Merge pull request #3 from GetDutchie/feature/eng-6332/transition-envs-from-env-to-secrets-store

feat: add testing and provide new override method functionality - eng-6332

Author: chrishough

Gemfile.lock

@@ -2,27 +2,43 @@ PATH
   remote: .
   specs:
     secrets-manager (1.1.0)
+      activesupport (~> 5.0, >= 5.0.0.1)
       aws-sdk-secretsmanager (>= 1.31.0)
       concurrent-ruby (>= 1.0)
 
 GEM
   remote: https://rubygems.org/
   specs:
-    aws-eventstream (1.0.3)
-    aws-partitions (1.276.0)
-    aws-sdk-core (3.90.1)
-      aws-eventstream (~> 1.0, >= 1.0.2)
+    activesupport (5.2.6)
+      concurrent-ruby (~> 1.0, >= 1.0.2)
+      i18n (>= 0.7, < 2)
+      minitest (~> 5.1)
+      tzinfo (~> 1.1)
+    aws-eventstream (1.1.1)
+    aws-partitions (1.492.0)
+    aws-sdk-core (3.119.1)
+      aws-eventstream (~> 1, >= 1.0.2)
       aws-partitions (~> 1, >= 1.239.0)
       aws-sigv4 (~> 1.1)
       jmespath (~> 1.0)
-    aws-sdk-secretsmanager (1.33.0)
-      aws-sdk-core (~> 3, >= 3.71.0)
+    aws-sdk-secretsmanager (1.48.0)
+      aws-sdk-core (~> 3, >= 3.119.0)
       aws-sigv4 (~> 1.1)
-    aws-sigv4 (1.1.0)
-      aws-eventstream (~> 1.0, >= 1.0.2)
+    aws-sigv4 (1.2.4)
+      aws-eventstream (~> 1, >= 1.0.2)
+    coderay (1.1.3)
     concurrent-ruby (1.1.6)
     diff-lcs (1.3)
+    faker (2.19.0)
+      i18n (>= 1.6, < 2)
+    i18n (1.8.10)
+      concurrent-ruby (~> 1.0)
     jmespath (1.4.0)
+    method_source (1.0.0)
+    minitest (5.14.4)
+    pry (0.13.1)
+      coderay (~> 1.1)
+      method_source (~> 1.0)
     rake (10.5.0)
     rspec (3.8.0)
       rspec-core (~> 3.8.0)
@@ -37,15 +53,22 @@ GEM
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.8.0)
     rspec-support (3.8.2)
+    thread_safe (0.3.6)
+    timecop (0.8.1)
+    tzinfo (1.2.9)
+      thread_safe (~> 0.1)
 
 PLATFORMS
   ruby
 
 DEPENDENCIES
   bundler (~> 2.0)
+  faker
+  pry (~> 0.13.1)
   rake (~> 10.0)
   rspec (~> 3.0)
   secrets-manager!
+  timecop (~> 0.8.1)
 
 BUNDLED WITH
    2.1.4

lib/secrets-manager.rb

@@ -4,6 +4,8 @@
 require "aws-sdk-secretsmanager"
 require "concurrent-ruby"
 require "json"
+require "active_support/core_ext/object/blank.rb"
+require "base64"
 
 module SecretsManager
   class SecretNotFound < StandardError; end;
@@ -23,13 +25,15 @@ def reset
 
     def set(path, value, ttl = 86400)
       @_cache[path] = {expires_at: (Time.now + ttl), value: value}
+
       return self
     end
 
     def find(path)
       fetched = @_cache[path]
       return unless fetched
       return unless !fetched[:expires_at].nil? && (fetched[:expires_at]) > Time.now
+
       fetched[:value]
     end
   end
@@ -43,34 +47,36 @@ def initialize(client: nil)
     end
 
     def secret_env
-      ENV['AWS_SECRETS_ENV'] || ENV['RACK_ENV'] || 'development'
+      ENV["AWS_SECRETS_ENV"] || ENV["RACK_ENV"] || "development"
     end
 
     def client
       return @aws_client if @aws_client
 
       @_client ||= Aws::SecretsManager::Client.new({
-        region: ENV.fetch('AWS_SECRETS_REGION', 'us-east-1'),
-        credentials: Aws::Credentials.new(ENV['AWS_SECRETS_KEY'], ENV['AWS_SECRETS_SECRET'])
+        region: ENV.fetch("AWS_SECRETS_REGION", "us-east-1"),
+        credentials: Aws::Credentials.new(ENV["AWS_SECRETS_KEY"], ENV["AWS_SECRETS_SECRET"])
       })
     end
 
     def fetch(secret_path)
       if secret_path.start_with?("global")
         resolved_path = secret_path
       else
-        resolved_path = secret_env + '/' + secret_path
+        resolved_path = secret_env + "/" + secret_path
       end
 
       cached_value = cache.find(resolved_path)
       return cached_value if cached_value
 
       response = client.get_secret_value(secret_id: resolved_path)
       return nil unless response && response.secret_string
-      object = JSON.parse(response.secret_string, symbolize_names: true)
 
+      object = JSON.parse(response.secret_string, symbolize_names: true)
       value = parse_value(object)
+
       cache.set(resolved_path, value, parse_ttl(object))
+
       return value
     rescue Aws::SecretsManager::Errors::ResourceNotFoundException => e
       raise SecretsManager::SecretNotFound, "Could not find secret with path #{resolved_path}"
@@ -81,6 +87,7 @@ def [](path)
     end
 
     private
+
     def parse_ttl(data)
       ## Default to one day cache TTL
       return 86400 unless data[:ttl].present?
@@ -106,6 +113,5 @@ def parse_value(data)
 
       return value
     end
-
   end
-end
+end

secrets-manager.gemspec

@@ -18,17 +18,21 @@ Gem::Specification.new do |spec|
 
   # Specify which files should be added to the gem when it is released.
   # The `git ls-files -z` loads the files in the RubyGem that have been added into git.
-  spec.files         = Dir.chdir(File.expand_path('..', __FILE__)) do
+  spec.files         = Dir.chdir(File.expand_path("..", __FILE__)) do
     `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
   end
   spec.bindir        = "exe"
   spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
   spec.require_paths = ["lib"]
 
   spec.add_dependency "concurrent-ruby", ">= 1.0"
-  spec.add_dependency 'aws-sdk-secretsmanager', '>= 1.31.0'
+  spec.add_dependency "aws-sdk-secretsmanager", ">= 1.31.0"
+  spec.add_dependency "activesupport", "~> 5.0", ">= 5.0.0.1"
 
   spec.add_development_dependency "bundler", "~> 2.0"
   spec.add_development_dependency "rake", "~> 10.0"
   spec.add_development_dependency "rspec", "~> 3.0"
+  spec.add_development_dependency "pry", "~> 0.13.1"
+  spec.add_development_dependency "timecop", "~> 0.8.1"
+  spec.add_development_dependency "faker"
 end