handle in consistent way

Signed-off-by: Jarek Gawor <[email protected]>
argoproj-labs · Apr 19, 2024 · ae73502 · ae73502
1 parent c8d7c36
commit ae73502
Show file tree

Hide file tree

Showing 3 changed files with 16 additions and 17 deletions.
diff --git a/docs/backends.md b/docs/backends.md
@@ -176,14 +176,15 @@ The path for IBM Cloud Secret Manager secrets can be specified in two ways:
 2. `ibmcloud/<SECRET_TYPE>/secrets/groups/<GROUP>/<SECRET_NAME>#<SECRET_KEY>`
 
 Where:
-* `<SECRET_TYPE>` can be one of the following: `arbitrary`, `iam_credentials`, `imported_cert`, `kv`, `private_cert`, `public_cert`, or `username_password`.
+* `<SECRET_TYPE>` can be one of the following: `arbitrary`, `iam_credentials`, `imported_cert`, `kv`, `private_cert`, `public_cert`, `username_password`, or `service_credentials`.
 * `<GROUP>` can be a secret group ID or name.
 * `<SECRET_NAME>` is the name of the secret.
 * `<SECRET_KEY>` is the key name within the secret. Specifically, the following keys are available for extraction:
   * `api_key` for the `iam_credentials` secret type
   * `username` and `password` for the `username_password` secret type
   * `certificate`, `private_key`, `intermediate` for the `imported_cert` or `public_cert` secret types
   * `certificate`, `private_key`, `issuing_ca`, `ca_chain` for the `private_cert` secret type
+  * `apikey` or/and any top-level key of the actual credential object for the `service_credentials` secret type
   * any key of the `kv` secret type
   `<SECRET_KEY>` is not supported for the `arbitrary` secret type.
 

diff --git a/pkg/backends/ibmsecretsmanager.go b/pkg/backends/ibmsecretsmanager.go
@@ -1,7 +1,6 @@
 package backends
 
 import (
-	"encoding/json"
 	"fmt"
 	"regexp"
 	"sync"
@@ -178,8 +177,12 @@ func (d IBMSecretData) GetSecret() (map[string]interface{}, error) {
 	case *ibmsm.ServiceCredentialsSecret:
 		{
 			if v.Credentials != nil {
-				data, _ := json.Marshal(*&v.Credentials)
-				result["credentials"] = string(data)
+				if v.Credentials.Apikey != nil {
+					result["apikey"] = *v.Credentials.Apikey
+				}
+				for k, v := range v.Credentials.GetProperties() {
+					result[k] = v
+				}
 			}
 		}
 	default:
@@ -281,8 +284,12 @@ func (d IBMVersionedSecretData) GetSecret() (map[string]interface{}, error) {
 	case *ibmsm.ServiceCredentialsSecretVersion:
 		{
 			if *v.PayloadAvailable {
-				data, _ := json.Marshal(*&v.Credentials)
-				result["credentials"] = string(data)
+				if v.Credentials.Apikey != nil {
+					result["apikey"] = *v.Credentials.Apikey
+				}
+				for k, v := range v.Credentials.GetProperties() {
+					result[k] = v
+				}
 			}
 		}
 	default:

diff --git a/pkg/backends/ibmsecretsmanager_test.go b/pkg/backends/ibmsecretsmanager_test.go
@@ -1,7 +1,6 @@
 package backends_test
 
 import (
-	"encoding/json"
 	"fmt"
 	"reflect"
 	"strings"
@@ -785,34 +784,26 @@ func TestIBMSecretsManagerSecretLookup(t *testing.T) {
 	})
 
 	t.Run("Retrieves payload of service credentials secret", func(t *testing.T) {
-		contents := map[string]interface{}{
+		expected := map[string]interface{}{
 			"apikey": "123456",
 			"authentication": map[string]interface{}{
 				"username": "user",
 				"password": "pass",
 			},
 		}
-		jsonContents, _ := json.Marshal(contents)
-		expected := map[string]interface{}{
-			"credentials": string(jsonContents),
-		}
 		GetSecretsTest(t, "ibmcloud/service_credentials/secrets/groups/small-group/my-secret", "", expected)
 		GetIndividualSecretTest(t, "ibmcloud/service_credentials/secrets/groups/small-group/my-secret", "credentials", "", expected["credentials"])
 		GetIndividualSecretTest(t, "ibmcloud/service_credentials/secrets/groups/small-group/my-secret", "doesnotexist", "", nil)
 	})
 
 	t.Run("Retrieves payload of service credentials secret (versioned)", func(t *testing.T) {
-		contents := map[string]interface{}{
+		expected := map[string]interface{}{
 			"apikey": "old-123456",
 			"authentication": map[string]interface{}{
 				"username": "old-user",
 				"password": "old-pass",
 			},
 		}
-		jsonContents, _ := json.Marshal(contents)
-		expected := map[string]interface{}{
-			"credentials": string(jsonContents),
-		}
 		GetSecretsTest(t, "ibmcloud/service_credentials/secrets/groups/small-group/my-secret", "123", expected)
 		GetIndividualSecretTest(t, "ibmcloud/service_credentials/secrets/groups/small-group/my-secret", "credentials", "123", expected["credentials"])
 		GetIndividualSecretTest(t, "ibmcloud/service_credentials/secrets/groups/small-group/my-secret", "doesnotexist", "123", nil)