Add support for plain text secrets (#638)

snigdhasjg · web-flow · commit f074d2fdb83b · 2023-01-27T14:18:01.000+01:00
Fixes #636
diff --git a/docs/src/main/asciidoc/secrets-manager.adoc b/docs/src/main/asciidoc/secrets-manager.adoc
@@ -123,6 +123,15 @@ Spring Boot 2.4 changed the ways files are loaded which means profile loading ha
 Link to Spring Boot reference docs about file specific loading: https://docs.spring.io/spring-boot/docs/current/reference/htmlsingle/#boot-features-external-config-files-profile-specific[Reference Docs]
 Read more on the official https://spring.io/blog/2020/08/14/config-file-processing-in-spring-boot-2-4[Spring Blog]
 
+==== Using plain text secrets
+
+If a `SecretString` is a plain text, use secret name to retrieve its value.
+For example, we have JDBC url as plain text secret type with name `/secrets/jdbc-url`. Secret value can be retrieved by referencing secret name:
+[source,properties]
+----
+spring.datasource.url=${jdbc-url}
+----
+
 ==== IAM Permissions
 Following IAM permissions are required by Spring Cloud AWS:
 
diff --git a/spring-cloud-aws-secrets-manager-config/src/main/java/io/awspring/cloud/secretsmanager/AwsSecretsManagerPropertySource.java b/spring-cloud-aws-secrets-manager-config/src/main/java/io/awspring/cloud/secretsmanager/AwsSecretsManagerPropertySource.java
@@ -24,6 +24,7 @@
 import com.amazonaws.services.secretsmanager.model.GetSecretValueRequest;
 import com.amazonaws.services.secretsmanager.model.GetSecretValueResult;
 import com.amazonaws.services.secretsmanager.model.ResourceNotFoundException;
+import com.fasterxml.jackson.core.JsonParseException;
 import com.fasterxml.jackson.core.JsonProcessingException;
 import com.fasterxml.jackson.core.type.TypeReference;
 import com.fasterxml.jackson.databind.ObjectMapper;
@@ -87,8 +88,8 @@ public Object getProperty(String name) {
 	}
 
 	private void readSecretValue(GetSecretValueRequest secretValueRequest) {
+		GetSecretValueResult secretValueResult = source.getSecretValue(secretValueRequest);
 		try {
-			GetSecretValueResult secretValueResult = source.getSecretValue(secretValueRequest);
 			Map<String, Object> secretMap = jsonMapper.readValue(secretValueResult.getSecretString(),
 					new TypeReference<Map<String, Object>>() {
 					});
@@ -99,6 +100,14 @@ private void readSecretValue(GetSecretValueRequest secretValueRequest) {
 				properties.put(propertyKey, secretEntry.getValue());
 			}
 		}
+		catch (JsonParseException e) {
+			// If the secret is not a JSON string, then it is a simple "plain text" string
+			String[] parts = secretValueResult.getName().split("/");
+			String secretName = parts[parts.length - 1];
+			LOG.debug("Populating property retrieved from AWS Secrets Manager: " + secretName);
+			String propertyKey = prefix != null ? prefix + secretName : secretName;
+			properties.put(propertyKey, secretValueResult.getSecretString());
+		}
 		catch (JsonProcessingException e) {
 			throw new RuntimeException(e);
 		}
diff --git a/spring-cloud-aws-secrets-manager-config/src/test/java/io/awspring/cloud/secretsmanager/AwsSecretsManagerPropertySourceTest.java b/spring-cloud-aws-secrets-manager-config/src/test/java/io/awspring/cloud/secretsmanager/AwsSecretsManagerPropertySourceTest.java
@@ -20,7 +20,6 @@
 import com.amazonaws.services.secretsmanager.model.GetSecretValueRequest;
 import com.amazonaws.services.secretsmanager.model.GetSecretValueResult;
 import com.amazonaws.services.secretsmanager.model.ResourceNotFoundException;
-import com.fasterxml.jackson.core.JsonProcessingException;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
 import org.mockito.ArgumentCaptor;
@@ -87,13 +86,31 @@ void throwsExceptionWhenSecretNotFound() {
 	}
 
 	@Test
-	void throwsExceptionWhenSecretIsNotJsonSecret() {
+	void shouldProcessTextSecretWhenSecretIsNotJsonSecret() {
 		GetSecretValueResult secretValueResult = new GetSecretValueResult()
-				.withSecretString("plain text secret string, not json secret");
-		when(client.getSecretValue(any(GetSecretValueRequest.class))).thenReturn(secretValueResult);
+				.withSecretString("plain text secret string, not json secret").withName("/config/myservice");
+		when(client.getSecretValue(secretValueRequestArgumentCaptor.capture())).thenReturn(secretValueResult);
+
+		propertySource.init();
+
+		assertThat(secretValueRequestArgumentCaptor.getValue().getSecretId()).isEqualTo("/config/myservice");
+		assertThat(propertySource.getPropertyNames()).containsExactly("myservice");
+		assertThat(propertySource.getProperty("myservice")).isEqualTo("plain text secret string, not json secret");
+	}
+
+	@Test
+	void shouldProcessTextSecretWithPrefix() {
+		propertySource = new AwsSecretsManagerPropertySource("/config/myservice2?prefix=service2.", client);
+		GetSecretValueResult secretValueResult = new GetSecretValueResult()
+				.withSecretString("plain text secret string, not json secret").withName("/config/myservice2");
+		when(client.getSecretValue(secretValueRequestArgumentCaptor.capture())).thenReturn(secretValueResult);
 
-		assertThatThrownBy(() -> propertySource.init()).isInstanceOf(RuntimeException.class)
-				.extracting(Throwable::getCause).isInstanceOf(JsonProcessingException.class);
+		propertySource.init();
+
+		assertThat(secretValueRequestArgumentCaptor.getValue().getSecretId()).isEqualTo("/config/myservice2");
+		assertThat(propertySource.getPropertyNames()).containsExactly("service2.myservice2");
+		assertThat(propertySource.getProperty("service2.myservice2"))
+				.isEqualTo("plain text secret string, not json secret");
 	}
 
 }
