feat: Add support for reading configuration from a Secrets Manager

quarkiverse · Jul 2, 2023 · 4b8ef0a · 4b8ef0a
1 parent ced052b
commit 4b8ef0a
Show file tree

Hide file tree

Showing 28 changed files with 1,134 additions and 6 deletions.
diff --git a/bom/pom.xml b/bom/pom.xml
@@ -174,6 +174,16 @@
                 <artifactId>quarkus-amazon-secretsmanager-deployment</artifactId>
                 <version>${project.version}</version>
             </dependency>
+            <dependency>
+                <groupId>io.quarkiverse.amazonservices</groupId>
+                <artifactId>quarkus-amazon-secretsmanager-config</artifactId>
+                <version>${project.version}</version>
+            </dependency>
+            <dependency>
+                <groupId>io.quarkiverse.amazonservices</groupId>
+                <artifactId>quarkus-amazon-secretsmanager-config-deployment</artifactId>
+                <version>${project.version}</version>
+            </dependency>
             <dependency>
                 <groupId>io.quarkiverse.amazonservices</groupId>
                 <artifactId>quarkus-amazon-devservices-ses</artifactId>

diff --git a/...ent/src/main/java/io/quarkus/amazon/common/deployment/AbstractAmazonServiceProcessor.java b/...ent/src/main/java/io/quarkus/amazon/common/deployment/AbstractAmazonServiceProcessor.java
@@ -87,10 +87,10 @@ protected void setupClient(List<RequireAmazonClientBuildItem> clientRequirements
 
         for (RequireAmazonClientBuildItem clientRequirement : clientRequirements) {
 
-            if (clientRequirement.getSyncClassName().filter(syncClientName()::equals).isPresent()) {
+            if (clientRequirement.getSyncClassName().filter(p -> syncClientName().equals(p)).isPresent()) {
                 syncClassName = Optional.of(syncClientName());
             }
-            if (clientRequirement.getAsyncClassName().filter(asyncClientName()::equals).isPresent()) {
+            if (clientRequirement.getAsyncClassName().filter(p -> asyncClientName().equals(p)).isPresent()) {
                 asyncClassName = Optional.of(asyncClientName());
             }
         }
@@ -301,7 +301,7 @@ private void createClientBuilders(
                     .scope(ApplicationScoped.class)
                     .runtimeValue(syncClientBuilder)
                     .done());
-            clientSync.produce(new AmazonClientSyncResultBuildItem(configName));
+            clientSync.produce(new AmazonClientSyncResultBuildItem(configName, syncClientBuilder));
         }
         if (asyncClientBuilder != null) {
             asyncClientBuilder = recorder.configure(asyncClientBuilder, awsConfigRuntime, sdkConfigRuntime,
@@ -311,7 +311,7 @@ private void createClientBuilders(
                     .scope(ApplicationScoped.class)
                     .runtimeValue(asyncClientBuilder)
                     .done());
-            clientAsync.produce(new AmazonClientAsyncResultBuildItem(configName));
+            clientAsync.produce(new AmazonClientAsyncResultBuildItem(configName, asyncClientBuilder));
         }
         if (presignerBuilder != null) {
             presignerBuilder = recorder.configurePresigner(presignerBuilder, awsConfigRuntime, sdkConfigRuntime,

diff --git a/...t/src/main/java/io/quarkus/amazon/common/deployment/AmazonClientAsyncResultBuildItem.java b/...t/src/main/java/io/quarkus/amazon/common/deployment/AmazonClientAsyncResultBuildItem.java
@@ -1,19 +1,27 @@
 package io.quarkus.amazon.common.deployment;
 
 import io.quarkus.builder.item.MultiBuildItem;
+import io.quarkus.runtime.RuntimeValue;
+import software.amazon.awssdk.awscore.client.builder.AwsClientBuilder;
 
 /*
  * Describes what async clients are provided by a given extension
  */
 public final class AmazonClientAsyncResultBuildItem extends MultiBuildItem {
 
     private final String awsClientName;
+    private RuntimeValue<AwsClientBuilder> asyncClientBuilder;
 
-    public AmazonClientAsyncResultBuildItem(String awsClientName) {
+    public AmazonClientAsyncResultBuildItem(String awsClientName, RuntimeValue<AwsClientBuilder> asyncClientBuilder) {
         this.awsClientName = awsClientName;
+        this.asyncClientBuilder = asyncClientBuilder;
     }
 
     public String getAwsClientName() {
         return awsClientName;
     }
+
+    public RuntimeValue<AwsClientBuilder> getAsyncClientBuilder() {
+        return asyncClientBuilder;
+    }
 }
diff --git a/...nt/src/main/java/io/quarkus/amazon/common/deployment/AmazonClientSyncResultBuildItem.java b/...nt/src/main/java/io/quarkus/amazon/common/deployment/AmazonClientSyncResultBuildItem.java
@@ -1,19 +1,27 @@
 package io.quarkus.amazon.common.deployment;
 
 import io.quarkus.builder.item.MultiBuildItem;
+import io.quarkus.runtime.RuntimeValue;
+import software.amazon.awssdk.awscore.client.builder.AwsClientBuilder;
 
 /*
  * Describes what sync clients are provided by a given extension
  */
 public final class AmazonClientSyncResultBuildItem extends MultiBuildItem {
 
     private final String awsClientName;
+    private RuntimeValue<AwsClientBuilder> syncClientBuilder;
 
-    public AmazonClientSyncResultBuildItem(String awsClientName) {
+    public AmazonClientSyncResultBuildItem(String awsClientName, RuntimeValue<AwsClientBuilder> syncClientBuilder) {
         this.awsClientName = awsClientName;
+        this.syncClientBuilder = syncClientBuilder;
     }
 
     public String getAwsClientName() {
         return awsClientName;
     }
+
+    public RuntimeValue<AwsClientBuilder> getSyncClientBuilder() {
+        return syncClientBuilder;
+    }
 }
diff --git a/pom.xml b/pom.xml
@@ -29,6 +29,7 @@
     <module>ssm</module>
     <module>sts</module>
     <module>secretsmanager</module>
+    <module>secretsmanager-config</module>
     <module>docs</module>
     <module>integration-tests</module>
   </modules>

diff --git a/secretsmanager-config/deployment/pom.xml b/secretsmanager-config/deployment/pom.xml
@@ -0,0 +1,70 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+
+    <parent>
+        <groupId>io.quarkiverse.amazonservices</groupId>
+        <artifactId>quarkus-amazon-secretsmanager-config-parent</artifactId>
+        <version>999-SNAPSHOT</version>
+    </parent>
+
+    <artifactId>quarkus-amazon-secretsmanager-config-deployment</artifactId>
+    <name>Quarkus - Amazon Services - Secrets Manager Config - Deployment</name>
+
+    <dependencies>
+        <dependency>
+            <groupId>io.quarkiverse.amazonservices</groupId>
+            <artifactId>quarkus-amazon-common-deployment</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>io.quarkiverse.amazonservices</groupId>
+            <artifactId>quarkus-amazon-common-deployment-devservices-spi</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>io.quarkus</groupId>
+            <artifactId>quarkus-credentials-deployment</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>io.quarkiverse.amazonservices</groupId>
+            <artifactId>quarkus-amazon-secretsmanager-config</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>software.amazon.awssdk</groupId>
+            <artifactId>url-connection-client</artifactId>
+        </dependency>
+
+        <!-- Test dependencies -->
+        <dependency>
+            <groupId>io.quarkus</groupId>
+            <artifactId>quarkus-junit5-internal</artifactId>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>io.rest-assured</groupId>
+            <artifactId>rest-assured</artifactId>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>software.amazon.awssdk</groupId>
+            <artifactId>netty-nio-client</artifactId>
+            <scope>test</scope>
+        </dependency>    
+    </dependencies>
+
+    <build>
+        <plugins>
+            <plugin>
+                <artifactId>maven-compiler-plugin</artifactId>
+                <configuration>
+                    <annotationProcessorPaths>
+                        <path>
+                            <groupId>io.quarkus</groupId>
+                            <artifactId>quarkus-extension-processor</artifactId>
+                            <version>${quarkus.version}</version>
+                        </path>
+                    </annotationProcessorPaths>
+                </configuration>
+            </plugin>
+        </plugins>
+    </build>
+</project>
diff --git a/...kus/amazon/secretsmanager/config/deployment/SecretsManagerConfigDevServicesProcessor.java b/...kus/amazon/secretsmanager/config/deployment/SecretsManagerConfigDevServicesProcessor.java
@@ -0,0 +1,54 @@
+package io.quarkus.amazon.secretsmanager.config.deployment;
+
+import java.util.Map;
+
+import org.testcontainers.containers.localstack.LocalStackContainer;
+import org.testcontainers.containers.localstack.LocalStackContainer.Service;
+
+import io.quarkus.amazon.common.deployment.spi.AbstractDevServicesLocalStackProcessor;
+import io.quarkus.amazon.common.deployment.spi.DevServicesLocalStackProviderBuildItem;
+import io.quarkus.amazon.common.runtime.DevServicesBuildTimeConfig;
+import io.quarkus.amazon.secretsmanager.config.runtime.SecretsManagerConfigBuildTimeConfig;
+import io.quarkus.amazon.secretsmanager.config.runtime.SecretsManagerDevServicesBuildTimeConfig;
+import io.quarkus.deployment.annotations.BuildStep;
+import software.amazon.awssdk.auth.credentials.AwsBasicCredentials;
+import software.amazon.awssdk.auth.credentials.StaticCredentialsProvider;
+import software.amazon.awssdk.http.urlconnection.UrlConnectionHttpClient;
+import software.amazon.awssdk.regions.Region;
+import software.amazon.awssdk.services.secretsmanager.SecretsManagerClient;
+
+public class SecretsManagerConfigDevServicesProcessor extends AbstractDevServicesLocalStackProcessor {
+
+    @BuildStep
+    DevServicesLocalStackProviderBuildItem setupSecretsManager(SecretsManagerConfigBuildTimeConfig clientBuildTimeConfig) {
+        return this.setup(Service.SECRETSMANAGER, clientBuildTimeConfig.devservices);
+    }
+
+    @Override
+    protected void overrideDefaultConfig(Map<String, String> defaultConfig) {
+        for (String key : defaultConfig.keySet().toArray(new String[0])) {
+            defaultConfig.put(key.replace(Service.SECRETSMANAGER.getName(), Service.SECRETSMANAGER.getName() + "-config"),
+                    defaultConfig.remove(key));
+        }
+    }
+
+    @Override
+    protected void prepareLocalStack(DevServicesBuildTimeConfig clientBuildTimeConfig,
+            LocalStackContainer localstack) {
+        createSecrets(localstack, (SecretsManagerDevServicesBuildTimeConfig) clientBuildTimeConfig);
+    }
+
+    public void createSecrets(LocalStackContainer localstack, SecretsManagerDevServicesBuildTimeConfig configuration) {
+        try (SecretsManagerClient client = SecretsManagerClient.builder()
+                .endpointOverride(localstack.getEndpointOverride(LocalStackContainer.Service.S3))
+                .region(Region.of(localstack.getRegion()))
+                .credentialsProvider(StaticCredentialsProvider.create(AwsBasicCredentials
+                        .create(localstack.getAccessKey(), localstack.getSecretKey())))
+                .httpClientBuilder(UrlConnectionHttpClient.builder())
+                .build()) {
+            configuration.secrets.forEach((key, value) -> {
+                client.createSecret(r -> r.name(key).secretString(value));
+            });
+        }
+    }
+}