feat: add AWS Secrets Manager Integration

2025-07-02 20:00:41 +08:00 · 2025-05-29 12:42:05 +09:00
parent a17100e512
commit 1955157e9a
13 changed files with 608 additions and 3 deletions
--- a/pr_agent/config_loader.py
+++ b/pr_agent/config_loader.py
@ -81,3 +81,65 @@ def _find_pyproject() -> Optional[Path]:
 pyproject_path = _find_pyproject()
 if pyproject_path is not None:
    get_settings().load_file(pyproject_path, env=f'tool.{PR_AGENT_TOML_KEY}')
+
+
+def apply_secrets_manager_config():
+    """
+    Retrieve configuration from AWS Secrets Manager and override existing settings
+    """
+    try:
+        from pr_agent.secret_providers import get_secret_provider
+        from pr_agent.log import get_logger
+
+        secret_provider = get_secret_provider()
+        if not secret_provider:
+            return
+
+        # Execute only when AWS Secrets Manager specific method is available
+        if (hasattr(secret_provider, 'get_all_secrets') and
+            get_settings().get("CONFIG.SECRET_PROVIDER") == 'aws_secrets_manager'):
+            try:
+                secrets = secret_provider.get_all_secrets()
+                if secrets:
+                    apply_secrets_to_config(secrets)
+                    get_logger().info("Applied AWS Secrets Manager configuration")
+            except Exception as e:
+                get_logger().error(f"Failed to apply AWS Secrets Manager config: {e}")
+    except Exception as e:
+        # Fail silently when secret provider is not configured
+        try:
+            from pr_agent.log import get_logger
+            get_logger().debug(f"Secret provider not configured: {e}")
+        except:
+            # Fail completely silently if log module is not available
+            pass
+
+
+def apply_secrets_to_config(secrets: dict):
+    """
+    Apply secret dictionary to configuration
+    Configuration override with same pattern as Google Cloud Storage
+    """
+    try:
+        from pr_agent.log import get_logger
+    except:
+        # Do nothing if logging is not available
+        def get_logger():
+            class DummyLogger:
+                def debug(self, msg): pass
+            return DummyLogger()
+
+    for key, value in secrets.items():
+        if '.' in key:  # nested key like "openai.key"
+            parts = key.split('.')
+            if len(parts) == 2:
+                section, setting = parts
+                # Convert case to match Dynaconf pattern
+                section_upper = section.upper()
+                setting_upper = setting.upper()
+
+                # Set only when no existing value (prioritize environment variables)
+                current_value = get_settings().get(f"{section_upper}.{setting_upper}")
+                if current_value is None or current_value == "":
+                    get_settings().set(f"{section_upper}.{setting_upper}", value)
+                    get_logger().debug(f"Set {section}.{setting} from AWS Secrets Manager")