feat: create multiple string parameters from complex yaml and json… (#1047)

* feature: create multiple string parameters from complex yaml and json files

* chore: add maintainer

Signed-off-by: Thomas Geese <[email protected]>

* fix: sort keys in order to fix tests

Signed-off-by: Thomas Geese <[email protected]>

* fix: cdk tests

Signed-off-by: Thomas Geese <[email protected]>

* chore: recreate yarn lock

Signed-off-by: Thomas Geese <[email protected]>

* fix: test snapshots

Signed-off-by: Thomas Geese <[email protected]>

* docs: add multi string parameter docs

Signed-off-by: Thomas Geese <[email protected]>

* fix: snapshot tests

Signed-off-by: Thomas Geese <[email protected]>

* fix: snapshot tests

Signed-off-by: Thomas Geese <[email protected]>

* fix: snpshot tests

Signed-off-by: Thomas <[email protected]>

---------

Signed-off-by: Thomas Geese <[email protected]>
Signed-off-by: Thomas <[email protected]>
Co-authored-by: Thomas Geese <[email protected]>

Author: zh32

.projen/deps.json

@@ -29,7 +29,8 @@ const project = new awscdk.AwsCdkConstructLibrary({
 
   name: 'cdk-sops-secrets',
   repositoryUrl: 'https://github.com/dbsystel/cdk-sops-secrets.git',
-  // deps: [],                /* Runtime dependencies of this module. */
+  bundledDeps: ['yaml'],
+  // deps: [], /* Runtime dependencies of this module. */,
   // description: undefined,  /* The description is just a string that helps people understand the purpose of the package. */
   // devDeps: [],             /* Build dependencies for this module. */
   integrationTestAutoDiscover: true,

.projen/tasks.json

@@ -3,3 +3,4 @@ This page lists all active maintainers of this repository in alphabetical order.
 [henrysachs](https://github.com/henrysachs)
 [markussiebert](https://github.com/markussiebert)
 [thomaskrause](https://github.com/obirah)
+[thomasgeese](https://github.com/zh32)

.projenrc.js

@@ -28,12 +28,12 @@ func Test_Flatten(t *testing.T) {
 	simpleStruct, err := fromJSON(ReadFile("../test-secrets/json/sopsfile.json"))
 	check(err)
 	flattenedSimpleStruct := make(map[string]interface{})
-	err = flatten("", simpleStruct, flattenedSimpleStruct)
+	err = flatten("", simpleStruct, flattenedSimpleStruct, ".")
 	snaps.MatchSnapshot(t, ">>>Simple", flattenedSimpleStruct)
 	complexStruct, err := fromJSON(ReadFile("../test-secrets/json/sopsfile-complex.json"))
 	check(err)
 	flattenedComplexStruct := make(map[string]interface{})
-	err = flatten("", complexStruct, flattenedComplexStruct)
+	err = flatten("", complexStruct, flattenedComplexStruct, ".")
 	snaps.MatchSnapshot(t, ">>>Complex", flattenedComplexStruct)
 }
 

API.md

@@ -2,6 +2,8 @@
   "RequestType": "Create",
   "LogicalResourceId": "LogicalResourceId",
   "ResourceProperties": {
+    "ResourceType": "PARAMETER",
+    "CreationType": "SINGLE",
     "ParameterName": "arn:aws:ssm:eu-central-1:123456789012:parameter/testsecret",
     "SopsS3File": {
       "Bucket": "..",

MAINTAINERS.md

@@ -0,0 +1,22 @@
+{
+  "RequestType": "Create",
+  "LogicalResourceId": "LogicalResourceId",
+  "ResourceProperties": {
+    "ResourceType": "PARAMETER",
+    "CreationType": "MULTI",
+    "ParameterName": "arn:aws:ssm:eu-central-1:123456789012:parameter/testsecret",
+    "SopsS3File": {
+      "Bucket": "..",
+      "Key": "../test-secrets/yaml/sopsfile-complex-parameters.enc-age.yaml"
+    },
+    "Format": "yaml",
+    "Flatten": "true",
+    "FlattenSeparator": "/",
+    "ParameterKeyPrefix": "/",
+    "ConvertToJSON": "false",
+    "SopsAgeKey": "AGE-SECRET-KEY-1EFUWJ0G2XJTJFWTAM2DGMA4VCK3R05W58FSMHZP3MZQ0ZTAQEAFQC6T7T3"
+  },
+  "ResourceType": "Custom::SOPS::Secret",
+  "RequestId": "RequestId",
+  "StackId": "StackId"
+}

lambda/__snapshots__/handler_parameter_yaml_multi_test.snap

@@ -0,0 +1,22 @@
+{
+  "RequestType": "Create",
+  "LogicalResourceId": "LogicalResourceId",
+  "ResourceProperties": {
+    "ResourceType": "PARAMETER",
+    "CreationType": "MULTI",
+    "ParameterName": "arn:aws:ssm:eu-central-1:123456789012:parameter/testsecret",
+    "SopsS3File": {
+      "Bucket": "..",
+      "Key": "../test-secrets/yaml/sopsfile-complex-parameters.enc-age.yaml"
+    },
+    "Format": "yaml",
+    "Flatten": "true",
+    "FlattenSeparator": ".",
+    "ParameterKeyPrefix": "_",
+    "ConvertToJSON": "false",
+    "SopsAgeKey": "AGE-SECRET-KEY-1EFUWJ0G2XJTJFWTAM2DGMA4VCK3R05W58FSMHZP3MZQ0ZTAQEAFQC6T7T3"
+  },
+  "ResourceType": "Custom::SOPS::Secret",
+  "RequestId": "RequestId",
+  "StackId": "StackId"
+}

lambda/conversion_test.go

@@ -2,6 +2,9 @@
   "RequestType": "Create",
   "LogicalResourceId": "LogicalResourceId",
   "ResourceProperties": {
+    "ResourceType": "SECRET",
+    "CreationType": "SINGLE",
+    "FlattenSeparator": ".",
     "SecretARN": "arn:aws:secretsmanager:eu-central-1:123456789012:secret:testsecret",
     "SopsS3File": {
       "Bucket": "..",

lambda/events/event_create_s3_parameter_raw_simple.json

@@ -2,6 +2,9 @@
   "RequestType": "Create",
   "LogicalResourceId": "LogicalResourceId",
   "ResourceProperties": {
+    "ResourceType": "SECRET",
+    "CreationType": "SINGLE",
+    "FlattenSeparator": ".",
     "SecretARN": "arn:aws:secretsmanager:eu-central-1:123456789012:secret:testsecret",
     "SopsS3File": {
       "Bucket": "..",

lambda/events/event_create_s3_parameter_yaml_complex.json

@@ -2,6 +2,9 @@
   "RequestType": "Create",
   "LogicalResourceId": "LogicalResourceId",
   "ResourceProperties": {
+    "ResourceType": "SECRET",
+    "CreationType": "SINGLE",
+    "FlattenSeparator": ".",
     "SecretARN": "arn:aws:secretsmanager:eu-central-1:123456789012:secret:testsecret",
     "SopsS3File": {
       "Bucket": "..",

lambda/events/event_create_s3_parameter_yaml_complex_custom_keys.json

@@ -2,6 +2,9 @@
   "RequestType": "Create",
   "LogicalResourceId": "LogicalResourceId",
   "ResourceProperties": {
+    "ResourceType": "SECRET",
+    "CreationType": "SINGLE",
+    "FlattenSeparator": ".",
     "SecretARN": "arn:aws:secretsmanager:eu-central-1:123456789012:secret:testsecret",
     "SopsS3File": {
       "Bucket": "..",

lambda/events/event_create_s3_secret_env_as_json_simple.json

@@ -2,6 +2,9 @@
   "RequestType": "Create",
   "LogicalResourceId": "LogicalResourceId",
   "ResourceProperties": {
+    "ResourceType": "SECRET",
+    "CreationType": "SINGLE",
+    "FlattenSeparator": ".",
     "SecretARN": "arn:aws:secretsmanager:eu-central-1:123456789012:secret:testsecret",
     "SopsS3File": {
       "Bucket": "..",

lambda/events/event_create_s3_secret_env_simple.json

@@ -2,6 +2,9 @@
   "RequestType": "Create",
   "LogicalResourceId": "LogicalResourceId",
   "ResourceProperties": {
+    "ResourceType": "SECRET",
+    "CreationType": "SINGLE",
+    "FlattenSeparator": ".",
     "SecretARN": "arn:aws:secretsmanager:eu-central-1:123456789012:secret:testsecret",
     "SopsS3File": {
       "Bucket": "..",

lambda/events/event_create_s3_secret_json_complex.json

@@ -2,6 +2,9 @@
   "RequestType": "Create",
   "LogicalResourceId": "LogicalResourceId",
   "ResourceProperties": {
+    "ResourceType": "SECRET",
+    "CreationType": "SINGLE",
+    "FlattenSeparator": ".",
     "SecretARN": "arn:aws:secretsmanager:eu-central-1:123456789012:secret:testsecret",
     "SopsS3File": {
       "Bucket": "..",

lambda/events/event_create_s3_secret_json_complex_flat.json

@@ -2,6 +2,9 @@
   "RequestType": "Create",
   "LogicalResourceId": "LogicalResourceId",
   "ResourceProperties": {
+    "ResourceType": "SECRET",
+    "CreationType": "SINGLE",
+    "FlattenSeparator": ".",
     "SecretARN": "arn:aws:secretsmanager:eu-central-1:123456789012:secret:testsecret",
     "SopsS3File": {
       "Bucket": "..",

lambda/events/event_create_s3_secret_json_complex_stringify.json

@@ -2,6 +2,9 @@
   "RequestType": "Create",
   "LogicalResourceId": "LogicalResourceId",
   "ResourceProperties": {
+    "ResourceType": "SECRET",
+    "CreationType": "SINGLE",
+    "FlattenSeparator": ".",
     "SecretARN": "arn:aws:secretsmanager:eu-central-1:123456789012:secret:testsecret",
     "SopsS3File": {
       "Bucket": "..",

lambda/events/event_create_s3_secret_json_simple.json

@@ -2,6 +2,9 @@
   "RequestType": "Create",
   "LogicalResourceId": "LogicalResourceId",
   "ResourceProperties": {
+    "ResourceType": "SECRET",
+    "CreationType": "SINGLE",
+    "FlattenSeparator": ".",
     "SecretARN": "arn:aws:secretsmanager:eu-central-1:123456789012:secret:testsecret",
     "SopsS3File": {
       "Bucket": "..",

lambda/events/event_create_s3_secret_raw_simple.json

@@ -2,6 +2,9 @@
   "RequestType": "Create",
   "LogicalResourceId": "LogicalResourceId",
   "ResourceProperties": {
+    "ResourceType": "SECRET",
+    "CreationType": "SINGLE",
+    "FlattenSeparator": ".",
     "SecretARN": "arn:aws:secretsmanager:eu-central-1:123456789012:secret:testsecret",
     "SopsS3File": {
       "Bucket": "..",

lambda/events/event_create_s3_secret_yaml_as_json_complex.json

@@ -2,6 +2,9 @@
   "RequestType": "Create",
   "LogicalResourceId": "LogicalResourceId",
   "ResourceProperties": {
+    "ResourceType": "SECRET",
+    "CreationType": "SINGLE",
+    "FlattenSeparator": ".",
     "SecretARN": "arn:aws:secretsmanager:eu-central-1:123456789012:secret:testsecret",
     "SopsS3File": {
       "Bucket": "..",

lambda/events/event_create_s3_secret_yaml_as_json_complex_flat.json

@@ -2,6 +2,9 @@
   "RequestType": "Create",
   "LogicalResourceId": "LogicalResourceId",
   "ResourceProperties": {
+    "ResourceType": "SECRET",
+    "CreationType": "SINGLE",
+    "FlattenSeparator": ".",
     "SecretARN": "arn:aws:secretsmanager:eu-central-1:123456789012:secret:testsecret",
     "SopsS3File": {
       "Bucket": "..",

lambda/events/event_create_s3_secret_yaml_as_json_simple.json

@@ -0,0 +1,23 @@
+package main
+
+import (
+	"testing"
+
+	"github.com/gkampitakis/go-snaps/snaps"
+)
+
+func Test_FullWorkflow_Create_S3_Parameter_YAML_multi_Simple(t *testing.T) {
+	mocks, ctx, event := prepareHandler(t, "events/event_create_s3_parameter_yaml_complex.json")
+
+	phys, data, err := mocks.syncSopsToSecretsmanager(ctx, event)
+	check(err)
+	snaps.MatchSnapshot(t, ">>>syncSopsToSecretsmanager", phys, data, err)
+}
+
+func Test_FullWorkflow_Create_S3_Parameter_YAML_multi_Simple_custom_keys(t *testing.T) {
+	mocks, ctx, event := prepareHandler(t, "events/event_create_s3_parameter_yaml_complex_custom_keys.json")
+
+	phys, data, err := mocks.syncSopsToSecretsmanager(ctx, event)
+	check(err)
+	snaps.MatchSnapshot(t, ">>>syncSopsToSecretsmanager", phys, data, err)
+}