/
awssecretsmanagertemplatefuncs.go
94 lines (76 loc) · 2.34 KB
/
awssecretsmanagertemplatefuncs.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
package cmd
import (
"context"
"encoding/base64"
"encoding/json"
"github.com/aws/aws-sdk-go-v2/aws"
"github.com/aws/aws-sdk-go-v2/config"
"github.com/aws/aws-sdk-go-v2/service/secretsmanager"
)
type awsSecretsManagerConfig struct {
Region string `json:"region" mapstructure:"region" yaml:"region"`
Profile string `json:"profile" mapstructure:"profile" yaml:"profile"`
svc *secretsmanager.Client
cache map[string]string
jsonCache map[string]map[string]any
}
func (c *Config) awsSecretsManagerRawTemplateFunc(arn string) string {
if secret, ok := c.AWSSecretsManager.cache[arn]; ok {
return secret
}
if c.AWSSecretsManager.svc == nil {
var opts []func(*config.LoadOptions) error
if region := c.AWSSecretsManager.Region; len(region) > 0 {
opts = append(opts, config.WithRegion(region))
}
if profile := c.AWSSecretsManager.Profile; len(profile) > 0 {
opts = append(opts, config.WithSharedConfigProfile(profile))
}
opts = append(opts, config.WithRetryMaxAttempts(1))
cfg, err := config.LoadDefaultConfig(context.Background(), opts...)
if err != nil {
panic(err)
}
c.AWSSecretsManager.svc = secretsmanager.NewFromConfig(cfg)
}
result, err := c.AWSSecretsManager.svc.GetSecretValue(
context.Background(),
&secretsmanager.GetSecretValueInput{
SecretId: aws.String(arn),
},
)
if err != nil {
panic(err)
}
var secret string
if result.SecretString != nil {
secret = *result.SecretString
} else {
decodedBinarySecretBytes := make([]byte, base64.StdEncoding.DecodedLen(len(result.SecretBinary)))
length, err := base64.StdEncoding.Decode(decodedBinarySecretBytes, result.SecretBinary)
if err != nil {
panic(err)
}
secret = string(decodedBinarySecretBytes[:length])
}
if c.AWSSecretsManager.cache == nil {
c.AWSSecretsManager.cache = make(map[string]string)
}
c.AWSSecretsManager.cache[arn] = secret
return secret
}
func (c *Config) awsSecretsManagerTemplateFunc(arn string) map[string]any {
if secret, ok := c.AWSSecretsManager.jsonCache[arn]; ok {
return secret
}
raw := c.awsSecretsManagerRawTemplateFunc(arn)
var data map[string]any
if err := json.Unmarshal([]byte(raw), &data); err != nil {
panic(err)
}
if c.AWSSecretsManager.jsonCache == nil {
c.AWSSecretsManager.jsonCache = make(map[string]map[string]any)
}
c.AWSSecretsManager.jsonCache[arn] = data
return data
}