enhance logging; extend java KCL credentials provider

whummer · whummer · commit 76f6dae1eedb · 2016-10-04T13:25:28.000+11:00
diff --git a/.gitignore b/.gitignore
@@ -15,3 +15,4 @@ localstack/infra/
 /dist/
 *.egg-info/
 .eggs/
+/target/
diff --git a/Makefile b/Makefile
@@ -1,9 +1,6 @@
 VENV_DIR = .venv
 VENV_RUN = source $(VENV_DIR)/bin/activate
-AWS_KCL_URL = http://central.maven.org/maven2/com/amazonaws/amazon-kinesis-client/1.6.3/amazon-kinesis-client-1.6.3.jar
-AWS_STS_URL = http://central.maven.org/maven2/com/amazonaws/aws-java-sdk-sts/1.10.20/aws-java-sdk-sts-1.10.20.jar
-# AWS_KCL_URL = http://central.maven.org/maven2/com/amazonaws/amazon-kinesis-client/1.7.0/amazon-kinesis-client-1.7.0.jar
-#AWS_STS_URL = http://central.maven.org/maven2/com/amazonaws/aws-java-sdk-sts/1.11.14/aws-java-sdk-sts-1.11.14.jar
+AWS_STS_URL = http://central.maven.org/maven2/com/amazonaws/aws-java-sdk-sts/1.11.14/aws-java-sdk-sts-1.11.14.jar
 ES_URL = https://download.elastic.co/elasticsearch/release/org/elasticsearch/distribution/zip/elasticsearch/2.3.3/elasticsearch-2.3.3.zip
 TMP_ARCHIVE_ES = /tmp/localstack.es.zip
 
@@ -16,10 +13,9 @@ install:           ## Install npm/pip dependencies, compile code
 	($(VENV_RUN) && pip install --upgrade pip)
 	(test ! -e requirements.txt || ($(VENV_RUN) && pip install -r requirements.txt))
 	(test -e localstack/infra/elasticsearch || { mkdir -p localstack/infra; cd localstack/infra; test -f $(TMP_ARCHIVE_ES) || (curl -o $(TMP_ARCHIVE_ES) $(ES_URL)); cp $(TMP_ARCHIVE_ES) es.zip; unzip -q es.zip; mv elasticsearch* elasticsearch; rm es.zip; })
-	(test -e localstack/infra/amazon-kinesis-client/amazon-kinesis-client.jar || { mkdir -p localstack/infra/amazon-kinesis-client; curl -o localstack/infra/amazon-kinesis-client/amazon-kinesis-client.jar $(AWS_KCL_URL); })
 	(test -e localstack/infra/amazon-kinesis-client/aws-java-sdk-sts.jar || { mkdir -p localstack/infra/amazon-kinesis-client; curl -o localstack/infra/amazon-kinesis-client/aws-java-sdk-sts.jar $(AWS_STS_URL); })
 	(npm install -g npm || sudo npm install -g npm)
-	(cd localstack/ && (test ! -e package.json || (npm cache clear && npm install)))
+	(cd localstack/ && (test ! -e package.json || (npm install)))
 	make compile
 	# make install-web
 
diff --git a/localstack/mock/infra.py b/localstack/mock/infra.py
@@ -8,6 +8,7 @@
 import logging
 import requests
 import json
+import boto3
 import __init__
 from localstack.utils.aws import aws_stack
 from localstack.utils import common
@@ -211,6 +212,18 @@ def check_infra(retries=5, expect_shutdown=False, apis=None, additional_checks=[
         check_infra(retries - 1, expect_shutdown=expect_shutdown, apis=apis, additional_checks=additional_checks)
 
 
+def check_aws_credentials():
+    session = boto3.Session()
+    credentials = session.get_credentials()
+    if not credentials:
+        # set temporary dummy credentials
+        os.environ['AWS_ACCESS_KEY_ID'] = 'LocalStackDummyAccessKey'
+        os.environ['AWS_SECRET_ACCESS_KEY'] = 'LocalStackDummySecretKey'
+    session = boto3.Session()
+    credentials = session.get_credentials()
+    assert credentials
+
+
 def start_infra(async=False, dynamodb_update_listener=None, kinesis_update_listener=None,
         apigateway_update_listener=None,
         apis=['s3', 'es', 'apigateway', 'dynamodb', 'kinesis', 'dynamodbstreams', 'firehose', 'lambda']):
@@ -224,6 +237,8 @@ def start_infra(async=False, dynamodb_update_listener=None, kinesis_update_liste
         # set environment
         os.environ['AWS_REGION'] = DEFAULT_REGION
         os.environ['ENV'] = ENV_DEV
+        # make sure AWS credentials are configured, otherwise boto3 bails on us
+        check_aws_credentials()
         # start services
         thread = None
         if 'es' in apis:
diff --git a/localstack/utils/common.py b/localstack/utils/common.py
@@ -40,24 +40,33 @@ def run(self):
         except Exception, e:
             if not self.quiet:
                 print("Thread run method %s(%s) failed: %s" %
-                    (self.func, self.params, traceback.format_exc(e)))
+                    (self.func, self.params, traceback.format_exc()))
 
     def stop(self, quiet=False):
         if not quiet and not self.quiet:
             print("WARN: not implemented: FuncThread.stop(..)")
 
 
 class ShellCommandThread (FuncThread):
-    def __init__(self, cmd, params={}, outfile=None, env_vars={}):
+    def __init__(self, cmd, params={}, outfile=None, env_vars={}, quiet=True):
         self.cmd = cmd
         self.process = None
         self.outfile = outfile
         self.env_vars = env_vars
-        FuncThread.__init__(self, self.run_cmd, params)
+        FuncThread.__init__(self, self.run_cmd, params, quiet=quiet)
 
     def run_cmd(self, params):
-        self.process = run(self.cmd, async=True, outfile=self.outfile, env_vars=self.env_vars)
-        self.process.communicate()
+        try:
+            self.process = run(self.cmd, async=True, outfile=self.outfile, env_vars=self.env_vars)
+            if self.outfile:
+                self.process.wait()
+            else:
+                self.process.communicate()
+        except Exception, e:
+            if self.process and not self.quiet:
+                print('Shell command error "%s": %s' % (e, self.cmd))
+        if self.process and not self.quiet and self.process.returncode != 0:
+            print('Shell command exit code "%s": %s' % (self.process.returncode, self.cmd))
 
     def is_killed(self):
         if not self.process:
diff --git a/localstack/utils/kinesis/java/com/atlassian/DefaultSTSAssumeRoleSessionCredentialsProvider.java b/localstack/utils/kinesis/java/com/atlassian/DefaultSTSAssumeRoleSessionCredentialsProvider.java
@@ -2,16 +2,30 @@
 
 import java.util.Map;
 
-import com.amazonaws.auth.STSAssumeRoleSessionCredentialsProvider;
-import com.amazonaws.auth.AWSCredentials;
-import com.amazonaws.auth.BasicSessionCredentials;
-import com.amazonaws.auth.BasicAWSCredentials;
 import com.amazonaws.auth.AWSCredentialsProvider;
-
+import com.amazonaws.auth.BasicSessionCredentials;
+import com.amazonaws.auth.InstanceProfileCredentialsProvider;
+import com.amazonaws.auth.STSAssumeRoleSessionCredentialsProvider;
+import com.amazonaws.internal.StaticCredentialsProvider;
+
+/**
+ * Custom session credentials provider that can be configured to assume a given IAM role.
+ * Configure the role to assume via the following environment variables:
+ * - AWS_ASSUME_ROLE_ARN : ARN of the role to assume
+ * - AWS_ASSUME_ROLE_SESSION_NAME : name of the session to be used when calling assume-role
+ *
+ * As long lived credentials, this credentials provider attempts to uses the following:
+ * - an STS token, via environment variables AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_SESSION_TOKEN
+ * - instance profile credentials provider (see Google hits for "EC2 instance metadata service")
+ * 
+ * TODO: Potentially we could simply use the default credentials provider to obtain the long-lived credentials.
+ *
+ * @author Waldemar Hummer
+ */
 public class DefaultSTSAssumeRoleSessionCredentialsProvider extends STSAssumeRoleSessionCredentialsProvider {
 
 	public DefaultSTSAssumeRoleSessionCredentialsProvider() {
-		super(getDefaultCredentials(), getDefaultRoleARN(), getDefaultRoleSessionName());
+		super(getLongLivedCredentialsProvider(), getDefaultRoleARN(), getDefaultRoleSessionName());
 	}
 
 	private static String getDefaultRoleARN() {
@@ -24,17 +38,20 @@ private static String getDefaultRoleSessionName() {
 		return env.get("AWS_ASSUME_ROLE_SESSION_NAME");
 	}
 
-	private static AWSCredentials getDefaultCredentials() {
+	private static AWSCredentialsProvider getLongLivedCredentialsProvider() {
 		Map<String, String> env = System.getenv();
 		if(env.containsKey("AWS_SESSION_TOKEN")) {
-			return new BasicSessionCredentials(
-				env.get("AWS_ACCESS_KEY_ID"),
-				env.get("AWS_SECRET_ACCESS_KEY"),
-				env.get("AWS_SESSION_TOKEN"));
+			return new StaticCredentialsProvider(
+				new BasicSessionCredentials(
+					env.get("AWS_ACCESS_KEY_ID"),
+					env.get("AWS_SECRET_ACCESS_KEY"),
+					env.get("AWS_SESSION_TOKEN")));
 		}
-		return new BasicAWSCredentials(
-				env.get("AWS_ACCESS_KEY_ID"),
-				env.get("AWS_SECRET_ACCESS_KEY"));
+		return new InstanceProfileCredentialsProvider();
+	}
+
+	public static void main(String args[]) throws Exception {
+		System.out.println(new DefaultSTSAssumeRoleSessionCredentialsProvider().getCredentials());
 	}
 
 }
diff --git a/localstack/utils/kinesis/java/com/atlassian/KinesisStarter.java b/localstack/utils/kinesis/java/com/atlassian/KinesisStarter.java
@@ -1,23 +1,15 @@
 package com.atlassian;
 
 import java.net.URL;
-import java.security.SecureRandom;
-import java.security.cert.CertificateException;
-import java.security.cert.X509Certificate;
 import java.util.Properties;
 import java.util.concurrent.ExecutorService;
 import java.util.concurrent.Future;
 
-import javax.net.ssl.HttpsURLConnection;
-import javax.net.ssl.SSLContext;
-import javax.net.ssl.TrustManager;
-import javax.net.ssl.X509TrustManager;
-
-import com.amazonaws.services.kinesis.multilang.MultiLangDaemon;
-import com.amazonaws.services.kinesis.multilang.MultiLangDaemonConfig;
-import com.amazonaws.services.kinesis.clientlibrary.lib.worker.KinesisClientLibConfiguration;
 import com.amazonaws.ClientConfiguration;
 import com.amazonaws.Protocol;
+import com.amazonaws.services.kinesis.clientlibrary.lib.worker.KinesisClientLibConfiguration;
+import com.amazonaws.services.kinesis.multilang.MultiLangDaemon;
+import com.amazonaws.services.kinesis.multilang.MultiLangDaemonConfig;
 
 /**
  * Custom extensions to <code>MultiLangDaemon</code> class from amazon-kinesis-client
@@ -27,6 +19,8 @@
  * - dynamodbProtocol: protocol for DynamoDB API (http or https)
  * - kinesisProtocol: protocol for Kinesis API (http or https)
  * - metricsLevel: level of CloudWatch metrics to report (e.g., SUMMARY or NONE)
+ *
+ * @author Waldemar Hummer
  */
 public class KinesisStarter {
 
diff --git a/localstack/utils/kinesis/kclipy_helper.py b/localstack/utils/kinesis/kclipy_helper.py
@@ -51,8 +51,6 @@ def get_kcl_classpath(properties=None, paths=[]):
     # add path of custom java code
     dir_name = os.path.dirname(os.path.realpath(__file__))
     paths.append(os.path.realpath(os.path.join(dir_name, 'java')))
-    paths.insert(0, os.path.realpath(os.path.join(dir_name, '..', '..',
-            'infra', 'amazon-kinesis-client', 'amazon-kinesis-client.jar')))
     paths.insert(0, os.path.realpath(os.path.join(dir_name, '..', '..',
             'infra', 'amazon-kinesis-client', 'aws-java-sdk-sts.jar')))
     return ":".join([p for p in paths if p != ''])
diff --git a/localstack/utils/kinesis/kinesis_connector.py b/localstack/utils/kinesis/kinesis_connector.py
@@ -26,6 +26,9 @@
 LOG_FILE_PATTERN = '/tmp/kclipy.*.log'
 DEFAULT_DDB_LEASE_TABLE_SUFFIX = '-app'
 
+# define Java class names
+MULTI_LANG_DAEMON_CLASS = 'com.atlassian.KinesisStarter'
+
 # set up log levels
 logging.SEVERE = 60
 logging.FATAL = 70
@@ -82,15 +85,17 @@ def run_processor(log_file=None, processor_func=None):
 
 class KinesisProcessorThread(ShellCommandThread):
     def __init__(self, params):
-        multi_lang_daemon_class = 'com.atlassian.KinesisStarter'
         props_file = params['properties_file']
         env_vars = params['env_vars']
         cmd = kclipy_helper.get_kcl_app_command('java',
-            multi_lang_daemon_class, props_file)
+            MULTI_LANG_DAEMON_CLASS, props_file)
         if not params['log_file']:
             params['log_file'] = '%s.log' % props_file
             TMP_FILES.append(params['log_file'])
-        ShellCommandThread.__init__(self, cmd, outfile=params['log_file'], env_vars=env_vars)
+        # print(cmd)
+        env = aws_stack.get_environment()
+        quiet = env.region == REGION_LOCAL
+        ShellCommandThread.__init__(self, cmd, outfile=params['log_file'], env_vars=env_vars, quiet=quiet)
 
     @staticmethod
     def start_consumer(kinesis_stream):
@@ -105,42 +110,53 @@ def __init__(self, params):
         self.running = True
         self.buffer = []
         self.params = params
-        self.prefix = params.get('log_prefix') or 'LOG: '
         # number of lines that make up a single log entry
         self.buffer_size = 2
-        self.log_level = params.get('level') or DEFAULT_KCL_LOG_LEVEL
-        # regular expression to filter the printed output
-        levels = OutputReaderThread.get_log_level_names(self.log_level)
-        self.filter_regex = r'.*(%s):.*' % ('|'.join(levels))
+        # determine log level
+        self.log_level = params.get('level')
+        if self.log_level is None:
+            self.log_level = DEFAULT_KCL_LOG_LEVEL
+        if self.log_level > 0:
+            levels = OutputReaderThread.get_log_level_names(self.log_level)
+            # regular expression to filter the printed output
+            self.filter_regex = r'.*(%s):.*' % ('|'.join(levels))
+            # create prefix and logger
+            self.prefix = params.get('log_prefix') or 'LOG'
+            self.logger = logging.getLogger(self.prefix)
+            self.logger.severe = self.logger.critical
+            self.logger.fatal = self.logger.critical
+            self.logger.setLevel(self.log_level)
 
     @classmethod
     def get_log_level_names(cls, min_level):
         return [logging.getLevelName(l) for l in LOG_LEVELS if l >= min_level]
 
-    @classmethod
-    def get_logger_for_level_in_log_line(cls, line, level):
-        for level in LOG_LEVELS:
-            level_name = logging.getLevelName(level)
-            if re.match(r'.*(%s):.*' % level, line):
-                return LOGGER.__dict__[level.lower()]
+    def get_logger_for_level_in_log_line(self, line):
+        level = self.log_level
+        for l in LOG_LEVELS:
+            if l >= level:
+                level_name = logging.getLevelName(l)
+                if re.match(r'.*(%s):.*' % level_name, line):
+                    return getattr(self.logger, level_name.lower())
         return None
 
     def start_reading(self, params):
         for line in tail("-n", 0, "-f", params['file'], _iter=True):
             if not self.running:
                 return
-            line = line.replace('\n', '')
-            self.buffer.append(line)
-            if len(self.buffer) >= self.buffer_size:
-                logger_func = None
-                for line in self.buffer:
-                    if re.match(self.filter_regex, line):
-                        logger_func = OutputReaderThread.get_logger_for_level_in_log_line(line, self.log_level)
-                        break
-                if logger_func:
-                    for buffered_line in self.buffer:
-                        logger_func('%s%s' % (self.prefix, buffered_line))
-                self.buffer = []
+            if self.log_level > 0:
+                line = line.replace('\n', '')
+                self.buffer.append(line)
+                if len(self.buffer) >= self.buffer_size:
+                    logger_func = None
+                    for line in self.buffer:
+                        if re.match(self.filter_regex, line):
+                            logger_func = self.get_logger_for_level_in_log_line(line)
+                            break
+                    if logger_func:
+                        for buffered_line in self.buffer:
+                            logger_func(buffered_line)
+                    self.buffer = []
 
     def stop(self, quiet=True):
         self.running = False
@@ -239,14 +255,18 @@ def start_kcl_client_process(stream_name, listener_script, log_file=None, env=No
                 'AWS_ACCESS_KEY_ID', 'AWS_SECRET_ACCESS_KEY', 'AWS_SESSION_TOKEN']:
             if var_name in os.environ and var_name not in env_vars:
                 env_vars[var_name] = os.environ[var_name]
+    if env.region == REGION_LOCAL:
+        # need to disable CBOR protocol, enforce use of plain JSON,
+        # see https://github.com/mhart/kinesalite/issues/31
+        env_vars['AWS_CBOR_DISABLE'] = 'true'
     if kcl_log_level:
         if not log_file:
             log_file = LOG_FILE_PATTERN.replace('*', short_uid())
             TMP_FILES.append(log_file)
         run('touch %s' % log_file)
         # start log output reader thread which will read the KCL log
         # file and print each line to stdout of this process...
-        reader_thread = OutputReaderThread({'file': log_file, 'level': kcl_log_level, 'log_prefix': 'KCL: '})
+        reader_thread = OutputReaderThread({'file': log_file, 'level': kcl_log_level, 'log_prefix': 'KCL'})
         reader_thread.start()
 
     # construct stream info
diff --git a/requirements.txt b/requirements.txt
@@ -1,6 +1,6 @@
 airspeed==0.5.5.dev20160812
-# amazon_kclpy==1.3.1
-amazon_kclpy==1.2.0
+amazon_kclpy==1.3.1
+# amazon_kclpy==1.2.0
 boto3==1.4.0
 coverage==4.0.3
 docopt==0.6.2
diff --git a/setup.py b/setup.py
@@ -75,7 +75,7 @@ def run(self):
 
     setup(
         name='localstack',
-        version='0.1.2',
+        version='0.1.4',
         description='Provides an easy-to-use test/mocking framework for developing Cloud applications',
         author='Waldemar Hummer',
         author_email='waldemar.hummer@gmail.com',
diff --git a/tests/test_iam_credentials.py b/tests/test_iam_credentials.py
@@ -0,0 +1,29 @@
+#!/usr/bin/env python
+
+import os
+import time
+import logging
+from localstack.utils.kinesis import kinesis_connector
+
+
+def run_kcl_with_iam_assume_role():
+    env_vars = {}
+    if os.environ.get('AWS_ASSUME_ROLE_ARN'):
+        env_vars['AWS_ASSUME_ROLE_ARN'] = os.environ.get('AWS_ASSUME_ROLE_ARN')
+        env_vars['AWS_ASSUME_ROLE_SESSION_NAME'] = os.environ.get('AWS_ASSUME_ROLE_SESSION_NAME')
+        env_vars['ENV'] = os.environ.get('ENV') or 'main'
+
+        def process_records(records):
+            print(records)
+
+        # start Kinesis client
+        stream_name = 'test-foobar'
+        kinesis_connector.listen_to_kinesis(
+            stream_name=stream_name,
+            listener_func=process_records,
+            env_vars=env_vars,
+            kcl_log_level=logging.INFO)
+        time.sleep(60 * 10)
+
+if __name__ == '__main__':
+    run_kcl_with_iam_assume_role()
diff --git a/tests/test_message_transformation.py b/tests/test_message_transformation.py
