-
Notifications
You must be signed in to change notification settings - Fork 0
/
main.go
132 lines (109 loc) · 3.06 KB
/
main.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
package main
import (
"flag"
"fmt"
"io/ioutil"
"log"
"os"
"os/exec"
"os/user"
"path/filepath"
"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/aws/session"
"github.com/aws/aws-sdk-go/service/secretsmanager"
)
func getSecret(sess *session.Session, secretID, versionID, versionStage string) (string, error) {
svc := secretsmanager.New(sess)
input := &secretsmanager.GetSecretValueInput{
SecretId: aws.String(secretID),
}
if versionID != "" {
input.VersionId = aws.String(versionID)
}
if versionStage != "" {
input.VersionStage = aws.String(versionStage)
}
result, err := svc.GetSecretValue(input)
if err != nil {
return "", err
}
return *result.SecretString, nil
}
func updateSecret(sess *session.Session, secretID, secretString string) error {
svc := secretsmanager.New(sess)
input := &secretsmanager.UpdateSecretInput{
SecretId: aws.String(secretID),
SecretString: aws.String(secretString),
}
_, err := svc.UpdateSecret(input)
return err
}
func editFile(filename, editor string) error {
cmd := exec.Command(editor, filename)
cmd.Stdin = os.Stdin
cmd.Stdout = os.Stdout
cmd.Stderr = os.Stderr
return cmd.Run()
}
func fileModified(filename string, originalContent []byte) bool {
currentContent, err := ioutil.ReadFile(filename)
if err != nil {
log.Fatalf("Failed to read file: %v", err)
}
return string(currentContent) != string(originalContent)
}
func main() {
secretID := flag.String("secretid", "", "The ID or ARN of the secret to edit")
editor := flag.String("editor", "", "The editor to use (optional)")
versionID := flag.String("versionid", "", "The version ID of the secret (optional)")
versionStage := flag.String("versionstage", "", "The version stage of the secret (optional)")
flag.Parse()
if *secretID == "" {
log.Fatalf("secretid is required")
}
if *editor == "" {
*editor = os.Getenv("EDITOR")
if *editor == "" {
*editor = "vi"
}
}
sess, err := session.NewSession()
if err != nil {
log.Fatalf("Failed to create AWS session: %v", err)
}
secret, err := getSecret(sess, *secretID, *versionID, *versionStage)
if err != nil {
log.Fatalf("Failed to get secret: %v", err)
}
usr, err := user.Current()
if err != nil {
log.Fatalf("Failed to get current user: %v", err)
}
tmpFile := filepath.Join(usr.HomeDir, "secret.json")
err = ioutil.WriteFile(tmpFile, []byte(secret), 0644)
if err != nil {
log.Fatalf("Failed to write secret to file: %v", err)
}
defer os.Remove(tmpFile)
originalContent, err := ioutil.ReadFile(tmpFile)
if err != nil {
log.Fatalf("Failed to read file: %v", err)
}
err = editFile(tmpFile, *editor)
if err != nil {
log.Fatalf("Failed to open editor: %v", err)
}
if fileModified(tmpFile, originalContent) {
updatedContent, err := ioutil.ReadFile(tmpFile)
if err != nil {
log.Fatalf("Failed to read modified file: %v", err)
}
err = updateSecret(sess, *secretID, string(updatedContent))
if err != nil {
log.Fatalf("Failed to update secret: %v", err)
}
fmt.Println("Secret updated successfully.")
} else {
fmt.Println("No changes made to the secret.")
}
}