Version 1.0.15

LeoPlatform · Jan 9, 2018 · 9f35a9c · 9f35a9c
1 parent 7db918b
commit 9f35a9c
Show file tree

Hide file tree

Showing 8 changed files with 126 additions and 37 deletions.
diff --git a/cloudformation.json b/cloudformation.json
@@ -5,6 +5,45 @@
 		"PublishBucket": {
 			"Type": "AWS::S3::Bucket",
 			"Properties": {}
+		},
+		"PublishPolicy": {
+			"Type": "AWS::IAM::ManagedPolicy",
+			"Properties": {
+				"PolicyDocument": {
+					"Version": "2012-10-17",
+					"Statement": [{
+							"Effect": "Allow",
+							"Action": [
+								"s3:ListBucket",
+								"s3:PutBucketAcl",
+								"s3:ListObjects"
+							],
+							"Resource": {
+								"Fn::Sub": "arn:aws:s3:::${PublishBucket}"
+							}
+						},
+						{
+							"Effect": "Allow",
+							"Action": [
+								"s3:PutObject",
+								"s3:PutObjectAcl"
+							],
+							"Resource": {
+								"Fn::Sub": "arn:aws:s3:::${PublishBucket}/*"
+							}
+						},
+						{
+							"Effect": "Allow",
+							"Action": [
+								"cloudformation:DescribeStackResources",
+								"cloudformation:DescribeStackResource",
+								"cloudformation:DescribeStacks"
+							],
+							"Resource": "*"
+						}
+					]
+				}
+			}
 		}
 	}
 }
diff --git a/leo-cli-deploy.js b/leo-cli-deploy.js
@@ -12,6 +12,7 @@ program
 	.version('0.0.1')
 	.option("--region [region]", "Region to run cloudformation")
 	.option("--url [url]", "s3 url to cloudformation.json")
+	.option("--awsprofile [awsprofile]", "AWS Profile to use")
 	.usage('<dir> <stack> [options]')
 	.action(function (dir, stack) {
 		let rootDir = path.resolve(process.cwd(), dir);
@@ -21,6 +22,9 @@ program
 			configure = buildConfig(rootDir);
 		}
 
+		if (program.awsprofile || configure.aws.profile) {
+			process.env.LEO_AWS_PROFILE = program.awsprofile || configure.aws.profile;
+		}
 		program.region = program.region || (configure.regions || [])[0] || "us-west-2";
 
 		if (stack && typeof stack === "string") {

diff --git a/leo-cli-publish.js b/leo-cli-publish.js
@@ -17,8 +17,9 @@ program
 	.option("--deploy [stack]", "Deploys the published cloudformation")
 	.option("--patch [stack]", "Stack to get original cloudformation")
 	.option("--region [region]", "Region to run cloudformation")
-	.option("--force [bots]", "Force bots to publish")
-	.option("--filter [bots]", "Filter bots to publish")
+	.option("--force [force]", "Force bots to publish")
+	.option("--filter [filter]", "Filter bots to publish")
+	.option("--awsprofile [awsprofile]", "AWS Profile to use")
 	.usage('<dir> [options]')
 	.action(function (dir) {
 		let env = program.env || "dev";
@@ -37,14 +38,15 @@ program
 			configure = buildConfig(rootDir);
 		}
 
-		if (configure.aws.profile) {
-			console.log("Setting aws profile to", configure.aws.profile);
-			var credentials = new aws.SharedIniFileCredentials({
-				profile: configure.aws.profile
-			});
-			aws.config.credentials = credentials;
-			process.env.AWS_DEFAULT_PROFILE = configure.aws.profile;
+		if (program.awsprofile || configure.aws.profile) {
+			process.env.LEO_AWS_PROFILE = program.awsprofile || configure.aws.profile;
 		}
+		// if (configure.aws.profile) {
+		// 	console.log("Setting aws profile to", process.env.LEO_AWS_PROFILE);
+		// 	var credentials = require("./lib/leo-aws")(process.env.LEO_AWS_PROFILE);
+		// 	aws.config.credentials = credentials;
+		// 	process.env.AWS_DEFAULT_PROFILE = process.env.LEO_AWS_PROFILE;
+		// }
 
 		program.region = program.region || (configure.regions || [])[0] || "us-west-2";
 

diff --git a/leo-cli-test.js b/leo-cli-test.js
@@ -5,7 +5,6 @@ var fs = require('fs');
 var program = require('commander');
 var colors = require('colors');
 var moment = require("moment");
-var aws = require("aws-sdk");
 let modulejs = require("module");
 let runInThisContext = require('vm').runInThisContext;
 
@@ -34,12 +33,12 @@ program
 			event = Object.assign(event, require(eventjson));
 		}
 
-		var cloudformation = new aws.CloudFormation({
-			region: config.aws.region
-		});
-		var lambda = new aws.Lambda({
-			region: config.aws.region
-		});
+		// var cloudformation = new aws.CloudFormation({
+		// 	region: config.aws.region
+		// });
+		// var lambda = new aws.Lambda({
+		// 	region: config.aws.region
+		// });
 
 
 		// cloudformation.describeStackResources({
@@ -119,19 +118,6 @@ program
 			.replace("____FILE____", path.normalize(path.resolve(rootDir, pkg.main || "index.js")).replace(/\\/g, "\\\\"))
 			.replace("____HANDLER____", config.handler || "handler");
 
-
-		contents = `"use strict";
-			var configure = require("leo-sdk").configuration;
-			var AWS = require("aws-sdk");
-			if (configure.aws.profile && process.env.AWS_DEFAULT_PROFILE != configure.aws.profile) {
-				console.log("Setting aws profile to", configure.aws.profile);
-				var credentials = new AWS.SharedIniFileCredentials({
-					profile: configure.aws.profile
-				});
-				AWS.config.credentials = credentials;
-				process.env.AWS_DEFAULT_PROFILE = configure.aws.profile;
-			}\n` + contents.replace(`"use strict";`, "");
-
 		// Compile the module to run
 		let r = path.normalize(path.resolve(rootDir, "__leo-cli-test-runner.js")).replace(/\\/g, "\\\\");
 		let m = new modulejs(r, module);

diff --git a/lib/build.js b/lib/build.js
@@ -61,9 +61,7 @@ module.exports = {
 		}
 		if (configure.aws.profile) {
 			console.log("Setting aws profile to", configure.aws.profile);
-			var credentials = new aws.SharedIniFileCredentials({
-				profile: configure.aws.profile
-			});
+			var credentials = require("./leo-aws")(configure.aws.profile);
 			aws.config.credentials = credentials;
 			process.env.AWS_DEFAULT_PROFILE = configure.aws.profile;
 		}
@@ -139,6 +137,9 @@ module.exports = {
 		console.time("Published Files");
 
 		let args = ['s3', 'sync', rootDir, `${remoteDir}`];
+		if (process.env.LEO_AWS_PROFILE) {
+			args.push("--profile", process.env.LEO_AWS_PROFILE);
+		}
 		if (opts.public) {
 			args.push("--grants", "read=uri=http://acs.amazonaws.com/groups/global/AllUsers");
 		}

diff --git a/lib/cloud-formation.js b/lib/cloud-formation.js
@@ -398,7 +398,8 @@ module.exports = {
 	run: function (stack, region, file, opts) {
 		return new Promise((resolve, reject) => {
 			var cloudformation = new aws.CloudFormation({
-				region: region
+				region: region,
+				credentials: require("./leo-aws")(process.env.LEO_AWS_PROFILE)
 			});
 
 			cloudformation.updateStack(Object.assign({
@@ -440,7 +441,8 @@ module.exports = {
 	get: function (stack, region, opts) {
 		return new Promise((resolve, reject) => {
 			var cloudformation = new aws.CloudFormation({
-				region: region
+				region: region,
+				credentials: require("./leo-aws")(process.env.LEO_AWS_PROFILE)
 			});
 
 			cloudformation.getTemplate(Object.assign({
@@ -471,7 +473,8 @@ function getBuckets(regions, opts, callback) {
 				});
 			} else {
 				var cloudformation = new aws.CloudFormation({
-					region: region
+					region: region,
+					credentials: require("./leo-aws")(process.env.LEO_AWS_PROFILE)
 				});
 				cloudformation.describeStackResources({
 					StackName: opts.name
@@ -484,6 +487,7 @@ function getBuckets(regions, opts, callback) {
 							createStack(opts.name, require("../cloudformation.json"), region, (err, data) => {
 								if (err) {
 									console.log(`Error creating "${opts.name}" stack:`, err);
+									console.log(`Talk with your administrator to create the ${opts.name} stack`);
 									process.exit();
 								}
 								done(null, {
@@ -540,7 +544,8 @@ function createStack(name, template, region, opts, done) {
 	}
 
 	var cloudformation = new aws.CloudFormation({
-		region: region
+		region: region,
+		credentials: require("./leo-aws")(process.env.LEO_AWS_PROFILE)
 	});
 
 	let templateBody;

diff --git a/lib/leo-aws.js b/lib/leo-aws.js
@@ -0,0 +1,52 @@
+let paths = module.paths;
+module.paths = require('module')._nodeModulePaths(process.cwd());
+let aws = require("aws-sdk");
+module.paths = paths;
+
+const fs = require("fs");
+const ini = require('ini');
+const execSync = require("child_process").execSync;
+const path = require("path");
+
+module.exports = function (profile) {
+	let credentials;
+	if (profile) {
+		let home = process.env.HOME || process.env.HOMEPATH;
+		let configFile = path.normalize(`${home}/.aws/config`);
+
+		if (fs.existsSync(configFile)) {
+			let config = ini.parse(fs.readFileSync(configFile, 'utf-8'));
+			let p = config[`profile ${profile}`];
+			if (p && p.mfa_serial) {
+				p.role_arn = p.role_arn || "";
+				let cacheFile = `${home}/.aws/cli/cache/${profile}--${p.role_arn.replace(/:/g, '_').replace(/[^A-Za-z0-9\-_]/g, '-')}.json`;
+				let data = {};
+				try {
+					data = JSON.parse(fs.readFileSync(cacheFile));
+				} catch (e) {
+					// Ignore error, Referesh Credentials
+					data = {};
+				} finally {
+					console.log("Using cached AWS credentials", profile);
+					if (!data.Credentials || new Date() >= new Date(data.Credentials.Expiration)) {
+						execSync('aws sts get-caller-identity --profile ' + profile);
+						data = JSON.parse(fs.readFileSync(cacheFile));
+					}
+				}
+				credentials = new aws.STS().credentialsFrom(data, data);
+			} else {
+				console.log("Switching AWS Profile", profile)
+				credentials = new aws.SharedIniFileCredentials({
+					profile: profile
+				});
+			}
+		} else {
+			console.log("Switching AWS Profile", profile)
+			credentials = new aws.SharedIniFileCredentials({
+				profile: profile
+			});
+		}
+	}
+
+	return credentials;
+}
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "leo-cli",
-  "version": "1.0.13",
+  "version": "1.0.15",
   "description": "",
   "main": "index.js",
   "directories": {