iSharkFly-Docs/packer-cn
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
packer-cn/template/interpolate/funcs.go
Wilken Rivera 20eeffee0d
integration/secretsmanager: Add support for AWS SharedConfig file (#9781) 
This changes updates the AWS Secrets manager session authentication
logic to support reading the AWS configuration file for default
credentials and region settings, if they are not provided via
environment variables.

* Modify error output a little to remove stutter "error ... : error ...`

Results before change
```
unset AWS_REGION
⇶  ~/pkg/packer build amazon-ebs_secretsmanager_shell-local.json
template: root:1:3: executing "root" at <aws_secretsmanager `packer/test/keys`
`shell`>: error calling aws_secretsmanager: Error getting secret: MissingRegion:
could not find region configuration
```

Results after change
```
unset AWS_REGION
⇶  ~/pkg/packer build amazon-ebs_secretsmanager_shell-local.json
null: output will be in this color.

==> null: Running local shell script: /tmp/packer-shell721444992
    null: powershell
Build 'null' finished after 4 milliseconds 121 microseconds.

==> Wait completed after 4 milliseconds 192 microseconds

==> Builds finished. The artifacts of successful builds are:
```
2020-08-18 10:51:48 -04:00

353 lines
9.3 KiB
Go
Raw Blame History

package interpolate
import (
"errors"
"fmt"
"os"
"path/filepath"
"strconv"
"strings"
"text/template"
"time"
consulapi "github.com/hashicorp/consul/api"
commontpl "github.com/hashicorp/packer/common/template"
"github.com/hashicorp/packer/common/uuid"
"github.com/hashicorp/packer/helper/common"
awssmapi "github.com/hashicorp/packer/template/interpolate/aws/secretsmanager"
"github.com/hashicorp/packer/version"
strftime "github.com/jehiah/go-strftime"
)
// InitTime is the UTC time when this package was initialized. It is
// used as the timestamp for all configuration templates so that they
// match for a single build.
var InitTime time.Time
func init() {
InitTime = time.Now().UTC()
}
// Funcs are the interpolation funcs that are available within interpolations.
var FuncGens = map[string]interface{}{
"build_name": funcGenBuildName,
"build_type": funcGenBuildType,
"env": funcGenEnv,
"isotime": funcGenIsotime,
"strftime": funcGenStrftime,
"pwd": funcGenPwd,
"split": funcGenSplitter,
"template_dir": funcGenTemplateDir,
"timestamp": funcGenTimestamp,
"uuid": funcGenUuid,
"user": funcGenUser,
"packer_version": funcGenPackerVersion,
"consul_key": funcGenConsul,
"vault": funcGenVault,
"sed": funcGenSed,
"build": funcGenBuild,
"aws_secretsmanager": funcGenAwsSecrets,
"replace": replace,
"replace_all": replace_all,
"upper": strings.ToUpper,
"lower": strings.ToLower,
}
var ErrVariableNotSetString = "Error: variable not set:"
// FuncGenerator is a function that given a context generates a template
// function for the template.
type FuncGenerator func(*Context) interface{}
// Funcs returns the functions that can be used for interpolation given
// a context.
func Funcs(ctx *Context) template.FuncMap {
result := make(map[string]interface{})
for k, v := range FuncGens {
switch v := v.(type) {
case func(*Context) interface{}:
result[k] = v(ctx)
default:
result[k] = v
}
}
if ctx != nil {
for k, v := range ctx.Funcs {
result[k] = v
}
}
return template.FuncMap(result)
}
func funcGenSplitter(ctx *Context) interface{} {
return func(k string, s string, i int) (string, error) {
// return func(s string) (string, error) {
split := strings.Split(k, s)
if len(split) <= i {
return "", fmt.Errorf("the substring %d was unavailable using the separator value, %s, only %d values were found", i, s, len(split))
}
return split[i], nil
}
}
func funcGenBuildName(ctx *Context) interface{} {
return func() (string, error) {
if ctx == nil || ctx.BuildName == "" {
return "", errors.New("build_name not available")
}
return ctx.BuildName, nil
}
}
func funcGenBuildType(ctx *Context) interface{} {
return func() (string, error) {
if ctx == nil || ctx.BuildType == "" {
return "", errors.New("build_type not available")
}
return ctx.BuildType, nil
}
}
func funcGenEnv(ctx *Context) interface{} {
return func(k string) (string, error) {
if !ctx.EnableEnv {
// The error message doesn't have to be that detailed since
// semantic checks should catch this.
return "", errors.New("env vars are not allowed here")
}
return os.Getenv(k), nil
}
}
func funcGenIsotime(ctx *Context) interface{} {
return func(format ...string) (string, error) {
if len(format) == 0 {
return InitTime.Format(time.RFC3339), nil
}
if len(format) > 1 {
return "", fmt.Errorf("too many values, 1 needed: %v", format)
}
return InitTime.Format(format[0]), nil
}
}
func funcGenStrftime(ctx *Context) interface{} {
return func(format string) string {
return strftime.Format(format, InitTime)
}
}
func funcGenPwd(ctx *Context) interface{} {
return func() (string, error) {
return os.Getwd()
}
}
func funcGenTemplateDir(ctx *Context) interface{} {
return func() (string, error) {
if ctx == nil || ctx.TemplatePath == "" {
return "", errors.New("template path not available")
}
path, err := filepath.Abs(filepath.Dir(ctx.TemplatePath))
if err != nil {
return "", err
}
return path, nil
}
}
func passthroughOrInterpolate(data map[interface{}]interface{}, s string) (string, error) {
if heldPlace, ok := data[s]; ok {
if hp, ok := heldPlace.(string); ok {
// If we're in the first interpolation pass, the goal is to
// make sure that we pass the value through.
// TODO match against an actual string constant
if strings.Contains(hp, common.PlaceholderMsg) {
return fmt.Sprintf("{{.%s}}", s), nil
} else {
return hp, nil
}
}
}
return "", fmt.Errorf("loaded data, but couldnt find %s in it.", s)
}
func funcGenBuild(ctx *Context) interface{} {
// Depending on where the context data is coming from, it could take a few
// different map types. The following switch standardizes the map types
// so we can act on them correctly.
return func(s string) (string, error) {
switch data := ctx.Data.(type) {
case map[interface{}]interface{}:
return passthroughOrInterpolate(data, s)
case map[string]interface{}:
// convert to a map[interface{}]interface{} so we can use same
// parsing on it
passed := make(map[interface{}]interface{}, len(data))
for k, v := range data {
passed[k] = v
}
return passthroughOrInterpolate(passed, s)
case map[string]string:
// convert to a map[interface{}]interface{} so we can use same
// parsing on it
passed := make(map[interface{}]interface{}, len(data))
for k, v := range data {
passed[k] = v
}
return passthroughOrInterpolate(passed, s)
default:
return "", fmt.Errorf("Error validating build variable: the given "+
"variable %s will not be passed into your plugin.", s)
}
}
}
func funcGenTimestamp(ctx *Context) interface{} {
return func() string {
return strconv.FormatInt(InitTime.Unix(), 10)
}
}
func funcGenUser(ctx *Context) interface{} {
return func(k string) (string, error) {
if ctx == nil || ctx.UserVariables == nil {
return "", errors.New("test")
}
val, ok := ctx.UserVariables[k]
if ctx.EnableEnv {
// error and retry if we're interpolating UserVariables. But if
// we're elsewhere in the template, just return the empty string.
if !ok {
return "", fmt.Errorf("%s %s", ErrVariableNotSetString, k)
}
}
return val, nil
}
}
func funcGenUuid(ctx *Context) interface{} {
return func() string {
return uuid.TimeOrderedUUID()
}
}
func funcGenPackerVersion(ctx *Context) interface{} {
return func() string {
return version.FormattedVersion()
}
}
func funcGenConsul(ctx *Context) interface{} {
return func(k string) (string, error) {
if !ctx.EnableEnv {
// The error message doesn't have to be that detailed since
// semantic checks should catch this.
return "", errors.New("consul_key is not allowed here")
}
consulConfig := consulapi.DefaultConfig()
client, err := consulapi.NewClient(consulConfig)
if err != nil {
return "", fmt.Errorf("error getting consul client: %s", err)
}
q := &consulapi.QueryOptions{}
kv, _, err := client.KV().Get(k, q)
if err != nil {
return "", fmt.Errorf("error reading consul key: %s", err)
}
if kv == nil {
return "", fmt.Errorf("key does not exist at the given path: %s", k)
}
value := string(kv.Value)
if value == "" {
return "", fmt.Errorf("value is empty at path %s", k)
}
return value, nil
}
}
func funcGenVault(ctx *Context) interface{} {
return func(path string, key string) (string, error) {
// Only allow interpolation from Vault when env vars are being read.
if !ctx.EnableEnv {
// The error message doesn't have to be that detailed since
// semantic checks should catch this.
return "", errors.New("Vault vars are only allowed in the variables section")
}
return commontpl.Vault(path, key)
}
}
func funcGenAwsSecrets(ctx *Context) interface{} {
return func(secret ...string) (string, error) {
if !ctx.EnableEnv {
// The error message doesn't have to be that detailed since
// semantic checks should catch this.
return "", errors.New("AWS Secrets Manager is only allowed in the variables section")
}
// Check if at least 1 parameter has been used
if len(secret) == 0 {
return "", errors.New("At least one secret name must be provided")
}
// client uses AWS SDK CredentialChain method. So,credentials can
// be loaded from credential file, environment variables, or IAM
// roles.
client := awssmapi.New(
&awssmapi.AWSConfig{},
)
var name, key string
name = secret[0]
// key is optional if not used we fetch the first
// value stored in given secret. If more than two parameters
// are passed we take second param and ignore the others
if len(secret) > 1 {
key = secret[1]
}
spec := &awssmapi.SecretSpec{
Name: name,
Key: key,
}
s, err := client.GetSecret(spec)
if err != nil {
return "", err
}
return s, nil
}
}
func funcGenSed(ctx *Context) interface{} {
return func(expression string, inputString string) (string, error) {
return "", errors.New("template function `sed` is deprecated " +
"use `replace` or `replace_all` instead." +
"Documentation: https://www.packer.io/docs/templates/engine")
}
}
func replace_all(old, new, src string) string {
return strings.ReplaceAll(src, old, new)
}
func replace(old, new string, n int, src string) string {
return strings.Replace(src, old, new, n)
}
Reference in New Issue View Git Blame Copy Permalink