Not all secrets are fetched or processed correctly
aws secretsmanager get-secret-value --secret-id gitlab/tools/purl_url
appears to return a valid result, with no foreign characters.
However, with the following adapted code (write output to /tmp/debug, and return x if returned_secret is falsey):
returned_secret = subprocess.run(
[
"aws",
"secretsmanager",
"get-secret-value",
"--secret-id",
module.params["secret_id"],
],
capture_output=True,
).stdout.decode("utf-8")
with open("/tmp/debug", 'w') as f:
f.write(returned_secret)
if returned_secret:
secret_string = json.loads(returned_secret)["SecretString"]
result["secret"] = re.sub('^"', "", re.sub('"$', "", secret_string))
else:
result["secret"] = "x"
... the return value is 'x', and nothing is written to that file by the process. The secret name appears to be correct:
- name: Get purl url
aws_secrets:
secret_id: "{{ secrets_prefix }}/tools/purl_url"
register: purl_url
- debug: var=purl_url
Edited by Andrew Engelbrecht