awshark 1.3.0 → 1.5.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 8f014eaddd54562cad6064bc0b28a9fde800b7144f3be26e4af11f02a99d1f13
-  data.tar.gz: 258b5c71b20180623ca66646d4081c38d8c14e590a1b2a2773193523423dc614
+  metadata.gz: 1f20abce36658043c8b046859575b969365fd56528b3a786ca71e3009b078909
+  data.tar.gz: 75631cf5ad34c594571a1f46297d3fa23c8da384c4789c43ea857a4ab09b972c
 SHA512:
-  metadata.gz: 42970eec188f9fe6a4f561a2d42b01387b08c98f26ee93e0352d83f1fda165f119ae09909fbbb62c80e5380ca259a8d667bb46cf416e742db333051da4891204
-  data.tar.gz: ecf2602e7bb5cf37ebd508d3bb95d44eff004214f38bb6fa19475ee38d6b094093c6572c17acb3d48ca59d6b018a39129019d450e80aa7a6db4d84d0cc4b7c17
+  metadata.gz: e75070ff5ad3295b994b9408edc5e448a205a413278b9dc6d2cae3b891840a976f6f5b0ccd9d8d4b9f6ba85fdf081ad1b3c83727712bea4228cb5248e659019b
+  data.tar.gz: aa0feb28170116e34cab5a60ca8e60cfd6a6b76c9def7aaf78709aaa28a3475d2067bc39e76c9303481304ef11a757f69a54ebd4fdb9a0e1ce9cedf84c98d778

data/.rubocop.yml

@@ -4,7 +4,7 @@
 # See https://docs.rubocop.org/rubocop/configuration
 
 AllCops:
-  TargetRubyVersion: 2.6
+  TargetRubyVersion: 2.7
   Exclude:
     - 'bin/*'
     - 'tmp/*'

data/CHANGELOG.md

@@ -1,5 +1,12 @@
 ## Changelog
 
+#### 1.5.0
+- [new] add `awshark ssm list` to list AWS Parameter Store secrets
+- [new] add `awshark ssm deploy` to update AWS Parameter Store secrets
+
+#### 1.4.0
+- [new] add `awshark cf save` to save AWS Cloud Formation templates as file
+
 #### 1.3.0
 - [new] add `awshark ec2 authorize` and `unauthorize`
 

data/README.md

@@ -18,37 +18,46 @@ Use `AWS_PROFILE=PROFILE` and/or `AWS_REGION=REGION` to configure the internal A
 
 #### S3 commands
 
-List all S3 buckets
+List all S3 buckets with number of objects and total size.
+(Data depends on AWS Cloudwatch Metrics so there is a time difference to the actual data.)
 ```
 awshark s3 list
 ```
 
-List all objects in a specific S3 bucket
+List all objects in a specific S3 bucket.
 ```
 awshark s3 objects BUCKET_NAME fonts/
 ```
 
 #### EC2 commands
 
-List all EC2 instances in a region
+List all EC2 instances in a region.
 ```
 awshark ec2 list
 ```
 
 #### ECS commands
 
-List all EC2 instances in a region
+List all ECS services in a region.
 ```
 awshark ecs list
 ```
 
 #### Cloud Formation commands
 
-Update (diff) Cloud Formation stack
+Display changes to AWS Cloud Formation stack.
+```
+awshark cf diff TEMPLATE_PATH --stage=STAGE --bucket=S3_BUCKET.bundesimmo.de
+```
+
+Update or create AWS Cloud Formation stack.
 ```
 awshark cf deploy TEMPLATE_PATH --stage=STAGE --bucket=S3_BUCKET.bundesimmo.de
+```
 
-awshark cf diff TEMPLATE_PATH --stage=STAGE --bucket=S3_BUCKET.bundesimmo.de
+Save AWS Cloud Formation stack as file `STACK_NAME-STAGE.json`.
+```
+awshark cf save TEMPLATE_PATH --stage=STAGE
 ```
 
 For a further information visit the [Wiki](https://github.com/jdahlke/awshark/wiki).

data/awshark.gemspec

@@ -27,7 +27,7 @@ Gem::Specification.new do |spec|
   spec.bindir = 'exe'
   spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
   spec.require_paths = ['lib']
-  spec.required_ruby_version = '>= 2.6'
+  spec.required_ruby_version = '>= 2.7'
 
   spec.add_dependency 'activesupport'
   spec.add_dependency 'aws-sdk-cloudformation'

data/lib/awshark/class_options.rb

@@ -11,7 +11,7 @@ module Awshark
         exit(0)
       end
 
-      setup_aws_credentials(options)
+      setup_aws_credentials(cli_options)
     end
 
     private

data/lib/awshark/cli.rb

@@ -7,6 +7,7 @@ require 'awshark/ec2/subcommand'
 require 'awshark/ecs/subcommand'
 require 'awshark/rds/subcommand'
 require 'awshark/s3/subcommand'
+require 'awshark/ssm/subcommand'
 
 module Awshark
   class Cli < Thor
@@ -15,6 +16,7 @@ module Awshark
     map '-v' => :version
 
     class_option :help, type: :boolean, desc: 'Prints this help'
+    class_option :region, type: :string, desc: 'AWS region'
 
     desc 'cf COMMAND', 'Run CloudFormation command'
     subcommand 'cf', Awshark::CloudFormation::Subcommand
@@ -31,6 +33,9 @@ module Awshark
     desc 's3 COMMAND', 'Run CloudFormation command'
     subcommand 's3', Awshark::S3::Subcommand
 
+    desc 'ssm COMMAND', 'Run SSM command'
+    subcommand 'ssm', Awshark::Ssm::Subcommand
+
     desc 'version', 'Displays current version of AwsShark'
     long_desc <<-LONGDESC
         Displays current version of AwsShark.

data/lib/awshark/cloud_formation/manager.rb

@@ -46,6 +46,12 @@ module Awshark
         raise e
       end
 
+      def save_stack_template
+        filename = "#{stack.name}.json"
+        File.open(filename, 'w') { |f| f.write(template.body) }
+        filename
+      end
+
       def tail_stack_events
         stack.reload
         stack_events = StackEvents.new(stack)

data/lib/awshark/cloud_formation/subcommand.rb

@@ -63,6 +63,22 @@ module Awshark
         puts diff
       end
 
+      desc 'save', 'Save AWS CloudFormation JSON template as file'
+      long_desc <<-LONGDESC
+        Save AWS CloudFormation JSON template as file TEMPLATE_PATH/cloudformation-stage.json
+
+        Example: `awshark cf save TEMPLATE_PATH`
+      LONGDESC
+      def save(template_path)
+        process_class_options
+
+        manager = create_manager(template_path)
+        print_stack_information(manager.stack)
+
+        filename = manager.save_stack_template
+        printf "Written CloudFormation JSON template to: %<name>s\n\n", name: filename
+      end
+
       private
 
       def create_manager(template_path)

data/lib/awshark/ec2/subcommand.rb

@@ -50,7 +50,7 @@ module Awshark
              desc: 'Security group to allow access to.'
       option :username,
              type: :string,
-             desc: 'Ports to register. Only uses ports from 1 to 65535.'
+             desc: 'Optional user name (defaults to whoami).'
       def authorize
         process_class_options
 
@@ -72,7 +72,7 @@ module Awshark
              desc: 'Security group to remove access from.'
       option :username,
              type: :string,
-             desc: 'Ports to register. Only uses ports from 1 to 65535.'
+             desc: 'Optional user name (defaults to whoami).'
       def unauthorize
         process_class_options
 

data/lib/awshark/ssm/client.rb

@@ -0,0 +1,56 @@
+# frozen_string_literal: true
+
+module Awshark
+  module Ssm
+    class Client
+      def list_secrets(application:)
+        response = client.get_parameters_by_path({
+                                                   path: application,
+                                                   recursive: true,
+                                                   with_decryption: true
+                                                 })
+        response.parameters
+      end
+
+      def update_secrets(application:, secrets:)
+        flat_secrets = flatten_hash(secrets)
+
+        flat_secrets.each_pair do |key, value|
+          params = {
+            name: "/#{application}/#{key.downcase}",
+            value: value,
+            type: 'SecureString', # accepts String, StringList, SecureString
+            tier: 'Standard' # accepts Standard, Advanced, Intelligent-Tiering
+          }
+
+          loop do
+            client.put_parameter(params.merge(overwrite: true))
+            puts "Updated secrets for: #{params[:name]}"
+
+            break
+          rescue Aws::SSM::Errors::ThrottlingException
+            puts 'Aws::SSM::Errors::ThrottlingException... retrying'
+            sleep 1
+          end
+        end
+      end
+
+      private
+
+      def client
+        @client ||= Aws::SSM::Client.new
+      end
+
+      # helper function
+      def flatten_hash(hash, prefix = nil)
+        hash.each_with_object({}) do |(key, value), rslt|
+          if value.is_a?(Hash)
+            rslt.merge!(flatten_hash(value, "#{prefix}#{key}_"))
+          else
+            rslt["#{prefix}#{key}"] = value
+          end
+        end
+      end
+    end
+  end
+end

data/lib/awshark/ssm/subcommand.rb

@@ -0,0 +1,75 @@
+# frozen_string_literal: true
+
+require 'aws-sdk-ssm'
+
+require 'awshark/ssm/client'
+
+module Awshark
+  module Ssm
+    class Subcommand < Thor
+      include Awshark::ClassOptions
+
+      class_option :stage, type: :string, desc: 'Stage of the configuration'
+
+      desc 'list', 'Lists Parameter Store secrets'
+      long_desc <<-LONGDESC
+        List AWS Parameter Store secrets of specific path.
+
+        awshark ssm list PARAMETER_PATH
+
+        Examples:
+
+          awshark ssm list /ticketing-api
+      LONGDESC
+      def list(parameter_path)
+        process_class_options
+
+        raise GracefulFail, 'PARAMETER_PATH must begin with a "/"' if parameter_path[0] != '/'
+
+        puts "Parameter Store #{parameter_path.inspect} in #{::Aws.config[:region]}:"
+
+        parameters = ssm_client.list_secrets(application: parameter_path)
+
+        parameters.each do |param|
+          printf " %-60<name>s %<value>s\n", { name: param.name, value: param.value }
+        end
+      rescue GracefulFail => e
+        puts e.message
+      end
+
+      desc 'deploy', 'Updates Parameter Store secrets'
+      long_desc <<-LONGDESC
+        Updates AWS Parameter Store secrets from a file "secrets.yml".
+        It assumes the directory is the name of the application.
+
+        awshark ssm deploy DIRECTORY --stage=STAGE
+
+        Examples:
+
+          awshark ssm deploy aws/ticketing-api --stage=staging
+      LONGDESC
+      def deploy(directory)
+        process_class_options
+
+        secrets_path = File.join(directory, 'secrets.yml')
+        raise GracefulFail, "File #{secrets_path} does not exist." unless File.exist?(secrets_path)
+
+        app_name = directory.split('/').last
+        stage = options['stage']
+
+        secrets = YAML.load_file(secrets_path)[stage]
+        raise GracefulFail, "No secrets found for stage '#{stage}' in #{secrets_path}." if secrets.nil?
+
+        ssm_client.update_secrets(application: "#{app_name}-#{stage}", secrets: secrets)
+      rescue GracefulFail => e
+        puts e.message
+      end
+
+      private
+
+      def ssm_client
+        @ssm_client ||= Awshark::Ssm::Client.new
+      end
+    end
+  end
+end

data/lib/awshark/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Awshark
-  VERSION = '1.3.0'
+  VERSION = '1.5.0'
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: awshark
 version: !ruby/object:Gem::Version
-  version: 1.3.0
+  version: 1.5.0
 platform: ruby
 authors:
 - Joergen Dahlke
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2022-01-10 00:00:00.000000000 Z
+date: 2023-01-10 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -283,6 +283,8 @@ files:
 - lib/awshark/s3/configuration.rb
 - lib/awshark/s3/manager.rb
 - lib/awshark/s3/subcommand.rb
+- lib/awshark/ssm/client.rb
+- lib/awshark/ssm/subcommand.rb
 - lib/awshark/sts/configuration.rb
 - lib/awshark/version.rb
 homepage: https://github.com/jdahlke/awshark
@@ -300,14 +302,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '2.6'
+      version: '2.7'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.3.1
+rubygems_version: 3.3.26
 signing_key: 
 specification_version: 4
 summary: Custom CLI for for AWS related tasks