From b6a5e80315800ef9e9c0f58a98063d4be3f97e55 Mon Sep 17 00:00:00 2001 From: Elena Kolevska Date: Fri, 30 Aug 2024 19:05:34 +0100 Subject: [PATCH] Removes the dummy check for AWS Parameter Store access validation (#3520) Signed-off-by: Elena Kolevska Co-authored-by: Yaron Schneider --- .../aws/parameterstore/parameterstore.go | 25 +++---------------- .../aws/parameterstore/parameterstore_test.go | 19 -------------- 2 files changed, 3 insertions(+), 41 deletions(-) diff --git a/secretstores/aws/parameterstore/parameterstore.go b/secretstores/aws/parameterstore/parameterstore.go index 38c22fc5ad..590540cf04 100644 --- a/secretstores/aws/parameterstore/parameterstore.go +++ b/secretstores/aws/parameterstore/parameterstore.go @@ -15,7 +15,6 @@ package parameterstore import ( "context" - "errors" "fmt" "reflect" @@ -24,7 +23,6 @@ import ( "github.com/aws/aws-sdk-go/service/ssm/ssmiface" awsAuth "github.com/dapr/components-contrib/common/authentication/aws" - "github.com/dapr/components-contrib/common/utils" "github.com/dapr/components-contrib/metadata" "github.com/dapr/components-contrib/secretstores" "github.com/dapr/kit/logger" @@ -67,32 +65,15 @@ func (s *ssmSecretStore) Init(ctx context.Context, metadata secretstores.Metadat return err } - // This check is needed because d.client is set to a mock in tests - if s.client == nil { - s.client, err = s.getClient(meta) - if err != nil { - return err - } + s.client, err = s.getClient(meta) + if err != nil { + return err } s.prefix = meta.Prefix - // Validate client connection - var notFoundErr *ssm.ParameterNotFound - if err := s.validateConnection(ctx); err != nil && !errors.As(err, ¬FoundErr) { - return fmt.Errorf("error validating access to the aws.parameterstore secret store: %w", err) - } return nil } -// validateConnection runs a dummy GetParameterWithContext operation -// to validate the connection credentials -func (s *ssmSecretStore) validateConnection(ctx context.Context) error { - _, err := s.client.GetParameterWithContext(ctx, &ssm.GetParameterInput{ - Name: ptr.Of(s.prefix + utils.GetRandOrDefaultString("dapr-test-param")), - }) - return err -} - // GetSecret retrieves a secret using a key and returns a map of decrypted string/string values. func (s *ssmSecretStore) GetSecret(ctx context.Context, req secretstores.GetSecretRequest) (secretstores.GetSecretResponse, error) { name := req.Name diff --git a/secretstores/aws/parameterstore/parameterstore_test.go b/secretstores/aws/parameterstore/parameterstore_test.go index 3211079ca1..9747f58b2a 100644 --- a/secretstores/aws/parameterstore/parameterstore_test.go +++ b/secretstores/aws/parameterstore/parameterstore_test.go @@ -50,12 +50,6 @@ func (m *mockedSSM) DescribeParametersWithContext(ctx context.Context, input *ss func TestInit(t *testing.T) { m := secretstores.Metadata{} s := NewParameterStore(logger.NewLogger("test")) - s.(*ssmSecretStore).client = &mockedSSM{ - GetParameterFn: func(ctx context.Context, input *ssm.GetParameterInput, option ...request.Option) (*ssm.GetParameterOutput, error) { - // Simulate a non error response from AWS SSM - return nil, nil - }, - } t.Run("Init with valid metadata", func(t *testing.T) { m.Properties = map[string]string{ @@ -68,19 +62,6 @@ func TestInit(t *testing.T) { err := s.Init(context.Background(), m) require.NoError(t, err) }) - - t.Run("Init with invalid connection details", func(t *testing.T) { - s.(*ssmSecretStore).client = &mockedSSM{ - GetParameterFn: func(ctx context.Context, input *ssm.GetParameterInput, option ...request.Option) (*ssm.GetParameterOutput, error) { - // Simulate a failure that resembles what AWS SSM would return - return nil, fmt.Errorf("wrong-credentials") - }, - } - - err := s.Init(context.Background(), m) - require.Error(t, err) - require.EqualError(t, err, "error validating access to the aws.parameterstore secret store: wrong-credentials") - }) } func TestGetSecret(t *testing.T) {