This repository has been archived by the owner on Apr 11, 2024. It is now read-only.
forked from opensearch-project/opensearch-migrations
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add option to use AWS secret in auth header for Replayer requests (op…
…ensearch-project#265) * MIGRATIONS-1191: Add support for auth secret in Replayer and IaC Signed-off-by: Tanner Lewis <[email protected]>
- Loading branch information
Showing
9 changed files
with
225 additions
and
37 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
43 changes: 43 additions & 0 deletions
43
...apture/trafficReplayer/src/main/java/org/opensearch/migrations/replay/AWSAuthService.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,43 @@ | ||
package org.opensearch.migrations.replay; | ||
|
||
import com.amazonaws.secretsmanager.caching.SecretCache; | ||
import lombok.extern.slf4j.Slf4j; | ||
|
||
import java.nio.charset.Charset; | ||
import java.util.Base64; | ||
|
||
@Slf4j | ||
public class AWSAuthService implements AutoCloseable { | ||
|
||
private final SecretCache secretCache; | ||
|
||
public AWSAuthService(SecretCache secretCache) { | ||
this.secretCache = secretCache; | ||
} | ||
|
||
public AWSAuthService() { | ||
this(new SecretCache()); | ||
} | ||
|
||
// SecretId here can be either the unique name of the secret or the secret ARN | ||
public String getSecret(String secretId) { | ||
return secretCache.getSecretString(secretId); | ||
} | ||
|
||
/** | ||
* This method returns a Basic Auth header string, with the username:password Base64 encoded | ||
* @param username The plaintext username | ||
* @param secretId The unique name of the secret or the secret ARN from AWS Secrets Manager. Its retrieved value | ||
* will fill the password part of the Basic Auth header | ||
* @return Basic Auth header string | ||
*/ | ||
public String getBasicAuthHeaderFromSecret(String username, String secretId) { | ||
String authHeaderString = username + ":" + getSecret(secretId); | ||
return "Basic " + Base64.getEncoder().encodeToString(authHeaderString.getBytes(Charset.defaultCharset())); | ||
} | ||
|
||
@Override | ||
public void close() { | ||
secretCache.close(); | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
32 changes: 32 additions & 0 deletions
32
...re/trafficReplayer/src/test/java/org/opensearch/migrations/replay/AWSAuthServiceTest.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,32 @@ | ||
package org.opensearch.migrations.replay; | ||
|
||
import com.amazonaws.secretsmanager.caching.SecretCache; | ||
import org.junit.jupiter.api.Assertions; | ||
import org.junit.jupiter.api.Test; | ||
import org.junit.jupiter.api.extension.ExtendWith; | ||
import org.mockito.Mock; | ||
import org.mockito.junit.jupiter.MockitoExtension; | ||
|
||
import static org.mockito.Mockito.when; | ||
|
||
@ExtendWith(MockitoExtension.class) | ||
public class AWSAuthServiceTest { | ||
|
||
@Mock | ||
private SecretCache secretCache; | ||
|
||
@Test | ||
public void testBasicAuthHeaderFromSecret() { | ||
String testSecretId = "testSecretId"; | ||
String testUsername = "testAdmin"; | ||
String expectedResult = "Basic dGVzdEFkbWluOmFkbWluUGFzcw=="; | ||
|
||
when(secretCache.getSecretString(testSecretId)).thenReturn("adminPass"); | ||
|
||
AWSAuthService awsAuthService = new AWSAuthService(secretCache); | ||
String header = awsAuthService.getBasicAuthHeaderFromSecret(testUsername, testSecretId); | ||
Assertions.assertEquals(expectedResult, header); | ||
} | ||
|
||
|
||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.