From 617535f329e2512fecbf2a3f8ec4f0e7c157c1ce Mon Sep 17 00:00:00 2001 From: Sergey Kisel Date: Fri, 13 Oct 2023 18:17:51 +0200 Subject: [PATCH] GCP Secret Manager acceptance test --- .../dsl/signer/SignerConfiguration.java | 8 + .../signer/SignerConfigurationBuilder.java | 9 + .../runner/CmdLineParamsConfigFileImpl.java | 30 ++++ .../runner/CmdLineParamsDefaultImpl.java | 27 +++ .../GcpSecretManagerAcceptanceTest.java | 158 ++++++++++++++++++ gradle/versions.gradle | 2 +- signing/build.gradle | 1 + .../web3signer/GcpSecretManagerUtil.java | 72 ++++++++ .../GcpSecretManagerParametersBuilder.java | 74 ++++++++ 9 files changed, 380 insertions(+), 1 deletion(-) create mode 100644 acceptance-tests/src/test/java/tech/pegasys/web3signer/tests/bulkloading/GcpSecretManagerAcceptanceTest.java create mode 100644 signing/src/testFixtures/java/tech/pegasys/web3signer/GcpSecretManagerUtil.java create mode 100644 signing/src/testFixtures/java/tech/pegasys/web3signer/signing/config/GcpSecretManagerParametersBuilder.java diff --git a/acceptance-tests/src/test/java/tech/pegasys/web3signer/dsl/signer/SignerConfiguration.java b/acceptance-tests/src/test/java/tech/pegasys/web3signer/dsl/signer/SignerConfiguration.java index 37bde8250..533bc6f96 100644 --- a/acceptance-tests/src/test/java/tech/pegasys/web3signer/dsl/signer/SignerConfiguration.java +++ b/acceptance-tests/src/test/java/tech/pegasys/web3signer/dsl/signer/SignerConfiguration.java @@ -18,6 +18,7 @@ import tech.pegasys.web3signer.dsl.tls.TlsCertificateDefinition; import tech.pegasys.web3signer.signing.config.AwsVaultParameters; import tech.pegasys.web3signer.signing.config.AzureKeyVaultParameters; +import tech.pegasys.web3signer.signing.config.GcpSecretManagerParameters; import tech.pegasys.web3signer.signing.config.KeystoresParameters; import java.nio.file.Path; @@ -42,6 +43,7 @@ public class SignerConfiguration { private final boolean metricsEnabled; private final Optional azureKeyVaultParameters; private final Optional awsSecretsManagerParameters; + private final Optional gcpSecretManagerParameters; private final Optional keystoresParameters; private final Optional serverTlsOptions; private final Optional overriddenCaTrustStore; @@ -90,6 +92,7 @@ public SignerConfiguration( final boolean metricsEnabled, final Optional azureKeyVaultParameters, final Optional awsSecretsManagerParameters, + final Optional gcpSecretManagerParameters, final Optional keystoresParameters, final Optional serverTlsOptions, final Optional overriddenCaTrustStore, @@ -134,6 +137,7 @@ public SignerConfiguration( this.metricsEnabled = metricsEnabled; this.azureKeyVaultParameters = azureKeyVaultParameters; this.awsSecretsManagerParameters = awsSecretsManagerParameters; + this.gcpSecretManagerParameters = gcpSecretManagerParameters; this.keystoresParameters = keystoresParameters; this.serverTlsOptions = serverTlsOptions; this.overriddenCaTrustStore = overriddenCaTrustStore; @@ -225,6 +229,10 @@ public Optional getAwsParameters() { return awsSecretsManagerParameters; } + public Optional getGcpParameters() { + return gcpSecretManagerParameters; + } + public Optional getKeystoresParameters() { return keystoresParameters; } diff --git a/acceptance-tests/src/test/java/tech/pegasys/web3signer/dsl/signer/SignerConfigurationBuilder.java b/acceptance-tests/src/test/java/tech/pegasys/web3signer/dsl/signer/SignerConfigurationBuilder.java index 23a0286d5..0a085fb59 100644 --- a/acceptance-tests/src/test/java/tech/pegasys/web3signer/dsl/signer/SignerConfigurationBuilder.java +++ b/acceptance-tests/src/test/java/tech/pegasys/web3signer/dsl/signer/SignerConfigurationBuilder.java @@ -22,6 +22,7 @@ import tech.pegasys.web3signer.dsl.tls.TlsCertificateDefinition; import tech.pegasys.web3signer.signing.config.AwsVaultParameters; import tech.pegasys.web3signer.signing.config.AzureKeyVaultParameters; +import tech.pegasys.web3signer.signing.config.GcpSecretManagerParameters; import tech.pegasys.web3signer.signing.config.KeystoresParameters; import java.nio.file.Path; @@ -51,6 +52,7 @@ public class SignerConfigurationBuilder { private String mode; private AzureKeyVaultParameters azureKeyVaultParameters; private AwsVaultParameters awsVaultParameters; + private GcpSecretManagerParameters gcpSecretManagerParameters; private Map web3SignerEnvironment; private Duration startupTimeout = Boolean.getBoolean("debugSubProcess") ? Duration.ofHours(1) : Duration.ofSeconds(30); @@ -148,6 +150,12 @@ public SignerConfigurationBuilder withAwsParameters(final AwsVaultParameters aws return this; } + public SignerConfigurationBuilder withGcpParameters( + final GcpSecretManagerParameters gcpSecretManagerParameters) { + this.gcpSecretManagerParameters = gcpSecretManagerParameters; + return this; + } + public SignerConfigurationBuilder withKeystoresParameters( final KeystoresParameters keystoresParameters) { this.keystoresParameters = keystoresParameters; @@ -332,6 +340,7 @@ public SignerConfiguration build() { metricsEnabled, Optional.ofNullable(azureKeyVaultParameters), Optional.ofNullable(awsVaultParameters), + Optional.ofNullable(gcpSecretManagerParameters), Optional.ofNullable(keystoresParameters), Optional.ofNullable(serverTlsOptions), Optional.ofNullable(overriddenCaTrustStore), diff --git a/acceptance-tests/src/test/java/tech/pegasys/web3signer/dsl/signer/runner/CmdLineParamsConfigFileImpl.java b/acceptance-tests/src/test/java/tech/pegasys/web3signer/dsl/signer/runner/CmdLineParamsConfigFileImpl.java index ba9dfc315..4a5078ace 100644 --- a/acceptance-tests/src/test/java/tech/pegasys/web3signer/dsl/signer/runner/CmdLineParamsConfigFileImpl.java +++ b/acceptance-tests/src/test/java/tech/pegasys/web3signer/dsl/signer/runner/CmdLineParamsConfigFileImpl.java @@ -32,6 +32,7 @@ import static tech.pegasys.web3signer.signing.config.KeystoresParameters.KEYSTORES_PASSWORD_FILE; import static tech.pegasys.web3signer.signing.config.KeystoresParameters.KEYSTORES_PATH; +import tech.pegasys.web3signer.commandline.PicoCliGcpSecretManagerParameters; import tech.pegasys.web3signer.core.config.ClientAuthConstraints; import tech.pegasys.web3signer.core.config.TlsOptions; import tech.pegasys.web3signer.core.config.client.ClientTlsOptions; @@ -40,6 +41,7 @@ import tech.pegasys.web3signer.dsl.utils.DatabaseUtil; import tech.pegasys.web3signer.signing.config.AwsVaultParameters; import tech.pegasys.web3signer.signing.config.AzureKeyVaultParameters; +import tech.pegasys.web3signer.signing.config.GcpSecretManagerParameters; import tech.pegasys.web3signer.signing.config.KeystoresParameters; import java.io.IOException; @@ -152,6 +154,9 @@ public List createCmdLineParams() { .getAwsParameters() .ifPresent( awsParams -> yamlConfig.append(awsSecretsManagerBulkLoadingOptions(awsParams))); + signerConfig + .getGcpParameters() + .ifPresent(gcpParameters -> yamlConfig.append(gcpBulkLoadingOptions(gcpParameters))); final CommandArgs subCommandArgs = createSubCommandArgs(); params.addAll(subCommandArgs.params); @@ -574,6 +579,31 @@ private String awsSecretsManagerBulkLoadingOptions(final AwsVaultParameters awsV return yamlConfig.toString(); } + private String gcpBulkLoadingOptions( + final GcpSecretManagerParameters gcpSecretManagerParameters) { + final StringBuilder yamlConfig = new StringBuilder(); + yamlConfig.append( + String.format( + YAML_BOOLEAN_FMT, + "eth2." + PicoCliGcpSecretManagerParameters.GCP_SECRETS_ENABLED_OPTION.substring(2), + gcpSecretManagerParameters.isEnabled())); + if (gcpSecretManagerParameters.getProjectId() != null) { + yamlConfig.append( + String.format( + YAML_STRING_FMT, + "eth2." + PicoCliGcpSecretManagerParameters.GCP_PROJECT_ID_OPTION.substring(2), + gcpSecretManagerParameters.getProjectId())); + } + if (gcpSecretManagerParameters.getFilter().isPresent()) { + yamlConfig.append( + String.format( + YAML_STRING_FMT, + "eth2." + PicoCliGcpSecretManagerParameters.GCP_SECRETS_FILTER_OPTION.substring(2), + gcpSecretManagerParameters.getFilter().get())); + } + return yamlConfig.toString(); + } + private String awsKmsBulkLoadingOptions(final AwsVaultParameters awsVaultParameters) { final StringBuilder yamlConfig = new StringBuilder(); diff --git a/acceptance-tests/src/test/java/tech/pegasys/web3signer/dsl/signer/runner/CmdLineParamsDefaultImpl.java b/acceptance-tests/src/test/java/tech/pegasys/web3signer/dsl/signer/runner/CmdLineParamsDefaultImpl.java index ab9be6f13..e33d7d9ed 100644 --- a/acceptance-tests/src/test/java/tech/pegasys/web3signer/dsl/signer/runner/CmdLineParamsDefaultImpl.java +++ b/acceptance-tests/src/test/java/tech/pegasys/web3signer/dsl/signer/runner/CmdLineParamsDefaultImpl.java @@ -32,6 +32,7 @@ import static tech.pegasys.web3signer.signing.config.KeystoresParameters.KEYSTORES_PASSWORD_FILE; import static tech.pegasys.web3signer.signing.config.KeystoresParameters.KEYSTORES_PATH; +import tech.pegasys.web3signer.commandline.PicoCliGcpSecretManagerParameters; import tech.pegasys.web3signer.core.config.ClientAuthConstraints; import tech.pegasys.web3signer.core.config.TlsOptions; import tech.pegasys.web3signer.core.config.client.ClientTlsOptions; @@ -40,6 +41,7 @@ import tech.pegasys.web3signer.dsl.utils.DatabaseUtil; import tech.pegasys.web3signer.signing.config.AwsVaultParameters; import tech.pegasys.web3signer.signing.config.AzureKeyVaultParameters; +import tech.pegasys.web3signer.signing.config.GcpSecretManagerParameters; import tech.pegasys.web3signer.signing.config.KeystoresParameters; import java.nio.file.Path; @@ -129,6 +131,9 @@ public List createCmdLineParams() { signerConfig .getAwsParameters() .ifPresent(awsParams -> params.addAll(awsSecretsManagerBulkLoadingOptions(awsParams))); + signerConfig + .getGcpParameters() + .ifPresent(gcpParams -> params.addAll(gcpSecretManagerBulkLoadingOptions(gcpParams))); } else if (signerConfig.getMode().equals("eth1")) { params.add("--downstream-http-port"); params.add(Integer.toString(signerConfig.getDownstreamHttpPort())); @@ -310,6 +315,28 @@ private Collection createEth2Args() { return params; } + private Collection gcpSecretManagerBulkLoadingOptions( + final GcpSecretManagerParameters gcpSecretManagerParameters) { + final List params = new ArrayList<>(); + params.add( + PicoCliGcpSecretManagerParameters.GCP_SECRETS_ENABLED_OPTION + + "=" + + gcpSecretManagerParameters.isEnabled()); + if (gcpSecretManagerParameters.getProjectId() != null) { + params.add( + PicoCliGcpSecretManagerParameters.GCP_PROJECT_ID_OPTION + + "=" + + gcpSecretManagerParameters.getProjectId()); + } + if (gcpSecretManagerParameters.getFilter().isPresent()) { + params.add( + PicoCliGcpSecretManagerParameters.GCP_SECRETS_FILTER_OPTION + + "=" + + gcpSecretManagerParameters.getFilter().get()); + } + return params; + } + private Collection awsSecretsManagerBulkLoadingOptions( final AwsVaultParameters awsVaultParameters) { final List params = new ArrayList<>(); diff --git a/acceptance-tests/src/test/java/tech/pegasys/web3signer/tests/bulkloading/GcpSecretManagerAcceptanceTest.java b/acceptance-tests/src/test/java/tech/pegasys/web3signer/tests/bulkloading/GcpSecretManagerAcceptanceTest.java new file mode 100644 index 000000000..1d6e92cab --- /dev/null +++ b/acceptance-tests/src/test/java/tech/pegasys/web3signer/tests/bulkloading/GcpSecretManagerAcceptanceTest.java @@ -0,0 +1,158 @@ +/* + * Copyright 2023 ConsenSys AG. + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on + * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the + * specific language governing permissions and limitations under the License. + */ +package tech.pegasys.web3signer.tests.bulkloading; + +import static org.assertj.core.api.Assertions.assertThat; +import static org.hamcrest.Matchers.containsInAnyOrder; +import static org.hamcrest.Matchers.hasSize; +import static tech.pegasys.web3signer.core.config.HealthCheckNames.KEYS_CHECK_GCP_BULK_LOADING; +import static tech.pegasys.web3signer.dsl.utils.HealthCheckResultUtil.getHealtcheckKeysLoaded; +import static tech.pegasys.web3signer.dsl.utils.HealthCheckResultUtil.getHealthcheckErrorCount; +import static tech.pegasys.web3signer.dsl.utils.HealthCheckResultUtil.getHealthcheckStatusValue; + +import tech.pegasys.teku.bls.BLSKeyPair; +import tech.pegasys.web3signer.GcpSecretManagerUtil; +import tech.pegasys.web3signer.dsl.signer.SignerConfigurationBuilder; +import tech.pegasys.web3signer.signing.KeyType; +import tech.pegasys.web3signer.signing.config.GcpSecretManagerParameters; +import tech.pegasys.web3signer.signing.config.GcpSecretManagerParametersBuilder; +import tech.pegasys.web3signer.tests.AcceptanceTestBase; + +import java.io.IOException; +import java.security.SecureRandom; +import java.util.ArrayList; +import java.util.List; + +import io.restassured.http.ContentType; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; +import org.junit.jupiter.api.AfterAll; +import org.junit.jupiter.api.BeforeAll; +import org.junit.jupiter.api.Test; +import org.junit.jupiter.api.TestInstance; +import org.junit.jupiter.api.condition.EnabledIfEnvironmentVariable; +import org.junit.jupiter.params.ParameterizedTest; +import org.junit.jupiter.params.provider.ValueSource; + +@EnabledIfEnvironmentVariable( + named = "GCP_PROJECT_ID", + matches = ".*", + disabledReason = "GCP_PROJECT_ID env variable is required") +@TestInstance(TestInstance.Lifecycle.PER_CLASS) // same instance is shared across test methods +public class GcpSecretManagerAcceptanceTest extends AcceptanceTestBase { + private static final Logger LOG = LogManager.getLogger(); + private static final String GCP_PROJECT_ID = System.getenv("GCP_PROJECT_ID"); + + private GcpSecretManagerUtil gcpSecretManagerUtil; + private final List blsKeyPairs = new ArrayList<>(); + private final List secretNames = new ArrayList<>(); + + @BeforeAll + void setupGcpResources() throws IOException { + gcpSecretManagerUtil = new GcpSecretManagerUtil(GCP_PROJECT_ID); + final SecureRandom secureRandom = new SecureRandom(); + + for (int i = 0; i < 4; i++) { + final BLSKeyPair blsKeyPair = BLSKeyPair.random(secureRandom); + String secretName = + gcpSecretManagerUtil.createSecret( + "Secret%d-%s".formatted(i, blsKeyPair.getPublicKey().toString()), + blsKeyPair.getSecretKey().toBytes().toHexString()); + blsKeyPairs.add(blsKeyPair); + secretNames.add(secretName); + } + } + + @ParameterizedTest(name = "{index} - Using config file: {0}") + @ValueSource(booleans = {true, false}) + void secretsAreLoadedFromGCPSecretManagerAndReportedByPublicApi(final boolean useConfigFile) { + final GcpSecretManagerParameters gcpSecretManagerParameters = + GcpSecretManagerParametersBuilder.aGcpParameters() + .withEnabled(true) + .withProjectId(GCP_PROJECT_ID) + .withFilter("name:Secret0 OR name:Secret1") + .build(); + + final SignerConfigurationBuilder configBuilder = + new SignerConfigurationBuilder() + .withUseConfigFile(useConfigFile) + .withMode("eth2") + .withGcpParameters(gcpSecretManagerParameters); + + startSigner(configBuilder.build()); + + final String healthCheckJsonBody = signer.healthcheck().body().asString(); + int keysLoaded = getHealtcheckKeysLoaded(healthCheckJsonBody, KEYS_CHECK_GCP_BULK_LOADING); + + assertThat(keysLoaded).isEqualTo(2); + + signer + .callApiPublicKeys(KeyType.BLS) + .then() + .statusCode(200) + .contentType(ContentType.JSON) + .body( + "", + containsInAnyOrder( + blsKeyPairs.get(0).getPublicKey().toString(), + blsKeyPairs.get(1).getPublicKey().toString()), + "", + hasSize(2)); + } + + @Test + void healthCheckErrorCountWhenInvalidCredentialsAreUsed() { + final boolean useConfigFile = false; + final GcpSecretManagerParameters invalidGcpParams = + GcpSecretManagerParametersBuilder.aGcpParameters() + .withEnabled(true) + .withProjectId("NON_EXISTING_PROJECT") + .build(); + + final SignerConfigurationBuilder configBuilder = + new SignerConfigurationBuilder() + .withUseConfigFile(useConfigFile) + .withMode("eth2") + .withGcpParameters(invalidGcpParams); + + startSigner(configBuilder.build()); + + final String healthCheckJsonBody = signer.healthcheck().body().asString(); + + int keysLoaded = getHealtcheckKeysLoaded(healthCheckJsonBody, KEYS_CHECK_GCP_BULK_LOADING); + int errorCount = getHealthcheckErrorCount(healthCheckJsonBody, KEYS_CHECK_GCP_BULK_LOADING); + + assertThat(keysLoaded).isEqualTo(0); + assertThat(errorCount).isEqualTo(1); + assertThat(getHealthcheckStatusValue(healthCheckJsonBody)).isEqualTo("DOWN"); + } + + @AfterAll + void cleanUpAwsResources() { + if (gcpSecretManagerUtil != null) { + secretNames.forEach( + secretName -> { + try { + gcpSecretManagerUtil.deleteSecret(secretName); + } catch (final RuntimeException e) { + LOG.warn( + "Unexpected error while deleting key {}{}: {}", + gcpSecretManagerUtil.getSecretsManagerPrefix(), + secretName, + e.getMessage()); + } + }); + gcpSecretManagerUtil.close(); + } + } +} diff --git a/gradle/versions.gradle b/gradle/versions.gradle index 0651bde3e..999c6a433 100644 --- a/gradle/versions.gradle +++ b/gradle/versions.gradle @@ -162,7 +162,7 @@ dependencyManagement { dependency 'io.rest-assured:rest-assured:4.4.0' // explicit declaring to override older versions with vulnerabilities - dependencySet(group: 'com.google.protobuf', version: '3.21.12') { + dependencySet(group: 'com.google.protobuf', version: '3.24.4') { /* com.google.protobuf:protobuf-java*:3.11.4 -> 3.19.4 // CVE-2022-3171 \--- io.jaegertracing:jaeger-proto:0.7.0 diff --git a/signing/build.gradle b/signing/build.gradle index 99b134b56..acb204e36 100644 --- a/signing/build.gradle +++ b/signing/build.gradle @@ -65,5 +65,6 @@ dependencies { testFixturesImplementation 'software.amazon.awssdk:auth' testFixturesImplementation 'software.amazon.awssdk:secretsmanager' testFixturesImplementation 'software.amazon.awssdk:kms' + testFixturesImplementation 'com.google.cloud:google-cloud-secretmanager' testFixturesImplementation project(":common") } diff --git a/signing/src/testFixtures/java/tech/pegasys/web3signer/GcpSecretManagerUtil.java b/signing/src/testFixtures/java/tech/pegasys/web3signer/GcpSecretManagerUtil.java new file mode 100644 index 000000000..d0c01d0e6 --- /dev/null +++ b/signing/src/testFixtures/java/tech/pegasys/web3signer/GcpSecretManagerUtil.java @@ -0,0 +1,72 @@ +/* + * Copyright 2023 ConsenSys AG. + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on + * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the + * specific language governing permissions and limitations under the License. + */ +package tech.pegasys.web3signer; + +import java.io.IOException; +import java.util.UUID; + +import com.google.cloud.secretmanager.v1.AddSecretVersionRequest; +import com.google.cloud.secretmanager.v1.ProjectName; +import com.google.cloud.secretmanager.v1.Replication; +import com.google.cloud.secretmanager.v1.Secret; +import com.google.cloud.secretmanager.v1.SecretManagerServiceClient; +import com.google.cloud.secretmanager.v1.SecretName; +import com.google.cloud.secretmanager.v1.SecretPayload; +import com.google.protobuf.ByteString; + +public class GcpSecretManagerUtil { + + private final SecretManagerServiceClient secretManagerServiceClient; + private static final String SECRET_MANAGER_PREFIX = "signers-gcp-integration-"; + private final String secretNamePrefix; + private final String projectId; + + public GcpSecretManagerUtil(final String projectId) throws IOException { + this.secretNamePrefix = SECRET_MANAGER_PREFIX + UUID.randomUUID(); + this.projectId = projectId; + this.secretManagerServiceClient = SecretManagerServiceClient.create(); + } + + public String getSecretsManagerPrefix() { + return secretNamePrefix; + } + + public String createSecret(final String providedSecretName, final String secretValue) { + final String secretName = secretNamePrefix + providedSecretName; + final Secret secret = + Secret.newBuilder() + .setReplication( + Replication.newBuilder() + .setAutomatic(Replication.Automatic.newBuilder().build()) + .build()) + .build(); + secretManagerServiceClient.createSecret(ProjectName.of(projectId), secretName, secret); + + final AddSecretVersionRequest request = + AddSecretVersionRequest.newBuilder() + .setParent(SecretName.of(projectId, secretName).toString()) + .setPayload( + SecretPayload.newBuilder().setData(ByteString.copyFromUtf8(secretValue)).build()) + .build(); + secretManagerServiceClient.addSecretVersion(request); + return secretName; + } + + public void deleteSecret(final String secretName) { + secretManagerServiceClient.deleteSecret(SecretName.of(projectId, secretName)); + } + + public void close() { + secretManagerServiceClient.close(); + } +} diff --git a/signing/src/testFixtures/java/tech/pegasys/web3signer/signing/config/GcpSecretManagerParametersBuilder.java b/signing/src/testFixtures/java/tech/pegasys/web3signer/signing/config/GcpSecretManagerParametersBuilder.java new file mode 100644 index 000000000..1302488c0 --- /dev/null +++ b/signing/src/testFixtures/java/tech/pegasys/web3signer/signing/config/GcpSecretManagerParametersBuilder.java @@ -0,0 +1,74 @@ +/* + * Copyright 2023 ConsenSys AG. + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on + * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the + * specific language governing permissions and limitations under the License. + */ +package tech.pegasys.web3signer.signing.config; + +import java.util.Optional; + +public final class GcpSecretManagerParametersBuilder { + private boolean enabled; + private String projectId; + private Optional filter = Optional.empty(); + + private GcpSecretManagerParametersBuilder() {} + + public static GcpSecretManagerParametersBuilder aGcpParameters() { + return new GcpSecretManagerParametersBuilder(); + } + + public GcpSecretManagerParametersBuilder withEnabled(final boolean enabled) { + this.enabled = enabled; + return this; + } + + public GcpSecretManagerParametersBuilder withProjectId(final String projectId) { + this.projectId = projectId; + return this; + } + + public GcpSecretManagerParametersBuilder withFilter(final String filter) { + this.filter = Optional.of(filter); + return this; + } + + public GcpSecretManagerParameters build() { + return new TestGcpSecretManagerParameters(enabled, projectId, filter); + } + + private static class TestGcpSecretManagerParameters implements GcpSecretManagerParameters { + private final boolean enabled; + private final String projectId; + private final Optional filter; + + private TestGcpSecretManagerParameters( + boolean enabled, String projectId, Optional filter) { + this.enabled = enabled; + this.projectId = projectId; + this.filter = filter; + } + + @Override + public boolean isEnabled() { + return enabled; + } + + @Override + public String getProjectId() { + return projectId; + } + + @Override + public Optional getFilter() { + return filter; + } + } +}