elastic_beans 0.1.0

data/lib/elastic_beans/configuration_template/base.rb

@@ -0,0 +1,114 @@
+require "elastic_beans/error"
+
+module ElasticBeans
+  class ConfigurationTemplate
+    class Base < ElasticBeans::ConfigurationTemplate
+      SOLUTION_STACK_NAME = "64bit Amazon Linux 2016.09 v2.2.0 running Ruby 2.3 (Puma)"
+
+      def initialize(**args)
+        super(name: "base", **args)
+      end
+
+      def upsert(**args)
+        @option_settings = build_option_settings(**args)
+        if configuration_settings_description
+          elastic_beanstalk.update_configuration_template(
+            application_name: application.name,
+            template_name: name,
+            option_settings: option_settings,
+          )
+        else
+          elastic_beanstalk.create_configuration_template(
+            application_name: application.name,
+            template_name: name,
+            solution_stack_name: SOLUTION_STACK_NAME,
+            option_settings: option_settings,
+          )
+        end
+      rescue ::Aws::ElasticBeanstalk::Errors::Throttling
+        sleep 5
+        retry
+      end
+
+      protected
+
+      def build_option_settings(
+        network:,
+        database_url: nil,
+        secret_key_base: nil,
+        image_id: nil,
+        instance_type: nil,
+        keypair: nil,
+        iam:,
+        **_
+      )
+        instance_profile_setting = template_option_setting(namespace: "aws:autoscaling:launchconfiguration", option_name: "IamInstanceProfile", override: instance_profile(iam))
+        if instance_profile_setting[:value].nil?
+          raise MissingInstanceProfileError
+        end
+
+        keypair_setting = template_option_setting(namespace: "aws:autoscaling:launchconfiguration", option_name: "EC2KeyName", override: keypair)
+        database_url_setting = template_option_setting(namespace: "aws:elasticbeanstalk:application:environment", option_name: "DATABASE_URL", override: database_url)
+        secret_key_base_setting = template_option_setting(namespace: "aws:elasticbeanstalk:application:environment", option_name: "SECRET_KEY_BASE", override: secret_key_base)
+        if database_url_setting[:value].nil? || secret_key_base_setting[:value].nil? || keypair_setting[:value].nil?
+          raise MissingConfigurationError
+        end
+
+        security_groups = [network.ssh_security_group] + network.application_security_groups
+        settings = [
+          template_option_setting(namespace: "aws:elasticbeanstalk:command", option_name: "BatchSize", default: "1"),
+          template_option_setting(namespace: "aws:elasticbeanstalk:command", option_name: "BatchSizeType", default: "Fixed"),
+          template_option_setting(namespace: "aws:elasticbeanstalk:command", option_name: "DeploymentPolicy", default: "Rolling"),
+          template_option_setting(namespace: "aws:elasticbeanstalk:application:environment", option_name: "DISABLE_SQS_CONSUMER", default: "true"),
+          template_option_setting(namespace: "aws:elasticbeanstalk:environment", option_name: "ServiceRole", default: "aws-elasticbeanstalk-service-role"),
+          template_option_setting(namespace: "aws:elasticbeanstalk:healthreporting:system", option_name: "SystemType", default: "enhanced"),
+          template_option_setting(namespace: "aws:ec2:vpc", option_name: "AssociatePublicIpAddress", default: "false"),
+          template_option_setting(namespace: "aws:autoscaling:launchconfiguration", option_name: "InstanceType", default: "c4.large", override: instance_type),
+          template_option_setting(namespace: "aws:autoscaling:launchconfiguration", option_name: "SSHSourceRestriction", default: "tcp, 22, 22, 0.0.0.0/32"),
+          template_option_setting(namespace: "aws:autoscaling:updatepolicy:rollingupdate", option_name: "RollingUpdateType", default: "Health"),
+          template_option_setting(namespace: "aws:autoscaling:updatepolicy:rollingupdate", option_name: "RollingUpdateEnabled", default: "true"),
+          template_option_setting(namespace: "aws:autoscaling:launchconfiguration", option_name: "SecurityGroups", override: security_groups.join(",")),
+          template_option_setting(namespace: "aws:ec2:vpc", option_name: "ELBSubnets", override: network.elb_subnets.join(",")),
+          template_option_setting(namespace: "aws:ec2:vpc", option_name: "Subnets", override: network.application_subnets.join(",")),
+          template_option_setting(namespace: "aws:ec2:vpc", option_name: "VPCId", override: network.vpc),
+          instance_profile_setting,
+          keypair_setting,
+          database_url_setting,
+          secret_key_base_setting,
+        ]
+        if image_id
+          settings << template_option_setting(namespace: "aws:autoscaling:launchconfiguration", option_name: "ImageId", override: image_id)
+        end
+        settings
+      end
+
+      private
+
+      def instance_profile(iam)
+        return @instance_profile if @instance_profile
+        marker = nil
+        loop do
+          response = iam.list_instance_profiles(marker: marker)
+          profile = response.instance_profiles.find { |profile|
+            profile.instance_profile_name == "aws-elasticbeanstalk-ec2-role"
+          }
+          if profile
+            @instance_profile = profile.arn
+            return @instance_profile
+          end
+          break unless response.is_truncated
+          marker = response.marker
+        end
+        nil
+      end
+
+      class MissingInstanceProfileError < ElasticBeans::Error
+        def message
+          "Could not find Elastic Beanstalk instance profile." \
+            " Please create the default instance profile named \"aws-elasticbeanstalk-ec2-role\":" \
+            " http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/AWSHowTo.iam.html"
+        end
+      end
+    end
+  end
+end

data/lib/elastic_beans/configuration_template/exec.rb

@@ -0,0 +1,50 @@
+require "uri"
+require "elastic_beans/error"
+
+module ElasticBeans
+  class ConfigurationTemplate
+    class Exec < ElasticBeans::ConfigurationTemplate::Base
+      def initialize(**args)
+        super(name: "exec", **args)
+      end
+
+      protected
+
+      def build_option_settings(logging_endpoint: nil, **_)
+        if logging_endpoint
+          begin
+            if URI(logging_endpoint).scheme != "https"
+              raise InvalidLoggingEndpointError.new(logging_endpoint: logging_endpoint)
+            end
+          rescue URI::InvalidURIError
+            raise InvalidLoggingEndpointError.new(logging_endpoint: logging_endpoint)
+          end
+
+          logging_endpoint_setting = template_option_setting(namespace: "aws:elasticbeanstalk:application:environment", option_name: "ELASTIC_BEANS_EXEC_LOGGING_ENDPOINT", override: logging_endpoint)
+        end
+
+        settings = [
+          template_option_setting(namespace: "aws:elasticbeanstalk:application", option_name: "Application Healthcheck URL", default: "HTTP:80/"),
+          template_option_setting(namespace: "aws:elasticbeanstalk:application:environment", option_name: "DISABLE_SQS_CONSUMER", override: "false"),
+          template_option_setting(namespace: "aws:elasticbeanstalk:application:environment", option_name: "ELASTIC_BEANS_EXEC_QUEUE_URL", override: application.exec_queue_url),
+          template_option_setting(namespace: "aws:elasticbeanstalk:application:environment", option_name: "RAILS_SKIP_ASSET_COMPILATION", default: "true"),
+          template_option_setting(namespace: "aws:elasticbeanstalk:application:environment", option_name: "RAILS_SKIP_MIGRATIONS", default: "true"),
+        ]
+        if logging_endpoint
+          settings << logging_endpoint_setting
+        end
+        super + settings
+      end
+
+      class InvalidLoggingEndpointError < ElasticBeans::Error
+        def initialize(logging_endpoint:)
+          @logging_endpoint = logging_endpoint
+        end
+
+        def message
+          "Logging endpoint `#{@logging_endpoint}' must be a valid HTTPS URL."
+        end
+      end
+    end
+  end
+end

data/lib/elastic_beans/configuration_template/scheduler.rb

@@ -0,0 +1,20 @@
+module ElasticBeans
+  class ConfigurationTemplate
+    class Scheduler < ElasticBeans::ConfigurationTemplate::Base
+      def initialize(**args)
+        super(name: "scheduler", **args)
+      end
+
+      protected
+
+      def build_option_settings(**_)
+        super + [
+          template_option_setting(namespace: "aws:elasticbeanstalk:application", option_name: "Application Healthcheck URL", default: "HTTP:80/"),
+          template_option_setting(namespace: "aws:elasticbeanstalk:application:environment", option_name: "DISABLE_SQS_CONSUMER", override: "false"),
+          template_option_setting(namespace: "aws:elasticbeanstalk:application:environment", option_name: "RAILS_SKIP_ASSET_COMPILATION", default: "true"),
+          template_option_setting(namespace: "aws:elasticbeanstalk:application:environment", option_name: "RAILS_SKIP_MIGRATIONS", default: "true"),
+        ]
+      end
+    end
+  end
+end

data/lib/elastic_beans/configuration_template/webserver.rb

@@ -0,0 +1,49 @@
+require "elastic_beans/error"
+
+module ElasticBeans
+  class ConfigurationTemplate
+    class Webserver < ElasticBeans::ConfigurationTemplate::Base
+      def initialize(**args)
+        super(name: "webserver", **args)
+      end
+
+      protected
+
+      def build_option_settings(network:, public_key:, ssl_certificate_id:, **_)
+        public_key_policy_names_setting = template_option_setting(namespace: "aws:elb:policies:backendencryption", option_name: "PublicKeyPolicyNames", default: "backendkey")
+        public_key_setting = template_option_setting(namespace: "aws:elb:policies:#{public_key_policy_names_setting[:value]}", option_name: "PublicKey", override: public_key)
+        ssl_certificate_setting = template_option_setting(namespace: "aws:elb:listener:443", option_name: "SSLCertificateId", override: ssl_certificate_id)
+        if public_key_setting[:value].nil? || ssl_certificate_setting[:value].nil?
+          raise NoEncryptionSettingsError
+        end
+
+        super + [
+          template_option_setting(namespace: "aws:elasticbeanstalk:application", option_name: "Application Healthcheck URL", default: "HTTPS:443/"),
+          template_option_setting(namespace: "aws:elasticbeanstalk:application:environment", option_name: "RAILS_SKIP_ASSET_COMPILATION", default: "false"),
+          template_option_setting(namespace: "aws:elasticbeanstalk:application:environment", option_name: "RAILS_SKIP_MIGRATIONS", default: "false"),
+          template_option_setting(namespace: "aws:elb:listener:443", option_name: "InstancePort", default: "443"),
+          template_option_setting(namespace: "aws:elb:listener:443", option_name: "InstanceProtocol", default: "HTTPS"),
+          template_option_setting(namespace: "aws:elb:listener:443", option_name: "ListenerProtocol", default: "HTTPS"),
+          template_option_setting(namespace: "aws:elb:loadbalancer", option_name: "ManagedSecurityGroup", override: network.elb_security_groups[0]),
+          template_option_setting(namespace: "aws:elb:loadbalancer", option_name: "SecurityGroups", override: network.elb_security_groups.join(",")),
+          template_option_setting(namespace: "aws:elb:policies", option_name: "ConnectionDrainingEnabled", default: "true"),
+          template_option_setting(namespace: "aws:elb:policies:backendencryption", option_name: "InstancePorts", default: "443"),
+          public_key_policy_names_setting,
+          public_key_setting,
+          ssl_certificate_setting,
+        ]
+      end
+
+      class NoEncryptionSettingsError < ElasticBeans::Error
+        def message
+          require "elastic_beans/command/configure"
+          <<-MESSAGE
+Missing required end-to-end encryption settings. Make sure to specify SSL certificate ID and public key.
+
+      #{$0} #{ElasticBeans::Command::Configure::USAGE}
+          MESSAGE
+        end
+      end
+    end
+  end
+end

data/lib/elastic_beans/configuration_template/worker.rb

@@ -0,0 +1,27 @@
+module ElasticBeans
+  class ConfigurationTemplate
+    class Worker < ElasticBeans::ConfigurationTemplate::Base
+      attr_reader :queue
+
+      def initialize(queue:, **args)
+        @queue = queue
+        super(name: "worker-#{queue}", **args)
+      end
+
+      protected
+
+      def build_option_settings(**_)
+        super + [
+          template_option_setting(namespace: "aws:elasticbeanstalk:application", option_name: "Application Healthcheck URL", default: "HTTP:80/"),
+          template_option_setting(namespace: "aws:elasticbeanstalk:application:environment", option_name: "DISABLE_SQS_CONSUMER", override: "false"),
+          template_option_setting(namespace: "aws:elasticbeanstalk:application:environment", option_name: "RAILS_SKIP_ASSET_COMPILATION", default: "true"),
+          template_option_setting(namespace: "aws:elasticbeanstalk:application:environment", option_name: "RAILS_SKIP_MIGRATIONS", default: "true"),
+          template_option_setting(namespace: "aws:elasticbeanstalk:sqsd", option_name: "InactivityTimeout", default: "1800"),
+          template_option_setting(namespace: "aws:elasticbeanstalk:sqsd", option_name: "MaxRetries", default: "10"),
+          template_option_setting(namespace: "aws:elasticbeanstalk:sqsd", option_name: "VisibilityTimeout", default: "1800"),
+          template_option_setting(namespace: "aws:elasticbeanstalk:sqsd", option_name: "WorkerQueueURL", override: application.worker_queue_url(queue)),
+        ]
+      end
+    end
+  end
+end

data/lib/elastic_beans/configuration_template.rb

@@ -0,0 +1,197 @@
+require "elastic_beans/configuration_template/base"
+require "elastic_beans/configuration_template/exec"
+require "elastic_beans/configuration_template/scheduler"
+require "elastic_beans/configuration_template/webserver"
+require "elastic_beans/configuration_template/worker"
+
+module ElasticBeans
+  class ConfigurationTemplate
+    WORKER_TEMPLATE_NAME_PATTERN = /\Aworker-(?<queue>\w+)\z/
+
+    attr_reader :name
+
+    def self.new_by_type(type, **args)
+      case type
+      when "base"
+        ElasticBeans::ConfigurationTemplate::Base.new(**args)
+      when "exec"
+        ElasticBeans::ConfigurationTemplate::Exec.new(**args)
+      when "scheduler"
+        ElasticBeans::ConfigurationTemplate::Scheduler.new(**args)
+      when "webserver"
+        ElasticBeans::ConfigurationTemplate::Webserver.new(**args)
+      when "worker"
+        ElasticBeans::ConfigurationTemplate::Worker.new(**args)
+      else
+        raise UnknownConfigurationType.new(type: type)
+      end
+    end
+
+    def self.new_from_existing(template_name, **args)
+      case template_name
+      when "base"
+        ElasticBeans::ConfigurationTemplate::Base.new(**args)
+      when "exec"
+        ElasticBeans::ConfigurationTemplate::Exec.new(**args)
+      when "scheduler"
+        ElasticBeans::ConfigurationTemplate::Scheduler.new(**args)
+      when "webserver"
+        ElasticBeans::ConfigurationTemplate::Webserver.new(**args)
+      when WORKER_TEMPLATE_NAME_PATTERN
+        match = WORKER_TEMPLATE_NAME_PATTERN.match(template_name)
+        ElasticBeans::ConfigurationTemplate::Worker.new(queue: match[:queue], **args)
+      else
+        raise UnknownConfigurationType.new(type: template_name)
+      end
+    end
+
+    def initialize(
+      name:,
+      application:,
+      elastic_beanstalk:,
+      **_
+    )
+      @name = name
+      @application = application
+      @elastic_beanstalk = elastic_beanstalk
+    end
+
+    def option_settings
+      # do not fetch option settings from Elastic Beanstalk, because those cannot be naively used.
+      # the set built in #build_option_settings is what we care about.
+      return @option_settings if @option_settings
+      raise MissingConfigurationError
+    end
+
+    def update_environment(env_vars)
+      new_env_settings = env_vars.map { |k, v|
+        {namespace: "aws:elasticbeanstalk:application:environment", option_name: k, value: v}
+      }
+      elastic_beanstalk.update_configuration_template(
+        application_name: application.name,
+        template_name: name,
+        option_settings: new_env_settings,
+      )
+    rescue ::Aws::ElasticBeanstalk::Errors::ConfigurationValidationException => e
+      raise InvalidConfigurationError.new(cause: e)
+    rescue ::Aws::ElasticBeanstalk::Errors::InvalidParameterValue => e
+      raise MissingConfigurationError.new(cause: e)
+    rescue ::Aws::ElasticBeanstalk::Errors::Throttling
+      sleep 5
+      retry
+    end
+
+    def upsert(**args)
+      @option_settings = build_option_settings(**args)
+      if configuration_settings_description
+        elastic_beanstalk.update_configuration_template(
+          application_name: application.name,
+          template_name: name,
+          option_settings: option_settings,
+        )
+      else
+        elastic_beanstalk.create_configuration_template(
+          application_name: application.name,
+          template_name: name,
+          source_configuration: {application_name: application.name, template_name: "base"},
+          option_settings: option_settings,
+        )
+      end
+    rescue ::Aws::ElasticBeanstalk::Errors::Throttling
+      sleep 5
+      retry
+    end
+
+    protected
+
+    attr_reader :application, :elastic_beanstalk
+
+    def build_option_settings(**_)
+      []
+    end
+
+    def configuration_settings_description
+      @configuration_template ||= elastic_beanstalk.describe_configuration_settings(
+        application_name: application.name,
+        template_name: name,
+      ).configuration_settings[0]
+    rescue ::Aws::ElasticBeanstalk::Errors::InvalidParameterValue => e
+      if e.message =~ /\bconfiguration template\b/i
+        return nil
+      end
+      raise MissingConfigurationError.new(cause: e)
+    end
+
+    def template_option_setting(template: configuration_settings_description, namespace:, option_name:, default: nil, override: nil)
+      option_setting = {namespace: namespace, option_name: option_name, value: default}
+      if override
+        return option_setting.merge!(value: override)
+      end
+
+      if template.nil?
+        return option_setting
+      end
+      setting = template.to_h[:option_settings].find { |setting|
+        setting[:namespace] == namespace && setting[:option_name] == option_name
+      }
+      if setting.nil?
+        return option_setting
+      end
+
+      option_setting.merge!(value: setting[:value])
+    end
+
+    class InvalidConfigurationError < ElasticBeans::Error
+      include Nesty::NestedError
+
+      def initialize(cause: nil)
+        @nested = cause
+      end
+
+      def message
+        msg = "Configuration was rejected by Elastic Beanstalk. Check for too much configuration or the use of reserved words."
+        if nested
+          msg << "The error from AWS was \"#{nested.message}\""
+        end
+        msg
+      end
+    end
+
+    class MissingConfigurationError < ElasticBeans::Error
+      include Nesty::NestedError
+
+      def initialize(cause: nil)
+        @nested = cause
+      end
+
+      def message
+        require "elastic_beans/command/configure"
+        msg = <<-MESSAGE
+Some configuration must be set before creating an environment:
+
+* keypair
+* SSL configuration
+* environment variables that Rails always requires
+    * DATABASE_URL
+    * SECRET_KEY_BASE
+
+    #{$0} #{ElasticBeans::Command::Configure::USAGE}
+        MESSAGE
+        if nested
+          msg = "The error from AWS was \"#{nested.message}\"\n#{msg}"
+        end
+        msg
+      end
+    end
+
+    class UnknownConfigurationType < ElasticBeans::Error
+      def initialize(type:)
+        @type = type
+      end
+
+      def message
+        "Unknown configuration type `#{@type}'"
+      end
+    end
+  end
+end