From 9a75c8fc060b8c60a30b263aaae05406c4dc7943 Mon Sep 17 00:00:00 2001 From: Shaun Hare Date: Wed, 12 Jun 2024 22:16:54 +0100 Subject: [PATCH 1/8] fix: added secrets amanger implementation --- .github/workflows/ci.yaml | 4 +- pom.xml | 7 ++ .../java/apiCalls/Utils/generic/BaseAPI.java | 8 +- .../Utils/generic/SecretsManagerClient.java | 76 +++++++++++++++++++ src/main/java/apiCalls/actions/Token.java | 6 +- .../java/apiCalls/eupaActions/BaseAPI.java | 5 +- .../eupaActions/external/UserAPI.java | 4 +- .../eupaActions/internal/CaseWorkerAPI.java | 4 +- .../internal/IrhpPermitStockAPI.java | 2 +- .../internal/IrhpPermitWindowAPI.java | 2 +- .../eupaActions/internal/LicenceAPI.java | 2 +- 11 files changed, 102 insertions(+), 18 deletions(-) create mode 100644 src/main/java/apiCalls/Utils/generic/SecretsManagerClient.java diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 1eac41b..6925244 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -14,6 +14,4 @@ jobs: uses: ./.github/workflows/maven.yaml with: maven-goal: package - needs: security - - + needs: security \ No newline at end of file diff --git a/pom.xml b/pom.xml index aedaa47..8f56d3a 100644 --- a/pom.xml +++ b/pom.xml @@ -108,5 +108,12 @@ snakeyaml 2.2 + + software.amazon.awssdk + secretsmanager + 2.26.0 + + + diff --git a/src/main/java/apiCalls/Utils/generic/BaseAPI.java b/src/main/java/apiCalls/Utils/generic/BaseAPI.java index 5bf1c94..8922a7c 100644 --- a/src/main/java/apiCalls/Utils/generic/BaseAPI.java +++ b/src/main/java/apiCalls/Utils/generic/BaseAPI.java @@ -1,5 +1,3 @@ -package apiCalls.Utils.generic; - import activesupport.http.RestUtils; import activesupport.system.Properties; import apiCalls.actions.Token; @@ -12,10 +10,12 @@ public class BaseAPI extends Token { protected static EnvironmentType env = EnvironmentType.getEnum(Properties.get("env", true)); static Headers headers = new Headers(); - + protected SecretsManagerClient secretsManagerClient = new SecretsManagerClient(); public synchronized String adminJWT() throws HttpException { + String adminUser =secretsManagerClient.getSecret("adminUser"); + String adminPassword = secretsManagerClient.getSecret("adminPassword"); if(getAdminToken() == null){ - generateAdminToken(); + generateAdminToken(adminUser, adminPassword); } return getAdminToken(); } diff --git a/src/main/java/apiCalls/Utils/generic/SecretsManagerClient.java b/src/main/java/apiCalls/Utils/generic/SecretsManagerClient.java new file mode 100644 index 0000000..375e299 --- /dev/null +++ b/src/main/java/apiCalls/Utils/generic/SecretsManagerClient.java @@ -0,0 +1,76 @@ +package apiCalls.Utils.generic; + +import com.amazonaws.services.secretsmanager.AmazonSecretsManager; +import com.amazonaws.services.secretsmanager.AmazonSecretsManagerClientBuilder; +import com.amazonaws.services.secretsmanager.model.GetSecretValueRequest; +import com.amazonaws.services.secretsmanager.model.GetSecretValueResponse; +import com.amazonaws.services.secretsmanager.caching.SecretsManagerCache; +import com.amazonaws.services.secretsmanager.caching.SecretCacheConfiguration; +import com.amazonaws.services.secretsmanager.caching.SecretCacheItem; +import org.json.JSONObject; +import java.time.Duration; +import software.amazon.awssdk.regions.Region; + +public class SecretsManagerClient { + + private SecretsManagerCache cache; + + private final String region = "eu-west-1"; + + private final String secretId = "OLCS-DEVAPPCI-DEVCI-BATCHTESTRUNNER-MAIN-APPLICATION"; + + private AmazonSecretsManager secretsManager; + + public SecretsManagerClient() { + this.secretsManager = AmazonSecretsManagerClientBuilder.defaultClient(); + this.secretsManager.setRegion(Region.of(region)); + + // Create a SecretsManagerCache configuration + SecretCacheConfiguration cacheConfig = SecretCacheConfiguration.builder() + .maxCacheSize(100) // Set the maximum cache size + .cacheItemTTL(Duration.ofMinutes(30)) // Set the cache item TTL + .build(); + } + + // Create the SecretsManagerCache + SecretsManagerCache cache = new SecretsManagerCache(secretsManager, cacheConfig); + + } + + public String getSecret(String secretName) throws IllegalArgumentException { + if (secretName == null || secretName.equals("")) { + throw new IllegalArgumentException("Secret name cannot be null or empty"); + } + + SecretCacheItem secretCacheItem = cache.GetCachedSecret(); + + String secret = null; + if (secretCacheItem != null && secretCacheItem.getSecretString() != null) { + secret = secretCacheItem.getSecretString(); + } + else { + GetSecretValueRequest getSecretValueRequest = new GetSecretValueRequest().withSecretId(secretId); + GetSecretValueResponse getSecretValueResponse = secretsManager.getSecretValue(getSecretValueRequest); + secret = getSecretValueResponse.getSecretString(); + if (secret != null) { + cache.PutSecret(secretId, secret); + } + } + + if (secret == null) { + throw new IllegalStateException("Secret is null"); + } + + JSONObject jsonObject = new JSONObject(secret); + secretValue = jsonObject.optString(secretName, null); + + if (secretValue == null) { + throw new IllegalStateException("Secret name not found in the secret JSON object"); + } + + return secretValue; + } + +} + + diff --git a/src/main/java/apiCalls/actions/Token.java b/src/main/java/apiCalls/actions/Token.java index 980021f..7072ad2 100644 --- a/src/main/java/apiCalls/actions/Token.java +++ b/src/main/java/apiCalls/actions/Token.java @@ -15,14 +15,16 @@ public class Token { private String adminToken; + EnvironmentType env = EnvironmentType.getEnum(Properties.get("env", true)); HashMap header = new HashMap<>(); TokenRequestBuilder tokenBody = new TokenRequestBuilder(); + - public synchronized String generateAdminToken() throws HttpException { + public synchronized String generateAdminToken(String adminUser, String adminPassword) throws HttpException { String adminToken = null; if (getAdminToken() == null) { - adminToken = getToken(Utils.config.getString("adminUser"), Utils.config.getString("adminPassword"), UserType.INTERNAL.asString()); + adminToken = getToken(adminUser, adminPassword, UserType.INTERNAL.asString()); setToken(adminToken); } return adminToken; diff --git a/src/main/java/apiCalls/eupaActions/BaseAPI.java b/src/main/java/apiCalls/eupaActions/BaseAPI.java index 39a4dea..9e239a3 100644 --- a/src/main/java/apiCalls/eupaActions/BaseAPI.java +++ b/src/main/java/apiCalls/eupaActions/BaseAPI.java @@ -20,10 +20,11 @@ public abstract class BaseAPI { private static final Map headers = new HashMap<>(); static { - Token token = new Token(); + SecretsManagerClient secrets = new SecretsManagerClient(); + Token token = new Token(client); URL.build(EnvironmentType.getEnum(Properties.get("env", true))); try { - setHeader( "Authorization", "Bearer " + token.getToken(Utils.config.getString("adminUser"), Utils.config.getString("adminPassword"), UserRoles.INTERNAL.asString())); + setHeader( "Authorization", "Bearer " + token.getToken(secrets.getSecret("adminUser"), secrets.getSecret("adminPassword"), UserRoles.INTERNAL.asString())); } catch (HttpException e) { throw new RuntimeException(e); } diff --git a/src/main/java/apiCalls/eupaActions/external/UserAPI.java b/src/main/java/apiCalls/eupaActions/external/UserAPI.java index 38222c8..74f24c9 100644 --- a/src/main/java/apiCalls/eupaActions/external/UserAPI.java +++ b/src/main/java/apiCalls/eupaActions/external/UserAPI.java @@ -31,7 +31,7 @@ public class UserAPI extends BaseAPI { */ public static PersonModel register(@NotNull UserRegistrationDetailsModel userRegistrationDetailsModel) throws HttpException { Token accessToken = new Token(); - BaseAPI.setHeader("Authorization", "Bearer " + accessToken.getToken(Utils.config.getString("adminUser"), Utils.config.getString("adminPassword"), UserRoles.INTERNAL.asString())); + BaseAPI.setHeader("Authorization", "Bearer " + accessToken.getToken(secrets.getSecret("adminUser"), secrets.getSecret("adminPassword"), UserRoles.INTERNAL.asString())); URL.build(EnvironmentType.getEnum(Properties.get("env", true)), baseResource + "register"); int maxTries = 5; @@ -71,7 +71,7 @@ public static PersonModel register(@NotNull UserRegistrationDetailsModel userReg * @return the information associated with the person passed in as an argument. */ public static UserModel get(@NotNull PersonModel personModel) { - BaseAPI.getHeaders().put("x-pid", Utils.config.getString("apiHeader")); + BaseAPI.getHeaders().put("x-pid", secrets.getSecret("apiHeader")); URL.build(EnvironmentType.getEnum(Properties.get("env", true)), baseResource + personModel.getUserId()); response = RestUtils.get(String.valueOf(URL.getURL()), getHeaders()); diff --git a/src/main/java/apiCalls/eupaActions/internal/CaseWorkerAPI.java b/src/main/java/apiCalls/eupaActions/internal/CaseWorkerAPI.java index 57413dc..b56c2b5 100644 --- a/src/main/java/apiCalls/eupaActions/internal/CaseWorkerAPI.java +++ b/src/main/java/apiCalls/eupaActions/internal/CaseWorkerAPI.java @@ -22,7 +22,7 @@ public class CaseWorkerAPI extends BaseAPI { private static Token accessToken = new Token(); public static void overview(@NotNull OverviewModel overview) throws HttpException { - updateHeader("Authorization", "Bearer " + accessToken.getToken(Utils.config.getString("adminUser"), Utils.config.getString("adminPassword"), UserRoles.INTERNAL.asString())); + updateHeader("Authorization", "Bearer " + accessToken.getToken(secrets.getSecret("adminUser"), secrets.getSecret("adminPassword"), UserRoles.INTERNAL.asString())); URL.build(EnvironmentType.getEnum(Properties.get("env", true)), String.format("application/%s/overview/", overview.getApplicationId())); int version = 1; @@ -43,7 +43,7 @@ public static void overview(@NotNull OverviewModel overview) throws HttpExceptio } public static StandardResponseModel grantApplication(@NotNull GrantApplicationModel grantApplication) throws HttpException { - updateHeader( "Authorization", "Bearer " + accessToken.getToken(Utils.config.getString("adminUser"), Utils.config.getString("adminPassword"), UserRoles.INTERNAL.asString())); + updateHeader( "Authorization", "Bearer " + accessToken.getToken(secrets.getSecret("adminUser"), secrets.getSecret("adminPassword"), UserRoles.INTERNAL.asString())); URL.build(EnvironmentType.getEnum(Properties.get("env", true)), String.format("application/%s/grant/", grantApplication.getId())); response = RestUtils.put(grantApplication, String.valueOf(URL.getURL()), getHeaders()); diff --git a/src/main/java/apiCalls/eupaActions/internal/IrhpPermitStockAPI.java b/src/main/java/apiCalls/eupaActions/internal/IrhpPermitStockAPI.java index 3d7bfd6..4bbee9f 100644 --- a/src/main/java/apiCalls/eupaActions/internal/IrhpPermitStockAPI.java +++ b/src/main/java/apiCalls/eupaActions/internal/IrhpPermitStockAPI.java @@ -19,7 +19,7 @@ public class IrhpPermitStockAPI extends BaseAPI { public static AvailableCountriesModel availableCountries() throws HttpException { Token accessToken = new Token(); - updateHeader( "Authorization", "Bearer " + accessToken.getToken(Utils.config.getString("adminUser"), Utils.config.getString("adminPassword"), UserRoles.INTERNAL.asString())); + updateHeader( "Authorization", "Bearer " + accessToken.getToken(secrets.getSecret("adminUser"), secrets.getSecret("adminPassword"), UserRoles.INTERNAL.asString())); URL.build(EnvironmentType.getEnum(Properties.get("env", true)), baseResource.concat("available-countries/?dto=Dvsa%5COlcs%5CTransfer%5CQuery%5CIrhpPermitStock%5CAvailableCountries")); diff --git a/src/main/java/apiCalls/eupaActions/internal/IrhpPermitWindowAPI.java b/src/main/java/apiCalls/eupaActions/internal/IrhpPermitWindowAPI.java index 457070e..865cfae 100644 --- a/src/main/java/apiCalls/eupaActions/internal/IrhpPermitWindowAPI.java +++ b/src/main/java/apiCalls/eupaActions/internal/IrhpPermitWindowAPI.java @@ -25,7 +25,7 @@ public class IrhpPermitWindowAPI { public static OpenByCountryModel openByCountry(String[] countryIds) throws HttpException { Token accessToken = new Token(); - apiHeaders.apiHeader.put( "Authorization", "Bearer " + accessToken.getToken(Utils.config.getString("adminUser"), Utils.config.getString("adminPassword"), UserRoles.INTERNAL.asString())); + apiHeaders.apiHeader.put( "Authorization", "Bearer " + accessToken.getToken(secrets.getSecret("adminUser"), secrets.getSecret("adminPassword"), UserRoles.INTERNAL.asString())); String openCountries = URL.build(env,"irhp-permit-window/open-by-country").toString(); Map map = new HashMap<>(); diff --git a/src/main/java/apiCalls/eupaActions/internal/LicenceAPI.java b/src/main/java/apiCalls/eupaActions/internal/LicenceAPI.java index 1005527..f49a766 100644 --- a/src/main/java/apiCalls/eupaActions/internal/LicenceAPI.java +++ b/src/main/java/apiCalls/eupaActions/internal/LicenceAPI.java @@ -19,7 +19,7 @@ public class LicenceAPI extends BaseAPI { public static String licenceNumber(@NotNull String licenceId) throws HttpException { Token accessToken = new Token(); - updateHeader( "Authorization", "Bearer " + accessToken.getToken(Utils.config.getString("adminUser"), Utils.config.getString("adminPassword"), UserRoles.INTERNAL.asString())); + updateHeader( "Authorization", "Bearer " + accessToken.getToken(secrets.getSecret("adminUser"), secrets.getSecret("adminPassword"), UserRoles.INTERNAL.asString())); String env = Properties.get("env", true); URL.build(EnvironmentType.getEnum(env), baseResource.concat(licenceId)); From e2f915ad7ba18f9c1957f169b1a755fb8840e496 Mon Sep 17 00:00:00 2001 From: Shaun Hare Date: Wed, 12 Jun 2024 22:19:12 +0100 Subject: [PATCH 2/8] amend snyk --- .snyk | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/.snyk b/.snyk index 259c5cc..fb2a71f 100644 --- a/.snyk +++ b/.snyk @@ -5,31 +5,31 @@ ignore: SNYK-JAVA-ORGYAML-6056527: - '*': reason: None Given - expires: 2024-06-07T14:31:51.386Z + expires: 2024-07-07T14:31:51.386Z created: 2024-05-08T14:31:51.388Z SNYK-JAVA-SOFTWAREAMAZONION-6153869: - '*': reason: None Given - expires: 2024-06-07T14:34:11.840Z + expires: 2024-07-07T14:34:11.840Z created: 2024-05-08T14:34:11.846Z SNYK-JAVA-DOM4J-2812975: - '*': reason: None Given - expires: 2024-06-07T14:38:10.419Z + expires: 2024-07-07T14:38:10.419Z created: 2024-05-08T14:38:10.424Z SNYK-JAVA-DOM4J-174153: - '*': reason: None Given - expires: 2024-06-07T14:38:48.420Z + expires: 2024-07-07T14:38:48.420Z created: 2024-05-08T14:38:48.425Z SNYK-JAVA-ORGYAML-2806360: - '*': reason: None Given - expires: 2024-06-07T14:51:31.152Z + expires: 2024-07-07T14:51:31.152Z created: 2024-05-08T14:51:31.158Z SNYK-JAVA-ORGYAML-537645: - '*': reason: None Given - expires: 2024-06-30T15:24:50.162Z + expires: 2024-07-30T15:24:50.162Z created: 2024-05-31T15:24:50.169Z patch: {} From 0b16a56752abb3432626f93d28c70c365153cee5 Mon Sep 17 00:00:00 2001 From: Shaun Hare Date: Wed, 12 Jun 2024 22:38:44 +0100 Subject: [PATCH 3/8] fix typo failing compilation --- .../java/apiCalls/Utils/generic/SecretsManagerClient.java | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/src/main/java/apiCalls/Utils/generic/SecretsManagerClient.java b/src/main/java/apiCalls/Utils/generic/SecretsManagerClient.java index 375e299..54fec70 100644 --- a/src/main/java/apiCalls/Utils/generic/SecretsManagerClient.java +++ b/src/main/java/apiCalls/Utils/generic/SecretsManagerClient.java @@ -15,14 +15,13 @@ public class SecretsManagerClient { private SecretsManagerCache cache; - private final String region = "eu-west-1"; - - private final String secretId = "OLCS-DEVAPPCI-DEVCI-BATCHTESTRUNNER-MAIN-APPLICATION"; + private final String secretId; private AmazonSecretsManager secretsManager; public SecretsManagerClient() { this.secretsManager = AmazonSecretsManagerClientBuilder.defaultClient(); + String region = "eu-west-1"; this.secretsManager.setRegion(Region.of(region)); // Create a SecretsManagerCache configuration @@ -30,7 +29,7 @@ public SecretsManagerClient() { .maxCacheSize(100) // Set the maximum cache size .cacheItemTTL(Duration.ofMinutes(30)) // Set the cache item TTL .build(); - } + secretId = "OLCS-DEVAPPCI-DEVCI-BATCHTESTRUNNER-MAIN-APPLICATION"; // Create the SecretsManagerCache SecretsManagerCache cache = new SecretsManagerCache(secretsManager, cacheConfig); From d380916ef3342a51497467bc4d739fcc6e65dde9 Mon Sep 17 00:00:00 2001 From: Shaun Hare Date: Wed, 12 Jun 2024 23:00:49 +0100 Subject: [PATCH 4/8] fixed typo and assign issue in SecretsManagerClient --- .../java/apiCalls/Utils/generic/SecretsManagerClient.java | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/main/java/apiCalls/Utils/generic/SecretsManagerClient.java b/src/main/java/apiCalls/Utils/generic/SecretsManagerClient.java index 54fec70..557823d 100644 --- a/src/main/java/apiCalls/Utils/generic/SecretsManagerClient.java +++ b/src/main/java/apiCalls/Utils/generic/SecretsManagerClient.java @@ -30,10 +30,10 @@ public SecretsManagerClient() { .cacheItemTTL(Duration.ofMinutes(30)) // Set the cache item TTL .build(); secretId = "OLCS-DEVAPPCI-DEVCI-BATCHTESTRUNNER-MAIN-APPLICATION"; - + // Create the SecretsManagerCache - SecretsManagerCache cache = new SecretsManagerCache(secretsManager, cacheConfig); - + this.cache = new SecretsManagerCache(secretsManager, cacheConfig); + } public String getSecret(String secretName) throws IllegalArgumentException { From 618493afa48bc92f46950099f410d5984583ab4e Mon Sep 17 00:00:00 2001 From: Shaun Hare Date: Wed, 12 Jun 2024 23:07:06 +0100 Subject: [PATCH 5/8] fixed typo and assign issue in SecretsManagerClient --- src/main/java/apiCalls/Utils/generic/BaseAPI.java | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/main/java/apiCalls/Utils/generic/BaseAPI.java b/src/main/java/apiCalls/Utils/generic/BaseAPI.java index 8922a7c..e34c99b 100644 --- a/src/main/java/apiCalls/Utils/generic/BaseAPI.java +++ b/src/main/java/apiCalls/Utils/generic/BaseAPI.java @@ -1,3 +1,5 @@ +package apiCalls.Utils.generic; + import activesupport.http.RestUtils; import activesupport.system.Properties; import apiCalls.actions.Token; From eaf6966aaae255f736115b73b074d5fcfb39764a Mon Sep 17 00:00:00 2001 From: Shaun Hare Date: Thu, 13 Jun 2024 09:26:20 +0100 Subject: [PATCH 6/8] WIP for pairing --- pom.xml | 7 ------- 1 file changed, 7 deletions(-) diff --git a/pom.xml b/pom.xml index 8f56d3a..aedaa47 100644 --- a/pom.xml +++ b/pom.xml @@ -108,12 +108,5 @@ snakeyaml 2.2 - - software.amazon.awssdk - secretsmanager - 2.26.0 - - - From d700ac6557ee894ad33b1388355a7b6bfc70d282 Mon Sep 17 00:00:00 2001 From: Shaun Hare Date: Thu, 13 Jun 2024 10:01:19 +0100 Subject: [PATCH 7/8] updated secrets code --- pom.xml | 12 +++ .../java/apiCalls/Utils/generic/BaseAPI.java | 2 +- .../Utils/generic/SecretsManager.java | 55 ++++++++++++++ .../Utils/generic/SecretsManagerClient.java | 75 ------------------- 4 files changed, 68 insertions(+), 76 deletions(-) create mode 100644 src/main/java/apiCalls/Utils/generic/SecretsManager.java delete mode 100644 src/main/java/apiCalls/Utils/generic/SecretsManagerClient.java diff --git a/pom.xml b/pom.xml index aedaa47..6aaedb1 100644 --- a/pom.xml +++ b/pom.xml @@ -18,6 +18,8 @@ 5.3.1 3.8.1 https://maven.pkg.github.com/dvsa/vol-api-calls + 1.12.610 + 1.12.610 @@ -108,5 +110,15 @@ snakeyaml 2.2 + + com.amazonaws + aws-java-sdk-secretsmanager + ${aws-secrets-manager.version} + + + com.amazonaws + aws-java-sdk + ${aws-java-sdk-s3.version} + diff --git a/src/main/java/apiCalls/Utils/generic/BaseAPI.java b/src/main/java/apiCalls/Utils/generic/BaseAPI.java index e34c99b..3c14b97 100644 --- a/src/main/java/apiCalls/Utils/generic/BaseAPI.java +++ b/src/main/java/apiCalls/Utils/generic/BaseAPI.java @@ -12,7 +12,7 @@ public class BaseAPI extends Token { protected static EnvironmentType env = EnvironmentType.getEnum(Properties.get("env", true)); static Headers headers = new Headers(); - protected SecretsManagerClient secretsManagerClient = new SecretsManagerClient(); + SecretsManager secretsManagerClient = new SecretsManager(); public synchronized String adminJWT() throws HttpException { String adminUser =secretsManagerClient.getSecret("adminUser"); String adminPassword = secretsManagerClient.getSecret("adminPassword"); diff --git a/src/main/java/apiCalls/Utils/generic/SecretsManager.java b/src/main/java/apiCalls/Utils/generic/SecretsManager.java new file mode 100644 index 0000000..76df58b --- /dev/null +++ b/src/main/java/apiCalls/Utils/generic/SecretsManager.java @@ -0,0 +1,55 @@ +package apiCalls.Utils.generic; + +import com.amazonaws.auth.DefaultAWSCredentialsProviderChain; +import com.amazonaws.regions.Regions; +import com.amazonaws.services.secretsmanager.AWSSecretsManager; +import com.amazonaws.services.secretsmanager.AWSSecretsManagerClientBuilder; +import com.amazonaws.services.secretsmanager.model.*; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; +import org.json.JSONObject; + +public class SecretsManager { + + public static String secretsId = "OLCS-DEVAPPCI-DEVCI-BATCHTESTRUNNER-MAIN-APPLICATION"; + + private static final Logger LOGGER = LogManager.getLogger(SecretsManager.class); + + public static AWSSecretsManager awsClientSetup(){ + Regions region = Regions.EU_WEST_1; + return AWSSecretsManagerClientBuilder + .standard() + .withCredentials(new DefaultAWSCredentialsProviderChain()) + .withRegion(region) + .build(); + } + + public static String getSecret(String secretKey) { + String secret = null; + + GetSecretValueRequest getSecretValueRequest = new GetSecretValueRequest() + .withSecretId(secretsId); + GetSecretValueResult getSecretValueResult = null; + + try { + getSecretValueResult = awsClientSetup().getSecretValue(getSecretValueRequest); + + } catch (ResourceNotFoundException e) { + LOGGER.info("The requested secret " + secretKey + " was not found"); + } catch (InvalidRequestException e) { + LOGGER.info("The request was invalid due to: " + e.getMessage()); + } catch (InvalidParameterException e) { + LOGGER.info("The request had invalid params: " + e.getMessage()); + } + + assert getSecretValueResult != null; + + if (getSecretValueResult != null && getSecretValueResult.getSecretString() != null) { + secret = getSecretValueResult.getSecretString(); + JSONObject jsonObject = new JSONObject(secret); + secret = jsonObject.getString(secretKey); + } + return secret; + } + +} \ No newline at end of file diff --git a/src/main/java/apiCalls/Utils/generic/SecretsManagerClient.java b/src/main/java/apiCalls/Utils/generic/SecretsManagerClient.java deleted file mode 100644 index 557823d..0000000 --- a/src/main/java/apiCalls/Utils/generic/SecretsManagerClient.java +++ /dev/null @@ -1,75 +0,0 @@ -package apiCalls.Utils.generic; - -import com.amazonaws.services.secretsmanager.AmazonSecretsManager; -import com.amazonaws.services.secretsmanager.AmazonSecretsManagerClientBuilder; -import com.amazonaws.services.secretsmanager.model.GetSecretValueRequest; -import com.amazonaws.services.secretsmanager.model.GetSecretValueResponse; -import com.amazonaws.services.secretsmanager.caching.SecretsManagerCache; -import com.amazonaws.services.secretsmanager.caching.SecretCacheConfiguration; -import com.amazonaws.services.secretsmanager.caching.SecretCacheItem; -import org.json.JSONObject; -import java.time.Duration; -import software.amazon.awssdk.regions.Region; - -public class SecretsManagerClient { - - private SecretsManagerCache cache; - - private final String secretId; - - private AmazonSecretsManager secretsManager; - - public SecretsManagerClient() { - this.secretsManager = AmazonSecretsManagerClientBuilder.defaultClient(); - String region = "eu-west-1"; - this.secretsManager.setRegion(Region.of(region)); - - // Create a SecretsManagerCache configuration - SecretCacheConfiguration cacheConfig = SecretCacheConfiguration.builder() - .maxCacheSize(100) // Set the maximum cache size - .cacheItemTTL(Duration.ofMinutes(30)) // Set the cache item TTL - .build(); - secretId = "OLCS-DEVAPPCI-DEVCI-BATCHTESTRUNNER-MAIN-APPLICATION"; - - // Create the SecretsManagerCache - this.cache = new SecretsManagerCache(secretsManager, cacheConfig); - - } - - public String getSecret(String secretName) throws IllegalArgumentException { - if (secretName == null || secretName.equals("")) { - throw new IllegalArgumentException("Secret name cannot be null or empty"); - } - - SecretCacheItem secretCacheItem = cache.GetCachedSecret(); - - String secret = null; - if (secretCacheItem != null && secretCacheItem.getSecretString() != null) { - secret = secretCacheItem.getSecretString(); - } - else { - GetSecretValueRequest getSecretValueRequest = new GetSecretValueRequest().withSecretId(secretId); - GetSecretValueResponse getSecretValueResponse = secretsManager.getSecretValue(getSecretValueRequest); - secret = getSecretValueResponse.getSecretString(); - if (secret != null) { - cache.PutSecret(secretId, secret); - } - } - - if (secret == null) { - throw new IllegalStateException("Secret is null"); - } - - JSONObject jsonObject = new JSONObject(secret); - secretValue = jsonObject.optString(secretName, null); - - if (secretValue == null) { - throw new IllegalStateException("Secret name not found in the secret JSON object"); - } - - return secretValue; - } - -} - - From 561ca6d3ce44b86f3ceb438620e3be96f684f33e Mon Sep 17 00:00:00 2001 From: Stefan Ranoszek Date: Thu, 13 Jun 2024 10:18:06 +0100 Subject: [PATCH 8/8] feat: scrts manager refactoring --- pom.xml | 4 +--- src/main/java/apiCalls/Utils/generic/BaseAPI.java | 13 ++++++++++--- src/main/java/apiCalls/eupaActions/BaseAPI.java | 9 +++++---- .../eupaActions/internal/IrhpPermitWindowAPI.java | 3 ++- 4 files changed, 18 insertions(+), 11 deletions(-) diff --git a/pom.xml b/pom.xml index 6aaedb1..c329ac0 100644 --- a/pom.xml +++ b/pom.xml @@ -6,8 +6,6 @@ vol-api-calls 2.4.1-SNAPSHOT - - 2.2.1 @@ -19,7 +17,7 @@ 3.8.1 https://maven.pkg.github.com/dvsa/vol-api-calls 1.12.610 - 1.12.610 + 1.12.610 diff --git a/src/main/java/apiCalls/Utils/generic/BaseAPI.java b/src/main/java/apiCalls/Utils/generic/BaseAPI.java index 3c14b97..90f477b 100644 --- a/src/main/java/apiCalls/Utils/generic/BaseAPI.java +++ b/src/main/java/apiCalls/Utils/generic/BaseAPI.java @@ -11,11 +11,18 @@ public class BaseAPI extends Token { protected static EnvironmentType env = EnvironmentType.getEnum(Properties.get("env", true)); + protected SecretsManager secrets; + + + public BaseAPI() { + secrets= new SecretsManager(); + } + static Headers headers = new Headers(); - SecretsManager secretsManagerClient = new SecretsManager(); + public synchronized String adminJWT() throws HttpException { - String adminUser =secretsManagerClient.getSecret("adminUser"); - String adminPassword = secretsManagerClient.getSecret("adminPassword"); + String adminUser =secrets.getSecret("adminUser"); + String adminPassword = secrets.getSecret("adminPassword"); if(getAdminToken() == null){ generateAdminToken(adminUser, adminPassword); } diff --git a/src/main/java/apiCalls/eupaActions/BaseAPI.java b/src/main/java/apiCalls/eupaActions/BaseAPI.java index 9e239a3..f9b6778 100644 --- a/src/main/java/apiCalls/eupaActions/BaseAPI.java +++ b/src/main/java/apiCalls/eupaActions/BaseAPI.java @@ -1,6 +1,7 @@ package apiCalls.eupaActions; import activesupport.system.Properties; +import apiCalls.Utils.generic.SecretsManager; import apiCalls.Utils.generic.Utils; import apiCalls.actions.Token; import apiCalls.enums.UserRoles; @@ -18,13 +19,13 @@ public abstract class BaseAPI { private static final Map headers = new HashMap<>(); - + protected static SecretsManager secrets; static { - SecretsManagerClient secrets = new SecretsManagerClient(); - Token token = new Token(client); + secrets = new SecretsManager(); + Token token = new Token(); URL.build(EnvironmentType.getEnum(Properties.get("env", true))); try { - setHeader( "Authorization", "Bearer " + token.getToken(secrets.getSecret("adminUser"), secrets.getSecret("adminPassword"), UserRoles.INTERNAL.asString())); + setHeader( "Authorization", "Bearer " + token.getToken(SecretsManager.getSecret("adminUser"), SecretsManager.getSecret("adminPassword"), UserRoles.INTERNAL.asString())); } catch (HttpException e) { throw new RuntimeException(e); } diff --git a/src/main/java/apiCalls/eupaActions/internal/IrhpPermitWindowAPI.java b/src/main/java/apiCalls/eupaActions/internal/IrhpPermitWindowAPI.java index 865cfae..358e371 100644 --- a/src/main/java/apiCalls/eupaActions/internal/IrhpPermitWindowAPI.java +++ b/src/main/java/apiCalls/eupaActions/internal/IrhpPermitWindowAPI.java @@ -4,6 +4,7 @@ import activesupport.system.Properties; import apiCalls.Utils.eupaBuilders.internal.irhp.permit.stock.OpenByCountryModel; import apiCalls.Utils.generic.Headers; +import apiCalls.Utils.generic.SecretsManager; import apiCalls.Utils.generic.Utils; import apiCalls.actions.Token; import apiCalls.enums.UserRoles; @@ -25,7 +26,7 @@ public class IrhpPermitWindowAPI { public static OpenByCountryModel openByCountry(String[] countryIds) throws HttpException { Token accessToken = new Token(); - apiHeaders.apiHeader.put( "Authorization", "Bearer " + accessToken.getToken(secrets.getSecret("adminUser"), secrets.getSecret("adminPassword"), UserRoles.INTERNAL.asString())); + apiHeaders.apiHeader.put( "Authorization", "Bearer " + accessToken.getToken(SecretsManager.getSecret("adminUser"), SecretsManager.getSecret("adminPassword"), UserRoles.INTERNAL.asString())); String openCountries = URL.build(env,"irhp-permit-window/open-by-country").toString(); Map map = new HashMap<>();