Skip to content

Latest commit

 

History

History
163 lines (130 loc) · 5.02 KB

devTest.md

File metadata and controls

163 lines (130 loc) · 5.02 KB

TL;DR

How to dev-test

Repository Management

Angular style commit messages.

Gitflow branch management. A short-lived branches should rebase (rather than merge) to sync up with the long-lived parent it branches off of.

Toolchain

# aws lambda currently has native runtime support for jdk11
$ java --version
openjdk 11.0.10 2021-01-19
OpenJDK Runtime Environment (build 11.0.10+9-Ubuntu-0ubuntu1.20.04)
OpenJDK 64-Bit Server VM (build 11.0.10+9-Ubuntu-0ubuntu1.20.04, mixed mode, sharing)

$ scala3-repl --version
Scala code runner version 3.0.0 -- Copyright 2002-2021, LAMP/EPFL

$ sbt version
[info] welcome to sbt 1.5.4 (Ubuntu Java 11.0.11)
...

Gradle Cheat Sheet

  • gradle -i - INFO level logging
  • gradle cleanTest test --tests 'GetOpt*' - run specific tests

JSON structured logs

We use log4j to setup json structured logs. Ex:

littleware$ cat littleAudit/src/main/resources/log4j2.xml 
<?xml version="1.0" encoding="UTF-8"?>
<Configuration status="DEBUG">
    <Appenders>
        <Console name="LogToConsole" target="SYSTEM_OUT">
            <JsonTemplateLayout eventTemplateUri="classpath:LogstashJsonEventLayoutV1.json"/>
        </Console>
    </Appenders>
    <Loggers>
        <!-- avoid duplicated logs with additivity=false 
        <Logger name="com.mkyong" level="debug" additivity="false">
            <AppenderRef ref="LogToConsole"/>
        </Logger>
        -->
        <Root level="info">
            <AppenderRef ref="LogToConsole"/>
        </Root>
    </Loggers>
</Configuration>

We can analyze a log stream like this:

cat $XDG_RUNTIME_DIR/log.ndjson | jq -r 'select(.message[0:1] == "{") | .little_info = (.message | fromjson)'

CICD

littleAudit cloudmgr

Some bash helper functions. Modify to suit your environment, and source these into your dev shell.

#
# Bash function to generate new ES256 local key pair
#
newkey() {
    local kid=${1:-$(date +%Y%m)}
    local secretsFolder=$HOME/Secrets/littleware/cloudmgr
    
    (
        mkdir -p "$secretsFolder"
        cd "$secretsFolder" || return 1
        if [[ ! -f ec256-key-${kid}.pem ]]; then
          openssl ecparam -genkey -name prime256v1 -noout -out ec256-key-${kid}.pem
        fi
        # convert the key to pkcs8 format
        openssl pkcs8 -topk8 -nocrypt -in ec256-key-${kid}.pem -out ec256-pkcs8-key-${kid}.pem
        # extract the public key
        openssl ec -in ec256-pkcs8-key-${kid}.pem -pubout -out ec256-pubkey-${kid}.pem
    )
}


repl() {
    local replPath
    replPath="$(gradle :littleAudit:printClasspath --quiet)" || return 1
    scala -classpath "$replPath"
}

The cloudmgr test suite accesses AWS KMS, so must be run with AWS credentials. The little command (from https://github.com/frickjack/little-automation) will do that for you for local testing:

little sbt littleware/test littleScala/test littleAudit/test

Otherwise you can do something like this:

(
    export AWS_REGION=us-east-2
    export AWS_SECRET_ACCESS_KEY=...
    export AWS_ACCESS_KEY_ID=...
    little sbt littleware/test littleScala/test littleAudit/test
)

Docker lambda

(
little sbt littleware/test littleScala/test littleAudit/test
cd littleAudit
docker build -t 'audit:frickjack' .
LITTLE_CLOUDMGR="$(cat src/test/resources/littleware/config/LITTLE_CLOUDMGR.json)"
docker run -it --name audit --rm -p 9000:8080 $(little env | grep -e ^AWS | awk '{ print "--env " $0 }') --env "LITTLE_CLOUDMGR=$LITTLE_CLOUDMGR" audit:frickjack
curl -XPOST "http://localhost:9000/2015-03-31/functions/function/invocations" -d '{ "httpMethod": "OPTIONS" }'
)

Configuration

The little.cloudmgr.domain and little.cloudmgr.sessionmgr.config configuration keys may be set in either littleware.properties or the LITTLE_CLOUDMGR environment variable.

$ cat littleAudit/src/test/resources/littleware.properties 
little.cloudmgr.domain = test-cloud.frickjack.com
little.cloudmgr.sessionmgr.config = { \
    "configSource": "this", \
    "sessionMgr": "local", \
    "localSessionConfig": { \
        "signingKey": { "kid": "testkey", "pem": "-----BEGIN PRIVATE KEY-----\n...\n-----END PRIVATE KEY-----" }, \
        "verifyKeys": [ \
            { "kid": "testkey", "pem": "-----BEGIN PUBLIC KEY-----\n...\n-----END PUBLIC KEY-----" } \
        ], \
        "oidcJwksUrl": "https://www.googleapis.com/oauth2/v3/certs" \
    } \
}
# ...

The jwks.json enpoint for a cognito deployment is in its openid configuration - ex: https://cognito-idp.us-east-2.amazonaws.com/us-east-2_860PcgyKN/.well-known/openid-configuration

Publish by git tag

( version="$(sbt littleAudit/version | tail -1 | awk '{ print $2 }')" git tag -a "$version" -m "release details in Notes/reference/releaseNotes.md#$version" git push origin $version )