Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(parameters): add feature for creating and updating Parameters and Secrets #2858

Merged
merged 85 commits into from
Mar 22, 2024
Merged

feat(parameters): add feature for creating and updating Parameters and Secrets #2858

merged 85 commits into from
Mar 22, 2024

Conversation

stephenbawks
Copy link
Contributor

@stephenbawks stephenbawks commented Jul 27, 2023
edited by leandrodamascena
Loading

Issue number: #2826

Summary

This PR boosts parameter and secret management by allowing updates and creations. With enhanced functionality, it allow users to efficiently manage existing parameters and secrets, while also facilitating the creation of new ones as needed.

User experience

Setting parameter

from aws_lambda_powertools.utilities import parameters
from aws_lambda_powertools.utilities.typing import LambdaContext


def lambda_handler(event: dict, context: LambdaContext) -> dict:
    try:
        # Set a single parameter, returns the version ID of the parameter
        parameter_version = parameters.set_parameter(name="/mySuper/Parameter", value="PowerToolsIsAwesome")

        return {"mySuperParameterVersion": parameter_version, "statusCode": 200}
    except parameters.exceptions.SetParameterError as error:
        return {"comments": None, "message": str(error), "statusCode": 400}

Setting secret

from typing import Any

from aws_lambda_powertools import Logger
from aws_lambda_powertools.utilities import parameters
from aws_lambda_powertools.utilities.typing import LambdaContext

logger = Logger(serialize_stacktrace=True)


def access_token(client_id: str, client_secret: str, audience: str) -> str:
    # example function that returns a JWT Access Token
    # add your own logic here
    return f"{client_id}.{client_secret}.{audience}"


def lambda_handler(event: dict, context: LambdaContext):
    try:
        client_id: Any = parameters.get_parameter("/aws-powertools/client_id")
        client_secret: Any = parameters.get_parameter("/aws-powertools/client_secret")
        audience: Any = parameters.get_parameter("/aws-powertools/audience")

        jwt_token = access_token(client_id=client_id, client_secret=client_secret, audience=audience)

        # set-secret will create a new secret if it doesn't exist and return the version id
        update_secret_version_id = parameters.set_secret(name="/aws-powertools/jwt_token", value=jwt_token)

        return {"access_token": "updated", "statusCode": 200, "update_secret_version_id": update_secret_version_id}
    except parameters.exceptions.SetSecretError as error:
        logger.exception(error)
        return {"access_token": "updated", "statusCode": 400}

Checklist

If your change doesn't seem to apply, please leave them unchecked.

Is this a breaking change?

RFC issue number:

Checklist:

  • Migration process documented
  • Implement warnings (if it can live side by side)

Acknowledgment

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

Disclaimer: We value your time and bandwidth. As such, any pull requests created on non-triaged issues might not be successful.

@pull-request-size pull-request-size bot added the size/L Denotes a PR that changes 100-499 lines, ignoring generated files. label Jul 27, 2023
@stephenbawks stephenbawks changed the title gotta start somewhere PowerTools: Allow Updating and Setting Parameters and Secrets Jul 27, 2023
@sonarqubecloud
Copy link

sonarqubecloud bot commented Aug 1, 2023

SonarCloud Quality Gate failed.    Quality Gate failed

Bug E 2 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot E 6 Security Hotspots
Code Smell A 23 Code Smells

No Coverage information No Coverage information
0.2% 0.2% Duplication

idea Catch issues before they fail your Quality Gate with our IDE extension sonarlint SonarLint

@leandrodamascena leandrodamascena changed the title PowerTools: Allow Updating and Setting Parameters and Secrets feat(parameters): Allow Updating and Setting Parameters and Secrets Aug 17, 2023
@leandrodamascena leandrodamascena mentioned this pull request Aug 17, 2023
Closed
2 tasks
@leandrodamascena leandrodamascena linked an issue Sep 4, 2023 that may be closed by this pull request
RFC: Setting SSM Parameters and Secret Manager Secrets #3040
Closed
5 tasks
@stephenbawks
Copy link
Contributor Author

@heitorlessa @aradyaron @leandrodamascena
Wondering if I can get a temperature check on this PR so far?

@heitorlessa
Copy link
Contributor

@sthulb would you be able to do a quick pass on UX?

I can look into it tomorrow afternoon (Boston time this week).

Hey @stephenbawks Leandro, Ruben and I are on events this week (delays) so we appreciate the nudge

@github-actions github-actions bot added feature New feature or functionality and removed documentation Improvements or additions to documentation labels Mar 21, 2024
@leandrodamascena
Copy link
Contributor

This PR is now ready for the final reviews before merging! Huge thanks to @stephenbawks and @heitorlessa for all their hard work and contributions!

Following some additional information about itens I've addressed:

Think whether we can have a better name for client_request_token (it'll be important if we support any provider)

We are working exclusively with AWS on this provider, if we have to extend to another provider from BaseProvider, we can think of another name for this provider, but I think client_request_token makes a lot of sense to be 100% following the SDK.

Think about creating a better return contract

Yes, it makes sense to return the dict that comes from the SDK so that the customer can choose what information he wants to use. For this, I created SetSecretResponse to help with the IDE's typing hit

Please let me know if you have any questions.

@boring-cyborg boring-cyborg bot added the documentation Improvements or additions to documentation label Mar 21, 2024
@github-actions github-actions bot removed the documentation Improvements or additions to documentation label Mar 21, 2024
@rubenfonseca
Copy link
Contributor

Starting reviewing now

rubenfonseca
rubenfonseca suggested changes Mar 21, 2024
View reviewed changes
Copy link
Contributor

@rubenfonseca rubenfonseca left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great job, first pass. Will look into the documentation on the next pass.

aws_lambda_powertools/utilities/parameters/base.py Show resolved Hide resolved
aws_lambda_powertools/utilities/parameters/exceptions.py Outdated Show resolved Hide resolved
aws_lambda_powertools/utilities/parameters/exceptions.py Outdated Show resolved Hide resolved
aws_lambda_powertools/utilities/parameters/secrets.py Outdated Show resolved Hide resolved
aws_lambda_powertools/utilities/parameters/secrets.py Show resolved Hide resolved
aws_lambda_powertools/utilities/parameters/secrets.py Outdated Show resolved Hide resolved
aws_lambda_powertools/utilities/parameters/secrets.py Show resolved Hide resolved
aws_lambda_powertools/utilities/parameters/ssm.py Outdated Show resolved Hide resolved
aws_lambda_powertools/utilities/parameters/ssm.py Outdated Show resolved Hide resolved
examples/parameters/src/getting_started_set_ssm_parameter_overwrite.py Outdated Show resolved Hide resolved
@boring-cyborg boring-cyborg bot added the documentation Improvements or additions to documentation label Mar 21, 2024
rubenfonseca
rubenfonseca previously approved these changes Mar 22, 2024
View reviewed changes
Copy link
Contributor

@rubenfonseca rubenfonseca left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just left two small things, otherwise approved!

docs/utilities/parameters.md Outdated Show resolved Hide resolved
docs/utilities/parameters.md Outdated Show resolved Hide resolved
@leandrodamascena leandrodamascena self-requested a review March 22, 2024 12:26
@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
1.5% Duplication on New Code

See analysis details on SonarCloud

@leandrodamascena leandrodamascena changed the title feat(parameters): Allow Updating and Setting Parameters and Secrets feat(parameters): add feature for adding and updating Parameters and Secrets Mar 22, 2024
@leandrodamascena leandrodamascena changed the title feat(parameters): add feature for adding and updating Parameters and Secrets feat(parameters): add feature for creating and updating Parameters and Secrets Mar 22, 2024
@github-actions github-actions bot removed the documentation Improvements or additions to documentation label Mar 22, 2024
@leandrodamascena leandrodamascena merged commit 43eac11 into aws-powertools:develop Mar 22, 2024
16 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@aradyaron aradyaron aradyaron left review comments

@heitorlessa heitorlessa heitorlessa left review comments

@leandrodamascena leandrodamascena leandrodamascena approved these changes

@rubenfonseca rubenfonseca rubenfonseca approved these changes

Assignees

@heitorlessa heitorlessa

Labels
feature New feature or functionality parameters Parameters utility size/XL Denotes a PR that changes 500-999 lines, ignoring generated files. tests
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

RFC: Setting SSM Parameters and Secret Manager Secrets
7 participants
@stephenbawks @heitorlessa @aradyaron @leandrodamascena @codecov-commenter @rubenfonseca @sthulb