Implement AWS secretsmanager source

credentials/source_local.go

@@ -32,12 +32,19 @@ func getCredentialsFromFile(fileName string) ([]Credentials, error) {
 	var (
 		err         error
 		fileContent []byte
-		yamlContent []map[string]interface{}
 	)
 	if fileContent, err = ioutil.ReadFile(fileName); err != nil {
 		return nil, err
 	}
-	if err = yaml.Unmarshal(fileContent, &yamlContent); err != nil {
+	return getCredentialsFromBytes(fileContent)
+}
+
+func getCredentialsFromBytes(byteArray []byte) ([]Credentials, error) {
+	var (
+		err         error
+		yamlContent []map[string]interface{}
+	)
+	if err = yaml.Unmarshal(byteArray, &yamlContent); err != nil {
 		return nil, err
 	}
 	return ParseCredentials(yamlContent)

credentials/source_s3.go

@@ -2,13 +2,10 @@ package credentials
 
 import (
 	"io/ioutil"
-	"os"
 
 	"github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/aws/session"
 	"github.com/aws/aws-sdk-go/service/s3"
-	"github.com/aws/aws-sdk-go/service/s3/s3manager"
-	log "github.com/sirupsen/logrus"
 )
 
 type AWSS3Source struct {
@@ -17,31 +14,30 @@ type AWSS3Source struct {
 }
 
 func (source *AWSS3Source) Credentials() ([]Credentials, error) {
-	downloader := s3manager.NewDownloader(session.New())
-
-	file, err := ioutil.TempFile("", "credentials_sync_s3")
-	defer os.Remove(file.Name())
+	sess := session.Must(session.NewSessionWithOptions(session.Options{
+		SharedConfigState: session.SharedConfigEnable,
+	}))
+	client := s3.New(sess)
+
+	response, err := client.GetObject(&s3.GetObjectInput{
+		Bucket: aws.String(source.Bucket),
+		Key:    aws.String(source.Key),
+	})
 	if err != nil {
 		return nil, err
 	}
-
-	numBytes, err := downloader.Download(file,
-		&s3.GetObjectInput{
-			Bucket: aws.String(source.Bucket),
-			Key:    aws.String(source.Key),
-		})
+	body, err := ioutil.ReadAll(response.Body)
 	if err != nil {
 		return nil, err
 	}
-	log.Info("Downloaded", file.Name(), numBytes, "bytes")
 
-	return getCredentialsFromFile(file.Name())
+	return getCredentialsFromBytes(body)
 }
 
 func (source *AWSS3Source) Type() string {
 	return "Amazon S3"
 }
 
 func (source *AWSS3Source) ValidateConfiguration() bool {
-	return true
+	return len(source.Bucket) > 0 && len(source.Key) > 0
 }

credentials/source_secretsmanager.go

@@ -0,0 +1,33 @@
+package credentials
+
+import (
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/aws/session"
+	"github.com/aws/aws-sdk-go/service/secretsmanager"
+)
+
+type AWSSecretsManagerSource struct {
+	SecretID string `mapstructure:"secret_id"`
+}
+
+func (source *AWSSecretsManagerSource) Credentials() ([]Credentials, error) {
+	sess := session.Must(session.NewSessionWithOptions(session.Options{
+		SharedConfigState: session.SharedConfigEnable,
+	}))
+	client := secretsmanager.New(sess)
+	value, err := client.GetSecretValue(&secretsmanager.GetSecretValueInput{
+		SecretId: aws.String(source.SecretID),
+	})
+	if err != nil {
+		return nil, err
+	}
+	return getCredentialsFromBytes(value.SecretBinary)
+}
+
+func (source *AWSSecretsManagerSource) Type() string {
+	return "Amazon SecretsManager"
+}
+
+func (source *AWSSecretsManagerSource) ValidateConfiguration() bool {
+	return len(source.SecretID) > 0
+}

credentials/source_ssm.go

@@ -30,9 +30,10 @@ func (source *AWSSSMSource) Credentials() ([]Credentials, error) {
 			for _, parameter := range page.Parameters {
 				splitName := strings.Split(*parameter.Name, "/")
 				credentialsMap := map[string]interface{}{
-					"full_name": *parameter.Name,
-					"id":        splitName[len(splitName)-1],
-					"value":     *parameter.Value,
+					"full_name":   *parameter.Name,
+					"id":          splitName[len(splitName)-1],
+					"description": splitName[len(splitName)-1],
+					"value":       *parameter.Value,
 				}
 				credentialsMaps = append(credentialsMaps, credentialsMap)
 			}

credentials/sources.go

@@ -12,9 +12,10 @@ type Source interface {
 }
 
 type SourcesConfiguration struct {
-	AWSS3Sources  []*AWSS3Source  `mapstructure:"aws_s3"`
-	AWSSSMSources []*AWSSSMSource `mapstructure:"aws_ssm"`
-	LocalSources  []*LocalSource  `mapstructure:"local"`
+	AWSS3Sources            []*AWSS3Source             `mapstructure:"aws_s3"`
+	AWSSecretsManagerSource []*AWSSecretsManagerSource `mapstructure:"aws_secretsmanager"`
+	AWSSSMSources           []*AWSSSMSource            `mapstructure:"aws_ssm"`
+	LocalSources            []*LocalSource             `mapstructure:"local"`
 
 	credentialsList []Credentials
 }