Skip to content

Commit

Permalink
GODRIVER-2958 Clean up secrets support
Browse files Browse the repository at this point in the history
  • Loading branch information
@blink1073
blink1073 committed Aug 29, 2023
1 parent 6d8bcd8 commit e20e541
Show file tree
Hide file tree
Showing 2 changed files with 20 additions and 26 deletions.
34 changes: 8 additions & 26 deletions .evergreen/auth_aws/setup_secrets.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,38 +5,18 @@
import argparse
import json
import os
import yaml
import boto3


def get_secrets(vaults, region, profile):
"""Get the driver secret values."""
# Handle local credentials.
try:
if profile is not None:
session = boto3.Session(profile_name=profile)
else:
session = boto3.Session()
client = session.client(service_name='secretsmanager', region_name=region)
except Exception:
print("Failed to connect using AWS credentials, trying with environment variables")
if "AWS_SESSION_TOKEN" not in os.environ:
if "AWS_ROLE_ARN" in os.environ:
session = boto3.Session(aws_access_key_id=os.environ['AWS_ACCESS_KEY_ID'],
aws_secret_access_key=os.environ['AWS_SECRET_ACCESS_KEY'])
client = session.client(service_name='sts', region_name=region)
creds = client.assume_role(RoleArn=os.environ['AWS_ROLE_ARN'], RoleSessionName='test')['Credentials']
os.environ['AWS_ACCESS_KEY_ID'] = creds['AccessKeyId']
os.environ['AWS_SECRET_ACCESS_KEY'] = creds['SecretAccessKey']
os.environ['AWS_SESSION_TOKEN'] = creds['SessionToken']
else:
raise ValueError('Missing AWS credentials')

# Create a session using the given creds
session = boto3.Session(aws_access_key_id=os.environ['AWS_ACCESS_KEY_ID'],
aws_secret_access_key=os.environ['AWS_SECRET_ACCESS_KEY'],
aws_session_token=os.environ['AWS_SESSION_TOKEN'])
client = session.client(service_name='secretsmanager', region_name=region)
# TODO: rectify this with how we run locally.
profile = profile or os.environ.get("AWS_PROFILE")
if "AWS_ACCESS_KEY_ID" not in os.environ and not profile:
raise ValueError("Please provide a profile (typically using AWS_PROFILE)")
session = boto3.Session(profile_name=profile)
client = session.client(service_name='secretsmanager', region_name=region)

secrets = []
try:
Expand Down Expand Up @@ -87,4 +67,6 @@ def main():


if __name__ == '__main__':
# See https://wiki.corp.mongodb.com/display/DRIVERS/Using+AWS+Secrets+Manager+to+Store+Testing+Secrets
# for details on usage.
main()
12 changes: 12 additions & 0 deletions .evergreen/auth_aws/setup_secrets.sh
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
#!/usr/bin/env bash
# setup_secrets
set -eu

HERE=$(dirname $0)

pushd $HERE
. ./activate-authawsvenv.sh
popd
echo "Getting secrets: $@"
python $HERE/setup_secrets.py $@
echo "Got secrets"

0 comments on commit e20e541

Please sign in to comment.