fastlane-plugin-secrets_manager_storage 1.0.0 → 1.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: b6cf68d09ce421bf4d866e313ad4252cc2ad75400d927c245b03c7e9cf26e0f3
|
|
4
|
+
data.tar.gz: c6bf640a46b7d115e6ef38972091c9f47512bcfd4e272bf4aa173bf069534c3a
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 44dc42936cd910bfa60e54eef1b7b2674ee1c23847b7547c9e088cabc7b1ef4e6009edf0c23c33e0915c5c4ba56b9d48423d572793ffd6c72f8c7922b5ed266e
|
|
7
|
+
data.tar.gz: 6145a862abd5344d80e520ca29a1c2cbe7260df1241e758aa93060013efe09b1397b7d267a080d06a7957ce9d4e25ca1a6869b13e8a074e5d51b6e43daed8b83
|
data/README.md
CHANGED
|
@@ -18,6 +18,7 @@ Reasons to use this (compared to the git or s3 backend):
|
|
|
18
18
|
access
|
|
19
19
|
- Secret lifecycle can be tracked independently of Fastlane, enabling you to have alerts on secret
|
|
20
20
|
age by using the secret's version metadata (e.g. Created On)
|
|
21
|
+
- certificates and mobileprovision Secrets will be tagged with `ExpiresOn` and other metadata
|
|
21
22
|
|
|
22
23
|
> :information_source: Fastlane plugins are only automatically loaded when using a Fastfile. This
|
|
23
24
|
> means that using a Matchfile or `fastlane match` commands will not work with this storage backing.
|
|
@@ -188,6 +188,7 @@ module Fastlane
|
|
|
188
188
|
|
|
189
189
|
def create_or_update_secret(current_file, secret_name)
|
|
190
190
|
full_secret_path = generate_secret_path(secret_name)
|
|
191
|
+
secret_specific_tags = generate_tags_for_secret(current_file)
|
|
191
192
|
begin
|
|
192
193
|
@client.describe_secret(secret_id: full_secret_path)
|
|
193
194
|
UI.verbose("Secret '#{secret_name}' already exists, updating...")
|
|
@@ -195,12 +196,18 @@ module Fastlane
|
|
|
195
196
|
secret_id: full_secret_path,
|
|
196
197
|
secret_binary: IO.binread(current_file),
|
|
197
198
|
)
|
|
199
|
+
unless secret_specific_tags.empty?
|
|
200
|
+
@client.tag_resource(
|
|
201
|
+
secret_id: full_secret_path,
|
|
202
|
+
tags: convert_hash_to_array_of_key_values(secret_specific_tags),
|
|
203
|
+
)
|
|
204
|
+
end
|
|
198
205
|
rescue Aws::SecretsManager::Errors::ResourceNotFoundException
|
|
199
206
|
UI.verbose("Secret '#{secret_name}' doesn't exist, creating...")
|
|
200
207
|
@client.create_secret(
|
|
201
208
|
name: full_secret_path,
|
|
202
209
|
secret_binary: File.open(current_file, "rb").read,
|
|
203
|
-
tags:
|
|
210
|
+
tags: convert_hash_to_array_of_key_values(tags.merge(secret_specific_tags)),
|
|
204
211
|
)
|
|
205
212
|
end
|
|
206
213
|
end
|
|
@@ -213,14 +220,47 @@ module Fastlane
|
|
|
213
220
|
|
|
214
221
|
private
|
|
215
222
|
|
|
223
|
+
def generate_tags_for_secret(secret_file)
|
|
224
|
+
return {} unless File.file?(secret_file)
|
|
225
|
+
|
|
226
|
+
expiry = nil
|
|
227
|
+
secret_specific_tags = {}
|
|
228
|
+
case File.extname(secret_file)
|
|
229
|
+
when ".p12"
|
|
230
|
+
# not sure how to get expiry of the cert
|
|
231
|
+
when ".cer"
|
|
232
|
+
cert_info = Match::Utils.get_cert_info(secret_file)
|
|
233
|
+
secret_specific_tags["Name"] = cert_info
|
|
234
|
+
.find { |attribute| attribute.first == "Common Name" }
|
|
235
|
+
.last
|
|
236
|
+
expiry = cert_info.find { |attribute| attribute.first == "End Datetime" }.last
|
|
237
|
+
when ".mobileprovision"
|
|
238
|
+
secret_specific_tags[
|
|
239
|
+
"Name"
|
|
240
|
+
] = `/usr/libexec/PlistBuddy -c 'Print Name' /dev/stdin <<< $(security cms -D -i "#{secret_file}")`.chomp.strip
|
|
241
|
+
secret_specific_tags[
|
|
242
|
+
"AppIDName"
|
|
243
|
+
] = `/usr/libexec/PlistBuddy -c 'Print AppIDName' /dev/stdin <<< $(security cms -D -i "#{secret_file}")`.chomp.strip
|
|
244
|
+
secret_specific_tags[
|
|
245
|
+
"AppIdentifier"
|
|
246
|
+
] = `/usr/libexec/PlistBuddy -c 'Print Entitlements:application-identifier' /dev/stdin <<< $(security cms -D -i "#{secret_file}")`.chomp.strip
|
|
247
|
+
expiry =
|
|
248
|
+
DateTime.parse(
|
|
249
|
+
`/usr/libexec/PlistBuddy -c 'Print ExpirationDate' /dev/stdin <<< $(security cms -D -i "#{secret_file}")`.chomp.strip,
|
|
250
|
+
)
|
|
251
|
+
end
|
|
252
|
+
secret_specific_tags["ExpiresOn"] = expiry.strftime("%Y-%m-%dT%H:%M:%SZ") if expiry
|
|
253
|
+
secret_specific_tags
|
|
254
|
+
end
|
|
255
|
+
|
|
216
256
|
def generate_secret_path(secret_name)
|
|
217
257
|
prefix = path_prefix
|
|
218
258
|
prefix += "/" unless secret_name.start_with?("/")
|
|
219
259
|
"#{prefix}#{secret_name}"
|
|
220
260
|
end
|
|
221
261
|
|
|
222
|
-
def
|
|
223
|
-
|
|
262
|
+
def convert_hash_to_array_of_key_values(tags_as_ruby_hash)
|
|
263
|
+
tags_as_ruby_hash.map { |key, value| { key: key, value: value } }
|
|
224
264
|
end
|
|
225
265
|
|
|
226
266
|
def with_aws_authentication_error_handling
|
|
@@ -23,7 +23,7 @@ Match::Options.append_option(
|
|
|
23
23
|
description: "The prefix to be used for all Secrets Manager Secrets",
|
|
24
24
|
optional: true,
|
|
25
25
|
type: String,
|
|
26
|
-
)
|
|
26
|
+
),
|
|
27
27
|
)
|
|
28
28
|
Match::Options.append_option(
|
|
29
29
|
FastlaneCore::ConfigItem.new(
|
|
@@ -32,7 +32,7 @@ Match::Options.append_option(
|
|
|
32
32
|
description: "tags which are used when creating a new secret in Secrets Manager",
|
|
33
33
|
optional: true,
|
|
34
34
|
type: Hash,
|
|
35
|
-
)
|
|
35
|
+
),
|
|
36
36
|
)
|
|
37
37
|
Match::Options.append_option(
|
|
38
38
|
FastlaneCore::ConfigItem.new(
|
|
@@ -41,7 +41,7 @@ Match::Options.append_option(
|
|
|
41
41
|
description: "The prefix to be used for all Secrets Manager Secrets",
|
|
42
42
|
optional: true,
|
|
43
43
|
type: String,
|
|
44
|
-
)
|
|
44
|
+
),
|
|
45
45
|
)
|
|
46
46
|
|
|
47
47
|
# Fastlane will complain if a plugin doesn't include any actions. Thus, we have to include an action in the right way
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: fastlane-plugin-secrets_manager_storage
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.
|
|
4
|
+
version: 1.1.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Case Taintor
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2024-02-
|
|
11
|
+
date: 2024-02-13 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: aws-sdk-secretsmanager
|