54 lines
1.3 KiB
Go
54 lines
1.3 KiB
Go
package secrets
|
|
|
|
import (
|
|
"context"
|
|
"encoding/json"
|
|
"fmt"
|
|
"github.com/aws/aws-sdk-go-v2/config"
|
|
"github.com/aws/aws-sdk-go-v2/service/secretsmanager"
|
|
)
|
|
|
|
type SAMLSecrets struct {
|
|
Certificate string `json:"certificate"`
|
|
PrivateKey string `json:"privateKey"`
|
|
IDPMetadata string `json:"idpMetadata"`
|
|
RootURL string `json:"rootURL"`
|
|
AdminGroup string `json:"adminGroup"`
|
|
ViewerGroup string `json:"viewerGroup"`
|
|
}
|
|
|
|
type SecretManager struct {
|
|
client *secretsmanager.Client
|
|
}
|
|
|
|
func NewSecretManager(ctx context.Context) (*SecretManager, error) {
|
|
cfg, err := config.LoadDefaultConfig(ctx)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("unable to load AWS config: %w", err)
|
|
}
|
|
|
|
client := secretsmanager.NewFromConfig(cfg)
|
|
|
|
return &SecretManager{
|
|
client: client,
|
|
}, nil
|
|
}
|
|
|
|
func (s *SecretManager) GetSAMLConfig(ctx context.Context, secretId string) (*SAMLSecrets, error) {
|
|
input := &secretsmanager.GetSecretValueInput{
|
|
SecretId: &secretId,
|
|
}
|
|
|
|
result, err := s.client.GetSecretValue(ctx, input)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("unable to get secret: %w", err)
|
|
}
|
|
|
|
var secrets SAMLSecrets
|
|
if err := json.Unmarshal([]byte(*result.SecretString), &secrets); err != nil {
|
|
return nil, fmt.Errorf("unable to unmarshal secret: %w", err)
|
|
}
|
|
|
|
return &secrets, nil
|
|
}
|