1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179

use log::{error, info};
use rusoto_ssm::GetParameterRequest;
use rusoto_ssm::PutParameterRequest;
use rusoto_ssm::{Ssm, SsmClient};
use std::option::NoneError;

/// Parameter struct
pub struct Parameter {
    /// `name` corresponds to the AWS parameter name
    pub name: String,
    /// `value` is the parameter's value, stored as a String
    pub value: String,
    /// `description` is extra text used to clarify the use of a parameter
    pub description: String,
    /// 'is_secure' toggles whether the parameter should be encrypted
    pub is_secure: bool,
}

impl Parameter {
    /// Updates a parameter
    ///
    /// # Example
    ///
    /// ```
    /// use aws_parameter_update::Parameter;
    /// use rusoto_core::Region;
    /// use rusoto_ssm::SsmClient;
    ///
    /// let client = SsmClient::new(Region::UsWest2);
    ///
    /// let parameter = Parameter {
    ///     name: "name".to_string(),
    ///     value: "value".to_string(),
    ///     description: "description".to_string(),
    ///     is_secure: true
    /// };
    ///
    /// match parameter.update(&client) {
    ///     Ok(parameter_name) => println!("Parameter {} processed", parameter_name),
    ///     Err(_error) => println!("Parameter not updated"),
    /// }
    /// ```
    pub fn update(&self, client: &SsmClient) -> Result<String, NoneError> {
        if self.needs_updating(client)? {
            info!("Parameter {} needs updating", self.name);

            let parameter_request = self.to_put_parameter_request();

            match client.put_parameter(parameter_request).sync() {
                Ok(_parameter_result) => info!("Parameter {} successfully updated", self.name),
                Err(error) => error!("Parameter {} failed to update: {}", self.name, error),
            }
        } else {
            info!("Parameter {} does not need updating", self.name);
        }

        Ok(self.name.clone())
    }

    fn needs_updating(&self, client: &SsmClient) -> Result<bool, NoneError> {
        match client.get_parameter(self.to_get_parameter_request()).sync() {
            Ok(parameter_result) => {
                let existing_value = parameter_result.parameter?.value?;

                info!(
                    "Found parameter {} with existing value: {}",
                    self.name, existing_value
                );

                Ok(self.value != existing_value)
            }
            Err(error) => {
                error!("Could not retreive parameter {}: {:?}", self.name, error);
                Err(std::option::NoneError)
            }
        }
    }

    fn to_get_parameter_request(&self) -> GetParameterRequest {
        GetParameterRequest {
            name: self.name.clone(),
            with_decryption: Some(true), // always decrypt so we can comepare existing and new values
        }
    }

    fn to_put_parameter_request(&self) -> PutParameterRequest {
        PutParameterRequest {
            name: self.name.clone(),
            value: self.value.clone(),
            description: Some(self.description.clone()),
            type_: if self.is_secure {
                String::from("SecureString")
            } else {
                String::from("String")
            },
            overwrite: Some(true), // always overwrite or this utility is useless
            allowed_pattern: None,
            key_id: None,
            policies: None,
            tags: None,
            tier: None,
        }
    }
}

#[cfg(test)]
mod tests {
    use crate::parameter::Parameter;

    #[test]
    fn get_parameter_request_sets_with_decryption_true() {
        let secure_parameter: Parameter = Parameter {
            name: "test_name".to_string(),
            value: "test_value".to_string(),
            description: "test_description".to_string(),
            is_secure: true,
        };

        let request = secure_parameter.to_get_parameter_request();

        assert_eq!(request.with_decryption.unwrap(), true);
    }

    #[test]
    fn get_parameter_request_sets_name() {
        let secure_parameter: Parameter = Parameter {
            name: "test_name".to_string(),
            value: "test_value".to_string(),
            description: "test_description".to_string(),
            is_secure: true,
        };

        let request = secure_parameter.to_get_parameter_request();

        assert_eq!(request.name, "test_name".to_string());
    }

    #[test]
    fn put_parameter_request_sets_overwrite_true() {
        let secure_parameter: Parameter = Parameter {
            name: "test_name".to_string(),
            value: "test_value".to_string(),
            description: "test_description".to_string(),
            is_secure: true,
        };

        let request = secure_parameter.to_put_parameter_request();

        assert_eq!(request.overwrite.unwrap(), true);
    }

    #[test]
    fn put_parameter_request_is_secure_sets_type_secure_string() {
        let secure_parameter: Parameter = Parameter {
            name: "test_name".to_string(),
            value: "test_value".to_string(),
            description: "test_description".to_string(),
            is_secure: true,
        };

        let request = secure_parameter.to_put_parameter_request();

        assert_eq!(request.type_, "SecureString");
    }

    #[test]
    fn put_parameter_request_is_not_secure_sets_type_string() {
        let secure_parameter: Parameter = Parameter {
            name: "test_name".to_string(),
            value: "test_value".to_string(),
            description: "test_description".to_string(),
            is_secure: false,
        };

        let request = secure_parameter.to_put_parameter_request();

        assert_eq!(request.type_, "String");
    }
}