forked from liomthechef/consul-template-plugin-ssm
/
secretsmanager.go
85 lines (76 loc) · 2.17 KB
/
secretsmanager.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
package main
import (
"flag"
"fmt"
"io/ioutil"
"log"
"strings"
"github.com/aws/aws-sdk-go/aws/session"
"github.com/aws/aws-sdk-go/service/secretsmanager"
)
// Checks if only 1 argument is provided
// Returns the first command line argument
func parseInput(args []string) (string, error) {
if len(args) == 0 {
return "", fmt.Errorf("No argument provided, exiting")
} else if len(args) > 1 {
return "", fmt.Errorf("Too many arguments provided only 1 argument is supported, exiting")
}
return args[0], nil
}
func retrieveEnv() (string, error) {
filebyte, err := ioutil.ReadFile("/opt/environment")
out := string(filebyte[:])
out = strings.TrimSuffix(out, "\n")
return out, err
}
// Creates an AWS session
// Retrieves and decrypts a given parameter
func retrieveParam(paramName string, getEnvOutput string) (*secretsmanager.GetSecretValueOutput, error) {
secretsmanagerPath := getEnvOutput + paramName
sess := session.Must(session.NewSession())
svc := secretsmanager.New(sess)
out, err := svc.GetSecretValue(&secretsmanager.GetSecretValueInput{
SecretId: &secretsmanagerPath})
return out, err
}
// return value from
func getParamValue(paramOutput *secretsmanager.GetSecretValueOutput) string {
return *paramOutput.SecretString
}
// Return test param value
func getTestParamValue(param string) (string, error) {
if param == "TEST_PARAM_VALUE" {
return param, nil
} else {
return "", fmt.Errorf("Wrong value for test-mode, should be: TEST_PARAM_VALUE")
}
}
func main() {
// Bypass AWS calls in test mode
testMode := flag.Bool("test-mode", false, "Enable test mode")
flag.Parse()
paramName, err := parseInput(flag.Args())
if err != nil {
log.Fatal(err)
}
// test mode
if *testMode {
out, err := getTestParamValue(paramName)
if err != nil {
log.Println("There was an error fetching/decrypting the parameter:", paramName)
log.Fatal(err.Error())
} else {
fmt.Println(out)
}
} else {
getEnvOutput, err := retrieveEnv()
out, err := retrieveParam(paramName, getEnvOutput)
if err != nil {
log.Println("There was an error fetching/decrypting the parameter:", paramName)
log.Fatal(err.Error())
} else {
fmt.Println(getParamValue(out))
}
}
}