Source code for ecs_composex.secrets.secrets_aws

#  -*- coding: utf-8 -*-
# SPDX-License-Identifier: MPL-2.0
# Copyright 2020-2021 John Mille <john@compose-x.io>

"""
Module to find the Secrets from AWS Tags
"""

from botocore.exceptions import ClientError
from compose_x_common.compose_x_common import keyisset

from ecs_composex.common import LOG
from ecs_composex.common.aws import (
    define_lookup_role_from_info,
    find_aws_resource_arn_from_tags_api,
)


[docs]def get_secret_config(logical_name, secret_arn, session): """ Function to get the secret config used to define its mapping :param str logical_name: :param str secret_arn: :param boto3.session.Session session: :return: """ secret_config = {} client = session.client("secretsmanager") try: secret_r = client.describe_secret(SecretId=secret_arn) secret_config.update({logical_name: secret_r["ARN"], "Name": secret_r["Name"]}) if keyisset("KmsKeyId", secret_r): secret_config.update({"KmsKeyId": secret_r["KmsKeyId"]}) return secret_config except client.exceptions.ResourceNotFoundException: return None except ClientError as error: LOG.error(error) raise
[docs]def lookup_secret_config(logical_name, lookup, session): """ Function to find the DB in AWS account :param str logical_name: Logical name of the resource :param dict lookup: The Lookup definition :param boto3.session.Session session: Boto3 session for clients :return: """ secrets_types = { "secretsmanager:secret": { "regexp": r"(?:^arn:aws(?:-[a-z]+)?:secretsmanager:[\w-]+:[0-9]{12}:secret:)([\S]+)(?:-[A-Za-z0-9]+)$" }, } lookup_session = define_lookup_role_from_info(lookup, session) secret_arn = find_aws_resource_arn_from_tags_api( lookup, lookup_session, "secretsmanager:secret", types=secrets_types, ) config = get_secret_config(logical_name, secret_arn, lookup_session) LOG.debug(config) return config