cai-ecs-entrypoint 1.1.0 → 2.0.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b95c711494fdbf456d3bee012a150a7fa86036c66d22b083b36d84e968861fbf
-  data.tar.gz: 793012dc89512c79e649a1be18cf8f3a9d9f6800e1a6e874ed349ed124696af1
+  metadata.gz: fbe4644ac9f2ff239fe682cccfd12a3dbde20884e4be250dfe029a5534272abc
+  data.tar.gz: 92d49431371de60820973942f4f0811255f3a567d3b008632b8de17f133d7546
 SHA512:
-  metadata.gz: ce1f26011bb2ed5658d22a92145a8f0732259e97e54bf15de28e4e6446e36b2b5015f063a67616c5e960f920db2a41dd4ea93dbe937d17f569f24f567718a579
-  data.tar.gz: 182282dd0143a7c72c2ef222ef992e10148b2f547ae8985d155458a44ab2296d0f9b01fccdd4e1639d237d76f299b2d6c1adda4057d38a85226a2e0f4a98739b
+  metadata.gz: 8e210ad6e5512a36594cfef62dba1fd52562cda749db98a9ea81297e83ae92030398779286641a9787fdd6e4d31e6e546550fb7e59430d6ae5e3a90c389f1574
+  data.tar.gz: 4e7040c017aa1d7c1b4700cb79bccb041c36105a8829d7252cc01a7af660266ea76e86cf0f916fa1145fc9742ca6b9f0d5a9b14b6369c0d983750e011b9f35ce

data/Gemfile.lock

@@ -1,23 +1,24 @@
 PATH
   remote: .
   specs:
-    cai-ecs-entrypoint (1.1.0)
+    cai-ecs-entrypoint (2.0.1)
       aws-sdk-ssm (~> 1)
 
 GEM
   remote: https://rubygems.org/
   specs:
-    aws-eventstream (1.0.1)
-    aws-partitions (1.140.0)
-    aws-sdk-core (3.46.2)
-      aws-eventstream (~> 1.0)
-      aws-partitions (~> 1.0)
-      aws-sigv4 (~> 1.0)
+    aws-eventstream (1.1.0)
+    aws-partitions (1.409.0)
+    aws-sdk-core (3.110.0)
+      aws-eventstream (~> 1, >= 1.0.2)
+      aws-partitions (~> 1, >= 1.239.0)
+      aws-sigv4 (~> 1.1)
       jmespath (~> 1.0)
-    aws-sdk-ssm (1.36.0)
-      aws-sdk-core (~> 3, >= 3.39.0)
-      aws-sigv4 (~> 1.0)
-    aws-sigv4 (1.0.3)
+    aws-sdk-ssm (1.100.0)
+      aws-sdk-core (~> 3, >= 3.109.0)
+      aws-sigv4 (~> 1.1)
+    aws-sigv4 (1.2.2)
+      aws-eventstream (~> 1, >= 1.0.2)
     jmespath (1.4.0)
 
 PLATFORMS

data/README.md

@@ -1,30 +1,44 @@
 # Cai::Ecs::Entrypoint
 
-Welcome to your new gem! In this directory, you'll find the files you need to be able to package up your Ruby library into a gem. Put your Ruby code in the file `lib/cai/ecs/entrypoint`. To experiment with that code, run `bin/console` for an interactive prompt.
-
-TODO: Delete this and the text above, and describe your gem
+This gem provides an easy and convenient method for Docker-based applications to retrieve configuration as environment variables at application startup.
 
 ## Installation
 
-Add this line to your application's Gemfile:
+Add the following line to your application's `Dockerfile` as early as possible, preferrably following the `FROM` statement:
+
+```dockerfile
+FROM some/base
+
+# If necessary, install Ruby runtime; omit if container already includes Ruby, such as a Rails app
+RUN apt-get update && apt-get -y install ruby
 
-```ruby
-gem 'cai-ecs-entrypoint'
+# Install cai-ecs-entrypoint gem
+RUN gem install cai-ecs-entrypoint -v 1.1.0
 ```
 
-And then execute:
+Installing the Ruby runtime and gem early in the Docker file allows Docker container layer caching and will improve build times.
 
-    $ bundle
+## Usage
 
-Or install it yourself as:
+To use the gem, alter your container's `Dockerfile` to specify the `ENTRYPOINT`:
 
-    $ gem install cai-ecs-entrypoint
+```dockerfile
+ENTRYPOINT ["ssm-entrypoint"]
+CMD ["your-executable", "arg1", "arg2", "...argN"]
+```
 
-## Usage
+The SSM Entrypoint requires two environment variables to be set when running the container:
+
+* `AWS_REGION`: specifies the AWS region storing the SSM parameters used for this application
+* `SSM_KEY_PATH`: path-notated prefix for all keys that the entrypoint should fetch, e.g. `/stage/myApp`
+
+Both of these environment variables are provided _automatically_ for applications running on the Docker-based AWS Deployment Pipeline, such as used by CentralDispatch.
+
+When using `docker-compose` locally, the entrypoint gem will _do nothing_, since proper AWS IAM credentials are required to fetch configuration. Use the `docker-compose.yml`, `docker-compose.override.yml`, or other mechanism, to provide environment variables locally.
 
-TODO: Write usage instructions here
+In AWS, if the entrypoint script is unable to fetch configuration, the application will fail to start. This is _by design_ to prevent the application from starting in an unexpected or unpredictable state.
 
-## Development
+## Gem Development
 
 After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
 

data/bin/ssm-entrypoint

@@ -1,41 +1,26 @@
 #!/usr/bin/env ruby
 
-env = {}
-
 if ENV.has_key?('SSM_KEY_PATH')
-  require 'aws-sdk-ssm'
+  require 'docker/pipeline/ssm_parameters'
+  require 'timeout'
 
   puts 'Injecting application secrets...'
 
   begin
-    client = Aws::SSM::Client.new
-
-    next_token = nil
-    loop do
-      secrets = client.get_parameters_by_path(
-        path: ENV.fetch('SSM_KEY_PATH'),
-        with_decryption: true,
-        next_token: next_token
-      )
-
-      secrets.parameters.map do |parameter|
-        key = parameter.name.split('/').last
-        value = parameter.value
-        env[key] = value
-      end
-
-      next_token = secrets.next_token
-      break unless next_token
-
-      sleep 1 # don't overrun the API rate limit
-    end
+    ssm_key_path = ENV.fetch('SSM_KEY_PATH')
+    exec Docker::Pipeline::SsmParameters.at(ssm_key_path), *ARGV
   rescue Aws::Errors::MissingRegionError
     puts 'Error: Missing AWS Region'
     exit 1
   rescue Aws::Errors::MissingCredentialsError
     puts 'Error: Missing AWS Credentials'
     exit 2
+  rescue Docker::Pipeline::ExcessiveThrottlingError
+    puts 'Error: Unable to fetch all SSM Parameters; exhausted retries due to API throttling!'
+    exit 3
+  rescue Timeout::Error
+    puts 'Error: Unable to fetch all SSM Parameters; exhausted maximum allowable time to complete!'
   end
+else
+  exec *ARGV
 end
-
-exec env, *ARGV

data/cai-ecs-entrypoint.gemspec

@@ -10,7 +10,7 @@ Gem::Specification.new do |spec|
   spec.email         = ["jarrod.carlson@coxautoinc.com"]
 
   spec.summary       = %q{Entrypoint script for ECS containers }
-  spec.description   = %q{Injects SSM paramters into Docker containers running on AWS ECS}
+  spec.description   = %q{Injects SSM parameters into Docker containers running on AWS ECS}
   spec.homepage      = "https://ghe.coxautoinc.com/Transportation/cai-ecs-entrypoint"
 
   # Specify which files should be added to the gem when it is released.

data/lib/cai/ecs/entrypoint/version.rb

@@ -1,7 +1,7 @@
 module Cai
   module Ecs
     module Entrypoint
-      VERSION = "1.1.0"
+      VERSION = "2.0.1"
     end
   end
 end

data/lib/docker/pipeline/ssm_parameters.rb

@@ -0,0 +1,74 @@
+require 'aws-sdk-ssm'
+require 'timeout'
+
+module Docker
+  module Pipeline
+    class ExcessiveThrottlingError < StandardError; end
+
+    class SsmParameters
+      CLIENT = Aws::SSM::Client.new
+
+      def self.at(path)
+        new(path).to_h
+      end
+
+      def to_h
+        env
+      end
+
+      private
+
+      attr_reader :path
+      attr_reader :env
+
+      def initialize(path)
+        @path = path
+        @env = {}
+        @pages = 0
+
+        next_token = nil
+
+        Timeout::timeout(60) do
+          loop do
+            next_token = read_page next_page(next_token)
+            break unless next_token
+          end
+        end
+      end
+
+      def read_page(page)
+        page.parameters.each do |parameter|
+          key = parameter.name.split('/').last
+          value = parameter.value
+          env[key] = value
+        end
+
+        page.next_token
+      end
+
+      def next_page(next_token)
+        @pages += 1
+
+        with_exponential_backoff do
+          CLIENT.get_parameters_by_path(
+            path: path,
+            with_decryption: true,
+            next_token: next_token
+          )
+        end
+      end
+
+      def with_exponential_backoff(max_attempts = 10, backoff = 0.5)
+        max_attempts.times do |try|
+          begin
+            return yield
+          rescue Aws::SSM::Errors::ThrottlingException
+            raise ExcessiveThrottlingError unless try < (max_attempts - 1)
+            puts 'Backing off and retrying due to API throttling'
+            sleep (try ** backoff) + (rand * 1.5)
+          end
+        end
+      end
+    end
+  end
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: cai-ecs-entrypoint
 version: !ruby/object:Gem::Version
-  version: 1.1.0
+  version: 2.0.1
 platform: ruby
 authors:
 - Jarrod Carlson
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2019-02-22 00:00:00.000000000 Z
+date: 2020-12-18 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-ssm
@@ -24,7 +24,7 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '1'
-description: Injects SSM paramters into Docker containers running on AWS ECS
+description: Injects SSM parameters into Docker containers running on AWS ECS
 email:
 - jarrod.carlson@coxautoinc.com
 executables:
@@ -40,10 +40,11 @@ files:
 - bin/ssm-entrypoint
 - cai-ecs-entrypoint.gemspec
 - lib/cai/ecs/entrypoint/version.rb
+- lib/docker/pipeline/ssm_parameters.rb
 homepage: https://ghe.coxautoinc.com/Transportation/cai-ecs-entrypoint
 licenses: []
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -58,9 +59,9 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
+rubyforge_project:
 rubygems_version: 2.7.6
-signing_key: 
+signing_key:
 specification_version: 4
 summary: Entrypoint script for ECS containers
 test_files: []