securenv 0.1.0 → 0.1.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (11) hide show
  1. checksums.yaml +4 -4
  2. data/.github/workflows/ruby.yml +35 -0
  3. data/Gemfile.lock +37 -1
  4. data/exe/securenv +4 -0
  5. data/lib/securenv.rb +5 -2
  6. data/lib/securenv/cli/application.rb +88 -0
  7. data/lib/securenv/client.rb +99 -0
  8. data/lib/securenv/parameter.rb +17 -0
  9. data/lib/securenv/version.rb +1 -1
  10. data/securenv.gemspec +7 -0
  11. metadata +66 -4
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 3f63107fbe5ac5b33005bfa4db97f1b3b987515ecbdcb648c09a3ccd023b03b6
4
- data.tar.gz: c382b315f8b188efced85c4858712d0882dfe51967ea7cc2bf415b302fc71f40
3
+ metadata.gz: f98e4349739d04c45f76ef3065a0c1929910fe9e9b29332d0a1d384cd69a6a73
4
+ data.tar.gz: 23abb50be1835f36adea2c3a76d28aa7cda2997951d08bdfef49b4bbd1a1d969
5
5
  SHA512:
6
- metadata.gz: 35025041a33a6b81ddfaff091739956c57bab545f508a22292ffa48b35850b1f1ed94f529fe4585f36299347060bbb702783c47069341196e80e5d91b25a769e
7
- data.tar.gz: 17a32dc426af2967aced874ba9430b1432dc41861da4718dd69e991a03513e21c1c5124178c396f7e85e4f726fa63137d3ac946be0a558994f81424f37f548b4
6
+ metadata.gz: d0298049140580e3a89db7abf0a5dee76c14b5202e101a10fd41b2cd0946d9fdb835825397529fc30848e4b310f7e81d75eaa5a697a485ef6692de9b37d9a59c
7
+ data.tar.gz: 165c89584a73624004788ba1b11d4dbf9ca653ef60b1b3405b2417a3c614db5c5a6d94d9202138b45f75502c2da38d01351ad5d69daf083f54fb26151c992b13
data/.github/workflows/ruby.yml ADDED
@@ -0,0 +1,35 @@
1
+ # This workflow uses actions that are not certified by GitHub.
2
+ # They are provided by a third-party and are governed by
3
+ # separate terms of service, privacy policy, and support
4
+ # documentation.
5
+ # This workflow will download a prebuilt Ruby version, install dependencies and run tests with Rake
6
+ # For more information see: https://github.com/marketplace/actions/setup-ruby-jruby-and-truffleruby
7
+
8
+ name: Ruby
9
+
10
+ on:
11
+ push:
12
+ branches: [ main ]
13
+ pull_request:
14
+ branches: [ main ]
15
+
16
+ jobs:
17
+ test:
18
+
19
+ runs-on: ubuntu-latest
20
+ strategy:
21
+ matrix:
22
+ ruby-version: ['2.6', '2.7', '3.0']
23
+
24
+ steps:
25
+ - uses: actions/checkout@v2
26
+ - name: Set up Ruby
27
+ # To automatically get bug fixes and new Ruby versions for ruby/setup-ruby,
28
+ # change this to (see https://github.com/ruby/setup-ruby#versioning):
29
+ # uses: ruby/setup-ruby@v1
30
+ uses: ruby/setup-ruby@473e4d8fe5dd94ee328fdfca9f8c9c7afc9dae5e
31
+ with:
32
+ ruby-version: ${{ matrix.ruby-version }}
33
+ bundler-cache: true # runs 'bundle install' and caches installed gems automatically
34
+ - name: Run tests
35
+ run: bundle exec rake
data/Gemfile.lock CHANGED
@@ -1,13 +1,36 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- securenv (0.1.0)
4
+ securenv (0.1.1)
5
+ aws-sdk-ssm
6
+ thor
5
7
 
6
8
  GEM
7
9
  remote: https://rubygems.org/
8
10
  specs:
11
+ addressable (2.7.0)
12
+ public_suffix (>= 2.0.2, < 5.0)
13
+ aws-eventstream (1.1.1)
14
+ aws-partitions (1.471.0)
15
+ aws-sdk-core (3.115.0)
16
+ aws-eventstream (~> 1, >= 1.0.2)
17
+ aws-partitions (~> 1, >= 1.239.0)
18
+ aws-sigv4 (~> 1.1)
19
+ jmespath (~> 1.0)
20
+ aws-sdk-ssm (1.111.0)
21
+ aws-sdk-core (~> 3, >= 3.112.0)
22
+ aws-sigv4 (~> 1.1)
23
+ aws-sigv4 (1.2.3)
24
+ aws-eventstream (~> 1, >= 1.0.2)
25
+ crack (0.4.5)
26
+ rexml
9
27
  diff-lcs (1.4.4)
28
+ docile (1.4.0)
29
+ hashdiff (1.0.1)
30
+ jmespath (1.4.0)
31
+ public_suffix (4.0.6)
10
32
  rake (12.3.3)
33
+ rexml (3.2.5)
11
34
  rspec (3.10.0)
12
35
  rspec-core (~> 3.10.0)
13
36
  rspec-expectations (~> 3.10.0)
@@ -21,6 +44,17 @@ GEM
21
44
  diff-lcs (>= 1.2.0, < 2.0)
22
45
  rspec-support (~> 3.10.0)
23
46
  rspec-support (3.10.2)
47
+ simplecov (0.21.2)
48
+ docile (~> 1.1)
49
+ simplecov-html (~> 0.11)
50
+ simplecov_json_formatter (~> 0.1)
51
+ simplecov-html (0.12.3)
52
+ simplecov_json_formatter (0.1.3)
53
+ thor (1.1.0)
54
+ webmock (3.13.0)
55
+ addressable (>= 2.3.6)
56
+ crack (>= 0.3.2)
57
+ hashdiff (>= 0.4.0, < 2.0.0)
24
58
 
25
59
  PLATFORMS
26
60
  ruby
@@ -29,6 +63,8 @@ DEPENDENCIES
29
63
  rake (~> 12.0)
30
64
  rspec (~> 3.0)
31
65
  securenv!
66
+ simplecov
67
+ webmock
32
68
 
33
69
  BUNDLED WITH
34
70
  2.1.4
data/exe/securenv ADDED
@@ -0,0 +1,4 @@
1
+ #!/usr/bin/env ruby
2
+ require_relative "../lib/securenv/cli/application"
3
+
4
+ Securenv::CLI::Application.start(ARGV)
data/lib/securenv.rb CHANGED
@@ -1,6 +1,9 @@
1
1
  require "securenv/version"
2
+ require "securenv/client"
3
+ require "securenv/parameter"
4
+
5
+ require 'aws-sdk-ssm'
2
6
 
3
7
  module Securenv
4
- class Error < StandardError; end
5
- # Your code goes here...
8
+ class ParameterNotFoundError < StandardError; end
6
9
  end
data/lib/securenv/cli/application.rb ADDED
@@ -0,0 +1,88 @@
1
+ require "thor"
2
+ require "securenv"
3
+
4
+ module Securenv
5
+ module CLI
6
+ class Application < Thor
7
+ # This makes thor report the correct exit code in the event of a failure.
8
+ def self.exit_on_failure?
9
+ true
10
+ end
11
+
12
+ desc "set VAR=value", "set a secure environment variable"
13
+ option :app, :required => true, :aliases => "-a", :desc => "The name of the app."
14
+ option :stage, :required => true, :aliases => "-s", :desc => "The name of the stage."
15
+ def set(var)
16
+ variable, value = var.split('=')
17
+ if value.nil?
18
+ raise Thor::Error.new "You must supply a value for #{variable}. To unset a value you can use : securenv unset #{variable}"
19
+ end
20
+ client = Securenv::Client.new({
21
+ app: options[:app],
22
+ stage: options[:stage]
23
+ })
24
+ parameter = client.set({
25
+ variable: variable,
26
+ value: value,
27
+ })
28
+
29
+ puts "Set value for parameter name #{parameter.name} for version #{parameter.version}"
30
+ end
31
+
32
+ desc "get VAR", "get the current value of a secure environment variable"
33
+ option :app, :required => true, :aliases => "-a", :desc => "The name of the app."
34
+ option :stage, :required => true, :aliases => "-s", :desc => "The name of the stage."
35
+ def get(var)
36
+ client = Securenv::Client.new({
37
+ app: options[:app],
38
+ stage: options[:stage]
39
+ })
40
+ parameter = client.get({
41
+ variable: var
42
+ })
43
+
44
+ puts "#{parameter.var_name}: #{parameter.value}"
45
+ rescue Securenv::ParameterNotFoundError => e
46
+ puts e.to_s
47
+ end
48
+
49
+ desc "unset VAR", "remove a secure environment variable"
50
+ option :app, :required => true, :aliases => "-a", :desc => "The name of the app."
51
+ option :stage, :required => true, :aliases => "-s", :desc => "The name of the stage."
52
+ def unset(var)
53
+ client = Securenv::Client.new({
54
+ app: options[:app],
55
+ stage: options[:stage]
56
+ })
57
+ parameter = client.unset({
58
+ variable: var
59
+ })
60
+
61
+ puts "#{parameter.name} was removed"
62
+ rescue Securenv::ParameterNotFoundError => e
63
+ puts e.to_s
64
+ end
65
+
66
+ desc "list", "list all secure environment variables for an app and stage"
67
+ option :app, :required => true, :aliases => "-a", :desc => "The name of the app."
68
+ option :stage, :required => true, :aliases => "-s", :desc => "The name of the stage."
69
+ def list
70
+ client = Securenv::Client.new({
71
+ app: options[:app],
72
+ stage: options[:stage]
73
+ })
74
+ parameters = client.list
75
+ if parameters.any?
76
+ parameters.each do |param|
77
+ puts "#{param.var_name}: #{param.value}"
78
+ end
79
+ else
80
+ puts "No securenv variables are present for this app and stage"
81
+ end
82
+
83
+ rescue Securenv::ParameterNotFoundError => e
84
+ puts e.to_s
85
+ end
86
+ end
87
+ end
88
+ end
data/lib/securenv/client.rb ADDED
@@ -0,0 +1,99 @@
1
+ module Securenv
2
+ class Client
3
+ attr_reader :app
4
+ attr_reader :stage
5
+ def initialize(app:, stage:)
6
+ @app = app
7
+ @stage = stage
8
+ end
9
+
10
+ def set(variable:, value:)
11
+ parameter_name = parameter_name_for(variable)
12
+
13
+ resp = ssm_client.put_parameter({
14
+ name: parameter_name,
15
+ description: "Set via securenv",
16
+ value: value,
17
+ type: "SecureString",
18
+ #key_id: "ParameterKeyId",
19
+ overwrite: true,
20
+ tier: "Standard" # accepts Standard, Advanced, Intelligent-Tiering
21
+ })
22
+ parameter = Parameter.new(
23
+ name: parameter_name,
24
+ version: resp.version,
25
+ value: value
26
+ )
27
+
28
+ return parameter
29
+ end
30
+
31
+ def get(variable:)
32
+ parameter_name = parameter_name_for(variable)
33
+ resp = ssm_client.get_parameter({
34
+ name: parameter_name,
35
+ with_decryption: true
36
+ })
37
+ parameter = Parameter.new(
38
+ name: parameter_name,
39
+ version: resp.parameter.version,
40
+ value: resp.parameter.value
41
+ )
42
+
43
+ return parameter
44
+ rescue Aws::SSM::Errors::ParameterNotFound
45
+ raise ParameterNotFoundError.new "#{variable} is not set for app: #{app} and stage: #{stage}"
46
+ end
47
+
48
+ def unset(variable:)
49
+ parameter_name = parameter_name_for(variable)
50
+ ssm_client.delete_parameter({
51
+ name: parameter_name
52
+ })
53
+ parameter = Parameter.new(
54
+ name: parameter_name,
55
+ version: nil,
56
+ value: nil
57
+ )
58
+
59
+ return parameter
60
+ rescue Aws::SSM::Errors::ParameterNotFound
61
+ raise ParameterNotFoundError.new "#{variable} is not set for app: #{app} and stage: #{stage}"
62
+ end
63
+
64
+ def list
65
+ resp = ssm_client.get_parameters_by_path({
66
+ path: parameter_path,
67
+ with_decryption: true
68
+ })
69
+ parameters = resp.parameters.map do |param|
70
+ Parameter.new(
71
+ name: param.name,
72
+ version: param.version,
73
+ value: param.value
74
+ )
75
+ end
76
+
77
+ return parameters
78
+ end
79
+
80
+ def populate_env
81
+ parameters = list
82
+ parameters.each do |param|
83
+ ENV[param.var_name] = param.value
84
+ end
85
+ end
86
+
87
+ def parameter_path
88
+ "/#{app}/#{stage}"
89
+ end
90
+
91
+ def parameter_name_for(variable)
92
+ "#{parameter_path}/#{variable}"
93
+ end
94
+
95
+ def ssm_client
96
+ @ssm_client = Aws::SSM::Client.new
97
+ end
98
+ end
99
+ end
data/lib/securenv/parameter.rb ADDED
@@ -0,0 +1,17 @@
1
+ module Securenv
2
+ class Parameter
3
+ attr_reader :name
4
+ attr_reader :value
5
+ attr_reader :version
6
+
7
+ def initialize(name:, value:, version:)
8
+ @name = name
9
+ @value = value
10
+ @version = version
11
+ end
12
+
13
+ def var_name
14
+ name.split('/').last
15
+ end
16
+ end
17
+ end
data/lib/securenv/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Securenv
2
- VERSION = "0.1.0"
2
+ VERSION = "0.1.1"
3
3
  end
data/securenv.gemspec CHANGED
@@ -26,4 +26,11 @@ Gem::Specification.new do |spec|
26
26
  spec.bindir = "exe"
27
27
  spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
28
28
  spec.require_paths = ["lib"]
29
+
30
+
31
+ spec.add_dependency "thor" # Thor drives the CLI
32
+ spec.add_dependency "aws-sdk-ssm"
33
+
34
+ spec.add_development_dependency 'simplecov'
35
+ spec.add_development_dependency 'webmock'
29
36
  end
metadata CHANGED
@@ -1,22 +1,80 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: securenv
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.0
4
+ version: 0.1.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Jeremy Green
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2021-06-24 00:00:00.000000000 Z
12
- dependencies: []
11
+ date: 2021-06-25 00:00:00.000000000 Z
12
+ dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: thor
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - ">="
18
+ - !ruby/object:Gem::Version
19
+ version: '0'
20
+ type: :runtime
21
+ prerelease: false
22
+ version_requirements: !ruby/object:Gem::Requirement
23
+ requirements:
24
+ - - ">="
25
+ - !ruby/object:Gem::Version
26
+ version: '0'
27
+ - !ruby/object:Gem::Dependency
28
+ name: aws-sdk-ssm
29
+ requirement: !ruby/object:Gem::Requirement
30
+ requirements:
31
+ - - ">="
32
+ - !ruby/object:Gem::Version
33
+ version: '0'
34
+ type: :runtime
35
+ prerelease: false
36
+ version_requirements: !ruby/object:Gem::Requirement
37
+ requirements:
38
+ - - ">="
39
+ - !ruby/object:Gem::Version
40
+ version: '0'
41
+ - !ruby/object:Gem::Dependency
42
+ name: simplecov
43
+ requirement: !ruby/object:Gem::Requirement
44
+ requirements:
45
+ - - ">="
46
+ - !ruby/object:Gem::Version
47
+ version: '0'
48
+ type: :development
49
+ prerelease: false
50
+ version_requirements: !ruby/object:Gem::Requirement
51
+ requirements:
52
+ - - ">="
53
+ - !ruby/object:Gem::Version
54
+ version: '0'
55
+ - !ruby/object:Gem::Dependency
56
+ name: webmock
57
+ requirement: !ruby/object:Gem::Requirement
58
+ requirements:
59
+ - - ">="
60
+ - !ruby/object:Gem::Version
61
+ version: '0'
62
+ type: :development
63
+ prerelease: false
64
+ version_requirements: !ruby/object:Gem::Requirement
65
+ requirements:
66
+ - - ">="
67
+ - !ruby/object:Gem::Version
68
+ version: '0'
13
69
  description: Securely store and set ENV variables via AWS SSM.
14
70
  email:
15
71
  - jeremy@octolabs.com
16
- executables: []
72
+ executables:
73
+ - securenv
17
74
  extensions: []
18
75
  extra_rdoc_files: []
19
76
  files:
77
+ - ".github/workflows/ruby.yml"
20
78
  - ".gitignore"
21
79
  - ".rspec"
22
80
  - ".travis.yml"
@@ -28,7 +86,11 @@ files:
28
86
  - Rakefile
29
87
  - bin/console
30
88
  - bin/setup
89
+ - exe/securenv
31
90
  - lib/securenv.rb
91
+ - lib/securenv/cli/application.rb
92
+ - lib/securenv/client.rb
93
+ - lib/securenv/parameter.rb
32
94
  - lib/securenv/version.rb
33
95
  - securenv.gemspec
34
96
  homepage: https://github.com/Octo-Labs/securenv