/
client.go
68 lines (58 loc) · 2.31 KB
/
client.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
package awssecretsmanager
import (
"context"
"encoding/base64"
"errors"
"github.com/aws/aws-sdk-go-v2/aws"
"github.com/aws/aws-sdk-go-v2/config"
"github.com/aws/aws-sdk-go-v2/service/secretsmanager"
"github.com/aws/smithy-go"
"github.com/rs/zerolog/log"
"go.opentelemetry.io/contrib/instrumentation/github.com/aws/aws-sdk-go-v2/otelaws"
)
func NewClient(useTracing bool) *secretsmanager.Client {
cfg, _ := config.LoadDefaultConfig(context.TODO())
if useTracing {
otelaws.AppendMiddlewares(&cfg.APIOptions)
}
// Create an Amazon SecretsMananger client.
client := secretsmanager.NewFromConfig(cfg)
return client
}
type GetSecretValueApi interface {
GetSecretValue(ctx context.Context, params *secretsmanager.GetSecretValueInput, optFns ...func(*secretsmanager.Options)) (*secretsmanager.GetSecretValueOutput, error)
}
func getSecretValue(ctx context.Context, api GetSecretValueApi, input *secretsmanager.GetSecretValueInput) (*secretsmanager.GetSecretValueOutput, error) {
return api.GetSecretValue(ctx, input)
}
// fetches SecretsMananger value with context which enables instrumenting
func GetSecret(ctx context.Context, client GetSecretValueApi, secretName string) (*string, error) {
input := secretsmanager.GetSecretValueInput{
SecretId: aws.String(secretName),
VersionStage: aws.String("AWSCURRENT"), // VersionStage defaults to AWSCURRENT if unspecified
}
result, err := getSecretValue(ctx, client, &input)
if err != nil {
var ae smithy.APIError
if errors.As(err, &ae) {
log.Printf("call to secretsmanager failed with code: %s, message: %s, fault: %s", ae.ErrorCode(), ae.ErrorMessage(), ae.ErrorFault().String())
}
return nil, err
}
// Decrypts secret using the associated KMS key.
// Depending on whether the secret is a string or binary, one of these fields will be populated.
var secretString, decodedBinarySecret string
if result.SecretString != nil {
secretString = *result.SecretString
return &secretString, nil
} else {
decodedBinarySecretBytes := make([]byte, base64.StdEncoding.DecodedLen(len(result.SecretBinary)))
len, err := base64.StdEncoding.Decode(decodedBinarySecretBytes, result.SecretBinary)
if err != nil {
log.Err(err).Msg("Base64 Decode Error")
return nil, err
}
decodedBinarySecret = string(decodedBinarySecretBytes[:len])
return &decodedBinarySecret, nil
}
}