cleanup aws secret manager

lib/aws_secrets_manager/credentials.ex

@@ -1,5 +1,5 @@
 defmodule ExSecrets.AwsSecretsManager.Credentials do
-   @moduledoc false
+  @moduledoc false
 
   import ExSecrets.AwsSecretsManager.Auth.Utils, only: [date: 1]
 

lib/aws_secrets_manager/request.ex

@@ -1,4 +1,4 @@
-defmodule Utils.AwsRequestBuilder do
+defmodule Utils.AwsRequest do
   alias ExSecrets.Utils.Config
 
   @url "https://secretsmanager.us-east-1.amazonaws.com/"
@@ -12,27 +12,30 @@ defmodule Utils.AwsRequestBuilder do
   end
 
   def call(secret_name) do
-    {:ok, headers} =
-      Utils.Aws.headers(:post, @url, @service, config(), base_headers(), body(secret_name))
-
-    HTTPoison.post(@url, body(secret_name), headers)
+    with {:ok, %{body: body, status_code: status_code}} <-
+           do_request(
+             config(),
+             :post,
+             @url,
+             body(secret_name),
+             headers(secret_name)
+           ),
+         true <- status_code in [200, 201],
+         {:ok, data} <- Jason.decode(body) do
+      {:ok, data |> Map.get("SecretString")}
+    else
+      _err ->
+        nil
+    end
   end
 
   def config() do
     region = Config.provider_config_value(:aws_secret_manager, :region, "us-east-1")
 
     %{
-      port: 443,
-      scheme: "https://",
-      host: "secretsmanager.#{region}.amazonaws.com",
-      json_codec: Jason,
-      http_client: ExAws.Request.Hackney,
       access_key_id: Config.provider_config_value(:aws_secret_manager, :access_key_id),
       secret_access_key: Config.provider_config_value(:aws_secret_manager, :secret_access_key),
-      region: region,
-      retries: [max_attempts: 10, base_backoff_in_ms: 10, max_backoff_in_ms: 10000],
-      normalize_path: true,
-      require_imds_v2: false
+      region: region
     }
   end
 
@@ -48,56 +51,23 @@ defmodule Utils.AwsRequestBuilder do
     ]
   end
 
-  def do_request(config, method, safe_url, req_body, full_headers, attempt, service) do
-    telemetry_event = Map.get(config, :telemetry_event, [:ex_secrets, :request])
-    telemetry_options = Map.get(config, :telemetry_options, [])
-
-    telemetry_metadata = %{
-      options: telemetry_options,
-      attempt: attempt,
-      service: service,
-      request_body: req_body,
-      operation: extract_operation(full_headers)
-    }
-
+  def do_request(config, method, safe_url, req_body, full_headers) do
     adapter = Application.get_env(:ex_secrets, :http_adapter, HTTPoison)
 
-    :telemetry.span(telemetry_event, telemetry_metadata, fn ->
-      result =
-        adapter.request(
-          method,
-          safe_url,
-          req_body,
-          full_headers,
-          Map.get(config, :http_opts, [])
-        )
-        |> maybe_transform_response()
-
-      stop_metadata =
-        case result do
-          {:ok, %{status_code: status} = resp} when status in 200..299 or status == 304 ->
-            %{result: :ok, response_body: Map.get(resp, :body)}
-
-          error ->
-            %{result: :error, error: extract_error(error)}
-        end
-
-      telemetry_metadata = Map.merge(telemetry_metadata, stop_metadata)
-      {result, telemetry_metadata}
-    end)
+    adapter.request(
+      method,
+      safe_url,
+      req_body,
+      full_headers,
+      Map.get(config, :http_opts, [])
+    )
+    |> maybe_transform_response()
   end
 
-  defp extract_operation(headers), do: Enum.find_value(headers, &match_operation/1)
-  defp match_operation({"x-amz-target", value}), do: value
-  defp match_operation({_key, _value}), do: nil
   def maybe_transform_response({:ok, %{status: status, body: body, headers: headers}}) do
     # Req and Finch use status (rather than status_code) as a key.
     {:ok, %{status_code: status, body: body, headers: headers}}
   end
 
   def maybe_transform_response(response), do: response
-  defp extract_error({:ok, %{body: body}}), do: body
-  defp extract_error({:ok, response}), do: response
-  defp extract_error({:error, error}), do: error
-  defp extract_error(error), do: error
 end

lib/aws_secrets_manager/utils.ex

@@ -1,6 +1,6 @@
 defmodule ExSecrets.AwsSecretsManager.Auth.Utils do
   @moduledoc false
-alias ExSecrets.AwsSecretsManager.Request.Url
+  alias ExSecrets.AwsSecretsManager.Request.Url
 
   def uri_encode(url), do: Url.uri_encode(url)
 
@@ -9,6 +9,7 @@ alias ExSecrets.AwsSecretsManager.Request.Url
     |> :crypto.hash(data)
     |> bytes_to_hex
   end
+
   Code.ensure_loaded?(:crypto) || IO.warn(":crypto module failed to load")
 
   case function_exported?(:crypto, :mac, 4) do

lib/providers/aws_secrets_manager.ex

@@ -6,7 +6,6 @@ defmodule ExSecrets.Providers.AwsSecretsManager do
   """
 
   @process_name :ex_secrets_aws_secrets_manager
-  @url "https://secretsmanager.us-east-1.amazonaws.com/"
 
   def reset() do
     :ok
@@ -17,7 +16,7 @@ defmodule ExSecrets.Providers.AwsSecretsManager do
   end
 
   def set(_, _) do
-    :ok
+    {:error, "set is not supported for AWS Secrets Manager"}
   end
 
   def get(name) do
@@ -36,19 +35,9 @@ defmodule ExSecrets.Providers.AwsSecretsManager do
   end
 
   def get_secret(name, %{}, _) do
-    with {:ok, %{body: body, status_code: status_code}} <-
-           Utils.AwsRequestBuilder.do_request(
-             Utils.AwsRequestBuilder.config(),
-             :post,
-            @url,
-             Utils.AwsRequestBuilder.body(name),
-             Utils.AwsRequestBuilder.headers(name),
-             1,
-             :secretsmanager
-           ),
-         true <- status_code in [200, 201],
-         {:ok, data} <- Jason.decode(body) do
-      {:ok, data |> Map.get("SecretString") |> get_value(), %{}}
+    with {:ok, secret} <- Utils.AwsRequest.call(name),
+         value <- get_value(secret) do
+      {:ok, value, %{}}
     else
       _err ->
         nil