#!/usr/bin/env python3
# coding: utf-8
import os
from stack.app import Stack
import logging
logger = logging.getLogger("stack")
# Get the secrets file
path = os.path.join(Stack.get_stack_root(), ".env")
def run(self):
# Get name of secret
secret_name = Stack.get_secrets_config("name")
try:
# Get the secrets manager client.
session = boto3.session.Session(
profile_name=Stack.get_secrets_config("profile"))
client = session.client(
"secretsmanager",
region_name=Stack.get_secrets_config("region"),
)
# Get the secrets
response = client.get_secret_value(SecretId=secret_name)
# Get values of secrets
if "SecretString" in response:
secrets = json.loads(response["SecretString"])
else:
secrets = base64.b64decode(response["SecretBinary"])
# Check if file exists
path = os.path.join(Stack.get_stack_root(), ".env")
if os.path.exists(path):
# Prompt to overwrite
if not self.options["--force"]:
logger.error(
"(secrets) The .env secrets file already exists."
' Run with "-f" to overwrite.')
exit(0)
# Determine how to write
if type(secrets) is dict:
with open(path, "w") as f:
f.write(headers + "\n")
for key, value in secrets.items():
if type(value) is str:
f.write("{}={}\n".format(key.upper(), value))
else:
f.write("{}={}\n".format(key.upper(),
json.dumps(value)))
else:
with open(path, "w+b") as f:
f.write(secrets)
logger.info(
"(secrets) Fetched and saved secrets to '{}'".format(path))
except ClientError as e:
if e.response["Error"]["Code"] == "DecryptionFailureException":
# Secrets Manager can't decrypt the protected secret text using
# the provided KMS key.
# Deal with the exception here, and/or rethrow at your discretion.
raise e
elif e.response["Error"][
"Code"] == "InternalServiceErrorException":
# An error occurred on the server side.
# Deal with the exception here, and/or rethrow at your discretion.
raise e
elif e.response["Error"]["Code"] == "InvalidParameterException":
# You provided an invalid value for a parameter.
# Deal with the exception here, and/or rethrow at your discretion.
raise e
elif e.response["Error"]["Code"] == "InvalidRequestException":
# You provided a parameter value that is not valid for the current
# state of the resource.
# Deal with the exception here, and/or rethrow at your discretion.
raise e
elif e.response["Error"]["Code"] == "ResourceNotFoundException":
# We can't find the resource that you asked for.
# Deal with the exception here, and/or rethrow at your discretion.
logger.error(
"(secrets) Error: No secret could be found for name '{}'".
format(secret_name))
except Exception as e:
logger.exception("Secrets error: {}".format(e))
exit(1)