fastlane-plugin-secrets_manager_storage 1.0.0 → 1.1.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +1 -0
  3. data/lib/fastlane/plugin/secrets_manager_storage/storage.rb +43 -3
  4. data/lib/fastlane/plugin/secrets_manager_storage/version.rb +1 -1
  5. data/lib/fastlane/plugin/secrets_manager_storage.rb +3 -3
  6. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: c6a3a917118758a6ec5691982284ab3bc62b02fe72ad11737e50de95531d9214
4
- data.tar.gz: 33732acf2e3e32a3158ac0c1be29e2c4a5cb906d19b47bc609a0f221db4af0d2
3
+ metadata.gz: b6cf68d09ce421bf4d866e313ad4252cc2ad75400d927c245b03c7e9cf26e0f3
4
+ data.tar.gz: c6bf640a46b7d115e6ef38972091c9f47512bcfd4e272bf4aa173bf069534c3a
5
5
  SHA512:
6
- metadata.gz: c71eaeda131b692b41f01a4b5f4e198dffd8c55eeb055314d067928a6fc6b89690a3f1c06626370b48091ca20f1d43ca1dc3ebb12a1593bbfee6dd0ad8cfbb73
7
- data.tar.gz: 5574fd8adcf85f0bebddd7628792b6e025c4fb78830b3555091f96c8139f40ca7d719fd62013d9a263fee7551897cff26d76473d202087568ae8d2e090a7e7e6
6
+ metadata.gz: 44dc42936cd910bfa60e54eef1b7b2674ee1c23847b7547c9e088cabc7b1ef4e6009edf0c23c33e0915c5c4ba56b9d48423d572793ffd6c72f8c7922b5ed266e
7
+ data.tar.gz: 6145a862abd5344d80e520ca29a1c2cbe7260df1241e758aa93060013efe09b1397b7d267a080d06a7957ce9d4e25ca1a6869b13e8a074e5d51b6e43daed8b83
data/README.md CHANGED
@@ -18,6 +18,7 @@ Reasons to use this (compared to the git or s3 backend):
18
18
  access
19
19
  - Secret lifecycle can be tracked independently of Fastlane, enabling you to have alerts on secret
20
20
  age by using the secret's version metadata (e.g. Created On)
21
+ - certificates and mobileprovision Secrets will be tagged with `ExpiresOn` and other metadata
21
22
 
22
23
  > :information_source: Fastlane plugins are only automatically loaded when using a Fastfile. This
23
24
  > means that using a Matchfile or `fastlane match` commands will not work with this storage backing.
data/lib/fastlane/plugin/secrets_manager_storage/storage.rb CHANGED
@@ -188,6 +188,7 @@ module Fastlane
188
188
 
189
189
  def create_or_update_secret(current_file, secret_name)
190
190
  full_secret_path = generate_secret_path(secret_name)
191
+ secret_specific_tags = generate_tags_for_secret(current_file)
191
192
  begin
192
193
  @client.describe_secret(secret_id: full_secret_path)
193
194
  UI.verbose("Secret '#{secret_name}' already exists, updating...")
@@ -195,12 +196,18 @@ module Fastlane
195
196
  secret_id: full_secret_path,
196
197
  secret_binary: IO.binread(current_file),
197
198
  )
199
+ unless secret_specific_tags.empty?
200
+ @client.tag_resource(
201
+ secret_id: full_secret_path,
202
+ tags: convert_hash_to_array_of_key_values(secret_specific_tags),
203
+ )
204
+ end
198
205
  rescue Aws::SecretsManager::Errors::ResourceNotFoundException
199
206
  UI.verbose("Secret '#{secret_name}' doesn't exist, creating...")
200
207
  @client.create_secret(
201
208
  name: full_secret_path,
202
209
  secret_binary: File.open(current_file, "rb").read,
203
- tags: generate_tags_in_aws_format(tags),
210
+ tags: convert_hash_to_array_of_key_values(tags.merge(secret_specific_tags)),
204
211
  )
205
212
  end
206
213
  end
@@ -213,14 +220,47 @@ module Fastlane
213
220
 
214
221
  private
215
222
 
223
+ def generate_tags_for_secret(secret_file)
224
+ return {} unless File.file?(secret_file)
225
+
226
+ expiry = nil
227
+ secret_specific_tags = {}
228
+ case File.extname(secret_file)
229
+ when ".p12"
230
+ # not sure how to get expiry of the cert
231
+ when ".cer"
232
+ cert_info = Match::Utils.get_cert_info(secret_file)
233
+ secret_specific_tags["Name"] = cert_info
234
+ .find { |attribute| attribute.first == "Common Name" }
235
+ .last
236
+ expiry = cert_info.find { |attribute| attribute.first == "End Datetime" }.last
237
+ when ".mobileprovision"
238
+ secret_specific_tags[
239
+ "Name"
240
+ ] = `/usr/libexec/PlistBuddy -c 'Print Name' /dev/stdin <<< $(security cms -D -i "#{secret_file}")`.chomp.strip
241
+ secret_specific_tags[
242
+ "AppIDName"
243
+ ] = `/usr/libexec/PlistBuddy -c 'Print AppIDName' /dev/stdin <<< $(security cms -D -i "#{secret_file}")`.chomp.strip
244
+ secret_specific_tags[
245
+ "AppIdentifier"
246
+ ] = `/usr/libexec/PlistBuddy -c 'Print Entitlements:application-identifier' /dev/stdin <<< $(security cms -D -i "#{secret_file}")`.chomp.strip
247
+ expiry =
248
+ DateTime.parse(
249
+ `/usr/libexec/PlistBuddy -c 'Print ExpirationDate' /dev/stdin <<< $(security cms -D -i "#{secret_file}")`.chomp.strip,
250
+ )
251
+ end
252
+ secret_specific_tags["ExpiresOn"] = expiry.strftime("%Y-%m-%dT%H:%M:%SZ") if expiry
253
+ secret_specific_tags
254
+ end
255
+
216
256
  def generate_secret_path(secret_name)
217
257
  prefix = path_prefix
218
258
  prefix += "/" unless secret_name.start_with?("/")
219
259
  "#{prefix}#{secret_name}"
220
260
  end
221
261
 
222
- def generate_tags_in_aws_format(tags)
223
- tags.map { |key, value| { key: key, value: value } }
262
+ def convert_hash_to_array_of_key_values(tags_as_ruby_hash)
263
+ tags_as_ruby_hash.map { |key, value| { key: key, value: value } }
224
264
  end
225
265
 
226
266
  def with_aws_authentication_error_handling
data/lib/fastlane/plugin/secrets_manager_storage/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  module Fastlane
2
2
  module SecretsManagerStorage
3
- VERSION = "1.0.0"
3
+ VERSION = "1.1.0"
4
4
  end
5
5
  end
data/lib/fastlane/plugin/secrets_manager_storage.rb CHANGED
@@ -23,7 +23,7 @@ Match::Options.append_option(
23
23
  description: "The prefix to be used for all Secrets Manager Secrets",
24
24
  optional: true,
25
25
  type: String,
26
- )
26
+ ),
27
27
  )
28
28
  Match::Options.append_option(
29
29
  FastlaneCore::ConfigItem.new(
@@ -32,7 +32,7 @@ Match::Options.append_option(
32
32
  description: "tags which are used when creating a new secret in Secrets Manager",
33
33
  optional: true,
34
34
  type: Hash,
35
- )
35
+ ),
36
36
  )
37
37
  Match::Options.append_option(
38
38
  FastlaneCore::ConfigItem.new(
@@ -41,7 +41,7 @@ Match::Options.append_option(
41
41
  description: "The prefix to be used for all Secrets Manager Secrets",
42
42
  optional: true,
43
43
  type: String,
44
- )
44
+ ),
45
45
  )
46
46
 
47
47
  # Fastlane will complain if a plugin doesn't include any actions. Thus, we have to include an action in the right way
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: fastlane-plugin-secrets_manager_storage
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.0.0
4
+ version: 1.1.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Case Taintor
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2024-02-12 00:00:00.000000000 Z
11
+ date: 2024-02-13 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: aws-sdk-secretsmanager