From 5e4c6e42ac49037106d9dd48d8463dda062c39c7 Mon Sep 17 00:00:00 2001 From: snagole Date: Thu, 7 Jun 2018 15:32:10 -0700 Subject: [PATCH 1/5] Changes to fix function level secrets --- client/index.js | 4 +-- lib/providers/aws.js | 7 ++++- package.json | 10 +++--- plugin/index.js | 75 ++++++++++++++++++++++++-------------------- 4 files changed, 54 insertions(+), 42 deletions(-) diff --git a/client/index.js b/client/index.js index 83287fc..3a5a727 100644 --- a/client/index.js +++ b/client/index.js @@ -29,9 +29,9 @@ function init (config) { function load (options) { init() const mergedOptions = Object.assign({}, secrets.options, options) - const environmentSecrets = Object.assign({}, secrets.environments.$global, secrets.environments[process.env._HANDLER.split('.')[1]]) - const parameterNames = _.uniq(_.values(environmentSecrets)) const provider = getStorageProvider(mergedOptions) + const environmentSecrets = Object.assign({}, secrets.environments.$global, secrets.environments[provider.getFunctionName()]) + const parameterNames = _.uniq(_.values(environmentSecrets)) return provider.getSecret(parameterNames).then(data => { const missingParameters = parameterNames.filter(expected => !_.keys(data).some(received => expected === received)) Object.assign(process.env, _.mapValues(environmentSecrets, key => data[key])) diff --git a/lib/providers/aws.js b/lib/providers/aws.js index 35de9ec..e2dca57 100644 --- a/lib/providers/aws.js +++ b/lib/providers/aws.js @@ -70,10 +70,15 @@ module.exports = function (options) { }) } + function getFunctionName() { + return process.env.AWS_LAMBDA_FUNCTION_NAME + } + return { getSecret, setSecret, deleteSecret, - listSecrets + listSecrets, + getFunctionName } } diff --git a/package.json b/package.json index 6a3bbd5..f401f82 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { - "name": "serverless-secrets", - "version": "3.0.0-beta.11", + "name": "@tabordasolutions/serverless-secrets", + "version": "3.0.0-beta.12", "description": "A serverless plugin for managing secrets", "main": "plugin/index.js", "scripts": { @@ -8,7 +8,7 @@ }, "repository": { "type": "git", - "url": "https://github.com/trek10inc/serverless-secrets" + "url": "https://github.com/tabordasolutions/serverless-secrets" }, "keywords": [ "serverless", @@ -21,12 +21,12 @@ "parameter store", "env" ], - "author": "Jared Short (https://www.trek10.com)", + "author": "Sneha Nagole ", "license": "MIT", "bugs": { "url": "https://github.com/trek10inc/serverless-secrets/issues" }, - "homepage": "https://github.com/trek10inc/serverless-secrets", + "homepage": "https://github.com/tabordasolutions/serverless-secrets", "dependencies": { "lodash": "^4.17.4" }, diff --git a/plugin/index.js b/plugin/index.js index 6f0b10f..f630bd4 100644 --- a/plugin/index.js +++ b/plugin/index.js @@ -201,6 +201,7 @@ class ServerlessSecrets { } packageSecrets () { + this.config.environments = this.generateEnvironmentVariables() this.deployMode = true this.serverless.cli.log('Serverless Secrets beginning packaging process') this.writeConfigFile() @@ -215,46 +216,52 @@ class ServerlessSecrets { } generateConfig () { - this.serverless.cli.log('Generating Serverless Secrets Config') - if (!this.serverless.service.provider.name) { - throw new Error('No provider name configured in serverless.yml') - } + this.serverless.cli.log('Generating Serverless Secrets Config options') + if (!this.serverless.service.provider.name) { + throw new Error('No provider name configured in serverless.yml') + } + + // build options object + const options = Object.assign( + { + throwOnMissingSecret: false, + logOnMissingSecret: true, + skipValidation: false, + omitPermissions: false, + resourceForIamRole: '*' + }, + _.get(this.serverless.service, 'custom.serverlessSecrets', {}), + { + provider: this.serverless.service.provider.name + } + ) + + const environments = this.generateEnvironmentVariables() - // build options object - const options = Object.assign( - { - throwOnMissingSecret: false, - logOnMissingSecret: true, - skipValidation: false, - omitPermissions: false, - resourceForIamRole: '*' - }, - _.get(this.serverless.service, 'custom.serverlessSecrets', {}), - { - provider: this.serverless.service.provider.name + return { + options, + environments } - ) + } - // variables - const functions = this.serverless.service.functions - const environments = Object.keys(functions) - .reduce((environments, key) => { - const functionName = functions[key].handler.split('.')[1] - if (functions[key].environmentSecrets) { - environments[functionName] = functions[key].environmentSecrets - } - return environments - }, {}) + generateEnvironmentVariables() { + this.serverless.cli.log('Generating Serverless Secrets Config environments') + const functions = this.serverless.service.functions + const environments = Object.keys(functions) + .reduce((environments, key) => { + const functionName = functions[key].name || [this.serverless.service.service, this.serverless.processedInput.options.stage, key].join('-') + if (functions[key].environmentSecrets) { + environments[functionName] = functions[key].environmentSecrets + } + return environments + }, {}) - environments.$global = this.serverless.service.provider.environmentSecrets || {} + environments.$global = this.serverless.service.provider.environmentSecrets || {} - return { - options, - environments - } + return environments } - writeConfigFile () { + writeConfigFile () { this.serverless.cli.log(`Writing ${constants.CONFIG_FILE_NAME}`) fs.writeFileSync(constants.CONFIG_FILE_NAME, JSON.stringify(this.config)) } @@ -265,7 +272,7 @@ class ServerlessSecrets { const functions = this.serverless.service.functions Object.keys(functions).forEach(functionName => { if (!functions[functionName].environment) functions[functionName].environment = {} - Object.assign(functions[functionName].environment, this.config.environments.$global, this.config.environments[functionName]) + Object.assign(functions[functionName].environment, this.config.environments.$global, this.config.environments[functions[functionName].name]) }) } From 83adfc9d4dfc6814f4158771e29e516a3bf4d0a7 Mon Sep 17 00:00:00 2001 From: snagole Date: Thu, 7 Jun 2018 16:05:39 -0700 Subject: [PATCH 2/5] Rename package --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index f401f82..e2da27a 100644 --- a/package.json +++ b/package.json @@ -1,5 +1,5 @@ { - "name": "@tabordasolutions/serverless-secrets", + "name": "serverless-secrets", "version": "3.0.0-beta.12", "description": "A serverless plugin for managing secrets", "main": "plugin/index.js", From 5c4586aa9e86fa2b6366b516c687e1b57afe2439 Mon Sep 17 00:00:00 2001 From: snagole Date: Tue, 12 Jun 2018 15:00:07 -0700 Subject: [PATCH 3/5] refactor changes to plugin/index.js --- plugin/index.js | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/plugin/index.js b/plugin/index.js index f630bd4..3821d9c 100644 --- a/plugin/index.js +++ b/plugin/index.js @@ -111,6 +111,7 @@ class ServerlessSecrets { 'secrets:list-remote:list-remote': this.listRemoteSecretNames.bind(this), 'secrets:validate:validate': this.validateSecrets.bind(this), 'before:package:setupProviderConfiguration': this.setIamPermissions.bind(this), + 'before:package:initialize': this.setEnvironmentConfig.bind(this), 'before:package:createDeploymentArtifacts': this.packageSecrets.bind(this), 'after:package:createDeploymentArtifacts': this.cleanupPackageSecrets.bind(this), 'before:deploy:function:packageFunction': this.packageSecrets.bind(this), @@ -201,7 +202,6 @@ class ServerlessSecrets { } packageSecrets () { - this.config.environments = this.generateEnvironmentVariables() this.deployMode = true this.serverless.cli.log('Serverless Secrets beginning packaging process') this.writeConfigFile() @@ -236,15 +236,16 @@ class ServerlessSecrets { } ) - const environments = this.generateEnvironmentVariables() - return { - options, - environments + options } } - generateEnvironmentVariables() { + setEnvironmentConfig() { + this.config.environments = this.generateEnvironmentConfig() + } + + generateEnvironmentConfig () { this.serverless.cli.log('Generating Serverless Secrets Config environments') const functions = this.serverless.service.functions const environments = Object.keys(functions) @@ -258,7 +259,7 @@ class ServerlessSecrets { environments.$global = this.serverless.service.provider.environmentSecrets || {} - return environments + return environments; } writeConfigFile () { @@ -298,7 +299,6 @@ class ServerlessSecrets { this.serverless.cli.log('Validating secrets') const provider = this.serverless.service.provider const functions = this.serverless.service.functions - // need to validate that all secrets exist in provider const storageProvider = this.getStorageProvider() const missingSecretsPromise = storageProvider.listSecrets().then(secrets => { From beee4b8a79e1a830936dba0bd51b4a80aca004b1 Mon Sep 17 00:00:00 2001 From: snagole Date: Wed, 13 Jun 2018 10:28:16 -0700 Subject: [PATCH 4/5] Changes based on code review feedback --- package.json | 2 +- plugin/index.js | 62 ++++++++++++++++++++++++------------------------- 2 files changed, 32 insertions(+), 32 deletions(-) diff --git a/package.json b/package.json index e2da27a..4b367e6 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "serverless-secrets", - "version": "3.0.0-beta.12", + "version": "3.0.0-beta.11", "description": "A serverless plugin for managing secrets", "main": "plugin/index.js", "scripts": { diff --git a/plugin/index.js b/plugin/index.js index 3821d9c..b99ba4d 100644 --- a/plugin/index.js +++ b/plugin/index.js @@ -216,25 +216,25 @@ class ServerlessSecrets { } generateConfig () { - this.serverless.cli.log('Generating Serverless Secrets Config options') - if (!this.serverless.service.provider.name) { - throw new Error('No provider name configured in serverless.yml') - } + this.serverless.cli.log('Generating Serverless Secrets Config options') + if (!this.serverless.service.provider.name) { + throw new Error('No provider name configured in serverless.yml') + } - // build options object - const options = Object.assign( - { - throwOnMissingSecret: false, - logOnMissingSecret: true, - skipValidation: false, - omitPermissions: false, - resourceForIamRole: '*' - }, - _.get(this.serverless.service, 'custom.serverlessSecrets', {}), - { - provider: this.serverless.service.provider.name - } - ) + // build options object + const options = Object.assign( + { + throwOnMissingSecret: false, + logOnMissingSecret: true, + skipValidation: false, + omitPermissions: false, + resourceForIamRole: '*' + }, + _.get(this.serverless.service, 'custom.serverlessSecrets', {}), + { + provider: this.serverless.service.provider.name + } + ) return { options @@ -246,23 +246,23 @@ class ServerlessSecrets { } generateEnvironmentConfig () { - this.serverless.cli.log('Generating Serverless Secrets Config environments') - const functions = this.serverless.service.functions - const environments = Object.keys(functions) - .reduce((environments, key) => { - const functionName = functions[key].name || [this.serverless.service.service, this.serverless.processedInput.options.stage, key].join('-') - if (functions[key].environmentSecrets) { - environments[functionName] = functions[key].environmentSecrets - } - return environments - }, {}) + this.serverless.cli.log('Generating Serverless Secrets Config environments') + const functions = this.serverless.service.functions + const environments = Object.keys(functions) + .reduce((environments, key) => { + const functionName = functions[key].name || [this.serverless.service.service, this.serverless.processedInput.options.stage, key].join('-') + if (functions[key].environmentSecrets) { + environments[functionName] = functions[key].environmentSecrets + } + return environments + }, {}) - environments.$global = this.serverless.service.provider.environmentSecrets || {} + environments.$global = this.serverless.service.provider.environmentSecrets || {} - return environments; + return environments } - writeConfigFile () { + writeConfigFile () { this.serverless.cli.log(`Writing ${constants.CONFIG_FILE_NAME}`) fs.writeFileSync(constants.CONFIG_FILE_NAME, JSON.stringify(this.config)) } From 30376c7e4c0029c380ef6643573607b6e6ac00fd Mon Sep 17 00:00:00 2001 From: snagole Date: Fri, 15 Jun 2018 09:31:07 -0700 Subject: [PATCH 5/5] Changes to revert back changes in package.json --- package.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/package.json b/package.json index 4b367e6..6a3bbd5 100644 --- a/package.json +++ b/package.json @@ -8,7 +8,7 @@ }, "repository": { "type": "git", - "url": "https://github.com/tabordasolutions/serverless-secrets" + "url": "https://github.com/trek10inc/serverless-secrets" }, "keywords": [ "serverless", @@ -21,12 +21,12 @@ "parameter store", "env" ], - "author": "Sneha Nagole ", + "author": "Jared Short (https://www.trek10.com)", "license": "MIT", "bugs": { "url": "https://github.com/trek10inc/serverless-secrets/issues" }, - "homepage": "https://github.com/tabordasolutions/serverless-secrets", + "homepage": "https://github.com/trek10inc/serverless-secrets", "dependencies": { "lodash": "^4.17.4" },