From 07456dc262d3cfa26e5df8f3d492dd8d32a01c41 Mon Sep 17 00:00:00 2001
From: Dmitry Kireev <dmitry@hazelops.com>
Date: Fri, 15 Sep 2023 17:50:48 +0100
Subject: [PATCH] Ensure to pull paginated SSM output

---
 internal/commands/secrets_pull.go | 31 +++++++++++++++++++++++++++++--
 1 file changed, 29 insertions(+), 2 deletions(-)

diff --git a/internal/commands/secrets_pull.go b/internal/commands/secrets_pull.go
index 85d02ac0..2911024d 100644
--- a/internal/commands/secrets_pull.go
+++ b/internal/commands/secrets_pull.go
@@ -134,6 +134,8 @@ func (o *SecretsPullOptions) Run() error {
 func (o *SecretsPullOptions) pull(s *pterm.SpinnerPrinter) error {
 	s.UpdateText(fmt.Sprintf("Pulling secrets from %s://%s...", o.Backend, o.SecretsPath))
 
+	values := make(map[string]interface{})
+
 	params, err := o.Config.AWSClient.SSMClient.GetParametersByPath(&ssm.GetParametersByPathInput{
 		Path:           aws.String(o.SecretsPath),
 		Recursive:      aws.Bool(true),
@@ -149,13 +151,38 @@ func (o *SecretsPullOptions) pull(s *pterm.SpinnerPrinter) error {
 		return err
 	}
 
-	values := make(map[string]interface{})
-
 	for _, param := range params.Parameters {
 		p := strings.Split(*param.Name, "/")
 		values[p[len(p)-1]] = *param.Value
 	}
 
+	for {
+		if params.NextToken == nil {
+			break
+		}
+
+		params, err = o.Config.AWSClient.SSMClient.GetParametersByPath(&ssm.GetParametersByPathInput{
+			Path:           aws.String(o.SecretsPath),
+			Recursive:      aws.Bool(true),
+			WithDecryption: aws.Bool(true),
+			NextToken:      params.NextToken,
+			ParameterFilters: []*ssm.ParameterStringFilter{
+				{
+					Key:    aws.String("Type"),
+					Values: aws.StringSlice([]string{"SecureString"}),
+				},
+			},
+		})
+		if err != nil {
+			return err
+		}
+
+		for _, param := range params.Parameters {
+			p := strings.Split(*param.Name, "/")
+			values[p[len(p)-1]] = *param.Value
+		}
+	}
+
 	b, err := json.MarshalIndent(values, "", "")
 	if err != nil {
 		return err