Merge pull request #130 from asfadmin/teatest-build.124-release

Teatest build.124 release

NGAP-DEPLOY-README.MD

@@ -48,8 +48,7 @@ module "thin_egress_app" {
 * **session_store** (string) - "DB" for storing sessions in DynamoDB, "S3" for storing sessions in S3. Defaults to "DB".
 * **session_ttl** (number) - time to live for auth session, in hours. Defaults to 168.
 * **stage_name** (string) - this value will show up as the base of the url path as so: `https://xxxxxxxx.execute-api.us-east-1.amazonaws.com/<StageName>/and/so/on`. Defaults to "API".
-* **template_url** (string) - URL of CloudFormation stack template. This will be set when the Terraform module is built.
-* ***use_reverse_bucket_map** (bool) - standard bucketmaps are not reverse. Defaults to false.
+* **use_reverse_bucket_map** (bool) - standard bucketmaps are not reverse. Defaults to false.
 * **vpc_security_group_ids** (list(string)) - list of security groups for the Lambda function
 * **vpc_subnet_ids** (list(string)) - list of subnets for the lambda function
 

README.MD

@@ -168,8 +168,8 @@ aws secretsmanager create-secret --name urs_creds_for_tea \
 Create a key pair and b64 encode them:
 ```bash
 ssh-keygen -t rsa -b 4096 -m PEM -f ./jwtcookie.key
-openssl base64 -in jwtcookie.key -out jwtcookie.key.b64
-openssl base64 -in jwtcookie.key.pub -out jwtcookie.key.pub.b64
+openssl base64 -in jwtcookie.key -out jwtcookie.key.b64 -A
+openssl base64 -in jwtcookie.key.pub -out jwtcookie.key.pub.b64 -A
 ```
 Put the base-64 encoded keys into a json file like so: 
 ```json

build/Jenkinsfile

@@ -67,17 +67,13 @@ pipeline {
         sh 'echo "this file ${WORKSPACE}/${DEPENDENCYLAYERFILENAME}" should exist: '
         sh "ls -lah *.zip"
 
-        // Swap in BUILD#
-        sh "echo '>> Build Stamping....'"
-        sh 'sed -i -e "s/<DEPENDENCY_ARCHIVE_PATH_FILENAME>/${CODE_DIR}\\/${DEPENDENCYLAYERFILENAME}/" ./cloudformation/thin-egress-app.yaml'
-
+
       }
    }
     // Package code
     stage('Package Code') {
       steps {
 
-
         // Zip up the upload.
         sh "echo '>> Building Zipfile....'"
 
@@ -93,17 +89,20 @@ pipeline {
         sh "echo '>> Build Stamping....'"
 
         sh "cd ${WORKSPACE}"
+
+        // thin-egress-app.yaml
         sh 'if [ ${APPTAG} != "tea" ]; then sed -i -e "s/asf.public.code/${CODE_BUCKET}/" ./cloudformation/thin-egress-app.yaml; fi'
         sh 'sed -i -e "s/<CODE_ARCHIVE_PATH_FILENAME>/${CODE_DIR}\\/${CODE_ARCHIVE_FILENAME}/" ./cloudformation/thin-egress-app.yaml'
-        sh 'sed -i -e "s/<BUILD_ID>/${BUILDTAG}/" ./cloudformation/thin-egress-app.yaml'
-        sh 'sed -i -e "s/<BUILD_ID>/${BUILDTAG}/" ./terraform/variables.tf'
+        sh 'sed -i -e "s/<DEPENDENCY_ARCHIVE_PATH_FILENAME>/${CODE_DIR}\\/${DEPENDENCYLAYERFILENAME}/" ./cloudformation/thin-egress-app.yaml'
+        sh 'sed -i -e "s/<BUILD_ID>/${BUILD_ID}/" ./cloudformation/thin-egress-app.yaml'
         sh 'sed -i -e "s;^Description:.*;Description: \\"TEA built by Jenkins job ${JOB_NAME}, ${BUILDTAG}\\";" ./cloudformation/thin-egress-app.yaml'
 
         // Zip up terraform
         sh "echo '>> Building Terraform Zip....'"
         sh "cp ${WORKSPACE}/${CODE_ARCHIVE_FILENAME} ${WORKSPACE}/terraform/lambda.zip"
         sh "cp ${WORKSPACE}/${DEPENDENCYLAYERFILENAME} ${WORKSPACE}/terraform/dependencylayer.zip"
-        sh "cd ${WORKSPACE}/terraform && zip ../${TF_ZIP_FILENAME} *.tf lambda.zip dependencylayer.zip"
+        sh "cp ./cloudformation/thin-egress-app.yaml ${WORKSPACE}/terraform/thin-egress-app.yaml"
+        sh "cd ${WORKSPACE}/terraform && zip ../${TF_ZIP_FILENAME} *.tf thin-egress-app.yaml lambda.zip dependencylayer.zip"
       }
    }
    // Push packages to AWS and deploy new version

setup_jwt_cookie.sh

@@ -15,8 +15,8 @@ EOL
 function GENERATE_TEA_CREDS {
   cd /tmp || exit 1
   ssh-keygen -t rsa -b 4096 -m PEM -f ./jwtcookie.key -N ''
-  openssl base64 -in jwtcookie.key -out jwtcookie.key.b64
-  openssl base64 -in jwtcookie.key.pub -out jwtcookie.key.pub.b64
+  openssl base64 -in jwtcookie.key -out jwtcookie.key.b64 -A
+  openssl base64 -in jwtcookie.key.pub -out jwtcookie.key.pub.b64 -A
 
   export rsa_priv_key=$(<jwtcookie.key.b64)
   export rsa_pub_key=$(<jwtcookie.key.pub.b64)
@@ -25,9 +25,9 @@ function GENERATE_TEA_CREDS {
 }
 
 GENERATE_TEA_CREDS
-aws secretsmanager create-secret --name tt_for_tea --profile ${profile_name:-default} --region ${aws_region:-us-east-1} \
+aws secretsmanager create-secret --name jwt_secret_for_tea --profile ${profile_name:-default} --region ${aws_region:-us-east-1} \
     --description "RS256 keys for TEA app JWT cookies" \
-    --secret-string file:/tmp/jwtkeys.json
+    --secret-string file:///tmp/jwtkeys.json
 
 
 

terraform/main.tf

@@ -1,5 +1,6 @@
 locals {
   vpc_security_group_ids_set = length(var.vpc_security_group_ids) > 0
+  cloudformation_template_filename = "${path.module}/thin-egress-app.yaml"
   lambda_source_filename     = "${path.module}/lambda.zip"
   dependency_layer_filename  ="${path.module}/dependencylayer.zip"
 }
@@ -35,13 +36,21 @@ resource "aws_s3_bucket_object" "lambda_code_dependency_archive" {
   etag   = filemd5(local.dependency_layer_filename)
 }
 
+resource "aws_s3_bucket_object" "cloudformation_template" {
+  bucket = aws_s3_bucket.lambda_source.bucket
+  key    = "${filemd5(local.cloudformation_template_filename)}.yaml"
+  source = local.cloudformation_template_filename
+  etag   = filemd5(local.cloudformation_template_filename)
+}
+
 resource "aws_cloudformation_stack" "thin_egress_app" {
   depends_on   = [
     aws_s3_bucket_object.lambda_source,
-    aws_s3_bucket_object.lambda_code_dependency_archive
+    aws_s3_bucket_object.lambda_code_dependency_archive,
+    aws_s3_bucket_object.cloudformation_template
   ]
   name         = var.stack_name
-  template_url = var.template_url
+  template_url = "https://s3.amazonaws.com/${aws_s3_bucket_object.lambda_source.bucket}/${aws_s3_bucket_object.cloudformation_template.key}"
   capabilities = ["CAPABILITY_NAMED_IAM"]
   parameters = {
     AuthBaseUrl                     = var.auth_base_url

terraform/variables.tf

@@ -163,12 +163,6 @@ variable "tags" {
   default     = {}
 }
 
-variable "template_url" {
-  type        = string
-  default     = "https://s3.amazonaws.com/asf.public.code/thin-egress-app/tea-cloudformation-<BUILD_ID>.yaml"
-  description = "URL of CloudFormation stack template"
-}
-
 variable "urs_auth_creds_secret_name" {
   type        = string
   default     = "urs_creds_for_tea"