
+        var smClient = buildSmClient(vaultRegion, vaultEndpointOverride);
 
         return new AwsSecretsManagerVault(smClient, context.getMonitor(),
                 new AwsSecretsManagerVaultDefaultSanitationStrategy(context.getMonitor()));
     }
 
-    private SecretsManagerClient buildSmClient(String vaultRegion) {
+    private SecretsManagerClient buildSmClient(String vaultRegion, URI vaultEndpointOverride) {
         var builder = SecretsManagerClient.builder()
-                .region(Region.of(vaultRegion));
+                .region(Region.of(vaultRegion))
+                .endpointOverride(vaultEndpointOverride);
         return builder.build();
     }
-
 }

extensions/common/vault/vault-aws/src/test/java/org/eclipse/edc/vault/aws/AwsSecretsManagerVaultExtensionTest.java

@@ -16,35 +16,59 @@
 
 import org.eclipse.edc.spi.monitor.Monitor;
 import org.eclipse.edc.spi.system.ServiceExtensionContext;
-import org.eclipse.edc.spi.system.configuration.Config;
 import org.junit.jupiter.api.Assertions;
+import org.junit.jupiter.api.BeforeAll;
 import org.junit.jupiter.api.Test;
+import software.amazon.awssdk.regions.Region;
+import software.amazon.awssdk.services.secretsmanager.SecretsManagerClient;
 
+import java.net.URI;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.InstanceOfAssertFactories.type;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.when;
 
 class AwsSecretsManagerVaultExtensionTest {
+    private static ServiceExtensionContext context;
+
+    @BeforeAll
+    public static void beforeAll() {
+        context = mock(ServiceExtensionContext.class);
+        when(context.getMonitor()).thenReturn(mock(Monitor.class));
+    }
 
-    private final Monitor monitor = mock(Monitor.class);
-    private final AwsSecretsManagerVaultExtension extension = new AwsSecretsManagerVaultExtension();
 
     @Test
     void configOptionRegionNotProvided_shouldThrowException() {
+        var extension = new AwsSecretsManagerVaultExtension();
         ServiceExtensionContext invalidContext = mock(ServiceExtensionContext.class);
-        when(invalidContext.getMonitor()).thenReturn(monitor);
 
         Assertions.assertThrows(NullPointerException.class, () -> extension.createVault(invalidContext));
     }
 
     @Test
     void configOptionRegionProvided_shouldNotThrowException() {
-        ServiceExtensionContext validContext = mock(ServiceExtensionContext.class);
-        Config cfg = mock();
-        when(cfg.getString("edc.vault.aws.region")).thenReturn("eu-west-1");
-        when(validContext.getConfig()).thenReturn(cfg);
-        when(validContext.getMonitor()).thenReturn(monitor);
+        var extension = new AwsSecretsManagerVaultExtension();
+        extension.vaultRegion = "eu-west-1";
+
+        var vault = extension.createVault(context);
 
-        extension.createVault(validContext);
+        assertThat(vault).extracting("smClient", type(SecretsManagerClient.class)).satisfies(client -> {
+            assertThat(client.serviceClientConfiguration().region()).isEqualTo(Region.of("eu-west-1"));
+        });
     }
 
+    @Test
+    void configOptionEndpointOverrideProvided_shouldNotThrowException() {
+        var extension = new AwsSecretsManagerVaultExtension();
+        extension.vaultRegion = "eu-west-1";
+        extension.vaultAwsEndpointOverride = "http://localhost:4566";
+
+        var vault = extension.createVault(context);
+
+        assertThat(vault).extracting("smClient", type(SecretsManagerClient.class)).satisfies(client -> {
+            assertThat(client.serviceClientConfiguration().endpointOverride()).contains(URI.create("http://localhost:4566"));
+        });
+    }
 }