upstream/packer
1
0
Fork 0
mirror of https://github.com/hashicorp/packer.git synced 2026-05-28 04:35:38 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

hcl2template: add support for raw aws secrets

Browse source 
As the SDK now supports it in the context of legacy templating engine,
we add support in HCL2 for the aws_secretsmanager_raw function, which
gets the raw value of a secret from aws secrets manager.
This commit is contained in:
Lucas Bajolet 2024-12-20 10:48:13 -05:00 committed by Lucas Bajolet
parent cf6a82fae8
commit 9f3e32b9fc
2 changed files with 123 additions and 95 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

27
hcl2template/function/aws_secretetkey.go
View file

@ -40,3 +40,30 @@ var AWSSecret = function.New(&function.Spec{
return cty.StringVal(val), err
},
})
// AWSSecret constructs a function that retrieves secrets from aws secrets
// manager.
//
// Contrary to AWSSecret, it does not accept a key, and instead returns the raw
// value of the secret at all times, i.e. if it's plaintext it will return the
// value, and if it's a key/value secret, the raw JSON will be returned.
var AWSSecretRaw = function.New(&function.Spec{
Params: []function.Parameter{
{
Name: "name",
Description: "The name of the secret to fetch",
Type: cty.String,
AllowNull: false,
AllowUnknown: false,
},
},
Type: function.StaticReturnType(cty.String),
Impl: func(args []cty.Value, retType cty.Type) (cty.Value, error) {
name := args[0].AsString()
val, err := commontpl.GetRawAWSSecret(name)
if err != nil {
return cty.NullVal(cty.String), err
}
return cty.StringVal(val), nil
},
})

191
hcl2template/functions.go
View file

@ -32,101 +32,102 @@ import (
func Functions(basedir string) map[string]function.Function {
funcs := map[string]function.Function{
"abs": stdlib.AbsoluteFunc,
"abspath": filesystem.AbsPathFunc,
"alltrue": pkrfunction.AllTrue,
"anytrue": pkrfunction.AnyTrue,
"aws_secretsmanager": pkrfunction.AWSSecret,
"basename": filesystem.BasenameFunc,
"base64decode": encoding.Base64DecodeFunc,
"base64encode": encoding.Base64EncodeFunc,
"base64gzip": pkrfunction.Base64GzipFunc,
"bcrypt": crypto.BcryptFunc,
"can": tryfunc.CanFunc,
"ceil": stdlib.CeilFunc,
"chomp": stdlib.ChompFunc,
"chunklist": stdlib.ChunklistFunc,
"cidrhost": cidr.HostFunc,
"cidrnetmask": cidr.NetmaskFunc,
"cidrsubnet": cidr.SubnetFunc,
"cidrsubnets": cidr.SubnetsFunc,
"coalesce": collection.CoalesceFunc,
"coalescelist": stdlib.CoalesceListFunc,
"compact": stdlib.CompactFunc,
"concat": stdlib.ConcatFunc,
"consul_key": pkrfunction.ConsulFunc,
"contains": stdlib.ContainsFunc,
"convert": typeexpr.ConvertFunc,
"csvdecode": stdlib.CSVDecodeFunc,
"dirname": filesystem.DirnameFunc,
"distinct": stdlib.DistinctFunc,
"element": stdlib.ElementFunc,
"file": filesystem.MakeFileFunc(basedir, false),
"fileexists": filesystem.MakeFileExistsFunc(basedir),
"fileset": filesystem.MakeFileSetFunc(basedir),
"flatten": stdlib.FlattenFunc,
"floor": stdlib.FloorFunc,
"format": stdlib.FormatFunc,
"formatdate": stdlib.FormatDateFunc,
"formatlist": stdlib.FormatListFunc,
"indent": stdlib.IndentFunc,
"index": pkrfunction.IndexFunc, // stdlib.IndexFunc is not compatible
"join": stdlib.JoinFunc,
"jsondecode": stdlib.JSONDecodeFunc,
"jsonencode": stdlib.JSONEncodeFunc,
"keys": stdlib.KeysFunc,
"legacy_isotime": pkrfunction.LegacyIsotimeFunc,
"legacy_strftime": pkrfunction.LegacyStrftimeFunc,
"length": pkrfunction.LengthFunc,
"log": stdlib.LogFunc,
"lookup": stdlib.LookupFunc,
"lower": stdlib.LowerFunc,
"max": stdlib.MaxFunc,
"md5": crypto.Md5Func,
"merge": stdlib.MergeFunc,
"min": stdlib.MinFunc,
"parseint": stdlib.ParseIntFunc,
"pathexpand": filesystem.PathExpandFunc,
"pow": stdlib.PowFunc,
"range": stdlib.RangeFunc,
"reverse": stdlib.ReverseListFunc,
"replace": stdlib.ReplaceFunc,
"regex": stdlib.RegexFunc,
"regexall": stdlib.RegexAllFunc,
"regex_replace": stdlib.RegexReplaceFunc,
"rsadecrypt": crypto.RsaDecryptFunc,
"setintersection": stdlib.SetIntersectionFunc,
"setproduct": stdlib.SetProductFunc,
"setunion": stdlib.SetUnionFunc,
"sha1": crypto.Sha1Func,
"sha256": crypto.Sha256Func,
"sha512": crypto.Sha512Func,
"signum": stdlib.SignumFunc,
"slice": stdlib.SliceFunc,
"sort": stdlib.SortFunc,
"split": stdlib.SplitFunc,
"strcontains": pkrfunction.StrContains,
"strrev": stdlib.ReverseFunc,
"substr": stdlib.SubstrFunc,
"textdecodebase64": TextDecodeBase64Func,
"textencodebase64": TextEncodeBase64Func,
"timestamp": pkrfunction.TimestampFunc,
"timeadd": stdlib.TimeAddFunc,
"title": stdlib.TitleFunc,
"trim": stdlib.TrimFunc,
"trimprefix": stdlib.TrimPrefixFunc,
"trimspace": stdlib.TrimSpaceFunc,
"trimsuffix": stdlib.TrimSuffixFunc,
"try": tryfunc.TryFunc,
"upper": stdlib.UpperFunc,
"urlencode": encoding.URLEncodeFunc,
"uuidv4": uuid.V4Func,
"uuidv5": uuid.V5Func,
"values": stdlib.ValuesFunc,
"vault": pkrfunction.VaultFunc,
"yamldecode": ctyyaml.YAMLDecodeFunc,
"yamlencode": ctyyaml.YAMLEncodeFunc,
"zipmap": stdlib.ZipmapFunc,
"abs": stdlib.AbsoluteFunc,
"abspath": filesystem.AbsPathFunc,
"alltrue": pkrfunction.AllTrue,
"anytrue": pkrfunction.AnyTrue,
"aws_secretsmanager": pkrfunction.AWSSecret,
"aws_secretsmanager_raw": pkrfunction.AWSSecretRaw,
"basename": filesystem.BasenameFunc,
"base64decode": encoding.Base64DecodeFunc,
"base64encode": encoding.Base64EncodeFunc,
"base64gzip": pkrfunction.Base64GzipFunc,
"bcrypt": crypto.BcryptFunc,
"can": tryfunc.CanFunc,
"ceil": stdlib.CeilFunc,
"chomp": stdlib.ChompFunc,
"chunklist": stdlib.ChunklistFunc,
"cidrhost": cidr.HostFunc,
"cidrnetmask": cidr.NetmaskFunc,
"cidrsubnet": cidr.SubnetFunc,
"cidrsubnets": cidr.SubnetsFunc,
"coalesce": collection.CoalesceFunc,
"coalescelist": stdlib.CoalesceListFunc,
"compact": stdlib.CompactFunc,
"concat": stdlib.ConcatFunc,
"consul_key": pkrfunction.ConsulFunc,
"contains": stdlib.ContainsFunc,
"convert": typeexpr.ConvertFunc,
"csvdecode": stdlib.CSVDecodeFunc,
"dirname": filesystem.DirnameFunc,
"distinct": stdlib.DistinctFunc,
"element": stdlib.ElementFunc,
"file": filesystem.MakeFileFunc(basedir, false),
"fileexists": filesystem.MakeFileExistsFunc(basedir),
"fileset": filesystem.MakeFileSetFunc(basedir),
"flatten": stdlib.FlattenFunc,
"floor": stdlib.FloorFunc,
"format": stdlib.FormatFunc,
"formatdate": stdlib.FormatDateFunc,
"formatlist": stdlib.FormatListFunc,
"indent": stdlib.IndentFunc,
"index": pkrfunction.IndexFunc, // stdlib.IndexFunc is not compatible
"join": stdlib.JoinFunc,
"jsondecode": stdlib.JSONDecodeFunc,
"jsonencode": stdlib.JSONEncodeFunc,
"keys": stdlib.KeysFunc,
"legacy_isotime": pkrfunction.LegacyIsotimeFunc,
"legacy_strftime": pkrfunction.LegacyStrftimeFunc,
"length": pkrfunction.LengthFunc,
"log": stdlib.LogFunc,
"lookup": stdlib.LookupFunc,
"lower": stdlib.LowerFunc,
"max": stdlib.MaxFunc,
"md5": crypto.Md5Func,
"merge": stdlib.MergeFunc,
"min": stdlib.MinFunc,
"parseint": stdlib.ParseIntFunc,
"pathexpand": filesystem.PathExpandFunc,
"pow": stdlib.PowFunc,
"range": stdlib.RangeFunc,
"reverse": stdlib.ReverseListFunc,
"replace": stdlib.ReplaceFunc,
"regex": stdlib.RegexFunc,
"regexall": stdlib.RegexAllFunc,
"regex_replace": stdlib.RegexReplaceFunc,
"rsadecrypt": crypto.RsaDecryptFunc,
"setintersection": stdlib.SetIntersectionFunc,
"setproduct": stdlib.SetProductFunc,
"setunion": stdlib.SetUnionFunc,
"sha1": crypto.Sha1Func,
"sha256": crypto.Sha256Func,
"sha512": crypto.Sha512Func,
"signum": stdlib.SignumFunc,
"slice": stdlib.SliceFunc,
"sort": stdlib.SortFunc,
"split": stdlib.SplitFunc,
"strcontains": pkrfunction.StrContains,
"strrev": stdlib.ReverseFunc,
"substr": stdlib.SubstrFunc,
"textdecodebase64": TextDecodeBase64Func,
"textencodebase64": TextEncodeBase64Func,
"timestamp": pkrfunction.TimestampFunc,
"timeadd": stdlib.TimeAddFunc,
"title": stdlib.TitleFunc,
"trim": stdlib.TrimFunc,
"trimprefix": stdlib.TrimPrefixFunc,
"trimspace": stdlib.TrimSpaceFunc,
"trimsuffix": stdlib.TrimSuffixFunc,
"try": tryfunc.TryFunc,
"upper": stdlib.UpperFunc,
"urlencode": encoding.URLEncodeFunc,
"uuidv4": uuid.V4Func,
"uuidv5": uuid.V5Func,
"values": stdlib.ValuesFunc,
"vault": pkrfunction.VaultFunc,
"yamldecode": ctyyaml.YAMLDecodeFunc,
"yamlencode": ctyyaml.YAMLEncodeFunc,
"zipmap": stdlib.ZipmapFunc,
}
funcs["templatefile"] = pkrfunction.MakeTemplateFileFunc(basedir, func() map[string]function.Function {