def add_tags_to_secret(session, secret, tags): secretsmanager = session.client('secretsmanager') secretsmanager.tag_resource( SecretId=secret['name'], Tags=tags )
def delete_secret(session, secret): secretsmanager = session.client('secretsmanager') secretsmanager.delete_secret( SecretId=secret['name'], ForceDeleteWithoutRecovery=True )
def remove_tags_from_secret(session, secret, aws_tags): secretsmanager = session.client('secretsmanager') tags_key = list( map(lambda tag: tag['Key'], aws_tags)) secretsmanager.untag_resource( SecretId=secret['name'], TagKeys=tags_key )
def create_secret(session, secret, kms_arn): secretsmanager = session.client('secretsmanager') secretsmanager.create_secret( Name=secret['name'], Description=secret['description'] if 'description' in secret else '', KmsKeyId=secret['kms'] if 'kms' in secret else '', SecretString=parse_yaml_secret_value(session, secret, kms_arn), Tags=utils.parse_tags(secret) )
def update_secret(session, secret, kms_arn): secretsmanager = session.client('secretsmanager') secretsmanager.update_secret( SecretId=secret['name'], Description=secret['description'] if 'description' in secret else '', KmsKeyId=secret['kms'] if 'kms' in secret else '', SecretString=kms.decrypt( session, secret['value'], kms_arn).decode('utf-8') )
def create_or_update_ssm_param(session, parameter, changes, kms_arn): ssm = session.client('ssm') if changes['Exists'] == False or next((c for c in changes['ChangesList'] if c['Key'] != 'Tags'), None): put_parameter_args = { 'Name': parameter['name'], 'Description': parameter['description'] if 'description' in parameter else '', 'Value': parse_yaml_parameter_value(session, parameter, kms_arn), 'Type': parameter['type'], 'Overwrite': True } if 'kms' in parameter: put_parameter_args['KeyId'] = parameter['kms'] ssm.put_parameter(**put_parameter_args) tags_change = next( (c for c in changes['ChangesList'] if c['Key'] == 'Tags'), None) if tags_change: aws_tags = tags_change['OldValue'] if tags_change is not None else [ ] tags_key = list(map(lambda tag: tag['Key'], aws_tags)) ssm.remove_tags_from_resource( ResourceType='Parameter', ResourceId=parameter['name'], TagKeys=tags_key ) tags = utils.parse_tags(parameter) if len(tags) > 0: ssm.add_tags_to_resource( ResourceType='Parameter', ResourceId=parameter['name'], Tags=tags )
def non_replaceable_action(param): ssm = session.client('ssm') ssm.delete_parameter( Name=param['name'] )