aws · simonmarty · Mar 20, 2025 · Mar 25, 2025 · Mar 25, 2025 · Apr 7, 2025
@@ -29,6 +29,7 @@ log = "0.4.20"
 log4rs = { version = "1.2.0", features = ["gzip"] }
 url = "2"
 aws_secretsmanager_caching = { version = "2.0.0", path = "../aws_secretsmanager_caching" }
+mime = "0.3.17"
 
 # For unit tests
 [dev-dependencies]

@@ -84,7 +84,7 @@
                 return Err(HttpError(status, err_response(&code, &msg)));
             }
             Err(e) => {
-                error!("Internal error for {secret_id} - {:?}", e);
+                error!("Internal error for {secret_id} - {e:?}");
                 return Err(int_err());
             }
         };

@@ -180,8 +180,7 @@
     ///
     /// # Returns
     ///
-    /// * `log_to_file` - `true` if writing logs to a file (default), `false` if writing logs to
-    /// stdout/stderr
+    /// * `log_to_file` - `true` if writing logs to a file (default), `false` if writing logs to stdout/stderr
     pub fn log_to_file(&self) -> bool {
         self.log_to_file
     }

@@ -13,7 +13,7 @@ pub const EMPTY_ENV_LIST_MSG: &str =
 pub const BAD_PREFIX_MSG: &str =
     "The path prefix specified in the configuration file must begin with /.";
 
-/// Other constants that are used across the code base.
+// Other constants that are used across the code base.
 
 // The application name.
 pub const APPNAME: &str = "aws-secrets-manager-agent";

@@ -104,10 +104,7 @@ pub fn init_logger(
         return Err(Box::new(err));
     }
 
-    info!(
-        "{} logger initialized with `{:?}` log level.",
-        logger_type, log_level
-    );
+    info!("{logger_type} logger initialized with `{log_level:?}` log level.");
 
     Ok(())
 }

@@ -102,7 +102,7 @@
     loop {
         // Report errors on accept.
         if let Err(msg) = svr.serve_request().await {
-            error!("Could not accept connection: {:?}", msg);
+            error!("Could not accept connection: {msg:?}");
         }
 
         // Check for end of test in unit tests.
@@ -169,7 +169,7 @@
     // Bind the listener to the specified port
     let addr: SocketAddr = ([127, 0, 0, 1], config.http_port()).into();
     let listener: TcpListener = TcpListener::bind(addr).await.unwrap_or_else(|err| {
-        let msg = format!("Could not bind to {addr}: {}", err);
+        let msg = format!("Could not bind to {addr}: {err}");
         error!("{msg}");
         err_exit(&msg, "")
     });
@@ -335,7 +335,7 @@
             // spawn a task to poll the connection and drive the HTTP state
             tokio::spawn(async move {
                 if let Err(e) = conn.await {
-                    panic!("Error in connection: {}", e);
+                    panic!("Error in connection: {e}");
                 }
             });
 
@@ -400,7 +400,7 @@
         // Make sure everything shutdown cleanly.
         tx_lock.send(true).expect("could not sync"); // Tell the server to shut down.
         if let Err(msg) = thr.join() {
-            panic!("server failed: {:?}", msg);
+            panic!("server failed: {msg:?}");
         }
 
         // Return the responses in the original request order and strip out the index.
@@ -744,7 +744,7 @@
     #[tokio::test]
     async fn path_refresh_success() {
         let req = "/v1/My/Test?versionStage=AWSPENDING&refreshNow=0";
-        let (status, body) = run_request(&req).await;
+        let (status, body) = run_request(req).await;
         assert_eq!(status, StatusCode::OK);
         validate_response_extra("My/Test", DEFAULT_VERSION, vec!["AWSPENDING"], body);
     }

@@ -25,7 +25,7 @@ impl GSVQuery {
 
     pub(crate) fn try_from_query(s: &str) -> Result<Self, HttpError> {
         // url library can only parse complete URIs. The host/port/scheme used is irrelevant since it is not used
-        let complete_uri = format!("http://localhost{}", s);
+        let complete_uri = format!("http://localhost{s}");
 
         let url = Url::parse(&complete_uri)?;
 
@@ -42,7 +42,7 @@ impl GSVQuery {
                 "versionId" => query.version_id = Some(v.into()),
                 "versionStage" => query.version_stage = Some(v.into()),
                 "refreshNow" => query.refresh_now = GSVQuery::parse_refresh_value(&v)?,
-                p => return Err(HttpError(400, format!("unknown parameter: {}", p))),
+                p => return Err(HttpError(400, format!("unknown parameter: {p}"))),
             }
         }
 
@@ -55,7 +55,7 @@ impl GSVQuery {
 
     pub(crate) fn try_from_path_query(s: &str, path_prefix: &str) -> Result<Self, HttpError> {
         // url library can only parse complete URIs. The host/port/scheme used is irrelevant since it gets stripped
-        let complete_uri = format!("http://localhost{}", s);
+        let complete_uri = format!("http://localhost{s}");
 
         let url = Url::parse(&complete_uri)?;
 
@@ -76,7 +76,7 @@ impl GSVQuery {
                 "versionId" => query.version_id = Some(v.into()),
                 "versionStage" => query.version_stage = Some(v.into()),
                 "refreshNow" => query.refresh_now = GSVQuery::parse_refresh_value(&v)?,
-                p => return Err(HttpError(400, format!("unknown parameter: {}", p))),
+                p => return Err(HttpError(400, format!("unknown parameter: {p}"))),
             }
         }
 
@@ -92,13 +92,12 @@ mod tests {
     fn parse_query() {
         let secret_id = "MyTest".to_owned();
         let query =
-            GSVQuery::try_from_query(&format!("/secretsmanager/get?secretId={}", secret_id))
-                .unwrap();
+            GSVQuery::try_from_query(&format!("/secretsmanager/get?secretId={secret_id}")).unwrap();
 
         assert_eq!(query.secret_id, secret_id);
         assert_eq!(query.version_id, None);
         assert_eq!(query.version_stage, None);
-        assert_eq!(query.refresh_now, false);
+        assert!(!query.refresh_now);
     }
 
     #[test]
@@ -113,7 +112,7 @@ mod tests {
         assert_eq!(query.secret_id, secret_id);
         assert_eq!(query.version_id, None);
         assert_eq!(query.version_stage, None);
-        assert_eq!(query.refresh_now, true);
+        assert!(query.refresh_now);
     }
 
     #[test]
@@ -128,7 +127,7 @@ mod tests {
         assert_eq!(query.secret_id, secret_id);
         assert_eq!(query.version_id, None);
         assert_eq!(query.version_stage, None);
-        assert_eq!(query.refresh_now, false);
+        assert!(!query.refresh_now);
     }
 
     #[test]
@@ -137,8 +136,7 @@ mod tests {
         let version_id = "myversion".to_owned();
         let version_stage = "dev".to_owned();
         match GSVQuery::try_from_query(&format!(
-            "/secretsmanager/get?secretId={}&versionId={}&versionStage={}&refreshNow=123",
-            secret_id, version_id, version_stage
+            "/secretsmanager/get?secretId={secret_id}&versionId={version_id}&versionStage={version_stage}&refreshNow=123"
         )) {
             Ok(_) => panic!("should not parse"),
             Err(e) => {
@@ -160,7 +158,7 @@ mod tests {
         assert_eq!(query.secret_id, secret_id);
         assert_eq!(query.version_id, None);
         assert_eq!(query.version_stage, None);
-        assert_eq!(query.refresh_now, false);
+        assert!(!query.refresh_now);
     }
 
     #[test]
@@ -172,8 +170,7 @@ mod tests {
 
         let query = GSVQuery::try_from_path_query(
             &format!(
-                "{}{}?versionId={}&versionStage={}",
-                path_prefix, secret_id, version_id, version_stage
+                "{path_prefix}{secret_id}?versionId={version_id}&versionStage={version_stage}"
             ),
             path_prefix,
         )
@@ -190,8 +187,7 @@ mod tests {
         let version_id = "myversion".to_owned();
         let version_stage = "dev".to_owned();
         match GSVQuery::try_from_query(&format!(
-            "/secretsmanager/get?secretId={}&versionId={}&versionStage={}&abc=123",
-            secret_id, version_id, version_stage
+            "/secretsmanager/get?secretId={secret_id}&versionId={version_id}&versionStage={version_stage}&abc=123"
         )) {
             Ok(_) => panic!("should not parse"),
             Err(e) => {
@@ -210,8 +206,7 @@ mod tests {
 
         match GSVQuery::try_from_path_query(
             &format!(
-                "{}{}?versionId={}&versionStage={}&abc=123",
-                path_prefix, secret_id, version_id, version_stage
+                "{path_prefix}{secret_id}?versionId={version_id}&versionStage={version_stage}&abc=123"
             ),
             path_prefix,
         ) {
@@ -228,8 +223,7 @@ mod tests {
         let version_id = "myversion".to_owned();
         let version_stage = "dev".to_owned();
         match GSVQuery::try_from_query(&format!(
-            "/secretsmanager/get?&versionId={}&versionStage={}",
-            version_id, version_stage
+            "/secretsmanager/get?&versionId={version_id}&versionStage={version_stage}"
         )) {
             Ok(_) => panic!("should not parse"),
             Err(e) => {
@@ -246,10 +240,7 @@ mod tests {
         let path_prefix = "/v1/";
 
         match GSVQuery::try_from_path_query(
-            &format!(
-                "{}?versionId={}&versionStage={}&abc=123",
-                path_prefix, version_id, version_stage
-            ),
+            &format!("{path_prefix}?versionId={version_id}&versionStage={version_stage}&abc=123"),
             path_prefix,
         ) {
             Ok(_) => panic!("should not parse"),

@@ -5,6 +5,7 @@
 use hyper::{body::Incoming as IncomingBody, Method, Request, Response};
 use hyper_util::rt::TokioIo;
 use log::error;
+use mime::Mime;
 use tokio::net::TcpListener;
 use tokio::time::timeout;
 
@@ -27,6 +28,13 @@
     max_conn: usize,
 }
 
+/// HTTP response relevant fields
+#[derive(Debug)]
+struct ResponseContent {
+    rsp_body: String,
+    content_type: Mime,
+}
+
 /// Handle incoming HTTP requests.
 ///
 /// Implements the HTTP handler. Each incomming request is handled in its own
@@ -80,7 +88,7 @@
             let mut http = http1::Builder::new();
             let http = http.max_buf_size(MAX_BUF_BYTES);
             if let Err(err) = timeout(time_out(), http.serve_connection(io, svc_fn)).await {
-                error!("Failed to serve connection: {:?}", err);
+                error!("Failed to serve connection: {err:?}");
             };
         });
 
@@ -108,11 +116,16 @@
 
         // Format the response.
         match result {
-            Ok(rsp_body) => Ok(Response::builder()
+            Ok(ResponseContent {
+                rsp_body,
+                content_type,
+            }) => Ok(Response::builder()
+                .header("Content-Type", content_type.essence_str())
                 .body(Full::new(Bytes::from(rsp_body)))
                 .unwrap()),
             Err(e) => Ok(Response::builder()
                 .status(e.0)
+                .header("Content-Type", "text/plain")
                 .body(Full::new(Bytes::from(e.1)))
                 .unwrap()),
         }
@@ -134,40 +147,49 @@
         &self,
         req: &Request<IncomingBody>,
         count: usize,
-    ) -> Result<String, HttpError> {
+    ) -> Result<ResponseContent, HttpError> {
         self.validate_max_conn(req, count)?; // Verify connection limits are not exceeded
         self.validate_token(req)?; // Check for a valid SSRF token
         self.validate_method(req)?; // Allow only GET requests
 
         match req.uri().path() {
-            "/ping" => Ok("healthy".into()), // Standard health check
+            "/ping" => Ok(ResponseContent {
+                rsp_body: "healthy".into(),
+                content_type: mime::TEXT_PLAIN,
+            }), // Standard health check
 
             // Lambda extension style query
             "/secretsmanager/get" => {
                 let qry = GSVQuery::try_from_query(&req.uri().to_string())?;
-                Ok(self
-                    .cache_mgr
-                    .fetch(
-                        &qry.secret_id,
-                        qry.version_id.as_deref(),
-                        qry.version_stage.as_deref(),
-                        qry.refresh_now,
-                    )
-                    .await?)
+                Ok(ResponseContent {
+                    rsp_body: self
+                        .cache_mgr
+                        .fetch(
+                            &qry.secret_id,
+                            qry.version_id.as_deref(),
+                            qry.version_stage.as_deref(),
+                            qry.refresh_now,
+                        )
+                        .await?,
+                    content_type: mime::APPLICATION_JSON,
+                })
             }
 
             // Path style request
             path if path.starts_with(self.path_prefix.as_str()) => {
                 let qry = GSVQuery::try_from_path_query(&req.uri().to_string(), &self.path_prefix)?;
-                Ok(self
-                    .cache_mgr
-                    .fetch(
-                        &qry.secret_id,
-                        qry.version_id.as_deref(),
-                        qry.version_stage.as_deref(),
-                        qry.refresh_now,
-                    )
-                    .await?)
+                Ok(ResponseContent {
+                    rsp_body: self
+                        .cache_mgr
+                        .fetch(
+                            &qry.secret_id,
+                            qry.version_id.as_deref(),
+                            qry.version_stage.as_deref(),
+                            qry.refresh_now,
+                        )
+                        .await?,
+                    content_type: mime::APPLICATION_JSON,
+                })
             }
             _ => Err(HttpError(404, "Not found".into())),
         }