events: add Secrets Manager rotation event (aws#291)

gnusey · gnusey · commit 036531633e9f · 2023-11-03T10:31:08.000Z
resolves aws#291
diff --git a/events/README_SecretsManager_SecretRotationEvent.md b/events/README_SecretsManager_SecretRotationEvent.md
@@ -0,0 +1,38 @@
+# Sample Function
+
+The following is a sample Lambda function that handles a SecretsManager secret rotation event.
+
+```go
+package main
+
+import (
+    "fmt"
+	"context"
+
+	"github.com/aws/aws-lambda-go/lambda"
+	"github.com/aws/aws-lambda-go/events"
+)
+
+func handler(ctx context.Context, event SecretsManagerSecretRotationEvent) error {
+	fmt.Printf("rotating secret %s with token %s\n", 
+        event.SecretId, event.ClientRequestToken)
+
+    switch event.Step {
+	case "createSecret":
+		// create
+	case "setSecret":
+		// set
+	case "finishSecret":
+		// finish
+	case "testSecret":
+		// test
+	}
+
+    return nil
+}
+
+
+func main() {
+	lambda.Start(handler)
+}
+```
diff --git a/events/secretsmanager.go b/events/secretsmanager.go
@@ -0,0 +1,11 @@
+package events
+
+// SecretsManagerSecretRotationEvent is the event passed to a Lambda function to handle
+// automatic secret rotation.
+//
+// https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets.html#rotate-secrets_how
+type SecretsManagerSecretRotationEvent struct {
+	Step               string `json:"Step"`
+	SecretId           string `json:"SecretId"`
+	ClientRequestToken string `json:"ClientRequestToken"`
+}
diff --git a/events/secretsmanager_test.go b/events/secretsmanager_test.go
@@ -0,0 +1,30 @@
+package events
+
+import (
+	"encoding/json"
+	"testing"
+
+	"github.com/aws/aws-lambda-go/events/test"
+	"github.com/stretchr/testify/assert"
+)
+
+func TestSecretsManagerSecretRotationEventMarshaling(t *testing.T) {
+
+	// 1. read JSON from file
+	inputJSON := test.ReadJSONFromFile(t, "./testdata/secretsmanager-secret-rotation-event.json")
+
+	// 2. de-serialize into Go object
+	var inputEvent SecretsManagerSecretRotationEvent
+	if err := json.Unmarshal(inputJSON, &inputEvent); err != nil {
+		t.Errorf("could not unmarshal event. details: %v", err)
+	}
+
+	// 3. serialize to JSON
+	outputJSON, err := json.Marshal(inputEvent)
+	if err != nil {
+		t.Errorf("could not marshal event. details: %v", err)
+	}
+
+	// 4. check result
+	assert.JSONEq(t, string(inputJSON), string(outputJSON))
+}
diff --git a/events/testdata/secretsmanager-secret-rotation-event.json b/events/testdata/secretsmanager-secret-rotation-event.json
@@ -0,0 +1,5 @@
+{
+  "Step": "createSecret",
+  "SecretId": "arn:aws:secretsmanager:us-east-1:111122223333:secret:id-ABCD1E",
+  "ClientRequestToken": "1ab23456-cde7-8912-34fg-h56i78j9k12l"
+}
