This repository has been archived by the owner on Apr 4, 2023. It is now read-only.
/
aws_ssm.go
80 lines (64 loc) · 1.76 KB
/
aws_ssm.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
package aws_ssm
import (
"encoding/base64"
"fmt"
"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/aws/session"
"github.com/aws/aws-sdk-go/service/ssm"
"github.com/jetstack/vault-unsealer/pkg/kv"
)
type awsSSM struct {
ssmService *ssm.SSM
keyPrefix string
}
var _ kv.Service = &awsSSM{}
func NewWithSession(sess *session.Session, keyPrefix string) (*awsSSM, error) {
return &awsSSM{
ssmService: ssm.New(sess),
keyPrefix: keyPrefix,
}, nil
}
func New(keyPrefix string) (*awsSSM, error) {
sess, err := session.NewSession()
if err != nil {
return nil, err
}
return NewWithSession(sess, keyPrefix)
}
func (a *awsSSM) Get(key string) ([]byte, error) {
out, err := a.ssmService.GetParameters(&ssm.GetParametersInput{
Names: []*string{
aws.String(a.name(key)),
},
})
if err != nil {
return []byte{}, err
}
if len(out.Parameters) < 1 {
return []byte{}, kv.NewNotFoundError("key '%s' not found", key)
}
return base64.StdEncoding.DecodeString(*out.Parameters[0].Value)
}
func (a *awsSSM) name(key string) string {
return fmt.Sprintf("%s%s", a.keyPrefix, key)
}
func (a *awsSSM) Set(key string, val []byte) error {
_, err := a.ssmService.PutParameter(&ssm.PutParameterInput{
Description: aws.String("vault-unsealer"),
Name: aws.String(a.name(key)),
Overwrite: aws.Bool(true),
Value: aws.String(base64.StdEncoding.EncodeToString(val)),
Type: aws.String("String"),
})
return err
}
func (a *awsSSM) Delete(key string) error {
_, err := a.ssmService.DeleteParameter(&ssm.DeleteParameterInput{
Name: aws.String(a.name(key)),
})
return err
}
func (g *awsSSM) Test(key string) error {
// TODO: Implement a test if a Set is likely to work, AWS doesn't seemt to provide a dry-run on the parameter store
return nil
}