Comments (5)
Hi Jimmy! The SecretString
is expected to be the token itself, not presented as a key/value JSON object. I tried to express this in the docs:
Note that the token should be provided as a plain string in the secret (i.e. the SecretString) and not wrapped in a JSON object.
But perhaps it could be phrased better? 🤔
from opa-aws-cloudformation-hook.
So, maybe I am doing something wrong, but I don't see how you can enter just a value
. It requires a key as well. When you retrieve the SecretString
, it is a K/V pair, in a string. You can enter just a key with no value, but it still returns a K/V string, just with an empty value position.
Also, your hook config schema refers to the opaAuthTokenSecret
key being set to opa_auth_token
.
{"opaAuthTokenSecret":{"description":"ARN referencing a secret containing a token to use for authenticating against OPA (secret key must be 'opa_auth_token')","type":"string"},
from opa-aws-cloudformation-hook.
So, if you use the plain-text, and not the key/value fields then it should work, for a value with no key. In the AWS CLI, it would be:
aws secretsmanager create-secret --name opa_auth_otken --secret-string "<VALUE>"
I guess the secret key must be 'opa_auth_token')
confused me.
Perhaps it should be referenced as "Secret Name", instead.
from opa-aws-cloudformation-hook.
Ah, yes, that's probably from an older iteration! Thanks for pointing that out 👍 Do you want to submit a PR to remove that or should I?
from opa-aws-cloudformation-hook.
Fixed in #42. Thanks @pauly4it 👍
from opa-aws-cloudformation-hook.
Related Issues (15)
- Run integration tests as part of the build
- Rewrite test-templates.py to work on provided file or directory HOT 1
- Allow JSON template files HOT 1
- Separate example policies from the main (i.e. router) policy HOT 1
- Diagram needed to show how OPA and CFN hooks connect HOT 2
- Find out why boolean properties are converted to strings HOT 4
- Publish hook to AWS Marketplace HOT 1
- No Hook logging to CloudWatch logs HOT 3
- Populate OPA error messages in CloudWatch and CloudFormation HOT 3
- handlers.py: Exception caught sequence item 0: expected str instance, dict found HOT 2
- Decide on best way to run OPA for docs HOT 1
- Non-Linux users without Docker Desktop cannot build hook locally HOT 1
- `generate-zip-file` build task failing
- Automate fetching of all resource types to add to styra-opa-hook.json HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from opa-aws-cloudformation-hook.