• Home
• com.goldmansachs.accelrx
• application
• 1.0.0-beta.7
• source code
• SecretsManagerCryptoSecretProvider.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

com.gs.api.accelrx.crypto.secrets.SecretsManagerCryptoSecretProvider Maven / Gradle / Ivy

package com.gs.api.accelrx.crypto.secrets;

import com.gs.api.accelrx.aws.client.AwsClientConfig;
import com.gs.api.accelrx.aws.client.AwsClientConfigurer;
import com.gs.api.accelrx.context.RxContextHelper;
import com.gs.api.accelrx.crypto.CryptoSecretSourceConfig;
import io.reactivex.rxjava3.core.Single;
import io.vertx.rxjava3.core.Vertx;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import software.amazon.awssdk.services.secretsmanager.SecretsManagerAsyncClient;
import software.amazon.awssdk.services.secretsmanager.model.GetSecretValueRequest;
import software.amazon.awssdk.utils.builder.SdkBuilder;

public class SecretsManagerCryptoSecretProvider implements CryptoSecretProvider {
    private static final Logger logger = LoggerFactory.getLogger(SecretsManagerCryptoSecretProvider.class);

    private final Vertx vertx;
    private final SecretsManagerAsyncClient secretsManagerClient;
    private final String secretId;
    private final String versionId;
    private final String versionStage;

    private SecretsManagerCryptoSecretProvider(Vertx vertx, SecretsManagerAsyncClient secretsManagerClient, String secretId, String versionId, String versionStage) {
        this.vertx = vertx;
        this.secretsManagerClient = secretsManagerClient;
        this.secretId = secretId;
        this.versionId = versionId;
        this.versionStage = versionStage;
    }

    public static Single create(Vertx vertx,
                                                                    String secretId,
                                                                    CryptoSecretSourceConfig.SecretsManagerConfig secretsManagerConfig) {
        return secretsManagerClient(vertx, secretsManagerConfig.client())
                .map(secretsManagerClient -> {
                    String versionId = secretsManagerConfig.versionId();
                    String versionStage = secretsManagerConfig.versionStage();
                    return new SecretsManagerCryptoSecretProvider(vertx, secretsManagerClient, secretId, versionId, versionStage);
                });
    }

    @Override
    public Single getCryptoSecret() {
        GetSecretValueRequest.Builder requestBuilder = GetSecretValueRequest.builder().secretId(secretId);

        if (versionId != null) {
            requestBuilder.versionId(versionId);
        }

        if (versionStage != null) {
            requestBuilder.versionStage(versionStage);
        }

        return Single.defer(() -> {
            return Single.fromCompletionStage(secretsManagerClient.getSecretValue(requestBuilder.build()))
                    .compose(RxContextHelper.captureAndRestoreVertxContext(vertx))
                    .filter(response -> response.secretString() != null)
                    // `onErrorResumeWith()` catches both http errors thrown by `getSecretValue()` as well as anything
                    // thrown by `toSingle()` below
                    .toSingle()
                    .onErrorResumeWith(Single.error(new RuntimeException("Unable to read secret with secredId=" + secretId)))
                    .map(response -> new CryptoSecret(secretId, response.secretString().getBytes()));
        });
    }

    protected static Single secretsManagerClient(Vertx vertx, AwsClientConfig clientConfig) {
        return AwsClientConfigurer.configure(vertx, SecretsManagerAsyncClient.builder(), clientConfig)
                .map(SdkBuilder::build);
    }
}