Skip to content

WIP: 🌱 feat: secrets manager sdk v2 changes #5614

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
+366 −1,343
Open

WIP: 🌱 feat: secrets manager sdk v2 changes #5614

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
15 changes: 15 additions & 0 deletions pkg/cloud/converters/tags.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@ import (
elbtypes "github.com/aws/aws-sdk-go-v2/service/elasticloadbalancing/types"
elbv2types "github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2/types"
iamtypes "github.com/aws/aws-sdk-go-v2/service/iam/types"
secretsmanagertypes "github.com/aws/aws-sdk-go-v2/service/secretsmanager/types"
ssmtypes "github.com/aws/aws-sdk-go-v2/service/ssm/types"
"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/service/ec2"
Expand Down Expand Up @@ -168,6 +169,20 @@ func MapToSecretsManagerTags(src infrav1.Tags) []*secretsmanager.Tag {
return tags
}

// MapToSecretsManagerTagsV2 converts infrav1.Tags (a map of string key-value pairs) to a slice of Secrets Manager Tag objects for SDK v2.
func MapToSecretsManagerTagsV2(tags infrav1.Tags) []secretsmanagertypes.Tag {
result := make([]secretsmanagertypes.Tag, 0, len(tags))
for k, v := range tags {
key := k
value := v
result = append(result, secretsmanagertypes.Tag{
Key: &key,
Value: &value,
})
}
return result
}

// MapToIAMTags converts a infrav1.Tags to a []*iam.Tag.
func MapToIAMTags(src infrav1.Tags) []iamtypes.Tag {
tags := make([]iamtypes.Tag, 0, len(src))
Expand Down
23 changes: 23 additions & 0 deletions pkg/cloud/endpointsv2/endpoints.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,7 @@ import (
"github.com/aws/aws-sdk-go-v2/service/eventbridge"
rgapi "github.com/aws/aws-sdk-go-v2/service/resourcegroupstaggingapi"
"github.com/aws/aws-sdk-go-v2/service/s3"
"github.com/aws/aws-sdk-go-v2/service/secretsmanager"
"github.com/aws/aws-sdk-go-v2/service/sqs"
"github.com/aws/aws-sdk-go-v2/service/ssm"
smithyendpoints "github.com/aws/smithy-go/endpoints"
Expand Down Expand Up @@ -303,3 +304,25 @@ func (s *SSMEndpointResolver) ResolveEndpoint(ctx context.Context, params ssm.En
params.Region = &endpoint.SigningRegion
return ssm.NewDefaultEndpointResolverV2().ResolveEndpoint(ctx, params)
}

// SecretsManagerEndpointResolver implements EndpointResolverV2 interface for Secrets Manager.
type SecretsManagerEndpointResolver struct {
*MultiServiceEndpointResolver
}

// ResolveEndpoint for Secrets Manager.
func (s *SecretsManagerEndpointResolver) ResolveEndpoint(ctx context.Context, params secretsmanager.EndpointParameters) (smithyendpoints.Endpoint, error) {
// If custom endpoint not found, return default endpoint for the service
log := logger.FromContext(ctx)
endpoint, ok := s.endpoints[secretsmanager.ServiceID]

if !ok {
log.Debug("Custom endpoint not found, using default endpoint")
return secretsmanager.NewDefaultEndpointResolverV2().ResolveEndpoint(ctx, params)
}

log.Debug("Custom endpoint found, using custom endpoint", "endpoint", endpoint.URL)
params.Endpoint = &endpoint.URL
params.Region = &endpoint.SigningRegion
return secretsmanager.NewDefaultEndpointResolverV2().ResolveEndpoint(ctx, params)
}
30 changes: 20 additions & 10 deletions pkg/cloud/scope/clients.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,14 +28,14 @@ import (
"github.com/aws/aws-sdk-go-v2/service/iam"
rgapi "github.com/aws/aws-sdk-go-v2/service/resourcegroupstaggingapi"
"github.com/aws/aws-sdk-go-v2/service/s3"
secretsmanagerv2 "github.com/aws/aws-sdk-go-v2/service/secretsmanager"
"github.com/aws/aws-sdk-go-v2/service/sqs"
"github.com/aws/aws-sdk-go-v2/service/ssm"
"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/aws/awserr"
"github.com/aws/aws-sdk-go/aws/request"
"github.com/aws/aws-sdk-go/service/ec2"
"github.com/aws/aws-sdk-go/service/ec2/ec2iface"
"github.com/aws/aws-sdk-go/service/secretsmanager"
"github.com/aws/aws-sdk-go/service/secretsmanager/secretsmanageriface"
"github.com/aws/aws-sdk-go/service/sts"
"github.com/aws/aws-sdk-go/service/sts/stsiface"
Expand Down Expand Up @@ -224,16 +224,26 @@ func NewResourgeTaggingClient(scopeUser cloud.ScopeUsage, session cloud.Session,
return rgapi.NewFromConfig(cfg, opts...)
}

// NewSecretsManagerClient creates a new Secrets API client for a given session..
func NewSecretsManagerClient(scopeUser cloud.ScopeUsage, session cloud.Session, logger logger.Wrapper, target runtime.Object) secretsmanageriface.SecretsManagerAPI {
secretsClient := secretsmanager.New(session.Session(), aws.NewConfig().WithLogLevel(awslogs.GetAWSLogLevel(logger.GetLogger())).WithLogger(awslogs.NewWrapLogr(logger.GetLogger())))
secretsClient.Handlers.Build.PushFrontNamed(getUserAgentHandler())
secretsClient.Handlers.Sign.PushFront(session.ServiceLimiter(secretsClient.ServiceID).LimitRequest)
secretsClient.Handlers.CompleteAttempt.PushFront(awsmetrics.CaptureRequestMetrics(scopeUser.ControllerName()))
secretsClient.Handlers.CompleteAttempt.PushFront(session.ServiceLimiter(secretsClient.ServiceID).ReviewResponse)
secretsClient.Handlers.Complete.PushBack(recordAWSPermissionsIssue(target))
// NewSecretsManagerClientV2 creates a new Secrets Manager API client for a given session using AWS SDK v2.
func NewSecretsManagerClientV2(scopeUser cloud.ScopeUsage, session cloud.Session, logger logger.Wrapper, target runtime.Object) *secretsmanagerv2.Client {
cfg := session.SessionV2()
multiSvcEndpointResolver := endpointsv2.NewMultiServiceEndpointResolver()
secretsManagerEndpointResolver := &endpointsv2.SecretsManagerEndpointResolver{
MultiServiceEndpointResolver: multiSvcEndpointResolver,
}
secretsManagerOpts := []func(*secretsmanagerv2.Options){
func(o *secretsmanagerv2.Options) {
o.Logger = logger.GetAWSLogger()
o.ClientLogMode = awslogs.GetAWSLogLevelV2(logger.GetLogger())
o.EndpointResolverV2 = secretsManagerEndpointResolver
},
secretsmanagerv2.WithAPIOptions(
awsmetricsv2.WithMiddlewares(scopeUser.ControllerName(), target),
awsmetricsv2.WithCAPAUserAgentMiddleware(),
),
}

return secretsClient
return secretsmanagerv2.NewFromConfig(cfg, secretsManagerOpts...)
}

// NewEKSClient creates a new EKS API client for a given session.
Expand Down
2 changes: 1 addition & 1 deletion pkg/cloud/services/secretsmanager/mock_secretsmanageriface/doc.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,6 @@ limitations under the License.
// Package mock_secretsmanageriface provides a mock interface for the SecretsManager API client.
// Run go generate to regenerate this mock.
//
//go:generate ../../../../../hack/tools/bin/mockgen -destination secretsmanagerapi_mock.go -package mock_secretsmanageriface github.com/aws/aws-sdk-go/service/secretsmanager/secretsmanageriface SecretsManagerAPI
//go:generate ../../../../../hack/tools/bin/mockgen -destination secretsmanagerapi_mock.go -package mock_secretsmanageriface sigs.k8s.io/cluster-api-provider-aws/v2/pkg/cloud/services/secretsmanager SecretsManagerAPI
//go:generate /usr/bin/env bash -c "cat ../../../../../hack/boilerplate/boilerplate.generatego.txt secretsmanagerapi_mock.go > _secretsmanagerapi_mock.go && mv _secretsmanagerapi_mock.go secretsmanagerapi_mock.go"
package mock_secretsmanageriface //nolint:stylecheck
Loading
Loading