MQE-1919: MFTF AWS Secrets Manager - CI Use

jilu1 · jilu1 · commit 6a0660534fa4 · 2020-01-17T13:18:33.000-06:00
diff --git a/etc/config/.env.example b/etc/config/.env.example
@@ -37,8 +37,6 @@ BROWSER=chrome
 #*** To use AWS Secrets Manager to manage _CREDS secrets, uncomment and set region, profile is optional, when omitted, AWS default credential provider chain will be used ***#
 #CREDENTIAL_AWS_SECRETS_MANAGER_PROFILE=default
 #CREDENTIAL_AWS_SECRETS_MANAGER_REGION=us-east-1
-#*** If using non-default AWS account ***#
-#CREDENTIAL_AWS_ACCOUNT_ID=
 
 #*** Uncomment these properties to set up a dev environment with symlinked projects ***#
 #TESTS_BP=
diff --git a/src/Magento/FunctionalTestingFramework/DataGenerator/Handlers/CredentialStore.php b/src/Magento/FunctionalTestingFramework/DataGenerator/Handlers/CredentialStore.php
@@ -57,45 +57,10 @@ public static function getInstance()
      */
     private function __construct()
     {
-        // Initialize file storage
-        try {
-            $this->credStorage[self::ARRAY_KEY_FOR_FILE]  = new FileStorage();
-        } catch (TestFrameworkException $e) {
-        }
-
-        // Initialize vault storage
-        $cvAddress = getenv('CREDENTIAL_VAULT_ADDRESS');
-        $cvSecretPath = getenv('CREDENTIAL_VAULT_SECRET_BASE_PATH');
-        if ($cvAddress !== false && $cvSecretPath !== false) {
-            try {
-                $this->credStorage[self::ARRAY_KEY_FOR_VAULT] = new VaultStorage(
-                    UrlFormatter::format($cvAddress, false),
-                    '/' . trim($cvSecretPath, '/')
-                );
-            } catch (TestFrameworkException $e) {
-            }
-        }
-
-        // Initialize AWS Secrets Manager storage
-        $awsRegion = getenv('CREDENTIAL_AWS_SECRETS_MANAGER_REGION');
-        $awsProfile = getenv('CREDENTIAL_AWS_SECRETS_MANAGER_PROFILE');
-        $awsId = getenv('CREDENTIAL_AWS_ACCOUNT_ID');
-        if (!empty($awsRegion)) {
-            if (empty($awsProfile)) {
-                $awsProfile = null;
-            }
-            if (empty($awsId)) {
-                $awsId = null;
-            }
-            try {
-                $this->credStorage[self::ARRAY_KEY_FOR_AWS_SECRETS_MANAGER] = new AwsSecretsManagerStorage(
-                    $awsRegion,
-                    $awsProfile,
-                    $awsId
-                );
-            } catch (TestFrameworkException $e) {
-            }
-        }
+        // Initialize credential storage by defined order of precedence as the following
+        $this->initializeFileStorage();
+        $this->initializeVaultStorage();
+        $this->initializeAwsSecretsManagerStorage();
 
         if (empty($this->credStorage)) {
             throw new TestFrameworkException(
@@ -155,4 +120,68 @@ public function decryptAllSecretsInString($string)
             return $storage->getAllDecryptedValuesInString($string);
         }
     }
+
+    /**
+     * Initialize file storage
+     *
+     * @return void
+     */
+    private function initializeFileStorage()
+    {
+        // Initialize file storage
+        try {
+            $this->credStorage[self::ARRAY_KEY_FOR_FILE]  = new FileStorage();
+        } catch (TestFrameworkException $e) {
+        }
+    }
+
+    /**
+     * Initialize Vault storage
+     *
+     * @return void
+     */
+    private function initializeVaultStorage()
+    {
+        // Initialize vault storage
+        $cvAddress = getenv('CREDENTIAL_VAULT_ADDRESS');
+        $cvSecretPath = getenv('CREDENTIAL_VAULT_SECRET_BASE_PATH');
+        if ($cvAddress !== false && $cvSecretPath !== false) {
+            try {
+                $this->credStorage[self::ARRAY_KEY_FOR_VAULT] = new VaultStorage(
+                    UrlFormatter::format($cvAddress, false),
+                    '/' . trim($cvSecretPath, '/')
+                );
+            } catch (TestFrameworkException $e) {
+            }
+        }
+    }
+
+    /**
+     * Initialize AWS Secrets Manager storage
+     *
+     * @return void
+     */
+    private function initializeAwsSecretsManagerStorage()
+    {
+        // Initialize AWS Secrets Manager storage
+        $awsRegion = getenv('CREDENTIAL_AWS_SECRETS_MANAGER_REGION');
+        $awsProfile = getenv('CREDENTIAL_AWS_SECRETS_MANAGER_PROFILE');
+        $awsId = getenv('CREDENTIAL_AWS_ACCOUNT_ID');
+        if (!empty($awsRegion)) {
+            if (empty($awsProfile)) {
+                $awsProfile = null;
+            }
+            if (empty($awsId)) {
+                $awsId = null;
+            }
+            try {
+                $this->credStorage[self::ARRAY_KEY_FOR_AWS_SECRETS_MANAGER] = new AwsSecretsManagerStorage(
+                    $awsRegion,
+                    $awsProfile,
+                    $awsId
+                );
+            } catch (TestFrameworkException $e) {
+            }
+        }
+    }
 }
diff --git a/src/Magento/FunctionalTestingFramework/DataGenerator/Handlers/SecretStorage/AwsSecretsManagerStorage.php b/src/Magento/FunctionalTestingFramework/DataGenerator/Handlers/SecretStorage/AwsSecretsManagerStorage.php
@@ -148,13 +148,19 @@ private function parseAwsSecretResult($awsResult, $key)
         if (isset($awsResult['SecretString'])) {
             $rawSecret = $awsResult['SecretString'];
         } else {
-            throw new TestFrameworkException("Error parsing result from AWS Secrets Manager");
+            print_r('raw result:');
+            var_dump($awsResult);
+            throw new TestFrameworkException(
+                "'SecretString' is not set in AWS Result. Error parsing result from AWS Secrets Manager"
+            );
         }
         $secret = json_decode($rawSecret, true);
         if (isset($secret[$key])) {
             return $secret[$key];
         }
-        throw new TestFrameworkException("Error parsing result from AWS Secrets Manager");
+        print_r('result:');
+        var_dump($secret);
+        throw new TestFrameworkException("$key not found in AWS Result. Error parsing result from AWS Secrets Manager");
     }
 
     /**
