def environment(settings): """The test environment: this fixtures creates it and takes care of removing it after tests have run.""" env = Environment(settings.environment_path, stage=settings.stage) if os.environ.get("UPDATE", "yes") == "yes": env.create(update=True, output_file=settings.output_path) else: env.create(output_file=settings.output_path) val = keyring.get_password( "humilis-kinesis-processor/{}".format(settings.stage), "sentry/dsn") env.set_secret("sentry.dsn", val) yield env if os.environ.get("DESTROY", "yes") == "yes": # Empty the S3 bucket bucket = env.outputs["storage"]["BucketName"] os.system("aws s3 rm s3://{} --recursive".format(bucket)) env.delete()
def deploy_secrets(environment_file, stage="dev"): """Deploy secrets to the secrets vault.""" env = Environment(environment_file, stage=stage) print("Deploying secrets to environment vault ...") for local_key, vault_key in SECRETS.items(): value = keyring.get_password(NAMESPACE, local_key) resp = env.set_secret(vault_key, value) status = resp['ResponseMetadata']['HTTPStatusCode'] print("Setting secret '{}': [{}]".format(vault_key, status))
def deploy_secrets(environment_file, stage="dev"): """Deploy secrets to the secrets vault.""" env = Environment(environment_file, stage=stage) print("Deploying secrets to environment vault ...") for local_key, vault_key in SECRETS.items(): keychain_namespace = NAMESPACE.format(stage=stage.lower()) value = keyring.get_password(keychain_namespace, local_key) or \ os.environ.get(local_key.replace(".", "_").upper()) if value is None: print("Secret {}/{} not found in local keychain nor SENTRY_DSN " "environment variable: skipping".format(keychain_namespace, local_key)) else: resp = env.set_secret(vault_key, value) status = resp['ResponseMetadata']['HTTPStatusCode'] print("Setting secret '{}': [{}]".format(vault_key, status))
def deploy_secrets(environment_file, stage="dev"): """Deploy secrets to the secrets vault.""" env = Environment(environment_file, stage=stage) print("Deploying secrets to environment vault ...") for local_key, vault_key in SECRETS.items(): keychain_namespace = NAMESPACE.format(stage=stage.lower()) value = keyring.get_password(keychain_namespace, local_key) or \ os.environ.get(local_key.replace(".", "_").upper()) if value is None: print("Secret {}/{} not found in local keychain nor SENTRY_DSN " "environment variable: skipping".format( keychain_namespace, local_key)) else: resp = env.set_secret(vault_key, value) status = resp['ResponseMetadata']['HTTPStatusCode'] print("Setting secret '{}': [{}]".format(vault_key, status))
def set_secret(environment, key, value, stage, pretend): """Stores a secret in the vault.""" env = Environment(environment, stage=stage) if not pretend: env.set_secret(key, value)