sonic-screwdriver 0.0.1 → 1.0.0

data/lib/sonic/execute.rb

@@ -0,0 +1,131 @@
+module Sonic
+  class Execute
+    include AwsServices
+
+    def initialize(command, options)
+      @command = command
+      @options = options
+      @filter = @options[:filter].split(',').map{|s| s.strip}
+    end
+
+    # aws ssm send-command \
+    #   --instance-ids i-030033c20c54bf149 \
+    #   --document-name "AWS-RunShellScript" \
+    #   --comment "Demo run shell script on Linux Instances" \
+    #   --parameters '{"commands":["#!/usr/bin/python","print \"Hello world from python\""]}' \
+    #   --query "Command.CommandId"
+    def execute
+      ssm_options = build_ssm_options
+      if @options[:noop]
+        UI.noop = true
+        command_id = "fake command id"
+      else
+        resp = ssm.send_command(ssm_options)
+        command_id = resp.command.command_id
+      end
+      UI.say "Command sent to AWS SSM. To check the details of the command:"
+      list_command = "aws ssm list-commands --command-id #{command_id}"
+      UI.say list_command
+      if RUBY_PLATFORM =~ /darwin/
+        system("echo '#{list_command}' | pbcopy")
+        UI.say "Pro tip: the aws ssm command is already in your copy/paste clipboard."
+      end
+    end
+
+    def build_ssm_options
+      criteria = transform_filter(@filter)
+      command = build_command(@command)
+      criteria.merge(
+        document_name: "AWS-RunShellScript",
+        comment: "sonic #{ARGV.join(' ')}",
+        parameters: {
+          "commands" => command
+        }
+      )
+    end
+
+    def build_command(command)
+      if file_path?(command)
+        path = file_path(command)
+        if File.exist?(path)
+          IO.readlines(path).map {|s| s.strip}
+        else
+          UI.error("File #{path} could not be found. Are you sure it exist?")
+          exit 1
+        end
+      else
+        # The script is being feed inline so just join the command together into one script.
+        # Still keep in an array form because that's how ssn.send_command with AWS-RunShellScript
+        # usually reads the command.
+        [command.join(" ")]
+      end
+    end
+
+    def file_path?(command)
+      return false unless command.size == 1
+      possible_path = command.first
+      possible_path.include?("file://")
+    end
+
+    def file_path(command)
+      path = command.first
+      path = path.sub('file://', '')
+      path = "#{@options[:project_root]}/#{path}" if @options[:project_root]
+      path
+    end
+
+    #
+    # Public: Transform the filter to the ssm send_command equivalent options
+    #
+    # filter  - CLI filter option. Example: hi-web-prod hi-worker-prod hi-clock-prod i-0f7f833131a51ce35
+    #
+    # Examples
+    #
+    #   transform_filter(["hi-web-prod", "hi-worker-prod", "i-006a097bb10643e20"])
+    #   # => {
+    #      instance_ids: ["i-006a097bb10643e20"],
+    #      targets: [{key: "Name", values: "hi-web-prod,hi-worker-prod"}]
+    #     }
+    #
+    # Returns the duplicated String.
+    def transform_filter(filter)
+      valid = validate_filter(filter)
+      unless valid
+        UI.error("The filter you provided '#{filter.join(',')}' is not valid.")
+        UI.say("The filter must either be all instance ids or just a list of tag names.")
+        exit 1
+      end
+
+      if filter.detect { |i| instance_id?(i) }
+        instance_ids = filter
+        {instance_ids: instance_ids}
+      else
+        tags = filter
+        targets = [{
+          key: "tag:#{tag_name}",
+          values: tags
+        }]
+        {targets: targets}
+      end
+    end
+
+    # Either all instance ids are no instance ids is a valid filter
+    def validate_filter(filter)
+      if filter.detect { |i| instance_id?(i) }
+        instance_ids = filter.select { |i| instance_id?(i) }
+        instance_ids.size == filter.size
+      else
+        true
+      end
+    end
+
+    # TODO: make configurable
+    def tag_name
+      "Name"
+    end
+
+    def instance_id?(text)
+      text =~ /i-.{17}/
+    end
+  end
+end

data/lib/sonic/list.rb

@@ -0,0 +1,85 @@
+module Sonic
+  class List
+    include AwsServices
+
+    def initialize(options)
+      @options = options
+      @filter = @options[:filter] ? @options[:filter].split(',').map{|s| s.strip} : []
+    end
+
+    def run
+      options = transform_filter_option(@filter)
+      if @options[:noop]
+        instances = []
+      else
+        instances = ec2_resource.instances(options)
+      end
+      display(instances)
+    end
+
+    def display(instances)
+      if @options[:header]
+        UI.say "Instance Id\tPublic IP\tPrivate IP\tType".colorize(:green)
+      end
+
+      instances.each do |i|
+        line = [i.instance_id, i.public_ip_address, i.private_ip_address, i.instance_type].join("\t")
+        UI.say(line)
+      end
+    end
+
+    #
+    # Public: Transform the filter to the ssm send_command equivalent options
+    #
+    # filter  - CLI filter option. Example: hi-web-prod hi-worker-prod hi-clock-prod i-0f7f833131a51ce35
+    #
+    # Examples
+    #
+    #   transform_filter(["hi-web-prod", "hi-worker-prod", "i-006a097bb10643e20"])
+    #   # => {
+    #      instance_ids: ["i-006a097bb10643e20"],
+    #      targets: [{key: "Name", values: "hi-web-prod,hi-worker-prod"}]
+    #     }
+    #
+    # Note: method looks close to the Execute#transform_filter method but the criteria
+    # structure is slightly different.
+    #
+    # Returns the duplicated String.
+    def transform_filter_option(filter)
+      return {} if filter.empty?
+
+      valid = validate_filter(filter)
+      unless valid
+        UI.error("The filter you provided '#{filter.join(',')}' is not valid.")
+        UI.say("The filter must either be all instance ids or just a list of tag names.")
+        exit 1
+      end
+
+      if filter.detect { |i| instance_id?(i) }
+        instance_ids = filter
+        {instance_ids: instance_ids}
+      else
+        tags = filter
+        criteria = [{
+          name: "tag-value",
+          values: tags
+        }]
+        {filters: criteria}
+      end
+    end
+
+    # Either all instance ids are no instance ids is a valid filter
+    def validate_filter(filter)
+      if filter.detect { |i| instance_id?(i) }
+        instance_ids = filter.select { |i| instance_id?(i) }
+        instance_ids.size == filter.size
+      else
+        true
+      end
+    end
+
+    def instance_id?(text)
+      text =~ /i-.{17}/
+    end
+  end
+end

data/lib/sonic/settings.rb

@@ -0,0 +1,80 @@
+require 'yaml'
+
+module Sonic
+  class Settings
+    def initialize(project_root=nil)
+      @project_root = project_root || '.'
+    end
+
+    def data
+      return @data if @data
+
+      project_file = "#{@project_root}/.sonic/settings.yml"
+      project = File.exist?(project_file) ? YAML.load_file(project_file) : {}
+
+      user_file = "#{home}/.sonic/settings.yml"
+      user = File.exist?(user_file) ? YAML.load_file(user_file) : {}
+
+      default_file = File.expand_path("../default/settings.yml", __FILE__)
+      default = YAML.load_file(default_file)
+
+      @data = default.merge(user.merge(project))
+      ensure_default_cluster(@data)
+      @data
+    end
+
+    # Public: Returns default cluster based on the ECS service name.
+    #
+    # service  - ECS service
+    # count - The Integer number of times to duplicate the text.
+    #
+    # The settings.yml format:
+    #
+    # service_cluster:
+    #   default: stag
+    #   hi-web-prod: prod
+    #   hi-clock-prod: prod
+    #   hi-worker-prod: prod
+    #   hi-web-stag: stag
+    #   hi-clock-stag: stag
+    #   hi-worker-stag: stag
+    #
+    # Examples
+    #
+    #   default_cluster('hi-web-prod')
+    #   # => 'prod'
+    #   default_cluster('whatever')
+    #   # => 'stag'
+    #
+    # Returns the ECS cluster name.
+    def default_cluster(service)
+      service_cluster = data["service_cluster"]
+      service_cluster[service] || service_cluster["default"]
+    end
+
+    # When user's .sonic/settings.yml lack the default cluster, we add it on.
+    # Otherwise the user get confusing and scary aws-sdk-core/param_validator errors:
+    # Example: https://gist.github.com/sonic/67b9a68a77363b908d1c36047bc2709a
+    def ensure_default_cluster(data)
+      unless data["service_cluster"]["default"]
+        data["service_cluster"]["default"] = "default"
+      end
+      data
+    end
+
+    def host_key_check_options
+      if data["host_key_check"]
+        # no options by default enables strict host key checking
+        []
+      else
+        # disables host key checking
+        %w[-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null]
+      end
+    end
+
+    def home
+      # hack but fast
+      ENV['TEST'] ? "spec/fixtures/home" : ENV['HOME']
+    end
+  end
+end

data/lib/sonic/ssh.rb

@@ -0,0 +1,136 @@
+require 'colorize'
+
+module Sonic
+  class Ssh
+    autoload :IdentifierDetector, 'sonic/ssh/identifier_detector'
+
+    include AwsServices
+
+    def initialize(identifier, options)
+      @options = options
+
+      @user, @identifier = extract_user!(identifier) # extracts/strips user from identifier
+      # While --user option is supported at the class level, don't expose at the CLI level
+      # to encourage users to use user@host notation.
+      @user ||= options[:user] || settings.data["user"]
+
+      @service = @identifier # always set service even though it's not always used as the identifier
+      @cluster = options[:cluster] || settings.default_cluster(@service)
+      @bastion = options[:bastion] || settings.data["bastion"]
+    end
+
+    def run
+      ssh = build_ssh_command
+      kernel_exec(*ssh) # must splat the Array here
+    end
+
+    def bastion_host
+      return @identifier if @options[:noop] # for specs
+      @bastion_host ||= build_bastion_host
+    end
+
+    def build_bastion_host
+      host = @bastion
+      host = "#{@user}@#{host}" unless host.include?('@')
+      host
+    end
+
+    # used by child Classes
+    def ssh_host
+      return @identifier if @options[:noop] # for specs
+      @ssh_host ||= build_ssh_host
+    end
+
+    def build_ssh_host
+      detector = Ssh::IdentifierDetector.new(@cluster, @service, @identifier, @options)
+      instance_id = detector.detect!
+      instance_hostname(instance_id)
+    end
+
+    def instance_hostname(ec2_instance_id)
+      begin
+        resp = ec2.describe_instances(instance_ids: [ec2_instance_id])
+      rescue Aws::EC2::Errors::InvalidInstanceIDNotFound => e
+        # e.message: The instance ID 'i-027363802c6ff3141' does not exist
+        UI.error(e.message)
+        exit 1
+      end
+      instance = resp.reservations[0].instances[0]
+      # struct Aws::EC2::Types::Instance
+      # http://docs.aws.amazon.com/sdkforruby/api/Aws/EC2/Types/Instance.html
+      host = if @bastion
+              instance.private_ip_address
+            else
+              instance.public_ip_address
+            end
+      "#{@user}@#{host}"
+    end
+
+    # Will use Kernel.exec so that the ssh process takes over this ruby process.
+    def kernel_exec(*args)
+      # append the optional command that can be provided to the ssh command
+      full_command = args + @options[:command]
+      puts "=> #{full_command.join(' ')}".colorize(:green)
+      # https://ruby-doc.org/core-2.3.1/Kernel.html#method-i-exec
+      # Using 2nd form
+      Kernel.exec(*full_command) unless @options[:noop]
+    end
+
+private
+    def settings
+      @settings ||= Settings.new(@options[:project_root])
+    end
+
+    # Returns Array of flags.
+    def ssh_options
+      settings.host_key_check_options
+    end
+
+    # Will prepend the bastion host if required
+    # When bastion set
+    #   ssh [options] -At [bastion_host] ssh -At [ssh_host]
+    #
+    # When bastion not set
+    #   ssh [options] -At [ssh_host]
+    #
+    # Builds up ssh command to be used with Kernel.exec. Will look something like this:
+    #   ssh -At ec2-user@34.211.223.3 ssh ec2-user@10.10.110.135
+    # It is imporant to use an Array for the command so it gets intrepreted as if you are
+    # executing it from the shell directly. For example, globs gets expanded with the
+    # Array notation but not the String notation.
+    #
+    # ssh options:
+    # -A = Enables forwarding of the authentication agent connection
+    # -t = Force pseudo-terminal allocati
+    def build_ssh_command
+      ssh = ["ssh"] + ssh_options
+      ssh += ["-At", bastion_host, "ssh"] if @bastion
+      # ssh_host is internal ip when bastion is set
+      # ssh_host is public ip when bastion is not set
+      ssh += ["-At", ssh_host]
+      ssh
+    end
+
+    # Private: Extracts and strips the user from the identifier.
+    #
+    # identifier  - Can be a variety of things: instance_id, ecs service, ecs task, etc.
+    #
+    # Examples
+    #
+    #   extract_user!("i-0f7f833131a51ce35")
+    #   # => [nil, "i-0f7f833131a51ce35"]
+    #
+    #   extract_user!("ec2-user@i-0f7f833131a51ce35")
+    #   # => ["ec2-user", "i-0f7f833131a51ce35"]
+    #
+    # Returns the a tuple cotaining the user and identifier
+    def extract_user!(identifier)
+      md = identifier.match(/(.*)@(.*)/)
+      if md
+        [md[1], md[2]]
+      else
+        [nil, identifier]
+      end
+    end
+  end
+end

data/lib/sonic/ssh/ec2_tag.rb

@@ -0,0 +1,59 @@
+require 'tty-prompt'
+
+module Sonic
+  # ec2 tag related methods
+  module Ssh::Ec2Tag
+    def ec2_instances
+      return @ec2_instances if @ec2_instances
+
+      filters = [{ name: 'tag-value', values: tags_filter }]
+      @ec2_instances = ec2_resource.instances(filters: filters)
+    end
+
+    # matches any tag value
+    def ec2_tag_exists?
+      ec2_instances.count > 0
+    end
+
+    # If no instances found
+    #   Exit immediately with error message
+    # If all instances found have the same tag name
+    #   Immediately return the first instance id
+    # If multiple tag values
+    #   Prompt user to select instance tag value of interest
+    def find_ec2_instance
+      tag_values = ec2_instances.map{ |i| matched_tag_value(i) }.uniq
+      case tag_values.size
+      when 0
+        UI.error("Unable to find an instance with a one of the tag values: #{@identifier}")
+        exit 1
+      when 1
+        ec2_instances.first.instance_id
+      else
+        # prompt
+        select_instance_type(tag_values).instance_id
+      end
+    end
+
+    def select_instance_type(tag_values)
+      UI.say("Found multiple instance types matching the tag filter: #{@identifier}")
+      prompt = TTY::Prompt.new
+      tag_value = prompt.select("Select an instance type tag:", tag_values)
+
+      # find the first instance with the tag_value
+      instance = ec2_instances.find do |i|
+        i.tags.find { |t| t.value == tag_value }
+      end
+    end
+
+    def matched_tag_value(instance)
+      tags = instance.tags
+      tag = tags.find {|t| tags_filter.include?(t.value) }
+      tag.value
+    end
+
+    def tags_filter
+      @identifier.split(',') # identifier from CLI could be a comma separated list
+    end
+  end
+end