ssm_utils 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 8dcad91e6c48a3d501224e57692ae7d55d6f7871
+  data.tar.gz: 5706e830fbf3304a8fb1c2f0b5e9dea711a4f62c
+SHA512:
+  metadata.gz: ff369cd39c2d9103250f8a1cb4c705027a0482846c4c5161e07fab08fccf88eb81d54e27ce5faa6f47de2b0e00e3b57bb275ca54ab06784f070f15f10d8a8599
+  data.tar.gz: bb98c3485d7732ff1871ab8678c888f69d4b1785f796cc1be9c33def553a0cce684fdc08d7fef1263d8f7cebad61708bca8c871103dedc599254e81433e02386

data/exe/manage_ssm_params

@@ -0,0 +1,5 @@
+#!/usr/bin/env ruby
+# vi: set ft=ruby
+require 'ssm_utils'
+
+SsmUtils::ManageParamsApp.new.run 

data/lib/ssm_utils/get_params_command.rb

@@ -0,0 +1,27 @@
+require 'ssm_utils/ssm_reader_driver'
+require 'yaml'
+
+module SsmUtils
+  class GetParamsCommand
+    def initialize(options)
+      opt = {
+        decrypt: true,
+        ssm_root: '/',
+      }.merge(options)
+
+      raise ArgumentError.new("No file path specified") if !opt.key?(:file_out)
+      @file_out = opt[:file_out]
+      @decrypt = opt[:decrypt]
+      @ssm_root = opt[:ssm_root]
+    end
+
+    def execute
+      ssm = SsmUtils::SsmReaderDriver.new(decrypt: @decrypt, ssm_root: @ssm_root)
+      params = ssm.account_params
+
+      File.open(@file_out, 'w') do |f|
+        YAML.dump(params, f, line_width: -1)
+      end
+    end
+  end
+end

data/lib/ssm_utils/hash_walker.rb

@@ -0,0 +1,71 @@
+module SsmUtils
+  module HashWalker
+
+    class Walker
+      def initialize(hash, path_delim, block)
+        @hash = hash
+        @path_delim = path_delim
+        @block = block
+      end
+
+      def walk
+        walker(nil, @hash)
+      end
+
+
+      private
+
+      def walker(path, node)
+        if valid_value_hash? node
+          @block.yield(path, node)
+        elsif node.is_a? Hash
+          node.each do |key, value|
+            #nil path = "" + "" + {key}
+            #non-nill path = {path} + {path_delim} + {key}
+            walker("#{path}#{path.nil? ? "" : @path_delim}#{key}", value)
+          end
+        else
+          @block.yield(path, node)
+        end
+      end
+
+      def valid_value_hash?(node)
+        return false unless node.is_a?(Hash) && node.has_key?('_value') 
+        if node.has_key?('_type') && node['_type'] == 'SecureString'
+          return false unless node.has_key? '_key'
+        end
+        true
+      end
+    end
+
+    # For a hash { 'a' => { 'b' => { 'c' => 'd' } } } this function will
+    # yield to the provided block ('a/b/c', 'd'). Furthermore, hashs containing
+    # the keys '_value' and '_type' will be interpreted as leaves and will not
+    # be walked into and instead yielded to the block.
+    def walk_hash(hash, path_delim, &block)
+      raise ArgumentError.new("Block required") unless block_given?
+
+      if !hash.is_a? Hash
+        raise ArgumentError.new("Cannot walk things that aren't hashes")
+      end
+
+      Walker.new(hash, path_delim.to_s, block).walk
+      hash
+    end
+
+    #Recursive safe-setting of keys
+    def dig_set(hash, key_list, value)
+      if !key_list.is_a? Array || key_list.length < 1
+        raise ArgumentError.new("Key list cannot be empty or a non-array")
+      elsif key_list.length == 1
+        hash[key_list[0]] = value
+      else
+        if hash[key_list[0]].nil?
+          hash[key_list[0]] = {}
+        end
+        dig_set(hash[key_list[0]], key_list[1..-1], value)
+        hash
+      end
+    end
+  end
+end

data/lib/ssm_utils/manage_params_app.rb

@@ -0,0 +1,57 @@
+require 'commander'
+require 'ssm_utils/hash_walker'
+require 'ssm_utils/version'
+require 'ssm_utils/get_params_command'
+require 'ssm_utils/put_params_command'
+
+module SsmUtils
+  class ManageParamsApp
+    include Commander::Methods
+
+    def run
+      program :name, 'Manage SSM Params'
+      program :version, SsmUtils::VERSION
+      program :description, 'Manages SSM parameters!'
+      program :help, 'Author', 'David Kolb <david.kolb@coxautoinc.com>'
+
+      command :get do |c|
+        c.syntax = 'manage_ssm_params get [OPTIONS]'
+        c.description = <<~EOF
+          Retrieves an entire tree of your SSM parameter store as a well
+          structured YAML document.
+        EOF
+        c.option '--file FILE', String, 'File to retrieve account to.'
+        c.option '--[no-]decrypt', 'Decrypt SecureStrings, default true'
+        c.option '--ssm_root PATH_ROOT', String, 
+          "A path root to retrieve from, default is '/'"
+        c.when_called do |args, options|
+          options.default(decrypt: true, ssm_root: '/')
+          GetParamsCommand.new(
+            file_out: options.file,
+            decrypt: options.decrypt,
+            ssm_root: options.ssm_root
+          ).execute
+        end
+      end
+
+      command :put do |c|
+        c.syntax = 'manage_ssm_params put [OPTIONS]'
+        c.description = <<~EOF
+          Writes the supplied YAML structure into SSM parameter store using
+          the reverse of the mappings used by get.
+        EOF
+        c.option '--file FILE', String, 'File to retrieve account to.'
+        c.option '--[no-]overwrite', 'Overwrite exitings strings, default true'
+        c.when_called do |args, options|
+          options.default(overwrite: true)
+          PutParamsCommand.new(
+            in_file: options.file,
+            overwrite: options.overwrite
+          ).execute
+        end
+      end
+
+      run!
+    end
+  end
+end

data/lib/ssm_utils/put_params_command.rb

@@ -0,0 +1,26 @@
+require 'yaml'
+require 'aws-sdk-ssm'
+require 'ssm_utils/ssm_writer_driver'
+
+module SsmUtils
+  class PutParamsCommand
+    def initialize(options)
+      options = {
+        overwrite: false
+      }.merge(options)
+
+      raise ArgumentError.new("No input file") unless options.key? :in_file
+
+      @overwrite = options[:overwrite]
+      @in_file = options[:in_file]
+    end
+
+    def execute
+      parameters = YAML.load_file(@in_file)
+      SsmWriterDriver.new(
+        parameters: parameters,
+        overwrite:  @overwrite
+      ).write_parameters
+    end
+  end
+end

data/lib/ssm_utils/ssm_reader_driver.rb

@@ -0,0 +1,75 @@
+require 'aws-sdk-ssm'
+require 'ssm_utils/hash_walker'
+
+module SsmUtils
+  class SsmReaderDriver
+    include HashWalker
+
+    def initialize(options={})
+      options = {
+        decrypt: true,
+        ssm_root: '/'
+      }.merge(options)
+      @ssm = Aws::SSM::Client.new()
+      @decrypt_flag = options[:decrypt]
+      @ssm_root = options[:ssm_root]
+    end
+
+    def raw_account_params
+      return @raw_params if @raw_params
+      
+      params = []
+
+      @ssm.get_parameters_by_path(
+        path: @ssm_root, 
+        recursive: 'true',
+        with_decryption: @decrypt_flag
+      ).each do |r|
+        params += r.to_h[:parameters]
+      end
+
+      @raw_params = params
+    end
+
+    def account_params
+      params = {}
+      raw_account_params.each do |r|
+        if r[:type] == 'String'
+          value = r[:value]
+        elsif r[:type] == 'SecureString'
+          value = {
+            '_value' => r[:value],
+            '_type'  => r[:type],
+            '_key'   => encryption_key(r)
+          }
+        else
+          value = {
+            '_value' => r[:value],
+            '_type'  => r[:type]
+          }
+        end
+        dig_set(params, key_list(r[:name]), value)
+      end
+      params
+    end
+
+    def encryption_key(param)
+      response = @ssm.get_parameter_history(name: param[:name])
+      matched_version = nil
+
+      # Apparently this is the idiomatic way to do/while. :-/
+      loop do
+        matched_version = response.parameters.find do |p| 
+          p.version == param[:version]
+        end
+        response = response.next_page if response.next_page?
+        break unless matched_version.nil? && response.next_page?
+      end
+      matched_version.nil? ? nil : matched_version.key_id
+    end
+
+    def key_list(param_name)
+      param_name[0] == '/' ? param_name[1..-1].split('/') : param_name.split('/')
+    end
+  end
+end

data/lib/ssm_utils/ssm_writer_driver.rb

@@ -0,0 +1,69 @@
+require 'aws-sdk-ssm'
+require 'ssm_utils/hash_walker'
+
+module SsmUtils
+  class SsmWriterDriver
+    include HashWalker
+
+    def initialize(options)
+      options = {
+        overwrite: false
+      }.merge(options)
+
+      raise ArgumentError('Missing parameters') unless options.key? :parameters
+
+      @parameters = options[:parameters]
+      @ssm = Aws::SSM::Client.new
+      @overwrite = options[:overwrite]
+    end
+
+    def write_parameters
+      ssm_requests.each do |request|
+        @ssm.put_parameter(request)
+      end
+    end
+
+    def ssm_requests
+      return @calls if @calls
+
+      @calls = []
+
+      walk_hash(@parameters, '/') { |path, value|
+        path = "/#{path}"
+        if value.is_a? Hash
+          @calls.push process_hash_value(path, value)
+        else
+          @calls.push process_literal_value(path,value)
+        end
+      }
+
+      @calls
+    end
+
+    private
+
+    def process_literal_value(path, value)
+      {
+        name: path,
+        value: value.to_s,
+        type: "String",
+        overwrite: @overwrite
+      }
+    end
+
+    def process_hash_value(path, value)
+      call = {
+        name: path,
+        value: value['_value'].to_s,
+        type: value['_type'],
+        overwrite: @overwrite
+      }
+
+      if value['_type'] == 'SecureString'
+        call[:key_id] = value['_key']
+      end
+
+      call
+    end
+  end
+end

data/lib/ssm_utils/version.rb

@@ -0,0 +1,3 @@
+module SsmUtils
+  VERSION = "0.1.0"
+end

data/lib/ssm_utils.rb

@@ -0,0 +1,6 @@
+require "ssm_utils/version"
+require "ssm_utils/manage_params_app"
+
+module SsmUtils
+  # Your code goes here...
+end

metadata

@@ -0,0 +1,152 @@
+--- !ruby/object:Gem::Specification
+name: ssm_utils
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- David Kolb
+autorequire: 
+bindir: exe
+cert_chain: []
+date: 2018-04-19 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.16'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.16'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+- !ruby/object:Gem::Dependency
+  name: pry
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.11.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.11.0
+- !ruby/object:Gem::Dependency
+  name: paint
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2'
+- !ruby/object:Gem::Dependency
+  name: commander
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '4'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '4'
+- !ruby/object:Gem::Dependency
+  name: aws-sdk-ssm
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1'
+description: Provides some CLI interfaces into the SSM parameter store with opinions.
+email:
+- david.kolb@krinchan.com
+executables:
+- manage_ssm_params
+extensions: []
+extra_rdoc_files: []
+files:
+- exe/manage_ssm_params
+- lib/ssm_utils.rb
+- lib/ssm_utils/get_params_command.rb
+- lib/ssm_utils/hash_walker.rb
+- lib/ssm_utils/manage_params_app.rb
+- lib/ssm_utils/put_params_command.rb
+- lib/ssm_utils/ssm_reader_driver.rb
+- lib/ssm_utils/ssm_writer_driver.rb
+- lib/ssm_utils/version.rb
+homepage: https://github.com/ssm_utils
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - "~>"
+    - !ruby/object:Gem::Version
+      version: '2.3'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.6.14
+signing_key: 
+specification_version: 4
+summary: Utility scripts for managing SSM params
+test_files: []