Java 将sam本地api连接到机密管理器时出现问题
我正在尝试在本地设置AWS SAM,这样就不必每次更改代码时都进行部署。但是我很难从秘密经理那里得到秘密。我已经使用Java 将sam本地api连接到机密管理器时出现问题,java,amazon-web-services,aws-sam,aws-secrets-manager,Java,Amazon Web Services,Aws Sam,Aws Secrets Manager,我正在尝试在本地设置AWS SAM,这样就不必每次更改代码时都进行部署。但是我很难从秘密经理那里得到秘密。我已经使用saminit--runtime java创建了一个新的SAM项目 然后,我在secret Manager中创建了一个新的secret,并更改了HelloWorld函数中的代码以尝试检索该密码 package helloworld; import java.io.PrintWriter; import java.io.StringWriter; import java.util.
saminit--runtime java创建了一个新的SAM项目
然后,我在secret Manager中创建了一个新的secret,并更改了HelloWorld函数中的代码以尝试检索该密码
package helloworld;
import java.io.PrintWriter;
import java.io.StringWriter;
import java.util.Base64;
import java.util.HashMap;
import java.util.Map;
import com.amazonaws.services.lambda.runtime.Context;
import com.amazonaws.services.lambda.runtime.RequestHandler;
import com.amazonaws.services.secretsmanager.AWSSecretsManager;
import com.amazonaws.services.secretsmanager.AWSSecretsManagerClientBuilder;
import com.amazonaws.services.secretsmanager.model.*;
/**
* Handler for requests to Lambda function.
*/
public class App implements RequestHandler<Object, Object> {
public Object handleRequest(final Object input, final Context context) {
Map<String, String> headers = new HashMap<>();
headers.put("Content-Type", "application/json");
headers.put("X-Custom-Header", "application/json");
try {
String secretName = "testsecret";
String region = "us-west-2";
// Create a Secrets Manager client
AWSSecretsManager client = AWSSecretsManagerClientBuilder.standard()
.withRegion(region)
.build();
String secret, decodedBinarySecret;
GetSecretValueRequest getSecretValueRequest = new GetSecretValueRequest()
.withSecretId(secretName);
GetSecretValueResult getSecretValueResult = null;
try {
getSecretValueResult = client.getSecretValue(getSecretValueRequest);
} catch (DecryptionFailureException e) {
// Secrets Manager can't decrypt the protected secret text using the provided KMS key.
// Deal with the exception here, and/or rethrow at your discretion.
throw e;
} catch (InternalServiceErrorException e) {
// An error occurred on the server side.
// Deal with the exception here, and/or rethrow at your discretion.
throw e;
} catch (InvalidParameterException e) {
// You provided an invalid value for a parameter.
// Deal with the exception here, and/or rethrow at your discretion.
throw e;
} catch (InvalidRequestException e) {
// You provided a parameter value that is not valid for the current state of the resource.
// Deal with the exception here, and/or rethrow at your discretion.
throw e;
} catch (ResourceNotFoundException e) {
System.out.println(e.getMessage());
StringWriter outError = new StringWriter();
e.printStackTrace(new PrintWriter(outError));
System.out.println(outError.toString());
// We can't find the resource that you asked for.
// Deal with the exception here, and/or rethrow at your discretion.
throw e;
}
// Decrypts secret using the associated KMS CMK.
// Depending on whether the secret is a string or binary, one of these fields will be populated.
if (getSecretValueResult.getSecretString() != null) {
secret = getSecretValueResult.getSecretString();
return new GatewayResponse(secret, headers, 200);
}
else {
decodedBinarySecret = new String(Base64.getDecoder().decode(getSecretValueResult.getSecretBinary()).array());
return new GatewayResponse(decodedBinarySecret, headers, 200);
}
} catch (Exception e) {
return new GatewayResponse("{}", headers, 500);
}
}
}
但是,获取机密的代码与机密管理器中给出的代码相同。无法从sam本地连接到真正的AWS服务吗?我对DynamoDB也有类似的问题,但通过使用DynamoDB Local可以让它正常工作
关于如何连接到real secrets manager或以某种方式在本地伪造它,您有什么建议吗?当您运行DynamoDB Local时,它实际上是在运行测试进程的线程中运行一个模拟DDB服务器(或作为一个本地进程,具体取决于您如何启动它)。不幸的是,Secrets Manager和其他AWS服务没有提供同等的测试解决方案
但是,如果您返回ResourceNotFoundException,则您似乎能够成功连接到Secrets Manager。与机密管理器的连接可能使用的帐户与存储机密的帐户不同。检查代码使用的凭据的一种方法是使用调用。当您运行DynamoDB Local时,它实际上是在运行测试进程的线程中运行模拟DDB服务器(或作为本地进程,具体取决于您如何启动它)。不幸的是,Secrets Manager和其他AWS服务没有提供同等的测试解决方案
但是,如果您返回ResourceNotFoundException,则您似乎能够成功连接到Secrets Manager。与机密管理器的连接可能使用的帐户与存储机密的帐户不同。检查代码使用的凭据的一种方法是使用调用。正是这样。我启动sam local时没有配置文件,所以它使用的是我的默认配置文件,而不是我的工作帐户。添加了--配置文件工作配置文件,它找到了秘密。这也修复了我连接到DynamoDB时遇到的问题,因此现在我可以连接到我们的Dev dynamo表,或者可以选择使用本地版本。谢谢就是这样。我启动sam local时没有配置文件,所以它使用的是我的默认配置文件,而不是我的工作帐户。添加了--配置文件工作配置文件,它找到了秘密。这也修复了我连接到DynamoDB时遇到的问题,因此现在我可以连接到我们的Dev dynamo表,或者可以选择使用本地版本。谢谢
Secrets Manager can’t find the specified secret. (Service: AWSSecretsManager; Status Code: 400; Error Code: ResourceNotFoundException; Request ID: 6881467f-d968-4f4e-ae60-7e3128124cc5)
com.amazonaws.services.secretsmanager.model.ResourceNotFoundException: Secrets Manager can’t find the specified secret. (Service: AWSSecretsManager; Status Code: 400; Error Code: ResourceNotFoundException; Request ID: 6881467f-d968-4f4e-ae60-7e3128124cc5)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.handleErrorResponse(AmazonHttpClient.java:1632)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeOneRequest(AmazonHttpClient.java:1304)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeHelper(AmazonHttpClient.java:1058)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.doExecute(AmazonHttpClient.java:743)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeWithTimer(AmazonHttpClient.java:717)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.execute(AmazonHttpClient.java:699)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.access$500(AmazonHttpClient.java:667)
at com.amazonaws.http.AmazonHttpClient$RequestExecutionBuilderImpl.execute(AmazonHttpClient.java:649)
at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:513)
at com.amazonaws.services.secretsmanager.AWSSecretsManagerClient.doInvoke(AWSSecretsManagerClient.java:2024)
at com.amazonaws.services.secretsmanager.AWSSecretsManagerClient.invoke(AWSSecretsManagerClient.java:2000)
at com.amazonaws.services.secretsmanager.AWSSecretsManagerClient.executeGetSecretValue(AWSSecretsManagerClient.java:878)
at com.amazonaws.services.secretsmanager.AWSSecretsManagerClient.getSecretValue(AWSSecretsManagerClient.java:853)
at helloworld.App.handleRequest(App.java:53)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at lambdainternal.EventHandlerLoader$PojoMethodRequestHandler.handleRequest(EventHandlerLoader.java:259)
at lambdainternal.EventHandlerLoader$PojoHandlerAsStreamHandler.handleRequest(EventHandlerLoader.java:178)
at lambdainternal.EventHandlerLoader$2.call(EventHandlerLoader.java:888)
at lambdainternal.AWSLambda.startRuntime(AWSLambda.java:293)
at lambdainternal.AWSLambda.<clinit>(AWSLambda.java:64)
at java.lang.Class.forName0(Native Method)
at java.lang.Class.forName(Class.java:348)
at lambdainternal.LambdaRTEntry.main(LambdaRTEntry.java:114)