github.com/hairyhenderson/templater@v3.5.0+incompatible/data/datasource_aws_sm.go (about) 1 package data 2 3 import ( 4 "path" 5 6 "github.com/aws/aws-sdk-go/aws" 7 "github.com/aws/aws-sdk-go/service/secretsmanager" 8 "github.com/pkg/errors" 9 10 gaws "github.com/hairyhenderson/gomplate/aws" 11 ) 12 13 // awsSecretsManagerGetter - A subset of Secrets Manager API for use in unit testing 14 type awsSecretsManagerGetter interface { 15 GetSecretValue(input *secretsmanager.GetSecretValueInput) (*secretsmanager.GetSecretValueOutput, error) 16 } 17 18 func parseAWSSecretsManagerArgs(origPath string, args ...string) (paramPath string, err error) { 19 paramPath = origPath 20 if len(args) >= 1 { 21 paramPath = path.Join(paramPath, args[0]) 22 } 23 24 if len(args) >= 2 { 25 err = errors.New("Maximum two arguments to aws+sm datasource: alias, extraPath") 26 } 27 return 28 } 29 30 func readAWSSecretsManager(source *Source, args ...string) (output []byte, err error) { 31 if source.awsSecretsManager == nil { 32 source.awsSecretsManager = secretsmanager.New(gaws.SDKSession()) 33 } 34 35 paramPath, err := parseAWSSecretsManagerArgs(source.URL.Path, args...) 36 if err != nil { 37 return nil, err 38 } 39 40 return readAWSSecretsManagerParam(source, paramPath) 41 } 42 43 func readAWSSecretsManagerParam(source *Source, paramPath string) ([]byte, error) { 44 input := &secretsmanager.GetSecretValueInput{ 45 SecretId: aws.String(paramPath), 46 } 47 48 response, err := source.awsSecretsManager.GetSecretValue(input) 49 if err != nil { 50 return nil, errors.Wrapf(err, "Error reading aws+sm from AWS using GetSecretValue with input %v", input) 51 } 52 53 return []byte(*response.SecretString), nil 54 }