search

aws-greengrass / aws-greengrass-secret-manager

Greengrass component that manages sensitive data stored with Greengrass. It supports secrets stored in AWS Secrets Manager and provides APIs for components to fetch secrets locally.
Apache License 2.0
7 stars 3 forks source link

Partial ARN is not allowed by VALID_SECRET_ARN_PATTERN #78

Closed AntonBy closed 6 months ago

AntonBy commented 6 months ago

https://github.com/aws-greengrass/aws-greengrass-secret-manager/blob/5ee68d10d72df4012c35dc7b7d0cbbfb2b251d25/src/main/java/com/aws/greengrass/secretmanager/SecretManager.java#L59-L61

This pattern allows to use only FullARN but the documentation says about 2 possible options: https://docs.aws.amazon.com/greengrass/v2/developerguide/secret-manager-component.html?icmpid=docs_gg_console#secret-manager-component-log-file

arn The ARN of the secret to deploy. The ARN of the secret can either be a full ARN or a partial ARN. We recommend that you specify a complete ARN rather than a partial ARN. For more information, see Finding a secret from a partial ARN. The following is an example of a full ARN and a partial ARN:

  • Full ARN: arn:aws:secretsmanager:us-east-2:111122223333:secret:SecretName-abcdef
  • Partial ARN: arn:aws:secretsmanager:us-east-2:111122223333:secret:SecretName

ComponentVersion: 2.1.7

alter-mage commented 6 months ago

Thanks for bringing this to our attention! It looks like this is a bug for secrets which do not include a - in their name. We will get a fix out for this pronto.

alter-mage commented 6 months ago

This issue has been fixed in #79. We will release it in our next release cycle, which I do not have an ETA yet. Please let us know if you have any more questions.

Cheers!