From cc34da365a5734ce039e8cca455b40130891d762 Mon Sep 17 00:00:00 2001 From: Juan Mesa Date: Sat, 23 May 2020 15:02:16 +0200 Subject: [PATCH] Add error check Thrown an error if no key is given when secret has mutliple values --- .../aws/secretsmanager/secretsmanager.go | 6 +++++- .../aws/secretsmanager/secretsmanager_test.go | 21 ++++++++++++------- 2 files changed, 19 insertions(+), 8 deletions(-) diff --git a/template/interpolate/aws/secretsmanager/secretsmanager.go b/template/interpolate/aws/secretsmanager/secretsmanager.go index a9555f754..b0ce5dfb3 100644 --- a/template/interpolate/aws/secretsmanager/secretsmanager.go +++ b/template/interpolate/aws/secretsmanager/secretsmanager.go @@ -83,7 +83,11 @@ func getSecretValue(s *SecretString, spec *SecretSpec) (string, error) { return "", err } - // If key is not set then return first value stored in secret + // If key is not set and secret has multiple keys, return error + if spec.Key == "" && len(secretValue) > 1 { + return "", errors.New("Secret has multiple values and no key was set") + } + if spec.Key == "" { for _, v := range secretValue { return v, nil diff --git a/template/interpolate/aws/secretsmanager/secretsmanager_test.go b/template/interpolate/aws/secretsmanager/secretsmanager_test.go index d38a63288..a2831b6db 100644 --- a/template/interpolate/aws/secretsmanager/secretsmanager_test.go +++ b/template/interpolate/aws/secretsmanager/secretsmanager_test.go @@ -20,13 +20,15 @@ func (m mockedSecret) GetSecretValue(in *secretsmanager.GetSecretValueInput) (*s func TestGetSecret(t *testing.T) { testCases := []struct { - arg *SecretSpec - mock secretsmanager.GetSecretValueOutput - want string - ok bool + description string + arg *SecretSpec + mock secretsmanager.GetSecretValueOutput + want string + ok bool }{ { - arg: &SecretSpec{Name: "test/secret"}, + description: "input has valid secret name, secret has single key", + arg: &SecretSpec{Name: "test/secret"}, mock: secretsmanager.GetSecretValueOutput{ Name: aws.String("test/secret"), SecretString: aws.String(`{"key": "test"}`), @@ -35,6 +37,7 @@ func TestGetSecret(t *testing.T) { ok: true, }, { + description: "input has valid secret name and key, secret has single key", arg: &SecretSpec{ Name: "test/secret", Key: "key", @@ -47,6 +50,7 @@ func TestGetSecret(t *testing.T) { ok: true, }, { + description: "input has valid secret name and key, secret has multiple keys", arg: &SecretSpec{ Name: "test/secret", Key: "second_key", @@ -59,6 +63,7 @@ func TestGetSecret(t *testing.T) { ok: true, }, { + description: "input has valid secret name and no key, secret has multiple keys", arg: &SecretSpec{ Name: "test/secret", }, @@ -66,10 +71,10 @@ func TestGetSecret(t *testing.T) { Name: aws.String("test/secret"), SecretString: aws.String(`{"first_key": "first_val", "second_key": "second_val"}`), }, - want: "first_val", - ok: true, + ok: false, }, { + description: "input has valid secret name and invalid key, secret has single key", arg: &SecretSpec{ Name: "test/secret", Key: "nonexistent", @@ -81,6 +86,7 @@ func TestGetSecret(t *testing.T) { ok: false, }, { + description: "input has valid secret name and invalid key, secret has multiple keys", arg: &SecretSpec{ Name: "test/secret", Key: "nonexistent", @@ -92,6 +98,7 @@ func TestGetSecret(t *testing.T) { ok: false, }, { + description: "input has secret and key, secret is empty", arg: &SecretSpec{ Name: "test/secret", Key: "nonexistent",