forked from jericop/aws-secrets-manager-rotation-lambda
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathtest-images.sh
executable file
·122 lines (90 loc) · 4.44 KB
/
test-images.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
#!/bin/bash
# This integration script makes calls to aws and therefore the following environment variables must be set.
# SECRETS_MANAGER_ENDPOINT AWS_DEFAULT_REGION AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY AWS_SESSION_TOKEN
set -euo pipefail
for row in $(cat images.json | jq -r '.folders[] | @base64'); do
_jq() {
echo ${row} | base64 --decode | jq -r ${1}
}
engine=$(_jq '.engine')
db_image=$(_jq '.db_image')
function_name=$(_jq '.function_name')
folder=$(_jq '.folder')
system_packages=$(_jq '.install_system_packages') # returns 'null' if key is not present
python_packages=$(_jq '.python_packages') # returns 'null' if key is not present
tag=$(_jq '.tag')
image_uri="${1}:$tag"
echo "Testing $image_uri"
if [[ ! -d ~/.aws-lambda-rie ]]; then
mkdir ~/.aws-lambda-rie
curl -Lo ~/.aws-lambda-rie/aws-lambda-rie https://github.com/aws/aws-lambda-runtime-interface-emulator/releases/latest/download/aws-lambda-rie
chmod +x ~/.aws-lambda-rie/aws-lambda-rie
fi
username=user1
host=host.docker.internal
port=5432
dbname=postgres
image_uri_base64=$(echo $image_uri | base64)
test_id="${image_uri_base64:0:8}-$(date +%s)"
master_secret_name="aws-secrets-manager-rotation-lambda-test-master-$test_id"
master_secret_string_single_quote="{'username': 'postgres', 'password': 'postgres'}"
master_secret_string=$(echo $master_secret_string_single_quote | tr "'" '"')
master_secret_arn=${MASTER_SECRET_ARN:-}
test_source_file=.current-test
if [[ -f $test_source_file ]]; then
rm $test_source_file
fi
master_secret_arn=$(aws secretsmanager create-secret --name $master_secret_name --secret-string "$master_secret_string" | jq -r .ARN)
echo "export MASTER_SECRET_NAME=$master_secret_name" | tee -a $test_source_file
echo "export MASTER_SECRET_ARN=$master_secret_arn" | tee -a $test_source_file
client_request_token=request-0-3bfd-6413-b3ul-7502bdla2941
user_secret_name="aws-secrets-manager-rotation-lambda-test-user-$test_id"
user_secret_string_single_quote="{'engine': '$engine', 'host': '$host', 'port': $port, 'dbname': '$dbname', 'username': '$username', 'password': 'changeme', 'masterarn': '$master_secret_arn'}"
user_secret_string=$(echo $user_secret_string_single_quote | tr "'" '"')
user_secret_arn=$(aws secretsmanager create-secret --name $user_secret_name --client-request-token $client_request_token --secret-string "$user_secret_string" | jq -r .ARN)
echo "export USER_SECRET_NAME=$user_secret_name" | tee -a $test_source_file
echo "export USER_SECRET_ARN=$user_secret_arn" | tee -a $test_source_file
echo "export DB_IMAGE=$db_image" | tee -a $test_source_file
echo "export DB_ENGINE=$engine" | tee -a $test_source_file
# Run the lambda interface emulator from the lambda function image
docker container inspect aws-lambda-rie > /dev/null 2>&1 || \
docker run -q -d --rm -p 9000:8080 \
--add-host=host.docker.internal:host-gateway \
--name aws-lambda-rie \
--env SECRETS_MANAGER_ENDPOINT \
--env AWS_DEFAULT_REGION \
--env AWS_ACCESS_KEY_ID \
--env AWS_SECRET_ACCESS_KEY \
--env AWS_SESSION_TOKEN \
-v ./$folder:/workspace \
-v ~/.aws-lambda-rie:/aws-lambda \
--entrypoint launcher \
$image_uri \
/aws-lambda/aws-lambda-rie python -m awslambdaric $function_name \
> /dev/null 2>&1
docker container inspect aws-lambda-rie-test-db > /dev/null 2>&1 || \
docker run -q -d --rm -p 5432:5432 \
--name aws-lambda-rie-test-db \
--env POSTGRES_USER=postgres \
--env POSTGRES_PASSWORD=postgres \
$db_image \
> /dev/null 2>&1
sleep 4
source $test_source_file
aws secretsmanager describe-secret --secret-id $user_secret_name
if echo $tag | grep -q multi; then
IS_MULTI_USER=true NEW_PASSWORD=newPassword1 REQUEST_NUM=1 ./test-rotate.sh
NEW_PASSWORD=newPassword2 REQUEST_NUM=2 ./test-rotate.sh
IS_MULTI_USER=true NEW_PASSWORD=newPassword3 REQUEST_NUM=3 ./test-rotate.sh
else
NEW_PASSWORD=newPassword1 REQUEST_NUM=1 ./test-rotate.sh
NEW_PASSWORD=newPassword2 REQUEST_NUM=2 ./test-rotate.sh
NEW_PASSWORD=newPassword3 REQUEST_NUM=3 ./test-rotate.sh
fi
docker kill aws-lambda-rie && docker kill aws-lambda-rie-test-db
sleep 2
aws secretsmanager delete-secret --secret-id $master_secret_name --force-delete-without-recovery
aws secretsmanager delete-secret --secret-id $user_secret_name --force-delete-without-recovery
rm $test_source_file
sleep 2
done