cloudmason 1.0.11 → 1.1.13

package/commands/helpers/cf.js

@@ -61,6 +61,27 @@ exports.deployS3Stack = async function(stackName,s3Url,params,tag,region){
     return result.StackId;
 }
 
+exports.updateOrgStack = async function(yamlPath){
+    const client = new CloudFormationClient({ region: process.env.orgRegion });
+    
+    const stackPath = path.resolve(yamlPath);
+    if (!fs.existsSync(stackPath)){
+        console.log('Infra Stack not found');
+        throw { message: 'Infra stack not found', at: 'deployStack'}
+    }
+    const stackYML = fs.readFileSync(stackPath,'utf-8');
+    
+    const cmd = {
+        StackName: 'CoreInfra',
+        TemplateBody: stackYML,
+        Capabilities: ["CAPABILITY_IAM", "CAPABILITY_NAMED_IAM"]
+    };
+    const command = new UpdateStackCommand(cmd);
+    const response = await client.send(command);
+    console.log('Update response',response);
+    return response.StackId;
+}
+
 exports.updateStack = async function(stackName,s3Url,params,region){
     const client = new CloudFormationClient({ region });
     const cfParams = Object.keys(params).map(k=>{ return { ParameterKey: k, ParameterValue: params[k] } })

package/commands/helpers/params.js

@@ -105,6 +105,28 @@ exports.updateAppV = async function(appName,version,vParams){
 }
 
 // INSTANCE PARAMS
+exports.setOrgParams = async function(orgName,VpcId,repo){
+    if (!process.env.orgRegion){ throw new Error('Region not set') }
+    const r1 = await writeParam('/infra/org_name',orgName);
+    console.log('Set Org Name:',r1)
+    const r2 = await writeParam('/infra/vpc_id',VpcId);
+    console.og('Set VPC ID:',r2);
+    const r3 = await writeParam('/infra/GitHubRepoName',repo || '');
+    console.log('Set GitHub Repo:',r3)
+}
+
+
+exports.addPid = async function(appName,productId){
+    if (!process.env.orgRegion){ throw new Error('Region not set') }
+    const appKey = `/infra/apps/${appName.toLowerCase()}`
+    const appStr = await readParam(appKey,process.env.orgRegion);
+    const app = JSON.parse(appStr);
+
+    app.pid = productId;
+    await writeParam(appKey,JSON.stringify(app),process.env.orgRegion);
+}
+
+
 exports.addInstance = async function(appName,instanceName,params){
     if (!process.env.orgRegion){ throw new Error('Region not set') }
     const appKey = `/infra/apps/${appName.toLowerCase()}`

package/commands/helpers/stacks/asg.yaml

@@ -20,23 +20,24 @@ Parameters:
     Type: Number
     Description: Max number of Ec2 instances
     Default: 2
-  EC2InstanceType:
-    Type: String
-    Description: EC2 Instance Type
-    Default: t2.small
   AdminEmail:
     Type: String
     Description: Email for the first admin user
-  AmiId:
-    Type: AWS::EC2::Image::Id
-    Description: Max number of Ec2 instances
   AppVersion:
     Type: String
     Description: Major.minor.build
   InstanceEnvironment:
     Type: String
     Description: Instance enviroment (prod,dev). Setting prod will enable advanced security features.
-  
+#-Strip
+  EC2InstanceType:
+    Type: String
+    Description: EC2 Instance Type
+    Default: m6a.large
+  AmiId:
+    Type: AWS::EC2::Image::Id
+    Description: Max number of Ec2 instances
+#-Strip
 
 Resources:
 # ACM Domain
@@ -196,7 +197,7 @@ Resources:
               source start.sh
         ImageId: !Ref AmiId
         DisableApiTermination: "true"
-        InstanceType: !Ref EC2InstanceType
+        InstanceType: m6a.large
         SecurityGroupIds: 
           - !Ref AppEc2SecurityGroup
   AppEc2SecurityGroup:

package/commands/helpers/stacks/infra.yaml

@@ -2,15 +2,10 @@ AWSTemplateFormatVersion: '2010-09-09'
 Description: Org Cloudformation Template
 
 Parameters:
-  orgName:
-    Type: String
-    Description: Unique name of organization
-  VpcId:
-    Type: String
-    Description: Org VPC
   GitHubRepoName:
-    Type: String
+    Type: AWS::SSM::Parameter::Value<String>
     Description: "GitHub repository name in the format owner/repo"
+    Default: /infra/GitHubRepoName
   
 
 Resources:
@@ -60,7 +55,7 @@ Resources:
       SecurityGroupEgress:
         - IpProtocol: '-1'
           CidrIp: '0.0.0.0/0'
-      VpcId: !Ref VpcId
+      VpcId: '{{resolve:ssm:/infra/vpc_id}}'
 # Bucket Policy
   InfraBucketPolicy:
     Type: AWS::S3::BucketPolicy
@@ -79,12 +74,6 @@ Resources:
               - !Sub arn:aws:s3:::${InfraBucket}
               - !Sub arn:aws:s3:::${InfraBucket}/*
 # Org Params
-  ParamOrgInfo:
-    Type: 'AWS::SSM::Parameter'
-    Properties:
-      Name: '/infra/orgName'
-      Type: 'String'
-      Value: !Ref orgName
   ParamInstanceProfile:
     Type: 'AWS::SSM::Parameter'
     Properties:
@@ -117,6 +106,8 @@ Resources:
             Action: "sts:AssumeRoleWithWebIdentity"
             Condition:
               StringEquals:
+                "token.actions.githubusercontent.com:aud": "sts.amazonaws.com"
+              StringLike:
                 "token.actions.githubusercontent.com:sub": !Sub "repo:${GitHubRepoName}:*"
       Policies:
         - PolicyName: "GitHubActionsPolicy"
@@ -126,8 +117,11 @@ Resources:
               - Effect: "Allow"
                 Action: "*"
                 Resource: "*"
-
-Outputs:
-  GithubRoleArn:
-    Description: "ARN of the GitHub Actions IAM Role"
-    Value: !GetAtt GitHubActionsRole.Arn
+  GitHubOidcProvider:
+    Type: 'AWS::IAM::OIDCProvider'
+    Properties:
+      Url: 'https://token.actions.githubusercontent.com'
+      ClientIdList:
+        - 'sts.amazonaws.com'
+      ThumbprintList:
+        - '6938fd4d98bab03faadb97b34396831e3780aea1'

package/commands/init_org.js

@@ -4,7 +4,7 @@ const { S3Client,HeadBucketCommand } = require("@aws-sdk/client-s3");
 const { EC2Client, DescribeVpcsCommand } = require("@aws-sdk/client-ec2");
 
 const CF = require('./helpers/cf');
-
+const Params = require('./helpers/params');
 
 exports.main = async function(args){
     console.log(`Setting up ${args.name}@ in ${args.region} with repo ${args.repo}`)
@@ -13,6 +13,9 @@ exports.main = async function(args){
     const VpcId = await getDefaultVPC(args.region);
     console.log(`Default VPC: ${VpcId}`);
     
+    // Set Param
+    await Params.setOrgParams(args.name,VpcId,args.repo);
+
     // Deploy Stack
     const success = await CF.deployOrgStack(args.region, {orgName: args.name, VpcId: VpcId, GitHubRepoName: args.repo})
     if (success === false){
@@ -28,6 +31,22 @@ exports.main = async function(args){
     return true;
 }
 
+exports.updateOrgStack = async function(args){
+    console.log(`Updating Org Stack from ${args.stack}`)
+
+    
+    // Deploy Stack
+    const success = await CF.updateOrgStack(args.stack)
+    if (success === false){
+        console.log('ERR:', success);
+        throw new Error('Unknown error updating org stack')
+    }
+
+    // Set org.txt
+    console.log('Updated org')
+    return true;
+}
+
 exports.setOrg = async function(args){
     // Set org.txt
     const orgPath = path.resolve(__dirname,'..','org.txt');

package/commands/publish.js

@@ -0,0 +1,198 @@
+const { MarketplaceCatalogClient, StartChangeSetCommand,DescribeChangeSetCommand, DescribeEntityCommand} = require("@aws-sdk/client-marketplace-catalog");
+const { EC2Client, DescribeImagesCommand } = require("@aws-sdk/client-ec2");
+const fs = require('fs');
+const path = require('path');
+const Params = require('./helpers/params');
+
+exports.add_listing = async function(args){
+    console.log('Adding Listing>>', args.app, args.pid);
+    await Params.addPid(args.app,args.pid.trim());
+    const app = await Params.getApp(args.app);
+    console.log('Added listing:',args.app, app.pid);
+}
+
+exports.main = async function(args){
+    // -- Get Version & Descriptions
+    const pubArgs = {
+        version: args.v,
+        changeDescription: args.desc
+    };
+
+    // -- Get Params
+    const app = await Params.getApp(args.app);
+    pubArgs.productId = app.pid;
+    const instanceVersion = app.versions[pubArgs.version];
+    if (!instanceVersion){
+        console.log('ERR: Version not found:',pubArgs.version);
+        throw new Error('Version not found:' + pubArgs.version);
+    }
+    pubArgs.amiId = instanceVersion.baseAMI_Id;
+    console.log('Publishing AMI:\n\t',Object.entries(pubArgs).map(([k,v])=>{return `${k}:${v}`}).join('\n\t'));
+    console.log('----------')
+    
+    // -- Publish AMI to Marketplace
+    await updateAmiVersion(pubArgs);
+
+    // -- Get Marketplace AMI IDs
+    // AmiAlias: '/aws/service/marketplace/prod-shmtmk4gqrfge/1.2'
+    const amiAlias = `/aws/service/marketplace/${pubArgs.productId}/${pubArgs.version}`;
+    let stackTxt = fs.readFileSync(path.resolve(args.stack),'utf8');
+    stackTxt = stackTxt.replace(`ImageId: !Ref AmiId`,`ImageId: resolve:ssm:${amiAlias}`);
+    stackTxt = stackTxt.replace(/^#-Strip.+#-Strip/ms,'');
+
+    // -- Update CF Template with AMI IDs
+    const newFileName = path.resolve(args.out);
+    console.log('Updating Template:',newFileName);
+    fs.writeFileSync(newFileName,stackTxt);
+    return true
+}
+
+
+
+
+// Update AMI Function
+
+const updateAmiVersion = async ({productId, amiId, version, changeDescription}) => {
+    const client = new MarketplaceCatalogClient({ region: process.env.orgRegion }); // Update the region if needed
+    console.log('Updating AMI version:',productId, amiId, version, changeDescription);
+    try {
+      // Define the change set to update the AMI version
+      const changeSet = {
+        Catalog: "AWSMarketplace",
+        Intent: "VALIDATE",
+        ChangeSet: [
+          {
+            ChangeType: "AddDeliveryOptions",
+            Entity: {
+              Type: "AmiProduct@1.0",
+              Identifier: productId,
+            },
+            Details: JSON.stringify({
+                Version: {
+                    VersionTitle: version,
+                    ReleaseNotes: changeDescription,
+                },
+                DeliveryOptions:[
+                    {
+                        Details:
+                        {
+                            "AmiDeliveryOptionDetails": {
+                                "AmiSource":{
+                                    "AmiId": amiId,
+                                    "AccessRoleArn": "arn:aws:iam::590183947985:role/Theorim_MarketPlaceRole",
+                                    "UserName": "ec2-user",
+                                    "OperatingSystemName": "AMAZONLINUX",
+                                    "OperatingSystemVersion": "Amazon Linux 2 AMI 2.0.20220207.1 x86_64 HVM gp2"
+                                },
+                                "UsageInstructions": "Visit Theorim.ai/install for installation instructions",
+                                "RecommendedInstanceType": "m6a.large",
+                                "SecurityGroups":
+                                [
+                                    {
+                                        "IpProtocol": "tcp",
+                                        "FromPort": 443,
+                                        "ToPort": 443,
+                                        "IpRanges":["0.0.0.0/0"]
+                                    },
+                                    {
+                                        "IpProtocol": "tcp",
+                                        "FromPort": 8080,
+                                        "ToPort": 8080,
+                                        "IpRanges":["0.0.0.0/0"]
+                                    }
+                                ]
+                            }
+                        }
+                    }
+                ]
+            }),
+          },
+        ],
+      };
+  
+      // Start the change set
+      const startChangeSetCommand = new StartChangeSetCommand(changeSet);
+      const startResponse = await client.send(startChangeSetCommand);
+      console.log("Change set started:", startResponse);
+  
+      const changeSetId = startResponse.ChangeSetId;
+  
+      // Poll for the status of the change set
+      let status = "IN_PROGRESS";
+      while (status === "IN_PROGRESS") {
+        await new Promise(resolve => setTimeout(resolve, 5000)); // Wait for 5 seconds before polling
+  
+        const describeChangeSetCommand = new DescribeChangeSetCommand({
+          Catalog: "AWSMarketplace",
+          ChangeSetId: changeSetId,
+        });
+        const describeResponse = await client.send(describeChangeSetCommand);
+  
+        status = describeResponse.Status;
+        console.log("Change set status:", status);
+  
+        if (status === "SUCCEEDED") {
+          console.log("Change set succeeded:", describeResponse);
+          break;
+        } else if (status === "FAILED") {
+          console.error("Change set failed:", describeResponse);
+          break;
+        }
+      }
+    } catch (error) {
+      console.error("Error updating AMI version:", error);
+    }
+};
+
+
+
+// Get AMI Ids Function
+const getRegions = async (productId) => {
+  const client = new MarketplaceCatalogClient({ region: process.env.orgRegion }); // Update region if needed
+
+
+    const command = new DescribeEntityCommand({
+      Catalog: "AWSMarketplace",
+      EntityId: productId,
+    });
+    const response = await client.send(command);
+    console.log('dd',response.DetailsDocument);
+    console.log('v',response.DetailsDocument.Versions[1].DeliveryOptions[0].AmiAlias);
+    return response.DetailsDocument.RegionAvailability.Regions;
+    // console.log("Regions:", response.DetailsDocument.Description.RegionAvailability.Regions);
+    // console.log("Version:", response.DetailsDocument.Description.RegionAvailability.Regions);
+    // Extract AMI details by region
+}
+
+// List by Mktplc Listing
+const getAMIs = async (region,productName,productCode) => {
+    const ec2Client = new EC2Client({ region });
+
+    try {
+        const command = new DescribeImagesCommand({
+            Filters: [
+                {
+                    Name: "name",
+                    Values: [
+                        `${productName}-*-${productCode}` // Adjust the filter to match your product naming pattern
+                    ]
+                }
+            ]
+        });
+
+        const response = await ec2Client.send(command);
+
+        console.log(`Found ${response.Images.length} AMIs for product: ${productName} in region: ${region}`);
+        for (const ami of response.Images) {
+            console.log('ami',ami);
+        }
+
+        return response.Images;
+    } catch (error) {
+        console.error(`Error fetching AMIs for product: ${productName} in region: ${region}`, error);
+        throw error;
+    }
+}
+
+
+

package/commands/update_app.js

@@ -37,11 +37,18 @@ exports.main = async function(args){
     // --- II UPDATE STACK ---
     // If stack arg, upload stack
     const stackKey = `apps/${args.app}/${args.v}/stack.yaml`;
-    // If no stack arg, upload default stack if none exists
-    const stackExists = await S3.infraFileExists(stackKey)
-    if (!stackExists){
-        console.log('Copying default stack to ' +  `apps/${args.app}/${args.v}`);
-        await S3.copyInfraFile(app.stackKey,stackKey)
+    if (args.stack){
+        console.log('Updating Stack');
+        const stackPath = path.resolve(args.stack);
+        if (!fs.existsSync(stackPath)){ throw new Error("Stack not found:" + stackPath)}
+        await S3.uploadInfraFile(stackKey,stackPath);
+    } else {   
+        // If no stack arg, upload default stack if none exists
+        const stackExists = await S3.infraFileExists(stackKey)
+        if (!stackExists){
+            console.log('Copying default stack to ' +  `apps/${args.app}/${args.v}`);
+            await S3.copyInfraFile(app.stackKey,stackKey)
+        }
     }
 
     // --- III BUILD IMAGE ---

package/commands/update_stack.js

@@ -10,10 +10,10 @@ exports.main = async function(args){
         console.log('Err: No app named ' + args.app);
         throw new Error('Err: No app named ' + args.app)
     }
-    if (args.default ===  undefined && !app.versions[args.v]){
-        console.log('Err: No app version ' + args.app + ' ' + args.v);
-        throw new Error('Err: No app version ' + args.app + ' ' + args.v)
-    }
+    // if (args.default ===  undefined && !app.versions[args.v]){
+    //     console.log('Err: No app version ' + args.app + ' ' + args.v);
+    //     throw new Error('Err: No app version ' + args.app + ' ' + args.v)
+    // }
     if (args.default === null && args.v){
         console.log('Err: Cannot set default and specify version');
         throw new Error('Err: Cannot set default version and specify version')

package/main.js

@@ -15,6 +15,13 @@ const Commands = {
             {n: 'repo', desc: 'Github repo name', r: false}
         ]
     },
+    'update-org': {
+        desc: "Update org stack",
+        exec: require('./commands/init_org').updateOrgStack,
+        args: [
+            {n: 'stack', desc: 'Updated Org Stack', r: false}
+        ]
+    },
     'set-org': {
         desc: "Set an exsiting organization",
         exec: require('./commands/init_org').setOrg,
@@ -85,6 +92,25 @@ const Commands = {
             {n: 'v', desc: 'Version to launch', pattern: `[0-9]{1,20}`, r: true}
         ]
     },
+    'new-listing': {
+        desc: 'Set a new listing for an app',
+        exec: require('./commands/publish').add_listing,
+        args: [
+            {n: 'app', desc: 'Name of existing app', pattern: `[A-Za-z]{2,20}`, r: true},
+            {n: 'pid', desc: 'Product Id', r: true}
+        ]
+    },
+    'publish': {
+        desc: 'Publish app to marketplace',
+        exec: require('./commands/publish').main,
+        args: [
+            {n: 'app', desc: 'Name of existing app', pattern: `[A-Za-z]{2,20}`, r: true},
+            {n: 'desc', desc: 'Description of Changes', r: true},
+            {n: 'v', desc: 'Version to launch', pattern: `[0-9]{1,20}`, r: true},
+            {n: 'stack', desc: 'Path of stack.yaml', r: true},
+            {n: 'out', desc: 'Output path of marketplace stack', r: true}
+        ]
+    },
     'inspect': {
         desc: 'Get stack status and Ec2 console logs for an instance',
         exec: require('./commands/inspect').main,

package/package.json

@@ -1 +1 @@
-{"name":"cloudmason","version":"1.0.11","description":"","main":"main.js","scripts":{"build":"node build.js"},"bin":{"mason":"./main.js"},"repository":{"type":"git","url":"https://github.com/kai-harvey/secure-saas.git"},"author":"Kai Harvey","license":"ISC","dependencies":{"@aws-sdk/client-acm":"^3.418.0","@aws-sdk/client-auto-scaling":"^3.470.0","@aws-sdk/client-cloudformation":"^3.418.0","@aws-sdk/client-ec2":"^3.416.0","@aws-sdk/client-iam":"^3.418.0","@aws-sdk/client-route-53":"^3.425.0","@aws-sdk/client-s3":"^3.418.0","@aws-sdk/client-ssm":"^3.421.0","adm-zip":"^0.5.10"}}
+{"name":"cloudmason","version":"1.1.13","description":"","main":"main.js","scripts":{"build":"node build.js"},"bin":{"mason":"./main.js"},"repository":{"type":"git","url":"https://github.com/kai-harvey/secure-saas.git"},"author":"Kai Harvey","license":"ISC","dependencies":{"@aws-sdk/client-acm":"^3.418.0","@aws-sdk/client-auto-scaling":"^3.470.0","@aws-sdk/client-cloudformation":"^3.418.0","@aws-sdk/client-ec2":"^3.416.0","@aws-sdk/client-iam":"^3.418.0","@aws-sdk/client-marketplace-catalog":"^3.716.0","@aws-sdk/client-route-53":"^3.425.0","@aws-sdk/client-s3":"^3.418.0","@aws-sdk/client-ssm":"^3.421.0","adm-zip":"^0.5.10","yaml":"^2.6.1"}}