Module: MovableInk::AWS::SSM

Included in:
MovableInk::AWS
Defined in:
lib/movable_ink/aws/ssm.rb

Constant Summary collapse

SSM_DEFAULT_REGION =
'us-east-1'
SSM_DEFAULT_FAILOVER_REGION =
'us-west-2'

Instance Method Summary collapse

Instance Method Details

#extract_parameters(parameters, path) ⇒ Object



72
73
74
75
76
# File 'lib/movable_ink/aws/ssm.rb', line 72

def extract_parameters(parameters, path)
  parameters.map do |param|
    [ param.name.gsub("#{path}/", ''), param.value ]
  end.to_h
end

#get_role_secrets(environment: mi_env, role:, region: nil, failregion: nil) ⇒ Object



60
61
62
63
64
65
66
67
68
69
70
# File 'lib/movable_ink/aws/ssm.rb', line 60

def get_role_secrets(environment: mi_env, role:, region: nil, failregion: nil)
  path = "/#{environment}/#{role}"
  run_with_backoff_and_client_fallback(region, failregion) do |ssm|
    ssm.get_parameters_by_path(
      path: path,
      with_decryption: true
    ).inject({}) do |secrets, resp|
      secrets.merge!(extract_parameters(resp.parameters, path))
    end
  end
end

#get_secret(environment: mi_env, role:, attribute:, region: nil, failregion: nil) ⇒ Object



46
47
48
49
50
51
52
53
54
55
56
57
58
# File 'lib/movable_ink/aws/ssm.rb', line 46

def get_secret(environment: mi_env, role:, attribute:, region: nil, failregion: nil)
  run_with_backoff_and_client_fallback(region, failregion) do |ssm|
    begin
      resp = ssm.get_parameter(
                name: "/#{environment}/#{role}/#{attribute}",
                with_decryption: true
              )
      resp.parameter.value
    rescue Aws::SSM::Errors::ParameterNotFound => e
      nil
    end
  end
end

#mi_secrets_configObject



14
15
16
# File 'lib/movable_ink/aws/ssm.rb', line 14

def mi_secrets_config
  @mi_secrets_config ||= (File.exist?(mi_secrets_config_file_path)) ? JSON.parse(File.read(mi_secrets_config_file_path), :symbolize_names => true) : nil
end

#mi_secrets_config_file_pathObject



10
11
12
# File 'lib/movable_ink/aws/ssm.rb', line 10

def mi_secrets_config_file_path
  '/etc/movableink/secrets_config.json'
end

#mi_ssm_clients_regionsObject



18
19
20
21
22
23
24
# File 'lib/movable_ink/aws/ssm.rb', line 18

def mi_ssm_clients_regions
  default_regions = [SSM_DEFAULT_REGION, SSM_DEFAULT_FAILOVER_REGION]

  return default_regions if !mi_secrets_config || !mi_secrets_config[:ssm_parameters_regions_map] || !mi_secrets_config[:ssm_parameters_regions_map].key?(my_region.to_sym)
  my_region_map = mi_secrets_config[:ssm_parameters_regions_map][my_region.to_sym]
  (my_region_map.keys == [:primary_region, :failover_region]) ? my_region_map.values : default_regions
end

#run_with_backoff_and_client_fallback(region = nil, failregion = nil, &block) ⇒ Object



36
37
38
39
40
41
42
43
44
# File 'lib/movable_ink/aws/ssm.rb', line 36

def run_with_backoff_and_client_fallback(region = nil, failregion = nil, &block)
  run_with_backoff do
    block.call(ssm_client(region))
  end
rescue MovableInk::AWS::Errors::FailedWithBackoff => e
  run_with_backoff(tries: 3) do
    block.call(ssm_client_failover(failregion))
  end
end

#ssm_client(region = nil) ⇒ Object



26
27
28
29
# File 'lib/movable_ink/aws/ssm.rb', line 26

def ssm_client(region = nil)
  @ssm_clients_map ||= {}
  @ssm_clients_map[region] ||= Aws::SSM::Client.new(region: (region.nil?) ? mi_ssm_clients_regions[0] : region)
end

#ssm_client_failover(failregion = nil) ⇒ Object



31
32
33
34
# File 'lib/movable_ink/aws/ssm.rb', line 31

def ssm_client_failover(failregion = nil)
  @ssm_failover_clients_map ||= {}
  @ssm_failover_clients_map[failregion] ||= Aws::SSM::Client.new(region: (failregion.nil?) ? mi_ssm_clients_regions[1] : failregion)
end