tom01098 / aws-parameters-and-secrets-lambda Goto Github PK
View Code? Open in Web Editor NEWCache AWS Secrets Manager secrets in your AWS Lambda function
License: Apache License 2.0
Cache AWS Secrets Manager secrets in your AWS Lambda function
License: Apache License 2.0
VersionIdQuery
and VersionStageQuery
have public constructors where they take two String
s. This isn't great because the order of these String
s could be mixed up. Instead, the constructors should be removed and replace with builders.
The current design requires an end user to call Manager.get_secret
to get a Secret
object, which then encapsulates the string. A user could use this beyond the time the extension would allow it to be cached for, which means a user may be using a stale (and thus invalid) secret.
The Secret
could by default cache the results from the extension, offering a method to invalidate the cache. This would move the responsibility of where to lookup secrets.
Switch from reqwest::blocking::Client
to reqwest::Client
and expose an async API.
Should the library support both a sync and async interface at the same time?
Offer a synchronous interface to getting secrets.
Run cargo clippy --tests
in CI.
Add a feature that enables tracing.
Add configurations for easily executing tests.
Unit tests currently have a lot of duplication around setting up the mock server. Refactor this configuration out.
Currently, only the secretId
(or ARN) can be used to query for the secret. According to the documentation, you can also use a versionStage
or versionId
, as long as secretId
is also given.
Sounds like a perfect case for a Query
(or similar) object, with an associated QueryBuilder
.
Choose an OSS license for the project.
Only secrets in plaintext appear in SecretString
. Explore how binary secrets might be supported.
Unit tests cannot validate that the library works as expected against AWS Lambda. Can a test be implemented that deploys a test case to AWS and runs a verification pass?
First things first, actually implement the barebones functionality required:
Manager
-type object responsible for managing connections.Secret
-type object responsible for allowing access to the underlying secret/parameter.Thorough documentation is required for the public API of the library before it is published.
Actions should run tests against the correct target rather than the default one.
There are many points where String
s are required when a reference could be used.
Builder objects take String
s which is suboptimal because they live for only a short time. They don't need to implement Clone
and can instead take &'a str
s.
Add information so that someone can understand how to contribute.
Publish to crates.io when a tag is applied to main
.
Add action to validate that code coverage is gated at a sensible point (ideally 100%!).
If the port env var is set to an invalid value when this test runs, it fails. The port should be set to a static number.
running 14 tests
thread 'tests::test_manager_no_extension' panicked at 'called `Result::unwrap()` on an `Err` value: 'xyz' is not a valid port
Caused by:
invalid digit found in string', src/lib.rs:457:14
stack backtrace:
test tests::test_manager_builder_fails_when_port_is_not_an_integer ... ok
test tests::test_manager_builder_no_session_token ... ok
test tests::test_manager_default_port_is_2773 ... ok
test tests::test_manager_fails_when_port_is_not_a_u16 ... ok
0: rust_begin_unwind
at /rustc/69f9c33d71c871fc16ac445211281c6e7a340943/library/std/src/panicking.rs:575:5
1: core::panicking::panic_fmt
at /rustc/69f9c33d71c871fc16ac445211281c6e7a340943/library/core/src/panicking.rs:65:14
2: core::result::unwrap_failed
at /rustc/69f9c33d71c871fc16ac445211281c6e7a340943/library/core/src/result.rs:1791:5
3: core::result::Result<T,E>::unwrap
at /rustc/69f9c33d71c871fc16ac445211281c6e7a340943/library/core/src/result.rs:1113:23
4: aws_parameters_and_secrets_lambda::tests::test_manager_no_extension::{{closure}}
at ./src/lib.rs:454:23
5: <core::future::from_generator::GenFuture<T> as core::future::future::Future>::poll
at /rustc/69f9c33d71c871fc16ac445211281c6e7a340943/library/core/src/future/mod.rs:91:19
6: <core::pin::Pin<P> as core::future::future::Future>::poll
at /rustc/69f9c33d71c871fc16ac445211281c6e7a340943/library/core/src/future/future.rs:124:9
7: <core::pin::Pin<P> as core::future::future::Future>::poll
at /rustc/69f9c33d71c871fc16ac445211281c6e7a340943/library/core/src/future/future.rs:124:9
8: tokio::runtime::scheduler::current_thread::CoreGuard::block_on::{{closure}}::{{closure}}::{{closure}}
at /usr/local/cargo/registry/src/github.com-1ecc6299db9ec823/tokio-1.23.0/src/runtime/scheduler/current_thread.rs:541:57
9: tokio::runtime::coop::with_budget
at /usr/local/cargo/registry/src/github.com-1ecc6299db9ec823/tokio-1.23.0/src/runtime/coop.rs:102:5
10: tokio::runtime::coop::budget
at /usr/local/cargo/registry/src/github.com-1ecc6299db9ec823/tokio-1.23.0/src/runtime/coop.rs:68:5
11: tokio::runtime::scheduler::current_thread::CoreGuard::block_on::{{closure}}::{{closure}}
at /usr/local/cargo/registry/src/github.com-1ecc6299db9ec823/tokio-1.23.0/src/runtime/scheduler/current_thread.rs:541:25
12: tokio::runtime::scheduler::current_thread::Context::enter
at /usr/local/cargo/registry/src/github.com-1ecc6299db9ec823/tokio-1.23.0/src/runtime/scheduler/current_thread.rs:350:19
13: tokio::runtime::scheduler::current_thread::CoreGuard::block_on::{{closure}}
at /usr/local/cargo/registry/src/github.com-1ecc6299db9ec823/tokio-1.23.0/src/runtime/scheduler/current_thread.rs:540:36
14: tokio::runtime::scheduler::current_thread::CoreGuard::enter::{{closure}}
at /usr/local/cargo/registry/src/github.com-1ecc6299db9ec823/tokio-1.23.0/src/runtime/scheduler/current_thread.rs:615:57
15: tokio::macros::scoped_tls::ScopedKey<T>::set
at /usr/local/cargo/registry/src/github.com-1ecc6299db9ec823/tokio-1.23.0/src/macros/scoped_tls.rs:61:9
16: tokio::runtime::scheduler::current_thread::CoreGuard::enter
at /usr/local/cargo/registry/src/github.com-1ecc6299db9ec823/tokio-1.23.0/src/runtime/scheduler/current_thread.rs:615:27
17: tokio::runtime::scheduler::current_thread::CoreGuard::block_on
at /usr/local/cargo/registry/src/github.com-1ecc6299db9ec823/tokio-1.23.0/src/runtime/scheduler/current_thread.rs:530:19
18: tokio::runtime::scheduler::current_thread::CurrentThread::block_on
at /usr/local/cargo/registry/src/github.com-1ecc6299db9ec823/tokio-1.23.0/src/runtime/scheduler/current_thread.rs:154:24
19: tokio::runtime::runtime::Runtime::block_on
at /usr/local/cargo/registry/src/github.com-1ecc6299db9ec823/tokio-1.23.0/src/runtime/runtime.rs:282:47
20: aws_parameters_and_secrets_lambda::tests::test_manager_no_extension
at ./src/lib.rs:465:9
21: aws_parameters_and_secrets_lambda::tests::test_manager_no_extension::{{closure}}
at ./src/lib.rs:453:11
22: core::ops::function::FnOnce::call_once
at /rustc/69f9c33d71c871fc16ac445211281c6e7a340943/library/core/src/ops/function.rs:251:5
23: core::ops::function::FnOnce::call_once
at /rustc/69f9c33d71c871fc16ac445211281c6e7a340943/library/core/src/ops/function.rs:251:5
note: Some details are omitted, run with `RUST_BACKTRACE=full` for a verbose backtrace.
test tests::test_manager_no_extension ... FAILED
Add relevant GitHub Actions in CI to ensure low-quality or broken PRs can't be merged.
Explore whether database secrets behave any differently than plaintext secrets, and bridge any gaps found.
The Secret
object can currently only return the whole plaintext secret via get_raw
. Most secrets are stored in JSON format so it would be helpful to support an extra method to get a specific key from that secret.
Use cargo-deny
in CI to prevent dependencies from being shipped that aren't compatible.
The library must not panic, instead it should return errors specific to the problem. These errors should have context attached where possible.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.