Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

AWS: ${ssm} resolve vairbale as JSON if it is stored as JSON in Secrets Manager #5842

Merged
merged 2 commits into from Feb 19, 2019

Conversation

Projects
4 participants
@exoego
Copy link
Contributor

exoego commented Feb 17, 2019

What did you implement:

Closes #5838

How did you implement it:

After this PR, ${ssm} resolves variable as JSON only if referencing to a secret stored in AWS Secrets Manager and returned value is valid JSON.
Otherwise it returns plain text.

It do not throw an error if invalid JSON, since AWS Secrets Manager can store any text including invalid JSON.

How can we verify it:

  1. npm install -g exoego/serverless#ssm-should-fail
  2. Create a secret foo in AWS Secrets Manager.
{
  "num": 1,
  "str": "secret"
}
  1. Create a serverless.yml
service: new-service
provider: aws
functions:
  hello:
    name: hello
    handler: handler.hello
custom:
  supersecret: ${ssm:/aws/reference/secretsmanager/foo~true}
  1. Run sls print and confirm supersecret is like
custom:
  supersecret: 
     num: 1
     str: secret

Todos:

  • Write tests
  • Write documentation
  • Fix linting errors
  • Make sure code coverage hasn't dropped
  • Provide verification config / commands / resources
  • Enable "Allow edits from maintainers" for this PR
  • Update the messages below

Is this ready for review?: YES
Is it a breaking change?: NO
This could be breaking change if existing users expect getting JSON as plaintext

@dschep

dschep approved these changes Feb 18, 2019

Copy link
Member

dschep left a comment

Added a question, but I think this is great! :shipit:

name: hello
handler: handler.hello
custom:
supersecret:

This comment has been minimized.

@dschep

dschep Feb 18, 2019

Member

How hard would it be to add ${ssm:/aws/reference/secretsmanager/secret_ID_in_Secrets_Manager~true:hello}

Tho you can always work around it: ${self:custom.supersecret.hello}
😁

@dschep dschep added this to In progress in Serverless via automation Feb 18, 2019

@dschep dschep added this to the 1.38.0 milestone Feb 18, 2019

@dschep dschep merged commit 90b18b4 into serverless:master Feb 19, 2019

1 check passed

continuous-integration/travis-ci/pr The Travis CI build passed
Details

Serverless automation moved this from In progress to Done Feb 19, 2019

@exoego exoego deleted the exoego:ssm-json branch Feb 19, 2019

@jormaechea

This comment has been minimized.

Copy link

jormaechea commented Feb 27, 2019

I know this is closed, but thanks @exoego.. This was almost driving me mad in v1.36 😝

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.