V2

.github/workflows/CI.yml

@@ -2,6 +2,9 @@ name: Java Build
 
 on: [push, pull_request]
 
+env:
+  AWS_DEFAULT_REGION: us-west-2
+
 jobs:
   build:
     runs-on: ubuntu-latest
@@ -16,4 +19,4 @@ jobs:
       - name: Build with Maven
         run: mvn --batch-mode --update-snapshots package
       - name: Codecov
-        uses: codecov/codecov-action@v3.1.0
+        uses: codecov/codecov-action@v3.1.4

.github/workflows/codeql-analysis.yml

@@ -13,9 +13,9 @@ name: "CodeQL"
 
 on:
   push:
-    branches: [ "master" ]
+    branches: ["master", "v2"]
   pull_request:
-    branches: [ "master" ]
+    branches: ["master", "v2"]
   schedule:
     - cron: '38 2 * * 1'
 

.gitignore

@@ -17,6 +17,7 @@ jacoco.exec
 # Eclipse m2e generated files
 # Eclipse Core
 .project
+.settings
 # JDT-specific (Eclipse Java Development Tools)
 .classpath
 

README.md

@@ -1,7 +1,7 @@
 # AWS Secrets Manager JDBC Library
 
 [![Java Build](https://github.com/aws/aws-secretsmanager-jdbc/actions/workflows/CI.yml/badge.svg?event=push)](https://github.com/aws/aws-secretsmanager-jdbc/actions/workflows/CI.yml)
-[![Coverage](https://codecov.io/gh/aws/aws-secretsmanager-jdbc/branch/master/graph/badge.svg?token=hCl7eBaSwn)](https://codecov.io/gh/aws/aws-secretsmanager-jdbc)
+[![Coverage](https://codecov.io/gh/aws/aws-secretsmanager-jdbc/branch/v2/graph/badge.svg?token=hCl7eBaSwn)](https://codecov.io/gh/aws/aws-secretsmanager-jdbc)
 
 The **AWS Secrets Manager JDBC Library** enables Java developers to easily connect to SQL databases using secrets stored in AWS Secrets Manager.
 
@@ -25,7 +25,7 @@ The recommended way to use the SQL Connection Library is to consume it from Mave
 <dependency>
     <groupId>com.amazonaws.secretsmanager</groupId>
     <artifactId>aws-secretsmanager-jdbc</artifactId>
-    <version>1.0.12</version>
+    <version>2.0.0</version>
 </dependency>
 ```
 
@@ -95,7 +95,7 @@ The secret being used should be in the JSON format we use for our rotation lambd
 
 ## Credentials
 
-This library uses the [Default Credential Provider Chain](https://docs.aws.amazon.com/sdk-for-java/v1/developer-guide/credentials.html). The following options exist to override some of the defaults:
+This library uses the [Default Credential Provider Chain](https://docs.aws.amazon.com/sdk-for-java/latest/developer-guide/credentials.html). The following options exist to override some of the defaults:
 
 1) Set a PrivateLink DNS endpoint URL and a region in the secretsmanager.properties file:
 ```text

pom.xml

@@ -16,25 +16,13 @@
   <artifactId>aws-secretsmanager-jdbc</artifactId>
   <packaging>jar</packaging>
   <name>AWS Secrets Manager SQL Connection Library</name>
-  <version>1.0.12</version>
+  <version>2.0.0</version>
   <description>The AWS Secrets Manager SQL Connection Library for Java enables Java developers to easily
     connect to SQL databases using secrets stored in AWS Secrets Manager.
   </description>
   <url>https://aws.amazon.com/secrets-manager</url>
 
   <properties>
-    <aws-java-sdk.version>1.12.252</aws-java-sdk.version>
-    <aws-secretsmanager-cache.version>1.0.2</aws-secretsmanager-cache.version>
-    <lombok.version>1.18.24</lombok.version>
-    <jackson.version>2.14.1</jackson.version>
-    <junit.version>4.13.2</junit.version>
-    <mockito.version>1.10.19</mockito.version>
-    <powermock.version>1.7.0</powermock.version>
-    <compiler.plugin.version>3.10.1</compiler.plugin.version>
-    <javadoc.plugin.version>3.4.0</javadoc.plugin.version>
-    <source.plugin.version>3.2.1</source.plugin.version>
-    <checkstyle.plugin.version>3.1.2</checkstyle.plugin.version>
-    <findbugs.plugin.version>3.0.5</findbugs.plugin.version>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
   </properties>
 
@@ -76,79 +64,86 @@
     <dependency>
       <groupId>com.amazonaws.secretsmanager</groupId>
       <artifactId>aws-secretsmanager-caching-java</artifactId>
-      <version>${aws-secretsmanager-cache.version}</version>
+      <version>2.0.0</version>
     </dependency>
 
     <dependency>
-      <groupId>com.amazonaws</groupId>
-      <artifactId>aws-java-sdk-secretsmanager</artifactId>
-      <version>${aws-java-sdk.version}</version>
+      <groupId>software.amazon.awssdk</groupId>
+      <artifactId>secretsmanager</artifactId>
+      <version>2.20.93</version>
     </dependency>
 
     <dependency>
       <groupId>org.projectlombok</groupId>
       <artifactId>lombok</artifactId>
-      <version>${lombok.version}</version>
+      <version>1.18.28</version>
       <scope>provided</scope>
     </dependency>
 
     <dependency>
       <groupId>com.fasterxml.jackson.core</groupId>
       <artifactId>jackson-databind</artifactId>
-      <version>${jackson.version}</version>
+      <version>2.15.2</version>
+    </dependency>
+
+    <dependency>
+      <groupId>com.github.spotbugs</groupId>
+      <artifactId>spotbugs-annotations</artifactId>
+      <version>4.7.3</version>
     </dependency>
 
     <dependency>
       <groupId>junit</groupId>
       <artifactId>junit</artifactId>
-      <version>${junit.version}</version>
+      <version>4.13.2</version>
+      <scope>test</scope>
+    </dependency>
+
+    <dependency>
+      <groupId>com.github.stefanbirkner</groupId>
+      <artifactId>system-rules</artifactId>
+      <version>1.19.0</version>
       <scope>test</scope>
     </dependency>
 
     <dependency>
       <groupId>org.mockito</groupId>
-      <artifactId>mockito-all</artifactId>
-      <version>${mockito.version}</version>
+      <artifactId>mockito-inline</artifactId>
+      <version>3.12.4</version>
       <scope>test</scope>
     </dependency>
 
     <dependency>
       <groupId>org.powermock</groupId>
       <artifactId>powermock-module-junit4</artifactId>
-      <version>${powermock.version}</version>
+      <version>2.0.9</version>
       <scope>test</scope>
     </dependency>
 
     <dependency>
       <groupId>org.powermock</groupId>
-      <artifactId>powermock-api-mockito</artifactId>
-      <version>${powermock.version}</version>
+      <artifactId>powermock-api-mockito2</artifactId>
+      <version>2.0.9</version>
       <scope>test</scope>
     </dependency>
-    <dependency>
-      <groupId>org.jacoco</groupId>
-      <artifactId>org.jacoco.agent</artifactId>
-      <classifier>runtime</classifier>
-      <version>0.8.8</version>
-    </dependency>
   </dependencies>
 
   <build>
     <plugins>
       <plugin>
         <groupId>org.apache.maven.plugins</groupId>
         <artifactId>maven-compiler-plugin</artifactId>
-        <version>${compiler.plugin.version}</version>
+        <version>3.11.0</version>
         <configuration>
-          <source>1.8</source>
-          <target>1.8</target>
+          <source>11</source>
+          <target>11</target>
           <encoding>UTF-8</encoding>
         </configuration>
       </plugin>
       <plugin>
         <groupId>org.apache.maven.plugins</groupId>
         <artifactId>maven-source-plugin</artifactId>
-        <version>${source.plugin.version}</version>
+        <version>3.3.0</version>
         <executions>
           <execution>
             <id>attach-sources</id>
@@ -161,7 +156,7 @@
       <plugin>
         <groupId>org.apache.maven.plugins</groupId>
         <artifactId>maven-javadoc-plugin</artifactId>
-        <version>${javadoc.plugin.version}</version>
+        <version>3.5.0</version>
         <executions>
           <execution>
             <id>attach-javadocs</id>
@@ -174,10 +169,9 @@
       <plugin>
         <groupId>org.apache.maven.plugins</groupId>
         <artifactId>maven-checkstyle-plugin</artifactId>
-        <version>${checkstyle.plugin.version}</version>
+        <version>3.3.0</version>
         <configuration>
           <configLocation>${basedir}/config/checkstyle/checkstyle.xml</configLocation>
-          <encoding>UTF-8</encoding>
           <consoleOutput>true</consoleOutput>
           <failsOnError>true</failsOnError>
           <linkXRef>false</linkXRef>
@@ -194,9 +188,9 @@
         </executions>
       </plugin>
       <plugin>
-        <groupId>org.codehaus.mojo</groupId>
-        <artifactId>findbugs-maven-plugin</artifactId>
-        <version>${findbugs.plugin.version}</version>
+        <groupId>com.github.spotbugs</groupId>
+        <artifactId>spotbugs-maven-plugin</artifactId>
+        <version>4.7.3.5</version>
         <configuration>
           <effort>Max</effort>
           <threshold>Low</threshold>
@@ -215,45 +209,22 @@
       <plugin>
         <groupId>org.jacoco</groupId>
         <artifactId>jacoco-maven-plugin</artifactId>
-        <version>0.8.8</version>
+        <version>0.8.10</version>
         <executions>
           <execution>
-            <id>default-instrument</id>
-            <goals>
-              <goal>instrument</goal>
-            </goals>
-          </execution>
-          <execution>
-            <id>default-restore-instrumented-classes</id>
             <goals>
-              <goal>restore-instrumented-classes</goal>
+              <goal>prepare-agent</goal>
             </goals>
           </execution>
           <execution>
             <id>report</id>
-            <phase>prepare-package</phase>
+            <phase>test</phase>
             <goals>
               <goal>report</goal>
             </goals>
           </execution>
-          <execution>
-            <id>default-check</id>
-            <goals>
-              <goal>check</goal>
-            </goals>
-          </execution>
         </executions>
       </plugin>
-      <plugin>
-        <groupId>org.apache.maven.plugins</groupId>
-        <artifactId>maven-surefire-plugin</artifactId>
-        <version>2.22.2</version>
-        <configuration>
-          <systemPropertyVariables>
-            <jacoco-agent.destfile>target/jacoco.exec</jacoco-agent.destfile>
-          </systemPropertyVariables>
-        </configuration>
-      </plugin>
     </plugins>
   </build>
 
@@ -265,7 +236,7 @@
           <plugin>
             <groupId>org.apache.maven.plugins</groupId>
             <artifactId>maven-gpg-plugin</artifactId>
-            <version>3.0.1</version>
+            <version>3.1.0</version>
             <executions>
               <execution>
                 <id>sign-artifacts</id>
@@ -291,4 +262,4 @@
       </build>
     </profile>
   </profiles>
-</project>
+</project>

src/main/java/com/amazonaws/secretsmanager/sql/AWSSecretsManagerDriver.java

@@ -12,16 +12,6 @@
  */
 package com.amazonaws.secretsmanager.sql;
 
-import com.amazonaws.secretsmanager.util.Config;
-import com.amazonaws.secretsmanager.caching.SecretCache;
-import com.amazonaws.secretsmanager.caching.SecretCacheConfiguration;
-import com.amazonaws.secretsmanager.util.JDBCSecretCacheBuilderProvider;
-import com.amazonaws.services.secretsmanager.AWSSecretsManager;
-import com.amazonaws.services.secretsmanager.AWSSecretsManagerClientBuilder;
-import com.amazonaws.util.StringUtils;
-import com.fasterxml.jackson.databind.JsonNode;
-import com.fasterxml.jackson.databind.ObjectMapper;
-
 import java.io.IOException;
 import java.sql.Connection;
 import java.sql.Driver;
@@ -33,6 +23,19 @@
 import java.util.Properties;
 import java.util.logging.Logger;
 
+import com.amazonaws.secretsmanager.caching.SecretCache;
+import com.amazonaws.secretsmanager.caching.SecretCacheConfiguration;
+import com.amazonaws.secretsmanager.util.Config;
+import com.amazonaws.secretsmanager.util.JDBCSecretCacheBuilderProvider;
+import com.fasterxml.jackson.databind.JsonNode;
+import com.fasterxml.jackson.databind.ObjectMapper;
+
+import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
+
+import software.amazon.awssdk.services.secretsmanager.SecretsManagerClient;
+import software.amazon.awssdk.services.secretsmanager.SecretsManagerClientBuilder;
+import software.amazon.awssdk.utils.StringUtils;
+
 /**
  * <p>
  * Provides support for accessing SQL databases using credentials stored within AWS Secrets Manager. If this
@@ -130,6 +133,7 @@ protected AWSSecretsManagerDriver() {
      *
      * @param cache                                             Secret cache to use to retrieve secrets
      */
+    @SuppressFBWarnings("MC_OVERRIDABLE_METHOD_CALL_IN_CONSTRUCTOR")
     protected AWSSecretsManagerDriver(SecretCache cache) {
         this.secretCache = cache;
 
@@ -143,7 +147,7 @@ protected AWSSecretsManagerDriver(SecretCache cache) {
      *
      * @param builder                                           Builder used to instantiate cache
      */
-    protected AWSSecretsManagerDriver(AWSSecretsManagerClientBuilder builder) {
+    protected AWSSecretsManagerDriver(SecretsManagerClientBuilder builder) {
         this(new SecretCache(builder));
     }
 
@@ -153,7 +157,7 @@ protected AWSSecretsManagerDriver(AWSSecretsManagerClientBuilder builder) {
      *
      * @param client                                            AWS Secrets Manager client to instantiate cache
      */
-    protected AWSSecretsManagerDriver(AWSSecretsManager client) {
+    protected AWSSecretsManagerDriver(SecretsManagerClient client) {
         this(new SecretCache(client));
     }
 
@@ -342,7 +346,7 @@ private Connection connectWithSecret(String unwrappedUrl, Properties info, Strin
                 JsonNode jsonObject = mapper.readTree(secretString);
                 updatedInfo.setProperty("user", jsonObject.get("username").asText());
                 updatedInfo.setProperty("password", jsonObject.get("password").asText());
-            } catch (IOException | NullPointerException e) {
+            } catch (IOException e) {
                 // Most likely to occur in the event that the data is not JSON.
                 // Or the secret's username and/or password fields have been
                 // removed entirely. Either scenario is most often a user error.
@@ -380,7 +384,7 @@ public Connection connect(String url, Properties info) throws SQLException {
         } else { // Else, assume this is a secret ID and try to retrieve it
             try {
                 String secretString = secretCache.getSecretString(url);
-                if (StringUtils.isNullOrEmpty(secretString)) {
+                if (StringUtils.isBlank(secretString)) {
                     throw new IllegalArgumentException("URL " + url + " is not a valid URL starting with scheme " +
                             SCHEME + " or a valid retrievable secret ID ");
                 }
@@ -391,7 +395,7 @@ public Connection connect(String url, Properties info) throws SQLException {
                 JsonNode dbnameNode = jsonObject.get("dbname");
                 String dbname = dbnameNode == null ? null : dbnameNode.asText();
                 unwrappedUrl = constructUrlFromEndpointPortDatabase(endpoint, port, dbname);
-            } catch (IOException | NullPointerException e) {
+            } catch (IOException e) {
                 // Most likely to occur in the event that the data is not JSON.
                 // Or the secret has been modified and is no longer valid.
                 // Either scenario is most often a user error.
@@ -437,4 +441,3 @@ public boolean jdbcCompliant() {
         return getWrappedDriver().jdbcCompliant();
     }
 }
-