boxboat / dockcmd Goto Github PK
View Code? Open in Web Editor NEWCLI tool providing a collection of commands to facilitate DevOps and accelerate CI/CD
License: Apache License 2.0
CLI tool providing a collection of commands to facilitate DevOps and accelerate CI/CD
License: Apache License 2.0
Add support for TLS Cert Auth
Add support for assumed roles specified in .aws/config
.
Add support for AWS Systems Manager Parameter Store
Sign dockcmd
releases
On macOS Catalina, the binary cannot be executed until you Right Click Open from Finder.
We should update the build so that the binary is signed and can be trusted
For commands that process go templates (get-secrets
commands). Add the ability to pass in values like the helm cli does with --set
and --values
. Values yaml files will be processed first and then --set
will be merged down. Current --set
functionality will remain unchanged but this will expand on that ability by mirroring the helm cli parameter passing. This will further enhance #21 use cases.
Add dockcmd gotpl
to process text files containing go templates. Behavior is identical to get-secrets
based commands except that it will not require access to a secrets backend.
Add support for the Helm toYaml
function. This function is not in the standard Go template language nor the Sprig library.
toYaml
is an extra function that Helm adds to its templating engine:
https://github.com/helm/helm/blob/master/pkg/engine/funcs.go#L52
dockcmd
currently has a hard-coded list of credentials providers which doesn't support the WebIdentityRoleProvider
needed for IRSA to work as expected.
https://github.com/boxboat/dockcmd/blob/master/cmd/aws/aws.go#L126
var creds = sess.Config.Credentials
if o.useChainCredentials {
creds = credentials.NewChainCredentials(
[]credentials.Provider{
&credentials.EnvProvider{},
&credentials.SharedCredentialsProvider{
Profile: o.profile,
},
&ec2rolecreds.EC2RoleProvider{
Client: ec2metadata.New(sess),
},
&SessionProvider{
Session: sess,
},
})
} else {
if o.accessKeyID == "" || o.secretAccessKey == "" {
return nil, errors.New("no aws credentials provided")
}
creds = credentials.NewStaticCredentials(o.accessKeyID, o.secretAccessKey, "")
}
I think the entire true section of the block that re-configures the chain of credentials providers can be removed so that it uses the SDK default chain, which already supports IRSA. I'm assuming there was a reason that the custom chain of credentials providers was originally added, but it's not clear what that reason is.
@boxboatmatt Can the custom credentials chain be removed when useChainCredentials
is true?
Add jenkins parse-secrets
dockcmd vault get-secrets
fails with Could not convert vault response [%s][%s] to string
(code link) if the secret was created with KV V2 (versioned secret).
V2 secrets need to read values from data.data.key
instead of data.key
. Either allowing the user to specify the version type in the template, or even better, automatically attempting to parse a level deeper if it fails at the data.key
check would allow users to read both v1 and v2 secrets
Update go version to 1.15
AWS Secrets Manager supports storing a text secret that is not json - add a new function awsText
and alias awsJson
=aws
method
Add support for Azure Key vault
Change print message "Using config file: $HOME/.dockcmd.yaml"
to debug only
A dockcmd release should be published for the arm64 architecture
Creating multi-arch docker images and publishing to Docker Hub would allow downstream docker multi-arch images to copy the correct binary in with:
FROM --platform=${TARGETPLATFORM} boxboat/dockcmd:latest as dockcmd
COPY --from dockcmd /bin/dockcmd /usr/local/bin/dockcmd
dockcmd aws get-secrets --edit-in-place for a list of files is not functioning properly in v1.6.0
and v1.7.0
Create a registry
command that allows for cleaning up old images.
Allow the version to be specified for each of the secrets backends (except for vault v1 kv stores - due to no version support). If the secret name is suffixed with ?version=<version>
retrieve that particular version from the secrets backend.
Update the secrets cache to store the whole secret not just the referenced key. For example:
foo:
{
"bravo": "secret-value",
"charlie": "secret-value"
}
{{ (aws "foo" "bravo") }}
currently would only cache foo[bravo]
, should cache contents of foo
instead
Add support for GCP Secrets Manager
Add the ability to also parse environment variables for the get-secrets
functions. Something like:
{{ env <VAR_NAME> }}
Update dockcmd to use travis ci
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.