com.amazonaws.secretsmanager.sql

Class AWSSecretsManagerDriver

java.lang.Object

com.amazonaws.secretsmanager.sql.AWSSecretsManagerDriver

All Implemented Interfaces:

Driver

Direct Known Subclasses:

AWSSecretsManagerMariaDBDriver, AWSSecretsManagerMSSQLServerDriver, AWSSecretsManagerMySQLDriver, AWSSecretsManagerOracleDriver, AWSSecretsManagerPostgreSQLDriver, AWSSecretsManagerRedshiftDriver

public abstract class AWSSecretsManagerDriver
extends Object
implements Driver

Provides support for accessing SQL databases using credentials stored within AWS Secrets Manager. If this functionality is desired, then a subclass of this class should be specified as the JDBC driver for an application.

The driver to propagate connect requests to should also be specified in the configuration. Doing this will cause the real driver to be registered once an instance of this driver is made (which will be when this driver is registered).

This base class registers itself with the java.sql.DriverManager when its constructor is called. That means a subclass only needs to make a new instance of itself in its static block to register.

This does not support including the user (secret ID) and password in the jdbc url, as JDBC url formats are database specific. If this functionality is desired, it must be implemented in a subclass.

Ignores the password field, drawing a secret ID from the user field. The secret referred to by this field is expected to be in the standard JSON format used by the rotation lambdas provided by Secrets Manager:

 
 {
     "username": "xxxx",
     "password": "xxxx",
     ...
 }
 
 

Here is a list of the configuration properties. The subprefix is an implementation specific String used to keep the properties for different drivers separate. For example, the MySQL driver wrapper might use mysql as its subprefix, making the full property name for the realDriverClass for the MySQL driver wrapper drivers.mysql.realDriverClass (all Driver properties will be prefixed with "drivers."). This String is defined by the method getPropertySubprefix.

• drivers.subprefix.realDriverClass - (optional) The class name of the driver to propagate calls to. If not specified, default for subprefix is used

Field Summary

Fields

Modifier and Type	Field and Description
static String	INVALID_SECRET_STRING_JSON Message to return on the RuntimeException when secret string is invalid json
static int	MAX_RETRY Maximum number of times to retry connecting to DB on auth failures
static String	PROPERTY_PREFIX "drivers", so all configuration properties start with "drivers.".
static String	SCHEME "jdbc-secretsmanager", so the JDBC URL should start with "jdbc-secretsmanager" instead of just "jdbc".

Constructor Summary

Constructors

Modifier	Constructor and Description
protected	AWSSecretsManagerDriver() Constructs the driver setting the properties from the properties file using system properties as defaults.
protected	AWSSecretsManagerDriver(com.amazonaws.services.secretsmanager.AWSSecretsManager client) Constructs the driver setting the properties from the properties file using system properties as defaults.
protected	AWSSecretsManagerDriver(com.amazonaws.services.secretsmanager.AWSSecretsManagerClientBuilder builder) Constructs the driver setting the properties from the properties file using system properties as defaults.
protected	AWSSecretsManagerDriver(com.amazonaws.secretsmanager.caching.SecretCache cache) Constructs the driver setting the properties from the properties file using system properties as defaults.
protected	AWSSecretsManagerDriver(com.amazonaws.secretsmanager.caching.SecretCacheConfiguration cacheConfig) Constructs the driver setting the properties from the properties file using system properties as defaults.

Method Summary

Modifier and Type	Method and Description
boolean	acceptsURL(String url)
Connection	connect(String url, Properties info)
abstract String	constructUrlFromEndpointPortDatabase(String endpoint, String port, String dbname) Construct a database URL from the endpoint, port and database name.
abstract String	getDefaultDriverClass() Get the default real driver class name for this driver.
int	getMajorVersion()
int	getMinorVersion()
Logger	getParentLogger()
DriverPropertyInfo[]	getPropertyInfo(String url, Properties info)
abstract String	getPropertySubprefix() Gets the "subprefix" used for configuration properties for this driver.
Driver	getWrappedDriver() Returns an instance of the real java.sql.Driver that this should propagate calls to.
abstract boolean	isExceptionDueToAuthenticationError(Exception exception) Determines whether or not an Exception is due to an authentication failure with the remote database.
boolean	jdbcCompliant()
protected static void	register(AWSSecretsManagerDriver driver) Registers a driver along with the DriverAction implementation.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

SCHEME

public static final String SCHEME

"jdbc-secretsmanager", so the JDBC URL should start with "jdbc-secretsmanager" instead of just "jdbc".

See Also:

Constant Field Values

MAX_RETRY

public static final int MAX_RETRY

Maximum number of times to retry connecting to DB on auth failures

See Also:

Constant Field Values

PROPERTY_PREFIX

public static final String PROPERTY_PREFIX

"drivers", so all configuration properties start with "drivers.".

See Also:

Constant Field Values

INVALID_SECRET_STRING_JSON

public static final String INVALID_SECRET_STRING_JSON

Message to return on the RuntimeException when secret string is invalid json

See Also:

Constant Field Values

Constructor Detail

AWSSecretsManagerDriver

protected AWSSecretsManagerDriver()

Constructs the driver setting the properties from the properties file using system properties as defaults. Instantiates the secret cache with default options.

AWSSecretsManagerDriver

protected AWSSecretsManagerDriver(com.amazonaws.secretsmanager.caching.SecretCache cache)

Constructs the driver setting the properties from the properties file using system properties as defaults. Sets the secret cache to the cache that was passed in.

Parameters:

cache - Secret cache to use to retrieve secrets

AWSSecretsManagerDriver

protected AWSSecretsManagerDriver(com.amazonaws.services.secretsmanager.AWSSecretsManagerClientBuilder builder)

Constructs the driver setting the properties from the properties file using system properties as defaults. Instantiates the secret cache with the passed in client builder.

Parameters:

builder - Builder used to instantiate cache

AWSSecretsManagerDriver

protected AWSSecretsManagerDriver(com.amazonaws.services.secretsmanager.AWSSecretsManager client)

Constructs the driver setting the properties from the properties file using system properties as defaults. Instantiates the secret cache with the provided AWS Secrets Manager client.

Parameters:

client - AWS Secrets Manager client to instantiate cache

AWSSecretsManagerDriver

protected AWSSecretsManagerDriver(com.amazonaws.secretsmanager.caching.SecretCacheConfiguration cacheConfig)

Constructs the driver setting the properties from the properties file using system properties as defaults. Instantiates the secret cache with the provided cache configuration.

Parameters:

cacheConfig - Cache configuration to instantiate cache

Method Detail

register

protected static void register(AWSSecretsManagerDriver driver)

Registers a driver along with the DriverAction implementation.

Parameters:

driver - The driver to register.

Throws:

RuntimeException - If the driver could not be registered.

getPropertySubprefix

public abstract String getPropertySubprefix()

Gets the "subprefix" used for configuration properties for this driver. For example, if this method returns the String, "mysql", then the real driver that this will forward requests to would be set to drivers.mysql.realDriverClass in the properties file or in the system properties.

Returns:

String The subprefix to use for configuration properties.

getWrappedDriver

public Driver getWrappedDriver()

Returns an instance of the real java.sql.Driver that this should propagate calls to. The real driver is specified by the realDriverClass property.

Returns:

Driver The real Driver that calls should be propagated to.

Throws:

IllegalStateException - When there is no driver with the name realDriverClass

acceptsURL

public boolean acceptsURL(String url)
                   throws SQLException

Specified by:

acceptsURL in interface Driver

Throws:

SQLException

isExceptionDueToAuthenticationError

public abstract boolean isExceptionDueToAuthenticationError(Exception exception)

Determines whether or not an Exception is due to an authentication failure with the remote database. This method is called during connect to decide if authentication needs to be attempted again with refreshed credentials. A good way to implement this is to look up the error codes that java.sqlSQLExceptions will have when an authentication failure occurs. These are database specific.

Parameters:

exception - The Exception to test.

Returns:

boolean Whether or not the Exception indicates that the credentials used for authentication are stale.

constructUrlFromEndpointPortDatabase

public abstract String constructUrlFromEndpointPortDatabase(String endpoint,
                                                            String port,
                                                            String dbname)

Construct a database URL from the endpoint, port and database name. This method is called when the connect method is called with a secret ID instead of a URL.

Parameters:

endpoint - The endpoint retrieved from the secret cache

port - The port retrieved from the secret cache

dbname - The database name retrieved from the secret cache

Returns:

String The constructed URL based on the endpoint and port

getDefaultDriverClass

public abstract String getDefaultDriverClass()

Get the default real driver class name for this driver.

Returns:

String The default real driver class name

connect

public Connection connect(String url,
                          Properties info)
                   throws SQLException

Specified by:

connect in interface Driver

Throws:

SQLException

getMajorVersion

public int getMajorVersion()

Specified by:

getMajorVersion in interface Driver

getMinorVersion

public int getMinorVersion()

Specified by:

getMinorVersion in interface Driver

getParentLogger

public Logger getParentLogger()
                       throws SQLFeatureNotSupportedException

Specified by:

getParentLogger in interface Driver

Throws:

SQLFeatureNotSupportedException

getPropertyInfo

public DriverPropertyInfo[] getPropertyInfo(String url,
                                            Properties info)
                                     throws SQLException

Specified by:

getPropertyInfo in interface Driver

Throws:

SQLException

jdbcCompliant

public boolean jdbcCompliant()

Specified by:

jdbcCompliant in interface Driver