rds_ssm_connect 1.6.2 → 1.7.1

package/.github/workflows/npm-publish.yml

@@ -18,4 +18,4 @@ jobs:
           registry-url: 'https://registry.npmjs.org'
       - run: npm install -g npm@latest
       - run: npm ci
-      - run: npm publish --access public
+      - run: npm publish --provenance --access public

package/.github/workflows/release.yml

@@ -0,0 +1,114 @@
+name: Release
+
+on:
+  push:
+    tags:
+      - 'v*'
+
+env:
+  CARGO_INCREMENTAL: 0
+
+jobs:
+  build:
+    permissions:
+      contents: write
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - platform: macos-latest
+            rust_target: aarch64-apple-darwin
+            sidecar_target: node22-macos-arm64
+            sidecar_triple: aarch64-apple-darwin
+          - platform: macos-latest
+            rust_target: x86_64-apple-darwin
+            sidecar_target: node22-macos-x64
+            sidecar_triple: x86_64-apple-darwin
+          - platform: ubuntu-22.04
+            rust_target: x86_64-unknown-linux-gnu
+            sidecar_target: node22-linux-x64
+            sidecar_triple: x86_64-unknown-linux-gnu
+          - platform: windows-latest
+            rust_target: x86_64-pc-windows-msvc
+            sidecar_target: node22-win-x64
+            sidecar_triple: x86_64-pc-windows-msvc
+
+    runs-on: ${{ matrix.platform }}
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Setup Node
+        uses: actions/setup-node@v4
+        with:
+          node-version: '22'
+          cache: 'npm'
+
+      - name: Install Rust stable
+        uses: dtolnay/rust-toolchain@stable
+        with:
+          targets: ${{ matrix.rust_target }}
+
+      - name: Rust cache
+        uses: Swatinem/rust-cache@v2
+        with:
+          workspaces: src-tauri
+
+      - name: Install dependencies (Ubuntu)
+        if: matrix.platform == 'ubuntu-22.04'
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y libwebkit2gtk-4.1-dev libappindicator3-dev librsvg2-dev patchelf
+
+      - name: Install frontend dependencies
+        run: npm ci
+
+      - name: Build sidecar for current platform
+        run: |
+          mkdir -p src-tauri/binaries
+          npx esbuild gui-adapter.js --bundle --platform=node --target=node22 --outfile=src-tauri/binaries/gui-adapter-bundle.cjs --format=cjs --external:inquirer
+          npx @yao-pkg/pkg src-tauri/binaries/gui-adapter-bundle.cjs --target ${{ matrix.sidecar_target }} -o src-tauri/binaries/gui-adapter-${{ matrix.sidecar_triple }}
+          rm src-tauri/binaries/gui-adapter-bundle.cjs
+
+      - name: Build Tauri app
+        uses: tauri-apps/tauri-action@v0
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          TAURI_SIGNING_PRIVATE_KEY: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY }}
+          TAURI_SIGNING_PRIVATE_KEY_PASSWORD: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY_PASSWORD }}
+        with:
+          tagName: v__VERSION__
+          releaseName: 'RDS SSM Connect v__VERSION__'
+          releaseBody: 'See the assets to download this version and install.'
+          releaseDraft: true
+          prerelease: false
+          args: --target ${{ matrix.rust_target }}
+
+  # Generate update manifest after all builds complete
+  update-manifest:
+    needs: build
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Setup Node
+        uses: actions/setup-node@v4
+        with:
+          node-version: '22'
+
+      - name: Get version from tag
+        id: version
+        run: echo "VERSION=${GITHUB_REF#refs/tags/v}" >> $GITHUB_OUTPUT
+
+      - name: Generate latest.json
+        run: |
+          node scripts/generate-update-json.js ${{ steps.version.outputs.VERSION }} https://github.com/${{ github.repository }}/releases/download/v${{ steps.version.outputs.VERSION }}
+
+      - name: Upload latest.json to release
+        uses: softprops/action-gh-release@v1
+        with:
+          files: latest.json
+          tag_name: v${{ steps.version.outputs.VERSION }}
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

package/connect.js

@@ -1,19 +1,21 @@
 #!/usr/bin/env node
 
-import inquirer from 'inquirer'
 import fs from 'fs/promises'
 import os from 'os'
 import path from 'path'
 import { exec } from 'child_process'
 import { promisify } from 'util'
-import { createRequire } from 'module'
+import { EventEmitter } from 'events'
 import { PROJECT_CONFIGS } from './envPortMapping.js'
 
-const require = createRequire(import.meta.url)
-const packageJson = require('./package.json')
+// Package info for version checking
+const packageJson = { name: 'rds_ssm_connect', version: '1.6.2' }
 
 const execAsync = promisify(exec)
 
+// Event emitter for IPC communication
+const ipcEmitter = new EventEmitter()
+
 // Configuration constants
 const RETRY_CONFIG = {
   BASTION_WAIT_MAX_RETRIES: 20,
@@ -317,7 +319,174 @@ function getProfilesForProject (allProfiles, projectConfig, allProjectConfigs) {
   }
 }
 
+// Get local port number based on environment suffix
+function getLocalPort (ENV, projectConfig) {
+  const { envPortMapping, defaultPort } = projectConfig
+  const allEnvSuffixes = Object.keys(envPortMapping).sort((a, b) => b.length - a.length)
+  const matchedSuffix = allEnvSuffixes.find(suffix => ENV.endsWith(suffix)) ||
+                        allEnvSuffixes.find(suffix => ENV === suffix)
+  return envPortMapping[matchedSuffix] || defaultPort
+}
+
+// Get RDS credentials from Secrets Manager
+async function getConnectionCredentials (ENV, projectConfig) {
+  const { region, secretPrefix, database } = projectConfig
+
+  const secretsListCommand = `aws-vault exec ${ENV} -- aws secretsmanager list-secrets --region ${region} --query "SecretList[?starts_with(Name, '${secretPrefix}')].Name | [0]" --output text`
+  const SECRET_NAME = await runCommand(secretsListCommand)
+
+  if (!SECRET_NAME || SECRET_NAME === 'None') {
+    throw new Error(`No secret found with name starting with '${secretPrefix}'.`)
+  }
+
+  const secretsGetCommand = `aws-vault exec ${ENV} -- aws secretsmanager get-secret-value --region ${region} --secret-id "${SECRET_NAME}" --query SecretString --output text`
+  const secretString = await runCommand(secretsGetCommand)
+
+  if (!secretString) {
+    throw new Error('Failed to retrieve secret value from Secrets Manager.')
+  }
+
+  let credentials
+  try {
+    credentials = JSON.parse(secretString)
+    if (!credentials.username || !credentials.password) {
+      throw new Error('Missing username or password in credentials')
+    }
+  } catch (error) {
+    throw new Error(`Failed to parse credentials from Secrets Manager: ${error.message}`)
+  }
+
+  return {
+    username: credentials.username,
+    password: credentials.password,
+    database,
+    secretName: SECRET_NAME
+  }
+}
+
+// Find running bastion instance
+async function findBastionInstance (ENV, region) {
+  const instanceIdCommand = `aws-vault exec ${ENV} -- aws ec2 describe-instances --region ${region} --filters "Name=tag:Name,Values='*bastion*'" "Name=instance-state-name,Values=running" --query "Reservations[].Instances[].[InstanceId] | [0][0]" --output text`
+  const instanceId = await runCommand(instanceIdCommand)
+
+  if (!instanceId || instanceId === 'None') {
+    throw new Error('Failed to find a running instance with tag Name=*bastion*.')
+  }
+
+  return instanceId
+}
+
+// Get available projects based on AWS profiles
+async function getAvailableProjects () {
+  const allProfiles = await readAwsConfig()
+
+  if (allProfiles.length === 0) {
+    return []
+  }
+
+  return Object.entries(PROJECT_CONFIGS)
+    .filter(([key, config]) => {
+      const matchingProfiles = getProfilesForProject(allProfiles, config, PROJECT_CONFIGS)
+      return matchingProfiles.length > 0
+    })
+    .map(([key, config]) => ({
+      key,
+      name: config.name
+    }))
+}
+
+// Get profiles for a specific project
+async function getProfilesForProjectKey (projectKey) {
+  const allProfiles = await readAwsConfig()
+  const projectConfig = PROJECT_CONFIGS[projectKey]
+
+  if (!projectConfig) {
+    throw new Error(`Unknown project: ${projectKey}`)
+  }
+
+  return getProfilesForProject(allProfiles, projectConfig, PROJECT_CONFIGS)
+}
+
+// Connect to RDS through bastion - returns connection info and control object
+async function connect (projectKey, profile, options = {}) {
+  const projectConfig = PROJECT_CONFIGS[projectKey]
+  if (!projectConfig) {
+    throw new Error(`Unknown project: ${projectKey}`)
+  }
+
+  const { region, database } = projectConfig
+  // Use provided localPort or fall back to computed port from profile
+  const localPort = options.localPort || getLocalPort(profile, projectConfig)
+
+  // Emit status updates
+  const emit = (event, data) => {
+    ipcEmitter.emit(event, data)
+    if (options.onEvent) {
+      options.onEvent(event, data)
+    }
+  }
+
+  emit('status', { message: 'Getting credentials...' })
+  const credentials = await getConnectionCredentials(profile, projectConfig)
+
+  emit('status', { message: 'Finding bastion instance...' })
+  const instanceId = await findBastionInstance(profile, region)
+
+  emit('status', { message: 'Getting RDS endpoint...' })
+  const rdsEndpoint = await getRdsEndpoint(profile, projectConfig)
+
+  if (!rdsEndpoint || rdsEndpoint === 'None') {
+    throw new Error('Failed to find the RDS endpoint.')
+  }
+
+  emit('status', { message: 'Getting RDS port...' })
+  const rdsPort = await getRdsPort(profile, projectConfig)
+
+  const connectionInfo = {
+    host: 'localhost',
+    port: localPort,
+    username: credentials.username,
+    password: credentials.password,
+    database,
+    rdsEndpoint,
+    instanceId
+  }
+
+  emit('credentials', connectionInfo)
+  emit('status', { message: 'Starting port forwarding...' })
+
+  // Start port forwarding
+  const portForwardingPromise = startPortForwardingWithConfig(
+    profile,
+    instanceId,
+    rdsEndpoint,
+    localPort,
+    rdsPort,
+    region,
+    0,
+    RETRY_CONFIG.PORT_FORWARDING_MAX_RETRIES
+  )
+
+  // Return connection control object
+  return {
+    connectionInfo,
+    disconnect: () => {
+      // Kill all active child processes
+      activeChildProcesses.forEach(child => {
+        if (child && !child.killed) {
+          child.kill('SIGTERM')
+        }
+      })
+      activeChildProcesses = []
+    },
+    waitForClose: () => portForwardingPromise
+  }
+}
+
 async function main () {
+  // Dynamic import of inquirer (CLI only, not needed for GUI adapter)
+  const inquirer = await import('inquirer')
+
   // Setup process cleanup handlers
   setupProcessCleanup()
 
@@ -355,7 +524,7 @@ async function main () {
       projectKey = projectChoices[0].value
       console.log(`Auto-selected project: ${projectChoices[0].name}`)
     } else {
-      const projectAnswer = await inquirer.prompt([
+      const projectAnswer = await inquirer.default.prompt([
         {
           type: 'select',
           name: 'project',
@@ -377,7 +546,7 @@ async function main () {
       return
     }
 
-    const envAnswer = await inquirer.prompt([
+    const envAnswer = await inquirer.default.prompt([
       {
         type: 'select',
         name: 'ENV',
@@ -462,6 +631,31 @@ async function main () {
   }
 }
 
-main().catch((error) => {
-  console.error('Unhandled error in main function:', error)
-})
+// Only run main() when executed directly (not when imported as a module)
+const isMainModule = process.argv[1] && (
+  process.argv[1].endsWith('connect.js') ||
+  process.argv[1].endsWith('rds_ssm_connect')
+)
+
+if (isMainModule) {
+  main().catch((error) => {
+    console.error('Unhandled error in main function:', error)
+  })
+}
+
+// Exports for GUI adapter
+export {
+  readAwsConfig,
+  getProfilesForProject,
+  getAvailableProjects,
+  getProfilesForProjectKey,
+  getConnectionCredentials,
+  findBastionInstance,
+  getRdsEndpoint,
+  getRdsPort,
+  getLocalPort,
+  connect,
+  ipcEmitter,
+  PROJECT_CONFIGS,
+  RETRY_CONFIG
+}

package/envPortMapping.js

@@ -35,7 +35,7 @@ export const PROJECT_CONFIGS = {
   covered: {
     name: 'Covered (Healthcare)',
     region: 'us-west-1',
-    database: 'covered',
+    database: 'covered_db',
     secretPrefix: 'rds!db',
     rdsType: 'instance', // Single RDS instance (not Aurora)
     rdsPattern: 'covered-db', // DBInstanceIdentifier contains this

package/gui-adapter.js

@@ -0,0 +1,268 @@
+#!/usr/bin/env node
+
+/**
+ * GUI Adapter - JSON IPC bridge for Tauri sidecar
+ *
+ * Reads JSON commands from stdin, dispatches to connect.js functions,
+ * and writes JSON responses/events to stdout.
+ *
+ * Commands:
+ * - list-projects: Get available projects
+ * - list-profiles: Get profiles for a project
+ * - connect: Connect to RDS through bastion (supports multiple simultaneous connections)
+ * - disconnect: Disconnect a specific or all sessions
+ * - disconnect-all: Disconnect all active sessions
+ */
+
+import readline from 'readline'
+import net from 'net'
+import { randomUUID } from 'crypto'
+import {
+  getAvailableProjects,
+  getProfilesForProjectKey,
+  connect,
+  getLocalPort,
+  PROJECT_CONFIGS
+} from './connect.js'
+
+// Active connections Map - connectionId -> connection control object
+const activeConnections = new Map()
+
+// Send JSON response to stdout
+function sendResponse (id, type, data) {
+  const response = JSON.stringify({ id, type, ...data })
+  console.log(response)
+}
+
+// Send event to stdout
+function sendEvent (event, data) {
+  const response = JSON.stringify({ type: 'event', event, ...data })
+  console.log(response)
+}
+
+// Check if a port is available
+async function isPortAvailable (port) {
+  return new Promise((resolve) => {
+    const server = net.createServer()
+    server.once('error', () => resolve(false))
+    server.once('listening', () => {
+      server.close()
+      resolve(true)
+    })
+    server.listen(port, '127.0.0.1')
+  })
+}
+
+// Find next available port starting from basePort
+async function findAvailablePort (basePort, usedPorts = []) {
+  const usedSet = new Set(usedPorts.map(p => parseInt(p, 10)))
+
+  for (let port = basePort; port < basePort + 100; port++) {
+    if (usedSet.has(port)) continue
+    if (await isPortAvailable(port)) {
+      return port.toString()
+    }
+  }
+  throw new Error(`No available ports found starting from ${basePort}`)
+}
+
+// Handle incoming commands
+async function handleCommand (command) {
+  const { id, action, ...params } = command
+
+  try {
+    switch (action) {
+      case 'list-projects': {
+        const projects = await getAvailableProjects()
+        sendResponse(id, 'success', { projects })
+        break
+      }
+
+      case 'list-profiles': {
+        const { projectKey } = params
+        if (!projectKey) {
+          sendResponse(id, 'error', { message: 'projectKey is required' })
+          break
+        }
+        const profiles = await getProfilesForProjectKey(projectKey)
+        sendResponse(id, 'success', { profiles })
+        break
+      }
+
+      case 'connect': {
+        const { projectKey, profile, localPort, usedPorts = [] } = params
+        if (!projectKey || !profile) {
+          sendResponse(id, 'error', { message: 'projectKey and profile are required' })
+          break
+        }
+
+        // Generate unique connection ID
+        const connectionId = `conn_${randomUUID().slice(0, 8)}`
+
+        // Determine port to use
+        const projectConfig = PROJECT_CONFIGS[projectKey]
+        if (!projectConfig) {
+          sendResponse(id, 'error', { message: `Unknown project: ${projectKey}` })
+          break
+        }
+
+        let portToUse
+        if (localPort) {
+          // Use specified port if available
+          const portNum = parseInt(localPort, 10)
+          if (usedPorts.includes(localPort) || !(await isPortAvailable(portNum))) {
+            sendResponse(id, 'error', { message: `Port ${localPort} is not available` })
+            break
+          }
+          portToUse = localPort
+        } else {
+          // Find next available port based on project's base port
+          const basePort = parseInt(getLocalPort(profile, projectConfig), 10)
+          // Combine usedPorts from params with currently active connections
+          const allUsedPorts = [
+            ...usedPorts,
+            ...Array.from(activeConnections.values()).map(c => c.connectionInfo?.port)
+          ].filter(Boolean)
+          portToUse = await findAvailablePort(basePort, allUsedPorts)
+        }
+
+        // Start new connection with the determined port
+        const connectionControl = await connect(projectKey, profile, {
+          localPort: portToUse,
+          onEvent: (event, data) => {
+            sendEvent(event, { ...data, connectionId })
+          }
+        })
+
+        // Store in active connections
+        activeConnections.set(connectionId, connectionControl)
+
+        sendResponse(id, 'success', {
+          connectionId,
+          connectionInfo: connectionControl.connectionInfo
+        })
+
+        // Set up connection close handler
+        connectionControl.waitForClose()
+          .then(() => {
+            sendEvent('disconnected', { connectionId, reason: 'session_ended' })
+            activeConnections.delete(connectionId)
+          })
+          .catch((error) => {
+            sendEvent('error', { connectionId, message: error.message })
+            sendEvent('disconnected', { connectionId, reason: 'error' })
+            activeConnections.delete(connectionId)
+          })
+
+        break
+      }
+
+      case 'disconnect': {
+        const { connectionId } = params
+
+        if (connectionId) {
+          // Disconnect specific connection
+          const connection = activeConnections.get(connectionId)
+          if (connection) {
+            connection.disconnect()
+            activeConnections.delete(connectionId)
+            sendResponse(id, 'success', { message: `Disconnected ${connectionId}` })
+          } else {
+            sendResponse(id, 'success', { message: `Connection ${connectionId} not found` })
+          }
+        } else {
+          // Disconnect all connections (legacy behavior)
+          for (const [connId, connection] of activeConnections) {
+            connection.disconnect()
+          }
+          activeConnections.clear()
+          sendResponse(id, 'success', { message: 'Disconnected all connections' })
+        }
+        break
+      }
+
+      case 'disconnect-all': {
+        for (const [connId, connection] of activeConnections) {
+          connection.disconnect()
+        }
+        activeConnections.clear()
+        sendResponse(id, 'success', { message: 'Disconnected all connections' })
+        break
+      }
+
+      case 'status': {
+        const connections = Array.from(activeConnections.entries()).map(([connId, conn]) => ({
+          connectionId: connId,
+          connectionInfo: conn.connectionInfo
+        }))
+        sendResponse(id, 'success', {
+          connectionCount: activeConnections.size,
+          connections
+        })
+        break
+      }
+
+      case 'ping': {
+        sendResponse(id, 'success', { message: 'pong' })
+        break
+      }
+
+      default:
+        sendResponse(id, 'error', { message: `Unknown action: ${action}` })
+    }
+  } catch (error) {
+    sendResponse(id, 'error', { message: error.message })
+  }
+}
+
+// Handle process signals for cleanup
+function setupCleanup () {
+  const cleanup = () => {
+    for (const [connId, connection] of activeConnections) {
+      connection.disconnect()
+    }
+    activeConnections.clear()
+    process.exit(0)
+  }
+
+  process.on('SIGINT', cleanup)
+  process.on('SIGTERM', cleanup)
+  process.on('exit', cleanup)
+}
+
+// Main entry point
+async function main () {
+  setupCleanup()
+
+  // Signal that adapter is ready
+  sendEvent('ready', { version: '2.0.0' })
+
+  // Set up readline for stdin
+  const rl = readline.createInterface({
+    input: process.stdin,
+    output: process.stdout,
+    terminal: false
+  })
+
+  rl.on('line', async (line) => {
+    try {
+      const command = JSON.parse(line)
+      await handleCommand(command)
+    } catch (error) {
+      sendEvent('error', { message: `Failed to parse command: ${error.message}` })
+    }
+  })
+
+  rl.on('close', () => {
+    for (const [connId, connection] of activeConnections) {
+      connection.disconnect()
+    }
+    activeConnections.clear()
+    process.exit(0)
+  })
+}
+
+main().catch((error) => {
+  sendEvent('error', { message: `Adapter error: ${error.message}` })
+  process.exit(1)
+})

package/index.html

@@ -0,0 +1,21 @@
+<!doctype html>
+<html lang="en">
+  <head>
+    <meta charset="UTF-8" />
+    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
+    <title>RDS SSM Connect</title>
+    <style>
+      html, body {
+        margin: 0;
+        padding: 0;
+        font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Oxygen, Ubuntu, sans-serif;
+        background-color: #1a1a2e;
+        color: #eaeaea;
+      }
+    </style>
+  </head>
+  <body>
+    <div id="app"></div>
+    <script type="module" src="/src/main.js"></script>
+  </body>
+</html>