diff --git a/hcl2template/function/aws_secretetkey.go b/hcl2template/function/aws_secretetkey.go index 4684c9bf2d2..37fdc988df7 100644 --- a/hcl2template/function/aws_secretetkey.go +++ b/hcl2template/function/aws_secretetkey.go @@ -40,3 +40,30 @@ var AWSSecret = function.New(&function.Spec{ return cty.StringVal(val), err }, }) + +// AWSSecret constructs a function that retrieves secrets from aws secrets +// manager. +// +// Contrary to AWSSecret, it does not accept a key, and instead returns the raw +// value of the secret at all times, i.e. if it's plaintext it will return the +// value, and if it's a key/value secret, the raw JSON will be returned. +var AWSSecretRaw = function.New(&function.Spec{ + Params: []function.Parameter{ + { + Name: "name", + Description: "The name of the secret to fetch", + Type: cty.String, + AllowNull: false, + AllowUnknown: false, + }, + }, + Type: function.StaticReturnType(cty.String), + Impl: func(args []cty.Value, retType cty.Type) (cty.Value, error) { + name := args[0].AsString() + val, err := commontpl.GetRawAWSSecret(name) + if err != nil { + return cty.NullVal(cty.String), err + } + return cty.StringVal(val), nil + }, +}) diff --git a/hcl2template/functions.go b/hcl2template/functions.go index 4e832cf9380..666a95ea0c2 100644 --- a/hcl2template/functions.go +++ b/hcl2template/functions.go @@ -32,99 +32,100 @@ import ( func Functions(basedir string) map[string]function.Function { funcs := map[string]function.Function{ - "abs": stdlib.AbsoluteFunc, - "abspath": filesystem.AbsPathFunc, - "aws_secretsmanager": pkrfunction.AWSSecret, - "basename": filesystem.BasenameFunc, - "base64decode": encoding.Base64DecodeFunc, - "base64encode": encoding.Base64EncodeFunc, - "base64gzip": pkrfunction.Base64GzipFunc, - "bcrypt": crypto.BcryptFunc, - "can": tryfunc.CanFunc, - "ceil": stdlib.CeilFunc, - "chomp": stdlib.ChompFunc, - "chunklist": stdlib.ChunklistFunc, - "cidrhost": cidr.HostFunc, - "cidrnetmask": cidr.NetmaskFunc, - "cidrsubnet": cidr.SubnetFunc, - "cidrsubnets": cidr.SubnetsFunc, - "coalesce": collection.CoalesceFunc, - "coalescelist": stdlib.CoalesceListFunc, - "compact": stdlib.CompactFunc, - "concat": stdlib.ConcatFunc, - "consul_key": pkrfunction.ConsulFunc, - "contains": stdlib.ContainsFunc, - "convert": typeexpr.ConvertFunc, - "csvdecode": stdlib.CSVDecodeFunc, - "dirname": filesystem.DirnameFunc, - "distinct": stdlib.DistinctFunc, - "element": stdlib.ElementFunc, - "file": filesystem.MakeFileFunc(basedir, false), - "fileexists": filesystem.MakeFileExistsFunc(basedir), - "fileset": filesystem.MakeFileSetFunc(basedir), - "flatten": stdlib.FlattenFunc, - "floor": stdlib.FloorFunc, - "format": stdlib.FormatFunc, - "formatdate": stdlib.FormatDateFunc, - "formatlist": stdlib.FormatListFunc, - "indent": stdlib.IndentFunc, - "index": pkrfunction.IndexFunc, // stdlib.IndexFunc is not compatible - "join": stdlib.JoinFunc, - "jsondecode": stdlib.JSONDecodeFunc, - "jsonencode": stdlib.JSONEncodeFunc, - "keys": stdlib.KeysFunc, - "legacy_isotime": pkrfunction.LegacyIsotimeFunc, - "legacy_strftime": pkrfunction.LegacyStrftimeFunc, - "length": pkrfunction.LengthFunc, - "log": stdlib.LogFunc, - "lookup": stdlib.LookupFunc, - "lower": stdlib.LowerFunc, - "max": stdlib.MaxFunc, - "md5": crypto.Md5Func, - "merge": stdlib.MergeFunc, - "min": stdlib.MinFunc, - "parseint": stdlib.ParseIntFunc, - "pathexpand": filesystem.PathExpandFunc, - "pow": stdlib.PowFunc, - "range": stdlib.RangeFunc, - "reverse": stdlib.ReverseListFunc, - "replace": stdlib.ReplaceFunc, - "regex": stdlib.RegexFunc, - "regexall": stdlib.RegexAllFunc, - "regex_replace": stdlib.RegexReplaceFunc, - "rsadecrypt": crypto.RsaDecryptFunc, - "setintersection": stdlib.SetIntersectionFunc, - "setproduct": stdlib.SetProductFunc, - "setunion": stdlib.SetUnionFunc, - "sha1": crypto.Sha1Func, - "sha256": crypto.Sha256Func, - "sha512": crypto.Sha512Func, - "signum": stdlib.SignumFunc, - "slice": stdlib.SliceFunc, - "sort": stdlib.SortFunc, - "split": stdlib.SplitFunc, - "strcontains": pkrfunction.StrContains, - "strrev": stdlib.ReverseFunc, - "substr": stdlib.SubstrFunc, - "textdecodebase64": TextDecodeBase64Func, - "textencodebase64": TextEncodeBase64Func, - "timestamp": pkrfunction.TimestampFunc, - "timeadd": stdlib.TimeAddFunc, - "title": stdlib.TitleFunc, - "trim": stdlib.TrimFunc, - "trimprefix": stdlib.TrimPrefixFunc, - "trimspace": stdlib.TrimSpaceFunc, - "trimsuffix": stdlib.TrimSuffixFunc, - "try": tryfunc.TryFunc, - "upper": stdlib.UpperFunc, - "urlencode": encoding.URLEncodeFunc, - "uuidv4": uuid.V4Func, - "uuidv5": uuid.V5Func, - "values": stdlib.ValuesFunc, - "vault": pkrfunction.VaultFunc, - "yamldecode": ctyyaml.YAMLDecodeFunc, - "yamlencode": ctyyaml.YAMLEncodeFunc, - "zipmap": stdlib.ZipmapFunc, + "abs": stdlib.AbsoluteFunc, + "abspath": filesystem.AbsPathFunc, + "aws_secretsmanager": pkrfunction.AWSSecret, + "aws_secretsmanager_raw": pkrfunction.AWSSecretRaw, + "basename": filesystem.BasenameFunc, + "base64decode": encoding.Base64DecodeFunc, + "base64encode": encoding.Base64EncodeFunc, + "base64gzip": pkrfunction.Base64GzipFunc, + "bcrypt": crypto.BcryptFunc, + "can": tryfunc.CanFunc, + "ceil": stdlib.CeilFunc, + "chomp": stdlib.ChompFunc, + "chunklist": stdlib.ChunklistFunc, + "cidrhost": cidr.HostFunc, + "cidrnetmask": cidr.NetmaskFunc, + "cidrsubnet": cidr.SubnetFunc, + "cidrsubnets": cidr.SubnetsFunc, + "coalesce": collection.CoalesceFunc, + "coalescelist": stdlib.CoalesceListFunc, + "compact": stdlib.CompactFunc, + "concat": stdlib.ConcatFunc, + "consul_key": pkrfunction.ConsulFunc, + "contains": stdlib.ContainsFunc, + "convert": typeexpr.ConvertFunc, + "csvdecode": stdlib.CSVDecodeFunc, + "dirname": filesystem.DirnameFunc, + "distinct": stdlib.DistinctFunc, + "element": stdlib.ElementFunc, + "file": filesystem.MakeFileFunc(basedir, false), + "fileexists": filesystem.MakeFileExistsFunc(basedir), + "fileset": filesystem.MakeFileSetFunc(basedir), + "flatten": stdlib.FlattenFunc, + "floor": stdlib.FloorFunc, + "format": stdlib.FormatFunc, + "formatdate": stdlib.FormatDateFunc, + "formatlist": stdlib.FormatListFunc, + "indent": stdlib.IndentFunc, + "index": pkrfunction.IndexFunc, // stdlib.IndexFunc is not compatible + "join": stdlib.JoinFunc, + "jsondecode": stdlib.JSONDecodeFunc, + "jsonencode": stdlib.JSONEncodeFunc, + "keys": stdlib.KeysFunc, + "legacy_isotime": pkrfunction.LegacyIsotimeFunc, + "legacy_strftime": pkrfunction.LegacyStrftimeFunc, + "length": pkrfunction.LengthFunc, + "log": stdlib.LogFunc, + "lookup": stdlib.LookupFunc, + "lower": stdlib.LowerFunc, + "max": stdlib.MaxFunc, + "md5": crypto.Md5Func, + "merge": stdlib.MergeFunc, + "min": stdlib.MinFunc, + "parseint": stdlib.ParseIntFunc, + "pathexpand": filesystem.PathExpandFunc, + "pow": stdlib.PowFunc, + "range": stdlib.RangeFunc, + "reverse": stdlib.ReverseListFunc, + "replace": stdlib.ReplaceFunc, + "regex": stdlib.RegexFunc, + "regexall": stdlib.RegexAllFunc, + "regex_replace": stdlib.RegexReplaceFunc, + "rsadecrypt": crypto.RsaDecryptFunc, + "setintersection": stdlib.SetIntersectionFunc, + "setproduct": stdlib.SetProductFunc, + "setunion": stdlib.SetUnionFunc, + "sha1": crypto.Sha1Func, + "sha256": crypto.Sha256Func, + "sha512": crypto.Sha512Func, + "signum": stdlib.SignumFunc, + "slice": stdlib.SliceFunc, + "sort": stdlib.SortFunc, + "split": stdlib.SplitFunc, + "strcontains": pkrfunction.StrContains, + "strrev": stdlib.ReverseFunc, + "substr": stdlib.SubstrFunc, + "textdecodebase64": TextDecodeBase64Func, + "textencodebase64": TextEncodeBase64Func, + "timestamp": pkrfunction.TimestampFunc, + "timeadd": stdlib.TimeAddFunc, + "title": stdlib.TitleFunc, + "trim": stdlib.TrimFunc, + "trimprefix": stdlib.TrimPrefixFunc, + "trimspace": stdlib.TrimSpaceFunc, + "trimsuffix": stdlib.TrimSuffixFunc, + "try": tryfunc.TryFunc, + "upper": stdlib.UpperFunc, + "urlencode": encoding.URLEncodeFunc, + "uuidv4": uuid.V4Func, + "uuidv5": uuid.V5Func, + "values": stdlib.ValuesFunc, + "vault": pkrfunction.VaultFunc, + "yamldecode": ctyyaml.YAMLDecodeFunc, + "yamlencode": ctyyaml.YAMLEncodeFunc, + "zipmap": stdlib.ZipmapFunc, } funcs["templatefile"] = pkrfunction.MakeTemplateFileFunc(basedir, func() map[string]function.Function {