Create basic CDK support and minimalist demo stack

.gitignore

@@ -1,8 +1,7 @@
+.idea
 *.js
 !jest.config.js
 *.d.ts
 node_modules
-
-# CDK asset staging directory
 .cdk.staging
-cdk.out
+cdk.out

.prettierrc

@@ -0,0 +1,7 @@
+{
+  "trailingComma": "all",
+  "tabWidth": 2,
+  "semi": true,
+  "arrowParens": "always",
+  "printWidth": 120
+}

README.md

@@ -1,14 +1,47 @@
-# Welcome to your CDK TypeScript project
+# Restate CDK support
 
-This is a blank project for CDK development with TypeScript.
+CDK construct library for deploying standalone [Restate](https://restate.dev) and Restate service handlers to AWS.
 
-The `cdk.json` file tells the CDK Toolkit how to execute your app.
+## Deploying the demo project
 
-## Useful commands
+In order to access the Restate Docker image, you need to make a GitHub access token with permission to retrieve the
+Restate beta distribution available in your AWS account.
 
-* `npm run build`   compile typescript to js
-* `npm run watch`   watch for changes and compile
-* `npm run test`    perform the jest unit tests
-* `cdk deploy`      deploy this stack to your default AWS account/region
-* `cdk diff`        compare deployed stack with current state
-* `cdk synth`       emits the synthesized CloudFormation template
+```shell
+aws secretsmanager create-secret --name /restate/docker/github-token --secret-string $GITHUB_TOKEN
+```
+
+To deploy the self-hosted Restate instance, run:
+
+```shell
+npx cdk deploy
+```
+
+By default, this will create a stack prefixed with the value of `$USER` - you can override this using the CDK context
+parameter `prefix` like this:
+
+```shell
+npx cdk deploy --context prefix="dev"
+```
+
+You will be prompted to confirm the creation of new security-sensitive resources.
+
+Use the value of the `RestateIngressEndpoint` output of the CloudFormation stack to communicate with the Restate
+broker (if you customized the deployment prefix above, you will need to update the stack name):
+
+```shell
+export RESTATE_INGRESS_ENDPOINT=$(aws cloudformation describe-stacks --stack-name ${USER}-RestateStack \
+    --query "Stacks[0].Outputs[?OutputKey=='RestateIngressEndpoint'].OutputValue" --output text)
+```
+
+```shell
+curl -X POST -w \\n ${RESTATE_INGRESS_ENDPOINT}/Greeter/greet -H 'content-type: application/json' -d '{"key": "Restate"}'
+```
+
+You will get output similar to the following:
+
+```json
+{
+  "response": "Hello, Restate! :-)"
+}
+```

bin/restate-cdk-support.ts

@@ -1,21 +1,13 @@
 #!/usr/bin/env node
-import 'source-map-support/register';
-import * as cdk from 'aws-cdk-lib';
-import { RestateCdkSupportStack } from '../lib/restate-cdk-support-stack';
+import "source-map-support/register";
+import * as cdk from "aws-cdk-lib";
+import { RestateSelfHostedStack } from "../lib/restate-self-hosted-stack";
 
 const app = new cdk.App();
-new RestateCdkSupportStack(app, 'RestateCdkSupportStack', {
-  /* If you don't specify 'env', this stack will be environment-agnostic.
-   * Account/Region-dependent features and context lookups will not work,
-   * but a single synthesized template can be deployed anywhere. */
 
-  /* Uncomment the next line to specialize this stack for the AWS Account
-   * and Region that are implied by the current CLI configuration. */
-  // env: { account: process.env.CDK_DEFAULT_ACCOUNT, region: process.env.CDK_DEFAULT_REGION },
+const githubPat = app.node.tryGetContext("githubTokenSecretName");
+const prefix = app.node.tryGetContext("prefix") ?? process.env["USER"];
 
-  /* Uncomment the next line if you know exactly what Account and Region you
-   * want to deploy the stack to. */
-  // env: { account: '123456789012', region: 'us-east-1' },
-
-  /* For more information, see https://docs.aws.amazon.com/cdk/latest/guide/environments.html */
+new RestateSelfHostedStack(app, [prefix, "RestateStack"].filter(Boolean).join("-"), {
+  githubTokenSecretName: githubPat,
 });

lib/restate-constructs/lambda/register-service-handler.ts

@@ -0,0 +1,76 @@
+import { CloudFormationCustomResourceResponse } from "aws-lambda";
+import { Handler } from "aws-lambda/handler";
+import { CloudFormationCustomResourceEvent } from "aws-lambda/trigger/cloudformation-custom-resource";
+import fetch from "node-fetch";
+
+interface RegistrationProperties {
+  ingressEndpoint?: string;
+  metaEndpoint?: string;
+  serviceEndpoint?: string;
+  functionVersion?: number;
+}
+
+export const handler: Handler<CloudFormationCustomResourceEvent, Partial<CloudFormationCustomResourceResponse>> =
+  async function(event) {
+    console.log({ event });
+
+    if (event.RequestType === "Delete") {
+      return {
+        // TODO: deregister service on delete (https://github.com/restatedev/restate-cdk-support/issues/5)
+        Reason: "No-op",
+        Status: "SUCCESS",
+      } satisfies Partial<CloudFormationCustomResourceResponse>;
+    }
+
+    try {
+      const props = event.ResourceProperties as RegistrationProperties;
+
+      const controller = new AbortController();
+      const healthCheckTimeout = setTimeout(() => controller.abort(), 3000);
+      const healthCheckUrl = `${props.ingressEndpoint}/grpc.health.v1.Health/Check`;
+      console.log(`Performing health check against: ${healthCheckUrl}`);
+      const healthResponse = await fetch(healthCheckUrl,
+        {
+          signal: controller.signal,
+        })
+        .finally(() => clearTimeout(healthCheckTimeout));
+      console.log(`Got health response back: ${await healthResponse.text()}`);
+
+      if (!(healthResponse.status >= 200 && healthResponse.status < 300)) {
+        // TODO: retry until service is healthy, or some overall timeout is reached
+        throw new Error(`Health check failed: ${healthResponse.statusText} (${healthResponse.status})`);
+      }
+
+      const registerCallTimeout = setTimeout(() => controller.abort(), 3000);
+      const discoveryEndpointUrl = `${props.metaEndpoint}/endpoints`;
+      const registrationRequest = JSON.stringify({ uri: props.serviceEndpoint });
+      console.log(`Triggering registration at ${discoveryEndpointUrl}: ${registrationRequest}`);
+      const discoveryResponse = await fetch(discoveryEndpointUrl,
+        {
+          signal: controller.signal,
+          method: "POST",
+          body: registrationRequest,
+          headers: {
+            "Content-Type": "application/json",
+          },
+        })
+        .finally(() => clearTimeout(registerCallTimeout));
+      console.log(`Got registration response back: ${await discoveryResponse.text()} (${discoveryResponse.status})`);
+
+      if (!(healthResponse.status >= 200 && healthResponse.status < 300)) {
+        // TODO: retry until successful, or some overall timeout is reached
+        throw new Error(`Health check failed: ${healthResponse.statusText} (${healthResponse.status})`);
+      }
+
+      console.log("Returning success.");
+    } catch (err) {
+      console.error("Ignoring unhandled error: " + err);
+    }
+
+    return {
+      Data: {
+        // it would be neat if we could return a unique Restate event id back to CloudFormation to close the loop
+      },
+      Status: "SUCCESS",
+    } satisfies Partial<CloudFormationCustomResourceResponse>;
+  };

lib/restate-constructs/restate-lambda-services.ts

@@ -0,0 +1,79 @@
+import { Construct } from "constructs";
+import * as lambda from "aws-cdk-lib/aws-lambda";
+import * as api_gw from "aws-cdk-lib/aws-apigateway";
+import { SingleNodeRestateInstance } from "./single-node-restate-instance";
+import * as cdk from "aws-cdk-lib";
+
+/**
+ * A Restate RPC service path. Example: `greeter`.
+ */
+type RestatePath = string;
+
+/**
+ * A collection of Lambda Restate RPC Service handlers.
+ */
+export type LambdaServiceCollectionProps = {
+  /**
+   * Mappings from service path to Lambda handler.
+   */
+  serviceHandlers: Record<RestatePath, lambda.Function>;
+}
+
+/**
+ * Creates a Restate service deployment backed by a single EC2 instance,
+ * suitable for development and testing purposes.
+ */
+export class RestateLambdaServiceCollection extends Construct {
+  private readonly serviceHandlers: Record<RestatePath, lambda.Function>;
+
+  constructor(scope: Construct, id: string, props: LambdaServiceCollectionProps) {
+    super(scope, id);
+    this.serviceHandlers = props.serviceHandlers;
+  }
+
+
+  public register(restate: SingleNodeRestateInstance) {
+    for (const [path, handler] of Object.entries(this.serviceHandlers)) {
+      this.registerHandler(restate, { path, handler });
+    }
+  }
+
+  private registerHandler(restate: SingleNodeRestateInstance, service: {
+    path: RestatePath,
+    handler: lambda.Function
+  }) {
+    service.handler.grantInvoke(restate.instanceRole);
+    service.handler.currentVersion.grantInvoke(restate.instanceRole); // Allow explicit version invocation
+
+    const serviceHttpResource = restate.serviceApi.root.addResource(service.path);
+    serviceHttpResource.addProxy({
+      defaultIntegration: new api_gw.LambdaIntegration(service.handler),
+      anyMethod: true,
+    });
+
+    new RestateServiceRegistrar(this, service.handler.node.id + "Discovery", { restate, service });
+  }
+}
+
+class RestateServiceRegistrar extends Construct {
+  constructor(scope: Construct, id: string, props: {
+    restate: SingleNodeRestateInstance, service: {
+      path: RestatePath,
+      handler: lambda.Function
+    }
+  }) {
+    super(scope, id);
+
+    new cdk.CustomResource(this, props.service.handler.node.id + "Discovery", {
+      serviceToken: props.restate.serviceDiscoveryProvider.serviceToken,
+      resourceType: "Custom::RestateServiceRegistrar",
+      properties: {
+        ingressEndpoint: props.restate.privateIngressEndpoint,
+        metaEndpoint: props.restate.metaEndpoint,
+        serviceEndpoint: props.restate.serviceApi.urlForPath(`/${props.service.path}`),
+        functionVersion: props.service.handler.currentVersion.version,
+        // TODO: force a refresh on EC2 instance configuration changes, too (https://github.com/restatedev/restate-cdk-support/issues/4)
+      },
+    });
+  }
+}