Add logging for when secret is unable to be retrieved (#6014)

graytaylor0 · web-flow · commit 161d88073241 · 2025-08-26T17:16:54.000-05:00
Signed-off-by: Taylor Gray &lt;tylgry@amazon.com&gt;
diff --git a/data-prepper-plugin-framework/src/main/java/org/opensearch/dataprepper/plugin/ExtensionsApplier.java b/data-prepper-plugin-framework/src/main/java/org/opensearch/dataprepper/plugin/ExtensionsApplier.java
@@ -6,6 +6,8 @@
 package org.opensearch.dataprepper.plugin;
 
 import org.opensearch.dataprepper.model.plugin.ExtensionPlugin;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 
 import javax.annotation.PostConstruct;
 import javax.annotation.PreDestroy;
@@ -16,6 +18,8 @@
 
 @Named("extensionsApplier")
 class ExtensionsApplier {
+    private static final Logger LOG = LoggerFactory.getLogger(ExtensionsApplier.class);
+
     private final DataPrepperExtensionPoints dataPrepperExtensionPoints;
     private final ExtensionLoader extensionLoader;
     private List<? extends ExtensionPlugin> loadedExtensionPlugins = Collections.emptyList();
@@ -32,6 +36,8 @@ class ExtensionsApplier {
     void applyExtensions() {
         loadedExtensionPlugins = extensionLoader.loadExtensions();
 
+        LOG.info("Loaded {} extensions: {}", loadedExtensionPlugins.size(),  loadedExtensionPlugins);
+
         for (ExtensionPlugin extensionPlugin : loadedExtensionPlugins) {
             extensionPlugin.apply(dataPrepperExtensionPoints);
         }
diff --git a/data-prepper-plugins/aws-plugin/src/main/java/org/opensearch/dataprepper/plugins/aws/AwsSecretsSupplier.java b/data-prepper-plugins/aws-plugin/src/main/java/org/opensearch/dataprepper/plugins/aws/AwsSecretsSupplier.java
@@ -18,6 +18,7 @@
 import org.opensearch.dataprepper.model.plugin.FailedToUpdatePluginConfigValueException;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
+import software.amazon.awssdk.awscore.exception.AwsServiceException;
 import software.amazon.awssdk.services.secretsmanager.SecretsManagerClient;
 import software.amazon.awssdk.services.secretsmanager.model.GetSecretValueRequest;
 import software.amazon.awssdk.services.secretsmanager.model.GetSecretValueResponse;
@@ -127,10 +128,16 @@ private Object retrieveSecretsFromSecretManager(final AwsSecretManagerConfigurat
         final GetSecretValueResponse getSecretValueResponse;
         try {
             getSecretValueResponse = secretsManagerClient.getSecretValue(getSecretValueRequest);
-        } catch (Exception e) {
+        } catch (final AwsServiceException e) {
+            LOG.error("Unable to retrieve secret {}: {}", getSecretValueRequest.secretId(), e.getMessage());
             throw new RuntimeException(
                     String.format("Unable to retrieve secret: %s",
                             awsSecretManagerConfiguration.getAwsSecretId()), e);
+        } catch (final Exception ex) {
+            LOG.error("Unable to retrieve secret {} due to unexpected error", getSecretValueRequest.secretId(), ex);
+            throw new RuntimeException(
+                    String.format("Unable to retrieve secret: %s",
+                            awsSecretManagerConfiguration.getAwsSecretId()), ex);
         }
 
         try {
diff --git a/data-prepper-plugins/aws-plugin/src/test/java/org/opensearch/dataprepper/plugins/aws/AwsSecretsSupplierTest.java b/data-prepper-plugins/aws-plugin/src/test/java/org/opensearch/dataprepper/plugins/aws/AwsSecretsSupplierTest.java
@@ -17,11 +17,14 @@
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.ExtendWith;
 import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.Arguments;
+import org.junit.jupiter.params.provider.MethodSource;
 import org.junit.jupiter.params.provider.ValueSource;
 import org.mockito.ArgumentMatchers;
 import org.mockito.Mock;
 import org.mockito.junit.jupiter.MockitoExtension;
 import org.opensearch.dataprepper.aws.api.AwsCredentialsSupplier;
+import software.amazon.awssdk.awscore.exception.AwsServiceException;
 import software.amazon.awssdk.services.secretsmanager.SecretsManagerClient;
 import software.amazon.awssdk.services.secretsmanager.model.GetSecretValueRequest;
 import software.amazon.awssdk.services.secretsmanager.model.GetSecretValueResponse;
@@ -31,6 +34,7 @@
 
 import java.util.Map;
 import java.util.UUID;
+import java.util.stream.Stream;
 
 import static org.hamcrest.CoreMatchers.equalTo;
 import static org.hamcrest.MatcherAssert.assertThat;
@@ -155,13 +159,20 @@ void testRetrieveValueWithoutKey(String testValue) {
         assertThat(objectUnderTest.retrieveValue(TEST_AWS_SECRET_CONFIGURATION_NAME), equalTo(testValue));
     }
 
-    @Test
-    void testConstructorWithGetSecretValueFailure() {
-        when(secretsManagerClient.getSecretValue(eq(getSecretValueRequest))).thenThrow(secretsManagerException);
+    @ParameterizedTest
+    @MethodSource("exceptionProvider")
+    void testConstructorWithGetSecretValueFailure(final Class<Throwable> e) {
+        when(secretsManagerClient.getSecretValue(eq(getSecretValueRequest))).thenThrow(e);
         assertThrows(RuntimeException.class, () -> new AwsSecretsSupplier(
                 secretValueDecoder, awsSecretPluginConfig, OBJECT_MAPPER, awsCredentialsSupplier));
     }
 
+    private static Stream<Arguments> exceptionProvider() {
+        return Stream.of(
+                Arguments.of(AwsServiceException.class),
+                Arguments.of(RuntimeException.class));
+    }
+
     @Test
     void testRefreshSecretsWithKey() {
         final String testValue = "{\"key\":\"oldValue\"}";
