Skip to content
This repository has been archived by the owner on Feb 16, 2023. It is now read-only.

Use AWS identity provider with SECRETHUB_IDENTITY_PROVIDER=aws envvar #129

Merged
merged 3 commits into from
Sep 6, 2019
Merged

Use AWS identity provider with SECRETHUB_IDENTITY_PROVIDER=aws envvar #129

Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
6b966f8
Use AWS identity provider with SECRETHUB_IDENTITY_PROVIDER=aws envvar
SimonBarendse Sep 6, 2019
5df6981
Make identity provider configuration case insensitive
SimonBarendse Sep 6, 2019
1b6648d
Swap "" and "key" when matching the configured identity provider
SimonBarendse Sep 6, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
19 changes: 18 additions & 1 deletion pkg/secrethub/client.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,11 @@ const (
userAgentPrefix = "SecretHub/v1 secrethub-go/" + ClientVersion
)

// Errors
var (
ErrUnknownIdentityProvider = errClient.Code("unknown_identity_provider").ErrorPref("%s is not a supported identity provider. Valid options are `aws` and `key`.")
)

// ClientInterface is an interface that can be used to consume the SecretHub client and is implemented by secrethub.Client.
type ClientInterface interface {
// AccessRules returns a service used to manage access rules.
Expand Down Expand Up @@ -110,7 +115,19 @@ func NewClient(with ...ClientOption) (*Client, error) {

// Try to use default key credentials if none provided explicitly
if client.decrypter == nil {
err := client.with(WithCredentials(credentials.UseKey(client.DefaultCredential())))
identityProvider := os.Getenv("SECRETHUB_IDENTITY_PROVIDER")

var provider credentials.Provider
switch strings.ToLower(identityProvider) {
case "", "key":
provider = credentials.UseKey(client.DefaultCredential())
case "aws":
provider = credentials.UseAWS()
default:
return nil, ErrUnknownIdentityProvider(identityProvider)
mackenbach marked this conversation as resolved.
Show resolved Hide resolved
}

err := client.with(WithCredentials(provider))
// nolint: staticcheck
if err != nil {
// TODO: log that default credential was not loaded.
Expand Down