diff --git a/buildenv.sh b/buildenv.sh index d2bd99d..5a3031d 100755 --- a/buildenv.sh +++ b/buildenv.sh @@ -37,6 +37,19 @@ download_buildenvfile() track_error $? "$listname.json" done } + +download_psfile() +{ + Buffer_seclist=$(echo $SECPS_LIST | sed 's/,/ /g' ) + for listname in $Buffer_seclist; + do + aws s3 cp s3://tc-platform-${ENV_CONFIG}/securitymanager/$listname.json . + track_error $? "$listname.json download" + jq 'keys[]' $listname.json + track_error $? "$listname.json" + done +} + uploading_buildenvvar() { Buffer_seclist=$(echo $BUILDENV_LIST | sed 's/,/ /g') @@ -59,6 +72,38 @@ uploading_buildenvvar() done } +uploading_buildpsenvar() +{ + if [ -z $SECPS_LIST ]; + then + log "No ps file provided" + else + Buffer_seclist=$(echo $SECPS_LIST | sed 's/,/ /g') + for listname in $Buffer_seclist; + do + local o=$IFS + IFS=$(echo -en "\n\b") + varpath=$( cat $listname.json | jq -r ' .ParmeterPathList[] ' ) + #log "vars are fetched" + for k in $varpath; + do + echo $k + aws ssm get-parameters-by-path --with-decryption --path $k --query "Parameters[*].{Name:Name, Value:Value}" > paramnames.json + ###paramnames=$(cat paramnames.json | jq -r .[].Name | rev | cut -d / -f 1 | rev) + for s in $(cat paramnames.json | jq -c .[] ) + do + varname=$(echo $s | jq -r .Name | rev | cut -d / -f 1 | rev) + varvalue=$(echo $s | jq -r .Value) + #varvalue="arn:aws:ssm:$AWS_REGION:$AWS_ACCOUNT_ID:parameter$s" + echo export "$varname"="'$varvalue'" >>"buildenvvar" + #echo "$varname" "$varvalue" + done + done + IFS=$o + done + fi +} + configure_aws_cli() { aws --version aws configure set aws_access_key_id $AWS_ACCESS_KEY_ID @@ -68,7 +113,7 @@ configure_aws_cli() { log "Configured AWS CLI." } -while getopts .b:e:. OPTION +while getopts .b:e:l:. OPTION do case $OPTION in e) @@ -77,7 +122,9 @@ do b) BUILDENV_LIST=$OPTARG ;; - + l) + SECPS_LIST=$OPTARG + ;; ?) log "additional param required" usage @@ -104,6 +151,8 @@ done ENV_CONFIG=`echo "$ENV" | tr '[:upper:]' '[:lower:]'` download_buildenvfile uploading_buildenvvar +download_psfile +uploading_buildpsenvar if grep -Fxq "buildenvvar" .dockerignore then diff --git a/master_deploy.sh b/master_deploy.sh index 83fc1f0..aa63a44 100755 --- a/master_deploy.sh +++ b/master_deploy.sh @@ -69,7 +69,7 @@ ebstemplate="" #variable for cloud front #AWS_S3_BUCKET="" #AWS_S3_SOURCE_SYNC_PATH="" -CFCACHE="true" +CFCACHE="false" # Variables for Lambda #AWS_LAMBDA_DEPLOY_TYPE="" @@ -648,10 +648,10 @@ deploy_s3bucket() { cat /etc/mime.types | grep -i map cat /etc/mime.types | grep -i ttf if [ "$CFCACHE" = "true" ]; then - S3_CACHE_OPTIONS="--cache-control max-age=0,s-maxage=86400" + S3_CACHE_OPTIONS="--cache-control private,no-store,no-cache,must-revalidate,max-age=0" + echo "*** Deploying with Cloudfront Cache disabled ***" else - S3_CACHE_OPTIONS="--cache-control private,no-store,no-cache,must-revalidate,max-age=0" - echo "*** Deploying with Cloudfront Cache disabled ***" + S3_CACHE_OPTIONS="--cache-control max-age=0,s-maxage=86400" fi S3_OPTIONS="--exclude '*.txt' --exclude '*.js' --exclude '*.css'"