[Secure Configs]

* Use Lamby v0.3.0 * Install Dotenv for Rails. Wire up. * Remove hard coded `SECRET_KEY_BASE` env. * Add SSM debug param to views. Unrelated Changes: * Add some missing tagging * Removed autoload on lib dir.
rails-lambda · Mar 25, 2019 · b53b675 · b53b675
1 parent af91709
commit b53b675
Show file tree

Hide file tree

Showing 9 changed files with 29 additions and 4 deletions.
diff --git a/.gitignore b/.gitignore
@@ -19,6 +19,8 @@
 !/log/.keep
 !/tmp/.keep
 
+.env.*
+!.env.test
 
 /node_modules
 /yarn-error.log

diff --git a/Gemfile b/Gemfile
@@ -4,6 +4,7 @@ git_source(:github) { |repo| "https://github.com/#{repo}.git" }
 ruby '2.5.3'
 
 gem 'rails', '~> 5.2.2'
+gem 'dotenv-rails'
 gem 'lamby'
 gem 'sass-rails'
 gem 'uglifier'

diff --git a/Gemfile.lock b/Gemfile.lock
@@ -46,16 +46,20 @@ GEM
     builder (3.2.3)
     concurrent-ruby (1.1.4)
     crass (1.0.4)
+    dotenv (2.7.1)
+    dotenv-rails (2.7.1)
+      dotenv (= 2.7.1)
+      railties (>= 3.2, < 6.1)
     erubi (1.8.0)
     execjs (2.7.0)
     ffi (1.10.0)
     globalid (0.4.2)
       activesupport (>= 4.2.0)
     i18n (1.5.3)
       concurrent-ruby (~> 1.0)
-    lamby (0.2.0)
-      activesupport
+    lamby (0.3.0)
       rack
+      rails
     listen (3.1.5)
       rb-fsevent (~> 0.9, >= 0.9.4)
       rb-inotify (~> 0.9, >= 0.9.7)
@@ -141,6 +145,7 @@ PLATFORMS
   ruby
 
 DEPENDENCIES
+  dotenv-rails
   lamby
   listen
   puma

diff --git a/app.rb b/app.rb
@@ -1,5 +1,5 @@
-ENV['SECRET_KEY_BASE'] = 'f9c3376ab32b05cffb112b437f01ba50660845019c81136edeb7f30f025900e24591c7180110460b990ceceaa23b94e261e4dd4f6bb79ad548f9c6f8cfe9062e'
 require_relative 'config/boot'
+require 'dotenv' ; Dotenv.load ".env.#{ENV['RAILS_ENV']}"
 require 'lamby'
 require_relative 'config/application'
 require_relative 'config/environment'

diff --git a/app/views/application/_navigation.html.erb b/app/views/application/_navigation.html.erb
@@ -17,4 +17,5 @@
   <% end %>
   <li><%= link_to 'Cacheable Page', cache_path %></li>
   <li><%= link_to 'Exception Page', exception_path %></li>
+  <li>SSM Param: <%= ENV['SSM_PARM_STORE_ENV'] %></li>
 </ul>
diff --git a/bin/build b/bin/build
@@ -24,6 +24,8 @@ rm -rf .aws-sam \
   .git \
   .gitignore \
   .ruby-version \
+  .env.local \
+  .env.development \
   Brewfile \
   node_modules \
   test \

diff --git a/bin/deploy b/bin/deploy
@@ -9,6 +9,11 @@ export CLOUDFORMATION_BUCKET=${CLOUDFORMATION_BUCKET:="mycloudformationbucket.ci
 
 ./bin/build
 
+./bin/rake lamby:ssm:dotenv \
+  LAMBY_SSM_PARAMS_PATH="/config/${RAILS_ENV}/lamby/env" \
+  LAMBY_SSM_PARAMS_LABEL="live"
+mv ".env.${RAILS_ENV}" ./.aws-sam/build/RailsFunction/
+
 sam package \
   --region ${AWS_DEFAULT_REGION} \
   --template-file ./.aws-sam/build/template.yaml \
@@ -21,6 +26,10 @@ sam deploy \
   --template-file ./.aws-sam/build/packaged.yaml \
   --stack-name "hello-rails-${RAILS_ENV}-${AWS_DEFAULT_REGION}" \
   --capabilities "CAPABILITY_IAM" \
+  --tags \
+    "env=${RAILS_ENV}" \
+    "group=ecommerce" \
+    "application=lamby" \
   --parameter-overrides \
     RailsEnv=${RAILS_ENV}
 

diff --git a/config/application.rb b/config/application.rb
@@ -1,6 +1,7 @@
 require_relative 'boot'
 
 require "rails"
+require 'dotenv/rails-now'
 # Pick the frameworks you want:
 require "active_model/railtie"
 require "active_job/railtie"
@@ -26,6 +27,5 @@ class Application < Rails::Application
     # Application configuration can go into files in config/initializers
     # -- all .rb files in that directory are automatically loaded after loading
     # the framework and any gems in your application.
-    config.autoload_paths += %W( lib/ ) # For Lamby development.
   end
 end
diff --git a/template.yaml b/template.yaml
@@ -79,6 +79,11 @@ Resources:
             Path: /{resource+}
             Method: ANY
             RestApiId: !Ref RailsApi
+      Tags:
+        env: !Ref RailsEnv
+        group: ecommerce
+        application: lamby
+      Tracing: Active
       AutoPublishAlias: live
 
 Outputs: