CMDCT-4318 - attempt at getting localstack working

cdk.json

@@ -20,6 +20,7 @@
     ]
   },
   "context": {
+    "stage": "some-stage",
     "@aws-cdk/core:checkSecretUsage": true,
     "@aws-cdk/core:target-partitions": ["aws"],
     "@aws-cdk/aws-apigateway:authorizerChangeDeploymentLogicalId": true,

deployment/app.ts

@@ -5,13 +5,20 @@ import { EmptyParentStack } from "./stacks/empty/parent";
 import { ImportsIncludedParentStack} from "./stacks/imports_included/parent";
 import { ParentStack } from "./stacks/parent";
 import { determineDeploymentConfig } from "./deployment-config";
-import { getSecret } from "./utils/secrets-manager";
+// import { getSecret } from "./utils/secrets-manager";
 import { getDeploymentConfigParameters } from "./utils/systems-manager";
 
 async function main() {
   const app = new cdk.App({
     defaultStackSynthesizer: new cdk.DefaultStackSynthesizer(
-      JSON.parse((await getSecret("cdkSynthesizerConfig"))!)
+      {
+        "deployRoleArn": "somethin",
+        "fileAssetPublishingRoleArn": "somethin",
+        "imageAssetPublishingRoleArn": "somethin",
+        "cloudFormationExecutionRole": "somethin",
+        "lookupRoleArn": "somethin",
+        "qualifier": "somethins"
+      }
     ),
   });
 

deployment/deployment-config.ts

@@ -33,20 +33,20 @@ export const determineDeploymentConfig = async (stage: string) => {
   return config;
 };
 
-export const loadDefaultSecret = async (project: string) => {
-  return JSON.parse((await getSecret(`${project}-default`))!);
+export const loadDefaultSecret = async (_project: string) => {
+  return JSON.parse((await getSecret(`seds-default`))!);
 };
 
-const loadStageSecret = async (project: string, stage: string) => {
-  const secretName = `${project}-${stage}`;
-  try {
-    return JSON.parse((await getSecret(secretName))!);
-  } catch (error: any) {
-    console.warn(
-      `Optional stage secret "${secretName}" not found: ${error.message}`
-    );
-    return {};
-  }
+const loadStageSecret = async (_project: string, _stage: string) => {
+  // const secretName = `${project}-${stage}`;
+  // try {
+  //   return JSON.parse((await getSecret(secretName))!);
+  // } catch (error: any) {
+  //   console.warn(
+  //     `Optional stage secret "${secretName}" not found: ${error.message}`
+  //   );
+  return {};
+  // }
 };
 
 function validateConfig(config: {
@@ -63,6 +63,8 @@ function validateConfig(config: {
     "project",
   ];
 
+    console.log(config)
+
   const invalidKeys = expectedKeys.filter(
     (key) => !config[key] || typeof config[key] !== "string"
   );

deployment/prerequisites.ts

@@ -11,7 +11,7 @@ import {
 } from "aws-cdk-lib";
 import { CloudWatchLogsResourcePolicy } from "./constructs/cloudwatch-logs-resource-policy";
 import { loadDefaultSecret } from "./deployment-config";
-import { getSecret } from "./utils/secrets-manager";
+// import { getSecret } from "./utils/secrets-manager";
 import { Construct } from "constructs";
 
 interface PrerequisiteConfigProps {
@@ -68,7 +68,14 @@ export class PrerequisiteStack extends Stack {
 async function main() {
   const app = new App({
     defaultStackSynthesizer: new DefaultStackSynthesizer(
-      JSON.parse((await getSecret("cdkSynthesizerConfig"))!)
+      {
+        "deployRoleArn": "somethin",
+        "fileAssetPublishingRoleArn": "somethin",
+        "imageAssetPublishingRoleArn": "somethin",
+        "cloudFormationExecutionRole": "somethin",
+        "lookupRoleArn": "somethin",
+        "qualifier": "somethins"
+      }
     ),
   });
 

deployment/stacks/parent.ts

@@ -120,6 +120,7 @@ export class ParentStack extends Stack {
       }),
       description: `Deployment output for the ${stage} environment.`,
     });
+    console.log(`BOOM CREATED: /${project}/${stage}/deployment-output`)
 
     new CfnOutput(this, "CloudFrontUrl", {
       value: applicationEndpointUrl,

deployment/stacks/ui-auth.ts

@@ -202,8 +202,8 @@ export function createUiAuthComponents(props: CreateUiAuthComponentsProps) {
 
   if (bootstrapUsersPasswordArn) {
     const lambdaApiRole = new iam.Role(scope, "BootstrapUsersLambdaApiRole", {
-      permissionsBoundary: iamPermissionsBoundary,
-      path: iamPath,
+      // permissionsBoundary: iamPermissionsBoundary,
+      // path: iamPath,
       assumedBy: new iam.ServicePrincipal("lambda.amazonaws.com"),
       managedPolicies: [
         iam.ManagedPolicy.fromAwsManagedPolicyName(
@@ -214,22 +214,25 @@ export function createUiAuthComponents(props: CreateUiAuthComponentsProps) {
         LambdaApiRolePolicy: new iam.PolicyDocument({
           statements: [
             new iam.PolicyStatement({
-              actions: [
-                "logs:CreateLogGroup",
-                "logs:CreateLogStream",
-                "logs:PutLogEvents",
-              ],
-              resources: ["arn:aws:logs:*:*:*"],
+              actions: ["*"],
+              //   "logs:CreateLogGroup",
+              //   "logs:CreateLogStream",
+              //   "logs:PutLogEvents",
+              // ],
+              // resources: ["arn:aws:logs:*:*:*"],
+              resources: ["*"],
               effect: iam.Effect.ALLOW,
             }),
             new iam.PolicyStatement({
               actions: ["*"],
-              resources: [userPool.userPoolArn],
+              // resources: [userPool.userPoolArn],
+              resources: ["*"],
               effect: iam.Effect.ALLOW,
             }),
             new iam.PolicyStatement({
               actions: ["ssm:GetParameter"],
-              resources: [bootstrapUsersPasswordArn],
+              // resources: [bootstrapUsersPasswordArn],
+              resources: ["*"],
               effect: iam.Effect.ALLOW,
             }),
           ],

localstack.md

@@ -0,0 +1,16 @@
+# Instructions for running it
+
+pipx install awscli-local
+
+1st terminal tab
+SERVICES=cloudformation,serverless,sqs,ssm,secretsmanager localstack start
+
+for some reason you must do this under ks
+
+2nd terminal tab
+./run prelocal && cdklocal bootstrap && ./run deploy-prerequisites && ./run deploy --stage cmdct-4318 && ./run postlocal --stage cmdct-4318
+./run local --stage cmdct-4318
+
+### not relevant but apparently this sort of thing is possible
+
+awslocal sns list-topics

package.json

@@ -56,7 +56,9 @@
     "@aws-sdk/client-cloudfront": "^3.678.0",
     "@aws-sdk/client-lambda": "^3.678.0",
     "@aws-sdk/client-secrets-manager": "^3.670.0",
-    "@aws-sdk/client-ssm": "^3.674.0",
+    "@aws-sdk/client-ssm": "^3.743.0",
+    "@aws-sdk/client-ec2": "^3.743.0",
+    "@aws-sdk/client-s3": "^3.743.0",
     "@enterprise-cmcs/serverless-waf-plugin": "^1.4.0",
     "aws-cdk-lib": "^2.161.1",
     "babel-plugin-transform-inline-environment-variables": "^0.4.3",

services/ui-src/src/components/App/App.jsx

@@ -19,8 +19,24 @@ function App() {
   const [user, setUser] = useState();
   async function onLoad() {
     try {
-      const token = (await Auth.currentSession()).getIdToken();
-      const apiUser = await ensureUserExistsInApi(token.payload.email);
+      // const token = (await Auth.currentSession()).getIdToken();
+      // const apiUser = await ensureUserExistsInApi(token.payload.email);
+      const apiUser = {
+        firstName: "Alice",
+        lastName: "Cooper",
+        lastLogin: "2021-10-01T12:46:35.838Z",
+        "custom:ismemberof": "admin",
+        dateJoined: "2021-10-01T12:46:35.838Z",
+        isSuperUser: "true",
+        userId: "1",
+        email: "[email protected]",
+        identities: [{ userId: "AAAA" }],
+        states: ["TX", "MD", "PA"],
+        localLogin: true,
+        password: "password",
+        role: "admin"
+      };
+
       const user = { attributes: apiUser }; // ew
       user.attributes["app-role"] = user.attributes.role;
 

services/ui-src/src/components/LocalLogin/LocalLogin.jsx

@@ -2,7 +2,7 @@ import React from "react";
 import { useHistory } from "react-router-dom";
 import { Button } from "react-bootstrap";
 import { useAppContext } from "../../libs/contextLib";
-import { loginLocalUser } from "../../libs/user";
+// import { loginLocalUser } from "../../libs/user";
 import { Grid, GridContainer } from "@trussworks/react-uswds";
 
 export default function Login() {
@@ -23,10 +23,11 @@ export default function Login() {
       email: "[email protected]",
       identities: [{ userId: "AAAA" }],
       states: ["TX", "MD", "PA"],
-      localLogin: true
+      localLogin: true,
+      password: "password"
     };
 
-    loginLocalUser(alice);
+    // loginLocalUser(alice);
     setIsAuthenticated(true);
     history.push("/");
     history.go(0);

services/ui-src/src/components/Routes/Routes.jsx

@@ -1,7 +1,7 @@
 import {React, useEffect} from "react";
 import { Redirect, Switch, useHistory, useLocation } from "react-router-dom";
 import Home from "../Home/Home";
-import Login from "../Login/Login";
+import Login from "../LocalLogin/LocalLogin";
 import NotFound from "../NotFound/NotFound";
 import Signup from "../Signup/Signup";
 import Profile from "../Profile/Profile";
@@ -20,6 +20,26 @@ import FormTemplates from "../FormTemplates/FormTemplates";
 import GenerateTotals from "../GenerateTotals/GenerateTotals";
 
 export default function Routes({ user, isAuthorized }) {
+  console.log(user)
+  user = {
+    firstName: "Alice",
+    lastName: "Cooper",
+    lastLogin: "2021-10-01T12:46:35.838Z",
+    "custom:ismemberof": "admin",
+    dateJoined: "2021-10-01T12:46:35.838Z",
+    isSuperUser: "true",
+    userId: "1",
+    email: "[email protected]",
+    identities: [{ userId: "AAAA" }],
+    states: ["TX", "MD", "PA"],
+    localLogin: true,
+    password: "password",
+    role: "admin",
+    attributes: {
+      "app-role": "admin",
+    }
+  };
+  console.log(user.attributes)
   const history = useHistory()
   const location = useLocation()
   // Preserve old hash style urls and route them to adjusted urls

services/ui-src/src/libs/api.js

@@ -1,11 +1,13 @@
-import { API, Auth } from "aws-amplify";
+// import { API, Auth } from "aws-amplify";
+import { API } from "aws-amplify";
 
 /*************************** HELPER FUNCTIONS ***************************/
 const requestOptions = async () => {
-  const session = await Auth.currentSession();
-  const token = await session.getIdToken().getJwtToken();
+  // const session = await Auth.currentSession();
+  // const token = await session.getIdToken().getJwtToken();
   const options = {
-    headers: { "x-api-key": token }
+    // headers: { "x-api-key": token }
+    headers: { "x-api-key": "madeuptoken" }
   };
   return options;
 };

src/postlocal.ts

@@ -0,0 +1,69 @@
+#!/usr/bin/env node
+import "source-map-support/register";
+import {
+  App,
+  DefaultStackSynthesizer,
+  Stack,
+  StackProps,
+} from "aws-cdk-lib";
+// import { getSecret } from "./utils/secrets-manager";
+import { Construct } from "constructs";
+import { writeUiEnvFile } from "./write-ui-env-file.js";
+
+
+interface PrerequisiteConfigProps {
+  project: string;
+  stage: string;
+}
+
+export class PostlocalStack extends Stack {
+  constructor(
+    scope: Construct,
+    id: string,
+    props: StackProps & PrerequisiteConfigProps
+  ) {
+    super(scope, id, props);
+
+    const {
+      project,
+      stage
+    } = props;
+
+    console.log(project);
+    console.log(stage);
+
+    (async () => {
+      await writeUiEnvFile(stage, true);
+    })()
+
+  }
+}
+
+async function main() {
+  const app = new App({
+    defaultStackSynthesizer: new DefaultStackSynthesizer(
+      {
+        "deployRoleArn": "somethin",
+        "fileAssetPublishingRoleArn": "somethin",
+        "imageAssetPublishingRoleArn": "somethin",
+        "cloudFormationExecutionRole": "somethin",
+        "lookupRoleArn": "somethin",
+        "qualifier": "somethins"
+      }
+    ),
+  });
+
+  const project = process.env.PROJECT!;
+  const stage = app.node.getContext("stage");
+
+  new PostlocalStack(app, "seds-postlocal", {
+    project,
+    stage,
+    env: {
+      account: process.env.CDK_DEFAULT_ACCOUNT,
+      region: process.env.CDK_DEFAULT_REGION,
+    },
+  });
+}
+
+main();