iSharkFly-Docs
/
packer-cn
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

integration/secretsmanager: Add support for AWS SharedConfig file (#9781) 

This changes updates the AWS Secrets manager session authentication
logic to support reading the AWS configuration file for default
credentials and region settings, if they are not provided via
environment variables.

* Modify error output a little to remove stutter "error ... : error ...`

Results before change
```
unset AWS_REGION
⇶  ~/pkg/packer build amazon-ebs_secretsmanager_shell-local.json
template: root:1:3: executing "root" at <aws_secretsmanager `packer/test/keys`
`shell`>: error calling aws_secretsmanager: Error getting secret: MissingRegion:
could not find region configuration
```

Results after change
```
unset AWS_REGION
⇶  ~/pkg/packer build amazon-ebs_secretsmanager_shell-local.json
null: output will be in this color.

==> null: Running local shell script: /tmp/packer-shell721444992
    null: powershell
Build 'null' finished after 4 milliseconds 121 microseconds.

==> Wait completed after 4 milliseconds 192 microseconds

==> Builds finished. The artifacts of successful builds are:
```
This commit is contained in:
Wilken Rivera 2020-08-18 10:51:48 -04:00 committed by GitHub
parent b0d2201d55
commit 20eeffee0d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 9 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
template/interpolate/aws/secretsmanager/secretsmanager.go
View File

@ -5,6 +5,7 @@ package secretsmanager
import (
"encoding/json"
"errors"
"fmt"
"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/aws/session"
@ -31,14 +32,15 @@ func New(config *AWSConfig) *Client {
func (c *Client) newSession(config *AWSConfig) *session.Session {
// Initialize config with error verbosity
sess := aws.NewConfig().WithCredentialsChainVerboseErrors(true)
sessConfig := aws.NewConfig().WithCredentialsChainVerboseErrors(true)
if config.Region != "" {
sess = sess.WithRegion(config.Region)
sessConfig = sessConfig.WithRegion(config.Region)
}
opts := session.Options{
Config: *sess,
SharedConfigState: session.SharedConfigEnable,
Config: *sessConfig,
}
return session.Must(session.NewSessionWithOptions(opts))
@ -102,5 +104,5 @@ func getSecretValue(s *SecretString, spec *SecretSpec) (string, error) {
return v, nil
}
return "", errors.New("No secret found")
return "", fmt.Errorf("No secret found for key %q", spec.Key)
}

6
template/interpolate/funcs.go
View File

@ -299,12 +299,12 @@ func funcGenAwsSecrets(ctx *Context) interface{} {
if !ctx.EnableEnv {
// The error message doesn't have to be that detailed since
// semantic checks should catch this.
return "", errors.New("AWS Secrets Manager vars are only allowed in the variables section")
return "", errors.New("AWS Secrets Manager is only allowed in the variables section")
}
// Check if at least 1 parameter has been used
if len(secret) == 0 {
return "", errors.New("At least one parameter must be used")
return "", errors.New("At least one secret name must be provided")
}
// client uses AWS SDK CredentialChain method. So,credentials can
// be loaded from credential file, environment variables, or IAM
@ -329,7 +329,7 @@ func funcGenAwsSecrets(ctx *Context) interface{} {
s, err := client.GetSecret(spec)
if err != nil {
return "", fmt.Errorf("Error getting secret: %s", err)
return "", err
}
return s, nil
}