awshark 1.4.0 → 1.5.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.rubocop.yml +1 -1
- data/CHANGELOG.md +8 -1
- data/awshark.gemspec +1 -1
- data/lib/awshark/class_options.rb +1 -1
- data/lib/awshark/cli.rb +5 -0
- data/lib/awshark/cloud_formation/template.rb +7 -3
- data/lib/awshark/ssm/client.rb +56 -0
- data/lib/awshark/ssm/subcommand.rb +75 -0
- data/lib/awshark/version.rb +1 -1
- metadata +6 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 9243bfae1f80dc2a4ca0b2da531aca71d0adf817d4614c97ac4572a862723273
|
|
4
|
+
data.tar.gz: 1c16327dfcc7d641e6405c9acedbe1dde0edb037b1bd783367dc924f9f021c3c
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 7b71799356977e4a517c902c260d48e2a7f404472bdff3da16b912ac06d083621f6d732a9fbdc3dc388d74730c1fc0d45bd3c916c960aa2f31d0f1393553e47e
|
|
7
|
+
data.tar.gz: 0370e335a254ea453ac7abeb17e3d9c9fb618facbf8ba667bdfa9064b7e20ec9f4a83b89ab6edf63b619fcb5b00d1218acf7ac34fd6e61d4342dc899d2dcc8d5
|
data/.rubocop.yml
CHANGED
data/CHANGELOG.md
CHANGED
|
@@ -1,7 +1,14 @@
|
|
|
1
1
|
## Changelog
|
|
2
2
|
|
|
3
|
+
#### 1.5.1
|
|
4
|
+
- [new] `awshark cf [command] --bucket` option allows S3 path prefix
|
|
5
|
+
|
|
6
|
+
#### 1.5.0
|
|
7
|
+
- [new] add `awshark ssm list` to list AWS Parameter Store secrets
|
|
8
|
+
- [new] add `awshark ssm deploy` to update AWS Parameter Store secrets
|
|
9
|
+
|
|
3
10
|
#### 1.4.0
|
|
4
|
-
- [new] add `awshark cf save` to save Cloud Formation templates as file
|
|
11
|
+
- [new] add `awshark cf save` to save AWS Cloud Formation templates as file
|
|
5
12
|
|
|
6
13
|
#### 1.3.0
|
|
7
14
|
- [new] add `awshark ec2 authorize` and `unauthorize`
|
data/awshark.gemspec
CHANGED
|
@@ -27,7 +27,7 @@ Gem::Specification.new do |spec|
|
|
|
27
27
|
spec.bindir = 'exe'
|
|
28
28
|
spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
|
|
29
29
|
spec.require_paths = ['lib']
|
|
30
|
-
spec.required_ruby_version = '>= 2.
|
|
30
|
+
spec.required_ruby_version = '>= 2.7'
|
|
31
31
|
|
|
32
32
|
spec.add_dependency 'activesupport'
|
|
33
33
|
spec.add_dependency 'aws-sdk-cloudformation'
|
data/lib/awshark/cli.rb
CHANGED
|
@@ -7,6 +7,7 @@ require 'awshark/ec2/subcommand'
|
|
|
7
7
|
require 'awshark/ecs/subcommand'
|
|
8
8
|
require 'awshark/rds/subcommand'
|
|
9
9
|
require 'awshark/s3/subcommand'
|
|
10
|
+
require 'awshark/ssm/subcommand'
|
|
10
11
|
|
|
11
12
|
module Awshark
|
|
12
13
|
class Cli < Thor
|
|
@@ -15,6 +16,7 @@ module Awshark
|
|
|
15
16
|
map '-v' => :version
|
|
16
17
|
|
|
17
18
|
class_option :help, type: :boolean, desc: 'Prints this help'
|
|
19
|
+
class_option :region, type: :string, desc: 'AWS region'
|
|
18
20
|
|
|
19
21
|
desc 'cf COMMAND', 'Run CloudFormation command'
|
|
20
22
|
subcommand 'cf', Awshark::CloudFormation::Subcommand
|
|
@@ -31,6 +33,9 @@ module Awshark
|
|
|
31
33
|
desc 's3 COMMAND', 'Run CloudFormation command'
|
|
32
34
|
subcommand 's3', Awshark::S3::Subcommand
|
|
33
35
|
|
|
36
|
+
desc 'ssm COMMAND', 'Run SSM command'
|
|
37
|
+
subcommand 'ssm', Awshark::Ssm::Subcommand
|
|
38
|
+
|
|
34
39
|
desc 'version', 'Displays current version of AwsShark'
|
|
35
40
|
long_desc <<-LONGDESC
|
|
36
41
|
Displays current version of AwsShark.
|
|
@@ -11,7 +11,8 @@ module Awshark
|
|
|
11
11
|
def initialize(path, options = {})
|
|
12
12
|
@path = path
|
|
13
13
|
|
|
14
|
-
@
|
|
14
|
+
@bucket_and_path = options[:bucket]
|
|
15
|
+
@bucket = (options[:bucket] || '').split('/')[0]
|
|
15
16
|
@name = options[:name]
|
|
16
17
|
@stage = options[:stage]
|
|
17
18
|
end
|
|
@@ -77,8 +78,11 @@ module Awshark
|
|
|
77
78
|
end
|
|
78
79
|
|
|
79
80
|
def s3_key
|
|
80
|
-
|
|
81
|
-
|
|
81
|
+
return @s3_key if defined?(@s3_key)
|
|
82
|
+
|
|
83
|
+
_, *tail = @bucket_and_path.split('/')
|
|
84
|
+
prefix = [*tail, 'awshark', name].join('/')
|
|
85
|
+
@s3_key = "#{prefix}/#{Time.now.strftime('%Y-%m-%d')}.json"
|
|
82
86
|
end
|
|
83
87
|
|
|
84
88
|
def upload
|
|
@@ -0,0 +1,56 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module Awshark
|
|
4
|
+
module Ssm
|
|
5
|
+
class Client
|
|
6
|
+
def list_secrets(application:)
|
|
7
|
+
response = client.get_parameters_by_path({
|
|
8
|
+
path: application,
|
|
9
|
+
recursive: true,
|
|
10
|
+
with_decryption: true
|
|
11
|
+
})
|
|
12
|
+
response.parameters
|
|
13
|
+
end
|
|
14
|
+
|
|
15
|
+
def update_secrets(application:, secrets:)
|
|
16
|
+
flat_secrets = flatten_hash(secrets)
|
|
17
|
+
|
|
18
|
+
flat_secrets.each_pair do |key, value|
|
|
19
|
+
params = {
|
|
20
|
+
name: "/#{application}/#{key.downcase}",
|
|
21
|
+
value: value,
|
|
22
|
+
type: 'SecureString', # accepts String, StringList, SecureString
|
|
23
|
+
tier: 'Standard' # accepts Standard, Advanced, Intelligent-Tiering
|
|
24
|
+
}
|
|
25
|
+
|
|
26
|
+
loop do
|
|
27
|
+
client.put_parameter(params.merge(overwrite: true))
|
|
28
|
+
puts "Updated secrets for: #{params[:name]}"
|
|
29
|
+
|
|
30
|
+
break
|
|
31
|
+
rescue Aws::SSM::Errors::ThrottlingException
|
|
32
|
+
puts 'Aws::SSM::Errors::ThrottlingException... retrying'
|
|
33
|
+
sleep 1
|
|
34
|
+
end
|
|
35
|
+
end
|
|
36
|
+
end
|
|
37
|
+
|
|
38
|
+
private
|
|
39
|
+
|
|
40
|
+
def client
|
|
41
|
+
@client ||= Aws::SSM::Client.new
|
|
42
|
+
end
|
|
43
|
+
|
|
44
|
+
# helper function
|
|
45
|
+
def flatten_hash(hash, prefix = nil)
|
|
46
|
+
hash.each_with_object({}) do |(key, value), rslt|
|
|
47
|
+
if value.is_a?(Hash)
|
|
48
|
+
rslt.merge!(flatten_hash(value, "#{prefix}#{key}_"))
|
|
49
|
+
else
|
|
50
|
+
rslt["#{prefix}#{key}"] = value
|
|
51
|
+
end
|
|
52
|
+
end
|
|
53
|
+
end
|
|
54
|
+
end
|
|
55
|
+
end
|
|
56
|
+
end
|
|
@@ -0,0 +1,75 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require 'aws-sdk-ssm'
|
|
4
|
+
|
|
5
|
+
require 'awshark/ssm/client'
|
|
6
|
+
|
|
7
|
+
module Awshark
|
|
8
|
+
module Ssm
|
|
9
|
+
class Subcommand < Thor
|
|
10
|
+
include Awshark::ClassOptions
|
|
11
|
+
|
|
12
|
+
class_option :stage, type: :string, desc: 'Stage of the configuration'
|
|
13
|
+
|
|
14
|
+
desc 'list', 'Lists Parameter Store secrets'
|
|
15
|
+
long_desc <<-LONGDESC
|
|
16
|
+
List AWS Parameter Store secrets of specific path.
|
|
17
|
+
|
|
18
|
+
awshark ssm list PARAMETER_PATH
|
|
19
|
+
|
|
20
|
+
Examples:
|
|
21
|
+
|
|
22
|
+
awshark ssm list /ticketing-api
|
|
23
|
+
LONGDESC
|
|
24
|
+
def list(parameter_path)
|
|
25
|
+
process_class_options
|
|
26
|
+
|
|
27
|
+
raise GracefulFail, 'PARAMETER_PATH must begin with a "/"' if parameter_path[0] != '/'
|
|
28
|
+
|
|
29
|
+
puts "Parameter Store #{parameter_path.inspect} in #{::Aws.config[:region]}:"
|
|
30
|
+
|
|
31
|
+
parameters = ssm_client.list_secrets(application: parameter_path)
|
|
32
|
+
|
|
33
|
+
parameters.each do |param|
|
|
34
|
+
printf " %-60<name>s %<value>s\n", { name: param.name, value: param.value }
|
|
35
|
+
end
|
|
36
|
+
rescue GracefulFail => e
|
|
37
|
+
puts e.message
|
|
38
|
+
end
|
|
39
|
+
|
|
40
|
+
desc 'deploy', 'Updates Parameter Store secrets'
|
|
41
|
+
long_desc <<-LONGDESC
|
|
42
|
+
Updates AWS Parameter Store secrets from a file "secrets.yml".
|
|
43
|
+
It assumes the directory is the name of the application.
|
|
44
|
+
|
|
45
|
+
awshark ssm deploy DIRECTORY --stage=STAGE
|
|
46
|
+
|
|
47
|
+
Examples:
|
|
48
|
+
|
|
49
|
+
awshark ssm deploy aws/ticketing-api --stage=staging
|
|
50
|
+
LONGDESC
|
|
51
|
+
def deploy(directory)
|
|
52
|
+
process_class_options
|
|
53
|
+
|
|
54
|
+
secrets_path = File.join(directory, 'secrets.yml')
|
|
55
|
+
raise GracefulFail, "File #{secrets_path} does not exist." unless File.exist?(secrets_path)
|
|
56
|
+
|
|
57
|
+
app_name = directory.split('/').last
|
|
58
|
+
stage = options['stage']
|
|
59
|
+
|
|
60
|
+
secrets = YAML.load_file(secrets_path)[stage]
|
|
61
|
+
raise GracefulFail, "No secrets found for stage '#{stage}' in #{secrets_path}." if secrets.nil?
|
|
62
|
+
|
|
63
|
+
ssm_client.update_secrets(application: "#{app_name}-#{stage}", secrets: secrets)
|
|
64
|
+
rescue GracefulFail => e
|
|
65
|
+
puts e.message
|
|
66
|
+
end
|
|
67
|
+
|
|
68
|
+
private
|
|
69
|
+
|
|
70
|
+
def ssm_client
|
|
71
|
+
@ssm_client ||= Awshark::Ssm::Client.new
|
|
72
|
+
end
|
|
73
|
+
end
|
|
74
|
+
end
|
|
75
|
+
end
|
data/lib/awshark/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: awshark
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.
|
|
4
|
+
version: 1.5.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Joergen Dahlke
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2023-06-14 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: activesupport
|
|
@@ -283,6 +283,8 @@ files:
|
|
|
283
283
|
- lib/awshark/s3/configuration.rb
|
|
284
284
|
- lib/awshark/s3/manager.rb
|
|
285
285
|
- lib/awshark/s3/subcommand.rb
|
|
286
|
+
- lib/awshark/ssm/client.rb
|
|
287
|
+
- lib/awshark/ssm/subcommand.rb
|
|
286
288
|
- lib/awshark/sts/configuration.rb
|
|
287
289
|
- lib/awshark/version.rb
|
|
288
290
|
homepage: https://github.com/jdahlke/awshark
|
|
@@ -300,14 +302,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
|
300
302
|
requirements:
|
|
301
303
|
- - ">="
|
|
302
304
|
- !ruby/object:Gem::Version
|
|
303
|
-
version: '2.
|
|
305
|
+
version: '2.7'
|
|
304
306
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
305
307
|
requirements:
|
|
306
308
|
- - ">="
|
|
307
309
|
- !ruby/object:Gem::Version
|
|
308
310
|
version: '0'
|
|
309
311
|
requirements: []
|
|
310
|
-
rubygems_version: 3.
|
|
312
|
+
rubygems_version: 3.3.26
|
|
311
313
|
signing_key:
|
|
312
314
|
specification_version: 4
|
|
313
315
|
summary: Custom CLI for for AWS related tasks
|