├── .gitignore ├── .github └── workflows │ ├── push.yml │ └── release.yml ├── .goreleaser.yml ├── pkg └── pstore │ ├── exec_windows.go │ ├── exec_darwin.go │ ├── exec_linux.go │ └── common.go ├── main.go ├── cmd ├── version.go ├── exec.go ├── powershell.go ├── shell.go ├── root.go └── show.go ├── go.mod ├── README.md ├── go.sum └── LICENSE /.gitignore: -------------------------------------------------------------------------------- 1 | /vendor 2 | -------------------------------------------------------------------------------- /.github/workflows/push.yml: -------------------------------------------------------------------------------- 1 | name: push 2 | on: 3 | push: {} 4 | 5 | jobs: 6 | build: 7 | runs-on: ubuntu-latest 8 | steps: 9 | 10 | - uses: actions/setup-go@v1 11 | with: 12 | go-version: 1.14 13 | 14 | - uses: actions/checkout@v2 15 | 16 | - run: go test -v ./... && go build 17 | -------------------------------------------------------------------------------- /.goreleaser.yml: -------------------------------------------------------------------------------- 1 | builds: 2 | - goarch: [amd64] 3 | env: 4 | - CGO_ENABLED=0 5 | goos: 6 | - darwin 7 | - linux 8 | - windows 9 | checksum: 10 | name_template: 'checksums.txt' 11 | snapshot: 12 | name_template: "{{ .Tag }}-next" 13 | changelog: 14 | sort: asc 15 | filters: 16 | exclude: 17 | - '^docs:' 18 | - '^test:' 19 | -------------------------------------------------------------------------------- /pkg/pstore/exec_windows.go: -------------------------------------------------------------------------------- 1 | package pstore 2 | 3 | import ( 4 | "fmt" 5 | "os" 6 | "os/exec" 7 | ) 8 | 9 | func ExecCommand(args []string) { 10 | if len(args) == 0 { 11 | abort(usageError, "no command specified") 12 | } 13 | 14 | cmd := exec.Command(args[0], args[1:]...) 15 | cmd.Stdout = os.Stdout 16 | cmd.Stderr = os.Stderr 17 | cmd.Stdin = os.Stdin 18 | err := cmd.Run() 19 | 20 | if err != nil { 21 | fmt.Println("err: %s", err.Error()) 22 | os.Exit(1) 23 | } else { 24 | os.Exit(0) 25 | } 26 | } 27 | -------------------------------------------------------------------------------- /pkg/pstore/exec_darwin.go: -------------------------------------------------------------------------------- 1 | package pstore 2 | 3 | import ( 4 | "fmt" 5 | "os" 6 | "os/exec" 7 | "syscall" 8 | ) 9 | 10 | func ExecCommand(args []string) { 11 | if len(args) == 0 { 12 | abort(usageError, "no command specified") 13 | } 14 | commandName := args[0] 15 | commandPath, err := exec.LookPath(commandName) 16 | if err != nil { 17 | abort(commandNotFoundError, fmt.Sprintf("cannot find '%s'", commandName)) 18 | } 19 | err = syscall.Exec(commandPath, args, os.Environ()) 20 | if err != nil { 21 | abort(execError, err) 22 | } 23 | } 24 | -------------------------------------------------------------------------------- /pkg/pstore/exec_linux.go: -------------------------------------------------------------------------------- 1 | package pstore 2 | 3 | import ( 4 | "fmt" 5 | "os" 6 | "os/exec" 7 | "syscall" 8 | ) 9 | 10 | func ExecCommand(args []string) { 11 | if len(args) == 0 { 12 | abort(usageError, "no command specified") 13 | } 14 | commandName := args[0] 15 | commandPath, err := exec.LookPath(commandName) 16 | if err != nil { 17 | abort(commandNotFoundError, fmt.Sprintf("cannot find '%s'", commandName)) 18 | } 19 | err = syscall.Exec(commandPath, args, os.Environ()) 20 | if err != nil { 21 | abort(execError, err) 22 | } 23 | } 24 | -------------------------------------------------------------------------------- /.github/workflows/release.yml: -------------------------------------------------------------------------------- 1 | name: release 2 | on: 3 | push: 4 | tags: 5 | - '*' 6 | jobs: 7 | build: 8 | runs-on: ubuntu-latest 9 | steps: 10 | 11 | - uses: actions/setup-go@v1 12 | with: 13 | go-version: 1.14 14 | 15 | - uses: actions/checkout@v2 16 | 17 | - name: git history 18 | run: git fetch --prune --unshallow 19 | 20 | - uses: goreleaser/goreleaser-action@v1 21 | with: 22 | version: v0.126.0 23 | args: release --rm-dist 24 | env: 25 | GITHUB_TOKEN: ${{ secrets.GORELEASER_GITHUB_TOKEN }} 26 | -------------------------------------------------------------------------------- /main.go: -------------------------------------------------------------------------------- 1 | // Copyright © 2017 Aidan Steele 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package main 16 | 17 | import "github.com/glassechidna/pstore/cmd" 18 | 19 | func main() { 20 | cmd.Execute() 21 | } 22 | -------------------------------------------------------------------------------- /cmd/version.go: -------------------------------------------------------------------------------- 1 | // Copyright © 2017 Aidan Steele 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package cmd 16 | 17 | import ( 18 | "fmt" 19 | "github.com/glassechidna/pstore/pkg/pstore" 20 | "github.com/spf13/cobra" 21 | ) 22 | 23 | var versionCmd = &cobra.Command{ 24 | Use: "version", 25 | Short: "Emits pstore version number and build date", 26 | Run: func(cmd *cobra.Command, args []string) { 27 | fmt.Printf("Version: %s\nBuild Date: %s\n", pstore.ApplicationVersion, pstore.ApplicationBuildDate) 28 | }, 29 | } 30 | 31 | func init() { 32 | RootCmd.AddCommand(versionCmd) 33 | } 34 | -------------------------------------------------------------------------------- /cmd/exec.go: -------------------------------------------------------------------------------- 1 | // Copyright © 2017 Aidan Steele 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package cmd 16 | 17 | import ( 18 | "os" 19 | 20 | "github.com/glassechidna/pstore/pkg/pstore" 21 | "github.com/spf13/cobra" 22 | "github.com/spf13/viper" 23 | ) 24 | 25 | var execCmd = &cobra.Command{ 26 | Use: "exec", 27 | Short: "exec will seed the current environment with ssm parameters (if it exists) execute a command", 28 | Long: `example: 29 | AWS_REGION=us-east-1 PSTORE_DBSTRING=MyDatabaseString pstore exec -- 'echo val is $DBSTRING' 30 | val is SomeSuperSecretDbString`, 31 | 32 | Run: func(cmd *cobra.Command, args []string) { 33 | simplePrefix := viper.GetString("prefix") 34 | tagPrefix := viper.GetString("tag-prefix") 35 | pathPrefix := viper.GetString("path-prefix") 36 | verbose := viper.GetBool("verbose") 37 | 38 | doExec(simplePrefix, tagPrefix, pathPrefix, verbose, args) 39 | }, 40 | } 41 | 42 | func doExec(simplePrefix, tagPrefix, pathPrefix string, verbose bool, args []string) { 43 | pstore.Doit(simplePrefix, tagPrefix, pathPrefix, verbose, func(key, val string) { 44 | os.Setenv(key, val) 45 | }) 46 | 47 | pstore.ExecCommand(args) 48 | } 49 | 50 | func init() { 51 | RootCmd.AddCommand(execCmd) 52 | } 53 | -------------------------------------------------------------------------------- /go.mod: -------------------------------------------------------------------------------- 1 | module github.com/glassechidna/pstore 2 | 3 | go 1.14 4 | 5 | require ( 6 | github.com/aws/aws-sdk-go v1.29.27 7 | github.com/davecgh/go-spew v1.1.1 // indirect 8 | github.com/fatih/color v1.5.0 9 | github.com/fsnotify/fsnotify v0.0.0-20170329110642-4da3e2cfbabc // indirect 10 | github.com/go-ini/ini v0.0.0-20170813052230-c787282c39ac // indirect 11 | github.com/gopherjs/gopherjs v0.0.0-20181103185306-d547d1d9531e // indirect 12 | github.com/hashicorp/hcl v0.0.0-20170509225359-392dba7d905e // indirect 13 | github.com/inconshreveable/mousetrap v1.0.0 // indirect 14 | github.com/jmespath/go-jmespath v0.3.0 // indirect 15 | github.com/jtolds/gls v4.2.1+incompatible // indirect 16 | github.com/kr/pretty v0.1.0 // indirect 17 | github.com/magiconair/properties v0.0.0-20170321093039-51463bfca257 // indirect 18 | github.com/mattn/go-colorable v0.0.0-20170210172801-5411d3eea597 // indirect 19 | github.com/mattn/go-isatty v0.0.0-20170307163044-57fdcb988a5c // indirect 20 | github.com/mitchellh/mapstructure v0.0.0-20170422000251-cc8532a8e9a5 // indirect 21 | github.com/pelletier/go-buffruneio v0.2.0 // indirect 22 | github.com/pelletier/go-toml v0.0.0-20170508001413-23f644976aa7 // indirect 23 | github.com/pmezard/go-difflib v1.0.0 // indirect 24 | github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d // indirect 25 | github.com/smartystreets/goconvey v0.0.0-20181108003508-044398e4856c // indirect 26 | github.com/spf13/afero v0.0.0-20170217164146-9be650865eab // indirect 27 | github.com/spf13/cast v1.1.0 // indirect 28 | github.com/spf13/cobra v0.0.0-20170509201858-1362f95a8d6f 29 | github.com/spf13/jwalterweatherman v0.0.0-20170510083831-8f07c835e5cc // indirect 30 | github.com/spf13/pflag v1.0.0 // indirect 31 | github.com/spf13/viper v0.0.0-20170417080815-0967fc9aceab 32 | gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 // indirect 33 | ) 34 | -------------------------------------------------------------------------------- /cmd/powershell.go: -------------------------------------------------------------------------------- 1 | // Copyright © 2017 Aidan Steele 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package cmd 16 | 17 | import ( 18 | "fmt" 19 | 20 | "strings" 21 | 22 | "github.com/glassechidna/pstore/pkg/pstore" 23 | "github.com/spf13/cobra" 24 | "github.com/spf13/viper" 25 | ) 26 | 27 | var powershellCmd = &cobra.Command{ 28 | Use: "powershell", 29 | Short: "same as shell but for windows", 30 | Long: `Example: 31 | $Env:PSTORE_DBSTRING = "MyDatabaseString" 32 | $Cmd = (pstore powershell mycompany-prod) | Out-String 33 | Invoke-Expression $Cmd 34 | Do-SomethingWith -DbString $DBSTRING 35 | `, 36 | Run: func(cmd *cobra.Command, args []string) { 37 | simplePrefix := viper.GetString("prefix") 38 | tagPrefix := viper.GetString("tag-prefix") 39 | pathPrefix := viper.GetString("path-prefix") 40 | verbose := viper.GetBool("verbose") 41 | 42 | doPowershell(simplePrefix, tagPrefix, pathPrefix, verbose) 43 | }, 44 | } 45 | 46 | func doPowershell(simplePrefix, tagPrefix, pathPrefix string, verbose bool) { 47 | pstore.Doit(simplePrefix, tagPrefix, pathPrefix, verbose, func(key, val string) { 48 | escaped := strings.Replace(val, "\"", "\\\"", -1) 49 | fmt.Printf("${Env:%s}=\"%s\"\n", key, escaped) 50 | }) 51 | } 52 | 53 | func init() { 54 | RootCmd.AddCommand(powershellCmd) 55 | } 56 | -------------------------------------------------------------------------------- /cmd/shell.go: -------------------------------------------------------------------------------- 1 | // Copyright © 2017 Aidan Steele 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package cmd 16 | 17 | import ( 18 | "fmt" 19 | 20 | "strings" 21 | 22 | "github.com/glassechidna/pstore/pkg/pstore" 23 | "github.com/spf13/cobra" 24 | "github.com/spf13/viper" 25 | ) 26 | 27 | var shellCmd = &cobra.Command{ 28 | Use: "shell", 29 | Short: "shell will seed your session with environment with the ssm parameters, and will not execute a child process", 30 | Long: `Example: 31 | #!/bin/bash 32 | # do some stuff ... 33 | eval $(PSTORE_DBSTRING=MyDatabaseString pstore shell) 34 | echo $DBSTRING # will echo out your secret string!`, 35 | Run: func(cmd *cobra.Command, args []string) { 36 | simplePrefix := viper.GetString("prefix") 37 | tagPrefix := viper.GetString("tag-prefix") 38 | pathPrefix := viper.GetString("path-prefix") 39 | verbose := viper.GetBool("verbose") 40 | 41 | doShell(simplePrefix, tagPrefix, pathPrefix, verbose) 42 | }, 43 | } 44 | 45 | func doShell(simplePrefix, tagPrefix, pathPrefix string, verbose bool) { 46 | pstore.Doit(simplePrefix, tagPrefix, pathPrefix, verbose, func(key, val string) { 47 | escaped := strings.Replace(val, "'", "\\'", -1) 48 | fmt.Printf("export %s='%s'\n", key, escaped) 49 | }) 50 | } 51 | 52 | func init() { 53 | RootCmd.AddCommand(shellCmd) 54 | } 55 | -------------------------------------------------------------------------------- /cmd/root.go: -------------------------------------------------------------------------------- 1 | // Copyright © 2017 Aidan Steele 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package cmd 16 | 17 | import ( 18 | "fmt" 19 | "os" 20 | 21 | "github.com/spf13/cobra" 22 | "github.com/spf13/viper" 23 | ) 24 | 25 | var cfgFile string 26 | 27 | var RootCmd = &cobra.Command{ 28 | Use: "pstore", 29 | Short: "pstore is a tiny utility to make usage of AWS Parameter Store an absolute breeze. Simply prefix your application launch with pstore exec and you're up and running - in dev or prod.", 30 | Long: `pstore is usable out of the box. By default it looks for environment variables with a PSTORE_ prefix. For example, PSTORE_DBSTRING=MyDatabaseString asks AWS to decrypt the parameter named MyDatabaseString and stores the decrypted value in a new environment variable named DBSTRING. If there are no envvars with the PSTORE_ prefix, it's essentially a noop - so the same command can be used in local dev and in prod. 31 | 32 | If pstore fails to decrypt any envvars it will exit instead of launching your application.`, 33 | } 34 | 35 | // Execute adds all child commands to the root command sets flags appropriately. 36 | // This is called by main.main(). It only needs to happen once to the rootCmd. 37 | func Execute() { 38 | if err := RootCmd.Execute(); err != nil { 39 | fmt.Println(err) 40 | os.Exit(-1) 41 | } 42 | } 43 | 44 | func init() { 45 | cobra.OnInitialize(initConfig) 46 | 47 | RootCmd.PersistentFlags().String("prefix", "PSTORE_", "") 48 | RootCmd.PersistentFlags().String("tag-prefix", "PSTORETAG_", "") 49 | RootCmd.PersistentFlags().String("path-prefix", "PSTOREPATH_", "") 50 | RootCmd.PersistentFlags().Bool("verbose", false, "") 51 | 52 | RootCmd.PersistentFlags().StringVar(&cfgFile, "config", "", "config file (default is $HOME/.pstore.yaml)") 53 | 54 | viper.BindPFlags(RootCmd.PersistentFlags()) 55 | } 56 | 57 | // initConfig reads in config file and ENV variables if set. 58 | func initConfig() { 59 | if cfgFile != "" { // enable ability to specify config file via flag 60 | viper.SetConfigFile(cfgFile) 61 | } 62 | 63 | viper.SetConfigName(".pstore") // name of config file (without extension) 64 | viper.AddConfigPath("$HOME") // adding home directory as first search path 65 | viper.AutomaticEnv() // read in environment variables that match 66 | 67 | // If a config file is found, read it in. 68 | if err := viper.ReadInConfig(); err == nil { 69 | fmt.Println("Using config file:", viper.ConfigFileUsed()) 70 | } 71 | } 72 | -------------------------------------------------------------------------------- /cmd/show.go: -------------------------------------------------------------------------------- 1 | // Copyright © 2017 Aidan Steele 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package cmd 16 | 17 | import ( 18 | "fmt" 19 | 20 | "encoding/json" 21 | "github.com/aws/aws-sdk-go/aws" 22 | "github.com/aws/aws-sdk-go/aws/session" 23 | "github.com/aws/aws-sdk-go/service/ssm" 24 | "github.com/fatih/color" 25 | "github.com/spf13/cobra" 26 | "sort" 27 | ) 28 | 29 | var showCmd = &cobra.Command{ 30 | Use: "show ", 31 | Short: "Prints all parameters under a prefix", 32 | Long: ` 33 | Prints all parameters under a given prefix. Defaults to human-friendly format, 34 | pass -j if you'd rather JSON output. 35 | `, 36 | Run: func(cmd *cobra.Command, args []string) { 37 | jsonFormat, _ := cmd.PersistentFlags().GetBool("json") 38 | path := args[0] 39 | show(path, jsonFormat) 40 | }, 41 | } 42 | 43 | func getAllParameters(sess *session.Session, path string) []*ssm.Parameter { 44 | api := ssm.New(sess) 45 | 46 | params := []*ssm.Parameter{} 47 | 48 | api.GetParametersByPathPages(&ssm.GetParametersByPathInput{ 49 | Path: &path, 50 | Recursive: aws.Bool(true), 51 | WithDecryption: aws.Bool(true), 52 | }, func(page *ssm.GetParametersByPathOutput, lastPage bool) bool { 53 | params = append(params, page.Parameters...) 54 | return !lastPage 55 | }) 56 | 57 | sort.Sort(byName(params)) 58 | return params 59 | } 60 | 61 | func show(path string, jsonFormat bool) { 62 | sess := session.Must(session.NewSession()) 63 | params := getAllParameters(sess, path) 64 | 65 | if jsonFormat { 66 | printJson(params, path) 67 | } else { 68 | printFriendly(params, path) 69 | } 70 | } 71 | 72 | func printFriendly(params []*ssm.Parameter, path string) { 73 | longest := longestName(params) 74 | padding := longest - len(faint("%s", path)) 75 | 76 | secret := color.New(color.FgRed, color.Bold).SprintfFunc() 77 | 78 | for _, param := range params { 79 | prefix, rest := (*param.Name)[:len(path)], (*param.Name)[len(path):] 80 | value := *param.Value 81 | 82 | if *param.Type == ssm.ParameterTypeSecureString { 83 | value = secret("%s", value) 84 | } 85 | 86 | fmt.Printf("%s%-*s : %s\n", faint("%s", prefix), padding, rest, value) 87 | } 88 | } 89 | 90 | func printJson(params []*ssm.Parameter, path string) { 91 | dict := map[string]string{} 92 | 93 | for _, param := range params { 94 | dict[*param.Name] = *param.Value 95 | } 96 | 97 | bytes, _ := json.MarshalIndent(dict, "", " ") 98 | fmt.Println(string(bytes)) 99 | } 100 | 101 | type byName []*ssm.Parameter 102 | 103 | func (s byName) Len() int { 104 | return len(s) 105 | } 106 | func (s byName) Swap(i, j int) { 107 | s[i], s[j] = s[j], s[i] 108 | } 109 | func (s byName) Less(i, j int) bool { 110 | return *s[i].Name < *s[j].Name 111 | } 112 | 113 | func longestName(params []*ssm.Parameter) int { 114 | longest := 0 115 | 116 | for _, param := range params { 117 | plen := len(faint("%s", *param.Name)) 118 | if plen > longest { 119 | longest = plen 120 | } 121 | } 122 | 123 | return longest 124 | } 125 | 126 | var faint func(format string, a ...interface{}) string 127 | 128 | func init() { 129 | RootCmd.AddCommand(showCmd) 130 | showCmd.PersistentFlags().BoolP("json", "j", false, "Emit JSON instead of table") 131 | 132 | faint = color.New(color.Faint).SprintfFunc() 133 | } 134 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # `pstore` 2 | 3 | [![Build Status](https://travis-ci.org/glassechidna/pstore.svg?branch=master)](https://travis-ci.org/glassechidna/pstore) 4 | 5 | `pstore` is a tiny utility to make usage of [AWS Parameter Store][aws-pstore] an 6 | absolute breeze. Simply prefix your application launch with `pstore exec ` 7 | and you're up and running - in dev or prod. 8 | 9 | **AWS ECS now has [support for specifying secrets from Parameter Store directly 10 | in ECS task definitions][ecs-pstore], making `pstore` obsolete for some use cases.** 11 | 12 | [aws-pstore]: https://aws.amazon.com/ec2/systems-manager/parameter-store/ 13 | [ecs-pstore]: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/specifying-sensitive-data.html 14 | 15 | ## Usage 16 | 17 | `pstore` expects the `AWS_REGION` environment variable to be set to the region 18 | that your parameters are stored in. 19 | 20 | ### `exec` 21 | 22 | ``` 23 | AWS_REGION=us-east-1 PSTORE_DBSTRING=MyDatabaseString pstore exec -- 'echo val is $DBSTRING' 24 | val is SomeSuperSecretDbString 25 | ``` 26 | 27 | `pstore` is usable out of the box. By default it looks for environment variables 28 | with a `PSTORE_` prefix. For example, `PSTORE_DBSTRING=MyDatabaseString` asks 29 | AWS to decrypt the parameter named **MyDatabaseString** and stores the decrypted 30 | value in a new environment variable named `DBSTRING`. If there are no envvars 31 | with the `PSTORE_` prefix, it's essentially a noop - so the same command can be 32 | used in local dev and in prod. 33 | 34 | If `pstore` fails to decrypt any envvars it will exit instead of launching your 35 | application. 36 | 37 | ### `shell` 38 | 39 | Sometimes you don't want to exec the child process directly. You want to use the decrypted values as part of a larger script. In that case you can do: 40 | 41 | ``` 42 | #!/bin/bash 43 | # do some stuff ... 44 | eval $(PSTORE_DBSTRING=MyDatabaseString pstore shell) 45 | echo $DBSTRING # will echo out your secret string! 46 | ``` 47 | 48 | ### `powershell` 49 | 50 | Same as the above, albeit for our Windows friends. 51 | 52 | ``` 53 | $Env:PSTORE_DBSTRING = "MyDatabaseString" 54 | $Cmd = (pstore powershell mycompany-prod) | Out-String 55 | Invoke-Expression $Cmd 56 | Do-SomethingWith -DbString $DBSTRING 57 | ``` 58 | 59 | ### `show` 60 | 61 | Quickly interrogate parameters for a given path or path prefix: 62 | 63 | ``` 64 | $ pstore show "/company/princess/lambdas" 65 | /company/princess/lambdas/execution/env/MyDatabaseString : SomeSuperSecretDbString 66 | /company/princess/lambdas/execution/env/NODE_ENV : production 67 | /company/princess/lambdas/execution/env/LOGLEVEL : excessive 68 | ``` 69 | 70 | 71 | ## Advanced 72 | 73 | `pstore` also works with tagged parameters, which can be helpful when you have 74 | a _lot_ of parameters and don't want to enumerate them all individually. You can 75 | specify `PSTORETAG_tagkey=tagval` and `pstore` will retrieve all parameters with 76 | `tagkey=tagval`. `pstore` will expect to find an additional tag on these parameters, 77 | `pstore:name=ENVVAR`. `pstore` then sets `ENVVAR=value` in the environment. 78 | 79 | The `PSTORE_` and `PSTORETAG_` prefixes are configurable if you want to use 80 | something else. If you want to use `MYSECRETS_` as a prefix, simply invoke 81 | `pstore exec --prefix MYSECRETS_ `. 82 | 83 | Finally, for debugging there is the `pstore exec --verbose ` flag. 84 | Before launching, `pstore` will output what its doing to stdout, e.g. 85 | 86 | ``` 87 | $ pstore exec --verbose 88 | ✔ Decrypted MYREALSECRET︎ 89 | ✗ Failed to decrypt PstoreVal (MYLAMESECRET) 90 | ERROR: Failed to decrypt some secret values 91 | ``` 92 | 93 | 94 | 95 | ## Docker 96 | 97 | `pstore` is well-suited to acting as an entrypoint for a Dockerised application. 98 | Adding it to your project is as simple as: 99 | 100 | ``` 101 | FROM alpine 102 | RUN apk add --update curl 103 | RUN curl -sL -o /usr/bin/pstore https://github.com/glassechidna/pstore/releases/download/1.5.0/pstore_linux_amd64 104 | RUN chmod +x /usr/bin/pstore 105 | ENTRYPOINT ["pstore", "exec", "--verbose", "--"] 106 | CMD env 107 | ``` 108 | 109 | Note that https requests made require `ca-certificates`. Alpine does not ship them by default anymore. In the above example this package is installed because `curl` also needs them, but if you install without `curl` or your `Dockerfile` removes `curl`, you need to explicitly have `RUN apk add ca-certificates`. Without these you will get a runtime error `x509: failed to load system roots and no roots provided`. 110 | -------------------------------------------------------------------------------- /pkg/pstore/common.go: -------------------------------------------------------------------------------- 1 | package pstore 2 | 3 | import ( 4 | "context" 5 | "net/http" 6 | "os" 7 | "strings" 8 | "time" 9 | 10 | "github.com/aws/aws-sdk-go/aws" 11 | "github.com/aws/aws-sdk-go/aws/ec2metadata" 12 | "github.com/aws/aws-sdk-go/aws/request" 13 | "github.com/aws/aws-sdk-go/aws/session" 14 | "github.com/aws/aws-sdk-go/service/resourcegroupstaggingapi" 15 | "github.com/aws/aws-sdk-go/service/ssm" 16 | "github.com/fatih/color" 17 | ) 18 | 19 | const usageError = 64 // incorrect usage of "pstore" 20 | const pstoreError = 69 // parameter store issues 21 | const execError = 126 // cannot execute the specified command 22 | const commandNotFoundError = 127 // cannot find the specified command 23 | 24 | const appName = "pstore" 25 | 26 | var ApplicationVersion = "devel" 27 | var ApplicationBuildDate = "unknown" 28 | 29 | var userAgentHandler = request.NamedHandler{ 30 | Name: "pstore.UserAgentHandler", 31 | Fn: request.MakeAddToUserAgentHandler(appName, ApplicationVersion), 32 | } 33 | 34 | func TagValueWithKey(tags []*resourcegroupstaggingapi.Tag, key string) *string { 35 | for _, tag := range tags { 36 | if *tag.Key == key { 37 | return tag.Value 38 | } 39 | } 40 | 41 | return nil 42 | } 43 | 44 | func GetParametersByTag(sess *session.Session, key, value string) []ParamResult { 45 | api := resourcegroupstaggingapi.New(sess) 46 | api2 := ssm.New(sess) 47 | 48 | resources, _ := api.GetResources(&resourcegroupstaggingapi.GetResourcesInput{ 49 | TagFilters: []*resourcegroupstaggingapi.TagFilter{ 50 | {Key: &key, Values: aws.StringSlice([]string{value})}, 51 | }, 52 | ResourceTypeFilters: aws.StringSlice([]string{"ssm:parameter"}), 53 | }) 54 | 55 | results := []ParamResult{} 56 | 57 | for _, r := range resources.ResourceTagMappingList { 58 | split := strings.SplitN(*r.ResourceARN, "parameter", 2) 59 | name := split[1] 60 | envName := TagValueWithKey(r.Tags, "pstore:name") 61 | 62 | if envName == nil { 63 | continue 64 | } // TODO: maybe emit logs 65 | 66 | requestId := "" 67 | input := &ssm.GetParametersInput{Names: aws.StringSlice([]string{name}), WithDecryption: aws.Bool(true)} 68 | 69 | resp, err := api2.GetParametersWithContext(context.Background(), input, func(r *request.Request) { 70 | r.Handlers.Complete.PushBack(func(req *request.Request) { 71 | requestId = req.RequestID 72 | }) 73 | }) 74 | 75 | for _, p := range resp.Parameters { 76 | result := ParamResult{ 77 | ParamName: *p.Name, 78 | EnvName: *envName, 79 | Value: *p.Value, 80 | RequestID: requestId, 81 | Success: true, 82 | Err: err, 83 | } 84 | results = append(results, result) 85 | } 86 | 87 | for _, name := range resp.InvalidParameters { 88 | result := ParamResult{ 89 | ParamName: *name, 90 | EnvName: *envName, 91 | RequestID: requestId, 92 | Success: false, 93 | Err: err, 94 | } 95 | results = append(results, result) 96 | } 97 | 98 | } 99 | 100 | return results 101 | } 102 | 103 | type ParamResult struct { 104 | ParamName string 105 | EnvName string 106 | Value string 107 | RequestID string 108 | Success bool 109 | Err error 110 | } 111 | 112 | func GetParamsByNames(sess *session.Session, input map[string]string) []ParamResult { 113 | api2 := ssm.New(sess) 114 | results := []ParamResult{} 115 | 116 | for envName, paramName := range input { 117 | requestID := "" 118 | 119 | input := &ssm.GetParameterInput{Name: ¶mName, WithDecryption: aws.Bool(true)} 120 | resp, err := api2.GetParameterWithContext(context.Background(), input, func(r *request.Request) { 121 | r.Handlers.Complete.PushBack(func(req *request.Request) { 122 | requestID = req.RequestID 123 | }) 124 | }) 125 | 126 | if err == nil { 127 | result := ParamResult{ 128 | ParamName: paramName, 129 | EnvName: envName, 130 | Value: *resp.Parameter.Value, 131 | RequestID: requestID, 132 | Success: true, 133 | Err: nil, 134 | } 135 | results = append(results, result) 136 | } else { 137 | result := ParamResult{ 138 | ParamName: paramName, 139 | EnvName: envName, 140 | RequestID: requestID, 141 | Success: false, 142 | Err: err, 143 | } 144 | results = append(results, result) 145 | } 146 | } 147 | 148 | return results 149 | } 150 | 151 | func GetParamsByPaths(sess *session.Session, input []string) []ParamResult { 152 | results := []ParamResult{} 153 | api := ssm.New(sess) 154 | requestID := "" 155 | for _, path := range input { 156 | input := &ssm.GetParametersByPathInput{ 157 | Path: &path, 158 | Recursive: aws.Bool(true), 159 | WithDecryption: aws.Bool(true), 160 | } 161 | api.GetParametersByPathPagesWithContext( 162 | context.Background(), 163 | input, 164 | func(page *ssm.GetParametersByPathOutput, lastPage bool) bool { 165 | for _, param := range page.Parameters { 166 | parts := strings.Split(*param.Name, "/") 167 | name := parts[len(parts)-1] 168 | results = append(results, ParamResult{ 169 | ParamName: "", 170 | EnvName: name, 171 | Value: *param.Value, 172 | RequestID: requestID, 173 | Success: true, 174 | Err: nil, 175 | }) 176 | } 177 | return !lastPage 178 | }, 179 | func(r *request.Request) { 180 | r.Handlers.Complete.PushBack(func(req *request.Request) { 181 | requestID = req.RequestID 182 | }) 183 | 184 | }) 185 | } 186 | 187 | return results 188 | } 189 | 190 | type ParamsRequest struct { 191 | SimpleParams map[string]string 192 | TaggedParams map[string]string 193 | PathParams []string 194 | } 195 | 196 | func GetParamRequestFromEnv(simplePrefix, tagPrefix, pathPrefix string) ParamsRequest { 197 | req := ParamsRequest{ 198 | SimpleParams: make(map[string]string), 199 | TaggedParams: make(map[string]string), 200 | } 201 | 202 | for _, e := range os.Environ() { 203 | pair := strings.SplitN(e, "=", 2) 204 | name := pair[0] 205 | value := pair[1] 206 | 207 | if strings.HasPrefix(name, simplePrefix) { 208 | shortName := name[len(simplePrefix):] 209 | req.SimpleParams[shortName] = value 210 | } else if strings.HasPrefix(name, tagPrefix) { 211 | shortName := name[len(tagPrefix):] 212 | req.TaggedParams[shortName] = value 213 | } else if strings.HasPrefix(name, pathPrefix) { 214 | req.PathParams = append(req.PathParams, value) 215 | } 216 | } 217 | 218 | return req 219 | } 220 | 221 | func printErrors(params []ParamResult, verbose bool) bool { 222 | anyFailed := false 223 | 224 | for _, param := range params { 225 | if !param.Success { 226 | color.Red("✗ Failed to decrypt %s=%s (request ID: %s)", param.ParamName, param.EnvName, param.RequestID) 227 | if param.Err != nil { 228 | color.Red("Failed Reason: %s", param.Err.Error()) 229 | } 230 | anyFailed = true 231 | } else if verbose { 232 | color.Green("✔ Decrypted %s︎=%s (request ID: %s)", param.ParamName, param.EnvName, param.RequestID) 233 | } 234 | } 235 | 236 | return !anyFailed 237 | } 238 | 239 | func awsRegion() string { 240 | config := aws.NewConfig(). 241 | WithHTTPClient(&http.Client{Timeout: 2 * time.Second}). 242 | WithMaxRetries(1) 243 | 244 | meta := ec2metadata.New(session.Must(session.NewSession(config))) 245 | region := os.Getenv("AWS_REGION") 246 | 247 | if meta.Available() { 248 | regionp, err := meta.Region() 249 | if err == nil { 250 | region = regionp 251 | } 252 | } 253 | 254 | return region 255 | } 256 | 257 | func Doit(simplePrefix, tagPrefix, pathPrefix string, verbose bool, callback func(key, value string)) { 258 | req := GetParamRequestFromEnv(simplePrefix, tagPrefix, pathPrefix) 259 | if len(req.TaggedParams)+len(req.SimpleParams)+len(req.PathParams) == 0 { 260 | return 261 | } 262 | 263 | region := awsRegion() 264 | if len(region) == 0 { 265 | abort(usageError, "No AWS region specified. Either run on EC2 or specify AWS_REGION env var") 266 | } 267 | 268 | sess, _ := session.NewSession(aws.NewConfig().WithRegion(region)) 269 | sess.Handlers.Build.PushBackNamed(userAgentHandler) 270 | 271 | results := GetParamsByNames(sess, req.SimpleParams) 272 | 273 | results = append(results, GetParamsByPaths(sess, req.PathParams)...) 274 | 275 | for key, val := range req.TaggedParams { 276 | results = append(results, GetParametersByTag(sess, key, val)...) 277 | } 278 | 279 | if !printErrors(results, verbose) { 280 | abort(pstoreError, "Failed to decrypt some secret values") 281 | } 282 | 283 | for _, param := range results { 284 | callback(param.EnvName, param.Value) 285 | } 286 | } 287 | 288 | func abort(status int, message interface{}) { 289 | color.New(color.FgRed).Fprintf(os.Stderr, "ERROR: %s\n", message) 290 | os.Exit(status) 291 | } 292 | -------------------------------------------------------------------------------- /go.sum: -------------------------------------------------------------------------------- 1 | github.com/aws/aws-sdk-go v1.10.39 h1:wSPGsGNaVysnH9SWwntliJNRkEr79vIox/FAL7aTgns= 2 | github.com/aws/aws-sdk-go v1.10.39/go.mod h1:ZRmQr0FajVIyZ4ZzBYKG5P3ZqPz9IHG41ZoMu1ADI3k= 3 | github.com/aws/aws-sdk-go v1.29.27 h1:4A53lDDGtk4TvnXFzvcOO3Vx3tDqEPfwvChhhxTPN/M= 4 | github.com/aws/aws-sdk-go v1.29.27/go.mod h1:1KvfttTE3SPKMpo8g2c6jL3ZKfXtFvKscTgahTma5Xg= 5 | github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= 6 | github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= 7 | github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= 8 | github.com/fatih/color v1.5.0 h1:vBh+kQp8lg9XPr56u1CPrWjFXtdphMoGWVHr9/1c+A0= 9 | github.com/fatih/color v1.5.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= 10 | github.com/fsnotify/fsnotify v0.0.0-20170329110642-4da3e2cfbabc h1:fqUzyjP8DApxXq0dOZJE/NvqQkyjxiTy9ARNyRwBPEw= 11 | github.com/fsnotify/fsnotify v0.0.0-20170329110642-4da3e2cfbabc/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= 12 | github.com/go-ini/ini v0.0.0-20170813052230-c787282c39ac h1:elGsdnnDSIyzuQPuCOULChCGUKGy7yt1qeq+8JBy4KA= 13 | github.com/go-ini/ini v0.0.0-20170813052230-c787282c39ac/go.mod h1:ByCAeIL28uOIIG0E3PJtZPDL8WnHpFKFOtgjp+3Ies8= 14 | github.com/go-sql-driver/mysql v1.5.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg= 15 | github.com/gopherjs/gopherjs v0.0.0-20181103185306-d547d1d9531e h1:JKmoR8x90Iww1ks85zJ1lfDGgIiMDuIptTOhJq+zKyg= 16 | github.com/gopherjs/gopherjs v0.0.0-20181103185306-d547d1d9531e/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY= 17 | github.com/hashicorp/hcl v0.0.0-20170509225359-392dba7d905e h1:KJWs1uTCkN3E/J5ofCH9Pf8KKsibTFc3fv0CA9+WsVo= 18 | github.com/hashicorp/hcl v0.0.0-20170509225359-392dba7d905e/go.mod h1:oZtUIOe8dh44I2q6ScRibXws4Ajl+d+nod3AaR9vL5w= 19 | github.com/inconshreveable/mousetrap v1.0.0 h1:Z8tu5sraLXCXIcARxBp/8cbvlwVa7Z1NHg9XEKhtSvM= 20 | github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= 21 | github.com/jmespath/go-jmespath v0.0.0-20160803190731-bd40a432e4c7 h1:SMvOWPJCES2GdFracYbBQh93GXac8fq7HeN6JnpduB8= 22 | github.com/jmespath/go-jmespath v0.0.0-20160803190731-bd40a432e4c7/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k= 23 | github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af h1:pmfjZENx5imkbgOkpRUYLnmbU7UEFbjtDA2hxJ1ichM= 24 | github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k= 25 | github.com/jmespath/go-jmespath v0.3.0 h1:OS12ieG61fsCg5+qLJ+SsW9NicxNkg3b25OyT2yCeUc= 26 | github.com/jmespath/go-jmespath v0.3.0/go.mod h1:9QtRXoHjLGCJ5IBSaohpXITPlowMeeYCZ7fLUTSywik= 27 | github.com/jtolds/gls v4.2.1+incompatible h1:fSuqC+Gmlu6l/ZYAoZzx2pyucC8Xza35fpRVWLVmUEE= 28 | github.com/jtolds/gls v4.2.1+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU= 29 | github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI= 30 | github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= 31 | github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= 32 | github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE= 33 | github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= 34 | github.com/magiconair/properties v0.0.0-20170321093039-51463bfca257 h1:nqPtTOaJx2zFKWinLXKQYQRfxXTZN3GoJ602Uo65VGY= 35 | github.com/magiconair/properties v0.0.0-20170321093039-51463bfca257/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= 36 | github.com/mattn/go-colorable v0.0.0-20170210172801-5411d3eea597 h1:hGizH4aMDFFt1iOA4HNKC13lqIBoCyxIjWcAnWIy7aU= 37 | github.com/mattn/go-colorable v0.0.0-20170210172801-5411d3eea597/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU= 38 | github.com/mattn/go-isatty v0.0.0-20170307163044-57fdcb988a5c h1:AHfQR/s6GNi92TOh+kfGworqDvTxj2rMsS+Hca87nck= 39 | github.com/mattn/go-isatty v0.0.0-20170307163044-57fdcb988a5c/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4= 40 | github.com/mitchellh/mapstructure v0.0.0-20170422000251-cc8532a8e9a5 h1:AjVRQelY0a5wq4bUgs08/+iblph90u9H58uzaH7Cw3g= 41 | github.com/mitchellh/mapstructure v0.0.0-20170422000251-cc8532a8e9a5/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= 42 | github.com/pelletier/go-buffruneio v0.2.0 h1:U4t4R6YkofJ5xHm3dJzuRpPZ0mr5MMCoAWooScCR7aA= 43 | github.com/pelletier/go-buffruneio v0.2.0/go.mod h1:JkE26KsDizTr40EUHkXVtNPvgGtbSNq5BcowyYOWdKo= 44 | github.com/pelletier/go-toml v0.0.0-20170508001413-23f644976aa7 h1:1UloXEBnP1Aa62/Knk7cq0OT+kkJGUnor7WwosgU++E= 45 | github.com/pelletier/go-toml v0.0.0-20170508001413-23f644976aa7/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic= 46 | github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= 47 | github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= 48 | github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= 49 | github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d h1:zE9ykElWQ6/NYmHa3jpm/yHnI4xSofP+UP6SpjHcSeM= 50 | github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc= 51 | github.com/smartystreets/goconvey v0.0.0-20181108003508-044398e4856c h1:Ho+uVpkel/udgjbwB5Lktg9BtvJSh2DT0Hi6LPSyI2w= 52 | github.com/smartystreets/goconvey v0.0.0-20181108003508-044398e4856c/go.mod h1:XDJAKZRPZ1CvBcN2aX5YOUTYGHki24fSF0Iv48Ibg0s= 53 | github.com/spf13/afero v0.0.0-20170217164146-9be650865eab h1:IVAbBHQR8rXL2Fc8Zba/lMF7KOnTi70lqdx91UTuAwQ= 54 | github.com/spf13/afero v0.0.0-20170217164146-9be650865eab/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ= 55 | github.com/spf13/cast v1.1.0 h1:0Rhw4d6C8J9VPu6cjZLIhZ8+aAOHcDvGeKn+cq5Aq3k= 56 | github.com/spf13/cast v1.1.0/go.mod h1:r2rcYCSwa1IExKTDiTfzaxqT2FNHs8hODu4LnUfgKEg= 57 | github.com/spf13/cobra v0.0.0-20170509201858-1362f95a8d6f h1:x+QlPRn7WEvm6k3afDbOAY0Z2IZ5TcOnuT5CJ85XSSg= 58 | github.com/spf13/cobra v0.0.0-20170509201858-1362f95a8d6f/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ= 59 | github.com/spf13/jwalterweatherman v0.0.0-20170510083831-8f07c835e5cc h1:w5Usj7bND+OgU+9elHtyE5JwRhhI7W8QQ043pvMOtWU= 60 | github.com/spf13/jwalterweatherman v0.0.0-20170510083831-8f07c835e5cc/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo= 61 | github.com/spf13/pflag v1.0.0 h1:oaPbdDe/x0UncahuwiPxW1GYJyilRAdsPnq3e1yaPcI= 62 | github.com/spf13/pflag v1.0.0/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= 63 | github.com/spf13/viper v0.0.0-20170417080815-0967fc9aceab h1:zBElsuPeIPEJIK0ASx7DJ5ULqRWPvfVil3Dg2gvArOM= 64 | github.com/spf13/viper v0.0.0-20170417080815-0967fc9aceab/go.mod h1:A8kyI5cUJhb8N+3pkfONlcEcZbueH6nhAm0Fq7SrnBM= 65 | github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= 66 | github.com/stretchr/testify v1.2.2 h1:bSDNvY7ZPG5RlJ8otE/7V6gMiyenm9RtJ7IUVIAoJ1w= 67 | github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= 68 | github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= 69 | github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= 70 | golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= 71 | golang.org/x/net v0.0.0-20181114220301-adae6a3d119a h1:gOpx8G595UYyvj8UK4+OFyY4rx037g3fmfhe5SasG3U= 72 | golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= 73 | golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= 74 | golang.org/x/sys v0.0.0-20170213225739-e24f485414ae h1:GTtEQDSA+M757ZEFcmC1Z5tEQXeyj0/vKmKeGqKRbP4= 75 | golang.org/x/sys v0.0.0-20170213225739-e24f485414ae/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= 76 | golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a h1:1BGLXjeY4akVXGgbC9HugT3Jv3hCI0z56oJR5vAMgBU= 77 | golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= 78 | golang.org/x/text v0.0.0-20170427093521-470f45bf29f4 h1:8fwxlIjs7C5MgPSVG+/5qOMnAnwSJ77RAfeJH2Wb7q0= 79 | golang.org/x/text v0.0.0-20170427093521-470f45bf29f4/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= 80 | golang.org/x/text v0.3.0 h1:g61tztE5qeGQ89tm6NTjjM9VPIm088od1l6aSorWRWg= 81 | golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= 82 | gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= 83 | gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 h1:qIbj1fsPNlZgppZ+VLlY7N33q108Sa+fhmuc+sWQYwY= 84 | gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= 85 | gopkg.in/yaml.v2 v2.0.0-20170407172122-cd8b52f8269e h1:o/mfNjxpTLivuKEfxzzwrJ8PmulH2wEp7t713uMwKAA= 86 | gopkg.in/yaml.v2 v2.0.0-20170407172122-cd8b52f8269e/go.mod h1:JAlM8MvJe8wmxCU4Bli9HhUf9+ttbYbLASfIpnQbh74= 87 | gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw= 88 | gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= 89 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | 2 | Apache License 3 | Version 2.0, January 2004 4 | http://www.apache.org/licenses/ 5 | 6 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 7 | 8 | 1. Definitions. 9 | 10 | "License" shall mean the terms and conditions for use, reproduction, 11 | and distribution as defined by Sections 1 through 9 of this document. 12 | 13 | "Licensor" shall mean the copyright owner or entity authorized by 14 | the copyright owner that is granting the License. 15 | 16 | "Legal Entity" shall mean the union of the acting entity and all 17 | other entities that control, are controlled by, or are under common 18 | control with that entity. For the purposes of this definition, 19 | "control" means (i) the power, direct or indirect, to cause the 20 | direction or management of such entity, whether by contract or 21 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 22 | outstanding shares, or (iii) beneficial ownership of such entity. 23 | 24 | "You" (or "Your") shall mean an individual or Legal Entity 25 | exercising permissions granted by this License. 26 | 27 | "Source" form shall mean the preferred form for making modifications, 28 | including but not limited to software source code, documentation 29 | source, and configuration files. 30 | 31 | "Object" form shall mean any form resulting from mechanical 32 | transformation or translation of a Source form, including but 33 | not limited to compiled object code, generated documentation, 34 | and conversions to other media types. 35 | 36 | "Work" shall mean the work of authorship, whether in Source or 37 | Object form, made available under the License, as indicated by a 38 | copyright notice that is included in or attached to the work 39 | (an example is provided in the Appendix below). 40 | 41 | "Derivative Works" shall mean any work, whether in Source or Object 42 | form, that is based on (or derived from) the Work and for which the 43 | editorial revisions, annotations, elaborations, or other modifications 44 | represent, as a whole, an original work of authorship. For the purposes 45 | of this License, Derivative Works shall not include works that remain 46 | separable from, or merely link (or bind by name) to the interfaces of, 47 | the Work and Derivative Works thereof. 48 | 49 | "Contribution" shall mean any work of authorship, including 50 | the original version of the Work and any modifications or additions 51 | to that Work or Derivative Works thereof, that is intentionally 52 | submitted to Licensor for inclusion in the Work by the copyright owner 53 | or by an individual or Legal Entity authorized to submit on behalf of 54 | the copyright owner. For the purposes of this definition, "submitted" 55 | means any form of electronic, verbal, or written communication sent 56 | to the Licensor or its representatives, including but not limited to 57 | communication on electronic mailing lists, source code control systems, 58 | and issue tracking systems that are managed by, or on behalf of, the 59 | Licensor for the purpose of discussing and improving the Work, but 60 | excluding communication that is conspicuously marked or otherwise 61 | designated in writing by the copyright owner as "Not a Contribution." 62 | 63 | "Contributor" shall mean Licensor and any individual or Legal Entity 64 | on behalf of whom a Contribution has been received by Licensor and 65 | subsequently incorporated within the Work. 66 | 67 | 2. Grant of Copyright License. Subject to the terms and conditions of 68 | this License, each Contributor hereby grants to You a perpetual, 69 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 70 | copyright license to reproduce, prepare Derivative Works of, 71 | publicly display, publicly perform, sublicense, and distribute the 72 | Work and such Derivative Works in Source or Object form. 73 | 74 | 3. Grant of Patent License. Subject to the terms and conditions of 75 | this License, each Contributor hereby grants to You a perpetual, 76 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 77 | (except as stated in this section) patent license to make, have made, 78 | use, offer to sell, sell, import, and otherwise transfer the Work, 79 | where such license applies only to those patent claims licensable 80 | by such Contributor that are necessarily infringed by their 81 | Contribution(s) alone or by combination of their Contribution(s) 82 | with the Work to which such Contribution(s) was submitted. If You 83 | institute patent litigation against any entity (including a 84 | cross-claim or counterclaim in a lawsuit) alleging that the Work 85 | or a Contribution incorporated within the Work constitutes direct 86 | or contributory patent infringement, then any patent licenses 87 | granted to You under this License for that Work shall terminate 88 | as of the date such litigation is filed. 89 | 90 | 4. Redistribution. You may reproduce and distribute copies of the 91 | Work or Derivative Works thereof in any medium, with or without 92 | modifications, and in Source or Object form, provided that You 93 | meet the following conditions: 94 | 95 | (a) You must give any other recipients of the Work or 96 | Derivative Works a copy of this License; and 97 | 98 | (b) You must cause any modified files to carry prominent notices 99 | stating that You changed the files; and 100 | 101 | (c) You must retain, in the Source form of any Derivative Works 102 | that You distribute, all copyright, patent, trademark, and 103 | attribution notices from the Source form of the Work, 104 | excluding those notices that do not pertain to any part of 105 | the Derivative Works; and 106 | 107 | (d) If the Work includes a "NOTICE" text file as part of its 108 | distribution, then any Derivative Works that You distribute must 109 | include a readable copy of the attribution notices contained 110 | within such NOTICE file, excluding those notices that do not 111 | pertain to any part of the Derivative Works, in at least one 112 | of the following places: within a NOTICE text file distributed 113 | as part of the Derivative Works; within the Source form or 114 | documentation, if provided along with the Derivative Works; or, 115 | within a display generated by the Derivative Works, if and 116 | wherever such third-party notices normally appear. The contents 117 | of the NOTICE file are for informational purposes only and 118 | do not modify the License. You may add Your own attribution 119 | notices within Derivative Works that You distribute, alongside 120 | or as an addendum to the NOTICE text from the Work, provided 121 | that such additional attribution notices cannot be construed 122 | as modifying the License. 123 | 124 | You may add Your own copyright statement to Your modifications and 125 | may provide additional or different license terms and conditions 126 | for use, reproduction, or distribution of Your modifications, or 127 | for any such Derivative Works as a whole, provided Your use, 128 | reproduction, and distribution of the Work otherwise complies with 129 | the conditions stated in this License. 130 | 131 | 5. Submission of Contributions. Unless You explicitly state otherwise, 132 | any Contribution intentionally submitted for inclusion in the Work 133 | by You to the Licensor shall be under the terms and conditions of 134 | this License, without any additional terms or conditions. 135 | Notwithstanding the above, nothing herein shall supersede or modify 136 | the terms of any separate license agreement you may have executed 137 | with Licensor regarding such Contributions. 138 | 139 | 6. Trademarks. This License does not grant permission to use the trade 140 | names, trademarks, service marks, or product names of the Licensor, 141 | except as required for reasonable and customary use in describing the 142 | origin of the Work and reproducing the content of the NOTICE file. 143 | 144 | 7. Disclaimer of Warranty. Unless required by applicable law or 145 | agreed to in writing, Licensor provides the Work (and each 146 | Contributor provides its Contributions) on an "AS IS" BASIS, 147 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 148 | implied, including, without limitation, any warranties or conditions 149 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 150 | PARTICULAR PURPOSE. You are solely responsible for determining the 151 | appropriateness of using or redistributing the Work and assume any 152 | risks associated with Your exercise of permissions under this License. 153 | 154 | 8. Limitation of Liability. In no event and under no legal theory, 155 | whether in tort (including negligence), contract, or otherwise, 156 | unless required by applicable law (such as deliberate and grossly 157 | negligent acts) or agreed to in writing, shall any Contributor be 158 | liable to You for damages, including any direct, indirect, special, 159 | incidental, or consequential damages of any character arising as a 160 | result of this License or out of the use or inability to use the 161 | Work (including but not limited to damages for loss of goodwill, 162 | work stoppage, computer failure or malfunction, or any and all 163 | other commercial damages or losses), even if such Contributor 164 | has been advised of the possibility of such damages. 165 | 166 | 9. Accepting Warranty or Additional Liability. While redistributing 167 | the Work or Derivative Works thereof, You may choose to offer, 168 | and charge a fee for, acceptance of support, warranty, indemnity, 169 | or other liability obligations and/or rights consistent with this 170 | License. However, in accepting such obligations, You may act only 171 | on Your own behalf and on Your sole responsibility, not on behalf 172 | of any other Contributor, and only if You agree to indemnify, 173 | defend, and hold each Contributor harmless for any liability 174 | incurred by, or claims asserted against, such Contributor by reason 175 | of your accepting any such warranty or additional liability. 176 | 177 | END OF TERMS AND CONDITIONS 178 | 179 | APPENDIX: How to apply the Apache License to your work. 180 | 181 | To apply the Apache License to your work, attach the following 182 | boilerplate notice, with the fields enclosed by brackets "[]" 183 | replaced with your own identifying information. (Don't include 184 | the brackets!) The text should be enclosed in the appropriate 185 | comment syntax for the file format. We also recommend that a 186 | file or class name and description of purpose be included on the 187 | same "printed page" as the copyright notice for easier 188 | identification within third-party archives. 189 | 190 | Copyright [yyyy] [name of copyright owner] 191 | 192 | Licensed under the Apache License, Version 2.0 (the "License"); 193 | you may not use this file except in compliance with the License. 194 | You may obtain a copy of the License at 195 | 196 | http://www.apache.org/licenses/LICENSE-2.0 197 | 198 | Unless required by applicable law or agreed to in writing, software 199 | distributed under the License is distributed on an "AS IS" BASIS, 200 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 201 | See the License for the specific language governing permissions and 202 | limitations under the License. 203 | --------------------------------------------------------------------------------