diff --git a/master_deploy.sh b/master_deploy.sh index c33d30c..b373884 100755 --- a/master_deploy.sh +++ b/master_deploy.sh @@ -17,6 +17,7 @@ SHARED_PROPERTY_FILENAME="" # AWS_REGION="" TAG="" SEC_LIST="" +SECPS_LIST="" #COUNTER_LIMIT=12 if [ -z "$COUNTER_LIMIT" ]; then @@ -36,6 +37,7 @@ task_def="" CONTAINER_LOG_DRIVER="awslogs" portcount=0 envcount=0 +psenvcount=0 volcount=0 template="" TEMPLATE_SKELETON_FILE="base_template_v2.json" @@ -136,6 +138,22 @@ ECS_push_ecr_image() { docker tag $APP_IMAGE_NAME:$ECS_TAG $AWS_ACCOUNT_ID.dkr.ecr.$AWS_REGION.amazonaws.com/$AWS_REPOSITORY:$CIRCLE_BUILD_NUM ECS_TAG=$CIRCLE_BUILD_NUM fi + + CHECK_ECR_EXIST="" + CHECK_ECR_EXIST=$(aws ecr describe-repositories --repository-names ${AWS_REPOSITORY} 2>&1) + if [ $? -ne 0 ]; then + if echo ${CHECK_ECR_EXIST} | grep -q RepositoryNotFoundException; then + echo "repo does not exist and creating repo" + aws ecr create-repository --repository-name $AWS_REPOSITORY + track_error $? "ECS ECR repo creation" + log "Repo created successfully." + else + echo ${CHECK_ECR_EXIST} + fi + else + echo "$AWS_REPOSITORY repository already exist" + fi + log "Pushing Docker Image..." eval $(aws ecr get-login --region $AWS_REGION --no-include-email) docker push $AWS_ACCOUNT_ID.dkr.ecr.$AWS_REGION.amazonaws.com/$AWS_REPOSITORY:$ECS_TAG @@ -207,6 +225,21 @@ let envcount=envcount+1 #echo "envcount after ---------" $envcount #echo "envvalue after ---------" $envvalue } +#========================= +psenvaddition() { + #echo "psenvcount before " $psenvcount + +envname=$1 +envvalue=$2 +#echo "env value before" $envvalue +set -f +template=$(echo $template | jq --arg name "$envname" --arg value "$envvalue" --arg psenvcount $psenvcount '.containerDefinitions[0].secrets[$psenvcount |tonumber] |= .+ { name: $name, valueFrom: $value }') +set +f +let psenvcount=psenvcount+1 +#echo "psenvcount after ---------" $psenvcount +#echo "envvalue after ---------" $envvalue +} + #========================= logconfiguration() { template=$(echo $template | jq --arg logDriver $CONTAINER_LOG_DRIVER '.containerDefinitions[0].logConfiguration.logDriver=$logDriver') @@ -259,12 +292,16 @@ log "Family updated" #taskrole and excution role has updated if [ -z $AWS_ECS_TASK_ROLE_ARN ]; then - log "No Execution Role defined" + log "No Task Role defined" else template=$(echo $template | jq --arg taskRoleArn arn:aws:iam::$AWS_ACCOUNT_ID:role/$AWS_ECS_TASK_ROLE_ARN '.taskRoleArn=$taskRoleArn') fi -#template=$(echo $template | jq --arg executionRoleArn arn:aws:iam::$AWS_ACCOUNT_ID:role/ecsTaskExecutionRole '.executionRoleArn=$executionRoleArn') - +if [ -z $AWS_ECS_TASK_EXECUTION_ROLE_ARN ]; +then + log "No Task Execution Role defined" +else + template=$(echo $template | jq --arg executionRoleArn arn:aws:iam::$AWS_ACCOUNT_ID:role/$AWS_ECS_TASK_EXECUTION_ROLE_ARN '.executionRoleArn=$executionRoleArn') +fi #Container Name update template=$(echo $template | jq --arg name $AWS_ECS_CONTAINER_NAME '.containerDefinitions[0].name=$name') log "Container Name updated" @@ -321,7 +358,33 @@ do done IFS=$o done - +if [ -z $SECPS_LIST ]; +then + log "No ps file provided" +else + Buffer_seclist=$(echo $SECPS_LIST | sed 's/,/ /g') + for listname in $Buffer_seclist; + do + local o=$IFS + IFS=$(echo -en "\n\b") + varpath=$( cat $listname.json | jq -r ' .ParmeterPathList[] ' ) + #log "vars are fetched" + for k in $varpath; + do + echo $k + aws ssm get-parameters-by-path --path $k --query "Parameters[*].{Name:Name}" > paramnames.json + ###paramnames=$(cat paramnames.json | jq -r .[].Name | rev | cut -d / -f 1 | rev) + for s in $(cat paramnames.json | jq -r .[].Name ) + do + varname=$(echo $s | rev | cut -d / -f 1 | rev) + varvalue="arn:aws:ssm:$AWS_REGION:$AWS_ACCOUNT_ID:parameter$s" + psenvaddition "$varname" "$varvalue" + #echo "$varname" "$varvalue" + done + done + IFS=$o + done +fi log "environment has updated" # Log Configuration logconfiguration @@ -413,16 +476,44 @@ fi ECS_deploy_cluster() { AWS_ECS_SERVICE=$1 - update_result=$(aws ecs update-service --cluster $AWS_ECS_CLUSTER --service $AWS_ECS_SERVICE --task-definition $REVISION ) - result=$(echo $update_result | $JQ '.service.taskDefinition' ) - log $result - if [[ $result != $REVISION ]]; then - #echo "Error updating service." - track_error 1 "ECS updating service." - return 1 + #checking cluster exist + CHECK_CLUSTER_EXIST="" + CHECK_CLUSTER_EXIST=$(aws ecs describe-clusters --cluster $AWS_ECS_CLUSTER | jq --raw-output 'select(.clusters[].clusterName != null ) | .clusters[].clusterName') + if [ -z $CHECK_CLUSTER_EXIST ]; + then + echo "$AWS_ECS_CLUSTER cluster does not exist. Kindly check with admin team" + exit 1 + else + echo "$AWS_ECS_CLUSTER Cluster exist" + fi + #checking service exist + CHECK_SERVICE_EXIST="" + CHECK_SERVICE_EXIST=$(aws ecs describe-services --service $AWS_ECS_SERVICE --cluster $AWS_ECS_CLUSTER | jq --raw-output 'select(.services[].status != null ) | .services[].status') + if [ -z $CHECK_SERVICE_EXIST ]; + then + if [ "$ECS_TEMPLATE_TYPE" == "FARGATE" ]; + then + echo "Fargate Service does not exist. Kindly check with admin team" + exit 1 + else + echo "service does not exist. Creating service" + aws ecs create-service --cluster $AWS_ECS_CLUSTER --service-name $AWS_ECS_SERVICE --task-definition $REVISION --desired-count 1 + echo "Kindly work with admin team for routing" + fi + else + echo "service exist.Application updates the service" + update_result=$(aws ecs update-service --cluster $AWS_ECS_CLUSTER --service $AWS_ECS_SERVICE --task-definition $REVISION ) + result=$(echo $update_result | $JQ '.service.taskDefinition' ) + log $result + if [[ $result != $REVISION ]]; then + #echo "Error updating service." + track_error 1 "ECS updating service." + return 1 + fi + + echo "Update service intialised successfully for deployment" fi - echo "Update service intialised successfully for deployment" return 0 } @@ -613,6 +704,17 @@ download_envfile() #openssl enc -aes-256-cbc -d -md MD5 -in $listname.json.enc -out $listname.json -k $SECPASSWD done } +download_psfile() +{ + Buffer_seclist=$(echo $SECPS_LIST | sed 's/,/ /g' ) + for listname in $Buffer_seclist; + do + aws s3 cp s3://tc-platform-${ENV_CONFIG}/securitymanager/$listname.json . + track_error $? "$listname.json download" + jq 'keys[]' $listname.json + track_error $? "$listname.json" + done +} decrypt_fileenc() { Buffer_seclist=$(echo $SEC_LIST | sed 's/,/ /g' ) @@ -696,7 +798,7 @@ deploy_lambda_package() # Input Collection and validation input_parsing_validation() { -while getopts .d:h:i:e:t:v:s:p:g:c:m:. OPTION +while getopts .d:h:i:e:l:t:v:s:p:g:c:m:. OPTION do case $OPTION in d) @@ -712,6 +814,9 @@ do e) ENV=$OPTARG ;; + l) + SECPS_LIST=$OPTARG + ;; t) TAG=$OPTARG ;; @@ -773,6 +878,13 @@ ENV_CONFIG=`echo "$ENV" | tr '[:upper:]' '[:lower:]'` # fi download_envfile +if [ -z $SECPS_LIST ]; +then + log "No secret parameter file list provided" + +else + download_psfile +fi #decrypt_fileenc #uploading_envvar @@ -974,7 +1086,7 @@ then echo "${#AWS_ECS_SERVICES[@]} service are going to be updated" for AWS_ECS_SERVICE_NAME in "${AWS_ECS_SERVICES[@]}" do - echo "updating ECS Cluster Service - $AWS_ECS_SERVICE_NAME" + echo "creating/updating ECS Cluster Service - $AWS_ECS_SERVICE_NAME" ECS_deploy_cluster "$AWS_ECS_SERVICE_NAME" check_service_status "$AWS_ECS_SERVICE_NAME" #echo $REVISION