Add resource providers for AWS Parameter Store

Author: MouhsinElmajdouby

ojdbc-provider-aws/README.md

@@ -30,14 +30,22 @@ particular provider.
 <dl>
 <dt><a href="#aws-secrets-manager-username-provider">Secrets Manager Username Provider</a></dt>
 <dd>Provides a database username from AWS Secrets Manager</dd>
+<dt><a href="#aws-parameter-store-username-provider">Parameter Store Username Provider</a></dt>
+<dd>Provides a database username from AWS Parameter Store</dd>
 <dt><a href="#aws-secrets-manager-password-provider">Secrets Manager Password Provider</a></dt>
 <dd>Provides a database password from AWS Secrets Manager</dd>
+<dt><a href="#aws-parameter-store-password-provider">Parameter Store Password Provider</a></dt>
+<dd>Provides a database password from AWS Parameter Store</dd>
 <dt><a href="#aws-secrets-manager-connection-string-provider">Secrets Manager Connection String Provider</a></dt>
 <dd>Provides connection strings from a tnsnames.ora file stored in AWS Secrets Manager</dd>
+<dt><a href="#aws-parameter-store-connection-string-provider">Parameter Store Connection String Provider</a></dt>
+<dd>Provides connection strings from a tnsnames.ora file stored in AWS Parameter Store</dd>
 <dt><a href="#aws-secrets-manager-tcps-wallet-provider">Secrets Manager TCPS Wallet Provider</a></dt>
 <dd>Provides TCPS/TLS wallet from AWS Secrets Manager</dd>
 <dt><a href="#aws-secrets-manager-seps-wallet-provider">Secrets Manager SEPS Wallet Provider</a></dt>
 <dd>Provides SEPS (Secure External Password Store) wallet from AWS Secrets Manager</dd>
+<dt><a href="#aws-parameter-store-seps-wallet-provider">Parameter Store SEPS Wallet Provider</a></dt>
+<dd>Provides SEPS (Secure External Password Store) wallet from AWS Parameter Store</dd>
 <dt><a href="#common-parameters-for-resource-providers">Common Parameters for Resource Providers</a></dt>
 <dd>Common parameters supported by the resource providers</dd>
 </dl>
@@ -330,6 +338,37 @@ An example of a
 that configures this provider can be found in
 [example-vault.properties](example-aws-secretsmanager.properties).
 
+## AWS Parameter Store Username Provider
+
+The Parameter Store Username Provider provides Oracle JDBC with a database username stored in AWS Systems Manager Parameter Store. 
+This is a [Resource Provider](https://docs.oracle.com/en/database/oracle/oracle-database/23/jajdb/oracle/jdbc/spi/OracleResourceProvider.html) identified
+by the name `ojdbc-provider-aws-parameter-store-username`.
+
+In addition to the set of [common parameters](#common-parameters-for-resource-providers),
+this provider also supports the parameters listed below.
+
+<table>
+<thead><tr>
+<th>Parameter Name</th>
+<th>Description</th>
+<th>Accepted Values</th>
+<th>Default Value</th>
+</tr></thead>
+<tbody>
+<tr>
+<td><code>parameterName</code></td>
+<td>The name of a parameter in AWS Parameter Store.</td>
+<td>Any valid parameter name.</td>
+<td><i>No default value. A value must be configured for this parameter.</i></td>
+</tr>
+</tbody>
+</table>
+
+An example of a
+[connection properties file](https://docs.oracle.com/en/database/oracle/oracle-database/23/jajdb/oracle/jdbc/OracleConnection.html#CONNECTION_PROPERTY_CONFIG_FILE)
+that configures this provider can be found in
+[example-vault.properties](example-aws-parameterstore.properties).
+
 ## AWS Secrets Manager Password Provider
 The Secrets Manager Password Provider provides Oracle JDBC with a database password
 that is managed by the AWS Secrets Manager service. This is a [Resource Provider](https://docs.oracle.com/en/database/oracle/oracle-database/23/jajdb/oracle/jdbc/spi/OracleResourceProvider.html)
@@ -380,6 +419,36 @@ An example of a
 that configures this provider can be found in
 [example-vault.properties](example-aws-secretsmanager.properties).
 
+## AWS Parameter Store Password Provider
+
+The Parameter Store Password Provider provides Oracle JDBC with a database password stored in AWS Systems Manager Parameter Store.
+This is a [Resource Provider](https://docs.oracle.com/en/database/oracle/oracle-database/23/jajdb/oracle/jdbc/spi/OracleResourceProvider.html) identified
+by the name `ojdbc-provider-aws-parameter-store-password`.
+
+In addition to the set of [common parameters](#common-parameters-for-resource-providers),
+this provider also supports the parameters listed below.
+<table>
+<thead><tr>
+<th>Parameter Name</th>
+<th>Description</th>
+<th>Accepted Values</th>
+<th>Default Value</th>
+</tr></thead>
+<tbody>
+<tr>
+<td><code>parameterName</code></td>
+<td>The name of a parameter in AWS Parameter Store.</td>
+<td>Any valid parameter name.</td>
+<td><i>No default value. A value must be configured for this parameter.</i></td>
+</tr>
+</tbody>
+</table>
+
+An example of a
+[connection properties file](https://docs.oracle.com/en/database/oracle/oracle-database/23/jajdb/oracle/jdbc/OracleConnection.html#CONNECTION_PROPERTY_CONFIG_FILE)
+that configures this provider can be found in
+[example-vault.properties](example-aws-parameterstore.properties).
+
 ## AWS Secrets Manager TCPS Wallet Provider
 
 The TCPS Wallet Provider provides Oracle JDBC with keys and certificates managed by the AWS Secrets Manager service
@@ -542,6 +611,49 @@ The name of the key to extract from the secret when it is stored as a set of key
 
 An example of a [connection properties file](https://docs.oracle.com/en/database/oracle/oracle-database/23/jajdb/oracle/jdbc/OracleConnection.html#CONNECTION_PROPERTY_CONFIG_FILE) that configures this provider can be found in [example-secrets-manager-wallet.properties](example-aws-secretsmanager-wallet.properties.properties).
 
+## AWS Parameter Store SEPS Wallet Provider
+
+The SEPS Wallet Provider retrieves a SEPS wallet stored in AWS Parameter Store. 
+This is a [Resource Provider](https://docs.oracle.com/en/database/oracle/oracle-database/23/jajdb/oracle/jdbc/spi/OracleResourceProvider.html) identified
+by the name `ojdbc-provider-aws-parameter-store-seps`.
+
+This provider works identically to the [AWS Secrets Manager SEPS Wallet Provider](#aws-secrets-manager-seps-wallet-provider)
+except that it uses a Parameter Store parameter instead of a Secrets Manager secret.
+
+In addition to the set of [common parameters](#common-parameters-for-resource-providers), this provider also supports the parameters listed below.
+
+<table>
+<thead><tr>
+<th>Parameter Name</th>
+<th>Description</th>
+<th>Accepted Values</th>
+<th>Default Value</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td><code>parameterName</code></td>
+<td>The name of a parameter in AWS Parameter Store.</td>
+<td>Any valid parameter name.</td>
+<td><i>No default value. A value must be configured for this parameter.</i></td>
+</tr>
+<tr>
+<td><code>walletPassword</code></td>
+<td>Optional password for PKCS12 wallets.</td>
+<td>Any valid password</td>
+<td><i>None. Required if wallet is password-protected.</i></td>
+</tr>
+<tr>
+<td><code>connectionStringIndex</code></td>
+<td>Optional index to select specific credentials in SEPS wallet.</td>
+<td>Any positive integer (e.g., 1, 2, 3)</td>
+<td><i>None</i></td>
+</tr>
+</tbody>
+</table>
+
+An example of a [connection properties file](https://docs.oracle.com/en/database/oracle/oracle-database/23/jajdb/oracle/jdbc/OracleConnection.html#CONNECTION_PROPERTY_CONFIG_FILE) that configures this provider can be found in [example-parameter-store-wallet.properties](example-aws-parameterstore-wallet.properties).
+
 ## AWS Secrets Manager Connection String Provider
 
 The Connection String Provider provides Oracle JDBC with a connection string managed by the AWS Secrets Manager service.
@@ -607,6 +719,49 @@ In addition to the set of [common parameters](#common-parameters-for-resource-pr
 
 An example of a [connection properties file](https://docs.oracle.com/en/database/oracle/oracle-database/23/jajdb/oracle/jdbc/OracleConnection.html#CONNECTION_PROPERTY_CONFIG_FILE) that configures this provider can be found in [example-aws-secretsmanager.properties](example-aws-secretsmanager.properties).
 
+## AWS Parameter Store Connection String Provider
+
+The Connection String Provider provides Oracle JDBC with a connection string managed by the AWS Systems Manager Parameter Store service.
+This is a [Resource Provider](https://docs.oracle.com/en/database/oracle/oracle-database/23/jajdb/oracle/jdbc/spi/OracleResourceProvider.html) identified
+by the name `ojdbc-provider-aws-parameter-store-tnsnames`.
+
+This provider retrieves and decodes a `tnsnames.ora` file stored as a parameter value in AWS Parameter Store.
+
+You can store the contents of the `tnsnames.ora` file as:
+
+- A base64-encoded string containing the full contents of the `tnsnames.ora` file.
+
+- Plain text, by simply copying and pasting the contents directly into the parameter value.
+
+In addition to the set of [common parameters](#common-parameters-for-resource-providers), this provider also requires the parameters listed below.
+
+<table>
+<thead>
+  <tr>
+    <th>Parameter Name</th>
+    <th>Description</th>
+    <th>Accepted Values</th>
+    <th>Default Value</th>
+  </tr>
+</thead>
+<tbody>
+  <tr>
+    <td><code>parameterName</code></td> 
+    <td>The name of a parameter in AWS Systems Manager Parameter Store.</td> 
+    <td>Any valid parameter name.</td> 
+    <td><i>No default value. A value must be configured for this parameter.</i></td>
+  </tr>
+  <tr>
+    <td><code>tnsAlias</code></td>
+    <td>Specifies the alias to retrieve the appropriate connection string from the <code>tnsnames.ora</code> file.</td> 
+    <td>Any valid alias present in your <code>tnsnames.ora</code> file.</td>
+    <td><i>No default value. A value must be configured for this parameter.</i></td> 
+  </tr> 
+</tbody>
+</table>
+
+An example of a [connection properties file](https://docs.oracle.com/en/database/oracle/oracle-database/23/jajdb/oracle/jdbc/OracleConnection.html#CONNECTION_PROPERTY_CONFIG_FILE) that configures this provider can be found in [example-aws-parameterstore.properties](example-aws-parameterstore.properties).
+
 ## Common Parameters for Resource Providers
 
 Providers classified as [Resource Providers](https://docs.oracle.com/en/database/oracle/oracle-database/23/jajdb/oracle/jdbc/spi/OracleResourceProvider.html) within this module

ojdbc-provider-aws/example-aws-parameterstore-wallet.properties

@@ -0,0 +1,63 @@
+################################################################################
+# Copyright (c) 2024 Oracle and/or its affiliates.
+#
+# The Universal Permissive License (UPL), Version 1.0
+#
+# Subject to the condition set forth below, permission is hereby granted to any
+# person obtaining a copy of this software, associated documentation and/or data
+# (collectively the "Software"), free of charge and under any and all copyright
+# rights in the Software, and any and all patent rights owned or freely
+# licensable by each licensor hereunder covering either (i) the unmodified
+# Software as contributed to or provided by such licensor, or (ii) the Larger
+# Works (as defined below), to deal in both
+#
+# (a) the Software, and
+# (b) any piece of software and/or hardware listed in the lrgrwrks.txt file if
+# one is included with the Software (each a "Larger Work" to which the Software
+# is contributed by such licensors),
+#
+# without restriction, including without limitation the rights to copy, create
+# derivative works of, display, perform, and distribute the Software and make,
+# use, sell, offer for sale, import, export, have made, and have sold the
+# Software and the Larger Work(s), and to sublicense the foregoing rights on
+# either these or other terms.
+#
+# This license is subject to the following condition:
+# The above copyright notice and either this complete permission notice or at
+# a minimum a reference to the UPL must be included in all copies or
+# substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+################################################################################
+
+# An example of a connection properties file that configures Oracle JDBC to
+# obtain SEPS credentials from AWS Parameter Store.
+#
+# This file can be located by Oracle JDBC using the "oracle.jdbc.config.file"
+# connection property. For details, see:
+# https://docs.oracle.com/en/database/oracle/oracle-database/23/jajdb/oracle/jdbc/OracleConnection.html#CONNECTION_PROPERTY_CONFIG_FILE
+
+# Configures the AWS Parameter Store SEPS Wallet Provider for both username and password.
+# The SEPS wallet parameter name, wallet password, and index are configured via
+# "SEPS_WALLET_PARAMETER_NAME", "SEPS_WALLET_PASSWORD", and "SEPS_CONNECTION_STRING_INDEX".
+oracle.jdbc.provider.username=ojdbc-provider-aws-parameter-store-seps
+oracle.jdbc.provider.username.parameterName=${SEPS_WALLET_PARAMETER_NAME}
+oracle.jdbc.provider.username.walletPassword=${SEPS_WALLET_PASSWORD}
+oracle.jdbc.provider.username.connectionStringIndex=${SEPS_CONNECTION_STRING_INDEX}
+oracle.jdbc.provider.username.awsRegion=${AWS_REGION}
+
+oracle.jdbc.provider.password=ojdbc-provider-aws-parameter-store-seps
+oracle.jdbc.provider.password.parameterName=${SEPS_WALLET_PARAMETER_NAME}
+oracle.jdbc.provider.password.walletPassword=${SEPS_WALLET_PASSWORD}
+oracle.jdbc.provider.password.connectionStringIndex=${SEPS_CONNECTION_STRING_INDEX}
+oracle.jdbc.provider.password.authenticationMethod=aws-default
+oracle.jdbc.provider.password.awsRegion=${AWS_REGION}
+
+
+

ojdbc-provider-aws/example-aws-parameterstore.properties

@@ -0,0 +1,69 @@
+################################################################################
+# Copyright (c) 2025 Oracle and/or its affiliates.
+#
+# The Universal Permissive License (UPL), Version 1.0
+#
+# Subject to the condition set forth below, permission is hereby granted to any
+# person obtaining a copy of this software, associated documentation and/or data
+# (collectively the "Software"), free of charge and under any and all copyright
+# rights in the Software, and any and all patent rights owned or freely
+# licensable by each licensor hereunder covering either (i) the unmodified
+# Software as contributed to or provided by such licensor, or (ii) the Larger
+# Works (as defined below), to deal in both
+#
+# (a) the Software, and
+# (b) any piece of software and/or hardware listed in the lrgrwrks.txt file if
+# one is included with the Software (each a "Larger Work" to which the Software
+# is contributed by such licensors),
+#
+# without restriction, including without limitation the rights to copy, create
+# derivative works of, display, perform, and distribute the Software and make,
+# use, sell, offer for sale, import, export, have made, and have sold the
+# Software and the Larger Work(s), and to sublicense the foregoing rights on
+# either these or other terms.
+#
+# This license is subject to the following condition:
+# The above copyright notice and either this complete permission notice or at
+# a minimum a reference to the UPL must be included in all copies or
+# substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+################################################################################
+
+# An example of a connection properties file that configures Oracle JDBC to
+# login using a username and password managed by AWS Parameter Store.
+#
+# This file can be located by Oracle JDBC using the "oracle.jdbc.config.file"
+# connection property. For details, see:
+# https://docs.oracle.com/en/database/oracle/oracle-database/23/jajdb/oracle/jdbc/OracleConnection.html#CONNECTION_PROPERTY_CONFIG_FILE
+
+# Configures the AWS Parameter Store Username Provider.
+# The parameter name is configured as an environment variable or JVM system property
+# named "USERNAME_PARAMETER_NAME". The AWS region is configured via "AWS_REGION".
+oracle.jdbc.provider.username=ojdbc-provider-aws-parameter-store-username
+oracle.jdbc.provider.username.parameterName=${USERNAME_PARAMETER_NAME}
+oracle.jdbc.provider.username.awsRegion=${AWS_REGION}
+
+# Configures the AWS Parameter Store Password Provider.
+# The parameter name is configured as an environment variable or JVM system property
+# named "PASSWORD_PARAMETER_NAME". The AWS region is configured via "AWS_REGION".
+oracle.jdbc.provider.password=ojdbc-provider-aws-parameter-store-password
+oracle.jdbc.provider.password.parameterName=${PASSWORD_PARAMETER_NAME}
+oracle.jdbc.provider.password.awsRegion=${AWS_REGION}
+
+# Configures the AWS Parameter Store Connection String Provider.
+# The parameter name and alias are configured as environment variables or JVM system properties
+# named "TNSNAMES_PARAMETER_NAME" and "TNS_ALIAS", respectively. The AWS region is configured via "AWS_REGION".
+oracle.jdbc.provider.connectionString=ojdbc-provider-aws-parameter-store-tnsnames
+oracle.jdbc.provider.connectionString.parameterName=${TNSNAMES_PARAMETER_NAME}
+oracle.jdbc.provider.connectionString.tnsAlias=${TNS_ALIAS}
+oracle.jdbc.provider.connectionString.awsRegion=${AWS_REGION}
+
+
+