Merge pull request #549 from hazelops/fix/secrets-pull-not-pulling-al…

…l-secrets Ensure to pull paginated SSM output
hazelops · Sep 15, 2023 · 6cf1892 · 6cf1892
2 parents 5f0ff93 + 07456dc
commit 6cf1892
Showing 1 changed file with 29 additions and 2 deletions.
diff --git a/internal/commands/secrets_pull.go b/internal/commands/secrets_pull.go
@@ -134,6 +134,8 @@ func (o *SecretsPullOptions) Run() error {
 func (o *SecretsPullOptions) pull(s *pterm.SpinnerPrinter) error {
 	s.UpdateText(fmt.Sprintf("Pulling secrets from %s://%s...", o.Backend, o.SecretsPath))
 
+	values := make(map[string]interface{})
+
 	params, err := o.Config.AWSClient.SSMClient.GetParametersByPath(&ssm.GetParametersByPathInput{
 		Path:           aws.String(o.SecretsPath),
 		Recursive:      aws.Bool(true),
@@ -149,13 +151,38 @@ func (o *SecretsPullOptions) pull(s *pterm.SpinnerPrinter) error {
 		return err
 	}
 
-	values := make(map[string]interface{})
-
 	for _, param := range params.Parameters {
 		p := strings.Split(*param.Name, "/")
 		values[p[len(p)-1]] = *param.Value
 	}
 
+	for {
+		if params.NextToken == nil {
+			break
+		}
+
+		params, err = o.Config.AWSClient.SSMClient.GetParametersByPath(&ssm.GetParametersByPathInput{
+			Path:           aws.String(o.SecretsPath),
+			Recursive:      aws.Bool(true),
+			WithDecryption: aws.Bool(true),
+			NextToken:      params.NextToken,
+			ParameterFilters: []*ssm.ParameterStringFilter{
+				{
+					Key:    aws.String("Type"),
+					Values: aws.StringSlice([]string{"SecureString"}),
+				},
+			},
+		})
+		if err != nil {
+			return err
+		}
+
+		for _, param := range params.Parameters {
+			p := strings.Split(*param.Name, "/")
+			values[p[len(p)-1]] = *param.Value
+		}
+	}
+
 	b, err := json.MarshalIndent(values, "", "")
 	if err != nil {
 		return err