.github/workflows/CI.yml

@@ -15,3 +15,5 @@ jobs:
           distribution: 'adopt'
       - name: Build with Maven
         run: mvn --batch-mode --update-snapshots package
+      - name: Codecov
+        uses: codecov/codecov-action@v3.1.0

.github/workflows/codeql-analysis.yml

@@ -0,0 +1,50 @@
+# For most projects, this workflow file will not need changing; you simply need
+# to commit it to your repository.
+#
+# You may wish to alter this file to override the set of languages analyzed,
+# or to provide custom queries or build logic.
+#
+# ******** NOTE ********
+# We have attempted to detect the languages in your repository. Please check
+# the `language` matrix defined below to confirm you have the correct set of
+# supported CodeQL languages.
+#
+name: "CodeQL"
+
+on:
+  push:
+    branches: [ "master" ]
+  pull_request:
+    branches: [ "master" ]
+  schedule:
+    - cron: '38 2 * * 1'
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    strategy:
+      fail-fast: true
+      matrix:
+        language: [ 'java' ]
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v3
+
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v2
+      with:
+        languages: ${{ matrix.language }}
+
+    - name: Autobuild
+      uses: github/codeql-action/autobuild@v2
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v2
+      with:
+        category: "/language:${{matrix.language}}"

.gitignore

@@ -7,8 +7,12 @@ release.properties
 dependency-reduced-pom.xml
 buildNumber.properties
 .mvn/timing.properties
+**.DS_Store
+.idea
 # https://github.com/takari/maven-wrapper#usage-without-binary-jar
 .mvn/wrapper/maven-wrapper.jar
+jacoco.exec
+.DS_Store
 
 # Eclipse m2e generated files
 # Eclipse Core

README.md

@@ -1,6 +1,7 @@
 # AWS Secrets Manager JDBC Library
 
-![build](https://github.com/aws/aws-secretsmanager-jdbc/actions/workflows/CI.yml/badge.svg)
+[![Java Build](https://github.com/aws/aws-secretsmanager-jdbc/actions/workflows/CI.yml/badge.svg?event=push)](https://github.com/aws/aws-secretsmanager-jdbc/actions/workflows/CI.yml)
+[![Coverage](https://codecov.io/gh/aws/aws-secretsmanager-jdbc/branch/master/graph/badge.svg?token=hCl7eBaSwn)](https://codecov.io/gh/aws/aws-secretsmanager-jdbc)
 
 The **AWS Secrets Manager JDBC Library** enables Java developers to easily connect to SQL databases using secrets stored in AWS Secrets Manager.
 
@@ -91,3 +92,4 @@ The secret being used should be in the JSON format we use for our rotation lambd
 	...
 }
 ```
+

pom.xml

@@ -16,24 +16,24 @@
   <artifactId>aws-secretsmanager-jdbc</artifactId>
   <packaging>jar</packaging>
   <name>AWS Secrets Manager SQL Connection Library</name>
-  <version>1.0.8</version>
+  <version>1.0.9</version>
   <description>The AWS Secrets Manager SQL Connection Library for Java enables Java developers to easily
     connect to SQL databases using secrets stored in AWS Secrets Manager.
   </description>
   <url>https://aws.amazon.com/secrets-manager</url>
 
   <properties>
-    <aws-java-sdk.version>1.12.148</aws-java-sdk.version>
+    <aws-java-sdk.version>1.12.252</aws-java-sdk.version>
     <aws-secretsmanager-cache.version>1.0.2</aws-secretsmanager-cache.version>
     <lombok.version>1.18.24</lombok.version>
-    <jackson.version>2.13.2.2</jackson.version>
-    <junit.version>4.13.1</junit.version>
+    <jackson.version>2.13.4.2</jackson.version>
+    <junit.version>4.13.2</junit.version>
     <mockito.version>1.10.19</mockito.version>
-    <powermock.version>1.6.6</powermock.version>
-    <compiler.plugin.version>3.2</compiler.plugin.version>
-    <javadoc.plugin.version>3.0.1</javadoc.plugin.version>
-    <source.plugin.version>3.0.1</source.plugin.version>
-    <checkstyle.plugin.version>2.17</checkstyle.plugin.version>
+    <powermock.version>1.7.0</powermock.version>
+    <compiler.plugin.version>3.10.1</compiler.plugin.version>
+    <javadoc.plugin.version>3.4.0</javadoc.plugin.version>
+    <source.plugin.version>3.2.1</source.plugin.version>
+    <checkstyle.plugin.version>3.1.2</checkstyle.plugin.version>
     <findbugs.plugin.version>3.0.5</findbugs.plugin.version>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
   </properties>
@@ -125,6 +125,12 @@
       <version>${powermock.version}</version>
       <scope>test</scope>
     </dependency>
+    <dependency>
+      <groupId>org.jacoco</groupId>
+      <artifactId>org.jacoco.agent</artifactId>
+      <classifier>runtime</classifier>
+      <version>0.8.8</version>
+    </dependency>
   </dependencies>
 
   <build>
@@ -206,6 +212,48 @@
           </execution>
         </executions>
       </plugin>
+      <plugin>
+        <groupId>org.jacoco</groupId>
+        <artifactId>jacoco-maven-plugin</artifactId>
+        <version>0.8.8</version>
+        <executions>
+          <execution>
+            <id>default-instrument</id>
+            <goals>
+              <goal>instrument</goal>
+            </goals>
+          </execution>
+          <execution>
+            <id>default-restore-instrumented-classes</id>
+            <goals>
+              <goal>restore-instrumented-classes</goal>
+            </goals>
+          </execution>
+          <execution>
+            <id>report</id>
+            <phase>prepare-package</phase>
+            <goals>
+              <goal>report</goal>
+            </goals>
+          </execution>
+          <execution>
+            <id>default-check</id>
+            <goals>
+              <goal>check</goal>
+            </goals>
+          </execution>
+        </executions>
+      </plugin>
+      <plugin>
+        <groupId>org.apache.maven.plugins</groupId>
+        <artifactId>maven-surefire-plugin</artifactId>
+        <version>2.22.2</version>
+        <configuration>
+          <systemPropertyVariables>
+            <jacoco-agent.destfile>target/jacoco.exec</jacoco-agent.destfile>
+          </systemPropertyVariables>
+        </configuration>
+      </plugin>
     </plugins>
   </build>
 
@@ -217,7 +265,7 @@
           <plugin>
             <groupId>org.apache.maven.plugins</groupId>
             <artifactId>maven-gpg-plugin</artifactId>
-            <version>1.6</version>
+            <version>3.0.1</version>
             <executions>
               <execution>
                 <id>sign-artifacts</id>
@@ -231,7 +279,7 @@
           <plugin>
             <groupId>org.sonatype.plugins</groupId>
             <artifactId>nexus-staging-maven-plugin</artifactId>
-            <version>1.6.8</version>
+            <version>1.6.13</version>
             <extensions>true</extensions>
             <configuration>
               <serverId>sonatype-nexus-staging</serverId>
@@ -243,4 +291,4 @@
       </build>
     </profile>
   </profiles>
-</project>
+</project>

src/main/java/com/amazonaws/secretsmanager/sql/AWSSecretsManagerDriver.java

@@ -12,10 +12,10 @@
  */
 package com.amazonaws.secretsmanager.sql;
 
-import com.amazonaws.client.builder.AwsClientBuilder;
 import com.amazonaws.secretsmanager.util.Config;
 import com.amazonaws.secretsmanager.caching.SecretCache;
 import com.amazonaws.secretsmanager.caching.SecretCacheConfiguration;
+import com.amazonaws.secretsmanager.util.JDBCSecretCacheBuilderProvider;
 import com.amazonaws.services.secretsmanager.AWSSecretsManager;
 import com.amazonaws.services.secretsmanager.AWSSecretsManagerClientBuilder;
 import com.amazonaws.util.StringUtils;
@@ -105,13 +105,6 @@ public abstract class AWSSecretsManagerDriver implements Driver {
      */ 
     public static final String INVALID_SECRET_STRING_JSON = "Could not parse SecretString JSON";
 
-    /**
-     * Configuration property to override PrivateLink DNS URL for Secrets Manager
-     */
-    private static final String PROPERTY_VPC_ENDPOINT_URL = "vpcEndpointUrl";
-
-    private static final String PROPERTY_VPC_ENDPOINT_REGION = "vpcEndpointRegion";
-
     private SecretCache secretCache;
 
     private String realDriverClass;
@@ -120,35 +113,25 @@ public abstract class AWSSecretsManagerDriver implements Driver {
 
     private ObjectMapper mapper = new ObjectMapper();
 
+
+
     /**
      * Constructs the driver setting the properties from the properties file using system properties as defaults.
      * Instantiates the secret cache with default options.
      */
     protected AWSSecretsManagerDriver() {
-        this(new SecretCache());
+        this(new JDBCSecretCacheBuilderProvider().build());
     }
 
+
     /**
      * Constructs the driver setting the properties from the properties file using system properties as defaults.
      * Sets the secret cache to the cache that was passed in.
      *
      * @param cache                                             Secret cache to use to retrieve secrets
      */
     protected AWSSecretsManagerDriver(SecretCache cache) {
-
-        final Config config = Config.loadMainConfig();
-
-        String vpcEndpointUrl = config.getStringPropertyWithDefault(PROPERTY_PREFIX+"."+PROPERTY_VPC_ENDPOINT_URL, null);
-        String vpcEndpointRegion = config.getStringPropertyWithDefault(PROPERTY_PREFIX+"."+PROPERTY_VPC_ENDPOINT_REGION, null);
-
-        if (vpcEndpointUrl == null || vpcEndpointUrl.isEmpty() || vpcEndpointRegion == null || vpcEndpointRegion.isEmpty()) {
-            this.secretCache = cache;
-        } else {
-            AWSSecretsManagerClientBuilder builder = AWSSecretsManagerClientBuilder.standard();
-            builder.setEndpointConfiguration(new AwsClientBuilder.EndpointConfiguration(vpcEndpointUrl, vpcEndpointRegion));
-
-            this.secretCache = new SecretCache(builder);
-        }
+        this.secretCache = cache;
 
         setProperties();
         AWSSecretsManagerDriver.register(this);
@@ -186,8 +169,6 @@ protected AWSSecretsManagerDriver(SecretCacheConfiguration cacheConfig) {
 
     /**
      * Sets general configuration properties that are unrelated to the API client.
-     *
-     * @param config                                            The main configuration for this driver.
      */
     private void setProperties() {
         this.config = Config.loadMainConfig().getSubconfig(PROPERTY_PREFIX + "." + getPropertySubprefix());

src/main/java/com/amazonaws/secretsmanager/util/Config.java

@@ -70,7 +70,7 @@ private static Properties loadPropertiesFromConfigFile(String resourceName) {
         InputStream configFile;
 
         try {
-            configFile = ClassLoader.getSystemResourceAsStream(resourceName);
+            configFile = Thread.currentThread().getContextClassLoader().getResourceAsStream(resourceName);
             if(configFile != null) {
                 newConfig.load(configFile);
                 configFile.close();

src/main/java/com/amazonaws/secretsmanager/util/JDBCSecretCacheBuilderProvider.java

@@ -0,0 +1,77 @@
+package com.amazonaws.secretsmanager.util;
+
+import com.amazonaws.client.builder.AwsClientBuilder;
+import com.amazonaws.secretsmanager.sql.AWSSecretsManagerDriver;
+import com.amazonaws.services.secretsmanager.AWSSecretsManagerClientBuilder;
+
+import static com.amazonaws.util.StringUtils.isNullOrEmpty;
+
+/**
+ * <p>
+ *  A class for providing JDBC driver the secrets cache builder.
+ *
+ * Checks the config file and environment variables for overrides to the default
+ * region and applies those changes to the provided secret cache builder.
+ * </p>
+ */
+public class JDBCSecretCacheBuilderProvider {
+
+    /**
+     * Configuration property to override PrivateLink DNS URL for Secrets Manager
+     */
+    static final String PROPERTY_VPC_ENDPOINT_URL = "vpcEndpointUrl";
+
+    static final String PROPERTY_VPC_ENDPOINT_REGION = "vpcEndpointRegion";
+
+    /**
+     * Configuration properties to override the default region
+     */
+    static final String PROPERTY_REGION = "region";
+
+    static final String REGION_ENVIRONMENT_VARIABLE = "AWS_SECRET_JDBC_REGION";
+
+
+    private Config configFile;
+
+
+    public JDBCSecretCacheBuilderProvider() {
+        this(Config.loadMainConfig());
+    }
+
+    public JDBCSecretCacheBuilderProvider(Config config) {
+        configFile = config;
+    }
+
+    /**
+     * Provides the secrets cache builder.
+     *
+     * 1) If a PrivateLink DNS endpoint URL and region are given in the Config, then they are used to configure the endpoint.
+     * 2) The AWS_SECRET_JDBC_REGION environment variable is checked. If set, it is used to configure the region.
+     * 3) The region variable file is checked in the provided Config and, if set, used to configure the region.
+     * 4) Finally, if none of these are not found, the default region provider chain is used.
+     *
+     * @return the built secret cache.
+     */
+    public AWSSecretsManagerClientBuilder build() {
+
+        AWSSecretsManagerClientBuilder builder = AWSSecretsManagerClientBuilder.standard();
+
+        //Retrieve data from information sources.
+        String vpcEndpointUrl = configFile.getStringPropertyWithDefault(AWSSecretsManagerDriver.PROPERTY_PREFIX+"."+PROPERTY_VPC_ENDPOINT_URL, null);
+        String vpcEndpointRegion = configFile.getStringPropertyWithDefault(AWSSecretsManagerDriver.PROPERTY_PREFIX+"."+PROPERTY_VPC_ENDPOINT_REGION, null);
+        String envRegion = System.getenv(REGION_ENVIRONMENT_VARIABLE);
+        String configRegion = configFile.getStringPropertyWithDefault(AWSSecretsManagerDriver.PROPERTY_PREFIX+"."+PROPERTY_REGION, null);
+
+
+        //Apply settings to our builder configuration.
+        if ( !isNullOrEmpty(vpcEndpointUrl) && !isNullOrEmpty(vpcEndpointRegion) ) {
+            builder.setEndpointConfiguration(new AwsClientBuilder.EndpointConfiguration(vpcEndpointUrl, vpcEndpointRegion));
+        } else if ( !isNullOrEmpty(envRegion) ) {
+            builder.withRegion(envRegion);
+        } else if ( !isNullOrEmpty(configRegion) ) {
+            builder.withRegion(configRegion);
+        }
+
+        return builder;
+    }
+}