This PR is built on #18 (for easy merging) but is mostly unrelated. It introduces a variety of improvements to the storage engines (i.e. YAMLFile and ParamterStore) with related changes to the CLI experience:
YAMLFile accepts a root_path kwarg (default=/, env variable SSM_YAML_ROOT). The root of the YAML file will be equivalent to this path in the Parameter Store when reading and writing (closes #11).
ParameterStore accepts a no_secure kwarg (default=False, env variable SSM_NO_SECURE). If true, it will not request secure parameters from ParameterStore (closes #13)
ParameterStore coerces basic types (e.g. int, float, NoneType) so a YAML integer and SSM string are recognized as a match if they're otherwise equal.
ParameterStore now supports the StringList type (i.e. a list of strings) and is more aggressive about type checking.
The -p flag has been converted to the env variable SSM_PATHS to increase safety (resolves #15). The env variable accepts : and ; as separators (the kwarg expects a tuple/list/set).
However, the more significant improvement is the introduction of metadata in the YAML files. YAML files now store the root_path, paths and no_secure settings used to generate them. If a subsequent command attempts to use the file with incompatible configurations, it will throw an exception.
This is a more general solution to my concerns in #15. It can be extended to cover all relevant parameters, whether used through the CLI or programmatically. For example, it prevents the following sequence of events:
> set SSM_PATHS=/my/deep/path
> ssh-diff init
# close the command prompt and reopen, implicitly resetting the PATHS env variable:
> set SSM_PATHS=/
# anything outside /my/deep/path would be deleted
> ssh-diff apply
ValueError: Path / was not included in this file when it was created.
However, it's smart enough to permit subsets of the original scope:
> set PATHS=/
> ssh-diff init
# because this path is contained in our original scope, it's "safe" to update that branch
> set PATHS=/test
# change /other/key and /test/child/key
# PATHS continues to limit updates to the relevant branch
> ssh-diff plan
~/test/child/key:
< original
> changed
P.S. This PR may contain small fixes to previous PRs.
EDIT: Encapsulated the type checking and coercion in ParameterStore. I had originally implemented it in the DiffResolver, but realized that ParameterStore is really the limiting factor here. In theory, you could use the DiffResolver with a less restrictive endpoint (Azure? Vault? AWS Secrets?) and might want different coercion and type checking.
This PR is built on #18 (for easy merging) but is mostly unrelated. It introduces a variety of improvements to the storage engines (i.e.
YAMLFileandParamterStore) with related changes to the CLI experience:YAMLFileaccepts aroot_pathkwarg (default=/, env variableSSM_YAML_ROOT). The root of the YAML file will be equivalent to this path in the Parameter Store when reading and writing (closes #11).ParameterStoreaccepts ano_securekwarg (default=False, env variableSSM_NO_SECURE). If true, it will not request secure parameters from ParameterStore (closes #13)ParameterStorecoerces basic types (e.g.int,float,NoneType) so a YAML integer and SSM string are recognized as a match if they're otherwise equal.ParameterStorenow supports theStringListtype (i.e. a list of strings) and is more aggressive about type checking.-pflag has been converted to the env variableSSM_PATHSto increase safety (resolves #15). The env variable accepts:and;as separators (the kwarg expects atuple/list/set).However, the more significant improvement is the introduction of metadata in the YAML files. YAML files now store the
root_path,pathsandno_securesettings used to generate them. If a subsequent command attempts to use the file with incompatible configurations, it will throw an exception.This is a more general solution to my concerns in #15. It can be extended to cover all relevant parameters, whether used through the CLI or programmatically. For example, it prevents the following sequence of events:
However, it's smart enough to permit subsets of the original scope:
P.S. This PR may contain small fixes to previous PRs.
EDIT: Encapsulated the type checking and coercion in
ParameterStore. I had originally implemented it in the DiffResolver, but realized thatParameterStoreis really the limiting factor here. In theory, you could use theDiffResolverwith a less restrictive endpoint (Azure? Vault? AWS Secrets?) and might want different coercion and type checking.