Migrate secrets command

apptension · Sep 6, 2023 · 16a5396 · 16a5396
1 parent c38ec2c
commit 16a5396
Show file tree

Hide file tree

Showing 7 changed files with 111 additions and 11 deletions.
diff --git a/packages/internal/cli/src/commands/backend/secrets.ts b/packages/internal/cli/src/commands/backend/secrets.ts
@@ -0,0 +1,30 @@
+import { Command } from '@oclif/core';
+import { color } from '@oclif/color';
+
+import { initConfig } from '../../config/init';
+import { assertDockerIsRunning } from '../../lib/docker';
+import { runSecretsEditor } from '../../lib/secretsEditor';
+
+export default class BackendSecrets extends Command {
+  static description =
+    'Runs an ssm-editor helper tool in docker container to set runtime environmental variables of backend service. ' +
+    'Underneath it uses chamber to both fetch and set those variables in AWS SSM Parameter Store';
+
+  static examples = [`$ <%= config.bin %> <%= command.id %>`];
+
+  async run(): Promise<void> {
+    const { envStage, awsAccountId, awsRegion } = await initConfig(this, {
+      requireAws: true,
+    });
+    await assertDockerIsRunning();
+
+    this.log(`Settings secrets in AWS SSM Parameter store for:
+  service: ${color.green('backend')}
+  envStage: ${color.green(envStage)}
+  AWS account: ${color.green(awsAccountId)}
+  AWS region: ${color.green(awsRegion)}
+`);
+
+    await runSecretsEditor({ serviceName: 'backend' });
+  }
+}
diff --git a/packages/internal/cli/src/commands/webapp/secrets.ts b/packages/internal/cli/src/commands/webapp/secrets.ts
@@ -0,0 +1,30 @@
+import { Command } from '@oclif/core';
+import { color } from '@oclif/color';
+
+import { initConfig } from '../../config/init';
+import { assertDockerIsRunning } from '../../lib/docker';
+import { runSecretsEditor } from '../../lib/secretsEditor';
+
+export default class WebappSecrets extends Command {
+  static description =
+    'Runs an ssm-editor helper tool in docker container to set runtime environmental variables of webapp service. ' +
+    'Underneath it uses chamber to both fetch and set those variables in AWS SSM Parameter Store';
+
+  static examples = [`$ <%= config.bin %> <%= command.id %>`];
+
+  async run(): Promise<void> {
+    const { envStage, awsAccountId, awsRegion } = await initConfig(this, {
+      requireAws: true,
+    });
+    await assertDockerIsRunning();
+
+    this.log(`Settings secrets in AWS SSM Parameter store for:
+  service: ${color.green('webapp')}
+  envStage: ${color.green(envStage)}
+  AWS account: ${color.green(awsAccountId)}
+  AWS region: ${color.green(awsRegion)}
+`);
+
+    await runSecretsEditor({ serviceName: 'webapp' });
+  }
+}
diff --git a/packages/internal/cli/src/commands/workers/secrets.ts b/packages/internal/cli/src/commands/workers/secrets.ts
@@ -0,0 +1,30 @@
+import { Command } from '@oclif/core';
+import { color } from '@oclif/color';
+
+import { initConfig } from '../../config/init';
+import { assertDockerIsRunning } from '../../lib/docker';
+import { runSecretsEditor } from '../../lib/secretsEditor';
+
+export default class WebappSecrets extends Command {
+  static description =
+    'Runs an ssm-editor helper tool in docker container to set runtime environmental variables of workers service. ' +
+    'Underneath it uses chamber to both fetch and set those variables in AWS SSM Parameter Store';
+
+  static examples = [`$ <%= config.bin %> <%= command.id %>`];
+
+  async run(): Promise<void> {
+    const { envStage, awsAccountId, awsRegion } = await initConfig(this, {
+      requireAws: true,
+    });
+    await assertDockerIsRunning();
+
+    this.log(`Settings secrets in AWS SSM Parameter store for:
+  service: ${color.green('workers')}
+  envStage: ${color.green(envStage)}
+  AWS account: ${color.green(awsAccountId)}
+  AWS region: ${color.green(awsRegion)}
+`);
+
+    await runSecretsEditor({ serviceName: 'workers' });
+  }
+}
diff --git a/packages/internal/cli/src/lib/secretsEditor.ts b/packages/internal/cli/src/lib/secretsEditor.ts
@@ -0,0 +1,20 @@
+import { runCommand } from './runCommand';
+
+type RunSecretsEditorOptions = {
+  serviceName: string;
+};
+
+export const runSecretsEditor = async ({
+  serviceName,
+}: RunSecretsEditorOptions) => {
+  await runCommand('pnpm', ['nx', 'run', 'ssm-editor:compose-build-image']);
+  await runCommand('docker', [
+    'compose',
+    'run',
+    '--rm',
+    '-entrypoint /bin/bash',
+    'ssm-editor',
+    `/scripts/run.sh`,
+    serviceName,
+  ]);
+};
diff --git a/packages/internal/ssm-editor/scripts/run.sh b/packages/internal/ssm-editor/scripts/run.sh
@@ -2,7 +2,7 @@
 
 set -e
 
-FULL_SERVICE_NAME="env-${PROJECT_NAME}-${ENV_STAGE}-$1";
+FULL_SERVICE_NAME="env-${PROJECT_NAME}-${ENV_STAGE}-$2";
 CHAMBER_KMS_KEY_ALIAS="${PROJECT_NAME}-${ENV_STAGE}-main"
 
 CHAMBER_KMS_KEY_ALIAS="${CHAMBER_KMS_KEY_ALIAS}" /bin/chamber export "${FULL_SERVICE_NAME}" \

diff --git a/packages/webapp/Makefile b/packages/webapp/Makefile
@@ -11,6 +11,3 @@ build:
 
 deploy:
 	pnpm nx deploy
-
-secrets:
-	$(MAKE) -C $(PROJECT_ROOT_DIR) secrets-editor SERVICE_NAME=webapp
diff --git a/packages/workers/Makefile b/packages/workers/Makefile
@@ -25,10 +25,3 @@ invoke-local:
 
 shell:
 	docker-compose run --rm workers bash
-
-
-secrets: export CHAMBER_SERVICE=workers
-secrets:
-	docker-compose build ssmeditor
-	docker-compose run --rm ssmeditor
-	sls "invoke" "local" "-f" "SynchronizeContentfulContent" "-d" "{\"source\":\"backend.contentfulSync\",\"detail-type\":\"complete\",\"detail\":{\"id\":\"56f478a32bb54ff6adf91b2f19ca6c1a\",\"type\":\"complete\"}}"