Updated Fetch SSM Parameter Logic

.circleci/config.yml

@@ -56,19 +56,33 @@ jobs:
       - save_cache: *save-cache
       - persist_to_workspace: *persist_to_workspace
 
-  build:
+  build: &buildAnchor
     <<: *defaults
     steps:
       - checkout
       - attach_workspace:
           at: /tmp/workspace
       - restore_cache: *restore-cache
+      - run:
+          name: Setup AWS key
+          command: |
+            echo "export AWS_ACCESS_KEY_ID=${!AWS_ACCESS_KEY_ID_ENV_VAR}" >> ${BASH_ENV}
+            echo "export AWS_SECRET_ACCESS_KEY=${!AWS_SECRET_ACCESS_KEY_ENV_VAR}" >> ${BASH_ENV}
+      - run:
+          name: Install AWS Profile
+          command: |
+            echo "PROJECT_DIR=${PROJECT_DIR}"
+            echo "Installing Profile '${AWS_PROFILE}'..."
+            mkdir -p ~/.aws
+            printf "[profile ${AWS_PROFILE}]\nregion=${AWS_REGION}\noutput=json" > ~/.aws/config
+            printf "[${AWS_PROFILE}]\naws_access_key_id=${!AWS_ACCESS_KEY_ID_ENV_VAR}\naws_secret_access_key=${!AWS_SECRET_ACCESS_KEY_ENV_VAR}" > ~/.aws/credentials
+            echo "export AWS_PROFILE=${AWS_PROFILE}" >> ${BASH_ENV}
       - run:
           name: Building Source
           command: |
             echo "Node version is: $(node --version)"
-            echo "Running yarn build..."
-            yarn build
+            echo "Running yarn build:${STAGE}..."
+            yarn build:${STAGE}
           no_output_timeout: 10m
       - run:
           name: Build Edge
@@ -82,6 +96,39 @@ jobs:
       - save_cache: *save-cache
       - persist_to_workspace: *persist_to_workspace
 
+  buildDev:
+    <<: *buildAnchor
+    environment:
+      AWS_ACCESS_KEY_ID_ENV_VAR: AWS_ACCESS_KEY_ID_DEV
+      AWS_SECRET_ACCESS_KEY_ENV_VAR: AWS_SECRET_ACCESS_KEY_DEV
+      AWS_PROFILE: easycla
+      AWS_REGION: us-east-1
+      STAGE: dev
+      ROOT_DOMAIN: dev.communitybridge.org
+      PRODUCT_DOMAIN: easycla.dev.communitybridge.org
+
+  buildStaging:
+    <<: *buildAnchor
+    environment:
+      AWS_ACCESS_KEY_ID_ENV_VAR: AWS_ACCESS_KEY_ID_STAGING
+      AWS_SECRET_ACCESS_KEY_ENV_VAR: AWS_SECRET_ACCESS_KEY_STAGING
+      AWS_PROFILE: easycla
+      AWS_REGION: us-east-1
+      STAGE: staging
+      ROOT_DOMAIN: staging.communitybridge.org
+      PRODUCT_DOMAIN: easycla.staging.communitybridge.org
+
+  buildProd:
+    <<: *buildAnchor
+    environment:
+      AWS_ACCESS_KEY_ID_ENV_VAR: AWS_ACCESS_KEY_ID_PROD
+      AWS_SECRET_ACCESS_KEY_ENV_VAR: AWS_SECRET_ACCESS_KEY_PROD
+      AWS_PROFILE: easycla
+      AWS_REGION: us-east-1
+      STAGE: prod
+      ROOT_DOMAIN: communitybridge.org
+      PRODUCT_DOMAIN: easycla.communitybridge.org
+
   lint:
     <<: *defaults
     steps:
@@ -181,27 +228,21 @@ workflows:
           filters:
             tags:
               only: /.*/
-      - build:
+      - buildDev:
           requires:
             - setup
           filters:
             tags:
               only: /.*/
       - lint:
           requires:
-            - build
+            - buildDev
           filters:
             tags:
               only: /.*/
-      #- test:
-      #    requires:
-      #      - build
-      #    filters:
-      #      tags:
-      #        only: /.*/
       - deployContributorConsoleDev:
           requires:
-            - build
+            - buildDev
             - lint
             #- test
           filters:
@@ -212,11 +253,17 @@ workflows:
                 - master
 
       # Deploy Staging
+      - buildStaging:
+          filters:
+            branches:
+              ignore: /.*/
+            tags:
+              # see semver examples https://regex101.com/r/Ly7O1x/201/
+              only: /^v?(0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*)(?:-((?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\.(?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\+([0-9a-zA-Z-]+(?:\.[0-9a-zA-Z-]+)*))?$/
       - approve_staging:
           type: approval
           requires:
-            - build
-            - lint
+            - buildStaging
           filters:
             branches:
               ignore: /.*/
@@ -234,9 +281,17 @@ workflows:
               only: /^v?(0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*)(?:-((?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\.(?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\+([0-9a-zA-Z-]+(?:\.[0-9a-zA-Z-]+)*))?$/
 
       # Deploy Prod
+      - buildProd:
+          filters:
+            branches:
+              ignore: /.*/
+            tags:
+              # see semver examples https://regex101.com/r/Ly7O1x/201/
+              only: /^v?(0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*)(?:-((?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\.(?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\+([0-9a-zA-Z-]+(?:\.[0-9a-zA-Z-]+)*))?$/
       - approve_prod:
           type: approval
           requires:
+            - buildProd
             - deployContributorConsoleStaging
           filters:
             branches:
@@ -253,4 +308,3 @@ workflows:
             tags:
               # see semver examples https://regex101.com/r/Ly7O1x/201/
               only: /^v?(0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*)(?:-((?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\.(?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\+([0-9a-zA-Z-]+(?:\.[0-9a-zA-Z-]+)*))?$/
-

package.json

@@ -101,4 +101,4 @@
     }
   },
   "license": "MIT"
-}
+}

src/app/config/scripts/prefetch-ssm.js

@@ -10,15 +10,18 @@ const stageEnv = process.env.STAGE_ENV;
 const AWS_SSM_JSON_PATH = './src/app/config/cla-env-config.json';
 
 async function prefetchSSM() {
-  let result = {};
   console.log(`Start to fetch SSM values at ${stageEnv}...`);
-  result = await RetrieveSSMValues(configVarArray, stageEnv, region, profile);
+  const result = await RetrieveSSMValues(configVarArray, stageEnv, region, profile);
+  console.log('Fetching completed.');
 
   //test for local
   // result['cla-api-url'] = 'http://localhost:5000';
+  console.log(`Saving configuration to file: ${AWS_SSM_JSON_PATH}...`);
   fs.writeFile(AWS_SSM_JSON_PATH, JSON.stringify(result), function (err) {
-    if (err) throw new Error(`Couldn't save SSM paramters to disk with error ${err}`);
-    console.log('Fetching completed...');
+    if (err) {
+      throw new Error(`Couldn't save SSM parameters to disk with error ${err}`);
+    }
+    console.log('Save complete.');
   });
 }
 

src/app/config/scripts/read-ssm.js

@@ -12,9 +12,7 @@ const AWS = require('aws-sdk');
  * @returns {Promise<{ [key:string]: string}>}
  */
 async function retrieveSSMValues(variables, stage, region, profile) {
-    const scopedVariables = variables.map((param) => {
-        return `cla-${param}-${stage}`;
-    });
+    const scopedVariables = variables.map((param) => `cla-${param}-${stage}`);
     const result = await requestSSMParameters(scopedVariables, stage, region, profile);
     const parameters = result.Parameters;
     const error = result.$response.error;
@@ -24,8 +22,9 @@ async function retrieveSSMValues(variables, stage, region, profile) {
         );
     }
     const scopedParams = createParameterMap(parameters, stage);
-    let params;
+    const params = new Map();
     Object.keys(scopedParams).forEach((key) => {
+        // console.log(`processing ${key}`);
         const param = scopedParams[key];
         key = key.replace('cla-', '');
         key = key.replace(`-${stage}`, '');
@@ -39,23 +38,30 @@ async function retrieveSSMValues(variables, stage, region, profile) {
             );
         }
     });
+
     return params;
 }
 
 /**
+ * Performs a bulk request of the specified SSM parameters.
  * @param {string[]} variables
  * @param {string} stage
  * @param {string} region
+ * @param {string} profile
  */
-function requestSSMParameters(variables, stage, region, profile) {
+async function requestSSMParameters(variables, stage, region, profile) {
+    console.log(`Loading AWS credentials from profile: ${profile}`)
     AWS.config.credentials = new AWS.SharedIniFileCredentials({ profile });
-    const ssm = new AWS.SSM({ region: region });
+    const ssm = new AWS.SSM({ region });
     const ps = {
         Names: variables,
         WithDecryption: true
     };
-    console.log(AWS.config.credentials);
-    return ssm.getParameters(ps).promise();
+    // console.log(AWS.config.credentials);
+    // console.log(`fetching ssm parameters: ${variables}`);
+    const response = await ssm.getParameters(ps).promise();
+    // console.log(response);
+    return response;
 }
 
 /**