Skip to content

Commit

Permalink
feat: read db password from aws secrect manager (#12)
Browse files Browse the repository at this point in the history
  • Loading branch information
@forcodedancing
forcodedancing authored Nov 13, 2023
1 parent 19a4968 commit 998a310
Show file tree
Hide file tree
Showing 4 changed files with 107 additions and 6 deletions.
2 changes: 2 additions & 0 deletions go.mod
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ go 1.20
require (
cosmossdk.io/math v1.0.1
github.com/avast/retry-go/v4 v4.3.1
github.com/aws/aws-sdk-go v1.40.45
github.com/bnb-chain/greenfield v0.2.6
github.com/bnb-chain/greenfield-go-sdk v0.2.6
github.com/cometbft/cometbft v0.37.2
Expand Down Expand Up @@ -109,6 +110,7 @@ require (
github.com/inconshreveable/mousetrap v1.1.0 // indirect
github.com/jinzhu/inflection v1.0.0 // indirect
github.com/jinzhu/now v1.1.5 // indirect
github.com/jmespath/go-jmespath v0.4.0 // indirect
github.com/jmhodges/levigo v1.0.0 // indirect
github.com/josharian/intern v1.0.0 // indirect
github.com/klauspost/compress v1.16.3 // indirect
Expand Down
5 changes: 5 additions & 0 deletions go.sum
View file
Original file line number Diff line number Diff line change
Expand Up @@ -136,6 +136,8 @@ github.com/avast/retry-go/v4 v4.3.1 h1:Mtg11F9PdAIMkMiio2RKcYauoVHjl2aB3zQJJlzD4
github.com/avast/retry-go/v4 v4.3.1/go.mod h1:rg6XFaiuFYII0Xu3RDbZQkxCofFwruZKW8oEF1jpWiU=
github.com/aws/aws-lambda-go v1.13.3/go.mod h1:4UKl9IzQMoD+QF79YdCuzCwp8VbmG4VAQwij/eHl5CU=
github.com/aws/aws-sdk-go v1.27.0/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo=
github.com/aws/aws-sdk-go v1.40.45 h1:QN1nsY27ssD/JmW4s83qmSb+uL6DG4GmCDzjmJB4xUI=
github.com/aws/aws-sdk-go v1.40.45/go.mod h1:585smgzpB/KqRA+K3y/NL/oYRqQvpNJYvLm+LY1U59Q=
github.com/aws/aws-sdk-go-v2 v0.18.0/go.mod h1:JWVYvqSMppoMJC0x5wdwiImzgXTI9FuZwxzkQq9wy+g=
github.com/aws/aws-sdk-go-v2 v1.2.0/go.mod h1:zEQs02YRBw1DjK0PoJv3ygDYOFTre1ejlJWl8FwAuQo=
github.com/aws/aws-sdk-go-v2/config v1.1.1/go.mod h1:0XsVy9lBI/BCXm+2Tuvt39YmdHwS5unDQmxZOYe8F5Y=
Expand Down Expand Up @@ -759,7 +761,9 @@ github.com/jinzhu/inflection v1.0.0/go.mod h1:h+uFLlag+Qp1Va5pdKtLDYj+kHp5pxUVkr
github.com/jinzhu/now v1.1.5 h1:/o9tlHleP7gOFmsnYNz3RGnqzefHA47wQpKrrdTIwXQ=
github.com/jinzhu/now v1.1.5/go.mod h1:d3SSVoowX0Lcu0IBviAWJpolVfI5UJVZZ7cO71lE/z8=
github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k=
github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg=
github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo=
github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8=
github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U=
github.com/jmhodges/levigo v1.0.0 h1:q5EC36kV79HWeTBWsod3mG11EgStG3qArTKcvlksN1U=
github.com/jmhodges/levigo v1.0.0/go.mod h1:Q6Qx+uH3RAqyK4rFQroq9RL7mdkABMcfhEI+nNuzMJQ=
Expand Down Expand Up @@ -1656,6 +1660,7 @@ golang.org/x/net v0.0.0-20210421230115-4e50805a0758/go.mod h1:72T/g9IO56b78aLF+1
golang.org/x/net v0.0.0-20210423184538-5f58ad60dda6/go.mod h1:OJAsFXCWl8Ukc7SiCT/9KSuxbyM7479/AVlXFRxuMCk=
golang.org/x/net v0.0.0-20210428140749-89ef3d95e781/go.mod h1:OJAsFXCWl8Ukc7SiCT/9KSuxbyM7479/AVlXFRxuMCk=
golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
golang.org/x/net v0.0.0-20210614182718-04defd469f4e/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
golang.org/x/net v0.0.0-20210805182204-aaa1db679c0d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
golang.org/x/net v0.0.0-20210813160813-60bc85c4be6d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
golang.org/x/net v0.0.0-20211015210444-4f30a5c0130f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
Expand Down
40 changes: 34 additions & 6 deletions util/config.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,12 +6,14 @@ import (
)

type DBConfig struct {
DBDialect string `json:"db_dialect"`
DBPath string `json:"db_path"`
Password string `json:"password"`
Username string `json:"username"`
MaxIdleConns int `json:"max_idle_conns"`
MaxOpenConns int `json:"max_open_conns"`
DBDialect string `json:"db_dialect"`
DBPath string `json:"db_path"`
Password string `json:"password"`
Username string `json:"username"`
MaxIdleConns int `json:"max_idle_conns"`
MaxOpenConns int `json:"max_open_conns"`
AWSRegion string `json:"aws_region"`
AWSSecretName string `json:"aws_secret_name"`
}

type LogConfig struct {
Expand Down Expand Up @@ -46,6 +48,11 @@ func ParseServerConfigFromFile(filePath string) *ServerConfig {
if err := json.Unmarshal(bz, &config); err != nil {
panic(err)
}

if config.DBConfig.Password == "" { // read password from AWS secret
config.DBConfig.Password = GetDBPass(config.DBConfig)
}

return &config
}

Expand Down Expand Up @@ -79,5 +86,26 @@ func ParseMonitorConfigFromFile(filePath string) *MonitorConfig {
if err := json.Unmarshal(bz, &config); err != nil {
panic(err)
}

if config.DBConfig.Password == "" { // read password from AWS secret
config.DBConfig.Password = GetDBPass(config.DBConfig)
}

return &config
}

func GetDBPass(cfg *DBConfig) string {
result, err := GetSecret(cfg.AWSSecretName, cfg.AWSRegion)
if err != nil {
panic(err)
}
type DBPass struct {
DbPass string `json:"db_pass"`
}
var dbPassword DBPass
err = json.Unmarshal([]byte(result), &dbPassword)
if err != nil {
panic(err)
}
return dbPassword.DbPass
}
66 changes: 66 additions & 0 deletions util/utils.go
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,66 @@
package util

import (
"encoding/base64"
"fmt"
"net/http"
"net/url"

"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/aws/session"
"github.com/aws/aws-sdk-go/service/secretsmanager"
)

func GetSecret(secretName, region string) (string, error) {
// Create a Secrets Manager client
sess, err := session.NewSession(&aws.Config{
Region: &region,
})
if err != nil {
return "", err
}

svc := secretsmanager.New(sess)
input := &secretsmanager.GetSecretValueInput{
SecretId: aws.String(secretName),
VersionStage: aws.String("AWSCURRENT"), // VersionStage defaults to AWSCURRENT if unspecified
}

result, err := svc.GetSecretValue(input)
if err != nil {
return "", err
}

var secretString, decodedBinarySecret string
if result.SecretString != nil {
secretString = *result.SecretString
return secretString, nil
} else {
decodedBinarySecretBytes := make([]byte, base64.StdEncoding.DecodedLen(len(result.SecretBinary)))
length, err := base64.StdEncoding.Decode(decodedBinarySecretBytes, result.SecretBinary)
if err != nil {
fmt.Println("Base64 Decode Error:", err)
return "", err
}
decodedBinarySecret = string(decodedBinarySecretBytes[:length])
return decodedBinarySecret, nil
}
}

func SendTelegramMessage(identity string, botId string, chatId string, msg string) {
if botId == "" || chatId == "" || msg == "" {
return
}

endPoint := fmt.Sprintf("https://api.telegram.org/bot%s/sendMessage", botId)
formData := url.Values{
"chat_id": {chatId},
"parse_mode": {"html"},
"text": {fmt.Sprintf("%s: %s", identity, msg)},
}
_, err := http.PostForm(endPoint, formData)
if err != nil {
fmt.Printf("send telegram message error, bot_id=%s, chat_id=%s, msg=%s, err=%s \n", botId, chatId, msg, err.Error())
return
}
}

0 comments on commit 998a310

Please sign in to comment.