Merge pull request #4 from movableink/mc/more-secrets

Retrieve all secrets for a role

MovableInkAWS.gemspec

@@ -9,7 +9,7 @@ Gem::Specification.new do |s|
   s.authors       = ['Matt Chesler']
   s.email         = '[email protected]'
 
-  s.add_runtime_dependency 'aws-sdk', '~> 2'
+  s.add_runtime_dependency 'aws-sdk',  '~> 2.10', '>= 2.10.0'
 
   all_files  = `git ls-files`.split("\n")
   test_files = `git ls-files -- {test,spec,features}/*`.split("\n")

lib/movable_ink/aws.rb

@@ -345,14 +345,41 @@ def get_secret(environment: mi_env, role:, attribute:)
       run_with_backoff do
         begin
           resp = ssm.get_parameter(
-                   name: "/#{environment}/#{role}/#{attribute}",
-                   with_decryption: true
-                 )
+                    name: "/#{environment}/#{role}/#{attribute}",
+                    with_decryption: true
+                  )
           resp.parameter.value
         rescue Aws::SSM::Errors::ParameterNotFound => e
           nil
         end
       end
     end
+
+    def get_role_secrets(environment: mi_env, role:)
+      path = "/#{environment}/#{role}"
+      run_with_backoff do
+        resp = ssm.get_parameters_by_path(
+                  path: path,
+                  with_decryption: true
+                )
+        secrets = extract_parameters(resp.parameters, path)
+        while resp.next_token do
+          resp = ssm.get_parameters_by_path(
+                    path: path,
+                    with_decryption: true,
+                    next_token: resp.next_token
+                  )
+          secrets += extract_parameters(resp.parameters, path)
+        end
+
+        secrets
+      end
+    end
+
+    def extract_parameters(parameters, path)
+      parameters.map do |param|
+        { param.name.gsub("#{path}/", '') => param.value }
+      end
+    end
   end
 end

lib/movable_ink/version.rb

@@ -1,5 +1,5 @@
 module MovableInk
   module AWS
-    VERSION = '0.0.8'
+    VERSION = '0.0.9'
   end
 end