stax 0.0.1 → 0.0.2

data/lib/stax/mixin/keypair.rb

@@ -0,0 +1,45 @@
+require 'stax/aws/keypair'
+
+module Stax
+  module Keypair
+    def self.included(thor)
+      thor.desc(:keypair, 'Keypair subcommands')
+      thor.subcommand(:keypair, Cmd::Keypair)
+    end
+
+    def keypair_create
+      Aws::Keypair.create(stack_name).key_material
+    rescue ::Aws::EC2::Errors::InvalidKeyPairDuplicate => e
+      fail_task(e.message)
+    end
+
+    def keypair_delete
+      Aws::Keypair.delete(stack_name)
+    end
+  end
+
+  module Cmd
+    class Keypair < SubCommand
+
+      desc 'ls', 'list keypairs'
+      method_option :all_keys, aliases: '-a', type: :boolean, default: false, desc: 'list all keys'
+      def ls
+        names = options[:all_keys] ? nil : [my.stack_name]
+        print_table Aws::Keypair.describe(names).map { |k|
+          [k.key_name, k.key_fingerprint]
+        }
+      end
+
+      desc 'create [NAME]', 'create keypair'
+      def create
+        puts my.keypair_create
+      end
+
+      desc 'delete [NAME]', 'delete keypair'
+      def delete(name = my.stack_name)
+        my.keypair_delete if yes?("Really delete keypair #{name}?", :yellow)
+      end
+
+    end
+  end
+end

data/lib/stax/mixin/kms.rb

@@ -0,0 +1,30 @@
+require 'stax/aws/kms'
+
+module Stax
+  module Kms
+    def self.included(thor)
+      thor.desc(:kms, 'KMS subcommands')
+      thor.subcommand(:kms, Cmd::Kms)
+    end
+  end
+
+  module Cmd
+    class Kms < SubCommand
+
+      no_commands do
+        def stack_kms_keys
+          Aws::Cfn.resources_by_type(my.stack_name, 'AWS::KMS::Key')
+        end
+      end
+
+      desc 'ls', 'list kms keys for stack'
+      def ls
+        print_table stack_kms_keys.map { |r|
+          k = Aws::Kms.describe(r.physical_resource_id)
+          [k.key_id, k.key_state, k.creation_date, k.description]
+        }
+      end
+
+    end
+  end
+end

data/lib/stax/mixin/lambda.rb

@@ -0,0 +1,76 @@
+require 'open-uri'
+require 'yaml'
+require 'base64'
+require 'stax/aws/lambda'
+
+module Stax
+  module Lambda
+    def self.included(thor)
+      thor.desc(:lambda, 'Lambda subcommands')
+      thor.subcommand(:lambda, Cmd::Lambda)
+    end
+  end
+
+  module Cmd
+    class Lambda < SubCommand
+
+      no_commands do
+        def stack_lambdas
+          Aws::Cfn.resources_by_type(my.stack_name, 'AWS::Lambda::Function')
+        end
+      end
+
+      desc 'ls', 'list lambdas for stack'
+      def ls
+        names = stack_lambdas.map(&:physical_resource_id)
+        print_table Aws::Lambda.list.select { |l|
+          names.include?(l.function_name)
+        }.map { |l|
+          size = (l.code_size/1.0.megabyte).round.to_s + 'MB'
+          [l.function_name, l.description, l.runtime, size, l.last_modified]
+        }
+      end
+
+      desc 'config ID', 'get function configuration'
+      def config(id)
+        cfg = Aws::Lambda.configuration(my.resource(id))
+        puts YAML.dump(stringify_keys(cfg.to_hash))
+      end
+
+      desc 'code ID', 'get code for lambda function with ID'
+      method_option :url, type: :boolean, default: false, desc: 'return just URL for code'
+      def code(id)
+        url = Aws::Lambda.code(my.resource(id))
+        if options[:url]
+          puts url
+        else
+          Tempfile.new([my.stack_name, '.zip']).tap do |file|
+            file.write(open(url).read)
+            file.close
+            puts %x[unzip -p #{file.path}] # unzip all contents to stdout
+          end
+        end
+      end
+
+      desc 'test ID', 'run lambda with ID'
+      method_option :type,    type: :string,  default: nil,   desc: 'invocation type: RequestResponse, Event'
+      method_option :tail,    type: :boolean, default: false, desc: 'tail log for RequestResponse'
+      method_option :payload, type: :string,  default: nil,   desc: 'json input to function'
+      method_option :file,    type: :string,  default: nil,   desc: 'get json payload from file'
+      def test(id)
+        Aws::Lambda.invoke(
+          function_name: my.resource(id),
+          invocation_type: options[:type],
+          log_type: options[:tail] ? 'Tail' : nil,
+          payload: options[:file] ? File.open(options[:file]) : options[:payload],
+        ).tap do |resp|
+          puts resp.status_code
+          warn(resp.function_error) if resp.function_error
+          puts Base64.decode64(resp.log_result) if options[:tail]
+        end
+      end
+
+    end
+  end
+
+end

data/lib/stax/mixin/logs.rb

@@ -0,0 +1,94 @@
+require 'stax/aws/logs'
+
+module Stax
+  module Logs
+
+    def self.included(thor)
+      thor.desc(:logs, 'Logs subcommands')
+      thor.subcommand(:logs, Cmd::Logs)
+    end
+
+    def stack_log_groups
+      @_stack_log_groups ||= stack_resources_by_type('AWS::Logs::LogGroup')
+    end
+
+  end
+
+  module Cmd
+    class Logs < SubCommand
+
+      no_commands do
+        ## n-th most-recently updated stream
+        def latest_stream(group, n = 0)
+          n = n.to_i.abs          # convert string and -ves
+          Aws::Logs.streams(log_group_name: group, order_by: :LastEventTime, descending: true, limit: n+1)[n]
+        end
+
+        ## hash of resource id to log group objects, including lambda auto-created groups
+        def log_groups
+          {}.tap do |h|
+            my.stack_resources_by_type('AWS::Logs::LogGroup').each do |r|
+              h[r.logical_resource_id] = Aws::Logs.groups(r.physical_resource_id)&.first
+            end
+            my.stack_resources_by_type('AWS::Lambda::Function').each do |r|
+              h[r.logical_resource_id] = Aws::Logs.groups("/aws/lambda/#{r.physical_resource_id}")&.first
+            end
+          end.compact # lambda groups may be nil if not invoked yet
+        end
+      end
+
+      desc 'groups', 'list log groups for stack'
+      def groups
+        print_table log_groups.map { |id, g|
+          [id, g.log_group_name, g.retention_in_days, human_time(g.creation_time), human_bytes(g.stored_bytes)]
+        }
+      end
+
+      desc 'streams', 'list log streams'
+      method_option :alpha, aliases: '-a', type: :boolean, default: false, desc: 'order by name'
+      method_option :limit, aliases: '-n', type: :numeric, default: nil,   desc: 'number of streams to list'
+      def streams
+        log_groups.each do |id, group|
+          debug(group.log_group_name)
+          streams = Aws::Logs.streams(
+            log_group_name: group.log_group_name,
+            order_by: options[:alpha] ? :LogStreamName : :LastEventTime,
+            descending: !options[:alpha], # most recent first
+            limit: options[:limit],
+          )
+          print_table streams.map { |s|
+            [s.log_stream_name, human_time(s.last_event_timestamp), human_bytes(s.stored_bytes)]
+          }
+        end
+      end
+
+      desc 'tail [STREAM]', 'tail latest/given log stream'
+      method_option :group,    aliases: '-g', type: :string,  default: nil,   desc: 'log group to tail'
+      method_option :numlines, aliases: '-n', type: :numeric, default: 10,    desc: 'number of lines to show'
+      method_option :follow,   aliases: '-f', type: :boolean, default: false, desc: 'follow log output'
+      method_option :sleep,    aliases: '-s', type: :numeric, default: 1,     desc: 'seconds to sleep between poll for new data'
+      def tail(stream = nil)
+        trap('SIGINT', 'EXIT')    # clean exit with ctrl-c
+        group  = ((g = options[:group]) ? log_groups[g] : log_groups.values.first).log_group_name
+        stream ||= latest_stream(group).log_stream_name
+
+        debug("Log stream #{group}/#{stream}")
+        token = nil
+        loop do
+          resp = Aws::Logs.client.get_log_events(
+            log_group_name: group,
+            log_stream_name: stream,
+            limit: options[:numlines],
+            next_token: token,
+          )
+          resp.events.each do |e|
+            puts("#{set_color(human_time(e.timestamp).utc, :green)}  #{e.message}")
+          end
+          token = resp.next_forward_token
+          options[:follow] ? sleep(options[:sleep]) : break
+        end
+      end
+
+    end
+  end
+end

data/lib/stax/mixin/s3.rb

@@ -0,0 +1,76 @@
+require 'stax/aws/s3'
+
+module Stax
+  module S3
+    def self.included(thor)
+      thor.desc(:s3, 'S3 subcommands')
+      thor.subcommand(:s3, Cmd::S3)
+    end
+  end
+
+  module Cmd
+    class S3 < SubCommand
+      no_commands do
+        def stack_s3_buckets
+          Aws::Cfn.resources_by_type(my.stack_name, 'AWS::S3::Bucket')
+        end
+
+        def stack_tagged_buckets
+          Aws::S3.list_buckets.select do |bucket|
+            region = Aws::S3.bucket_region(bucket.name)
+            next unless region.empty? || region == ENV['AWS_REGION']
+            tags = Aws::S3.bucket_tags(bucket.name)
+            tags.any? { |t| t.key == 'aws:cloudformation:stack-name' && t.value == my.stack_name }
+          end
+        end
+      end
+
+      desc 'buckets', 'S3 buckets for this stack'
+      def buckets
+        puts stack_s3_buckets.map(&:physical_resource_id)
+      end
+
+      desc 'tagged', 'S3 buckets that were tagged by this stack'
+      def tagged
+        print_table stack_tagged_buckets.map { |b|
+          [b.name, b.creation_date]
+        }
+      end
+
+      desc 'lifecycle', 'show/set lifecycle for tagged buckets'
+      def lifecycle
+        debug("Lifecycle for buckets tagged by #{my.stack_name}")
+        stack_tagged_buckets.each do |bucket|
+          Aws::S3.get_lifecycle(bucket.name).each do |l|
+            puts YAML.dump(stringify_keys(l.to_hash))
+          end
+        end
+      end
+
+      desc 'expire', 'expire objects in tagged buckets'
+      def expire(days = 1)
+        debug("Expiring objects in buckets tagged by #{my.stack_name}")
+        stack_tagged_buckets.each do |bucket|
+          if yes?("Expire all objects for #{bucket.name} in #{days}d?", :yellow)
+            Aws::S3.put_lifecycle(
+              bucket.name,
+              rules: [
+                {
+                  prefix: '',   # required, all objects
+                  status: :Enabled,
+                  expiration: {
+                    days: days,
+                  },
+                  noncurrent_version_expiration: {
+                    noncurrent_days: days,
+                  },
+                }
+              ]
+            )
+          end
+        end
+      end
+
+    end
+  end
+end

data/lib/stax/mixin/sg.rb

@@ -0,0 +1,95 @@
+require 'stax/aws/sg'
+require 'open-uri'
+
+module Stax
+  module Sg
+    def self.included(thor)
+      thor.desc(:sg, 'Security group subcommands')
+      thor.subcommand(:sg, Cmd::Sg)
+    end
+
+    ## look up my local public IP
+    def get_my_ip
+      URI.parse('http://v4.ident.me/').read + '/32'
+    end
+
+    def sg_authorize(id, cidr = get_my_ip, port = 22)
+      Aws::Sg.authorize(id, cidr, port)
+    end
+
+    def sg_revoke(id, cidr = get_my_ip, port = 22)
+      Aws::Sg.revoke(id, cidr, port)
+    end
+  end
+
+  module Cmd
+    class Sg < SubCommand
+      no_commands do
+        def stack_security_groups
+          Aws::Cfn.resources_by_type(my.stack_name, 'AWS::EC2::SecurityGroup')
+        end
+
+        def get_id(id)
+          id.match(/^sg-\h{8}$/) ? id : Aws::Cfn.id(my.stack_name, id)
+        end
+
+        def stack_security_group(id)
+          Aws::Sg.describe(get_id(id))
+        end
+
+        ## format permissions output
+        def sg_permissions(perms)
+          perms.map do |p|
+            proto = (p.ip_protocol == '-1') ? 'all' : p.ip_protocol
+            port = ((p.from_port == p.to_port) ? p.from_port : [p.from_port, p.to_port].join('-')) || 'all'
+            [proto, port, p.ip_ranges.map(&:cidr_ip).join(','), p.user_id_group_pairs.map(&:group_id).join(',')]
+          end
+        end
+
+        ## lookup my IP as a CIDR
+        def get_my_ip
+          open('http://v4.ident.me/').read + '/32'
+        end
+
+      end
+
+      desc 'ls', 'SGs for stack'
+      def ls
+        print_table Aws::Sg.describe(stack_security_groups.map(&:physical_resource_id)).map { |s|
+          [s.group_name, s.group_id, s.vpc_id, s.description]
+        }
+      end
+
+      desc 'inbound ID', 'SG inbound permissions'
+      def inbound
+        stack_security_groups.each do |s|
+          debug("Inbound permissions for #{s.logical_resource_id} #{s.physical_resource_id}")
+          print_table sg_permissions(stack_security_group(s.physical_resource_id).first.ip_permissions)
+        end
+      end
+
+      desc 'outbound ID', 'SG outbound permissions'
+      def outbound
+        stack_security_groups.each do |s|
+          debug("Outbound permissions for #{s.logical_resource_id} #{s.physical_resource_id}")
+          print_table sg_permissions(stack_security_group(s.physical_resource_id).first.ip_permissions_egress)
+        end
+      end
+
+      desc 'authorize ID', 'open port on security group'
+      method_option :cidr, type: :string,  default: nil, desc: 'cidr block to open'
+      method_option :port, type: :numeric, default: 22,  desc: 'port to open'
+      def authorize(id)
+        Aws::Sg.authorize(get_id(id), options.fetch(:cidr, get_my_ip), options[:port])
+      end
+
+      desc 'revoke ID', 'close port on security group'
+      method_option :cidr, type: :string,  default: nil, desc: 'cidr block to close'
+      method_option :port, type: :numeric, default: 22,  desc: 'port to close'
+      def revoke(id)
+        Aws::Sg.revoke(get_id(id), options.fetch(:cidr, get_my_ip), options[:port])
+      end
+
+    end
+  end
+end

data/lib/stax/mixin/sqs.rb

@@ -0,0 +1,49 @@
+require 'stax/aws/sqs'
+
+module Stax
+  module Sqs
+    def self.included(thor)
+      thor.desc(:sqs, 'SQS subcommands')
+      thor.subcommand(:sqs, Cmd::Sqs)
+    end
+  end
+
+  module Cmd
+    class Sqs < SubCommand
+
+      no_commands do
+        def stack_sqs_queues
+          Aws::Cfn.resources_by_type(my.stack_name, 'AWS::SQS::Queue')
+        end
+      end
+
+      desc 'ls', 'SQS queues'
+      def ls
+        print_table stack_sqs_queues.map { |r|
+          q = Aws::Sqs.get(r.physical_resource_id)
+          [
+            q['QueueArn'].split(':').last,
+            q['ApproximateNumberOfMessages'],
+            q['ApproximateNumberOfMessagesNotVisible'],
+            Time.at(q['LastModifiedTimestamp'].to_i),
+          ]
+        }
+      end
+
+      desc 'purge', 'purge SQS queues'
+      def purge
+        stack_sqs_queues.each do |q|
+          name = q.physical_resource_id.split('/').last
+          if yes?("Purge queue #{name}?", :yellow)
+            begin
+              Aws::Sqs.purge(q.physical_resource_id)
+            rescue ::Aws::SQS::Errors::PurgeQueueInProgress => e
+              warn(e.message)
+            end
+          end
+        end
+      end
+
+    end
+  end
+end