From 398c0ae89ed852520853e1b3e17438857d56bd38 Mon Sep 17 00:00:00 2001 From: Daniel Lutsch Date: Thu, 24 Nov 2022 12:31:06 +0900 Subject: [PATCH] add secretsmanager secret lookup (#240) --- efopen/ef_aws_resolver.py | 23 +++++++++++++++++++++++ efopen/ef_template_resolver.py | 1 + 2 files changed, 24 insertions(+) diff --git a/efopen/ef_aws_resolver.py b/efopen/ef_aws_resolver.py index 68843fe..7772d69 100644 --- a/efopen/ef_aws_resolver.py +++ b/efopen/ef_aws_resolver.py @@ -992,6 +992,27 @@ def ram_resource_arn(self, lookup, default=None): else: return default + def secrets_manager_secret_arn(self, lookup, default=None): + """ + Args: + lookup: the name of the secret + default: the optional value to return if lookup failed; returns None if not set + Returns: + The arn of the first secret found with a name matching 'lookup' or default/None if no match found + """ + secrets = EFAwsResolver.__CLIENTS["secretsmanager"].list_secrets( + Filters=[ + { + 'Key': 'name', + 'Values': [lookup] + }, + ] + ) + if len(secrets.get('SecretList')) > 0: + return secrets['SecretList'][0]['ARN'] + else: + return default + def ec2_transit_gateway_id(self, lookup, default=None): """ Args: @@ -1127,6 +1148,8 @@ def lookup(self, token): return self.route53_private_hosted_zone_id(*kv[1:]) elif kv[0] == "route53:public-hosted-zone-id": return self.route53_public_hosted_zone_id(*kv[1:]) + elif kv[0] == "secretsmanager:secret-arn": + return self.secrets_manager_secret_arn(*kv[1:]) elif kv[0] == "waf:ip-set-id": return self.waf_ip_set_id(*kv[1:]) elif kv[0] == "waf:rule-id": diff --git a/efopen/ef_template_resolver.py b/efopen/ef_template_resolver.py index 53c2262..1ba9f84 100644 --- a/efopen/ef_template_resolver.py +++ b/efopen/ef_template_resolver.py @@ -243,6 +243,7 @@ def __init__(self, "lambda", "ram", "route53", + "secretsmanager", "s3", "sts", "waf"