-
Notifications
You must be signed in to change notification settings - Fork 1
/
aws.go
118 lines (110 loc) · 3.18 KB
/
aws.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
package main
import (
"encoding/json"
"fmt"
"io/ioutil"
"os"
"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/aws/credentials"
"github.com/aws/aws-sdk-go/aws/credentials/ec2rolecreds"
"github.com/aws/aws-sdk-go/aws/ec2metadata"
"github.com/aws/aws-sdk-go/aws/session"
"github.com/aws/aws-sdk-go/service/secretsmanager"
)
func awsSession() (*session.Session, error) {
ec2MetadataConfig := aws.NewConfig()
ec2MetadataSession, err := session.NewSession(ec2MetadataConfig)
if err != nil {
return nil, err
}
ec2Metadata := ec2metadata.New(ec2MetadataSession)
creds := credentials.NewChainCredentials(
[]credentials.Provider{
&credentials.EnvProvider{},
&credentials.SharedCredentialsProvider{
Profile: config.Profile,
},
&ec2rolecreds.EC2RoleProvider{Client: ec2Metadata},
},
)
return session.NewSession(aws.NewConfig().WithCredentials(creds))
}
func awsSecretsFiles(s *secretsmanager.SecretsManager) error {
var errors []error
for path, secretID := range config.SecretAssignments.Values {
var value []byte
result, err := s.GetSecretValue(&secretsmanager.GetSecretValueInput{
SecretId: aws.String(secretID),
})
if err != nil {
errors = append(errors, err)
continue
}
if result.SecretString != nil {
value = []byte(*result.SecretString)
}
if result.SecretBinary != nil {
value = result.SecretBinary
}
ioutil.WriteFile(path, value, os.FileMode(config.FileMode))
}
for path, secret := range config.SecretJSONKeyStrings {
var value []byte
result, err := s.GetSecretValue(&secretsmanager.GetSecretValueInput{
SecretId: aws.String(secret.SecretID),
})
if err != nil {
errors = append(errors, err)
continue
}
var jsonObject map[string]interface{}
switch {
case result.SecretString != nil:
if err := json.Unmarshal([]byte(*result.SecretString), &jsonObject); err != nil {
errors = append(errors, err)
continue
}
value = []byte(fmt.Sprint(jsonObject[secret.JSONKey]))
case result.SecretString != nil:
if err := json.Unmarshal(result.SecretBinary, &jsonObject); err != nil {
errors = append(errors, err)
continue
}
value = []byte(fmt.Sprint(jsonObject[secret.JSONKey]))
}
ioutil.WriteFile(path, value, os.FileMode(config.FileMode))
}
for path, secret := range config.SecretJSONKeys {
var value []byte
result, err := s.GetSecretValue(&secretsmanager.GetSecretValueInput{
SecretId: aws.String(secret.SecretID),
})
if err != nil {
errors = append(errors, err)
continue
}
var jsonObject map[string]interface{}
switch {
case result.SecretString != nil:
if err := json.Unmarshal([]byte(*result.SecretString), &jsonObject); err != nil {
errors = append(errors, err)
continue
}
value, _ = json.Marshal(jsonObject[secret.JSONKey])
case result.SecretString != nil:
if err := json.Unmarshal(result.SecretBinary, &jsonObject); err != nil {
errors = append(errors, err)
continue
}
value, _ = json.Marshal(jsonObject[secret.JSONKey])
}
ioutil.WriteFile(path, value, os.FileMode(config.FileMode))
}
if len(errors) == 1 {
return errors[0]
}
if len(errors) > 0 {
return fmt.Errorf("%d error(s): [%q, ...]", len(errors), errors[0])
}
return nil
}