tom01098 / aws-parameters-and-secrets-lambda Goto Github PK
View Code? Open in Web Editor NEWCache AWS Secrets Manager secrets in your AWS Lambda function
License: Apache License 2.0
aws-parameters-and-secrets-lambda's People
Contributors
Stargazers
Watchers
Forkers
lazaroclappaws-parameters-and-secrets-lambda's Issues
Query builders
VersionIdQuery and VersionStageQuery have public constructors where they take two Strings. This isn't great because the order of these Strings could be mixed up. Instead, the constructors should be removed and replace with builders.
Redesign to support multiple lookups without end user interaction
The current design requires an end user to call Manager.get_secret to get a Secret object, which then encapsulates the string. A user could use this beyond the time the extension would allow it to be cached for, which means a user may be using a stale (and thus invalid) secret.
The Secret could by default cache the results from the extension, offering a method to invalidate the cache. This would move the responsibility of where to lookup secrets.
Async
Switch from reqwest::blocking::Client to reqwest::Client and expose an async API.
Should the library support both a sync and async interface at the same time?
Synchronous interface
Offer a synchronous interface to getting secrets.
clippy lints
Run cargo clippy --tests in CI.
Tracing
Add a feature that enables tracing.
VSCode test configurations
Add configurations for easily executing tests.
Refactor unit tests
Unit tests currently have a lot of duplication around setting up the mock server. Refactor this configuration out.
Advanced Querying
Currently, only the secretId (or ARN) can be used to query for the secret. According to the documentation, you can also use a versionStage or versionId, as long as secretId is also given.
Sounds like a perfect case for a Query (or similar) object, with an associated QueryBuilder.
License
Choose an OSS license for the project.
Binary secrets
Only secrets in plaintext appear in SecretString. Explore how binary secrets might be supported.
Integration test in AWS
Unit tests cannot validate that the library works as expected against AWS Lambda. Can a test be implemented that deploys a test case to AWS and runs a verification pass?
Implement basic functionality
First things first, actually implement the barebones functionality required:
- A
Manager-type object responsible for managing connections. - A
Secret-type object responsible for allowing access to the underlying secret/parameter. - The dreaded tests!
Documentation
Thorough documentation is required for the public API of the library before it is published.
Build for AWS Lambda-suitable target
Actions should run tests against the correct target rather than the default one.
Reduce allocation of Strings
There are many points where Strings are required when a reference could be used.
Builders should not require `String` allocations
Builder objects take Strings which is suboptimal because they live for only a short time. They don't need to implement Clone and can instead take &'a strs.
Contributing information
Add information so that someone can understand how to contribute.
Publish on tag
Publish to crates.io when a tag is applied to main.
Code coverage gate
Add action to validate that code coverage is gated at a sensible point (ideally 100%!).
`test_manager_no_extension` is not a safe test
If the port env var is set to an invalid value when this test runs, it fails. The port should be set to a static number.
running 14 tests
thread 'tests::test_manager_no_extension' panicked at 'called `Result::unwrap()` on an `Err` value: 'xyz' is not a valid port
Caused by:
invalid digit found in string', src/lib.rs:457:14
stack backtrace:
test tests::test_manager_builder_fails_when_port_is_not_an_integer ... ok
test tests::test_manager_builder_no_session_token ... ok
test tests::test_manager_default_port_is_2773 ... ok
test tests::test_manager_fails_when_port_is_not_a_u16 ... ok
0: rust_begin_unwind
at /rustc/69f9c33d71c871fc16ac445211281c6e7a340943/library/std/src/panicking.rs:575:5
1: core::panicking::panic_fmt
at /rustc/69f9c33d71c871fc16ac445211281c6e7a340943/library/core/src/panicking.rs:65:14
2: core::result::unwrap_failed
at /rustc/69f9c33d71c871fc16ac445211281c6e7a340943/library/core/src/result.rs:1791:5
3: core::result::Result<T,E>::unwrap
at /rustc/69f9c33d71c871fc16ac445211281c6e7a340943/library/core/src/result.rs:1113:23
4: aws_parameters_and_secrets_lambda::tests::test_manager_no_extension::{{closure}}
at ./src/lib.rs:454:23
5: <core::future::from_generator::GenFuture<T> as core::future::future::Future>::poll
at /rustc/69f9c33d71c871fc16ac445211281c6e7a340943/library/core/src/future/mod.rs:91:19
6: <core::pin::Pin<P> as core::future::future::Future>::poll
at /rustc/69f9c33d71c871fc16ac445211281c6e7a340943/library/core/src/future/future.rs:124:9
7: <core::pin::Pin<P> as core::future::future::Future>::poll
at /rustc/69f9c33d71c871fc16ac445211281c6e7a340943/library/core/src/future/future.rs:124:9
8: tokio::runtime::scheduler::current_thread::CoreGuard::block_on::{{closure}}::{{closure}}::{{closure}}
at /usr/local/cargo/registry/src/github.com-1ecc6299db9ec823/tokio-1.23.0/src/runtime/scheduler/current_thread.rs:541:57
9: tokio::runtime::coop::with_budget
at /usr/local/cargo/registry/src/github.com-1ecc6299db9ec823/tokio-1.23.0/src/runtime/coop.rs:102:5
10: tokio::runtime::coop::budget
at /usr/local/cargo/registry/src/github.com-1ecc6299db9ec823/tokio-1.23.0/src/runtime/coop.rs:68:5
11: tokio::runtime::scheduler::current_thread::CoreGuard::block_on::{{closure}}::{{closure}}
at /usr/local/cargo/registry/src/github.com-1ecc6299db9ec823/tokio-1.23.0/src/runtime/scheduler/current_thread.rs:541:25
12: tokio::runtime::scheduler::current_thread::Context::enter
at /usr/local/cargo/registry/src/github.com-1ecc6299db9ec823/tokio-1.23.0/src/runtime/scheduler/current_thread.rs:350:19
13: tokio::runtime::scheduler::current_thread::CoreGuard::block_on::{{closure}}
at /usr/local/cargo/registry/src/github.com-1ecc6299db9ec823/tokio-1.23.0/src/runtime/scheduler/current_thread.rs:540:36
14: tokio::runtime::scheduler::current_thread::CoreGuard::enter::{{closure}}
at /usr/local/cargo/registry/src/github.com-1ecc6299db9ec823/tokio-1.23.0/src/runtime/scheduler/current_thread.rs:615:57
15: tokio::macros::scoped_tls::ScopedKey<T>::set
at /usr/local/cargo/registry/src/github.com-1ecc6299db9ec823/tokio-1.23.0/src/macros/scoped_tls.rs:61:9
16: tokio::runtime::scheduler::current_thread::CoreGuard::enter
at /usr/local/cargo/registry/src/github.com-1ecc6299db9ec823/tokio-1.23.0/src/runtime/scheduler/current_thread.rs:615:27
17: tokio::runtime::scheduler::current_thread::CoreGuard::block_on
at /usr/local/cargo/registry/src/github.com-1ecc6299db9ec823/tokio-1.23.0/src/runtime/scheduler/current_thread.rs:530:19
18: tokio::runtime::scheduler::current_thread::CurrentThread::block_on
at /usr/local/cargo/registry/src/github.com-1ecc6299db9ec823/tokio-1.23.0/src/runtime/scheduler/current_thread.rs:154:24
19: tokio::runtime::runtime::Runtime::block_on
at /usr/local/cargo/registry/src/github.com-1ecc6299db9ec823/tokio-1.23.0/src/runtime/runtime.rs:282:47
20: aws_parameters_and_secrets_lambda::tests::test_manager_no_extension
at ./src/lib.rs:465:9
21: aws_parameters_and_secrets_lambda::tests::test_manager_no_extension::{{closure}}
at ./src/lib.rs:453:11
22: core::ops::function::FnOnce::call_once
at /rustc/69f9c33d71c871fc16ac445211281c6e7a340943/library/core/src/ops/function.rs:251:5
23: core::ops::function::FnOnce::call_once
at /rustc/69f9c33d71c871fc16ac445211281c6e7a340943/library/core/src/ops/function.rs:251:5
note: Some details are omitted, run with `RUST_BACKTRACE=full` for a verbose backtrace.
test tests::test_manager_no_extension ... FAILED
cargo test in actions
Add relevant GitHub Actions in CI to ensure low-quality or broken PRs can't be merged.
Database secrets
Explore whether database secrets behave any differently than plaintext secrets, and bridge any gaps found.
Support getting individual secrets
The Secret object can currently only return the whole plaintext secret via get_raw. Most secrets are stored in JSON format so it would be helpful to support an extra method to get a specific key from that secret.
Deny dependencies with licenses that aren't suitable
Use cargo-deny in CI to prevent dependencies from being shipped that aren't compatible.
Error handling
The library must not panic, instead it should return errors specific to the problem. These errors should have context attached where possible.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.