This is an automated email from the ASF dual-hosted git repository.
pvillard pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/nifi.git
The following commit(s) were added to refs/heads/main by this push:
new 716b53b5fd NIFI-14689 Upgraded AWS Secrets Manager Parameter Providers
to use AWS 2.x libraries
716b53b5fd is described below
commit 716b53b5fd67377759f7eb56f40dee48e925a189
Author: Peter Turcsanyi <[email protected]>
AuthorDate: Thu Jun 26 10:20:59 2025 +0200
NIFI-14689 Upgraded AWS Secrets Manager Parameter Providers to use AWS 2.x
libraries
Also removed v1 leftovers from already upgraded or removed components
(CloudWatch, Lambda, Kinesis, ML, ApiGateway)
Signed-off-by: Pierre Villard <[email protected]>
This closes #10050.
---
.../aws/wag/client/GenericApiGatewayClient.java | 132 -------------------
.../wag/client/GenericApiGatewayClientBuilder.java | 76 -----------
.../aws/wag/client/GenericApiGatewayException.java | 13 --
.../aws/wag/client/GenericApiGatewayRequest.java | 45 -------
.../client/GenericApiGatewayRequestBuilder.java | 49 -------
.../aws/wag/client/GenericApiGatewayResponse.java | 27 ----
.../nifi/processors/aws/wag/client/Validate.java | 17 ---
.../nifi-aws-parameter-providers/pom.xml | 12 +-
.../aws/AwsSecretsManagerParameterProvider.java | 146 +++++++++++++--------
.../TestAwsSecretsManagerParameterProvider.java | 70 +++++-----
.../nifi-aws-parameter-value-providers/pom.xml | 8 +-
.../AwsSecretsManagerParameterValueProvider.java | 47 +++----
.../TestSecretsManagerParameterValueProvider.java | 21 +--
.../aws/cloudwatch/PutCloudWatchMetric.java | 3 +-
.../nifi/processors/aws/lambda/PutLambda.java | 4 +-
.../aws/ml/AwsResponseMetadataDeserializer.java | 36 -----
.../aws/ml/SdkHttpMetadataDeserializer.java | 36 -----
.../aws/cloudwatch/MockPutCloudWatchMetric.java | 8 +-
.../aws/kinesis/stream/ITConsumeKinesisStream.java | 2 -
.../kinesis/stream/TestConsumeKinesisStream.java | 3 +-
.../nifi/processors/aws/lambda/TestPutLambda.java | 7 +-
21 files changed, 176 insertions(+), 586 deletions(-)
diff --git
a/nifi-extension-bundles/nifi-aws-bundle/nifi-aws-abstract-processors/src/main/java/org/apache/nifi/processors/aws/wag/client/GenericApiGatewayClient.java
b/nifi-extension-bundles/nifi-aws-bundle/nifi-aws-abstract-processors/src/main/java/org/apache/nifi/processors/aws/wag/client/GenericApiGatewayClient.java
deleted file mode 100644
index 055547f487..0000000000
---
a/nifi-extension-bundles/nifi-aws-bundle/nifi-aws-abstract-processors/src/main/java/org/apache/nifi/processors/aws/wag/client/GenericApiGatewayClient.java
+++ /dev/null
@@ -1,132 +0,0 @@
-package org.apache.nifi.processors.aws.wag.client;
-
-import com.amazonaws.AmazonServiceException;
-import com.amazonaws.AmazonWebServiceClient;
-import com.amazonaws.AmazonWebServiceResponse;
-import com.amazonaws.ClientConfiguration;
-import com.amazonaws.DefaultRequest;
-import com.amazonaws.Response;
-import com.amazonaws.auth.AWS4Signer;
-import com.amazonaws.auth.AWSCredentialsProvider;
-import com.amazonaws.http.AmazonHttpClient;
-import com.amazonaws.http.ExecutionContext;
-import com.amazonaws.http.HttpMethodName;
-import com.amazonaws.http.HttpResponseHandler;
-import com.amazonaws.http.JsonResponseHandler;
-import com.amazonaws.internal.auth.DefaultSignerProvider;
-import com.amazonaws.protocol.json.JsonErrorResponseMetadata;
-import com.amazonaws.protocol.json.JsonOperationMetadata;
-import com.amazonaws.protocol.json.SdkStructuredPlainJsonFactory;
-import com.amazonaws.regions.Region;
-import com.amazonaws.transform.JsonErrorUnmarshaller;
-import com.amazonaws.transform.JsonUnmarshallerContext;
-import com.amazonaws.transform.Unmarshaller;
-import com.fasterxml.jackson.databind.JsonNode;
-
-import java.io.InputStream;
-import java.net.URI;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-
-public class GenericApiGatewayClient extends AmazonWebServiceClient {
- private static final String API_GATEWAY_SERVICE_NAME = "execute-api";
- private static final String API_KEY_HEADER = "x-api-key";
-
- private final JsonResponseHandler<GenericApiGatewayResponse>
responseHandler;
- private final HttpResponseHandler<AmazonServiceException>
errorResponseHandler;
- private final AWSCredentialsProvider credentials;
- private final String apiKey;
- private final AWS4Signer signer;
- private final URI endpoint;
- private final String region;
-
- GenericApiGatewayClient(ClientConfiguration clientConfiguration, String
endpoint, Region region,
- AWSCredentialsProvider credentials, String apiKey,
AmazonHttpClient httpClient) {
- super(clientConfiguration);
- this.endpoint = URI.create(endpoint);
- this.region = region.getName();
- this.credentials = credentials;
- this.apiKey = apiKey;
- this.signer = new AWS4Signer();
- this.signer.setServiceName(API_GATEWAY_SERVICE_NAME);
- this.signer.setRegionName(region.getName());
-
- final JsonOperationMetadata metadata = new
JsonOperationMetadata().withHasStreamingSuccessResponse(false).withPayloadJson(false);
- final Unmarshaller<GenericApiGatewayResponse, JsonUnmarshallerContext>
responseUnmarshaller = in -> new
GenericApiGatewayResponse(in.getHttpResponse());
- this.responseHandler =
SdkStructuredPlainJsonFactory.SDK_JSON_FACTORY.createResponseHandler(metadata,
responseUnmarshaller);
-
- final JsonErrorResponseMetadata errorResponseMetadata = new
JsonErrorResponseMetadata();
- final JsonErrorUnmarshaller defaultErrorUnmarshaller = new
JsonErrorUnmarshaller(GenericApiGatewayException.class, null) {
- @Override
- public AmazonServiceException unmarshall(final JsonNode
jsonContent) {
- return new GenericApiGatewayException(jsonContent.toString());
- }
- };
-
- this.errorResponseHandler =
SdkStructuredPlainJsonFactory.SDK_JSON_FACTORY.createErrorResponseHandler(errorResponseMetadata,
List.of(defaultErrorUnmarshaller));
-
- if (httpClient != null) {
- super.client = httpClient;
- }
- }
-
- public GenericApiGatewayResponse execute(GenericApiGatewayRequest request)
{
- return execute(request.getHttpMethod(), request.getResourcePath(),
request.getHeaders(), request.getParameters(), request.getBody());
- }
-
- private GenericApiGatewayResponse execute(HttpMethodName method, String
resourcePath, Map<String, String> headers, Map<String, List<String>>
parameters, InputStream content) {
- final ExecutionContext executionContext = buildExecutionContext();
-
- DefaultRequest<?> request = new
DefaultRequest<>(API_GATEWAY_SERVICE_NAME);
- request.setHttpMethod(method);
- request.setContent(content);
- request.setEndpoint(this.endpoint);
- request.setResourcePath(resourcePath);
- request.setHeaders(buildRequestHeaders(headers, apiKey));
- if (parameters != null) {
- request.setParameters(parameters);
- }
-
- final Response<AmazonWebServiceResponse<GenericApiGatewayResponse>>
response = client.requestExecutionBuilder()
- .request(request)
- .errorResponseHandler(errorResponseHandler)
- .executionContext(executionContext)
- .execute(responseHandler);
-
- return response.getAwsResponse().getResult();
- }
-
- private ExecutionContext buildExecutionContext() {
- final ExecutionContext executionContext = ExecutionContext.builder()
- .withSignerProvider(new DefaultSignerProvider(this, signer))
- .build();
- executionContext.setCredentialsProvider(credentials);
- return executionContext;
- }
-
- private Map<String, String> buildRequestHeaders(Map<String, String>
headers, final String apiKey) {
- if (headers == null) {
- headers = new HashMap<>();
- }
- if (apiKey != null) {
- headers.put(API_KEY_HEADER, apiKey);
- }
- return headers;
- }
-
- public URI getEndpoint() {
- return this.endpoint;
- }
-
- public String getRegion() {
- return region;
- }
-
- @Override
- protected String getServiceNameIntern() {
- return API_GATEWAY_SERVICE_NAME;
- }
-}
-
-
diff --git
a/nifi-extension-bundles/nifi-aws-bundle/nifi-aws-abstract-processors/src/main/java/org/apache/nifi/processors/aws/wag/client/GenericApiGatewayClientBuilder.java
b/nifi-extension-bundles/nifi-aws-bundle/nifi-aws-abstract-processors/src/main/java/org/apache/nifi/processors/aws/wag/client/GenericApiGatewayClientBuilder.java
deleted file mode 100644
index 990f369a46..0000000000
---
a/nifi-extension-bundles/nifi-aws-bundle/nifi-aws-abstract-processors/src/main/java/org/apache/nifi/processors/aws/wag/client/GenericApiGatewayClientBuilder.java
+++ /dev/null
@@ -1,76 +0,0 @@
-package org.apache.nifi.processors.aws.wag.client;
-
-import com.amazonaws.ClientConfiguration;
-import com.amazonaws.auth.AWSCredentialsProvider;
-import com.amazonaws.http.AmazonHttpClient;
-import com.amazonaws.regions.Region;
-
-public class GenericApiGatewayClientBuilder {
- private String endpoint;
- private Region region;
- private AWSCredentialsProvider credentials;
- private ClientConfiguration clientConfiguration;
- private String apiKey;
- private AmazonHttpClient httpClient;
-
- public GenericApiGatewayClientBuilder withEndpoint(String endpoint) {
- this.endpoint = endpoint;
- return this;
- }
-
- public GenericApiGatewayClientBuilder withRegion(Region region) {
- this.region = region;
- return this;
- }
-
- public GenericApiGatewayClientBuilder
withClientConfiguration(ClientConfiguration clientConfiguration) {
- this.clientConfiguration = clientConfiguration;
- return this;
- }
-
- public GenericApiGatewayClientBuilder
withCredentials(AWSCredentialsProvider credentials) {
- this.credentials = credentials;
- return this;
- }
-
- public GenericApiGatewayClientBuilder withApiKey(String apiKey) {
- this.apiKey = apiKey;
- return this;
- }
-
- public GenericApiGatewayClientBuilder withHttpClient(AmazonHttpClient
client) {
- this.httpClient = client;
- return this;
- }
-
- public AWSCredentialsProvider getCredentials() {
- return credentials;
- }
-
- public String getApiKey() {
- return apiKey;
- }
-
- public AmazonHttpClient getHttpClient() {
- return httpClient;
- }
-
- public String getEndpoint() {
- return endpoint;
- }
-
- public Region getRegion() {
- return region;
- }
-
- public ClientConfiguration getClientConfiguration() {
- return clientConfiguration;
- }
-
- public GenericApiGatewayClient build() {
- Validate.notEmpty(endpoint, "Endpoint");
- Validate.notNull(region, "Region");
- return new GenericApiGatewayClient(clientConfiguration, endpoint,
region, credentials, apiKey, httpClient);
- }
-
-}
diff --git
a/nifi-extension-bundles/nifi-aws-bundle/nifi-aws-abstract-processors/src/main/java/org/apache/nifi/processors/aws/wag/client/GenericApiGatewayException.java
b/nifi-extension-bundles/nifi-aws-bundle/nifi-aws-abstract-processors/src/main/java/org/apache/nifi/processors/aws/wag/client/GenericApiGatewayException.java
deleted file mode 100644
index 606143d26c..0000000000
---
a/nifi-extension-bundles/nifi-aws-bundle/nifi-aws-abstract-processors/src/main/java/org/apache/nifi/processors/aws/wag/client/GenericApiGatewayException.java
+++ /dev/null
@@ -1,13 +0,0 @@
-package org.apache.nifi.processors.aws.wag.client;
-
-import com.amazonaws.AmazonServiceException;
-
-public class GenericApiGatewayException extends AmazonServiceException {
- public GenericApiGatewayException(String errorMessage) {
- super(errorMessage);
- }
-
- public GenericApiGatewayException(String errorMessage, Exception cause) {
- super(errorMessage, cause);
- }
-}
\ No newline at end of file
diff --git
a/nifi-extension-bundles/nifi-aws-bundle/nifi-aws-abstract-processors/src/main/java/org/apache/nifi/processors/aws/wag/client/GenericApiGatewayRequest.java
b/nifi-extension-bundles/nifi-aws-bundle/nifi-aws-abstract-processors/src/main/java/org/apache/nifi/processors/aws/wag/client/GenericApiGatewayRequest.java
deleted file mode 100644
index f0649cdca9..0000000000
---
a/nifi-extension-bundles/nifi-aws-bundle/nifi-aws-abstract-processors/src/main/java/org/apache/nifi/processors/aws/wag/client/GenericApiGatewayRequest.java
+++ /dev/null
@@ -1,45 +0,0 @@
-package org.apache.nifi.processors.aws.wag.client;
-
-import com.amazonaws.http.HttpMethodName;
-import java.io.InputStream;
-import java.util.List;
-import java.util.Map;
-
-public class GenericApiGatewayRequest {
-
- private final HttpMethodName httpMethod;
- private final String resourcePath;
- private final InputStream body;
- private final Map<String, String> headers;
- private final Map<String, List<String>> parameters;
-
- public GenericApiGatewayRequest(HttpMethodName httpMethod, String
resourcePath,
- InputStream body, Map<String, String>
headers,
- Map<String, List<String>> parameters) {
- this.httpMethod = httpMethod;
- this.resourcePath = resourcePath;
- this.body = body;
- this.headers = headers;
- this.parameters = parameters;
- }
-
- public HttpMethodName getHttpMethod() {
- return httpMethod;
- }
-
- public String getResourcePath() {
- return resourcePath;
- }
-
- public InputStream getBody() {
- return body;
- }
-
- public Map<String, String> getHeaders() {
- return headers;
- }
-
- public Map<String, List<String>> getParameters() {
- return parameters;
- }
-}
diff --git
a/nifi-extension-bundles/nifi-aws-bundle/nifi-aws-abstract-processors/src/main/java/org/apache/nifi/processors/aws/wag/client/GenericApiGatewayRequestBuilder.java
b/nifi-extension-bundles/nifi-aws-bundle/nifi-aws-abstract-processors/src/main/java/org/apache/nifi/processors/aws/wag/client/GenericApiGatewayRequestBuilder.java
deleted file mode 100644
index 14d13ccfc8..0000000000
---
a/nifi-extension-bundles/nifi-aws-bundle/nifi-aws-abstract-processors/src/main/java/org/apache/nifi/processors/aws/wag/client/GenericApiGatewayRequestBuilder.java
+++ /dev/null
@@ -1,49 +0,0 @@
-package org.apache.nifi.processors.aws.wag.client;
-
-import com.amazonaws.http.HttpMethodName;
-import java.io.InputStream;
-import java.util.List;
-import java.util.Map;
-
-public class GenericApiGatewayRequestBuilder {
- private HttpMethodName httpMethod;
- private String resourcePath;
- private InputStream body;
- private Map<String, String> headers;
- private Map<String, List<String>> parameters;
-
- public GenericApiGatewayRequestBuilder withHttpMethod(HttpMethodName name)
{
- httpMethod = name;
- return this;
- }
-
- public GenericApiGatewayRequestBuilder withResourcePath(String path) {
- resourcePath = path;
- return this;
- }
-
- public GenericApiGatewayRequestBuilder withBody(InputStream content) {
- this.body = content;
- return this;
- }
-
- public GenericApiGatewayRequestBuilder withHeaders(Map<String, String>
headers) {
- this.headers = headers;
- return this;
- }
-
- public GenericApiGatewayRequestBuilder withParameters(Map<String,
List<String>> parameters) {
- this.parameters = parameters;
- return this;
- }
-
- public boolean hasBody() {
- return this.body != null;
- }
-
- public GenericApiGatewayRequest build() {
- Validate.notNull(httpMethod, "HTTP method");
- Validate.notEmpty(resourcePath, "Resource path");
- return new GenericApiGatewayRequest(httpMethod, resourcePath, body,
headers, parameters);
- }
-}
\ No newline at end of file
diff --git
a/nifi-extension-bundles/nifi-aws-bundle/nifi-aws-abstract-processors/src/main/java/org/apache/nifi/processors/aws/wag/client/GenericApiGatewayResponse.java
b/nifi-extension-bundles/nifi-aws-bundle/nifi-aws-abstract-processors/src/main/java/org/apache/nifi/processors/aws/wag/client/GenericApiGatewayResponse.java
deleted file mode 100644
index 2e220b15f3..0000000000
---
a/nifi-extension-bundles/nifi-aws-bundle/nifi-aws-abstract-processors/src/main/java/org/apache/nifi/processors/aws/wag/client/GenericApiGatewayResponse.java
+++ /dev/null
@@ -1,27 +0,0 @@
-package org.apache.nifi.processors.aws.wag.client;
-
-import com.amazonaws.http.HttpResponse;
-import com.amazonaws.util.IOUtils;
-import java.io.IOException;
-
-public class GenericApiGatewayResponse {
- private final HttpResponse httpResponse;
- private final String body;
-
- public GenericApiGatewayResponse(HttpResponse httpResponse) throws
IOException {
- this.httpResponse = httpResponse;
- if (httpResponse.getContent() != null) {
- this.body = IOUtils.toString(httpResponse.getContent());
- } else {
- this.body = null;
- }
- }
-
- public HttpResponse getHttpResponse() {
- return httpResponse;
- }
-
- public String getBody() {
- return body;
- }
-}
\ No newline at end of file
diff --git
a/nifi-extension-bundles/nifi-aws-bundle/nifi-aws-abstract-processors/src/main/java/org/apache/nifi/processors/aws/wag/client/Validate.java
b/nifi-extension-bundles/nifi-aws-bundle/nifi-aws-abstract-processors/src/main/java/org/apache/nifi/processors/aws/wag/client/Validate.java
deleted file mode 100644
index a85197b945..0000000000
---
a/nifi-extension-bundles/nifi-aws-bundle/nifi-aws-abstract-processors/src/main/java/org/apache/nifi/processors/aws/wag/client/Validate.java
+++ /dev/null
@@ -1,17 +0,0 @@
-package org.apache.nifi.processors.aws.wag.client;
-
-import com.amazonaws.util.StringUtils;
-
-public class Validate {
- public static void notEmpty(String in, String fieldName) {
- if (StringUtils.isNullOrEmpty(in)) {
- throw new IllegalArgumentException(String.format("%s cannot be
empty", fieldName));
- }
- }
-
- public static void notNull(Object in, String fieldName) {
- if (in == null) {
- throw new IllegalArgumentException(String.format("%s cannot be
null", fieldName));
- }
- }
-}
diff --git
a/nifi-extension-bundles/nifi-aws-bundle/nifi-aws-parameter-providers/pom.xml
b/nifi-extension-bundles/nifi-aws-bundle/nifi-aws-parameter-providers/pom.xml
index 3c9c68bb94..3aaed788e2 100644
---
a/nifi-extension-bundles/nifi-aws-bundle/nifi-aws-parameter-providers/pom.xml
+++
b/nifi-extension-bundles/nifi-aws-bundle/nifi-aws-parameter-providers/pom.xml
@@ -44,16 +44,16 @@
<artifactId>jackson-core</artifactId>
</dependency>
<dependency>
- <groupId>com.amazonaws</groupId>
- <artifactId>aws-java-sdk-secretsmanager</artifactId>
+ <groupId>software.amazon.awssdk</groupId>
+ <artifactId>secretsmanager</artifactId>
</dependency>
<dependency>
- <groupId>com.amazonaws</groupId>
- <artifactId>aws-java-sdk-core</artifactId>
+ <groupId>software.amazon.awssdk</groupId>
+ <artifactId>sdk-core</artifactId>
</dependency>
<dependency>
- <groupId>org.apache.httpcomponents</groupId>
- <artifactId>httpclient</artifactId>
+ <groupId>software.amazon.awssdk</groupId>
+ <artifactId>apache-client</artifactId>
</dependency>
</dependencies>
</project>
diff --git
a/nifi-extension-bundles/nifi-aws-bundle/nifi-aws-parameter-providers/src/main/java/org/apache/nifi/parameter/aws/AwsSecretsManagerParameterProvider.java
b/nifi-extension-bundles/nifi-aws-bundle/nifi-aws-parameter-providers/src/main/java/org/apache/nifi/parameter/aws/AwsSecretsManagerParameterProvider.java
index 59b90f59e4..a3232cb09a 100644
---
a/nifi-extension-bundles/nifi-aws-bundle/nifi-aws-parameter-providers/src/main/java/org/apache/nifi/parameter/aws/AwsSecretsManagerParameterProvider.java
+++
b/nifi-extension-bundles/nifi-aws-bundle/nifi-aws-parameter-providers/src/main/java/org/apache/nifi/parameter/aws/AwsSecretsManagerParameterProvider.java
@@ -16,25 +16,10 @@
*/
package org.apache.nifi.parameter.aws;
-import com.amazonaws.ClientConfiguration;
-import com.amazonaws.Protocol;
-import com.amazonaws.auth.AWSCredentialsProvider;
-import com.amazonaws.http.conn.ssl.SdkTLSSocketFactory;
-import com.amazonaws.regions.Regions;
-import com.amazonaws.services.secretsmanager.AWSSecretsManager;
-import com.amazonaws.services.secretsmanager.AWSSecretsManagerClientBuilder;
-import com.amazonaws.services.secretsmanager.model.AWSSecretsManagerException;
-import com.amazonaws.services.secretsmanager.model.GetSecretValueRequest;
-import com.amazonaws.services.secretsmanager.model.GetSecretValueResult;
-import com.amazonaws.services.secretsmanager.model.ListSecretsRequest;
-import com.amazonaws.services.secretsmanager.model.ListSecretsResult;
-import com.amazonaws.services.secretsmanager.model.ResourceNotFoundException;
-import com.amazonaws.services.secretsmanager.model.SecretListEntry;
import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.node.ObjectNode;
-import org.apache.http.conn.ssl.DefaultHostnameVerifier;
import org.apache.nifi.annotation.documentation.CapabilityDescription;
import org.apache.nifi.annotation.documentation.Tags;
import org.apache.nifi.components.AllowableValue;
@@ -50,16 +35,38 @@ import
org.apache.nifi.parameter.VerifiableParameterProvider;
import org.apache.nifi.processor.util.StandardValidators;
import
org.apache.nifi.processors.aws.credentials.provider.service.AWSCredentialsProviderService;
import org.apache.nifi.ssl.SSLContextProvider;
-
-import javax.net.ssl.SSLContext;
+import software.amazon.awssdk.auth.credentials.AwsCredentialsProvider;
+import software.amazon.awssdk.core.client.config.ClientOverrideConfiguration;
+import software.amazon.awssdk.core.client.config.SdkAdvancedClientOption;
+import software.amazon.awssdk.http.SdkHttpClient;
+import software.amazon.awssdk.http.TlsKeyManagersProvider;
+import software.amazon.awssdk.http.TlsTrustManagersProvider;
+import software.amazon.awssdk.http.apache.ApacheHttpClient;
+import software.amazon.awssdk.regions.Region;
+import software.amazon.awssdk.retries.DefaultRetryStrategy;
+import software.amazon.awssdk.services.secretsmanager.SecretsManagerClient;
+import
software.amazon.awssdk.services.secretsmanager.model.GetSecretValueRequest;
+import
software.amazon.awssdk.services.secretsmanager.model.GetSecretValueResponse;
+import software.amazon.awssdk.services.secretsmanager.model.ListSecretsRequest;
+import
software.amazon.awssdk.services.secretsmanager.model.ListSecretsResponse;
+import
software.amazon.awssdk.services.secretsmanager.model.ResourceNotFoundException;
+import software.amazon.awssdk.services.secretsmanager.model.SecretListEntry;
+import
software.amazon.awssdk.services.secretsmanager.model.SecretsManagerException;
+
+import javax.net.ssl.KeyManager;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.X509ExtendedKeyManager;
+import javax.net.ssl.X509TrustManager;
+import java.time.Duration;
import java.util.ArrayList;
import java.util.Arrays;
+import java.util.Comparator;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
+import java.util.Optional;
import java.util.Set;
-import java.util.concurrent.TimeUnit;
import java.util.regex.Pattern;
/**
@@ -67,7 +74,7 @@ import java.util.regex.Pattern;
* <code>aws secretsmanager create-secret --name "[Context]" --secret-string
'{ "[Param]": "[secretValue]", "[Param2]": "[secretValue2]" }'</code> <br/><br/>
*/
@Tags({"aws", "secretsmanager", "secrets", "manager"})
-@CapabilityDescription("Fetches parameters from AWS SecretsManager. Each
secret becomes a Parameter group, which can map to a Parameter Context, with " +
+@CapabilityDescription("Fetches parameters from AWS SecretsManager. Each
secret becomes a Parameter group, which can map to a Parameter Context, with " +
"key/value pairs in the secret mapping to Parameters in the group.")
public class AwsSecretsManagerParameterProvider extends
AbstractParameterProvider implements VerifiableParameterProvider {
enum ListingStrategy implements DescribedValue {
@@ -144,7 +151,7 @@ public class AwsSecretsManagerParameterProvider extends
AbstractParameterProvide
.displayName("Region")
.required(true)
.allowableValues(getAvailableRegions())
-
.defaultValue(createAllowableValue(Regions.DEFAULT_REGION).getValue())
+ .defaultValue(createAllowableValue(Region.US_WEST_2).getValue())
.build();
public static final PropertyDescriptor TIMEOUT = new
PropertyDescriptor.Builder()
@@ -164,7 +171,7 @@ public class AwsSecretsManagerParameterProvider extends
AbstractParameterProvide
.build();
private static final String DEFAULT_USER_AGENT = "NiFi";
- private static final Protocol DEFAULT_PROTOCOL = Protocol.HTTPS;
+
private static final List<PropertyDescriptor> PROPERTY_DESCRIPTORS =
List.of(
SECRET_LISTING_STRATEGY,
SECRET_NAME_PATTERN,
@@ -184,7 +191,7 @@ public class AwsSecretsManagerParameterProvider extends
AbstractParameterProvide
@Override
public List<ParameterGroup> fetchParameters(final ConfigurationContext
context) {
- AWSSecretsManager secretsManager = this.configureClient(context);
+ SecretsManagerClient secretsManager = this.configureClient(context);
final List<ParameterGroup> groups = new ArrayList<>();
@@ -196,24 +203,24 @@ public class AwsSecretsManagerParameterProvider extends
AbstractParameterProvide
fetchSecretNames.addAll(Arrays.asList(secretNames.split(",")));
} else {
final Pattern secretNamePattern =
Pattern.compile(context.getProperty(SECRET_NAME_PATTERN).getValue());
- final ListSecretsRequest listSecretsRequest = new
ListSecretsRequest();
- ListSecretsResult listSecretsResult =
secretsManager.listSecrets(listSecretsRequest);
- while (!listSecretsResult.getSecretList().isEmpty()) {
- for (final SecretListEntry entry :
listSecretsResult.getSecretList()) {
- final String secretName = entry.getName();
+ ListSecretsRequest listSecretsRequest =
ListSecretsRequest.builder().build();
+ ListSecretsResponse listSecretsResponse =
secretsManager.listSecrets(listSecretsRequest);
+ while (!listSecretsResponse.secretList().isEmpty()) {
+ for (final SecretListEntry entry :
listSecretsResponse.secretList()) {
+ final String secretName = entry.name();
if (!secretNamePattern.matcher(secretName).matches()) {
getLogger().debug("Secret [{}] does not match the
secret name pattern {}", secretName, secretNamePattern);
continue;
}
fetchSecretNames.add(secretName);
}
- final String nextToken = listSecretsResult.getNextToken();
+ final String nextToken = listSecretsResponse.nextToken();
if (nextToken == null) {
break;
}
- listSecretsRequest.setNextToken(nextToken);
- listSecretsResult =
secretsManager.listSecrets(listSecretsRequest);
+ listSecretsRequest =
ListSecretsRequest.builder().nextToken(nextToken).build();
+ listSecretsResponse =
secretsManager.listSecrets(listSecretsRequest);
}
}
@@ -251,22 +258,24 @@ public class AwsSecretsManagerParameterProvider extends
AbstractParameterProvide
return results;
}
- private List<ParameterGroup> fetchSecret(final AWSSecretsManager
secretsManager, final String secretName) {
+ private List<ParameterGroup> fetchSecret(final SecretsManagerClient
secretsManager, final String secretName) {
final List<ParameterGroup> groups = new ArrayList<>();
final List<Parameter> parameters = new ArrayList<>();
- final GetSecretValueRequest getSecretValueRequest = new
GetSecretValueRequest().withSecretId(secretName);
+ final GetSecretValueRequest getSecretValueRequest =
GetSecretValueRequest.builder()
+ .secretId(secretName)
+ .build();
try {
- final GetSecretValueResult getSecretValueResult =
secretsManager.getSecretValue(getSecretValueRequest);
+ final GetSecretValueResponse getSecretValueResponse =
secretsManager.getSecretValue(getSecretValueRequest);
- if (getSecretValueResult.getSecretString() == null) {
+ if (getSecretValueResponse.secretString() == null) {
getLogger().debug("Secret [{}] is not configured", secretName);
return groups;
}
- final ObjectNode secretObject =
parseSecret(getSecretValueResult.getSecretString());
+ final ObjectNode secretObject =
parseSecret(getSecretValueResponse.secretString());
if (secretObject == null) {
getLogger().debug("Secret [{}] is not in the expected JSON
key/value format", secretName);
return groups;
@@ -289,7 +298,7 @@ public class AwsSecretsManagerParameterProvider extends
AbstractParameterProvide
return groups;
} catch (final ResourceNotFoundException e) {
throw new IllegalStateException(String.format("Secret %s not
found", secretName), e);
- } catch (final AWSSecretsManagerException e) {
+ } catch (final SecretsManagerException e) {
throw new IllegalStateException("Error retrieving secret " +
secretName, e);
}
}
@@ -302,23 +311,41 @@ public class AwsSecretsManagerParameterProvider extends
AbstractParameterProvide
.build();
}
- protected ClientConfiguration createConfiguration(final
ConfigurationContext context) {
- final ClientConfiguration config = new ClientConfiguration();
- config.setMaxErrorRetry(0);
- config.setUserAgentPrefix(DEFAULT_USER_AGENT);
- config.setProtocol(DEFAULT_PROTOCOL);
- final int commsTimeout =
context.getProperty(TIMEOUT).asTimePeriod(TimeUnit.MILLISECONDS).intValue();
- config.setConnectionTimeout(commsTimeout);
- config.setSocketTimeout(commsTimeout);
+ private ClientOverrideConfiguration createConfiguration() {
+ return ClientOverrideConfiguration.builder()
+ .retryStrategy(DefaultRetryStrategy.doNotRetry())
+ .putAdvancedOption(SdkAdvancedClientOption.USER_AGENT_PREFIX,
DEFAULT_USER_AGENT)
+ .build();
+ }
+
+ private SdkHttpClient createHttpClient(final ConfigurationContext context)
{
+ final ApacheHttpClient.Builder builder = ApacheHttpClient.builder();
+
+ final Duration commsTimeout =
context.getProperty(TIMEOUT).asDuration();
+ builder.connectionTimeout(commsTimeout);
+ builder.socketTimeout(commsTimeout);
final SSLContextProvider sslContextProvider =
context.getProperty(SSL_CONTEXT_SERVICE).asControllerService(SSLContextProvider.class);
if (sslContextProvider != null) {
- final SSLContext sslContext = sslContextProvider.createContext();
- SdkTLSSocketFactory sdkTLSSocketFactory = new
SdkTLSSocketFactory(sslContext, new DefaultHostnameVerifier());
-
config.getApacheHttpClientConfig().setSslSocketFactory(sdkTLSSocketFactory);
+ final X509TrustManager trustManager =
sslContextProvider.createTrustManager();
+ final TrustManager[] trustManagers = new
TrustManager[]{trustManager};
+ final TlsTrustManagersProvider trustManagersProvider = () ->
trustManagers;
+
+ final TlsKeyManagersProvider keyManagersProvider;
+ final Optional<X509ExtendedKeyManager> keyManagerFound =
sslContextProvider.createKeyManager();
+ if (keyManagerFound.isPresent()) {
+ final X509ExtendedKeyManager keyManager =
keyManagerFound.get();
+ final KeyManager[] keyManagers = new KeyManager[]{keyManager};
+ keyManagersProvider = () -> keyManagers;
+ } else {
+ keyManagersProvider = null;
+ }
+
+ builder.tlsTrustManagersProvider(trustManagersProvider);
+ builder.tlsKeyManagersProvider(keyManagersProvider);
}
- return config;
+ return builder.build();
}
private ObjectNode parseSecret(final String secretString) {
@@ -334,11 +361,12 @@ public class AwsSecretsManagerParameterProvider extends
AbstractParameterProvide
}
}
- AWSSecretsManager configureClient(final ConfigurationContext context) {
- return AWSSecretsManagerClientBuilder.standard()
- .withRegion(context.getProperty(REGION).getValue())
- .withClientConfiguration(createConfiguration(context))
- .withCredentials(getCredentialsProvider(context))
+ SecretsManagerClient configureClient(final ConfigurationContext context) {
+ return SecretsManagerClient.builder()
+ .region(Region.of(context.getProperty(REGION).getValue()))
+ .overrideConfiguration(createConfiguration())
+ .httpClient(createHttpClient(context))
+ .credentialsProvider(getCredentialsProvider(context))
.build();
}
@@ -348,24 +376,26 @@ public class AwsSecretsManagerParameterProvider extends
AbstractParameterProvide
* @return AWSCredentialsProvider the credential provider
* @see <a
href="http://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/auth/AWSCredentialsProvider.html";>AWSCredentialsProvider</a>
*/
- protected AWSCredentialsProvider getCredentialsProvider(final
ConfigurationContext context) {
+ protected AwsCredentialsProvider getCredentialsProvider(final
ConfigurationContext context) {
final AWSCredentialsProviderService awsCredentialsProviderService =
context.getProperty(AWS_CREDENTIALS_PROVIDER_SERVICE).asControllerService(AWSCredentialsProviderService.class);
- return awsCredentialsProviderService.getCredentialsProvider();
+ return awsCredentialsProviderService.getAwsCredentialsProvider();
}
- private static AllowableValue createAllowableValue(final Regions region) {
- return new AllowableValue(region.getName(), region.getDescription(),
"AWS Region Code : " + region.getName());
+ private static AllowableValue createAllowableValue(final Region region) {
+ final String description = region.metadata() != null ?
region.metadata().description() : region.id();
+ return new AllowableValue(region.id(), description, "AWS Region Code :
" + region.id());
}
private static AllowableValue[] getAvailableRegions() {
final List<AllowableValue> values = new ArrayList<>();
- for (final Regions region : Regions.values()) {
+ for (final Region region : Region.regions()) {
values.add(createAllowableValue(region));
}
+ values.sort(Comparator.comparing(AllowableValue::getDisplayName));
return values.toArray(new AllowableValue[0]);
}
}
\ No newline at end of file
diff --git
a/nifi-extension-bundles/nifi-aws-bundle/nifi-aws-parameter-providers/src/test/java/org/apache/nifi/parameter/aws/TestAwsSecretsManagerParameterProvider.java
b/nifi-extension-bundles/nifi-aws-bundle/nifi-aws-parameter-providers/src/test/java/org/apache/nifi/parameter/aws/TestAwsSecretsManagerParameterProvider.java
index d4ee739ce4..a71549dff1 100644
---
a/nifi-extension-bundles/nifi-aws-bundle/nifi-aws-parameter-providers/src/test/java/org/apache/nifi/parameter/aws/TestAwsSecretsManagerParameterProvider.java
+++
b/nifi-extension-bundles/nifi-aws-bundle/nifi-aws-parameter-providers/src/test/java/org/apache/nifi/parameter/aws/TestAwsSecretsManagerParameterProvider.java
@@ -16,14 +16,6 @@
*/
package org.apache.nifi.parameter.aws;
-import com.amazonaws.services.secretsmanager.AWSSecretsManager;
-import com.amazonaws.services.secretsmanager.model.AWSSecretsManagerException;
-import com.amazonaws.services.secretsmanager.model.GetSecretValueRequest;
-import com.amazonaws.services.secretsmanager.model.GetSecretValueResult;
-import com.amazonaws.services.secretsmanager.model.ListSecretsRequest;
-import com.amazonaws.services.secretsmanager.model.ListSecretsResult;
-import com.amazonaws.services.secretsmanager.model.ResourceNotFoundException;
-import com.amazonaws.services.secretsmanager.model.SecretListEntry;
import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.ObjectMapper;
import org.apache.nifi.components.ConfigVerificationResult;
@@ -40,6 +32,14 @@ import org.junit.jupiter.api.extension.ExtendWith;
import org.mockito.ArgumentMatcher;
import org.mockito.Mock;
import org.mockito.junit.jupiter.MockitoExtension;
+import software.amazon.awssdk.services.secretsmanager.SecretsManagerClient;
+import
software.amazon.awssdk.services.secretsmanager.model.GetSecretValueRequest;
+import
software.amazon.awssdk.services.secretsmanager.model.GetSecretValueResponse;
+import software.amazon.awssdk.services.secretsmanager.model.ListSecretsRequest;
+import
software.amazon.awssdk.services.secretsmanager.model.ListSecretsResponse;
+import
software.amazon.awssdk.services.secretsmanager.model.ResourceNotFoundException;
+import software.amazon.awssdk.services.secretsmanager.model.SecretListEntry;
+import
software.amazon.awssdk.services.secretsmanager.model.SecretsManagerException;
import java.util.ArrayList;
import java.util.Arrays;
@@ -63,10 +63,10 @@ import static org.mockito.Mockito.when;
public class TestAwsSecretsManagerParameterProvider {
@Mock
- private AWSSecretsManager defaultSecretsManager;
+ private SecretsManagerClient defaultSecretsManager;
@Mock
- private ListSecretsResult emptyListSecretsResult;
+ private ListSecretsResponse emptyListSecretsResponse;
final ObjectMapper objectMapper = new ObjectMapper();
@@ -110,23 +110,23 @@ public class TestAwsSecretsManagerParameterProvider {
@Test
public void testFetchNonExistentSecret() throws InitializationException {
-
when(defaultSecretsManager.getSecretValue(argThat(matchesGetSecretValueRequest("MySecretDoesNotExist")))).thenThrow(new
ResourceNotFoundException("Fake exception"));
+
when(defaultSecretsManager.getSecretValue(argThat(matchesGetSecretValueRequest("MySecretDoesNotExist")))).thenThrow(ResourceNotFoundException.builder().message("Fake
exception").build());
runProviderTest(defaultSecretsManager, 0,
ConfigVerificationResult.Outcome.FAILED, "ENUMERATION", "BadSecret");
}
@Test
public void testFetchParametersListFailure() throws
InitializationException {
- when(defaultSecretsManager.listSecrets(any())).thenThrow(new
AWSSecretsManagerException("Fake exception"));
+
when(defaultSecretsManager.listSecrets(any(ListSecretsRequest.class))).thenThrow(SecretsManagerException.builder().message("Fake
exception").build());
runProviderTest(defaultSecretsManager, 0,
ConfigVerificationResult.Outcome.FAILED, "PATTERN", null);
}
@Test
public void testFetchParametersGetSecretFailure() throws
InitializationException {
- final List<SecretListEntry> secretList = Collections.singletonList(new
SecretListEntry().withName("MySecret"));
- final ListSecretsResult listSecretsResult =
mock(ListSecretsResult.class);
- when(listSecretsResult.getSecretList()).thenReturn(secretList);
-
when(defaultSecretsManager.listSecrets(argThat(ListSecretsRequestMatcher.hasToken(null)))).thenReturn(listSecretsResult);
-
when(defaultSecretsManager.getSecretValue(argThat(matchesGetSecretValueRequest("MySecret")))).thenThrow(new
AWSSecretsManagerException("Fake exception"));
+ final List<SecretListEntry> secretList =
Collections.singletonList(SecretListEntry.builder().name("MySecret").build());
+ final ListSecretsResponse listSecretsResponse =
mock(ListSecretsResponse.class);
+ when(listSecretsResponse.secretList()).thenReturn(secretList);
+
when(defaultSecretsManager.listSecrets(argThat(ListSecretsRequestMatcher.hasToken(null)))).thenReturn(listSecretsResponse);
+
when(defaultSecretsManager.getSecretValue(argThat(matchesGetSecretValueRequest("MySecret")))).thenThrow(SecretsManagerException.builder().message("Fake
exception").build());
runProviderTest(defaultSecretsManager, 0,
ConfigVerificationResult.Outcome.FAILED, "PATTERN", null);
}
@@ -134,8 +134,8 @@ public class TestAwsSecretsManagerParameterProvider {
return spy(new AwsSecretsManagerParameterProvider());
}
- private AWSSecretsManager mockSecretsManagerNoList(final
List<ParameterGroup> mockParameterGroups, final String secretNames) {
- final AWSSecretsManager secretsManager = mock(AWSSecretsManager.class);
+ private SecretsManagerClient mockSecretsManagerNoList(final
List<ParameterGroup> mockParameterGroups, final String secretNames) {
+ final SecretsManagerClient secretsManager =
mock(SecretsManagerClient.class);
mockParameterGroups.forEach(group -> {
final String groupName = group.getGroupName();
@@ -147,9 +147,9 @@ public class TestAwsSecretsManagerParameterProvider {
final String secretString;
try {
secretString =
objectMapper.writeValueAsString(keyValues);
- final GetSecretValueResult result = new
GetSecretValueResult().withName(groupName).withSecretString(secretString);
+ final GetSecretValueResponse response =
GetSecretValueResponse.builder().name(groupName).secretString(secretString).build();
when(secretsManager.getSecretValue(argThat(matchesGetSecretValueRequest(groupName))))
- .thenReturn(result);
+ .thenReturn(response);
} catch (final JsonProcessingException e) {
throw new IllegalStateException(e);
}
@@ -158,22 +158,22 @@ public class TestAwsSecretsManagerParameterProvider {
});
return secretsManager;
}
- private AWSSecretsManager mockSecretsManager(final List<ParameterGroup>
mockParameterGroups) {
- final AWSSecretsManager secretsManager = mock(AWSSecretsManager.class);
-
when(emptyListSecretsResult.getSecretList()).thenReturn(Collections.emptyList());
+ private SecretsManagerClient mockSecretsManager(final List<ParameterGroup>
mockParameterGroups) {
+ final SecretsManagerClient secretsManager =
mock(SecretsManagerClient.class);
+
when(emptyListSecretsResponse.secretList()).thenReturn(Collections.emptyList());
String currentToken = null;
for (int i = 0; i < mockParameterGroups.size(); i++) {
final ParameterGroup group = mockParameterGroups.get(i);
- final List<SecretListEntry> secretList =
Collections.singletonList(new SecretListEntry().withName(group.getGroupName()));
- final ListSecretsResult listSecretsResult =
mock(ListSecretsResult.class);
- when(listSecretsResult.getSecretList()).thenReturn(secretList);
-
when(secretsManager.listSecrets(argThat(ListSecretsRequestMatcher.hasToken(currentToken)))).thenReturn(listSecretsResult);
+ final List<SecretListEntry> secretList =
Collections.singletonList(SecretListEntry.builder().name(group.getGroupName()).build());
+ final ListSecretsResponse listSecretsResponse =
mock(ListSecretsResponse.class);
+ when(listSecretsResponse.secretList()).thenReturn(secretList);
+
when(secretsManager.listSecrets(argThat(ListSecretsRequestMatcher.hasToken(currentToken)))).thenReturn(listSecretsResponse);
currentToken = "token-" + i;
- when(listSecretsResult.getNextToken()).thenReturn(currentToken);
+ when(listSecretsResponse.nextToken()).thenReturn(currentToken);
}
-
when(secretsManager.listSecrets(argThat(ListSecretsRequestMatcher.hasToken(currentToken)))).thenReturn(emptyListSecretsResult);
+
when(secretsManager.listSecrets(argThat(ListSecretsRequestMatcher.hasToken(currentToken)))).thenReturn(emptyListSecretsResponse);
mockParameterGroups.forEach(group -> {
final String groupName = group.getGroupName();
@@ -183,9 +183,9 @@ public class TestAwsSecretsManagerParameterProvider {
final String secretString;
try {
secretString = objectMapper.writeValueAsString(keyValues);
- final GetSecretValueResult result = new
GetSecretValueResult().withName(groupName).withSecretString(secretString);
+ final GetSecretValueResponse response =
GetSecretValueResponse.builder().name(groupName).secretString(secretString).build();
when(secretsManager.getSecretValue(argThat(matchesGetSecretValueRequest(groupName))))
- .thenReturn(result);
+ .thenReturn(response);
} catch (final JsonProcessingException e) {
throw new IllegalStateException(e);
}
@@ -193,7 +193,7 @@ public class TestAwsSecretsManagerParameterProvider {
return secretsManager;
}
- private List<ParameterGroup> runProviderTest(final AWSSecretsManager
secretsManager,
+ private List<ParameterGroup> runProviderTest(final SecretsManagerClient
secretsManager,
final int expectedCount,
final
ConfigVerificationResult.Outcome expectedOutcome,
final String listingStrategy,
@@ -255,7 +255,7 @@ public class TestAwsSecretsManagerParameterProvider {
@Override
public boolean matches(final GetSecretValueRequest argument) {
- return argument != null && argument.getSecretId().equals(secretId);
+ return argument != null && argument.secretId().equals(secretId);
}
}
@@ -273,7 +273,7 @@ public class TestAwsSecretsManagerParameterProvider {
@Override
public boolean matches(final ListSecretsRequest argument) {
- return argument != null && Objects.equals(argument.getNextToken(),
token);
+ return argument != null && Objects.equals(argument.nextToken(),
token);
}
}
}
diff --git
a/nifi-extension-bundles/nifi-aws-bundle/nifi-aws-parameter-value-providers/pom.xml
b/nifi-extension-bundles/nifi-aws-bundle/nifi-aws-parameter-value-providers/pom.xml
index 5a7b0deec7..dcf8ca7e0d 100644
---
a/nifi-extension-bundles/nifi-aws-bundle/nifi-aws-parameter-value-providers/pom.xml
+++
b/nifi-extension-bundles/nifi-aws-bundle/nifi-aws-parameter-value-providers/pom.xml
@@ -45,12 +45,12 @@
<artifactId>jackson-core</artifactId>
</dependency>
<dependency>
- <groupId>com.amazonaws</groupId>
- <artifactId>aws-java-sdk-secretsmanager</artifactId>
+ <groupId>software.amazon.awssdk</groupId>
+ <artifactId>secretsmanager</artifactId>
</dependency>
<dependency>
- <groupId>com.amazonaws</groupId>
- <artifactId>aws-java-sdk-core</artifactId>
+ <groupId>software.amazon.awssdk</groupId>
+ <artifactId>sdk-core</artifactId>
</dependency>
<dependency>
<groupId>org.apache.nifi</groupId>
diff --git
a/nifi-extension-bundles/nifi-aws-bundle/nifi-aws-parameter-value-providers/src/main/java/org/apache/nifi/stateless/parameter/AwsSecretsManagerParameterValueProvider.java
b/nifi-extension-bundles/nifi-aws-bundle/nifi-aws-parameter-value-providers/src/main/java/org/apache/nifi/stateless/parameter/AwsSecretsManagerParameterValueProvider.java
index 8e80dd7ec1..6701418a5c 100644
---
a/nifi-extension-bundles/nifi-aws-bundle/nifi-aws-parameter-value-providers/src/main/java/org/apache/nifi/stateless/parameter/AwsSecretsManagerParameterValueProvider.java
+++
b/nifi-extension-bundles/nifi-aws-bundle/nifi-aws-parameter-value-providers/src/main/java/org/apache/nifi/stateless/parameter/AwsSecretsManagerParameterValueProvider.java
@@ -16,15 +16,6 @@
*/
package org.apache.nifi.stateless.parameter;
-import com.amazonaws.auth.AWSStaticCredentialsProvider;
-import com.amazonaws.auth.BasicAWSCredentials;
-import com.amazonaws.auth.DefaultAWSCredentialsProviderChain;
-import com.amazonaws.services.secretsmanager.AWSSecretsManager;
-import com.amazonaws.services.secretsmanager.AWSSecretsManagerClientBuilder;
-import com.amazonaws.services.secretsmanager.model.AWSSecretsManagerException;
-import com.amazonaws.services.secretsmanager.model.GetSecretValueRequest;
-import com.amazonaws.services.secretsmanager.model.GetSecretValueResult;
-import com.amazonaws.services.secretsmanager.model.ResourceNotFoundException;
import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
@@ -32,6 +23,15 @@ import org.apache.nifi.components.PropertyDescriptor;
import org.apache.nifi.processor.util.StandardValidators;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import software.amazon.awssdk.auth.credentials.AwsBasicCredentials;
+import software.amazon.awssdk.auth.credentials.DefaultCredentialsProvider;
+import software.amazon.awssdk.auth.credentials.StaticCredentialsProvider;
+import software.amazon.awssdk.regions.Region;
+import software.amazon.awssdk.services.secretsmanager.SecretsManagerClient;
+import
software.amazon.awssdk.services.secretsmanager.model.GetSecretValueRequest;
+import
software.amazon.awssdk.services.secretsmanager.model.GetSecretValueResponse;
+import
software.amazon.awssdk.services.secretsmanager.model.ResourceNotFoundException;
+import
software.amazon.awssdk.services.secretsmanager.model.SecretsManagerException;
import java.io.FileInputStream;
import java.io.IOException;
@@ -70,7 +70,7 @@ public class AwsSecretsManagerParameterValueProvider extends
AbstractSecretBased
private final ObjectMapper objectMapper = new ObjectMapper();
- private AWSSecretsManager secretsManager;
+ private SecretsManagerClient secretsManager;
@Override
protected List<PropertyDescriptor>
getAdditionalSupportedPropertyDescriptors() {
@@ -89,21 +89,22 @@ public class AwsSecretsManagerParameterValueProvider
extends AbstractSecretBased
@Override
protected String getSecretValue(final String secretName, final String
keyName) {
- final GetSecretValueRequest getSecretValueRequest = new
GetSecretValueRequest()
- .withSecretId(secretName);
+ final GetSecretValueRequest getSecretValueRequest =
GetSecretValueRequest.builder()
+ .secretId(secretName)
+ .build();
try {
- final GetSecretValueResult getSecretValueResult =
secretsManager.getSecretValue(getSecretValueRequest);
+ final GetSecretValueResponse getSecretValueResponse =
secretsManager.getSecretValue(getSecretValueRequest);
- if (getSecretValueResult.getSecretString() == null) {
+ if (getSecretValueResponse.secretString() == null) {
logger.debug("Secret [{}] not configured", secretName);
return null;
}
- return parseParameterValue(getSecretValueResult.getSecretString(),
keyName);
+ return parseParameterValue(getSecretValueResponse.secretString(),
keyName);
} catch (final ResourceNotFoundException e) {
logger.debug("Secret [{}] not found", secretName);
return null;
- } catch (final AWSSecretsManagerException e) {
+ } catch (final SecretsManagerException e) {
logger.debug("Error retrieving secret [{}]", secretName);
return null;
}
@@ -133,7 +134,7 @@ public class AwsSecretsManagerParameterValueProvider
extends AbstractSecretBased
}
}
- AWSSecretsManager configureClient(final String awsCredentialsFilename)
throws IOException {
+ SecretsManagerClient configureClient(final String awsCredentialsFilename)
throws IOException {
if (awsCredentialsFilename == null) {
return getDefaultClient();
}
@@ -143,18 +144,18 @@ public class AwsSecretsManagerParameterValueProvider
extends AbstractSecretBased
final String region = properties.getProperty(REGION_KEY_PROPS_NAME);
if (isNotBlank(accessKey) && isNotBlank(secretKey) &&
isNotBlank(region)) {
- return AWSSecretsManagerClientBuilder.standard()
- .withRegion(region)
- .withCredentials(new AWSStaticCredentialsProvider(new
BasicAWSCredentials(accessKey, secretKey)))
+ return SecretsManagerClient.builder()
+ .region(Region.of(region))
+
.credentialsProvider(StaticCredentialsProvider.create(AwsBasicCredentials.create(accessKey,
secretKey)))
.build();
} else {
return getDefaultClient();
}
}
- private AWSSecretsManager getDefaultClient() {
- return AWSSecretsManagerClientBuilder.standard()
-
.withCredentials(DefaultAWSCredentialsProviderChain.getInstance())
+ private SecretsManagerClient getDefaultClient() {
+ return SecretsManagerClient.builder()
+
.credentialsProvider(DefaultCredentialsProvider.builder().build())
.build();
}
diff --git
a/nifi-extension-bundles/nifi-aws-bundle/nifi-aws-parameter-value-providers/src/test/java/org/apache/nifi/stateless/parameter/TestSecretsManagerParameterValueProvider.java
b/nifi-extension-bundles/nifi-aws-bundle/nifi-aws-parameter-value-providers/src/test/java/org/apache/nifi/stateless/parameter/TestSecretsManagerParameterValueProvider.java
index 51521b45d5..25489bc563 100644
---
a/nifi-extension-bundles/nifi-aws-bundle/nifi-aws-parameter-value-providers/src/test/java/org/apache/nifi/stateless/parameter/TestSecretsManagerParameterValueProvider.java
+++
b/nifi-extension-bundles/nifi-aws-bundle/nifi-aws-parameter-value-providers/src/test/java/org/apache/nifi/stateless/parameter/TestSecretsManagerParameterValueProvider.java
@@ -16,10 +16,6 @@
*/
package org.apache.nifi.stateless.parameter;
-import com.amazonaws.services.secretsmanager.AWSSecretsManager;
-import com.amazonaws.services.secretsmanager.model.GetSecretValueRequest;
-import com.amazonaws.services.secretsmanager.model.GetSecretValueResult;
-import com.amazonaws.services.secretsmanager.model.ResourceNotFoundException;
import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.node.ObjectNode;
@@ -33,6 +29,10 @@ import org.mockito.ArgumentMatcher;
import org.mockito.Mock;
import org.mockito.Spy;
import org.mockito.junit.jupiter.MockitoExtension;
+import software.amazon.awssdk.services.secretsmanager.SecretsManagerClient;
+import
software.amazon.awssdk.services.secretsmanager.model.GetSecretValueRequest;
+import
software.amazon.awssdk.services.secretsmanager.model.GetSecretValueResponse;
+import
software.amazon.awssdk.services.secretsmanager.model.ResourceNotFoundException;
import java.io.IOException;
import java.util.Collections;
@@ -63,7 +63,7 @@ public class TestSecretsManagerParameterValueProvider {
private AwsSecretsManagerParameterValueProvider provider;
@Mock
- private AWSSecretsManager secretsManager;
+ private SecretsManagerClient secretsManager;
@BeforeEach
public void init() throws IOException {
@@ -144,13 +144,14 @@ public class TestSecretsManagerParameterValueProvider {
private void mockGetSecretValue(final String context, final String
parameterName, final String secretValue, final boolean hasSecretString, final
boolean resourceNotFound)
throws JsonProcessingException {
if (resourceNotFound) {
-
when(secretsManager.getSecretValue(argThat(matchesGetSecretValueRequest(context)))).thenThrow(new
ResourceNotFoundException("Not found"));
+
when(secretsManager.getSecretValue(argThat(matchesGetSecretValueRequest(context)))).thenThrow(ResourceNotFoundException.builder().message("Not
found").build());
} else {
- GetSecretValueResult result = new GetSecretValueResult();
+ GetSecretValueResponse.Builder builder =
GetSecretValueResponse.builder();
if (hasSecretString) {
- result =
result.withSecretString(getSecretString(parameterName, secretValue));
+ builder.secretString(getSecretString(parameterName,
secretValue));
}
-
when(secretsManager.getSecretValue(argThat(matchesGetSecretValueRequest(context)))).thenReturn(result);
+ GetSecretValueResponse response = builder.build();
+
when(secretsManager.getSecretValue(argThat(matchesGetSecretValueRequest(context)))).thenReturn(response);
}
}
@@ -217,7 +218,7 @@ public class TestSecretsManagerParameterValueProvider {
@Override
public boolean matches(final GetSecretValueRequest argument) {
- return argument != null && argument.getSecretId().equals(secretId);
+ return argument != null && argument.secretId().equals(secretId);
}
}
}
diff --git
a/nifi-extension-bundles/nifi-aws-bundle/nifi-aws-processors/src/main/java/org/apache/nifi/processors/aws/cloudwatch/PutCloudWatchMetric.java
b/nifi-extension-bundles/nifi-aws-bundle/nifi-aws-processors/src/main/java/org/apache/nifi/processors/aws/cloudwatch/PutCloudWatchMetric.java
index b30ca9c44d..99cd2002b6 100644
---
a/nifi-extension-bundles/nifi-aws-bundle/nifi-aws-processors/src/main/java/org/apache/nifi/processors/aws/cloudwatch/PutCloudWatchMetric.java
+++
b/nifi-extension-bundles/nifi-aws-bundle/nifi-aws-processors/src/main/java/org/apache/nifi/processors/aws/cloudwatch/PutCloudWatchMetric.java
@@ -16,7 +16,6 @@
*/
package org.apache.nifi.processors.aws.cloudwatch;
-import com.amazonaws.AmazonClientException;
import org.apache.commons.lang3.StringUtils;
import org.apache.nifi.annotation.behavior.DynamicProperty;
import org.apache.nifi.annotation.behavior.InputRequirement;
@@ -341,7 +340,7 @@ public class PutCloudWatchMetric extends
AbstractAwsSyncProcessor<CloudWatchClie
}
- protected PutMetricDataResponse putMetricData(final ProcessContext
context, final PutMetricDataRequest metricDataRequest) throws
AmazonClientException {
+ protected PutMetricDataResponse putMetricData(final ProcessContext
context, final PutMetricDataRequest metricDataRequest) {
final CloudWatchClient client = getClient(context);
final PutMetricDataResponse result =
client.putMetricData(metricDataRequest);
return result;
diff --git
a/nifi-extension-bundles/nifi-aws-bundle/nifi-aws-processors/src/main/java/org/apache/nifi/processors/aws/lambda/PutLambda.java
b/nifi-extension-bundles/nifi-aws-bundle/nifi-aws-processors/src/main/java/org/apache/nifi/processors/aws/lambda/PutLambda.java
index 01245dde40..3cf2f09d56 100644
---
a/nifi-extension-bundles/nifi-aws-bundle/nifi-aws-processors/src/main/java/org/apache/nifi/processors/aws/lambda/PutLambda.java
+++
b/nifi-extension-bundles/nifi-aws-bundle/nifi-aws-processors/src/main/java/org/apache/nifi/processors/aws/lambda/PutLambda.java
@@ -16,7 +16,6 @@
*/
package org.apache.nifi.processors.aws.lambda;
-import com.amazonaws.util.Base64;
import org.apache.commons.lang3.StringUtils;
import org.apache.nifi.annotation.behavior.InputRequirement;
import org.apache.nifi.annotation.behavior.InputRequirement.Requirement;
@@ -47,6 +46,7 @@ import
software.amazon.awssdk.services.lambda.model.TooManyRequestsException;
import
software.amazon.awssdk.services.lambda.model.UnsupportedMediaTypeException;
import java.nio.charset.Charset;
+import java.util.Base64;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
@@ -150,7 +150,7 @@ public class PutLambda extends
AbstractAwsSyncProcessor<LambdaClient, LambdaClie
final String logResult = response.logResult();
if (StringUtils.isNotBlank(logResult)) {
- flowFile = session.putAttribute(flowFile,
AWS_LAMBDA_RESULT_LOG, new String(Base64.decode(logResult), DEFAULT_CHARSET));
+ flowFile = session.putAttribute(flowFile,
AWS_LAMBDA_RESULT_LOG, new String(Base64.getDecoder().decode(logResult),
DEFAULT_CHARSET));
}
if (response.payload() != null) {
diff --git
a/nifi-extension-bundles/nifi-aws-bundle/nifi-aws-processors/src/main/java/org/apache/nifi/processors/aws/ml/AwsResponseMetadataDeserializer.java
b/nifi-extension-bundles/nifi-aws-bundle/nifi-aws-processors/src/main/java/org/apache/nifi/processors/aws/ml/AwsResponseMetadataDeserializer.java
deleted file mode 100644
index ec3ad96282..0000000000
---
a/nifi-extension-bundles/nifi-aws-bundle/nifi-aws-processors/src/main/java/org/apache/nifi/processors/aws/ml/AwsResponseMetadataDeserializer.java
+++ /dev/null
@@ -1,36 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.nifi.processors.aws.ml;
-
-import com.amazonaws.ResponseMetadata;
-import com.fasterxml.jackson.databind.DeserializationContext;
-import com.fasterxml.jackson.databind.JsonNode;
-import com.fasterxml.jackson.databind.deser.std.StdNodeBasedDeserializer;
-import java.io.IOException;
-import java.util.Map;
-
-public class AwsResponseMetadataDeserializer extends
StdNodeBasedDeserializer<ResponseMetadata> {
- protected AwsResponseMetadataDeserializer() {
- super(ResponseMetadata.class);
- }
-
- @Override
- public ResponseMetadata convert(JsonNode root, DeserializationContext
ctxt) throws IOException {
- return new ResponseMetadata((Map<String, String>) null);
- }
-}
diff --git
a/nifi-extension-bundles/nifi-aws-bundle/nifi-aws-processors/src/main/java/org/apache/nifi/processors/aws/ml/SdkHttpMetadataDeserializer.java
b/nifi-extension-bundles/nifi-aws-bundle/nifi-aws-processors/src/main/java/org/apache/nifi/processors/aws/ml/SdkHttpMetadataDeserializer.java
deleted file mode 100644
index a8d027d8d3..0000000000
---
a/nifi-extension-bundles/nifi-aws-bundle/nifi-aws-processors/src/main/java/org/apache/nifi/processors/aws/ml/SdkHttpMetadataDeserializer.java
+++ /dev/null
@@ -1,36 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.nifi.processors.aws.ml;
-
-import com.amazonaws.http.SdkHttpMetadata;
-import com.fasterxml.jackson.databind.DeserializationContext;
-import com.fasterxml.jackson.databind.JsonNode;
-import com.fasterxml.jackson.databind.deser.std.StdNodeBasedDeserializer;
-import java.io.IOException;
-
-public class SdkHttpMetadataDeserializer extends
StdNodeBasedDeserializer<SdkHttpMetadata> {
-
- protected SdkHttpMetadataDeserializer() {
- super(SdkHttpMetadata.class);
- }
-
- @Override
- public SdkHttpMetadata convert(JsonNode root, DeserializationContext ctxt)
throws IOException {
- return null;
- }
-}
diff --git
a/nifi-extension-bundles/nifi-aws-bundle/nifi-aws-processors/src/test/java/org/apache/nifi/processors/aws/cloudwatch/MockPutCloudWatchMetric.java
b/nifi-extension-bundles/nifi-aws-bundle/nifi-aws-processors/src/test/java/org/apache/nifi/processors/aws/cloudwatch/MockPutCloudWatchMetric.java
index b5aae1f10c..a19153cde5 100644
---
a/nifi-extension-bundles/nifi-aws-bundle/nifi-aws-processors/src/test/java/org/apache/nifi/processors/aws/cloudwatch/MockPutCloudWatchMetric.java
+++
b/nifi-extension-bundles/nifi-aws-bundle/nifi-aws-processors/src/test/java/org/apache/nifi/processors/aws/cloudwatch/MockPutCloudWatchMetric.java
@@ -16,7 +16,6 @@
*/
package org.apache.nifi.processors.aws.cloudwatch;
-import com.amazonaws.AmazonClientException;
import org.apache.nifi.processor.ProcessContext;
import software.amazon.awssdk.services.cloudwatch.model.MetricDatum;
import software.amazon.awssdk.services.cloudwatch.model.PutMetricDataRequest;
@@ -32,20 +31,15 @@ public class MockPutCloudWatchMetric extends
PutCloudWatchMetric {
protected String actualNamespace;
protected List<MetricDatum> actualMetricData;
- protected AmazonClientException throwException;
protected PutMetricDataResponse result =
PutMetricDataResponse.builder().build();
protected int putMetricDataCallCount = 0;
- protected PutMetricDataResponse putMetricData(final ProcessContext
context, final PutMetricDataRequest metricDataRequest) throws
AmazonClientException {
+ protected PutMetricDataResponse putMetricData(final ProcessContext
context, final PutMetricDataRequest metricDataRequest) {
putMetricDataCallCount++;
actualNamespace = metricDataRequest.namespace();
actualMetricData = metricDataRequest.metricData();
- if (throwException != null) {
- throw throwException;
- }
-
return result;
}
}
diff --git
a/nifi-extension-bundles/nifi-aws-bundle/nifi-aws-processors/src/test/java/org/apache/nifi/processors/aws/kinesis/stream/ITConsumeKinesisStream.java
b/nifi-extension-bundles/nifi-aws-bundle/nifi-aws-processors/src/test/java/org/apache/nifi/processors/aws/kinesis/stream/ITConsumeKinesisStream.java
index 8f390c3195..f483815bc0 100644
---
a/nifi-extension-bundles/nifi-aws-bundle/nifi-aws-processors/src/test/java/org/apache/nifi/processors/aws/kinesis/stream/ITConsumeKinesisStream.java
+++
b/nifi-extension-bundles/nifi-aws-bundle/nifi-aws-processors/src/test/java/org/apache/nifi/processors/aws/kinesis/stream/ITConsumeKinesisStream.java
@@ -16,7 +16,6 @@
*/
package org.apache.nifi.processors.aws.kinesis.stream;
-import com.amazonaws.regions.Regions;
import
org.apache.nifi.processors.aws.kinesis.stream.record.AbstractKinesisRecordProcessor;
import org.apache.nifi.util.MockFlowFile;
import org.apache.nifi.util.TestRunner;
@@ -44,7 +43,6 @@ public abstract class ITConsumeKinesisStream {
static final String KINESIS_STREAM_NAME = "test-stream";
static final String APPLICATION_NAME = "test-application";
- static final String REGION = System.getProperty("AWS_DEFAULT_REGION",
Regions.US_EAST_1.getName());
protected TestRunner runner;
diff --git
a/nifi-extension-bundles/nifi-aws-bundle/nifi-aws-processors/src/test/java/org/apache/nifi/processors/aws/kinesis/stream/TestConsumeKinesisStream.java
b/nifi-extension-bundles/nifi-aws-bundle/nifi-aws-processors/src/test/java/org/apache/nifi/processors/aws/kinesis/stream/TestConsumeKinesisStream.java
index 4d004fbc69..12fa87da2a 100644
---
a/nifi-extension-bundles/nifi-aws-bundle/nifi-aws-processors/src/test/java/org/apache/nifi/processors/aws/kinesis/stream/TestConsumeKinesisStream.java
+++
b/nifi-extension-bundles/nifi-aws-bundle/nifi-aws-processors/src/test/java/org/apache/nifi/processors/aws/kinesis/stream/TestConsumeKinesisStream.java
@@ -16,7 +16,6 @@
*/
package org.apache.nifi.processors.aws.kinesis.stream;
-import com.amazonaws.regions.Regions;
import org.apache.nifi.controller.ControllerService;
import org.apache.nifi.json.JsonRecordSetWriter;
import org.apache.nifi.json.JsonTreeReader;
@@ -267,7 +266,7 @@ public class TestConsumeKinesisStream {
mockConsumeKinesisStreamRunner.setProperty(ConsumeKinesisStream.GRACEFUL_SHUTDOWN_TIMEOUT,
"50 millis");
mockConsumeKinesisStreamRunner.setProperty(ConsumeKinesisStream.KINESIS_STREAM_NAME,
"test-stream");
mockConsumeKinesisStreamRunner.setProperty(ConsumeKinesisStream.APPLICATION_NAME,
"test-application");
-
mockConsumeKinesisStreamRunner.setProperty(ConsumeKinesisStream.REGION,
Regions.EU_WEST_2.getName());
+
mockConsumeKinesisStreamRunner.setProperty(ConsumeKinesisStream.REGION,
Region.EU_WEST_2.id());
mockConsumeKinesisStreamRunner.setProperty(ConsumeKinesisStream.TIMEOUT, "5
secs");
mockConsumeKinesisStreamRunner.setProperty(ConsumeKinesisStream.INITIAL_STREAM_POSITION,
"TRIM_HORIZON");
diff --git
a/nifi-extension-bundles/nifi-aws-bundle/nifi-aws-processors/src/test/java/org/apache/nifi/processors/aws/lambda/TestPutLambda.java
b/nifi-extension-bundles/nifi-aws-bundle/nifi-aws-processors/src/test/java/org/apache/nifi/processors/aws/lambda/TestPutLambda.java
index e864cfe65c..6e72ecde05 100644
---
a/nifi-extension-bundles/nifi-aws-bundle/nifi-aws-processors/src/test/java/org/apache/nifi/processors/aws/lambda/TestPutLambda.java
+++
b/nifi-extension-bundles/nifi-aws-bundle/nifi-aws-processors/src/test/java/org/apache/nifi/processors/aws/lambda/TestPutLambda.java
@@ -16,8 +16,6 @@
*/
package org.apache.nifi.processors.aws.lambda;
-import com.amazonaws.AmazonServiceException;
-import com.amazonaws.util.Base64;
import org.apache.nifi.processor.ProcessContext;
import org.apache.nifi.processors.aws.testutil.AuthUtils;
import org.apache.nifi.util.MockFlowFile;
@@ -36,6 +34,7 @@ import
software.amazon.awssdk.services.lambda.model.InvokeResponse;
import software.amazon.awssdk.services.lambda.model.TooManyRequestsException;
import java.nio.charset.Charset;
+import java.util.Base64;
import java.util.List;
import static org.junit.jupiter.api.Assertions.assertEquals;
@@ -81,7 +80,7 @@ public class TestPutLambda {
final InvokeResponse invokeResult = InvokeResponse.builder()
.statusCode(200)
- .logResult(Base64.encodeAsString("test-log-result".getBytes()))
+
.logResult(Base64.getEncoder().encodeToString("test-log-result".getBytes()))
.payload(SdkBytes.fromString("test-payload",
Charset.defaultCharset()))
.build();
when(mockLambdaClient.invoke(any(InvokeRequest.class))).thenReturn(invokeResult);
@@ -139,7 +138,7 @@ public class TestPutLambda {
public void testPutLambdaAmazonException() {
runner.setProperty(PutLambda.AWS_LAMBDA_FUNCTION_NAME,
"test-function");
runner.enqueue("TestContent");
- when(mockLambdaClient.invoke(any(InvokeRequest.class))).thenThrow(new
AmazonServiceException("TestFail"));
+ when(mockLambdaClient.invoke(any(InvokeRequest.class))).thenThrow(new
RuntimeException("TestFail"));
runner.assertValid();
runner.run(1);
