Parameter change approval #104
Conversation
src/params/index.ts
Outdated
| await setParamTags(ssm, Name, tags); | ||
| return 0; | ||
| } else { | ||
| return 130; |
There was a problem hiding this comment.
I know we use a lot of numbers in the repo. Wondering if these numbers should be constants that live somewhere so it can be clearer. Maybe we can also prepend it with SH to signify that it's the shell exit code that it returns?
return SH_SUCCESS // for 0 returns
return SH_FAILURE // for 1 returns
return SH_TERMINATED // I'm assuming 130 happens when we press <Ctrl-c>?
There was a problem hiding this comment.
Plus one for less magic numbers
src/params/index.ts
Outdated
| const Overwrite = true; | ||
| const KeyId = Type === 'SecureString' ? await getKMSAliasForParameter(Name) : undefined; | ||
|
|
||
| console.log(`Current: ${currentValue}`); |
There was a problem hiding this comment.
could we use this here? https://github.com/unbounce/iidy/blob/master/src/logger.ts#L13
Fix "previous" list to include correct entries. Add some metadata to 'simple' format
src/params/index.ts
Outdated
| @@ -74,8 +75,8 @@ export async function setParam(argv: SetParamArgs): Promise<number> { | |||
| const res = await ssm.putParameter({Name, Value, Type, KeyId, Overwrite}).promise(); | |||
|
|
|||
| if(argv.withApproval) { | |||
| console.log('Parameter change is pending approval. Review change with:'); | |||
| console.log(` iidy --region ${argv.region} param review ${argv.path}`); | |||
| logger.info('Parameter change is pending approval. Review change with:'); | |||
There was a problem hiding this comment.
Are we also using logger.info on the template approval side?
|
This looks good, but I think we should remove the use of There's also a bug in pagination that I'll look into further: |
src/params/index.ts
Outdated
| @@ -108,8 +196,7 @@ export async function _getParamsByPath(Path: string): Promise<aws.SSM.ParameterL | |||
| Path, | |||
| WithDecryption: true | |||
| }; | |||
| const parameters: aws.SSM.ParameterList = await paginateAwsCall( | |||
| (args) => ssm.getParametersByPath(args), args, 'Parameters'); | |||
| const parameters: aws.SSM.ParameterList = await paginateAwsCall(ssm.getParametersByPath, args, 'Parameters'); | |||
There was a problem hiding this comment.
This introduces a bug. We should either revert or bind.
error: this.makeRequest is not a function
error: TypeError: this.makeRequest is not a function
at svc.(anonymous function) (/Users/tavis/src/ub/cf_templates/node_modules/aws-sdk/lib/service.js:499:23)
at Object.paginateAwsCall (/Users/tavis/src/ub/cf_templates/lib/paginateAwsCall.js:6:22)
at Object.getParamsByPath (/Users/tavis/src/ub/cf_templates/lib/params/index.js:175:55)
at <anonymous>
src/params/index.ts
Outdated
| @@ -121,43 +208,60 @@ export async function getParamsByPath(argv: GetParamsByPathArgs): Promise<number | |||
| Recursive: argv.recursive, | |||
| WithDecryption: argv.decrypt | |||
| }; | |||
| const parameters: aws.SSM.ParameterList = await paginateAwsCall((args) => ssm.getParametersByPath(args), args, 'Parameters'); | |||
| const parameters: aws.SSM.ParameterList = await paginateAwsCall(ssm.getParametersByPath, args, 'Parameters'); | |||
There was a problem hiding this comment.
See above. This is broken.
src/statusCodes.ts
Outdated
| @@ -0,0 +1,3 @@ | |||
| export const SUCCESS = 1; | |||
There was a problem hiding this comment.
These are backwards in shell terms. 0=SUCCESS
src/params/index.ts
Outdated
| return res && res.Parameter; | ||
| } catch(e) { | ||
| // Return undefined if parameter does not exist | ||
| if(!(e.code && e.code === 'ParameterNotFound')) { |
There was a problem hiding this comment.
This would read better if we were to explicitly return undefined in the true case and throw in the else.
src/params/index.ts
Outdated
| return ssm.listTagsForResource({ResourceId: path, ResourceType: 'Parameter'}) | ||
| .promise() | ||
| .then((res) => _.fromPairs(_.map(res.TagList, (tag) => [tag.Key, tag.Value]))); | ||
| } | ||
|
|
||
| async function mergeParamTags(param: aws.SSM.Parameter) { | ||
| return _.merge({}, param, {Tags: await getParamTags(param.Name!)}); | ||
| async function mergeParamTags<T extends aws.SSM.Parameter|aws.SSM.ParameterHistory>(ssm: aws.SSM, param: T) { |
There was a problem hiding this comment.
Don't forget to run tsfmt prior to pushing. It inserts spaces around |.
src/params/index.ts
Outdated
| @@ -121,43 +209,60 @@ export async function getParamsByPath(argv: GetParamsByPathArgs): Promise<number | |||
| Recursive: argv.recursive, | |||
| WithDecryption: argv.decrypt | |||
| }; | |||
| const parameters: aws.SSM.ParameterList = await paginateAwsCall((args) => ssm.getParametersByPath(args), args, 'Parameters'); | |||
| const parameters: aws.SSM.ParameterList = await paginateAwsCall((p) => ssm.getParametersByPath(p), args, 'Parameters'); | |||
There was a problem hiding this comment.
p is a bit misleading here as the argument is actually the same args that are passed in later in the call rather than a path.
src/params/index.ts
Outdated
|
|
||
| if (argv.withApproval) { | ||
| console.log('Parameter change is pending approval. Review change with:'); | ||
| console.log(` iidy --region ${argv.region} param review ${argv.path}`); |
There was a problem hiding this comment.
argv.region will often be null. Instead, import getCurrentAWSRegion from '../getCurrentAWSRegion';...
There was a problem hiding this comment.
e.g.
$ iidy param --profile sandbox set --with-approval /tavis blah2
Parameter change is pending approval. Review change with:
iidy --region null param review /tavis
|
Looks good now. |
Adds:
iidy param set --with-approvaliidy param review ...iidy get-historyFixes:
iidy get-historywhich omitted the first previous valueCloses #91