Merge pull request #534 from hazelops/IZE-696-ize-secrets-push-rm-pul…

…l-explain
hazelops · Nov 11, 2022 · 4bf9ad9 · 4bf9ad9
2 parents 7503d26 + 99bb816
commit 4bf9ad9
Show file tree

Hide file tree

Showing 3 changed files with 75 additions and 0 deletions.
diff --git a/internal/commands/secrets_pull.go b/internal/commands/secrets_pull.go
@@ -6,6 +6,7 @@ import (
 	"io/ioutil"
 	"os"
 	"strings"
+	"text/template"
 
 	"github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/service/ssm"
@@ -14,13 +15,23 @@ import (
 	"github.com/spf13/cobra"
 )
 
+var explainSecretsPullTmpl = `
+aws ssm get-parameters-by-path \
+	--path "/{{.Env}}/{{svc}}" \
+	--with-decryption \
+	--recursive \
+	--parameter-filters "Key=Type,Values=SecureString" \
+	--output json | jq '.Parameters | [.[] | {(.Name|capture(".*/(?<a>.*)").a): .Value}]|reduce .[] as $item ({}; . + $item)' > {{.EnvDir}}/secrets/{{svc}}.json
+`
+
 type SecretsPullOptions struct {
 	Config      *config.Project
 	AppName     string
 	Backend     string
 	FilePath    string
 	SecretsPath string
 	Force       bool
+	Explain     bool
 }
 
 func NewSecretsPullFlags(project *config.Project) *SecretsPullOptions {
@@ -63,6 +74,7 @@ func NewCmdSecretsPull(project *config.Project) *cobra.Command {
 	cmd.Flags().StringVar(&o.Backend, "backend", "ssm", "backend type (default=ssm)")
 	cmd.Flags().StringVar(&o.FilePath, "file", "", "file with secrets")
 	cmd.Flags().StringVar(&o.SecretsPath, "path", "", "path where to store secrets (/<env>/<app> by default)")
+	cmd.Flags().BoolVar(&o.Explain, "explain", false, "bash alternative shown")
 	cmd.Flags().BoolVar(&o.Force, "force", false, "allow values overwrite")
 
 	return cmd
@@ -91,6 +103,19 @@ func (o *SecretsPullOptions) Validate() error {
 }
 
 func (o *SecretsPullOptions) Run() error {
+	if o.Explain {
+		err := o.Config.Generate(explainSecretsPullTmpl, template.FuncMap{
+			"svc": func() string {
+				return o.AppName
+			},
+		})
+		if err != nil {
+			return err
+		}
+
+		return nil
+	}
+
 	s, _ := pterm.DefaultSpinner.Start(fmt.Sprintf("Pulling secrets for %s...", o.AppName))
 	if o.Backend == "ssm" {
 		err := o.pull(s)

diff --git a/internal/commands/secrets_push.go b/internal/commands/secrets_push.go
@@ -6,6 +6,7 @@ import (
 	"io/ioutil"
 	"os"
 	"path/filepath"
+	"text/template"
 
 	"github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/aws/awserr"
@@ -23,8 +24,19 @@ type SecretsPushOptions struct {
 	FilePath    string
 	SecretsPath string
 	Force       bool
+	Explain     bool
 }
 
+var explainSecretsPushTmpl = `
+SERVICE_SECRETS_FILE={{.EnvDir}}/secrets/{{svc}}.json
+SERVICE_SECRETS=$(cat $SERVICE_SECRETS_FILE | jq -e -r '. | keys[]')
+for item in $(echo $SERVICE_SECRETS); do 
+    aws --profile={{.AwsProfile}} ssm put-parameter --name="/{{.Env}}/{{svc}}/${item}" --value="$(cat $SERVICE_SECRETS_FILE | jq -r .$item )" --type SecureString --overwrite && \
+    aws --profile={{.AwsProfile}} ssm add-tags-to-resource --resource-type "Parameter" --resource-id "/{{.Env}}/{{svc}}/${item}" \
+    --tags "Key=Application,Value={{svc}}" "Key=EnvVarName,Value=${item}"
+done
+`
+
 var secretsPushExample = templates.Examples(`
 	# Push secrets:
 
@@ -76,6 +88,7 @@ func NewCmdSecretsPush(project *config.Project) *cobra.Command {
 	cmd.Flags().StringVar(&o.Backend, "backend", "ssm", "backend type (default=ssm)")
 	cmd.Flags().StringVar(&o.FilePath, "file", "", "file with secrets")
 	cmd.Flags().StringVar(&o.SecretsPath, "path", "", "path where to store secrets (/<env>/<app> by default)")
+	cmd.Flags().BoolVar(&o.Explain, "explain", false, "bash alternative shown")
 	cmd.Flags().BoolVar(&o.Force, "force", false, "allow values overwrite")
 
 	return cmd
@@ -104,6 +117,19 @@ func (o *SecretsPushOptions) Validate() error {
 }
 
 func (o *SecretsPushOptions) Run() error {
+	if o.Explain {
+		err := o.Config.Generate(explainSecretsPushTmpl, template.FuncMap{
+			"svc": func() string {
+				return o.AppName
+			},
+		})
+		if err != nil {
+			return err
+		}
+
+		return nil
+	}
+
 	s, _ := pterm.DefaultSpinner.Start(fmt.Sprintf("Pushing secrets for %s...", o.AppName))
 	if o.Backend == "ssm" {
 		err := o.push(s)

diff --git a/internal/commands/secrets_rm.go b/internal/commands/secrets_rm.go
@@ -3,6 +3,7 @@ package commands
 import (
 	"context"
 	"fmt"
+	"text/template"
 	"time"
 
 	"github.com/aws/aws-sdk-go/service/ssm"
@@ -19,8 +20,17 @@ type SecretsRemoveOptions struct {
 	Backend     string
 	SecretsPath string
 	ui          terminal.UI
+	Explain     bool
 }
 
+var explainSecretsRmTmpl = `
+aws ssm delete-parameters --names $(aws ssm get-parameters-by-path \
+	--path "/{{.Env}}/{{svc}}" \
+	--with-decryption \
+	--recursive \
+	--query "Parameters[*].Name" | jq -e -r '. | to_entries[] | .value')
+`
+
 var secretsRemoveExample = templates.Examples(`
 	# Remove secrets:
 
@@ -61,6 +71,7 @@ func NewCmdSecretsRemove(project *config.Project) *cobra.Command {
 	}
 
 	cmd.Flags().StringVar(&o.Backend, "backend", "ssm", "backend type")
+	cmd.Flags().BoolVar(&o.Explain, "explain", false, "bash alternative shown")
 	cmd.Flags().StringVar(&o.SecretsPath, "path", "", "path to secrets")
 
 	return cmd
@@ -87,6 +98,19 @@ func (o *SecretsRemoveOptions) Validate() error {
 }
 
 func (o *SecretsRemoveOptions) Run() error {
+	if o.Explain {
+		err := o.Config.Generate(explainSecretsRmTmpl, template.FuncMap{
+			"svc": func() string {
+				return o.AppName
+			},
+		})
+		if err != nil {
+			return err
+		}
+
+		return nil
+	}
+
 	s, _ := pterm.DefaultSpinner.Start(fmt.Sprintf("Removing secrets for %s...", o.AppName))
 	if o.Backend == "ssm" {
 		err := o.rm(s)