@fishawack/lab-env 4.26.0 → 4.28.0

package/commands/create/libs/vars.js

@@ -2,6 +2,8 @@ const os = require('os');
 const path = require("path");
 const { encode } = require('./utilities');
 const fs = require("fs");
+const generator = require("generate-password");
+const { template } = require('lodash');
 
 var miscFile;
 
@@ -115,4 +117,333 @@ module.exports.templates = [
         "project": "PLAN",
         "prefix": "plant"
     }
-];
+];
+
+module.exports.frameworks = [
+    {
+        "name": "wordpress",
+        "value": "wordpress"
+    },
+    {
+        "name": "laravel",
+        "value": "laravel"
+    },
+    {
+        "name": "drupal",
+        "value": "drupal"
+    },
+];
+
+// Elasticbeanstlak configs based on preconfigurations
+module.exports.eb = {
+    environments: {
+        php: {
+            shared: [],
+            low: [],
+            high: [],
+        },
+        nginx: {
+            shared: [],
+            low: [],
+            high: [],
+        },
+        httpd: {
+            shared: [
+                {
+                    OptionName: 'ProxyServer',
+                    Value: 'apache',
+                    Namespace: 'aws:elasticbeanstalk:environment:proxy'
+                },
+            ],
+            low: [],
+            high: [],
+        },
+        default: {
+            shared: [],
+            low: [],
+            high: []
+        },
+        wordpress: {
+            shared: [
+                {
+                    OptionName: 'AUTH_KEY',
+                    Value: generator.generate({ length: 64, numbers: true, symbols: true }),
+                    Namespace: 'aws:elasticbeanstalk:application:environment'
+                },
+                {
+                    OptionName: 'SECURE_AUTH_KEY',
+                    Value: generator.generate({ length: 64, numbers: true, symbols: true }),
+                    Namespace: 'aws:elasticbeanstalk:application:environment'
+                },
+                {
+                    OptionName: 'LOGGED_IN_KEY',
+                    Value: generator.generate({ length: 64, numbers: true, symbols: true }),
+                    Namespace: 'aws:elasticbeanstalk:application:environment'
+                },
+                {
+                    OptionName: 'NONCE_KEY',
+                    Value: generator.generate({ length: 64, numbers: true, symbols: true }),
+                    Namespace: 'aws:elasticbeanstalk:application:environment'
+                },
+                {
+                    OptionName: 'AUTH_SALT',
+                    Value: generator.generate({ length: 64, numbers: true, symbols: true }),
+                    Namespace: 'aws:elasticbeanstalk:application:environment'
+                },
+                {
+                    OptionName: 'SECURE_AUTH_SALT',
+                    Value: generator.generate({ length: 64, numbers: true, symbols: true }),
+                    Namespace: 'aws:elasticbeanstalk:application:environment'
+                },
+                {
+                    OptionName: 'LOGGED_IN_SALT',
+                    Value: generator.generate({ length: 64, numbers: true, symbols: true }),
+                    Namespace: 'aws:elasticbeanstalk:application:environment'
+                },
+                {
+                    OptionName: 'NONCE_SALT',
+                    Value: generator.generate({ length: 64, numbers: true, symbols: true }),
+                    Namespace: 'aws:elasticbeanstalk:application:environment'
+                },
+                { OptionName: 'S3_UPLOADS_BUCKET', Value: "<%= s3Slug %>", Namespace: 'aws:elasticbeanstalk:application:environment' },
+                { OptionName: 'S3_UPLOADS_REGION', Value: "<%= AWS_REGION %>", Namespace: 'aws:elasticbeanstalk:application:environment' },
+                { OptionName: 'S3_UPLOADS_KEY', Value: "<%= AccessKeyId %>", Namespace: 'aws:elasticbeanstalk:application:environment' },
+                { OptionName: 'S3_UPLOADS_SECRET', Value: "<%= SecretAccessKey %>", Namespace: 'aws:elasticbeanstalk:application:environment' },
+            ],
+            low: [],
+            high: []
+        },
+        laravel: {
+            shared: [
+                {
+                    OptionName: 'APP_ENV',
+                    Value: 'production',
+                    Namespace: 'aws:elasticbeanstalk:application:environment'
+                },
+                {
+                    OptionName: 'APP_KEY',
+                    Value: `base64:${Buffer.from(generator.generate({ length: 32, numbers: true, symbols: true })).toString('base64')}`,
+                    Namespace: 'aws:elasticbeanstalk:application:environment'
+                },
+                {
+                    OptionName: 'APP_DEBUG',
+                    Value: 'false',
+                    Namespace: 'aws:elasticbeanstalk:application:environment'
+                },
+                {
+                    OptionName: 'APP_URL',
+                    Value: 'https://<%= DOMAIN_LINK %>',
+                    Namespace: 'aws:elasticbeanstalk:application:environment'
+                },
+                { OptionName: 'AWS_BUCKET', Value: "<%= s3Slug %>", Namespace: 'aws:elasticbeanstalk:application:environment' },
+                { OptionName: 'AWS_DEFAULT_REGION', Value: "<%= AWS_REGION %>", Namespace: 'aws:elasticbeanstalk:application:environment' },
+                { OptionName: 'AWS_ACCESS_KEY_ID', Value: "<%= AccessKeyId %>", Namespace: 'aws:elasticbeanstalk:application:environment' },
+                { OptionName: 'AWS_SECRET_ACCESS_KEY', Value: "<%= SecretAccessKey %>", Namespace: 'aws:elasticbeanstalk:application:environment' },
+                { OptionName: 'FILESYSTEM_DISK', Value: "s3", Namespace: 'aws:elasticbeanstalk:application:environment' },
+                { OptionName: 'FILESYSTEM_DISK_PUBLIC', Value: "s3-public", Namespace: 'aws:elasticbeanstalk:application:environment' },
+            ],
+            low: [],
+            high: [
+                { OptionName: 'SESSION_DRIVER', Value: "cookie", Namespace: 'aws:elasticbeanstalk:application:environment' },
+                { OptionName: 'SESSION_SECURE_COOKIE', Value: "true", Namespace: 'aws:elasticbeanstalk:application:environment' },
+            ]
+        },
+        drupal: {
+            shared: [],
+            low: [],
+            high: []
+        },
+        shared: [
+            {
+                OptionName: 'IamInstanceProfile',
+                Value: 'aws-elasticbeanstalk-ec2-role',
+                Namespace: 'aws:autoscaling:launchconfiguration'
+            },
+            {
+                OptionName: 'HasCoupledDatabase',
+                Value: 'true',
+                Namespace: 'aws:rds:dbinstance'
+            },
+            {
+                OptionName: 'DBEngineVersion',
+                Value: '8.0.32',
+                Namespace: 'aws:rds:dbinstance'
+            },
+            {
+                OptionName: 'DBPassword',
+                Value: generator.generate({ length: 10, numbers: true }),
+                Namespace: 'aws:rds:dbinstance'
+            }
+        ],
+        low: [
+            {
+                OptionName: 'EnvironmentType',
+                Value: 'SingleInstance',
+                Namespace: 'aws:elasticbeanstalk:environment'
+            },
+            {
+                OptionName: 'DOMAIN_LINK',
+                Value: "<%= DOMAIN_LINK %>",
+                Namespace: 'aws:elasticbeanstalk:application:environment'
+            },
+            {
+                OptionName: 'EMAIL_LINK',
+                Value: "mike.mellor@fishawack.com",
+                Namespace: 'aws:elasticbeanstalk:application:environment'
+            },
+        ],
+        high: [
+            {
+                OptionName: 'ManagedActionsEnabled',
+                Value: 'true',
+                Namespace: 'aws:elasticbeanstalk:managedactions'
+            },
+            {
+                OptionName: 'ServiceRoleForManagedUpdates',
+                Value: 'AWSServiceRoleForElasticBeanstalkManagedUpdates',
+                Namespace: 'aws:elasticbeanstalk:managedactions'
+            },
+            {
+                OptionName: 'PreferredStartTime',
+                Value: 'Mon:06:00',
+                Namespace: 'aws:elasticbeanstalk:managedactions'
+            },
+            {
+                OptionName: 'UpdateLevel',
+                Value: 'minor',
+                Namespace: 'aws:elasticbeanstalk:managedactions:platformupdate'
+            },
+            {
+                OptionName: 'DeploymentPolicy',
+                Value: 'RollingWithAdditionalBatch',
+                Namespace: 'aws:elasticbeanstalk:command'
+            },
+            {
+                OptionName: 'BatchSize',
+                Value: '25',
+                Namespace: 'aws:elasticbeanstalk:command'
+            },
+            {
+                OptionName: 'MinSize',
+                Value: '2',
+                Namespace: 'aws:autoscaling:asg'
+            },
+            {
+                OptionName: 'LoadBalancerType',
+                Value: 'application',
+                Namespace: 'aws:elasticbeanstalk:environment'
+            },
+        ],
+    },
+    configurations: {
+        php: {
+            shared: [
+                '.ebextensions/php/ini.config',
+            ],
+            low: [],
+            high: [],
+        },
+        nginx: {
+            shared: [
+                '.platform/nginx/conf.d/buffer_size.conf',
+                '.platform/nginx/conf.d/upload_size.conf',
+                '.platform/nginx/conf.d/security_headers.conf',
+                '.platform/nginx/conf.d/elasticbeanstalk/www-to-nonwww-redirection.conf',
+            ],
+            low: [
+                '.platform/nginx/conf.d/elasticbeanstalk/http-https-redirection.conf',
+                '.platform/nginx/conf.d/ssl.conf',
+                '.ebextensions/nginx/auto-ssl.config',
+            ],
+            high: [
+                '.platform/nginx/conf.d/elasticbeanstalk/health.conf',
+                '.ebextensions/nginx/alb-health.config',
+            ],
+        },
+        httpd: {
+            shared: [
+                '.platform/httpd/conf.d/virtualhost-80.conf',
+                '.platform/httpd/conf.d/elasticbeanstalk/80/www-to-nonwww-redirection.conf',
+            ],
+            low: [
+                '.platform/httpd/conf.d/elasticbeanstalk/80/http-https-redirection.conf',
+                '.platform/httpd/conf.d/virtualhost-443.conf',
+                '.platform/httpd/conf.d/elasticbeanstalk/443/ssl.conf',
+                '.ebextensions/httpd/auto-ssl.config',
+            ],
+            high: [
+                '.platform/httpd/conf.d/elasticbeanstalk/80/forward-https-proto.conf',
+                '.ebextensions/wordpress/alb-health.config',
+            ],
+        },
+        default: {
+            platform: "nginx",
+            language: "php",
+            shared: [],
+            low: [],
+            high: [],
+        },
+        wordpress: {
+            platform: "httpd",
+            language: "php",
+            shared: [
+                '.platform/httpd/conf.d/security_headers-wordpress.conf',
+                '.platform/confighooks/postdeploy/rewrite-flush.sh',
+                '.platform/hooks/postdeploy/rewrite-flush.sh',
+                '.ebextensions/wordpress/cron.config',
+                '.ebextensions/wordpress/environment.config',
+                '.ebextensions/wordpress/post-deploy.config',
+                '.ebextensions/wordpress/software.config',
+            ],
+            low: [
+                '.platform/hooks/predeploy/deactivate-plugins-single.sh',
+            ],
+            high: [
+                '.platform/hooks/predeploy/deactivate-plugins.sh',
+            ],
+        },
+        laravel: {
+            platform: "nginx",
+            language: "php",
+            shared: [
+                '.platform/nginx/conf.d/elasticbeanstalk/laravel.conf',
+                '.ebextensions/laravel/post-deploy.config',
+                '.ebextensions/laravel/software.config',
+            ],
+            low: [],
+            high: [],
+        },
+        drupal: {
+            platform: "httpd",
+            language: "php",
+            shared: [],
+            low: [],
+            high: [],
+        },
+        shared: [
+            '.ebextensions/misc/setvars.config',
+        ],
+        low: [
+            '.ebextensions/misc/enable-https.config',
+        ],
+        high: [
+            '.ebextensions/misc/alb-http-to-https-redirection.config',
+            '.ebextensions/misc/enable-https-lb.config',
+        ],
+    },
+    merge(type, {framework, availability = 'low', platform, language}, data = {}){
+        return JSON.parse(template(JSON.stringify([].concat(
+            this[type].shared,
+            this[type][availability],
+            this[type][platform]?.shared,
+            this[type][platform]?.[availability],
+            this[type][language]?.shared,
+            this[type][language]?.[availability],
+            this[type][framework]?.shared,
+            this[type][framework]?.[availability]
+        ).filter(Boolean)))({...process.env, ...data}));
+    },
+    config(){
+        return template(fs.readFileSync(`${__dirname}/../templates/elasticbeanstalk/.elasticbeanstalk/config.yml`, {encoding: 'utf8'}))(process.env);
+    }
+};

package/commands/create/services/aws/cloudfront.js

@@ -1,6 +1,6 @@
 const { CloudFrontClient, CreateDistributionWithTagsCommand, CreateCloudFrontOriginAccessIdentityCommand, DeleteDistributionCommand , DeleteCloudFrontOriginAccessIdentityCommand, GetDistributionCommand, UpdateDistributionCommand, GetCloudFrontOriginAccessIdentityCommand, CreateFunctionCommand, GetFunctionCommand, UpdateFunctionCommand, PublishFunctionCommand, DeleteFunctionCommand, DescribeFunctionCommand } = require("@aws-sdk/client-cloudfront");
 const fs = require('fs');
-const { Spinner } = require('../../libs/utilities');
+const { Spinner, poll } = require('../../libs/utilities');
 const { createClient } = require('./misc.js');
 
 module.exports.createCloudFrontDistribution = async (name, account, tags = [], FunctionARN = null, region = 'us-east-1') => {
@@ -136,19 +136,12 @@ module.exports.removeCloudFrontDistribution = async (Id, account) => {
 module.exports.waitForCloudFrontDistribution = async (Id, account) => {
     const client = createClient(CloudFrontClient, account);
 
-    let status;
-
-    do{
-        await new Promise((resolve) => setTimeout(() => resolve(), 5000));
-
-        await Spinner.prototype.ping();
-
-        let check = await client.send(
+    await poll(
+        async () => await client.send(
             new GetDistributionCommand({ Id })
-        );
-    
-        status = check.Distribution.Status;
-    } while(status !== 'Deployed')
+        ),
+        res => res.Distribution.Status !== "Deployed"
+    );
 }
 
 module.exports.createCloudFrontFunction = async (name, account, fn, config) => {

package/commands/create/services/aws/ec2.js

@@ -0,0 +1,17 @@
+const { EC2Client, DescribeKeyPairsCommand } = require("@aws-sdk/client-ec2");
+const { Spinner } = require('../../libs/utilities');
+const { createClient } = require('./misc.js');
+
+module.exports.getKeyPair = async (KeyName, account) => {
+    const client = createClient(EC2Client, account);
+
+    let res = await Spinner.prototype.simple(`Retrieving the KeyPair ${KeyName}`, () => {
+        return client.send(
+            new DescribeKeyPairsCommand({ KeyNames: [
+                KeyName
+            ] })
+        );
+    });
+
+    return res;
+};

package/commands/create/services/aws/elasticbeanstalk.js

@@ -0,0 +1,96 @@
+const fs = require("fs-extra");
+const glob = require("glob");
+const { ElasticBeanstalkClient, CreateApplicationCommand, DeleteApplicationCommand, CreateEnvironmentCommand, TerminateEnvironmentCommand, DescribeEnvironmentsCommand, ListAvailableSolutionStacksCommand } = require("@aws-sdk/client-elastic-beanstalk");
+const { Spinner, poll } = require('../../libs/utilities');
+const { eb } = require('../../libs/vars');
+const { createClient } = require('./misc.js');
+
+module.exports.createElasticBeanstalkApplication = async (name, account) => {
+    const client = createClient(ElasticBeanstalkClient, account);
+
+    let res = await Spinner.prototype.simple(`Creating elasticbeanstalk application ${name}`, () => {
+        return client.send(
+            new CreateApplicationCommand({ApplicationName: name})
+        );
+    });
+    
+    return res;
+}
+
+module.exports.createElasticBeanstalkEnvironment = async (name, account, ApplicationName, OptionSettings, CNAMEPrefix, tags = []) => {
+    const client = createClient(ElasticBeanstalkClient, account);
+
+    const solutions = await Spinner.prototype.simple(`Retrieving available solution stacks`, () => {
+        return client.send(
+            new ListAvailableSolutionStacksCommand()
+        );
+    });
+
+    await Spinner.prototype.simple(`Creating elasticbeanstalk environment ${name}`, () => {
+        return client.send(
+            new CreateEnvironmentCommand({
+                ApplicationName,
+                EnvironmentName: name,
+                SolutionStackName: solutions.SolutionStacks.filter(d => d.includes('PHP 8.1') && d.includes('Amazon Linux 2 '))[0],
+                OptionSettings,
+                CNAMEPrefix,
+                Tags: [{Key: 'client', Value: account}].concat(tags)
+            })
+        );
+    });
+
+    const res = await Spinner.prototype.simple(`Waiting for elasticbeanstalk environment to deploy`, () => {
+        return module.exports.waitForElasticBeanstalkEnvironment(name, account, "Ready", "Terminated");
+    });
+    
+    return res;
+}
+
+module.exports.waitForElasticBeanstalkEnvironment = async (name, account, waitFor = "Ready", failIf) => {
+    const client = createClient(ElasticBeanstalkClient, account);
+
+    const res = await poll(
+        async () => (await client.send(
+            new DescribeEnvironmentsCommand({ EnvironmentNames: [name] })
+        )).Environments[0],
+        ({ Status }) => Status !== waitFor,
+        ({ Status }) => Status === failIf
+    );
+
+    return res;
+}
+
+module.exports.removeElasticBeanstalkApplication = async (name, account) => {
+    const client = createClient(ElasticBeanstalkClient, account);
+
+    await Spinner.prototype.simple(`Removing elasticbeanstalk application ${name}`, () => {
+        return client.send(
+            new DeleteApplicationCommand({ ApplicationName: name })
+        );
+    });
+}
+
+module.exports.removeElasticBeanstalkEnvironment = async (name, account) => {
+    const client = createClient(ElasticBeanstalkClient, account);
+
+    await Spinner.prototype.simple(`Removing elasticbeanstalk environment ${name}`, () => {
+        return client.send(
+            new TerminateEnvironmentCommand({ EnvironmentName: name })
+        );
+    });
+
+    await Spinner.prototype.simple(`Waiting for elasticbeanstalk environment to terminate`, () => {
+        return module.exports.waitForElasticBeanstalkEnvironment(name, account, "Terminated");
+    });
+}
+
+module.exports.copyElasticBeanstalkConfigs = async (configurations) => {
+    const templates = `${__dirname}/../../templates/elasticbeanstalk`;
+    
+    configurations.forEach(globbed => {
+        glob.sync(globbed, {cwd: `${templates}`})
+            .forEach(config => fs.copySync(`${templates}/${config}`, config));
+    });
+
+    fs.outputFileSync(`.elasticbeanstalk/config.yml`, eb.config());
+}

package/commands/create/services/aws/iam.js

@@ -1,8 +1,8 @@
-const { IAMClient, CreateUserCommand, GetUserCommand, DeleteUserCommand, AttachUserPolicyCommand, ListAttachedUserPoliciesCommand, DetachUserPolicyCommand, CreateAccessKeyCommand, DeleteAccessKeyCommand, ListAccessKeysCommand } = require("@aws-sdk/client-iam");
+const { IAMClient, CreateUserCommand, GetUserCommand, DeleteUserCommand, AttachUserPolicyCommand, ListAttachedUserPoliciesCommand, DetachUserPolicyCommand, CreateAccessKeyCommand, DeleteAccessKeyCommand, ListAccessKeysCommand, GetRoleCommand, CreateRoleCommand, AttachRolePolicyCommand, CreateInstanceProfileCommand, AddRoleToInstanceProfileCommand, PutRolePolicyCommand } = require("@aws-sdk/client-iam");
 const { Spinner } = require('../../libs/utilities');
 const { createClient } = require('./misc.js');
 
-module.exports.createIAMUser = async (UserName, account) => {
+module.exports.createIAMUser = async (UserName, account, tags = []) => {
     const client = createClient(IAMClient, account);
 
     let res;
@@ -10,7 +10,7 @@ module.exports.createIAMUser = async (UserName, account) => {
     try{
         res = await Spinner.prototype.simple(`Creating IAM user ${UserName}`, () => {
             return client.send(
-                new CreateUserCommand({ UserName })
+                new CreateUserCommand({ UserName, Tags: [{Key: 'client', Value: account}].concat(tags) })
             );
         });
     } catch(e){
@@ -167,4 +167,123 @@ module.exports.createAccessKeySafe = async (UserName, account) => {
     }
 
     return res;
-};
+};
+
+module.exports.getRole = async (RoleName, account) => {
+    const client = createClient(IAMClient, account);
+
+    let res = await Spinner.prototype.simple(`Retrieving the role ${RoleName}`, () => {
+        return client.send(
+            new GetRoleCommand({ RoleName })
+        );
+    });
+
+    return res;
+};
+
+module.exports.createRole = async (RoleName, account, AssumeRolePolicyDocument) => {
+    const client = createClient(IAMClient, account);
+
+    let res = await Spinner.prototype.simple(`Creating the role ${RoleName}`, () => {
+        return client.send(
+            new CreateRoleCommand({ RoleName, AssumeRolePolicyDocument })
+        );
+    });
+
+    return res;
+};
+
+module.exports.createInstanceProfile = async (InstanceProfileName, account) => {
+    const client = createClient(IAMClient, account);
+
+    let res = await Spinner.prototype.simple(`Creating the instance profile ${InstanceProfileName}`, () => {
+        return client.send(
+            new CreateInstanceProfileCommand({ InstanceProfileName })
+        );
+    });
+
+    return res;
+};
+
+module.exports.attachRoleToInstanceProfile = async (RoleName, InstanceProfileName, account) => {
+    const client = createClient(IAMClient, account);
+
+    let res = await Spinner.prototype.simple(`Attaching role ${RoleName} to the instance profile ${InstanceProfileName}`, () => {
+        return client.send(
+            new AddRoleToInstanceProfileCommand({ RoleName, InstanceProfileName })
+        );
+    });
+
+    return res;
+};
+
+module.exports.attachRolePolicy = async (RoleName, account, PolicyArn) => {
+    const client = createClient(IAMClient, account);
+
+    let res = await Spinner.prototype.simple(`Attaching Role policy ${PolicyArn}`, () => {
+        return client.send(
+            new AttachRolePolicyCommand({ RoleName, PolicyArn })
+        );
+    });
+
+    return res;
+};
+
+module.exports.attachInlineRolePolicy = async (RoleName, account, PolicyName, PolicyDocument) => {
+    const client = createClient(IAMClient, account);
+
+    let res = await Spinner.prototype.simple(`Attaching Inline Role policy ${PolicyName}`, () => {
+        return client.send(
+            new PutRolePolicyCommand({ RoleName, PolicyName, PolicyDocument })
+        );
+    });
+
+    return res;
+};
+
+module.exports.ensureEBInstanceProfileExists = async (account) => {
+    const role = "aws-elasticbeanstalk-ec2-role";
+    
+    try {
+        await module.exports.getRole(role, account);
+    } catch (e) {
+        await module.exports.createRole(role, account, JSON.stringify({
+            "Version": "2012-10-17",
+            "Statement": [
+                {
+                    "Effect": "Allow",
+                    "Action": [
+                        "sts:AssumeRole"
+                    ],
+                    "Principal": {
+                        "Service": [
+                            "ec2.amazonaws.com"
+                        ]
+                    }
+                }
+            ]
+        }));
+
+        await module.exports.createInstanceProfile(role, account);
+        await module.exports.attachRoleToInstanceProfile(role, role, account);
+    }
+
+    await module.exports.attachRolePolicy(role, account, "arn:aws:iam::aws:policy/AWSElasticBeanstalkWebTier");
+    await module.exports.attachRolePolicy(role, account, "arn:aws:iam::aws:policy/AWSElasticBeanstalkWorkerTier");
+    await module.exports.attachRolePolicy(role, account, "arn:aws:iam::aws:policy/AWSElasticBeanstalkMulticontainerDocker");
+    await module.exports.attachInlineRolePolicy(role, account, "lab-env-elasticbeanstalk-describe-env", JSON.stringify({
+        "Version": "2012-10-17",
+        "Statement": [
+            {
+                "Sid": "VisualEditor0",
+                "Effect": "Allow",
+                "Action": [
+                    "ec2:DescribeTags",
+                    "autoscaling:DescribeAutoScalingGroups",
+                    "elasticbeanstalk:DescribeEvents"
+                ],
+                "Resource": "*"
+            }
+        ]
+    }));
+}