Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for resolving dynamic ssm values #268

Merged
merged 4 commits into from
Dec 3, 2024
Merged

Add support for resolving dynamic ssm values #268

merged 4 commits into from
Dec 3, 2024

Conversation

corymhall
Copy link
Contributor

This adds support for resolving the two types of SSM dynamic references:

  1. SSM PlainText
  2. SSM SecureString

closes #200

@corymhall corymhall self-assigned this Dec 2, 2024
@corymhall corymhall force-pushed the corymhall/resolve-ssm-parameter branch from 26adb29 to f180250 Compare December 2, 2024 18:01
@corymhall corymhall force-pushed the corymhall/resolve-ssm-parameter branch from f180250 to 2df4985 Compare December 3, 2024 13:25
@corymhall corymhall requested review from flostadler and t0yv0 December 3, 2024 13:35
t0yv0
t0yv0 reviewed Dec 3, 2024
View reviewed changes
src/converters/ssm-dynamic.ts Outdated Show resolved Hide resolved
t0yv0
t0yv0 reviewed Dec 3, 2024
View reviewed changes
src/converters/ssm-dynamic.ts Outdated Show resolved Hide resolved
t0yv0
t0yv0 reviewed Dec 3, 2024
View reviewed changes
src/converters/ssm-dynamic.ts Outdated
* @param value - A fully resolved value that may contain a ssm dynamic reference
* @returns A secret output if the value is a ssm dynamic reference, otherwise the original value
*/
export function processSSMReferenceValue(parent: pulumi.Resource, value: any): any {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This could be made slightly more elegant (but also feel free to disregard), if the functions such as parseSSMDynamicSecureStringReference returned an error code instead of throwing an exception. Then they could be combined by trying it out sequentially to parse case A, case B, or case C. In particular the glue code here would not need to perform tests on v.startsWith anymore.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I like this idea. I updated it to have a single function for all dynamic values with fallthrough.

t0yv0
t0yv0 reviewed Dec 3, 2024
View reviewed changes
src/converters/ssm-dynamic.ts Outdated Show resolved Hide resolved
t0yv0
t0yv0 reviewed Dec 3, 2024
View reviewed changes
src/converters/ssm-dynamic.ts Outdated
* @returns A secret output if the value is a ssm dynamic reference, otherwise the original value
*/
export function processSSMReferenceValue(parent: pulumi.Resource, value: any): any {
let returnValue = value;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Possibly better to just use lift? It also will take care of promises, not just Output values, which do arise.

const f = (value: any) => {
    // safely assume value is not an output here
    if (typeof value === 'string) {
       // try transforming refs
    } else {
       return value;
    }
};
return lift(f, value);

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Using lift requires some additional knowledge/handling of the types going into lift (e.g arrays need to be handled as arrays). I took the necessary pieces from lift to make this better.

@corymhall corymhall merged commit 1b6681e into main Dec 3, 2024
13 checks passed
@corymhall corymhall deleted the corymhall/resolve-ssm-parameter branch December 3, 2024 20:17
@pulumi-bot
Copy link
Contributor

This PR has been shipped in release v1.1.0.

@pulumi-bot pulumi-bot mentioned this pull request Dec 3, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@t0yv0 t0yv0 t0yv0 approved these changes

@flostadler flostadler Awaiting requested review from flostadler

Assignees

@corymhall corymhall

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Support resolving dynamic Parameter store values
3 participants
@corymhall @pulumi-bot @t0yv0