Skip to content

Commit

Permalink
Cherrypicking into release 1.13 (#3541)
Browse files Browse the repository at this point in the history
Signed-off-by: Elena Kolevska <[email protected]>
Signed-off-by: Eileen Yu <[email protected]>
Co-authored-by: Yaron Schneider <[email protected]>
Co-authored-by: Eileen Yu <[email protected]>
  • Loading branch information
3 people authored Sep 12, 2024
1 parent 711f39d commit 2671db5
Show file tree
Hide file tree
Showing 4 changed files with 39 additions and 43 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -15,13 +15,14 @@ package metadataschema

import (
"fmt"
"strings"
)

// Built-in authentication profiles
var BuiltinAuthenticationProfiles map[string][]AuthenticationProfile

// ParseBuiltinAuthenticationProfile returns an AuthenticationProfile(s) from a given BuiltinAuthenticationProfile.
func ParseBuiltinAuthenticationProfile(bi BuiltinAuthenticationProfile) ([]AuthenticationProfile, error) {
func ParseBuiltinAuthenticationProfile(bi BuiltinAuthenticationProfile, componentTitle string) ([]AuthenticationProfile, error) {
profiles, ok := BuiltinAuthenticationProfiles[bi.Name]
if !ok {
return nil, fmt.Errorf("built-in authentication profile %s does not exist", bi.Name)
Expand All @@ -30,7 +31,14 @@ func ParseBuiltinAuthenticationProfile(bi BuiltinAuthenticationProfile) ([]Authe
res := make([]AuthenticationProfile, len(profiles))
for i, profile := range profiles {
res[i] = profile

res[i].Metadata = mergedMetadata(bi.Metadata, res[i].Metadata...)

// If component is PostgreSQL, filter out duplicated aws profile fields
if strings.ToLower(componentTitle) == "postgresql" && bi.Name == "aws" {
res[i].Metadata = filterOutDuplicateFields(res[i].Metadata)
}

}
return res, nil
}
Expand All @@ -45,3 +53,29 @@ func mergedMetadata(base []Metadata, add ...Metadata) []Metadata {
res = append(res, add...)
return res
}

// filterOutDuplicateFields removes specific duplicated fields from the metadata
func filterOutDuplicateFields(metadata []Metadata) []Metadata {
duplicateFields := map[string]int{
"awsRegion": 0,
"accessKey": 0,
"secretKey": 0,
}

filteredMetadata := []Metadata{}

for _, field := range metadata {
if _, exists := duplicateFields[field.Name]; !exists {
filteredMetadata = append(filteredMetadata, field)
} else {
if field.Name == "awsRegion" && duplicateFields["awsRegion"] == 0 {
filteredMetadata = append(filteredMetadata, field)
duplicateFields["awsRegion"]++
} else if field.Name != "awsRegion" {
continue
}
}
}

return filteredMetadata
}
2 changes: 1 addition & 1 deletion .build-tools/pkg/metadataschema/validators.go
Original file line number Diff line number Diff line change
Expand Up @@ -67,7 +67,7 @@ func (c *ComponentMetadata) IsValid() error {

// Append built-in authentication profiles
for _, profile := range c.BuiltInAuthenticationProfiles {
appendProfiles, err := ParseBuiltinAuthenticationProfile(profile)
appendProfiles, err := ParseBuiltinAuthenticationProfile(profile, c.Title)
if err != nil {
return err
}
Expand Down
25 changes: 3 additions & 22 deletions secretstores/aws/parameterstore/parameterstore.go
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,6 @@ package parameterstore

import (
"context"
"errors"
"fmt"
"reflect"

Expand All @@ -24,7 +23,6 @@ import (
"github.com/aws/aws-sdk-go/service/ssm/ssmiface"

awsAuth "github.com/dapr/components-contrib/common/authentication/aws"
"github.com/dapr/components-contrib/common/utils"
"github.com/dapr/components-contrib/metadata"
"github.com/dapr/components-contrib/secretstores"
"github.com/dapr/kit/logger"
Expand Down Expand Up @@ -65,32 +63,15 @@ func (s *ssmSecretStore) Init(ctx context.Context, metadata secretstores.Metadat
return err
}

// This check is needed because d.client is set to a mock in tests
if s.client == nil {
s.client, err = s.getClient(meta)
if err != nil {
return err
}
s.client, err = s.getClient(meta)
if err != nil {
return err
}
s.prefix = meta.Prefix

// Validate client connection
var notFoundErr *ssm.ParameterNotFound
if err := s.validateConnection(ctx); err != nil && !errors.As(err, &notFoundErr) {
return fmt.Errorf("error validating access to the aws.parameterstore secret store: %w", err)
}
return nil
}

// validateConnection runs a dummy GetParameterWithContext operation
// to validate the connection credentials
func (s *ssmSecretStore) validateConnection(ctx context.Context) error {
_, err := s.client.GetParameterWithContext(ctx, &ssm.GetParameterInput{
Name: ptr.Of(s.prefix + utils.GetRandOrDefaultString("dapr-test-param")),
})
return err
}

// GetSecret retrieves a secret using a key and returns a map of decrypted string/string values.
func (s *ssmSecretStore) GetSecret(ctx context.Context, req secretstores.GetSecretRequest) (secretstores.GetSecretResponse, error) {
name := req.Name
Expand Down
19 changes: 0 additions & 19 deletions secretstores/aws/parameterstore/parameterstore_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -50,12 +50,6 @@ func (m *mockedSSM) DescribeParametersWithContext(ctx context.Context, input *ss
func TestInit(t *testing.T) {
m := secretstores.Metadata{}
s := NewParameterStore(logger.NewLogger("test"))
s.(*ssmSecretStore).client = &mockedSSM{
GetParameterFn: func(ctx context.Context, input *ssm.GetParameterInput, option ...request.Option) (*ssm.GetParameterOutput, error) {
// Simulate a non error response from AWS SSM
return nil, nil
},
}

t.Run("Init with valid metadata", func(t *testing.T) {
m.Properties = map[string]string{
Expand All @@ -68,19 +62,6 @@ func TestInit(t *testing.T) {
err := s.Init(context.Background(), m)
require.NoError(t, err)
})

t.Run("Init with invalid connection details", func(t *testing.T) {
s.(*ssmSecretStore).client = &mockedSSM{
GetParameterFn: func(ctx context.Context, input *ssm.GetParameterInput, option ...request.Option) (*ssm.GetParameterOutput, error) {
// Simulate a failure that resembles what AWS SSM would return
return nil, fmt.Errorf("wrong-credentials")
},
}

err := s.Init(context.Background(), m)
require.Error(t, err)
require.EqualError(t, err, "error validating access to the aws.parameterstore secret store: wrong-credentials")
})
}

func TestGetSecret(t *testing.T) {
Expand Down

0 comments on commit 2671db5

Please sign in to comment.