github.com/Cloud-Foundations/Dominator@v0.3.4/lib/repowatch/awsSecretsManager.go

github.com/Cloud-Foundations/Dominator@v0.3.4/lib/repowatch/awsSecretsManager.go (about)

     1  package repowatch
     2  
     3  import (
     4  	"encoding/json"
     5  	"errors"
     6  	"fmt"
     7  	"sync"
     8  
     9  	"github.com/aws/aws-sdk-go/aws"
    10  	"github.com/aws/aws-sdk-go/aws/arn"
    11  	"github.com/aws/aws-sdk-go/aws/ec2metadata"
    12  	"github.com/aws/aws-sdk-go/aws/session"
    13  	"github.com/aws/aws-sdk-go/service/secretsmanager"
    14  )
    15  
    16  var (
    17  	awsSecretsManagerLock                sync.Mutex
    18  	awsSecretsManagerMetadataClient      *ec2metadata.EC2Metadata
    19  	awsSecretsManagerMetadataClientError error
    20  )
    21  
    22  func getMetadataClient() (*ec2metadata.EC2Metadata, error) {
    23  	awsSecretsManagerLock.Lock()
    24  	defer awsSecretsManagerLock.Unlock()
    25  	if awsSecretsManagerMetadataClient != nil {
    26  		return awsSecretsManagerMetadataClient, nil
    27  	}
    28  	if awsSecretsManagerMetadataClientError != nil {
    29  		return nil, awsSecretsManagerMetadataClientError
    30  	}
    31  	metadataClient := ec2metadata.New(session.New())
    32  	if !metadataClient.Available() {
    33  		awsSecretsManagerMetadataClientError = errors.New(
    34  			"not running on AWS or metadata is not available")
    35  		return nil, awsSecretsManagerMetadataClientError
    36  	}
    37  	awsSecretsManagerMetadataClient = metadataClient
    38  	return awsSecretsManagerMetadataClient, nil
    39  }
    40  
    41  func getAwsSecret(metadataClient *ec2metadata.EC2Metadata,
    42  	secretId string) (map[string]string, error) {
    43  	var region string
    44  	if arn, err := arn.Parse(secretId); err == nil {
    45  		region = arn.Region
    46  	} else {
    47  		region, err = metadataClient.Region()
    48  		if err != nil {
    49  			return nil, err
    50  		}
    51  	}
    52  	awsSession, err := session.NewSession(&aws.Config{
    53  		Region: aws.String(region),
    54  	})
    55  	if err != nil {
    56  		return nil, fmt.Errorf("error creating session: %s", err)
    57  	}
    58  	if awsSession == nil {
    59  		return nil, errors.New("awsSession == nil")
    60  	}
    61  	awsService := secretsmanager.New(awsSession)
    62  	input := secretsmanager.GetSecretValueInput{SecretId: aws.String(secretId)}
    63  	output, err := awsService.GetSecretValue(&input)
    64  	if err != nil {
    65  		return nil,
    66  			fmt.Errorf("error calling secretsmanager:GetSecretValue: %s", err)
    67  	}
    68  	if output.SecretString == nil {
    69  		return nil, errors.New("no SecretString in secret")
    70  	}
    71  	secret := []byte(*output.SecretString)
    72  	var secrets map[string]string
    73  	if err := json.Unmarshal(secret, &secrets); err != nil {
    74  		return nil, fmt.Errorf("error unmarshaling secret: %s", err)
    75  	}
    76  	return secrets, nil
    77  }