securenv 0.1.0 → 0.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (11) hide show
  1. checksums.yaml +4 -4
  2. data/.github/workflows/ruby.yml +35 -0
  3. data/Gemfile.lock +37 -1
  4. data/exe/securenv +4 -0
  5. data/lib/securenv.rb +5 -2
  6. data/lib/securenv/cli/application.rb +88 -0
  7. data/lib/securenv/client.rb +99 -0
  8. data/lib/securenv/parameter.rb +17 -0
  9. data/lib/securenv/version.rb +1 -1
  10. data/securenv.gemspec +7 -0
  11. metadata +66 -4
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 3f63107fbe5ac5b33005bfa4db97f1b3b987515ecbdcb648c09a3ccd023b03b6
4
- data.tar.gz: c382b315f8b188efced85c4858712d0882dfe51967ea7cc2bf415b302fc71f40
3
+ metadata.gz: f98e4349739d04c45f76ef3065a0c1929910fe9e9b29332d0a1d384cd69a6a73
4
+ data.tar.gz: 23abb50be1835f36adea2c3a76d28aa7cda2997951d08bdfef49b4bbd1a1d969
5
5
  SHA512:
6
- metadata.gz: 35025041a33a6b81ddfaff091739956c57bab545f508a22292ffa48b35850b1f1ed94f529fe4585f36299347060bbb702783c47069341196e80e5d91b25a769e
7
- data.tar.gz: 17a32dc426af2967aced874ba9430b1432dc41861da4718dd69e991a03513e21c1c5124178c396f7e85e4f726fa63137d3ac946be0a558994f81424f37f548b4
6
+ metadata.gz: d0298049140580e3a89db7abf0a5dee76c14b5202e101a10fd41b2cd0946d9fdb835825397529fc30848e4b310f7e81d75eaa5a697a485ef6692de9b37d9a59c
7
+ data.tar.gz: 165c89584a73624004788ba1b11d4dbf9ca653ef60b1b3405b2417a3c614db5c5a6d94d9202138b45f75502c2da38d01351ad5d69daf083f54fb26151c992b13
data/.github/workflows/ruby.yml ADDED
@@ -0,0 +1,35 @@
1
+ # This workflow uses actions that are not certified by GitHub.
2
+ # They are provided by a third-party and are governed by
3
+ # separate terms of service, privacy policy, and support
4
+ # documentation.
5
+ # This workflow will download a prebuilt Ruby version, install dependencies and run tests with Rake
6
+ # For more information see: https://github.com/marketplace/actions/setup-ruby-jruby-and-truffleruby
7
+
8
+ name: Ruby
9
+
10
+ on:
11
+ push:
12
+ branches: [ main ]
13
+ pull_request:
14
+ branches: [ main ]
15
+
16
+ jobs:
17
+ test:
18
+
19
+ runs-on: ubuntu-latest
20
+ strategy:
21
+ matrix:
22
+ ruby-version: ['2.6', '2.7', '3.0']
23
+
24
+ steps:
25
+ - uses: actions/checkout@v2
26
+ - name: Set up Ruby
27
+ # To automatically get bug fixes and new Ruby versions for ruby/setup-ruby,
28
+ # change this to (see https://github.com/ruby/setup-ruby#versioning):
29
+ # uses: ruby/setup-ruby@v1
30
+ uses: ruby/setup-ruby@473e4d8fe5dd94ee328fdfca9f8c9c7afc9dae5e
31
+ with:
32
+ ruby-version: ${{ matrix.ruby-version }}
33
+ bundler-cache: true # runs 'bundle install' and caches installed gems automatically
34
+ - name: Run tests
35
+ run: bundle exec rake
data/Gemfile.lock CHANGED
@@ -1,13 +1,36 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- securenv (0.1.0)
4
+ securenv (0.1.1)
5
+ aws-sdk-ssm
6
+ thor
5
7
 
6
8
  GEM
7
9
  remote: https://rubygems.org/
8
10
  specs:
11
+ addressable (2.7.0)
12
+ public_suffix (>= 2.0.2, < 5.0)
13
+ aws-eventstream (1.1.1)
14
+ aws-partitions (1.471.0)
15
+ aws-sdk-core (3.115.0)
16
+ aws-eventstream (~> 1, >= 1.0.2)
17
+ aws-partitions (~> 1, >= 1.239.0)
18
+ aws-sigv4 (~> 1.1)
19
+ jmespath (~> 1.0)
20
+ aws-sdk-ssm (1.111.0)
21
+ aws-sdk-core (~> 3, >= 3.112.0)
22
+ aws-sigv4 (~> 1.1)
23
+ aws-sigv4 (1.2.3)
24
+ aws-eventstream (~> 1, >= 1.0.2)
25
+ crack (0.4.5)
26
+ rexml
9
27
  diff-lcs (1.4.4)
28
+ docile (1.4.0)
29
+ hashdiff (1.0.1)
30
+ jmespath (1.4.0)
31
+ public_suffix (4.0.6)
10
32
  rake (12.3.3)
33
+ rexml (3.2.5)
11
34
  rspec (3.10.0)
12
35
  rspec-core (~> 3.10.0)
13
36
  rspec-expectations (~> 3.10.0)
@@ -21,6 +44,17 @@ GEM
21
44
  diff-lcs (>= 1.2.0, < 2.0)
22
45
  rspec-support (~> 3.10.0)
23
46
  rspec-support (3.10.2)
47
+ simplecov (0.21.2)
48
+ docile (~> 1.1)
49
+ simplecov-html (~> 0.11)
50
+ simplecov_json_formatter (~> 0.1)
51
+ simplecov-html (0.12.3)
52
+ simplecov_json_formatter (0.1.3)
53
+ thor (1.1.0)
54
+ webmock (3.13.0)
55
+ addressable (>= 2.3.6)
56
+ crack (>= 0.3.2)
57
+ hashdiff (>= 0.4.0, < 2.0.0)
24
58
 
25
59
  PLATFORMS
26
60
  ruby
@@ -29,6 +63,8 @@ DEPENDENCIES
29
63
  rake (~> 12.0)
30
64
  rspec (~> 3.0)
31
65
  securenv!
66
+ simplecov
67
+ webmock
32
68
 
33
69
  BUNDLED WITH
34
70
  2.1.4
data/exe/securenv ADDED
@@ -0,0 +1,4 @@
1
+ #!/usr/bin/env ruby
2
+ require_relative "../lib/securenv/cli/application"
3
+
4
+ Securenv::CLI::Application.start(ARGV)
data/lib/securenv.rb CHANGED
@@ -1,6 +1,9 @@
1
1
  require "securenv/version"
2
+ require "securenv/client"
3
+ require "securenv/parameter"
4
+
5
+ require 'aws-sdk-ssm'
2
6
 
3
7
  module Securenv
4
- class Error < StandardError; end
5
- # Your code goes here...
8
+ class ParameterNotFoundError < StandardError; end
6
9
  end
data/lib/securenv/cli/application.rb ADDED
@@ -0,0 +1,88 @@
1
+ require "thor"
2
+ require "securenv"
3
+
4
+ module Securenv
5
+ module CLI
6
+ class Application < Thor
7
+ # This makes thor report the correct exit code in the event of a failure.
8
+ def self.exit_on_failure?
9
+ true
10
+ end
11
+
12
+ desc "set VAR=value", "set a secure environment variable"
13
+ option :app, :required => true, :aliases => "-a", :desc => "The name of the app."
14
+ option :stage, :required => true, :aliases => "-s", :desc => "The name of the stage."
15
+ def set(var)
16
+ variable, value = var.split('=')
17
+ if value.nil?
18
+ raise Thor::Error.new "You must supply a value for #{variable}. To unset a value you can use : securenv unset #{variable}"
19
+ end
20
+ client = Securenv::Client.new({
21
+ app: options[:app],
22
+ stage: options[:stage]
23
+ })
24
+ parameter = client.set({
25
+ variable: variable,
26
+ value: value,
27
+ })
28
+
29
+ puts "Set value for parameter name #{parameter.name} for version #{parameter.version}"
30
+ end
31
+
32
+ desc "get VAR", "get the current value of a secure environment variable"
33
+ option :app, :required => true, :aliases => "-a", :desc => "The name of the app."
34
+ option :stage, :required => true, :aliases => "-s", :desc => "The name of the stage."
35
+ def get(var)
36
+ client = Securenv::Client.new({
37
+ app: options[:app],
38
+ stage: options[:stage]
39
+ })
40
+ parameter = client.get({
41
+ variable: var
42
+ })
43
+
44
+ puts "#{parameter.var_name}: #{parameter.value}"
45
+ rescue Securenv::ParameterNotFoundError => e
46
+ puts e.to_s
47
+ end
48
+
49
+ desc "unset VAR", "remove a secure environment variable"
50
+ option :app, :required => true, :aliases => "-a", :desc => "The name of the app."
51
+ option :stage, :required => true, :aliases => "-s", :desc => "The name of the stage."
52
+ def unset(var)
53
+ client = Securenv::Client.new({
54
+ app: options[:app],
55
+ stage: options[:stage]
56
+ })
57
+ parameter = client.unset({
58
+ variable: var
59
+ })
60
+
61
+ puts "#{parameter.name} was removed"
62
+ rescue Securenv::ParameterNotFoundError => e
63
+ puts e.to_s
64
+ end
65
+
66
+ desc "list", "list all secure environment variables for an app and stage"
67
+ option :app, :required => true, :aliases => "-a", :desc => "The name of the app."
68
+ option :stage, :required => true, :aliases => "-s", :desc => "The name of the stage."
69
+ def list
70
+ client = Securenv::Client.new({
71
+ app: options[:app],
72
+ stage: options[:stage]
73
+ })
74
+ parameters = client.list
75
+ if parameters.any?
76
+ parameters.each do |param|
77
+ puts "#{param.var_name}: #{param.value}"
78
+ end
79
+ else
80
+ puts "No securenv variables are present for this app and stage"
81
+ end
82
+
83
+ rescue Securenv::ParameterNotFoundError => e
84
+ puts e.to_s
85
+ end
86
+ end
87
+ end
88
+ end
data/lib/securenv/client.rb ADDED
@@ -0,0 +1,99 @@
1
+ module Securenv
2
+ class Client
3
+ attr_reader :app
4
+ attr_reader :stage
5
+ def initialize(app:, stage:)
6
+ @app = app
7
+ @stage = stage
8
+ end
9
+
10
+ def set(variable:, value:)
11
+ parameter_name = parameter_name_for(variable)
12
+
13
+ resp = ssm_client.put_parameter({
14
+ name: parameter_name,
15
+ description: "Set via securenv",
16
+ value: value,
17
+ type: "SecureString",
18
+ #key_id: "ParameterKeyId",
19
+ overwrite: true,
20
+ tier: "Standard" # accepts Standard, Advanced, Intelligent-Tiering
21
+ })
22
+ parameter = Parameter.new(
23
+ name: parameter_name,
24
+ version: resp.version,
25
+ value: value
26
+ )
27
+
28
+ return parameter
29
+ end
30
+
31
+ def get(variable:)
32
+ parameter_name = parameter_name_for(variable)
33
+ resp = ssm_client.get_parameter({
34
+ name: parameter_name,
35
+ with_decryption: true
36
+ })
37
+ parameter = Parameter.new(
38
+ name: parameter_name,
39
+ version: resp.parameter.version,
40
+ value: resp.parameter.value
41
+ )
42
+
43
+ return parameter
44
+ rescue Aws::SSM::Errors::ParameterNotFound
45
+ raise ParameterNotFoundError.new "#{variable} is not set for app: #{app} and stage: #{stage}"
46
+ end
47
+
48
+ def unset(variable:)
49
+ parameter_name = parameter_name_for(variable)
50
+ ssm_client.delete_parameter({
51
+ name: parameter_name
52
+ })
53
+ parameter = Parameter.new(
54
+ name: parameter_name,
55
+ version: nil,
56
+ value: nil
57
+ )
58
+
59
+ return parameter
60
+ rescue Aws::SSM::Errors::ParameterNotFound
61
+ raise ParameterNotFoundError.new "#{variable} is not set for app: #{app} and stage: #{stage}"
62
+ end
63
+
64
+ def list
65
+ resp = ssm_client.get_parameters_by_path({
66
+ path: parameter_path,
67
+ with_decryption: true
68
+ })
69
+ parameters = resp.parameters.map do |param|
70
+ Parameter.new(
71
+ name: param.name,
72
+ version: param.version,
73
+ value: param.value
74
+ )
75
+ end
76
+
77
+ return parameters
78
+ end
79
+
80
+ def populate_env
81
+ parameters = list
82
+ parameters.each do |param|
83
+ ENV[param.var_name] = param.value
84
+ end
85
+ end
86
+
87
+ def parameter_path
88
+ "/#{app}/#{stage}"
89
+ end
90
+
91
+ def parameter_name_for(variable)
92
+ "#{parameter_path}/#{variable}"
93
+ end
94
+
95
+ def ssm_client
96
+ @ssm_client = Aws::SSM::Client.new
97
+ end
98
+ end
99
+ end
data/lib/securenv/parameter.rb ADDED
@@ -0,0 +1,17 @@
1
+ module Securenv
2
+ class Parameter
3
+ attr_reader :name
4
+ attr_reader :value
5
+ attr_reader :version
6
+
7
+ def initialize(name:, value:, version:)
8
+ @name = name
9
+ @value = value
10
+ @version = version
11
+ end
12
+
13
+ def var_name
14
+ name.split('/').last
15
+ end
16
+ end
17
+ end
data/lib/securenv/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Securenv
2
- VERSION = "0.1.0"
2
+ VERSION = "0.1.1"
3
3
  end
data/securenv.gemspec CHANGED
@@ -26,4 +26,11 @@ Gem::Specification.new do |spec|
26
26
  spec.bindir = "exe"
27
27
  spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
28
28
  spec.require_paths = ["lib"]
29
+
30
+
31
+ spec.add_dependency "thor" # Thor drives the CLI
32
+ spec.add_dependency "aws-sdk-ssm"
33
+
34
+ spec.add_development_dependency 'simplecov'
35
+ spec.add_development_dependency 'webmock'
29
36
  end
metadata CHANGED
@@ -1,22 +1,80 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: securenv
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.0
4
+ version: 0.1.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Jeremy Green
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2021-06-24 00:00:00.000000000 Z
12
- dependencies: []
11
+ date: 2021-06-25 00:00:00.000000000 Z
12
+ dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: thor
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - ">="
18
+ - !ruby/object:Gem::Version
19
+ version: '0'
20
+ type: :runtime
21
+ prerelease: false
22
+ version_requirements: !ruby/object:Gem::Requirement
23
+ requirements:
24
+ - - ">="
25
+ - !ruby/object:Gem::Version
26
+ version: '0'
27
+ - !ruby/object:Gem::Dependency
28
+ name: aws-sdk-ssm
29
+ requirement: !ruby/object:Gem::Requirement
30
+ requirements:
31
+ - - ">="
32
+ - !ruby/object:Gem::Version
33
+ version: '0'
34
+ type: :runtime
35
+ prerelease: false
36
+ version_requirements: !ruby/object:Gem::Requirement
37
+ requirements:
38
+ - - ">="
39
+ - !ruby/object:Gem::Version
40
+ version: '0'
41
+ - !ruby/object:Gem::Dependency
42
+ name: simplecov
43
+ requirement: !ruby/object:Gem::Requirement
44
+ requirements:
45
+ - - ">="
46
+ - !ruby/object:Gem::Version
47
+ version: '0'
48
+ type: :development
49
+ prerelease: false
50
+ version_requirements: !ruby/object:Gem::Requirement
51
+ requirements:
52
+ - - ">="
53
+ - !ruby/object:Gem::Version
54
+ version: '0'
55
+ - !ruby/object:Gem::Dependency
56
+ name: webmock
57
+ requirement: !ruby/object:Gem::Requirement
58
+ requirements:
59
+ - - ">="
60
+ - !ruby/object:Gem::Version
61
+ version: '0'
62
+ type: :development
63
+ prerelease: false
64
+ version_requirements: !ruby/object:Gem::Requirement
65
+ requirements:
66
+ - - ">="
67
+ - !ruby/object:Gem::Version
68
+ version: '0'
13
69
  description: Securely store and set ENV variables via AWS SSM.
14
70
  email:
15
71
  - jeremy@octolabs.com
16
- executables: []
72
+ executables:
73
+ - securenv
17
74
  extensions: []
18
75
  extra_rdoc_files: []
19
76
  files:
77
+ - ".github/workflows/ruby.yml"
20
78
  - ".gitignore"
21
79
  - ".rspec"
22
80
  - ".travis.yml"
@@ -28,7 +86,11 @@ files:
28
86
  - Rakefile
29
87
  - bin/console
30
88
  - bin/setup
89
+ - exe/securenv
31
90
  - lib/securenv.rb
91
+ - lib/securenv/cli/application.rb
92
+ - lib/securenv/client.rb
93
+ - lib/securenv/parameter.rb
32
94
  - lib/securenv/version.rb
33
95
  - securenv.gemspec
34
96
  homepage: https://github.com/Octo-Labs/securenv