Add ability to deploy configs from the configuration file

Question

Add ability to deploy configs from the configuration file

adikari opened this issue 2 years ago · 4 comments

It would be nice to have a configuration file to manage an application's configuration file where all the configs are defined. Then, when you run chamber run, it reads all the configuration in the configuration file and deploys to ssm.

I built a tool called oprah a while back which allowed exactly that. The configuration could look something like:

provider: ssm

defaults:
  path: /${STAGE}/gateway/

params:
  - name: DB_NAME
    description: 'database name'
    value: database-name
    override:
      production: production-database-name
      staging: staging-database-name

  - name: DB_PASSWORD
    description: 'database password'
    secret: true

  - name: DB_PORT
    required: false

  - name: DATADOG_API_KEY
    path: /shared/
    secret: true

With the above config all configs would be deployed under path /stage/gateway and would look something like /stage/gateway/DB_NAME. For any configs which has overwritten path then the default prefix would not be used.

For the non-secret configs, you can simply put the value in the file. For the secrets, the chamber will prompt the user to enter the value during the run.

Let me know what your thoughts are regarding this feature and if that's something you would like to add to the chamber. I am happy to work on it if that's something you would consider.

Thanks

Answer 1 · 2022-10-06T17:33:32.000Z

Hey @adikari, thanks for your suggestion! we've got a chamber import command already. Could I ask how your suggestion differs from this?

Answer 2 · 2022-10-06T21:30:36.000Z

It's mainly for secret values. Import command requires file to contain the secret value. You also can't add the file to import in your git history. With my suggestion the config file acts as one file you can go and lookup all the configs your app uses.

With this approach you specify what secrets you want for your app. Then during secret push if the secret is missing in ssm, it will throw an error. Or you can run in interactive mode where it will prompt you to enter the value which it then pushes to ssm but not store in the config file.

You can then use this feature in the deploy pipeline of your application which ensures all the secrets are available. If not the build will fail.

Answer 3 · 2022-10-24T17:41:48.000Z

Hi @adikari, sorry for the delay in replying.

We appreciate your feature request to improve the import command, but at this moment we don't have capacity to develop and release this feature. This use case is interesting but we also have not seen other chamber users mentioning it, so we don't think it's worth investing time on this right now.

If you really need this feature, I strongly recommend you to fork chamber and develop according to your needs.

Answer 4 · 2022-10-25T05:50:03.000Z

@rikez that's totally understandable. I have created a tool that does what I described above. Here is the link for reference https://github.com/adikari/safebox