fastlane-plugin-secrets_manager_storage 1.0.0 → 1.1.0
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: b6cf68d09ce421bf4d866e313ad4252cc2ad75400d927c245b03c7e9cf26e0f3
|
4
|
+
data.tar.gz: c6bf640a46b7d115e6ef38972091c9f47512bcfd4e272bf4aa173bf069534c3a
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 44dc42936cd910bfa60e54eef1b7b2674ee1c23847b7547c9e088cabc7b1ef4e6009edf0c23c33e0915c5c4ba56b9d48423d572793ffd6c72f8c7922b5ed266e
|
7
|
+
data.tar.gz: 6145a862abd5344d80e520ca29a1c2cbe7260df1241e758aa93060013efe09b1397b7d267a080d06a7957ce9d4e25ca1a6869b13e8a074e5d51b6e43daed8b83
|
data/README.md
CHANGED
@@ -18,6 +18,7 @@ Reasons to use this (compared to the git or s3 backend):
|
|
18
18
|
access
|
19
19
|
- Secret lifecycle can be tracked independently of Fastlane, enabling you to have alerts on secret
|
20
20
|
age by using the secret's version metadata (e.g. Created On)
|
21
|
+
- certificates and mobileprovision Secrets will be tagged with `ExpiresOn` and other metadata
|
21
22
|
|
22
23
|
> :information_source: Fastlane plugins are only automatically loaded when using a Fastfile. This
|
23
24
|
> means that using a Matchfile or `fastlane match` commands will not work with this storage backing.
|
@@ -188,6 +188,7 @@ module Fastlane
|
|
188
188
|
|
189
189
|
def create_or_update_secret(current_file, secret_name)
|
190
190
|
full_secret_path = generate_secret_path(secret_name)
|
191
|
+
secret_specific_tags = generate_tags_for_secret(current_file)
|
191
192
|
begin
|
192
193
|
@client.describe_secret(secret_id: full_secret_path)
|
193
194
|
UI.verbose("Secret '#{secret_name}' already exists, updating...")
|
@@ -195,12 +196,18 @@ module Fastlane
|
|
195
196
|
secret_id: full_secret_path,
|
196
197
|
secret_binary: IO.binread(current_file),
|
197
198
|
)
|
199
|
+
unless secret_specific_tags.empty?
|
200
|
+
@client.tag_resource(
|
201
|
+
secret_id: full_secret_path,
|
202
|
+
tags: convert_hash_to_array_of_key_values(secret_specific_tags),
|
203
|
+
)
|
204
|
+
end
|
198
205
|
rescue Aws::SecretsManager::Errors::ResourceNotFoundException
|
199
206
|
UI.verbose("Secret '#{secret_name}' doesn't exist, creating...")
|
200
207
|
@client.create_secret(
|
201
208
|
name: full_secret_path,
|
202
209
|
secret_binary: File.open(current_file, "rb").read,
|
203
|
-
tags:
|
210
|
+
tags: convert_hash_to_array_of_key_values(tags.merge(secret_specific_tags)),
|
204
211
|
)
|
205
212
|
end
|
206
213
|
end
|
@@ -213,14 +220,47 @@ module Fastlane
|
|
213
220
|
|
214
221
|
private
|
215
222
|
|
223
|
+
def generate_tags_for_secret(secret_file)
|
224
|
+
return {} unless File.file?(secret_file)
|
225
|
+
|
226
|
+
expiry = nil
|
227
|
+
secret_specific_tags = {}
|
228
|
+
case File.extname(secret_file)
|
229
|
+
when ".p12"
|
230
|
+
# not sure how to get expiry of the cert
|
231
|
+
when ".cer"
|
232
|
+
cert_info = Match::Utils.get_cert_info(secret_file)
|
233
|
+
secret_specific_tags["Name"] = cert_info
|
234
|
+
.find { |attribute| attribute.first == "Common Name" }
|
235
|
+
.last
|
236
|
+
expiry = cert_info.find { |attribute| attribute.first == "End Datetime" }.last
|
237
|
+
when ".mobileprovision"
|
238
|
+
secret_specific_tags[
|
239
|
+
"Name"
|
240
|
+
] = `/usr/libexec/PlistBuddy -c 'Print Name' /dev/stdin <<< $(security cms -D -i "#{secret_file}")`.chomp.strip
|
241
|
+
secret_specific_tags[
|
242
|
+
"AppIDName"
|
243
|
+
] = `/usr/libexec/PlistBuddy -c 'Print AppIDName' /dev/stdin <<< $(security cms -D -i "#{secret_file}")`.chomp.strip
|
244
|
+
secret_specific_tags[
|
245
|
+
"AppIdentifier"
|
246
|
+
] = `/usr/libexec/PlistBuddy -c 'Print Entitlements:application-identifier' /dev/stdin <<< $(security cms -D -i "#{secret_file}")`.chomp.strip
|
247
|
+
expiry =
|
248
|
+
DateTime.parse(
|
249
|
+
`/usr/libexec/PlistBuddy -c 'Print ExpirationDate' /dev/stdin <<< $(security cms -D -i "#{secret_file}")`.chomp.strip,
|
250
|
+
)
|
251
|
+
end
|
252
|
+
secret_specific_tags["ExpiresOn"] = expiry.strftime("%Y-%m-%dT%H:%M:%SZ") if expiry
|
253
|
+
secret_specific_tags
|
254
|
+
end
|
255
|
+
|
216
256
|
def generate_secret_path(secret_name)
|
217
257
|
prefix = path_prefix
|
218
258
|
prefix += "/" unless secret_name.start_with?("/")
|
219
259
|
"#{prefix}#{secret_name}"
|
220
260
|
end
|
221
261
|
|
222
|
-
def
|
223
|
-
|
262
|
+
def convert_hash_to_array_of_key_values(tags_as_ruby_hash)
|
263
|
+
tags_as_ruby_hash.map { |key, value| { key: key, value: value } }
|
224
264
|
end
|
225
265
|
|
226
266
|
def with_aws_authentication_error_handling
|
@@ -23,7 +23,7 @@ Match::Options.append_option(
|
|
23
23
|
description: "The prefix to be used for all Secrets Manager Secrets",
|
24
24
|
optional: true,
|
25
25
|
type: String,
|
26
|
-
)
|
26
|
+
),
|
27
27
|
)
|
28
28
|
Match::Options.append_option(
|
29
29
|
FastlaneCore::ConfigItem.new(
|
@@ -32,7 +32,7 @@ Match::Options.append_option(
|
|
32
32
|
description: "tags which are used when creating a new secret in Secrets Manager",
|
33
33
|
optional: true,
|
34
34
|
type: Hash,
|
35
|
-
)
|
35
|
+
),
|
36
36
|
)
|
37
37
|
Match::Options.append_option(
|
38
38
|
FastlaneCore::ConfigItem.new(
|
@@ -41,7 +41,7 @@ Match::Options.append_option(
|
|
41
41
|
description: "The prefix to be used for all Secrets Manager Secrets",
|
42
42
|
optional: true,
|
43
43
|
type: String,
|
44
|
-
)
|
44
|
+
),
|
45
45
|
)
|
46
46
|
|
47
47
|
# Fastlane will complain if a plugin doesn't include any actions. Thus, we have to include an action in the right way
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: fastlane-plugin-secrets_manager_storage
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.1.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Case Taintor
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2024-02-
|
11
|
+
date: 2024-02-13 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: aws-sdk-secretsmanager
|