firespring_dev_commands 1.3.0

data/lib/firespring_dev_commands/aws/codepipeline.rb

@@ -0,0 +1,96 @@
+require 'aws-sdk-codepipeline'
+
+module Dev
+  class Aws
+    # Class for performing codepipeline functions
+    class CodePipeline
+      attr_reader :client
+
+      def initialize
+        @client = nil
+      end
+
+      # Create/set a new client if none is present
+      # Return the client
+      def client
+        @client ||= ::Aws::CodePipeline::Client.new
+      end
+
+      # Get a list of all pipelines in the aws account
+      # Optionally filter by the regex_match
+      def pipelines(regex_match = nil)
+        raise 'regex_match must be a regexp' if regex_match && !regex_match.is_a?(Regexp)
+
+        params = {}
+        response = client.list_pipelines(params)
+        pipelines = response.pipelines
+
+        next_token = response.next_token
+        while next_token
+          params[:next_token] = next_token
+          response = client.list_pipelines(params)
+          pipelines += response.pipelines
+          next_token = response.next_token
+        end
+
+        pipelines.select! { |it| it.name.match(regex_match) } if regex_match
+        pipelines
+      end
+
+      # Find all pipelines matching the regex_match and find the status for each of them
+      def status(name)
+        pipeline = client.get_pipeline_state(name: name)
+        print_pipeline_information(pipeline)
+      rescue ::Aws::CodePipeline::Errors::PipelineNotFoundException
+        LOG.error "No pipeline found with name #{name}".light_yellow
+      end
+
+      # Iterate over each pipeline stage and call the method to print stage information for each
+      private def print_pipeline_information(pipeline)
+        puts pipeline.pipeline_name.light_white
+        pipeline.stage_states.each do |stage_state|
+          print_stage_state_information(stage_state)
+        end
+      end
+
+      # Print Stage information
+      # Iterate over each stage action state and call the method to print information for each
+      # Ignore the source steps because they are usually boring
+      private def print_stage_state_information(stage_state)
+        # Source step is not exciting - don't print it
+        return if stage_state.stage_name.to_s.strip == 'Source'
+
+        puts "  Stage: #{stage_state.stage_name.light_blue}"
+        stage_state.action_states.each do |action_state|
+          print_action_state_information(action_state)
+        end
+      end
+
+      # Print Action State information
+      # Call the method to print execution information
+      private def print_action_state_information(action_state)
+        puts "    Action: #{action_state.action_name.light_blue}"
+        print_latest_execution_information(action_state.latest_execution)
+      end
+
+      # Print the latest execution information
+      private def print_latest_execution_information(latest_execution)
+        status = latest_execution&.status
+        last_status_change = latest_execution&.last_status_change
+        error_details = latest_execution&.error_details
+
+        puts "      Date:       #{last_status_change&.to_s&.light_white}"
+        puts "      State:      #{colorize_status(status)}"
+        puts "      Details:    #{error_details&.message&.light_yellow}" if error_details
+      end
+
+      # Colorize the status output based on the success or failure of the pipeline
+      private def colorize_status(status)
+        return status.light_green if status == 'Succeeded'
+        return status.light_yellow if %w(Abandoned InProgress).include?(status)
+
+        status&.light_red
+      end
+    end
+  end
+end

data/lib/firespring_dev_commands/aws/credentials.rb

@@ -0,0 +1,136 @@
+require 'aws-sdk-sts'
+require 'aws-sdk-ssm'
+require 'inifile'
+require 'json'
+require 'net/http'
+
+module Dev
+  class Aws
+    # Class contains methods for interacting with your Aws credentials
+    class Credentials
+      # The local file where temporary credentials are stored
+      CONFIG_FILE = "#{Dev::Aws::CONFIG_DIR}/credentials".freeze
+
+      # The account the profile is currently logged in to
+      def logged_in_account
+        ::Aws::STS::Client.new.get_caller_identity.account
+      end
+
+      # The region associated with the current login
+      def logged_in_region
+        ::Aws::STS::Client.new.send(:config).region
+      end
+
+      # Whether or not the current credentials are still active
+      def active?(profile = Dev::Aws::Profile.new.current)
+        # If there is a metadata uri then we are in an AWS env - assume we are good
+        return true if ENV.fetch('ECS_CONTAINER_METADATA_URI', nil)
+
+        # Otherwise there should either be an aws config directory or access key configured
+        return false unless File.exist?(Dev::Aws::CONFIG_DIR) || ENV.fetch('AWS_ACCESS_KEY_ID', nil)
+
+        # TODO: I'd prefer to still validate creds if using a METADATA_URI
+        # However this appears to require additional permissions which might not be present. Is there a better check here?
+        # return false if !ENV.fetch('ECS_CONTAINER_METADATA_URI', nil) && !(File.exist?(Dev::Aws::CONFIG_DIR) || ENV.fetch('AWS_ACCESS_KEY_ID', nil))
+
+        # Check for expired credentials
+        begin
+          ::Aws::STS::Client.new(profile: profile).get_caller_identity
+        rescue
+          return false
+        end
+
+        # Check for invalid credentials
+        begin
+          # TODO: Is there a better check we can do here?
+          ::Aws::SSM::Client.new(profile: profile).describe_parameters(max_results: 1)
+        rescue
+          return false
+        end
+
+        # If the credentials are valid, make sure they are set in the ruby process environment for use later
+        export!
+        true
+      end
+
+      # Setup base Aws credential settings
+      def base_setup!
+        # Make the base config directory
+        FileUtils.mkdir_p(Dev::Aws::CONFIG_DIR)
+
+        puts
+        puts 'Configuring default credential values'
+
+        # Write access key / secret key in the credentials file
+        credini = IniFile.new(filename: "#{Dev::Aws::CONFIG_DIR}/credentials", default: 'default')
+        defaultini = credini['default']
+
+        access_key_default = defaultini['aws_access_key_id']
+        defaultini['aws_access_key_id'] = Dev::Common.new.ask('AWS Access Key ID', access_key_default)
+
+        secret_key_default = defaultini['aws_secret_access_key']
+        defaultini['aws_secret_access_key'] = Dev::Common.new.ask('AWS Secret Access Key', secret_key_default)
+
+        credini.write
+      end
+
+      # Write Aws account specific settings to the credentials file
+      def write!(account, creds)
+        # Write access key / secret key / session token in the credentials file
+        credini = IniFile.new(filename: CONFIG_FILE, default: 'default')
+        defaultini = credini[account]
+
+        defaultini['aws_access_key_id'] = creds.access_key_id
+        defaultini['aws_secret_access_key'] = creds.secret_access_key
+        defaultini['aws_session_token'] = creds.session_token
+
+        credini.write
+      end
+
+      # Export our current credentials into the ruby environment
+      def export!
+        export_profile_credentials!
+        export_container_credentials!
+      end
+
+      # Exports the credentials if there is an active credentials uri
+      def export_container_credentials!
+        # If we already have creds defined, don't do anything
+        return if ENV.fetch('AWS_ACCESS_KEY_ID', nil)
+
+        # If a container credentials url is not present, don't do anything
+        ecs_creds = ENV.fetch('AWS_CONTAINER_CREDENTIALS_RELATIVE_URI', nil)
+        return unless ecs_creds
+
+        # Otherwise query the local creds, parse the json response, and store in the environment
+        response = Net::HTTP.get_response(URI.parse("http://169.254.170.2#{ecs_creds}"))
+        raise 'Error getting container credentials' unless response.is_a?(Net::HTTPSuccess)
+
+        creds = JSON.parse(response.body)
+        ENV['AWS_ACCESS_KEY_ID'] = creds['AccessKeyId']
+        ENV['AWS_SECRET_ACCESS_KEY'] = creds['SecretAccessKey']
+        ENV['AWS_SESSION_TOKEN'] = creds['Token']
+        ENV['AWS_DEFAULT_REGION'] = logged_in_region
+      end
+
+      # Exports the credentials if there is a configured aws profile
+      def export_profile_credentials!
+        # If we already have creds defined, don't do anything
+        return if ENV.fetch('AWS_ACCESS_KEY_ID', nil)
+
+        # If a profile config file is not present, don't do anything
+        return unless File.exist?(CONFIG_FILE)
+
+        # Otherwise load access key / secret key / session token from the credentials file into the environment
+        credini = IniFile.new(filename: CONFIG_FILE, default: 'default')
+        profile_credentials = credini[Dev::Aws::Profile.new.current]
+        return unless profile_credentials
+
+        ENV['AWS_ACCESS_KEY_ID'] = profile_credentials['aws_access_key_id']
+        ENV['AWS_SECRET_ACCESS_KEY'] = profile_credentials['aws_secret_access_key']
+        ENV['AWS_SESSION_TOKEN'] = profile_credentials['aws_session_token']
+        ENV['AWS_DEFAULT_REGION'] = logged_in_region
+      end
+    end
+  end
+end

data/lib/firespring_dev_commands/aws/login.rb

@@ -0,0 +1,131 @@
+require 'aws-sdk-ecr'
+require 'aws-sdk-sts'
+require 'inifile'
+
+module Dev
+  class Aws
+    # Class containing methods for helping a user log in to aws
+    class Login
+      # Main interface for logging in to an AWS account
+      # If an account is not specified the user is given an account selection menu
+      # If an account registry has been configured, the user is also logged in to the docker registry
+      def login!(account = nil)
+        # If more than one child account has been configured, have the user select the account they want to log in to
+        account ||= Dev::Aws::Account.new.select
+
+        # Authorize if our creds are not active
+        authorize!(account) unless Dev::Aws::Credentials.new.active?(account)
+
+        # Ensure the local env is pointed to the profile we selected
+        Dev::Aws::Profile.new.write!(account)
+
+        # Load credentials into the ENV for subprocesses
+        Dev::Aws::Credentials.new.export!
+
+        # Login in to the docker registry if the user has configured one
+        registry_login! if Dev::Aws::Account.new.registry
+      end
+
+      # Authorize your local credentials
+      # User is prompted for an MFA code
+      # Temporary credentials are written back to the credentials file
+      def authorize!(account)
+        # Make sure the account has been set up
+        cfgini = IniFile.new(filename: "#{Dev::Aws::CONFIG_DIR}/config", default: 'default')
+        unless cfgini.has_section?("profile #{account}")
+          Dev::Aws::Account.new.write!(account)
+          cfgini = IniFile.new(filename: "#{Dev::Aws::CONFIG_DIR}/config", default: 'default')
+        end
+
+        defaultini = cfgini['default']
+        profileini = cfgini["profile #{account}"]
+
+        serial = profileini['mfa_serial'] || defaultini['mfa_serial']
+        role = profileini['role_arn'] || defaultini['role_arn']
+        session_name = profileini['role_session_name'] || defaultini['role_session_name']
+        session_duration = profileini['session_duration'] || defaultini['session_duration']
+
+        puts
+        puts "  Logging in to #{account} as #{role}".light_yellow
+        puts
+
+        code = ENV['AWS_TOKEN_CODE'] || Dev::Common.new.ask("Enter the MFA code for the #{ENV.fetch('USERNAME', '')} user serial #{serial}")
+        raise 'MFA is required' unless code.to_s.strip
+
+        sts = ::Aws::STS::Client.new(profile: 'default')
+        creds = sts.assume_role(
+          serial_number: serial,
+          role_arn: role,
+          role_session_name: session_name,
+          token_code: code,
+          duration_seconds: session_duration
+        ).credentials
+        puts
+
+        Dev::Aws::Credentials.new.write!(account, creds)
+      end
+
+      # Authroizes the docker cli to pull/push images from the Aws container registry (e.g. if docker compose needs to pull an image)
+      # Authroizes the docker ruby library to pull/push images from the Aws container registry
+      def registry_login!(registry_id: Dev::Aws::Account.new.registry, region: Dev::Aws::DEFAULT_REGION)
+        raise 'registry_id is required' if registry_id.to_s.strip.empty?
+        raise 'region is required' if region.to_s.strip.empty?
+
+        registry = "#{registry_id}.dkr.ecr.#{region}.amazonaws.com"
+        docker_cli_login!(registry: registry, region: region)
+        docker_lib_login!(registry_id: registry_id, region: region)
+
+        ENV['ECR_REGISTRY_ID'] ||= registry_id
+        ENV['ECR_REGISTRY'] ||= registry
+      end
+
+      # Authroizes the docker cli to pull/push images from the Aws container registry
+      # (e.g. if docker compose needs to pull an image)
+      # @deprecated Please use {Dev::Aws::Login#registry_login!} instead
+      def docker_login!(registry_id: Dev::Aws::Account.new.registry, region: Dev::Aws::DEFAULT_REGION)
+        warn '[DEPRECATION] `Dev::Aws::Login#docker_login!` is deprecated. Please use `Dev::Aws::Login#registry_login!` instead.'
+        docker_cli_login!(registry: "#{registry_id}.dkr.ecr.#{region}.amazonaws.com", region: region)
+      end
+
+      # Authroizes the docker cli to pull/push images from the Aws container registry
+      # (e.g. if docker compose needs to pull an image)
+      private def docker_cli_login!(registry:, region:)
+        print('  Logging in to ECR in docker... ')
+        login_cmd = "aws --profile=#{Dev::Aws::Profile.new.current} ecr --region=#{region} get-login-password"
+        login_cmd << ' | '
+        login_cmd << "docker login --password-stdin --username AWS #{registry}"
+        Dev::Common.new.run_command([login_cmd])
+        puts
+      end
+
+      # Authroizes the docker ruby library to pull/push images from the Aws container registry
+      # @deprecated Please use {Dev::Aws::Login#registry_login!} instead
+      def ecr_login!(registry_id: Dev::Aws::Account.new.registry, region: Dev::Aws::DEFAULT_REGION)
+        warn '[DEPRECATION] `Dev::Aws::Login#ecr_login!` is deprecated. Please use `Dev::Aws::Login#registry_login!` instead.'
+        docker_lib_login!(registry_id: registry_id, region: region)
+      end
+
+      # Authroizes the docker ruby library to pull/push images from the Aws container registry
+      private def docker_lib_login!(registry_id:, region:)
+        # Grab your authentication token from AWS ECR
+        ecr_client = ::Aws::ECR::Client.new(region: region)
+        tokens = ecr_client.get_authorization_token(registry_ids: Array(registry_id)).authorization_data
+        tokens.each do |token|
+          # Remove the https:// to authenticate
+          repo_url = token.proxy_endpoint.gsub('https://', '')
+
+          # Authorization token is given as username:password, split it out
+          user_pass_token = Base64.decode64(token.authorization_token).split(':')
+
+          # Call the authenticate method with the options
+          ::Docker.authenticate!(
+            username: user_pass_token.first,
+            password: user_pass_token.last,
+            email: 'none',
+            serveraddress: repo_url
+          )
+        end
+      end
+    end
+  end
+end

data/lib/firespring_dev_commands/aws/parameter.rb

@@ -0,0 +1,32 @@
+require 'aws-sdk-ssm'
+
+module Dev
+  class Aws
+    # Class containing methods for get/put ssm parameters in Aws
+    class Parameter
+      attr_accessor :client
+
+      def initialize
+        @client = nil
+      end
+
+      # Create/set a new client if none is present
+      # Return the client
+      def client
+        @client ||= ::Aws::SSM::Client.new
+      end
+
+      # Get the value of the given parameter name
+      def get_value(name, with_decryption: true)
+        get(name, with_decryption: with_decryption)&.value
+      end
+
+      # Retrieve the ssm parameter object with the given name
+      def get(name, with_decryption: true)
+        client.get_parameter(name: name, with_decryption: with_decryption)&.parameter
+      rescue ::Aws::SSM::Errors::ParameterNotFound
+        raise "parameter #{name} does not exist in #{Dev::Aws::Profile.new.current}"
+      end
+    end
+  end
+end

data/lib/firespring_dev_commands/aws/profile.rb

@@ -0,0 +1,55 @@
+# Load any existing profile if we haven't set one in the environment
+require 'dotenv'
+
+module Dev
+  class Aws
+    # Class containing methods to help write/maintain aws profile information
+    class Profile
+      # The filename where we store the local profile information
+      CONFIG_FILE = "#{Dir.home}/.env.profile".freeze
+
+      # The name of the profile identifier we use
+      IDENTIFIER = 'AWS_PROFILE'.freeze
+
+      # Always load the env profile
+      Dotenv.load(CONFIG_FILE) if File.exist?(CONFIG_FILE)
+
+      # Retrieve the current profile value
+      # Returns nil if one has not been configured
+      def current
+        ENV.fetch(IDENTIFIER, nil)
+      end
+
+      # Write the new profile value to the env file
+      def write!(profile)
+        override = Dev::Env.new(CONFIG_FILE)
+        override.set(IDENTIFIER, profile)
+        override.write
+
+        # Update any existing ENV variables
+        Dotenv.overload(CONFIG_FILE)
+      end
+
+      # Print the profile info for the current account
+      def info
+        Dev::Aws::Credentials.new.export!
+        puts
+        puts "  Currently logged in to the #{Dev::Aws::Account.new.name_by_account(current)} (#{current})".light_yellow
+        puts
+        puts '  To use this profile in your local aws cli, you must either pass the profile as a command line argument ' \
+             'or export the corresponding aws variable:'.light_white
+        puts "    aws --profile=#{current} s3 ls"
+        puts '          -OR-'.light_white
+        puts "    export #{IDENTIFIER}=#{current}"
+        puts '    aws s3 ls'
+        puts
+        puts '  To use temporary credentials in your terminal, run the following:'.light_white
+        puts "    export AWS_DEFAULT_REGION=#{ENV.fetch('AWS_DEFAULT_REGION', nil)}"
+        puts "    export AWS_ACCESS_KEY_ID=#{ENV.fetch('AWS_ACCESS_KEY_ID', nil)}"
+        puts "    export AWS_SECRET_ACCESS_KEY=#{ENV.fetch('AWS_SECRET_ACCESS_KEY', nil)}"
+        puts "    export AWS_SESSION_TOKEN=#{ENV.fetch('AWS_SESSION_TOKEN', nil)}"
+        puts
+      end
+    end
+  end
+end

data/lib/firespring_dev_commands/aws/s3.rb

@@ -0,0 +1,42 @@
+require 'aws-sdk-s3'
+
+module Dev
+  class Aws
+    # Class for performing S3 functions
+    class S3
+      attr_reader :client
+
+      def initialize
+        @client = nil
+      end
+
+      # Create/set a new client if none is present
+      # Return the client
+      def client
+        @client ||= ::Aws::S3::Client.new
+      end
+
+      # Puts the local filename into the given bucket named as the given key
+      # Optionally specify an acl. defaults to 'private'
+      # Returns the URL of the uploaded file
+      def put(bucket:, key:, filename:, acl: 'private')
+        begin
+          File.open(filename, 'rb') do |file|
+            client.put_object(bucket: bucket, key: key, body: file, acl: acl)
+          end
+        rescue => e
+          raise "s3 file upload failed: #{e.message}"
+        end
+
+        url = "https://#{bucket}.s3.#{Dev::Aws::Credentials.new.logged_in_region}.amazonaws.com/#{key}"
+        LOG.info "Uploaded #{url}"
+        url
+      end
+
+      # Finds the specific name of the appropriate "cf-templates-" bucket to use to upload cloudformation templates to
+      def cf_bucket
+        client.list_buckets.buckets.find { |bucket| bucket.name.match(/^cf-templates-.*-#{Dev::Aws::Credentials.new.logged_in_region}/) }
+      end
+    end
+  end
+end

data/lib/firespring_dev_commands/aws.rb

@@ -0,0 +1,10 @@
+module Dev
+  # Class contains base aws constants
+  class Aws
+    # The config dir for the user's AWS settings
+    CONFIG_DIR = "#{Dir.home}/.aws".freeze
+
+    # The default region used if none have been configured in the AWS settings
+    DEFAULT_REGION = 'us-east-1'.freeze
+  end
+end

data/lib/firespring_dev_commands/boolean.rb

@@ -0,0 +1,7 @@
+# Core Object class for ruby
+class Object
+  # Returns "true" if the object is a boolean
+  def boolean?
+    is_a?(TrueClass) || is_a?(FalseClass)
+  end
+end

data/lib/firespring_dev_commands/common.rb

@@ -0,0 +1,112 @@
+require 'colorize'
+
+module Dev
+  # Class contains several common useful development methods
+  class Common
+    # Runs a command in a subshell.
+    # By default, the subshell is connected to the stdin/stdout/stderr of the current program
+    # By default, the current environment is passed to the subshell
+    # You can capture the output of the command by setting capture to true
+    def run_command(command, stdin: $stdin, stdout: $stdout, stderr: $stderr, env: ENV, capture: false)
+      command = Array(command)
+      output = nil
+
+      # If capture was specified, write stdout to a pipe so we can return it
+      stdoutread, stdout = ::IO.pipe if capture
+
+      # Spawn a subprocess to run the command
+      pid = ::Process.spawn(env, *command, in: stdin, out: stdout, err: stderr)
+
+      # Wait for the subprocess to finish and capture the result
+      _, result = ::Process.wait2(pid)
+
+      # If capture was specified, close the write pipe, read the output from the read pipe, close the read pipe, and return the output
+      if capture
+        stdout.close
+        output = stdoutread.readlines.join
+        stdoutread.close
+      end
+
+      # If the exitstatus was non-zero, exit with an error
+      unless result.exitstatus.zero?
+        puts output if capture
+        LOG.error "#{result.exitstatus} exit status while running [ #{command.join(' ')} ]\n".red
+        exit result.exitstatus
+      end
+
+      output
+    end
+
+    # Wraps a block of code in a y/n question.
+    # If the user answers 'y' then the block is executed.
+    # If the user answers 'n' then the block is skipped.
+    def with_confirmation(message, default = 'y')
+      print "\n  #{message}? ".light_green
+      print '('.light_green << 'y'.light_yellow << '/'.light_green << 'n'.light_yellow << ') '.light_green
+
+      answer = default
+      answer = $stdin.gets unless ENV['NON_INTERACTIVE'] == 'true'
+
+      unless answer.strip.casecmp('y').zero?
+        puts "\n  Cancelled.\n".light_yellow
+        exit 1
+      end
+      puts
+
+      yield
+    end
+
+    # Asks for user input using the given message and returns it
+    # If a default was specified and the user doesn't give any input, the default will be returned
+    def ask(message, default = nil)
+      msg = "  #{message}"
+      msg << " [#{default}]" if default
+      msg << ': '
+      print msg
+      answer = $stdin.gets.to_s.strip
+      return default if default && answer == ''
+
+      answer
+    end
+
+    # This method breaks up a string by spaces, however if it finds quoted strings in it,
+    # it attempts to preserve those as a single element
+    # e.g. "foo 'bin baz' bar" => [foo, 'bin baz', bar]
+    def tokenize(str)
+      str.split(/\s(?=(?:[^'"]|'[^']*'|"[^"]*")*$)/)
+         .reject(&:empty?)
+         .map { |s| s.gsub(/(^ +)|( +$)|(^["']+)|(["']+$)/, '') }
+    end
+
+    # Checks if CODEBUILD_INITIATOR or INITIATOR env variable are set
+    # If they are not set, it assumes it is not running in codebuild and return false
+    # Otherwise it returns true
+    def running_codebuild?
+      return false if ENV['CODEBUILD_INITIATOR'].to_s.strip.empty? && ENV['INITIATOR'].to_s.strip.empty?
+
+      true
+    end
+
+    # Remove all leading non '{' characters
+    # Remove all trailing non '}' characters
+    def strip_non_json(str)
+      str.sub(/\A[^{]*{/m, '{').sub(/}[^}]*\z/m, '}')
+    end
+
+    # Takes two versions and attempts to compare them
+    # Returns true if the actual_version is greater than the required version (false otherwise)
+    def version_greater_than(required_version, actual_version)
+      required_version = required_version.to_s.split('.')
+      actual_version = actual_version.to_s.split('.')
+
+      required_version.each_with_index do |required, index|
+        required = required.to_i
+        actual = actual_version[index].to_i
+        return true if actual > required
+        next if actual == required
+
+        return false
+      end
+    end
+  end
+end