From 2ff7818e086222b5ba93c4b2a1e325baa10b87be Mon Sep 17 00:00:00 2001 From: Conor Campbell <41545625+gnusey@users.noreply.github.com> Date: Thu, 30 Nov 2023 21:52:07 +0000 Subject: [PATCH] events: add Secrets Manager rotation event (#291) (#530) resolves #291 Co-authored-by: Bryan Moffatt --- ...ADME_SecretsManager_SecretRotationEvent.md | 38 +++++++++++++++++++ events/secretsmanager.go | 11 ++++++ events/secretsmanager_test.go | 30 +++++++++++++++ .../secretsmanager-secret-rotation-event.json | 5 +++ 4 files changed, 84 insertions(+) create mode 100644 events/README_SecretsManager_SecretRotationEvent.md create mode 100644 events/secretsmanager.go create mode 100644 events/secretsmanager_test.go create mode 100644 events/testdata/secretsmanager-secret-rotation-event.json diff --git a/events/README_SecretsManager_SecretRotationEvent.md b/events/README_SecretsManager_SecretRotationEvent.md new file mode 100644 index 00000000..1b572cf6 --- /dev/null +++ b/events/README_SecretsManager_SecretRotationEvent.md @@ -0,0 +1,38 @@ +# Sample Function + +The following is a sample Lambda function that handles a SecretsManager secret rotation event. + +```go +package main + +import ( + "fmt" + "context" + + "github.com/aws/aws-lambda-go/lambda" + "github.com/aws/aws-lambda-go/events" +) + +func handler(ctx context.Context, event SecretsManagerSecretRotationEvent) error { + fmt.Printf("rotating secret %s with token %s\n", + event.SecretID, event.ClientRequestToken) + + switch event.Step { + case "createSecret": + // create + case "setSecret": + // set + case "finishSecret": + // finish + case "testSecret": + // test + } + + return nil +} + + +func main() { + lambda.Start(handler) +} +``` \ No newline at end of file diff --git a/events/secretsmanager.go b/events/secretsmanager.go new file mode 100644 index 00000000..fd2bea10 --- /dev/null +++ b/events/secretsmanager.go @@ -0,0 +1,11 @@ +package events + +// SecretsManagerSecretRotationEvent is the event passed to a Lambda function to handle +// automatic secret rotation. +// +// https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets.html#rotate-secrets_how +type SecretsManagerSecretRotationEvent struct { + Step string `json:"Step"` + SecretID string `json:"SecretId"` + ClientRequestToken string `json:"ClientRequestToken"` +} diff --git a/events/secretsmanager_test.go b/events/secretsmanager_test.go new file mode 100644 index 00000000..0333bb83 --- /dev/null +++ b/events/secretsmanager_test.go @@ -0,0 +1,30 @@ +package events + +import ( + "encoding/json" + "testing" + + "github.com/aws/aws-lambda-go/events/test" + "github.com/stretchr/testify/assert" +) + +func TestSecretsManagerSecretRotationEventMarshaling(t *testing.T) { + + // 1. read JSON from file + inputJSON := test.ReadJSONFromFile(t, "./testdata/secretsmanager-secret-rotation-event.json") + + // 2. de-serialize into Go object + var inputEvent SecretsManagerSecretRotationEvent + if err := json.Unmarshal(inputJSON, &inputEvent); err != nil { + t.Errorf("could not unmarshal event. details: %v", err) + } + + // 3. serialize to JSON + outputJSON, err := json.Marshal(inputEvent) + if err != nil { + t.Errorf("could not marshal event. details: %v", err) + } + + // 4. check result + assert.JSONEq(t, string(inputJSON), string(outputJSON)) +} diff --git a/events/testdata/secretsmanager-secret-rotation-event.json b/events/testdata/secretsmanager-secret-rotation-event.json new file mode 100644 index 00000000..5f444cd0 --- /dev/null +++ b/events/testdata/secretsmanager-secret-rotation-event.json @@ -0,0 +1,5 @@ +{ + "Step": "createSecret", + "SecretId": "arn:aws:secretsmanager:us-east-1:111122223333:secret:id-ABCD1E", + "ClientRequestToken": "1ab23456-cde7-8912-34fg-h56i78j9k12l" +} \ No newline at end of file