@brunwig/mup-aws-beanstalk 0.8.1

package/lib/utils.js

@@ -0,0 +1,678 @@
+"use strict";
+
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+exports.logStep = logStep;
+exports.shouldRebuild = shouldRebuild;
+exports.tmpBuildPath = tmpBuildPath;
+exports.names = names;
+exports.createUniqueName = createUniqueName;
+exports.getLogs = getLogs;
+exports.getNodeVersion = getNodeVersion;
+exports.selectPlatformArn = selectPlatformArn;
+exports.attachPolicies = attachPolicies;
+exports.getAccountId = getAccountId;
+exports.ensureRoleExists = ensureRoleExists;
+exports.ensureInstanceProfileExists = ensureInstanceProfileExists;
+exports.ensureRoleAdded = ensureRoleAdded;
+exports.ensurePoliciesAttached = ensurePoliciesAttached;
+exports.ensureInlinePolicyAttached = ensureInlinePolicyAttached;
+exports.ensureBucketExists = ensureBucketExists;
+exports.findBucketWithPrefix = findBucketWithPrefix;
+exports.ensureBucketPolicyAttached = ensureBucketPolicyAttached;
+exports.ensureCloudWatchRule = ensureCloudWatchRule;
+exports.ensureRuleTargetExists = ensureRuleTargetExists;
+exports.coloredStatusText = coloredStatusText;
+exports.createVersionDescription = createVersionDescription;
+exports.ensureSsmDocument = ensureSsmDocument;
+exports.pickInstance = pickInstance;
+exports.connectToInstance = connectToInstance;
+exports.executeSSHCommand = executeSSHCommand;
+
+var _axios = _interopRequireDefault(require("axios"));
+
+var _chalk = _interopRequireDefault(require("chalk"));
+
+var _fs = _interopRequireDefault(require("fs"));
+
+var _lodash = require("lodash");
+
+var _os = _interopRequireDefault(require("os"));
+
+var _randomSeed = _interopRequireDefault(require("random-seed"));
+
+var _uuid = _interopRequireDefault(require("uuid"));
+
+var _child_process = require("child_process");
+
+var _aws = require("./aws");
+
+var _recheck = require("./recheck");
+
+var _envReady = require("./env-ready");
+
+function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }
+
+function ownKeys(object, enumerableOnly) { var keys = Object.keys(object); if (Object.getOwnPropertySymbols) { var symbols = Object.getOwnPropertySymbols(object); if (enumerableOnly) { symbols = symbols.filter(function (sym) { return Object.getOwnPropertyDescriptor(object, sym).enumerable; }); } keys.push.apply(keys, symbols); } return keys; }
+
+function _objectSpread(target) { for (var i = 1; i < arguments.length; i++) { var source = arguments[i] != null ? arguments[i] : {}; if (i % 2) { ownKeys(Object(source), true).forEach(function (key) { _defineProperty(target, key, source[key]); }); } else if (Object.getOwnPropertyDescriptors) { Object.defineProperties(target, Object.getOwnPropertyDescriptors(source)); } else { ownKeys(Object(source)).forEach(function (key) { Object.defineProperty(target, key, Object.getOwnPropertyDescriptor(source, key)); }); } } return target; }
+
+function _defineProperty(obj, key, value) { if (key in obj) { Object.defineProperty(obj, key, { value: value, enumerable: true, configurable: true, writable: true }); } else { obj[key] = value; } return obj; }
+
+function logStep(message) {
+  console.log(_chalk.default.blue(message));
+}
+
+function shouldRebuild(bundlePath, useCachedBuild) {
+  if (_fs.default.existsSync(bundlePath) && useCachedBuild) {
+    return false;
+  }
+
+  return true;
+}
+
+function tmpBuildPath(appPath, api) {
+  const rand = _randomSeed.default.create(appPath);
+
+  const uuidNumbers = [];
+
+  for (let i = 0; i < 16; i++) {
+    uuidNumbers.push(rand(255));
+  }
+
+  return api.resolvePath(_os.default.tmpdir(), `mup-meteor-${_uuid.default.v4({
+    random: uuidNumbers
+  })}`);
+}
+
+function names(config) {
+  const name = config.app.name.toLowerCase();
+  return {
+    bucket: `mup-${name}`,
+    environment: config.app.envName || `mup-env-${name}`,
+    app: `mup-${name}`,
+    bundlePrefix: `mup/bundles/${name}/`,
+    instanceProfile: 'aws-elasticbeanstalk-ec2-role',
+    serviceRole: 'aws-elasticbeanstalk-service-role',
+    trailBucketPrefix: 'mup-graceful-shutdown-trail',
+    trailName: 'mup-graceful-shutdown-trail',
+    deregisterRuleName: 'mup-target-deregister',
+    eventTargetRole: `mup-envoke-run-command-${name}`,
+    eventTargetPolicyName: 'Invoke_Run_Command',
+    eventTargetPassRoleName: 'Pass_Role',
+    automationDocument: 'mup-graceful-shutdown'
+  };
+}
+
+function createUniqueName(prefix = '') {
+  const randomNumbers = Math.floor(Math.random() * 10000);
+  return `${prefix}-${Date.now()}-${randomNumbers}`;
+}
+
+async function retrieveEnvironmentInfo(api, count) {
+  const config = api.getConfig();
+  const {
+    environment
+  } = names(config);
+  const {
+    EnvironmentInfo
+  } = await _aws.beanstalk.retrieveEnvironmentInfo({
+    EnvironmentName: environment,
+    InfoType: 'tail'
+  }).promise();
+
+  if (EnvironmentInfo.length > 0) {
+    return EnvironmentInfo;
+  } else if (count > 5) {
+    throw new Error('No logs');
+  }
+
+  return new Promise((resolve, reject) => {
+    setTimeout(() => {
+      // The logs aren't always available, so retry until they are
+      // Another option is to look for the event that says it is ready
+      retrieveEnvironmentInfo(api, count + 1).then(resolve).catch(reject);
+    }, (0, _recheck.getRecheckInterval)());
+  });
+}
+
+async function getLogs(api, logNames) {
+  const config = api.getConfig();
+  const {
+    environment
+  } = names(config);
+  await (0, _envReady.waitForEnvReady)(config, false);
+  logStep('=> Requesting Logs');
+  await _aws.beanstalk.requestEnvironmentInfo({
+    EnvironmentName: environment,
+    InfoType: 'tail'
+  }).promise();
+  const EnvironmentInfo = await retrieveEnvironmentInfo(api, 0);
+  logStep('=> Downloading Logs');
+  const logsForServer = EnvironmentInfo.reduce((result, info) => {
+    result[info.Ec2InstanceId] = info.Message;
+    return result;
+  }, {});
+  return Promise.all(Object.keys(logsForServer).map(key => new Promise((resolve, reject) => {
+    _axios.default.get(logsForServer[key]).then(({
+      data
+    }) => {
+      // The separator changed with Amazon Linux 2
+      let parts = data.split('----------------------------------------\n/var/log/');
+
+      if (parts.length === 1) {
+        parts = data.split('-------------------------------------\n/var/log/');
+      }
+
+      data = logNames.map(name => parts.find(part => part.trim().startsWith(name)));
+      resolve({
+        data,
+        instance: key
+      });
+    }).catch(reject);
+  })));
+}
+
+function getNodeVersion(api, bundlePath) {
+  let star = _fs.default.readFileSync(api.resolvePath(bundlePath, 'bundle/star.json')).toString();
+
+  const nodeVersionTxt = _fs.default.readFileSync(api.resolvePath(bundlePath, 'bundle/.node_version.txt')).toString();
+
+  star = JSON.parse(star);
+
+  if (star.npmVersion) {
+    return {
+      nodeVersion: star.nodeVersion,
+      npmVersion: star.npmVersion
+    };
+  }
+
+  const nodeVersion = nodeVersionTxt.substr(1);
+
+  if (nodeVersion.startsWith('4')) {
+    return {
+      nodeVersion,
+      npmVersion: '4.6.1'
+    };
+  }
+
+  return {
+    nodeVersion,
+    npmVersion: '3.10.5'
+  };
+}
+
+async function selectPlatformArn() {
+  const {
+    PlatformBranchSummaryList
+  } = await _aws.beanstalk.listPlatformBranches({
+    Filters: [{
+      Attribute: 'LifecycleState',
+      Operator: '=',
+      Values: ['supported']
+    }, {
+      Attribute: 'PlatformName',
+      Operator: '=',
+      Values: ['Node.js']
+    }, {
+      Attribute: 'TierType',
+      Operator: '=',
+      Values: ['WebServer/Standard']
+    }]
+  }).promise();
+
+  if (PlatformBranchSummaryList.length === 0) {
+    throw new Error('Unable to find supported Node.js platform');
+  }
+
+  const branchName = PlatformBranchSummaryList[0].BranchName;
+  const {
+    PlatformSummaryList
+  } = await _aws.beanstalk.listPlatformVersions({
+    Filters: [{
+      Type: 'PlatformBranchName',
+      Operator: '=',
+      Values: [branchName]
+    }, {
+      Type: 'PlatformStatus',
+      Operator: '=',
+      Values: ['Ready']
+    }]
+  }).promise();
+  const arn = PlatformSummaryList[0].PlatformArn;
+  return arn;
+}
+
+async function attachPolicies(config, roleName, policies) {
+  const promises = [];
+  policies.forEach(policy => {
+    const promise = _aws.iam.attachRolePolicy({
+      RoleName: roleName,
+      PolicyArn: policy
+    }).promise();
+
+    promises.push(promise);
+  });
+  await Promise.all(promises);
+}
+
+function getAccountId() {
+  return _aws.sts.getCallerIdentity().promise().then(({
+    Account
+  }) => Account);
+}
+
+async function ensureRoleExists(name, assumeRolePolicyDocument, ensureAssumeRolePolicy) {
+  let exists = true;
+  let updateAssumeRolePolicy = false;
+
+  try {
+    const {
+      Role
+    } = await _aws.iam.getRole({
+      RoleName: name
+    }).promise();
+    const currentAssumeRolePolicy = decodeURIComponent(Role.AssumeRolePolicyDocument); // Make the whitespace consistent with the current document
+
+    assumeRolePolicyDocument = JSON.stringify(JSON.parse(assumeRolePolicyDocument));
+
+    if (currentAssumeRolePolicy !== assumeRolePolicyDocument && ensureAssumeRolePolicy) {
+      updateAssumeRolePolicy = true;
+    }
+  } catch (e) {
+    exists = false;
+  }
+
+  if (!exists) {
+    await _aws.iam.createRole({
+      RoleName: name,
+      AssumeRolePolicyDocument: assumeRolePolicyDocument
+    }).promise();
+  } else if (updateAssumeRolePolicy) {
+    await _aws.iam.updateAssumeRolePolicy({
+      RoleName: name,
+      PolicyDocument: assumeRolePolicyDocument
+    }).promise();
+  }
+}
+
+async function ensureInstanceProfileExists(config, name) {
+  let exists = true;
+
+  try {
+    await _aws.iam.getInstanceProfile({
+      InstanceProfileName: name
+    }).promise();
+  } catch (e) {
+    exists = false;
+  }
+
+  if (!exists) {
+    await _aws.iam.createInstanceProfile({
+      InstanceProfileName: name
+    }).promise();
+  }
+}
+
+async function ensureRoleAdded(config, instanceProfile, role) {
+  let added = true;
+  const {
+    InstanceProfile
+  } = await _aws.iam.getInstanceProfile({
+    InstanceProfileName: instanceProfile
+  }).promise();
+
+  if (InstanceProfile.Roles.length === 0 || InstanceProfile.Roles[0].RoleName !== role) {
+    added = false;
+  }
+
+  if (!added) {
+    await _aws.iam.addRoleToInstanceProfile({
+      InstanceProfileName: instanceProfile,
+      RoleName: role
+    }).promise();
+  }
+}
+
+async function ensurePoliciesAttached(config, role, policies) {
+  let {
+    AttachedPolicies
+  } = await _aws.iam.listAttachedRolePolicies({
+    RoleName: role
+  }).promise();
+  AttachedPolicies = AttachedPolicies.map(policy => policy.PolicyArn);
+  const unattachedPolicies = policies.reduce((result, policy) => {
+    if (AttachedPolicies.indexOf(policy) === -1) {
+      result.push(policy);
+    }
+
+    return result;
+  }, []);
+
+  if (unattachedPolicies.length > 0) {
+    await attachPolicies(config, role, unattachedPolicies);
+  }
+}
+
+async function ensureInlinePolicyAttached(role, policyName, policyDocument) {
+  let exists = true;
+  let needsUpdating = false;
+
+  try {
+    const result = await _aws.iam.getRolePolicy({
+      RoleName: role,
+      PolicyName: policyName
+    }).promise();
+    const currentPolicyDocument = decodeURIComponent(result.PolicyDocument);
+
+    if (currentPolicyDocument !== policyDocument) {
+      needsUpdating = true;
+    }
+  } catch (e) {
+    exists = false;
+  }
+
+  if (!exists || needsUpdating) {
+    await _aws.iam.putRolePolicy({
+      RoleName: role,
+      PolicyName: policyName,
+      PolicyDocument: policyDocument
+    }).promise();
+  }
+}
+
+async function ensureBucketExists(buckets, bucketName, region) {
+  if (!buckets.find(bucket => bucket.Name === bucketName)) {
+    await _aws.s3.createBucket(_objectSpread({
+      Bucket: bucketName
+    }, region ? {
+      CreateBucketConfiguration: {
+        LocationConstraint: region
+      }
+    } : {})).promise();
+    return true;
+  }
+}
+
+function findBucketWithPrefix(buckets, prefix) {
+  return buckets.find(bucket => bucket.Name.indexOf(prefix) === 0);
+}
+
+async function ensureBucketPolicyAttached(bucketName, policy) {
+  let error = false;
+  let currentPolicy;
+
+  try {
+    const {
+      Policy
+    } = await _aws.s3.getBucketPolicy({
+      Bucket: bucketName
+    }).promise();
+    currentPolicy = Policy;
+  } catch (e) {
+    error = true;
+  }
+
+  if (error || currentPolicy !== policy) {
+    const params = {
+      Bucket: bucketName,
+      Policy: policy
+    };
+    await _aws.s3.putBucketPolicy(params).promise();
+  }
+}
+
+async function ensureCloudWatchRule(name, description, eventPattern) {
+  let error = false;
+
+  try {
+    await _aws.cloudWatchEvents.describeRule({
+      Name: name
+    }).promise();
+  } catch (e) {
+    error = true;
+  }
+
+  if (error) {
+    await _aws.cloudWatchEvents.putRule({
+      Name: name,
+      Description: description,
+      EventPattern: eventPattern
+    }).promise();
+    return true;
+  }
+
+  return false;
+}
+
+async function ensureRuleTargetExists(ruleName, target) {
+  const {
+    Targets
+  } = await _aws.cloudWatchEvents.listTargetsByRule({
+    Rule: ruleName
+  }).promise();
+
+  if (!Targets.find(_target => (0, _lodash.isEqual)(_target, target))) {
+    const params = {
+      Rule: ruleName,
+      Targets: [target]
+    };
+    await _aws.cloudWatchEvents.putTargets(params).promise();
+    return true;
+  }
+}
+
+function coloredStatusText(envColor, text) {
+  if (envColor === 'Green') {
+    return _chalk.default.green(text);
+  } else if (envColor === 'Yellow') {
+    return _chalk.default.yellow(text);
+  } else if (envColor === 'Red') {
+    return _chalk.default.red(text);
+  }
+
+  return text;
+}
+
+function createVersionDescription(api, appConfig) {
+  const appPath = api.resolvePath(api.getBasePath(), appConfig.path);
+  let description = '';
+
+  try {
+    description = (0, _child_process.execSync)('git log -1 --pretty=%B', {
+      cwd: appPath,
+      stdio: 'pipe'
+    }).toString();
+  } catch (e) {
+    description = `Deployed by Mup on ${new Date().toUTCString()}`;
+  }
+
+  return description.split('\n')[0].slice(0, 195);
+}
+
+async function ensureSsmDocument(name, content) {
+  let exists = true;
+  let needsUpdating = false;
+
+  try {
+    const result = await _aws.ssm.getDocument({
+      Name: name,
+      DocumentVersion: '$DEFAULT'
+    }).promise(); // If the document was created or edited on the AWS console, there is extra new
+    // line characters and whitespace
+
+    const currentContent = JSON.stringify(JSON.parse(result.Content.replace(/\r?\n|\r/g, '')));
+
+    if (currentContent !== content) {
+      needsUpdating = true;
+    }
+  } catch (e) {
+    exists = false;
+  }
+
+  if (!exists) {
+    await _aws.ssm.createDocument({
+      Content: content,
+      Name: name,
+      DocumentType: 'Automation'
+    }).promise();
+    return true;
+  } else if (needsUpdating) {
+    try {
+      await _aws.ssm.updateDocument({
+        Content: content,
+        Name: name,
+        DocumentVersion: '$LATEST'
+      }).promise();
+    } catch (e) {
+      // If the latest document version has the correct content
+      // then it must not be the default version. Ignore the error
+      // so we can fix the default version
+      if (e.code !== 'DuplicateDocumentContent') {
+        throw e;
+      }
+    }
+
+    const result = await _aws.ssm.getDocument({
+      Name: name,
+      DocumentVersion: '$LATEST'
+    }).promise();
+    await _aws.ssm.updateDocumentDefaultVersion({
+      DocumentVersion: result.DocumentVersion,
+      Name: name
+    }).promise();
+  }
+}
+
+async function pickInstance(config, instance) {
+  const {
+    environment
+  } = names(config);
+  const {
+    EnvironmentResources
+  } = await _aws.beanstalk.describeEnvironmentResources({
+    EnvironmentName: environment
+  }).promise();
+  const instanceIds = EnvironmentResources.Instances.map(({
+    Id
+  }) => Id);
+  const description = ['Available instances', ...instanceIds.map(id => `  - ${id}`)].join('\n');
+  return {
+    selected: instanceIds.includes(instance) ? instance : null,
+    description
+  };
+}
+
+async function connectToInstance(api, instanceId, commandLabel) {
+  const {
+    sshKey
+  } = api.getConfig().app;
+
+  if (!sshKey) {
+    const error = new Error('missing sshKey config');
+    error.solution = 'Learn how to configure sshKey at https://github.com/zodern/mup-aws-beanstalk/blob/master/docs/index.md#meteor-shell-and-debug';
+    throw error;
+  }
+
+  const {
+    Reservations
+  } = await _aws.ec2.describeInstances({
+    InstanceIds: [instanceId]
+  }).promise();
+  const instance = Reservations[0].Instances[0];
+  const availabilityZone = instance.Placement.AvailabilityZone;
+  const securityGroups = instance.SecurityGroups.map(g => g.GroupId);
+  let {
+    data: ipAddress
+  } = await _axios.default.get('https://ipv4.icanhazip.com');
+  ipAddress = ipAddress.trim();
+
+  if (securityGroups.length > 1) {
+    console.warn('Instance has more than one security group. Please open a GitHub issue for mup-aws-beanstalk');
+  }
+
+  let ruleIds = [];
+
+  try {
+    const {
+      SecurityGroupRules
+    } = await _aws.ec2.authorizeSecurityGroupIngress({
+      GroupId: securityGroups[0],
+      IpPermissions: [{
+        FromPort: 22,
+        IpProtocol: 'tcp',
+        IpRanges: [{
+          CidrIp: `${ipAddress}/32`,
+          Description: `Temporary SSH access for ${commandLabel}`
+        }],
+        ToPort: 22
+      }]
+    }).promise();
+    ruleIds = SecurityGroupRules.map(rule => rule.SecurityGroupRuleId);
+  } catch (e) {
+    if (e.code === 'InvalidPermission.Duplicate') {// This rule already exists
+      // TODO: should we find the rule id so we can remove it, or leave it in
+      // case the user had manually added this rule?
+    } else {
+      throw e;
+    }
+  }
+
+  await _aws.ec2InstanceConnect.sendSSHPublicKey({
+    InstanceId: instanceId,
+    AvailabilityZone: availabilityZone,
+    InstanceOSUser: 'ec2-user',
+    SSHPublicKey: _fs.default.readFileSync(api.resolvePath(sshKey.publicKey), 'utf-8')
+  }).promise();
+  const sshOptions = {
+    host: instance.PublicDnsName,
+    port: 22,
+    username: 'ec2-user',
+    privateKey: _fs.default.readFileSync(api.resolvePath(sshKey.privateKey), 'utf-8')
+  };
+  return {
+    sshOptions,
+
+    removeSSHAccess() {
+      if (ruleIds.length === 0) {
+        return;
+      }
+
+      console.log('Removing temporary security group rule for SSH');
+      return _aws.ec2.revokeSecurityGroupIngress({
+        GroupId: securityGroups[0],
+        SecurityGroupRuleIds: ruleIds
+      }).promise();
+    }
+
+  };
+}
+
+async function executeSSHCommand(conn, command) {
+  return new Promise((resolve, reject) => {
+    conn.exec(command, (err, outputStream) => {
+      if (err) {
+        conn.end();
+        reject(err);
+        return;
+      }
+
+      let output = '';
+      outputStream.on('data', data => {
+        output += data;
+      });
+      outputStream.stderr.on('data', data => {
+        output += data;
+      });
+      outputStream.once('close', code => {
+        conn.end();
+        resolve({
+          code,
+          output
+        });
+      });
+    });
+  });
+}
+//# sourceMappingURL=utils.js.map