Skip to content

Commit 3661e54

Browse files
Gunasekar-KGunasekar-K
committed
parameter store integration
1 parent ece07d5 commit 3661e54

File tree

1 file changed

+73
-5
lines changed

1 file changed

+73
-5
lines changed

master_deploy.sh

Lines changed: 73 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -17,6 +17,7 @@ SHARED_PROPERTY_FILENAME=""
1717
# AWS_REGION=""
1818
TAG=""
1919
SEC_LIST=""
20+
SECPS_LIST=""
2021
#COUNTER_LIMIT=12
2122

2223
if [ -z "$COUNTER_LIMIT" ]; then
@@ -36,6 +37,7 @@ task_def=""
3637
CONTAINER_LOG_DRIVER="awslogs"
3738
portcount=0
3839
envcount=0
40+
psenvcount=0
3941
volcount=0
4042
template=""
4143
TEMPLATE_SKELETON_FILE="base_template_v2.json"
@@ -207,6 +209,21 @@ let envcount=envcount+1
207209
#echo "envcount after ---------" $envcount
208210
#echo "envvalue after ---------" $envvalue
209211
}
212+
#=========================
213+
psenvaddition() {
214+
#echo "psenvcount before " $psenvcount
215+
216+
envname=$1
217+
envvalue=$2
218+
#echo "env value before" $envvalue
219+
set -f
220+
template=$(echo $template | jq --arg name "$envname" --arg value "$envvalue" --arg psenvcount $psenvcount '.containerDefinitions[0].secrets[$psenvcount |tonumber] |= .+ { name: $name, valueFrom: $value }')
221+
set +f
222+
let psenvcount=psenvcount+1
223+
#echo "psenvcount after ---------" $psenvcount
224+
#echo "envvalue after ---------" $envvalue
225+
}
226+
210227
#=========================
211228
logconfiguration() {
212229
template=$(echo $template | jq --arg logDriver $CONTAINER_LOG_DRIVER '.containerDefinitions[0].logConfiguration.logDriver=$logDriver')
@@ -259,12 +276,16 @@ log "Family updated"
259276
#taskrole and excution role has updated
260277
if [ -z $AWS_ECS_TASK_ROLE_ARN ];
261278
then
262-
log "No Execution Role defined"
279+
log "No Task Role defined"
263280
else
264281
template=$(echo $template | jq --arg taskRoleArn arn:aws:iam::$AWS_ACCOUNT_ID:role/$AWS_ECS_TASK_ROLE_ARN '.taskRoleArn=$taskRoleArn')
265282
fi
266-
#template=$(echo $template | jq --arg executionRoleArn arn:aws:iam::$AWS_ACCOUNT_ID:role/ecsTaskExecutionRole '.executionRoleArn=$executionRoleArn')
267-
283+
if [ -z $AWS_ECS_TASK_EXECUTION_ROLE_ARN ];
284+
then
285+
log "No Task Execution Role defined"
286+
else
287+
template=$(echo $template | jq --arg executionRoleArn arn:aws:iam::$AWS_ACCOUNT_ID:role/$AWS_ECS_TASK_EXECUTION_ROLE_ARN '.executionRoleArn=$executionRoleArn')
288+
fi
268289
#Container Name update
269290
template=$(echo $template | jq --arg name $AWS_ECS_CONTAINER_NAME '.containerDefinitions[0].name=$name')
270291
log "Container Name updated"
@@ -321,7 +342,33 @@ do
321342
done
322343
IFS=$o
323344
done
324-
345+
if [ -z $SECPS_LIST ];
346+
then
347+
log "No ps file provided"
348+
else
349+
Buffer_seclist=$(echo $SECPS_LIST | sed 's/,/ /g')
350+
for listname in $Buffer_seclist;
351+
do
352+
local o=$IFS
353+
IFS=$(echo -en "\n\b")
354+
varpath=$( cat $listname.json | jq -r ' .ParmeterPathList[] ' )
355+
#log "vars are fetched"
356+
for k in $varpath;
357+
do
358+
echo $k
359+
aws ssm get-parameters-by-path --path $k --query "Parameters[*].{Name:Name}" > paramnames.json
360+
###paramnames=$(cat paramnames.json | jq -r .[].Name | rev | cut -d / -f 1 | rev)
361+
for s in $(cat paramnames.json | jq -r .[].Name )
362+
do
363+
varname=$(echo $s | rev | cut -d / -f 1 | rev)
364+
varvalue="arn:aws:ssm:$AWS_REGION:$AWS_ACCOUNT_ID:$s"
365+
psenvaddition "$varname" "$varvalue"
366+
#echo "$varname" "$varvalue"
367+
done
368+
done
369+
IFS=$o
370+
done
371+
fi
325372
log "environment has updated"
326373
# Log Configuration
327374
logconfiguration
@@ -613,6 +660,17 @@ download_envfile()
613660
#openssl enc -aes-256-cbc -d -md MD5 -in $listname.json.enc -out $listname.json -k $SECPASSWD
614661
done
615662
}
663+
download_psfile()
664+
{
665+
Buffer_seclist=$(echo $SECPS_LIST | sed 's/,/ /g' )
666+
for listname in $Buffer_seclist;
667+
do
668+
aws s3 cp s3://tc-platform-${ENV_CONFIG}/securitymanager/$listname.json .
669+
track_error $? "$listname.json download"
670+
jq 'keys[]' $listname.json
671+
track_error $? "$listname.json"
672+
done
673+
}
616674
decrypt_fileenc()
617675
{
618676
Buffer_seclist=$(echo $SEC_LIST | sed 's/,/ /g' )
@@ -696,7 +754,7 @@ deploy_lambda_package()
696754
# Input Collection and validation
697755
input_parsing_validation()
698756
{
699-
while getopts .d:h:i:e:t:v:s:p:g:c:m:. OPTION
757+
while getopts .d:h:i:e:l:t:v:s:p:g:c:m:. OPTION
700758
do
701759
case $OPTION in
702760
d)
@@ -712,6 +770,9 @@ do
712770
e)
713771
ENV=$OPTARG
714772
;;
773+
l)
774+
SECPS_LIST=$OPTARG
775+
;;
715776
t)
716777
TAG=$OPTARG
717778
;;
@@ -773,6 +834,13 @@ ENV_CONFIG=`echo "$ENV" | tr '[:upper:]' '[:lower:]'`
773834
# fi
774835

775836
download_envfile
837+
if [ -z $SECPS_LIST ];
838+
then
839+
log "No secret parameter file list provided"
840+
841+
else
842+
download_psfile
843+
fi
776844
#decrypt_fileenc
777845
#uploading_envvar
778846

0 commit comments

Comments
 (0)