-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #2 from progbits/aws-secrets-manager-example
Add AWS Secrets Manager example
- Loading branch information
Showing
5 changed files
with
213 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,25 @@ | ||
module github.com/progbits/pg-secrets-driver/examples/aws_secrets_manager | ||
|
||
go 1.19 | ||
|
||
require ( | ||
github.com/aws/aws-sdk-go-v2 v1.24.0 | ||
github.com/aws/aws-sdk-go-v2/config v1.26.1 | ||
github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.25.5 | ||
github.com/progbits/pg-secrets-driver v0.0.0-20231209160323-07e3c668e0e3 | ||
) | ||
|
||
require ( | ||
github.com/aws/aws-sdk-go-v2/credentials v1.16.12 // indirect | ||
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.10 // indirect | ||
github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.9 // indirect | ||
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.9 // indirect | ||
github.com/aws/aws-sdk-go-v2/internal/ini v1.7.2 // indirect | ||
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.10.4 // indirect | ||
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.9 // indirect | ||
github.com/aws/aws-sdk-go-v2/service/sso v1.18.5 // indirect | ||
github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.5 // indirect | ||
github.com/aws/aws-sdk-go-v2/service/sts v1.26.5 // indirect | ||
github.com/aws/smithy-go v1.19.0 // indirect | ||
github.com/lib/pq v1.10.9 // indirect | ||
) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,65 @@ | ||
github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 h1:UQHMgLO+TxOElx5B5HZ4hJQsoJ/PvUvKRhJHDQXO8P8= | ||
github.com/Microsoft/go-winio v0.5.2 h1:a9IhgEQBCUEk6QCdml9CiJGhAws+YwffDHEMp1VMrpA= | ||
github.com/Microsoft/hcsshim v0.9.3 h1:k371PzBuRrz2b+ebGuI2nVgVhgsVX60jMfSw80NECxo= | ||
github.com/aws/aws-sdk-go-v2 v1.24.0 h1:890+mqQ+hTpNuw0gGP6/4akolQkSToDJgHfQE7AwGuk= | ||
github.com/aws/aws-sdk-go-v2 v1.24.0/go.mod h1:LNh45Br1YAkEKaAqvmE1m8FUx6a5b/V0oAKV7of29b4= | ||
github.com/aws/aws-sdk-go-v2/config v1.26.1 h1:z6DqMxclFGL3Zfo+4Q0rLnAZ6yVkzCRxhRMsiRQnD1o= | ||
github.com/aws/aws-sdk-go-v2/config v1.26.1/go.mod h1:ZB+CuKHRbb5v5F0oJtGdhFTelmrxd4iWO1lf0rQwSAg= | ||
github.com/aws/aws-sdk-go-v2/credentials v1.16.12 h1:v/WgB8NxprNvr5inKIiVVrXPuuTegM+K8nncFkr1usU= | ||
github.com/aws/aws-sdk-go-v2/credentials v1.16.12/go.mod h1:X21k0FjEJe+/pauud82HYiQbEr9jRKY3kXEIQ4hXeTQ= | ||
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.10 h1:w98BT5w+ao1/r5sUuiH6JkVzjowOKeOJRHERyy1vh58= | ||
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.10/go.mod h1:K2WGI7vUvkIv1HoNbfBA1bvIZ+9kL3YVmWxeKuLQsiw= | ||
github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.9 h1:v+HbZaCGmOwnTTVS86Fleq0vPzOd7tnJGbFhP0stNLs= | ||
github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.9/go.mod h1:Xjqy+Nyj7VDLBtCMkQYOw1QYfAEZCVLrfI0ezve8wd4= | ||
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.9 h1:N94sVhRACtXyVcjXxrwK1SKFIJrA9pOJ5yu2eSHnmls= | ||
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.9/go.mod h1:hqamLz7g1/4EJP+GH5NBhcUMLjW+gKLQabgyz6/7WAU= | ||
github.com/aws/aws-sdk-go-v2/internal/ini v1.7.2 h1:GrSw8s0Gs/5zZ0SX+gX4zQjRnRsMJDJ2sLur1gRBhEM= | ||
github.com/aws/aws-sdk-go-v2/internal/ini v1.7.2/go.mod h1:6fQQgfuGmw8Al/3M2IgIllycxV7ZW7WCdVSqfBeUiCY= | ||
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.10.4 h1:/b31bi3YVNlkzkBrm9LfpaKoaYZUxIAj4sHfOTmLfqw= | ||
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.10.4/go.mod h1:2aGXHFmbInwgP9ZfpmdIfOELL79zhdNYNmReK8qDfdQ= | ||
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.9 h1:Nf2sHxjMJR8CSImIVCONRi4g0Su3J+TSTbS7G0pUeMU= | ||
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.9/go.mod h1:idky4TER38YIjr2cADF1/ugFMKvZV7p//pVeV5LZbF0= | ||
github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.25.5 h1:qYi/BfDrWXZxlmRjlKCyFmtI4HKJwW8OKDKhKRAOZQI= | ||
github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.25.5/go.mod h1:4Ae1NCLK6ghmjzd45Tc33GgCKhUWD2ORAlULtMO1Cbs= | ||
github.com/aws/aws-sdk-go-v2/service/sso v1.18.5 h1:ldSFWz9tEHAwHNmjx2Cvy1MjP5/L9kNoR0skc6wyOOM= | ||
github.com/aws/aws-sdk-go-v2/service/sso v1.18.5/go.mod h1:CaFfXLYL376jgbP7VKC96uFcU8Rlavak0UlAwk1Dlhc= | ||
github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.5 h1:2k9KmFawS63euAkY4/ixVNsYYwrwnd5fIvgEKkfZFNM= | ||
github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.5/go.mod h1:W+nd4wWDVkSUIox9bacmkBP5NMFQeTJ/xqNabpzSR38= | ||
github.com/aws/aws-sdk-go-v2/service/sts v1.26.5 h1:5UYvv8JUvllZsRnfrcMQ+hJ9jNICmcgKPAO1CER25Wg= | ||
github.com/aws/aws-sdk-go-v2/service/sts v1.26.5/go.mod h1:XX5gh4CB7wAs4KhcF46G6C8a2i7eupU19dcAAE+EydU= | ||
github.com/aws/smithy-go v1.19.0 h1:KWFKQV80DpP3vJrrA9sVAHQ5gc2z8i4EzrLhLlWXcBM= | ||
github.com/aws/smithy-go v1.19.0/go.mod h1:NukqUGpCZIILqqiV0NIjeFh24kd/FAa4beRb6nbIUPE= | ||
github.com/cenkalti/backoff/v4 v4.1.3 h1:cFAlzYUlVYDysBEH2T5hyJZMh3+5+WCBvSnK6Q8UtC4= | ||
github.com/containerd/cgroups v1.0.4 h1:jN/mbWBEaz+T1pi5OFtnkQ+8qnmEbAr1Oo1FRm5B0dA= | ||
github.com/containerd/containerd v1.6.6 h1:xJNPhbrmz8xAMDNoVjHy9YHtWwEQNS+CDkcIRh7t8Y0= | ||
github.com/docker/distribution v2.8.1+incompatible h1:Q50tZOPR6T/hjNsyc9g8/syEs6bk8XXApsHjKukMl68= | ||
github.com/docker/docker v20.10.17+incompatible h1:JYCuMrWaVNophQTOrMMoSwudOVEfcegoZZrleKc1xwE= | ||
github.com/docker/go-connections v0.4.0 h1:El9xVISelRB7BuFusrZozjnkIM5YnzCViNKohAFqRJQ= | ||
github.com/docker/go-units v0.4.0 h1:3uh0PgVws3nIA0Q+MwDC8yjEPf9zjRfZZWXZYDct3Tw= | ||
github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= | ||
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE= | ||
github.com/golang/protobuf v1.5.2 h1:ROPKBNFfQgOUMifHyP+KYbvpjbdoFNs+aK7DXlji0Tw= | ||
github.com/google/go-cmp v0.5.8 h1:e6P7q2lk1O+qJJb4BtCQXlK8vWEO8V1ZeuEdJNOqZyg= | ||
github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I= | ||
github.com/lib/pq v1.10.9 h1:YXG7RB+JIjhP29X+OtkiDnYaXQwpS4JEWq7dtCCRUEw= | ||
github.com/lib/pq v1.10.9/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o= | ||
github.com/magiconair/properties v1.8.6 h1:5ibWZ6iY0NctNGWo87LalDlEZ6R41TqbbDamhfG/Qzo= | ||
github.com/moby/sys/mount v0.3.3 h1:fX1SVkXFJ47XWDoeFW4Sq7PdQJnV2QIDZAqjNqgEjUs= | ||
github.com/moby/sys/mountinfo v0.6.2 h1:BzJjoreD5BMFNmD9Rus6gdd1pLuecOFPt8wC+Vygl78= | ||
github.com/moby/term v0.0.0-20210619224110-3f7ff695adc6 h1:dcztxKSvZ4Id8iPpHERQBbIJfabdt4wUm5qy3wOL2Zc= | ||
github.com/morikuni/aec v1.0.0 h1:nP9CBfwrvYnBRgY6qfDQkygYDmYwOilePFkwzv4dU8A= | ||
github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= | ||
github.com/opencontainers/image-spec v1.0.3-0.20211202183452-c5a74bcca799 h1:rc3tiVYb5z54aKaDfakKn0dDjIyPpTtszkjuMzyt7ec= | ||
github.com/opencontainers/runc v1.1.3 h1:vIXrkId+0/J2Ymu2m7VjGvbSlAId9XNRPhn2p4b+d8w= | ||
github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= | ||
github.com/progbits/pg-secrets-driver v0.0.0-20231209160323-07e3c668e0e3 h1:DSQ2gYrgc/AmKbUD+QGNQHXbe9QRtYdzx7fiBzD6TOk= | ||
github.com/progbits/pg-secrets-driver v0.0.0-20231209160323-07e3c668e0e3/go.mod h1:lH2DM+ZP2vNem0wuTj0WbgIpBsmWX7OvpA26zvUKpaY= | ||
github.com/sirupsen/logrus v1.8.1 h1:dJKuHgqk1NNQlqoA6BTlM1Wf9DOH3NBjQyu0h9+AZZE= | ||
github.com/testcontainers/testcontainers-go v0.13.0 h1:OUujSlEGsXVo/ykPVZk3KanBNGN0TYb/7oKIPVn15JA= | ||
go.opencensus.io v0.23.0 h1:gqCw0LfLxScz8irSi8exQc7fyQ0fKQU/qnC/X8+V/1M= | ||
golang.org/x/net v0.0.0-20220708220712-1185a9018129 h1:vucSRfWwTsoXro7P+3Cjlr6flUMtzCwzlvkxEQtHHB0= | ||
golang.org/x/sys v0.0.0-20220708085239-5a0f0661e09d h1:/m5NbqQelATgoSPVC2Z23sR4kVNokFwDDyWh/3rGY+I= | ||
google.golang.org/genproto v0.0.0-20220708155623-50e5f4832e73 h1:sdZWfcGN37Dv0QWIhuasQGMzAQJOL2oqnvot4/kPgfQ= | ||
google.golang.org/grpc v1.47.0 h1:9n77onPX5F3qfFCqjy9dhn8PbNQsIKeVU04J9G7umt8= | ||
google.golang.org/protobuf v1.28.0 h1:w43yiav+6bVFTBQFZX0r7ipe9JQ1QsbMgHwbBziscLw= | ||
gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,122 @@ | ||
package main | ||
|
||
import ( | ||
"context" | ||
"database/sql" | ||
"encoding/json" | ||
"fmt" | ||
"github.com/aws/aws-sdk-go-v2/aws" | ||
"github.com/aws/aws-sdk-go-v2/config" | ||
"github.com/aws/aws-sdk-go-v2/service/secretsmanager" | ||
conn "github.com/progbits/pg-secrets-driver" | ||
"log" | ||
"net/url" | ||
) | ||
|
||
type AwsRdsSecret struct { | ||
Engine string `json:"engine"` | ||
Username string `json:"username"` | ||
Password string `json:"password"` | ||
Host string `json:"host"` | ||
Dbname string `json:"dbname"` | ||
Port string `json:"port"` | ||
} | ||
|
||
type AwsSecretsManagerCredentialsProvider struct { | ||
ctx context.Context | ||
secretName string | ||
retries int | ||
count int | ||
client *secretsmanager.Client | ||
} | ||
|
||
func NewAwsSecretsManagerCredentialsProvider(ctx context.Context, client *secretsmanager.Client, secretName string) AwsSecretsManagerCredentialsProvider { | ||
return AwsSecretsManagerCredentialsProvider{ | ||
ctx: ctx, | ||
secretName: secretName, | ||
retries: -1, | ||
client: client, | ||
} | ||
} | ||
|
||
func (p *AwsSecretsManagerCredentialsProvider) GetDataSourceName() (string, error) { | ||
listSecretVersionIdsOutput, err := p.client.ListSecretVersionIds( | ||
p.ctx, | ||
&secretsmanager.ListSecretVersionIdsInput{ | ||
SecretId: aws.String(p.secretName), | ||
}, | ||
) | ||
if err != nil { | ||
log.Fatalf("unable to list secret versions, %v", err) | ||
} | ||
versionId := listSecretVersionIdsOutput.Versions[p.count].VersionId | ||
|
||
getSecretValueOutput, err := p.client.GetSecretValue( | ||
p.ctx, | ||
&secretsmanager.GetSecretValueInput{ | ||
SecretId: &p.secretName, | ||
VersionId: versionId, | ||
}, | ||
) | ||
if err != nil { | ||
return "", err | ||
} | ||
|
||
p.count++ | ||
secretString := *getSecretValueOutput.SecretString | ||
|
||
secret := AwsRdsSecret{} | ||
err = json.Unmarshal([]byte(secretString), &secret) | ||
if err != nil { | ||
log.Fatalf("failed to unmarshall secret, %v", err) | ||
} | ||
|
||
dsn, _ := url.Parse( | ||
fmt.Sprintf("postgresql://%s/%s", secret.Host, secret.Dbname), | ||
) | ||
query := dsn.Query() | ||
query.Add("user", secret.Username) | ||
query.Add("password", secret.Password) | ||
query.Add("sslmode", "disable") | ||
dsn.RawQuery = query.Encode() | ||
|
||
return dsn.String(), nil | ||
} | ||
|
||
func (p *AwsSecretsManagerCredentialsProvider) Retries() int { | ||
if p.retries > -1 { | ||
return p.retries | ||
} | ||
|
||
output, err := p.client.ListSecretVersionIds( | ||
p.ctx, | ||
&secretsmanager.ListSecretVersionIdsInput{ | ||
SecretId: aws.String(p.secretName), | ||
}, | ||
) | ||
if err != nil { | ||
log.Fatalf("unable to list secret versions, %v", err) | ||
} | ||
|
||
p.retries = len(output.Versions) | ||
return len(output.Versions) | ||
} | ||
|
||
func main() { | ||
ctx := context.Background() | ||
cfg, err := config.LoadDefaultConfig(context.TODO()) | ||
if err != nil { | ||
panic(fmt.Sprintf("failed to load configuration, %v", err)) | ||
} | ||
|
||
client := secretsmanager.NewFromConfig(cfg) | ||
provider := NewAwsSecretsManagerCredentialsProvider(ctx, client, "PgSecretsDriverTest") | ||
|
||
connector := conn.NewPgSecretsConnector(&provider) | ||
|
||
db := sql.OpenDB(connector) | ||
_, err = db.Exec("SELECT 1") | ||
if err != nil { | ||
log.Print(err) | ||
} | ||
} |
File renamed without changes.