integrations/secretsmanager: Add support for plaintext, non key/pair, secrets (#9773)

2020-08-17 07:41:21 -04:00 · 2020-08-17 07:41:21 -04:00 · 56f6a976de
parent 156b6ac2b4
commit 56f6a976de
3 changed files with 37 additions and 3 deletions
--- a/template/interpolate/aws/secretsmanager/secretsmanager.go
+++ b/template/interpolate/aws/secretsmanager/secretsmanager.go
@ -75,9 +75,13 @@ func (c *Client) GetSecret(spec *SecretSpec) (string, error) {

 func getSecretValue(s *SecretString, spec *SecretSpec) (string, error) {
 	var secretValue map[string]string
-
 	blob := []byte(s.SecretString)

+	//For those plaintext secrets just return the value
+	if json.Valid(blob) != true {
+		return s.SecretString, nil
+	}
+
 	err := json.Unmarshal(blob, &secretValue)
 	if err != nil {
 		return "", err
--- a/template/interpolate/aws/secretsmanager/secretsmanager_test.go
+++ b/template/interpolate/aws/secretsmanager/secretsmanager_test.go
@ -106,6 +106,18 @@ func TestGetSecret(t *testing.T) {
 			mock: secretsmanager.GetSecretValueOutput{},
 			ok:   false,
 		},
+		{
+			description: "input has secret stored as plaintext",
+			arg: &SecretSpec{
+				Name: "test",
+			},
+			mock: secretsmanager.GetSecretValueOutput{
+				Name:         aws.String("test"),
+				SecretString: aws.String("ThisIsThePassword"),
+			},
+			want: "ThisIsThePassword",
+			ok:   true,
+		},
 	}

 	for _, test := range testCases {
--- a/website/pages/docs/templates/user-variables.mdx
+++ b/website/pages/docs/templates/user-variables.mdx
@ -191,10 +191,25 @@ and detailed documentation for usage of each of those variables can be found
 ## AWS Secrets Manager Variables

 Secrets can be read from [AWS Secrets Manager](https://aws.amazon.com/secrets-manager/)
-and used within your template as user variables. the `aws_secretsmanager` function is
+and used within your template as user variables. The `aws_secretsmanager` function is
 available _only_ within the default value of a user variable, allowing you to default
 a user variable to an AWS Secrets Manager secret.

+
+### Plaintext Secrets
+```json
+{
+  "variables": {
+    "password": "{{ aws_secretsmanager `globalpassword` }}"
+  }
+}
+```
+
+In the example above it is assumed that the secret `globalpassword` is not
+    stored as a key pair but as a single non-JSON string value. Which the
+    `aws_secretsmanager` function will return as a raw string.
+
+### Single Key Secrets
 ```json
 {
  "variables": {
@ -203,8 +218,11 @@ a user variable to an AWS Secrets Manager secret.
 }
 ```

-In the example above it is assumed that only one key is stored in `sample/app/password` if there are multiple keys stored in it then you need to indicate the specific key you want to fetch as shown below.
+In the example above it is assumed that only one key is stored in
+    `sample/app/password` if there are multiple keys stored in it then you need
+    to indicate the specific key you want to fetch as shown below.

+### Multiple Key Secrets
 ```json
 {
  "variables": {