Last active
July 13, 2023 21:44
-
-
Save pbatey/2e901cf7124fed02af918d5833e527c7 to your computer and use it in GitHub Desktop.
Bash script to update aws ssm parameters from a yaml file
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
tmp=$(mktemp -d -t tmp.XXXXXXXXXX) | |
function finish { | |
rm -rf "$tmp" | |
} | |
trap finish EXIT | |
OPTS="" | |
if [[ $1 == --region ]]; then | |
OPTS="--region $2" | |
shift 2 | |
fi | |
if test -t 1; then | |
ncolors=$(tput colors) | |
if [[ -n "$ncolors" && $ncolors -ge 8 ]]; then | |
reset="$(tput sgr0)" | |
black="$(tput setaf 0)" | |
red="$(tput setaf 1)" | |
green="$(tput setaf 2)" | |
yellow="$(tput setaf 3)" | |
blue="$(tput setaf 4)" | |
magenta="$(tput setaf 5)" | |
cyan="$(tput setaf 6)" | |
white="$(tput setaf 7)" | |
fi | |
fi | |
isverbose=true | |
function error { echo $red"$@"$reset >&2; } | |
function info { echo $blue"$@"$reset; } | |
function success { echo $green"$@"$reset; } | |
function verbose { if $isverbose; then echo $yellow"$@"$reset; fi } | |
function checklogin { | |
if ! aws sts get-caller-identity 2>/dev/null >/dev/null; then | |
echo "bailing out. you are not logged in to the aws cli." | |
exit 1 | |
fi | |
} | |
function get { | |
p=($(aws ssm describe-parameters $OPTS | yq -P -o y '[.Parameters][0][] | .Name')) | |
o=0 | |
n=10 | |
while [[ -n "${p[@]:$o:$n}" ]]; do | |
names=${p[@]:$o:$n} | |
aws ssm get-parameters $OPTS "$r" --names $names | yq -P -o y '[.Parameters][0][] as $item ireduce({};.[$item|.Name] = ($item|.Value))' | |
o=$(($o+$n)) | |
done | |
} | |
function add-param { | |
mode=$1 | |
k=$2 | |
n=$3 | |
case $mode in | |
diff) | |
echo ${green}"+ $k": "$n"${reset} | |
;; | |
dry-run) | |
echo aws ssm put-parameter $OPTS --name "\"$k\"" --value "\"$n\"" --type String | |
;; | |
run) | |
verbose aws ssm put-parameter $OPTS --name "\"$k\"" --value "\"$n\"" --type String | |
aws ssm put-parameter $OPTS --name "$k" --value "$n" --type String | |
;; | |
esac | |
} | |
function delete-param { | |
mode=$1 | |
k=$2 | |
o=$3 | |
case $mode in | |
diff) | |
echo ${red}"- $k": "$o"${reset} | |
;; | |
dry-run) | |
echo aws ssm delete-parameter $OPTS --name "\"$k\"" | |
;; | |
run) | |
verbose aws ssm delete-parameter $OPTS --name "\"$k\"" | |
aws ssm put-parameter $OPTS --name "$k" | |
;; | |
esac | |
} | |
function update-param { | |
mode=$1 | |
k=$2 | |
o=$3 | |
n=$4 | |
case $mode in | |
diff) | |
echo ${red}"- $k": "$o"${reset} | |
echo ${green}"- $k": "$n"${reset} | |
;; | |
dry-run) | |
echo aws ssm put-parameter $OPTS --name "\"$k\"" --value "\"$n\"" --type String --overwrite | |
;; | |
run) | |
verbose aws ssm put-parameter $OPTS --name "\"$k\"" --value "\"$n\"" --type String --overwrite | |
aws ssm put-parameter $OPTS --name "$k" --value "$n" --type String --overwrite | |
;; | |
esac | |
} | |
function apply { | |
mode=$1 | |
oldf=$2 | |
newf=$3 | |
nochange=1 | |
out=$tmp/out | |
# look for changed or removed values | |
yq '.[] | key + " " + @sh' $oldf > $tmp/out | |
while read k oldv; do | |
newv=$(yq ".$k" $newf) | |
if [[ "$newv" == "null" ]]; then | |
delete-param $mode $k $oldv | |
nochange=0 | |
elif [[ "$newv" != "$oldv" ]]; then | |
update-param $mode $k $oldv $newv | |
nochange=0 | |
fi | |
done < $out | |
# look for added values | |
yq '.[] | key + " " + @sh' $newf > $out | |
while read k newv; do | |
oldv=$(yq ".$k" $oldf) | |
if [[ "$oldv" == "null" ]]; then | |
add-param $mode $k $newv | |
nochange=0 | |
fi | |
done < $out | |
return $nochange | |
} | |
if [[ "$1" == "get" && $# -eq 1 ]]; then | |
checklogin | |
get | |
elif [[ "$1" == "diff" && $# -eq 2 ]]; then | |
checklogin | |
get > $tmp/data.yaml | |
apply diff $tmp/data.yaml $2 | |
elif [[ "$1" == "put" && $# -eq 2 ]]; then | |
checklogin | |
get > $tmp/data.yaml | |
if apply diff $tmp/data.yaml $2; then | |
while true; do | |
read -p "apply changes? (yN) " yn | |
case $(tr '[A-Z]' '[a-z]' <<< $yn) in | |
y|yes) break;; | |
n|no|"") echo "bailing out."; exit;; | |
*) echo "expecting yes or no";; | |
esac | |
done | |
apply run $tmp/data.yaml $2 | |
else | |
echo "bailing out. no changes." | |
fi | |
else | |
cat << EOF | |
${red}Usage: | |
./aws-parameters get # get values | |
./aws-parameters diff <data.yaml> # show differences | |
./aws-parameters put <data.yaml> # show and apply differences${reset} | |
EOF | |
exit 1 | |
fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment