Skip to content
Snippets Groups Projects
Commit f2279aa6 authored by Daniel Naude's avatar Daniel Naude
Browse files

Migrate secret manager package to aws sdk v2

parent 96903bce
Branches
Tags
1 merge request!48Migrate to aws sdk for go v2
Show whitespace changes
Inline Side-by-side
secrets_manager/secrets_manager.go
+ 47
42
View file @ f2279aa6
package secrets_manager package secrets_manager
import ( import (
"context"
"encoding/base64" "encoding/base64"
"encoding/json" "encoding/json"
credentials2 "github.com/aws/aws-sdk-go/aws/credentials" "errors"
"os" "os"
"gitlab.bob.co.za/bob-public-utils/bobgroup-go-utils/logs" "gitlab.bob.co.za/bob-public-utils/bobgroup-go-utils/logs"
"gitlab.bob.co.za/bob-public-utils/bobgroup-go-utils/struct_utils" "gitlab.bob.co.za/bob-public-utils/bobgroup-go-utils/struct_utils"
"github.com/aws/aws-sdk-go/aws" "github.com/aws/aws-sdk-go-v2/aws"
"github.com/aws/aws-sdk-go/aws/awserr" "github.com/aws/aws-sdk-go-v2/config"
"github.com/aws/aws-sdk-go/aws/session" "github.com/aws/aws-sdk-go-v2/credentials"
"github.com/aws/aws-sdk-go/service/secretsmanager" "github.com/aws/aws-sdk-go-v2/service/secretsmanager"
"github.com/aws/aws-secretsmanager-caching-go/secretcache" "github.com/aws/aws-secretsmanager-caching-go/secretcache"
"github.com/aws/smithy-go"
) )
type DatabaseCredentials struct { type DatabaseCredentials struct {
...@@ -26,17 +28,12 @@ type DatabaseCredentials struct { ...@@ -26,17 +28,12 @@ type DatabaseCredentials struct {
ReadOnlyHost string `json:"aurora_read_only_host"` ReadOnlyHost string `json:"aurora_read_only_host"`
} }
type S3UploadCredentials struct {
AccessKeyID string `json:"accessKeyID"`
SecretKey string `json:"secretKey"`
}
var ( var (
secretCache, _ = secretcache.New() secretCache, _ = secretcache.New()
secretManagerRegion = "af-south-1" secretManagerRegion = "af-south-1"
) )
var secretManagerSession *secretsmanager.SecretsManager var secretManagerClient *secretsmanager.Client
func GetDatabaseCredentials(secretID string, isDebug bool) (DatabaseCredentials, error) { func GetDatabaseCredentials(secretID string, isDebug bool) (DatabaseCredentials, error) {
secret, _ := GetSecret(secretID, isDebug) secret, _ := GetSecret(secretID, isDebug)
...@@ -48,54 +45,62 @@ func GetDatabaseCredentials(secretID string, isDebug bool) (DatabaseCredentials, ...@@ -48,54 +45,62 @@ func GetDatabaseCredentials(secretID string, isDebug bool) (DatabaseCredentials,
return credentials, nil return credentials, nil
} }
func GetS3UploadCredentials(secretID string, isDebug bool) (*credentials2.Credentials, error) { func GetS3UploadCredentials(secretID string, isDebug bool) (aws.Credentials, error) {
secret, _ := GetSecret(secretID, isDebug) secret, _ := GetSecret(secretID, isDebug)
var credentials S3UploadCredentials var secretValue map[string]string
err := struct_utils.UnmarshalJSON([]byte(secret), &credentials) err := struct_utils.UnmarshalJSON([]byte(secret), &secretValue)
if err != nil { if err != nil {
return nil, err return aws.Credentials{}, err
} }
return credentials2.NewStaticCredentials(credentials.AccessKeyID, credentials.SecretKey, ""), nil
accessKeyID, ok := secretValue["AccessKeyID"]
if !ok {
return aws.Credentials{}, err
}
secretKey, ok := secretValue["SecretKey"]
if !ok {
return aws.Credentials{}, err
} }
// getSecretManagerSession Instantiates a new Secrets Manager client session creds := aws.NewCredentialsCache(credentials.NewStaticCredentialsProvider(accessKeyID, secretKey, ""))
func getSecretManagerSession(isDebug bool) (err error) {
// If a session already exists, use it return creds.Retrieve(context.TODO())
if secretManagerSession != nil { }
func instantiateSecretManagerClient(isDebug bool) (err error) {
// If a client already exists, use it
if secretManagerClient != nil {
return nil return nil
} }
awsSession, err := session.NewSession() cfg, err := config.LoadDefaultConfig(context.TODO())
if err != nil { if err != nil {
return err return err
} }
// Get local config // Get local config
if isDebug && os.Getenv("ENVIRONMENT") != "" { if isDebug && os.Getenv("ENVIRONMENT") != "" {
awsSession, err = session.NewSessionWithOptions(session.Options{ cfg, err = config.LoadDefaultConfig(context.TODO(),
Config: aws.Config{ config.WithRegion(secretManagerRegion),
Region: aws.String("af-south-1"), )
CredentialsChainVerboseErrors: aws.Bool(true),
},
})
if err != nil { if err != nil {
return err return err
} }
} }
// Create a Secrets Manager client session // Create a Secrets Manager client
secretManagerSession = secretsmanager.New(awsSession, aws.NewConfig().WithRegion(secretManagerRegion)) secretManagerClient = secretsmanager.NewFromConfig(cfg)
return nil return nil
} }
// logError Logs any errors returned by the Secrets Manager client // logError Logs any errors returned by the Secrets Manager client
func logError(err error) { func logError(err error) {
if aerr, ok := err.(awserr.Error); ok { var apiErr *smithy.GenericAPIError
logs.Info(aerr.Code()+" %s", aerr.Error()) if errors.As(err, &apiErr) {
logs.Info(apiErr.Code+" %s", apiErr.Message)
} else { } else {
// Print the error, cast err to awserr.Error to get the Code and
// Message from an error.
logs.Info(err.Error()) logs.Info(err.Error())
} }
} }
...@@ -108,7 +113,7 @@ func GetSecret(secretID string, isDebug bool) (string, string) { ...@@ -108,7 +113,7 @@ func GetSecret(secretID string, isDebug bool) (string, string) {
} }
// Create a Secrets Manager client // Create a Secrets Manager client
err := getSecretManagerSession(isDebug) err := instantiateSecretManagerClient(isDebug)
if err != nil { if err != nil {
logs.Info("Could not create client: %+v", err) logs.Info("Could not create client: %+v", err)
return "", "" return "", ""
...@@ -120,7 +125,7 @@ func GetSecret(secretID string, isDebug bool) (string, string) { ...@@ -120,7 +125,7 @@ func GetSecret(secretID string, isDebug bool) (string, string) {
VersionStage: aws.String("AWSCURRENT"), // VersionStage defaults to AWSCURRENT if unspecified VersionStage: aws.String("AWSCURRENT"), // VersionStage defaults to AWSCURRENT if unspecified
} }
result, err := secretManagerSession.GetSecretValue(input) result, err := secretManagerClient.GetSecretValue(context.TODO(), input)
if err != nil { if err != nil {
logError(err) logError(err)
return "", "" return "", ""
...@@ -147,7 +152,7 @@ func GetSecret(secretID string, isDebug bool) (string, string) { ...@@ -147,7 +152,7 @@ func GetSecret(secretID string, isDebug bool) (string, string) {
// CreateSecret Creates a JSON marshaled "string secret" (can be expanded to cater for binary secrets should the need arise) // CreateSecret Creates a JSON marshaled "string secret" (can be expanded to cater for binary secrets should the need arise)
func CreateSecret(secretID string, secret any, isDebug bool) (awsSecretID string, err error) { func CreateSecret(secretID string, secret any, isDebug bool) (awsSecretID string, err error) {
// Create a Secrets Manager client // Create a Secrets Manager client
err = getSecretManagerSession(isDebug) err = instantiateSecretManagerClient(isDebug)
if err != nil { if err != nil {
logs.Info("Could not create client: %+v", err) logs.Info("Could not create client: %+v", err)
return "", err return "", err
...@@ -164,18 +169,18 @@ func CreateSecret(secretID string, secret any, isDebug bool) (awsSecretID string ...@@ -164,18 +169,18 @@ func CreateSecret(secretID string, secret any, isDebug bool) (awsSecretID string
SecretString: aws.String(string(secretStr)), SecretString: aws.String(string(secretStr)),
} }
result, err := secretManagerSession.CreateSecret(input) result, err := secretManagerClient.CreateSecret(context.TODO(), input)
if err != nil { if err != nil {
logError(err) logError(err)
return "", err return "", err
} }
return aws.StringValue(result.Name), nil return aws.ToString(result.Name), nil
} }
func DeleteSecret(secretID string, forceWithoutRecovery bool, isDebug bool) error { func DeleteSecret(secretID string, forceWithoutRecovery bool, isDebug bool) error {
// Create a Secrets Manager client // Create a Secrets Manager client
err := getSecretManagerSession(isDebug) err := instantiateSecretManagerClient(isDebug)
if err != nil { if err != nil {
logs.Info("Could not create client: %+v", err) logs.Info("Could not create client: %+v", err)
return err return err
...@@ -187,7 +192,7 @@ func DeleteSecret(secretID string, forceWithoutRecovery bool, isDebug bool) erro ...@@ -187,7 +192,7 @@ func DeleteSecret(secretID string, forceWithoutRecovery bool, isDebug bool) erro
ForceDeleteWithoutRecovery: aws.Bool(forceWithoutRecovery), ForceDeleteWithoutRecovery: aws.Bool(forceWithoutRecovery),
} }
_, err = secretManagerSession.DeleteSecret(input) _, err = secretManagerClient.DeleteSecret(context.TODO(), input)
if err != nil { if err != nil {
logError(err) logError(err)
return err return err
...@@ -199,7 +204,7 @@ func DeleteSecret(secretID string, forceWithoutRecovery bool, isDebug bool) erro ...@@ -199,7 +204,7 @@ func DeleteSecret(secretID string, forceWithoutRecovery bool, isDebug bool) erro
// UpdateSecret Updates an exising secret // UpdateSecret Updates an exising secret
func UpdateSecret(secretID string, secret any, isDebug bool) error { func UpdateSecret(secretID string, secret any, isDebug bool) error {
// Create a Secrets Manager client // Create a Secrets Manager client
err := getSecretManagerSession(isDebug) err := instantiateSecretManagerClient(isDebug)
if err != nil { if err != nil {
logs.Info("Could not create client: %+v", err) logs.Info("Could not create client: %+v", err)
return err return err
...@@ -216,7 +221,7 @@ func UpdateSecret(secretID string, secret any, isDebug bool) error { ...@@ -216,7 +221,7 @@ func UpdateSecret(secretID string, secret any, isDebug bool) error {
SecretString: aws.String(string(secretStr)), SecretString: aws.String(string(secretStr)),
} }
_, err = secretManagerSession.UpdateSecret(input) _, err = secretManagerClient.UpdateSecret(context.TODO(), input)
if err != nil { if err != nil {
logError(err) logError(err)
return err return err
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment