SecretsManagerException 1 validation error detected: Value null at 'secretId' failed to satisfy constraint: Member must not be null #1469
Description
Describe the bug
Kotlin aws sdk is returning an error when running a Kotlin lambda fetching a secret value using a secret Arn from an event parameter.
Regression Issue
- Select this option if this issue appears to be a regression.
Expected behavior
No error, secret value is returned.
Current behavior
1 validation error detected: Value null at 'secretId' failed to satisfy constraint: Member must not be null: aws.sdk.kotlin.services.secretsmanager.model.SecretsManagerException
aws.sdk.kotlin.services.secretsmanager.model.SecretsManagerException: 1 validation error detected: Value null at 'secretId' failed to satisfy constraint: Member must not be null
at aws.sdk.kotlin.services.secretsmanager.serde.GetSecretValueOperationDeserializerKt.throwGetSecretValueError(GetSecretValueOperationDeserializer.kt:67)
at aws.sdk.kotlin.services.secretsmanager.serde.GetSecretValueOperationDeserializerKt.access$throwGetSecretValueError(GetSecretValueOperationDeserializer.kt:1)
at aws.sdk.kotlin.services.secretsmanager.serde.GetSecretValueOperationDeserializer.deserialize(GetSecretValueOperationDeserializer.kt:37)
at aws.sdk.kotlin.services.secretsmanager.serde.GetSecretValueOperationDeserializer.deserialize(GetSecretValueOperationDeserializer.kt:32)
at aws.smithy.kotlin.runtime.http.operation.DeserializeHandler.call(SdkOperationExecution.kt:347)
at aws.smithy.kotlin.runtime.http.operation.DeserializeHandler$call$1.invokeSuspend(SdkOperationExecution.kt)
at kotlin.coroutines.jvm.internal.BaseContinuationImpl.resumeWith(ContinuationImpl.kt:33)
at kotlinx.coroutines.DispatchedTask.run(DispatchedTask.kt:101)
at kotlinx.coroutines.EventLoopImplBase.processNextEvent(EventLoop.common.kt:263)
at kotlinx.coroutines.BlockingCoroutine.joinBlocking(Builders.kt:95)
at kotlinx.coroutines.BuildersKt__BuildersKt.runBlocking(Builders.kt:69)
at kotlinx.coroutines.BuildersKt.runBlocking(Unknown Source)
at kotlinx.coroutines.BuildersKt__BuildersKt.runBlocking$default(Builders.kt:47)
at kotlinx.coroutines.BuildersKt.runBlocking$default(Unknown Source)
I enabled the SDK logging and got:
"loggerName": "httpTraceMiddleware",
"message": "HttpRequest:\nPOST /\r\nHost: secretsmanager.us-east-1.amazonaws.com\r\nContent-Length: 2\r\nContent-Type: application/x-amz-json-1.1\r\nX-Amz-Target: secretsmanager.GetSecretValue\r\nUser-Agent: aws-sdk-kotlin/1.3.76 ua/2.1 api/secrets-manager#1.3.76 os/linux#5.10.227-239.884.amzn2.x86_64 lang/kotlin#2.0.21 md/javaVersion#21.0.5 md/jvmName#OpenJDK_64-Bit_Server_VM md/jvmVersion#21.0.5+11-LTS exec-env/AWS_Lambda_java21 m/E\r\nx-amz-user-agent: aws-sdk-kotlin/1.3.76\r\namz-sdk-invocation-id: 45c1d291-7636-4821-a045-cc147d4c597d\r\namz-sdk-request: attempt=1; max=3\r\nX-Amz-Date: 20241119T113825Z\r\nX-Amz-Security-Token: IQoJb3JpZ2luX2VjENz//////////wEaCXVzLWVhc3QtMSJHMEUCIQCiXueOAYOFl9/xE7X7Eka+W0k+k2Z3pCaVAJAsC+a9gQIgQ2r1WL/fyT1IplcEzUagfxEevz4cysinAGcyFJS01lIq9gIIdRACGgw0ODA0NjUzNDQwMjUiDK57AJPp23vu6ocLTSrTAgR9hip5wzMRkHenC4k+Atrfi4U2vSV5jG7DPJFVjBxObVj/EF8bUorO0Z8TnL5bDkzxYLhqyUY4Aqadxe6Rq1WX1RdAKERCbANgY4VKh/2diAKVG5gtgNExAZYdggHL43VVEF+KHStS7f4CsPMKathpMS6ptQqBJR+ZkqTKBSUymTW/vQGy0yPsB+piFtC6Cu80HzKeqLC+ISkLplHk/02lfYvmPta1cnuWAO9IGZOpY3eSqWdwQCIFK26Jt9e23fGdhhk5oT8AcHc8Rpzv8dGZ2R09dmiKJSR004iXuRLT6EoK4UV63k0nRIZCyvISM7c+XY3iDxACNbL2zwMqp1D/2Nj6zQdrSRs1Oh/TaOd3Nb+M/GQgSVaUlgkks4fo4tBnotNlaJUaE1XlLJadRIrZjrVb8VITllQXsLXBrBPnGNdwVxh6tE1MOG3VdmsfkBezjDCo8fG5BjqeAd25vtefOUaIvLcbWnlB4LNPbJ8+sGGCffMoYxn6XPj8slMIeKPKS+mwi8NbTZTYKxe/t0FuIeUVgnZXkpGpboBaHiwJ7nCqdwvoqM7BLOsq1bD4kzq2136EQf7qXuz2/4wEpu9K9qfpfvKNZTFudak+Iq+tsdirwdkUwwRwO2rjzK0u07pRvurA55u7bXFhsa+OKsERgt9+IEgGltGT\r\nAuthorization: AWS4-HMAC-SHA256 Credential=ASIAW7XPXKYM2SAQJAT7/20241119/us-east-1/secretsmanager/aws4_request, SignedHeaders=amz-sdk-invocation-id;amz-sdk-request;content-type;host;x-amz-date;x-amz-security-token;x-amz-target;x-amz-user-agent, Signature=30ae3038f0c3715489627b505cbb83d198b62deba261b3a27a909420b9ab8382\r\n\r\n{}",
"level": "DEBUG",
"loggerName": "httpTraceMiddleware",
"message": "HttpResponse:\nHTTP 400: Bad Request\r\nconnection: close\r\ncontent-length: 152\r\ncontent-type: application/x-amz-json-1.1\r\ndate: Tue, 19 Nov 2024 11:38:27 GMT\r\nx-amzn-requestid: 66736b04-94c1-4563-bc1b-4f00a71a50f8\r\n\r\n{\"__type\":\"ValidationException\",\"message\":\"1 validation error detected: Value null at 'secretId' failed to satisfy constraint: Member must not be null\"}",
Steps to Reproduce
Using the following function definitions:
override fun getSecretManager(): SecretsManagerClient {
return SecretsManagerClient {
logMode = LogMode.LogRequestWithBody + LogMode.LogResponseWithBody
region = System.getenv("AWS_REGION")
credentialsProvider = EnvironmentCredentialsProvider()
endpointProvider = object : SecretsManagerEndpointProvider {
override suspend fun resolveEndpoint(params: SecretsManagerEndpointParameters): Endpoint {
return Endpoint(uri = "https://secretsmanager.$region.amazonaws.com")
}
}
}
}
private suspend fun getDatabaseSecret(secretArn: String): DatabaseSecret {
log.info { "Secret: $secretArn" } // This logs the correct secret
val secret = appComponent.getSecretManager().use { client ->
val secretJson = client.getSecretValue {
GetSecretValueRequest {
secretId = secretArn
}
}
log.info { "Secret: $secretJson" }
Json.decodeFromString<DatabaseSecret>(secretJson.secretString!!)
}
return secret
}
Possible Solution
Unknown
Context
The lambda runs in an isolated VPC and has the purpose connect to RDS and execute schema changes.
I setup the connection between the lambda and a vpc endpoint allowing connection to secret manager.
AWS SDK for Kotlin version
1.3.76
Platform (JVM/JS/Native)
JVM
Operating system and version
Lambda Runtime.JAVA_21