Merge pull request #554 from magento/MQE-1919

MFTF AWS Secrets Manager - CI Use

Author: jilu1

composer.json

@@ -11,7 +11,10 @@
     "require": {
         "php": "7.0.2||7.0.4||~7.0.6||~7.1.0||~7.2.0||~7.3.0",
         "ext-curl": "*",
+        "ext-json": "*",
+        "ext-openssl": "*",
         "allure-framework/allure-codeception": "~1.3.0",
+        "aws/aws-sdk-php": "^3.132",
         "codeception/codeception": "~2.4.5",
         "composer/composer": "^1.4",
         "consolidation/robo": "^1.0.0",

composer.lock

@@ -0,0 +1,65 @@
+<?php
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+
+namespace tests\unit\Magento\FunctionalTestFramework\DataGenerator\Handlers\SecretStorage;
+
+use Aws\SecretsManager\SecretsManagerClient;
+use Magento\FunctionalTestingFramework\DataGenerator\Handlers\SecretStorage\AwsSecretsManagerStorage;
+use Aws\Result;
+use Magento\FunctionalTestingFramework\Util\MagentoTestCase;
+use ReflectionClass;
+
+class AwsSecretsManagerStorageTest extends MagentoTestCase
+{
+    /**
+     * Test encryption/decryption functionality in AwsSecretsManagerStorage class.
+     */
+    public function testEncryptAndDecrypt()
+    {
+        // Setup test data
+        $testProfile = 'profile';
+        $testRegion = 'region';
+        $testLongKey = 'magento/myKey';
+        $testShortKey = 'myKey';
+        $testValue = 'myValue';
+        $data = [
+            'Name' => 'mftf/magento/' . $testShortKey,
+            'SecretString' => json_encode([$testShortKey => $testValue])
+        ];
+        /** @var Result */
+        $result = new Result($data);
+
+        $mockClient = $this->getMockBuilder(SecretsManagerClient::class)
+            ->disableOriginalConstructor()
+            ->setMethods(['__call'])
+            ->getMock();
+
+        $mockClient->expects($this->once())
+            ->method('__call')
+            ->willReturnCallback(function ($name, $args) use ($result) {
+                return $result;
+            });
+
+        /** @var SecretsManagerClient */
+        $credentialStorage = new AwsSecretsManagerStorage($testRegion, $testProfile);
+        $reflection = new ReflectionClass($credentialStorage);
+        $reflection_property = $reflection->getProperty('client');
+        $reflection_property->setAccessible(true);
+        $reflection_property->setValue($credentialStorage, $mockClient);
+
+        // Test getEncryptedValue()
+        $encryptedCred = $credentialStorage->getEncryptedValue($testLongKey);
+
+        // Assert the value we've gotten is in fact not identical to our test value
+        $this->assertNotEquals($testValue, $encryptedCred);
+
+        // Test getDecryptedValue()
+        $actualValue = $credentialStorage->getDecryptedValue($encryptedCred);
+
+        // Assert that we are able to successfully decrypt our secret value
+        $this->assertEquals($testValue, $actualValue);
+    }
+}

dev/tests/unit/Magento/FunctionalTestFramework/DataGenerator/Handlers/SecretStorage/AwsSecretsManagerStorageTest.php

@@ -277,6 +277,28 @@ Example:
 CREDENTIAL_VAULT_SECRET_BASE_PATH=secret
 ```
 
+### CREDENTIAL_AWS_SECRETS_MANAGER_REGION
+
+The region that AWS Secrets Manager is located.
+
+Example:
+
+```conf
+# Region of AWS Secrets Manager
+CREDENTIAL_AWS_SECRETS_MANAGER_REGION=us-east-1
+```
+
+### CREDENTIAL_AWS_SECRETS_MANAGER_PROFILE
+
+The profile used to connect to AWS Secrets Manager.
+
+Example:
+
+```conf
+# Profile used to connect to AWS Secrets Manager.
+CREDENTIAL_AWS_SECRETS_MANAGER_PROFILE=default
+```
+
 ### ENABLE_BROWSER_LOG
 
 Enables addition of browser logs to Allure steps