hcl2template: add support for raw aws secrets

As the SDK now supports it in the context of legacy templating engine, we add support in HCL2 for the aws_secretsmanager_raw function, which gets the raw value of a secret from aws secrets manager.
1 year ago · 9f3e32b9fc
parent cf6a82fae8
commit 9f3e32b9fc
2 changed files with 123 additions and 95 deletions
--- a/hcl2template/function/aws_secretetkey.go
+++ b/hcl2template/function/aws_secretetkey.go
@ -40,3 +40,30 @@ var AWSSecret = function.New(&function.Spec{
 		return cty.StringVal(val), err
 	},
 })
 // AWSSecret constructs a function that retrieves secrets from aws secrets
 // manager.
 //
 // Contrary to AWSSecret, it does not accept a key, and instead returns the raw
 // value of the secret at all times, i.e. if it's plaintext it will return the
 // value, and if it's a key/value secret, the raw JSON will be returned.
 var AWSSecretRaw = function.New(&function.Spec{
 	Params: []function.Parameter{
 		{
 			Name:         "name",
 			Description:  "The name of the secret to fetch",
 			Type:         cty.String,
 			AllowNull:    false,
 			AllowUnknown: false,
 		},
 	},
 	Type: function.StaticReturnType(cty.String),
 	Impl: func(args []cty.Value, retType cty.Type) (cty.Value, error) {
 		name := args[0].AsString()
 		val, err := commontpl.GetRawAWSSecret(name)
 		if err != nil {
 			return cty.NullVal(cty.String), err
 		}
 		return cty.StringVal(val), nil
 	},
 })
--- a/hcl2template/functions.go
+++ b/hcl2template/functions.go
@ -32,101 +32,102 @@ import (
 func Functions(basedir string) map[string]function.Function {
 	funcs := map[string]function.Function{
-		"abs":                stdlib.AbsoluteFunc,
+		"abs":                    stdlib.AbsoluteFunc,
-		"abspath":            filesystem.AbsPathFunc,
+		"abspath":                filesystem.AbsPathFunc,
-		"alltrue":            pkrfunction.AllTrue,
+		"alltrue":                pkrfunction.AllTrue,
-		"anytrue":            pkrfunction.AnyTrue,
+		"anytrue":                pkrfunction.AnyTrue,
-		"aws_secretsmanager": pkrfunction.AWSSecret,
+		"aws_secretsmanager":     pkrfunction.AWSSecret,
-		"basename":           filesystem.BasenameFunc,
+		"aws_secretsmanager_raw": pkrfunction.AWSSecretRaw,
-		"base64decode":       encoding.Base64DecodeFunc,
+		"basename":               filesystem.BasenameFunc,
-		"base64encode":       encoding.Base64EncodeFunc,
+		"base64decode":           encoding.Base64DecodeFunc,
-		"base64gzip":         pkrfunction.Base64GzipFunc,
+		"base64encode":           encoding.Base64EncodeFunc,
-		"bcrypt":             crypto.BcryptFunc,
+		"base64gzip":             pkrfunction.Base64GzipFunc,
-		"can":                tryfunc.CanFunc,
+		"bcrypt":                 crypto.BcryptFunc,
-		"ceil":               stdlib.CeilFunc,
+		"can":                    tryfunc.CanFunc,
-		"chomp":              stdlib.ChompFunc,
+		"ceil":                   stdlib.CeilFunc,
-		"chunklist":          stdlib.ChunklistFunc,
+		"chomp":                  stdlib.ChompFunc,
-		"cidrhost":           cidr.HostFunc,
+		"chunklist":              stdlib.ChunklistFunc,
-		"cidrnetmask":        cidr.NetmaskFunc,
+		"cidrhost":               cidr.HostFunc,
-		"cidrsubnet":         cidr.SubnetFunc,
+		"cidrnetmask":            cidr.NetmaskFunc,
-		"cidrsubnets":        cidr.SubnetsFunc,
+		"cidrsubnet":             cidr.SubnetFunc,
-		"coalesce":           collection.CoalesceFunc,
+		"cidrsubnets":            cidr.SubnetsFunc,
-		"coalescelist":       stdlib.CoalesceListFunc,
+		"coalesce":               collection.CoalesceFunc,
-		"compact":            stdlib.CompactFunc,
+		"coalescelist":           stdlib.CoalesceListFunc,
-		"concat":             stdlib.ConcatFunc,
+		"compact":                stdlib.CompactFunc,
-		"consul_key":         pkrfunction.ConsulFunc,
+		"concat":                 stdlib.ConcatFunc,
-		"contains":           stdlib.ContainsFunc,
+		"consul_key":             pkrfunction.ConsulFunc,
-		"convert":            typeexpr.ConvertFunc,
+		"contains":               stdlib.ContainsFunc,
-		"csvdecode":          stdlib.CSVDecodeFunc,
+		"convert":                typeexpr.ConvertFunc,
-		"dirname":            filesystem.DirnameFunc,
+		"csvdecode":              stdlib.CSVDecodeFunc,
-		"distinct":           stdlib.DistinctFunc,
+		"dirname":                filesystem.DirnameFunc,
-		"element":            stdlib.ElementFunc,
+		"distinct":               stdlib.DistinctFunc,
-		"file":               filesystem.MakeFileFunc(basedir, false),
+		"element":                stdlib.ElementFunc,
-		"fileexists":         filesystem.MakeFileExistsFunc(basedir),
+		"file":                   filesystem.MakeFileFunc(basedir, false),
-		"fileset":            filesystem.MakeFileSetFunc(basedir),
+		"fileexists":             filesystem.MakeFileExistsFunc(basedir),
-		"flatten":            stdlib.FlattenFunc,
+		"fileset":                filesystem.MakeFileSetFunc(basedir),
-		"floor":              stdlib.FloorFunc,
+		"flatten":                stdlib.FlattenFunc,
-		"format":             stdlib.FormatFunc,
+		"floor":                  stdlib.FloorFunc,
-		"formatdate":         stdlib.FormatDateFunc,
+		"format":                 stdlib.FormatFunc,
-		"formatlist":         stdlib.FormatListFunc,
+		"formatdate":             stdlib.FormatDateFunc,
-		"indent":             stdlib.IndentFunc,
+		"formatlist":             stdlib.FormatListFunc,
-		"index":              pkrfunction.IndexFunc, // stdlib.IndexFunc is not compatible
+		"indent":                 stdlib.IndentFunc,
-		"join":               stdlib.JoinFunc,
+		"index":                  pkrfunction.IndexFunc, // stdlib.IndexFunc is not compatible
-		"jsondecode":         stdlib.JSONDecodeFunc,
+		"join":                   stdlib.JoinFunc,
-		"jsonencode":         stdlib.JSONEncodeFunc,
+		"jsondecode":             stdlib.JSONDecodeFunc,
-		"keys":               stdlib.KeysFunc,
+		"jsonencode":             stdlib.JSONEncodeFunc,
-		"legacy_isotime":     pkrfunction.LegacyIsotimeFunc,
+		"keys":                   stdlib.KeysFunc,
-		"legacy_strftime":    pkrfunction.LegacyStrftimeFunc,
+		"legacy_isotime":         pkrfunction.LegacyIsotimeFunc,
-		"length":             pkrfunction.LengthFunc,
+		"legacy_strftime":        pkrfunction.LegacyStrftimeFunc,
-		"log":                stdlib.LogFunc,
+		"length":                 pkrfunction.LengthFunc,
-		"lookup":             stdlib.LookupFunc,
+		"log":                    stdlib.LogFunc,
-		"lower":              stdlib.LowerFunc,
+		"lookup":                 stdlib.LookupFunc,
-		"max":                stdlib.MaxFunc,
+		"lower":                  stdlib.LowerFunc,
-		"md5":                crypto.Md5Func,
+		"max":                    stdlib.MaxFunc,
-		"merge":              stdlib.MergeFunc,
+		"md5":                    crypto.Md5Func,
-		"min":                stdlib.MinFunc,
+		"merge":                  stdlib.MergeFunc,
-		"parseint":           stdlib.ParseIntFunc,
+		"min":                    stdlib.MinFunc,
-		"pathexpand":         filesystem.PathExpandFunc,
+		"parseint":               stdlib.ParseIntFunc,
-		"pow":                stdlib.PowFunc,
+		"pathexpand":             filesystem.PathExpandFunc,
-		"range":              stdlib.RangeFunc,
+		"pow":                    stdlib.PowFunc,
-		"reverse":            stdlib.ReverseListFunc,
+		"range":                  stdlib.RangeFunc,
-		"replace":            stdlib.ReplaceFunc,
+		"reverse":                stdlib.ReverseListFunc,
-		"regex":              stdlib.RegexFunc,
+		"replace":                stdlib.ReplaceFunc,
-		"regexall":           stdlib.RegexAllFunc,
+		"regex":                  stdlib.RegexFunc,
-		"regex_replace":      stdlib.RegexReplaceFunc,
+		"regexall":               stdlib.RegexAllFunc,
-		"rsadecrypt":         crypto.RsaDecryptFunc,
+		"regex_replace":          stdlib.RegexReplaceFunc,
-		"setintersection":    stdlib.SetIntersectionFunc,
+		"rsadecrypt":             crypto.RsaDecryptFunc,
-		"setproduct":         stdlib.SetProductFunc,
+		"setintersection":        stdlib.SetIntersectionFunc,
-		"setunion":           stdlib.SetUnionFunc,
+		"setproduct":             stdlib.SetProductFunc,
-		"sha1":               crypto.Sha1Func,
+		"setunion":               stdlib.SetUnionFunc,
-		"sha256":             crypto.Sha256Func,
+		"sha1":                   crypto.Sha1Func,
-		"sha512":             crypto.Sha512Func,
+		"sha256":                 crypto.Sha256Func,
-		"signum":             stdlib.SignumFunc,
+		"sha512":                 crypto.Sha512Func,
-		"slice":              stdlib.SliceFunc,
+		"signum":                 stdlib.SignumFunc,
-		"sort":               stdlib.SortFunc,
+		"slice":                  stdlib.SliceFunc,
-		"split":              stdlib.SplitFunc,
+		"sort":                   stdlib.SortFunc,
-		"strcontains":        pkrfunction.StrContains,
+		"split":                  stdlib.SplitFunc,
-		"strrev":             stdlib.ReverseFunc,
+		"strcontains":            pkrfunction.StrContains,
-		"substr":             stdlib.SubstrFunc,
+		"strrev":                 stdlib.ReverseFunc,
-		"textdecodebase64":   TextDecodeBase64Func,
+		"substr":                 stdlib.SubstrFunc,
-		"textencodebase64":   TextEncodeBase64Func,
+		"textdecodebase64":       TextDecodeBase64Func,
-		"timestamp":          pkrfunction.TimestampFunc,
+		"textencodebase64":       TextEncodeBase64Func,
-		"timeadd":            stdlib.TimeAddFunc,
+		"timestamp":              pkrfunction.TimestampFunc,
-		"title":              stdlib.TitleFunc,
+		"timeadd":                stdlib.TimeAddFunc,
-		"trim":               stdlib.TrimFunc,
+		"title":                  stdlib.TitleFunc,
-		"trimprefix":         stdlib.TrimPrefixFunc,
+		"trim":                   stdlib.TrimFunc,
-		"trimspace":          stdlib.TrimSpaceFunc,
+		"trimprefix":             stdlib.TrimPrefixFunc,
-		"trimsuffix":         stdlib.TrimSuffixFunc,
+		"trimspace":              stdlib.TrimSpaceFunc,
-		"try":                tryfunc.TryFunc,
+		"trimsuffix":             stdlib.TrimSuffixFunc,
-		"upper":              stdlib.UpperFunc,
+		"try":                    tryfunc.TryFunc,
-		"urlencode":          encoding.URLEncodeFunc,
+		"upper":                  stdlib.UpperFunc,
-		"uuidv4":             uuid.V4Func,
+		"urlencode":              encoding.URLEncodeFunc,
-		"uuidv5":             uuid.V5Func,
+		"uuidv4":                 uuid.V4Func,
-		"values":             stdlib.ValuesFunc,
+		"uuidv5":                 uuid.V5Func,
-		"vault":              pkrfunction.VaultFunc,
+		"values":                 stdlib.ValuesFunc,
-		"yamldecode":         ctyyaml.YAMLDecodeFunc,
+		"vault":                  pkrfunction.VaultFunc,
-		"yamlencode":         ctyyaml.YAMLEncodeFunc,
+		"yamldecode":             ctyyaml.YAMLDecodeFunc,
-		"zipmap":             stdlib.ZipmapFunc,
+		"yamlencode":             ctyyaml.YAMLEncodeFunc,
 		"zipmap":                 stdlib.ZipmapFunc,
 	}
 	funcs["templatefile"] = pkrfunction.MakeTemplateFileFunc(basedir, func() map[string]function.Function {