This is an automated email from the ASF dual-hosted git repository.
davsclaus pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/camel.git
The following commit(s) were added to refs/heads/main by this push:
new 269518f76d0 CAMEL-18479: camel-aws - Capture aws secrets in use making
refresh no need for declaring the secrets
269518f76d0 is described below
commit 269518f76d0802dbe82cc4b616d94e5c97387cd9
Author: Claus Ibsen <[email protected]>
AuthorDate: Wed Sep 7 17:39:54 2022 +0200
CAMEL-18479: camel-aws - Capture aws secrets in use making refresh no need
for declaring the secrets
---
.../SecretsManagerPropertiesFunction.java | 28 ++++++++++++++--
.../vault/CloudTrailReloadTriggerTask.java | 37 ++++++++++++++++++----
.../org/apache/camel/spi/PropertiesComponent.java | 8 +++++
.../component/properties/PropertiesComponent.java | 11 ++-----
4 files changed, 66 insertions(+), 18 deletions(-)
diff --git
a/components/camel-aws/camel-aws-secrets-manager/src/main/java/org/apache/camel/component/aws/secretsmanager/SecretsManagerPropertiesFunction.java
b/components/camel-aws/camel-aws-secrets-manager/src/main/java/org/apache/camel/component/aws/secretsmanager/SecretsManagerPropertiesFunction.java
index ccb7212668a..ae147d7f974 100644
---
a/components/camel-aws/camel-aws-secrets-manager/src/main/java/org/apache/camel/component/aws/secretsmanager/SecretsManagerPropertiesFunction.java
+++
b/components/camel-aws/camel-aws-secrets-manager/src/main/java/org/apache/camel/component/aws/secretsmanager/SecretsManagerPropertiesFunction.java
@@ -17,6 +17,8 @@
package org.apache.camel.component.aws.secretsmanager;
import java.util.Base64;
+import java.util.HashSet;
+import java.util.Set;
import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.JsonNode;
@@ -51,7 +53,7 @@ import
software.amazon.awssdk.services.secretsmanager.model.SecretsManagerExcept
* </ul>
* <p/>
*
- * Otherwise it is possible to specify the credentials as properties:
+ * Otherwise, it is possible to specify the credentials as properties:
*
* <ul>
* <li><tt>camel.vault.aws.accessKey</tt></li>
@@ -72,7 +74,6 @@ import
software.amazon.awssdk.services.secretsmanager.model.SecretsManagerExcept
* <tt>aws:database/username:admin</tt>. The admin value will be returned as
default value, if the conditions above were
* all met.
*/
-
@org.apache.camel.spi.annotations.PropertiesFunction("aws")
public class SecretsManagerPropertiesFunction extends ServiceSupport
implements PropertiesFunction, CamelContextAware {
@@ -84,9 +85,12 @@ public class SecretsManagerPropertiesFunction extends
ServiceSupport implements
private CamelContext camelContext;
private SecretsManagerClient client;
+ private final Set<String> secrets = new HashSet<>();
+
@Override
protected void doStart() throws Exception {
super.doStart();
+
String accessKey = System.getenv(CAMEL_AWS_VAULT_ACCESS_KEY_ENV);
String secretKey = System.getenv(CAMEL_AWS_VAULT_SECRET_KEY_ENV);
String region = System.getenv(CAMEL_AWS_VAULT_REGION_ENV);
@@ -120,8 +124,14 @@ public class SecretsManagerPropertiesFunction extends
ServiceSupport implements
@Override
protected void doStop() throws Exception {
if (client != null) {
- client.close();
+ try {
+ client.close();
+ } catch (Exception e) {
+ // ignore
+ }
+ client = null;
}
+ secrets.clear();
super.doStop();
}
@@ -182,6 +192,10 @@ public class SecretsManagerPropertiesFunction extends
ServiceSupport implements
private String getSecretFromSource(
String key, String subkey, String defaultValue, String version)
throws JsonProcessingException {
+
+ // capture name of secret
+ secrets.add(key);
+
String returnValue;
GetSecretValueRequest request;
GetSecretValueRequest.Builder builder =
GetSecretValueRequest.builder();
@@ -229,4 +243,12 @@ public class SecretsManagerPropertiesFunction extends
ServiceSupport implements
public CamelContext getCamelContext() {
return camelContext;
}
+
+ /**
+ * Ids of the secrets in use
+ */
+ public Set<String> getSecrets() {
+ return secrets;
+ }
+
}
diff --git
a/components/camel-aws/camel-aws-secrets-manager/src/main/java/org/apache/camel/component/aws/secretsmanager/vault/CloudTrailReloadTriggerTask.java
b/components/camel-aws/camel-aws-secrets-manager/src/main/java/org/apache/camel/component/aws/secretsmanager/vault/CloudTrailReloadTriggerTask.java
index 9c093f7f2cd..31cd63f0a10 100644
---
a/components/camel-aws/camel-aws-secrets-manager/src/main/java/org/apache/camel/component/aws/secretsmanager/vault/CloudTrailReloadTriggerTask.java
+++
b/components/camel-aws/camel-aws-secrets-manager/src/main/java/org/apache/camel/component/aws/secretsmanager/vault/CloudTrailReloadTriggerTask.java
@@ -17,11 +17,17 @@
package org.apache.camel.component.aws.secretsmanager.vault;
import java.time.Instant;
+import java.util.Collections;
+import java.util.HashSet;
import java.util.List;
+import java.util.Set;
import org.apache.camel.CamelContext;
import org.apache.camel.CamelContextAware;
+import
org.apache.camel.component.aws.secretsmanager.SecretsManagerPropertiesFunction;
import org.apache.camel.spi.ContextReloadStrategy;
+import org.apache.camel.spi.PropertiesComponent;
+import org.apache.camel.spi.PropertiesFunction;
import org.apache.camel.spi.annotations.PeriodicTask;
import org.apache.camel.support.PatternHelper;
import org.apache.camel.support.service.ServiceSupport;
@@ -56,6 +62,7 @@ public class CloudTrailReloadTriggerTask extends
ServiceSupport implements Camel
private CamelContext camelContext;
private CloudTrailClient cloudTrailClient;
private String secrets;
+ private SecretsManagerPropertiesFunction propertiesFunction;
private volatile Instant lastTime;
public CloudTrailReloadTriggerTask() {
@@ -75,8 +82,16 @@ public class CloudTrailReloadTriggerTask extends
ServiceSupport implements Camel
protected void doStart() throws Exception {
super.doStart();
+ // auto-detect secrets in-use
+ PropertiesComponent pc = camelContext.getPropertiesComponent();
+ PropertiesFunction pf = pc.getPropertiesFunction("aws");
+ if (pf instanceof SecretsManagerPropertiesFunction) {
+ propertiesFunction = (SecretsManagerPropertiesFunction) pf;
+ LOG.debug("Auto-detecting secrets from properties-function: {}",
pf.getName());
+ }
+ // specific secrets
secrets = camelContext.getVaultConfiguration().aws().getSecrets();
- if (ObjectHelper.isEmpty(secrets)) {
+ if (ObjectHelper.isEmpty(secrets) && propertiesFunction == null) {
throw new IllegalArgumentException("Secrets must be configured on
AWS vault configuration");
}
@@ -137,7 +152,7 @@ public class CloudTrailReloadTriggerTask extends
ServiceSupport implements Camel
List<Resource> a = event.resources();
for (Resource res : a) {
String name = res.resourceName();
- if (matchSecret(name, secrets)) {
+ if (matchSecret(name)) {
LOG.info("Update for secret: {} detected,
triggering a CamelContext reload", name);
triggerReloading = true;
break;
@@ -159,13 +174,23 @@ public class CloudTrailReloadTriggerTask extends
ServiceSupport implements Camel
}
}
- protected boolean matchSecret(String name, String patterns) {
- String[] parts = patterns.split(",");
- for (String part : parts) {
- if (name.contains(part) || PatternHelper.matchPattern(name, part))
{
+ protected boolean matchSecret(String name) {
+ Set<String> set = new HashSet<>();
+ if (secrets != null) {
+ Collections.addAll(set, secrets.split(","));
+ }
+ if (propertiesFunction != null) {
+ set.addAll(propertiesFunction.getSecrets());
+ }
+
+ for (String part : set) {
+ boolean result = name.contains(part) ||
PatternHelper.matchPattern(name, part);
+ LOG.trace("Matching secret id: {}={} -> {}", name, part, result);
+ if (result) {
return true;
}
}
+
return false;
}
diff --git
a/core/camel-api/src/main/java/org/apache/camel/spi/PropertiesComponent.java
b/core/camel-api/src/main/java/org/apache/camel/spi/PropertiesComponent.java
index f225f255977..093e2f856de 100644
--- a/core/camel-api/src/main/java/org/apache/camel/spi/PropertiesComponent.java
+++ b/core/camel-api/src/main/java/org/apache/camel/spi/PropertiesComponent.java
@@ -186,6 +186,14 @@ public interface PropertiesComponent extends StaticService
{
*/
void addPropertiesFunction(PropertiesFunction function);
+ /**
+ * Gets the {@link PropertiesFunction} by the given name
+ *
+ * @param name the function name
+ * @return the function or null if no function exists
+ */
+ PropertiesFunction getPropertiesFunction(String name);
+
/**
* Whether to silently ignore if a location cannot be located, such as a
properties file not found.
*/
diff --git
a/core/camel-base/src/main/java/org/apache/camel/component/properties/PropertiesComponent.java
b/core/camel-base/src/main/java/org/apache/camel/component/properties/PropertiesComponent.java
index 852fc155be8..93b51b39089 100644
---
a/core/camel-base/src/main/java/org/apache/camel/component/properties/PropertiesComponent.java
+++
b/core/camel-base/src/main/java/org/apache/camel/component/properties/PropertiesComponent.java
@@ -561,12 +561,7 @@ public class PropertiesComponent extends ServiceSupport
return propertiesFunctionResolver.getFunctions();
}
- /**
- * Gets the function by the given name
- *
- * @param name the function name
- * @return the function or null if no function exists
- */
+ @Override
public PropertiesFunction getPropertiesFunction(String name) {
if (name == null) {
return null;
@@ -574,9 +569,7 @@ public class PropertiesComponent extends ServiceSupport
return propertiesFunctionResolver.resolvePropertiesFunction(name);
}
- /**
- * Registers the {@link PropertiesFunction} as a function to this
component.
- */
+ @Override
public void addPropertiesFunction(PropertiesFunction function) {
propertiesFunctionResolver.addPropertiesFunction(function);
}
