migrate to ssm/deco (#16)

YaleSpinup · Jun 22, 2020 · 724b08f · 724b08f
1 parent 5c7d11c
commit 724b08f
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 19 deletions.
diff --git a/docker/Dockerfile b/docker/Dockerfile
@@ -14,6 +14,7 @@ COPY go.mod .
 COPY go.sum .
 RUN go mod download
 COPY . .
+RUN go version
 RUN go test ./... -cover
 RUN go build -o /app/api.out -ldflags="-X main.Version=$version -X main.VersionPrerelease=$prerelease -X main.githash=$githash -X main.buildstamp=$buildstamp" *.go
 RUN /app/api.out -version
@@ -25,14 +26,10 @@ WORKDIR /app
 COPY --from=build-env /app/api.out /app/api
 RUN chmod 555 /app/api
 
-RUN apk add --no-cache bash ca-certificates wget python gettext && \
-    wget -nv "https://s3.amazonaws.com/aws-cli/awscli-bundle.zip" && \
-    unzip awscli-bundle.zip && \
-    ./awscli-bundle/install -i /usr/local/aws -b /usr/local/bin/aws && \
-    /usr/local/bin/aws --version
+RUN apk add --no-cache bash ca-certificates
 
 # Install Deco
-ARG DECO_VERSION=0.3.1
+ARG DECO_VERSION=0.5.0
 ARG DECO_OS=linux
 ARG DECO_ARCH=amd64
 ADD https://github.com/YaleUniversity/deco/releases/download/v${DECO_VERSION}/deco-v${DECO_VERSION}-${DECO_OS}-${DECO_ARCH} /usr/local/bin/deco

diff --git a/docker/import_config.sh b/docker/import_config.sh
@@ -1,21 +1,18 @@
 #!/bin/bash
 # Container runtime configuration script
-# Gets secrets config file from S3 and uses Deco to substitute parameter values
-# This script expects S3URL env variable with the full S3 path to the encrypted config file
+# Gets secrets config file from SSM parameter store and uses Deco to substitute parameter values
+# This script expects SSMPATH env variable with the full SSMPATH path to the encrypted config file
 
-if [ -n "$S3URL" ]; then
-  echo "Getting config file from S3 (${S3URL}) ..."
-  aws --version
+if [ -n "$SSMPATH" ]; then
+  echo "Getting config file from SSM Parameter Store (${SSMPATH}) ..."
+  deco version
   if [[ $? -ne 0 ]]; then
-    echo "ERROR: aws-cli not found!"
+    echo "ERROR: deco not found!"
     exit 1
   fi
-  aws --region us-east-1 s3 cp ${S3URL} ./config.encrypted
-  aws --region us-east-1 kms decrypt --ciphertext-blob fileb://config.encrypted --output text --query Plaintext | base64 -d > deco-config.json
-  deco validate deco-config.json || exit 1
-  deco run deco-config.json
-  rm -f deco-config.json config.encrypted
+  deco validate -e ssm://${SSMPATH} || exit 1
+  deco run -e ssm://${SSMPATH}
 else
-  echo "ERROR: S3URL variable not set!"
+  echo "ERROR: SSMPATH variable not set!"
   exit 1
-fi
+fi