feat: support JSON Credentials as repo secret

[cbentkowski]

Fixes #900

Added new functionality to GetCredsType in utils.go to parse JSON Username/Password in this format:
{ "username": "someusername", "password": "somepassword" }

Added new function, GetJSONSecret to parse and return the JSON Username/Password above to utils.go.

Updated parseCreds in main.go to look for SECRET_JSON and call the GetJSONSecret and return the creds.

Corrected spelling of unknown in error return of parseCreds in main.go.

Tests pass in utils_test.go.

[cbentkowski]

I apologize if I named the pull request/branch incorrectly. This is my very first one to a public repository.

[mrgrain]

This looks great! Thank you.

One thing though. I'm not 100% sure I understand what exactly this new feature is covering. Is it adding support for stringified JSON in the creds property? Or for JSON in the SecretsManager Secret? Or for both?

From the code, I think this PR currently only adds supports for stringified JSON in creds, but I might be wrong. However I also think the linked issue is talking about JSON support inside the SecretsManager Secret. Could you check that? I reckon this PR would be a huge step to that, but we would need a little bit more work before we can close the issue.

And a couple minor notes:

• Once the above is resolved, please update the docs here to describe the newly supported format(s).
• Let's add a test case for GetJSON. I know the other types don't have tests, but they are also much simpler.

[cbentkowski]

Based on #900, I was going just for stringified JSON in the creds property. I can add a comment on #900 to see if they are wanting JSON support inside SecretsManager and if so I can add that. I'll also work on the test for GetJSON and update the docs later today.

[mrgrain]

Based on #900, I was going just for stringified JSON in the creds property. I can add a comment on #900 to see if they are wanting JSON support inside SecretsManager and if so I can add that. I'll also work on the test for GetJSON and update the docs later today.

That's perfect, thank you!

[mrgrain]

Ok, similar to the ARN credentials that it already accepts, but the return from the ARN will be JSON formatted text. I've got a JSON parser built, but let me work on detecting JSON string formatted credentials from the ARN and see what I can come up with.

#900 (comment)

With that, we can either

• merge this PR (with the request small changes), not close Support Non-PlainText Secret Format for Container Repository Login #900 and do a follow-up
• or add the requested feature into this PR

Either is fine with me. LMK what you prefer.

[cbentkowski]

I actually have the code to detect a JSON string being returned from the GetSecretValue. It's the unit tests I'm having an issue with. Trying to mock up the secret client is a pain.

[mrgrain]

I actually have the code to detect a JSON string being returned from the GetSecretValue. It's the unit tests I'm having an issue with. Trying to mock up the secret client is a pain.

That's awesome!

I understand the challenges with mocking SDK calls. No idea myself how this works in Golang. Alternatively, wrap all the logic that deals with the response from GetSecretValue in a helper function and test that.

GetSecret would look like this (pseudo code) and you only test ParseGetSecretResponse:

func GetSecret(secretId string) (secret string, err error) {
  resp, err = GetSecretValueHelper(secretId) // pretty much what the current method does
  secret, err = ParseGetSecretResponse(resp)
  return secret
}

[cbentkowski]

I went ahead and pushed the code I have while I continue to work on unit tests. I'll have to come back to it later this afternoon/evening.

[mrgrain]

@cbentkowski Thanks for your work so far. Anything I can help with to get this wrapped up?

[cbentkowski]

@mrgrain Sorry, work has gotten busy. I'll try to find some time this afternoon/evening to wrap this up.

[Hi-Fi]

Maybe this could be typed also on construct side.

I had similar thing included to other PR (1eebc0c#diff-c54113cf61ec99691748a3890bfbeb00e10efb3f0a76f03a0fd9ec49072e410aR98-R110), but removed it already from there as it's easily creating breaking change.

It doesn't have any lambda side handling, as Lambda already handles secrets when ARN is given.

As one biggest advantage of typescript is typing of data, so plain JSOn sounds just very dirty solution.

[Bbuff101]

@mrgrain Sorry, work has gotten busy. I'll try to find some time this afternoon/evening to wrap this up.

@cbentkowski , anything I can help with for this PR, or any questions that might be lingering that I can help answer?

[cbentkowski]

I'm sorry. I've had a lot of things come up with work and personal life and unfortunately I don't currently have time to continue working on this.

[mrgrain]

I'm sorry. I've had a lot of things come up with work and personal life and unfortunately I don't currently have time to continue working on this.

All good. Thanks for letting us know.