-
Notifications
You must be signed in to change notification settings - Fork 3.8k
/
ssm-parameters.ts
56 lines (52 loc) · 2.28 KB
/
ssm-parameters.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
import * as cxschema from '@aws-cdk/cloud-assembly-schema';
import * as cxapi from '@aws-cdk/cx-api';
import * as AWS from 'aws-sdk';
import { Mode } from '../api/aws-auth/credentials';
import { SdkProvider } from '../api/aws-auth/sdk-provider';
import { ContextProviderPlugin } from '../api/plugin';
import { debug } from '../logging';
/**
* Plugin to read arbitrary SSM parameter names
*/
export class SSMContextProviderPlugin implements ContextProviderPlugin {
constructor(private readonly aws: SdkProvider) {
}
public async getValue(args: cxschema.SSMParameterContextQuery) {
const region = args.region;
const account = args.account;
if (!('parameterName' in args)) {
throw new Error('parameterName must be provided in props for SSMContextProviderPlugin');
}
const parameterName = args.parameterName;
debug(`Reading SSM parameter ${account}:${region}:${parameterName}`);
const response = await this.getSsmParameterValue(account, region, parameterName, args.lookupRoleArn);
if (!response.Parameter || response.Parameter.Value === undefined) {
throw new Error(`SSM parameter not available in account ${account}, region ${region}: ${parameterName}`);
}
return response.Parameter.Value;
}
/**
* Gets the value of an SSM Parameter, while not throwin if the parameter does not exist.
* @param account the account in which the SSM Parameter is expected to be.
* @param region the region in which the SSM Parameter is expected to be.
* @param parameterName the name of the SSM Parameter
* @param lookupRoleArn the ARN of the lookup role.
*
* @returns the result of the ``GetParameter`` operation.
*
* @throws Error if a service error (other than ``ParameterNotFound``) occurs.
*/
private async getSsmParameterValue(account: string, region: string, parameterName: string, lookupRoleArn?: string)
: Promise<AWS.SSM.GetParameterResult> {
const options = { assumeRoleArn: lookupRoleArn };
const ssm = (await this.aws.forEnvironment(cxapi.EnvironmentUtils.make(account, region), Mode.ForReading, options)).sdk.ssm();
try {
return await ssm.getParameter({ Name: parameterName }).promise();
} catch (e) {
if (e.code === 'ParameterNotFound') {
return {};
}
throw e;
}
}
}