Skip to content

Commit

Permalink
Removes the dummy check for AWS Parameter Store access validation (#3520
Browse files Browse the repository at this point in the history
)

Signed-off-by: Elena Kolevska <[email protected]>
Co-authored-by: Yaron Schneider <[email protected]>
  • Loading branch information
elena-kolevska and yaron2 authored Aug 30, 2024
1 parent dc8b482 commit b6a5e80
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 41 deletions.
25 changes: 3 additions & 22 deletions secretstores/aws/parameterstore/parameterstore.go
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,6 @@ package parameterstore

import (
"context"
"errors"
"fmt"
"reflect"

Expand All @@ -24,7 +23,6 @@ import (
"github.com/aws/aws-sdk-go/service/ssm/ssmiface"

awsAuth "github.com/dapr/components-contrib/common/authentication/aws"
"github.com/dapr/components-contrib/common/utils"
"github.com/dapr/components-contrib/metadata"
"github.com/dapr/components-contrib/secretstores"
"github.com/dapr/kit/logger"
Expand Down Expand Up @@ -67,32 +65,15 @@ func (s *ssmSecretStore) Init(ctx context.Context, metadata secretstores.Metadat
return err
}

// This check is needed because d.client is set to a mock in tests
if s.client == nil {
s.client, err = s.getClient(meta)
if err != nil {
return err
}
s.client, err = s.getClient(meta)
if err != nil {
return err
}
s.prefix = meta.Prefix

// Validate client connection
var notFoundErr *ssm.ParameterNotFound
if err := s.validateConnection(ctx); err != nil && !errors.As(err, &notFoundErr) {
return fmt.Errorf("error validating access to the aws.parameterstore secret store: %w", err)
}
return nil
}

// validateConnection runs a dummy GetParameterWithContext operation
// to validate the connection credentials
func (s *ssmSecretStore) validateConnection(ctx context.Context) error {
_, err := s.client.GetParameterWithContext(ctx, &ssm.GetParameterInput{
Name: ptr.Of(s.prefix + utils.GetRandOrDefaultString("dapr-test-param")),
})
return err
}

// GetSecret retrieves a secret using a key and returns a map of decrypted string/string values.
func (s *ssmSecretStore) GetSecret(ctx context.Context, req secretstores.GetSecretRequest) (secretstores.GetSecretResponse, error) {
name := req.Name
Expand Down
19 changes: 0 additions & 19 deletions secretstores/aws/parameterstore/parameterstore_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -50,12 +50,6 @@ func (m *mockedSSM) DescribeParametersWithContext(ctx context.Context, input *ss
func TestInit(t *testing.T) {
m := secretstores.Metadata{}
s := NewParameterStore(logger.NewLogger("test"))
s.(*ssmSecretStore).client = &mockedSSM{
GetParameterFn: func(ctx context.Context, input *ssm.GetParameterInput, option ...request.Option) (*ssm.GetParameterOutput, error) {
// Simulate a non error response from AWS SSM
return nil, nil
},
}

t.Run("Init with valid metadata", func(t *testing.T) {
m.Properties = map[string]string{
Expand All @@ -68,19 +62,6 @@ func TestInit(t *testing.T) {
err := s.Init(context.Background(), m)
require.NoError(t, err)
})

t.Run("Init with invalid connection details", func(t *testing.T) {
s.(*ssmSecretStore).client = &mockedSSM{
GetParameterFn: func(ctx context.Context, input *ssm.GetParameterInput, option ...request.Option) (*ssm.GetParameterOutput, error) {
// Simulate a failure that resembles what AWS SSM would return
return nil, fmt.Errorf("wrong-credentials")
},
}

err := s.Init(context.Background(), m)
require.Error(t, err)
require.EqualError(t, err, "error validating access to the aws.parameterstore secret store: wrong-credentials")
})
}

func TestGetSecret(t *testing.T) {
Expand Down

0 comments on commit b6a5e80

Please sign in to comment.