Init source

Author: Rahman

go.mod

@@ -0,0 +1,9 @@
+module kustomize-aws-ssm-secret-generator-plugin
+
+go 1.12
+
+require (
+	github.com/aws/aws-sdk-go v1.19.26
+	github.com/stretchr/testify v1.3.0 // indirect
+	golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c // indirect
+)

go.sum

@@ -0,0 +1,17 @@
+github.com/aws/aws-sdk-go v1.19.26 h1:GavKlzJDfYQGoS4jn2F+KYYZlR8QEhrLPfpf8+oJhS4=
+github.com/aws/aws-sdk-go v1.19.26/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo=
+github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8=
+github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af h1:pmfjZENx5imkbgOkpRUYLnmbU7UEFbjtDA2hxJ1ichM=
+github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/testify v1.3.0 h1:TivCn/peBQ7UY8ooIcPgZFpTNSz0Q2U6UrFlUfqbe0Q=
+github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
+golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c h1:uOCk1iQW6Vc18bnC13MfzScl+wdKBmM9Y9kU7Z83/lw=
+golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/text v0.3.0 h1:g61tztE5qeGQ89tm6NTjjM9VPIm088od1l6aSorWRWg=
+golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=

kvMaker.go

@@ -0,0 +1,115 @@
+package main
+
+import (
+	"fmt"
+	"reflect"
+	"strings"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/aws/credentials"
+	"github.com/aws/aws-sdk-go/aws/session"
+	"github.com/aws/aws-sdk-go/service/ssm"
+)
+
+type plugin struct{}
+
+var KVSource plugin
+
+type options struct {
+	AwsRegion             string `alias:"AWS_REGION"`
+	AwsAccessKeyID        string `alias:"AWS_ACCESS_KEY_ID"`
+	AwsSecretAccessKey    string `alias:"AWS_SECRET_ACCESS_KEY"`
+	AwsSessionToken       string `alias:"AWS_SESSION_TOKEN"`
+	AwsParameterStorePath string `alias:"AWS_SSM_PATH"`
+
+	UppercaseKeys string `alias:"UPPERCASE_KEY"`
+}
+
+func (p plugin) Get(root string, args []string) (map[string]string, error) {
+	r := make(map[string]string)
+	opts := &options{}
+	cfg := &aws.Config{}
+	opts.parseArgs(&args)
+
+	if opts.AwsParameterStorePath == "" {
+		return r, fmt.Errorf("AWS_SSM_PATH is required")
+	}
+
+	if opts.AwsRegion != "" {
+		cfg.Region = aws.String(opts.AwsRegion)
+	}
+
+	if opts.AwsAccessKeyID != "" && opts.AwsSecretAccessKey != "" {
+		staticCreds := credentials.NewStaticCredentials(opts.AwsAccessKeyID, opts.AwsSecretAccessKey, opts.AwsSessionToken)
+		cfg.WithCredentials(staticCreds)
+	}
+
+	sess, err := session.NewSession(cfg)
+	if err != nil {
+		return nil, err
+	}
+
+	svc := ssm.New(sess)
+
+	getParamsInput := &ssm.GetParametersByPathInput{
+		Path:           aws.String(opts.AwsParameterStorePath),
+		WithDecryption: aws.Bool(true),
+	}
+
+	for {
+		resp, err := svc.GetParametersByPath(getParamsInput)
+
+		if err != nil {
+			return nil, err
+		}
+
+		params := resp.Parameters
+		for _, p := range params {
+			name := sanitizeKey(p.Name, opts.UppercaseKeys == "true")
+			r[name] = sanitizeValue(p.Value)
+		}
+
+		nextToken := resp.NextToken
+		if nextToken == nil {
+			break
+		}
+	}
+
+	return r, nil
+}
+
+func sanitizeKey(path *string, ensureUppercase bool) string {
+	pathBrokenDown := strings.Split(aws.StringValue(path), "/")
+	name := pathBrokenDown[len(pathBrokenDown)-1]
+
+	if ensureUppercase {
+		name = strings.ToUpper(name)
+	}
+
+	return name
+}
+
+func sanitizeValue(path *string) string {
+	return aws.StringValue(path)
+}
+
+func (opts *options) parseArgs(args *[]string) error {
+	ov := reflect.ValueOf(opts).Elem()
+	typeOfOpts := ov.Type()
+
+	for _, arg := range *args {
+		argKeyValuePair := strings.Split(arg, "=")
+		if len(argKeyValuePair) == 2 {
+			for i := 0; i < ov.NumField(); i++ {
+				field := ov.Field(i)
+				fieldTag := typeOfOpts.Field(i).Tag
+
+				if argKeyValuePair[0] == fieldTag.Get("alias") {
+					field.SetString(argKeyValuePair[1])
+				}
+			}
+		}
+	}
+
+	return nil
+}