external-secrets · silasbw · Jun 5, 2019 · Jun 5, 2019
diff --git a/README.md b/README.md
@@ -16,7 +16,7 @@ The conversion is completely transparent to `Pods` that can access `Secrets` nor
 
 ![Architecture](architecture.png)
 
-1. `ExternalSecrets` are added in the cluster (e.g., `kubectly apply -f external-secret-example.yml`)
+1. `ExternalSecrets` are added in the cluster (e.g., `kubectl apply -f external-secret-example.yml`)
 1. Controller fetches `ExternalSecrets` using the Kubernetes API
 1. Controller uses `ExternalSecrets` to fetch secret data from external providers (e.g, AWS Secrets Manager)
 1. Controller upsert `Secrets`
@@ -172,3 +172,31 @@ minikube start
 
 npm run nodemon
 ```
+
+### Development with localstack
+
+[Localstack](https://github.com/localstack/localstack) mocks AWS services locally so you can test without connecting to AWS.
+
+Run localstack in a seperate terminal window
+
+```sh
+npm run localstack
+```
+
+Start minikube as above
+
+```sh
+minikube start
+```
+
+Run the daemon with localstack
+
+```sh
+npm run local
+```
+
+Add secrets using the AWS cli (example)
+
+```sh
+ aws --endpoint-url=http://localhost:4584 secretsmanager create-secret --name hello-service/password --secret-string "1234"
+```
diff --git a/config/aws-config.js b/config/aws-config.js
@@ -0,0 +1,13 @@
+'use strict'
+
+/* eslint-disable no-process-env */
+
+const localstack = process.env.LOCALSTACK || 0
+
+const secretsManagerConfig = localstack ? { endpoint: 'http://localhost:4584', region: 'us-west-2' } : {}
+const systemManagerConfig = localstack ? { endpoint: 'http://localhost:4583', region: 'us-west-2' } : {}
+
+module.exports = {
+  secretsManagerConfig,
+  systemManagerConfig
+}
diff --git a/config/index.js b/config/index.js
@@ -5,6 +5,7 @@ const kube = require('kubernetes-client')
 const KubeRequest = require('kubernetes-client/backends/request')
 const pino = require('pino')
 
+const awsConfig = require('./aws-config')
 const envConfig = require('./environment')
 const CustomResourceManager = require('../lib/custom-resource-manager')
 const customResourceManifest = require('../custom-resource-manifest.json')
@@ -31,9 +32,9 @@ const customResourceManager = new CustomResourceManager({
   logger
 })
 
-const secretsManagerClient = new AWS.SecretsManager()
+const secretsManagerClient = new AWS.SecretsManager(awsConfig.secretsManagerConfig)
 const secretsManagerBackend = new SecretsManagerBackend({ client: secretsManagerClient, logger })
-const systemManagerClient = new AWS.SSM()
+const systemManagerClient = new AWS.SSM(awsConfig.systemManagerConfig)
 const systemManagerBackend = new SystemManagerBackend({ client: systemManagerClient, logger })
 const backends = {
   secretsManager: secretsManagerBackend,

diff --git a/package.json b/package.json
@@ -6,6 +6,8 @@
   "scripts": {
     "coverage": "nyc ./node_modules/mocha/bin/_mocha --recursive lib",
     "lint": "eslint --fix --ignore-pattern /coverage/ ./",
+    "local": "LOCALSTACK=1 nodemon",
+    "localstack": "docker run -it -p 4583:4583 -p 4584:4584 -p 9999:8080 -e DEBUG=1 --rm localstack/localstack:0.9.4",
     "release": "standard-version --tag-prefix='' && ./release.sh",
     "start": "./bin/daemon.js",
     "nodemon": "nodemon ./bin/daemon.js",