add contract tests for SecretsManager

Author: ezhang6811

test/contract-tests/images/applications/TestSimpleApp.AWSSDK.Core/Program.cs

@@ -5,6 +5,7 @@
 using Amazon.DynamoDBv2;
 using Amazon.Kinesis;
 using Amazon.S3;
+using Amazon.SecretsManager;
 using Amazon.SimpleNotificationService;
 using Amazon.SQS;
 using TestSimpleApp.AWSSDK.Core;
@@ -21,6 +22,7 @@
     .AddSingleton<IAmazonS3>(provider => new AmazonS3Client(new AmazonS3Config { ServiceURL = "http://localstack:4566", ForcePathStyle = true }))
     .AddSingleton<IAmazonSQS>(provider => new AmazonSQSClient(new AmazonSQSConfig { ServiceURL = "http://localstack:4566" }))
     .AddSingleton<IAmazonKinesis>(provider => new AmazonKinesisClient(new AmazonKinesisConfig { ServiceURL = "http://localstack:4566" }))
+    .AddSingleton<IAmazonSecretsManager>(provider => new AmazonSecretsManagerClient(new AmazonSecretsManagerConfig { ServiceURL = "http://localstack:4566" }))
     .AddSingleton<IAmazonSimpleNotificationService>(provider => new AmazonSimpleNotificationServiceClient(new AmazonSimpleNotificationServiceConfig { ServiceURL = "http://localstack:4566" }))
     // Bedrock services are not supported by localstack, so we mock the API responses on the aws-application-signals-tests-testsimpleapp server.
     .AddSingleton<IAmazonBedrock>(provider => new AmazonBedrockClient(new AmazonBedrockConfig { ServiceURL = "http://localhost:8080" }))
@@ -32,17 +34,20 @@
     .AddKeyedSingleton<IAmazonS3>("fault-s3", new AmazonS3Client(AmazonClientConfigHelper.CreateConfig<AmazonS3Config>(true)))
     .AddKeyedSingleton<IAmazonSQS>("fault-sqs", new AmazonSQSClient(AmazonClientConfigHelper.CreateConfig<AmazonSQSConfig>(true)))
     .AddKeyedSingleton<IAmazonKinesis>("fault-kinesis", new AmazonKinesisClient(new AmazonKinesisConfig { ServiceURL = "http://localstack:4566" }))
+    .AddKeyedSingleton<IAmazonSecretsManager>("fault-secretsmanager", new AmazonSecretsManagerClient(new AmazonSecretsManagerConfig { ServiceURL = "http://localstack:4566" }))
     .AddKeyedSingleton<IAmazonSimpleNotificationService>("fault-sns", new AmazonSimpleNotificationServiceClient(new AmazonSimpleNotificationServiceConfig { ServiceURL = "http://localstack:4566" }))
     //error client
     .AddKeyedSingleton<IAmazonDynamoDB>("error-ddb", new AmazonDynamoDBClient(AmazonClientConfigHelper.CreateConfig<AmazonDynamoDBConfig>()))
     .AddKeyedSingleton<IAmazonS3>("error-s3", new AmazonS3Client(AmazonClientConfigHelper.CreateConfig<AmazonS3Config>()))
     .AddKeyedSingleton<IAmazonSQS>("error-sqs", new AmazonSQSClient(AmazonClientConfigHelper.CreateConfig<AmazonSQSConfig>()))
     .AddKeyedSingleton<IAmazonKinesis>("error-kinesis", new AmazonKinesisClient(new AmazonKinesisConfig { ServiceURL = "http://localstack:4566" }))
+    .AddKeyedSingleton<IAmazonSecretsManager>("error-secretsmanager", new AmazonSecretsManagerClient(new AmazonSecretsManagerConfig {ServiceURL = "http://localstack:4566" }))
     .AddKeyedSingleton<IAmazonSimpleNotificationService>("error-sns", new AmazonSimpleNotificationServiceClient(new AmazonSimpleNotificationServiceConfig { ServiceURL = "http://localstack:4566" }))
     .AddSingleton<S3Tests>()
     .AddSingleton<DynamoDBTests>()
     .AddSingleton<SQSTests>()
     .AddSingleton<KinesisTests>()
+    .AddSingleton<SecretsManagerTests>()
     .AddSingleton<SNSTests>()
     .AddSingleton<BedrockTests>();
 
@@ -126,6 +131,14 @@
 app.MapGet("kinesis/fault", (KinesisTests kinesis) => kinesis.Fault()).WithName("kinesis-fault").WithOpenApi();
 app.MapGet("kinesis/error", (KinesisTests kinesis) => kinesis.Error()).WithName("kinesis-error").WithOpenApi();
 
+app.MapGet("secretsmanager/createsecret/some-secret", (SecretsManagerTests secretsManager) => secretsManager.CreateSecret())
+    .WithName("create-secret")
+    .WithOpenApi();
+
+app.MapGet("secretsmanager/getsecretvalue/some-secret", (SecretsManagerTests secretsManager) => secretsManager.GetSecretValue())
+    .WithName("get-secret-value")
+    .WithOpenApi();
+
 app.MapGet("sns/createtopic/some-topic", (SNSTests sns) => sns.CreateTopic())
     .WithName("create-topic")
     .WithOpenApi();

test/contract-tests/images/applications/TestSimpleApp.AWSSDK.Core/SecretsManagerTests.cs

@@ -0,0 +1,33 @@
+using Amazon.SecretsManager;
+using Amazon.SecretsManager.Model;
+
+namespace TestSimpleApp.AWSSDK.Core;
+
+public class SecretsManagerTests(
+    IAmazonSecretsManager secretsManager,
+    [FromKeyedServices("fault-secretsmanager")] IAmazonSecretsManager faultSecretsManager,
+    [FromKeyedServices("error-secretsmanager")] IAmazonSecretsManager errorSecretsManager,
+    ILogger<SecretsManagerTests> logger) : ContractTest(logger)
+{
+    public Task<CreateSecretResponse> CreateSecret()
+    {
+        return secretsManager.CreateSecretAsync(new CreateSecretRequest {
+            Name = "test-secret", SecretString = "{\"key\":\"test\",\"value\":\"test\"}"
+        });
+    }
+
+    public Task<GetSecretValueResponse> GetSecretValue()
+    {
+        return secretsManager.GetSecretValueAsync(new GetSecretValueRequest { SecretId = "test-secret" });
+    }
+
+    protected override Task CreateFault(CancellationToken cancellationToken)
+    {
+        return faultSecretsManager.CreateSecretAsync(new CreateSecretRequest { Name = "test-secret" }, cancellationToken);
+    }
+
+    protected override Task CreateError(CancellationToken cancellationToken)
+    {
+        return errorSecretsManager.DeleteSecretAsync(new DeleteSecretRequest { SecretId = "arn:aws:us-east-1:000000000000:test-secret-error" });
+    }
+}

test/contract-tests/images/applications/TestSimpleApp.AWSSDK.Core/TestSimpleApp.AWSSDK.Core.csproj

@@ -10,6 +10,7 @@
         <PackageReference Include="AWSSDK.DynamoDBv2" Version="4.0.0-preview" />
         <PackageReference Include="AWSSDK.Kinesis" Version="4.0.0-preview" />
         <PackageReference Include="AWSSDK.S3" Version="4.0.0-preview" />
+        <PackageReference Include="AWSSDK.SecretsManager" Version="4.0.0-preview" />
         <PackageReference Include="AWSSDK.SimpleNotificationService" Version="4.0.0-preview" />
         <PackageReference Include="AWSSDK.SQS" Version="4.0.0-preview" />
         <PackageReference Include="Microsoft.AspNetCore.OpenApi" Version="8.0.4" />

test/contract-tests/tests/test/amazon/awssdk/awssdk_test.py

@@ -24,10 +24,11 @@
 _logger: Logger = getLogger(__name__)
 _logger.setLevel(INFO)
 
-_AWS_SNS_TOPIC_ARN: str = "aws.sns.topic.arn"
 _AWS_SQS_QUEUE_URL: str = "aws.queue_url"
 _AWS_SQS_QUEUE_NAME: str = "aws.sqs.queue_name"
 _AWS_KINESIS_STREAM_NAME: str = "aws.kinesis.stream_name"
+_AWS_SECRETSMANAGER_SECRET_ARN: str = "aws.secretsmanager.secret.arn"
+_AWS_SNS_TOPIC_ARN: str = "aws.sns.topic.arn"
 _AWS_BEDROCK_GUARDRAIL_ID: str = "aws.bedrock.guardrail.id"
 _AWS_BEDROCK_AGENT_ID: str = "aws.bedrock.agent.id"
 _AWS_BEDROCK_KNOWLEDGE_BASE_ID: str = "aws.bedrock.knowledge_base.id"
@@ -84,7 +85,7 @@ def set_up_dependency_container(cls):
         cls._local_stack: LocalStackContainer = (
             LocalStackContainer(image="localstack/localstack:3.0.2")
             .with_name("localstack")
-            .with_services("s3", "sns", "sqs", "dynamodb", "kinesis")
+            .with_services("s3", "secretsmanager", "sns", "sqs", "dynamodb", "kinesis")
             .with_env("DEFAULT_REGION", "us-west-2")
             .with_kwargs(network=NETWORK_NAME, networking_config=local_stack_networking_config)
         )
@@ -307,6 +308,42 @@ def test_kinesis_error(self):
     #         span_name="Kinesis.CreateStream",
     #     )
 
+    def test_secretsmanager_create_secret(self):
+        self.do_test_requests(
+            "secretsmanager/createsecret/some-secret",
+            "GET",
+            200,
+            0,
+            0,
+            rpc_service="Secrets Manager",
+            remote_service="AWS::SecretsManager",
+            remote_operation="CreateSecret",
+            remote_resource_type="AWS::SecretsManager::Secret",
+            remote_resource_identifier=r"arn:aws:secretsmanager:us-east-1:000000000000:secret:test-secret-[a-zA-Z0-9]{6}$",
+            request_response_specific_attributes={
+                _AWS_SECRETSMANAGER_SECRET_ARN: r"arn:aws:secretsmanager:us-east-1:000000000000:secret:test-secret-[a-zA-Z0-9]{6}$",
+            },
+            span_name="Secrets Manager.CreateSecret",
+        )
+    
+    def test_secretsmanager_get_secret_value(self):
+        self.do_test_requests(
+            "secretsmanager/getsecretvalue/some-secret",
+            "GET",
+            200,
+            0,
+            0,
+            rpc_service="Secrets Manager",
+            remote_service="AWS::SecretsManager",
+            remote_operation="GetSecretValue",
+            remote_resource_type="AWS::SecretsManager::Secret",
+            remote_resource_identifier=r"arn:aws:secretsmanager:us-east-1:000000000000:secret:test-secret-[a-zA-Z0-9]{6}$",
+            request_response_specific_attributes={
+                _AWS_SECRETSMANAGER_SECRET_ARN: r"arn:aws:secretsmanager:us-east-1:000000000000:secret:test-secret-[a-zA-Z0-9]{6}$",
+            },
+            span_name="Secrets Manager.GetSecretValue",
+        )
+
     def test_sns_create_topic(self):
         self.do_test_requests(
             "sns/createtopic/some-topic",

test/contract-tests/tests/test/amazon/base/contract_test_base.py

@@ -1,6 +1,7 @@
 # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
 # SPDX-License-Identifier: Apache-2.0
 import time
+import re
 from logging import INFO, Logger, getLogger
 from typing import Dict, List
 from unittest import TestCase
@@ -162,11 +163,27 @@ def _get_attributes_dict(self, attributes_list: List[KeyValue]) -> Dict[str, Any
             attributes_dict[key] = value
         return attributes_dict
 
+    def _is_regex(self, value: str) -> bool:
+        try:
+            re.compile(value)
+            return True
+        except re.error:
+            return False
+
     def _assert_str_attribute(self, attributes_dict: Dict[str, AnyValue], key: str, expected_value: str):
         self.assertIn(key, attributes_dict)
         actual_value: AnyValue = attributes_dict[key]
         self.assertIsNotNone(actual_value)
-        self.assertEqual(expected_value, actual_value.string_value)
+        if self._is_regex(expected_value):
+            self.assertRegex(actual_value.string_value, expected_value)
+        else:
+            self.assertEqual(expected_value, actual_value.string_value)
+
+    def _assert_regex_attribute(self, attributes_dict: Dict[str, AnyValue], key: str, expected_value: str):
+        self.assertIn(key, attributes_dict)
+        actual_value: AnyValue = attributes_dict[key]
+        self.assertIsNotNone(actual_value)
+        self.assertRegex(actual_value.string_value, expected_value)
 
     def _assert_int_attribute(self, attributes_dict: Dict[str, AnyValue], key: str, expected_value: int) -> None:
         self.assertIn(key, attributes_dict)