Experimental support for an AWS Secrets Fetcher

In a recipe, usage will look like the following:
  value = secret(name: "test1", service: :aws_secrets_manager, config: { region: "us-west-1" })
  log "My secret is #{value.secret_string}"

Note the use of `secret_string` to determine the secret value. The
returned object here is Aws::Types::GetSecretValueResponse from the AWS SDK.

This beta implementation supports ec2/imds instance profile
authentication but also checks standard locations for credentials
configuration -- see documentation [1] for a description of default credentials search behavior.

[1] https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/SecretsManager/Client.html#initialize-instance_method

Signed-off-by: Marc A. Paradise <marc.paradise@gmail.com>

1 files changed, 5 insertions, 1 deletions

diff --git a/spec/unit/secret_fetcher_spec.rb b/spec/unit/secret_fetcher_spec.rb
index 3aa9efb5f1..c352585266 100644
--- a/spec/unit/secret_fetcher_spec.rb
+++ b/spec/unit/secret_fetcher_spec.rb
@@ -35,10 +35,14 @@ describe Chef::SecretFetcher do
   end
 
   context ".for_service" do
-    it "resolves a known secrets service to a fetcher" do
+    it "resolves the example fetcher without error" do
       Chef::SecretFetcher.for_service(:example, {})
     end
 
+    it "resolves the AWS fetcher without error" do
+      Chef::SecretFetcher.for_service(:aws_secrets_manager, region: "invalid")
+    end
+
     it "raises Chef::Exceptions::Secret::MissingFetcher when service is blank" do
       expect { Chef::SecretFetcher.for_service(nil, {}) }.to raise_error(Chef::Exceptions::Secret::MissingFetcher)
     end