Dockerizing the CLI and making it work in ECS (#136)

* WIP of dockerizing the CLI and making it work in ECS

* Minor tweaks to the print logic

Dockerfile

@@ -0,0 +1,11 @@
+FROM openjdk:8-jre-alpine
+
+RUN apk update
+RUN apk upgrade
+RUN apk add bash
+
+COPY build/libs/cerberus.jar .
+COPY cerberus-no-update.sh ./cerberus
+
+RUN chmod +x ./cerberus
+ENV PATH="/:${PATH}"

cerberus-no-update.sh

@@ -0,0 +1,3 @@
+#!/usr/bin/env bash
+
+java -jar cerberus.jar "$@"

docker-deploy.sh

@@ -0,0 +1,12 @@
+#!/usr/bin/env bash
+
+./gradlew clean sJ
+
+VERSION=$(cat gradle.properties | grep version | cut -d'=' -f2)
+
+echo "Version: ${VERSION}"
+
+IMAGE_NAME=cerberusoss/cerberus-lifecycle-management-cli
+
+docker build -t ${IMAGE_NAME}:latest -t ${IMAGE_NAME}:${VERSION} .
+docker push ${IMAGE_NAME}

gradle.properties

@@ -16,4 +16,4 @@
 
 group=com.nike
 artifactId=cerberus-lifecycle-cli
-version=4.8.0
+version=4.9.0

src/main/java/com/nike/cerberus/cli/CerberusRunner.java

@@ -17,6 +17,9 @@
 package com.nike.cerberus.cli;
 
 import ch.qos.logback.classic.Level;
+import com.amazonaws.services.securitytoken.AWSSecurityTokenService;
+import com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClient;
+import com.amazonaws.services.securitytoken.model.GetCallerIdentityRequest;
 import com.beust.jcommander.JCommander;
 import com.github.tomaslanger.chalk.Chalk;
 import com.google.common.collect.ImmutableList;
@@ -123,6 +126,9 @@ public void run(String[] args) {
             } else if (cerberusCommand.isHelp() || commandName == null) {
                 cerberusHelp.print();
             } else {
+                printIAMInfo(cerberusCommand);
+                printCliVersion();
+
                 Injector injector = Guice.createInjector(new CerberusModule(cerberusCommand), new PropsModule());
 
                 // fail early if there is any problem in local environment
@@ -194,10 +200,19 @@ private String[] getEnvironmentalConfigArgs(String[] args) {
     private void printCliVersion() {
         Injector propsInjector = Guice.createInjector(new PropsModule());
         String version = propsInjector.getInstance(Key.get(String.class, Names.named(ConfigConstants.VERSION_PROPERTY)));
-        String versionMessage = Chalk.on(String.format("Cerberus Lifecycle CLI version: %s", version)).green().bold().toString();
+        String versionMessage = String.format("Cerberus Lifecycle CLI version: %s", version);
         System.out.println(versionMessage);
     }
 
+    private void printIAMInfo(CerberusCommand cerberusCommand) {
+        try {
+            AWSSecurityTokenService tokenServiceClient = AWSSecurityTokenServiceClient.builder().withRegion(cerberusCommand.getConfigRegion()).build();
+            String arn = tokenServiceClient.getCallerIdentity(new GetCallerIdentityRequest()).getArn();
+            System.out.println(String.format("Running CLI as IAM Principal: %s", arn));
+        } catch (Throwable t) {
+            System.out.println("Unable to determine IAM Principal, are AWS credentials available?");
+        }
+    }
 
     /**
      * Convenience method for registering all top level commands.

src/main/java/com/nike/cerberus/command/CerberusCommand.java

@@ -48,6 +48,8 @@ public class CerberusCommand {
 
     private EnvironmentConfig environmentConfig;
 
+    private String parsedRegion = null;
+
     @Parameter
     private List<String> parameters = new ArrayList<>();
 
@@ -152,6 +154,10 @@ public String getEnvironmentName() {
      * 3. If 1 and 2 fail look for value in CERBERUS_CLI_REGION env var
      */
     public String getConfigRegion() {
+        if (parsedRegion != null) {
+            return parsedRegion;
+        }
+
         String commandLinePassedRegion = region;
         String environmentConfigFileRegion = getEnvironmentConfig() == null ? null : getEnvironmentConfig().getPrimaryRegion();
         String EnvironmentalVarRegion = System.getenv("CERBERUS_CLI_REGION");
@@ -165,7 +171,8 @@ public String getConfigRegion() {
             calculatedRegion = Regions.DEFAULT_REGION.getName();
         }
 
-        return calculatedRegion;
+        parsedRegion = calculatedRegion;
+        return parsedRegion;
     }
 
     public boolean isDebug() {

src/main/java/com/nike/cerberus/service/AwsClientFactory.java

@@ -18,11 +18,7 @@
 
 import com.amazonaws.AmazonWebServiceClient;
 import com.amazonaws.ClientConfiguration;
-import com.amazonaws.auth.AWSCredentialsProviderChain;
-import com.amazonaws.auth.EnvironmentVariableCredentialsProvider;
-import com.amazonaws.auth.InstanceProfileCredentialsProvider;
-import com.amazonaws.auth.STSAssumeRoleSessionCredentialsProvider;
-import com.amazonaws.auth.SystemPropertiesCredentialsProvider;
+import com.amazonaws.auth.*;
 import com.amazonaws.auth.profile.ProfileCredentialsProvider;
 import com.amazonaws.regions.Region;
 import com.amazonaws.regions.Regions;
@@ -90,7 +86,8 @@ protected AWSCredentialsProviderChain getAWSCredentialsProviderChain() {
                 new SystemPropertiesCredentialsProvider(),
                 new ProfileCredentialsProvider(),
                 sTSAssumeRoleSessionCredentialsProvider,
-                InstanceProfileCredentialsProvider.getInstance());
+                InstanceProfileCredentialsProvider.getInstance(),
+                new EC2ContainerCredentialsProviderWrapper());
 
         return chain;
     }