Merge pull request #68 from mbares/master

add function for fetching multiple secrets from ASM
minus5 · Mar 8, 2023 · 58afd79 · 58afd79
2 parents 0beed92 + 263c8a9
commit 58afd79
Showing 1 changed file with 50 additions and 12 deletions.
diff --git a/asm/asm.go b/asm/asm.go
@@ -39,21 +39,13 @@ func GetSecretString(secretName string) (string, error) {
 	if !asmEnabled {
 		return "", nil
 	}
-	// go-aws-sdk procita sve iz enva osim regije
-	// opcija je da u env za svaki servis stavim AWS_REGION=eu-central-1
-	// radije zasad hardkodiram regiju
-	region := "eu-central-1"
-	sess, err := session.NewSession()
+
+	svc, err := newSecretsManager()
 	if err != nil {
 		return "", err
 	}
-	svc := secretsmanager.New(sess,
-		aws.NewConfig().WithRegion(region))
-	input := &secretsmanager.GetSecretValueInput{
-		SecretId:     aws.String(secretName),
-		VersionStage: aws.String("AWSCURRENT"), // VersionStage defaults to AWSCURRENT if unspecified
-	}
-	result, err := svc.GetSecretValue(input)
+
+	result, err := svc.GetSecretValue(createSecretValueInput(secretName))
 	if err != nil {
 		return "", err
 	}
@@ -62,3 +54,49 @@ func GetSecretString(secretName string) (string, error) {
 	}
 	return *result.SecretString, nil
 }
+
+func GetSecretStrings(secretNames ...string) (map[string]string, error) {
+	if !asmEnabled || len(secretNames) == 0 {
+		return nil, nil
+	}
+
+	svc, err := newSecretsManager()
+	if err != nil {
+		return nil, err
+	}
+
+	out := map[string]string{}
+	for _, v := range secretNames {
+		result, err := svc.GetSecretValue(createSecretValueInput(v))
+		if err != nil {
+			return nil, err
+		}
+		if result.SecretString == nil {
+			out[v] = ""
+			continue
+		}
+		out[v] = *result.SecretString
+	}
+
+	return out, nil
+}
+
+func newSecretsManager() (*secretsmanager.SecretsManager, error) {
+	// go-aws-sdk procita sve iz enva osim regije
+	// opcija je da u env za svaki servis stavim AWS_REGION=eu-central-1
+	// radije zasad hardkodiram regiju
+	region := "eu-central-1"
+	sess, err := session.NewSession()
+	if err != nil {
+		return nil, err
+	}
+	return secretsmanager.New(sess,
+		aws.NewConfig().WithRegion(region)), nil
+}
+
+func createSecretValueInput(secretName string) *secretsmanager.GetSecretValueInput {
+	return &secretsmanager.GetSecretValueInput{
+		SecretId:     aws.String(secretName),
+		VersionStage: aws.String("AWSCURRENT"), // VersionStage defaults to AWSCURRENT if unspecified
+	}
+}