Merge branch '4.0.x'

spring-cloud · Nov 14, 2023 · a0e8cb2 · a0e8cb2
2 parents 6b274e8 + 613be43
commit a0e8cb2
Show file tree

Hide file tree

Showing 2 changed files with 47 additions and 1 deletion.
diff --git a/...ringframework/cloud/config/server/environment/AwsSecretsManagerEnvironmentRepository.java b/...ringframework/cloud/config/server/environment/AwsSecretsManagerEnvironmentRepository.java
@@ -28,6 +28,7 @@
 import software.amazon.awssdk.services.secretsmanager.SecretsManagerClient;
 import software.amazon.awssdk.services.secretsmanager.model.GetSecretValueRequest;
 import software.amazon.awssdk.services.secretsmanager.model.GetSecretValueResponse;
+import software.amazon.awssdk.services.secretsmanager.model.InvalidRequestException;
 import software.amazon.awssdk.services.secretsmanager.model.ResourceNotFoundException;
 
 import org.springframework.cloud.config.environment.Environment;
@@ -155,7 +156,7 @@ private Map<Object, Object> findProperties(String path, String label) {
 				}
 			}
 		}
-		catch (ResourceNotFoundException | IOException e) {
+		catch (InvalidRequestException | ResourceNotFoundException | IOException e) {
 			log.debug(String.format(
 					"Skip adding propertySource. Unable to load secrets from AWS Secrets Manager for secretId=%s",
 					path), e);

diff --git a/...ramework/cloud/config/server/environment/AwsSecretsManagerEnvironmentRepositoryTests.java b/...ramework/cloud/config/server/environment/AwsSecretsManagerEnvironmentRepositoryTests.java
@@ -42,6 +42,7 @@
 import software.amazon.awssdk.services.secretsmanager.model.CreateSecretRequest;
 import software.amazon.awssdk.services.secretsmanager.model.CreateSecretResponse;
 import software.amazon.awssdk.services.secretsmanager.model.DeleteSecretRequest;
+import software.amazon.awssdk.services.secretsmanager.model.RestoreSecretRequest;
 import software.amazon.awssdk.services.secretsmanager.model.UpdateSecretVersionStageRequest;
 
 import org.springframework.cloud.config.environment.Environment;
@@ -91,6 +92,8 @@ public class AwsSecretsManagerEnvironmentRepositoryTests {
 
 	private final List<String> toBeRemoved = new ArrayList<>();
 
+	private final List<String> markedForDeletion = new ArrayList<>();
+
 	private static Map<String, String> getFooProperties() {
 		return new HashMap<String, String>() {
 			{
@@ -237,6 +240,10 @@ private static Map<String, String> getFooEastReleaseProperties() {
 
 	@AfterEach
 	public void cleanUp() {
+		markedForDeletion
+				.forEach(value -> smClient.restoreSecret(RestoreSecretRequest.builder().secretId(value).build()));
+		markedForDeletion.clear();
+
 		toBeRemoved.forEach(value -> smClient
 				.deleteSecret(DeleteSecretRequest.builder().secretId(value).forceDeleteWithoutRecovery(true).build()));
 		toBeRemoved.clear();
@@ -2502,6 +2509,36 @@ public void testFindOneWithNoSecretsStored() {
 		assertThat(resultEnv).usingRecursiveComparison().withStrictTypeChecking().isEqualTo(environment);
 	}
 
+	@Test
+	public void testFindOneWithExistingApplicationAndNonExistingProfileAndNoDefaultProfileForFooMarkedForDeletion() {
+		String application = "foo";
+		String profile = randomAlphabetic(RandomUtils.nextInt(2, 25));
+		String[] profiles = StringUtils.commaDelimitedListToStringArray(profile);
+
+		String fooPropertiesName = "aws:secrets:/secret/foo/";
+		PropertySource fooProperties = new PropertySource(fooPropertiesName, getFooProperties());
+
+		String applicationDefaultPropertiesName = "aws:secrets:/secret/application-default/";
+		PropertySource applicationDefaultProperties = new PropertySource(applicationDefaultPropertiesName,
+				getApplicationDefaultProperties());
+
+		String applicationPropertiesName = "aws:secrets:/secret/application/";
+		PropertySource applicationProperties = new PropertySource(applicationPropertiesName,
+				getApplicationProperties());
+
+		Environment environment = new Environment(application, profiles, null, null, null);
+		environment.addAll(Arrays.asList(applicationDefaultProperties, fooProperties, applicationProperties));
+
+		putSecrets(environment);
+		deleteSecrets(environment);
+
+		Environment emptyEnvironment = new Environment(application, profiles, null, null, null);
+
+		Environment resultEnv = repository.findOne(application, profile, null);
+
+		assertThat(resultEnv).usingRecursiveComparison().withStrictTypeChecking().isEqualTo(emptyEnvironment);
+	}
+
 	@Test
 	public void factoryCustomizableWithRegion() {
 		AwsSecretsManagerEnvironmentRepositoryFactory factory = new AwsSecretsManagerEnvironmentRepositoryFactory(
@@ -2539,6 +2576,14 @@ private void putSecrets(Environment environment) {
 		}
 	}
 
+	private void deleteSecrets(Environment environment) {
+		for (PropertySource ps : environment.getPropertySources()) {
+			String path = StringUtils.delete(ps.getName(), environmentProperties.getOrigin());
+			smClient.deleteSecret(DeleteSecretRequest.builder().secretId(path).recoveryWindowInDays(30L).build());
+			markedForDeletion.add(path);
+		}
+	}
+
 	private String getSecrets(PropertySource ps) {
 		Map<String, String> map = (Map<String, String>) ps.getSource();
 		try {