Merge pull request #618 from kayac/feature/secretsmanager_arn

add secretsmanager plugin

plugin.go

@@ -8,6 +8,7 @@ import (
 	"strings"
 	"text/template"
 
+	"github.com/aws/aws-sdk-go-v2/service/secretsmanager"
 	"github.com/fujiwara/cfn-lookup/cfn"
 	"github.com/fujiwara/tfstate-lookup/tfstate"
 
@@ -28,6 +29,8 @@ func (p ConfigPlugin) Setup(ctx context.Context, c *Config) error {
 		return setupPluginCFn(ctx, p, c)
 	case "ssm":
 		return setupPluginSSM(ctx, p, c)
+	case "secretsmanager":
+		return setupPluginSecretsManager(ctx, p, c)
 	default:
 		return fmt.Errorf("plugin %s is not available", p.Name)
 	}
@@ -90,3 +93,18 @@ func setupPluginSSM(ctx context.Context, p ConfigPlugin, c *Config) error {
 	}
 	return p.AppendFuncMap(c, funcs)
 }
+
+func setupPluginSecretsManager(ctx context.Context, p ConfigPlugin, c *Config) error {
+	funcs := make(template.FuncMap)
+	smsvc := secretsmanager.NewFromConfig(c.awsv2Config)
+	funcs[p.FuncPrefix+"secretsmanager_arn"] = func(id string) (string, error) {
+		res, err := smsvc.DescribeSecret(ctx, &secretsmanager.DescribeSecretInput{
+			SecretId: &id,
+		})
+		if err != nil {
+			return "", err
+		}
+		return *res.ARN, nil
+	}
+	return p.AppendFuncMap(c, funcs)
+}

tests/ci/ecs-task-def.json

@@ -63,6 +63,10 @@
         {
           "name": "JSON_FOO",
           "valueFrom": "arn:aws:secretsmanager:ap-northeast-1:{{must_env `AWS_ACCOUNT_ID`}}:secret:ecspresso-test/json-soBS7X:foo::"
+        },
+        {
+          "name": "JSON_VIA_SSM",
+          "valueFrom": "{{ secretsmanager_arn `ecspresso-test/json` }}"
         }
       ],
       "command": [

tests/ci/ecspresso.yml

@@ -4,3 +4,5 @@ service: "{{ must_env `SERVICE` }}"
 service_definition: ecs-service-def.json
 task_definition: ecs-task-def.json
 timeout: 10m0s
+plugins:
+  - name: secretsmanager