Step sqs (#84)

* sqs checkin

* state now printing to logs from each step

Author: twarnock

.gitignore

@@ -114,3 +114,6 @@ venv.bak/
 .terraform/
 terraform.tfstate*
 *.tfvars
+
+# vscode
+.vscode/

step/cloudwatch.tf

@@ -3,7 +3,7 @@
 //   retention_in_days = "1"
 // }
 
-resource "aws_cloudwatch_event_rule" "rehost-migration-rule" {
+resource "aws_cloudwatch_event_rule" "rehost_migration_rule" {
   name          = "ce-rehost-migration-rule"
   description   = ""
   event_pattern = <<PATTERN
@@ -23,8 +23,14 @@ resource "aws_cloudwatch_event_rule" "rehost-migration-rule" {
 PATTERN
 }
 
-resource "aws_cloudwatch_event_target" "rehost-migration-target" {
-  rule     = "${aws_cloudwatch_event_rule.rehost-migration-rule.id}"
+resource "aws_cloudwatch_event_target" "rehost_migration_target" {
+  rule     = "${aws_cloudwatch_event_rule.rehost_migration_rule.id}"
   arn      = "${aws_sfn_state_machine.rehost_migration.id}"
-  role_arn = "${aws_iam_role.iam_for_stepfunction.arn}"
+  role_arn = "${aws_iam_role.iam_for_cloudwatch_stepfunction.arn}"
+}
+
+resource "aws_lambda_event_source_mapping" "event_source_mapping" {
+  event_source_arn = "${aws_sqs_queue.event_queue.arn}"
+  function_name    = "${aws_lambda_function.lambda_update_servicenow.arn}"
+  batch_size       = 1
 }

step/iam.tf

@@ -1,21 +1,30 @@
-# step function related iam
+# sfn related iam role
 resource "aws_iam_role" "iam_for_stepfunction" {
   name               = "ce-iam-for-stepfunction"
   assume_role_policy = "${data.aws_iam_policy_document.stepfunction_assume_role_policy_document.json}"
 }
 
+# assume_role_policy for sfn role
 data "aws_iam_policy_document" "stepfunction_assume_role_policy_document" {
   statement {
     actions = ["sts:AssumeRole"]
 
     principals {
       type = "Service"
-      identifiers = ["states.${var.region}.amazonaws.com"]
+      identifiers = [
+        "states.${var.region}.amazonaws.com"
+      ]
     }
   }
 }
 
-data "aws_iam_policy_document" "lambda-invoke" {
+# sfn policy needed to invoke lambda
+resource "aws_iam_policy" "lambda_invoke" {
+  name   = "ce-lambda-invoke"
+  policy = "${data.aws_iam_policy_document.lambda_invoke.json}"
+}
+
+data "aws_iam_policy_document" "lambda_invoke" {
   statement {
     actions = [
       "lambda:InvokeFunction"
@@ -24,30 +33,20 @@ data "aws_iam_policy_document" "lambda-invoke" {
       "*",
     ]
   }
-  # role(s) that the lambdas are allowed to assume roles on for copy, split, and tf generation
-  statement {
-    effect = "Allow"
-    actions = [ "sts:AssumeRole" ]
-    resources = [for role in var.assume_role_list: role]
-  }
 }
 
-resource "aws_iam_policy" "lambda-invoke" {
-  name   = "ce-lambda-invoke"
-  policy = "${data.aws_iam_policy_document.lambda-invoke.json}"
-}
-
-resource "aws_iam_role_policy_attachment" "lambda-invoke" {
+resource "aws_iam_role_policy_attachment" "lambda_invoke" {
   role       = "${aws_iam_role.iam_for_stepfunction.name}"
-  policy_arn = "${aws_iam_policy.lambda-invoke.arn}"
+  policy_arn = "${aws_iam_policy.lambda_invoke.arn}"
 }
 
-# lambda related
+# lambda related iam role
 resource "aws_iam_role" "iam_for_lambda" {
   name               = "ce-iam-for-lambda"
   assume_role_policy = "${data.aws_iam_policy_document.iam_for_lambda_assume_role.json}"
 }
 
+# assume_role_policy for lambda role
 data "aws_iam_policy_document" "iam_for_lambda_assume_role" {
   statement {
     actions = ["sts:AssumeRole"]
@@ -63,8 +62,78 @@ resource "aws_iam_role_policy_attachment" "role_policy_lambda_exec" {
   policy_arn = "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
 }
 
+resource "aws_iam_role_policy_attachment" "role_policy_lambda_sqs" {
+  role       = "${aws_iam_role.iam_for_lambda.name}"
+  policy_arn = "arn:aws:iam::aws:policy/service-role/AWSLambdaSQSQueueExecutionRole"
+}
+
 resource "aws_iam_role_policy_attachment" "role_policy_lambda_ec2" {
   role       = "${aws_iam_role.iam_for_lambda.name}"
   policy_arn = "arn:aws:iam::aws:policy/AmazonEC2FullAccess"
 }
- 
+
+# create policy to allow SQS and AssumeRole
+resource "aws_iam_policy" "role_policy_lambda_execution" {
+  name   = "ce-lambda-execution-policy"
+  policy = "${data.aws_iam_policy_document.role_policy_lambda_execution_document.json}"
+}
+
+data "aws_iam_policy_document" "role_policy_lambda_execution_document" {
+  statement {
+    effect = "Allow"
+    actions = [
+      "sqs:SendMessage",
+      "sqs:GetQueueUrl"
+    ]
+    resources = [
+      "${aws_sqs_queue.event_queue.arn}"
+    ]
+  }
+
+  # role(s) that the lambdas are allowed to assume roles on for copy, split, and tf generation
+  statement {
+    effect = "Allow"
+    actions = [ "sts:AssumeRole" ]
+    resources = [for role in var.assume_role_list: role]
+  }
+}
+
+resource "aws_iam_role_policy_attachment" "role_policy_lambda_execution" {
+  role       = "${aws_iam_role.iam_for_lambda.name}"
+  policy_arn = "${aws_iam_policy.role_policy_lambda_execution.arn}"
+}
+
+// CW event execution
+
+resource "aws_iam_role" "iam_for_cloudwatch_stepfunction" {
+  name               = "ce-cloudwatch-stepfunction"
+  assume_role_policy = "${data.aws_iam_policy_document.stepfunction_assume_role_document.json}"
+}
+
+data "aws_iam_policy_document" "stepfunction_assume_role_document" {
+  statement {
+    actions = ["sts:AssumeRole"]
+    principals {
+      type = "Service"
+      identifiers = ["events.amazonaws.com"]
+    }
+  }
+}
+
+resource "aws_iam_policy" "stepfunction_execution" {
+  name   = "ce-cloudwatch-stepfunction"
+  policy = "${data.aws_iam_policy_document.stepfunction_execution_policy_document.json}"
+}
+
+data "aws_iam_policy_document" "stepfunction_execution_policy_document" {
+  statement {
+    effect = "Allow"
+    actions = ["states:StartExecution"]
+    resources = ["${aws_sfn_state_machine.rehost_migration.id}"]
+  }
+}
+
+resource "aws_iam_role_policy_attachment" "stepfunction_execution_attachment" {
+  role       = "${aws_iam_role.iam_for_cloudwatch_stepfunction.name}"
+  policy_arn = "${aws_iam_policy.stepfunction_execution.arn}"
+}

step/lambdas.tf

@@ -13,6 +13,12 @@ resource "aws_lambda_function" "lambda_find_instance" {
   source_code_hash = "${data.archive_file.lambdas.output_base64sha256}"
   runtime          = "python3.7"
   depends_on       = ["data.archive_file.lambdas"]
+
+  environment {
+    variables = {
+      event_queue = "${aws_sqs_queue.event_queue.id}"
+    }
+  }
 }
 
 resource "aws_lambda_function" "lambda_get_instance_status" {
@@ -23,6 +29,12 @@ resource "aws_lambda_function" "lambda_get_instance_status" {
   source_code_hash = "${data.archive_file.lambdas.output_base64sha256}"
   runtime          = "python3.7"
   depends_on       = ["data.archive_file.lambdas"]
+
+  environment {
+    variables = {
+      event_queue = "${aws_sqs_queue.event_queue.id}"
+    }
+  }
 }
 
 resource "aws_lambda_function" "lambda_create_image" {
@@ -33,6 +45,12 @@ resource "aws_lambda_function" "lambda_create_image" {
   source_code_hash = "${data.archive_file.lambdas.output_base64sha256}"
   runtime          = "python3.7"
   depends_on       = ["data.archive_file.lambdas"]
+
+  environment {
+    variables = {
+      event_queue = "${aws_sqs_queue.event_queue.id}"
+    }
+  }
 }
 
 resource "aws_lambda_function" "lambda_get_image_status" {
@@ -43,6 +61,12 @@ resource "aws_lambda_function" "lambda_get_image_status" {
   source_code_hash = "${data.archive_file.lambdas.output_base64sha256}"
   runtime          = "python3.7"
   depends_on       = ["data.archive_file.lambdas"]
+
+  environment {
+    variables = {
+      event_queue = "${aws_sqs_queue.event_queue.id}"
+    }
+  }
 }
 
 resource "aws_lambda_function" "lambda_share_image" {
@@ -53,6 +77,12 @@ resource "aws_lambda_function" "lambda_share_image" {
   source_code_hash = "${data.archive_file.lambdas.output_base64sha256}"
   runtime          = "python3.7"
   depends_on       = ["data.archive_file.lambdas"]
+
+  environment {
+    variables = {
+      event_queue = "${aws_sqs_queue.event_queue.id}"
+    }
+  }
 }
 
 resource "aws_lambda_function" "lambda_copy_image" {
@@ -63,6 +93,12 @@ resource "aws_lambda_function" "lambda_copy_image" {
   source_code_hash = "${data.archive_file.lambdas.output_base64sha256}"
   runtime          = "python3.7"
   depends_on       = ["data.archive_file.lambdas"]
+
+  environment {
+    variables = {
+      event_queue = "${aws_sqs_queue.event_queue.id}"
+    }
+  }
 }
 
 resource "aws_lambda_function" "lambda_get_copy_status" {
@@ -73,6 +109,12 @@ resource "aws_lambda_function" "lambda_get_copy_status" {
   source_code_hash = "${data.archive_file.lambdas.output_base64sha256}"
   runtime          = "python3.7"
   depends_on       = ["data.archive_file.lambdas"]
+
+  environment {
+    variables = {
+      event_queue = "${aws_sqs_queue.event_queue.id}"
+    }
+  }
 }
 
 resource "aws_lambda_function" "lambda_split_image" {
@@ -83,6 +125,12 @@ resource "aws_lambda_function" "lambda_split_image" {
   source_code_hash = "${data.archive_file.lambdas.output_base64sha256}"
   runtime          = "python3.7"
   depends_on       = ["data.archive_file.lambdas"]
+
+  environment {
+    variables = {
+      event_queue = "${aws_sqs_queue.event_queue.id}"
+    }
+  }
 }
 
 resource "aws_lambda_function" "lambda_image_cleanup" {
@@ -93,4 +141,20 @@ resource "aws_lambda_function" "lambda_image_cleanup" {
   source_code_hash = "${data.archive_file.lambdas.output_base64sha256}"
   runtime          = "python3.7"
   depends_on       = ["data.archive_file.lambdas"]
+
+  environment {
+    variables = {
+      event_queue = "${aws_sqs_queue.event_queue.id}"
+    }
+  }
+}
+
+resource "aws_lambda_function" "lambda_update_servicenow" {
+  filename         = "lambdas.zip"
+  function_name    = "ce-update-servicenow"
+  role             = "${aws_iam_role.iam_for_lambda.arn}"
+  handler          = "update_servicenow.lambda_handler"
+  source_code_hash = "${data.archive_file.lambdas.output_base64sha256}"
+  runtime          = "python3.7"
+  depends_on       = ["data.archive_file.lambdas"]
 }

step/lambdas/copy_image.py

@@ -8,6 +8,7 @@
 from typing import Any, Dict
 
 import boto3
+from servicenowstate import ServiceNowState, ServiceNowStateHandler
 
 print("Loading function copy_image")
 
@@ -27,6 +28,7 @@ def lambda_handler(event: Dict[str, Any], context: Any) -> str:
     kms_id: str = event["kms_id"]
     region: str = event.get("region", os.environ.get("AWS_REGION"))
     role: str = event.get("role")
+    instance_name: str = event.get("name", "")
 
     sts_client = boto3.client("sts")
 
@@ -57,4 +59,7 @@ def lambda_handler(event: Dict[str, Any], context: Any) -> str:
         print(e)
         return ""
 
+    ServiceNowStateHandler().update_state(
+        state="IMAGE_COPYING", machine_name=instance_name
+    )
     return new_image.get("ImageId", "")

step/lambdas/create_image.py

@@ -8,6 +8,7 @@
 from typing import Any, Dict
 
 import boto3
+from servicenowstate import ServiceNowStateHandler
 
 print("Loading function create_image")
 
@@ -26,8 +27,8 @@ def lambda_handler(event: Dict[str, Any], context: Any) -> str:
     print("Received event: " + json.dumps(event, indent=2))
 
     instance_id: str = event["instance_id"]
-
     image_creation_time: str = datetime.datetime.utcnow().strftime("%Y%m%d%H%M%S")
+    name: str = event.get("name", "")
 
     instance = ec2_resource.Instance(instance_id)
 
@@ -41,4 +42,6 @@ def lambda_handler(event: Dict[str, Any], context: Any) -> str:
 
     instance.create_tags(Tags=[{"Key": "CloneStatus", "Value": "IMAGE_CREATED"}])
 
+    ServiceNowStateHandler().update_state(state="IMAGE_CREATING", machine_name=name)
+
     return ec2_image.image_id

step/lambdas/find_instance.py

@@ -4,13 +4,16 @@
 from __future__ import annotations
 
 import json
+import os
 from typing import Any, Dict
 
 import boto3
+from servicenowstate import ServiceNowStateHandler
 
 print("Loading function find_instance")
 
 ec2_resource = boto3.resource("ec2")
+sqs = boto3.client("sqs")
 
 # {
 #   "version": "0",
@@ -62,8 +65,14 @@ def lambda_handler(event: Dict[str, Any], context: Any) -> str:
             if tag["Key"] == "DestinationRole":
                 event_dict["role"] = tag["Value"]
 
+            if tag["Key"] == "Name":
+                event_dict["name"] = tag["Value"]
+
     except Exception as e:
         print(e)
         event_dict["instance_id"] = "not-found"
 
+    ServiceNowStateHandler().update_state(
+        state="INSTANCE_LAUNCHED", machine_name=event_dict.get("name")
+    )
     return event_dict