-
Notifications
You must be signed in to change notification settings - Fork 0
/
main.go
126 lines (103 loc) · 2.82 KB
/
main.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
package main
import (
"context"
"encoding/json"
"fmt"
"log"
"os"
"os/exec"
"strings"
"syscall"
secretmanager "cloud.google.com/go/secretmanager/apiv1"
"cloud.google.com/go/secretmanager/apiv1/secretmanagerpb"
)
var SM_PREFIX = "sm://"
var _secretManagerClient *secretmanager.Client
func getSecretManagerClient(ctx context.Context) *secretmanager.Client {
if _secretManagerClient == nil {
var err error
_secretManagerClient, err = secretmanager.NewClient(ctx)
if err != nil {
log.Fatalf("ERROR: %v", err)
}
// defer client.Close()
}
return _secretManagerClient
}
func doSecretsManagerSubstitution(ctx context.Context, input string) (string, error) {
log.Printf("INFO: doing variable substitution for %v\n", input)
input = strings.TrimPrefix(input, SM_PREFIX)
secret, value, parseJSON := strings.Cut(input, "#")
if !strings.Contains(secret, "/versions/") {
// pick latest version of the secret by default
secret = secret + "/versions/latest"
}
log.Printf("INFO: parsed secret name is %v", secret)
client := getSecretManagerClient(ctx)
// Build the request.
accessRequest := &secretmanagerpb.AccessSecretVersionRequest{
Name: secret,
}
// Call the API.
secretData, err := client.AccessSecretVersion(ctx, accessRequest)
if err != nil {
return "", fmt.Errorf("failed to retrieve secret %q: %v", secret, err)
}
secretValue := secretData.Payload.Data
result := string(secretValue)
if parseJSON {
log.Printf("INFO: JSON parsing is enabled, extracting field: %v", value)
parsedSecret := make(map[string]string)
err := json.Unmarshal(secretValue, &parsedSecret)
if err != nil {
return "", fmt.Errorf("failed to parse secret data: %v", err)
}
var ok bool
result, ok = parsedSecret[value]
if !ok {
return "", fmt.Errorf("failed to parse secret data: key %q not present in JSON", value)
}
}
return result, nil
}
func usage() {
fmt.Printf("Incorrect invocation, usage: %v CMD [ARGUMENTS...]\n", os.Args[0])
}
func main() {
if len(os.Args) < 2 {
usage()
os.Exit(1)
}
ctx := context.Background()
substitutions := make(map[string]string)
for _, e := range os.Environ() {
_split := strings.SplitN(e, "=", 2)
e_name, e_val := _split[0], _split[1]
if strings.HasPrefix(e_val, SM_PREFIX) {
var err error
e_val, err = doSecretsManagerSubstitution(ctx, e_val)
if err != nil {
log.Fatalf("ERROR: %v\n", err)
}
substitutions[e_name] = e_val
} else {
substitutions[e_name] = e_val
}
}
for e_name, e_val := range substitutions {
err := os.Setenv(e_name, e_val)
if err != nil {
log.Fatalf("ERROR: %v\n", err)
}
}
progExec := os.Args[1]
progArgs := os.Args[1:]
progPath, err := exec.LookPath(progExec)
if err != nil {
log.Fatalf("ERROR: %v\n", err)
}
err = syscall.Exec(progPath, progArgs, os.Environ())
if err != nil {
log.Fatalf("ERROR: %v\n", err)
}
}