Package com.amazonaws.secretsmanager.sql

Class AWSSecretsManagerDriver

  • All Implemented Interfaces:
    Driver
    Direct Known Subclasses:
    AWSSecretsManagerDb2Driver, AWSSecretsManagerMariaDBDriver, AWSSecretsManagerMSSQLServerDriver, AWSSecretsManagerMySQLDriver, AWSSecretsManagerOracleDriver, AWSSecretsManagerPostgreSQLDriver, AWSSecretsManagerRedshiftDriver
    public abstract class AWSSecretsManagerDriver
extends Object
implements Driver

    Provides support for accessing SQL databases using credentials stored within AWS Secrets Manager. If this functionality is desired, then a subclass of this class should be specified as the JDBC driver for an application.

    The driver to propagate connect requests to should also be specified in the configuration. Doing this will cause the real driver to be registered once an instance of this driver is made (which will be when this driver is registered).

    This base class registers itself with the java.sql.DriverManager when its constructor is called. That means a subclass only needs to make a new instance of itself in its static block to register.

    This does not support including the user (secret ID) and password in the jdbc url, as JDBC url formats are database specific. If this functionality is desired, it must be implemented in a subclass.

    Ignores the password field, drawing a secret ID from the user field. The secret referred to by this field is expected to be in the standard JSON format used by the rotation lambdas provided by Secrets Manager: 

     
 {
     "username": "xxxx",
     "password": "xxxx",
     ...
 }

    Here is a list of the configuration properties. The subprefix is an implementation specific String used to keep the properties for different drivers separate. For example, the MySQL driver wrapper might use mysql as its subprefix, making the full property name for the realDriverClass for the MySQL driver wrapper drivers.mysql.realDriverClass (all Driver properties will be prefixed with "drivers."). This String is defined by the method getPropertySubprefix.

    • drivers.subprefix.realDriverClass - (optional) The class name of the driver to propagate calls to. If not specified, default for subprefix is used

    • Field Detail

      • SCHEME

        public static final String SCHEME
        "jdbc-secretsmanager", so the JDBC URL should start with "jdbc-secretsmanager" instead of just "jdbc".
        See Also:
        Constant Field Values

      • MAX_RETRY

        public static final int MAX_RETRY
        Maximum number of times to retry connecting to DB on auth failures
        See Also:
        Constant Field Values

      • PROPERTY_PREFIX

        public static final String PROPERTY_PREFIX
        "drivers", so all configuration properties start with "drivers.".
        See Also:
        Constant Field Values

      • INVALID_SECRET_STRING_JSON

        public static final String INVALID_SECRET_STRING_JSON
        Message to return on the RuntimeException when secret string is invalid json
        See Also:
        Constant Field Values

    • Constructor Detail

      • AWSSecretsManagerDriver

        protected AWSSecretsManagerDriver()
        Constructs the driver setting the properties from the properties file using system properties as defaults. Instantiates the secret cache with default options.

      • AWSSecretsManagerDriver

        protected AWSSecretsManagerDriver​(com.amazonaws.secretsmanager.caching.SecretCache cache)
        Constructs the driver setting the properties from the properties file using system properties as defaults. Sets the secret cache to the cache that was passed in.
        Parameters:
        cache - Secret cache to use to retrieve secrets

      • AWSSecretsManagerDriver

        protected AWSSecretsManagerDriver​(software.amazon.awssdk.services.secretsmanager.SecretsManagerClientBuilder builder)
        Constructs the driver setting the properties from the properties file using system properties as defaults. Instantiates the secret cache with the passed in client builder.
        Parameters:
        builder - Builder used to instantiate cache

      • AWSSecretsManagerDriver

        protected AWSSecretsManagerDriver​(software.amazon.awssdk.services.secretsmanager.SecretsManagerClient client)
        Constructs the driver setting the properties from the properties file using system properties as defaults. Instantiates the secret cache with the provided AWS Secrets Manager client.
        Parameters:
        client - AWS Secrets Manager client to instantiate cache

      • AWSSecretsManagerDriver

        protected AWSSecretsManagerDriver​(com.amazonaws.secretsmanager.caching.SecretCacheConfiguration cacheConfig)
        Constructs the driver setting the properties from the properties file using system properties as defaults. Instantiates the secret cache with the provided cache configuration.
        Parameters:
        cacheConfig - Cache configuration to instantiate cache

    • Method Detail

      • register

        protected static void register​(AWSSecretsManagerDriver driver)
        Registers a driver along with the DriverAction implementation.
        Parameters:
        driver - The driver to register.
        Throws:
        RuntimeException - If the driver could not be registered.

      • getPropertySubprefix

        public abstract String getPropertySubprefix()
        Gets the "subprefix" used for configuration properties for this driver. For example, if this method returns the String, "mysql", then the real driver that this will forward requests to would be set to drivers.mysql.realDriverClass in the properties file or in the system properties.
        Returns:
        String The subprefix to use for configuration properties.

      • getWrappedDriver

        public Driver getWrappedDriver()
        Returns an instance of the real java.sql.Driver that this should propagate calls to. The real driver is specified by the realDriverClass property.
        Returns:
        Driver The real Driver that calls should be propagated to.
        Throws:
        IllegalStateException - When there is no driver with the name realDriverClass

      • isExceptionDueToAuthenticationError

        public abstract boolean isExceptionDueToAuthenticationError​(Exception exception)
        Determines whether or not an Exception is due to an authentication failure with the remote database. This method is called during connect to decide if authentication needs to be attempted again with refreshed credentials. A good way to implement this is to look up the error codes that java.sqlSQLExceptions will have when an authentication failure occurs. These are database specific.
        Parameters:
        exception - The Exception to test.
        Returns:
        boolean Whether or not the Exception indicates that the credentials used for authentication are stale.

      • constructUrlFromEndpointPortDatabase

        public abstract String constructUrlFromEndpointPortDatabase​(String endpoint,
                                                            String port,
                                                            String dbname)
        Construct a database URL from the endpoint, port and database name. This method is called when the connect method is called with a secret ID instead of a URL.
        Parameters:
        endpoint - The endpoint retrieved from the secret cache
        port - The port retrieved from the secret cache
        dbname - The database name retrieved from the secret cache
        Returns:
        String The constructed URL based on the endpoint and port

      • getDefaultDriverClass

        public abstract String getDefaultDriverClass()
        Get the default real driver class name for this driver.
        Returns:
        String The default real driver class name

      • jdbcCompliant

        public boolean jdbcCompliant()
        Specified by:
        jdbcCompliant in interface Driver