github.com/hashicorp/packer@v1.14.3/hcl2template/function/aws_secretetkey.go (about) 1 // Copyright (c) HashiCorp, Inc. 2 // SPDX-License-Identifier: BUSL-1.1 3 4 package function 5 6 import ( 7 "github.com/zclconf/go-cty/cty" 8 "github.com/zclconf/go-cty/cty/function" 9 10 commontpl "github.com/hashicorp/packer-plugin-sdk/template" 11 ) 12 13 // AWSSecret constructs a function that retrieves secrets from aws secrets 14 // manager. If Key field is not set then we will return first secret key stored 15 // in secret name. 16 var AWSSecret = function.New(&function.Spec{ 17 Params: []function.Parameter{ 18 { 19 Name: "name", 20 Type: cty.String, 21 AllowNull: false, 22 AllowUnknown: false, 23 }, 24 { 25 Name: "key", 26 Type: cty.String, 27 AllowNull: true, 28 AllowUnknown: false, 29 }, 30 }, 31 Type: function.StaticReturnType(cty.String), 32 Impl: func(args []cty.Value, retType cty.Type) (cty.Value, error) { 33 name := args[0].AsString() 34 var key string 35 if !args[1].IsNull() && args[1].IsWhollyKnown() { 36 key = args[1].AsString() 37 } 38 val, err := commontpl.GetAWSSecret(name, key) 39 40 return cty.StringVal(val), err 41 }, 42 }) 43 44 // AWSSecret constructs a function that retrieves secrets from aws secrets 45 // manager. 46 // 47 // Contrary to AWSSecret, it does not accept a key, and instead returns the raw 48 // value of the secret at all times, i.e. if it's plaintext it will return the 49 // value, and if it's a key/value secret, the raw JSON will be returned. 50 var AWSSecretRaw = function.New(&function.Spec{ 51 Params: []function.Parameter{ 52 { 53 Name: "name", 54 Description: "The name of the secret to fetch", 55 Type: cty.String, 56 AllowNull: false, 57 AllowUnknown: false, 58 }, 59 }, 60 Type: function.StaticReturnType(cty.String), 61 Impl: func(args []cty.Value, retType cty.Type) (cty.Value, error) { 62 name := args[0].AsString() 63 val, err := commontpl.GetRawAWSSecret(name) 64 if err != nil { 65 return cty.NullVal(cty.String), err 66 } 67 return cty.StringVal(val), nil 68 }, 69 })