Adds awsparam / awssecret operator

[mikesimons]

Hey folks,

Wondering if you're interested in this feature? It adds awsparam / awssecret operator that behaves like the vault operator except it's AWS ParameterStore and AWS SecretsManager.

Basic usage looks like:

test: (( awsparam "/some/param/store/path" ))
other: (( awssecret "some/secret/name/or/arn" ))

It implements a couple of extra bits as querystring type args. For instance, it's common for both paramstore and secretsmanager to contain JSON blobs so you can append awssecret "some/secret/name/or/arn?key=some_key" to extract a single field of that. Secretsmanager also has stages & versions so you could get the previous version of the field above like awssecret "some/secret/name/or/arn?key=some_key&stage=AWSPREVIOUS.

Configuration of the AWS client is done through AWS_PROFILE / AWS_REGION / AWS_ROLE env vars.

This PR is only code + tests but I can do the docs if you'd be interested in accepting it (otherwise we'll just keep a fork).

[mikesimons]

Uff; I don't know how to please the travis godeps beastie. godep go test works on my machine :(

[geofffranks]

Travis looks upset because all the vendor dependencies are now missing from the repo in this commit, maybe try re-installing them all to vendor + committing that?

Looks promising though, happy to see some docs on it and do a deeper dive on the PR and merge it in

[mikesimons]

I've added comments to op_aws.go and documentation in doc/operator.md with links to separate example docs that have more info on each including the stage / version stuff for secretsmanager, using aws roles / profiles and IAM permissions required.

This PR obviously introduces a dependency on the AWS SDK but also (transiently) jmespath/go-jmespath. The only other dep change was an update to jtolds/gls because 1.12 broke it somehow (which meant tests were all broken).

If you'd like to see more docs on a specific area please let me know.

Thanks for your time 😃

/cc @geofffranks

[mikesimons]

:tada: Awesome! Thanks @geofffranks :tada: