Class: Moonshot::Plugins::EncryptedParameters

Inherits:
Object
  • Object
show all
Defined in:
lib/plugins/encrypted_parameters.rb,
lib/plugins/encrypted_parameters/kms_key.rb,
lib/plugins/encrypted_parameters/parameter_encrypter.rb

Defined Under Namespace

Classes: KmsKey, ParameterEncrypter

Instance Method Summary collapse

Constructor Details

#initialize(kms_key_parameter_name, parameters) ⇒ EncryptedParameters

Returns a new instance of EncryptedParameters.

Parameters:

  • kms_key_parameter_name (String)

    The parameter name to store the KMS Key ARN as.

  • parameters (Array<String>)

    Names of parameters to encrypt, if they are not already set.



31
32
33
34
35
 
# File 'lib/plugins/encrypted_parameters.rb', line 31

def initialize(kms_key_parameter_name, parameters)
  @kms_key_parameter_name = kms_key_parameter_name
  @parameters = parameters
  @delete_key = true
end

Instance Method Details

#delete_cli_hook(parser) ⇒ Object 



84
85
86
87
88
89
90
91
92
 
# File 'lib/plugins/encrypted_parameters.rb', line 84

def delete_cli_hook(parser)
  parser.on(
    '--retain-kms-key',
    TrueClass,
    'Do not delete the KMS Key for this environment.'
  ) do
    @delete_key = false
  end
end

#post_delete(res) ⇒ Object 



69
70
71
72
73
74
75
76
77
78
79
80
81
82
 
# File 'lib/plugins/encrypted_parameters.rb', line 69

def post_delete(res)
  key_arn = Moonshot.config.parameters[@kms_key_parameter_name].value

  res.ilog.start_threaded "Cleaning up KMS Key #{@kms_key_parameter_name.blue}..." do |s|
    if @delete_key
      KmsKey.new(key_arn).delete
      s.success "Deleted KMS Key #{@kms_key_parameter_name.blue}!"
    else
      # TODO: See above.
      sleep 0.05
      s.success "Retained KMS Key #{@kms_key_parameter_name.blue}."
    end
  end
end

#pre_create(res) ⇒ Object Also known as: pre_update 



37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
 
# File 'lib/plugins/encrypted_parameters.rb', line 37

def pre_create(res)
  @ilog = res.ilog

  key_arn = find_or_create_kms_key
  pe = ParameterEncrypter.new(key_arn)

  @parameters.each do |parameter_name|
    sp = Moonshot.config.parameters[parameter_name]
    raise "No such parameter #{parameter_name}" unless sp

    @ilog.start_threaded "Handling encrypted parameter #{parameter_name.blue}..." do |s|
      if sp.use_previous?
        # TODO: Remove this and the one below when the upstream race is fixed.
        #       See https://github.com/askreet/interactive-logger/issues/7
        sleep 0.05
        s.success "Using previous encrypted value for #{parameter_name.blue}."
      elsif !sp.set? && !sp.default?
        # If the parameter isn't set, we can't encrypt it. Doing
        # nothing means we will give the user a friendly error message
        # about unset parameters when the controller resumes.
        sleep 0.05
        s.failure "No value to encrypt for #{parameter_name.blue}!"
      else
        s.continue "Encrypting new value for parameter #{parameter_name.blue}..."
        Moonshot.config.parameters[sp.name].set(pe.encrypt(sp.value))
        s.success "Encrypted new value for parameter #{parameter_name.blue}!"
      end
    end
  end
end