RubyGems - hekate - Versions diffs - 0.1.0.pre9 → 0.1.0.pre10 - Mend

hekate 0.1.0.pre9 → 0.1.0.pre10

Files changed (15) hide show

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 5ecc23bf834a320527d52253567b5291e95dc903
-  data.tar.gz: 4b31403aa6ac2ebe82dad15767c099e45beba3ee
+  metadata.gz: 5e421cf40f19f3a6b58e2de1433c8961f8b65070
+  data.tar.gz: 22512f20df4ab3c7c89ae15c3237cbf3599261b4
 SHA512:
-  metadata.gz: d63501a13ae8d87009f369a79bc2cad45af83c3d1d659a76c6e85d9a63688e31f66435de730a0907e59ee4c7c34ea4092360614db38457b954681249ddc0f017
-  data.tar.gz: 209fcaabaa904a32945d66b73d51115bbd7ac3c8b6679d0231397dfe64f2a434cc7f4e264603174d6c1bef2bb4bc1337fb06bca6ad9608e634e86ad102a8cfbd
+  metadata.gz: da498c3707e99df15c5fecf3dca7151d323ee471454ff23412f5b7a119f69730033df9d8d8e237a6b0cc1dc5658d2cdee4fffdace5a40e7e2ca8b90604efd997
+  data.tar.gz: 2680c8a1e65ba867b3a462a82b1ee17f8851eb3b0da22ab9f1a57c7037b3d3cf601be7ed336ab1c933e7b9931f37a16eb20bb3dd91cdf134154fc7ad325834cf

data/Gemfile.lock CHANGED

@@ -1,9 +1,10 @@
 PATH
   remote: .
   specs:
-    hekate (0.1.0.pre9)
+    hekate (0.1.0.10)
       aws-sdk (~> 2.9, >= 2.9.0)
       commander (~> 4.4, >= 4.4.0)
+      dotenv
       ec2-metadata (~> 0.2, >= 0.2.0)
       rails (~> 4)
       railties (~> 4.2, >= 4.2.0)
@@ -63,6 +64,7 @@ GEM
     crack (0.4.3)
       safe_yaml (~> 1.0.0)
     diff-lcs (1.3)
+    dotenv (2.2.1)
     ec2-metadata (0.2.2)
     erubis (2.7.0)
     globalid (0.4.0)

data/README.md CHANGED

@@ -23,26 +23,31 @@ Add the following to application.rb
     require "hekate"
     Hekate::Engine.application = "yourapplicationname"
-When included in a rails application Hekate will read credentials directly from AWS SMS Parameter store based on the RAILS_ENV, AWS_REGION environment variables and store them as local ENV variables and the configured Hekate::Engine.application value
+When included in a rails application Hekate will read application secrets directly from AWS SMS Parameter Store based on the RAILS_ENV, AWS_REGION environment variables and store them as ENV variables
-SSM parameters are loaded in much the same fashion as with the dotenv gem. Root items are loaded first, then overloaded with more specific settings. When stored in SSM parameter names are stored as "application.environment.key"
+SSM parameters are loaded in much the same fashion as with the dotenv gem. Root items are loaded first, then overloaded with more specific settings.
-When given the following keys
+For example, when the following keys exist in the parameter store
     myapp.root.SOMEKEY = basevalue
-    myapp.staging.somekey = stagingvalue
+    myapp.staging.SOMEKEY = stagingvalue
-The resulting process only environment settings would be
+The resulting environment settings would be
     ENV["SOMEKEY"] = stagingvalue
 ## Usage
-Hekate requires AWS authentication and assumes credentials are provided to the executing system via one of the available amazon authentication methods. It does not ever accept credentials via command line.
+### AWS Authentication
+Hekate requires AWS authentication in order to read or set parameters and assumes credentials are provided via one of the available amazon authentication methods. Please see amazon documentation for more details
-It is recommended that you use 2 different roles in IAM similar to the following to provide read/write access to ssm parameters and iam encryption keys
+### AWS Security
+Note: this gem takes no responsibility for the security of your stored secrets/parameters. You will need to configure IAM security policies to provide read/write access to the kms encryption keys and parameters as necessary.
-#### Hekate User - read only parameter access
+Below are some sample amazon iam security policies to get you started. These could be made more secure by restricting to specific resources rather than specifying a wild card.
+Hekate User - read only parameter access for developers or servers
 ```json
 {
     "Version": "2012-10-17",
@@ -67,7 +72,8 @@ It is recommended that you use 2 different roles in IAM similar to the following
     ]
 }
 ```
-#### Hekate Admin
+Hekate Admin -  read/write access for a parameter maintainer
 ```json
 {
     "Version": "2012-10-17",
@@ -93,14 +99,20 @@ It is recommended that you use 2 different roles in IAM similar to the following
     ]
 }
 ```
-### Commands
+### Binary Commands
+Hekate provides a command line interface for reading and writing secrets to the parameter store. Note that it will automatically create an amazon kms key with the following naming convention as needed `application.environment`
-help - lists avalable commands. For help on a specific command issue `hekate command --help`
+help - lists avalable commands. For help on a specific command issue `hekate command --help` or see documentation in the docs folder.
 put - adds one item to the parameter store
+get - reads one item from the parameter store
 delete - deletes on item from the parameter store
+delete_all - deletes all parameters for the given application and environment combination
 import - imports a .env formatted secrets file
 export - exports to a .env formatted secrets file

data/bin/hekate CHANGED

@@ -81,7 +81,7 @@ command :delete do |c|
   c.syntax = 'hekate delete --region us-west-2 --environment development --application mycoolapp --key somekey'
   c.description = 'deletes an environment secret'
   CommandProcessor.add_default_options c
-  c.option '--key STRING', String, 'The environment name of the secret to delete'
+  c.option '--key STRING', String, 'The name of the secret to delete'
   c.action do |_args, options|
     CommandProcessor.add_default_values options
@@ -97,7 +97,7 @@ command :delete do |c|
   end
 end
-command :delete do |c|
+command :delete_all do |c|
   c.syntax = 'hekate delete_all --region us-west-2 --environment development --application mycoolapp'
   c.description = 'deletes all secrets for the give environment'
   CommandProcessor.add_default_options c

data/docs/delete.md ADDED

@@ -0,0 +1,25 @@
+NAME:
+    delete
+  SYNOPSIS:
+    hekate delete --region us-west-2 --environment development --application mycoolapp --key somekey
+  DESCRIPTION:
+    deletes an a parameter
+  OPTIONS:
+    --application STRING
+        The application name for which the imported secrets will be used
+    --environment STRING
+        The rails environment for which the imported secrets will be used. Defaults to development
+    --region STRING
+        The aws region to import into. Defaults to ENV["AWS_REGION"] || "us-east-1"
+    --key STRING
+        The name of the secret to delete

data/docs/delete_all.md ADDED

@@ -0,0 +1,22 @@
+NAME:
+    delete
+  SYNOPSIS:
+    hekate delete_all --region us-west-2 --environment development --application mycoolapp
+  DESCRIPTION:
+    deletes all secrets for the give environment
+  OPTIONS:
+    --application STRING
+        The application name for which the imported secrets will be used
+    --environment STRING
+        The rails environment for which the imported secrets will be used. Defaults to development
+    --region STRING
+        The aws region to import into. Defaults to ENV["AWS_REGION"] || "us-east-1"

data/docs/export.md ADDED

@@ -0,0 +1,25 @@
+NAME:
+    export
+  SYNOPSIS:
+    hekate export --region us-west-2 --environment development --application mycoolapp --file .env
+  DESCRIPTION:
+    exports Amazon SSM parameters to a .env formatted file
+  OPTIONS:
+    --application STRING
+        The application name for which the imported secrets will be used
+    --environment STRING
+        The rails environment for which the imported secrets will be used. Defaults to development
+    --region STRING
+        The aws region to import into. Defaults to ENV["AWS_REGION"] || "us-east-1"
+    --file STRING
+        The dotenv formatted file to export to

data/docs/get.md ADDED

@@ -0,0 +1,25 @@
+NAME:
+    get
+  SYNOPSIS:
+    hekate get --region us-west-2 --environment development --application mycoolapp --key somekey
+  DESCRIPTION:
+    retrieves an unencrypted environment secret
+  OPTIONS:
+    --application STRING
+        The application name for which the imported secrets will be used
+    --environment STRING
+        The rails environment for which the imported secrets will be used. Defaults to development
+    --region STRING
+        The aws region to import into. Defaults to ENV["AWS_REGION"] || "us-east-1"
+    --key STRING
+        The environment name of the secret to delete

data/docs/import.md ADDED

@@ -0,0 +1,25 @@
+NAME:
+    import
+  SYNOPSIS:
+    hekate import --region us-west-2 --environment development --application mycoolapp --file .env
+  DESCRIPTION:
+    imports a .env formatted file into Amazon SSM
+  OPTIONS:
+    --application STRING
+        The application name for which the imported secrets will be used
+    --environment STRING
+        The rails environment for which the imported secrets will be used. Defaults to development
+    --region STRING
+        The aws region to import into. Defaults to ENV["AWS_REGION"] || "us-east-1"
+    --file STRING
+        The dotenv formatted file to import

data/docs/put.md ADDED

@@ -0,0 +1,28 @@
+NAME:
+    put
+  SYNOPSIS:
+    hekate put --region us-west-2 --environment development --application mycoolapp --key somekey --value somevalue
+  DESCRIPTION:
+    adds a new environment secret and value
+  OPTIONS:
+    --application STRING
+        The application name for which the imported secrets will be used
+    --environment STRING
+        The rails environment for which the imported secrets will be used. Defaults to development
+    --region STRING
+        The aws region to import into. Defaults to ENV["AWS_REGION"] || "us-east-1"
+    --key STRING
+        The environment name of the secret to store
+    --value STRING
+        The environment value of the secret to store

data/hekate.gemspec CHANGED

@@ -26,10 +26,11 @@ Gem::Specification.new do |spec|
   spec.add_runtime_dependency 'ec2-metadata', '~> 0.2', '>= 0.2.0'
   spec.add_runtime_dependency 'railties', '~> 4.2', '>= 4.2.0'
   spec.add_runtime_dependency 'rails', '~> 4'
+  spec.add_runtime_dependency 'dotenv', '~> 0'
   spec.add_development_dependency 'bundler', '~> 1.15'
   spec.add_development_dependency 'rake', '~> 10.0'
   spec.add_development_dependency 'rspec', '~> 3.0'
-  spec.add_development_dependency 'webmock'
-  spec.add_development_dependency 'vcr'
+  spec.add_development_dependency 'webmock', '~>3.0.0'
+  spec.add_development_dependency 'vcr', '~>3.0.0'
 end

data/lib/hekate/engine.rb CHANGED

@@ -1,52 +1,81 @@
 require 'aws-sdk'
-require 'ec2_metadata'
 require 'commander/user_interaction'
+require 'dotenv'
+require 'ec2_metadata'
+require 'open-uri'
 module Hekate
   class Engine
     class << self
       attr_accessor :application
-    end
-    def self.get_region
-      if ec2?
-        Ec2Metadata[:placement]['availability-zone'][0...-1]
-      else
-        ENV['AWS_REGION'] || 'us-east-1'
+      def get_region
+        if ec2?
+          Ec2Metadata[:placement]['availability-zone'][0...-1]
+        else
+          ENV['AWS_REGION'] || 'us-east-1'
+        end
       end
-    end
-    def self.ec2?
-      Ec2Metadata[:instance_id]
-      true
-    rescue
-      false
+      def ec2?
+        Ec2Metadata[:instance_id]
+        true
+      rescue
+        false
+      end
+      def online?
+        require 'socket'
+        begin
+          socket = TCPSocket.new 'ssm.us-east-1.amazonaws.com', 443
+          socket.close
+          true
+        rescue SocketError
+          false
+        end
+      end
+      def dotenv_files
+        root = Rails::Engine.find_root_with_flag("config.ru", File.dirname($0))
+        [
+          root.join(".env.#{Rails.env}.local"),
+          (root.join('.env.local') unless Rails.env.test?),
+          root.join(".env.#{Rails.env}"),
+          root.join('.env')
+        ].compact
+      end
     end
     def initialize(region, environment, application = nil)
-      @region = region
+      @region = region || Hekate::Engine.get_region
       @environment = environment || Rails.env
       Hekate::Engine.application = application
     end
     def load_environment
-      ['root', @environment].each do |env|
-        parameter_key = "#{Hekate::Engine.application}.#{env}."
-        parameters = get_app_env_parameters(env)
-        parameters = parameters.map(&:name)
-        parameters.each_slice(10) do |slice|
-          result = ssm.get_parameters(
-            names: slice,
-            with_decryption: true
-          ).parameters
-          result.each do |parameter|
-            parameter_name = parameter.name.gsub(parameter_key, '')
-            ENV[parameter_name] = parameter.value
+      if Hekate::Engine.online?
+        ['root', @environment].each do |env|
+          parameter_key = "#{Hekate::Engine.application}.#{env}."
+          parameters = get_app_env_parameters(env)
+          parameters = parameters.map(&:name)
+          parameters.each_slice(10) do |slice|
+            result = ssm.get_parameters(
+              names: slice,
+              with_decryption: true
+            ).parameters
+            result.each do |parameter|
+              parameter_name = parameter.name.gsub(parameter_key, '')
+              ENV[parameter_name] = parameter.value
+            end
           end
         end
+      elsif Rails.env.development? || Rails.env.test?
+        Dotenv.load(*Hekate::Engine.dotenv_files)
+      else
+        Fail 'Could not find an internet connection or .env files'
       end
     end
@@ -183,6 +212,5 @@ module Hekate
       parameters
     end
-    end
+  end
 end

data/lib/hekate/railtie.rb CHANGED

@@ -1,6 +1,6 @@
 module Hekate
   class Railtie < Rails::Railtie
-    config.before_configuration do
+    config.before_initialize do
       Hekate::Engine.new(Engine.get_region, Rails.env.to_s, ENV['HEKATE_APPLICATION']).load_environment
     end
   end

data/lib/hekate/version.rb CHANGED

@@ -1,3 +1,3 @@
 module Hekate
-  VERSION = '0.1.0.pre9'.freeze
+  VERSION = '0.1.0.pre10'.freeze
 end

metadata CHANGED

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: hekate
 version: !ruby/object:Gem::Version
-  version: 0.1.0.pre9
+  version: 0.1.0.pre10
 platform: ruby
 authors:
 - jasonrisch
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2017-08-08 00:00:00.000000000 Z
+date: 2017-08-09 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk
@@ -104,6 +104,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '4'
+- !ruby/object:Gem::Dependency
+  name: dotenv
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
@@ -150,30 +164,30 @@ dependencies:
   name: webmock
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 3.0.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 3.0.0
 - !ruby/object:Gem::Dependency
   name: vcr
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 3.0.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 3.0.0
 description:
 email:
 - krimsonkla@yahoo.com
@@ -194,6 +208,12 @@ files:
 - bin/console
 - bin/hekate
 - bin/setup
+- docs/delete.md
+- docs/delete_all.md
+- docs/export.md
+- docs/get.md
+- docs/import.md
+- docs/put.md
 - hekate.gemspec
 - lib/hekate.rb
 - lib/hekate/engine.rb