From e175ae2e653c2822a7db9b4da8d56ce49cc28efa Mon Sep 17 00:00:00 2001
From: Justin Field <fieldju@gmail.com>
Date: Mon, 22 Apr 2019 11:33:03 -0700
Subject: [PATCH] Dockerizing the CLI and making it work in ECS (#136)

* WIP of dockerizing the CLI and making it work in ECS

* Minor tweaks to the print logic
---
 Dockerfile                                      | 11 +++++++++++
 cerberus-no-update.sh                           |  3 +++
 docker-deploy.sh                                | 12 ++++++++++++
 gradle.properties                               |  2 +-
 .../com/nike/cerberus/cli/CerberusRunner.java   | 17 ++++++++++++++++-
 .../nike/cerberus/command/CerberusCommand.java  |  9 ++++++++-
 .../nike/cerberus/service/AwsClientFactory.java |  9 +++------
 7 files changed, 54 insertions(+), 9 deletions(-)
 create mode 100644 Dockerfile
 create mode 100644 cerberus-no-update.sh
 create mode 100755 docker-deploy.sh

diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 00000000..3b636909
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,11 @@
+FROM openjdk:8-jre-alpine
+
+RUN apk update
+RUN apk upgrade
+RUN apk add bash
+
+COPY build/libs/cerberus.jar .
+COPY cerberus-no-update.sh ./cerberus
+
+RUN chmod +x ./cerberus
+ENV PATH="/:${PATH}"
diff --git a/cerberus-no-update.sh b/cerberus-no-update.sh
new file mode 100644
index 00000000..d4b29dbe
--- /dev/null
+++ b/cerberus-no-update.sh
@@ -0,0 +1,3 @@
+#!/usr/bin/env bash
+
+java -jar cerberus.jar "$@"
diff --git a/docker-deploy.sh b/docker-deploy.sh
new file mode 100755
index 00000000..83ab99bb
--- /dev/null
+++ b/docker-deploy.sh
@@ -0,0 +1,12 @@
+#!/usr/bin/env bash
+
+./gradlew clean sJ
+
+VERSION=$(cat gradle.properties | grep version | cut -d'=' -f2)
+
+echo "Version: ${VERSION}"
+
+IMAGE_NAME=cerberusoss/cerberus-lifecycle-management-cli
+
+docker build -t ${IMAGE_NAME}:latest -t ${IMAGE_NAME}:${VERSION} .
+docker push ${IMAGE_NAME}
diff --git a/gradle.properties b/gradle.properties
index 0edce0c7..582ec911 100644
--- a/gradle.properties
+++ b/gradle.properties
@@ -16,4 +16,4 @@
 
 group=com.nike
 artifactId=cerberus-lifecycle-cli
-version=4.8.0
+version=4.9.0
diff --git a/src/main/java/com/nike/cerberus/cli/CerberusRunner.java b/src/main/java/com/nike/cerberus/cli/CerberusRunner.java
index 869b2887..a80746cb 100644
--- a/src/main/java/com/nike/cerberus/cli/CerberusRunner.java
+++ b/src/main/java/com/nike/cerberus/cli/CerberusRunner.java
@@ -17,6 +17,9 @@
 package com.nike.cerberus.cli;
 
 import ch.qos.logback.classic.Level;
+import com.amazonaws.services.securitytoken.AWSSecurityTokenService;
+import com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClient;
+import com.amazonaws.services.securitytoken.model.GetCallerIdentityRequest;
 import com.beust.jcommander.JCommander;
 import com.github.tomaslanger.chalk.Chalk;
 import com.google.common.collect.ImmutableList;
@@ -123,6 +126,9 @@ public void run(String[] args) {
             } else if (cerberusCommand.isHelp() || commandName == null) {
                 cerberusHelp.print();
             } else {
+                printIAMInfo(cerberusCommand);
+                printCliVersion();
+
                 Injector injector = Guice.createInjector(new CerberusModule(cerberusCommand), new PropsModule());
 
                 // fail early if there is any problem in local environment
@@ -194,10 +200,19 @@ private String[] getEnvironmentalConfigArgs(String[] args) {
     private void printCliVersion() {
         Injector propsInjector = Guice.createInjector(new PropsModule());
         String version = propsInjector.getInstance(Key.get(String.class, Names.named(ConfigConstants.VERSION_PROPERTY)));
-        String versionMessage = Chalk.on(String.format("Cerberus Lifecycle CLI version: %s", version)).green().bold().toString();
+        String versionMessage = String.format("Cerberus Lifecycle CLI version: %s", version);
         System.out.println(versionMessage);
     }
 
+    private void printIAMInfo(CerberusCommand cerberusCommand) {
+        try {
+            AWSSecurityTokenService tokenServiceClient = AWSSecurityTokenServiceClient.builder().withRegion(cerberusCommand.getConfigRegion()).build();
+            String arn = tokenServiceClient.getCallerIdentity(new GetCallerIdentityRequest()).getArn();
+            System.out.println(String.format("Running CLI as IAM Principal: %s", arn));
+        } catch (Throwable t) {
+            System.out.println("Unable to determine IAM Principal, are AWS credentials available?");
+        }
+    }
 
     /**
      * Convenience method for registering all top level commands.
diff --git a/src/main/java/com/nike/cerberus/command/CerberusCommand.java b/src/main/java/com/nike/cerberus/command/CerberusCommand.java
index 41a4fbab..26f5ab0b 100644
--- a/src/main/java/com/nike/cerberus/command/CerberusCommand.java
+++ b/src/main/java/com/nike/cerberus/command/CerberusCommand.java
@@ -48,6 +48,8 @@ public class CerberusCommand {
 
     private EnvironmentConfig environmentConfig;
 
+    private String parsedRegion = null;
+
     @Parameter
     private List<String> parameters = new ArrayList<>();
 
@@ -152,6 +154,10 @@ public String getEnvironmentName() {
      * 3. If 1 and 2 fail look for value in CERBERUS_CLI_REGION env var
      */
     public String getConfigRegion() {
+        if (parsedRegion != null) {
+            return parsedRegion;
+        }
+
         String commandLinePassedRegion = region;
         String environmentConfigFileRegion = getEnvironmentConfig() == null ? null : getEnvironmentConfig().getPrimaryRegion();
         String EnvironmentalVarRegion = System.getenv("CERBERUS_CLI_REGION");
@@ -165,7 +171,8 @@ public String getConfigRegion() {
             calculatedRegion = Regions.DEFAULT_REGION.getName();
         }
 
-        return calculatedRegion;
+        parsedRegion = calculatedRegion;
+        return parsedRegion;
     }
 
     public boolean isDebug() {
diff --git a/src/main/java/com/nike/cerberus/service/AwsClientFactory.java b/src/main/java/com/nike/cerberus/service/AwsClientFactory.java
index c00db894..1dd854ba 100644
--- a/src/main/java/com/nike/cerberus/service/AwsClientFactory.java
+++ b/src/main/java/com/nike/cerberus/service/AwsClientFactory.java
@@ -18,11 +18,7 @@
 
 import com.amazonaws.AmazonWebServiceClient;
 import com.amazonaws.ClientConfiguration;
-import com.amazonaws.auth.AWSCredentialsProviderChain;
-import com.amazonaws.auth.EnvironmentVariableCredentialsProvider;
-import com.amazonaws.auth.InstanceProfileCredentialsProvider;
-import com.amazonaws.auth.STSAssumeRoleSessionCredentialsProvider;
-import com.amazonaws.auth.SystemPropertiesCredentialsProvider;
+import com.amazonaws.auth.*;
 import com.amazonaws.auth.profile.ProfileCredentialsProvider;
 import com.amazonaws.regions.Region;
 import com.amazonaws.regions.Regions;
@@ -90,7 +86,8 @@ protected AWSCredentialsProviderChain getAWSCredentialsProviderChain() {
                 new SystemPropertiesCredentialsProvider(),
                 new ProfileCredentialsProvider(),
                 sTSAssumeRoleSessionCredentialsProvider,
-                InstanceProfileCredentialsProvider.getInstance());
+                InstanceProfileCredentialsProvider.getInstance(),
+                new EC2ContainerCredentialsProviderWrapper());
 
         return chain;
     }