init

Author: maastha

internal/provider/aws_credentials.go

@@ -26,39 +26,39 @@ const (
 )
 
 func getAWSCredentials(c *config.AWSVars) (*config.Credentials, error) {
-    ctx := context.TODO()
+	ctx := context.TODO()
 
-    // Base config with static credentials
-    cfg, err := awsconfig.LoadDefaultConfig(ctx,
-        awsconfig.WithRegion(c.Region),
-        awsconfig.WithCredentialsProvider(credentials.NewStaticCredentialsProvider(c.AccessKeyID, c.SecretAccessKey, c.SessionToken)),
-    )
+	// Base config with static credentials
+	cfg, err := awsconfig.LoadDefaultConfig(ctx,
+		awsconfig.WithRegion(c.Region),
+		awsconfig.WithCredentialsProvider(credentials.NewStaticCredentialsProvider(c.AccessKeyID, c.SecretAccessKey, c.SessionToken)),
+	)
+	if err != nil {
+		return nil, err
+	}
+	ep, signingRegion := ResolveSTSEndpoint(c.Endpoint, c.Region)
+
+	// STS client with custom endpoint and signing region when needed
+	stsClient := sts.NewFromConfig(cfg, func(o *sts.Options) {
+		// Always set region to derived signing region
+		o.Region = signingRegion
+		if ep != "" {
+			o.EndpointResolver = sts.EndpointResolverFromURL(ep)
+		}
+	})
+
+	// Assume role provider using STS client
+	assumeRoleProvider := stscreds.NewAssumeRoleProvider(stsClient, c.AssumeRoleARN)
+
+	// Secrets Manager client using the assumed role credentials
+	smCfg := cfg
+	smCfg.Credentials = aws.NewCredentialsCache(assumeRoleProvider)
+	smClient := secretsmanager.NewFromConfig(smCfg)
+
+	secretString, err := secretsManagerGetSecretValue(ctx, smClient, c.SecretName)
 	if err != nil {
 		return nil, err
 	}
-    ep, signingRegion := ResolveSTSEndpoint(c.Endpoint, c.Region)
-
-    // STS client with custom endpoint and signing region when needed
-    stsClient := sts.NewFromConfig(cfg, func(o *sts.Options) {
-        // Always set region to derived signing region
-        o.Region = signingRegion
-        if ep != "" {
-            o.EndpointResolver = sts.EndpointResolverFromURL(ep)
-        }
-    })
-
-    // Assume role provider using STS client
-    assumeRoleProvider := stscreds.NewAssumeRoleProvider(stsClient, c.AssumeRoleARN)
-
-    // Secrets Manager client using the assumed role credentials
-    smCfg := cfg
-    smCfg.Credentials = aws.NewCredentialsCache(assumeRoleProvider)
-    smClient := secretsmanager.NewFromConfig(smCfg)
-
-    secretString, err := secretsManagerGetSecretValue(ctx, smClient, c.SecretName)
-    if err != nil {
-        return nil, err
-    }
 	var secret config.Credentials
 	err = json.Unmarshal([]byte(secretString), &secret)
 	if err != nil {
@@ -89,45 +89,45 @@ func DeriveSTSRegionFromEndpoint(ep string) string {
 }
 
 func ResolveSTSEndpoint(stsEndpoint, secretsRegion string) (string, string) {
-    ep := stsEndpoint
-    if ep == "" {
-        r := secretsRegion
-        if r == "" {
-            r = DefaultRegionSTS
-        }
-        ep = fmt.Sprintf("https://sts.%s.amazonaws.com/", r)
-    }
-    signingRegion := DeriveSTSRegionFromEndpoint(ep)
-    return ep, signingRegion
+	ep := stsEndpoint
+	if ep == "" {
+		r := secretsRegion
+		if r == "" {
+			r = DefaultRegionSTS
+		}
+		ep = fmt.Sprintf("https://sts.%s.amazonaws.com/", r)
+	}
+	signingRegion := DeriveSTSRegionFromEndpoint(ep)
+	return ep, signingRegion
 }
 
 func secretsManagerGetSecretValue(ctx context.Context, client *secretsmanager.Client, secret string) (string, error) {
-    input := &secretsmanager.GetSecretValueInput{
-        SecretId:     aws.String(secret),
-        VersionStage: aws.String("AWSCURRENT"),
-    }
-
-    result, err := client.GetSecretValue(ctx, input)
-    if err != nil {
-        switch e := err.(type) {
-        case *smtypes.ResourceNotFoundException:
-            log.Println("ResourceNotFoundException", e.Error())
-        case *smtypes.InvalidParameterException:
-            log.Println("InvalidParameterException", e.Error())
-        case *smtypes.InvalidRequestException:
-            log.Println("InvalidRequestException", e.Error())
-        case *smtypes.DecryptionFailure:
-            log.Println("DecryptionFailure", e.Error())
-        case *smtypes.InternalServiceError:
-            log.Println("InternalServiceError", e.Error())
-        default:
-            log.Println(err.Error())
-        }
-        return "", err
-    }
-
-    if result.SecretString == nil {
-        return "", fmt.Errorf("secret string is nil for secret %s", secret)
-    }
-    return *result.SecretString, nil
+	input := &secretsmanager.GetSecretValueInput{
+		SecretId:     aws.String(secret),
+		VersionStage: aws.String("AWSCURRENT"),
+	}
+
+	result, err := client.GetSecretValue(ctx, input)
+	if err != nil {
+		switch e := err.(type) {
+		case *smtypes.ResourceNotFoundException:
+			log.Println("ResourceNotFoundException", e.Error())
+		case *smtypes.InvalidParameterException:
+			log.Println("InvalidParameterException", e.Error())
+		case *smtypes.InvalidRequestException:
+			log.Println("InvalidRequestException", e.Error())
+		case *smtypes.DecryptionFailure:
+			log.Println("DecryptionFailure", e.Error())
+		case *smtypes.InternalServiceError:
+			log.Println("InternalServiceError", e.Error())
+		default:
+			log.Println(err.Error())
+		}
+		return "", err
+	}
+
+	if result.SecretString == nil {
+		return "", fmt.Errorf("secret string is nil for secret %s", secret)
+	}
+	return *result.SecretString, nil
 }

internal/provider/aws_credentials_test.go

@@ -85,9 +85,9 @@ func Test_resolveSTSEndpoint(t *testing.T) {
 
 	for testName, tc := range testCases {
 		t.Run(testName, func(t *testing.T) {
-            ep, sign := provider.ResolveSTSEndpoint(tc.stsEndpoint, tc.secretsRegion)
-            assert.Equal(t, tc.expectedURL, ep)
-            assert.Equal(t, tc.expectedSign, sign)
+			ep, sign := provider.ResolveSTSEndpoint(tc.stsEndpoint, tc.secretsRegion)
+			assert.Equal(t, tc.expectedURL, ep)
+			assert.Equal(t, tc.expectedSign, sign)
 		})
 	}
 }