From feb7e635e50bdce6cb457f2fc3c9aef2148576bd Mon Sep 17 00:00:00 2001 From: Donovan McGillen Date: Thu, 5 Sep 2019 10:08:07 +0100 Subject: [PATCH] Don't require secret id in user if already given in jdbc url --- README.md | 2 ++ .../sql/AWSSecretsManagerDriver.java | 25 +++++++++++++------ .../sql/AWSSecretsManagerDriverTest.java | 3 +-- 3 files changed, 20 insertions(+), 10 deletions(-) diff --git a/README.md b/README.md index 7c1de46..37647c0 100644 --- a/README.md +++ b/README.md @@ -89,3 +89,5 @@ The secret being used should be in the JSON format we use for our rotation lambd ... } ``` + +Alternatively, you can pass the secret ID as the jdbc uri and omit user. The JDBC connection details such as host, port, dbname will be obtained from your secrets manager secret. diff --git a/src/main/java/com/amazonaws/secretsmanager/sql/AWSSecretsManagerDriver.java b/src/main/java/com/amazonaws/secretsmanager/sql/AWSSecretsManagerDriver.java index 43170fa..62906ae 100644 --- a/src/main/java/com/amazonaws/secretsmanager/sql/AWSSecretsManagerDriver.java +++ b/src/main/java/com/amazonaws/secretsmanager/sql/AWSSecretsManagerDriver.java @@ -354,9 +354,21 @@ public Connection connect(String url, Properties info) throws SQLException { return null; } - String unwrappedUrl = ""; if (url.startsWith(SCHEME)) { // If this is a URL in the correct scheme, unwrap it - unwrappedUrl = unwrapUrl(url); + String unwrappedUrl = unwrapUrl(url); + + if (info != null && info.getProperty("user") != null) { + String credentialsSecretId = info.getProperty("user"); + try { + return connectWithSecret(unwrappedUrl, info, credentialsSecretId); + } catch (InterruptedException e) { + // User driven exception. Throw a runtime exception. + throw new RuntimeException(e); + } + } else { + return getWrappedDriver().connect(unwrappedUrl, info); + } + } else { // Else, assume this is a secret ID and try to retrieve it String secretString = secretCache.getSecretString(url); if (StringUtils.isNullOrEmpty(secretString)) { @@ -364,6 +376,7 @@ public Connection connect(String url, Properties info) throws SQLException { SCHEME + " or a valid retrievable secret ID "); } + String unwrappedUrl = ""; try { JsonNode jsonObject = mapper.readTree(secretString); String endpoint = jsonObject.get("host").asText(); @@ -376,18 +389,14 @@ public Connection connect(String url, Properties info) throws SQLException { // Most likely to occur in the event that the data is not JSON. This is more of a user error. throw new RuntimeException(INVALID_SECRET_STRING_JSON); } - } - if (info != null && info.getProperty("user") != null) { - String credentialsSecretId = info.getProperty("user"); try { - return connectWithSecret(unwrappedUrl, info, credentialsSecretId); + return connectWithSecret(unwrappedUrl, info, url); } catch (InterruptedException e) { // User driven exception. Throw a runtime exception. throw new RuntimeException(e); } - } else { - return getWrappedDriver().connect(unwrappedUrl, info); + } } diff --git a/src/test/java/com/amazonaws/secretsmanager/sql/AWSSecretsManagerDriverTest.java b/src/test/java/com/amazonaws/secretsmanager/sql/AWSSecretsManagerDriverTest.java index 599d306..04c6a15 100644 --- a/src/test/java/com/amazonaws/secretsmanager/sql/AWSSecretsManagerDriverTest.java +++ b/src/test/java/com/amazonaws/secretsmanager/sql/AWSSecretsManagerDriverTest.java @@ -231,9 +231,8 @@ public void test_connect_jdbc_returnsNull() throws SQLException { } @Test - public void test_connect_works_secretId() { + public void test_connect_works_secretId_in_url() { Properties props = new Properties(); - props.setProperty("user", "user"); assertNotThrows(() -> sut.connect("someSecretId", props)); assertEquals(1, DummyDriver.connectCallCount); }