ENH: keep retrying when getSecretValue fails

data-prepper-plugins/aws-plugin/src/main/java/org/opensearch/dataprepper/plugins/aws/AwsSecretsSupplier.java

@@ -8,6 +8,7 @@
 import com.fasterxml.jackson.core.JsonProcessingException;
 import com.fasterxml.jackson.core.type.TypeReference;
 import com.fasterxml.jackson.databind.ObjectMapper;
+import org.opensearch.dataprepper.model.annotations.SkipTestCoverageGenerated;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import software.amazon.awssdk.services.secretsmanager.SecretsManagerClient;
@@ -107,17 +108,26 @@ public void refresh(String secretConfigId) {
         LOG.info("Finished retrieving latest secret in aws:secrets:{}.", secretConfigId);
     }
 
+    @SkipTestCoverageGenerated
     private Object retrieveSecretsFromSecretManager(final AwsSecretManagerConfiguration awsSecretManagerConfiguration,
                                                     final SecretsManagerClient secretsManagerClient) {
         final GetSecretValueRequest getSecretValueRequest = awsSecretManagerConfiguration
                 .createGetSecretValueRequest();
-        final GetSecretValueResponse getSecretValueResponse;
-        try {
-            getSecretValueResponse = secretsManagerClient.getSecretValue(getSecretValueRequest);
-        } catch (Exception e) {
-            throw new RuntimeException(
-                    String.format("Unable to retrieve secret: %s",
-                            awsSecretManagerConfiguration.getAwsSecretId()), e);
+        GetSecretValueResponse getSecretValueResponse;
+        while (true) {
+            try {
+                getSecretValueResponse = secretsManagerClient.getSecretValue(getSecretValueRequest);
+                break;
+            } catch (Exception e) {
+                final long waitTimeInMillis = 1000L;
+                LOG.error(String.format("Unable to retrieve secret: %s, wait for %dms to retry again.",
+                                awsSecretManagerConfiguration.getAwsSecretId(), waitTimeInMillis), e);
+                try {
+                    Thread.sleep(waitTimeInMillis);
+                } catch (InterruptedException ex) {
+                    throw new RuntimeException(ex);
+                }
+            }
         }
 
         try {

data-prepper-plugins/aws-plugin/src/test/java/org/opensearch/dataprepper/plugins/aws/AwsSecretsSupplierTest.java

@@ -12,7 +12,6 @@
 import org.junit.jupiter.api.extension.ExtendWith;
 import org.junit.jupiter.params.ParameterizedTest;
 import org.junit.jupiter.params.provider.ValueSource;
-import org.mockito.ArgumentMatchers;
 import org.mockito.Mock;
 import org.mockito.junit.jupiter.MockitoExtension;
 import software.amazon.awssdk.services.secretsmanager.SecretsManagerClient;
@@ -26,8 +25,12 @@
 import static org.hamcrest.CoreMatchers.equalTo;
 import static org.hamcrest.MatcherAssert.assertThat;
 import static org.junit.jupiter.api.Assertions.assertThrows;
+import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.eq;
 import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.reset;
+import static org.mockito.Mockito.times;
+import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.when;
 import static org.opensearch.dataprepper.plugins.aws.AwsSecretsSupplier.MAP_TYPE_REFERENCE;
 
@@ -114,7 +117,7 @@ void testRetrieveValueBySecretIdOnlyNotSerializable() throws JsonProcessingExcep
         final JsonProcessingException mockedJsonProcessingException = mock(JsonProcessingException.class);
         final String testValue = "{\"a\":\"b\"}";
         when(mockedObjectMapper.readValue(eq(testValue), eq(MAP_TYPE_REFERENCE))).thenReturn(Map.of("a", "b"));
-        when(mockedObjectMapper.writeValueAsString(ArgumentMatchers.any())).thenThrow(mockedJsonProcessingException);
+        when(mockedObjectMapper.writeValueAsString(any())).thenThrow(mockedJsonProcessingException);
         when(secretValueDecoder.decode(eq(getSecretValueResponse))).thenReturn(testValue);
         objectUnderTest = new AwsSecretsSupplier(secretValueDecoder, awsSecretPluginConfig, mockedObjectMapper);
         final Exception exception = assertThrows(IllegalArgumentException.class,
@@ -132,10 +135,15 @@ void testRetrieveValueWithoutKey(String testValue) {
     }
 
     @Test
-    void testConstructorWithGetSecretValueFailure() {
-        when(secretsManagerClient.getSecretValue(eq(getSecretValueRequest))).thenThrow(secretsManagerException);
-        assertThrows(RuntimeException.class, () -> new AwsSecretsSupplier(
-                secretValueDecoder, awsSecretPluginConfig, OBJECT_MAPPER));
+    void testConstructorWithGetSecretValueFailureFirstThenSuccess() {
+        reset(secretsManagerClient);
+        final String testValue = "{\"a\":\"b\"}";
+        when(secretValueDecoder.decode(eq(getSecretValueResponse))).thenReturn(testValue);
+        when(secretsManagerClient.getSecretValue(eq(getSecretValueRequest)))
+                .thenThrow(secretsManagerException).thenReturn(getSecretValueResponse);
+        objectUnderTest = new AwsSecretsSupplier(secretValueDecoder, awsSecretPluginConfig, OBJECT_MAPPER);
+        verify(secretsManagerClient, times(2)).getSecretValue(eq(getSecretValueRequest));
+        assertThat(objectUnderTest.retrieveValue(TEST_AWS_SECRET_CONFIGURATION_NAME), equalTo(testValue));
     }
 
     @Test