From 16a53963333b318b973de354b2d2d078a595c1a1 Mon Sep 17 00:00:00 2001
From: Patryk Ziemkowski <pziemkowski@apptension.com>
Date: Wed, 6 Sep 2023 17:24:05 +0200
Subject: [PATCH] Migrate secrets command

---
 .../cli/src/commands/backend/secrets.ts       | 30 +++++++++++++++++++
 .../cli/src/commands/webapp/secrets.ts        | 30 +++++++++++++++++++
 .../cli/src/commands/workers/secrets.ts       | 30 +++++++++++++++++++
 .../internal/cli/src/lib/secretsEditor.ts     | 20 +++++++++++++
 packages/internal/ssm-editor/scripts/run.sh   |  2 +-
 packages/webapp/Makefile                      |  3 --
 packages/workers/Makefile                     |  7 -----
 7 files changed, 111 insertions(+), 11 deletions(-)
 create mode 100644 packages/internal/cli/src/commands/backend/secrets.ts
 create mode 100644 packages/internal/cli/src/commands/webapp/secrets.ts
 create mode 100644 packages/internal/cli/src/commands/workers/secrets.ts
 create mode 100644 packages/internal/cli/src/lib/secretsEditor.ts

diff --git a/packages/internal/cli/src/commands/backend/secrets.ts b/packages/internal/cli/src/commands/backend/secrets.ts
new file mode 100644
index 000000000..7d42955d5
--- /dev/null
+++ b/packages/internal/cli/src/commands/backend/secrets.ts
@@ -0,0 +1,30 @@
+import { Command } from '@oclif/core';
+import { color } from '@oclif/color';
+
+import { initConfig } from '../../config/init';
+import { assertDockerIsRunning } from '../../lib/docker';
+import { runSecretsEditor } from '../../lib/secretsEditor';
+
+export default class BackendSecrets extends Command {
+  static description =
+    'Runs an ssm-editor helper tool in docker container to set runtime environmental variables of backend service. ' +
+    'Underneath it uses chamber to both fetch and set those variables in AWS SSM Parameter Store';
+
+  static examples = [`$ <%= config.bin %> <%= command.id %>`];
+
+  async run(): Promise<void> {
+    const { envStage, awsAccountId, awsRegion } = await initConfig(this, {
+      requireAws: true,
+    });
+    await assertDockerIsRunning();
+
+    this.log(`Settings secrets in AWS SSM Parameter store for:
+  service: ${color.green('backend')}
+  envStage: ${color.green(envStage)}
+  AWS account: ${color.green(awsAccountId)}
+  AWS region: ${color.green(awsRegion)}
+`);
+
+    await runSecretsEditor({ serviceName: 'backend' });
+  }
+}
diff --git a/packages/internal/cli/src/commands/webapp/secrets.ts b/packages/internal/cli/src/commands/webapp/secrets.ts
new file mode 100644
index 000000000..1aa6d07d8
--- /dev/null
+++ b/packages/internal/cli/src/commands/webapp/secrets.ts
@@ -0,0 +1,30 @@
+import { Command } from '@oclif/core';
+import { color } from '@oclif/color';
+
+import { initConfig } from '../../config/init';
+import { assertDockerIsRunning } from '../../lib/docker';
+import { runSecretsEditor } from '../../lib/secretsEditor';
+
+export default class WebappSecrets extends Command {
+  static description =
+    'Runs an ssm-editor helper tool in docker container to set runtime environmental variables of webapp service. ' +
+    'Underneath it uses chamber to both fetch and set those variables in AWS SSM Parameter Store';
+
+  static examples = [`$ <%= config.bin %> <%= command.id %>`];
+
+  async run(): Promise<void> {
+    const { envStage, awsAccountId, awsRegion } = await initConfig(this, {
+      requireAws: true,
+    });
+    await assertDockerIsRunning();
+
+    this.log(`Settings secrets in AWS SSM Parameter store for:
+  service: ${color.green('webapp')}
+  envStage: ${color.green(envStage)}
+  AWS account: ${color.green(awsAccountId)}
+  AWS region: ${color.green(awsRegion)}
+`);
+
+    await runSecretsEditor({ serviceName: 'webapp' });
+  }
+}
diff --git a/packages/internal/cli/src/commands/workers/secrets.ts b/packages/internal/cli/src/commands/workers/secrets.ts
new file mode 100644
index 000000000..a9fce6aa9
--- /dev/null
+++ b/packages/internal/cli/src/commands/workers/secrets.ts
@@ -0,0 +1,30 @@
+import { Command } from '@oclif/core';
+import { color } from '@oclif/color';
+
+import { initConfig } from '../../config/init';
+import { assertDockerIsRunning } from '../../lib/docker';
+import { runSecretsEditor } from '../../lib/secretsEditor';
+
+export default class WebappSecrets extends Command {
+  static description =
+    'Runs an ssm-editor helper tool in docker container to set runtime environmental variables of workers service. ' +
+    'Underneath it uses chamber to both fetch and set those variables in AWS SSM Parameter Store';
+
+  static examples = [`$ <%= config.bin %> <%= command.id %>`];
+
+  async run(): Promise<void> {
+    const { envStage, awsAccountId, awsRegion } = await initConfig(this, {
+      requireAws: true,
+    });
+    await assertDockerIsRunning();
+
+    this.log(`Settings secrets in AWS SSM Parameter store for:
+  service: ${color.green('workers')}
+  envStage: ${color.green(envStage)}
+  AWS account: ${color.green(awsAccountId)}
+  AWS region: ${color.green(awsRegion)}
+`);
+
+    await runSecretsEditor({ serviceName: 'workers' });
+  }
+}
diff --git a/packages/internal/cli/src/lib/secretsEditor.ts b/packages/internal/cli/src/lib/secretsEditor.ts
new file mode 100644
index 000000000..b417b0147
--- /dev/null
+++ b/packages/internal/cli/src/lib/secretsEditor.ts
@@ -0,0 +1,20 @@
+import { runCommand } from './runCommand';
+
+type RunSecretsEditorOptions = {
+  serviceName: string;
+};
+
+export const runSecretsEditor = async ({
+  serviceName,
+}: RunSecretsEditorOptions) => {
+  await runCommand('pnpm', ['nx', 'run', 'ssm-editor:compose-build-image']);
+  await runCommand('docker', [
+    'compose',
+    'run',
+    '--rm',
+    '-entrypoint /bin/bash',
+    'ssm-editor',
+    `/scripts/run.sh`,
+    serviceName,
+  ]);
+};
diff --git a/packages/internal/ssm-editor/scripts/run.sh b/packages/internal/ssm-editor/scripts/run.sh
index 1fe10c5c6..02eec4cf9 100644
--- a/packages/internal/ssm-editor/scripts/run.sh
+++ b/packages/internal/ssm-editor/scripts/run.sh
@@ -2,7 +2,7 @@
 
 set -e
 
-FULL_SERVICE_NAME="env-${PROJECT_NAME}-${ENV_STAGE}-$1";
+FULL_SERVICE_NAME="env-${PROJECT_NAME}-${ENV_STAGE}-$2";
 CHAMBER_KMS_KEY_ALIAS="${PROJECT_NAME}-${ENV_STAGE}-main"
 
 CHAMBER_KMS_KEY_ALIAS="${CHAMBER_KMS_KEY_ALIAS}" /bin/chamber export "${FULL_SERVICE_NAME}" \
diff --git a/packages/webapp/Makefile b/packages/webapp/Makefile
index f80f28c41..e3a5c42c0 100644
--- a/packages/webapp/Makefile
+++ b/packages/webapp/Makefile
@@ -11,6 +11,3 @@ build:
 
 deploy:
 	pnpm nx deploy
-
-secrets:
-	$(MAKE) -C $(PROJECT_ROOT_DIR) secrets-editor SERVICE_NAME=webapp
diff --git a/packages/workers/Makefile b/packages/workers/Makefile
index 3193b03b7..f9b9bc9dd 100644
--- a/packages/workers/Makefile
+++ b/packages/workers/Makefile
@@ -25,10 +25,3 @@ invoke-local:
 
 shell:
 	docker-compose run --rm workers bash
-
-
-secrets: export CHAMBER_SERVICE=workers
-secrets:
-	docker-compose build ssmeditor
-	docker-compose run --rm ssmeditor
-	sls "invoke" "local" "-f" "SynchronizeContentfulContent" "-d" "{\"source\":\"backend.contentfulSync\",\"detail-type\":\"complete\",\"detail\":{\"id\":\"56f478a32bb54ff6adf91b2f19ca6c1a\",\"type\":\"complete\"}}"
\ No newline at end of file