ECS and SBT stack dependencies delete

Author: Hoseong-Seo

client/AdminWeb/src/app/views/tenants/create/create.component.html

@@ -12,6 +12,7 @@
             required
           />
           <mat-error *ngIf="tenantName?.invalid">Name is required</mat-error>
+          <mat-error *ngIf="tenantName?.errors?.['lowercaseAndNumbers']">Must start with a lowercase, and only lowercase, numbers, and hyphen</mat-error>
         </mat-form-field>
         <mat-form-field>
           <mat-label>Enter email</mat-label>

client/AdminWeb/src/app/views/tenants/create/create.component.ts

@@ -1,5 +1,5 @@
 import { Component, OnInit } from '@angular/core';
-import { FormControl, FormGroup, Validators } from '@angular/forms';
+import { FormControl, FormGroup, Validators, ValidatorFn, ValidationErrors, AbstractControl } from '@angular/forms';
 import { Router } from '@angular/router';
 import { TenantsService } from '../tenants.service';
 import { v4 as guid } from 'uuid';
@@ -12,8 +12,8 @@ import { v4 as guid } from 'uuid';
 export class CreateComponent implements OnInit {
   submitting = false;
   tenantForm = new FormGroup({
-    tenantName: new FormControl('', [Validators.required]),
-    email: new FormControl('', [Validators.required]),
+    tenantName: new FormControl('', [Validators.required, this.lowercaseAndNumberValidator() ]),
+    email: new FormControl('', [Validators.email, Validators.required]),
     tier: new FormControl('', [Validators.required]),
   });
   constructor(
@@ -43,6 +43,16 @@ export class CreateComponent implements OnInit {
     });
   }
 
+  lowercaseAndNumberValidator(): ValidatorFn {
+    return (control: AbstractControl): ValidationErrors | null => {
+      const value = control.value;
+      if (value && !/^[a-z][a-z0-9-]*$/.test(value)) {
+        return { lowercaseAndNumbers: 'Must start with a lowercase, and only lowercase, numbers, and hyphen' };
+      }
+      return null;
+    }
+  }
+
   public get tenantName() {
     return this.tenantForm.get('tenantName');
   }

scripts/build-application.sh

@@ -4,43 +4,62 @@
 
 export DOCKER_DEFAULT_PLATFORM=linux/amd64
 
-service_repos=("user" "product" "order" "rproxy")
+SERVICE_REPOS=("user" "product" "order" "rproxy")
+# RPROXY_VERSIONS=("v1" "v2")
+
+REGION=$(aws ec2 describe-availability-zones --output text --query 'AvailabilityZones[0].[RegionName]')
+ACCOUNT_ID=$(aws sts get-caller-identity --query Account --output text)
+
+REGISTRY="${ACCOUNT_ID}.dkr.ecr.${REGION}.amazonaws.com"
+aws ecr get-login-password --region ${REGION} | docker login --username AWS --password-stdin $REGISTRY
 
 deploy_service () {
 
     local SERVICE_NAME="$1"
+    local VERSION="$2"
 
     if [[ -z "$SERVICE_NAME" ]]; then
       echo "Please provide a SERVICE NAME"
       exit 1
     fi
 
-    local REGION=$(aws ec2 describe-availability-zones --output text --query 'AvailabilityZones[0].[RegionName]')
-    local ACCOUNT_ID=$(aws sts get-caller-identity --query Account --output text)
     local SERVICEECR="${ACCOUNT_ID}.dkr.ecr.${REGION}.amazonaws.com/$SERVICE_NAME"
-
-    CWD=$(pwd)
-    cd ../server/application
-    local REGISTRY=$(echo $SERVICEECR| cut -d'/' -f 1)
-
-    aws ecr get-login-password --region $REGION | docker login --username AWS --password-stdin $REGISTRY
+    # Docker Image Build
     docker build -t $SERVICEECR -f Dockerfile.$SERVICE_NAME .
-    docker push $SERVICEECR:latest
+    # Docker Image Tag
+    docker tag "$SERVICEECR" "$SERVICEECR:$VERSION"
+    # Docker Image Push to ECR
+    docker push "$SERVICEECR:$VERSION"
 
-    cd $CWD
-    echo '************************' 
     echo '************************' 
-    echo ""
-    echo "$SERVICE_NAME SERVICE_ECR_REPO:" $SERVICEECR
     echo "AWS_REGION:" $REGION
+    echo "$SERVICE_NAME SERVICE_ECR_REPO: $SERVICEECR VERSION: $VERSION"
+    
 
 }
 
-##export service_repos;
-for repository in "${service_repos[@]}"
-do
-echo $repository
-  aws ecr describe-repositories --repository-names "$repository" 2>/dev/null || echo "ECR Repository '$repository' does not exist. Creating..." && 
-  aws ecr create-repository --repository-name "$repository"
-  deploy_service $repository
+
+CWD=$(pwd)
+cd ../server/application
+
+for SERVICE in "${SERVICE_REPOS[@]}"; do
+  echo "➤➤➤➤➤➤➤➤➤➤➤➤➤➤➤➤➤➤➤➤➤➤➤➤➤➤➤➤➤➤"
+  echo "Repository [$SERVICE] checking..."
+  REPO_EXISTS=$(aws ecr describe-repositories --repository-names "$SERVICE" --query 'repositories[0].repositoryUri' --output text)
+  echo "exist repo: $REPO_EXISTS"
+  if [ "$REPO_EXISTS" == "${ACCOUNT_ID}.dkr.ecr.${REGION}.amazonaws.com/$SERVICE" ]; then
+    echo "Repository [$SERVICE] already exists."
+  else
+    echo "Repository [$SERVICE] does not exist, creating it..."
+    aws ecr create-repository --repository-name "$SERVICE" | cat 
+    echo "Repository [$SERVICE] created."
+  fi
+
+  VERSION="latest"
+  deploy_service $SERVICE $VERSION
 done
+
+cd $CWD
+
+# cloud9 SSM plugins to connect to the inside of Container
+# sudo dnf install -y https://s3.amazonaws.com/session-manager-downloads/plugin/latest/linux_64bit/session-manager-plugin.rpm

scripts/cleanup.sh

@@ -152,3 +152,15 @@ for i in $(aws s3 ls | awk '{print $3}' | grep -E "^tenant-update-stack-*|^contr
     aws s3 rb --force "s3://${i}" #delete in stack
 done
 
+#delete ecr repositories
+SERVICE_REPOS=("user" "product" "order" "rproxy")
+for SERVICE in "${SERVICE_REPOS[@]}"; do
+  echo "Repository [$SERVICE] checking..."
+  REPO_EXISTS=$(aws ecr describe-repositories --repository-names "$SERVICE" --query 'repositories[0].repositoryUri' --output text)
+  if [ "$REPO_EXISTS" == "${ACCOUNT_ID}.dkr.ecr.${REGION}.amazonaws.com/$SERVICE" ]; then
+    echo "Repository [$REPO_EXISTS] is deleting..."
+    aws ecr delete-repository --repository-name "$SERVICE" --force | cat
+  else
+    echo "Repository [$SERVICE] does not exist"
+  fi
+done

scripts/deprovision-tenant.sh

@@ -7,12 +7,11 @@ sudo yum install -y npm
 sudo npm install -g aws-cdk
 sudo yum install -y jq
 sudo yum install -y python3-pip
-sudo python3 -m pip install --upgrade setuptools
+sudo python3 -m pip install --upgrade --ignore-installed setuptools
 
 # Enable nocasematch option
 shopt -s nocasematch
 
-
 # Parse tenant details from the input message from step function
 export CDK_PARAM_TENANT_ID=$tenantId
 export TIER=$tier

scripts/get-adv-network.sh

@@ -0,0 +1,34 @@
+#!/bin/bash
+
+export IMAGE_NAME="$1"
+export TENANT="$2"
+
+if [ "$#" -ne 2 ]; then
+    echo "Usage: $0 <image-name> <tenant>"
+    exit 1  
+fi
+
+SERVICE_NAME="${IMAGE_NAME}${TENANT}"
+
+CLUSTER_NAME=$(aws ecs list-clusters --query 'clusterArns[*]' --output json | jq -r '.[] | select(contains("/prod-advanced-")) | split("/") | .[1]') 
+
+# Step 1: Get the Task ARN
+TASK_ARN=$(aws ecs list-tasks --cluster $CLUSTER_NAME --service-name $SERVICE_NAME --query 'taskArns[0]' --output text)
+TASK_ID=$(echo "$TASK_ARN" | awk -F'/' '{print $NF}' )
+# Check if TASK_ARN is empty
+if [ -z "$TASK_ARN" ]; then
+    echo "No tasks found for service $SERVICE_NAME in cluster $CLUSTER_NAME"
+    exit 1
+fi
+
+export SECURITY_GROUP=$(aws ecs describe-services --cluster $CLUSTER_NAME --services $SERVICE_NAME --query 'services[0].networkConfiguration.awsvpcConfiguration.securityGroups' --output text)
+
+# Step 2: Get the ENI ID
+export PRIVATE_IP=$(aws ecs describe-tasks --cluster $CLUSTER_NAME --tasks $TASK_ARN --query 'tasks[0].attachments[?type==`ElasticNetworkInterface`][].details[?name==`privateIPv4Address`].value | [0]' --output text)
+
+# Output the Private IP
+echo "CLUSTER_NAME  : $CLUSTER_NAME"
+echo "TASK ID       : $TASK_ID"
+echo "Security Group: $SECURITY_GROUP"
+echo "Private IP    : $PRIVATE_IP"
+echo "curl http://$PRIVATE_IP:3010/${IMAGE_NAME}"

scripts/init-install.sh

@@ -0,0 +1,52 @@
+#!/bin/bash -e
+
+export CDK_PARAM_SYSTEM_ADMIN_EMAIL="dummy"
+
+export REGION=$(aws ec2 describe-availability-zones --output text --query 'AvailabilityZones[0].[RegionName]')  # Region setting
+export ACCOUNT_ID=$(aws sts get-caller-identity --query Account --output text)
+
+# Create S3 Bucket for provision source.
+source ./update-provision-source.sh
+
+echo "CDK_PARAM_COMMIT_ID exists: $CDK_PARAM_COMMIT_ID"
+
+# Create ECS service linked role.
+ECS_ROLE=$(aws iam list-roles --query 'Roles[?contains(RoleName, `AWSServiceRoleForECS`)].Arn' --output text)
+if [ -z "$ECS_ROLE" ]; then
+    aws iam create-service-linked-role --aws-service-name ecs.amazonaws.com | cat
+else
+    echo "ECS Service linked role exists: $ECS_ROLE"
+fi
+# Preprovision basic infrastructure
+cd ../server
+
+sed "s/<REGION>/$REGION/g; s/<ACCOUNT_ID>/$ACCOUNT_ID/g" ./service-info.txt > ./lib/service-info.json
+
+# npx cdk bootstrap
+export CDK_PARAM_ONBOARDING_DETAIL_TYPE='Onboarding'
+export CDK_PARAM_PROVISIONING_DETAIL_TYPE=$CDK_PARAM_ONBOARDING_DETAIL_TYPE
+export CDK_PARAM_OFFBOARDING_DETAIL_TYPE='Offboarding'
+export CDK_PARAM_DEPROVISIONING_DETAIL_TYPE=$CDK_PARAM_OFFBOARDING_DETAIL_TYPE
+export CDK_PARAM_TIER='basic'
+export CDK_PARAM_STAGE='prod'
+export CDK_ADV_CLUSTER='INACTIV'
+export CDK_BASIC_CLUSTER="$CDK_PARAM_STAGE-$CDK_PARAM_TIER"
+
+npm install
+npx cdk bootstrap
+
+SERVICES=$(aws ecs list-services --cluster $CDK_BASIC_CLUSTER --query 'serviceArns[*]' --output text || true)
+for SERVICE in $SERVICES; do
+    SERVICE_NAME=$(echo $SERVICE | rev | cut -d '/' -f 1 | rev)
+    echo -n "==== Service Connect re-set if any...  "
+    aws ecs update-service \
+        --cluster $CDK_BASIC_CLUSTER \
+        --service $SERVICE_NAME \
+        --service-connect-configuration 'enabled=false' \
+        --no-cli-pager --query 'service.serviceArn' --output text
+done
+
+# npx cdk deploy shared-infra-stack --require-approval=never
+npx cdk deploy \
+    tenant-template-stack-basic \
+    tenant-template-stack-advanced --require-approval=never

scripts/install.sh

@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/bin/bash -e
 
 export CDK_PARAM_SYSTEM_ADMIN_EMAIL="$1"
 
@@ -7,62 +7,26 @@ if [[ -z "$CDK_PARAM_SYSTEM_ADMIN_EMAIL" ]]; then
   exit 1
 fi
 
-REGION=$(aws ec2 describe-availability-zones --output text --query 'AvailabilityZones[0].[RegionName]')  # Region setting
-ACCOUNT_ID=$(aws sts get-caller-identity --query Account --output text)
-
-export CDK_PARAM_S3_BUCKET_NAME="saas-reference-architecture-ecs-$ACCOUNT_ID-$REGION"
+export REGION=$(aws ec2 describe-availability-zones --output text --query 'AvailabilityZones[0].[RegionName]')  # Region setting
+export ACCOUNT_ID=$(aws sts get-caller-identity --query Account --output text)
 
 # Create S3 Bucket for provision source.
+source ./update-provision-source.sh
 
-if aws s3api head-bucket --bucket $CDK_PARAM_S3_BUCKET_NAME 2>/dev/null; then
-    echo "Bucket $CDK_PARAM_S3_BUCKET_NAME already exists."
-else
-    echo "Bucket $CDK_PARAM_S3_BUCKET_NAME does not exist. Creating a new bucket in $REGION region in $ACCOUNT_ID"
-
-    if [ "$REGION" == "us-east-1" ]; then
-      aws s3api create-bucket --bucket $CDK_PARAM_S3_BUCKET_NAME
-    else
-      aws s3api create-bucket \
-        --bucket $CDK_PARAM_S3_BUCKET_NAME \
-        --region "$REGION" \
-        --create-bucket-configuration LocationConstraint="$REGION" 
-    fi
-
-    aws s3api put-bucket-versioning \
-        --bucket $CDK_PARAM_S3_BUCKET_NAME \
-        --versioning-configuration Status=Enabled
-
-    aws s3api put-public-access-block \
-        --bucket $CDK_PARAM_S3_BUCKET_NAME \
-        --public-access-block-configuration \
-        BlockPublicAcls=true,IgnorePublicAcls=true,BlockPublicPolicy=true,RestrictPublicBuckets=true    
-
-    if [ $? -eq 0 ]; then
-        echo "Bucket $CDK_PARAM_S3_BUCKET_NAME created with versioning enabled."
-    else
-        echo "Error creating bucket $CDK_PARAM_S3_BUCKET_NAME with versioning enabled."
-        exit 1
-    fi
-fi
-
-echo "Bucket exists: $CDK_PARAM_S3_BUCKET_NAME"
-
-cd ../
-zip -rq source.zip . -x ".git/*" -x "**/node_modules/*" -x "**/cdk.out/*" -x "**/.aws-sam/*" 
-export CDK_PARAM_COMMIT_ID=$(aws s3api put-object --bucket "${CDK_PARAM_S3_BUCKET_NAME}" --key "source.zip" --body "./source.zip"  --output text)
-
-rm source.zip
-echo "Source code uploaded to S3"
+echo "CDK_PARAM_COMMIT_ID exists: $CDK_PARAM_COMMIT_ID"
 
 # Create ECS service linked role.
-aws iam create-service-linked-role --aws-service-name ecs.amazonaws.com 2>/dev/null || echo "ECS Service linked role exists"
-
+ECS_ROLE=$(aws iam list-roles --query 'Roles[?contains(RoleName, `AWSServiceRoleForECS`)].Arn' --output text)
+if [ -z "$ECS_ROLE" ]; then
+    aws iam create-service-linked-role --aws-service-name ecs.amazonaws.com | cat
+else
+    echo "ECS Service linked role exists: $ECS_ROLE"
+fi
 # Preprovision basic infrastructure
-cd ./server
+cd ../server
+
+sed "s/<REGION>/$REGION/g; s/<ACCOUNT_ID>/$ACCOUNT_ID/g" ./service-info.txt > ./lib/service-info.json
 
-export ECR_REGION=$(aws ec2 describe-availability-zones --output text --query 'AvailabilityZones[0].[RegionName]')
-export ACCOUNT_ID=$(aws sts get-caller-identity --query Account --output text)
-sed "s/<REGION>/$ECR_REGION/g; s/<ACCOUNT_ID>/$ACCOUNT_ID/g" ./service-info.txt > ./lib/service-info.json
 # npx cdk bootstrap
 export CDK_PARAM_ONBOARDING_DETAIL_TYPE='Onboarding'
 export CDK_PARAM_PROVISIONING_DETAIL_TYPE=$CDK_PARAM_ONBOARDING_DETAIL_TYPE
@@ -76,31 +40,15 @@ export CDK_BASIC_CLUSTER="$CDK_PARAM_STAGE-$CDK_PARAM_TIER"
 npm install
 npx cdk bootstrap
 
-npx cdk diff tenant-template-stack-basic > ./diff_output.txt 2>&1
-if grep -q "There were no differences" ./diff_output.txt; then
-    echo "No changes detected in tenant-template-stack-basic."
-else
-    echo "Changes detected in tenant-template-stack-basic."
-
-    SERVICES=$(aws ecs list-services --cluster $CDK_BASIC_CLUSTER --query 'serviceArns[*]' --output text || true)
-    for SERVICE in $SERVICES; do
-        SERVICE_NAME=$(echo $SERVICE | rev | cut -d '/' -f 1 | rev)
-
-        echo -n "==== Service Connect Disable: "
-        aws ecs update-service \
-            --cluster $CDK_BASIC_CLUSTER \
-            --service $SERVICE_NAME \
-            --service-connect-configuration 'enabled=false' \
-            --no-cli-pager --query 'service.serviceArn' --output text
-    done
-fi
-rm diff_output.txt
+SERVICES=$(aws ecs list-services --cluster $CDK_BASIC_CLUSTER --query 'serviceArns[*]' --output text || true)
+for SERVICE in $SERVICES; do
+    SERVICE_NAME=$(echo $SERVICE | rev | cut -d '/' -f 1 | rev)
+    echo -n "==== Service Connect re-set if any...  "
+    aws ecs update-service \
+        --cluster $CDK_BASIC_CLUSTER \
+        --service $SERVICE_NAME \
+        --service-connect-configuration 'enabled=false' \
+        --no-cli-pager --query 'service.serviceArn' --output text
+done
 
 npx cdk deploy --all --require-approval=never
-
-
-## Get SaaS application url
-ADMIN_SITE_URL=$(aws cloudformation describe-stacks --stack-name controlplane-stack --query "Stacks[0].Outputs[?OutputKey=='adminSiteUrl'].OutputValue" --output text)
-APP_SITE_URL=$(aws cloudformation describe-stacks --stack-name core-appplane-stack --query "Stacks[0].Outputs[?OutputKey=='appSiteUrl'].OutputValue" --output text)
-echo "Admin site url: $ADMIN_SITE_URL"
-echo "Application site url: $APP_SITE_URL"