/
secretmanager.go
executable file
·66 lines (56 loc) · 2.04 KB
/
secretmanager.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
package aws
import (
"context"
"encoding/json"
"fmt"
"time"
"github.com/aws/aws-sdk-go-v2/aws"
"github.com/aws/aws-sdk-go-v2/service/secretsmanager"
"github.com/sabariramc/goserverbase/v5/log"
)
type SecretManager struct {
_ struct{}
*secretsmanager.Client
log log.Log
}
type secretManagerCache struct {
data secretsmanager.GetSecretValueOutput
expireTime time.Time
}
var secretCache = make(map[string]secretManagerCache)
var defaultSecretManagerClient *secretsmanager.Client
func NewSecretManagerClientWithSession(awsConfig aws.Config) *secretsmanager.Client {
client := secretsmanager.NewFromConfig(awsConfig)
return client
}
func GetDefaultSecretManagerClient(logger log.Log) *SecretManager {
if defaultSecretManagerClient == nil {
defaultSecretManagerClient = NewSecretManagerClientWithSession(*defaultAWSConfig)
}
return NewSecretManagerClient(logger, defaultSecretManagerClient)
}
func NewSecretManagerClient(logger log.Log, client *secretsmanager.Client) *SecretManager {
return &SecretManager{Client: client, log: logger.NewResourceLogger("SecretManager")}
}
func (s *SecretManager) GetSecret(ctx context.Context, secretArn string) (map[string]interface{}, error) {
secretCacheData, ok := secretCache[secretArn]
if ok && time.Now().Before(secretCacheData.expireTime) {
s.log.Notice(ctx, "Secret fetched from cache", nil)
} else {
req := &secretsmanager.GetSecretValueInput{SecretId: &secretArn}
res, err := s.Client.GetSecretValue(ctx, req)
if err != nil {
s.log.Error(ctx, "error fetching secret", err)
return nil, fmt.Errorf("SecretManager.GetSecret: error fetching secret: %w", err)
}
secretCacheData = secretManagerCache{expireTime: time.Now().Add(time.Minute * 15), data: *res}
secretCache[secretArn] = secretCacheData
}
data := make(map[string]interface{})
err := json.Unmarshal([]byte(*secretCacheData.data.SecretString), &data)
if err != nil {
s.log.Error(ctx, "Secret un-marshall error", err)
return nil, fmt.Errorf("SecretManager.GetSecret: error un-marshalling secret data: %w", err)
}
return data, nil
}