terraspace_plugin_aws 0.2.2 → 0.3.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +4 -0
- data/lib/templates/hcl/project/config/terraform/backend.tf.tt +2 -2
- data/lib/terraspace_plugin_aws.rb +11 -1
- data/lib/terraspace_plugin_aws/autoloader.rb +1 -1
- data/lib/terraspace_plugin_aws/clients.rb +12 -0
- data/lib/terraspace_plugin_aws/interfaces/backend/base.rb +1 -4
- data/lib/terraspace_plugin_aws/interfaces/helper.rb +15 -0
- data/lib/terraspace_plugin_aws/interfaces/helper/secret.rb +18 -0
- data/lib/terraspace_plugin_aws/interfaces/helper/secret_base.rb +13 -0
- data/lib/terraspace_plugin_aws/interfaces/helper/ssm.rb +18 -0
- data/lib/terraspace_plugin_aws/logging.rb +7 -0
- data/lib/terraspace_plugin_aws/version.rb +1 -1
- data/terraspace_plugin_aws.gemspec +2 -0
- metadata +36 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: b62c32aa56b1d692d2438f73de9a320cc428b6905b37f622576c0ecb47ae4e08
|
|
4
|
+
data.tar.gz: 4f3e359016f41e102f4666a5494d76114bad4b0e24ea98530dea4167764643c8
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 2db6fa9293af079f29af0823e77176a26b8b5634bdc03a4cf057add8c5b945b53adf58e48ab5bf84758ad219bff3298428e129545a977db0b7a6e9aff8c53391
|
|
7
|
+
data.tar.gz: bad12d3090b11d5320e0636b3abfd2ad5722963ad48ae7a96f58864e716b1150fbde41bc96ad4da097e9a13cf723333b67bae2f1f8295aae61ef31d15c24d440
|
data/CHANGELOG.md
CHANGED
|
@@ -3,6 +3,10 @@
|
|
|
3
3
|
All notable changes to this project will be documented in this file.
|
|
4
4
|
This project *loosely tries* to adhere to [Semantic Versioning](http://semver.org/).
|
|
5
5
|
|
|
6
|
+
## [0.3.0] - 2020-11-15
|
|
7
|
+
- [#5](https://github.com/boltops-tools/terraspace_plugin_aws/pull/5) helper and secrets support
|
|
8
|
+
- aws_secret and aws_ssm helpers
|
|
9
|
+
|
|
6
10
|
## [0.2.2]
|
|
7
11
|
- #4 default access logging to false
|
|
8
12
|
- set prefix to @folder for performance improvement
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
terraform {
|
|
2
2
|
backend "s3" {
|
|
3
|
-
bucket = "<%%= expansion('terraform-state-:ACCOUNT-:REGION-:ENV') %>"
|
|
4
|
-
key = "<%%= expansion(':REGION/:ENV/:BUILD_DIR/terraform.tfstate') %>"
|
|
3
|
+
bucket = "<%%= expansion('terraform-state-:ACCOUNT-:REGION-:ENV') %>"
|
|
4
|
+
key = "<%%= expansion(':REGION/:ENV/:BUILD_DIR/terraform.tfstate') %>"
|
|
5
5
|
region = "<%%= expansion(':REGION') %>"
|
|
6
6
|
encrypt = true
|
|
7
7
|
dynamodb_table = "terraform_locks"
|
|
@@ -22,12 +22,22 @@ module TerraspacePluginAws
|
|
|
22
22
|
Interfaces::Config.instance.config
|
|
23
23
|
end
|
|
24
24
|
|
|
25
|
+
@@logger = nil
|
|
26
|
+
def logger
|
|
27
|
+
@@logger ||= Terraspace.logger
|
|
28
|
+
end
|
|
29
|
+
|
|
30
|
+
def logger=(v)
|
|
31
|
+
@@logger = v
|
|
32
|
+
end
|
|
33
|
+
|
|
25
34
|
extend self
|
|
26
35
|
end
|
|
27
36
|
|
|
28
37
|
Terraspace::Plugin.register("aws",
|
|
29
38
|
backend: "s3",
|
|
30
39
|
config_class: TerraspacePluginAws::Interfaces::Config,
|
|
31
|
-
|
|
40
|
+
helper_class: TerraspacePluginAws::Interfaces::Helper,
|
|
41
|
+
layer_class: TerraspacePluginAws::Interfaces::Layer,
|
|
32
42
|
root: File.dirname(__dir__),
|
|
33
43
|
)
|
|
@@ -1,5 +1,7 @@
|
|
|
1
1
|
require "aws-sdk-dynamodb"
|
|
2
2
|
require "aws-sdk-s3"
|
|
3
|
+
require "aws-sdk-secretsmanager"
|
|
4
|
+
require "aws-sdk-ssm"
|
|
3
5
|
|
|
4
6
|
module TerraspacePluginAws
|
|
5
7
|
module Clients
|
|
@@ -10,6 +12,16 @@ module TerraspacePluginAws
|
|
|
10
12
|
end
|
|
11
13
|
memoize :s3
|
|
12
14
|
|
|
15
|
+
def secretsmanager
|
|
16
|
+
Aws::SecretsManager::Client.new
|
|
17
|
+
end
|
|
18
|
+
memoize :secretsmanager
|
|
19
|
+
|
|
20
|
+
def ssm
|
|
21
|
+
Aws::SSM::Client.new
|
|
22
|
+
end
|
|
23
|
+
memoize :ssm
|
|
24
|
+
|
|
13
25
|
def dynamodb
|
|
14
26
|
Aws::DynamoDB::Client.new
|
|
15
27
|
end
|
|
@@ -3,13 +3,10 @@ require "s3-secure"
|
|
|
3
3
|
class TerraspacePluginAws::Interfaces::Backend
|
|
4
4
|
class Base
|
|
5
5
|
include TerraspacePluginAws::Clients
|
|
6
|
+
include TerraspacePluginAws::Logging
|
|
6
7
|
|
|
7
8
|
def initialize(info)
|
|
8
9
|
@info = info
|
|
9
10
|
end
|
|
10
|
-
|
|
11
|
-
def logger
|
|
12
|
-
Terraspace.logger
|
|
13
|
-
end
|
|
14
11
|
end
|
|
15
12
|
end
|
|
@@ -0,0 +1,15 @@
|
|
|
1
|
+
module TerraspacePluginAws::Interfaces
|
|
2
|
+
module Helper
|
|
3
|
+
include Terraspace::Plugin::Helper::Interface
|
|
4
|
+
|
|
5
|
+
def aws_secret(name, options={})
|
|
6
|
+
Secret.new(options).fetch(name)
|
|
7
|
+
end
|
|
8
|
+
cache_helper :aws_secret
|
|
9
|
+
|
|
10
|
+
def aws_ssm(name, options={})
|
|
11
|
+
SSM.new(options).fetch(name)
|
|
12
|
+
end
|
|
13
|
+
cache_helper :aws_ssm
|
|
14
|
+
end
|
|
15
|
+
end
|
|
@@ -0,0 +1,18 @@
|
|
|
1
|
+
module TerraspacePluginAws::Interfaces::Helper
|
|
2
|
+
class Secret < SecretBase
|
|
3
|
+
def fetch(secret_id)
|
|
4
|
+
value = fetch_value(secret_id)
|
|
5
|
+
value = Base64.strict_encode64(value).strip if @base64
|
|
6
|
+
value
|
|
7
|
+
end
|
|
8
|
+
|
|
9
|
+
def fetch_value(secret_id)
|
|
10
|
+
secret_value = secretsmanager.get_secret_value(secret_id: secret_id)
|
|
11
|
+
secret_value.secret_string
|
|
12
|
+
rescue Aws::SecretsManager::Errors::ResourceNotFoundException => e
|
|
13
|
+
logger.info "WARN: secret_id #{secret_id} not found".color(:yellow)
|
|
14
|
+
logger.info e.message
|
|
15
|
+
"NOT FOUND #{secret_id}" # simple string so Kubernetes YAML is valid
|
|
16
|
+
end
|
|
17
|
+
end
|
|
18
|
+
end
|
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
require "base64"
|
|
2
|
+
|
|
3
|
+
module TerraspacePluginAws::Interfaces::Helper
|
|
4
|
+
class SecretBase
|
|
5
|
+
include TerraspacePluginAws::Clients
|
|
6
|
+
include TerraspacePluginAws::Logging
|
|
7
|
+
|
|
8
|
+
def initialize(options={})
|
|
9
|
+
@options = options
|
|
10
|
+
@base64 = options[:base64]
|
|
11
|
+
end
|
|
12
|
+
end
|
|
13
|
+
end
|
|
@@ -0,0 +1,18 @@
|
|
|
1
|
+
module TerraspacePluginAws::Interfaces::Helper
|
|
2
|
+
class SSM < SecretBase
|
|
3
|
+
def fetch(name)
|
|
4
|
+
value = fetch_value(name)
|
|
5
|
+
value = Base64.strict_encode64(value).strip if @base64
|
|
6
|
+
value
|
|
7
|
+
end
|
|
8
|
+
|
|
9
|
+
def fetch_value(name)
|
|
10
|
+
resp = ssm.get_parameter(name: name, with_decryption: true)
|
|
11
|
+
resp.parameter.value
|
|
12
|
+
rescue Aws::SSM::Errors::ParameterNotFound => e
|
|
13
|
+
logger.info "WARN: name #{name} not found".color(:yellow)
|
|
14
|
+
logger.info e.message
|
|
15
|
+
"NOT FOUND #{name}" # simple string so tfvars valid
|
|
16
|
+
end
|
|
17
|
+
end
|
|
18
|
+
end
|
|
@@ -24,6 +24,8 @@ Gem::Specification.new do |spec|
|
|
|
24
24
|
|
|
25
25
|
spec.add_dependency "aws-sdk-dynamodb"
|
|
26
26
|
spec.add_dependency "aws-sdk-s3"
|
|
27
|
+
spec.add_dependency "aws-sdk-secretsmanager"
|
|
28
|
+
spec.add_dependency "aws-sdk-ssm"
|
|
27
29
|
spec.add_dependency "aws_data"
|
|
28
30
|
spec.add_dependency "memoist"
|
|
29
31
|
spec.add_dependency "s3-secure"
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: terraspace_plugin_aws
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.3.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Tung Nguyen
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2020-
|
|
11
|
+
date: 2020-11-15 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: aws-sdk-dynamodb
|
|
@@ -38,6 +38,34 @@ dependencies:
|
|
|
38
38
|
- - ">="
|
|
39
39
|
- !ruby/object:Gem::Version
|
|
40
40
|
version: '0'
|
|
41
|
+
- !ruby/object:Gem::Dependency
|
|
42
|
+
name: aws-sdk-secretsmanager
|
|
43
|
+
requirement: !ruby/object:Gem::Requirement
|
|
44
|
+
requirements:
|
|
45
|
+
- - ">="
|
|
46
|
+
- !ruby/object:Gem::Version
|
|
47
|
+
version: '0'
|
|
48
|
+
type: :runtime
|
|
49
|
+
prerelease: false
|
|
50
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
51
|
+
requirements:
|
|
52
|
+
- - ">="
|
|
53
|
+
- !ruby/object:Gem::Version
|
|
54
|
+
version: '0'
|
|
55
|
+
- !ruby/object:Gem::Dependency
|
|
56
|
+
name: aws-sdk-ssm
|
|
57
|
+
requirement: !ruby/object:Gem::Requirement
|
|
58
|
+
requirements:
|
|
59
|
+
- - ">="
|
|
60
|
+
- !ruby/object:Gem::Version
|
|
61
|
+
version: '0'
|
|
62
|
+
type: :runtime
|
|
63
|
+
prerelease: false
|
|
64
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
65
|
+
requirements:
|
|
66
|
+
- - ">="
|
|
67
|
+
- !ruby/object:Gem::Version
|
|
68
|
+
version: '0'
|
|
41
69
|
- !ruby/object:Gem::Dependency
|
|
42
70
|
name: aws_data
|
|
43
71
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -149,8 +177,13 @@ files:
|
|
|
149
177
|
- lib/terraspace_plugin_aws/interfaces/decorator/aws_security_group.rb
|
|
150
178
|
- lib/terraspace_plugin_aws/interfaces/decorator/base.rb
|
|
151
179
|
- lib/terraspace_plugin_aws/interfaces/expander.rb
|
|
180
|
+
- lib/terraspace_plugin_aws/interfaces/helper.rb
|
|
181
|
+
- lib/terraspace_plugin_aws/interfaces/helper/secret.rb
|
|
182
|
+
- lib/terraspace_plugin_aws/interfaces/helper/secret_base.rb
|
|
183
|
+
- lib/terraspace_plugin_aws/interfaces/helper/ssm.rb
|
|
152
184
|
- lib/terraspace_plugin_aws/interfaces/layer.rb
|
|
153
185
|
- lib/terraspace_plugin_aws/interfaces/summary.rb
|
|
186
|
+
- lib/terraspace_plugin_aws/logging.rb
|
|
154
187
|
- lib/terraspace_plugin_aws/version.rb
|
|
155
188
|
- terraspace_plugin_aws.gemspec
|
|
156
189
|
homepage: https://github.com/boltops-tools/terraspace_plugin_aws
|
|
@@ -173,7 +206,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
173
206
|
- !ruby/object:Gem::Version
|
|
174
207
|
version: '0'
|
|
175
208
|
requirements: []
|
|
176
|
-
rubygems_version: 3.1.
|
|
209
|
+
rubygems_version: 3.1.4
|
|
177
210
|
signing_key:
|
|
178
211
|
specification_version: 4
|
|
179
212
|
summary: Terraspace AWS Plugin
|