-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
e677ffa
commit 5dff64d
Showing
15 changed files
with
607 additions
and
182 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,76 @@ | ||
| package ssm | ||
|
|
||
| import ( | ||
| "reflect" | ||
|
|
||
| "github.com/mariotoffia/ssm/internal/asm" | ||
| "github.com/mariotoffia/ssm/internal/pms" | ||
| "github.com/mariotoffia/ssm/parser" | ||
| "github.com/mariotoffia/ssm/support" | ||
| ) | ||
|
|
||
| func (s *Serializer) delete(v interface{}, | ||
| filter *support.FieldFilters, | ||
| usage []Usage) (map[string]support.FullNameField, *parser.StructNode, error) { | ||
|
|
||
| if len(usage) == 0 { | ||
| if len(s.usage) > 0 { | ||
| usage = s.usage | ||
| } else { | ||
| usage = []Usage{UsePms, UseAsm} | ||
| } | ||
| } | ||
|
|
||
| if nil == filter { | ||
| filter = support.NewFilters() | ||
| } | ||
|
|
||
| tp := reflect.ValueOf(v) | ||
| prs := parser.New(s.service, s.env, s.prefix) | ||
|
|
||
| if _, found := find(usage, UsePms); found { | ||
| prs.RegisterTagParser("pms", pms.NewTagParser()) | ||
| } | ||
| if _, found := find(usage, UseAsm); found { | ||
| prs.RegisterTagParser("asm", asm.NewTagParser()) | ||
| } | ||
|
|
||
| for n, v := range s.parser { | ||
| prs.RegisterTagParser(n, v) | ||
| } | ||
|
|
||
| node, err := prs.Parse(tp) | ||
| if err != nil { | ||
| return nil, nil, err | ||
| } | ||
|
|
||
| var invalid map[string]support.FullNameField | ||
|
|
||
| if _, found := find(usage, UsePms); found { | ||
| pmsRepository, err := s.getAndConfigurePms() | ||
| if err != nil { | ||
| return nil, nil, err | ||
| } | ||
|
|
||
| invalid, err = pmsRepository.Delete(node, filter) | ||
| } | ||
|
|
||
| if _, found := find(usage, UseAsm); found { | ||
| asmRepository, err := s.getAndConfigureAsm() | ||
| if err != nil { | ||
| return nil, nil, err | ||
| } | ||
|
|
||
| invalid2, err := asmRepository.Delete(node, filter) | ||
| if invalid == nil && len(invalid2) > 0 { | ||
| invalid = map[string]support.FullNameField{} | ||
| } | ||
|
|
||
| // Merge field errors from ASM with PMS errors | ||
| for key, value := range invalid2 { | ||
| invalid[key] = value | ||
| } | ||
| } | ||
|
|
||
| return invalid, node, err | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,133 @@ | ||
| package asm | ||
|
|
||
| import ( | ||
| "context" | ||
| "fmt" | ||
| "strings" | ||
|
|
||
| "github.com/aws/aws-sdk-go-v2/aws" | ||
| "github.com/aws/aws-sdk-go-v2/aws/awserr" | ||
| "github.com/aws/aws-sdk-go-v2/service/secretsmanager" | ||
| "github.com/mariotoffia/ssm/parser" | ||
| "github.com/mariotoffia/ssm/support" | ||
| "github.com/rs/zerolog/log" | ||
| ) | ||
|
|
||
| // Delete will delete the paths found in nodes. | ||
| func (p *Serializer) Delete( | ||
| node *parser.StructNode, | ||
| filter *support.FieldFilters) (map[string]support.FullNameField, error) { | ||
|
|
||
| m := map[string]*parser.StructNode{} | ||
| svc := secretsmanager.New(p.config) | ||
|
|
||
| parser.NodesToParameterMap(node, m, filter, []string{"asm"}) | ||
|
|
||
| im := map[string]support.FullNameField{} | ||
| paths := parser.ExtractPaths(m) | ||
|
|
||
| for _, path := range paths { | ||
|
|
||
| err := internalDelete( | ||
| svc, | ||
| secretsmanager.DeleteSecretInput{SecretId: aws.String(path), | ||
| ForceDeleteWithoutRecovery: aws.Bool(true)}, | ||
| ) | ||
|
|
||
| if err != nil { | ||
|
|
||
| if val, ok := m[path]; ok { | ||
| im[val.FqName] = support.FullNameField{ | ||
| RemoteName: path, | ||
| LocalName: val.FqName, | ||
| Field: val.Field, | ||
| Value: val.Value, | ||
| Error: err, | ||
| } | ||
| } | ||
|
|
||
| } | ||
| } | ||
|
|
||
| return im, nil | ||
| } | ||
|
|
||
| // DeleteTree will delete all secrets that have a certain prefix. | ||
| // Since it is possible to specify many _prefixes_ this is able | ||
| // to delete several trees. | ||
| func (p *Serializer) DeleteTree(prefixes ...string) error { | ||
|
|
||
| svc := secretsmanager.New(p.config) | ||
| input := secretsmanager.ListSecretsInput{} | ||
|
|
||
| for { | ||
|
|
||
| req := svc.ListSecretsRequest(&input) | ||
| resp, err := req.Send(context.Background()) | ||
|
|
||
| if err != nil { | ||
|
|
||
| log.Warn().Msgf("Failed to list asm-secrets %v", err) | ||
| break | ||
|
|
||
| } | ||
|
|
||
| input.NextToken = resp.NextToken | ||
|
|
||
| for _, s := range resp.SecretList { | ||
|
|
||
| log.Debug().Msgf("Found asm-secret %s", *s.Name) | ||
|
|
||
| if findPrefix(prefixes, *s.Name) { | ||
|
|
||
| internalDelete( | ||
| svc, | ||
| secretsmanager.DeleteSecretInput{SecretId: aws.String(*s.Name), | ||
| ForceDeleteWithoutRecovery: aws.Bool(true)}, | ||
| ) | ||
|
|
||
| } | ||
|
|
||
| } | ||
|
|
||
| if resp.NextToken == nil { | ||
|
|
||
| log.Debug().Msg("No more asm-secrets to delete (note that you may to delete them some minutes after creation to be found!") | ||
| break | ||
|
|
||
| } | ||
|
|
||
| input.NextToken = resp.NextToken | ||
| } | ||
|
|
||
| return nil | ||
| } | ||
|
|
||
| func findPrefix(array []string, val string) bool { | ||
|
|
||
| for _, item := range array { | ||
| if strings.HasPrefix(val, item) { | ||
| return true | ||
| } | ||
| } | ||
|
|
||
| return false | ||
| } | ||
|
|
||
| func internalDelete(svc *secretsmanager.Client, prms secretsmanager.DeleteSecretInput) error { | ||
|
|
||
| fmt.Printf("deleting-asm %v", prms) | ||
| req := svc.DeleteSecretRequest(&prms) | ||
| if _, err := req.Send(context.Background()); err != nil { | ||
| if awserr, ok := err.(awserr.Error); ok { | ||
| switch awserr.Code() { | ||
| case secretsmanager.ErrCodeResourceNotFoundException: | ||
| break | ||
| default: | ||
| log.Warn().Msgf("Error when deleting %v", prms) | ||
| return err | ||
| } | ||
| } | ||
| } | ||
| return nil | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,88 @@ | ||
| package pms | ||
|
|
||
| import ( | ||
| "context" | ||
|
|
||
| "github.com/aws/aws-sdk-go-v2/aws" | ||
| "github.com/aws/aws-sdk-go-v2/service/ssm" | ||
| "github.com/mariotoffia/ssm/parser" | ||
| "github.com/mariotoffia/ssm/support" | ||
| "github.com/rs/zerolog/log" | ||
| ) | ||
|
|
||
| // Delete will delete all paths described by _node_ tree. This is the | ||
| // "inverse" of `Get`. | ||
| func (p *Serializer) Delete(node *parser.StructNode, | ||
| filter *support.FieldFilters) (map[string]support.FullNameField, error) { | ||
|
|
||
| m := map[string]*parser.StructNode{} | ||
| parser.NodesToParameterMap(node, m, filter, []string{"pms"}) | ||
| paths := parser.ExtractPaths(m) | ||
|
|
||
| client := ssm.New(p.config) | ||
|
|
||
| input := ssm.DeleteParametersInput{ | ||
| Names: paths, | ||
| } | ||
|
|
||
| req := client.DeleteParametersRequest(&input) | ||
| result, err := req.Send(context.Background()) | ||
| if err != nil { | ||
| return nil, err | ||
| } | ||
|
|
||
| im := p.handleInvalidRequestParameters(result.InvalidParameters, m, "delete") | ||
|
|
||
| return im, nil | ||
| } | ||
|
|
||
| // DeleteTree lists all parameters that begins with a certain _prefix_ | ||
| // and deletes those. | ||
| // | ||
| // This function accepts a set of prefixes and therefore may delete several | ||
| // trees. | ||
| func (p *Serializer) DeleteTree(prefixes ...string) error { | ||
|
|
||
| inp := ssm.DescribeParametersInput{ | ||
| ParameterFilters: []ssm.ParameterStringFilter{{ | ||
| Key: aws.String("Name"), | ||
| Option: aws.String("BeginsWith"), | ||
| Values: prefixes, | ||
| }}} | ||
|
|
||
| client := ssm.New(p.config) | ||
|
|
||
| for { | ||
| req := client.DescribeParametersRequest(&inp) | ||
| res, err := req.Send(context.Background()) | ||
| if err != nil { | ||
| log.Warn().Msgf("got error when listing params for deletion error: %v", err) | ||
| return err | ||
| } | ||
|
|
||
| dprm := ssm.DeleteParametersInput{} | ||
| for _, prm := range res.Parameters { | ||
| log.Debug().Msgf("Deleting pms-param name: %s version %d", *prm.Name, *prm.Version) | ||
| dprm.Names = append(dprm.Names, *prm.Name) | ||
| } | ||
|
|
||
| if len(dprm.Names) > 0 { | ||
| dreq := client.DeleteParametersRequest(&dprm) | ||
| _, err = dreq.Send(context.Background()) | ||
| if err != nil { | ||
| log.Warn().Msgf("got error when deleting params error: %v", err) | ||
| return err | ||
| } | ||
| } else { | ||
| log.Debug().Msgf("No pms-parameters to delete") | ||
| } | ||
|
|
||
| if res.NextToken == nil { | ||
| break | ||
| } | ||
|
|
||
| inp.NextToken = res.NextToken | ||
| } | ||
|
|
||
| return nil | ||
| } |
Oops, something went wrong.