cdk-sops-secrets/lib/MultiStringParameter.js

CDK Constructs that syncs your sops secrets into AWS SecretsManager secrets.

"use strict";
var _a;
Object.defineProperty(exports, "__esModule", { value: true });
exports.MultiStringParameter = void 0;
const JSII_RTTI_SYMBOL_1 = Symbol.for("jsii.rtti");
const aws_ssm_1 = require("aws-cdk-lib/aws-ssm");
const core_1 = require("aws-cdk-lib/core");
const constructs_1 = require("constructs");
const SopsSync_1 = require("./SopsSync");
const structuredData_1 = require("./structuredData");
class MultiStringParameter extends constructs_1.Construct {
    constructor(scope, id, props) {
        super(scope, id);
        this.encryptionKey = props.encryptionKey;
        this.stack = core_1.Stack.of(scope);
        this.env = {
            account: this.stack.account,
            region: this.stack.region,
        };
        this.keyPrefix = props.keyPrefix ?? '/';
        this.keySeparator = props.keySeparator ?? '/';
        const keys = this.parseFile(props.sopsFilePath, this.keySeparator)
            .filter((key) => !key.startsWith('sops'))
            .map((value) => {
            // As we flatten array to [number] path notations, we have to fix this for parameter store
            let fixedKey = value.replace(/\[/g, this.keySeparator);
            fixedKey = fixedKey.replace(/\]/g, this.keySeparator);
            if (fixedKey.endsWith(this.keySeparator)) {
                fixedKey = fixedKey.slice(0, -1);
            }
            fixedKey = fixedKey.replace(this.keySeparator + this.keySeparator, this.keySeparator);
            // The secret name can contain ASCII letters, numbers, and the following characters: /_+=.@-
            const allowedChars = '/_+=.@-';
            for (let i = 0; i < fixedKey.length; i++) {
                const char = fixedKey[i];
                if (!((char >= 'a' && char <= 'z') ||
                    (char >= 'A' && char <= 'Z') ||
                    (char >= '0' && char <= '9') ||
                    allowedChars.includes(char))) {
                    fixedKey = fixedKey.slice(0, i) + '_' + fixedKey.slice(i + 1);
                }
            }
            return `${this.keyPrefix}${fixedKey}`;
        });
        keys.forEach((key) => {
            new aws_ssm_1.StringParameter(this, 'Resource' + key, {
                parameterName: key,
                description: props.description,
                tier: aws_ssm_1.ParameterTier.STANDARD,
                stringValue: ' ',
            });
        });
        this.sync = new SopsSync_1.SopsSync(this, 'SopsSync', {
            encryptionKey: this.encryptionKey,
            resourceType: SopsSync_1.ResourceType.PARAMETER_MULTI,
            flattenSeparator: this.keySeparator,
            parameterNames: keys,
            target: this.keyPrefix,
            ...props,
        });
    }
    parseFile(sopsFilePath, keySeparator) {
        const fileFormat = (0, structuredData_1.inferStructuredFileFormat)(sopsFilePath);
        if (fileFormat === undefined) {
            throw new Error(`Unsupported sopsFileFormat for multiple parameters: ${sopsFilePath.split('.').pop()}`);
        }
        return Object.keys((0, structuredData_1.flattenStructuredFile)(sopsFilePath, keySeparator, fileFormat));
    }
}
exports.MultiStringParameter = MultiStringParameter;
_a = JSII_RTTI_SYMBOL_1;
MultiStringParameter[_a] = { fqn: "cdk-sops-secrets.MultiStringParameter", version: "2.8.1" };
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiTXVsdGlTdHJpbmdQYXJhbWV0ZXIuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi9zcmMvTXVsdGlTdHJpbmdQYXJhbWV0ZXIudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7Ozs7QUFDQSxpREFBcUU7QUFDckUsMkNBQThEO0FBQzlELDJDQUF1QztBQUV2Qyx5Q0FBcUU7QUFDckUscURBRzBCO0FBaUIxQixNQUFhLG9CQUFxQixTQUFRLHNCQUFTO0lBUWpELFlBQVksS0FBZ0IsRUFBRSxFQUFVLEVBQUUsS0FBZ0M7UUFDeEUsS0FBSyxDQUFDLEtBQUssRUFBRSxFQUFFLENBQUMsQ0FBQztRQUVqQixJQUFJLENBQUMsYUFBYSxHQUFHLEtBQUssQ0FBQyxhQUFhLENBQUM7UUFDekMsSUFBSSxDQUFDLEtBQUssR0FBRyxZQUFLLENBQUMsRUFBRSxDQUFDLEtBQUssQ0FBQyxDQUFDO1FBQzdCLElBQUksQ0FBQyxHQUFHLEdBQUc7WUFDVCxPQUFPLEVBQUUsSUFBSSxDQUFDLEtBQUssQ0FBQyxPQUFPO1lBQzNCLE1BQU0sRUFBRSxJQUFJLENBQUMsS0FBSyxDQUFDLE1BQU07U0FDMUIsQ0FBQztRQUNGLElBQUksQ0FBQyxTQUFTLEdBQUcsS0FBSyxDQUFDLFNBQVMsSUFBSSxHQUFHLENBQUM7UUFDeEMsSUFBSSxDQUFDLFlBQVksR0FBRyxLQUFLLENBQUMsWUFBWSxJQUFJLEdBQUcsQ0FBQztRQUU5QyxNQUFNLElBQUksR0FBRyxJQUFJLENBQUMsU0FBUyxDQUFDLEtBQUssQ0FBQyxZQUFhLEVBQUUsSUFBSSxDQUFDLFlBQVksQ0FBQzthQUNoRSxNQUFNLENBQUMsQ0FBQyxHQUFHLEVBQUUsRUFBRSxDQUFDLENBQUMsR0FBRyxDQUFDLFVBQVUsQ0FBQyxNQUFNLENBQUMsQ0FBQzthQUN4QyxHQUFHLENBQUMsQ0FBQyxLQUFLLEVBQUUsRUFBRTtZQUNiLDBGQUEwRjtZQUMxRixJQUFJLFFBQVEsR0FBRyxLQUFLLENBQUMsT0FBTyxDQUFDLEtBQUssRUFBRSxJQUFJLENBQUMsWUFBWSxDQUFDLENBQUM7WUFDdkQsUUFBUSxHQUFHLFFBQVEsQ0FBQyxPQUFPLENBQUMsS0FBSyxFQUFFLElBQUksQ0FBQyxZQUFZLENBQUMsQ0FBQztZQUN0RCxJQUFJLFFBQVEsQ0FBQyxRQUFRLENBQUMsSUFBSSxDQUFDLFlBQVksQ0FBQyxFQUFFLENBQUM7Z0JBQ3pDLFFBQVEsR0FBRyxRQUFRLENBQUMsS0FBSyxDQUFDLENBQUMsRUFBRSxDQUFDLENBQUMsQ0FBQyxDQUFDO1lBQ25DLENBQUM7WUFDRCxRQUFRLEdBQUcsUUFBUSxDQUFDLE9BQU8sQ0FDekIsSUFBSSxDQUFDLFlBQVksR0FBRyxJQUFJLENBQUMsWUFBWSxFQUNyQyxJQUFJLENBQUMsWUFBWSxDQUNsQixDQUFDO1lBRUYsNEZBQTRGO1lBQzVGLE1BQU0sWUFBWSxHQUFHLFNBQVMsQ0FBQztZQUMvQixLQUFLLElBQUksQ0FBQyxHQUFHLENBQUMsRUFBRSxDQUFDLEdBQUcsUUFBUSxDQUFDLE1BQU0sRUFBRSxDQUFDLEVBQUUsRUFBRSxDQUFDO2dCQUN6QyxNQUFNLElBQUksR0FBRyxRQUFRLENBQUMsQ0FBQyxDQUFDLENBQUM7Z0JBQ3pCLElBQUksQ0FBQyxDQUNILENBQUMsSUFBSSxJQUFJLEdBQUcsSUFBSSxJQUFJLElBQUksR0FBRyxDQUFDO29CQUM1QixDQUFDLElBQUksSUFBSSxHQUFHLElBQUksSUFBSSxJQUFJLEdBQUcsQ0FBQztvQkFDNUIsQ0FBQyxJQUFJLElBQUksR0FBRyxJQUFJLElBQUksSUFBSSxHQUFHLENBQUM7b0JBQzVCLFlBQVksQ0FBQyxRQUFRLENBQUMsSUFBSSxDQUFDLENBQzVCLEVBQUUsQ0FBQztvQkFDRixRQUFRLEdBQUcsUUFBUSxDQUFDLEtBQUssQ0FBQyxDQUFDLEVBQUUsQ0FBQyxDQUFDLEdBQUcsR0FBRyxHQUFHLFFBQVEsQ0FBQyxLQUFLLENBQUMsQ0FBQyxHQUFHLENBQUMsQ0FBQyxDQUFDO2dCQUNoRSxDQUFDO1lBQ0gsQ0FBQztZQUNELE9BQU8sR0FBRyxJQUFJLENBQUMsU0FBUyxHQUFHLFFBQVEsRUFBRSxDQUFDO1FBQ3hDLENBQUMsQ0FBQyxDQUFDO1FBRUwsSUFBSSxDQUFDLE9BQU8sQ0FBQyxDQUFDLEdBQUcsRUFBRSxFQUFFO1lBQ25CLElBQUkseUJBQWUsQ0FBQyxJQUFJLEVBQUUsVUFBVSxHQUFHLEdBQUcsRUFBRTtnQkFDMUMsYUFBYSxFQUFFLEdBQUc7Z0JBQ2xCLFdBQVcsRUFBRSxLQUFLLENBQUMsV0FBVztnQkFDOUIsSUFBSSxFQUFFLHVCQUFhLENBQUMsUUFBUTtnQkFDNUIsV0FBVyxFQUFFLEdBQUc7YUFDakIsQ0FBQyxDQUFDO1FBQ0wsQ0FBQyxDQUFDLENBQUM7UUFFSCxJQUFJLENBQUMsSUFBSSxHQUFHLElBQUksbUJBQVEsQ0FBQyxJQUFJLEVBQUUsVUFBVSxFQUFFO1lBQ3pDLGFBQWEsRUFBRSxJQUFJLENBQUMsYUFBYTtZQUNqQyxZQUFZLEVBQUUsdUJBQVksQ0FBQyxlQUFlO1lBQzFDLGdCQUFnQixFQUFFLElBQUksQ0FBQyxZQUFZO1lBQ25DLGNBQWMsRUFBRSxJQUFJO1lBQ3BCLE1BQU0sRUFBRSxJQUFJLENBQUMsU0FBUztZQUN0QixHQUFJLEtBQXlCO1NBQzlCLENBQUMsQ0FBQztJQUNMLENBQUM7SUFFTyxTQUFTLENBQUMsWUFBb0IsRUFBRSxZQUFvQjtRQUMxRCxNQUFNLFVBQVUsR0FBRyxJQUFBLDBDQUF5QixFQUFDLFlBQVksQ0FBQyxDQUFDO1FBQzNELElBQUksVUFBVSxLQUFLLFNBQVMsRUFBRSxDQUFDO1lBQzdCLE1BQU0sSUFBSSxLQUFLLENBQ2IsdURBQXVELFlBQVksQ0FBQyxLQUFLLENBQUMsR0FBRyxDQUFDLENBQUMsR0FBRyxFQUFFLEVBQUUsQ0FDdkYsQ0FBQztRQUNKLENBQUM7UUFFRCxPQUFPLE1BQU0sQ0FBQyxJQUFJLENBQ2hCLElBQUEsc0NBQXFCLEVBQUMsWUFBWSxFQUFFLFlBQVksRUFBRSxVQUFVLENBQUMsQ0FDOUQsQ0FBQztJQUNKLENBQUM7O0FBaEZILG9EQWlGQyIsInNvdXJjZXNDb250ZW50IjpbImltcG9ydCB7IElLZXkgfSBmcm9tICdhd3MtY2RrLWxpYi9hd3Mta21zJztcbmltcG9ydCB7IFBhcmFtZXRlclRpZXIsIFN0cmluZ1BhcmFtZXRlciB9IGZyb20gJ2F3cy1jZGstbGliL2F3cy1zc20nO1xuaW1wb3J0IHsgUmVzb3VyY2VFbnZpcm9ubWVudCwgU3RhY2sgfSBmcm9tICdhd3MtY2RrLWxpYi9jb3JlJztcbmltcG9ydCB7IENvbnN0cnVjdCB9IGZyb20gJ2NvbnN0cnVjdHMnO1xuaW1wb3J0IHsgU29wc0NvbW1vblBhcmFtZXRlclByb3BzIH0gZnJvbSAnLi9Tb3BzU3RyaW5nUGFyYW1ldGVyJztcbmltcG9ydCB7IFJlc291cmNlVHlwZSwgU29wc1N5bmMsIFNvcHNTeW5jT3B0aW9ucyB9IGZyb20gJy4vU29wc1N5bmMnO1xuaW1wb3J0IHtcbiAgZmxhdHRlblN0cnVjdHVyZWRGaWxlLFxuICBpbmZlclN0cnVjdHVyZWRGaWxlRm9ybWF0LFxufSBmcm9tICcuL3N0cnVjdHVyZWREYXRhJztcblxuZXhwb3J0IGludGVyZmFjZSBNdWx0aVN0cmluZ1BhcmFtZXRlclByb3BzIGV4dGVuZHMgU29wc0NvbW1vblBhcmFtZXRlclByb3BzIHtcbiAgLyoqXG4gICAqIFRoZSBzZXBlcmF0b3IgdXNlZCB0byBzZXBlcmF0ZSBrZXlzXG4gICAqXG4gICAqIEBkZWZhdWx0IC0gJy8nXG4gICAqL1xuICByZWFkb25seSBrZXlTZXBhcmF0b3I/OiBzdHJpbmc7XG4gIC8qKlxuICAgKiBUaGUgcHJlZml4IHVzZWQgZm9yIGFsbCBwYXJhbWV0ZXJzXG4gICAqXG4gICAqIEBkZWZhdWx0IC0gJy8nXG4gICAqL1xuICByZWFkb25seSBrZXlQcmVmaXg/OiBzdHJpbmc7XG59XG5cbmV4cG9ydCBjbGFzcyBNdWx0aVN0cmluZ1BhcmFtZXRlciBleHRlbmRzIENvbnN0cnVjdCB7XG4gIHJlYWRvbmx5IHN5bmM6IFNvcHNTeW5jO1xuICByZWFkb25seSBlbmNyeXB0aW9uS2V5OiBJS2V5O1xuICByZWFkb25seSBzdGFjazogU3RhY2s7XG4gIHJlYWRvbmx5IGVudjogUmVzb3VyY2VFbnZpcm9ubWVudDtcbiAgcmVhZG9ubHkga2V5UHJlZml4OiBzdHJpbmc7XG4gIHJlYWRvbmx5IGtleVNlcGFyYXRvcjogc3RyaW5nO1xuXG4gIGNvbnN0cnVjdG9yKHNjb3BlOiBDb25zdHJ1Y3QsIGlkOiBzdHJpbmcsIHByb3BzOiBNdWx0aVN0cmluZ1BhcmFtZXRlclByb3BzKSB7XG4gICAgc3VwZXIoc2NvcGUsIGlkKTtcblxuICAgIHRoaXMuZW5jcnlwdGlvbktleSA9IHByb3BzLmVuY3J5cHRpb25LZXk7XG4gICAgdGhpcy5zdGFjayA9IFN0YWNrLm9mKHNjb3BlKTtcbiAgICB0aGlzLmVudiA9IHtcbiAgICAgIGFjY291bnQ6IHRoaXMuc3RhY2suYWNjb3VudCxcbiAgICAgIHJlZ2lvbjogdGhpcy5zdGFjay5yZWdpb24sXG4gICAgfTtcbiAgICB0aGlzLmtleVByZWZpeCA9IHByb3BzLmtleVByZWZpeCA/PyAnLyc7XG4gICAgdGhpcy5rZXlTZXBhcmF0b3IgPSBwcm9wcy5rZXlTZXBhcmF0b3IgPz8gJy8nO1xuXG4gICAgY29uc3Qga2V5cyA9IHRoaXMucGFyc2VGaWxlKHByb3BzLnNvcHNGaWxlUGF0aCEsIHRoaXMua2V5U2VwYXJhdG9yKVxuICAgICAgLmZpbHRlcigoa2V5KSA9PiAha2V5LnN0YXJ0c1dpdGgoJ3NvcHMnKSlcbiAgICAgIC5tYXAoKHZhbHVlKSA9PiB7XG4gICAgICAgIC8vIEFzIHdlIGZsYXR0ZW4gYXJyYXkgdG8gW251bWJlcl0gcGF0aCBub3RhdGlvbnMsIHdlIGhhdmUgdG8gZml4IHRoaXMgZm9yIHBhcmFtZXRlciBzdG9yZVxuICAgICAgICBsZXQgZml4ZWRLZXkgPSB2YWx1ZS5yZXBsYWNlKC9cXFsvZywgdGhpcy5rZXlTZXBhcmF0b3IpO1xuICAgICAgICBmaXhlZEtleSA9IGZpeGVkS2V5LnJlcGxhY2UoL1xcXS9nLCB0aGlzLmtleVNlcGFyYXRvcik7XG4gICAgICAgIGlmIChmaXhlZEtleS5lbmRzV2l0aCh0aGlzLmtleVNlcGFyYXRvcikpIHtcbiAgICAgICAgICBmaXhlZEtleSA9IGZpeGVkS2V5LnNsaWNlKDAsIC0xKTtcbiAgICAgICAgfVxuICAgICAgICBmaXhlZEtleSA9IGZpeGVkS2V5LnJlcGxhY2UoXG4gICAgICAgICAgdGhpcy5rZXlTZXBhcmF0b3IgKyB0aGlzLmtleVNlcGFyYXRvcixcbiAgICAgICAgICB0aGlzLmtleVNlcGFyYXRvcixcbiAgICAgICAgKTtcblxuICAgICAgICAvLyBUaGUgc2VjcmV0IG5hbWUgY2FuIGNvbnRhaW4gQVNDSUkgbGV0dGVycywgbnVtYmVycywgYW5kIHRoZSBmb2xsb3dpbmcgY2hhcmFjdGVyczogL18rPS5ALVxuICAgICAgICBjb25zdCBhbGxvd2VkQ2hhcnMgPSAnL18rPS5ALSc7XG4gICAgICAgIGZvciAobGV0IGkgPSAwOyBpIDwgZml4ZWRLZXkubGVuZ3RoOyBpKyspIHtcbiAgICAgICAgICBjb25zdCBjaGFyID0gZml4ZWRLZXlbaV07XG4gICAgICAgICAgaWYgKCEoXG4gICAgICAgICAgICAoY2hhciA+PSAnYScgJiYgY2hhciA8PSAneicpIHx8XG4gICAgICAgICAgICAoY2hhciA+PSAnQScgJiYgY2hhciA8PSAnWicpIHx8XG4gICAgICAgICAgICAoY2hhciA+PSAnMCcgJiYgY2hhciA8PSAnOScpIHx8XG4gICAgICAgICAgICBhbGxvd2VkQ2hhcnMuaW5jbHVkZXMoY2hhcilcbiAgICAgICAgICApKSB7XG4gICAgICAgICAgICBmaXhlZEtleSA9IGZpeGVkS2V5LnNsaWNlKDAsIGkpICsgJ18nICsgZml4ZWRLZXkuc2xpY2UoaSArIDEpO1xuICAgICAgICAgIH1cbiAgICAgICAgfVxuICAgICAgICByZXR1cm4gYCR7dGhpcy5rZXlQcmVmaXh9JHtmaXhlZEtleX1gO1xuICAgICAgfSk7XG5cbiAgICBrZXlzLmZvckVhY2goKGtleSkgPT4ge1xuICAgICAgbmV3IFN0cmluZ1BhcmFtZXRlcih0aGlzLCAnUmVzb3VyY2UnICsga2V5LCB7XG4gICAgICAgIHBhcmFtZXRlck5hbWU6IGtleSxcbiAgICAgICAgZGVzY3JpcHRpb246IHByb3BzLmRlc2NyaXB0aW9uLFxuICAgICAgICB0aWVyOiBQYXJhbWV0ZXJUaWVyLlNUQU5EQVJELFxuICAgICAgICBzdHJpbmdWYWx1ZTogJyAnLFxuICAgICAgfSk7XG4gICAgfSk7XG5cbiAgICB0aGlzLnN5bmMgPSBuZXcgU29wc1N5bmModGhpcywgJ1NvcHNTeW5jJywge1xuICAgICAgZW5jcnlwdGlvbktleTogdGhpcy5lbmNyeXB0aW9uS2V5LFxuICAgICAgcmVzb3VyY2VUeXBlOiBSZXNvdXJjZVR5cGUuUEFSQU1FVEVSX01VTFRJLFxuICAgICAgZmxhdHRlblNlcGFyYXRvcjogdGhpcy5rZXlTZXBhcmF0b3IsXG4gICAgICBwYXJhbWV0ZXJOYW1lczoga2V5cyxcbiAgICAgIHRhcmdldDogdGhpcy5rZXlQcmVmaXgsXG4gICAgICAuLi4ocHJvcHMgYXMgU29wc1N5bmNPcHRpb25zKSxcbiAgICB9KTtcbiAgfVxuXG4gIHByaXZhdGUgcGFyc2VGaWxlKHNvcHNGaWxlUGF0aDogc3RyaW5nLCBrZXlTZXBhcmF0b3I6IHN0cmluZyk6IHN0cmluZ1tdIHtcbiAgICBjb25zdCBmaWxlRm9ybWF0ID0gaW5mZXJTdHJ1Y3R1cmVkRmlsZUZvcm1hdChzb3BzRmlsZVBhdGgpO1xuICAgIGlmIChmaWxlRm9ybWF0ID09PSB1bmRlZmluZWQpIHtcbiAgICAgIHRocm93IG5ldyBFcnJvcihcbiAgICAgICAgYFVuc3VwcG9ydGVkIHNvcHNGaWxlRm9ybWF0IGZvciBtdWx0aXBsZSBwYXJhbWV0ZXJzOiAke3NvcHNGaWxlUGF0aC5zcGxpdCgnLicpLnBvcCgpfWAsXG4gICAgICApO1xuICAgIH1cblxuICAgIHJldHVybiBPYmplY3Qua2V5cyhcbiAgICAgIGZsYXR0ZW5TdHJ1Y3R1cmVkRmlsZShzb3BzRmlsZVBhdGgsIGtleVNlcGFyYXRvciwgZmlsZUZvcm1hdCksXG4gICAgKTtcbiAgfVxufVxuIl19