2018-05-22 19:43:36 +00:00
|
|
|
// Copyright 2016-2018, Pulumi Corporation.
|
|
|
|
//
|
|
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
// you may not use this file except in compliance with the License.
|
|
|
|
// You may obtain a copy of the License at
|
|
|
|
//
|
|
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
//
|
|
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
// See the License for the specific language governing permissions and
|
|
|
|
// limitations under the License.
|
2017-11-28 20:54:36 +00:00
|
|
|
|
2017-11-20 06:28:49 +00:00
|
|
|
package operations
|
|
|
|
|
|
|
|
import (
|
2021-11-13 02:37:17 +00:00
|
|
|
"errors"
|
|
|
|
"fmt"
|
2017-11-20 06:28:49 +00:00
|
|
|
"sort"
|
2017-11-23 05:33:36 +00:00
|
|
|
"sync"
|
2017-11-21 00:37:41 +00:00
|
|
|
"time"
|
2017-11-20 06:28:49 +00:00
|
|
|
|
|
|
|
"github.com/aws/aws-sdk-go/aws"
|
2017-12-11 23:40:39 +00:00
|
|
|
"github.com/aws/aws-sdk-go/aws/credentials"
|
2017-11-20 06:28:49 +00:00
|
|
|
"github.com/aws/aws-sdk-go/aws/session"
|
2017-11-20 21:44:23 +00:00
|
|
|
"github.com/aws/aws-sdk-go/service/cloudwatchlogs"
|
2023-07-26 05:24:52 +00:00
|
|
|
"github.com/aws/aws-sdk-go/service/sts"
|
2017-11-20 21:44:23 +00:00
|
|
|
|
2023-07-26 05:08:18 +00:00
|
|
|
"github.com/pulumi/pulumi/sdk/v3/go/common/resource"
|
2021-03-17 13:20:05 +00:00
|
|
|
"github.com/pulumi/pulumi/sdk/v3/go/common/resource/config"
|
|
|
|
"github.com/pulumi/pulumi/sdk/v3/go/common/tokens"
|
|
|
|
"github.com/pulumi/pulumi/sdk/v3/go/common/util/logging"
|
2017-11-20 06:28:49 +00:00
|
|
|
)
|
|
|
|
|
2017-11-26 17:57:41 +00:00
|
|
|
// TODO[pulumi/pulumi#54] This should be factored out behind an OperationsProvider RPC interface and versioned with the
|
|
|
|
// `pulumi-aws` repo instead of statically linked into the engine.
|
|
|
|
|
2017-11-20 21:31:20 +00:00
|
|
|
// AWSOperationsProvider creates an OperationsProvider capable of answering operational queries based on the
|
2017-11-26 17:57:41 +00:00
|
|
|
// underlying resources of the `@pulumi/aws` implementation.
|
2017-11-20 21:31:20 +00:00
|
|
|
func AWSOperationsProvider(
|
2018-03-01 01:21:40 +00:00
|
|
|
config map[config.Key]string,
|
2023-03-03 16:36:39 +00:00
|
|
|
component *Resource,
|
|
|
|
) (Provider, error) {
|
2017-11-20 21:44:23 +00:00
|
|
|
awsRegion, ok := config[regionKey]
|
|
|
|
if !ok {
|
|
|
|
return nil, errors.New("no AWS region found")
|
|
|
|
}
|
|
|
|
|
2017-12-11 23:40:39 +00:00
|
|
|
// If provided, also pass along the access and secret keys so that we have permission to access operational data on
|
|
|
|
// resources in the target account.
|
|
|
|
//
|
|
|
|
// [pulumi/pulumi#608]: We are only approximating the actual logic that the AWS provider (via
|
|
|
|
// terraform-provdider-aws) uses to turn config into a valid AWS connection. We should find some way to unify these
|
|
|
|
// as part of moving this code into a separate process on the other side of an RPC boundary.
|
|
|
|
awsAccessKey := config[accessKey]
|
|
|
|
awsSecretKey := config[secretKey]
|
|
|
|
awsToken := config[token]
|
2023-07-26 05:48:31 +00:00
|
|
|
awsProfile := config[profile]
|
2017-12-11 23:40:39 +00:00
|
|
|
|
2023-07-26 05:08:18 +00:00
|
|
|
// If there is an explicit provider - instead use the configuration on that provider
|
|
|
|
if component.Provider != nil {
|
|
|
|
outputs := component.Provider.State.Outputs
|
|
|
|
awsRegion = getPropertyMapStringValue(outputs, "region")
|
|
|
|
awsAccessKey = getPropertyMapStringValue(outputs, "accessKey")
|
|
|
|
awsSecretKey = getPropertyMapStringValue(outputs, "secretKey")
|
|
|
|
awsToken = getPropertyMapStringValue(outputs, "token")
|
2023-07-26 05:48:31 +00:00
|
|
|
awsProfile = getPropertyMapStringValue(outputs, "profile")
|
2023-07-26 05:08:18 +00:00
|
|
|
}
|
|
|
|
|
2023-07-26 06:15:10 +00:00
|
|
|
sess, err := getAWSSession(awsRegion, awsAccessKey, awsSecretKey, awsToken, awsProfile, true)
|
2023-07-26 05:24:52 +00:00
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
2018-04-09 22:50:06 +00:00
|
|
|
connection := &awsConnection{
|
|
|
|
logSvc: cloudwatchlogs.New(sess),
|
|
|
|
}
|
|
|
|
|
2017-11-20 21:31:20 +00:00
|
|
|
prov := &awsOpsProvider{
|
2018-04-09 22:50:06 +00:00
|
|
|
awsConnection: connection,
|
2017-11-20 06:28:49 +00:00
|
|
|
component: component,
|
|
|
|
}
|
|
|
|
return prov, nil
|
|
|
|
}
|
|
|
|
|
2023-07-26 05:08:18 +00:00
|
|
|
func getPropertyMapStringValue(m resource.PropertyMap, k resource.PropertyKey) string {
|
|
|
|
v, ok := m[k]
|
|
|
|
if !ok {
|
|
|
|
return ""
|
|
|
|
}
|
2023-07-27 03:44:12 +00:00
|
|
|
if !v.IsString() {
|
|
|
|
return ""
|
|
|
|
}
|
2023-07-26 05:08:18 +00:00
|
|
|
return v.StringValue()
|
|
|
|
}
|
|
|
|
|
2017-11-20 21:31:20 +00:00
|
|
|
type awsOpsProvider struct {
|
2017-11-20 06:28:49 +00:00
|
|
|
awsConnection *awsConnection
|
|
|
|
component *Resource
|
|
|
|
}
|
|
|
|
|
2017-11-20 21:31:20 +00:00
|
|
|
var _ Provider = (*awsOpsProvider)(nil)
|
2017-11-20 06:28:49 +00:00
|
|
|
|
2018-03-02 00:51:09 +00:00
|
|
|
var (
|
2017-11-20 06:28:49 +00:00
|
|
|
// AWS config keys
|
2018-03-08 19:52:48 +00:00
|
|
|
regionKey = config.MustMakeKey("aws", "region")
|
|
|
|
accessKey = config.MustMakeKey("aws", "accessKey")
|
General prep work for refresh
This change includes a bunch of refactorings I made in prep for
doing refresh (first, the command, see pulumi/pulumi#1081):
* The primary change is to change the way the engine's core update
functionality works with respect to deploy.Source. This is the
way we can plug in new sources of resource information during
planning (and, soon, diffing). The way I intend to model refresh
is by having a new kind of source, deploy.RefreshSource, which
will let us do virtually everything about an update/diff the same
way with refreshes, which avoid otherwise duplicative effort.
This includes changing the planOptions (nee deployOptions) to
take a new SourceFunc callback, which is responsible for creating
a source specific to the kind of plan being requested.
Preview, Update, and Destroy now are primarily differentiated by
the kind of deploy.Source that they return, rather than sprinkling
things like `if Destroying` throughout. This tidies up some logic
and, more importantly, gives us precisely the refresh hook we need.
* Originally, we used the deploy.NullSource for Destroy operations.
This simply returns nothing, which is how Destroy works. For some
reason, we were no longer doing this, and instead had some
`if Destroying` cases sprinkled throughout the deploy.EvalSource.
I think this is a vestige of some old way we did configuration, at
least judging by a comment, which is apparently no longer relevant.
* Move diff and diff-printing logic within the engine into its own
pkg/engine/diff.go file, to prepare for upcoming work.
* I keep noticing benign diffs anytime I regenerate protobufs. I
suspect this is because we're also on different versions. I changed
generate.sh to also dump the version into grpc_version.txt. At
least we can understand where the diffs are coming from, decide
whether to take them (i.e., a newer version), and ensure that as
a team we are monotonically increasing, and not going backwards.
* I also tidied up some tiny things I noticed while in there, like
comments, incorrect types, lint suppressions, and so on.
2018-03-28 14:45:23 +00:00
|
|
|
secretKey = config.MustMakeKey("aws", "secretKey")
|
2018-03-08 19:52:48 +00:00
|
|
|
token = config.MustMakeKey("aws", "token")
|
2023-07-26 05:48:31 +00:00
|
|
|
profile = config.MustMakeKey("aws", "profile")
|
2018-03-02 00:51:09 +00:00
|
|
|
)
|
2017-11-20 06:28:49 +00:00
|
|
|
|
2018-03-02 00:51:09 +00:00
|
|
|
const (
|
2017-11-20 21:31:20 +00:00
|
|
|
// AWS resource types
|
|
|
|
awsFunctionType = tokens.Type("aws:lambda/function:Function")
|
2017-11-20 22:55:09 +00:00
|
|
|
awsLogGroupType = tokens.Type("aws:cloudwatch/logGroup:LogGroup")
|
2017-11-20 06:28:49 +00:00
|
|
|
)
|
|
|
|
|
2017-11-20 21:31:20 +00:00
|
|
|
func (ops *awsOpsProvider) GetLogs(query LogQuery) (*[]LogEntry, error) {
|
2017-11-28 15:43:07 +00:00
|
|
|
state := ops.component.State
|
2018-05-15 22:28:00 +00:00
|
|
|
logging.V(6).Infof("GetLogs[%v]", state.URN)
|
2024-03-14 15:28:32 +00:00
|
|
|
//exhaustive:ignore
|
2017-11-28 15:43:07 +00:00
|
|
|
switch state.Type {
|
2017-11-20 21:31:20 +00:00
|
|
|
case awsFunctionType:
|
2017-11-28 15:43:07 +00:00
|
|
|
functionName := state.Outputs["name"].StringValue()
|
2023-07-26 05:54:58 +00:00
|
|
|
logResult := ops.awsConnection.getLogsForLogGroupsConcurrently(
|
2017-11-21 00:37:41 +00:00
|
|
|
[]string{functionName},
|
|
|
|
[]string{"/aws/lambda/" + functionName},
|
|
|
|
query.StartTime,
|
|
|
|
query.EndTime,
|
|
|
|
)
|
2023-07-27 03:44:12 +00:00
|
|
|
sort.SliceStable(logResult, func(i, j int) bool {
|
|
|
|
return logResult[i].Timestamp < logResult[j].Timestamp
|
|
|
|
})
|
2020-02-14 06:38:12 +00:00
|
|
|
logging.V(5).Infof("GetLogs[%v] return %d logs", state.URN, len(logResult))
|
2023-07-26 05:54:58 +00:00
|
|
|
return &logResult, nil
|
2017-11-20 22:55:09 +00:00
|
|
|
case awsLogGroupType:
|
2017-11-28 15:43:07 +00:00
|
|
|
name := state.Outputs["name"].StringValue()
|
2023-07-26 05:54:58 +00:00
|
|
|
logResult := ops.awsConnection.getLogsForLogGroupsConcurrently(
|
2017-11-21 00:37:41 +00:00
|
|
|
[]string{name},
|
|
|
|
[]string{name},
|
|
|
|
query.StartTime,
|
|
|
|
query.EndTime,
|
|
|
|
)
|
2023-07-27 03:44:12 +00:00
|
|
|
sort.SliceStable(logResult, func(i, j int) bool {
|
|
|
|
return logResult[i].Timestamp < logResult[j].Timestamp
|
|
|
|
})
|
2018-05-15 22:28:00 +00:00
|
|
|
logging.V(5).Infof("GetLogs[%v] return %d logs", state.URN, len(logResult))
|
2023-07-26 05:54:58 +00:00
|
|
|
return &logResult, nil
|
2017-11-20 06:28:49 +00:00
|
|
|
default:
|
|
|
|
// Else this resource kind does not produce any logs.
|
2018-05-15 22:28:00 +00:00
|
|
|
logging.V(6).Infof("GetLogs[%v] does not produce logs", state.URN)
|
2017-11-20 06:28:49 +00:00
|
|
|
return nil, nil
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2017-11-20 21:44:23 +00:00
|
|
|
type awsConnection struct {
|
2017-11-28 20:54:36 +00:00
|
|
|
logSvc *cloudwatchlogs.CloudWatchLogs
|
2017-11-20 21:44:23 +00:00
|
|
|
}
|
|
|
|
|
2023-03-03 16:36:39 +00:00
|
|
|
var (
|
2023-07-26 05:48:31 +00:00
|
|
|
awsDefaultSessions map[string]*session.Session = map[string]*session.Session{}
|
2023-03-03 16:36:39 +00:00
|
|
|
awsDefaultSessionMutex sync.Mutex
|
|
|
|
)
|
2017-11-20 21:44:23 +00:00
|
|
|
|
2023-07-27 03:44:12 +00:00
|
|
|
// getSession gets or creates a Session instance to use for making AWS SDK calls using the provided credentials
|
|
|
|
// and configuration. If `validated` is true, it also uses the credentials to make an AWS call to get the caller
|
|
|
|
// identity to ensure they are valid, and return an error if not.
|
|
|
|
func getAWSSession(
|
|
|
|
awsRegion, awsAccessKey, awsSecretKey, awsToken, awsProfile string,
|
|
|
|
validate bool,
|
|
|
|
) (*session.Session, error) {
|
2018-04-09 22:50:06 +00:00
|
|
|
// AWS SDK for Go documentation: "Sessions should be cached when possible"
|
|
|
|
// We keep a default session around and then make cheap copies of it.
|
|
|
|
awsDefaultSessionMutex.Lock()
|
|
|
|
defer awsDefaultSessionMutex.Unlock()
|
|
|
|
|
2023-07-26 05:48:31 +00:00
|
|
|
key := awsRegion + awsAccessKey + awsSecretKey + awsToken + awsProfile
|
|
|
|
awsDefaultSession, ok := awsDefaultSessions[key]
|
|
|
|
if !ok {
|
|
|
|
config := aws.Config{
|
|
|
|
Region: aws.String(awsRegion),
|
|
|
|
}
|
|
|
|
if awsAccessKey != "" || awsSecretKey != "" || awsToken != "" {
|
|
|
|
config.Credentials = credentials.NewStaticCredentials(awsAccessKey, awsSecretKey, awsToken)
|
|
|
|
}
|
|
|
|
|
2023-07-26 04:22:36 +00:00
|
|
|
sess, err := session.NewSessionWithOptions(session.Options{
|
2023-07-26 05:48:31 +00:00
|
|
|
Profile: awsProfile,
|
2023-07-26 04:22:36 +00:00
|
|
|
SharedConfigState: session.SharedConfigEnable,
|
2023-07-26 05:48:31 +00:00
|
|
|
Config: config,
|
2023-07-26 04:22:36 +00:00
|
|
|
})
|
2017-11-20 21:44:23 +00:00
|
|
|
if err != nil {
|
2021-11-13 02:37:17 +00:00
|
|
|
return nil, fmt.Errorf("failed to create AWS session: %w", err)
|
2017-11-20 21:44:23 +00:00
|
|
|
}
|
2018-04-09 22:50:06 +00:00
|
|
|
|
2023-07-27 03:44:12 +00:00
|
|
|
if validate {
|
2023-07-26 06:15:10 +00:00
|
|
|
// Make a call to STS to ensure the session is valid and fail early if not
|
|
|
|
stsSvc := sts.New(sess)
|
|
|
|
_, err = stsSvc.GetCallerIdentity(&sts.GetCallerIdentityInput{})
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
2023-07-26 05:48:31 +00:00
|
|
|
}
|
2018-04-09 22:50:06 +00:00
|
|
|
|
2023-07-26 05:48:31 +00:00
|
|
|
awsDefaultSession = sess
|
|
|
|
awsDefaultSessions[key] = sess
|
2018-04-09 22:50:06 +00:00
|
|
|
}
|
2023-07-26 05:48:31 +00:00
|
|
|
return awsDefaultSession, nil
|
2017-11-20 21:44:23 +00:00
|
|
|
}
|
|
|
|
|
2017-11-22 21:08:19 +00:00
|
|
|
func (p *awsConnection) getLogsForLogGroupsConcurrently(
|
|
|
|
names []string,
|
|
|
|
logGroups []string,
|
|
|
|
startTime *time.Time,
|
2023-03-03 16:36:39 +00:00
|
|
|
endTime *time.Time,
|
2023-07-26 05:54:58 +00:00
|
|
|
) []LogEntry {
|
2017-11-20 21:44:23 +00:00
|
|
|
// Create a channel for collecting log event outputs
|
2023-07-26 05:24:52 +00:00
|
|
|
ch := make(chan []*cloudwatchlogs.FilteredLogEvent, len(logGroups))
|
2017-11-20 21:44:23 +00:00
|
|
|
|
2017-11-21 00:37:41 +00:00
|
|
|
var startMilli *int64
|
|
|
|
if startTime != nil {
|
|
|
|
startMilli = aws.Int64(aws.TimeUnixMilli(*startTime))
|
|
|
|
}
|
|
|
|
var endMilli *int64
|
|
|
|
if endTime != nil {
|
|
|
|
endMilli = aws.Int64(aws.TimeUnixMilli(*endTime))
|
|
|
|
}
|
|
|
|
|
2017-11-20 21:44:23 +00:00
|
|
|
// Run FilterLogEvents for each log group in parallel
|
|
|
|
for _, logGroup := range logGroups {
|
|
|
|
go func(logGroup string) {
|
2017-11-21 07:18:47 +00:00
|
|
|
var ret []*cloudwatchlogs.FilteredLogEvent
|
2017-11-21 07:23:11 +00:00
|
|
|
err := p.logSvc.FilterLogEventsPages(&cloudwatchlogs.FilterLogEventsInput{
|
|
|
|
LogGroupName: aws.String(logGroup),
|
|
|
|
StartTime: startMilli,
|
|
|
|
EndTime: endMilli,
|
|
|
|
}, func(resp *cloudwatchlogs.FilterLogEventsOutput, lastPage bool) bool {
|
2017-11-21 07:18:47 +00:00
|
|
|
ret = append(ret, resp.Events...)
|
2017-11-21 07:23:11 +00:00
|
|
|
if !lastPage {
|
2018-05-15 22:28:00 +00:00
|
|
|
logging.V(5).Infof("[getLogs] Getting more logs for %v...\n", logGroup)
|
2017-11-21 07:18:47 +00:00
|
|
|
}
|
2017-11-21 07:23:11 +00:00
|
|
|
return true
|
|
|
|
})
|
|
|
|
if err != nil {
|
2018-05-15 22:28:00 +00:00
|
|
|
logging.V(5).Infof("[getLogs] Error getting logs: %v %v\n", logGroup, err)
|
2017-11-20 21:44:23 +00:00
|
|
|
}
|
2023-07-26 05:24:52 +00:00
|
|
|
ch <- ret
|
2017-11-20 21:44:23 +00:00
|
|
|
}(logGroup)
|
|
|
|
}
|
|
|
|
|
|
|
|
// Collect responses on the channel and append logs into combined log array
|
|
|
|
var logs []LogEntry
|
|
|
|
for i := 0; i < len(logGroups); i++ {
|
2023-07-26 05:24:52 +00:00
|
|
|
logEvents := <-ch
|
|
|
|
for _, event := range logEvents {
|
2017-11-20 21:44:23 +00:00
|
|
|
logs = append(logs, LogEntry{
|
|
|
|
ID: names[i],
|
|
|
|
Message: aws.StringValue(event.Message),
|
|
|
|
Timestamp: aws.Int64Value(event.Timestamp),
|
|
|
|
})
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2023-07-26 05:54:58 +00:00
|
|
|
return logs
|
2017-11-20 21:44:23 +00:00
|
|
|
}
|