AWS SSM integration (#76)

communitybridge · Aug 18, 2020 · 5a31c7e · 5a31c7e
1 parent 504b3b0
commit 5a31c7e
Show file tree

Hide file tree

Showing 13 changed files with 223 additions and 16 deletions.
diff --git a/.gitignore b/.gitignore
@@ -19,6 +19,9 @@ package-lock.json
 # dependencies
 node_modules/
 
+#AWS JSON file
+/src/app/config/cla-env-config.json
+
 # profiling files
 chrome-profiler-events.json
 speed-measure-plugin.json

diff --git a/angular.json b/angular.json
@@ -60,6 +60,62 @@
                   "maximumError": "10kb"
                 }
               ]
+            },
+            "dev": {
+              "fileReplacements": [
+                {
+                  "replace": "src/environments/environment.ts",
+                  "with": "src/environments/environment.dev.ts"
+                }
+              ],
+              "optimization": true,
+              "outputHashing": "all",
+              "sourceMap": false,
+              "extractCss": true,
+              "namedChunks": false,
+              "extractLicenses": true,
+              "vendorChunk": false,
+              "buildOptimizer": true,
+              "budgets": [
+                {
+                  "type": "initial",
+                  "maximumWarning": "2mb",
+                  "maximumError": "5mb"
+                },
+                {
+                  "type": "anyComponentStyle",
+                  "maximumWarning": "6kb",
+                  "maximumError": "10kb"
+                }
+              ]
+            },
+            "staging": {
+              "fileReplacements": [
+                {
+                  "replace": "src/environments/environment.ts",
+                  "with": "src/environments/environment.staging.ts"
+                }
+              ],
+              "optimization": true,
+              "outputHashing": "all",
+              "sourceMap": false,
+              "extractCss": true,
+              "namedChunks": false,
+              "extractLicenses": true,
+              "vendorChunk": false,
+              "buildOptimizer": true,
+              "budgets": [
+                {
+                  "type": "initial",
+                  "maximumWarning": "2mb",
+                  "maximumError": "5mb"
+                },
+                {
+                  "type": "anyComponentStyle",
+                  "maximumWarning": "6kb",
+                  "maximumError": "10kb"
+                }
+              ]
             }
           }
         },

diff --git a/e2e/tsconfig.json b/e2e/tsconfig.json
@@ -1,6 +1,9 @@
 {
   "extends": "../tsconfig.base.json",
   "compilerOptions": {
+    "resolveJsonModule": true,
+    "esModuleInterop": true,
+    "allowSyntheticDefaultImports": true,
     "outDir": "../out-tsc/e2e",
     "module": "commonjs",
     "target": "es2018",

diff --git a/package.json b/package.json
@@ -11,6 +11,9 @@
     "ng": "./node_modules/@angular/cli/bin/ng",
     "serve": "./node_modules/@angular/cli/bin/ng serve",
     "build": "./node_modules/@angular/cli/bin/ng build",
+    "build:dev": "yarn prebuild:dev && ./node_modules/@angular/cli/bin/ng build --prod --configuration=dev",
+    "build:staging": "yarn prebuild:dev && ./node_modules/@angular/cli/bin/ng build --prod --configuration=staging",
+    "build:prod": "yarn prebuild:dev && ./node_modules/@angular/cli/bin/ng build --prod --configuration=production",
     "serve-local": "ng serve --port 8100",
     "test": "yarn test:unit",
     "test:unit": "ng test --watch=false --progress=false --browsers=ChromeHeadless",
@@ -30,7 +33,10 @@
     "deploy:cloudfront:prod": "SLS_DEBUG=* ROOT_DOMAIN=communitybridge.org PRODUCT_DOMAIN=easycla.communitybridge.org yarn sls deploy --stage='prod' --cloudfront=true --verbose",
     "deploy:frontend:prod": "SLS_DEBUG=* ROOT_DOMAIN=communitybridge.org PRODUCT_DOMAIN=easycla.communitybridge.org yarn sls client deploy --stage='prod' --cloudfront=true --no-confirm --no-policy-change --no-config-change --verbose",
     "deploy:invalidate:prod": "SLS_DEBUG=* ROOT_DOMAIN=communitybridge.org PRODUCT_DOMAIN=easycla.communitybridge.org yarn sls cloudfrontInvalidate --stage='prod' --region='us-east-1' --cloudfront='true' --verbose",
-    "remove:prod": "SLS_DEBUG=* yarn sls remove --stage='prod' --region='us-east-1' --verbose"
+    "remove:prod": "SLS_DEBUG=* yarn sls remove --stage='prod' --region='us-east-1' --verbose",
+    "prebuild:dev": "STAGE_ENV=dev node ./src/app/config/scripts/prefetch-ssm.js",
+    "prebuild:staging": "STAGE_ENV=staging node ./src/app/config/scripts/prefetch-ssm.js",
+    "prebuild:prod": "STAGE_ENV=prod node ./src/app/config/scripts/prefetch-ssm.js"
   },
   "private": true,
   "dependencies": {
@@ -49,6 +55,7 @@
     "@types/auth0-js": "^8.11.7",
     "@types/node": "^12.11.1",
     "auth0-js": "^9.13.2",
+    "aws-sdk": "^2.733.0",
     "bootstrap": "^4.4.0",
     "rxjs": "~6.5.4",
     "serverless": "^1.69.0",
@@ -94,4 +101,4 @@
     }
   },
   "license": "MIT"
-}
+}
diff --git a/src/app/config/app-settings.ts b/src/app/config/app-settings.ts
@@ -31,6 +31,7 @@ export class AppSettings {
     public static URL_PATTERN = '^((ht|f)tp(s?))\://([0-9a-zA-Z\-]+\.)+[0-9a-zA-Z]{2,6}(\:[0-9]+)?(/\S*)?$';
     public static NON_WHITE_SPACE_REGEX = /.*\S.*/;
 
+
 }
 
 
diff --git a/src/app/config/cla-config.ts b/src/app/config/cla-config.ts
diff --git a/src/app/config/cla-env-utils.ts b/src/app/config/cla-env-utils.ts
@@ -0,0 +1,5 @@
+// Copyright The Linux Foundation and each contributor to CommunityBridge.
+// SPDX-License-Identifier: MIT
+
+import * as env from './cla-env-config.json';
+export const EnvConfig = env as any;
diff --git a/src/app/config/scripts/prefetch-ssm.js b/src/app/config/scripts/prefetch-ssm.js
@@ -0,0 +1,25 @@
+// Copyright The Linux Foundation and each contributor to CommunityBridge.
+// SPDX-License-Identifier: MIT
+
+const fs = require('fs');
+const RetrieveSSMValues = require('./read-ssm');
+const configVarArray = ['auth0-clientId', 'auth0-domain'];
+const region = 'us-east-1';
+const profile = process.env.AWS_PROFILE;
+const stageEnv = process.env.STAGE_ENV;
+const AWS_SSM_JSON_PATH = './src/app/config/cla-env-config.json';
+
+async function prefetchSSM() {
+  let result = {};
+  console.log(`Start to fetch SSM values at ${stageEnv}...`);
+  result = await RetrieveSSMValues(configVarArray, stageEnv, region, profile);
+
+  //test for local
+  // result['cla-api-url'] = 'http://localhost:5000';
+  fs.writeFile(AWS_SSM_JSON_PATH, JSON.stringify(result), function (err) {
+    if (err) throw new Error(`Couldn't save SSM paramters to disk with error ${err}`);
+    console.log('Fetching completed...');
+  });
+}
+
+prefetchSSM();
diff --git a/src/app/config/scripts/read-local.js b/src/app/config/scripts/read-local.js
@@ -0,0 +1,22 @@
+// Copyright The Linux Foundation and each contributor to CommunityBridge.
+// SPDX-License-Identifier: MIT
+
+/**
+ * @param {string[]} variables
+ * @returns {{ [key:string]: string }}
+ */
+async function retrieveLocalConfigValues(variables, fileName) {
+    const localConfig = require(`../${fileName}`);
+    const parameterMap = {};
+    variables.forEach((variable) => {
+      value = localConfig[variable];
+      if (value === undefined) {
+        throw new Error(`Couldn't retrieve value from local config for ${variable}`);
+      }
+      parameterMap[variable] = localConfig[variable];
+    });
+    return parameterMap;
+  }
+
+  module.exports = retrieveLocalConfigValues;
+
diff --git a/src/app/config/scripts/read-ssm.js b/src/app/config/scripts/read-ssm.js
@@ -0,0 +1,77 @@
+// @ts-check
+
+// Copyright The Linux Foundation and each contributor to CommunityBridge.
+// SPDX-License-Identifier: MIT
+const AWS = require('aws-sdk');
+
+/**
+ * @param {string[]} variables
+ * @param {string} stage
+ * @param {string} region
+ * @param {string} profile
+ * @returns {Promise<{ [key:string]: string}>}
+ */
+async function retrieveSSMValues(variables, stage, region, profile) {
+    const scopedVariables = variables.map((param) => {
+        return `cla-${param}-${stage}`;
+    });
+    const result = await requestSSMParameters(scopedVariables, stage, region, profile);
+    const parameters = result.Parameters;
+    const error = result.$response.error;
+    if (error !== null) {
+        throw new Error(
+            `Couldn't retrieve SSM parameters for stage ${stage} in region ${region} using profile ${profile} - error ${error}`
+        );
+    }
+    const scopedParams = createParameterMap(parameters, stage);
+    let params;
+    Object.keys(scopedParams).forEach((key) => {
+        const param = scopedParams[key];
+        key = key.replace('cla-', '');
+        key = key.replace(`-${stage}`, '');
+        params[key] = param;
+    });
+
+    variables.forEach((variable) => {
+        if (params[variable] === undefined) {
+            throw new Error(
+                `Missing SSM parameter with name ${variable} for stage ${stage} in region ${region} using profile ${profile}`,
+            );
+        }
+    });
+    return params;
+}
+
+/**
+ * @param {string[]} variables
+ * @param {string} stage
+ * @param {string} region
+ */
+function requestSSMParameters(variables, stage, region, profile) {
+    AWS.config.credentials = new AWS.SharedIniFileCredentials({ profile });
+    const ssm = new AWS.SSM({ region: region });
+    const ps = {
+        Names: variables,
+        WithDecryption: true
+    };
+    console.log(AWS.config.credentials);
+    return ssm.getParameters(ps).promise();
+}
+
+/**
+ * @param {AWS.SSM.Parameter[]} parameters
+ * @param {string} stage
+ */
+function createParameterMap(parameters, stage) {
+    return parameters.filter((param) => param.Name.endsWith(`-${stage}`))
+        .map((param) => {
+            const output = {};
+            output[param.Name] = param.Value;
+            return output;
+        })
+        .reduce((prev, current) => {
+            return { ...prev, ...current };
+        }, {});
+}
+
+module.exports = retrieveSSMValues;
diff --git a/src/app/shared/services/auth.service.ts b/src/app/shared/services/auth.service.ts
@@ -7,16 +7,16 @@ import * as jwt_decode from 'jwt-decode';
 import { getAuthURLFromWindow } from 'src/app/config/auth-utils';
 import { StorageService } from './storage.service';
 import { AppSettings } from 'src/app/config/app-settings';
-import { ClaConfiguration } from 'src/app/config/cla-config';
+import { EnvConfig } from 'src/app/config/cla-env-utils';
 
 (window as any).global = window;
 
 @Injectable()
 export class AuthService {
 
   auth0 = new auth0.WebAuth({
-    clientID: ClaConfiguration.auth0_clientId,
-    domain: ClaConfiguration.auth0_domain,
+    clientID: EnvConfig.default['auth0-clientId'],
+    domain: EnvConfig.default['auth0-domain'],
     responseType: 'token id_token',
     redirectUri: getAuthURLFromWindow(),
     scope: 'openid email profile'

diff --git a/src/claenv.d.ts b/src/claenv.d.ts
@@ -0,0 +1,4 @@
+declare module '*.json' {
+    const value: any;
+    export default value;
+}
diff --git a/yarn.lock b/yarn.lock
@@ -2755,6 +2755,21 @@ aws-sdk@^2.680.0:
     uuid "3.3.2"
     xml2js "0.4.19"
 
+aws-sdk@^2.733.0:
+  version "2.733.0"
+  resolved "https://registry.yarnpkg.com/aws-sdk/-/aws-sdk-2.733.0.tgz#2f3c8b1c6afc26bed97213682cbec47f996f6120"
+  integrity sha512-unW3UYTwhpNZmCgMHby+8EFDNROoaU5ogWWjcUj/ZlFQCAtYCJdf2JqUT+rIi7+6KWqrDKY3sTredfK1KKXZ8A==
+  dependencies:
+    buffer "4.9.2"
+    events "1.1.1"
+    ieee754 "1.1.13"
+    jmespath "0.15.0"
+    querystring "0.2.0"
+    sax "1.2.1"
+    url "0.10.3"
+    uuid "3.3.2"
+    xml2js "0.4.19"
+
 aws-sign2@~0.7.0:
   version "0.7.0"
   resolved "https://registry.yarnpkg.com/aws-sign2/-/aws-sign2-0.7.0.tgz#b46e890934a9591f2d2f6f86d7e6a9f1b3fe76a8"
Original file line number	Diff line number	Diff line change
Expand Up		@@ -31,6 +31,7 @@ export class AppSettings {
		public static URL_PATTERN = '^((ht\|f)tp(s?))\://([0-9a-zA-Z\-]+\.)+[0-9a-zA-Z]{2,6}(\:[0-9]+)?(/\S*)?$';
		public static NON_WHITE_SPACE_REGEX = /.\S./;


		}