convert -p to an ENV variable (fixes runtheops#15) and adds an ENV …

…variable to exclude secure tags from processing (fixes runtheops#13)
ambsw · Apr 30, 2019 · 319ce19 · 319ce19
1 parent e33935d
commit 319ce19
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 5 deletions.
diff --git a/ssm-diff b/ssm-diff
@@ -10,7 +10,8 @@ from states import *
 def configure_endpoints(args):
     # configure() returns a DiffBase class (whose constructor may be wrapped in `partial` to pre-configure it)
     diff_class = DiffBase.get_plugin(args.engine).configure(args)
-    return storage.ParameterStore(args.profile, diff_class, paths=args.path), storage.YAMLFile(args.filename, paths=args.path)
+    return storage.ParameterStore(args.profile, diff_class, paths=args.path, no_secure=args.no_secure), \
+           storage.YAMLFile(args.filename, paths=args.path)
 
 
 def init(args):
@@ -50,7 +51,6 @@ def plan(args):
 if __name__ == "__main__":
     parser = argparse.ArgumentParser()
     parser.add_argument('-f', help='local state yml file', action='store', dest='filename', default='parameters.yml')
-    parser.add_argument('--path', '-p', action='append', help='filter SSM path')
     parser.add_argument('--engine', '-e', help='diff engine to use when interacting with SSM', action='store', dest='engine', default='DiffResolver')
     parser.add_argument('--profile', help='AWS profile name', action='store', dest='profile')
     subparsers = parser.add_subparsers(dest='func', help='commands')
@@ -70,7 +70,9 @@ if __name__ == "__main__":
     parser_apply.set_defaults(func=apply)
 
     args = parser.parse_args()
-    args.path = args.path if args.path else ['/']
+
+    args.path = os.environ.get('SSM_PATH', '/')
+    args.no_secure = os.environ.get('SSM_NO_SECURE', 'false').lower() in ['true', '1']
 
     if args.filename == 'parameters.yml':
         if not args.profile:

diff --git a/states/storage.py b/states/storage.py
@@ -99,12 +99,21 @@ def save(self, state):
 
 class ParameterStore(object):
     """Encodes/decodes a dict to/from the SSM Parameter Store"""
-    def __init__(self, profile, diff_class, paths=('/',)):
+    def __init__(self, profile, diff_class, paths=('/',), no_secure=False):
         if profile:
             boto3.setup_default_session(profile_name=profile)
         self.ssm = boto3.client('ssm')
         self.diff_class = diff_class
         self.paths = paths
+        self.parameter_filters = []
+        if no_secure:
+            self.parameter_filters.append({
+                'Key': 'Type',
+                'Option': 'Equals',
+                'Values': [
+                    'String', 'StringList',
+                ]
+            })
 
     def clone(self):
         p = self.ssm.get_paginator('get_parameters_by_path')
@@ -114,7 +123,9 @@ def clone(self):
                 for page in p.paginate(
                         Path=path,
                         Recursive=True,
-                        WithDecryption=True):
+                        WithDecryption=True,
+                        ParameterFilters=self.parameter_filters,
+                ):
                     for param in page['Parameters']:
                         add(obj=output,
                             path=param['Name'],