java - 使用 AWS Secrets Manager 管理 RDS 访问

Question

我目前正在使用 Eclipse 和 AWS Toolkit for Eclipse。我的项目已经运行并且正在执行其工作，即连接到 RDS 实例并将 JSON 对象返回给 API 网关调用。

我刚接到一个新需求，我们要使用服务 SecretsManager 来自动轮换 RDS 配置，例如用户、密码等。

问题是当我尝试导入诸如 GetSecretValueResponse 之类的类时，我得到了一个The import com.amazonaws.services.secretsmanager cannot be resolved。当我浏览文档和 SDK 时，存在 GetSecretValueRequest 但没有 GetSecretValueResponse，所以我无法理解我应该做什么，也没有找到任何与我可以研究的例子相似的东西。

下面的代码是我正在尝试实现的，由 Amazon 自己提供(在 Secrets Manager 页面中有一个按钮，您可以单击它来查看它如何与 Java 一起使用，在这种情况下)，它被呈现还没有任何修改，因为正如我所说，我不知道如何导入几个类:

// Use this code snippet in your app.
public static void getSecret() {
String secretName = "secretName";
String endpoint = "secretEndpoint";
String region = "region";

AwsClientBuilder.EndpointConfiguration config = new AwsClientBuilder.EndpointConfiguration(endpoint, region);
AWSSecretsManagerClientBuilder clientBuilder = AWSSecretsManagerClientBuilder.standard();
clientBuilder.setEndpointConfiguration(config);
AWSSecretsManager client = clientBuilder.build();

String secret;
ByteBuffer binarySecretData;
GetSecretValueRequest getSecretValueRequest = GetSecretValueRequest.builder()
        .withSecretId(secretName)
        .build();
GetSecretValueResponse getSecretValueResponse = null;
try {
    getSecretValueResponse = client.getSecretValue(getSecretValueRequest);

} catch(ResourceNotFoundException e) {
    System.out.println("The requested secret " + secretName + " was not found");
} catch (InvalidRequestException e) {
    System.out.println("The request was invalid due to: " + e.getMessage());
} catch (InvalidParameterException e) {
    System.out.println("The request had invalid params: " + e.getMessage());
}

if(getSecretValueResponse == null) {
    return;
}

// Decrypted secret using the associated KMS CMK
// Depending on whether the secret was a string or binary, one of these fields will be populated
if(getSecretValueResponse.getSecretString() != null) {
    secret = getSecretValueResponse.getSecretString();
}
else {
    binarySecretData = getSecretValueResponse.getSecretBinary();
}

// Your code goes here. 
}

Answer 1

我遇到了同样的问题，AWS 页面上的代码无法开箱即用。您要查找的类是 GetSecretValueResult 这是最新的 java 文档

https://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/services/secretsmanager/model/GetSecretValueResult.html

这是一个可以工作的部分:

public void printRdsSecret() throws IOException {
    String secretName = "mySecretName";

    System.out.println("Requesting secret...");
    AWSSecretsManager client = AWSSecretsManagerClientBuilder.standard().build();

    GetSecretValueRequest getSecretValueRequest = new GetSecretValueRequest().withSecretId(secretName);

    GetSecretValueResult getSecretValueResult = client.getSecretValue(getSecretValueRequest);

    System.out.println("secret retrieved ");
    final String secretBinaryString = getSecretValueResult.getSecretString();
    final ObjectMapper objectMapper = new ObjectMapper();

    final HashMap<String, String> secretMap = objectMapper.readValue(secretBinaryString, HashMap.class);

    String url = String.format("jdbc:postgresql://%s:%s/dbName", secretMap.get("host"), secretMap.get("port"));
    System.out.println("Secret url = "+url);
    System.out.println("Secret username = "+secretMap.get("username"));
    System.out.println("Secret password = "+secretMap.get("password"));
 }

这是使用版本 1.11.337 的 aws-java-sdk-secretsmanager 测试的