From b3bf4300c9617949b83eed571ef0e39c426c3be9 Mon Sep 17 00:00:00 2001 From: ismferd Date: Mon, 18 May 2020 10:23:02 +0200 Subject: [PATCH] new feature, get params from SSM Parameter Store --- README.md | 17 +++++++++++++++++ func.go | 25 +++++++++++++++++++++++++ go.mod | 1 + go.sum | 6 ++++++ 4 files changed, 49 insertions(+) diff --git a/README.md b/README.md index 1fa76b9..3836054 100644 --- a/README.md +++ b/README.md @@ -230,6 +230,7 @@ More [funcs](https://github.com/subchen/frep/blob/master/func.go) added: - reReplaceAllLiteral - reSplit - awsSecret +- awsParameterStore Sample of nginx.conf.in @@ -277,3 +278,19 @@ mysql_pass: {{ awsSecret "application/mysql/password" }} external_api_client: {{ awsSecret "application/external_api" "client_id" }} external_api_secret: {{ awsSecret "application/external_api" "secret_key" }} ``` + +Sample using AWS Parameter Store, first of all take into account that in order to use the ssm functionality you need to have a proper AWS configuration in place and permissions enough to read parameters from AWS Parameter Store. More details of how to configure AWSCLI can be found at https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-configure.html + +Once you have all the requirements just create a template like this one: + +``` +# application.conf +mysql_host: {{ .mysql_host }} +mysql_user: {{ .mysql_user }} +mysql_pass: {{ awsSecret "application/mysql/password" }} +mysql_dns: {{ awsParameterStore "application/mysql/dns" }} +``` +In above example `mysql_dns` will be filled as usual by using `frep` config file or environment variables but `mysql_pass` will be fetch straight from AWS Parameter Store by looking at `application/mysql/dns` + +SSM Limitation: You can get parameter from ParameterStore just in textplain. + diff --git a/func.go b/func.go index 0499745..3fd18c1 100644 --- a/func.go +++ b/func.go @@ -15,6 +15,7 @@ import ( "github.com/BurntSushi/toml" "github.com/Masterminds/sprig" "github.com/go-yaml/yaml" + "github.com/ismferd/ssm/package/parameterstore" "github.com/overdrive3000/secretsmanager" ) @@ -56,6 +57,7 @@ func FuncMap(templateName string) template.FuncMap { // Add function to get secrets from AWS Secrets Manager f["awsSecret"] = getAWSSecret + f["awsParameterStore"] = getAWSParameterStore return f } @@ -92,6 +94,29 @@ func getAWSSecret(secret ...string) string { return s } +// getAWSParameterStore return a parameter stored in AWS SSM Parameter Store. +// function accepts as parameter a names. +func getAWSParameterStore(parameter string) string { + + c := parameterstore.New( + ¶meterstore.AWSConfig{}, + ) + + spec := ¶meterstore.ParemeterString{ + Name: parameter, + } + + p, err := c.GetParam(spec) + if err != nil { + if Strict { + panic(err) + } + return "" + } + + return p +} + // toBool takes a string and converts it to a bool. // On marshal error will panic if in strict mode, otherwise returns false. // It accepts 1, t, T, TRUE, true, True, 0, f, F, FALSE, false, False. diff --git a/go.mod b/go.mod index 1ebbaed..de2f638 100644 --- a/go.mod +++ b/go.mod @@ -9,6 +9,7 @@ require ( github.com/google/uuid v1.1.0 // indirect github.com/huandu/xstrings v1.2.0 // indirect github.com/imdario/mergo v0.3.6 // indirect + github.com/ismferd/ssm v0.1.0 github.com/kr/pretty v0.1.0 // indirect github.com/mitchellh/copystructure v1.0.0 // indirect github.com/overdrive3000/secretsmanager v0.2.0 diff --git a/go.sum b/go.sum index 438446c..397ded9 100644 --- a/go.sum +++ b/go.sum @@ -8,6 +8,8 @@ github.com/Masterminds/sprig v2.22.0+incompatible h1:z4yfnGrZ7netVz+0EDJ0Wi+5VZC github.com/Masterminds/sprig v2.22.0+incompatible/go.mod h1:y6hNFY5UBTIWBxnzTeuNhlNS5hqE0NB0E6fgfo2Br3o= github.com/aws/aws-sdk-go v1.30.10 h1:Je2O8GgAwqDGVN2Da+B1PbNXYhkOO/AcNhuTd9llKGk= github.com/aws/aws-sdk-go v1.30.10/go.mod h1:5zCpMtNQVjRREroY7sYe8lOMRSxkhG6MZveU8YkpAk0= +github.com/aws/aws-sdk-go v1.30.29 h1:NXNqBS9hjOCpDL8SyCyl38gZX3LLLunKOJc5E7vJ8P0= +github.com/aws/aws-sdk-go v1.30.29/go.mod h1:5zCpMtNQVjRREroY7sYe8lOMRSxkhG6MZveU8YkpAk0= github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/go-sql-driver/mysql v1.5.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg= @@ -19,6 +21,10 @@ github.com/huandu/xstrings v1.2.0 h1:yPeWdRnmynF7p+lLYz0H2tthW9lqhMJrQV/U7yy4wX0 github.com/huandu/xstrings v1.2.0/go.mod h1:DvyZB1rfVYsBIigL8HwpZgxHwXozlTgGqn63UyNX5k4= github.com/imdario/mergo v0.3.6 h1:xTNEAn+kxVO7dTZGu0CegyqKZmoWFI0rF8UxjlB2d28= github.com/imdario/mergo v0.3.6/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= +github.com/ismferd/ssm v0.0.0-20200517084015-888107c4c109 h1:xpg69WF9Lh+lC1pJByXu42CrDMmMCL8Mw4aHM6USyDM= +github.com/ismferd/ssm v0.0.0-20200517084015-888107c4c109/go.mod h1:EWSM3Tffi8r6sdVC0/E8Tudbgp4MEhDHn52prrxYJpQ= +github.com/ismferd/ssm v0.1.0 h1:5pHLTEhdzeE3JLIbgF/221uoDdhhbN+0CNz9KQtJvVY= +github.com/ismferd/ssm v0.1.0/go.mod h1:EWSM3Tffi8r6sdVC0/E8Tudbgp4MEhDHn52prrxYJpQ= github.com/jmespath/go-jmespath v0.3.0 h1:OS12ieG61fsCg5+qLJ+SsW9NicxNkg3b25OyT2yCeUc= github.com/jmespath/go-jmespath v0.3.0/go.mod h1:9QtRXoHjLGCJ5IBSaohpXITPlowMeeYCZ7fLUTSywik= github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI=