From b73602eadd27d4c95257470f93fa2ef8cb989ead Mon Sep 17 00:00:00 2001 From: Juan Mesa Date: Mon, 18 May 2020 12:44:24 +0200 Subject: [PATCH] Fix corrections * Fix typos in comments. * Add documentation of how to use multiple keys with `aws_secretsmanager` function. * Move `Client` struct to `secretsmanager.go` file. --- .../aws/secretsmanager/secretsmanager.go | 7 ++++--- template/interpolate/aws/secretsmanager/types.go | 14 -------------- template/interpolate/funcs.go | 7 +++---- website/pages/docs/templates/user-variables.mdx | 11 ++++++++++- 4 files changed, 17 insertions(+), 22 deletions(-) diff --git a/template/interpolate/aws/secretsmanager/secretsmanager.go b/template/interpolate/aws/secretsmanager/secretsmanager.go index 94fa26159..a9555f754 100644 --- a/template/interpolate/aws/secretsmanager/secretsmanager.go +++ b/template/interpolate/aws/secretsmanager/secretsmanager.go @@ -12,9 +12,10 @@ import ( "github.com/aws/aws-sdk-go/service/secretsmanager/secretsmanageriface" ) -// SecretsManager returns a representation of the Secrets Manager API -func (c *Client) SecretsManager() secretsmanageriface.SecretsManagerAPI { - return c.api +// Client represents an AWS Secrets Manager client +type Client struct { + config *AWSConfig + api secretsmanageriface.SecretsManagerAPI } // New creates an AWS Session Manager Client diff --git a/template/interpolate/aws/secretsmanager/types.go b/template/interpolate/aws/secretsmanager/types.go index 40d1276fa..6cd1dc46e 100644 --- a/template/interpolate/aws/secretsmanager/types.go +++ b/template/interpolate/aws/secretsmanager/types.go @@ -1,9 +1,5 @@ package secretsmanager -import ( - "github.com/aws/aws-sdk-go/service/secretsmanager/secretsmanageriface" -) - // AWSConfig store configuration used to initialize // secrets manager client. type AWSConfig struct { @@ -13,21 +9,11 @@ type AWSConfig struct { // SecretSpec represent specs of secret to be searched // If Key field is not set then package will return first // secret key stored in secret name. -// -// maps to ClusterConfig type SecretSpec struct { Name string Key string } -// Client represents an AWS Secrets Manager client -// -// maps to ProviderServices -type Client struct { - config *AWSConfig - api secretsmanageriface.SecretsManagerAPI -} - // SecretString is a concret representation // of an AWS Secrets Manager Secret String type SecretString struct { diff --git a/template/interpolate/funcs.go b/template/interpolate/funcs.go index 98696e1ee..7885ae0c4 100644 --- a/template/interpolate/funcs.go +++ b/template/interpolate/funcs.go @@ -10,11 +10,10 @@ import ( "text/template" "time" - awssmapi "github.com/hashicorp/packer/template/interpolate/aws/secretsmanager" - consulapi "github.com/hashicorp/consul/api" "github.com/hashicorp/packer/common/uuid" "github.com/hashicorp/packer/helper/common" + awssmapi "github.com/hashicorp/packer/template/interpolate/aws/secretsmanager" "github.com/hashicorp/packer/version" vaultapi "github.com/hashicorp/vault/api" strftime "github.com/jehiah/go-strftime" @@ -335,7 +334,7 @@ func funcGenAwsSecrets(ctx *Context) interface{} { return "", errors.New("AWS Secrets Manager vars are only allowed in the variables section") } - // Check if at leas 1 parameter has been used + // Check if at least 1 parameter has been used if len(secret) == 0 { return "", errors.New("At least one parameter must be used") } @@ -349,7 +348,7 @@ func funcGenAwsSecrets(ctx *Context) interface{} { var name, key string name = secret[0] // key is optional if not used we fetch the first - // value stored in given secret. If more that two parameters + // value stored in given secret. If more than two parameters // are passed we take second param and ignore the others if len(secret) > 1 { key = secret[1] diff --git a/website/pages/docs/templates/user-variables.mdx b/website/pages/docs/templates/user-variables.mdx index 9e6672013..350105ce9 100644 --- a/website/pages/docs/templates/user-variables.mdx +++ b/website/pages/docs/templates/user-variables.mdx @@ -203,7 +203,16 @@ a user variable to an AWS Secrets Manager secret. } ``` -This will default `password` to the secret value stored at AWS Secrets Manager. +In the example above it is assumed that only one key is stored in `sample/app/password` if there are multiple keys stored in it then you need to indicate the specific key you want to fetch as shown below. + +```json +{ + "variables": { + "db_password": "{{ aws_secretsmanager `sample/app/passwords` `db` }}", + "api_key": "{{ aws_secretsmanager `sample/app/passwords` `api_key` }}" + } +} +``` In order to use this function you have to configure valid AWS credentials using one of the following methods: