iSharkFly-Docs
/
packer-cn
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add error check 

Thrown an error if no key is given when secret has mutliple values
This commit is contained in:
Juan Mesa 2020-05-23 15:02:16 +02:00
parent 688ed63edf
commit cc34da365a
2 changed files with 19 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
template/interpolate/aws/secretsmanager/secretsmanager.go
View File

@ -83,7 +83,11 @@ func getSecretValue(s *SecretString, spec *SecretSpec) (string, error) {
return "", err return "", err
} }
// If key is not set then return first value stored in secret // If key is not set and secret has multiple keys, return error
if spec.Key == "" && len(secretValue) > 1 {
return "", errors.New("Secret has multiple values and no key was set")
}
if spec.Key == "" { if spec.Key == "" {
for _, v := range secretValue { for _, v := range secretValue {
return v, nil return v, nil

21
template/interpolate/aws/secretsmanager/secretsmanager_test.go
View File

@ -20,13 +20,15 @@ func (m mockedSecret) GetSecretValue(in *secretsmanager.GetSecretValueInput) (*s
func TestGetSecret(t *testing.T) { func TestGetSecret(t *testing.T) {
testCases := []struct { testCases := []struct {
arg *SecretSpec description string
mock secretsmanager.GetSecretValueOutput arg *SecretSpec
want string mock secretsmanager.GetSecretValueOutput
ok bool want string
ok bool
}{ }{
{ {
arg: &SecretSpec{Name: "test/secret"}, description: "input has valid secret name, secret has single key",
arg: &SecretSpec{Name: "test/secret"},
mock: secretsmanager.GetSecretValueOutput{ mock: secretsmanager.GetSecretValueOutput{
Name: aws.String("test/secret"), Name: aws.String("test/secret"),
SecretString: aws.String(`{"key": "test"}`), SecretString: aws.String(`{"key": "test"}`),
@ -35,6 +37,7 @@ func TestGetSecret(t *testing.T) {
ok: true, ok: true,
}, },
{ {
description: "input has valid secret name and key, secret has single key",
arg: &SecretSpec{ arg: &SecretSpec{
Name: "test/secret", Name: "test/secret",
Key: "key", Key: "key",
@ -47,6 +50,7 @@ func TestGetSecret(t *testing.T) {
ok: true, ok: true,
}, },
{ {
description: "input has valid secret name and key, secret has multiple keys",
arg: &SecretSpec{ arg: &SecretSpec{
Name: "test/secret", Name: "test/secret",
Key: "second_key", Key: "second_key",
@ -59,6 +63,7 @@ func TestGetSecret(t *testing.T) {
ok: true, ok: true,
}, },
{ {
description: "input has valid secret name and no key, secret has multiple keys",
arg: &SecretSpec{ arg: &SecretSpec{
Name: "test/secret", Name: "test/secret",
}, },
@ -66,10 +71,10 @@ func TestGetSecret(t *testing.T) {
Name: aws.String("test/secret"), Name: aws.String("test/secret"),
SecretString: aws.String(`{"first_key": "first_val", "second_key": "second_val"}`), SecretString: aws.String(`{"first_key": "first_val", "second_key": "second_val"}`),
}, },
want: "first_val", ok: false,
ok: true,
}, },
{ {
description: "input has valid secret name and invalid key, secret has single key",
arg: &SecretSpec{ arg: &SecretSpec{
Name: "test/secret", Name: "test/secret",
Key: "nonexistent", Key: "nonexistent",
@ -81,6 +86,7 @@ func TestGetSecret(t *testing.T) {
ok: false, ok: false,
}, },
{ {
description: "input has valid secret name and invalid key, secret has multiple keys",
arg: &SecretSpec{ arg: &SecretSpec{
Name: "test/secret", Name: "test/secret",
Key: "nonexistent", Key: "nonexistent",
@ -92,6 +98,7 @@ func TestGetSecret(t *testing.T) {
ok: false, ok: false,
}, },
{ {
description: "input has secret and key, secret is empty",
arg: &SecretSpec{ arg: &SecretSpec{
Name: "test/secret", Name: "test/secret",
Key: "nonexistent", Key: "nonexistent",