chore: address review comments and add unit tests

Author: karenc-bq

common/lib/authentication/aws_secrets_manager_plugin.ts

@@ -37,7 +37,7 @@ export class AwsSecretsManagerPlugin extends AbstractConnectionPlugin implements
   private static readonly TELEMETRY_UPDATE_SECRETS = "fetch credentials";
   private static readonly TELEMETRY_FETCH_CREDENTIALS_COUNTER = "secretsManager.fetchCredentials.count";
   private static SUBSCRIBED_METHODS: Set<string> = new Set<string>(["connect", "forceConnect"]);
-  private static SECRETS_ARN_PATTERN: RegExp = new RegExp("^arn:aws:secretsmanager:(?<region>[^:\\n]*):[^:\\n]*:([^:/\\n]*[:/])?(.*)$");
+  private static SECRETS_ARN_PATTERN: RegExp = new RegExp("^arn:aws[^:]*:secretsmanager:(?<region>[^:\\n]*):[^:\\n]*:([^:/\\n]*[:/])?(.*)$");
   private readonly pluginService: PluginService;
   private readonly fetchCredentialsCounter;
   private readonly expirationSec: number;

common/lib/plugins/federated_auth/credentials_provider_factory.ts

@@ -17,5 +17,9 @@
 import { AwsCredentialIdentity, AwsCredentialIdentityProvider } from "@smithy/types/dist-types/identity/awsCredentialIdentity";
 
 export interface CredentialsProviderFactory {
-  getAwsCredentialsProvider(host: string, region: string, props: Map<string, any>): Promise<AwsCredentialIdentity | AwsCredentialIdentityProvider>;
+  getAwsCredentialsProvider(
+    host: string,
+    region: string | null,
+    props: Map<string, any>
+  ): Promise<AwsCredentialIdentity | AwsCredentialIdentityProvider>;
 }

common/lib/utils/gdb_region_utils.ts

@@ -19,9 +19,12 @@ import { HostInfo } from "../host_info";
 import { AwsCredentialsManager } from "../authentication/aws_credentials_manager";
 import { DescribeGlobalClustersCommand, GlobalCluster, GlobalClusterMember, RDSClient } from "@aws-sdk/client-rds";
 import { AwsCredentialIdentity, AwsCredentialIdentityProvider } from "@smithy/types/dist-types/identity/awsCredentialIdentity";
+import { logger } from "../../logutils";
+import { Messages } from "./messages";
+import { AwsWrapperError } from "./errors";
 
 export class GDBRegionUtils extends RegionUtils {
-  private static readonly GDB_CLUSTER_ARN_PATTERN = /^arn:aws:rds:(?<region>[^:\n]*):([^:\n]*):([^:/\n]*[:/])?(.*)$/;
+  private static readonly GDB_CLUSTER_ARN_PATTERN = /^arn:aws[^:]*:rds:(?<region>[^:\n]*):([^:\n]*):([^:/\n]*[:/])?(.*)$/;
   private static readonly REGION_GROUP = "region";
   private credentialsProvider: AwsCredentialIdentity | AwsCredentialIdentityProvider | undefined;
 
@@ -31,14 +34,14 @@ export class GDBRegionUtils extends RegionUtils {
   }
 
   async getRegion(regionKey: string, hostInfo?: HostInfo, props?: Map<string, any>): Promise<string | null> {
-    if (props.get(regionKey)) {
-      return super.getRegion(props.get(regionKey), hostInfo);
-    }
-
     if (!hostInfo || !props) {
       return null;
     }
 
+    if (props.get(regionKey)) {
+      return this.getRegionFromRegionString(props.get(regionKey));
+    }
+
     const clusterId = GDBRegionUtils.rdsUtils.getRdsClusterId(hostInfo.host);
     if (!clusterId) {
       return null;
@@ -49,7 +52,7 @@ export class GDBRegionUtils extends RegionUtils {
   }
 
   private async findWriterClusterArn(hostInfo: HostInfo, props: Map<string, any>, globalClusterIdentifier: string): Promise<string | null> {
-    if (this.credentialsProvider != null) {
+    if (!this.credentialsProvider) {
       this.credentialsProvider = AwsCredentialsManager.getProvider(hostInfo, props);
     }
 
@@ -62,6 +65,11 @@ export class GDBRegionUtils extends RegionUtils {
 
       const response = await rdsClient.send(command);
       return this.extractWriterClusterArn(response.GlobalClusters);
+    } catch (error) {
+      if (error instanceof Error) {
+        logger.debug(Messages.get("GDBRegionUtils.unableToRetrieveGlobalClusterARN"));
+        throw new AwsWrapperError(Messages.get("GDBRegionUtils.unableToRetrieveGlobalClusterARN"));
+      }
     } finally {
       rdsClient.destroy();
     }
@@ -82,6 +90,11 @@ export class GDBRegionUtils extends RegionUtils {
     return null;
   }
 
+  getRegionFromClusterArn(clusterArn: string): string | null {
+    const match = clusterArn.match(GDBRegionUtils.GDB_CLUSTER_ARN_PATTERN);
+    return match?.groups?.[GDBRegionUtils.REGION_GROUP] ?? null;
+  }
+
   private findWriterMemberArn(members?: GlobalClusterMember[]): string | null {
     if (!members) {
       return null;
@@ -91,11 +104,6 @@ export class GDBRegionUtils extends RegionUtils {
     return writerMember?.DBClusterArn ?? null;
   }
 
-  private getRegionFromClusterArn(clusterArn: string): string | null {
-    const match = clusterArn.match(GDBRegionUtils.GDB_CLUSTER_ARN_PATTERN);
-    return match?.groups?.[GDBRegionUtils.REGION_GROUP] ?? null;
-  }
-
   private getRdsClient(): RDSClient {
     return new RDSClient({ credentials: this.credentialsProvider });
   }

common/lib/utils/messages.ts

@@ -102,6 +102,7 @@ const MESSAGES: Record<string, string> = {
   "Failover.timeoutError": "Internal failover task has timed out.",
   "Failover.newWriterNotAllowed":
     "The failover process identified the new writer but the host is not in the list of allowed hosts. New writer host: '%s'. Allowed hosts: '%s'.",
+  "GDBRegionUtils.unableToRetrieveGlobalClusterARN": "Unable to retrieve the primary global region for the provided global database cluster.",
   "StaleDnsHelper.clusterEndpointDns": "Cluster endpoint resolves to '%s'.",
   "StaleDnsHelper.writerHostInfo": "Writer host: '%s'.",
   "StaleDnsHelper.writerInetAddress": "Writer host address: '%s'",

common/lib/utils/region_utils.ts

@@ -69,20 +69,20 @@ export class RegionUtils {
   protected static readonly rdsUtils = new RdsUtils();
 
   async getRegion(regionKey: string, hostInfo?: HostInfo, props?: Map<string, any>): Promise<string | null> {
-    const region = this.getRegionFromRegionString(props.get(regionKey));
+    const region = this.getRegionFromRegionString(props?.get(regionKey));
 
     if (region !== null) {
-      return Promise.resolve(region);
+      return region;
     }
 
     if (hostInfo) {
-      return Promise.resolve(this.getRegionFromHost(hostInfo.host));
+      return this.getRegionFromHost(hostInfo.host);
     }
 
-    return Promise.resolve(region);
+    return region;
   }
 
-  private getRegionFromRegionString(regionString: string): string | null {
+  getRegionFromRegionString(regionString: string): string | null {
     if (!regionString) {
       return null;
     }
@@ -95,7 +95,7 @@ export class RegionUtils {
     return region;
   }
 
-  private getRegionFromHost(host: string): string | null {
+  getRegionFromHost(host: string): string | null {
     const regionString = RegionUtils.rdsUtils.getRdsRegion(host);
     if (!regionString) {
       throw new AwsWrapperError(Messages.get("AwsSdk.unsupportedRegion", regionString));

tests/unit/aws_secrets_manager_plugin.test.ts

@@ -196,6 +196,20 @@ describe("testSecretsManager", () => {
     expect(secretKey.region).toBe(expectedRegionParsedFromARN);
   });
 
+  it.each([
+    ["arn:aws:secretsmanager:us-east-1:123456789012:secret:mysecret", "us-east-1"],
+    ["arn:aws-us-gov:secretsmanager:us-gov-west-1:123456789012:secret:mysecret", "us-gov-west-1"],
+    ["arn:aws-cn:secretsmanager:cn-north-1:123456789012:secret:mysecret", "cn-north-1"],
+    ["arn:aws-iso:secretsmanager:us-iso-east-1:123456789012:secret:mysecret", "us-iso-east-1"],
+    ["arn:aws-iso-b:secretsmanager:us-isob-east-1:123456789012:secret:mysecret", "us-isob-east-1"]
+  ])("connect using partition-agnostic arn: %s", async (arn, expectedRegion) => {
+    const props = new Map();
+    WrapperProperties.SECRET_ID.set(props, arn);
+    const testPlugin = new AwsSecretsManagerPlugin(instance(mockPluginService), props);
+    const secretKey = testPlugin.secretKey;
+    expect(secretKey.region).toBe(expectedRegion);
+  });
+
   it.each([
     [TEST_ARN_1, "us-east-2"],
     [TEST_ARN_2, "us-west-1"],

tests/unit/gdb_region_utils.test.ts

@@ -0,0 +1,47 @@
+/*
+  Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ 
+  Licensed under the Apache License, Version 2.0 (the "License").
+  You may not use this file except in compliance with the License.
+  You may obtain a copy of the License at
+ 
+  http://www.apache.org/licenses/LICENSE-2.0
+ 
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+*/
+
+import { GDBRegionUtils } from "../../common/lib/utils/gdb_region_utils";
+
+describe("GDBRegionUtils", () => {
+  let gdbRegionUtils: GDBRegionUtils;
+
+  beforeEach(() => {
+    gdbRegionUtils = new GDBRegionUtils();
+  });
+
+  describe("getRegionFromClusterArn", () => {
+    it.each([
+      ["arn:aws:rds:us-east-1:123456789012:cluster:my-cluster", "us-east-1"],
+      ["arn:aws:rds:us-west-2:123456789012:cluster:my-cluster", "us-west-2"],
+      ["arn:aws:rds:eu-west-1:123456789012:cluster:my-cluster", "eu-west-1"],
+      ["arn:aws-us-gov:rds:us-gov-west-1:123456789012:cluster:my-cluster", "us-gov-west-1"],
+      ["arn:aws-us-gov:rds:us-gov-east-1:123456789012:cluster:my-cluster", "us-gov-east-1"],
+      ["arn:aws-cn:rds:cn-north-1:123456789012:cluster:my-cluster", "cn-north-1"],
+      ["arn:aws-cn:rds:cn-northwest-1:123456789012:cluster:my-cluster", "cn-northwest-1"],
+      ["arn:aws-iso:rds:us-iso-east-1:123456789012:cluster:my-cluster", "us-iso-east-1"],
+      ["arn:aws-iso-b:rds:us-isob-east-1:123456789012:cluster:my-cluster", "us-isob-east-1"]
+    ])("should extract region from partition-agnostic ARN: %s", (arn, expectedRegion) => {
+      const region = gdbRegionUtils.getRegionFromClusterArn(arn);
+      expect(region).toBe(expectedRegion);
+    });
+
+    it.each(["invalid-arn", "arn:aws:s3:::my-bucket", "arn:aws:rds", ""])("should return null for invalid ARN: %s", (invalidArn) => {
+      const region = gdbRegionUtils.getRegionFromClusterArn(invalidArn);
+      expect(region).toBeNull();
+    });
+  });
+});

tests/unit/region_utils.test.ts

@@ -0,0 +1,65 @@
+/*
+  Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ 
+  Licensed under the Apache License, Version 2.0 (the "License").
+  You may not use this file except in compliance with the License.
+  You may obtain a copy of the License at
+ 
+  http://www.apache.org/licenses/LICENSE-2.0
+ 
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+*/
+
+import { RegionUtils } from "../../common/lib/utils/region_utils";
+
+describe("RegionUtils", () => {
+  let regionUtils: RegionUtils;
+
+  beforeEach(() => {
+    regionUtils = new RegionUtils();
+  });
+
+  describe("getRegion", () => {
+    it("should return null when props is invalid", async () => {
+      let result = await regionUtils.getRegion("region", undefined, undefined);
+      expect(result).toBeNull();
+
+      result = await regionUtils.getRegion("region", undefined, null);
+      expect(result).toBeNull();
+
+      const props = new Map<string, any>();
+      result = await regionUtils.getRegion("region", undefined, props);
+      expect(result).toBeNull();
+    });
+
+    it.each([
+      ["undefinedRegionKey", undefined],
+      ["nullRegionKey", null],
+      ["emptyRegionKey", ""]
+    ])("should return null when region key is invalid", async (regionKey: string, regionKeyVal: any) => {
+      const props = new Map<string, any>();
+      let result = await regionUtils.getRegion("region", undefined, props);
+      expect(result).toBeNull();
+
+      props.set(regionKey, regionKeyVal);
+      result = await regionUtils.getRegion(regionKey, undefined, props);
+      expect(result).toBeNull();
+    });
+  });
+
+  describe("getRegionFromRegionString", () => {
+    it.each([undefined, null, ""])("should return null for invalid regionString", (regionString: any) => {
+      const result = regionUtils.getRegionFromRegionString(regionString);
+      expect(result).toBeNull();
+    });
+
+    it("should return region for valid region string", () => {
+      const result = regionUtils.getRegionFromRegionString("us-east-1");
+      expect(result).toBe("us-east-1");
+    });
+  });
+});