feat(event_sources): add Secrets Manager secret rotation event

[roger-zhangg]

Issue number: #2855

Summary

Changes

Please provide a summary of what's being changed

Added a new data class SecretManagerEvent for parsing event from Secret Manager

User experience

Please share what the user experience looks like before and after this change

before

def lambda_handler(event, context):
    arn = event['SecretId']
    token = event['ClientRequestToken']
    step = event['Step']
    ...

now

from aws_lambda_powertools.utilities import parameters
from aws_lambda_powertools.utilities.data_classes import SecretsManagerEvent, event_source

secrets_provider = parameters.SecretsProvider()


@event_source(data_class=SecretsManagerEvent)
def lambda_handler(event: SecretsManagerEvent, context):
    # Getting secret value using Parameter utility
    # See https://docs.powertools.aws.dev/lambda/python/latest/utilities/parameters/
    secret = secrets_provider.get(event.secret_id, VersionId=event.client_request_token, VersionStage="AWSCURRENT")

    # You need to work with secrets afterwards
    # Check more examples: https://github.com/aws-samples/aws-secrets-manager-rotation-lambdas

    return secret

Checklist

If your change doesn't seem to apply, please leave them unchecked.

• Meet tenets criteria
• I have performed a self-review of this change
• Changes have been tested
• Changes are documented
• PR title follows conventional commit semantics

Is this a breaking change?

RFC issue number:

Checklist:

• Migration process documented
• Implement warnings (if it can live side by side)

Acknowledgment

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

Disclaimer: We value your time and bandwidth. As such, any pull requests created on non-triaged issues might not be successful.

[roger-zhangg]

Currently this PR only included basic Data class support, but there are some other stuff we can do to provide a better UX.

• possible UX improvement - > add a describe_secret func

# past
metadata = service_client.describe_secret(SecretId=event['SecretId'])

# possible
metadata = event.describe_secret(client = service_client)

We can also build a data class for metadata if needed.
See - https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/secretsmanager/client/describe_secret.html

• possible UX improvement - > add a get_secret_value func

# past
secret = service_client.get_secret_value(SecretId=event['SecretId'], VersionId=event['ClientRequestToken'], VersionStage=stage)

# possible
secret = event.get_secret_value(client = service_client, VersionStage=stage)

We can also build a data class for secret if needed.
See - https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/secretsmanager/client/get_secret_value.html

[codecov-commenter]

Codecov Report

Patch coverage: 100.00% and no project coverage change.

Comparison is base (b3a8742) 96.36% compared to head (b8d98de) 96.36%.

❗ Your organization needs to install the Codecov GitHub app to enable full functionality.

Additional details and impacted files

@@           Coverage Diff            @@
##           develop    #3061   +/-   ##
========================================
  Coverage    96.36%   96.36%           
========================================
  Files          184      185    +1     
  Lines         8050     8063   +13     
  Branches      1506     1509    +3     
========================================
+ Hits          7757     7770   +13     
  Misses         236      236           
  Partials        57       57           

Files Changed	Coverage Δ
...mbda_powertools/utilities/data_classes/__init__.py	100.00% <100.00%> (ø)
...ls/utilities/data_classes/secrets_manager_event.py	100.00% <100.00%> (ø)

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[leandrodamascena]

Currently this PR only included basic Data class support, but there are some other stuff we can do to provide a better UX.

Hi @roger-zhangg! I like helping customers with utilities that make their lives easier. However, we already have the Parameter utility and customers can retrieve secrets/ssm/appconfig/dynamodb values using this utility.

For now, we will keep this as simple as possible by providing the Data Class Event Source experience.

[leandrodamascena]

Hey @roger-zhangg! I made some comments to improve this PR!

You are rocking it! 🚀 🌟

[leandrodamascena]

Approved!

[heitorlessa]

Reviewing today, please update PR description UX so it's always up to date. create_secret isn't accurate.

[heitorlessa]

tiny changes to improve UX :-)

[sonarqubecloud]

Kudos, SonarCloud Quality Gate passed!   

0 Bugs
0 Vulnerabilities
0 Security Hotspots
0 Code Smells

No Coverage information
0.5% Duplication