🆕 Creating a keypair if required, notify on missing IAM roles

Author: ProGM

CHANGELOG.md

@@ -1,6 +1,14 @@
 # Changelog
 All notable changes to this project made by Monade Team are documented in this file. For info refer to [email protected]
 
+## [UNRELEASED]
+### Added
+- Command `setup` now create the keypair if it's missing
+
+### Fixed
+- Command `setup` now raises error when the IAM role `ecsInstanceRole` doesn't exist in your account
+- Command `setup` now considers inactive clusters and services as deleted
+
 ## [0.4.0] - 2021-05-24
 ### Changed
 - The command `ssh` now handles multiple container instances. You can now filter by task or service. If there are multiple options, it will be prompted.

README.md

@@ -236,7 +236,7 @@ runner.update_services!
 - The ecsInstanceRole has to be created manually if missing: https://docs.aws.amazon.com/batch/latest/userguide/instance_IAM_role.html
 
 ## TODOs
-
+- Creating the ecsInstanceRole automatically
 - Create scheduled tasks if not present?
 - Navigate through logs (or maybe not: https://github.com/jorgebastida/awslogs)
 - Recap cluster status

lib/ecs_deploy_cli/runners/base.rb

@@ -97,6 +97,16 @@ def cf_client
         end
       end
 
+      def iam_client
+        @iam_client ||= begin
+          require 'aws-sdk-iam'
+          Aws::IAM::Client.new(
+            profile: ENV.fetch('AWS_PROFILE', 'default'),
+            region: config[:aws_region]
+          )
+        end
+      end
+
       def config
         @parser.config
       end

lib/ecs_deploy_cli/runners/setup.rb

@@ -3,11 +3,21 @@
 module EcsDeployCli
   module Runners
     class Setup < Base
+      REQUIRED_ECS_ROLES = {
+        'ecsInstanceRole' => 'https://docs.aws.amazon.com/batch/latest/userguide/instance_IAM_role.html',
+        'ecsTaskExecutionRole' => 'https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_execution_IAM_role.html'
+      }.freeze
+      class SetupError < StandardError; end
+
       def run!
         services, resolved_tasks, _, cluster_options = @parser.resolve
 
+        ensure_ecs_roles_exists!
+
         setup_cluster! cluster_options
         setup_services! services, resolved_tasks: resolved_tasks
+      rescue SetupError => e
+        EcsDeployCli.logger.info e.message
       end
 
       private
@@ -18,22 +28,18 @@ def setup_cluster!(cluster_options)
           return
         end
 
-        unless ecs_instance_role_exists?
-          EcsDeployCli.logger.info 'IAM Role ecsInstanceRole does not exist. Please create it: https://docs.aws.amazon.com/batch/latest/userguide/instance_IAM_role.html.'
-          return
-        end
-
         EcsDeployCli.logger.info "Creating cluster #{config[:cluster]}..."
 
+        create_keypair_if_required! cluster_options
         params = create_params(cluster_options)
 
         ecs_client.create_cluster(
           cluster_name: config[:cluster]
         )
+        EcsDeployCli.logger.info "Cluster created, now running cloudformation..."
 
         stack_name = "EC2ContainerService-#{config[:cluster]}"
 
-
         cf_client.create_stack(
           stack_name: stack_name,
           template_body: File.read(File.join(__dir__, '..', 'cloudformation', 'default.yml')),
@@ -42,12 +48,13 @@ def setup_cluster!(cluster_options)
         )
 
         cf_client.wait_until(:stack_create_complete, { stack_name: stack_name }, delay: 30, max_attempts: 120)
-        EcsDeployCli.logger.info "Cluster #{config[:cluster]} created!"
+        EcsDeployCli.logger.info "Cluster #{config[:cluster]} created! 🎉"
       end
 
       def setup_services!(services, resolved_tasks:)
         services.each do |service_name, service_definition|
-          if ecs_client.describe_services(cluster: config[:cluster], services: [service_name]).to_h[:services].any?
+          existing_services = ecs_client.describe_services(cluster: config[:cluster], services: [service_name]).to_h[:services].filter { |s| s[:status] != 'INACTIVE' }
+          if existing_services.any?
             EcsDeployCli.logger.info "Service #{service_name} already created, skipping."
             next
           end
@@ -58,7 +65,7 @@ def setup_services!(services, resolved_tasks:)
 
           ecs_client.create_service(
             cluster: config[:cluster],
-            desired_count: 1,
+            desired_count: 1, # FIXME: this should be a parameter
             load_balancers: service_definition.as_definition(task_definition)[:load_balancers],
             service_name: service_name,
             task_definition: task_name
@@ -117,14 +124,24 @@ def create_params(cluster_options)
       def cluster_exists?
         clusters = ecs_client.describe_clusters(clusters: [config[:cluster]]).to_h[:clusters]
 
-        clusters.length == 1
+        clusters.filter { |c| c[:status] != 'INACTIVE' }.length == 1
+      end
+
+      def ensure_ecs_roles_exists!
+        REQUIRED_ECS_ROLES.each do |role_name, link|
+          role = iam_client.get_role(role_name: role_name).to_h
+        rescue Aws::IAM::Errors::NoSuchEntity
+          raise SetupError, "IAM Role #{role_name} does not exist. Please create it: #{link}."
+        end
       end
 
-      def ecs_instance_role_exists?
-        role = iam_client.get_role(role_name: 'ecsInstanceRole').to_h
-        true
-      rescue Aws::IAM::Errors::NoSuchEntity
-        false
+      def create_keypair_if_required!(cluster_options)
+        keypairs = ec2_client.describe_key_pairs(key_names: [cluster_options[:keypair_name]]).to_h[:key_pairs]
+      rescue Aws::EC2::Errors::InvalidKeyPairNotFound
+        EcsDeployCli.logger.info "Keypair \"#{cluster_options[:keypair_name]}\" not found, creating it..."
+        key_material = ec2_client.create_key_pair(key_name: cluster_options[:keypair_name]).to_h[:key_material]
+        File.write("#{cluster_options[:keypair_name]}.pem", key_material)
+        EcsDeployCli.logger.info "Created PEM file at #{Dir.pwd}/#{cluster_options[:keypair_name]}.pem"
       end
 
       def format_cloudformation_params(params)

spec/ecs_deploy_cli/runner_spec.rb

@@ -93,19 +93,24 @@
       end
 
       context '#setup!' do
-        it 'setups the cluster correctly' do
+        before do
           mock_ssm_client.stub_responses(:get_parameter, {
                                           parameter: {
                                             name: '/aws/service/ecs/optimized-ami/amazon-linux-2/recommended',
                                             type: 'String',
                                             value: '{"schema_version":1,"image_name":"amzn2-ami-ecs-hvm-2.0.20210331-x86_64-ebs","image_id":"ami-03bbf53329af34379","os":"Amazon Linux 2","ecs_runtime_version":"Docker version 19.03.13-ce","ecs_agent_version":"1.51.0"}'
                                           }
                                         })
+        end
+
+        it 'setups the cluster correctly' do
+          expect(mock_ec2_client).to receive(:describe_key_pairs).and_return(key_pairs: [{ key_id: 'some' }])
 
-          expect(mock_iam_client).to receive(:get_role).with({ role_name: 'ecsInstanceRole' }).and_return({ role: { arn: 'some' } })
+          expect(mock_iam_client).to receive(:get_role).at_least(:once).and_return({ role: { arn: 'some' } })
           expect(mock_cf_client).to receive(:wait_until)
           expect(mock_ecs_client).to receive(:create_service)
 
+          expect_any_instance_of(EcsDeployCli::Runners::Base).to receive(:ec2_client).at_least(:once).and_return(mock_ec2_client)
           expect_any_instance_of(EcsDeployCli::Runners::Base).to receive(:iam_client).at_least(:once).and_return(mock_iam_client)
           expect_any_instance_of(EcsDeployCli::Runners::Base).to receive(:cwl_client).at_least(:once).and_return(mock_cwl_client)
           expect_any_instance_of(EcsDeployCli::Runners::Base).to receive(:ecs_client).at_least(:once).and_return(mock_ecs_client)
@@ -120,11 +125,10 @@
             puts message
           end
 
-          expect(mock_iam_client).to receive(:get_role).with({ role_name: 'ecsInstanceRole' }) do
+          expect(mock_iam_client).to receive(:get_role).at_least(:once) do
             raise Aws::IAM::Errors::NoSuchEntity.new(nil, 'some')
           end
 
-
           expect_any_instance_of(EcsDeployCli::Runners::Base).to receive(:iam_client).at_least(:once).and_return(mock_iam_client)
           expect_any_instance_of(EcsDeployCli::Runners::Base).to receive(:ecs_client).at_least(:once).and_return(mock_ecs_client)
 
@@ -138,10 +142,25 @@
             puts message
           end
 
+          expect_any_instance_of(EcsDeployCli::Runners::Base).to receive(:cwl_client).at_least(:once).and_return(mock_cwl_client)
           expect_any_instance_of(EcsDeployCli::Runners::Base).to receive(:ecs_client).at_least(:once).and_return(mock_ecs_client)
 
           expect { subject.setup! }.to output(/Cluster already created, skipping./).to_stdout
         end
+
+        it 'creates the keypair if not there' do
+          expect(mock_ec2_client).to receive(:describe_key_pairs) do
+            raise Aws::EC2::Errors::InvalidKeyPairNotFound.new(nil, 'some')
+          end
+
+          expect(mock_ec2_client).to receive(:create_key_pair) { raise 'created keypair' }
+
+          expect_any_instance_of(EcsDeployCli::Runners::Base).to receive(:ec2_client).at_least(:once).and_return(mock_ec2_client)
+          expect_any_instance_of(EcsDeployCli::Runners::Base).to receive(:iam_client).at_least(:once).and_return(mock_iam_client)
+          expect_any_instance_of(EcsDeployCli::Runners::Base).to receive(:ecs_client).at_least(:once).and_return(mock_ecs_client)
+
+          expect { subject.setup! }.to raise_error('created keypair')
+        end
       end
 
       context '#ssh' do