Skip to content

Commit

Permalink
Make kmsKey optional (#14)
Browse files Browse the repository at this point in the history
  • Loading branch information
@winjer
winjer authored Feb 28, 2020
1 parent 8372b7a commit 8738751
Show file tree
Hide file tree
Showing 2 changed files with 13 additions and 9 deletions.
10 changes: 5 additions & 5 deletions index.ts
View file
Original file line number Diff line number Diff line change
@@ -1,12 +1,12 @@
import * as path from 'path';
import * as cfn from '@aws-cdk/aws-cloudformation';
import * as s3Assets from '@aws-cdk/aws-s3-assets';
import * as iam from '@aws-cdk/aws-iam';
import * as lambda from '@aws-cdk/aws-lambda';
import * as kms from '@aws-cdk/aws-kms';
import * as lambda from '@aws-cdk/aws-lambda';
import * as s3Assets from '@aws-cdk/aws-s3-assets';
import * as secretsManager from '@aws-cdk/aws-secretsmanager';
import * as cdk from '@aws-cdk/core';
import * as customResource from '@aws-cdk/custom-resources';
import * as path from 'path';

export type SopsSecretsManagerEncoding = 'string' | 'json';

Expand All @@ -26,7 +26,7 @@ export interface SopsSecretsManagerProps {
readonly secretName?: string;
readonly asset?: s3Assets.Asset;
readonly path?: string;
readonly kmsKey: kms.IKey;
readonly kmsKey?: kms.IKey;
readonly mappings: SopsSecretsManagerMappings;
readonly fileType?: SopsSecretsManagerFileType;
}
Expand Down Expand Up @@ -87,7 +87,7 @@ export class SopsSecretsManager extends cdk.Construct {
S3Bucket: this.asset.s3BucketName,
S3Path: this.asset.s3ObjectKey,
SourceHash: this.asset.sourceHash,
KMSKeyArn: props.kmsKey.keyArn,
KMSKeyArn: props.kmsKey?.keyArn,
Mappings: JSON.stringify(props.mappings),
FileType: props.fileType,
},
Expand Down
12 changes: 8 additions & 4 deletions provider/main.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,10 +4,14 @@
import json
import logging

def sops_decode(data, kms_key, data_format):
def sops_decode(data, data_format, kms_key=None):
dir_path = os.path.dirname(os.path.realpath(__file__))
sops_binary = os.path.join(dir_path, 'sops')
output = subprocess.run([sops_binary, '--kms', kms_key, '-d', '--input-type', data_format, '--output-type', 'json', '/dev/stdin'], input=data, capture_output=True)
command = [sops_binary, '-d', '--input-type', data_format, '--output-type', 'json']
if kms_key:
command.extend(['--kms', kms_key])
command.append('/dev/stdin')
output = subprocess.run(command, input=data, capture_output=True)
return json.loads(output.stdout)

def on_event(event, context):
Expand Down Expand Up @@ -56,7 +60,7 @@ def get_mapped_values(secrets, mappings):
def on_create(event):
logging.info('On create')

kmsKey = event['ResourceProperties']['KMSKeyArn']
kmsKey = event['ResourceProperties'].get('KMSKeyArn')
s3Bucket = event['ResourceProperties']['S3Bucket']
s3Path = event['ResourceProperties']['S3Path']
mappings = json.loads(event['ResourceProperties']['Mappings'])
Expand All @@ -74,7 +78,7 @@ def on_create(event):
data_type = fileType
if not data_type:
data_type = s3Path.rsplit('.', 1)[-1]
secrets = sops_decode(raw_content, kmsKey, data_type)
secrets = sops_decode(raw_content, data_type, kmsKey)

secret_string_json = {name: value for name, value in get_mapped_values(secrets, mappings)}
secretsManager = boto3.client('secretsmanager')
Expand Down

0 comments on commit 8738751

Please sign in to comment.