Update renewed Jira refresh token back to the secrets store

data-prepper-api/src/main/java/org/opensearch/dataprepper/model/plugin/FailedToUpdateSecretException.java

@@ -0,0 +1,26 @@
+/*
+ * Copyright OpenSearch Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * The OpenSearch Contributors require contributions made to
+ * this file be licensed under the Apache-2.0 license or a
+ * compatible open source license.
+ *
+ */
+package org.opensearch.dataprepper.model.plugin;
+
+/**
+ * Exception thrown when a secret could not be updated.
+ *
+ * @since 2.11
+ */
+public class FailedToUpdateSecretException extends RuntimeException {
+
+    public FailedToUpdateSecretException(final String message) {
+        super(message);
+    }
+
+    public FailedToUpdateSecretException(final String message, Throwable e) {
+        super(message, e);
+    }
+}

data-prepper-api/src/main/java/org/opensearch/dataprepper/model/plugin/PluginConfigValueTranslator.java

@@ -1,9 +1,48 @@
+/*
+ * Copyright OpenSearch Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * The OpenSearch Contributors require contributions made to
+ * this file be licensed under the Apache-2.0 license or a
+ * compatible open source license.
+ *
+ */
 package org.opensearch.dataprepper.model.plugin;
 
+/**
+ * Interface for a Plugin configuration value translator.
+ * It translates a string expression that is describing a secret store Id and secret Key in to a secretValue
+ * extracted from corresponding secret store.
+ *
+ * @since 2.0
+ */
+
 public interface PluginConfigValueTranslator {
+    /**
+     * Translates a string expression that is describing a secret store Id and secret Key in to a secretValue
+     * extracted from corresponding secret store.
+     * Example expression:  ${{aws_secrets:secretId:secretKey}}
+     *
+     * @param value the string value to translate
+     * @return the translated object
+     */
     Object translate(final String value);
 
+    /**
+     * Returns the prefix for this translator.
+     *
+     * @return the prefix for this translator
+     */
     String getPrefix();
 
+    /**
+     * Translates a string expression that is describing a secret store Id and secret Key in to an instance
+     * of PluginConfigVariable with secretValue extracted from corresponding secret store. Additionally,
+     * this PluginConfigVariable helps with updating the secret value in the secret store, if required.
+     * Example expression:  ${{aws_secrets:secretId:secretKey}}
+     *
+     * @param value the string value to translate
+     * @return the translated object
+     */
     PluginConfigVariable translateToPluginConfigVariable(final String value);
 }

data-prepper-api/src/main/java/org/opensearch/dataprepper/model/plugin/PluginConfigVariable.java

@@ -13,17 +13,29 @@
  * Interface for a Extension Plugin configuration variable.
  * It gives access to the details of a defined extension variable.
  *
- * @since 1.2
+ * @since 2.11
  */
 public interface PluginConfigVariable {
 
     /**
      * Returns the value of this variable.
+     *
+     * @return the value of this variable
      */
     Object getValue();
 
     /**
      * If this variable is updatable, this method helps to set a new value for this variable
+     *
+     * @param updatedValue         the new value to set
+     * @param secretVersionIdToSet new version id to set for the secret in AWS. This helps with idempotency
      */
-    void setValue(Object someValue);
+    void setValue(Object updatedValue, String secretVersionIdToSet);
+
+    /**
+     * Returns if the variable is updatable.
+     *
+     * @return true if this variable is updatable, false otherwise
+     */
+    boolean isUpdatable();
 }

data-prepper-api/src/test/java/org/opensearch/dataprepper/model/plugin/FailedToUpdateSecretExceptionTest.java

@@ -0,0 +1,43 @@
+/*
+ * Copyright OpenSearch Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * The OpenSearch Contributors require contributions made to
+ * this file be licensed under the Apache-2.0 license or a
+ * compatible open source license.
+ *
+ */
+package org.opensearch.dataprepper.model.plugin;
+
+
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+
+import java.util.UUID;
+
+import static org.hamcrest.CoreMatchers.equalTo;
+import static org.hamcrest.MatcherAssert.assertThat;
+
+public class FailedToUpdateSecretExceptionTest extends RuntimeException {
+    private String message;
+
+    @BeforeEach
+    void setUp() {
+        message = UUID.randomUUID().toString();
+    }
+
+    @Test
+    void testGetMessage_should_return_correct_message() {
+        FailedToUpdateSecretException failedToUpdateSecretException = new FailedToUpdateSecretException(message);
+        assertThat(failedToUpdateSecretException.getMessage(), equalTo(message));
+    }
+
+    @Test
+    void testGetMessage_should_return_correct_message_with_throwable() {
+        RuntimeException cause = new RuntimeException("testException");
+        FailedToUpdateSecretException failedToUpdateSecretException = new FailedToUpdateSecretException(message, cause);
+        assertThat(failedToUpdateSecretException.getMessage(), equalTo(message));
+        assertThat(failedToUpdateSecretException.getCause(), equalTo(cause));
+    }
+
+}

data-prepper-plugin-framework/src/test/java/org/opensearch/dataprepper/plugin/VariableExpanderTest.java

@@ -19,6 +19,7 @@
 import org.mockito.Mock;
 import org.mockito.junit.jupiter.MockitoExtension;
 import org.opensearch.dataprepper.model.plugin.PluginConfigValueTranslator;
+import org.opensearch.dataprepper.model.plugin.PluginConfigVariable;
 
 import java.io.IOException;
 import java.math.BigDecimal;
@@ -30,6 +31,8 @@
 
 import static org.hamcrest.CoreMatchers.equalTo;
 import static org.hamcrest.MatcherAssert.assertThat;
+import static org.junit.jupiter.api.Assertions.assertNotNull;
+import static org.junit.jupiter.api.Assertions.assertThrows;
 import static org.mockito.ArgumentMatchers.eq;
 import static org.mockito.Mockito.when;
 
@@ -43,6 +46,32 @@ class VariableExpanderTest {
 
     private VariableExpander objectUnderTest;
 
+    private static Stream<Arguments> getNonStringTypeArguments() {
+        return Stream.of(Arguments.of(Boolean.class, "true", true),
+                Arguments.of(Short.class, "2", (short) 2),
+                Arguments.of(Integer.class, "10", 10),
+                Arguments.of(Long.class, "200", 200L),
+                Arguments.of(Double.class, "1.23", 1.23d),
+                Arguments.of(Float.class, "2.15", 2.15f),
+                Arguments.of(BigDecimal.class, "2.15", BigDecimal.valueOf(2.15)),
+                Arguments.of(Map.class, "{}", Collections.emptyMap()));
+    }
+
+    private static Stream<Arguments> getStringTypeArguments() {
+        final String testRandomValue = "non-secret-prefix-" + RandomStringUtils.randomAlphabetic(5);
+        return Stream.of(Arguments.of(String.class, String.format("\"%s\"", testRandomValue),
+                        testRandomValue),
+                Arguments.of(Duration.class, "\"PT15M\"", Duration.parse("PT15M")),
+                Arguments.of(Boolean.class, "\"true\"", true),
+                Arguments.of(Short.class, "\"2\"", (short) 2),
+                Arguments.of(Integer.class, "\"10\"", 10),
+                Arguments.of(Long.class, "\"200\"", 200L),
+                Arguments.of(Double.class, "\"1.23\"", 1.23d),
+                Arguments.of(Float.class, "\"2.15\"", 2.15f),
+                Arguments.of(BigDecimal.class, "\"2.15\"", BigDecimal.valueOf(2.15)),
+                Arguments.of(Character.class, "\"c\"", 'c'));
+    }
+
     @BeforeEach
     void setUp() {
         objectUnderTest = new VariableExpander(OBJECT_MAPPER, Set.of(pluginConfigValueTranslator));
@@ -107,29 +136,53 @@ void testTranslateJsonParserWithStringValue_translate_success(
         assertThat(actualResult, equalTo(expectedResult));
     }
 
-    private static Stream<Arguments> getNonStringTypeArguments() {
-        return Stream.of(Arguments.of(Boolean.class, "true", true),
-                Arguments.of(Short.class, "2", (short) 2),
-                Arguments.of(Integer.class, "10", 10),
-                Arguments.of(Long.class, "200", 200L),
-                Arguments.of(Double.class, "1.23", 1.23d),
-                Arguments.of(Float.class, "2.15", 2.15f),
-                Arguments.of(BigDecimal.class, "2.15", BigDecimal.valueOf(2.15)),
-                Arguments.of(Map.class, "{}", Collections.emptyMap()));
+    @Test
+    void testTranslateJsonParserWithSPluginConfigVariableValue_translate_success() throws IOException {
+        final String testSecretKey = "testSecretKey";
+        final String testTranslatorKey = "test_prefix";
+        final String testSecretReference = String.format("${{%s:%s}}", testTranslatorKey, testSecretKey);
+        final JsonParser jsonParser = JSON_FACTORY.createParser(String.format("\"%s\"", testSecretReference));
+        jsonParser.nextToken();
+        PluginConfigVariable mockPluginConfigVariable = new PluginConfigVariable() {
+
+            String secretValue = "samplePluginConfigValue";
+
+            @Override
+            public Object getValue() {
+                return secretValue;
+            }
+
+            @Override
+            public void setValue(Object updatedValue, String secretIdToSet) {
+                this.secretValue = updatedValue.toString();
+            }
+
+            @Override
+            public boolean isUpdatable() {
+                return true;
+            }
+        };
+        when(pluginConfigValueTranslator.getPrefix()).thenReturn(testTranslatorKey);
+        when(pluginConfigValueTranslator.translateToPluginConfigVariable(eq(testSecretKey)))
+                .thenReturn(mockPluginConfigVariable);
+        objectUnderTest = new VariableExpander(OBJECT_MAPPER, Set.of(pluginConfigValueTranslator));
+        final Object actualResult = objectUnderTest.translate(jsonParser, PluginConfigVariable.class);
+        assertNotNull(actualResult);
+        assertThat(actualResult, equalTo(mockPluginConfigVariable));
     }
 
-    private static Stream<Arguments> getStringTypeArguments() {
-        final String testRandomValue = "non-secret-prefix-" + RandomStringUtils.randomAlphabetic(5);
-        return Stream.of(Arguments.of(String.class, String.format("\"%s\"", testRandomValue),
-                        testRandomValue),
-                Arguments.of(Duration.class, "\"PT15M\"", Duration.parse("PT15M")),
-                Arguments.of(Boolean.class, "\"true\"", true),
-                Arguments.of(Short.class, "\"2\"", (short) 2),
-                Arguments.of(Integer.class, "\"10\"", 10),
-                Arguments.of(Long.class, "\"200\"", 200L),
-                Arguments.of(Double.class, "\"1.23\"", 1.23d),
-                Arguments.of(Float.class, "\"2.15\"", 2.15f),
-                Arguments.of(BigDecimal.class, "\"2.15\"", BigDecimal.valueOf(2.15)),
-                Arguments.of(Character.class, "\"c\"", 'c'));
+    @Test
+    void testTranslateJsonParserWithSPluginConfigVariableValue_translate_failure() throws IOException {
+        final String testSecretKey = "testSecretKey";
+        final String testTranslatorKey = "test_prefix";
+        final String testSecretReference = String.format("${{%s:%s}}", testTranslatorKey, testSecretKey);
+        final JsonParser jsonParser = JSON_FACTORY.createParser(String.format("\"%s\"", testSecretReference));
+        jsonParser.nextToken();
+        when(pluginConfigValueTranslator.getPrefix()).thenReturn(testTranslatorKey);
+        when(pluginConfigValueTranslator.translateToPluginConfigVariable(eq(testSecretKey)))
+                .thenThrow(IllegalArgumentException.class);
+        objectUnderTest = new VariableExpander(OBJECT_MAPPER, Set.of(pluginConfigValueTranslator));
+        assertThrows(IllegalArgumentException.class,
+                () -> objectUnderTest.translate(jsonParser, PluginConfigVariable.class));
     }
 }

data-prepper-plugins/aws-plugin/src/main/java/org/opensearch/dataprepper/plugins/aws/AwsPluginConfigVariable.java

@@ -9,6 +9,7 @@
  */
 package org.opensearch.dataprepper.plugins.aws;
 
+import org.opensearch.dataprepper.model.plugin.FailedToUpdateSecretException;
 import org.opensearch.dataprepper.model.plugin.PluginConfigVariable;
 
 /**
@@ -19,14 +20,17 @@ public class AwsPluginConfigVariable implements PluginConfigVariable {
     private final SecretsSupplier secretsSupplier;
     private final String secretId;
     private final String secretKey;
+    private final boolean isUpdatable;
     private Object secretValue;
 
     public AwsPluginConfigVariable(final SecretsSupplier secretsSupplier,
-                                   final String secretId, final String secretKey, Object secretValue) {
+                                   final String secretId, final String secretKey, Object secretValue,
+                                   final boolean isUpdatable) {
         this.secretsSupplier = secretsSupplier;
         this.secretId = secretId;
         this.secretKey = secretKey;
         this.secretValue = secretValue;
+        this.isUpdatable = isUpdatable;
     }
 
     @Override
@@ -35,8 +39,17 @@ public Object getValue() {
     }
 
     @Override
-    public void setValue(Object newValue) {
-        this.secretsSupplier.updateValue(secretId, secretKey, newValue);
+    public void setValue(Object newValue, String secretVersionIdToSet) {
+        if (!isUpdatable()) {
+            throw new FailedToUpdateSecretException(
+                    String.format("Trying to update a secrets that is not updatable. SecretId: %s SecretKey: %s", this.secretId, this.secretKey));
+        }
+        this.secretsSupplier.updateValue(secretId, secretKey, newValue, secretVersionIdToSet);
         this.secretValue = newValue;
     }
+
+    @Override
+    public boolean isUpdatable() {
+        return isUpdatable;
+    }
 }

data-prepper-plugins/aws-plugin/src/main/java/org/opensearch/dataprepper/plugins/aws/AwsSecretManagerConfiguration.java

@@ -79,9 +79,10 @@ public GetSecretValueRequest createGetSecretValueRequest() {
                 .build();
     }
 
-    public PutSecretValueRequest putSecretValueRequest(String secretKeyValueMapAsString) {
+    public PutSecretValueRequest putSecretValueRequest(String secretKeyValueMapAsString, String secretVersionIdToSet) {
         return PutSecretValueRequest.builder()
                 .secretId(awsSecretId)
+                .clientRequestToken(secretVersionIdToSet)
                 .secretString(secretKeyValueMapAsString)
                 .build();
     }

data-prepper-plugins/aws-plugin/src/main/java/org/opensearch/dataprepper/plugins/aws/AwsSecretsPluginConfigValueTranslator.java

@@ -57,6 +57,6 @@ public PluginConfigVariable translateToPluginConfigVariable(String value) {
         final String secretKey = matcher.group(SECRET_KEY_GROUP);
         final Object secretValue = secretKey != null ? secretsSupplier.retrieveValue(secretId, secretKey) :
                 secretsSupplier.retrieveValue(secretId);
-        return new AwsPluginConfigVariable(secretsSupplier, secretId, secretKey, secretValue);
+        return new AwsPluginConfigVariable(secretsSupplier, secretId, secretKey, secretValue, true);
     }
 }