integrations/secretsmanager: Add support for plaintext, non key/pair, secrets (#9773)

This commit is contained in:
Wilken Rivera 2020-08-17 07:41:21 -04:00 committed by GitHub
parent 156b6ac2b4
commit 56f6a976de
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 37 additions and 3 deletions

View File

@ -75,9 +75,13 @@ func (c *Client) GetSecret(spec *SecretSpec) (string, error) {
func getSecretValue(s *SecretString, spec *SecretSpec) (string, error) {
var secretValue map[string]string
blob := []byte(s.SecretString)
//For those plaintext secrets just return the value
if json.Valid(blob) != true {
return s.SecretString, nil
}
err := json.Unmarshal(blob, &secretValue)
if err != nil {
return "", err

View File

@ -106,6 +106,18 @@ func TestGetSecret(t *testing.T) {
mock: secretsmanager.GetSecretValueOutput{},
ok: false,
},
{
description: "input has secret stored as plaintext",
arg: &SecretSpec{
Name: "test",
},
mock: secretsmanager.GetSecretValueOutput{
Name: aws.String("test"),
SecretString: aws.String("ThisIsThePassword"),
},
want: "ThisIsThePassword",
ok: true,
},
}
for _, test := range testCases {

View File

@ -191,10 +191,25 @@ and detailed documentation for usage of each of those variables can be found
## AWS Secrets Manager Variables
Secrets can be read from [AWS Secrets Manager](https://aws.amazon.com/secrets-manager/)
and used within your template as user variables. the `aws_secretsmanager` function is
and used within your template as user variables. The `aws_secretsmanager` function is
available _only_ within the default value of a user variable, allowing you to default
a user variable to an AWS Secrets Manager secret.
### Plaintext Secrets
```json
{
"variables": {
"password": "{{ aws_secretsmanager `globalpassword` }}"
}
}
```
In the example above it is assumed that the secret `globalpassword` is not
stored as a key pair but as a single non-JSON string value. Which the
`aws_secretsmanager` function will return as a raw string.
### Single Key Secrets
```json
{
"variables": {
@ -203,8 +218,11 @@ a user variable to an AWS Secrets Manager secret.
}
```
In the example above it is assumed that only one key is stored in `sample/app/password` if there are multiple keys stored in it then you need to indicate the specific key you want to fetch as shown below.
In the example above it is assumed that only one key is stored in
`sample/app/password` if there are multiple keys stored in it then you need
to indicate the specific key you want to fetch as shown below.
### Multiple Key Secrets
```json
{
"variables": {