simnos 0.1.1.beta1 → 0.1.1.beta2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: f7852e8296f11712e300ceff4199a87244afa228
-  data.tar.gz: 60783438422b07f0bbed97fa714c09fca1dc0c68
+  metadata.gz: 331d3fe90ec21685f9fa4a969c2e3d77436d88c3
+  data.tar.gz: e9053c2ad17c3d06fceef1097eed7066e8fc94ab
 SHA512:
-  metadata.gz: 6c867759e0989739c9400ff6d9cf3fe255ffe05a43e1b84894c0c5ba78b46d442839faaf4d2b26a598bcc992f17bc77ac617fa888f8b7cc9c0f9d5207e65068a
-  data.tar.gz: c3322803fb225d76b0753af9818698e579654147f9eda3b1f6386c93cc37de3e6446ff7122a41920a658d9d430f3c10d49f2ba7b961648b157310ed022eeb78c
+  metadata.gz: 61869e91186323165f8ea9cba28e1a79c503b25f10dec59167fea025abca8b9735bc14b5d843151e947f983abb2a20fa399e968fcf7fa01b63652c25bcaa34c5
+  data.tar.gz: a3aec65e414b5cab557b9d2ca491ee84e3188f1b8f93c913aa4ba49ef2681b12d7b524b2b970e49510126173c0c7be5d2eb7951eca0340f82d39f5791f36f2e0

data/README.md

@@ -46,6 +46,10 @@ Usage: simnos [options]
                                      no color
         --with-subscriptions
                                      manage subscriptions
+        --recreate-subscriptions
+                                     recreate subscriptions
+        --secret-provider NAME
+                                     use secret value expansion
     -i, --include-names NAMES        include SNS names
     -x, --exclude-names NAMES        exclude SNS names by regex
 ```
@@ -114,6 +118,25 @@ sns "ap-northeast-1" do
 end
 ```
 
+## Secret provider
+
+If you don't want to commit your Basic authentication password, you can use SecretProvider.
+Use --secret-provider option to select provider.(e.g. --secret-provider=vault)
+Expression inside `${...}` is passed to provider.
+
+```
+    subscriptions do
+      subscription protocol: "https", endpoint: "https://user:${password}your.awesome.site/"
+    end
+```
+
+## Subscriptions
+
+There is no way to UPDATE subscription.
+So if you want to recreate subscrptions, use --recreate-subscriptions option.
+It is highly recommended to also path --include-names or exclude-names to select topics.
+Because of Basic authentication password is not returned from API, recreation is needed to change password.
+
 ## Similar tools
 
 * [Codenize.tools](http://codenize.tools/)

data/lib/simnos/cli.rb

@@ -44,6 +44,8 @@ module Simnos
         opts.on('-s', '--split', 'split export DSL file to 1 per topic') { @options[:split] = true }
         opts.on('',   '--no-color', 'no color') { @options[:color] = false }
         opts.on('',   '--with-subscriptions', 'manage subscriptions') { @options[:with_subscriptions] = true }
+        opts.on('',   '--recreate-subscriptions', 'recreate subscriptions') { @options[:recreate_subscriptions] = true }
+        opts.on('',   '--secret-provider NAME', 'use secret value expansion') { |v| @options[:secret_provider] = v }
         opts.on('-i', '--include-names NAMES', 'include SNS names', Array) { |v| @options[:includes] = v }
         opts.on('-x', '--exclude-names NAMES', 'exclude SNS names by regex', Array) do |v|
           @options[:excludes] = v.map! do |name|

data/lib/simnos/client.rb

@@ -3,6 +3,7 @@ require 'simnos/client_wrapper'
 require 'simnos/converter'
 require 'simnos/dsl'
 require 'simnos/filterable'
+require 'simnos/secret_expander'
 
 module Simnos
   class Client
@@ -15,6 +16,7 @@ module Simnos
     def initialize(filepath, options = {})
       @filepath = filepath
       @options = options
+      @options[:secret_expander] = SecretExpander.new(@options[:secret_provider]) if @options[:secret_provider]
     end
 
     def apply
@@ -70,29 +72,41 @@ module Simnos
 
     private
 
+    def delete_subscriptions(aws_topic, aws_sub_by_key)
+      aws_sub_by_key.each do |key, aws_sub|
+        Simnos.logger.info("Delete Topic(#{aws_topic[:topic].topic_arn.split(':').last}) Subscription. protocol: #{key[0].inspect}, endpoint: #{key[1].inspect}.#{@options[:dry_run] ? ' [dry-run]' : ''}")
+        if aws_sub.subscription_arn.split(':').length < 6
+          Simnos.logger.warn("Can not delete Subscription `#{aws_sub.subscription_arn}`")
+          next
+        end
+        next if @options[:dry_run]
+
+        client.unsubscribe(subscription_arn: aws_sub.subscription_arn)
+      end
+    end
+
     def traverse_subscriptions(aws_topic, dsl_subscriptions, aws_subscriptions)
-      dsl_sub_by_key = dsl_subscriptions.each_with_object({}) { |dsl_sub, h| h[[dsl_sub.protocol, dsl_sub.endpoint]] = dsl_sub }
+      dsl_sub_by_key = dsl_subscriptions.each_with_object({}) { |dsl_sub, h| h[[dsl_sub.protocol, dsl_sub.masked_endpoint]] = dsl_sub }
       aws_sub_by_key = aws_subscriptions.each_with_object({}) { |aws_sub, h| h[[aws_sub.protocol, aws_sub.endpoint]] = aws_sub }
+
+      if @options[:recreate_subscriptions]
+        Simnos.logger.info("Subscription recreation flag is on.#{@options[:dry_run] ? ' [dry-run]' : ''}")
+        delete_subscriptions(aws_topic, aws_sub_by_key)
+        aws_sub_by_key = {}
+      end
+
       # create
       dsl_sub_by_key.reject { |key, _| aws_sub_by_key[key] }.each do |key, dsl_sub|
         dsl_sub.aws_topic(aws_topic).create
       end
 
+      # there is no way to update subscriptions
       dsl_sub_by_key.each do |key, dsl_sub|
         aws_sub_by_key.delete(key)
       end
 
       # delete
-      aws_sub_by_key.each do |key, aws_sub|
-        Simnos.logger.info("Delete Topic(#{aws_topic[:topic].topic_arn.split(':').last}) Subscription. protocol: #{key[0].inspect}, endpoint: #{key[1].inspect}.#{@options[:dry_run] ? ' [dry-run]' : ''}")
-        if aws_sub.subscription_arn.split(':').length < 6
-          Simnos.logger.warn("Can not delete Subscription `#{aws_sub.subscription_arn}`")
-          next
-        end
-        next if @options[:dry_run]
-
-        client.unsubscribe(subscription_arn: aws_sub.subscription_arn)
-      end
+      delete_subscriptions(aws_topic, aws_sub_by_key)
     end
 
     def traverse_topics(dsl_topics_all, aws_topics_by_name)

data/lib/simnos/dsl/subscription.rb

@@ -6,7 +6,7 @@ module Simnos
       include Simnos::TemplateHelper
 
       def create
-        Simnos.logger.info("Create Topic(#{@aws_topic[:topic].topic_arn.split(':').last}) Subscription. protocol: #{protocol.inspect}, endpoint: #{endpoint.inspect}#{@options[:dry_run] ? ' [dry-run]' : ''}")
+        Simnos.logger.info("Create Topic(#{@aws_topic[:topic].topic_arn.split(':').last}) Subscription. protocol: #{protocol.inspect}, endpoint: #{masked_endpoint.inspect}#{@options[:dry_run] ? ' [dry-run]' : ''}")
         return if @options[:dry_run]
 
         client.subscribe(
@@ -29,7 +29,28 @@ module Simnos
         @endpoint = endpoint
       end
 
-      attr_reader :topic, :protocol, :endpoint
+      attr_reader :topic, :protocol
+
+      # We have to mask endpoint because SNS returns masked endpoint from API
+      def masked_endpoint
+        if URI.extract(@endpoint, ['http', 'https']).empty?
+          return endpoint
+        end
+        uri = URI.parse(endpoint)
+        if md = uri.userinfo&.match(/(.*):(.*)/)
+          uri.userinfo = "#{md[1]}:****"
+        end
+        uri.to_s
+      end
+
+      def endpoint
+        secret_expander = @options[:secret_expander]
+        if secret_expander
+          secret_expander.expand(@endpoint)
+        else
+          @endpoint
+        end
+      end
 
       private
 

data/lib/simnos/secret_expander.rb

@@ -0,0 +1,75 @@
+require 'strscan'
+
+module Simnos
+  class ExpansionError < StandardError
+  end
+
+  class SecretExpander
+    Literal = Struct.new(:literal)
+    Variable = Struct.new(:name)
+
+    def initialize(provider_name)
+      @provider = load_provider(provider_name)
+      @asked_variables = {}
+    end
+
+    def expand(str)
+      tokens = parse(str)
+      variables = Set.new
+      tokens.each do |token|
+        if token.is_a?(Variable)
+          unless @asked_variables.include?(token.name)
+            variables << token.name
+          end
+        end
+      end
+
+      unless variables.empty?
+        @provider.ask(variables).each do |k, v|
+          @asked_variables[k] = v
+        end
+      end
+
+      tokens.map do |token|
+        case token
+        when Literal
+          token.literal
+        when Variable
+          @asked_variables.fetch(token.name)
+        else
+          raise ExpansionError.new("Unknown token type: #{token.class}")
+        end
+      end.join
+    end
+
+    private
+
+    def parse(value)
+      s = StringScanner.new(value)
+      tokens = []
+      pos = 0
+      while s.scan_until(/\$\{(.*?)\}/)
+        pre = s.string.byteslice(pos...(s.pos - s.matched.size))
+        var = s[1]
+        unless pre.empty?
+          tokens << Literal.new(pre)
+        end
+        if var.empty?
+          raise ExpansionError.new('Empty interpolation is not allowed')
+        else
+          tokens << Variable.new(var)
+        end
+        pos = s.pos
+      end
+      unless s.rest.empty?
+        tokens << Literal.new(s.rest)
+      end
+      tokens
+    end
+
+    def load_provider(name)
+      require "simnos/secret_providers/#{name}"
+      Simnos::SecretProviders.const_get(name.split('_').map(&:capitalize).join('')).new
+    end
+  end
+end

data/lib/simnos/version.rb

@@ -1,3 +1,3 @@
 module Simnos
-  VERSION = "0.1.1.beta1"
+  VERSION = "0.1.1.beta2"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: simnos
 version: !ruby/object:Gem::Version
-  version: 0.1.1.beta1
+  version: 0.1.1.beta2
 platform: ruby
 authors:
 - wata
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2017-10-03 00:00:00.000000000 Z
+date: 2017-10-26 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk
@@ -166,6 +166,7 @@ files:
 - lib/simnos/dsl/topic.rb
 - lib/simnos/filterable.rb
 - lib/simnos/output_topic.erb
+- lib/simnos/secret_expander.rb
 - lib/simnos/template_helper.rb
 - lib/simnos/utils.rb
 - lib/simnos/version.rb