@adobe/helix-deploy 8.0.2 → 8.1.0

package/CHANGELOG.md

@@ -1,3 +1,10 @@
+# [8.1.0](https://github.com/adobe/helix-deploy/compare/v8.0.2...v8.1.0) (2023-01-26)
+
+
+### Features
+
+* add aws-update-secrets command ([#488](https://github.com/adobe/helix-deploy/issues/488)) ([70d0e2b](https://github.com/adobe/helix-deploy/commit/70d0e2bb2c2b907dbae41b7e988bb389d530348b))
+
 ## [8.0.2](https://github.com/adobe/helix-deploy/compare/v8.0.1...v8.0.2) (2023-01-21)
 
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@adobe/helix-deploy",
-  "version": "8.0.2",
+  "version": "8.1.0",
   "description": "Library and Commandline Tools to build and deploy OpenWhisk Actions",
   "license": "Apache-2.0",
   "homepage": "https://github.com/adobe/helix-deploy#readme",

package/src/deploy/AWSConfig.js

@@ -28,6 +28,7 @@ export default class AWSConfig {
       arch: 'x86_64',
       identitySources: ['$request.header.Authorization'],
       deployBucket: '',
+      updateSecrets: undefined,
     });
   }
 
@@ -44,7 +45,8 @@ export default class AWSConfig {
       .withAWSCleanUpIntegrations(argv.awsCleanupIntegrations)
       .withAWSCreateRoutes(argv.awsCreateRoutes)
       .withAWSParamsManager(argv.awsParameterManager)
-      .withAWSDeployBucket(argv.awsDeployBucket);
+      .withAWSDeployBucket(argv.awsDeployBucket)
+      .withAWSUpdateSecrets(argv.awsUpdateSecrets);
   }
 
   withAWSRegion(value) {
@@ -110,11 +112,16 @@ export default class AWSConfig {
     return this;
   }
 
+  withAWSUpdateSecrets(value) {
+    this.updateSecrets = value;
+    return this;
+  }
+
   static yarg(yargs) {
     return yargs
       .group(['aws-region', 'aws-api', 'aws-role', 'aws-cleanup-buckets', 'aws-cleanup-integrations',
         'aws-create-routes', 'aws-create-authorizer', 'aws-attach-authorizer', 'aws-lambda-format',
-        'aws-parameter-manager', 'aws-deploy-template', 'aws-arch'], 'AWS Deployment Options')
+        'aws-parameter-manager', 'aws-deploy-template', 'aws-arch', 'aws-update-secrets'], 'AWS Deployment Options')
       .option('aws-region', {
         description: 'the AWS region to deploy lambda functions to',
         type: 'string',
@@ -146,6 +153,10 @@ export default class AWSConfig {
         default: ['secret'],
         array: true,
       })
+      .option('aws-update-secrets', {
+        description: 'Uploads the function specific secrets with the params. defaults to /helix-deploy/{pkg}/{name}',
+        type: 'string',
+      })
       .option('aws-lambda-format', {
         description: 'Format to use to create lambda functions (note that all dots (\'.\') will be replaced with underscores.',
         type: 'string',

package/src/deploy/AWSDeployer.js

@@ -475,6 +475,21 @@ export default class AWSDeployer extends BaseDeployer {
     return this._functionURL;
   }
 
+  async updateSecrets() {
+    const { cfg } = this;
+    const SecretId = cfg.updateSecrets || `/helix-deploy/${cfg.packageName}/${cfg.baseName}`;
+    this.log.info(`--: updating app parameters in secrets manager at '${SecretId}'...`);
+    try {
+      await this._sm.send(new PutSecretValueCommand({
+        SecretId,
+        SecretString: JSON.stringify(cfg.params),
+      }));
+    } catch (e) {
+      this.log.error(chalk`{red error:} unable to update value of '${SecretId}'`);
+      throw e;
+    }
+  }
+
   async updatePackage() {
     const { cfg } = this;
     let found = false;
@@ -827,7 +842,7 @@ export default class AWSDeployer extends BaseDeployer {
   }
 
   async validateAdditionalTasks() {
-    if (this._cfg.cleanUpIntegrations) {
+    if (this._cfg.cleanUpIntegrations || this._cfg.updateSecrets !== undefined) {
       // disable auto build if no deploy
       if (!this.cfg.deploy) {
         this.cfg.build = false;
@@ -840,6 +855,9 @@ export default class AWSDeployer extends BaseDeployer {
     if (this._cfg.cleanUpIntegrations) {
       await this.cleanUpIntegrations();
     }
+    if (this._cfg.updateSecrets !== undefined) {
+      await this.updateSecrets();
+    }
   }
 
   async deploy() {