github.com/darmach/terratest@v0.34.8-0.20210517103231-80931f95e3ff/modules/aws/secretsmanager.go (about) 1 package aws 2 3 import ( 4 "github.com/aws/aws-sdk-go/aws" 5 "github.com/aws/aws-sdk-go/service/secretsmanager" 6 "github.com/gruntwork-io/terratest/modules/logger" 7 "github.com/gruntwork-io/terratest/modules/testing" 8 "github.com/stretchr/testify/require" 9 ) 10 11 // CreateSecretStringWithDefaultKey creates a new secret in Secrets Manager using the default "aws/secretsmanager" KMS key and returns the secret ARN 12 func CreateSecretStringWithDefaultKey(t testing.TestingT, awsRegion, description, name, secretString string) string { 13 arn, err := CreateSecretStringWithDefaultKeyE(t, awsRegion, description, name, secretString) 14 require.NoError(t, err) 15 return arn 16 } 17 18 // CreateSecretStringWithDefaultKeyE creates a new secret in Secrets Manager using the default "aws/secretsmanager" KMS key and returns the secret ARN 19 func CreateSecretStringWithDefaultKeyE(t testing.TestingT, awsRegion, description, name, secretString string) (string, error) { 20 logger.Logf(t, "Creating new secret in secrets manager named %s", name) 21 22 client := NewSecretsManagerClient(t, awsRegion) 23 24 secret, err := client.CreateSecret(&secretsmanager.CreateSecretInput{ 25 Description: aws.String(description), 26 Name: aws.String(name), 27 SecretString: aws.String(secretString), 28 }) 29 30 if err != nil { 31 return "", err 32 } 33 34 return aws.StringValue(secret.ARN), nil 35 } 36 37 // GetSecretValue takes the friendly name or ARN of a secret and returns the plaintext value 38 func GetSecretValue(t testing.TestingT, awsRegion, id string) string { 39 secret, err := GetSecretValueE(t, awsRegion, id) 40 require.NoError(t, err) 41 return secret 42 } 43 44 // GetSecretValueE takes the friendly name or ARN of a secret and returns the plaintext value 45 func GetSecretValueE(t testing.TestingT, awsRegion, id string) (string, error) { 46 logger.Logf(t, "Getting value of secret with ID %s", id) 47 48 client := NewSecretsManagerClient(t, awsRegion) 49 50 secret, err := client.GetSecretValue(&secretsmanager.GetSecretValueInput{ 51 SecretId: aws.String(id), 52 }) 53 if err != nil { 54 return "", err 55 } 56 57 return aws.StringValue(secret.SecretString), nil 58 } 59 60 // DeleteSecret deletes a secret. If forceDelete is true, the secret will be deleted after a short delay. If forceDelete is false, the secret will be deleted after a 30 day recovery window. 61 func DeleteSecret(t testing.TestingT, awsRegion, id string, forceDelete bool) { 62 err := DeleteSecretE(t, awsRegion, id, forceDelete) 63 require.NoError(t, err) 64 } 65 66 // DeleteSecretE deletes a secret. If forceDelete is true, the secret will be deleted after a short delay. If forceDelete is false, the secret will be deleted after a 30 day recovery window. 67 func DeleteSecretE(t testing.TestingT, awsRegion, id string, forceDelete bool) error { 68 logger.Logf(t, "Deleting secret with ID %s", id) 69 70 client := NewSecretsManagerClient(t, awsRegion) 71 72 _, err := client.DeleteSecret(&secretsmanager.DeleteSecretInput{ 73 ForceDeleteWithoutRecovery: aws.Bool(forceDelete), 74 SecretId: aws.String(id), 75 }) 76 77 return err 78 } 79 80 // NewSecretsManagerClient creates a new SecretsManager client. 81 func NewSecretsManagerClient(t testing.TestingT, region string) *secretsmanager.SecretsManager { 82 client, err := NewSecretsManagerClientE(t, region) 83 require.NoError(t, err) 84 return client 85 } 86 87 // NewSecretsManagerClientE creates a new SecretsManager client. 88 func NewSecretsManagerClientE(t testing.TestingT, region string) (*secretsmanager.SecretsManager, error) { 89 sess, err := NewAuthenticatedSession(region) 90 if err != nil { 91 return nil, err 92 } 93 94 return secretsmanager.New(sess), nil 95 }