8000 Use correct SecretsManager region (#639) · DataDog/datadog-lambda-js@566faaa · GitHub
[go: up one dir, main page]
Skip to content

Commit 566faaa

Browse files
nhulstonnhulston
authored
Use correct SecretsManager region (#639)
1 parent 288043a commit 566faaa

File tree

2 files changed

+38
-3
lines changed

2 files changed

+38
-3
lines changed

src/metrics/listener.spec.ts

Lines changed: 34 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -128,7 +128,7 @@ describe("MetricsListener", () => {
128128
const listener = new MetricsListener(kms as any, {
129129
apiKey: "",
130130
apiKeyKMS: "",
131-
apiKeySecretARN: "api-key-secret-arn",
131+
apiKeySecretARN: "arn:aws:secretsmanager:us-gov-west-1:1234567890:secret:key-name-123ABC",
132132
enhancedMetrics: false,
133133
logForwarding: false,
134134
shouldRetryMetrics: false,
@@ -141,6 +141,39 @@ describe("MetricsListener", () => {
141141

142142
expect(secretsManagerSpy).toHaveBeenCalledWith({
143143
useFipsEndpoint: true,
144+
region: "us-gov-west-1",
145+
});
146+
147+
secretsManagerSpy.mockRestore();
148+
} finally {
149+
process.env.AWS_REGION = "us-east-1";
150+
}
151+
});
152+
153+
it("uses correct secrets region", async () => {
154+
try {
155+
process.env.AWS_REGION = "us-east-1";
156+
const secretsManagerModule = require("@aws-sdk/client-secrets-manager");
157+
const secretsManagerSpy = jest.spyOn(secretsManagerModule, "SecretsManager");
158+
159+
const kms = new MockKMS("kms-api-key-decrypted");
160+
const listener = new MetricsListener(kms as any, {
161+
apiKey: "",
162+
apiKeyKMS: "",
163+
apiKeySecretARN: "arn:aws:secretsmanager:ap-west-1:1234567890:secret:key-name-123ABC",
164+
enhancedMetrics: false,
165+
logForwarding: false,
166+
shouldRetryMetrics: false,
167+
localTesting: false,
168+
siteURL,
169+
});
170+
171+
await listener.onStartInvocation({});
172+
await listener.onCompleteInvocation();
173+
174+
expect(secretsManagerSpy).toHaveBeenCalledWith({
175+
useFipsEndpoint: false,
176+
region: "ap-west-1",
144177
});
145178

146179
secretsManagerSpy.mockRestore();

src/metrics/listener.ts

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -224,10 +224,12 @@ export class MetricsListener {
224224
if (config.apiKeySecretARN !== "") {
225225
try {
226226
const { SecretsManager } = await import("@aws-sdk/client-secrets-manager");
227-
const region = process.env.AWS_REGION;
228-
const isGovRegion = region !== undefined && region.startsWith("us-gov-");
227+
const secretRegion = config.apiKeySecretARN.split(":")[3];
228+
const lambdaRegion = process.env.AWS_REGION;
229+
const isGovRegion = lambdaRegion !== undefined && lambdaRegion.startsWith("us-gov-");
229230
const secretsManager = new SecretsManager({
230231
useFipsEndpoint: isGovRegion,
232+
region: secretRegion,
231233
});
232234
const secret = await secretsManager.getSecretValue({ SecretId: config.apiKeySecretARN });
233235
return secret?.SecretString ?? "";

0 commit comments

Comments
 (0)
0