spacebar/kamal
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

AWS secrets manager value can be a string

Browse Source
This commit is contained in:
Nick Hammond
2024-12-12 04:10:48 -07:00
parent 16fb3adacb
commit 55983c6431
2 changed files with 44 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
lib/kamal/secrets/adapters/aws_secrets_manager.rb
View File

@@ -13,6 +13,8 @@ class Kamal::Secrets::Adapters::AwsSecretsManager < Kamal::Secrets::Adapters::Ba
secret_string.each do |key, value| secret_string.each do |key, value|
results["#{secret_name}/#{key}"] = value results["#{secret_name}/#{key}"] = value
end end
rescue JSON::ParserError
results["#{secret_name}"] = secret["SecretString"]
end end
end end
end end

42
test/secrets/aws_secrets_manager_adapter_test.rb
View File

@@ -44,6 +44,48 @@ class AwsSecretsManagerAdapterTest < SecretAdapterTestCase
assert_equal expected_json, json assert_equal expected_json, json
end end
test "fetch with string value" do
stub_ticks.with("aws --version 2> /dev/null")
stub_ticks
.with("aws secretsmanager batch-get-secret-value --secret-id-list secret secret2/KEY1 --profile default")
.returns(<<~JSON)
{
"SecretValues": [
{
"ARN": "arn:aws:secretsmanager:us-east-1:aaaaaaaaaaaa:secret:secret",
"Name": "secret",
"VersionId": "vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv",
"SecretString": "a-string-secret",
"VersionStages": [
"AWSCURRENT"
],
"CreatedDate": "2024-01-01T00:00:00.000000"
},
{
"ARN": "arn:aws:secretsmanager:us-east-1:aaaaaaaaaaaa:secret:secret2",
"Name": "secret2",
"VersionId": "vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv",
"SecretString": "{\\"KEY2\\":\\"VALUE2\\"}",
"VersionStages": [
"AWSCURRENT"
],
"CreatedDate": "2024-01-01T00:00:00.000000"
}
],
"Errors": []
}
JSON
json = JSON.parse(shellunescape(run_command("fetch", "secret", "secret2/KEY1")))
expected_json = {
"secret"=>"a-string-secret",
"secret/KEY2"=>"VALUE2"
}
assert_equal expected_json, json
end
test "fetch with secret names" do test "fetch with secret names" do
stub_ticks.with("aws --version 2> /dev/null") stub_ticks.with("aws --version 2> /dev/null")
stub_ticks stub_ticks