Allow fetching credentials from secretsmanager

coveooss · Jun 21, 2019 · 20d1651 · 20d1651
1 parent 1357b7d
commit 20d1651
Show file tree

Hide file tree

Showing 5 changed files with 18 additions and 9 deletions.
diff --git a/credentials/credentials.go b/credentials/credentials.go
@@ -47,13 +47,17 @@ func (credBase *Base) BaseValidate() bool {
 	if credBase.ID == "" {
 		log.Errorf("Credentials (%s) has no defined ID", credBase.BaseToString())
 	}
-	if credBase.Description == "" {
-		log.Errorf("Credentials (%s) has no defined description", credBase.ID)
-	}
 	if credBase.CredType == "" {
 		log.Errorf("Credentials (%s) has no type. This is probably a bug in the software", credBase.ID)
 	}
-	return credBase.ID != "" && credBase.Description != "" && credBase.CredType != ""
+	return credBase.ID != "" && credBase.CredType != ""
+}
+
+func (credBase *Base) GetDescriptionOrID() string {
+	if credBase.Description == "" {
+		return credBase.ID
+	}
+	return credBase.Description
 }
 
 // GetID returns a credentials' ID

diff --git a/credentials/source_secretsmanager.go b/credentials/source_secretsmanager.go
@@ -2,6 +2,7 @@ package credentials
 
 import (
 	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/aws/credentials/stscreds"
 	"github.com/aws/aws-sdk-go/aws/session"
 	"github.com/aws/aws-sdk-go/service/secretsmanager"
 )
@@ -12,7 +13,8 @@ type AWSSecretsManagerSource struct {
 
 func (source *AWSSecretsManagerSource) Credentials() ([]Credentials, error) {
 	sess := session.Must(session.NewSessionWithOptions(session.Options{
-		SharedConfigState: session.SharedConfigEnable,
+		SharedConfigState:       session.SharedConfigEnable,
+		AssumeRoleTokenProvider: stscreds.StdinTokenProvider,
 	}))
 	client := secretsmanager.New(sess)
 	value, err := client.GetSecretValue(&secretsmanager.GetSecretValueInput{
@@ -21,7 +23,7 @@ func (source *AWSSecretsManagerSource) Credentials() ([]Credentials, error) {
 	if err != nil {
 		return nil, err
 	}
-	return getCredentialsFromBytes(value.SecretBinary)
+	return getCredentialsFromBytes([]byte(*value.SecretString))
 }
 
 func (source *AWSSecretsManagerSource) Type() string {

diff --git a/credentials/sources.go b/credentials/sources.go
@@ -30,6 +30,9 @@ func (sc *SourcesConfiguration) AllSources() []Source {
 	for _, source := range sc.AWSS3Sources {
 		sources = append(sources, source)
 	}
+	for _, source := range sc.AWSSecretsManagerSource {
+		sources = append(sources, source)
+	}
 	for _, source := range sc.AWSSSMSources {
 		sources = append(sources, source)
 	}

diff --git a/sync/config.go b/sync/config.go
@@ -26,7 +26,7 @@ func (config *Configuration) Sync() {
 	// Start reading credentials
 	creds, err := config.Sources.Credentials()
 	if err != nil {
-		log.Fatalf("Caught an error while fetching credentials")
+		log.Fatalf("Caught an error while fetching credentials: %v", err)
 	}
 
 	// Initialize targets

diff --git a/targets/jenkins.go b/targets/jenkins.go
@@ -114,14 +114,14 @@ func toJenkinsCredential(creds credentials.Credentials) interface{} {
 		castCreds := creds.(*credentials.SecretTextCredentials)
 		return &gojenkins.StringCredentials{
 			ID:          creds.GetID(),
-			Description: castCreds.Description,
+			Description: castCreds.GetDescriptionOrID(),
 			Secret:      castCreds.Secret,
 		}
 	case *credentials.UsernamePasswordCredentials:
 		castCreds := creds.(*credentials.UsernamePasswordCredentials)
 		return &gojenkins.UsernameCredentials{
 			ID:          castCreds.GetID(),
-			Description: castCreds.Description,
+			Description: castCreds.GetDescriptionOrID(),
 			Username:    castCreds.Username,
 			Password:    castCreds.Password,
 		}