Skip to content

Commit

Permalink
Adjust webapp to read db config from separate secret
Browse files Browse the repository at this point in the history
  • Loading branch information
@anthonyhashemi
anthonyhashemi committed Feb 7, 2025
1 parent d09a302 commit 95e9c6d
Show file tree
Hide file tree
Showing 2 changed files with 82 additions and 14 deletions.
70 changes: 56 additions & 14 deletions app/tests/test_config.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -156,7 +156,9 @@ def test_local_env_config_variable_not_set_error(monkeypatch):
@mock_aws
def test_aws_secrets_manager_config_initialized(monkeypatch):
"""
GIVEN AWS secret with secret_id `AWS_SM_CONFIG_SECRET_ID` is set with all config key value pairs
GIVEN AWS secret with secret_ids`AWS_SM_CONFIG_SECRET_ID`,
`AWS_SM_KEYCLOAK_CLIENT_SECRET_ID` and `AWS_SM_DB_CONFIG_SECRET_ID`
set with all config key value pairs
WHEN Config is initialized
THEN it should have attributes with the expected values from the AWS Secrets Manager secret
"""
Expand All @@ -172,12 +174,7 @@ def test_aws_secrets_manager_config_initialized(monkeypatch):
"PERF_TEST": "False",
"FLASKS3_BUCKET_NAME": "test_flasks3_bucket_name",
"DEFAULT_DATE_FORMAT": "test_default_date_format",
"SECRET_KEY": "test_secret_key", # pragma: allowlist secret
"DB_PORT": "5432",
"DB_HOST": "test_db_host",
"DB_USER": "test_db_user",
"DB_PASSWORD": "test_db_password", # pragma: allowlist secret
"DB_NAME": "test_db_name",
"SECRET_KEY": "test_secret_key", # pragma: allowlist secret,
"DB_SSL_ROOT_CERTIFICATE": "test_db_ssl_root_certificate",
"DEFAULT_PAGE_SIZE": 10,
"OPEN_SEARCH_MASTER_ROLE_ARN": "test_master_role_arn",
Expand All @@ -188,6 +185,16 @@ def test_aws_secrets_manager_config_initialized(monkeypatch):

secret_kc_value = json.dumps({"SECRET": "test_keycloak_client_secret"})

secret_db_value = json.dumps(
{
"username": "test_db_user",
"password": "test_db_password", # pragma: allowlist secret
"host": "test_db_host",
"port": "5432",
"dbname": "test_db_name",
}
)

ssm_client = boto3.client("secretsmanager")

ssm_client.create_secret(
Expand All @@ -200,6 +207,11 @@ def test_aws_secrets_manager_config_initialized(monkeypatch):
SecretString=secret_kc_value,
)

ssm_client.create_secret(
Name="test_db_config_secret_id",
SecretString=secret_db_value,
)

monkeypatch.setenv(
"AWS_SM_CONFIG_SECRET_ID", "test_secret_id"
) # pragma: allowlist secret
Expand All @@ -208,6 +220,10 @@ def test_aws_secrets_manager_config_initialized(monkeypatch):
"AWS_SM_KEYCLOAK_CLIENT_SECRET_ID", "test_kc_secret_id"
) # pragma: allowlist secret

monkeypatch.setenv(
"AWS_SM_DB_CONFIG_SECRET_ID", "test_db_config_secret_id"
) # pragma: allowlist secret

with patch(
"botocore.client.BaseClient._make_api_call", new=mock_make_api_call
):
Expand Down Expand Up @@ -257,8 +273,9 @@ def test_aws_secrets_manager_config_initialized(monkeypatch):
@mock_aws
def test_aws_secrets_manager_config_variable_not_set_error(monkeypatch):
"""
GIVEN AWS secret with secret_id `AWS_SM_CONFIG_SECRET_ID` is set
and a variable 'DEFAULT_DATE_FORMAT' is not set
GIVEN AWS secret with secret_ids`AWS_SM_CONFIG_SECRET_ID`,
`AWS_SM_KEYCLOAK_CLIENT_SECRET_ID` and `AWS_SM_DB_CONFIG_SECRET_ID`
set and a variable 'DEFAULT_DATE_FORMAT' is not set
WHEN Config is initialized
THEN it should raise an exception with error
"""
Expand All @@ -275,11 +292,6 @@ def test_aws_secrets_manager_config_variable_not_set_error(monkeypatch):
"PERF_TEST": "False",
"FLASKS3_BUCKET_NAME": "test_flasks3_bucket_name",
"SECRET_KEY": "test_secret_key", # pragma: allowlist secret
"DB_PORT": "5432",
"DB_HOST": "test_db_host",
"DB_USER": "test_db_user",
"DB_PASSWORD": "test_db_password", # pragma: allowlist secret
"DB_NAME": "test_db_name",
"DB_SSL_ROOT_CERTIFICATE": "test_db_ssl_root_certificate",
"DEFAULT_PAGE_SIZE": 10,
"CSP_CONNECT_SRC": "",
Expand All @@ -295,17 +307,47 @@ def test_aws_secrets_manager_config_variable_not_set_error(monkeypatch):
}
)

secret_kc_value = json.dumps({"SECRET": "test_keycloak_client_secret"})

secret_db_value = json.dumps(
{
"username": "test_db_user",
"password": "test_db_password", # pragma: allowlist secret
"host": "test_db_host",
"port": "5432",
"dbname": "test_db_name",
}
)

ssm_client = boto3.client("secretsmanager")

ssm_client.create_secret(
Name="test_secret_id",
SecretString=secret_value,
)

ssm_client.create_secret(
Name="test_kc_secret_id",
SecretString=secret_kc_value,
)

ssm_client.create_secret(
Name="test_db_config_secret_id",
SecretString=secret_db_value,
)

monkeypatch.setenv(
"AWS_SM_CONFIG_SECRET_ID", "test_secret_id"
) # pragma: allowlist secret

monkeypatch.setenv(
"AWS_SM_KEYCLOAK_CLIENT_SECRET_ID", "test_kc_secret_id"
) # pragma: allowlist secret

monkeypatch.setenv(
"AWS_SM_DB_CONFIG_SECRET_ID", "test_db_config_secret_id"
) # pragma: allowlist secret

config = AWSSecretsManagerConfig()

with pytest.raises(KeyError) as error:
Expand Down
26 changes: 26 additions & 0 deletions configs/aws_secrets_manager_config.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,32 @@ def KEYCLOAK_CLIENT_SECRET(self):
os.getenv("AWS_SM_KEYCLOAK_CLIENT_SECRET_ID")
)["SECRET"]

@property
def _DB_CONFIG(self):
return self._get_secrets_manager_config_dict(
os.getenv("AWS_SM_DB_CONFIG_SECRET_ID")
)

@property
def DB_HOST(self):
return self._DB_CONFIG["host"]

@property
def DB_PORT(self):
return self._DB_CONFIG["port"]

@property
def DB_USER(self):
return self._DB_CONFIG["username"]

@property
def DB_PASSWORD(self):
return self._DB_CONFIG["password"]

@property
def DB_NAME(self):
return self._DB_CONFIG["dbname"]

@property
def OPEN_SEARCH_HTTP_AUTH(self):
sts_client = boto3.client("sts")
Expand Down

0 comments on commit 95e9c6d

Please sign in to comment.