From c7efa39d7377b6f8252bc27631f2eb8b909f5731 Mon Sep 17 00:00:00 2001 From: Omar Sahyoun Date: Fri, 19 Jan 2018 12:56:27 +0000 Subject: [PATCH] Access ssm param store items via serverless --- deploy/deploy.sh | 2 -- deploy/downloadSecrets.js | 36 -------------------------------- deploy/parametersStoreClient.js | 37 --------------------------------- settings/production.yml | 30 +++++++++++++------------- settings/staging.yml | 26 +++++++++++------------ 5 files changed, 28 insertions(+), 103 deletions(-) delete mode 100755 deploy/downloadSecrets.js delete mode 100644 deploy/parametersStoreClient.js diff --git a/deploy/deploy.sh b/deploy/deploy.sh index 0d3014a..7a8f948 100755 --- a/deploy/deploy.sh +++ b/deploy/deploy.sh @@ -1,5 +1,3 @@ #!/usr/bin/env bash ENV=$1 -./deploy/downloadSecrets.js "/$ENV/api-services/" > secrets.sh -source secrets.sh $(npm bin)/serverless deploy -s $ENV --conceal diff --git a/deploy/downloadSecrets.js b/deploy/downloadSecrets.js deleted file mode 100755 index 178f0eb..0000000 --- a/deploy/downloadSecrets.js +++ /dev/null @@ -1,36 +0,0 @@ -#!/usr/bin/env node -const getParametersByPath = require('./parametersStoreClient'); -const AWS = require('aws-sdk'); -const commandLineArgs = require('command-line-args'); - -const optionDefinitions = [ - { name: 'secrets-path', alias: 'p', type: String, defaultOption: true }, - { name: 'aws-region', alias: 'r', type: String, defaultValue: 'us-west-2' }, - { name: 'help', alias: 'h' }, -]; -const options = commandLineArgs(optionDefinitions); - -if (options.help !== undefined || !options['secrets-path']) { - console.warn( - `usage: ./downloadSecrets.js secrets-path [Options] - -Options: - -p or --secrets-path PATH - AWS Parameter Store path (Required) - -r or --aws-region REGION - AWS region used to fetch params from (default: us-west-2) - -h or --help - Help` - ); - process.exit(1); -} - -getParametersByPath(options['secrets-path'], options['aws-region']) - .then(function(secrets) { - secrets.forEach(function(secret) { - console.log(`export ${secret[0]}='${secret[1]}'`); - }); - }) - .catch(function(error) { - throw error; - }); diff --git a/deploy/parametersStoreClient.js b/deploy/parametersStoreClient.js deleted file mode 100644 index 15a67cd..0000000 --- a/deploy/parametersStoreClient.js +++ /dev/null @@ -1,37 +0,0 @@ -const AWS = require('aws-sdk'); - -const getParametersByPath = function(path, awsRegion, nextToken = null) { - const ssm = new AWS.SSM({ region: awsRegion }); - let params = { Path: path }; - if (nextToken !== null) params.NextToken = nextToken; - - return new Promise(function(resolve, reject) { - ssm.getParametersByPath(params, function(err, data) { - if (err) reject(err); - else { - let secrets = parse(data); - if (data.NextToken) { - getParametersByPath(path, awsRegion, data.NextToken).then(function( - nextSecrets - ) { - resolve(secrets.concat(nextSecrets)); - }); - } else { - resolve(secrets); - } - } - }); - }); -}; - -function parse(data) { - const secrets = []; - data.Parameters.forEach(function(secret) { - const name = secret.Name.replace(/^.*\//, ''); - const value = secret.Value; - secrets.push([name, value]); - }); - return secrets; -} - -module.exports = getParametersByPath; diff --git a/settings/production.yml b/settings/production.yml index 13845ab..ada5e30 100644 --- a/settings/production.yml +++ b/settings/production.yml @@ -1,16 +1,16 @@ environment: - AK_API_URL: ${env:AK_API_URL} - AK_PASSWORD: ${env:AK_PASSWORD} - AK_USERNAME: ${env:AK_USERNAME} - BRAINTREE_ENV: ${env:BRAINTREE_ENV} - BRAINTREE_MERCHANT_ID: ${env:BRAINTREE_MERCHANT_ID} - BRAINTREE_PRIVATE_KEY: ${env:BRAINTREE_PRIVATE_KEY} - BRAINTREE_PUBLIC_KEY: ${env:BRAINTREE_PUBLIC_KEY} - GOCARDLESS_ENV: ${env:GOCARDLESS_ENV} - GOCARDLESS_TOKEN: ${env:GOCARDLESS_TOKEN} - CHAMPAIGN_URL: ${env:CHAMPAIGN_URL} - MEMBER_SERVICES_SECRET: ${env:MEMBER_SERVICES_SECRET} - DB_LOG_TABLE: ${env:DB_LOG_TABLE} - UNSUBSCRIBE_PAGE_NAME: ${env:UNSUBSCRIBE_PAGE_NAME} - BRAINTREE_MERCHANT_CURRENCIES: ${env:BRAINTREE_MERCHANT_CURRENCIES} - COGNITO_POOL_ARN: ${env:COGNITO_POOL_ARN} + AK_API_URL: ${ssm:/api-services/production/AK_API_URL} + AK_PASSWORD: ${ssm:/api-services/production/AK_PASSWORD} + AK_USERNAME: ${ssm:/api-services/production/AK_USERNAME} + BRAINTREE_ENV: ${ssm:/api-services/production/BRAINTREE_ENV} + BRAINTREE_MERCHANT_ID: ${ssm:/api-services/production/BRAINTREE_MERCHANT_ID} + BRAINTREE_PRIVATE_KEY: ${ssm:/api-services/production/BRAINTREE_PRIVATE_KEY} + BRAINTREE_PUBLIC_KEY: ${ssm:/api-services/production/BRAINTREE_PUBLIC_KEY} + GOCARDLESS_ENV: ${ssm:/api-services/production/GOCARDLESS_ENV} + GOCARDLESS_TOKEN: ${ssm:/api-services/production/GOCARDLESS_TOKEN} + CHAMPAIGN_URL: ${ssm:/api-services/production/CHAMPAIGN_URL} + MEMBER_SERVICES_SECRET: ${ssm:/api-services/production/MEMBER_SERVICES_SECRET} + DB_LOG_TABLE: ${ssm:/api-services/production/DB_LOG_TABLE} + UNSUBSCRIBE_PAGE_NAME: ${ssm:/api-services/production/UNSUBSCRIBE_PAGE_NAME} + BRAINTREE_MERCHANT_CURRENCIES: ${ssm:/api-services/production/BRAINTREE_MERCHANT_CURRENCIES} + COGNITO_POOL_ARN: ${ssm:/api-services/production/COGNITO_POOL_ARN} diff --git a/settings/staging.yml b/settings/staging.yml index d6366a8..29c4e3d 100644 --- a/settings/staging.yml +++ b/settings/staging.yml @@ -1,16 +1,16 @@ environment: - AK_API_URL: ${env:AK_API_URL} - AK_PASSWORD: ${env:AK_PASSWORD} - AK_USERNAME: ${env:AK_USERNAME} + AK_API_URL: ${ssm:/api-services/staging/AK_API_URL} + AK_PASSWORD: ${ssm:/api-services/staging/AK_PASSWORD} + AK_USERNAME: ${ssm:/api-services/staging/AK_USERNAME} BRAINTREE_ENV: Sandbox - BRAINTREE_MERCHANT_ID: ${env:BRAINTREE_MERCHANT_ID} - BRAINTREE_PRIVATE_KEY: ${env:BRAINTREE_PRIVATE_KEY} - BRAINTREE_PUBLIC_KEY: ${env:BRAINTREE_PUBLIC_KEY} + BRAINTREE_MERCHANT_ID: ${ssm:/api-services/staging/BRAINTREE_MERCHANT_ID} + BRAINTREE_PRIVATE_KEY: ${ssm:/api-services/staging/BRAINTREE_PRIVATE_KEY} + BRAINTREE_PUBLIC_KEY: ${ssm:/api-services/staging/BRAINTREE_PUBLIC_KEY} GOCARDLESS_ENV: sandbox - GOCARDLESS_TOKEN: ${env:GOCARDLESS_TOKEN} - CHAMPAIGN_URL: ${env:CHAMPAIGN_URL} - MEMBER_SERVICES_SECRET: ${env:MEMBER_SERVICES_SECRET} - DB_LOG_TABLE: ${env:DB_LOG_TABLE} - UNSUBSCRIBE_PAGE_NAME: ${env:UNSUBSCRIBE_PAGE_NAME} - BRAINTREE_MERCHANT_CURRENCIES: ${env:BRAINTREE_MERCHANT_CURRENCIES} - COGNITO_POOL_ARN: ${env:COGNITO_POOL_ARN} + GOCARDLESS_TOKEN: ${ssm:/api-services/staging/GOCARDLESS_TOKEN} + CHAMPAIGN_URL: ${ssm:/api-services/staging/CHAMPAIGN_URL} + MEMBER_SERVICES_SECRET: ${ssm:/api-services/staging/MEMBER_SERVICES_SECRET} + DB_LOG_TABLE: ${ssm:/api-services/staging/DB_LOG_TABLE} + UNSUBSCRIBE_PAGE_NAME: ${ssm:/api-services/staging/UNSUBSCRIBE_PAGE_NAME} + BRAINTREE_MERCHANT_CURRENCIES: ${ssm:/api-services/staging/BRAINTREE_MERCHANT_CURRENCIES} + COGNITO_POOL_ARN: ${ssm:/api-services/staging/COGNITO_POOL_ARN}