Package com.amazonaws.secretsmanager.sql

Class AWSSecretsManagerDriver

java.lang.Object
com.amazonaws.secretsmanager.sql.AWSSecretsManagerDriver
All Implemented Interfaces:
Driver
Direct Known Subclasses:
AWSSecretsManagerDb2Driver, AWSSecretsManagerMariaDBDriver, AWSSecretsManagerMSSQLServerDriver, AWSSecretsManagerMySQLDriver, AWSSecretsManagerOracleDriver, AWSSecretsManagerPostgreSQLDriver, AWSSecretsManagerRedshiftDriver
public abstract class AWSSecretsManagerDriver extends Object implements Driver

Provides support for accessing SQL databases using credentials stored within AWS Secrets Manager. If this functionality is desired, then a subclass of this class should be specified as the JDBC driver for an application.

The driver to propagate connect requests to should also be specified in the configuration. Doing this will cause the real driver to be registered once an instance of this driver is made (which will be when this driver is registered).

This base class registers itself with the java.sql.DriverManager when its constructor is called. That means a subclass only needs to make a new instance of itself in its static block to register.

This does not support including the user (secret ID) and password in the jdbc url, as JDBC url formats are database specific. If this functionality is desired, it must be implemented in a subclass.

Ignores the password field, drawing a secret ID from the user field. The secret referred to by this field is expected to be in the standard JSON format used by the rotation lambdas provided by Secrets Manager: 

 
 {
     "username": "xxxx",
     "password": "xxxx",
     ...
 }

Here is a list of the configuration properties. The subprefix is an implementation specific String used to keep the properties for different drivers separate. For example, the MySQL driver wrapper might use mysql as its subprefix, making the full property name for the realDriverClass for the MySQL driver wrapper drivers.mysql.realDriverClass (all Driver properties will be prefixed with "drivers."). This String is defined by the method getPropertySubprefix.

  • drivers.subprefix.realDriverClass - (optional) The class name of the driver to propagate calls to. If not specified, default for subprefix is used

  • Field Details

    • SCHEME

      public static final String SCHEME
      "jdbc-secretsmanager", so the JDBC URL should start with "jdbc-secretsmanager" instead of just "jdbc".
      See Also:

    • MAX_RETRY

      public static final int MAX_RETRY
      Maximum number of times to retry connecting to DB on auth failures
      See Also:

    • PROPERTY_PREFIX

      public static final String PROPERTY_PREFIX
      "drivers", so all configuration properties start with "drivers.".
      See Also:

    • INVALID_SECRET_STRING_JSON

      public static final String INVALID_SECRET_STRING_JSON
      Message to return on the RuntimeException when secret string is invalid json
      See Also:

  • Constructor Details

    • AWSSecretsManagerDriver

      protected AWSSecretsManagerDriver()
      Constructs the driver setting the properties from the properties file using system properties as defaults. Instantiates the secret cache with default options.

    • AWSSecretsManagerDriver

      protected AWSSecretsManagerDriver(com.amazonaws.secretsmanager.caching.SecretCache cache)
      Constructs the driver setting the properties from the properties file using system properties as defaults. Sets the secret cache to the cache that was passed in.
      Parameters:
      cache - Secret cache to use to retrieve secrets

    • AWSSecretsManagerDriver

      protected AWSSecretsManagerDriver(software.amazon.awssdk.services.secretsmanager.SecretsManagerClientBuilder builder)
      Constructs the driver setting the properties from the properties file using system properties as defaults. Instantiates the secret cache with the passed in client builder.
      Parameters:
      builder - Builder used to instantiate cache

    • AWSSecretsManagerDriver

      protected AWSSecretsManagerDriver(software.amazon.awssdk.services.secretsmanager.SecretsManagerClient client)
      Constructs the driver setting the properties from the properties file using system properties as defaults. Instantiates the secret cache with the provided AWS Secrets Manager client.
      Parameters:
      client - AWS Secrets Manager client to instantiate cache

    • AWSSecretsManagerDriver

      protected AWSSecretsManagerDriver(com.amazonaws.secretsmanager.caching.SecretCacheConfiguration cacheConfig)
      Constructs the driver setting the properties from the properties file using system properties as defaults. Instantiates the secret cache with the provided cache configuration.
      Parameters:
      cacheConfig - Cache configuration to instantiate cache

  • Method Details

    • register

      protected static void register(AWSSecretsManagerDriver driver)
      Registers a driver along with the DriverAction implementation.
      Parameters:
      driver - The driver to register.
      Throws:
      RuntimeException - If the driver could not be registered.

    • getPropertySubprefix

      public abstract String getPropertySubprefix()
      Gets the "subprefix" used for configuration properties for this driver. For example, if this method returns the String, "mysql", then the real driver that this will forward requests to would be set to drivers.mysql.realDriverClass in the properties file or in the system properties.
      Returns:
      String The subprefix to use for configuration properties.

    • getWrappedDriver

      public Driver getWrappedDriver()
      Returns an instance of the real java.sql.Driver that this should propagate calls to. The real driver is specified by the realDriverClass property.
      Returns:
      Driver The real Driver that calls should be propagated to.
      Throws:
      IllegalStateException - When there is no driver with the name realDriverClass

    • acceptsURL

      public boolean acceptsURL(String url) throws SQLException
      Specified by:
      acceptsURL in interface Driver
      Throws:
      SQLException

    • isExceptionDueToAuthenticationError

      public abstract boolean isExceptionDueToAuthenticationError(Exception exception)
      Determines whether or not an Exception is due to an authentication failure with the remote database. This method is called during connect to decide if authentication needs to be attempted again with refreshed credentials. A good way to implement this is to look up the error codes that java.sqlSQLExceptions will have when an authentication failure occurs. These are database specific.
      Parameters:
      exception - The Exception to test.
      Returns:
      boolean Whether or not the Exception indicates that the credentials used for authentication are stale.

    • constructUrlFromEndpointPortDatabase

      public abstract String constructUrlFromEndpointPortDatabase(String endpoint, String port, String dbname)
      Construct a database URL from the endpoint, port and database name. This method is called when the connect method is called with a secret ID instead of a URL.
      Parameters:
      endpoint - The endpoint retrieved from the secret cache
      port - The port retrieved from the secret cache
      dbname - The database name retrieved from the secret cache
      Returns:
      String The constructed URL based on the endpoint and port

    • getDefaultDriverClass

      public abstract String getDefaultDriverClass()
      Get the default real driver class name for this driver.
      Returns:
      String The default real driver class name

    • connect

      public Connection connect(String url, Properties info) throws SQLException
      Specified by:
      connect in interface Driver
      Throws:
      SQLException

    • getMajorVersion

      public int getMajorVersion()
      Specified by:
      getMajorVersion in interface Driver

    • getMinorVersion

      public int getMinorVersion()
      Specified by:
      getMinorVersion in interface Driver

    • getParentLogger

      public Logger getParentLogger() throws SQLFeatureNotSupportedException
      Specified by:
      getParentLogger in interface Driver
      Throws:
      SQLFeatureNotSupportedException

    • getPropertyInfo

      public DriverPropertyInfo[] getPropertyInfo(String url, Properties info) throws SQLException
      Specified by:
      getPropertyInfo in interface Driver
      Throws:
      SQLException

    • jdbcCompliant

      public boolean jdbcCompliant()
      Specified by:
      jdbcCompliant in interface Driver