-
-
Notifications
You must be signed in to change notification settings - Fork 0
/
main.go
160 lines (129 loc) · 3.8 KB
/
main.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
package main
import (
"context"
"fmt"
"html/template"
"log"
"os"
"time"
"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/aws/session"
"github.com/aws/aws-sdk-go/service/secretsmanager"
)
var (
secretTagValue string
inputTemplateName string
outputName string
region string
)
func validateVars() {
secretTagValue = os.Getenv("AWS_SECRET_TAG_VALUE")
if len(secretTagValue) == 0 {
log.Fatalln("AWS_SECRET_TAG_VALUE env not set")
}
inputTemplateName = os.Getenv("APPLICATION_CONFIG_FILE")
if len(inputTemplateName) == 0 {
log.Fatalln("APPLICATION_CONFIG_FILE env not set")
}
outputName = os.Getenv("APPLICATION_CONFIG_OUTFILE")
if len(outputName) == 0 {
log.Fatalln("APPLICATION_CONFIG_OUTFILE env not set")
}
region = os.Getenv("AWS_REGION")
if len(region) == 0 {
log.Fatalln("AWS_REGION env not set")
}
}
func listSecretsWithFilter(filter string, sess *session.Session) (map[string]string, error) {
// Use a context with timeout to make the list secrets request
duration := time.Now().Add(30 * time.Second)
ctx, cancel := context.WithDeadline(context.Background(), duration)
defer cancel()
// Create a new Secrets Manager client with the provided session
svc := secretsmanager.New(sess)
// Set up the input for the list secrets request with the specified filter
input := &secretsmanager.ListSecretsInput{
Filters: []*secretsmanager.Filter{
{
Key: aws.String("tag-key"),
Values: []*string{aws.String("env")},
},
{
Key: aws.String("tag-value"),
Values: []*string{aws.String(filter)},
},
},
}
result, err := svc.ListSecretsWithContext(ctx, input)
if err != nil {
return nil, err
}
// Create a map of secrets with the secret name as the key and the secret ARN as the value
secrets := make(map[string]string)
for _, s := range result.SecretList {
secrets[*s.Name] = *s.ARN
}
// Get the secret values for each secret in the map
for secretTagValue, secretArn := range secrets {
secretValue, err := getSecretValueWithContext(secretArn, svc, ctx)
if err != nil {
return nil, err
}
secrets[secretTagValue] = secretValue
}
// Return the map of secrets with the secret values
return secrets, nil
}
func getSecretValueWithContext(secretArn string, svc *secretsmanager.SecretsManager, ctx context.Context) (string, error) {
// Set up the input for the get secret value request
input := &secretsmanager.GetSecretValueInput{
SecretId: aws.String(secretArn),
}
result, err := svc.GetSecretValueWithContext(ctx, input)
if err != nil {
fmt.Printf("Error when get secret value: %v\n", err)
os.Exit(1)
}
// Return the secret value as a string
return *result.SecretString, nil
}
func createFile(templateFile string, secrets map[string]string) {
// Parse the template file to create a new template
tmpl, err := template.ParseFiles(templateFile)
if err != nil {
fmt.Println("Error:", err)
os.Exit(1)
}
// Create a new output file to write the template output to
outputFile, err := os.Create(outputName)
if err != nil {
fmt.Println("Error:", err)
os.Exit(1)
}
defer outputFile.Close()
// Execute the template with the secrets map to create the output
err = tmpl.Execute(outputFile, secrets)
if err != nil {
fmt.Println("Error:", err)
os.Exit(1)
}
fmt.Println("Template output has been written to:", outputName)
}
func main() {
validateVars()
// Create a new session using the default AWS configuration
sess, err := session.NewSessionWithOptions(session.Options{
SharedConfigState: session.SharedConfigEnable,
})
if err != nil {
fmt.Println("Error:", err)
os.Exit(1)
}
// Call the listSecretsWithFilter function with an input filter
secrets, err := listSecretsWithFilter(secretTagValue, sess)
if err != nil {
fmt.Println("Error:", err)
os.Exit(1)
}
createFile(inputTemplateName, secrets)
}