Class: Hiera::Backend::Secrets_manager_backend

Inherits:

Object

• Object
• Hiera::Backend::Secrets_manager_backend

Defined in:

lib/hiera/backend/secrets_manager_backend.rb

Instance Method Summary

• #initialize ⇒ Secrets_manager_backend constructor

  A new instance of Secrets_manager_backend.

• #lookup(key, scope, order_override, resolution_type) ⇒ Object

Constructor Details

#initialize ⇒ Secrets_manager_backend

Returns a new instance of Secrets_manager_backend.

# File 'lib/hiera/backend/secrets_manager_backend.rb', line 4

def initialize
  require 'json'
  require 'aws-sdk-secretsmanager'
  @config = Config
  @client = create_client
end

Instance Method Details

#lookup(key, scope, order_override, resolution_type) ⇒ Object

# File 'lib/hiera/backend/secrets_manager_backend.rb', line 11

def lookup(key, scope, order_override, resolution_type)
  answer = nil

  if @client.nil?
    Hiera.debug('Key lookup failed. AWS Secrets Manager backend is in a bad state.')
    return answer
  end

  if contains_illegal_characters?(key)
    Hiera.debug("#{key} contains illegal characters. Skipping lookup.")
    return answer
  end

  key_to_query = format_key(key, scope, Config[:secrets_manager])

  begin
    case resolution_type
    when :array
      Hiera.warn("Hiera Secrets Manager backend does not support arrays.")
    when :hash
      answer = JSON.parse(retrieve_secret(key_to_query))
    else
      answer = retrieve_secret(key_to_query)
    end
  rescue Aws::SecretsManager::Errors::ResourceNotFoundException => error
    Hiera.debug("#{key_to_query} not found: #{error.message}")
  rescue StandardError => error
    Hiera.debug("Secrets Manager Backend Error:")
    Hiera.debug(error)
  end

  answer
end