diff options
| author | Dave Henderson <dhenderson@gmail.com> | 2022-02-01 13:55:58 -0500 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-02-01 18:55:58 +0000 |
| commit | 4ce9f5033b53b10635db487f62929e498d91553c (patch) | |
| tree | 1bcd26d000b60c4567928096b75c05c92394b994 /data | |
| parent | d76cb3b452891fc1bdda75e1db2be6753ffcc427 (diff) | |
aws+sm datasource - support reading from SecretBinary when SecretString is not set (#1296)
Signed-off-by: Dave Henderson <dhenderson@gmail.com>
Diffstat (limited to 'data')
| -rw-r--r-- | data/datasource_aws_sm.go | 9 | ||||
| -rw-r--r-- | data/datasource_aws_sm_test.go | 17 |
2 files changed, 23 insertions, 3 deletions
diff --git a/data/datasource_aws_sm.go b/data/datasource_aws_sm.go index f64bf5fa..8fce296a 100644 --- a/data/datasource_aws_sm.go +++ b/data/datasource_aws_sm.go @@ -10,7 +10,6 @@ import ( "github.com/aws/aws-sdk-go/aws" "github.com/aws/aws-sdk-go/aws/request" "github.com/aws/aws-sdk-go/service/secretsmanager" - "github.com/pkg/errors" gaws "github.com/hairyhenderson/gomplate/v3/aws" ) @@ -77,8 +76,12 @@ func readAWSSecretsManagerParam(ctx context.Context, source *Source, paramPath s response, err := source.awsSecretsManager.GetSecretValueWithContext(ctx, input) if err != nil { - return nil, errors.Wrapf(err, "Error reading aws+sm from AWS using GetSecretValue with input %v", input) + return nil, fmt.Errorf("reading aws+sm source %q: %w", source.Alias, err) } - return []byte(*response.SecretString), nil + if response.SecretString != nil { + return []byte(*response.SecretString), nil + } + + return response.SecretBinary, nil } diff --git a/data/datasource_aws_sm_test.go b/data/datasource_aws_sm_test.go index 892d5429..c274dcf8 100644 --- a/data/datasource_aws_sm_test.go +++ b/data/datasource_aws_sm_test.go @@ -157,3 +157,20 @@ func TestAWSSecretsManager_ReadSecret(t *testing.T) { assert.NoError(t, err) assert.Equal(t, []byte("blub"), output) } + +func TestAWSSecretsManager_ReadSecretBinary(t *testing.T) { + calledOk := false + s := simpleAWSSecretsManagerSourceHelper(DummyAWSSecretsManagerSecretGetter{ + t: t, + mockGetSecretValue: func(input *secretsmanager.GetSecretValueInput) (*secretsmanager.GetSecretValueOutput, error) { + assert.Equal(t, "/foo/bar", *input.SecretId) + calledOk = true + return &secretsmanager.GetSecretValueOutput{SecretBinary: []byte("supersecret")}, nil + }, + }) + + output, err := readAWSSecretsManagerParam(context.Background(), s, "/foo/bar") + assert.True(t, calledOk) + assert.NoError(t, err) + assert.Equal(t, []byte("supersecret"), output) +} |