in spanner-data-validator-java/src/main/java/com/google/migration/common/ShardFileReader.java [39:86]
private String resolvePassword(
String sourceShardsFilePath,
String secretManagerUri,
String logicalShardId,
String password) {
if (secretManagerUri != null && !secretManagerUri.isEmpty()) {
LOG.info(
"Secret Manager will be used to get password for shard {} having secret {}",
logicalShardId,
secretManagerUri);
if (partialPattern.matcher(secretManagerUri).matches()) {
LOG.info("The matched secret for shard {} is : {}", logicalShardId, secretManagerUri);
if (fullPattern.matcher(secretManagerUri).matches()) {
LOG.info("The secret for shard {} is : {}", logicalShardId, secretManagerUri);
return secretManagerAccessor.getSecret(secretManagerUri);
} else {
// partial match hence get the latest version
String versionToAppend = "versions/latest";
if (partialWithSlash.matcher(secretManagerUri).matches()) {
secretManagerUri += versionToAppend;
} else {
secretManagerUri += "/" + versionToAppend;
}
LOG.info("The generated secret for shard {} is : {}", logicalShardId, secretManagerUri);
return secretManagerAccessor.getSecret(secretManagerUri);
}
} else {
LOG.error(
"The secretManagerUri field with value {} for shard {} , specified in file {} does"
+ " not adhere to expected pattern projects/.*/secrets/.*/versions/.*",
secretManagerUri,
logicalShardId,
sourceShardsFilePath);
throw new RuntimeException(
"The secretManagerUri field with value "
+ secretManagerUri
+ " for shard "
+ logicalShardId
+ ", specified in file "
+ sourceShardsFilePath
+ " does not adhere to expected pattern"
+ " projects/.*/secrets/.*/versions/.*");
}
}
LOG.info("using plaintext password for shard: {}", logicalShardId);
return password;
}