openstax_aws 1.0.0

data/lib/openstax/aws/auto_scaling_instance.rb

@@ -0,0 +1,96 @@
+module OpenStax::Aws
+  class AutoScalingInstance
+
+    attr_reader :raw
+
+    delegate_missing_to :@raw
+
+    def initialize(group_name:, id:, region:)
+      @raw = Aws::AutoScaling::Instance.new(
+        group_name,
+        id,
+        client: Aws::AutoScaling::Client.new(region: region)
+      )
+    end
+
+    def self.me
+      instance_id = Ec2InstanceData.instance_id
+      region = Ec2InstanceData.region
+
+      client = Aws::AutoScaling::Client.new(region: region)
+      instance_info = client.describe_auto_scaling_instances({instance_ids: [instance_id]})
+                            .auto_scaling_instances[0]
+
+      new(
+        group_name: instance_info.auto_scaling_group_name,
+        id: instance_id,
+        region: region
+      )
+    end
+
+    def terminate(options = {})
+      hook_name = options.delete(:continue_hook_name)
+      raw.terminate(options)
+      if hook_name
+        sleep(terminate_wait_sleep_seconds) until terminating_wait?
+        continue_to_termination(hook_name: hook_name)
+      end
+    end
+
+    def unless_waiting_for_termination(hook_name:)
+      # "Terminating" is a transition state to "Terminating:Wait", but we don't
+      # check for it because if we try to continue from "Terminating", AWS freaks
+      # out because it needs to continue from the wait state
+
+      if terminating_wait?
+        continue_to_termination(hook_name: hook_name)
+        return
+      end
+
+      yield
+
+      # In case the yield takes a long time and this code isn't called
+      # again for a while (e.g. an infrequent cron job), check the terminating
+      # state again.  If this method is called in a loop, the check here
+      # and the next check at the start of this method will not cause duplicate
+      # network calls because the lifecycle state is cached for a few seconds.
+
+      if terminating_wait?
+        continue_to_termination(hook_name: hook_name)
+      end
+    end
+
+    def recent_lifecycle_state
+      if @recent_lifecycle_state_last_refreshed_at.nil? ||
+         Time.now - @recent_lifecycle_state_last_refreshed_at > lifecycle_state_refresh_seconds
+        reload
+        @recent_lifecycle_state_last_refreshed_at = Time.now
+        @recent_lifecycle_state = lifecycle_state
+      else
+        @recent_lifecycle_state
+      end
+    end
+
+    def lifecycle_state_refresh_seconds
+      5
+    end
+
+    def terminate_wait_sleep_seconds
+      6
+    end
+
+    def terminating_wait?
+      "Terminating:Wait" == recent_lifecycle_state
+    end
+
+    def continue_to_termination(hook_name:)
+      raw.client.complete_lifecycle_action({
+        lifecycle_hook_name: hook_name,
+        auto_scaling_group_name: raw.group_name,
+        lifecycle_action_result: "CONTINUE",
+        instance_id: raw.id,
+      })
+    end
+
+  end
+end

data/lib/openstax/aws/build_image_command_1.rb

@@ -0,0 +1,53 @@
+module OpenStax
+  module Aws
+    class BuildImageCommand1
+
+      # A standardized way to use Packer to build images.
+
+      def initialize(ami_name_base:, region:,
+                     verbose: false, debug: false,
+                     github_org:, repo:, branch: nil, sha: nil,
+                     packer_absolute_file_path: , playbook_absolute_file_path:,
+                     dry_run: true)
+        if sha.nil?
+          branch ||= 'master'
+
+          sha = OpenStax::Aws::GitHelper.sha_for_branch_name(
+                  org_slash_repo: "#{github_org}/#{repo}",
+                  branch: branch
+                )
+        end
+
+        ami_name = "#{ami_name_base}@#{sha[0..6]} #{Time.now.utc.strftime("%y%m%d%H%MZ")}"
+
+        @packer = OpenStax::Aws::PackerFactory.new_packer(
+          absolute_file_path: packer_absolute_file_path,
+          dry_run: dry_run
+        )
+
+        @packer.only("amazon-ebs")
+
+        @packer.var("region", region)
+        @packer.var("ami_name", ami_name)
+        @packer.var("sha", sha)
+        @packer.var("playbook_file", playbook_absolute_file_path)
+        @packer.var("ami_description", {
+          sha: sha,
+          github_org: github_org,
+          repo: repo
+        }.to_json)
+
+        @packer.verbose! if verbose
+        @packer.debug! if debug
+      end
+
+      def run
+        @packer.run
+      end
+
+      def to_s
+        @packer.to_s
+      end
+    end
+  end
+end

data/lib/openstax/aws/change_set.rb

@@ -0,0 +1,100 @@
+module OpenStax::Aws
+  class ChangeSet
+
+    attr_reader :client
+
+    def initialize(client:)
+      @client = client
+    end
+
+    def create(options:)
+      create_change_set_output = client.create_change_set(options)
+      @id = create_change_set_output.id
+
+      wait_message = OpenStax::Aws::WaitMessage.new(
+        message: "Waiting for change set #{id} to be ready"
+      )
+
+      begin
+        client.wait_until(:change_set_create_complete, change_set_name: id) do |w|
+          w.delay = OpenStax::Aws.configuration.stack_waiter_delay
+          w.before_attempt do |attempts, response|
+            wait_message.say_it
+          end
+        end
+      rescue Aws::Waiters::Errors::FailureStateError => ee
+        if ee.response&.status_reason =~ /didn't contain changes/
+          logger.info("No changes detected, deleting change set")
+          delete
+          return self
+        else
+          logger.error(ee.response.status_reason)
+          raise
+        end
+      rescue Aws::Waiters::Errors::WaiterFailed => ee
+        logger.error("An error occurred: #{ee.message}")
+        raise
+      end
+
+      @description = client.describe_change_set(change_set_name: id)
+
+      self
+    end
+
+    def created?
+      @description.present?
+    end
+
+    def delete
+      client.delete_change_set(change_set_name: id)
+    end
+
+    def execute
+      client.execute_change_set(change_set_name: id)
+    end
+
+    def id
+      @id || raise("ID isn't yet known!")
+    end
+
+    def description
+      @description || raise("Description not set; create failed?")
+    end
+
+    def has_change_caused_by?(entity_name)
+      description.changes.any? do |change|
+        change.resource_change.details.any? do |detail|
+          detail.causing_entity == entity_name
+        end
+      end
+    end
+
+    def parameter_value(parameter_name)
+      description.parameters.select do |parameter|
+        parameter.parameter_key == parameter_name
+      end.first.parameter_value
+    end
+
+    def resource_change_summaries
+      summaries = description.changes.flat_map(&:resource_change).map do |change|
+        summary = "#{change.action} '#{change.logical_resource_id}' (#{change.resource_type})"
+
+        case change.action
+        when "Modify"
+          causes = change.details.map{|detail| [detail.change_source, detail.causing_entity].compact.join(":")}.join(", ")
+
+          summary = "#{summary}: Replacement=#{change.replacement}; Due to change in #{change.scope}; Causes: #{causes}"
+        end
+
+        summary
+      end
+    end
+
+    protected
+
+    def logger
+      OpenStax::Aws.configuration.logger
+    end
+
+  end
+end

data/lib/openstax/aws/deployment_base.rb

@@ -0,0 +1,372 @@
+module OpenStax::Aws
+  class DeploymentBase
+    class Status
+      def initialize(deployment)
+        @deployment = deployment
+      end
+
+      def stack_statuses(reload: false)
+        @deployment.stacks.each_with_object({}) do |stack, hash|
+          hash[stack.name] = stack.status(reload: reload)
+        end
+      end
+
+      def failed?(reload: false)
+        stack_statuses(reload: reload).values.any?(&:failed?)
+      end
+
+      def succeeded?(reload: false)
+        stack_statuses(reload: reload).values.all?(&:succeeded?)
+      end
+
+      def to_h
+        {
+          stacks: stack_statuses.each_with_object({}) do |(stack_name, stack_status), new_hash|
+            new_hash[stack_name] = stack_status.to_h # convert the stack status object to a hash
+          end
+        }
+      end
+
+      def to_json
+        to_h.to_json
+      end
+    end
+
+    attr_reader :env_name, :region, :name, :dry_run
+
+    RESERVED_ENV_NAMES = [
+      "external", # used to namespace external secrets in the parameter store
+    ]
+
+    def initialize(env_name: nil, region:, name:, dry_run: true)
+      if RESERVED_ENV_NAMES.include?(env_name)
+        raise "#{env_name} is a reserved word and cannot be used as an environment name"
+      end
+
+      # Allow a blank env_name but normalize it to `nil`
+      @env_name = env_name.blank? ? nil : env_name
+
+      if @env_name && !@env_name.match(/^[a-zA-Z][a-zA-Z0-9-]*$/)
+        raise "The environment name must consist only of letters, numbers, and hyphens, " \
+              "and must start with a letter."
+      end
+
+      @region = region
+      @name = name
+      @dry_run = dry_run
+    end
+
+    def name!
+      raise "`name` is blank" if name.blank?
+      name
+    end
+
+    def env_name!
+      raise "`env_name` is blank" if env_name.blank?
+      env_name
+    end
+
+    def tags
+      self.class.tags.each_with_object(HashWithIndifferentAccess.new) do |(key, value), hsh|
+        hsh[key] = value.is_a?(Proc) ? instance_eval(&value) : value
+      end
+    end
+
+    class << self
+
+      def template_directory(*directory_parts)
+        if method_defined?("template_directory")
+          raise "Can only set template_directory once per class definition"
+        end
+
+        define_method "template_directory" do
+          File.join(*directory_parts)
+        end
+      end
+
+      def sam_build_directory(*directory_parts)
+        if method_defined?("sam_build_directory")
+          raise "Can only set buisam_build_directoryld_directory once per class definition"
+        end
+
+        define_method "sam_build_directory" do
+          File.expand_path(File.join(*directory_parts))
+        end
+      end
+
+      def secrets(id, &block)
+        if id.blank?
+          raise "The first argument to `secrets` must be a non-blank ID"
+        end
+
+        if !id.to_s.match(/^[a-zA-Z][a-zA-Z0-9_]*$/)
+          raise "The first argument to `secrets` must consist only of letters, numbers, and underscores, " \
+                "and must start with a letter."
+        end
+
+        if method_defined?("#{id}_secrets")
+          raise "Can only define the `#{id}` secrets once per class definition"
+        end
+
+        if method_defined?("#{id}_stack")
+          raise "Cannot define `#{id}` secrets because there is a stack with that ID"
+        end
+
+        define_method("#{id}_secrets") do |for_create_or_update: false|
+          secrets_factory = SecretsFactory.new(
+            region: region,
+            namespace: [env_name, name],
+            context: self,
+            dry_run: dry_run,
+            for_create_or_update: for_create_or_update,
+            shared_substitutions_block: @shared_secrets_substitutions_block
+          )
+
+          secrets_factory.namespace(id)
+          secrets_factory.instance_exec({}, &block)
+          secrets_factory.instance
+        end
+      end
+
+      def stack_ids
+        @stack_ids ||= []
+      end
+
+      def stack(id, &block)
+        if id.blank?
+          raise "The first argument to `stack` must be a non-blank ID"
+        end
+
+        if !id.to_s.match(/^[a-zA-Z][a-zA-Z0-9_]*$/)
+          raise "The first argument to `stack` must consist only of letters, numbers, and underscores, " \
+                "and must start with a letter."
+        end
+
+        if method_defined?("#{id}_secrets")
+          raise "Cannot define `#{id}` stack because there are secrets with that ID"
+        end
+
+        stack_ids.push(id)
+
+        define_method("#{id}_stack") do
+          instance_variable_get("@#{id}_stack") || begin
+            stack_factory = StackFactory.new(id: id, deployment: self)
+            stack_factory.instance_eval(&block) if block_given?
+
+            # Fill in missing attributes using deployment variables and conventions
+
+            if stack_factory.name.blank?
+              stack_factory.name([env_name,name,id].compact.join("-").gsub("_","-"))
+            end
+
+            if stack_factory.region.blank?
+              stack_factory.region(region)
+            end
+
+            if stack_factory.dry_run.nil?
+              stack_factory.dry_run(dry_run)
+            end
+
+            if stack_factory.enable_termination_protection.nil?
+              stack_factory.enable_termination_protection(is_production?)
+            end
+
+            if stack_factory.absolute_template_path.blank?
+              stack_factory.autoset_absolute_template_path(respond_to?(:template_directory) ? template_directory : "")
+            end
+
+            # Populate parameter defaults that match convention names
+
+            if OpenStax::Aws.configuration.infer_parameter_defaults
+              defaults = parameter_defaults_from_template(stack_factory.absolute_template_path)
+              defaults.each{|key,value| stack_factory.parameter_defaults[key] ||= value}
+            end
+
+            stack_factory.build.tap do |stack|
+              instance_variable_set("@#{id}_stack", stack)
+            end
+          end
+        end
+      end
+
+      def secrets_substitutions(&block)
+        define_method("shared_secrets_substitutions_block") do
+          block
+        end
+      end
+
+      def tag(key, value=nil, &block)
+        raise 'The first argument to `tag` must not be blank' if key.blank?
+        raise '`tag` must be given a value or a block' if value.nil? && !block_given?
+        tags[key] = block_given? ? block : value
+      end
+
+      def tags
+        @tags ||= HashWithIndifferentAccess.new
+      end
+
+      def inherited(child_class)
+        # Copy any tags defined in the parent to the child so that it can access them
+        # while not using class variables that are shared across all classes in the
+        # that inherit here
+        child_class.instance_variable_set("@tags", tags.dup)
+      end
+
+      def logger
+        OpenStax::Aws.configuration.logger
+      end
+    end
+
+    def parameter_defaults_from_template(template_or_absolute_template_path)
+      template = template_or_absolute_template_path.is_a?(String) ?
+                   Template.from_absolute_file_path(template_or_absolute_template_path) :
+                   template_or_absolute_template_path
+
+      template.parameter_names.each_with_object({}) do |parameter_name, defaults|
+        value = parameter_default(parameter_name) ||
+                built_in_parameter_default(parameter_name)
+
+        if !value.nil?
+          defaults[parameter_name.underscore.to_sym] = value
+        end
+      end
+    end
+
+    def stacks
+      self.class.stack_ids.map{|id| self.send("#{id}_stack")}
+    end
+
+    def status(reload: false)
+      @status = nil if reload
+      @status ||= Status.new(self)
+    end
+
+    def deployed_parameters
+      stacks.each_with_object({}) do |stack, hash|
+        hash[stack.name] = stack.deployed_parameters
+      end
+    end
+
+    def built_in_parameter_default(parameter_name)
+      case parameter_name
+      when "EnvName"
+        env_name
+      when /(.+)StackName$/
+        send("#{$1}Stack".underscore).name rescue nil
+      end
+    end
+
+    def shared_secrets_substitutions_block
+      nil # can be overridden by the DSL
+    end
+
+    protected
+
+    def parameter_default(parameter_name)
+      nil
+    end
+
+    def is_production?
+      env_name == OpenStax::Aws.configuration.production_env_name
+    end
+
+    def subdomain_with_trailing_dot(site_name:)
+      parts = []
+      parts.push(site_name) if !site_name.blank?
+      parts.push(env_name!) unless is_production?
+
+      subdomain = parts.join("-")
+      subdomain.blank? ? "" : subdomain + "."
+    end
+
+    delegate :logger, to: :configuration
+
+    def configuration
+      OpenStax::Aws.configuration
+    end
+
+    def client
+      @client ||= ::Aws::CloudFormation::Client.new(region: region)
+    end
+
+    def auto_scaling_client
+      @auto_scaling_client ||= ::Aws::AutoScaling::Client.new(region: region)
+    end
+
+    def set_desired_capacity(asg_name:, desired_capacity:)
+      auto_scaling_client.set_desired_capacity(auto_scaling_group_name: asg_name, desired_capacity: desired_capacity)
+    end
+
+    def auto_scaling_group(name:)
+      ::Aws::AutoScaling::AutoScalingGroup.new(name: name, client: auto_scaling_client)
+    end
+
+    def cloudfront_client
+      @cloudfront_client ||= ::Aws::CloudFront::Client.new(region: region)
+    end
+
+    def s3_client
+      @s3_client ||= Aws::S3::Client.new(region: region)
+    end
+
+    def s3_key_exists?(bucket:, key:)
+      begin
+        s3_client.get_object(bucket: bucket, key: key)
+        true
+      rescue Aws::S3::Errors::NoSuchKey
+        false
+      end
+    end
+
+    def wait_for_tag_change(resource:, key:, polling_seconds: 20, timeout_seconds: nil)
+      keep_polling = true
+      started_at = Time.now
+      original_value = resource_tag_value(resource: resource, key: key)
+
+      wait_message = OpenStax::Aws::WaitMessage.new(
+        message: "Waiting for the #{key} tag on #{resource.name} to change from #{original_value}"
+      )
+
+      while keep_polling
+        wait_message.say_it
+
+        sleep(polling_seconds)
+
+        keep_polling = false if resource_tag_value(resource: resource, key: key) != original_value
+        keep_polling = false if !timeout_seconds.nil? && Time.now - timeout_seconds > started_at
+      end
+    end
+
+    def resource_tag_value(resource:, key:)
+      begin
+        resource.tag(key).value
+      rescue NoMethodError => ee
+        nil
+      end
+    end
+
+    def get_image_tag(image_id:, key:)
+      tag = image(image_id).tags.find{|tag| tag.key == key}
+      raise "No tag with key #{key} on AMI #{image_id}" if tag.nil?
+      tag.value
+    end
+
+    def image(image_id)
+      Aws::EC2::Image.new(image_id, region: region)
+    end
+
+    # Returns the SHA on an AMI
+    def image_sha(image_id)
+      get_image_tag(image_id: image_id, key: "sha")
+    end
+
+    protected
+
+    def secrets_namespace(id: 'default')
+      raise "Override this method in your deployment class and provide a namespace " \
+            "for secrets data in the AWS Parameter Store.  The key there will be this namespace " \
+            "prefixed by the environment name and suffixed with the secret name."
+    end
+
+  end
+end