in pkg/broker/util.go [425:482]
func getCredentials(service *osb.Service, outputs []*cloudformation.Output, ssmSvc ssmiface.SSMAPI) (map[string]interface{}, error) {
credentials := make(map[string]interface{})
var ssmValues []string
for _, o := range outputs {
if strings.HasPrefix(aws.StringValue(o.OutputKey), cfnOutputPolicyArnPrefix) {
continue
}
// The output keys "UserKeyId" and "UserSecretKey" require special handling for backward compatibility :/
if aws.StringValue(o.OutputKey) == cfnOutputUserKeyID || aws.StringValue(o.OutputKey) == cfnOutputUserSecretKey {
k := fmt.Sprintf("%s_%s", strings.ToUpper(service.Name), toScreamingSnakeCase(aws.StringValue(o.OutputKey)))
credentials[k] = aws.StringValue(o.OutputValue)
ssmValues = append(ssmValues, aws.StringValue(o.OutputValue))
} else {
credentials[toScreamingSnakeCaseIfAppropriate(service, aws.StringValue(o.OutputKey))] = aws.StringValue(o.OutputValue)
// If the output value starts with "ssm:", we'll get the actual value from SSM
if strings.HasPrefix(aws.StringValue(o.OutputValue), cfnOutputSSMValuePrefix) {
ssmValues = append(ssmValues, strings.TrimPrefix(aws.StringValue(o.OutputValue), cfnOutputSSMValuePrefix))
}
}
}
if len(ssmValues) > 0 {
resp, err := ssmSvc.GetParameters(&ssm.GetParametersInput{
Names: aws.StringSlice(ssmValues),
WithDecryption: aws.Bool(true),
})
if err != nil {
return nil, err
} else if len(resp.InvalidParameters) > 0 {
return nil, fmt.Errorf("invalid parameters: %v", aws.StringValueSlice(resp.InvalidParameters))
}
for _, p := range resp.Parameters {
for k, v := range credentials {
if strings.TrimPrefix(v.(string), cfnOutputSSMValuePrefix) == aws.StringValue(p.Name) {
credentials[k] = aws.StringValue(p.Value)
}
}
}
}
if service.Metadata["cloudFoundry"] == true {
switch service.Name {
case "rdsmysql":
credentials = cfmysqlcreds(credentials)
case "rdsmariadb":
credentials = cfmysqlcreds(credentials)
case "rdspostgresql":
credentials = cfpostgrecreds(credentials)
case "s3":
credentials = cfs3creds(credentials)
}
}
return credentials, nil
}