This is an automated email from the ASF dual-hosted git repository. davsclaus pushed a commit to branch secret in repository https://gitbox.apache.org/repos/asf/camel.git
commit 63da457be2e0308eff5071db679bde6955fdd886 Author: Claus Ibsen <[email protected]> AuthorDate: Wed Sep 7 10:55:20 2022 +0200 CAMEL-18454: Allow to enable secret refresh from vault. (AWS) --- .../vault/CloudTrailReloadTriggerTask.java | 40 ++++++++++++++++------ 1 file changed, 29 insertions(+), 11 deletions(-) diff --git a/components/camel-aws/camel-aws-secrets-manager/src/main/java/org/apache/camel/component/aws/secretsmanager/vault/CloudTrailReloadTriggerTask.java b/components/camel-aws/camel-aws-secrets-manager/src/main/java/org/apache/camel/component/aws/secretsmanager/vault/CloudTrailReloadTriggerTask.java index 81036397bf9..fbfb01e1860 100644 --- a/components/camel-aws/camel-aws-secrets-manager/src/main/java/org/apache/camel/component/aws/secretsmanager/vault/CloudTrailReloadTriggerTask.java +++ b/components/camel-aws/camel-aws-secrets-manager/src/main/java/org/apache/camel/component/aws/secretsmanager/vault/CloudTrailReloadTriggerTask.java @@ -21,6 +21,7 @@ import java.util.List; import org.apache.camel.CamelContext; import org.apache.camel.spi.ContextReloadStrategy; +import org.apache.camel.support.PatternHelper; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import software.amazon.awssdk.auth.credentials.AwsBasicCredentials; @@ -37,23 +38,31 @@ import software.amazon.awssdk.services.cloudtrail.model.LookupEventsRequest; import software.amazon.awssdk.services.cloudtrail.model.LookupEventsResponse; import software.amazon.awssdk.services.cloudtrail.model.Resource; +/** + * Period task which checks if AWS secrets has been updated and + * can trigger Camel to be reloaded. + */ public class CloudTrailReloadTriggerTask implements Runnable { + // TODO: extends ServiceSupport + // TODO: doStart to create CloudTrailClient + // TODO: doStop to cleanup if needed + // TODO: support ENV like SecretsManagerPropertiesFunction + private static final Logger LOG = LoggerFactory.getLogger(CloudTrailReloadTriggerTask.class); private static final String SECRETSMANAGER_AMAZONAWS_COM = "secretsmanager.amazonaws.com"; private final CamelContext context; - private final String secretNameList; + private final String secrets; private volatile Instant lastTime; - public CloudTrailReloadTriggerTask(CamelContext context, String secretName) { + public CloudTrailReloadTriggerTask(CamelContext context, String secrets) { this.context = context; - this.secretNameList = secretName; + this.secrets = secrets; } @Override public void run() { - String[] secretNames = secretNameList.split(","); boolean triggerReloading = false; CloudTrailClientBuilder cloudTrailClientBuilder; Region regionValue = Region.of(context.getVaultConfiguration().aws().getRegion()); @@ -91,12 +100,11 @@ public class CloudTrailReloadTriggerTask implements Runnable { if (event.eventName().equalsIgnoreCase("PutSecretValue")) { List<Resource> a = event.resources(); for (Resource res : a) { - for (String secretNameElem : secretNames) { - if (res.resourceName().contains(secretNameElem)) { - LOG.info("Update for secret {} detected, triggering a CamelContext reload", secretNameElem); - triggerReloading = true; - break; - } + String name = res.resourceName(); + if (matchSecret(name, secrets)) { + LOG.info("Update for secret: {} detected, triggering a CamelContext reload", name); + triggerReloading = true; + break; } } } @@ -106,7 +114,7 @@ public class CloudTrailReloadTriggerTask implements Runnable { throw e; } - if (triggerReloading && context != null) { + if (triggerReloading) { ContextReloadStrategy reload = context.hasService(ContextReloadStrategy.class); if (reload != null) { // trigger reload @@ -114,4 +122,14 @@ public class CloudTrailReloadTriggerTask implements Runnable { } } } + + protected boolean matchSecret(String name, String patterns) { + String[] parts = patterns.split(","); + for (String part : parts) { + if (name.contains(part) || PatternHelper.matchPattern(name, part)) { + return true; + } + } + return false; + } }
