Bash script to update aws ssm parameters from a yaml file

aws-parameters

#!/bin/bash
tmp=$(mktemp -d -t tmp.XXXXXXXXXX)
function finish {
  rm -rf "$tmp"
}
trap finish EXIT

OPTS=""
if [[ $1 == --region ]]; then
  OPTS="--region $2"
  shift 2
fi

if test -t 1; then
  ncolors=$(tput colors)
  if [[ -n "$ncolors" && $ncolors -ge 8 ]]; then
    reset="$(tput sgr0)"
    black="$(tput setaf 0)"
    red="$(tput setaf 1)"
    green="$(tput setaf 2)"
    yellow="$(tput setaf 3)"
    blue="$(tput setaf 4)"
    magenta="$(tput setaf 5)"
    cyan="$(tput setaf 6)"
    white="$(tput setaf 7)"
  fi
fi

isverbose=true
function error { echo $red"$@"$reset >&2; }
function info { echo $blue"$@"$reset; }
function success { echo $green"$@"$reset; }
function verbose { if $isverbose; then echo $yellow"$@"$reset; fi }

function checklogin {
  if ! aws sts get-caller-identity 2>/dev/null >/dev/null; then
    echo "bailing out. you are not logged in to the aws cli."
    exit 1
  fi
}

function get {
  p=($(aws ssm describe-parameters $OPTS | yq -P -o y '[.Parameters][0][] | .Name'))
  o=0
  n=10
  while [[ -n "${p[@]:$o:$n}" ]]; do
    names=${p[@]:$o:$n}
    aws ssm get-parameters $OPTS "$r" --names $names | yq -P -o y '[.Parameters][0][] as $item ireduce({};.[$item|.Name] = ($item|.Value))'
    o=$(($o+$n))
  done
}

function add-param {
  mode=$1
  k=$2
  n=$3
  case $mode in
    diff)
      echo ${green}"+ $k": "$n"${reset}
      ;;
    dry-run)
      echo aws ssm put-parameter $OPTS --name "\"$k\"" --value "\"$n\"" --type String
      ;;
    run)
      verbose aws ssm put-parameter $OPTS --name "\"$k\"" --value "\"$n\"" --type String
      aws ssm put-parameter $OPTS --name "$k" --value "$n" --type String
      ;;
  esac
}
function delete-param {
  mode=$1
  k=$2
  o=$3
  case $mode in
    diff)
      echo ${red}"- $k": "$o"${reset}
      ;;
    dry-run)
      echo aws ssm delete-parameter $OPTS --name "\"$k\""
      ;;
    run)
      verbose aws ssm delete-parameter $OPTS --name "\"$k\""
      aws ssm put-parameter $OPTS --name "$k"
      ;;
  esac
}
function update-param {
  mode=$1
  k=$2
  o=$3
  n=$4
  case $mode in
    diff)
      echo ${red}"- $k": "$o"${reset}
      echo ${green}"- $k": "$n"${reset}
      ;;
    dry-run)
      echo aws ssm put-parameter $OPTS --name "\"$k\"" --value "\"$n\"" --type String --overwrite
      ;;
    run)
      verbose aws ssm put-parameter $OPTS --name "\"$k\"" --value "\"$n\"" --type String --overwrite
      aws ssm put-parameter $OPTS --name "$k" --value "$n" --type String --overwrite
      ;;
  esac
}

function apply {
  mode=$1
  oldf=$2
  newf=$3
  nochange=1
  out=$tmp/out

  # look for changed or removed values
  yq '.[] | key + " " + @sh' $oldf > $tmp/out
  while read k oldv; do
    newv=$(yq ".$k" $newf)
    if [[ "$newv" == "null" ]]; then
      delete-param $mode $k $oldv
      nochange=0
    elif [[ "$newv" != "$oldv" ]]; then
      update-param $mode $k $oldv $newv
      nochange=0
    fi
  done < $out

  # look for added values
  yq '.[] | key + " " + @sh' $newf > $out
  while read k newv; do
    oldv=$(yq ".$k" $oldf)
    if [[ "$oldv" == "null" ]]; then
      add-param $mode $k $newv
      nochange=0
    fi
  done < $out

  return $nochange
}

if [[ "$1" == "get" && $# -eq 1 ]]; then

  checklogin
  get

elif [[ "$1" == "diff" && $# -eq 2 ]]; then

  checklogin
  get > $tmp/data.yaml
  apply diff $tmp/data.yaml $2

elif [[ "$1" == "put" && $# -eq 2 ]]; then

  checklogin
  get > $tmp/data.yaml
  if apply diff $tmp/data.yaml $2; then

    while true; do
      read -p "apply changes? (yN) " yn
      case $(tr '[A-Z]' '[a-z]' <<< $yn) in
        y|yes) break;;
        n|no|"") echo "bailing out."; exit;;
        *) echo "expecting yes or no";;
      esac
    done

    apply run $tmp/data.yaml $2
  else
    echo "bailing out. no changes."
  fi

else

  cat << EOF
${red}Usage:
  ./aws-parameters get              # get values
  ./aws-parameters diff <data.yaml> # show differences
  ./aws-parameters put <data.yaml>  # show and apply differences${reset}
EOF
  exit 1

fi