@govuk-pay/cli 0.0.3 → 0.0.4

package/resources/legacy-ruby-cli/lib/pay_cli/commands/tf.rb

@@ -0,0 +1,90 @@
+require 'yaml'
+require 'fileutils'
+
+module PayCLI::Commands::Tf
+  def self.usage!
+    STDERR.puts <<~USAGE
+      pay terraform ...
+
+      # Run newer Terraform from `provisioning/terraform/deployments` (note: For terraform commands which are
+      # multi-part (such as `terraform state list`), or to supply additional arguments to terraform you can
+      # append all the extra commands and arguments at the end of pay command)
+      - `pay tf apply account staging`
+      - `pay tf plan microservices_v2 test-12 frontend`
+      - `pay tf plan management staging-2 scheduled_http_v2`
+      - `pay tf apply microservices_v2 test-12 frontend -var "myvariable=variable-value"`
+      - `pay tf state microservices_v2 test-perf-1 selfservice list`
+
+      # Terraform versions
+      - All other terraform should not need the version specified
+
+    USAGE
+    exit
+  end
+
+  def self.start!
+    args = ARGV[1..-1] || []
+
+    command, *args = args
+    if command == 'copy'
+      return copy!(args)
+    end
+
+    if command == 'force-unlock'
+      lock_id = args.shift
+      command = command + ' ' + lock_id
+    end
+
+    usage! if args.length < 2
+    resource, environment, *args = args
+
+    PayCLI::Environment.setup! environment
+
+    STDERR.puts "\n"
+
+    item!(command, environment, resource, args)
+  end
+
+  def self.item!(command, environment, deployment_type, args)
+    account = environment.split('-').first
+    deployment_path = [PayCLI::Config::PROJECT_PATH, 'provisioning', 'terraform', 'deployments']
+    if account == environment
+      deployment_path += [account, deployment_type]
+    else
+      deployment_name, *args = *args
+      deployment_path += [account, environment, deployment_type, deployment_name]
+    end
+
+    directory = File.expand_path(File.join(deployment_path))
+    unless File.exist? directory
+      STDERR.puts "#{directory} does not exist"
+      exit 1
+    end
+
+    puts "ℹ️  Running new-style Terraform from #{directory} ..."
+    init_flags = %w(production staging).include?(account) ? '' : '-upgrade'
+
+    # Only run init if .terraform doesn't already exist
+    tf_command = "cd #{directory}; "
+    if !File.directory?(File.join(directory, ".terraform"))
+      tf_command += "terraform init #{init_flags}; "
+    end
+    tf_command += "terraform #{command} #{args.join(' ')}"
+
+    *pid = spawn(
+      tf_command,
+      :in  => $stdin,
+      :out => $stdout,
+      :err => $stderr,
+    )
+    Process.wait pid[0]
+    report_status! $?
+  end
+
+  def self.report_status!(child_status)
+    emoji = child_status.success? ? '✅' : '🔴'
+    status = child_status.success? ? 'success' : 'failure'
+
+    puts "#{emoji} Terraform run was a #{status}"
+  end
+end

package/resources/legacy-ruby-cli/lib/pay_cli/commands/tunnel/services.yml

@@ -0,0 +1,49 @@
+---
+- service_name: adminusers
+  local_port:        9001
+  remote_port:       50603
+
+# There are no longer live servers for cardid so it's
+# not possible to tunnel to it
+# - service_name: cardid
+#   local_port:        9002
+#   remote_port:       50503
+
+- service_name: connector
+  local_port:        9003
+  remote_port:       50103
+
+- service_name: products
+  local_port:        9005
+  remote_port:       51003
+
+- service_name: publicauth
+  local_port:        9006
+  remote_port:       50303
+
+- service_name: ledger
+  local_port:        9007
+  remote_port:       50104
+
+- service_name: adminusers_db
+  local_port:        5432
+  remote_port:       5432
+
+- service_name: connector_db
+  local_port:        5432
+  remote_port:       5432
+
+- service_name: products_db
+  local_port:        5432
+  remote_port:       5432
+
+- service_name: publicauth_db
+  local_port:        5432
+  remote_port:       5432
+
+- service_name: ledger_db
+  local_port:        5432
+  remote_port:       5432
+  instance_version:
+    production-2: 1
+...

package/resources/legacy-ruby-cli/lib/pay_cli/config.rb

@@ -0,0 +1,27 @@
+module PayCLI::Config
+  COMMANDS = %w(
+    aws
+    browse
+    build
+    deploy
+    doctor
+    dns
+    healthcheck
+    logs
+    purgatory
+    scale
+    secrets
+    tf
+    tunnel
+    validate
+    performance
+  ).freeze
+
+  PROJECT_PATH = File.expand_path("../../..", __dir__)
+
+  CLI_PATH           = File.join PROJECT_PATH, 'cli'
+  CONFIG_PATH        = File.join CLI_PATH, 'config'
+  LOCAL_SECRETS_PATH = File.expand_path(
+    File.join('~', '.govuk-pay', 'secrets.yml')
+  )
+end

package/resources/legacy-ruby-cli/lib/pay_cli/ec2.rb

@@ -0,0 +1,38 @@
+require 'aws-sdk-ec2'
+
+class PayCLI::Ec2
+
+  attr_reader :ec2, :logger
+
+  def initialize(region: default_region, logger: Logger.new(STDERR))
+    @ec2 = ::Aws::EC2::Client.new(region: region)
+    @logger = logger
+  end
+
+  def all_instances
+    @instances ||= fetch_all_instances
+  end
+
+private
+  def default_region
+    ENV['AWS_REGION'] || ENV['AWS_DEFAULT_REGION'] || 'eu-west-1'
+  end
+
+  def fetch_all_instances
+    next_token = nil
+    instances = []
+
+    begin
+      response = ec2.describe_instances(next_token: next_token)
+
+      if response
+        instances += response.reservations.flat_map { |r| r.instances }
+        next_token = response.next_token
+      else
+        break
+      end
+    end while next_token
+
+    return instances
+  end
+end

package/resources/legacy-ruby-cli/lib/pay_cli/entry_point.rb

@@ -0,0 +1,52 @@
+require 'thor'
+
+$LOAD_PATH << File.join(File.dirname(__FILE__))
+
+class PayCLI::EntryPoint < Thor
+  desc 'aws', 'Interactions with AWS, e.g. fetching STS tokens'
+  subcommand 'aws', PayCLI::Commands::Aws
+
+  desc 'browse', 'Opens web browser link to useful links'
+  subcommand 'browse', PayCLI::Commands::Browse
+
+  desc 'doctor', 'Attempts to initialise or fix the Pay CLI'
+
+  def doctor(*_args)
+    PayCLI::Commands::Doctor.new.start!
+  end
+
+  desc 'deployment_status <env>', 'Describe whats deployed'
+  def deployment_status(env, regex = '')
+    PayCLI::Commands::Healthcheck.deployment_status!(env)
+  end
+
+  desc 'scale', 'Quick way to scale microservices (dangerous)'
+
+  desc 'secrets', 'Manage secrets in and between environments'
+  subcommand 'secrets', PayCLI::Commands::Secrets
+
+  desc 'ssh', 'DEPRECATED: SSH to boxes in environments'
+
+  desc 'ssm', 'Start an SSM session to boxes in environments'
+
+  def ssm(*_args)
+    PayCLI::Commands::Ssm.start!
+  end
+
+  desc 'tf', 'Runs Terraform'
+
+  def tf(*_args)
+    PayCLI::Commands::Tf.start!
+  end
+
+  desc 'tunnel', 'DEPRECATED: Opens tunnels to microservice(s).'
+
+  desc 'local', 'Sets up local Pay development environment'
+  subcommand 'local', PayCLI::Commands::Local
+
+  desc 'schema', 'Generates web based database diagrams and metadata locally'
+  def schema(*_args)
+    PayCLI::Commands::Schema.start!
+  end
+
+end

package/resources/legacy-ruby-cli/lib/pay_cli/environment.rb

@@ -0,0 +1,25 @@
+module PayCLI::Environment
+  def self.setup!(environment)
+    account = environment.split('-').first
+    STDERR.puts "Using the #{account} AWS account"
+
+    PayCLI::Aws::Tokens.setup!(account)
+
+    ENV['AWS_PROFILE'] = account
+    ENV['AWS_ACCOUNT'] = account
+  end
+
+  def self.setup_each!(env_filter, &block)
+    all_envs = %w{dev ci deploy test staging production}
+    if env_filter.any?
+      envs = env_filter & all_envs
+    else
+      envs = all_envs
+    end
+    
+    envs.each do |env|
+      setup!(env)
+      yield(env)
+    end
+  end
+end

package/resources/legacy-ruby-cli/lib/pay_cli/logger.rb

@@ -0,0 +1,3 @@
+PayCLI::Logger = Logger.new($stderr).tap do |logger|
+  logger.level = Logger::INFO
+end

package/resources/legacy-ruby-cli/lib/pay_cli/logs.rb

@@ -0,0 +1,248 @@
+require 'pp'
+
+require 'tty-table'
+require 'SecureRandom'
+
+require 'aws-sdk-cloudwatchlogs'
+
+
+module PayCLI::Logs
+  
+  def self.port_service_map(port)
+    port_service = { 
+      "50003" => 'frontend',
+      '50103' => 'connector',
+      '50203' => 'publicapi',
+      '50303' => 'publicauth', 
+      '50403' => 'selfservice', 
+      '50503' => 'cardid', 
+      '50603' => 'adminusers', 
+      '51003' => 'products',
+      '50903' => 'products-ui', 
+    }
+    port_service[port.chomp]
+
+  end
+  
+  def self.host_groups
+     {
+      'frontend' => ['connector', 'cardid'],
+      'selfservice' => ['connector','adminusers'],
+      'product-ui' => ['products'] ,
+      'publicapi' => ['publicauth', 'connector'] 
+     }
+  end
+   
+  def self.fetch_and_process_logs(process, env, start_time, end_time,  log_group, filter)
+
+
+    cloud_watch_logs = Aws::CloudWatchLogs::Client.new
+    stats = {}
+    
+    next_token = nil
+    loop do
+      STDERR.puts "Making request to AWS logs for #{log_group} between #{start_time} and #{end_time}"
+
+      opts = {log_group_name: "#{env}__#{log_group}", start_time: start_time, end_time:end_time, filter_pattern: filter}
+      opts[:next_token] = next_token unless next_token.nil?
+      response = cloud_watch_logs.filter_log_events(opts)
+
+      next_token = response.next_token
+      messages= response.events.map{|event| event.message}
+      stats = process.call(stats, messages)
+
+   
+      break if next_token.nil?
+    end
+    stats
+  end
+
+ 
+  def self.compare_stats(stats_bundle1, stats_bundle2, label1="the first dataset", label2="the second dataset")
+    group_stats1  = stats_bundle1.first 
+    host_stats1   = stats_bundle1.last
+    group_stats2  = stats_bundle2.first 
+    host_stats2   = stats_bundle2.last
+    puts "#{label1} #{label2}"
+    STDERR.puts "We are looking at each frontend node and nodes that back them. \nIf the percentage of the duration between them varies more than 10% between the environments make note of it"
+    group_stats1.each do |frontend, hosts1| 
+ 
+      if !group_stats2.include? frontend
+        STDERR.puts "No traffic for #{frontend} in the #{label2}"
+        break;
+      end
+      hosts2= group_stats2[frontend]
+      
+      if hosts1.length != hosts2.length  
+        STDERR.puts "Skipping #{frontend} group as there is a different number of hosts, probably an unused cluster "
+      else
+ 
+        STDERR.puts "\nDurations for #{frontend} group\n"
+        STDERR.puts "host, percentage duration #{label1}, percentage duration #{label2}"
+        hosts1.each do |host, count_duration1|
+          count_duration2 = hosts2[host]
+
+          if count_duration1[:percentage_duration] > count_duration2[:percentage_duration] + 10\
+          || count_duration1[:percentage_duration] < count_duration2[:percentage_duration] - 10 then
+            
+            #STDERR.puts "The percentage request duration for #{host} in #{frontend} group is greater than 10% different in duration for #{label1} compared to the #{label2}"
+            #STDERR.puts "It is #{count_duration1[:percentage_duration]}% of the duration for #{label1} vs #{count_duration2[:percentage_duration]}% for #{label2}"
+            STDERR.puts "#{host}, #{count_duration1[:percentage_duration]}, #{count_duration2[:percentage_duration]}"
+          end 
+        end 
+      end
+    end 
+
+
+    STDERR.puts "\n This section shows endpoints that have more than 5% difference in total durations \n \
+                 and also endpoints where there is greater than 1% duration that don't exist at all in the other set  \n"
+    host_stats1.each do |host, endpoint_stats1|  
+
+      if !host_stats2.include? host
+        STDERR.puts "No traffic for #{host} in the #{label2}"
+      else
+        endpoint_stats2 = host_stats2[host] 
+        STDERR.puts "\n Differences in endpoint durations for #{host} "
+        STDERR.puts "endpoint, percentage duration #{label1}, percentage duration #{label2}, mean duration #{label1}, mean duration #{label2} \n"
+        endpoint_stats1.each do |end_point,  count_duration1| 
+          if count_duration1[:percentage_duration] > 1
+            if endpoint_stats2.include? end_point
+              count_duration2 = endpoint_stats2[end_point]
+              if count_duration1[:percentage_duration] > count_duration2[:percentage_duration] + 5 \
+                 || count_duration1[:percentage_duration] < count_duration2[:percentage_duration] - 5 then
+            
+                #STDERR.puts "The percentage request duration for #{end_point} on #{host} group is greater than 5% different in duration of #{label1} compared to #{label2}"
+                #STDERR.puts "It is #{count_duration1[:percentage_duration]}% of the total duration for #{label1} vs #{count_duration2[:percentage_duration]}% for #{label2}"
+                STDERR.puts "#{end_point}, #{count_duration1[:percentage_duration]}, #{count_duration2[:percentage_duration]}, #{count_duration1[:mean_duration]} , #{count_duration2[:mean_duration]} "
+              end
+            else 
+              #STDERR.puts "The second dataset doesn't have #{end_point} and it has been found to have significant amount of traffic >1% total duration for #{host} in the first dataset, but not in the second"
+              STDERR.puts "#{end_point}, #{count_duration1[:percentage_duration]}, Not found, #{count_duration1[:mean_duration]} , Not found"
+            end 
+          elsif endpoint_stats2.include? end_point
+            if endpoint_stats2[end_point][:percentage_duration] > 1 
+              #STDERR.puts "#{label1} doesn't have significant amount of traffic to #{end_point} and it has been found to have significant amount of traffic >1% total duration for #{host} for #{label2}"
+              #STDERR.puts "It is #{count_duration1[:percentage_duration]}% of the total duration spent for #{label1} vs #{endpoint_stats2[end_point][:percentage_duration]}% for #{label2}"
+
+              count_duration2 = endpoint_stats2[end_point]
+              STDERR.puts "#{end_point}, #{count_duration1[:percentage_duration]}, #{endpoint_stats2[end_point][:percentage_duration]}, #{count_duration1[:mean_duration]} , #{count_duration2[:mean_duration]}"
+            end
+          end
+        end
+        endpoint_stats2.each do |end_point, count_duration2|  
+          if count_duration2[:percentage_duration] > 1 && !(endpoint_stats1.include? end_point)
+            
+            #STDERR.puts "#{label1} doesn't have any traffic to #{end_point} and it has been found to have significant amount of traffic >1% total duration for #{host} for #{label1}"
+            #STDERR.puts "It has #{count_duration2[:percentage_duration]}% of the total duration spent for #{label2}"
+            STDERR.puts "#{end_point}, Not found, #{count_duration2[:percentage_duration]}, Not found, #{count_duration2[:mean_duration]}"
+          end
+        end
+      end
+    end
+ 
+  end
+
+  def self.percent_stats(all_stats)
+    averaged_stats = {}
+    grand_total = 0.0
+    grand_duration = 0.0 
+    all_stats.each do |host, host_stats|
+      averaged_stats[host] ||= {}
+      #puts host_stats
+      total_duration = 0.0
+      total_count = 0.0 
+      host_stats[:requests].each do |end_point, count_duration| 
+        count_percent = (count_duration[:count]/host_stats[:total_count]) * 100 
+        total_count += count_percent
+ 
+        duration_percent = (count_duration[:duration]/host_stats[:total_duration]) * 100 
+        total_duration += duration_percent
+        averaged_stats[host][end_point] = {:percentage_request => count_percent, :percentage_duration => duration_percent, :mean_duration => count_duration[:duration]/count_duration[:count] } 
+      end
+      puts "Host total duration #{total_duration}, total count #{total_count}" 
+      grand_total += host_stats[:total_count]
+      grand_duration += host_stats[:total_duration]
+    end
+    #average_host_stats = {}
+    #all_stats.each do |host, stats| 
+    #  count_percent = (stats[:total_count]/grand_total) * 100 
+    #  duration_percent = (stats[:total_duration]/grand_duration) * 100 
+    #  average_host_stats[host] ||= {percentage_duration: duration_percent, percentage_request:count_percent }
+    #end
+    average_group_stats = {}
+    self.host_groups.each do |frontend, backends |
+      # Get the stats for the frontend and the backends
+      group_stats = all_stats.select { |host|  backends.include?(host) || frontend == host }
+       
+      group_duration = 0.0
+      group_count = 0.0 
+      group_stats.each do |host, count_duration| 
+        group_duration+= count_duration[:total_duration]
+        group_count+= count_duration[:total_count]
+      end
+      processed_group_stats = {}
+      group_stats.each do |host, count_duration| 
+
+        count_percent = (count_duration[:total_count]/group_count) * 100 
+ 
+        duration_percent = (count_duration[:total_duration]/group_duration) * 100 
+        processed_group_stats[host] ||={ percantage_request: count_percent, percentage_duration: duration_percent  } 
+      end 
+      average_group_stats[frontend] ||= processed_group_stats
+    end
+    [average_group_stats, averaged_stats] #average_host_stats
+  end
+
+  def self.process_nginx_logs(stats, logs) 
+     #Split logs -> end_point, duration
+     
+     #Transform endpoint names
+     #Collect stats
+     end_point_durations = logs.map{|line|  line.split(' ').values_at(3, 10, 11, 13,  15)}
+     end_point_durations.each  do | end_point_duration  | 
+       host, verb,end_point, return_code ,duration = end_point_duration
+       # Some heuristics to make sure that we have reasonable information in the log-line. 
+       #It has a valid verb, a / in the path and is not a 404 or 302 (as these just 
+       #add lots of noise to the logs, 302 redirect to 404s a lot)
+       if /GET|POST|PUT|DELETE|PATCH/.match(verb) &&  end_point.include?('/')  \
+           && ! (return_code.include?('404') || return_code.include?('302') ) then
+         # The host name is not always defined nicely so use the port to get a nice name. Will break with ecs proper... 
+         host = port_service_map(host.split(':')[-1])
+         #The verb has a " at the beginning so get rid of it 
+         verb[0] = '' 
+         stats[host] ||= {total_duration: 0.0, total_count: 0.0, requests: {} }  
+         end_point=self.process_end_point_name(end_point,verb)
+         stats[host][:total_duration] += duration.to_f
+         stats[host][:total_count] += 1
+         stats[host][:requests][end_point] ||= { count: 0 , duration: 0.0 }
+         stats[host][:requests][end_point][:count] +=1
+         stats[host][:requests][end_point][:duration] += duration.to_f
+       end
+        
+       
+
+     end
+     stats
+  end
+
+
+
+  def self.process_end_point_name(end_point_name, verb) 
+    #If part of a path is greater than 16 characters long or just a number, we probably don't care about it.
+    
+
+    end_point = end_point_name.split('?').first  
+    new_end_point = end_point.split('/').reject{ |part| /^[0-9]+$/.match(part) ||  part.length > 16 }.join('/')
+    #We don't care about parameters after a ?. 
+    # Requests to / get filtered out to nil so add them back
+    new_end_point ||= '/'
+    #puts even_newer
+    verb+new_end_point
+  end
+
+  def self.fetch_and_process_nginx_logs(env, start_date, end_date) 
+     self.fetch_and_process_logs(method(:process_nginx_logs),env, start_date, end_date, "nginx_access", "-healthcheck")
+  end
+  
+
+end

package/resources/legacy-ruby-cli/lib/pay_cli/naming.rb

@@ -0,0 +1,44 @@
+module PayCLI::Naming
+  def self.asg_name(env, microservice)
+    microservice = 'www' if microservice == 'frontend'
+    "#{env}-#{microservice}-ecs-appserver"
+  end
+
+  def self.elb_names(env, services)
+    services
+      .map { |s| s.gsub(/notifications/, 'notices') }
+      .map { |s| "#{env}-#{s}-ecs-elb" }
+      .zip(services)
+      .to_h
+  end
+
+  def self.domain_name(env)
+    acc = env.split('-').first
+
+    case acc
+    when 'deploy', 'staging', 'production'
+      'payments.service.gov.uk'
+    else
+      'pymnt.uk'
+    end
+  end
+
+  def self.bucket_name(env)
+    acc = env.split('-').first
+
+    case acc
+    when 'dev', 'test'
+      'pay-govuk-terraform-state-ci'
+    when 'staging', 'production'
+      'pay-govuk-terraform-state-deploy'
+    else
+      "pay-govuk-terraform-state-#{acc}"
+    end
+  end
+
+  def self.db_name(env, service)
+    microservice = service['service_name'].gsub(/_db$/, '')
+    version = service.dig('instance_version', env) || '0'
+    "#{env}-#{microservice}-rds-#{version}"
+  end
+end