import boto3 from botocore.exceptions import ClientError from actions_logging.app_logging import logger from aws.assume_iam import assume_role_get_creds from aws.env_info import get_secret_manager_region from github.env import get_required_env_var def create_secret_manager_client(env_name: str = ""): try: credentials = None if env_name: credentials = assume_role_get_creds(env_name) logger.info_yellow(f"Assumed role for {env_name}") if not env_name or not credentials: credentials = { 'AccessKeyId': get_required_env_var('AWS_ACCESS_KEY_ID'), 'SecretAccessKey': get_required_env_var('AWS_SECRET_ACCESS_KEY'), 'SessionToken': get_required_env_var('AWS_SESSION_TOKEN') } secret_manager_region = get_secret_manager_region(env_name) secret_manager = boto3.client( 'secretsmanager', aws_access_key_id=credentials['AccessKeyId'], aws_secret_access_key=credentials['SecretAccessKey'], aws_session_token=credentials['SessionToken'], region_name=secret_manager_region ) return secret_manager except Exception as e: raise RuntimeError(f"Error in create_secret_manager_client: {e}") def get_secrets(secret_id, env_name="") -> str: """ this function will try to get the secrets from aws secret manager :param env_name: :param secret_id: :return: secret manager response for SecretString """ empty_response = "" try: client = create_secret_manager_client(env_name) response = client.get_secret_value(SecretId=secret_id) if response.get('SecretString'): return response['SecretString'] logger.warning(f"empty response from secret manager for secret_id: {secret_id}") except ClientError as e: # This will not result in a failed assertion if e.response['Error']['Code'] == 'ResourceNotFoundException': logger.warning(f"secret_id: {secret_id} not found in secret manager") except Exception as e: logger.warning(f"error in get_secrets: {e}") return empty_response