feat: refactor / additional flag autoGenerateIamPermissions

.gitleaks.toml

@@ -0,0 +1,40 @@
+[extend]
+useDefault = true
+
+[[rules]]
+id = "generic-api-key"
+# all the other attributes from the default rule are inherited
+
+    [[rules.allowlists]]
+    regexTarget = "line"
+    regexes = [ 
+      '''objectKey''',
+      '''S3Key''',
+      '''SopsAgeKey''',
+      '''s3Key''',
+    ]
+
+[[rules]]
+id = "private-key"
+
+    [[rules.allowlists]]
+    regexTarget = "line"
+    regexes = [
+      '''(.*)OAdqlMznWINBDoyR\+PESgQJlUptwnh(.*)''',
+    ]
+
+[allowlist]
+description = "global allow list"
+paths = [
+  '''\.gitleaks\.toml''',
+  '''lambda/events/(.*?)json''',
+  '''lambda/__snapshots__/(.*?)snap''',
+  '''test-secrets/(.*?)(json|yaml|yml|env|binary)''',
+  '''test/(.*)\.integ\.snapshot/(.*?)json'''
+]
+
+regexTarget = "match"
+regexes = [
+  '''AGE-SECRET-KEY-1EFUWJ0G2XJTJFWTAM2DGMA4VCK3R05W58FSMHZP3MZQ0ZTAQEAFQC6T7T3''',
+]
+

CONTRIBUTING.md

@@ -2,4 +2,26 @@
 
 Thanks for your interest in our project. Contributions are welcome. Feel free to [open an issue](issues) with questions or reporting ideas and bugs, or [open pull requests](pulls) to contribute code.
 
-We are committed to fostering a welcoming, respectful, and harassment-free environment. Be kind!
+We are committed to fostering a welcoming, respectful, and harassment-free environment. Be kind!
+
+## How to buidl/deploy local
+
+Install all necessary tools with `yarn install` and others manually like `go`
+
+Build the go Lambda code:
+```
+./scripts/build.sh
+```
+Build the package (for CDK development only the first `js` build has to complete):
+```
+yarn projen build
+```
+Link the package:
+```
+yarn link
+```
+Switch to the path/project where you would like to use cdk-sops-secrets. \
+Link the package to your local build source:
+```
+yarn link "cdk-sops-secrets"
+```

lambda/events/event_create_s3_parameter_raw_simple.json

@@ -3,7 +3,6 @@
   "LogicalResourceId": "LogicalResourceId",
   "ResourceProperties": {
     "ResourceType": "PARAMETER",
-    "CreationType": "SINGLE",
     "ParameterName": "arn:aws:ssm:eu-central-1:123456789012:parameter/testsecret",
     "SopsS3File": {
       "Bucket": "..",

lambda/events/event_create_s3_parameter_yaml_complex.json

@@ -2,8 +2,7 @@
   "RequestType": "Create",
   "LogicalResourceId": "LogicalResourceId",
   "ResourceProperties": {
-    "ResourceType": "PARAMETER",
-    "CreationType": "MULTI",
+    "ResourceType": "PARAMETER_MULTI",
     "ParameterName": "arn:aws:ssm:eu-central-1:123456789012:parameter/testsecret",
     "SopsS3File": {
       "Bucket": "..",

lambda/events/event_create_s3_parameter_yaml_complex_custom_keys.json

@@ -2,8 +2,7 @@
   "RequestType": "Create",
   "LogicalResourceId": "LogicalResourceId",
   "ResourceProperties": {
-    "ResourceType": "PARAMETER",
-    "CreationType": "MULTI",
+    "ResourceType": "PARAMETER_MULTI",
     "ParameterName": "arn:aws:ssm:eu-central-1:123456789012:parameter/testsecret",
     "SopsS3File": {
       "Bucket": "..",

lambda/events/event_create_s3_secret_env_as_json_simple.json

@@ -3,7 +3,6 @@
   "LogicalResourceId": "LogicalResourceId",
   "ResourceProperties": {
     "ResourceType": "SECRET",
-    "CreationType": "SINGLE",
     "FlattenSeparator": ".",
     "SecretARN": "arn:aws:secretsmanager:eu-central-1:123456789012:secret:testsecret",
     "SopsS3File": {

lambda/events/event_create_s3_secret_env_simple.json

@@ -3,7 +3,6 @@
   "LogicalResourceId": "LogicalResourceId",
   "ResourceProperties": {
     "ResourceType": "SECRET",
-    "CreationType": "SINGLE",
     "FlattenSeparator": ".",
     "SecretARN": "arn:aws:secretsmanager:eu-central-1:123456789012:secret:testsecret",
     "SopsS3File": {

lambda/events/event_create_s3_secret_json_complex.json

@@ -3,7 +3,6 @@
   "LogicalResourceId": "LogicalResourceId",
   "ResourceProperties": {
     "ResourceType": "SECRET",
-    "CreationType": "SINGLE",
     "FlattenSeparator": ".",
     "SecretARN": "arn:aws:secretsmanager:eu-central-1:123456789012:secret:testsecret",
     "SopsS3File": {

lambda/events/event_create_s3_secret_json_complex_flat.json

@@ -3,7 +3,6 @@
   "LogicalResourceId": "LogicalResourceId",
   "ResourceProperties": {
     "ResourceType": "SECRET",
-    "CreationType": "SINGLE",
     "FlattenSeparator": ".",
     "SecretARN": "arn:aws:secretsmanager:eu-central-1:123456789012:secret:testsecret",
     "SopsS3File": {

lambda/events/event_create_s3_secret_json_complex_stringify.json

@@ -3,7 +3,6 @@
   "LogicalResourceId": "LogicalResourceId",
   "ResourceProperties": {
     "ResourceType": "SECRET",
-    "CreationType": "SINGLE",
     "FlattenSeparator": ".",
     "SecretARN": "arn:aws:secretsmanager:eu-central-1:123456789012:secret:testsecret",
     "SopsS3File": {

lambda/events/event_create_s3_secret_json_simple.json

@@ -3,7 +3,6 @@
   "LogicalResourceId": "LogicalResourceId",
   "ResourceProperties": {
     "ResourceType": "SECRET",
-    "CreationType": "SINGLE",
     "FlattenSeparator": ".",
     "SecretARN": "arn:aws:secretsmanager:eu-central-1:123456789012:secret:testsecret",
     "SopsS3File": {

lambda/events/event_create_s3_secret_raw_simple.json

@@ -3,7 +3,6 @@
   "LogicalResourceId": "LogicalResourceId",
   "ResourceProperties": {
     "ResourceType": "SECRET",
-    "CreationType": "SINGLE",
     "FlattenSeparator": ".",
     "SecretARN": "arn:aws:secretsmanager:eu-central-1:123456789012:secret:testsecret",
     "SopsS3File": {

lambda/events/event_create_s3_secret_yaml_as_json_complex.json

@@ -3,7 +3,6 @@
   "LogicalResourceId": "LogicalResourceId",
   "ResourceProperties": {
     "ResourceType": "SECRET",
-    "CreationType": "SINGLE",
     "FlattenSeparator": ".",
     "SecretARN": "arn:aws:secretsmanager:eu-central-1:123456789012:secret:testsecret",
     "SopsS3File": {

lambda/events/event_create_s3_secret_yaml_as_json_complex_flat.json

@@ -3,7 +3,6 @@
   "LogicalResourceId": "LogicalResourceId",
   "ResourceProperties": {
     "ResourceType": "SECRET",
-    "CreationType": "SINGLE",
     "FlattenSeparator": ".",
     "SecretARN": "arn:aws:secretsmanager:eu-central-1:123456789012:secret:testsecret",
     "SopsS3File": {

lambda/events/event_create_s3_secret_yaml_as_json_simple.json

@@ -3,7 +3,6 @@
   "LogicalResourceId": "LogicalResourceId",
   "ResourceProperties": {
     "ResourceType": "SECRET",
-    "CreationType": "SINGLE",
     "FlattenSeparator": ".",
     "SecretARN": "arn:aws:secretsmanager:eu-central-1:123456789012:secret:testsecret",
     "SopsS3File": {

lambda/events/event_create_s3_secret_yaml_complex.json

@@ -3,7 +3,6 @@
   "LogicalResourceId": "LogicalResourceId",
   "ResourceProperties": {
     "ResourceType": "SECRET",
-    "CreationType": "SINGLE",
     "FlattenSeparator": ".",
     "SecretARN": "arn:aws:secretsmanager:eu-central-1:123456789012:secret:testsecret",
     "SopsS3File": {

lambda/events/event_create_s3_secret_yaml_complex_flat.json

@@ -3,7 +3,6 @@
   "LogicalResourceId": "LogicalResourceId",
   "ResourceProperties": {
     "ResourceType": "SECRET",
-    "CreationType": "SINGLE",
     "FlattenSeparator": ".",
     "SecretARN": "arn:aws:secretsmanager:eu-central-1:123456789012:secret:testsecret",
     "SopsS3File": {

lambda/events/event_create_s3_secret_yaml_simple.json

@@ -3,7 +3,6 @@
   "LogicalResourceId": "LogicalResourceId",
   "ResourceProperties": {
     "ResourceType": "SECRET",
-    "CreationType": "SINGLE",
     "FlattenSeparator": ".",
     "SecretARN": "arn:aws:secretsmanager:eu-central-1:123456789012:secret:testsecret",
     "SopsS3File": {