cloudmason 1.0.9 → 1.0.11

package/build.js

@@ -18,4 +18,5 @@ pckg.version = version;
 
 console.log(`Version: ${version}`);
 
-fs.writeFileSync('./package.json', JSON.stringify(pckg));
+fs.writeFileSync('./package.json', JSON.stringify(pckg));
+

package/commands/get_stack.js

@@ -0,0 +1,30 @@
+const S3 = require('./helpers/s3');
+const Params = require('./helpers/params');
+const fs = require('fs');
+const path = require('path');
+
+exports.main = async function(args){
+    // Get App
+    const app = await Params.getApp(args.app);
+    if (!app){
+        console.log('Err: No app named ' + args.app);
+        throw new Error('Err: No app named ' + args.app)
+    }
+    if (args.default ===  undefined && !app.versions[args.v]){
+        console.log('Err: No app version ' + args.app + ' ' + args.v);
+        throw new Error('Err: No app version ' + args.app + ' ' + args.v)
+    }
+    if (args.default === null && args.v){
+        console.log('Err: Cannot set default and specify version');
+        throw new Error('Err: Cannot set default version and specify version')
+    }
+    console.log(args)
+    const outputPath = path.resolve(args.out);
+    if (!fs.statSync(outputPath).isDirectory()){ throw new Error("Invalid Output Path:" + args.out)}
+
+    console.log(`Pulling stack for v${args.v || 'Default'} ${args.app}`);
+    const stackKey = args.default === null ? `apps/${args.app}/default_stack.yaml` : `apps/${args.app}/${args.v}/stack.yaml`;
+    const stackText = await S3.getInfraFile(stackKey);
+    const outputFilePath = path.join(outputPath,`${args.app}_v${args.v || 'default'}_stack.yaml`);
+    fs.writeFileSync(outputFilePath,stackText,{ encoding: "utf8" });
+}

package/commands/helpers/cf.js

@@ -22,7 +22,7 @@ exports.deployOrgStack = async function(region,params){
         StackName: `CoreInfra`,
         TemplateBody: stackYML,
         Capabilities: [
-            "CAPABILITY_IAM" || "CAPABILITY_NAMED_IAM" || "CAPABILITY_AUTO_EXPAND",
+            "CAPABILITY_IAM", "CAPABILITY_NAMED_IAM", "CAPABILITY_AUTO_EXPAND",
         ],
         Parameters: cfParams,
         Tags: [{ Key: 'purpose', Value: 'infra' }]

package/commands/helpers/s3.js

@@ -68,6 +68,27 @@ exports.copyInfraFile = async function(srcKey,destKey){
     return true;
 }
 
+exports.getInfraFile = async function(fileKey){
+    const client = new S3Client({ region: process.env.orgRegion });
+    const params = {
+        Bucket: process.env.orgBucket,
+        Key: fileKey.toLowerCase(),
+    };
+    const command = new GetObjectCommand(params);
+    const response = await client.send(command);
+
+    const streamToString = (stream) =>
+      new Promise((resolve, reject) => {
+        const chunks = [];
+        stream.on("data", (chunk) => chunks.push(chunk));
+        stream.on("error", reject);
+        stream.on("end", () => resolve(Buffer.concat(chunks).toString("utf-8")));
+      });
+
+    const fileContent = await streamToString(response.Body);
+    return fileContent;
+}
+
 exports.emptyBucket = async function(bucketName,region){
     await emptyS3Bucket(bucketName,region)
     return true;

package/commands/helpers/stacks/asg.yaml

@@ -229,6 +229,9 @@ Resources:
           KeyType: HASH
         - AttributeName: sk
           KeyType: RANGE
+      TimeToLiveSpecification:
+        AttributeName: "_ttl"
+        Enabled: true
 # S3 App Bucket
   AppBucket:
     Type: AWS::S3::Bucket

package/commands/helpers/stacks/infra.yaml

@@ -8,6 +8,9 @@ Parameters:
   VpcId:
     Type: String
     Description: Org VPC
+  GitHubRepoName:
+    Type: String
+    Description: "GitHub repository name in the format owner/repo"
   
 
 Resources:
@@ -99,4 +102,32 @@ Resources:
     Properties:
       Name: '/infra/infraBucket'
       Type: 'String'
-      Value: !Ref InfraBucket
+      Value: !Ref InfraBucket
+# Github Repo
+  GitHubActionsRole:
+    Type: "AWS::IAM::Role"
+    Properties:
+      RoleName: "GitHubActionsRole"
+      AssumeRolePolicyDocument:
+        Version: "2012-10-17"
+        Statement:
+          - Effect: "Allow"
+            Principal:
+              Federated: !Sub "arn:aws:iam::${AWS::AccountId}:oidc-provider/token.actions.githubusercontent.com"
+            Action: "sts:AssumeRoleWithWebIdentity"
+            Condition:
+              StringEquals:
+                "token.actions.githubusercontent.com:sub": !Sub "repo:${GitHubRepoName}:*"
+      Policies:
+        - PolicyName: "GitHubActionsPolicy"
+          PolicyDocument:
+            Version: "2012-10-17"
+            Statement:
+              - Effect: "Allow"
+                Action: "*"
+                Resource: "*"
+
+Outputs:
+  GithubRoleArn:
+    Description: "ARN of the GitHub Actions IAM Role"
+    Value: !GetAtt GitHubActionsRole.Arn

package/commands/init_org.js

@@ -7,14 +7,14 @@ const CF = require('./helpers/cf');
 
 
 exports.main = async function(args){
-    console.log(`Setting up ${args.name}@ in ${args.region}`)
+    console.log(`Setting up ${args.name}@ in ${args.region} with repo ${args.repo}`)
 
     // Get VPC ID
     const VpcId = await getDefaultVPC(args.region);
     console.log(`Default VPC: ${VpcId}`);
     
     // Deploy Stack
-    const success = await CF.deployOrgStack(args.region, {orgName: args.name, VpcId: VpcId})
+    const success = await CF.deployOrgStack(args.region, {orgName: args.name, VpcId: VpcId, GitHubRepoName: args.repo})
     if (success === false){
         console.log('ERR: Org already exists. Only one org permitted per account');
         throw new Error('Org already exists')

package/commands/launch_app.js

@@ -33,7 +33,7 @@ exports.main = async function(args){
     // I.I WAIT FOR AMI TO BE AVAILABLE
     console.log(`Waiting for AMI ${targetAMI} to be available`);
     let isAvailable = false;
-    for (let i = 0; i < 15; i++){
+    for (let i = 0; i < 40; i++){
         const status = await EC2.checkAMIStatus(targetAMI,targetRegion);
         if (status === true){
             console.log(`AMI ${targetAMI} available after ${i*30}s`);
@@ -43,7 +43,7 @@ exports.main = async function(args){
         console.log(`\tAMI Status Check ${i} @${i*30}s : Not Available`);
         await Common.sleep(30);
     }
-    if (!isAvailable){ throw new Error('AMI not available after 7 minutes. Try again in a few minutes.') }
+    if (!isAvailable){ throw new Error(`AMI not available after 20 minutes. Try again in a few minutes.`) }
 
     // --- II DEPLOY CF STACK ---
     // Get Stack URL

package/commands/update_app.js

@@ -29,7 +29,8 @@ exports.main = async function(args){
 
     // --- I PREP ZIP ---
     const zipPath = path.resolve(args.path);
-    if (!fs.existsSync(zipPath)){ throw new Error("Path not found:" + args.path)}
+    if (!fs.existsSync(zipPath)){ throw new Error("Path not found:" + zipPath)}
+  
     const zipFilePath = await prepZip(zipPath);
     await S3.uploadInfraFile(`apps/${args.app}/${args.v}/app.zip`,zipFilePath);
 
@@ -174,7 +175,7 @@ async function waitUntilInstanceReady(instance_id,region){
     let totalSleepTime = 0;
     let ok = false;
     const command = new DescribeInstanceStatusCommand(input);
-    for (let i=0; i<50; i++){
+    for (let i=0; i<100; i++){
         const response = await client.send(command);
         const status = response.InstanceStatuses[0].InstanceStatus.Status;
         console.log(`\tCheck ${i+1} @ ${totalSleepTime}s: EC2 Status is ${status}`)

package/main.js

@@ -11,7 +11,8 @@ const Commands = {
         exec: require('./commands/init_org').main,
         args: [
             {n: 'name', desc: 'Unique org Name. Letters only', r: true, pattern: `[A-Za-z]{2,20}`},
-            {n: 'region', desc: 'AWS Region for Core Assets. Default us-east-1', r: false}
+            {n: 'region', desc: 'AWS Region for Core Assets. Default us-east-1', r: false},
+            {n: 'repo', desc: 'Github repo name', r: false}
         ]
     },
     'set-org': {
@@ -65,6 +66,16 @@ const Commands = {
             {n: 'stack', desc: 'Path to updated JSON or YML stack', r: false}
         ]
     },
+    'get-stack': {
+        desc: 'Get stack',
+        exec: require('./commands/get_stack').main,
+        args: [
+            {n: 'app', desc: 'Name of existing app', pattern: `[A-Za-z]{2,20}`, r: true},
+            {n: 'v', desc: 'Version to update', pattern: `[0-9]{1,20}`, r: false},
+            {n: 'default', desc: 'Update default version', r: false},
+            {n: 'out', desc: 'Path to output stack file', r: true}
+        ]
+    },
     'launch': {
         desc: 'Launch application version to an instance',
         exec: require('./commands/launch_app').main,

package/package.json

@@ -1 +1 @@
-{"name":"cloudmason","version":"1.0.9","description":"","main":"main.js","scripts":{"build":"node build.js"},"bin":{"mason":"./main.js"},"repository":{"type":"git","url":"https://github.com/kai-harvey/secure-saas.git"},"author":"Kai Harvey","license":"ISC","dependencies":{"@aws-sdk/client-acm":"^3.418.0","@aws-sdk/client-auto-scaling":"^3.470.0","@aws-sdk/client-cloudformation":"^3.418.0","@aws-sdk/client-ec2":"^3.416.0","@aws-sdk/client-iam":"^3.418.0","@aws-sdk/client-route-53":"^3.425.0","@aws-sdk/client-s3":"^3.418.0","@aws-sdk/client-ssm":"^3.421.0","adm-zip":"^0.5.10"}}
+{"name":"cloudmason","version":"1.0.11","description":"","main":"main.js","scripts":{"build":"node build.js"},"bin":{"mason":"./main.js"},"repository":{"type":"git","url":"https://github.com/kai-harvey/secure-saas.git"},"author":"Kai Harvey","license":"ISC","dependencies":{"@aws-sdk/client-acm":"^3.418.0","@aws-sdk/client-auto-scaling":"^3.470.0","@aws-sdk/client-cloudformation":"^3.418.0","@aws-sdk/client-ec2":"^3.416.0","@aws-sdk/client-iam":"^3.418.0","@aws-sdk/client-route-53":"^3.425.0","@aws-sdk/client-s3":"^3.418.0","@aws-sdk/client-ssm":"^3.421.0","adm-zip":"^0.5.10"}}

package/test.bat

@@ -1,16 +0,0 @@
-@REM node main.js init-org -name orgTheorem -region us-west-2
-node main.js list-apps
-@REM node main.js new-app -name ot -type asg
-@REM node main.js new-instance -app ot -domain local.elmnts.xyz -region us-west-2 -admin kkh@kkh.io -env local
-@REM node main.js update-app -app ot -v 1.0 -path ./commands/starters/asg_node
-@REM node main.js update-stack -app ot -v 1.0 -stack ./commands/helpers/stacks/asg.yaml
-@REM node main.js launch -app ot -v 1.0 -domain local.elmnts.xyz
-@REM node main.js inspect -app ot -domain local.elmnts.xyz -run
-@REM node main.js isvalid -p ./commands/helpers/stacks/asg.yaml
-
-@REM node main.js reset-stack -app meantto
-@REM node main.js delete-instance -app ot -domain ot.elmnts.xyz
-@REM node main.js delete-app -app inc
-@REM aws ec2 get-console-output --instance-id i-0fba7c360fc2de96f --region us-west-2 --latest
-
-@REM node main.js starter -type asg -l node -p ../../myfirstapp