set up contract tests for secrets manager

Author: yiyuan-he

appsignals-tests/contract-tests/src/test/java/software/amazon/opentelemetry/appsignals/test/awssdk/base/AwsSdkBaseTest.java

@@ -23,6 +23,9 @@
 import java.util.List;
 import java.util.Map;
 import java.util.Set;
+import java.util.regex.Pattern;
+import java.util.regex.PatternSyntaxException;
+
 import org.assertj.core.api.ThrowingConsumer;
 import org.junit.jupiter.api.AfterAll;
 import org.junit.jupiter.api.BeforeAll;
@@ -42,7 +45,8 @@ public abstract class AwsSdkBaseTest extends ContractTestBase {
               LocalStackContainer.Service.S3,
               LocalStackContainer.Service.DYNAMODB,
               LocalStackContainer.Service.SQS,
-              LocalStackContainer.Service.KINESIS)
+              LocalStackContainer.Service.KINESIS,
+              LocalStackContainer.Service.SECRETSMANAGER)
           .withEnv("DEFAULT_REGION", "us-west-2")
           .withNetwork(network)
           .withEnv("LOCALSTACK_HOST", "127.0.0.1")
@@ -102,6 +106,8 @@ protected String getApplicationWaitPattern() {
 
   protected abstract String getBedrockAgentRuntimeSpanNamePrefix();
 
+  protected abstract String getSecretsManagerSpanNamePrefix();
+
   protected abstract String getS3RpcServiceName();
 
   protected abstract String getDynamoDbRpcServiceName();
@@ -118,6 +124,8 @@ protected String getApplicationWaitPattern() {
 
   protected abstract String getBedrockAgentRuntimeRpcServiceName();
 
+  protected abstract String getSecretsManagerRpcServiceName();
+
   private String getS3ServiceName() {
     return "AWS::S3";
   }
@@ -150,6 +158,8 @@ private String getBedrockRuntimeServiceName() {
     return "AWS::BedrockRuntime";
   }
 
+  private String getSecretsManagerServiceName() { return "AWS::SecretsManager"; }
+
   private String s3SpanName(String operation) {
     return String.format("%s.%s", getS3SpanNamePrefix(), operation);
   }
@@ -182,10 +192,37 @@ private String bedrockAgentRuntimeSpanName(String operation) {
     return String.format("%s.%s", getBedrockAgentRuntimeSpanNamePrefix(), operation);
   }
 
+  private String secretsManagerSpanName(String operation) {
+    return String.format("%s.%s", getSecretsManagerSpanNamePrefix(), operation);
+  }
+
+  private boolean isValidRegex(String pattern) {
+    try {
+      Pattern.compile(pattern);
+      return true;
+    } catch (PatternSyntaxException e) {
+      return false;
+    }
+  }
+
   protected ThrowingConsumer<KeyValue> assertAttribute(String key, String value) {
     return (attribute) -> {
       assertThat(attribute.getKey()).isEqualTo(key);
-      assertThat(attribute.getValue().getStringValue()).isEqualTo(value);
+      var actualValue = attribute.getValue().getStringValue();
+
+      if (isValidRegex(value)) {
+        System.out.println("ASSERTING REGEX: " + actualValue + "equivalent to " + value);
+        assertThat(actualValue).matches(value);
+        if (!actualValue.matches(value)) {
+          System.out.println("ASSERTION FAILED between: " + actualValue + " and " + value);
+        }
+      } else {
+        System.out.println("ASSERTING EXACT: " + actualValue + "equivalent to " + value);
+        assertThat(actualValue).isEqualTo(value);
+        if (!actualValue.equals(value)) {
+          System.out.println("ASSERTION FAILED between: " + actualValue + " and " + value);
+        }
+      }
     };
   }
 
@@ -413,13 +450,14 @@ private void assertAwsAttributes(
             .satisfiesOnlyOnce(assertAttribute(AppSignalsConstants.AWS_REMOTE_OPERATION, operation))
             .satisfiesOnlyOnce(assertAttribute(AppSignalsConstants.AWS_REMOTE_SERVICE, service))
             .satisfiesOnlyOnce(assertAttribute(AppSignalsConstants.AWS_SPAN_KIND, spanKind));
-    if (type != null && identifier != null) {
+    if (type != null && identifier != null && clouformationIdentifier != null) {
       assertions.satisfiesOnlyOnce(
           assertAttribute(AppSignalsConstants.AWS_REMOTE_RESOURCE_TYPE, type));
       assertions.satisfiesOnlyOnce(
           assertAttribute(AppSignalsConstants.AWS_REMOTE_RESOURCE_IDENTIFIER, identifier));
       assertions.satisfiesOnlyOnce(
-              assertAttribute(AppSignalsConstants.AWS_CLOUDFORMATION_PRIMARY_IDENTIFIER, clouformationIdentifier));
+          assertAttribute(
+              AppSignalsConstants.AWS_CLOUDFORMATION_PRIMARY_IDENTIFIER, clouformationIdentifier));
     }
   }
 
@@ -1995,7 +2033,8 @@ protected void doTestBedrockGuardrailId() {
     var localOperation = "GET /bedrock/getguardrail";
     String type = "AWS::Bedrock::Guardrail";
     String identifier = "test-bedrock-guardrail";
-    String cloudformationIdentifier = "arn:aws:bedrock:us-east-1:000000000000:guardrail/test-bedrock-guardrail";
+    String cloudformationIdentifier =
+        "arn:aws:bedrock:us-east-1:000000000000:guardrail/test-bedrock-guardrail";
     assertSpanClientAttributes(
         traces,
         bedrockSpanName("GetGuardrail"),
@@ -2015,7 +2054,8 @@ protected void doTestBedrockGuardrailId() {
             assertAttribute(
                 SemanticConventionsConstants.AWS_GUARDRAIL_ID, "test-bedrock-guardrail"),
             assertAttribute(
-                SemanticConventionsConstants.AWS_GUARDRAIL_ARN, "arn:aws:bedrock:us-east-1:000000000000:guardrail/test-bedrock-guardrail")));
+                SemanticConventionsConstants.AWS_GUARDRAIL_ARN,
+                "arn:aws:bedrock:us-east-1:000000000000:guardrail/test-bedrock-guardrail")));
     assertMetricClientAttributes(
         metrics,
         AppSignalsConstants.LATENCY_METRIC,
@@ -2185,4 +2225,71 @@ protected void doTestBedrockAgentRuntimeKnowledgeBaseId() {
         cloudformationIdentifier,
         0.0);
   }
+
+  protected void doTestSecretsManagerCreateSecret() throws Exception {
+    appClient.get("/secretsmanager/createsecret/test-secret-id").aggregate().join();
+    var traces = mockCollectorClient.getTraces();
+    var metrics = mockCollectorClient.getMetrics(
+            Set.of(
+                    AppSignalsConstants.ERROR_METRIC,
+                    AppSignalsConstants.FAULT_METRIC,
+                    AppSignalsConstants.LATENCY_METRIC
+            )
+    );
+    var localService = getApplicationOtelServiceName();
+    var localOperation = "GET /secretsmanager/createsecret/:secretId";
+    var type = "AWS::SecretsManager::Secret";
+    var identifier = "test-secret-id-[A-Za-z0-9]{6}";
+    var cloudformationIdentifier = "arn:aws:secretsmanager:us-west-2:000000000000:secret:test-secret-id-[A-Za-z0-9]{6}";
+
+    assertSpanClientAttributes(
+        traces,
+        secretsManagerSpanName("CreateSecret"),
+        getSecretsManagerRpcServiceName(),
+        localService,
+        localOperation,
+        getSecretsManagerServiceName(),
+        "CreateSecret",
+        type,
+        identifier,
+        cloudformationIdentifier,
+        "localstack",
+        4566,
+        "http://localstack:4566",
+        200,
+        List.of(assertAttribute(SemanticConventionsConstants.AWS_SECRET_ARN, "arn:aws:secretsmanager:us-west-2:000000000000:secret:test-secret-id-[A-Za-z0-9]{6}")));
+    assertMetricClientAttributes(
+        metrics,
+        AppSignalsConstants.LATENCY_METRIC,
+        localService,
+        localOperation,
+        getSecretsManagerServiceName(),
+        "CreateSecret",
+        type,
+        identifier,
+        cloudformationIdentifier,
+        5000.0);
+    assertMetricClientAttributes(
+        metrics,
+        AppSignalsConstants.FAULT_METRIC,
+        localService,
+        localOperation,
+        getSecretsManagerServiceName(),
+        "CreateSecret",
+        type,
+        identifier,
+        cloudformationIdentifier,
+        0.0);
+    assertMetricClientAttributes(
+        metrics,
+        AppSignalsConstants.ERROR_METRIC,
+        localService,
+        localOperation,
+        getSecretsManagerServiceName(),
+        "CreateSecret",
+        type,
+        identifier,
+        cloudformationIdentifier,
+        0.0);
+  }
 }

appsignals-tests/contract-tests/src/test/java/software/amazon/opentelemetry/appsignals/test/awssdk/v1/AwsSdkV1Test.java

@@ -76,6 +76,11 @@ protected String getBedrockAgentRuntimeSpanNamePrefix() {
     return "AWSBedrockAgentRuntime";
   }
 
+  @Override
+  protected String getSecretsManagerSpanNamePrefix() {
+    return "AWSSecretsManager";
+  }
+
   protected String getS3RpcServiceName() {
     return "Amazon S3";
   }
@@ -90,6 +95,11 @@ protected String getSqsRpcServiceName() {
     return "AmazonSQS";
   }
 
+  @Override
+  protected String getSecretsManagerRpcServiceName() {
+    return "AWSSecretsManager";
+  }
+
   protected String getKinesisRpcServiceName() {
     return "AmazonKinesis";
   }
@@ -235,4 +245,7 @@ void testBedrockAgentRuntimeAgentId() {
   void testBedrockAgentRuntimeKnowledgeBaseId() {
     doTestBedrockAgentRuntimeKnowledgeBaseId();
   }
+
+  @Test
+  void testSecretsManagerCreateSecret() throws Exception { doTestSecretsManagerCreateSecret(); }
 }

appsignals-tests/contract-tests/src/test/java/software/amazon/opentelemetry/appsignals/test/awssdk/v2/AwsSdkV2Test.java

@@ -75,6 +75,9 @@ protected String getBedrockAgentRuntimeSpanNamePrefix() {
     return "BedrockAgentRuntime";
   }
 
+  @Override
+  protected String getSecretsManagerSpanNamePrefix() { return "SecretsManager"; }
+
   @Override
   protected String getS3RpcServiceName() {
     return "S3";
@@ -114,6 +117,9 @@ protected String getBedrockAgentRuntimeRpcServiceName() {
     return "BedrockAgentRuntime";
   }
 
+  @Override
+  protected String getSecretsManagerRpcServiceName() { return "SecretsManager"; }
+
   @Test
   void testS3CreateBucket() throws Exception {
     doTestS3CreateBucket();
@@ -240,4 +246,7 @@ void testBedrockAgentRuntimeAgentId() {
   //  void testBedrockAgentRuntimeKnowledgeBaseId() {
   //    doTestBedrockAgentRuntimeKnowledgeBaseId();
   //  }
+
+  @Test
+  void testSecretsManagerCreateSecret() throws Exception { doTestSecretsManagerCreateSecret(); }
 }

appsignals-tests/contract-tests/src/test/java/software/amazon/opentelemetry/appsignals/test/utils/AppSignalsConstants.java

@@ -31,7 +31,8 @@ public class AppSignalsConstants {
   public static final String AWS_REMOTE_OPERATION = "aws.remote.operation";
   public static final String AWS_REMOTE_RESOURCE_TYPE = "aws.remote.resource.type";
   public static final String AWS_REMOTE_RESOURCE_IDENTIFIER = "aws.remote.resource.identifier";
-  public static final String AWS_CLOUDFORMATION_PRIMARY_IDENTIFIER = "aws.remote.resource.cfn.primary.identifier";
+  public static final String AWS_CLOUDFORMATION_PRIMARY_IDENTIFIER =
+      "aws.remote.resource.cfn.primary.identifier";
   public static final String AWS_SPAN_KIND = "aws.span.kind";
   public static final String AWS_REMOTE_DB_USER = "aws.remote.db.user";
 }

appsignals-tests/contract-tests/src/test/java/software/amazon/opentelemetry/appsignals/test/utils/SemanticConventionsConstants.java

@@ -64,6 +64,7 @@ public class SemanticConventionsConstants {
   public static final String AWS_GUARDRAIL_ID = "aws.bedrock.guardrail.id";
   public static final String AWS_GUARDRAIL_ARN = "aws.bedrock.guardrail.arn";
   public static final String GEN_AI_REQUEST_MODEL = "gen_ai.request.model";
+  public static final String AWS_SECRET_ARN = "aws.secretsmanager.secret.arn";
 
   // kafka
   public static final String MESSAGING_CLIENT_ID = "messaging.client_id";

appsignals-tests/images/aws-sdk/aws-sdk-v1/build.gradle.kts

@@ -37,6 +37,7 @@ dependencies {
   implementation("com.amazonaws:aws-java-sdk-bedrockagent")
   implementation("com.amazonaws:aws-java-sdk-bedrockruntime")
   implementation("com.amazonaws:aws-java-sdk-bedrockagentruntime")
+  implementation("com.amazonaws:aws-java-sdk-secretsmanager")
   implementation("commons-logging:commons-logging")
   implementation("com.linecorp.armeria:armeria")
   implementation("com.fasterxml.jackson.core:jackson-databind:2.13.3")

appsignals-tests/images/aws-sdk/aws-sdk-v1/src/main/java/com/amazon/sampleapp/App.java

@@ -52,10 +52,13 @@
 import com.amazonaws.services.s3.model.GetObjectRequest;
 import com.amazonaws.services.s3.model.PutObjectRequest;
 import com.amazonaws.services.s3.model.Region;
+import com.amazonaws.services.secretsmanager.model.CreateSecretRequest;
+import com.amazonaws.services.secretsmanager.model.DescribeSecretRequest;
 import com.amazonaws.services.sqs.AmazonSQSClient;
 import com.amazonaws.services.sqs.model.CreateQueueRequest;
 import com.amazonaws.services.sqs.model.ReceiveMessageRequest;
 import com.amazonaws.services.sqs.model.SendMessageRequest;
+import com.amazonaws.services.secretsmanager.AWSSecretsManagerClient;
 import java.io.File;
 import java.io.IOException;
 import java.net.http.HttpClient;
@@ -122,6 +125,7 @@ public static void main(String[] args) throws IOException, InterruptedException
     setupSqs();
     setupKinesis();
     setupBedrock();
+    setupSecretsManager();
 
     // Add this log line so that we only start testing after all routes are configured.
     awaitInitialization();
@@ -631,4 +635,17 @@ private static void setupBedrock() {
           return "";
         });
   }
+
+  private static void setupSecretsManager() {
+      var secretsManagerClient = AWSSecretsManagerClient.builder().withCredentials(CREDENTIALS_PROVIDER).withEndpointConfiguration(endpointConfiguration).build();
+
+      get (
+          "/secretsmanager/createsecret/:secretId",
+          (req, res) -> {
+            var secretId = req.params(":secretId");
+            var createSecretRequest = new CreateSecretRequest().withName(secretId);
+            secretsManagerClient.createSecret(createSecretRequest);
+            return "";
+          });
+  }
 }

appsignals-tests/images/aws-sdk/aws-sdk-v2/build.gradle.kts

@@ -37,6 +37,7 @@ dependencies {
   implementation("software.amazon.awssdk:bedrockagent")
   implementation("software.amazon.awssdk:bedrockruntime")
   implementation("software.amazon.awssdk:bedrockagentruntime")
+  implementation("software.amazon.awssdk:secretsmanager")
   implementation("commons-logging:commons-logging")
   implementation("com.linecorp.armeria:armeria")
   implementation("com.fasterxml.jackson.core:jackson-databind:2.13.3")

appsignals-tests/images/aws-sdk/aws-sdk-v2/src/main/java/com/amazon/sampleapp/App.java

@@ -65,6 +65,10 @@
 import software.amazon.awssdk.services.s3.model.CreateBucketRequest;
 import software.amazon.awssdk.services.s3.model.GetObjectRequest;
 import software.amazon.awssdk.services.s3.model.PutObjectRequest;
+import software.amazon.awssdk.services.secretsmanager.SecretsManagerClient;
+import software.amazon.awssdk.services.secretsmanager.model.CreateSecretRequest;
+import software.amazon.awssdk.services.secretsmanager.model.DescribeSecretRequest;
+import software.amazon.awssdk.services.secretsmanager.model.DescribeSecretResponse;
 import software.amazon.awssdk.services.sqs.SqsClient;
 import software.amazon.awssdk.services.sqs.model.CreateQueueRequest;
 import software.amazon.awssdk.services.sqs.model.ReceiveMessageRequest;
@@ -119,6 +123,7 @@ public static void main(String[] args) throws IOException, InterruptedException
     setupSqs();
     setupKinesis();
     setupBedrock();
+    setupSecretsManager();
     // Add this log line so that we only start testing after all routes are configured.
     awaitInitialization();
     logger.info("All routes initialized");
@@ -658,4 +663,17 @@ private static void setupBedrock() {
           return "";
         });
   }
+
+  private static void setupSecretsManager() {
+    var secretsManagerClient = SecretsManagerClient.builder().endpointOverride(endpoint).credentialsProvider(CREDENTIALS_PROVIDER).build();
+
+    get(
+        "/secretsmanager/createsecret/:secretId",
+        (req, res) -> {
+          var secretId = req.params(":secretId");
+          var createSecretRequest = CreateSecretRequest.builder().name(secretId).build();
+          secretsManagerClient.createSecret(createSecretRequest);
+          return "";
+        });
+  }
 }