Merge pull request #7 from homeport/add/secret-group-id

Add option for `secretGroupID`
homeport · Dec 18, 2023 · 86dc2fa · 86dc2fa
2 parents bba9526 + f7bef59
commit 86dc2fa
Show file tree

Hide file tree

Showing 4 changed files with 14 additions and 10 deletions.
diff --git a/README.md b/README.md
@@ -7,6 +7,7 @@ Concourse resource for secrets stored in IBM Cloud Secrets Manager instances.
 - **endpointURL**: _Required_ Endpoint URL of the Secrets Manager instance to connect to, see [secrets manager docs](https://cloud.ibm.com/apidocs/secrets-manager/secrets-manager-v2?code=go#endpoints) for more details.
 - **apikey**: _Required_ API key that allows access to read from the respective secrets manager instance.
 - **secretName**: _Required_ Name of the secret in the secrets manager instance. This is the name, not the ID of the secret. The secret will be searched for by name through the API.
+- **secretGroupID**: _Optional_ ID of the secret group to narrow down the search for the secret.
 
 ### Example
 

diff --git a/internal/smr/models.go b/internal/smr/models.go
@@ -41,9 +41,10 @@ type InConfig struct {
 }
 
 type Source struct {
-	EndpointURL string `json:"endpointURL"`
-	ApiKey      string `json:"apikey"`
-	SecretName  string `json:"secretName"`
+	EndpointURL   string `json:"endpointURL"`
+	ApiKey        string `json:"apikey"`
+	SecretName    string `json:"secretName"`
+	SecretGroupID string `json:"secretGroupID"`
 }
 
 type CheckResult []Version

diff --git a/internal/smr/resource.go b/internal/smr/resource.go
@@ -60,7 +60,7 @@ func Check(r io.Reader) error {
 		return err
 	}
 
-	metadata, err := GetSecretMetaDataBySecretName(*secretsManagerService, config.Source.SecretName)
+	metadata, err := GetSecretMetaDataBySecretName(*secretsManagerService, config.Source)
 	if err != nil {
 		return err
 	}
@@ -92,7 +92,7 @@ func In(r io.Reader, target string) error {
 		return err
 	}
 
-	metadata, err := GetSecretMetaDataBySecretName(*secretsManagerService, config.Source.SecretName)
+	metadata, err := GetSecretMetaDataBySecretName(*secretsManagerService, config.Source)
 	if err != nil {
 		return err
 	}

diff --git a/internal/smr/secrets.go b/internal/smr/secrets.go
@@ -56,9 +56,11 @@ func (s *SecretMetadata) Id() (string, error) {
 	return *s.ID, nil
 }
 
-func GetSecretMetaDataBySecretName(service sm.SecretsManagerV2, name string) (*SecretMetadata, error) {
-	listSecretsOptions := &sm.ListSecretsOptions{
-		Search: &name,
+func GetSecretMetaDataBySecretName(service sm.SecretsManagerV2, source Source) (*SecretMetadata, error) {
+	listSecretsOptions := &sm.ListSecretsOptions{Search: &source.SecretName}
+
+	if source.SecretGroupID != "" {
+		listSecretsOptions.Groups = append(listSecretsOptions.Groups, source.SecretGroupID)
 	}
 
 	pager, err := service.NewSecretsPager(listSecretsOptions)
@@ -77,11 +79,11 @@ func GetSecretMetaDataBySecretName(service sm.SecretsManagerV2, name string) (*S
 	}
 
 	if len(results) == 0 {
-		return nil, fmt.Errorf("cannot find secret with name %q", name)
+		return nil, fmt.Errorf("cannot find secret with name %q", source.SecretName)
 	}
 
 	if len(results) != 1 {
-		return nil, fmt.Errorf("more than one secret was found searching for %q", name)
+		return nil, fmt.Errorf("more than one secret was found searching for %q", source.SecretName)
 	}
 
 	data, err := json.Marshal(results[0])