Merge pull request #54982 from mchugh19/port-50215

master-port 50215 and 51943
saltstack · Dec 27, 2019 · 2186c34 · 2186c34
2 parents 3548367 + 0abdf1a
commit 2186c34
Show file tree

Hide file tree

Showing 4 changed files with 132 additions and 6 deletions.
diff --git a/doc/topics/releases/neon.rst b/doc/topics/releases/neon.rst
@@ -142,6 +142,11 @@ State Changes
 - Added new :py:func:`ssh_auth.manage <salt.states.ssh_auth.manage>` state to
   ensure only the specified ssh keys are present for the specified user.
 
+Module Changes
+==============
+
+- Added new :py:func:`boto_ssm <salt.modules.boto_ssm>` module to set and query
+  secrets in AWS SSM parameters.
 
 Deprecations
 ============

diff --git a/salt/engines/logentries.py b/salt/engines/logentries.py
@@ -29,9 +29,9 @@
 
         engines:
           - logentries:
-            endpoint: data.logentries.com
-            port: 10000
-            token: 057af3e2-1c05-47c5-882a-5cd644655dbf
+              endpoint: data.logentries.com
+              port: 10000
+              token: 057af3e2-1c05-47c5-882a-5cd644655dbf
 
 The 'token' can be obtained from the Logentries service.
 

diff --git a/salt/engines/logstash_engine.py b/salt/engines/logstash_engine.py
@@ -13,9 +13,9 @@
 
         engines:
           - logstash:
-            host: log.my_network.com
-            port: 5959
-            proto: tcp
+              host: log.my_network.com
+              port: 5959
+              proto: tcp
 
 :depends: logstash
 '''

diff --git a/salt/modules/boto_ssm.py b/salt/modules/boto_ssm.py
@@ -0,0 +1,121 @@
+# -*- coding: utf-8 -*-
+'''
+Connection module for Amazon SSM
+
+:configuration: This module uses IAM roles assigned to the instance through
+    Instance Profiles. Dynamic credentials are then automatically obtained
+    from AWS API and no further configuration is necessary. More Information
+    available at:
+
+    .. code-block:: text
+
+        http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html
+
+:depends: boto3
+'''
+# Import Python libs
+from __future__ import absolute_import, print_function, unicode_literals
+import logging
+
+# Import Salt libs
+import salt.utils.versions
+import salt.utils.json as json
+
+log = logging.getLogger(__name__)
+
+
+def __virtual__():
+    '''
+    Only load if boto libraries exist.
+    '''
+    has_boto_reqs = salt.utils.versions.check_boto_reqs()
+    if has_boto_reqs is True:
+        __utils__['boto3.assign_funcs'](__name__, 'ssm')
+    return has_boto_reqs
+
+
+def get_parameter(name, withdecryption=False, resp_json=False, region=None, key=None, keyid=None, profile=None):
+    '''
+    Retrives a parameter from SSM Parameter Store
+
+    .. versionadded:: Neon
+
+    .. code-block:: text
+
+        salt-call boto_ssm.get_parameter test-param withdescription=True
+    '''
+    conn = __utils__['boto3.get_connection']('ssm', region=region, key=key, keyid=keyid, profile=profile)
+    try:
+        resp = conn.get_parameter(Name=name, WithDecryption=withdecryption)
+    except conn.exceptions.ParameterNotFound:
+        log.warning("get_parameter: Unable to locate name: %s", name)
+        return False
+
+    if resp_json:
+        return json.loads(resp['Parameter']['Value'])
+    else:
+        return resp['Parameter']['Value']
+
+
+def put_parameter(Name,
+                  Value,
+                  Description=None,
+                  Type='String',
+                  KeyId=None,
+                  Overwrite=False,
+                  AllowedPattern=None,
+                  region=None,
+                  key=None,
+                  keyid=None,
+                  profile=None):
+    '''
+    Sets a parameter in the SSM parameter store
+
+    .. versionadded:: Neon
+
+    .. code-block:: text
+
+        salt-call boto_ssm.put_parameter test-param test_value Type=SecureString KeyId=alias/aws/ssm Description='test encrypted key'
+    '''
+    conn = __utils__['boto3.get_connection']('ssm', region=region, key=key, keyid=keyid, profile=profile)
+    if Type not in ('String', 'StringList', 'SecureString'):
+        raise AssertionError('Type needs to be String|StringList|SecureString')
+    if Type == 'SecureString' and not KeyId:
+        raise AssertionError('Require KeyId with SecureString')
+
+    boto_args = {}
+    if Description:
+        boto_args['Description'] = Description
+    if KeyId:
+        boto_args['KeyId'] = KeyId
+    if AllowedPattern:
+        boto_args['AllowedPattern'] = AllowedPattern
+
+    try:
+        resp = conn.put_parameter(Name=Name, Value=Value, Type=Type, Overwrite=Overwrite, **boto_args)
+    except conn.exceptions.ParameterAlreadyExists:
+        log.warning("The parameter already exists."
+                    " To overwrite this value, set the Overwrite option in the request to True")
+        return False
+    return resp['Version']
+
+
+def delete_parameter(Name, region=None, key=None, keyid=None, profile=None):
+    '''
+    Removes a parameter from the SSM parameter store
+
+    .. versionadded:: Neon
+
+    .. code-block:: text
+        salt-call boto_ssm.delete_parameter test-param
+    '''
+    conn = __utils__['boto3.get_connection']('ssm', region=region, key=key, keyid=keyid, profile=profile)
+    try:
+        resp = conn.delete_parameter(Name=Name)
+    except conn.exceptions.ParameterNotFound:
+        log.warning("delete_parameter: Unable to locate name: %s", Name)
+        return False
+    if resp['ResponseMetadata']['HTTPStatusCode'] == 200:
+        return True
+    else:
+        return False