fix: fix partial arn regex (#79)

aws-greengrass · May 1, 2024 · 11bbe68 · 11bbe68
1 parent b9d920b
commit 11bbe68
Show file tree

Hide file tree

Showing 2 changed files with 31 additions and 1 deletion.
diff --git a/src/main/java/com/aws/greengrass/secretmanager/SecretManager.java b/src/main/java/com/aws/greengrass/secretmanager/SecretManager.java
@@ -56,7 +56,7 @@ public class SecretManager {
     private static final String LATEST_LABEL = "AWSCURRENT";
     public static final String VALID_SECRET_ARN_PATTERN =
             "arn:([^:]+):secretsmanager:[a-z0-9\\-]+:[0-9]{12}:secret:([a-zA-Z0-9\\\\]+/)*"
-                    + "[a-zA-Z0-9/_+=,.@\\-]+-[a-zA-Z0-9]+";
+                    + "[a-zA-Z0-9/_+=,.@\\-]+(-[a-zA-Z0-9]+)?";
     private static final String secretNotFoundErr = "Secret not found ";
     private final Logger logger = LogManager.getLogger(SecretManager.class);
     // Cache which holds aws secrets result

diff --git a/src/test/java/com/aws/greengrass/secretmanager/SecretManagerTest.java b/src/test/java/com/aws/greengrass/secretmanager/SecretManagerTest.java
@@ -94,6 +94,7 @@ class SecretManagerTest {
     private static final String ARN_1 = "arn:aws:secretsmanager:us-east-1:999936977227:secret:randomSecret-74lYJh";
     private static final String ARN_2 = "arn:aws:secretsmanager:us-east-1:111136977227:secret:shhhhh-32lYsd";
     private static final String ARN_3 = "arn:aws-us-gov:secretsmanager:us-east-1:111136977227:secret:shhhhh-32lYsd";
+    private static final String PARTIAL_ARN = "arn:aws:secretsmanager:us-east-1:999936977227:secret:randomSecret";
 
     private String ENCRYPTED_SECRET_1;
     private String ENCRYPTED_SECRET_2;
@@ -134,6 +135,13 @@ private List<SecretConfiguration> getMockSecrets() {
         }};
     }
 
+    private List<SecretConfiguration> getMockSecretsWithPartialArn() {
+        SecretConfiguration secret = SecretConfiguration.builder().arn(PARTIAL_ARN).build();
+        return new ArrayList<SecretConfiguration>() {{
+            add(secret);
+        }};
+    }
+
     @AfterEach
     void teardown() {
         executorService.shutdownNow();
@@ -275,6 +283,28 @@ void GIVEN_cloud_secret_WHEN_binary_secret_set_THEN_only_binary_returned() throw
         assertArrayEquals(SECRET_VALUE_BINARY_3, getSecretValueResult.getSecretValue().getSecretBinary());
     }
 
+    @Test
+    void GIVEN_secret_manager_WHEN_sync_from_cloud_with_partial_arn_THEN_secrets_are_loaded() throws Exception {
+        when(mockAWSSecretClient.getSecret(any())).thenReturn(getMockSecretA()).thenReturn(getMockSecretB());
+        List<AWSSecretResponse> storedSecrets = new ArrayList<>();
+        storedSecrets.add(getMockDaoSecretA());
+        when(mockDao.getAll()).thenReturn(SecretDocument.builder().secrets(storedSecrets).build());
+        SecretManager sm = new SecretManager(mockAWSSecretClient, crypter, mockDao);
+        sm.syncFromCloud(getMockSecretsWithPartialArn());
+
+        software.amazon.awssdk.aws.greengrass.model.GetSecretValueRequest request =
+                new software.amazon.awssdk.aws.greengrass.model.GetSecretValueRequest();
+        request.setSecretId(SECRET_NAME_1);
+        software.amazon.awssdk.aws.greengrass.model.GetSecretValueResponse getSecretValueResult = sm.getSecret(request);
+
+        assertArrayEquals(SECRET_VALUE_BINARY_1, getSecretValueResult.getSecretValue().getSecretBinary());
+        assertEquals(ARN_1, getSecretValueResult.getSecretId());
+        assertEquals(SECRET_VERSION_1, getSecretValueResult.getVersionId());
+        assertEquals(2, getSecretValueResult.getVersionStage().size());
+        assertEquals(LATEST_LABEL, getSecretValueResult.getVersionStage().get(0));
+        assertEquals(SECRET_LABEL_1, getSecretValueResult.getVersionStage().get(1));
+    }
+
     @Test
     void GIVEN_secret_manager_WHEN_sync_from_cloud_THEN_secrets_are_loaded() throws Exception {
         when(mockAWSSecretClient.getSecret(any())).thenReturn(getMockSecretA()).thenReturn(getMockSecretB());