handler

package module
v0.2.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 12, 2018 License: MIT Imports: 20 Imported by: 1

README

concourse-github-lambda

Build Status

Lambda function to rotate Github deploy keys used by Concourse teams. See the terraform subdirectory for an example that should work (with minimal effort).

Why?

Our CI/CD (in our case Concourse) needs deploy keys to fetch code from Github. Instead of having teams do this manually, we can use this Lambda and simply pass a list of repositories that the team requires access to, and deploy keys will be generated and written to Secrets Manager (where it is available to their pipelines).

How?

  1. This Lambda function is deployed to the same account as our Concourse.
  2. It is given a personal access key tied to a machine user.
  3. A team adds a CloudWatch event rule with the configuration for which repositories they need access to.
  4. Lambda creates a deploy key and rotates it every 7 days.

Usage

Be in the root directory:

make release

You should now have a zipped Lambda function. Next, edit terraform/example.tf to your liking. When done, be in the terraform directory:

terraform init
terraform apply

NOTE: The aws/secretsmanager KMS Key Alias has to be created/exist before the lambda is deployed.

Team configuration

Example configuration for a Team (which is then passed as input in the CloudWatch event rule):

{
  "name": "example-team",
  "repositories": [
    {
      "name": "concourse-github-lambda",
      "owner": "telia-oss",
      "readOnly": "true"
    }
  ]
}

When the function is triggered with the above input, it will create a deploy key for telia-oss/concourse-github-lambda and write the private key to /concourse/example-team/concourse-github-lambda-deploy-key.

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func New 

func New(manager *Manager, secretTemplate, titleTemplate string, logger *logrus.Logger) func(Team) error

New lambda handler with the provided settings.

Types

type BooleanString 

type BooleanString bool

BooleanString because terraform has their own booleans.

func (*BooleanString) UnmarshalJSON 

func (b *BooleanString) UnmarshalJSON(data []byte) error

UnmarshalJSON for terraform booleans..

type EC2Manager 

type EC2Manager ec2iface.EC2API

EC2Manager for testing purposes.

type GithubManager 

type GithubManager interface {
	ListKeys(ctx context.Context, owner string, repo string, opt *github.ListOptions) ([]*github.Key, *github.Response, error)
	CreateKey(ctx context.Context, owner string, repo string, key *github.Key) (*github.Key, *github.Response, error)
	DeleteKey(ctx context.Context, owner string, repo string, id int) (*github.Response, error)
}

GithubManager for testing purposes

type Manager 

type Manager struct {
	// contains filtered or unexported fields
}

Manager handles API calls to AWS.

func NewManager 

func NewManager(sess *session.Session, region, token string) *Manager

NewManager creates a new manager from a session, region and Github access token.

func NewTestManager 

func NewTestManager(g GithubManager, s SecretsManager, e EC2Manager) *Manager

NewTestManager ...

func (*Manager) CreateKey 

func (m *Manager) CreateKey(repository Repository, title, publicKey string) error

CreateKey for a repository.

func (*Manager) DeleteKey 

func (m *Manager) DeleteKey(repository Repository, id int) error

DeleteKey for a repository.

func (*Manager) GenerateKeyPair 

func (m *Manager) GenerateKeyPair(title string) (privateKey string, publicKey string, err error)

GenerateKeyPair to use as deploy key.

func (*Manager) ListKeys 

func (m *Manager) ListKeys(repository Repository) ([]*github.Key, error)

ListKeys for a repository.

func (*Manager) WriteSecret 

func (m *Manager) WriteSecret(name, secret string) error

WriteSecret to secrets manager.

type Repository 

type Repository struct {
	Name     string        `json:"name"`
	Owner    string        `json:"owner"`
	ReadOnly BooleanString `json:"readOnly"`
}

Repository represents the configuration of a repository.

type SecretsManager 

type SecretsManager secretsmanageriface.SecretsManagerAPI

SecretsManager for testing purposes.

type Team 

type Team struct {
	Name         string       `json:"name"`
	Repositories []Repository `json:"repositories"`
}

Team represents the configuration for a single CI/CD team.

type Template 

type Template struct {
	Team       string
	Repository string
	Template   string
}

Template ...

func NewTemplate 

func NewTemplate(team, repository, template string) *Template

NewTemplate for github key title and secrets manager path.

func (*Template) String 

func (p *Template) String() (string, error)

Source Files

View all Source files

Directories

Path Synopsis
Package mocks is a generated GoMock package.
 Package mocks is a generated GoMock package.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.