chore: avoid showing weka cluster password

cmd/wekactl-aws-lambdas/wekactl-aws-lambdas.go

@@ -5,10 +5,11 @@ import (
 	"errors"
 	"github.com/aws/aws-lambda-go/events"
 	"github.com/aws/aws-lambda-go/lambda"
-	"github.com/weka/go-cloud-lib/scale_down"
+	"github.com/weka/go-cloud-lib/protocol"
 	"os"
+	"strconv"
 	"wekactl/internal/aws/lambdas"
-	"wekactl/internal/aws/lambdas/protocol"
+	"wekactl/internal/aws/lambdas/scale_down"
 	"wekactl/internal/aws/lambdas/terminate"
 	"wekactl/internal/aws/lambdas/transient"
 	"wekactl/internal/env"
@@ -29,11 +30,16 @@ func joinHandler(ctx context.Context) (events.APIGatewayProxyResponse, error) {
 }
 
 func fetchHandler() (protocol.HostGroupInfoResponse, error) {
+	useDynamoDBEndpoint, err := strconv.ParseBool(os.Getenv("USE_DYNAMODB_ENDPOINT"))
+	if err != nil {
+		return protocol.HostGroupInfoResponse{}, err
+	}
 	result, err := lambdas.GetFetchDataParams(
 		os.Getenv("CLUSTER_NAME"),
 		os.Getenv("ASG_NAME"),
 		os.Getenv("TABLE_NAME"),
 		os.Getenv("ROLE"),
+		useDynamoDBEndpoint,
 	)
 	if err != nil {
 		return protocol.HostGroupInfoResponse{}, err
@@ -49,7 +55,7 @@ func main() {
 	case "fetch":
 		lambda.Start(fetchHandler)
 	case "scale":
-		lambda.Start(scale_down.ScaleDown)
+		lambda.Start(scale_down.Handler)
 	case "terminate":
 		lambda.Start(terminate.Handler)
 	case "transient":

go.mod

@@ -15,6 +15,7 @@ require (
 	github.com/weka/go-cloud-lib v0.0.0-20231006140855-8799bae6a0d1
 	golang.org/x/oauth2 v0.12.0
 	golang.org/x/sync v0.3.0
+	golang.org/x/term v0.13.0
 	gopkg.in/errgo.v2 v2.1.0
 )
 

go.sum

@@ -92,6 +92,8 @@ golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
+golang.org/x/term v0.13.0 h1:bb+I9cTfFazGW51MZqBVmZy7+JEJMouUHTUSKVQLBek=
+golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=

internal/aws/cluster/autoscaling.go

@@ -73,5 +73,6 @@ func (a *AutoscalingGroup) Init() {
 	a.ScaleMachineCloudWatch.HostGroupParams = a.HostGroupParams
 	a.ScaleMachineCloudWatch.TableName = a.TableName
 	a.ScaleMachineCloudWatch.ASGName = a.ResourceName()
+	a.ScaleMachineCloudWatch.UsedDynamoDBEndpoint = a.ClusterSettings.UseDynamoDBEndpoint
 	a.ScaleMachineCloudWatch.Init()
 }

internal/aws/cluster/cloudwatch.go

@@ -13,13 +13,14 @@ import (
 const cloudwatchVersion = "v1"
 
 type CloudWatch struct {
-	HostGroupInfo   common.HostGroupInfo
-	HostGroupParams common.HostGroupParams
-	ScaleMachine    ScaleMachine
-	Profile         IamProfile
-	TableName       string
-	Version         string
-	ASGName         string
+	HostGroupInfo        common.HostGroupInfo
+	HostGroupParams      common.HostGroupParams
+	ScaleMachine         ScaleMachine
+	Profile              IamProfile
+	TableName            string
+	Version              string
+	ASGName              string
+	UsedDynamoDBEndpoint bool
 }
 
 func (c *CloudWatch) Tags() cluster.Tags {
@@ -100,5 +101,6 @@ func (c *CloudWatch) Init() {
 	c.ScaleMachine.HostGroupInfo = c.HostGroupInfo
 	c.ScaleMachine.HostGroupParams = c.HostGroupParams
 	c.ScaleMachine.ASGName = c.ASGName
+	c.ScaleMachine.UseDynamoDBEndpoint = c.UsedDynamoDBEndpoint
 	c.ScaleMachine.Init()
 }

internal/aws/cluster/import.go

@@ -245,6 +245,7 @@ func ImportCluster(params cluster.ImportParams) (err error) {
 	clusterSettings.BuildVersion = versionInfo.BuildVersion
 	clusterSettings.DnsAlias = params.DnsAlias
 	clusterSettings.DnsZoneId = params.DnsZoneId
+	clusterSettings.UseDynamoDBEndpoint = params.UseDynamoDBEndpoint
 
 	dynamoDb := DynamoDb{
 		ClusterName: cluster.ClusterName(params.Name),

internal/aws/cluster/lambda.go

@@ -1,6 +1,8 @@
 package cluster
 
 import (
+	"github.com/aws/aws-sdk-go/aws"
+	"strconv"
 	"strings"
 	"wekactl/internal/aws/common"
 	"wekactl/internal/aws/dist"
@@ -14,15 +16,16 @@ import (
 )
 
 type Lambda struct {
-	Arn           string
-	TableName     string
-	Version       string
-	ASGName       string
-	Type          lambdas.LambdaType
-	Profile       IamProfile
-	VPCConfig     lambda.VpcConfig
-	HostGroupInfo common.HostGroupInfo
-	Permissions   iam.PolicyDocument
+	Arn                 string
+	TableName           string
+	Version             string
+	ASGName             string
+	Type                lambdas.LambdaType
+	Profile             IamProfile
+	VPCConfig           lambda.VpcConfig
+	HostGroupInfo       common.HostGroupInfo
+	Permissions         iam.PolicyDocument
+	UseDynamoDBEndpoint bool
 }
 
 func (l *Lambda) Tags() cluster.Tags {
@@ -87,7 +90,7 @@ func (l *Lambda) TargetVersion() string {
 
 func (l *Lambda) Create(tags cluster.Tags) (err error) {
 	functionConfiguration, err := lambdas.CreateLambda(
-		tags.AsStringRefs(), l.Type, l.ResourceName(), l.Profile.Arn, l.ASGName, l.TableName, l.HostGroupInfo, l.VPCConfig)
+		tags.AsStringRefs(), l.Type, l.ResourceName(), l.Profile.Arn, l.ASGName, l.TableName, l.HostGroupInfo, l.VPCConfig, l.UseDynamoDBEndpoint)
 	if err != nil {
 		return
 	}
@@ -114,6 +117,17 @@ func (l *Lambda) Update(tags cluster.Tags) error {
 			return err
 		}
 	}
+	useDynamoDBEndpoint, err := strconv.ParseBool(*info.EnvironmentVariables["USE_DYNAMODB_ENDPOINT"])
+	if err != nil {
+		return err
+	}
+	if useDynamoDBEndpoint != l.UseDynamoDBEndpoint {
+		info.EnvironmentVariables["USE_DYNAMODB_ENDPOINT"] = aws.String(strconv.FormatBool(l.UseDynamoDBEndpoint))
+		err := lambdas.UpdateLambdaEnvironmentVariable(l.ResourceName(), info.EnvironmentVariables)
+		if err != nil {
+			return err
+		}
+	}
 
 	if strings.HasSuffix(l.DeployedVersion(), "#") {
 		err := lambdas.UpdateLambdaRole(l.ResourceName(), l.Profile.Arn)

internal/aws/cluster/scalemachine.go

@@ -14,18 +14,19 @@ import (
 const scaleMachineVersion = "v1"
 
 type ScaleMachine struct {
-	Arn             string
-	TableName       string
-	Version         string
-	ASGName         string
-	HostGroupInfo   common.HostGroupInfo
-	HostGroupParams common.HostGroupParams
-	fetch           Lambda
-	scale           Lambda
-	terminate       Lambda
-	transient       Lambda
-	StateMachine    scalemachine.StateMachine
-	Profile         IamProfile
+	Arn                 string
+	TableName           string
+	Version             string
+	ASGName             string
+	HostGroupInfo       common.HostGroupInfo
+	HostGroupParams     common.HostGroupParams
+	fetch               Lambda
+	scale               Lambda
+	terminate           Lambda
+	transient           Lambda
+	StateMachine        scalemachine.StateMachine
+	Profile             IamProfile
+	UseDynamoDBEndpoint bool
 }
 
 func (s *ScaleMachine) Tags() cluster.Tags {
@@ -152,6 +153,7 @@ func (s *ScaleMachine) Init() {
 	s.fetch.Type = lambdas.LambdaFetchInfo
 	s.fetch.VPCConfig = lambda.VpcConfig{}
 	s.fetch.Permissions = iam.GetJoinAndFetchLambdaPolicy()
+	s.fetch.UseDynamoDBEndpoint = s.UseDynamoDBEndpoint
 	s.fetch.Init()
 
 	s.scale.TableName = s.TableName
@@ -160,6 +162,7 @@ func (s *ScaleMachine) Init() {
 	s.scale.Type = lambdas.LambdaScale
 	s.scale.VPCConfig = vpcConfig
 	s.scale.Permissions = iam.GetScaleLambdaPolicy()
+	s.scale.UseDynamoDBEndpoint = s.UseDynamoDBEndpoint
 	s.scale.Init()
 
 	s.terminate.TableName = s.TableName

internal/aws/db/models.go

@@ -18,18 +18,19 @@ type ClusterCreds struct {
 }
 
 type ClusterSettings struct {
-	Key              string
-	Backends         common.HostGroupParams
-	Clients          common.HostGroupParams
-	Subnet           string
-	AdditionalSubnet string
-	VpcId            string
-	TagsMap          cluster.Tags
-	PrivateSubnet    bool
-	StackId          *string // != nil in case it is created from CF stack
-	BuildVersion     string
-	DnsAlias         string
-	DnsZoneId        string
+	Key                 string
+	Backends            common.HostGroupParams
+	Clients             common.HostGroupParams
+	Subnet              string
+	AdditionalSubnet    string
+	VpcId               string
+	TagsMap             cluster.Tags
+	PrivateSubnet       bool
+	StackId             *string // != nil in case it is created from CF stack
+	BuildVersion        string
+	DnsAlias            string
+	DnsZoneId           string
+	UseDynamoDBEndpoint bool
 }
 
 func (c ClusterSettings) Tags() cluster.Tags {

internal/aws/iam/models.go

@@ -21,7 +21,7 @@ type Principal struct {
 	Service string
 }
 
-//Resource is prohibited for assume role
+// Resource is prohibited for assume role
 type PolicyStatement struct {
 	Effect    string
 	Action    []string
@@ -171,6 +171,8 @@ func GetScaleLambdaPolicy() PolicyDocument {
 					"ec2:CreateNetworkInterface",
 					"ec2:DescribeNetworkInterfaces",
 					"ec2:DeleteNetworkInterface",
+					"dynamodb:GetItem",
+					"kms:Decrypt",
 				},
 				Resource: "*",
 			},

internal/aws/lambdas/fetch.go

@@ -3,12 +3,13 @@ package lambdas
 import (
 	"github.com/aws/aws-sdk-go/service/autoscaling"
 	"github.com/aws/aws-sdk-go/service/ec2"
+	"github.com/weka/go-cloud-lib/protocol"
 	"wekactl/internal/aws/common"
-	"wekactl/internal/aws/lambdas/protocol"
+	"wekactl/internal/aws/db"
 	"wekactl/internal/connectors"
 )
 
-func GetFetchDataParams(clusterName, asgName, tableName, role string) (fd protocol.HostGroupInfoResponse, err error) {
+func GetFetchDataParams(clusterName, asgName, tableName, role string, useDynamoDBEndpoint bool) (fd protocol.HostGroupInfoResponse, err error) {
 	svc := connectors.GetAWSSession().ASG
 	input := &autoscaling.DescribeAutoScalingGroupsInput{AutoScalingGroupNames: []*string{&asgName}}
 	asgOutput, err := svc.DescribeAutoScalingGroups(input)
@@ -27,9 +28,12 @@ func GetFetchDataParams(clusterName, asgName, tableName, role string) (fd protoc
 		return
 	}
 
-	creds, err := getUsernameAndPassword(tableName)
-	if err != nil {
-		return
+	var creds db.ClusterCreds
+	if !useDynamoDBEndpoint {
+		creds, err = GetUsernameAndPassword(tableName)
+		if err != nil {
+			return
+		}
 	}
 
 	return protocol.HostGroupInfoResponse{

internal/aws/lambdas/join.go

@@ -39,7 +39,7 @@ func GetJoinParams(ctx context.Context, clusterName, asgName, tableName, role st
 	}
 	instanceType := common.GetInstanceTypeFromAutoScalingGroupOutput(asgOutput)
 	common2.ShuffleSlice(ips)
-	creds, err := getUsernameAndPassword(tableName)
+	creds, err := GetUsernameAndPassword(tableName)
 	if err != nil {
 		return "", err
 	}

internal/aws/lambdas/lambda.go

@@ -2,6 +2,7 @@ package lambdas
 
 import (
 	"fmt"
+	"strconv"
 	"time"
 	"wekactl/internal/aws/common"
 	"wekactl/internal/aws/dist"
@@ -17,9 +18,10 @@ import (
 )
 
 type LambdaRuntimeInfo struct {
-	Runtime     LambdaRuntime
-	HandlerName string
-	Arch        LambdaArch
+	Runtime              LambdaRuntime
+	HandlerName          string
+	Arch                 LambdaArch
+	EnvironmentVariables map[string]*string
 }
 
 func GetLambdaVpcConfig(subnetId string, securityGroupIds []*string) lambda.VpcConfig {
@@ -44,7 +46,7 @@ func handleAwsInvalidParameterValueException(err error, lambdaName string, shoul
 	return false
 }
 
-func CreateLambda(tags cluster.TagsRefsValues, lambdaType LambdaType, resourceName, roleArn, asgName, tableName string, hostGroupInfo common.HostGroupInfo, vpcConfig lambda.VpcConfig) (*lambda.FunctionConfiguration, error) {
+func CreateLambda(tags cluster.TagsRefsValues, lambdaType LambdaType, resourceName, roleArn, asgName, tableName string, hostGroupInfo common.HostGroupInfo, vpcConfig lambda.VpcConfig, useDynamoDBEndpoint bool) (*lambda.FunctionConfiguration, error) {
 	svc := connectors.GetAWSSession().Lambda
 
 	bucket, err := dist.GetLambdaBucket()
@@ -69,12 +71,13 @@ func CreateLambda(tags cluster.TagsRefsValues, lambdaType LambdaType, resourceNa
 		Description: aws.String(fmt.Sprintf("Wekactl %s", string(lambdaType))),
 		Environment: &lambda.Environment{
 			Variables: map[string]*string{
-				"LAMBDA":       aws.String(string(lambdaType)),
-				"REGION":       aws.String(env.Config.Region),
-				"CLUSTER_NAME": aws.String(string(hostGroupInfo.ClusterName)),
-				"ASG_NAME":     aws.String(asgName),
-				"TABLE_NAME":   aws.String(tableName),
-				"ROLE":         aws.String(string(hostGroupInfo.Role)),
+				"LAMBDA":                aws.String(string(lambdaType)),
+				"REGION":                aws.String(env.Config.Region),
+				"CLUSTER_NAME":          aws.String(string(hostGroupInfo.ClusterName)),
+				"ASG_NAME":              aws.String(asgName),
+				"TABLE_NAME":            aws.String(tableName),
+				"ROLE":                  aws.String(string(hostGroupInfo.Role)),
+				"USE_DYNAMODB_ENDPOINT": aws.String(strconv.FormatBool(useDynamoDBEndpoint)),
 			},
 		},
 		Handler:       aws.String(lambdaHandler),
@@ -294,6 +297,7 @@ func GetLambdaRuntime(lambdaName string) (info LambdaRuntimeInfo, err error) {
 	info.Runtime = LambdaRuntime(*lambdaOutput.Configuration.Runtime)
 	info.HandlerName = *lambdaOutput.Configuration.Handler
 	info.Arch = LambdaArch(*lambdaOutput.Configuration.Architectures[0])
+	info.EnvironmentVariables = lambdaOutput.Configuration.Environment.Variables
 	return
 }
 
@@ -373,3 +377,14 @@ func UpdateLambdaRole(lambdaName, roleArn string) (err error) {
 	}
 	return
 }
+
+func UpdateLambdaEnvironmentVariable(lambdaName string, environmentVariables map[string]*string) (err error) {
+	svc := connectors.GetAWSSession().Lambda
+	log.Info().Msgf("updating lambda %s environment variables ...", lambdaName)
+	_, err = svc.UpdateFunctionConfiguration(&lambda.UpdateFunctionConfigurationInput{
+		FunctionName: &lambdaName,
+		Environment: &lambda.Environment{
+			Variables: environmentVariables,
+		}})
+	return waitForLambdaLastUpdateStatusSuccess(lambdaName, 5*time.Second, 12)
+}