From 99bb81661b2ed7c6396a8525d7eb52a0cf01b4b0 Mon Sep 17 00:00:00 2001 From: Nikita Podshivalov Date: Thu, 10 Nov 2022 10:51:25 +0300 Subject: [PATCH] added explain for `ize secrets pull|push|rm` --- internal/commands/secrets_pull.go | 25 +++++++++++++++++++++++++ internal/commands/secrets_push.go | 26 ++++++++++++++++++++++++++ internal/commands/secrets_rm.go | 24 ++++++++++++++++++++++++ 3 files changed, 75 insertions(+) diff --git a/internal/commands/secrets_pull.go b/internal/commands/secrets_pull.go index 89b45f5a..85d02ac0 100644 --- a/internal/commands/secrets_pull.go +++ b/internal/commands/secrets_pull.go @@ -6,6 +6,7 @@ import ( "io/ioutil" "os" "strings" + "text/template" "github.com/aws/aws-sdk-go/aws" "github.com/aws/aws-sdk-go/service/ssm" @@ -14,6 +15,15 @@ import ( "github.com/spf13/cobra" ) +var explainSecretsPullTmpl = ` +aws ssm get-parameters-by-path \ + --path "/{{.Env}}/{{svc}}" \ + --with-decryption \ + --recursive \ + --parameter-filters "Key=Type,Values=SecureString" \ + --output json | jq '.Parameters | [.[] | {(.Name|capture(".*/(?.*)").a): .Value}]|reduce .[] as $item ({}; . + $item)' > {{.EnvDir}}/secrets/{{svc}}.json +` + type SecretsPullOptions struct { Config *config.Project AppName string @@ -21,6 +31,7 @@ type SecretsPullOptions struct { FilePath string SecretsPath string Force bool + Explain bool } func NewSecretsPullFlags(project *config.Project) *SecretsPullOptions { @@ -63,6 +74,7 @@ func NewCmdSecretsPull(project *config.Project) *cobra.Command { cmd.Flags().StringVar(&o.Backend, "backend", "ssm", "backend type (default=ssm)") cmd.Flags().StringVar(&o.FilePath, "file", "", "file with secrets") cmd.Flags().StringVar(&o.SecretsPath, "path", "", "path where to store secrets (// by default)") + cmd.Flags().BoolVar(&o.Explain, "explain", false, "bash alternative shown") cmd.Flags().BoolVar(&o.Force, "force", false, "allow values overwrite") return cmd @@ -91,6 +103,19 @@ func (o *SecretsPullOptions) Validate() error { } func (o *SecretsPullOptions) Run() error { + if o.Explain { + err := o.Config.Generate(explainSecretsPullTmpl, template.FuncMap{ + "svc": func() string { + return o.AppName + }, + }) + if err != nil { + return err + } + + return nil + } + s, _ := pterm.DefaultSpinner.Start(fmt.Sprintf("Pulling secrets for %s...", o.AppName)) if o.Backend == "ssm" { err := o.pull(s) diff --git a/internal/commands/secrets_push.go b/internal/commands/secrets_push.go index 26de1c9d..a40f7d86 100644 --- a/internal/commands/secrets_push.go +++ b/internal/commands/secrets_push.go @@ -6,6 +6,7 @@ import ( "io/ioutil" "os" "path/filepath" + "text/template" "github.com/aws/aws-sdk-go/aws" "github.com/aws/aws-sdk-go/aws/awserr" @@ -23,8 +24,19 @@ type SecretsPushOptions struct { FilePath string SecretsPath string Force bool + Explain bool } +var explainSecretsPushTmpl = ` +SERVICE_SECRETS_FILE={{.EnvDir}}/secrets/{{svc}}.json +SERVICE_SECRETS=$(cat $SERVICE_SECRETS_FILE | jq -e -r '. | keys[]') +for item in $(echo $SERVICE_SECRETS); do + aws --profile={{.AwsProfile}} ssm put-parameter --name="/{{.Env}}/{{svc}}/${item}" --value="$(cat $SERVICE_SECRETS_FILE | jq -r .$item )" --type SecureString --overwrite && \ + aws --profile={{.AwsProfile}} ssm add-tags-to-resource --resource-type "Parameter" --resource-id "/{{.Env}}/{{svc}}/${item}" \ + --tags "Key=Application,Value={{svc}}" "Key=EnvVarName,Value=${item}" +done +` + var secretsPushExample = templates.Examples(` # Push secrets: @@ -76,6 +88,7 @@ func NewCmdSecretsPush(project *config.Project) *cobra.Command { cmd.Flags().StringVar(&o.Backend, "backend", "ssm", "backend type (default=ssm)") cmd.Flags().StringVar(&o.FilePath, "file", "", "file with secrets") cmd.Flags().StringVar(&o.SecretsPath, "path", "", "path where to store secrets (// by default)") + cmd.Flags().BoolVar(&o.Explain, "explain", false, "bash alternative shown") cmd.Flags().BoolVar(&o.Force, "force", false, "allow values overwrite") return cmd @@ -104,6 +117,19 @@ func (o *SecretsPushOptions) Validate() error { } func (o *SecretsPushOptions) Run() error { + if o.Explain { + err := o.Config.Generate(explainSecretsPushTmpl, template.FuncMap{ + "svc": func() string { + return o.AppName + }, + }) + if err != nil { + return err + } + + return nil + } + s, _ := pterm.DefaultSpinner.Start(fmt.Sprintf("Pushing secrets for %s...", o.AppName)) if o.Backend == "ssm" { err := o.push(s) diff --git a/internal/commands/secrets_rm.go b/internal/commands/secrets_rm.go index 6eca2c70..6f7c81d1 100644 --- a/internal/commands/secrets_rm.go +++ b/internal/commands/secrets_rm.go @@ -3,6 +3,7 @@ package commands import ( "context" "fmt" + "text/template" "time" "github.com/aws/aws-sdk-go/service/ssm" @@ -19,8 +20,17 @@ type SecretsRemoveOptions struct { Backend string SecretsPath string ui terminal.UI + Explain bool } +var explainSecretsRmTmpl = ` +aws ssm delete-parameters --names $(aws ssm get-parameters-by-path \ + --path "/{{.Env}}/{{svc}}" \ + --with-decryption \ + --recursive \ + --query "Parameters[*].Name" | jq -e -r '. | to_entries[] | .value') +` + var secretsRemoveExample = templates.Examples(` # Remove secrets: @@ -61,6 +71,7 @@ func NewCmdSecretsRemove(project *config.Project) *cobra.Command { } cmd.Flags().StringVar(&o.Backend, "backend", "ssm", "backend type") + cmd.Flags().BoolVar(&o.Explain, "explain", false, "bash alternative shown") cmd.Flags().StringVar(&o.SecretsPath, "path", "", "path to secrets") return cmd @@ -87,6 +98,19 @@ func (o *SecretsRemoveOptions) Validate() error { } func (o *SecretsRemoveOptions) Run() error { + if o.Explain { + err := o.Config.Generate(explainSecretsRmTmpl, template.FuncMap{ + "svc": func() string { + return o.AppName + }, + }) + if err != nil { + return err + } + + return nil + } + s, _ := pterm.DefaultSpinner.Start(fmt.Sprintf("Removing secrets for %s...", o.AppName)) if o.Backend == "ssm" { err := o.rm(s)